#!/usr/bin/env python
# _*_coding:utf-8_*_
import OpenSSL
from OpenSSL import crypto
from dateutil import parser
def get_cert_detail(cert_file):
"""
获取证书信息
:param cert_file:
:return:
"""
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read())
subject = cert.get_subject()
issuer = cert.get_issuer()
datetime_struct_before = parser.parse(cert.get_notBefore().decode("UTF-8"))
datetime_struct_after = parser.parse(cert.get_notAfter().decode("UTF-8"))
extensions_domain_list = []
for i in cert.to_cryptography().extensions:
if i.oid.dotted_string == "2.5.29.17":
extensions_domain_list = [i.value for i in i.value]
return {
# 证书版本
"version": cert.get_version() + 1,
# 证书序列号
"serial_number": hex(cert.get_serial_number()),
# 证书中使用的签名算法
"signature": cert.get_signature_algorithm().decode("UTF-8"),
# 颁发者
"common_name": issuer.commonName,
# 有效期开始
"before_datetime": datetime_struct_before.strftime('%Y-%m-%d %H:%M:%S'),
# 有效期结束
"after_datetime": datetime_struct_after.strftime('%Y-%m-%d %H:%M:%S'),
# 证书是否过期
"is_expired": bool(1 - cert.has_expired()),
# 公钥长度
"pubkey_count": cert.get_pubkey().bits(),
# 可以使用的域名列表
"extensions_domains": extensions_domain_list
}
