证书验证

x509_verify.py

@@ -0,0 +1,39 @@
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+from OpenSSL import crypto
+import tkinter 
+import tkinter.filedialog 
+root=tkinter.Tk()
+root.withdraw()
+path=tkinter.filedialog.askopenfilename(title="选择公钥文件",filetypes=[("PEM files","*.pem")])
+with open(path, 'rb') as f:
+    public_key = f.read()
+#加载公钥
+public_key = crypto.load_publickey(crypto.FILETYPE_PEM, public_key)
+path=tkinter.filedialog.askopenfilename(title="选择私钥文件",filetypes=[("PEM files","*.pem")])
+with open(path, 'rb') as f:
+    private_key = f.read()
+#加载私钥
+private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
+#加载证书
+path=tkinter.filedialog.askopenfilename(title="选择证书文件",filetypes=[("PEM files","*.pem")])
+with open(path, 'rb') as f:
+    cert_pem = f.read()
+cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
+print("Certificate:\n", cert_pem.decode())
+#输出证书相关信息
+print("Subject: ", cert.get_subject().CN)
+print("Issuer: ", cert.get_issuer().CN)
+print("Serial Number: ", hex(cert.get_serial_number()))
+print("Not Before: ", cert.get_notBefore())
+print("Not After: ", cert.get_notAfter())
+# 验证证书
+store = crypto.X509Store()
+store.add_cert(cert)
+store_ctx = crypto.X509StoreContext(store, cert)
+try:
+    if store_ctx.verify_certificate():
+        print("Certificate is valid.")
+except crypto.X509StoreContextError as e:   
+    print("Certificate is invalid:", e)