使用m2crypto在APK中打印證書

Question

我openssl命令一樣顯示android APK證書信息。 喜歡

$ openssl pkcs7 -inform DER -in CERT.RSA -print_certs
subject=...
-----BEGIN CERTIFICATE-----
MIIEBzCCAu+gAwIBAgIEKkPNCjANBgkqhkiG9w0BAQsFADCBsjEPMA0GA1UEBhMG
...
5be3OOWPt+mHkeWxsei9r+S7tuWkp+WOpjEVMBMGA1UECgwM6YeR5bGx572R57uc
-----END CERTIFICATE-----

最初，我使用PyCrypto ，但發現它不包含X509格式。 嘗試M2Crypto ，它將輸出類似的錯誤

In [7]: X509.load_cert('CERT.RSA', X509.FORMAT_DER)
---------------------------------------------------------------------------
X509Error                                 Traceback (most recent call last)
<ipython-input-7-821a670a1ab6> in <module>()
----> 1 X509.load_cert('CERT.RSA', X509.FORMAT_DER)

/usr/local/lib/python2.7/dist-packages/M2Crypto/X509.pyc in load_cert(file, format)
    613         cptr = m2.d2i_x509(bio._ptr())
    614         if cptr is None:
--> 615             raise X509Error(Err.get_error())
    616         return X509(cptr, _pyfree=1)
    617     else:

X509Error: 140335753901888:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140335753901888:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:388:Type=X509_CINF
140335753901888:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=cert_info, Type=X509

顯示base64編碼證書的正確方法是什么？

Answer 1

受pkcs7dump.py的啟發，我使用pyasn1和pyasn1_modules通過提取PKCS＃7（RFC2315）格式的文件來顯示base64編碼的證書。

以下是一個簡單的腳本

from pyasn1.codec.der import decoder, encoder
from pyasn1_modules import rfc2315

contentInfo, _ = decoder.decode(open('CERT.RSA', 'rb').read(), asn1Spec=rfc2315.ContentInfo())
content = contentInfo.getComponentByName('content')
signedData, _ = decoder.decode(content, asn1Spec=rfc2315.SignedData())
certs = signedData.getComponentByName('certificates')
cert = certs.getComponentByPosition(0)
print encoder.encode(cert).encode('base64')