다중 인증서 .pem 파일을 처리 할 때 subprocess.call에 대한 토큰 화 토큰 화에 도움이 필요합니다.

Question

.pem 파일의 모든 인증서를 읽으려고하고 있으며 개발중인 제품에 pyOpenSSL (또는), 나는 이것을하기 위해 하위 프로세스를 사용해야한다.

-----BEGIN CERTIFICATE----- 
MIICMzCCAZwCCQDBBH0NxCcVCDANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJV 
UzELMAkGA1UECAwCTU4xCzAJBgNVBAcMAkVQMQswCQYDVQQKDAJEQzELMAkGA1UE 
CwwCUEExGzAZBgNVBAMMEkNlcnRpZmljYXRlTWFuYWdlcjAeFw0xNjA3MDUxNDI5 
NTZaFw0yNjA3MDMxNDI5NTZaMF4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNTjEL 
MAkGA1UEBwwCRVAxCzAJBgNVBAoMAkRDMQswCQYDVQQLDAJQQTEbMBkGA1UEAwwS 
Q2VydGlmaWNhdGVNYW5hZ2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH 
qcM3brv4VsInpAl3DGSfhRWTgKMPbee2JgksJfPlxUu7xwsfpWSrCimXoS94gs6p 
l6Y+tJP2IG6j9zV+sdWDbAvBQW4UthaoPFI7Gyoc9bWXCSJ8FHepOyRIJx+3e512 
UqWWa6RTMdT0tJr4fk4EyK95LnchHTS0BuGzt4IKOwIDAQABMA0GCSqGSIb3DQEB 
CwUAA4GBAK2/63W9eBkb35uqEz2QOTPjZoWdGzrSFzpzkgbgSimKigmT7k0f72M1 
3IVzypwhosvqYKqYnvCf4JMAlcqJooykEHYtDoPcXIiKtVdZgEN/ZzRjoV5BQnTA 
O70zbb8Tq3Wxk5gN6rt2agKUosuoJCtqZeUbf6ENvsYHPZwmtCic 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
MIICFTCCAX4CCQCPIiOJXxcRxjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJV 
UzELMAkGA1UECAwCTU4xCzAJBgNVBAcMAkVQMQswCQYDVQQKDAJEQzELMAkGA1UE 
CwwCUEExDDAKBgNVBAMMA0FkZDAeFw0xNjA3MDUxNDMyMDdaFw0yNjA3MDMxNDMy 
MDdaME8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNTjELMAkGA1UEBwwCRVAxCzAJ 
BgNVBAoMAkRDMQswCQYDVQQLDAJQQTEMMAoGA1UEAwwDQWRkMIGfMA0GCSqGSIb3 
DQEBAQUAA4GNADCBiQKBgQCwu6lHPVBCHwJ0lL6PLzyk7tieJQyHNktIRt0B7JgN 
bhFTs1RHHJZzkbvCMohduVviUjgDZ4c3FaZ0vgqZgtbvfwqnokEqkmUYBnebC72e 
KqYJfpPwZR8sOrZTicgaq3wLa4zVf7ZU84w7TeUNwt/J+XNL6fUdnGUdCPCA2Hfm 
EwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFcOVdW4GTD2wWYneDpVMxbltH1ZLZDG 
KUeB+bC3GZuVIcOELRLlSvT6N9i48hAmJC5DDUtHrcwGGzXNwwPUWR3ZO+1WoH7g 
hVv4Xs/uAzXcAyeVneb4pm2oFHqnGHW2PTtF6aecOJXgGYQBTkUche3Fx5xYKorF 
dI7rdMQqZh0q 
-----END CERTIFICATE----- 

반환이 :

Certificate: 
    Data: 
     Version: 1 (0x0) 
     Serial Number: 
      c1:04:7d:0d:c4:27:15:08 
    Signature Algorithm: sha256WithRSAEncryption 
     Issuer: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=CertificateManager 
     Validity 
      Not Before: Jul 5 14:29:56 2016 GMT 
      Not After : Jul 3 14:29:56 2026 GMT 
     Subject: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=CertificateManager 
     Subject Public Key Info: 
      Public Key Algorithm: rsaEncryption 
       Public-Key: (1024 bit) 
       Modulus: 
        00:c7:a9:c3:37:6e:bb:f8:56:c2:27:a4:09:77:0c: 
        64:9f:85:15:93:80:a3:0f:6d:e7:b6:26:09:2c:25: 
        f3:e5:c5:4b:bb:c7:0b:1f:a5:64:ab:0a:29:97:a1: 
        2f:78:82:ce:a9:97:a6:3e:b4:93:f6:20:6e:a3:f7: 
        35:7e:b1:d5:83:6c:0b:c1:41:6e:14:b6:16:a8:3c: 
        52:3b:1b:2a:1c:f5:b5:97:09:22:7c:14:77:a9:3b: 
        24:48:27:1f:b7:7b:9d:76:52:a5:96:6b:a4:53:31: 
        d4:f4:b4:9a:f8:7e:4e:04:c8:af:79:2e:77:21:1d: 
        34:b4:06:e1:b3:b7:82:0a:3b 
       Exponent: 65537 (0x10001) 
    Signature Algorithm: sha256WithRSAEncryption 
     ad:bf:eb:75:bd:78:19:1b:df:9b:aa:13:3d:90:39:33:e3:66: 
     85:9d:1b:3a:d2:17:3a:73:92:06:e0:4a:29:8a:8a:09:93:ee: 
     4d:1f:ef:63:35:dc:85:73:ca:9c:21:a2:cb:ea:60:aa:98:9e: 
     f0:9f:e0:93:00:95:ca:89:a2:8c:a4:10:76:2d:0e:83:dc:5c: 
     88:8a:b5:57:59:80:43:7f:67:34:63:a1:5e:41:42:74:c0:3b: 
     bd:33:6d:bf:13:ab:75:b1:93:98:0d:ea:bb:76:6a:02:94:a2: 
     cb:a8:24:2b:6a:65:e5:1b:7f:a1:0d:be:c6:07:3d:9c:26:b4: 
     28:9c 

Certificate: 
    Data: 
     Version: 1 (0x0) 
     Serial Number: 
      8f:22:23:89:5f:17:11:c6 
    Signature Algorithm: sha256WithRSAEncryption 
     Issuer: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=Add 
     Validity 
      Not Before: Jul 5 14:32:07 2016 GMT 
      Not After : Jul 3 14:32:07 2026 GMT 
     Subject: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=Add 
     Subject Public Key Info: 
      Public Key Algorithm: rsaEncryption 
       Public-Key: (1024 bit) 
       Modulus: 
        00:b0:bb:a9:47:3d:50:42:1f:02:74:94:be:8f:2f: 
        3c:a4:ee:d8:9e:25:0c:87:36:4b:48:46:dd:01:ec: 
        98:0d:6e:11:53:b3:54:47:1c:96:73:91:bb:c2:32: 
        88:5d:b9:5b:e2:52:38:03:67:87:37:15:a6:74:be: 
        0a:99:82:d6:ef:7f:0a:a7:a2:41:2a:92:65:18:06: 
        77:9b:0b:bd:9e:2a:a6:09:7e:93:f0:65:1f:2c:3a: 
        b6:53:89:c8:1a:ab:7c:0b:6b:8c:d5:7f:b6:54:f3: 
        8c:3b:4d:e5:0d:c2:df:c9:f9:73:4b:e9:f5:1d:9c: 
        65:1d:08:f0:80:d8:77:e6:13 
       Exponent: 65537 (0x10001) 
    Signature Algorithm: sha256WithRSAEncryption 
     57:0e:55:d5:b8:19:30:f6:c1:66:27:78:3a:55:33:16:e5:b4: 
     7d:59:2d:90:c6:29:47:81:f9:b0:b7:19:9b:95:21:c3:84:2d: 
     12:e5:4a:f4:fa:37:d8:b8:f2:10:26:24:2e:43:0d:4b:47:ad: 
     cc:06:1b:35:cd:c3:03:d4:59:1d:d9:3b:ed:56:a0:7e:e0:85: 
     5b:f8:5e:cf:ee:03:35:dc:03:27:95:9d:e6:f8:a6:6d:a8:14: 
     7a:a7:18:75:b6:3d:3b:45:e9:a7:9c:38:95:e0:19:84:01:4e: 
     45:1c:85:ed:c5:c7:9c:58:2a:8a:c5:74:8e:eb:74:c4:2a:66: 
     1d:2a 

을 그 함수 참조에게 이와 같은 파일을 갖는

subprocess.call("openssl crl2pkcs7 -nocrl -certfile (file path).pem | openssl pkcs7 -print_certs -text -noout", shell=True) 

:

는 내가 잘 작동 다른 답변에 다음을 발견 그러나 다음과 같이 args를 토큰 화하려고 할 때 :

subprocess.call(['openssl', 'crl2pkcs7', '-nocrl', '-certfile', '(file path).pem', '|', 'openssl', 'pkcs7', '-print_certs', '-text', '-noout']) 

그것은이 반환

unknown option | 
crl2pkcs7 [options] <infile >outfile 
where options are 
-inform arg input format - DER or PEM 
-outform arg output format - DER or PEM 
-in arg  input file 
-out arg  output file 
-certfile arg certificates file of chain to a trusted CA 
       (can be used more than once) 
-nocrl   no crl to load, just certs from '-certfile' 

사람이 내가 잘못하고 적어도 나에게 그것을 해결하는 방법에 대한 힌트를 제공하고있어 말해 주시겠습니까?

미리 감사드립니다.

Answer 1

첫 번째 명령은 셸을 사용하여 첫 번째 openssl 명령의 출력을 두 번째 openssl 명령으로 파이프합니다. 두 번째 명령은 | (첫 번째 openssl 명령에 대한 인수로 두 번째 openssl를 전달합니다.

이

당신은 서브 프로세스 문서에서 "Replacing a shell pipeline" 뭔가를해야합니다.

p1 = subprocess.Popen(['openssl', 'crl2pkcs7', '-nocrl', '-certfile', '(file path).pem'], stdout=subprocess.PIPE) 
p2 = subprocess.Popen(['openssl', 'pkcs7', '-print_certs', '-text', '-noout'], stdin=p1.stdout, stdout=subprocess.PIPE) 
p1.stdout.close() # Allow p1 to receive a SIGPIPE if p2 exits. 
output = p2.communicate()[0]