Files
2026-07-13 12:31:34 +08:00

92 lines
2.3 KiB
Python

# -*- coding: utf-8 -*-
"""
@File : cert_socket.py
@Date : 2022-10-22
@Author : Peng Shiyu
通过socket 获取域名ssl 证书信息
参考:
Python脚本批量检查SSL证书过期时间
https://linuxeye.com/479.html
"""
from __future__ import print_function, unicode_literals, absolute_import, division
import socket
import ssl
import warnings
from domain_admin.utils.cert_util import cert_consts, cert_common
# warnings.warn("cert_socket.py is Deprecated, please use cert_socket_v2.py")
def create_ssl_context():
"""
ssl上下文
:return:
"""
return ssl.create_default_context()
def get_domain_cert(host, port=443, timeout=3):
"""
获取证书信息
存在问题:没有指定主机ip,不一定能获取到正确的证书信息
:param host: str
:param port: int
:param timeout: int
:return: dict
"""
context = ssl.create_default_context()
with socket.create_connection(address=(host, port), timeout=timeout) as sock:
with context.wrap_socket(sock, server_hostname=host) as wrap_socket:
return wrap_socket.getpeercert()
def get_cert_info(domain_with_port):
"""
获取证书信息
:param domain_with_port: str
:return: dict
"""
domain_info = cert_common.parse_domain_with_port(domain_with_port)
domain = domain_info.get('domain')
port = domain_info.get('port', cert_consts.SSL_DEFAULT_PORT)
cert = get_domain_cert(domain, port)
issuer = _tuple_to_dict(cert['issuer'])
subject = _tuple_to_dict(cert['subject'])
return {
'domain': domain_with_port,
# 'ip': cert_common.get_domain_ip(domain),
'subject': cert_common.short_name_convert(subject),
'issuer': cert_common.short_name_convert(issuer),
# 'version': cert['version'],
# 'serial_number': cert['serialNumber'],
'start_date': cert_common.parse_time(cert['notBefore']),
'expire_date': cert_common.parse_time(cert['notAfter']),
}
def _tuple_to_dict(cert_tuple):
"""
cert证书 tuple转dict
:param cert_tuple: tuple
:return:
"""
data = {}
for item in cert_tuple:
data[item[0][0]] = item[0][1]
return data
if __name__ == '__main__':
print(get_cert_info('www.baidu.com'))
# not support
# print(get_cert_info('www.mysite.com'))