1

我正在libeay32.dll用 Python 为 OpenSLL 编写小型包装器。对于大多数功能,可以按如下方式导入它们:

self.Function_Name = self._dll.Function_Name
self.Function_Name.restype = ctypes.c_int #for example
self.Function_Name.argtypes = [list of ctypes arguments]

不幸的是,我无法以这种方式导入任何宏:

X509_get_notAfterX509_get_notBefore

任何想法,如何做到这一点ctypes

4

2 回答 2

2

您不能导入宏。您要导入的是来自 DLL 的函数。宏不是从 DLL 中导出的,所以没有什么要导入的。

幸运的是,大多数宏都非常简单,因此您可以在 Python 中重新实现它们。

或者,在 C 中创建一个包装 DLL,为每个宏定义一个函数,编译并链接该函数,然后使用ctypes.

或者您可能想要使用Cython或其他一些技术来代替ctypes. 它们通常的工作方式是生成和编译包装 C 库并导出 Python 类型和函数的 C 代码,并且通常将 C 宏导出为 Python 函数就像导出 C 函数一样容易。

或者,最简单的…… PyOpenSSL 是否已经包装了你需要的一切?

于 2013-02-28T01:10:40.907 回答
0

经过一番研究,我决定回答我自己的问题。X509_get_notAfter 的宏如下所示:

#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)

x - 是 X509 结构,其中包含 X509_CINF 结构,其中包含 X509_VAL 结构,其中包含指向 notAfter 的指针 :)

所以我的计划是在 python 代码中实现整个 X509、X509_CINF 和 X509_VAL 结构。

在 C 中它看起来像这样

struct x509_st
{
X509_CINF *cert_info;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int valid;
int references;
char *name;
CRYPTO_EX_DATA ex_data;
/* These contain copies of various extension values */
long ex_pathlen;
long ex_pcpathlen;
unsigned long ex_flags;
unsigned long ex_kusage;
unsigned long ex_xkusage;
unsigned long ex_nscert;
ASN1_OCTET_STRING *skid;
AUTHORITY_KEYID *akid;
X509_POLICY_CACHE *policy_cache;
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
#endif
#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
X509_CERT_AUX *aux;
} /* X509 */;

X509_CINF 看起来像这样:

typedef struct x509_cinf_st
{
ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
ASN1_INTEGER *serialNumber;
X509_ALGOR *signature;
X509_NAME *issuer;
X509_VAL *validity;
X509_NAME *subject;
X509_PUBKEY *key;
ASN1_BIT_STRING *issuerUID;     /* [ 1 ] optional in v2 */
ASN1_BIT_STRING *subjectUID;        /* [ 2 ] optional in v2 */
STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
ASN1_ENCODING enc;
} X509_CINF;

这是 X509_VAL:

typedef struct X509_val_st
{
ASN1_TIME *notBefore;
ASN1_TIME *notAfter;
} X509_VAL;

为了使整个任务更容易,我决定用 ctypes.c_void_p 替换所有指向我不想访问的结构的指针

所以我的python代码现在看起来像这样:

class X509_val_st(ctypes.Structure):

_fields_ = [('notBefore',       ctypes.c_void_p),
            ('notAfter',        ctypes.c_void_p)]


class X509_cinf_st(ctypes.Structure):

_fields_ = [('version',         ctypes.c_void_p),
            ('serialNumber',    ctypes.c_void_p),
            ('signature',       ctypes.c_void_p),
            ('issuer',          ctypes.c_void_p),
            ('validity',        X509_val_st),
            ('subject',         ctypes.c_void_p),
            ('key',             ctypes.c_void_p),
            ('issuerUID',       ctypes.c_void_p),
            ('subjectUID',      ctypes.c_void_p),
            ('extensions',      ctypes.c_void_p),
            ('enc',             ctypes.c_uint)]


class X509_st(ctypes.Structure):

_fields_ = [('cert_info',     X509_cinf_st),
            ('sig_alg',       ctypes.c_void_p),
            ('signature',     ctypes.c_void_p),
            ('valid',         ctypes.c_int),
            ('references',    ctypes.c_int),
            ('name',          ctypes.c_void_p),
            ('ex_data',       ctypes.c_int),
            ('ex_pathlen',    ctypes.c_long),
            ('ex_pcpathlen',  ctypes.c_long),
            ('ex_flags',      ctypes.c_ulong),
            ('ex_kusage',     ctypes.c_ulong),
            ('ex_xkusage',    ctypes.c_ulong),
            ('ex_nscert',     ctypes.c_ulong),
            ('skid',          ctypes.c_void_p),
            ('akid',          ctypes.c_void_p),
            ('policy_cache',  ctypes.c_void_p),
            ('crldp',         ctypes.c_void_p),
            ('altname',       ctypes.c_void_p),
            ('nc',            ctypes.c_void_p),
            ('rfc3779_addr',  ctypes.c_void_p),
            ('rfc3779_asid',  ctypes.c_void_p),
            ('sha1_hash',     ctypes.c_char),
            ('aux',           ctypes.c_void_p)]

最后一步:将结构分配给从函数 X509_new() 接收到的指针:

self.X509_new = self._lib.X509_new
self.X509_new.restype = ctypes.POINTER(X509_st)
self.X509_new.argtypes = []

因此 OpenSSL 宏 X509_get_notBefore 的 python 函数将如下所示:

def X509_get_notBefore(self):
    return self.X509[0].cert_info.validity.notBefore
于 2013-03-01T17:49:38.683 回答