Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to process a P12 file and split into Private Key and Certificate. This code also works with normal SSL Certificate Bundles (PFX).
In another article I show how to use P12 credentials (Private Key) to create Google Access Tokens.
Note: The P12 file format is deprecated. The Google recommended format is now Json.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
############################################################ # Version 1.00 # Date Created: 2018-12-21 # Last Update: 2018-12-21 # https://www2.jhanley.com # Copyright (c) 2018, John J. Hanley # Author: John Hanley ############################################################ ''' Convert a Google P12 (PFX) service account into private key and certificate. Convert an SSL Certifcate (PFX) into private key, certificate and CAs. ''' import os import OpenSSL.crypto def write_CAs(filename, p12): ''' Write the Certificate Authorities, if any, to filename ''' if os.path.exists(filename): os.remove(filename) ca = p12.get_ca_certificates() if ca is None: return print('Creating Certificate CA File:', filename) with open(filename, 'wb') as f: for cert in ca: f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)) def pfx_to_pem(pfx_path, pfx_password, pkey_path, pem_path, pem_ca_path): ''' Decrypt the P12 (PFX) file and create a private key file and certificate file. Input: pfx_path INPUT: This is the Google P12 file or SSL PFX certificate file pfx_password INPUT: Password used to protect P12 (PFX) pkey_path INPUT: File name to write the Private Key to pem_path INPUT: File name to write the Certificate to pem_ca_path INPUT: File name to write the Certificate Authorities to ''' print('Opening:', pfx_path) with open(pfx_path, 'rb') as f_pfx: pfx = f_pfx.read() print('Loading P12 (PFX) contents:') p12 = OpenSSL.crypto.load_pkcs12(pfx, pfx_password) print('Creating Private Key File:', pkey_path) with open(pkey_path, 'wb') as f: # Write Private Key f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey())) print('Creating Certificate File:', pem_path) with open(pem_path, 'wb') as f: # Write Certificate f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate())) # Google P12 does not have certifiate authorities but SSL PFX certificates do write_CAs(pem_ca_path, p12) # Start here pfx_to_pem( 'compute-engine.p12', # Google Service Account P12 file 'notasecret', # P12 file password 'compute-engine.key', # Filename to write private key 'compute-engine.pem', # Filename to write certificate 'compute-engine_ca.pem')# Filename to write CAs if present |
I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.
For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.
Leave a Reply