yeepay_yop_parse_certificates
Extract Base64-encoded public or private keys from certificate files for YeePay YOP platform integration. Supports RSA and SM2 algorithms with .pfx and .cer formats.
Instructions
根据证书文件解析出Base64编码后的公钥或私钥字符串
Args: algorithm (str): 密钥算法,可选值为 "RSA" 或 "SM2",默认为 "RSA" pfx_cert (str): 私钥证书(.pfx)文件路径 pub_cert (str): 公钥证书(.cer)文件路径 pwd (str, optional): PFX证书的密码,默认为None
Returns: dict: 包含解析结果的字典,格式如下: { 'message': 响应信息, 'privateKey': Base64编码后的私钥字符串, 'publicKey': Base64编码后的公钥字符串 }
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| algorithm | No | RSA | |
| pfx_cert | No | ||
| pub_cert | No | ||
| pwd | No |
Implementation Reference
- yop_mcp/main.py:251-278 (handler)The handler and registration for the MCP tool 'yeepay_yop_parse_certificates'. This function is decorated with @mcp.tool(), defining the tool schema via type hints and docstring, and delegates execution to the parse_certificates helper.
@mcp.tool() def yeepay_yop_parse_certificates( algorithm: str = "RSA", pfx_cert: Optional[str] = None, pub_cert: Optional[str] = None, pwd: Optional[str] = None, ) -> Dict[str, Any]: """ 根据证书文件解析出Base64编码后的公钥或私钥字符串 Args: algorithm (str): 密钥算法,可选值为 "RSA" 或 "SM2",默认为 "RSA" pfx_cert (str): 私钥证书(.pfx)文件路径 pub_cert (str): 公钥证书(.cer)文件路径 pwd (str, optional): PFX证书的密码,默认为None Returns: dict: 包含解析结果的字典,格式如下: { 'message': 响应信息, 'privateKey': Base64编码后的私钥字符串, 'publicKey': Base64编码后的公钥字符串 } """ return parse_certificates( algorithm=algorithm, pfx_cert=pfx_cert, pub_cert=pub_cert, pwd=pwd ) - tools/cert_key_parser.py:17-90 (helper)The primary helper function implementing the certificate parsing logic. Handles validation, file existence checks, algorithm matching (RSA/SM2), and delegates to parse_key_from_certificate for key extraction using the cryptography library.
def parse_certificates( algorithm: str = "RSA", pfx_cert: Optional[str] = None, pub_cert: Optional[str] = None, pwd: Optional[str] = None, ) -> Dict[str, Any]: result = {"message": "解析成功", "privateKey": None, "publicKey": None} # 验证算法类型 if algorithm not in ["RSA", "SM2"]: result["message"] = f"不支持的算法类型: {algorithm},仅支持 RSA 和 SM2" return result # 如果两个证书文件都没有提供 if not pfx_cert and not pub_cert: result["message"] = "请至少提供一个证书文件(pfx_cert 或 pub_cert)" return result try: # 处理私钥证书 if pfx_cert and os.path.exists(pfx_cert): pfx_result = parse_key_from_certificate(pfx_cert, pwd) if pfx_result["private_key"]: result["privateKey"] = pfx_result["private_key"] if pfx_result["public_key"] and not result.get("publicKey"): result["publicKey"] = pfx_result["public_key"] # 检查算法类型是否匹配 if pfx_result["key_type"] != algorithm: result["message"] = ( f"警告:PFX证书中检测到的算法类型({pfx_result['key_type']})与指定的算法类型({algorithm})不匹配" ) elif pfx_cert: result["message"] = f"私钥证书文件不存在: {pfx_cert}" return result # 处理公钥证书 if pub_cert and os.path.exists(pub_cert): pub_result = parse_key_from_certificate(pub_cert) if pub_result["public_key"]: result["publicKey"] = pub_result["public_key"] # 检查算法类型是否匹配 if pub_result["key_type"] != algorithm: current_message = result["message"] if current_message and "warning" in current_message: result["message"] = ( current_message + f",CER证书中检测到的算法类型({pub_result['key_type']})与指定的算法类型({algorithm})不匹配" ) else: result["message"] = ( f"警告:CER证书中检测到的算法类型({pub_result['key_type']})与指定的算法类型({algorithm})不匹配" ) elif pub_cert: current_message = result["message"] if (current_message and "warning" in current_message) or ( pfx_cert and os.path.exists(pfx_cert) ): result["message"] = ( current_message or "" ) + f",公钥证书文件不存在: {pub_cert}" else: result["message"] = f"公钥证书文件不存在: {pub_cert}" return result # 检查是否至少解析出了一个密钥 if not result["privateKey"] and not result["publicKey"]: result["message"] = "未能从证书中解析出任何密钥" return result except (ValueError, OSError, IOError) as e: result["message"] = f"解析证书失败: {str(e)}" return result