#364 邮件安全:SPF
Email 信息安全 2020-02-11简介
SMTP 会话中,发行方会通过 MAIL FROM 命令告诉收信方,这封邮件是谁发出的。
但是,由于邮件系统的设计上没有考虑如何对垃圾邮件进行有效防范,收信方需要一个机制来判断这封邮件的来源是否可靠。因此,人们提出了 SPF 方案:
- 每个邮件服务都需要为自己的发信域名在 DNS 中配置一下 SPF 记录(TXT 类型),记录值是出信 IP。
- 收信方拿到
MAIL FROM地址之后,使用发信方 IP 地址和发信域 DNS 中记录的 IP 地址做一个比对。如果匹配,说明来源正确,否则,这封邮件可以被视为垃圾邮件,直接返回投递失败(硬退)。
该方案 2006 年提交到 Network Working Group 成为草案,然后 2014 年成为建议标准。
注意:SPF 只是验证了邮件确实是从发信域所在网络投递出来的,但是不能防止邮件伪造和欺诈。应该结合其他技术,如 DKIM(DomainKeys Identified Mail)和 DMARC(Domain-based Message Authentication, Reporting, and Conformance),一起增强电子邮件的安全性。
SPF 记录示例
dig +short txt qq.com
"v=spf1 include:spf.mail.qq.com -all"
dig +short txt spf.mail.qq.com
"v=spf1 include:qq-a.mail.qq.com include:qq-b.mail.qq.com include:qq-c.mail.qq.com include:biz-a.mail.qq.com include:biz-b.mail.qq.com include:biz-c.mail.qq.com include:biz-d.mail.qq.com -all"
dig +short txt qq-{a..c}.mail.qq.com biz-{a..d}.mail.qq.com
"v=spf1 ip4:101.226.139.0/25 ip4:101.91.43.0/25 ip4:101.91.44.128/25 ip4:112.64.237.128/25 ip4:116.128.173.0/25 ip4:121.51.40.128/25 ip4:121.51.6.0/25 ip4:162.62.52.214 ip4:162.62.55.67 ip4:162.62.57.0/24 ip4:162.62.58.211 ip4:162.62.58.216 -all"
"v=spf1 ip4:162.62.58.69 ip4:162.62.63.194 ip4:180.163.24.128/25 ip4:183.2.187.0/25 ip4:203.205.221.128/25 ip4:203.205.251.0/25 ip4:210.51.43.0/25 ip4:58.246.222.128/25 ip4:58.250.143.128/25 ip4:61.241.55.128/25 -all"
"v=spf1 ip4:113.108.92.0/25 ip4:121.14.77.0/25 ip4:81.69.217.16/28 ip4:54.164.151.162 -all"
"v=spf1 ip4:114.132.122.39 ip4:114.132.123.192 ip4:114.132.124.171 ip4:114.132.125.233 ip4:114.132.197.227 ip4:114.132.224.180 ip4:114.132.233.22 ip4:114.132.58.0/24 ip4:43.155.65.254 ip4:114.132.62.0/24 ip4:106.55.200.77 -all"
"v=spf1 ip4:114.132.63.24 ip4:114.132.64.0/26 ip4:114.132.65.219 ip4:43.155.67.158 ip4:114.132.67.179 ip4:114.132.73.137 ip4:114.132.74.132 ip4:43.154.209.5 ip4:43.154.197.177 ip4:43.154.155.102 ip4:43.155.80.173 ip4:43.154.221.58 -all"
"v=spf1 ip4:54.204.34.129 ip4:54.204.34.130 ip4:54.243.244.52 ip4:52.205.10.60 ip4:35.173.142.173 ip4:54.207.22.56 ip4:54.207.19.206 ip4:54.254.200.92 ip4:54.254.200.128 ip4:54.92.39.34 ip4:54.206.16.166 ip4:54.206.34.216 ip4:114.132.75.215 -all"
"v=spf1 ip4:52.59.177.22 ip4:18.194.254.142 ip4:18.132.163.193 ip4:18.169.211.239 ip4:13.245.186.79 ip4:13.245.218.24 ip4:15.184.224.54 ip4:15.184.82.18 ip4:114.132.76.87 ip4:114.132.77.159 ip4:114.132.78.196 ip4:114.132.79.153 ip4:43.154.54.12 -all"
语法
-
"v=spf1":指定 SPF 记录的版本,目前只有 SPFv1 版本。
-
机制(Mechanisms):SPF 使用机制来指定哪些服务器被授权发送邮件。常用的机制有:
-
"all":定义了所有情况下的默认结果。可以是 "+all"(通过验证)或 "-all"(不通过验证)。例如,"-all" 表示除非匹配其他通过机制,否则所有情况都不通过验证,即严格拒绝伪造邮件。
- "ip4" 和 "ip6":指定允许发送邮件的 IPv4 和 IPv6 地址。例如:"ip4:192.0.2.1" 表示允许来自 192.0.2.1 的服务器发送邮件。
- "a" 和 "mx":允许域名的 A 记录和 MX 记录指定的主机发送邮件。
-
"include":允许引用其他域名的 SPF 记录。例如:"include:example.com" 表示允许按照 example.com 的 SPF 记录来验证。
-
修饰符(Modifiers):修饰符可以在机制之后指定,用于调整验证的结果。常用的修饰符有:
-
"+":显示通过验证。
- "-":显示不通过验证,相当于 "-all"。
- "~":软失败,邮件可能被接受,但会标记为不可信。
- "?":中性结果,邮件可能被接受,但不影响验证的结果。
SPF 记录示例:
v=spf1 ip4:192.0.2.1 a mx ~all
以上示例表示允许 IP 地址为 192.0.2.1 的服务器、A 记录和 MX 记录指定的主机发送邮件,但验证结果为软失败,邮件可能会被接受,但标记为不可信。
DNS SPF 类型
IANA 设计了一种专门的 DNS 类型用来记录 SPF 信息,但是采用率非常低。
可以忽略,继续使用 TXT 类型来保存 SPF 信息。
参考资料与拓展阅读
#363 邮件安全:DKIM
Email 信息安全 2020-02-10DomainKeys Identified Mail,域名密钥识别邮件
作用是使用非对称加密(公钥 + 私钥)对邮件内容进行签名,防止伪造和篡改。
历史
- 2004 年,雅虎 DomainKeys 和思科 Identified Internet Mail 合并为 DKIM。
- 2007 年 2 月,DKIM 被列入互联网工程工作小组(IETF)的标准提案(Proposed Standard),并于同年 5 月成为正式标准(Standards Track)。
示例
DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane;
c=relaxed/simple; q=dns/txt; i=foo@eng.example.net;
t=1117574938; x=1118006938; l=200;
h=from:to:subject:date:keywords:keywords;
z=From:foo@eng.example.net|To:joe@example.com|
Subject:demo=20run|Date:July=205,=202005=203:44:08=20PM=20-0700;
bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
VoG4ZHRNiYzR
| Tag | Required | Meanning |
|---|---|---|
| v | ✓ | version |
| a | ✓ | signing algorithm |
| d | ✓ | Signing Domain Identifier (SDID) |
| s | ✓ | selector |
| c | - | canonicalization algorithm(s) for header and body |
| q | - | default query method |
| i | - | Agent or User Identifier (AUID) |
| t | recommended | signature timestamp |
| x | recommended | expire time |
| l | - | body length |
| h | ✓ | header fields - list of those that have been signed |
| z | - | header fields - copy of selected header fields and values |
| bh | ✓ | body hash |
| b | ✓ | signature of headers and body |
示例 2
邮件中的 DKIM-Signature 头:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.instagram.com;
s=s1024-2013-q3; t=1674163477;
bh=6RXa/HYJQNKpB5PIGtLn7v1NE/4T5FaqxBLWNHVRZu8=;
h=Date:To:Subject:From:MIME-Version:Content-Type;
b=VAY3x16QtXeH1rQxu6eEbzhfgZl69m1sG9XzN3ym4FbWiMg+K+IfMGF4yszGYk8yO
YXAAJZuQfG45pjthISDDSwhhBK0WGgufQ8ofnzhNUN9WT/okEATC+JfzksS9w2Ts4V
ALa/4HHXnikQV5AFNJJNJIvWMN/fJ5c49nLkW024=
域名中的 DKIM 公钥:
dig TXT +short s1024-2013-q3._domainkey.mail.instagram.com
"k=rsa; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7twdVo+BW8Pv2poU5129KYmE6npHdxUU8fktUKTE9TNovCvLy5LVjYc3TQcUFjOH" "VaZ89ZCjmpAcrA2QnTEKZ/2QWV56gn6bWdFW4SFxnQdHjguBZQykfKe5KTxy2a/OxuA0x2dHfdnYfw7RVzr4uednpKcWJy4Rl3gM6XB1zDwIDAQAB"
Python 编程中的应用
准备工作
- selector 选择 s2020 (随便)
- 生成密钥对
# 方法一:使用 OpenDKIM
sudo apt install -y opendkim-tools
opendkim-genkey --help
opendkim-genkey -D . -d markjour.com -s s2020
# 方法二:使用 OpenSSL
openssl genrsa -out dkim-markjour-s2020.pem 2048
openssl rsa -in dkim-markjour-s2020.pem -pubout -outform der 2>/dev/null | openssl base64 -A > dkim-markjour-s2020.pub
- 配置 DNS
s2020._domainkey.markjour.com
"v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnfmXLuyBt0Tus/Bdr87GpLqcRCZX7UC61OiPZ1Y3MG42qBcdEAMJfu7qop7KOLL8cywTRxiX39ehmf0ZovAXH1KkijiX/16tkI3cO9T6KS4vyr0Ip3fsGgNgjn5rH3M5AZAmbym6DIzYrtpTiAKgLYmFLALd9SLi/OhFIltWK+QJhaJgcuWUXCzlry01Fdsv1qj28WdZ6PQbQrSffc1qzkvOEOlmZXwWjQfg5X4E3DR4WKenC6f5WdcJeXk4pUeBOdQDoEM+4uCk4S6cN3OuYEQbvVmfQ5RAlCODccx7lJemWZZnlIf+03FppUEEMENZ8tu3iixD24m2q9wDLDL5QIDAQAB
v版本,只有一种选择:DKIM1,必须放最前面,可以忽略h哈希算法,sha1 或者 sha256k密钥类型,只有一种选择:rsa,可以忽略n注释,可以忽略p公钥(ASN.1 DER-encoded + Base64)s服务类型,默认*,表示所有服务,可以忽略t逗号隔开的标记- y 测试
- s DKIM 签名中的 i= 域名必须是 d= 域名完全相同(子域也不行)。
参考:
签名
headers = {'aaa': '123', 'bbb': '456', 'ccc': '789'}
校验签名
mail = """
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s0907;
t=1331524836; bh=Pqr4lbxMcef/3IqsXx/edT0iwPe18N7n8qKmQSnLio8=;
h=X-QQ-SSF:X-QQ-Spam:X-QQ-BUSINESS-ORIGIN:X-Originating-IP:
X-QQ-STYLE:X-QQ-mid:From:To:Sender:Subject:Mime-Version:
Content-Type:Content-Transfer-Encoding:Date:X-Priority:Message-ID:
X-QQ-MIME:X-Mailer:X-QQ-Mailer:X-QQ-ReplyHash;
b=hF3hXt429Mp9WUJx9wQQYYk32EABCQST/OmV+dI+vJ/XIidVkc6fsh8l/vBz/optb
MDp0XIupHHkUozz6jwMryhHd/ZNjLNtBBAIOgl1wH7R016x8uTtDQink5uIPH+5
X-QQ-SSF: 0000000000010060
X-QQ-Spam: true
X-QQ-BUSINESS-ORIGIN: 2
X-Originating-IP: 61.151.148.196
X-QQ-STYLE:
X-QQ-mid: bizmail6t1331524835t2734595
From: "=?gb18030?B?wffE6g==?=" <thinkphp@qq.com>
To: "=?gb18030?B?uvqwug==?=" <ninedoors@126.com>
Sender: liuchen@topthink.net
Subject: =?gb18030?B?UmU60rvOu1RQZXK1xNLJu/M=?=
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_4F5D74E3_DF6406C0_249C5176"
Content-Transfer-Encoding: 8Bit
Date: Mon, 12 Mar 2012 12:00:35 +0800
X-Priority: 3
Message-ID: <tencent_519100472CAA258E750FA58D@qq.com>
X-QQ-MIME: TCMime 1.0 by Tencent
X-Mailer: QQMail 2.x
X-QQ-Mailer: QQMail 2.x
X-QQ-ReplyHash: 3949397671
""".strip('\n')
#362 事务与 ACID [编辑中]
软件设计 2020-02-08:) 本文正在编辑中,暂时不提供浏览...
#361 PyCryptodome
Python 加密 2020-02-05和 PyCrypto 的关系
PyCrypto 是 Python 界最知名的加密模块,它提供了一系列的加密算法,包括对称加密、非对称加密、哈希算法、签名算法等。
不过有一个很大的问题:上一个版本 2.6.1 发布于 2013-10-18,已经很多年没有维护了。
PyCryptodome 是 PyCrypto 的分叉,该项目在统一套代码的基础上提供了两种包:pycryptodome 和 pycryptodomex:
- 前者保持对 PyCrypto 的兼容,所有的代码都在
Crypto名称下, -
后者丢掉了历史包袱,放弃对 PyCrypto 的兼容,所有代码都在
Cryptodome名称下。 - https://pypi.org/project/pycryptodomex/
- https://www.pycryptodome.org/en/latest/
- https://github.com/Legrandin/pycryptodome/
其他加密模块
- M2Crypto
其思路是在 libssl 库上做封装。PS: 因为其只是做封装,代码更新频率非常低。
但由于其有 C 库依赖,安装会相对复杂一些。 - https://gitlab.com/m2crypto/m2crypto
- https://github.com/m2crypto/m2crypto 可能是某个用户弄的,很久没有同步
- https://github.com/mcepl/m2crypto 项目维护者,主要开发者
- https://pypi.org/project/M2Crypto/
- cryptography https://github.com/pyca/cryptography
- pyOpenSSL https://github.com/pyca/pyopenssl 官方建议迁移到 cryptography
- PyNaCl https://github.com/pyca/pynacl
PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library.
- rsa https://pypi.org/project/rsa/ 纯 Python 实现
- https://github.com/sybrenstuvel/python-rsa/
示例
#360 公有云,私有云,混合云
云计算 2020-02-01公有云 Public Cloud
云计算厂商提供的公共服务,比如腾讯云、阿里云等。
私有云 Private Cloud
个人和组织自己搭建的(可能是厂商帮忙搭建),自用的云计算服务。机器由个人或组织持有(可能在云计算厂商的机房中)。
优点是数据完全掌握在自己手中。如果规模没有达到一定程度的话,这样做的成本会比较高(除了固定资产的投入之外,维护成本不可忽视)。
有一种形式,是一些利益相关的个体,对计算有着相同或相似的需求,然后共同搭建一个云服务平台。
比如 XX 市弄一个政务云,下属政府机构直接使用这个云服务平台。
又比如某地教育单位弄一个云服务平台,下属学校有啥服务的话,就都使用这个云服务平台。
专有云
有些厂商提供 “专有云” 的服务:整套设施就为单个客户专门提供服务。设备属于厂商所有。
感觉这个算公有云,私有云的交叉地带,只好单独算一类。
知乎上看到一个比喻:公有云是小姐,私有云是老婆,专有云是小三 (包养)。比较贴切。
混合云 Hybrid Cloud
一般意义上,混合云是指公有云和私有云的结合。
PS: 多个私有云之间,或多个公有云之间,相互共享资源,也可以叫做混合云。
应该是通过一些对接好了各大厂商(比如腾讯云,阿里云)和常见私有云平台(比如 OpenStack,CloudStack)的管理工具,对所有资源进行整合管理。
也可能部分二次开发过的私有云平台支持对接公有云,可以直接调度和整合公有云资源。
#359 ASN.1
开发者 ASN1 网络编程 2020-01-30我印象中曾在某个项目中接触到了这种格式,但是一时间竟也想不起来。
PS: 可能是有一次涉及 LDAP 协议的时候。
概念
ASN 全名 Abstract Syntax Notation, 翻译过来就是:抽象语法标记。
ASN.1 可能是第一版的意思(?)。
asn.1 是一套国际标准,用来定义一种通用的、严谨的数据表示(标记)方法,以及对应的数据编码格式。
PS:对数据 Scheme 的定义独立于硬件架构和编程语言。
- ITU-T Rec. X.680 (2015) | ISO/IEC 8824-1:2015
Specification of basic notation - ITU-T Rec. X.681 (2015) | ISO/IEC 8824-2:2015
Information object specification - ITU-T Rec. X.682 (2015) | ISO/IEC 8824-3:2015
Constraint specification - ITU-T Rec. X.683 (2015) | ISO/IEC 8824-4:2015
Parameterization of ASN.1 specifications - ITU-T Rec. X.690 (2015) | ISO/IEC 8825-1:2015
BER, CER and DER
PS:常见证书格式 der 就是来自这个 DER。 - ITU-T Rec. X.691 (2015) | ISO/IEC 8825-2:2015
PER (Packed Encoding Rules) - ITU-T Rec. X.692 (2015) | ISO/IEC 8825-3:2015
ECN (Extended Component Notation) - ITU-T Rec. X.693 (2015) | ISO/IEC 8825-4:2015
XER (XML Encoding Rules) - ITU-T Rec. X.694 (2015) | ISO/IEC 8825-5:2015
Mapping W3C XML schema definitions into ASN.1 - ITU-T Rec. X.695 (2015) | ISO/IEC 8825-6:2015
Registration and application of PER encoding instructions - ITU-T Rec. X.696 (2015) | ISO/IEC 8825-7:2015
OER (Octet Encoding Rules) - ITU-T Rec. X.697 (2017) | ISO/IEC 8825-8:2018
JER (JSON Encoding Rules)
一般又被称之为 X.680 系列,最早是 1995 年出第一版。最新的是 2018 年出的 5.4 版(X.680 (2015) Amd. 1)
PS:2021 年 X.680 出了第六版。
部分应用层的网络协议就使用了 ASN.1 格式,比如 X.500 Directory Services,LDAP,VoIP,PKCS,Kerberos,移动通信(2G/GSM,GRPS,一直到 5G)。
它和 JSON 这种通用数据交换格式完全不同,更加类似与 protobuf,msgpack,thrift 这样,提供一个完备的数据定义语法用来声明 Schema(ASN.1 称之为模块),然后基于二进制紧凑地表示数据。所以非常适合用在 C/S 架构的网络编程上,作为服务通讯协议的一部分,负责内外数据交换,也就是 TCP/UDP 服务的接口部分。
如果要将 ASN.1 归类的话,更贴切的应该是接口定义语言,或者叫协议定义语言。
要是了解到 ASN.1 出现的年份(1984)的话,对照它的竞争者出现的时间,会发现它的设计确实比较超前。不管怎么说,这些晚辈确实更加流行,作为国际标准的 ASN.1 不够卖座,肯定是也有不好的地方。
PS:可能是 ASN.1 历史包袱太重, 不够轻便 (我看到的一些评论和我的猜想比较符合)。
数据定义
先来一个示例(维基上找来的,感觉没啥意义):
FooProtocol DEFINITIONS ::= BEGIN
FooQuestion ::= SEQUENCE {
-- 跟踪编号,后面括号是限制值的范围
trackingNumber INTEGER(0..199),
-- 问题内容,字符串
question IA5String
}
FooAnswer ::= SEQUENCE {
-- 问题编号
questionNumber INTEGER(10..20),
-- 答案内容
answer BOOLEAN
}
FooHistory ::= SEQUENCE {
-- 问题数组
questions SEQUENCE(SIZE(0..10)) OF FooQuestion,
-- 答案数组
answers SEQUENCE(SIZE(1..10)) OF FooAnswer,
-- 一个整型数组
anArray SEQUENCE(SIZE(100)) OF INTEGER(0..1000),
...
}
END
基本语法
- 大小写字母,数字,短横杠,空格
标识符:小写字母开头
类型名称:大写字母开头 - 多个空白符号(空格、换行)会当作一个空格
- 数据类型都有一个 TagNumber
--注释
数据类型
简单类型
结构化类型
标记类型
其他类型:CHOICE,ANY
类别:
- 0 Universal 通用类型
- 1 Application 应用协议相关类型
- 2 Context-specific
- 3 Private 自定义
结构化:
原始类型:
| Type | Tag number | 备注 |
|---|---|---|
INTEGER |
2 | 整型 |
BIT STRING |
3 | |
OCTET STRING |
4 | |
NULL |
5 | NULL |
OBJECT IDENTIFIER |
6 | 对象 |
SEQUENCE andSEQUENCE OF |
16 | 数组 |
SET and SET OF |
17 | 集合 |
PrintableString |
19 | 字符串 |
T61String |
20 | |
IA5String |
22 | |
UTCTime |
23 | 时间 |
示例:
编码规则
- 基本编码规则(BER,Basic Encoding Rules)
- 规范编码规则(CER,Canonical Encoding Rules)
- 唯一编码规则(DER,Distinguished Encoding Rules)
- 压缩编码规则(PER,Packed Encoding Rules)
- XML 编码规则(XER,XML Encoding Rules)
Python
https://www.cnblogs.com/20175211lyz/p/12769883.html
https://github.com/etingof/pyasn1
上面的示例通过 asn1ate /tmp/foo.asn > /tmp/foo.py 生成 Python 代码:
PS:并不是一定需要定义成这样类的结构,只是 pyasn1 库适合这样用而已。
from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
class FooAnswer(univ.Sequence):
pass
FooAnswer.componentType = namedtype.NamedTypes(
namedtype.NamedType('questionNumber', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(10, 20))),
namedtype.NamedType('answer', univ.Boolean())
)
class FooQuestion(univ.Sequence):
pass
FooQuestion.componentType = namedtype.NamedTypes(
namedtype.NamedType('trackingNumber', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 199))),
namedtype.NamedType('question', char.IA5String())
)
class FooHistory(univ.Sequence):
pass
FooHistory.componentType = namedtype.NamedTypes(
namedtype.NamedType('questions', univ.SequenceOf(componentType=FooQuestion()).subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 10))),
namedtype.NamedType('answers', univ.SequenceOf(componentType=FooAnswer()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 10))),
namedtype.NamedType('anArray', univ.SequenceOf(componentType=univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 1000))).subtype(subtypeSpec=constraint.ValueSizeConstraint(100, 100)))
)
然后就可以使用了:
import foo
from pyasn1.codec.der.encoder import encode
fa = foo.FooAnswer()
fa['questionNumber'] = 10
fa['answer'] = False
fa_encoded = encode(fa)
print(fa_encoded) # b'0\x06\x02\x01\n\x01\x01\x00'
print(binascii.b2a_hex(fa_encoded).decode()) # 300602010a010100
from pyasn1.codec.der.decoder import decode
obj, rest = decode(fa_encoded)
print(obj)
# Sequence:
# field-0=10
# field-1=False
for k, v in obj.items():
print([k, v])
# ['field-0', <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [10]>]
# ['field-1', <Boolean value object, tagSet <TagSet object, tags 0:0:1>, subtypeSpec <ConstraintsIntersection object, consts <SingleValueConstraint object, consts 0, 1>>, namedValues <NamedValues object, enums False=0, True=1>, payload [False]>]
obj, rest = decode(fa_encoded, asn1Spec=foo.FooAnswer())
print(obj)
# FooAnswer:
# questionNumber=10
# answer=False
# print(dict(obj.items()))
print(dict([(k, str(v)) for k, v in obj.items()]))
# {'questionNumber': '10', 'answer': 'False'}
print(obj['questionNumber'].__dict__)
print(obj['questionNumber']._value) # 10
print(obj['answer'].__dict__)
print(obj['answer']._value) # 0
print([int(obj['questionNumber']), bool(obj['answer'])])
GitHub 找到的几个相关库:
- wbond/asn1crypto
Python ASN.1 library with a focus on performance and a pythonic API
- etingof/pyasn1
Generic ASN.1 library for Python
- eerimoq/asn1tools
ASN.1 parsing, encoding and decoding.
- P1sec/pycrate
A Python library to ease the development of encoders and decoders for various protocols and file formats; contains ASN.1
参考资料与拓展阅读
#358 武汉新型冠状病毒
时事 COVID19 2020-01-29具体的情况,网上不要太多,我说说我的经历和想法。
#357 MySQL help
MySQL 2020-01-25输入 help 之后,按照提示就会发现 MySQL 有一个主题树。
从头 help contents 开始:
Account ManagementALTER RESOURCE GROUPALTER USERCREATE RESOURCE GROUPCREATE ROLECREATE USERDROP RESOURCE GROUPDROP ROLEDROP USERGRANTRENAME USERREVOKESET DEFAULT ROLESET PASSWORDSET RESOURCE GROUPSET ROLEAdministrationBINLOGCACHE INDEXFLUSHHELP COMMANDKILLLOAD INDEXRESETRESET PERSISTRESTARTSETSET CHARACTER SETSET CHARSETSET NAMESSHOWSHOW BINARY LOGSSHOW BINLOG EVENTSSHOW CHARACTER SETSHOW COLLATIONSHOW COLUMNSSHOW CREATE DATABASESHOW CREATE EVENTSHOW CREATE FUNCTIONSHOW CREATE PROCEDURESHOW CREATE SCHEMASHOW CREATE TABLESHOW CREATE TRIGGERSHOW CREATE USERSHOW CREATE VIEWSHOW DATABASESSHOW ENGINESHOW ENGINESSHOW ERRORSSHOW EVENTSSHOW FIELDSSHOW FUNCTION CODESHOW FUNCTION STATUSSHOW GRANTSSHOW INDEXSHOW MASTER LOGSSHOW MASTER STATUSSHOW OPEN TABLESSHOW PLUGINSSHOW PRIVILEGESSHOW PROCEDURE CODESHOW PROCEDURE STATUSSHOW PROCESSLISTSHOW PROFILESHOW PROFILESSHOW RELAYLOG EVENTSSHOW REPLICA STATUSSHOW REPLICASSHOW SCHEMASSHOW SLAVE HOSTSSHOW SLAVE STATUSSHOW STATUSSHOW TABLE STATUSSHOW TABLESSHOW TRIGGERSSHOW VARIABLESSHOW WARNINGSSHUTDOWNComponentsCLONEINSTALL COMPONENTUNINSTALL COMPONENTUNINSTALL PLUGINCompound StatementsBEGIN ENDCASE STATEMENTCLOSEDECLARE CONDITIONDECLARE CURSORDECLARE HANDLERDECLARE VARIABLEFETCHGET DIAGNOSTICSIF STATEMENTITERATELABELSLEAVELOOPOPENREPEAT LOOPRESIGNALRETURNSIGNALWHILEContentsData DefinitionALTER DATABASEALTER EVENTALTER FUNCTIONALTER INSTANCEALTER LOGFILE GROUPALTER PROCEDUREALTER SCHEMAALTER SERVERALTER TABLEALTER TABLESPACEALTER VIEWCREATE DATABASECREATE EVENTCREATE FUNCTIONCREATE INDEXCREATE LOGFILE GROUPCREATE PROCEDURECREATE SCHEMACREATE SERVERCREATE SPATIAL REFERENCE SYSTEMCREATE TABLECREATE TABLESPACECREATE TRIGGERCREATE VIEWDROP DATABASEDROP EVENTDROP FUNCTIONDROP INDEXDROP PROCEDUREDROP SCHEMADROP SERVERDROP SPATIAL REFERENCE SYSTEMDROP TABLEDROP TABLESPACEDROP TRIGGERDROP VIEWFOREIGN KEYRENAME TABLETRUNCATE TABLEData ManipulationCALLDELETEDODUALHANDLERIMPORT TABLEINSERTINSERT DELAYEDINSERT SELECTJOINLOAD DATALOAD XMLPARENTHESIZED QUERY EXPRESSIONSREPLACESELECTTABLEUNIONUPDATEVALUES STATEMENTData TypesAUTO_INCREMENTBIGINTBINARYBITBLOBBLOB DATA TYPEBOOLEANCHARCHAR BYTEDATEDATETIMEDECDECIMALDOUBLEDOUBLE PRECISIONENUMFLOATINTINTEGERLONGBLOBLONGTEXTMEDIUMBLOBMEDIUMINTMEDIUMTEXTSET DATA TYPESMALLINTTEXTTIMETIMESTAMPTINYBLOBTINYINTTINYTEXTVARBINARYVARCHARYEAR DATA TYPEFunctionsAggregate Functions and ModifiersAVGBIT_ANDBIT_ORBIT_XORCOUNTCOUNT DISTINCTGROUP_CONCATJSON_ARRAYAGGJSON_OBJECTAGGMAXMINSTDSTDDEVSTDDEV_POPSTDDEV_SAMPSUMVARIANCEVAR_POPVAR_SAMP
Bit Functions&<<>>BIT_COUNT^|~
Cast Functions and OperatorsBINARY OPERATORCASTCONVERT
Comparison Operators!=<<=<=>=>>=BETWEEN ANDCOALESCEGREATESTININTERVALISIS NOTIS NOT NULLIS NULLISNULLLEASTNOT BETWEENNOT IN
Date and Time FunctionsADDDATEADDTIMECONVERT_TZCURDATECURRENT_DATECURRENT_TIMECURRENT_TIMESTAMPCURTIMEDATE FUNCTIONDATEDIFFDATE_ADDDATE_FORMATDATE_SUBDAYDAYNAMEDAYOFMONTHDAYOFWEEKDAYOFYEAREXTRACTFROM_DAYSFROM_UNIXTIMEGET_FORMATHOURLAST_DAYLOCALTIMELOCALTIMESTAMPMAKEDATEMAKETIMEMICROSECONDMINUTEMONTHMONTHNAMENOWPERIOD_ADDPERIOD_DIFFQUARTERSECONDSEC_TO_TIMESTR_TO_DATESUBDATESUBTIMESYSDATETIME FUNCTIONTIMEDIFFTIMESTAMP FUNCTIONTIMESTAMPADDTIMESTAMPDIFFTIME_FORMATTIME_TO_SECTO_DAYSTO_SECONDSUNIX_TIMESTAMPUTC_DATEUTC_TIMEUTC_TIMESTAMPWEEKWEEKDAYWEEKOFYEARYEARYEARWEEK
Encryption FunctionsAES_DECRYPTAES_ENCRYPTCOMPRESSMD5RANDOM_BYTESSHA1SHA2STATEMENT_DIGESTSTATEMENT_DIGEST_TEXTUNCOMPRESSUNCOMPRESSED_LENGTHVALIDATE_PASSWORD_STRENGTH
Enterprise Encryption FunctionsASYMMETRIC_DECRYPTASYMMETRIC_DERIVEASYMMETRIC_ENCRYPTASYMMETRIC_SIGNASYMMETRIC_VERIFYCREATE_ASYMMETRIC_PRIV_KEYCREATE_ASYMMETRIC_PUB_KEYCREATE_DH_PARAMETERSCREATE_DIGEST
Flow Control FunctionsCASE OPERATORIF FUNCTIONIFNULLNULLIF
GROUP BY Functions and ModifiersGTIDGTID_SUBSETGTID_SUBTRACTWAIT_FOR_EXECUTED_GTID_SETWAIT_UNTIL_SQL_THREAD_AFTER_GTIDS
Information FunctionsBENCHMARKCHARSETCOERCIBILITYCOLLATIONCONNECTION_IDCURRENT_ROLECURRENT_USERDATABASEFOUND_ROWSICU_VERSIONLAST_INSERT_IDROLES_GRAPHMLROW_COUNTSCHEMASESSION_USERSYSTEM_USERUSERVERSION
Internal FunctionsCAN_ACCESS_COLUMNCAN_ACCESS_DATABASECAN_ACCESS_TABLECAN_ACCESS_USERCAN_ACCESS_VIEWGET_DD_COLUMN_PRIVILEGESGET_DD_CREATE_OPTIONSGET_DD_INDEX_SUB_PART_LENGTHINTERNAL_AUTO_INCREMENTINTERNAL_AVG_ROW_LENGTHINTERNAL_CHECKSUMINTERNAL_CHECK_TIMEINTERNAL_DATA_FREEINTERNAL_DATA_LENGTHINTERNAL_DD_CHAR_LENGTHINTERNAL_GET_COMMENT_OR_ERRORINTERNAL_GET_ENABLED_ROLE_JSONINTERNAL_GET_HOSTNAMEINTERNAL_GET_USERNAMEINTERNAL_GET_VIEW_WARNING_OR_ERRORINTERNAL_INDEX_COLUMN_CARDINALITYINTERNAL_INDEX_LENGTHINTERNAL_IS_ENABLED_ROLEINTERNAL_IS_MANDATORY_ROLEINTERNAL_KEYS_DISABLEDINTERNAL_MAX_DATA_LENGTHINTERNAL_TABLE_ROWSINTERNAL_UPDATE_TIMEIS_VISIBLE_DD_OBJECT
Locking FunctionsGET_LOCKIS_FREE_LOCKIS_USED_LOCKRELEASE_ALL_LOCKSRELEASE_LOCK
Logical Operators!ANDASSIGN-EQUALASSIGN-VALUEORXOR
Miscellaneous FunctionsANY_VALUEBIN_TO_UUIDDEFAULTGROUPINGINET6_ATONINET6_NTOAINET_ATONINET_NTOAIS_IPV4IS_IPV4_COMPATIS_IPV4_MAPPEDIS_IPV6IS_UUIDMASTER_POS_WAITNAME_CONSTSLEEPSOURCE_POS_WAITUUIDUUID_SHORTUUID_TO_BINVALUES
Numeric Functions%*+- BINARY- UNARY/ABSACOSASINATANATAN2CEILCEILINGCONVCOSCOTCRC32DEGREESDIVEXPFLOORLNLOGLOG10LOG2MODPIPOWPOWERRADIANSRANDROUNDSIGNSINSQRTTANTRUNCATE
Performance Schema FunctionsFORMAT_BYTESFORMAT_PICO_TIMEPS_CURRENT_THREAD_IDPS_THREAD_ID
Spatial FunctionsGeometry ConstructorsGEOMCOLLECTIONGEOMETRYCOLLECTIONLINESTRINGMULTILINESTRINGMULTIPOINTMULTIPOLYGONPOINTPOLYGONGeometry Property FunctionsST_DIMENSIONST_ENVELOPEST_GEOMETRYTYPEST_ISEMPTYST_ISSIMPLEST_SRIDGeometry Relation FunctionsST_CONTAINSST_CROSSESST_DISJOINTST_DISTANCEST_EQUALSST_FRECHETDISTANCEST_HAUSDORFFDISTANCEST_INTERSECTSST_OVERLAPSST_TOUCHESST_WITHINGeometryCollection Property FunctionsST_BUFFERST_BUFFER_STRATEGYST_CONVEXHULLST_DIFFERENCEST_GEOMETRYNST_INTERSECTIONST_LINEINTERPOLATEPOINTST_LINEINTERPOLATEPOINTSST_NUMGEOMETRIESST_POINTATDISTANCEST_SYMDIFFERENCEST_TRANSFORMST_UNIONLineString Property FunctionsST_ENDPOINTST_ISCLOSEDST_LENGTHST_NUMPOINTSST_POINTNST_STARTPOINTMBR Functions->->>JSON_ARRAYJSON_ARRAY_APPENDJSON_ARRAY_INSERTJSON_CONTAINSJSON_CONTAINS_PATHJSON_DEPTHJSON_EXTRACTJSON_INSERTJSON_KEYSJSON_LENGTHJSON_MERGEJSON_MERGE_PATCH()JSON_MERGE_PRESERVE()JSON_OBJECTJSON_OVERLAPSJSON_PRETTYJSON_QUOTEJSON_REMOVEJSON_REPLACEJSON_SCHEMA_VALIDJSON_SCHEMA_VALIDATION_REPORTJSON_SEARCHJSON_SETJSON_STORAGE_FREEJSON_STORAGE_SIZEJSON_TABLEJSON_TYPEJSON_UNQUOTEJSON_VALIDJSON_VALUEMBRCONTAINSMBRCOVEREDBYMBRCOVERSMBRDISJOINTMBREQUALSMBRINTERSECTSMBROVERLAPSMBRTOUCHESMBRWITHINMEMBER OFST_ASGEOJSONST_COLLECTST_DISTANCE_SPHEREST_GEOHASHST_GEOMFROMGEOJSONST_ISVALIDST_LATFROMGEOHASHST_LONGFROMGEOHASHST_MAKEENVELOPEST_POINTFROMGEOHASHST_SIMPLIFYST_VALIDATEPoint Property FunctionsST_LATITUDEST_LONGITUDEST_XST_YPolygon Property FunctionsST_AREAST_CENTROIDST_EXTERIORRINGST_INTERIORRINGNST_NUMINTERIORRINGSWKB FunctionsST_ASBINARYST_ASTEXTST_GEOMCOLLFROMWKBST_GEOMFROMWKBST_LINEFROMWKBST_MLINEFROMWKBST_MPOINTFROMWKBST_MPOLYFROMWKBST_POINTFROMWKBST_POLYFROMWKBST_SWAPXYWKT FunctionsST_GEOMCOLLFROMTEXTST_GEOMFROMTEXTST_LINEFROMTEXTST_MLINEFROMTEXTST_MPOINTFROMTEXTST_MPOLYFROMTEXTST_POINTFROMTEXTST_POLYFROMTEXT
String FunctionsASCIIBINBIT_LENGTHCHAR FUNCTIONCHARACTER_LENGTHCHAR_LENGTHCONCATCONCAT_WSELTEXPORT_SETFIELDFIND_IN_SETFORMATFROM_BASE64HEXINSERT FUNCTIONINSTRLCASELEFTLENGTHLIKELOAD_FILELOCATELOWERLPADLTRIMMAKE_SETMATCH AGAINSTMIDNOT LIKENOT REGEXPOCTOCTET_LENGTHORDPOSITIONQUOTEREGEXPREGEXP_INSTRREGEXP_LIKEREGEXP_REPLACEREGEXP_SUBSTRREPEAT FUNCTIONREPLACE FUNCTIONREVERSERIGHTRPADRTRIMSOUNDEXSOUNDS LIKESPACESTRCMPSUBSTRSUBSTRINGSUBSTRING_INDEXTO_BASE64TRIMUCASEUNHEXUPPERWEIGHT_STRING
Window FunctionsCUME_DISTDENSE_RANKFIRST_VALUELAGLAST_VALUELEADNTH_VALUENTILEPERCENT_RANKRANKROW_NUMBER
XMLEXTRACTVALUEUPDATEXML
Geographic FeaturesGEOMETRY HIERARCHYSPATIAL COLUMNSSPATIAL INDEXESMBRWKTHelp MetadataHELP_DATEHELP_VERSIONLanguage StructureFALSETRUELoadable FunctionsCREATE FUNCTION LOADABLE FUNCTIONDROP FUNCTION LOADABLE FUNCTIONPluginsPrepared StatementsDEALLOCATE PREPAREDROP PREPAREEXECUTE STATEMENTPREPAREReplication StatementsCHANGE MASTER TOCHANGE REPLICATION FILTERCHANGE REPLICATION SOURCE TOPURGE BINARY LOGSPURGE MASTER LOGSRESET MASTERRESET REPLICARESET SLAVESET SQL_LOG_BINSTART REPLICASTART SLAVESTOP REPLICASTOP SLAVEStorage EnginesTable MaintenanceANALYZE TABLECHECK TABLECHECKSUM TABLEOPTIMIZE TABLEREPAIR TABLETransactionsBEGINCOMMITLOCK INSTANCE FOR BACKUPLOCK TABLESRELEASE SAVEPOINTROLLBACKROLLBACK TO SAVEPOINTSAVEPOINTSET TRANSACTIONSTART TRANSACTIONXAUtilityDESCDESCRIBEEXPLAINHELP STATEMENTUSE
#356 MySQL Error: Packet sequence number wrong
MySQL 2020-01-18多线程执行 MySQL 查询的时候会遇到 Packet sequence number wrong 错误。
Traceback (most recent call last):
File "/tmp/db.py", line 167, in _execute
rowcount = cur.execute(sql, args)
File "/usr/local/lib/python2.7/site-packages/pymysql/cursors.py", line 163, in execute
result = self._query(query)
File "/usr/local/lib/python2.7/site-packages/pymysql/cursors.py", line 321, in _query
conn.query(q)
File "/usr/local/lib/python2.7/site-packages/pymysql/connections.py", line 505, in query
self._affected_rows = self._read_query_result(unbuffered=unbuffered)
File "/usr/local/lib/python2.7/site-packages/pymysql/connections.py", line 724, in _read_query_result
result.read()
File "/usr/local/lib/python2.7/site-packages/pymysql/connections.py", line 1076, in read
self._read_result_packet(first_packet)
File "/usr/local/lib/python2.7/site-packages/pymysql/connections.py", line 1146, in _read_result_packet
self._read_rowdata_packet()
File "/usr/local/lib/python2.7/site-packages/pymysql/connections.py", line 1180, in _read_rowdata_packet
packet = self.connection._read_packet()
File "/usr/local/lib/python2.7/site-packages/pymysql/connections.py", line 660, in _read_packet
% (packet_number, self._next_seq_id))
InternalError: Packet sequence number wrong - got 51 expected 178
多个查询共用连接,并发查询的时候,现在的 MySQL 网络传输机制无法判断这个返回属于哪个查询。
所以每个线程应该使用不同的连接,或者在 execute 之前加一个锁。