NAME
Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
SYNOPSIS
use Crypt::OpenSSL::X509;
my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
print $x509->pubkey() . "\n";
print $x509->subject() . "\n";
print $x509->issuer() . "\n";
print $x509->email() . "\n";
print $x509->hash() . "\n";
print $x509->notBefore() . "\n";
print $x509->notAfter() . "\n";
print $x509->modulus() . "\n";
print $x509->exponent() . "\n";
print $x509->fingerprint_sha1() . "\n";
print $x509->fingerprint_md5() . "\n";
print $x509->fingerprint_md2() . "\n";
print $x509->as_string(Crypt::OpenSSL::X509::FORMAT_TEXT) . "\n";
my $x509 = Crypt::OpenSSL::X509->new_from_string(
$der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
);
# given a time offset of $seconds, will the certificate be valid?
if ($x509->checkend($seconds)) {
# cert is ok at $seconds offset
} else {
# cert is expired at $seconds offset
}
my $exts = $x509->extensions_by_oid();
foreach my $oid (keys %$exts) {
my $ext = $$exts{$oid};
print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
}
ABSTRACT
Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
DESCRIPTION
This implement a large majority of OpenSSL's useful X509 API.
The email() method supports both certificates where the
subject is of the form:
"... CN=Firstname lastname/emailAddress=user@domain", and also
certificates where there is a X509v3 Extension of the form
"X509v3 Subject Alternative Name: email=user@domain".
EXPORT
None by default.
On request:
FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
FUNCTIONS
X509 CONSTRUCTORS
- new ( )
-
Create a new X509 object.
- new_from_string ( STRING [ FORMAT ] )
- new_from_file ( FILENAME [ FORMAT ] )
-
Create a new X509 object from a string or file.
FORMAT
should beFORMAT_ASN1
orFORMAT_PEM
.
X509 ACCESSORS
- subject
-
Subject name as a string.
- issuer
-
Issuer name as a string.
- serial
-
Serial number as a string.
- hash
-
Subject name hash as a string.
- notBefore
-
notBefore
time as a string. - notAfter
-
notAfter
time as a string. -
Email address as a string.
- version
-
Certificate version as a string.
- sig_alg_name
-
Signature algorithm name as a string.
X509 METHODS
- subject_name ( )
- issuer_name ( )
-
Return a Name object for the subject or issuer name. Methods for handling Name objects are given below.
- as_string ( [ FORMAT ] )
-
Return the certificate as a string in the specified format.
FORMAT
can be one ofFORMAT_PEM
(the default),FORMAT_ASN1
, orFORMAT_NETSCAPE
. - modulus ( )
-
Return the modulus for an RSA public key as a string of hex digits. For DSA, return the public key. Other algorithms are not supported.
- bit_length ( )
-
Return the length of the modulus as a number of bits.
- fingerprint_md5 ( )
- fingerprint_md2 ( )
- fingerprint_sha1 ( )
-
Return the specified message digest for the certificate.
- checkend( OFFSET )
-
Given an offset in seconds, will the certificate be expired?
- pubkey ( )
-
Return the RSA or DSA public key.
- num_extensions ( )
-
Return the number of extensions in the certificate.
- extension ( INDEX )
-
Return the Extension specified by the integer
INDEX
. Methods for handling Extension objects are given below. - extensions_by_oid ( ) =item extensions_by_name ( ) =item extensions_by_long_name ( )
-
Return a hash of Extensions indexed by OID or name.
- has_extension_oid ( OID )
-
Return true if the certificate has the extension specified by
OID
.
X509::Extension METHODS
- critical ( )
-
Return a value indicating if the extension is critical or not. FIXME: the value is an ASN.1 BOOLEAN value.
- object ( )
-
Return the ObjectID of the extension. Methods for handling ObjectID objects are given below.
- value ( )
-
Return the value or data of the extension. FIXME: the value is returned as a string but may represent a complex object.
X509::ObjectID METHODS
- name ( )
-
Return the long name of the object as a string.
- oid ( )
-
Return the numeric dot-seperated form of the object identifier as a string.
X509::Name METHODS
- as_string ( )
-
Return a string representation of the Name
- entries ( )
-
Return an array of Name_Entry objects. Methods for handling Name_Entry objects are given below.
- has_entry ( TYPE [ LASTPOS ] )
- has_long_entry ( TYPE [ LASTPOS ] )
- has_oid_entry ( TYPE [ LASTPOS ] )
-
Return true if a name has an entry of the specified
TYPE
. Depending on the function theTYPE
may be in the short form (e.g.CN
), long form (commonName
) or OID (2.5.4.3
). IfLASTPOS
is specified then the search is made from that index rather than from the start. - get_index_by_type ( TYPE [ LASTPOS ] )
- get_index_by_long_type ( TYPE [ LASTPOS ] )
- get_index_by_oid_type ( TYPE [ LASTPOS ] )
-
Return the index of an entry of the specified
TYPE
in a name. Depending on the function theTYPE
may be in the short form (e.g.CN
), long form (commonName
) or OID (2.5.4.3
). IfLASTPOS
is specified then the search is made from that index rather than from the start. - get_entry_by_type ( TYPE [ LASTPOS ] )
- get_entry_by_long_type ( TYPE [ LASTPOS ] )
-
These methods work similarly to get_index_by_* but return the Name_Entry rather than the index.
X509::Name_Entry METHODS
- as_string ( [ LONG ] )
-
Return a string representation of the Name_Entry of the form
typeName=Value
. IfLONG
is 1, the long form of the type is used. - type ( [ LONG ] )
-
Return a string representation of the type of the Name_Entry. If
LONG
is 1, the long form of the type is used. - value ( )
-
Return a string representation of the value of the Name_Entry.
- is_printableString ( )
- is_ia5string ( )
- is_utf8string ( )
- is_asn1_type ( [ASN1_TYPE] )
-
Return true if the Name_Entry value is of the specified type. The value of
ASN1_TYPE
should be as listed in OpenSSL'sasn1.h
.
SEE ALSO
OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
AUTHOR
Dan Sully, <daniel@cpan.org>
CONTRIBUTORS
David O'Callaghan, <david.ocallaghan@cs.tcd.ie> Daniel Kahn Gillmor <dkg@fifthhorseman.net>
COPYRIGHT AND LICENSE
Copyright 2004-2010 by Dan Sully
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.