NAME
VOMS::Lite::X509 - Perl extension for X509 Certificate creation and examination
SYNOPSIS
use VOMS::Lite::X509;
%X509=VOMS::Lite::X509::Create(
{
Serial=>0,
DN=>["C=GB","CN=my common name"],
}
);
my $DER=$X509{'Cert'};
%CertInfo= %{
VOMS::Lite::X509::Examine( $DER,
{
SubjectDN=>"",
IssuerDN=>""
}
)
};
print "$CertInfo{'SubjectDN'}\n$CertInfo{'IssuerDN'}\n";DESCRIPTION
VOMS::Lite::X509 provides a library to create and to examine X509 cerificates.
VOMS::Lite::X509::Create
VOMS::Lite::X509::Create takes one argument, an anonymous hash containing all the relevant information required to make the X509 Certificate.
In the Hash the following scalars should be defined:
'Serial' the decimal value of the serial number for the certificate
'DN' the array of attribute=value strings that make up the
Distinguished Name
Both or neither of these should be defined:
'CACert' the DER encoding of the issuing (CA) certificate.
'CAKey' the DER encoding of the issuing (CA) key.
The following are optional:
'Lifetime' the lifetime of the credential to be issued in seconds
'CA' can be either 'True' or 'False' if defined
(it sets the basic constraints and key usage values)
'Bits' the size of the key can be any of 512,1024,2048,4096
'Extensions' a reference to an array of strings containing
X509 extensions i.e. an array of DER encoded:
SEQUENCE ::= { OID,
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
'subjectAltName' a reference to an Array of Generalnames e.g.
[ 'rfc822Name=mike.jones@manchester.ac.uk',
'dNSName=a.dns.fqdn',
'directoryName=300f310d300b060355040313044d696b65',
# The hex can also be specified as unsigned chars
'uniformResourceIdentifier=http://www.mc.manchester.ac.uk/projects/shebangs/',
'IPAddress=\202\130\001\202\377\377\377\377' ]The return value is a hash reference containing the X509 Certificate and Key strings in DER format (Cert and Key), a reference to an array of 'Warnings' (a certificate will still be created if warnings are present), a reference to an array of 'Errors' (if an error is encountered then no Proxy will be produced), and a string 'Hash' of the openssl-type for the produced certificate's name.
VOMS::Lite::X509::Examine
VOMS::Lite::X509::Examine takes two arguments: the DER encoded X509 certificate and a hash of the required information. If defined in the hash of the first element in the call to Examine the following variables will be parsed from the certificate and returned in the return referenced hash. Chuncks of DER encoded data directly from the certificate: 'X509version' - DER encoded version 'X509serial' - DER encoded serial number 'X509signature' - DER encoded siganture type 'X509issuer' - DER encoded issuer 'X509validity' - DER encoded validity 'X509subject' - DER encoded subject 'X509subjectPublicKeyInfo' - DER encoded subject Public Key Info 'X509issuerUniqueID' - DER encoded Issuer Unique ID 'X509subjectUniqueID' - DER encoded Subject Unique ID 'X509extensions' - DER encoded Extensions
'Start' - Valid from value of the certificate
(seconds since midnight 1 Jan 1970)
'End' - Valid until value of the certificate
(seconds since midnight 1 Jan 1970)
'SubjectDN' - Subject's DN string, slash seperated
representation (yuk)
'IssuerDN' - Issuer's DN string, slash seperated
representation (yuk)
'subjectKeyIdentifier' - byte string representing the Subject
Key Identifier extension
'authorityKeyIdentifier' - DER encoded Authority Key Identifier
extension, if set the folloring
binary values will also be returned:
'authorityKeyIdentifierSkid' - Authority's Subject Key
Identifier (byte string)
'authorityKeyIdentifierIssuer' - Authority's General Name DER
encoded
'authorityKeyIdentifierSerial' - Authority's Serial Number as a
hex string.
'keyUsage' - The Packed keyUsage extension value,
if set the folloring binary values
will also be returned:
'keyUsageDigitalSignature' 0=false, 1=true
'keyUsageNonRepudiation' 0=false, 1=true
'keyUsageKeyEncipherment' 0=false, 1=true
'keyUsageDataEncipherment' 0=false, 1=true
'keyUsageKeyAgreement' 0=false, 1=true
'keyUsageKeyCertSign' 0=false, 1=true
'keyUsageCRLSign' 0=false, 1=true
'keyUsageEncipherOnly' 0=false, 1=true
'keyUsageDecipherOnly' 0=false, 1=true
'basicConstraints' - The Packed keyUsage extension value,
if set the folloring binary values
will also be returned:
'basicConstraintsCA' 0=false, 1=true
'basicConstraintsPathLen' path length integerEXPORT
None;
SEE ALSO
RFC3820
This module was originally designed for the SHEBANGS project at The University of Manchester. http://www.mc.manchester.ac.uk/projects/shebangs/ now http://www.rcs.manchester.ac.uk/research/shebangs/
Mailing list, shebangs@listserv.manchester.ac.uk
Mailing list, voms-lite@listserv.manchester.ac.uk
AUTHOR
Mike Jones <mike.jones@manchester.ac.uk>
COPYRIGHT AND LICENSE
Copyright (C) 2006 by Mike Jones
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.3 or, at your option, any later version of Perl 5 you may have available.