1VOMS::Lite::X509(3)   User Contributed Perl Documentation  VOMS::Lite::X509(3)
2
3
4

NAME

6       VOMS::Lite::X509 - Perl extension for X509 Certificate creation and
7       examination
8

SYNOPSIS

10         use VOMS::Lite::X509;
11         %X509=VOMS::Lite::X509::Create(
12                                          {
13                                            Serial=>0,
14                                            DN=>["C=GB","CN=my common name"],
15                                          }
16                                       );
17         my $DER=$X509{'Cert'};
18         %CertInfo= %{
19                       VOMS::Lite::X509::Examine( $DER,
20                                                  {
21                                                    SubjectDN=>"",
22                                                    IssuerDN=>""
23                                                  }
24                                                )
25                     };
26         print "$CertInfo{'SubjectDN'}\n$CertInfo{'IssuerDN'}\n";
27

DESCRIPTION

29       VOMS::Lite::X509 provides a library to create and to examine X509
30       cerificates.
31
32   VOMS::Lite::X509::Create
33       VOMS::Lite::X509::Create takes one argument, an anonymous hash
34       containing all the relevant information required to make the X509
35       Certificate.
36
37         In the Hash the following scalars should be defined:
38         'Serial' the decimal value of the serial number for the certificate
39         'DN'     the array of attribute=value strings that make up the
40            Distinguished Name
41
42         Both or neither of these should be defined:
43         'CACert' the DER encoding of the issuing (CA) certificate.
44         'CAKey'  the DER encoding of the issuing (CA) key.
45
46         The following are optional:
47           'Lifetime' the lifetime of the credential to be issued in seconds
48           'CA'       can be either 'True' or 'False' if defined
49                      (it sets the basic constraints and key usage values)
50           'Bits'     the size of the key can be any of 512,1024,2048,4096
51           'Extensions' a reference to an array of strings containing
52                      X509 extensions i.e. an array of DER encoded:
53                      SEQUENCE ::= { OID,
54                                     extnID OBJECT IDENTIFIER,
55                                     critical BOOLEAN DEFAULT FALSE,
56                                     extnValue OCTET STRING  }
57
58           'subjectAltName' a reference to an Array of Generalnames e.g.
59                     [ 'rfc822Name=mike.jones@manchester.ac.uk',
60                       'dNSName=a.dns.fqdn',
61                       'directoryName=300f310d300b060355040313044d696b65',
62                          # The hex can also be specified as unsigned chars
63                       'uniformResourceIdentifier=http://www.mc.manchester.ac.uk/projects/shebangs/',
64                       'IPAddress=\202\130\001\202\377\377\377\377' ]
65
66       The return value is a hash reference containing the X509 Certificate
67       and Key strings in DER format (Cert and Key), a reference to an array
68       of 'Warnings' (a certificate will still be created if warnings are
69       present), a reference to an array of 'Errors' (if an error is
70       encountered then no Proxy will be produced), and a string 'Hash' of the
71       openssl-type for the produced certificate's name.
72
73   VOMS::Lite::X509::Examine
74       VOMS::Lite::X509::Examine takes two arguments: the DER encoded X509
75       certificate and a hash of the required information.  If defined in the
76       hash of the first element in the call to Examine the following
77       variables will be parsed from the certificate and returned in the
78       return referenced hash.
79         Chuncks of DER encoded data directly from the certificate:
80         'X509version'               - DER encoded version
81         'X509serial'                - DER encoded serial number
82         'X509signature'             - DER encoded siganture type
83         'X509issuer'                - DER encoded issuer
84         'X509validity'              - DER encoded validity
85         'X509subject'               - DER encoded subject
86         'X509subjectPublicKeyInfo'  - DER encoded subject Public Key Info
87         'X509issuerUniqueID'        - DER encoded Issuer Unique ID
88         'X509subjectUniqueID'       - DER encoded Subject Unique ID
89         'X509extensions'            - DER encoded Extensions
90
91         'Start'                     - Valid from value of the certificate
92                                       (seconds since midnight 1 Jan 1970)
93         'End'                       - Valid until value of the certificate
94                                       (seconds since midnight 1 Jan 1970)
95         'SubjectDN'                 - Subject's DN string, slash seperated
96                                       representation (yuk)
97         'IssuerDN'                  - Issuer's DN string, slash seperated
98                                       representation (yuk)
99
100         'subjectKeyIdentifier'      - byte string representing the Subject
101                                       Key Identifier extension
102         'authorityKeyIdentifier'    - DER encoded Authority Key Identifier
103                                       extension, if set the folloring
104                                       binary values will also be returned:
105           'authorityKeyIdentifierSkid'    - Authority's Subject Key
106                                             Identifier (byte string)
107           'authorityKeyIdentifierIssuer'  - Authority's General Name DER
108                                             encoded
109           'authorityKeyIdentifierSerial'  - Authority's Serial Number as a
110                                             hex string.
111         'keyUsage'                  - The Packed keyUsage extension value,
112                                       if set the folloring binary values
113                                       will also be returned:
114           'keyUsageDigitalSignature'    0=false, 1=true
115           'keyUsageNonRepudiation'      0=false, 1=true
116           'keyUsageKeyEncipherment'     0=false, 1=true
117           'keyUsageDataEncipherment'    0=false, 1=true
118           'keyUsageKeyAgreement'        0=false, 1=true
119           'keyUsageKeyCertSign'         0=false, 1=true
120           'keyUsageCRLSign'             0=false, 1=true
121           'keyUsageEncipherOnly'        0=false, 1=true
122           'keyUsageDecipherOnly'        0=false, 1=true
123         'basicConstraints'          - The Packed keyUsage extension value,
124                                       if set the folloring binary values
125                                       will also be returned:
126           'basicConstraintsCA'          0=false, 1=true
127           'basicConstraintsPathLen'     path length integer
128
129   EXPORT
130       None;
131

SEE ALSO

133       RFC3820
134
135       This module was originally designed for the SHEBANGS project at The
136       University of Manchester.
137       http://www.mc.manchester.ac.uk/projects/shebangs/ now
138       http://www.rcs.manchester.ac.uk/research/shebangs/
139
140       Mailing list, shebangs@listserv.manchester.ac.uk
141
142       Mailing list, voms-lite@listserv.manchester.ac.uk
143

AUTHOR

145       Mike Jones <mike.jones@manchester.ac.uk>
146
148       Copyright (C) 2006 by Mike Jones
149
150       This library is free software; you can redistribute it and/or modify it
151       under the same terms as Perl itself, either Perl version 5.8.3 or, at
152       your option, any later version of Perl 5 you may have available.
153
154
155
156perl v5.12.3                      2011-03-17               VOMS::Lite::X509(3)
Impressum