1VOMS::Lite::X509(3) User Contributed Perl Documentation VOMS::Lite::X509(3)
2
3
4
6 VOMS::Lite::X509 - Perl extension for X509 Certificate creation and
7 examination
8
10 use VOMS::Lite::X509;
11 %X509=VOMS::Lite::X509::Create(
12 {
13 Serial=>0,
14 DN=>["C=GB","CN=my common name"],
15 }
16 );
17 my $DER=$X509{'Cert'};
18 %CertInfo= %{
19 VOMS::Lite::X509::Examine( $DER,
20 {
21 SubjectDN=>"",
22 IssuerDN=>""
23 }
24 )
25 };
26 print "$CertInfo{'SubjectDN'}\n$CertInfo{'IssuerDN'}\n";
27
29 VOMS::Lite::X509 provides a library to create and to examine X509
30 cerificates.
31
32 VOMS::Lite::X509::Create
33 VOMS::Lite::X509::Create takes one argument, an anonymous hash
34 containing all the relevant information required to make the X509
35 Certificate.
36
37 In the Hash the following scalars should be defined:
38 'Serial' the decimal value of the serial number for the certificate
39 'DN' the array of attribute=value strings that make up the
40 Distinguished Name
41
42 Both or neither of these should be defined:
43 'CACert' the DER encoding of the issuing (CA) certificate.
44 'CAKey' the DER encoding of the issuing (CA) key.
45
46 The following are optional:
47 'Lifetime' the lifetime of the credential to be issued in seconds
48 'CA' can be either 'True' or 'False' if defined
49 (it sets the basic constraints and key usage values)
50 'Bits' the size of the key can be any of 512,1024,2048,4096
51 'Extensions' a reference to an array of strings containing
52 X509 extensions i.e. an array of DER encoded:
53 SEQUENCE ::= { OID,
54 extnID OBJECT IDENTIFIER,
55 critical BOOLEAN DEFAULT FALSE,
56 extnValue OCTET STRING }
57
58 'subjectAltName' a reference to an Array of Generalnames e.g.
59 [ 'rfc822Name=mike.jones@manchester.ac.uk',
60 'dNSName=a.dns.fqdn',
61 'directoryName=300f310d300b060355040313044d696b65',
62 # The hex can also be specified as unsigned chars
63 'uniformResourceIdentifier=http://www.mc.manchester.ac.uk/projects/shebangs/',
64 'IPAddress=\202\130\001\202\377\377\377\377' ]
65
66 The return value is a hash reference containing the X509 Certificate
67 and Key strings in DER format (Cert and Key), a reference to an array
68 of 'Warnings' (a certificate will still be created if warnings are
69 present), a reference to an array of 'Errors' (if an error is
70 encountered then no Proxy will be produced), and a string 'Hash' of the
71 openssl-type for the produced certificate's name.
72
73 VOMS::Lite::X509::Examine
74 VOMS::Lite::X509::Examine takes two arguments: the DER encoded X509
75 certificate and a hash of the required information. If defined in the
76 hash of the first element in the call to Examine the following
77 variables will be parsed from the certificate and returned in the
78 return referenced hash.
79 Chuncks of DER encoded data directly from the certificate:
80 'X509version' - DER encoded version
81 'X509serial' - DER encoded serial number
82 'X509signature' - DER encoded siganture type
83 'X509issuer' - DER encoded issuer
84 'X509validity' - DER encoded validity
85 'X509subject' - DER encoded subject
86 'X509subjectPublicKeyInfo' - DER encoded subject Public Key Info
87 'X509issuerUniqueID' - DER encoded Issuer Unique ID
88 'X509subjectUniqueID' - DER encoded Subject Unique ID
89 'X509extensions' - DER encoded Extensions
90
91 'Start' - Valid from value of the certificate
92 (seconds since midnight 1 Jan 1970)
93 'End' - Valid until value of the certificate
94 (seconds since midnight 1 Jan 1970)
95 'SubjectDN' - Subject's DN string, slash seperated
96 representation (yuk)
97 'IssuerDN' - Issuer's DN string, slash seperated
98 representation (yuk)
99
100 'subjectKeyIdentifier' - byte string representing the Subject
101 Key Identifier extension
102 'authorityKeyIdentifier' - DER encoded Authority Key Identifier
103 extension, if set the folloring
104 binary values will also be returned:
105 'authorityKeyIdentifierSkid' - Authority's Subject Key
106 Identifier (byte string)
107 'authorityKeyIdentifierIssuer' - Authority's General Name DER
108 encoded
109 'authorityKeyIdentifierSerial' - Authority's Serial Number as a
110 hex string.
111 'keyUsage' - The Packed keyUsage extension value,
112 if set the folloring binary values
113 will also be returned:
114 'keyUsageDigitalSignature' 0=false, 1=true
115 'keyUsageNonRepudiation' 0=false, 1=true
116 'keyUsageKeyEncipherment' 0=false, 1=true
117 'keyUsageDataEncipherment' 0=false, 1=true
118 'keyUsageKeyAgreement' 0=false, 1=true
119 'keyUsageKeyCertSign' 0=false, 1=true
120 'keyUsageCRLSign' 0=false, 1=true
121 'keyUsageEncipherOnly' 0=false, 1=true
122 'keyUsageDecipherOnly' 0=false, 1=true
123 'basicConstraints' - The Packed keyUsage extension value,
124 if set the folloring binary values
125 will also be returned:
126 'basicConstraintsCA' 0=false, 1=true
127 'basicConstraintsPathLen' path length integer
128
129 EXPORT
130 None;
131
133 RFC3820
134
135 This module was originally designed for the SHEBANGS project at The
136 University of Manchester.
137 http://www.mc.manchester.ac.uk/projects/shebangs/ now
138 http://www.rcs.manchester.ac.uk/research/shebangs/
139
140 Mailing list, shebangs@listserv.manchester.ac.uk
141
142 Mailing list, voms-lite@listserv.manchester.ac.uk
143
145 Mike Jones <mike.jones@manchester.ac.uk>
146
148 Copyright (C) 2006 by Mike Jones
149
150 This library is free software; you can redistribute it and/or modify it
151 under the same terms as Perl itself, either Perl version 5.8.3 or, at
152 your option, any later version of Perl 5 you may have available.
153
154
155
156perl v5.12.3 2011-03-17 VOMS::Lite::X509(3)