1X509(3) User Contributed Perl Documentation X509(3)
2
6 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7
9 use Crypt::OpenSSL::X509;
10 my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12 print $x509->pubkey() . "\n";
14 print $x509->subject() . "\n";
15 print $x509->issuer() . "\n";
16 print $x509->email() . "\n";
17 print $x509->hash() . "\n";
18 print $x509->notBefore() . "\n";
19 print $x509->notAfter() . "\n";
20 print $x509->modulus() . "\n";
21 print $x509->exponent() . "\n";
22 print $x509->fingerprint_sha1() . "\n";
23 print $x509->fingerprint_md5() . "\n";
24 print $x509->as_string(Crypt::OpenSSL::X509::FORMAT_TEXT) . "\n";
25 my $x509 = Crypt::OpenSSL::X509->new_from_string(
27 $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
28 );
29 # given a time offset of $seconds, will the certificate be valid?
31 if ($x509->checkend($seconds)) {
32 # cert is ok at $seconds offset
33 } else {
34 # cert is expired at $seconds offset
35 }
36 my $exts = $x509->extensions_by_oid();
38 foreach my $oid (keys %$exts) {
40 my $ext = $$exts{$oid};
41 print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
42 }
43
45 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
46
48 This implement a large majority of OpenSSL's useful X509 API.
49 The email() method supports both certificates where the
51 subject is of the form:
52 "... CN=Firstname lastname/emailAddress=user@domain", and also
53 certificates where there is a X509v3 Extension of the form
54 "X509v3 Subject Alternative Name: email=user@domain".
55 EXPORT
57 None by default.
58 On request:
60 FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
62 FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
63
65 X509 CONSTRUCTORS
66 new ( )
67 Create a new X509 object.
68 new_from_string ( STRING [ FORMAT ] )
70 new_from_file ( FILENAME [ FORMAT ] )
71 Create a new X509 object from a string or file. "FORMAT" should be
72 "FORMAT_ASN1" or "FORMAT_PEM".
73 X509 ACCESSORS
75 subject
76 Subject name as a string.
77 issuer
79 Issuer name as a string.
80 serial
82 Serial number as a string.
83 hash
85 Subject name hash as a string.
86 notBefore
88 "notBefore" time as a string.
89 notAfter
91 "notAfter" time as a string.
92 email
94 Email address as a string.
95 version
97 Certificate version as a string.
98 sig_alg_name
100 Signature algorithm name as a string.
101 X509 METHODS
103 subject_name ( )
104 issuer_name ( )
105 Return a Name object for the subject or issuer name. Methods for
106 handling Name objects are given below.
107 is_selfsigned ( )
109 Return Boolean value if subject and issuer name are the same.
110 as_string ( [ FORMAT ] )
112 Return the certificate as a string in the specified format.
113 "FORMAT" can be one of "FORMAT_PEM" (the default), "FORMAT_ASN1",
114 or "FORMAT_NETSCAPE".
115 modulus ( )
117 Return the modulus for an RSA public key as a string of hex digits.
118 For DSA, return the public key. Other algorithms are not supported.
119 bit_length ( )
121 Return the length of the modulus as a number of bits.
122 fingerprint_md5 ( )
124 fingerprint_sha1 ( )
125 Return the specified message digest for the certificate.
126 checkend( OFFSET )
128 Given an offset in seconds, will the certificate be expired?
129 pubkey ( )
131 Return the RSA or DSA public key.
132 num_extensions ( )
134 Return the number of extensions in the certificate.
135 extension ( INDEX )
137 Return the Extension specified by the integer "INDEX". Methods for
138 handling Extension objects are given below.
139 extensions_by_oid ( ) =item extensions_by_name ( ) =item
141 extensions_by_long_name ( )
142 Return a hash of Extensions indexed by OID or name.
143 has_extension_oid ( OID )
145 Return true if the certificate has the extension specified by
146 "OID".
147 X509::Extension METHODS
149 critical ( )
150 Return a value indicating if the extension is critical or not.
151 FIXME: the value is an ASN.1 BOOLEAN value.
152 object ( )
154 Return the ObjectID of the extension. Methods for handling
155 ObjectID objects are given below.
156 value ( )
158 Return the value or data of the extension. FIXME: the value is
159 returned as a string but may represent a complex object.
160 X509::ObjectID METHODS
162 name ( )
163 Return the long name of the object as a string.
164 oid ( )
166 Return the numeric dot-seperated form of the object identifier as a
167 string.
168 X509::Name METHODS
170 as_string ( )
171 Return a string representation of the Name
172 entries ( )
174 Return an array of Name_Entry objects. Methods for handling
175 Name_Entry objects are given below.
176 has_entry ( TYPE [ LASTPOS ] )
178 has_long_entry ( TYPE [ LASTPOS ] )
179 has_oid_entry ( TYPE [ LASTPOS ] )
180 Return true if a name has an entry of the specified "TYPE".
181 Depending on the function the "TYPE" may be in the short form (e.g.
182 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
183 specified then the search is made from that index rather than from
184 the start.
185 get_index_by_type ( TYPE [ LASTPOS ] )
187 get_index_by_long_type ( TYPE [ LASTPOS ] )
188 get_index_by_oid_type ( TYPE [ LASTPOS ] )
189 Return the index of an entry of the specified "TYPE" in a name.
190 Depending on the function the "TYPE" may be in the short form (e.g.
191 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
192 specified then the search is made from that index rather than from
193 the start.
194 get_entry_by_type ( TYPE [ LASTPOS ] )
196 get_entry_by_long_type ( TYPE [ LASTPOS ] )
197 These methods work similarly to get_index_by_* but return the
198 Name_Entry rather than the index.
199 X509::Name_Entry METHODS
201 as_string ( [ LONG ] )
202 Return a string representation of the Name_Entry of the form
203 "typeName=Value". If "LONG" is 1, the long form of the type is
204 used.
205 type ( [ LONG ] )
207 Return a string representation of the type of the Name_Entry. If
208 "LONG" is 1, the long form of the type is used.
209 value ( )
211 Return a string representation of the value of the Name_Entry.
212 is_printableString ( )
214 is_ia5string ( )
215 is_utf8string ( )
216 is_asn1_type ( [ASN1_TYPE] )
217 Return true if the Name_Entry value is of the specified type. The
218 value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
219
221 OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
222
224 Dan Sully, <daniel@cpan.org>
225
227 David O'Callaghan, <david.ocallaghan@cs.tcd.ie> Daniel Kahn Gillmor
228 <dkg@fifthhorseman.net>
229
231 Copyright 2004-2011 by Dan Sully
232 This library is free software; you can redistribute it and/or modify it
234 under the same terms as Perl itself.
235perl v5.12.3 2011-05-08 X509(3)