1X509(3)               User Contributed Perl Documentation              X509(3)
2
3
4

NAME

6       Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7

SYNOPSIS

9         use Crypt::OpenSSL::X509;
10
11         my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12
13         print $x509->pubkey() . "\n";
14         print $x509->subject() . "\n";
15         print $x509->hash() . "\n";
16         print $x509->email() . "\n";
17         print $x509->issuer() . "\n";
18         print $x509->issuer_hash() . "\n";
19         print $x509->notBefore() . "\n";
20         print $x509->notAfter() . "\n";
21         print $x509->modulus() . "\n";
22         print $x509->exponent() . "\n";
23         print $x509->fingerprint_md5() . "\n";
24         print $x509->fingerprint_sha256() . "\n";
25         print $x509->as_string() . "\n";
26
27         my $x509 = Crypt::OpenSSL::X509->new_from_string(
28           $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
29         );
30
31         # given a time offset of $seconds, will the certificate be valid?
32         if ($x509->checkend($seconds)) {
33           # cert is expired at $seconds offset
34         } else {
35           # cert is ok at $seconds offset
36         }
37
38         my $exts = $x509->extensions_by_oid();
39
40         foreach my $oid (keys %$exts) {
41           my $ext = $$exts{$oid};
42           print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
43         }
44

ABSTRACT

46         Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
47

DESCRIPTION

49         This implement a large majority of OpenSSL's useful X509 API.
50
51         The email() method supports both certificates where the
52         subject is of the form:
53         "... CN=Firstname lastname/emailAddress=user@domain", and also
54         certificates where there is a X509v3 Extension of the form
55         "X509v3 Subject Alternative Name: email=user@domain".
56
57   EXPORT
58       None by default.
59
60       On request:
61
62               FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
63               FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
64

FUNCTIONS

66   X509 CONSTRUCTORS
67       new ( )
68           Create a new X509 object.
69
70       new_from_string ( STRING [ FORMAT ] )
71       new_from_file ( FILENAME [ FORMAT ] )
72           Create a new X509 object from a string or file. "FORMAT" should be
73           "FORMAT_ASN1" or "FORMAT_PEM".
74
75   X509 ACCESSORS
76       subject
77           Subject name as a string.
78
79       issuer
80           Issuer name as a string.
81
82       issuer_hash
83           Issuer name hash as a string.
84
85       serial
86           Serial number as a string.
87
88       hash
89           Alias for subject_hash
90
91       subject_hash
92           Subject name hash as a string.
93
94       notBefore
95           "notBefore" time as a string.
96
97       notAfter
98           "notAfter" time as a string.
99
100       email
101           Email address as a string.
102
103       version
104           Certificate version as a string.
105
106       sig_alg_name
107           Signature algorithm name as a string.
108
109       key_alg_name
110           Public key algorithm name as a string.
111
112       curve
113           Name of the EC curve used in the public key.
114
115   X509 METHODS
116       subject_name ( )
117       issuer_name ( )
118           Return a Name object for the subject or issuer name. Methods for
119           handling Name objects are given below.
120
121       is_selfsigned ( )
122           Return Boolean value if subject and issuer name are the same.
123
124       as_string ( [ FORMAT ] )
125           Return the certificate as a string in the specified format.
126           "FORMAT" can be one of "FORMAT_PEM" (the default) or "FORMAT_ASN1".
127
128       modulus ( )
129           Return the modulus for an RSA public key as a string of hex digits.
130           For DSA and EC return the public key. Other algorithms are not
131           supported.
132
133       bit_length ( )
134           Return the length of the modulus as a number of bits.
135
136       fingerprint_md5 ( )
137       fingerprint_sha1 ( )
138       fingerprint_sha224 ( )
139       fingerprint_sha256 ( )
140       fingerprint_sha384 ( )
141       fingerprint_sha512 ( )
142           Return the specified message digest for the certificate.
143
144       checkend( OFFSET )
145           Given an offset in seconds, will the certificate be expired?
146           Returns True if the certificate will be expired. False otherwise.
147
148       pubkey ( )
149           Return the RSA, DSA, or EC public key.
150
151       num_extensions ( )
152           Return the number of extensions in the certificate.
153
154       extension ( INDEX )
155           Return the Extension specified by the integer "INDEX".  Methods for
156           handling Extension objects are given below.
157
158       extensions_by_oid ( )
159       extensions_by_name ( )
160       extensions_by_long_name ( )
161           Return a hash of Extensions indexed by OID or name.
162
163       has_extension_oid ( OID )
164           Return true if the certificate has the extension specified by
165           "OID".
166
167   X509::Extension METHODS
168       critical ( )
169           Return a value indicating if the extension is critical or not.
170           FIXME: the value is an ASN.1 BOOLEAN value.
171
172       object ( )
173           Return the ObjectID of the extension.  Methods for handling
174           ObjectID objects are given below.
175
176       value ( )
177           Return the value of the extension as an asn1parse(1) style hex
178           dump.
179
180       as_string ( )
181           Return a human-readable version of the extension as formatted by
182           X509V3_EXT_print. Note that this will return an empty string for
183           OIDs with unknown ASN.1 encodings.
184
185   X509::ObjectID METHODS
186       name ( )
187           Return the long name of the object as a string.
188
189       oid ( )
190           Return the numeric dot-separated form of the object identifier as a
191           string.
192
193   X509::Name METHODS
194       as_string ( )
195           Return a string representation of the Name
196
197       entries ( )
198           Return an array of Name_Entry objects. Methods for handling
199           Name_Entry objects are given below.
200
201       has_entry ( TYPE [ LASTPOS ] )
202       has_long_entry ( TYPE [ LASTPOS ] )
203       has_oid_entry ( TYPE [ LASTPOS ] )
204           Return true if a name has an entry of the specified "TYPE".
205           Depending on the function the "TYPE" may be in the short form (e.g.
206           "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
207           specified then the search is made from that index rather than from
208           the start.
209
210       get_index_by_type ( TYPE [ LASTPOS ] )
211       get_index_by_long_type ( TYPE [ LASTPOS ] )
212       get_index_by_oid_type ( TYPE [ LASTPOS ] )
213           Return the index of an entry of the specified "TYPE" in a name.
214           Depending on the function the "TYPE" may be in the short form (e.g.
215           "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
216           specified then the search is made from that index rather than from
217           the start.
218
219       get_entry_by_type ( TYPE [ LASTPOS ] )
220       get_entry_by_long_type ( TYPE [ LASTPOS ] )
221           These methods work similarly to get_index_by_* but return the
222           Name_Entry rather than the index.
223
224   X509::Name_Entry METHODS
225       as_string ( [ LONG ] )
226           Return a string representation of the Name_Entry of the form
227           "typeName=Value". If "LONG" is 1, the long form of the type is
228           used.
229
230       type ( [ LONG ] )
231           Return a string representation of the type of the Name_Entry. If
232           "LONG" is 1, the long form of the type is used.
233
234       value ( )
235           Return a string representation of the value of the Name_Entry.
236
237       is_printableString ( )
238       is_ia5string ( )
239       is_utf8string ( )
240       is_asn1_type ( [ASN1_TYPE] )
241           Return true if the Name_Entry value is of the specified type. The
242           value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
243

SEE ALSO

245       OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
246

AUTHOR

248       Dan Sully
249

CONTRIBUTORS

251       David O'Callaghan, <david.ocallaghan@cs.tcd.ie> Daniel Kahn Gillmor
252       <dkg@fifthhorseman.net>
253
255       Copyright 2004-2017 by Dan Sully
256
257       This library is free software; you can redistribute it and/or modify it
258       under the same terms as Perl itself.
259
260
261
262perl v5.28.0                      2017-11-09                           X509(3)
Impressum