1X509(3) User Contributed Perl Documentation X509(3)
2
3
4
6 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7
9 use Crypt::OpenSSL::X509;
10
11 my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12
13 print $x509->pubkey() . "\n";
14 print $x509->subject() . "\n";
15 print $x509->hash() . "\n";
16 print $x509->email() . "\n";
17 print $x509->issuer() . "\n";
18 print $x509->issuer_hash() . "\n";
19 print $x509->notBefore() . "\n";
20 print $x509->notAfter() . "\n";
21 print $x509->modulus() . "\n";
22 print $x509->exponent() . "\n";
23 print $x509->fingerprint_md5() . "\n";
24 print $x509->fingerprint_sha256() . "\n";
25 print $x509->as_string() . "\n";
26
27 my $x509 = Crypt::OpenSSL::X509->new_from_string(
28 $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
29 );
30
31 # given a time offset of $seconds, will the certificate be valid?
32 if ($x509->checkend($seconds)) {
33 # cert is expired at $seconds offset
34 } else {
35 # cert is ok at $seconds offset
36 }
37
38 my $exts = $x509->extensions_by_oid();
39
40 foreach my $oid (keys %$exts) {
41 my $ext = $$exts{$oid};
42 print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
43 }
44
46 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
47
49 This implement a large majority of OpenSSL's useful X509 API.
50
51 The email() method supports both certificates where the
52 subject is of the form:
53 "... CN=Firstname lastname/emailAddress=user@domain", and also
54 certificates where there is a X509v3 Extension of the form
55 "X509v3 Subject Alternative Name: email=user@domain".
56
57 EXPORT
58 None by default.
59
60 On request:
61
62 FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
63 FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
64
66 X509 CONSTRUCTORS
67 new ( )
68 Create a new X509 object.
69
70 new_from_string ( STRING [ FORMAT ] )
71 new_from_file ( FILENAME [ FORMAT ] )
72 Create a new X509 object from a string or file. "FORMAT" should be
73 "FORMAT_ASN1" or "FORMAT_PEM".
74
75 X509 ACCESSORS
76 subject
77 Subject name as a string.
78
79 issuer
80 Issuer name as a string.
81
82 issuer_hash
83 Issuer name hash as a string.
84
85 serial
86 Serial number as a string.
87
88 hash
89 Alias for subject_hash
90
91 subject_hash
92 Subject name hash as a string.
93
94 notBefore
95 "notBefore" time as a string.
96
97 notAfter
98 "notAfter" time as a string.
99
100 email
101 Email address as a string.
102
103 version
104 Certificate version as a string.
105
106 sig_alg_name
107 Signature algorithm name as a string.
108
109 key_alg_name
110 Public key algorithm name as a string.
111
112 curve
113 Name of the EC curve used in the public key.
114
115 X509 METHODS
116 subject_name ( )
117 issuer_name ( )
118 Return a Name object for the subject or issuer name. Methods for
119 handling Name objects are given below.
120
121 is_selfsigned ( )
122 Return Boolean value if subject and issuer name are the same.
123
124 as_string ( [ FORMAT ] )
125 Return the certificate as a string in the specified format.
126 "FORMAT" can be one of "FORMAT_PEM" (the default) or "FORMAT_ASN1".
127
128 modulus ( )
129 Return the modulus for an RSA public key as a string of hex digits.
130 For DSA and EC return the public key. Other algorithms are not
131 supported.
132
133 bit_length ( )
134 Return the length of the modulus as a number of bits.
135
136 fingerprint_md5 ( )
137 fingerprint_sha1 ( )
138 fingerprint_sha224 ( )
139 fingerprint_sha256 ( )
140 fingerprint_sha384 ( )
141 fingerprint_sha512 ( )
142 Return the specified message digest for the certificate.
143
144 checkend( OFFSET )
145 Given an offset in seconds, will the certificate be expired?
146 Returns True if the certificate will be expired. False otherwise.
147
148 pubkey ( )
149 Return the RSA, DSA, or EC public key.
150
151 num_extensions ( )
152 Return the number of extensions in the certificate.
153
154 extension ( INDEX )
155 Return the Extension specified by the integer "INDEX". Methods for
156 handling Extension objects are given below.
157
158 extensions_by_oid ( )
159 extensions_by_name ( )
160 extensions_by_long_name ( )
161 Return a hash of Extensions indexed by OID or name.
162
163 has_extension_oid ( OID )
164 Return true if the certificate has the extension specified by
165 "OID".
166
167 X509::Extension METHODS
168 critical ( )
169 Return a value indicating if the extension is critical or not.
170 FIXME: the value is an ASN.1 BOOLEAN value.
171
172 object ( )
173 Return the ObjectID of the extension. Methods for handling
174 ObjectID objects are given below.
175
176 value ( )
177 Return the value of the extension as an asn1parse(1) style hex
178 dump.
179
180 as_string ( )
181 Return a human-readable version of the extension as formatted by
182 X509V3_EXT_print. Note that this will return an empty string for
183 OIDs with unknown ASN.1 encodings.
184
185 X509::ObjectID METHODS
186 name ( )
187 Return the long name of the object as a string.
188
189 oid ( )
190 Return the numeric dot-separated form of the object identifier as a
191 string.
192
193 X509::Name METHODS
194 as_string ( )
195 Return a string representation of the Name
196
197 entries ( )
198 Return an array of Name_Entry objects. Methods for handling
199 Name_Entry objects are given below.
200
201 has_entry ( TYPE [ LASTPOS ] )
202 has_long_entry ( TYPE [ LASTPOS ] )
203 has_oid_entry ( TYPE [ LASTPOS ] )
204 Return true if a name has an entry of the specified "TYPE".
205 Depending on the function the "TYPE" may be in the short form (e.g.
206 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
207 specified then the search is made from that index rather than from
208 the start.
209
210 get_index_by_type ( TYPE [ LASTPOS ] )
211 get_index_by_long_type ( TYPE [ LASTPOS ] )
212 get_index_by_oid_type ( TYPE [ LASTPOS ] )
213 Return the index of an entry of the specified "TYPE" in a name.
214 Depending on the function the "TYPE" may be in the short form (e.g.
215 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
216 specified then the search is made from that index rather than from
217 the start.
218
219 get_entry_by_type ( TYPE [ LASTPOS ] )
220 get_entry_by_long_type ( TYPE [ LASTPOS ] )
221 These methods work similarly to get_index_by_* but return the
222 Name_Entry rather than the index.
223
224 X509::Name_Entry METHODS
225 as_string ( [ LONG ] )
226 Return a string representation of the Name_Entry of the form
227 "typeName=Value". If "LONG" is 1, the long form of the type is
228 used.
229
230 type ( [ LONG ] )
231 Return a string representation of the type of the Name_Entry. If
232 "LONG" is 1, the long form of the type is used.
233
234 value ( )
235 Return a string representation of the value of the Name_Entry.
236
237 is_printableString ( )
238 is_ia5string ( )
239 is_utf8string ( )
240 is_asn1_type ( [ASN1_TYPE] )
241 Return true if the Name_Entry value is of the specified type. The
242 value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
243
245 OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
246
248 Dan Sully
249
251 David O'Callaghan, <david.ocallaghan@cs.tcd.ie> Daniel Kahn Gillmor
252 <dkg@fifthhorseman.net>
253
255 Copyright 2004-2017 by Dan Sully
256
257 This library is free software; you can redistribute it and/or modify it
258 under the same terms as Perl itself.
259
260
261
262perl v5.28.0 2017-11-09 X509(3)