VOMS::Lite::CertKeyHelper(3pm)

1VOMS::Lite::CertKeyHelpUesre(r3)Contributed Perl DocumenVtOaMtSi:o:nLite::CertKeyHelper(3)
2
3
4

NAME

6       VOMS::Lite::CertKeyHelper - Perl extension for parsing DER encoded X509
7       certificates for the VOMS::Lite module.
8

SYNOPSIS

10         use VOMS::Lite::CertKeyHelper qw (x509rsasign buildchain OIDtoDNattrib DNattribToOID);
11
12         # Call x509rsasign with three hex encoded arguments: Data, Exponent and Modulus.
13         $RSAhex=x509rsasign($Dhex,$chex,$nhex);
14
15         # Call buildchain to construct the chain of a certificate given any
16         # unverified supplied certs, trusted cert and directories containing
17         # certicates stored by hash name.
18         # The returned hash contains references to arrays with DER encoded
19         # certificates and other information see DESCRIPTION.
20         my %Chain = %{ buildchain(trustedCAdirs => \@CAdirs,
21                                   suppliedcerts => \@certs,
22                                      trustedCAs => \@CAcerts }) };
23
24         # Convert OID string to DN Attribute e.g. '1.2.840.113549.1.9.1' => 'Email' (yes we do use Email here!)
25         my $Attribkey=OIDtoDNattrib('1.2.840.113549.1.9.1');
26
27         # Convert DN Attribute e.g. 'Email' to it's OID '1.2.840.113549.1.9.1'
28         my $Attribkey=DNattribToOID('1.2.840.113549.1.9.1'); #Note the Case change DNattribToOID not DNattribtoOID!
29

DESCRIPTION

31       VOMS::Lite::CertKeyHelper is primarily for internal use.
32
33       buildchain:- Takes an array of directories conatining "hash.[0-9]+"
34       encoded Certificates
35                    an array of a supplied certificate chain  (1st ELEMENT
36       ASSUMED TO BE LAST IN CHAIN),
37                    and an array of DER encoded CA certificates.
38                    Returns a hash of array references and scalars:
39                    The Arrays are ordered such that the first element is the
40       leaf the next is its
41                    signer and so on to the last which will be the root
42       certificate (if found).
43                    The return hash contains the following keys:
44         Certs                        -- Reference to Array (chain) of
45       certificates.
46         IssuerHashes                 -- Reference to Array of OpenSSL style
47       Name hash of Issuer
48         SubjectHashes                -- Reference to Array of OpenSSL style
49       Name Hash
50         SubjectKeyIdentifiers        -- Reference to Array of Subject key
51       identifiers
52         AuthorityKeyIdentifiersSKIDs -- Reference to Array of Authority's
53       Subject key identifiers
54         DistinguishedNames           -- Reference to Array: certificate N's
55       Subject DN '/' seperated
56         IssuerDistinguishedNames     -- Reference to Array: certificate N's
57       Issuer DN '/' seperated
58         TrustedCA                    -- Reference to Array of whether
59       certificate N is trusted i.e. there's a local copy
60         SelfSignedInChain            -- Scalar: True if there is a selfsigned
61       certificate in the chain.
62         GSIType                      -- Reference to Array of strings
63       containing type of certificate certificate N is.
64         EndEntityDN                  -- Scalar: DN of End entity certificate
65       '/' seperated
66         EndEntityIssuerDN            -- Scalar: DN of EEC's Issuer '/'
67       seperated
68         EndEntityCert                -- Scalar: End Entitie's DER encoded
69       certificate
70         Lifetimes                    -- Reference to Array of lifetimes
71         Errors                       -- Reference to Array errors
72
73         buildchain does do some rudementry certificate validation but
74         currently does not handle CRLs
75
76       x509rsasign:- return the ASN1 encoded signature of an MD5 string passed
77       as first argument (as per RFC2313)
78
79       OIDtoDNattrib :-  convert an OID to a DN string representation
80       attribute type.  Where OIDtoDNattrib is handed an OID it does not
81       recognise it will return the OID.  OIDtoDNattrib knows about: DN, UID,
82       DC, Email, CN, SN, serialNumber, C, L, ST, street, title,
83       postalAddress, postalCode, postOfficeBox, registeredAddress, OU, name,
84       O, givenName, initials, locality, organization
85
86       DNattribToOID:- convert a DN string representation attribute type to an
87       OID.  Where DNattribToOID does not recognise an Attribute it will
88       return undef.  DNattribToOID knows the same attributes as OIDtoDNattrib
89       and will also accept: commonName, serialNumber, countryName,
90       localityName, stateOrProvinceName, organizationName,
91       organizationalUnitName, emailAddress, UserID, and domainComponent.
92
93       Notes on DNs
94
95       The slash representation of a DN is a really bad way to express the
96       contents of a certificate issuer or subject field.  This implementation
97       recognises only a handful of OIDs and, especially, translates
98       0.9.2342.19200300.100.1.1 into UID and 1.2.840.113549.1.9.1 into Email.
99
100   EXPORT
101       None by default.
102
103       The following functions can be imported: buildchain digestSign
104       OIDtoDNattrib DNattribToOID.
105

TO DO

107       Add CRL checking functionality to the verifychain internal function
108       called by buildchain.
109

AUTHOR

124       Mike Jones <mike.jones@manchester.ac.uk>
125

COPYRIGHT AND LICENSE

127       Copyright (C) 2006 by Mike Jones
128
129       This library is free software; you can redistribute it and/or modify it
130       under the same terms as Perl itself, either Perl version 5.8.3 or, at
131       your option, any later version of Perl 5 you may have available.
132
133
134
135perl v5.32.0                      2020-07-28      VOMS::Lite::CertKeyHelper(3)

NAME

SYNOPSIS

DESCRIPTION

TO DO

SEE ALSO

AUTHOR

COPYRIGHT AND LICENSE