1X509(3)               User Contributed Perl Documentation              X509(3)
2
3
4

NAME

6       Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7

SYNOPSIS

9         use Crypt::OpenSSL::X509;
10
11         my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12
13         print $x509->pubkey() . "\n";
14         print $x509->subject() . "\n";
15         print $x509->hash() . "\n";
16         print $x509->email() . "\n";
17         print $x509->issuer() . "\n";
18         print $x509->issuer_hash() . "\n";
19         print $x509->notBefore() . "\n";
20         print $x509->notAfter() . "\n";
21         print $x509->modulus() . "\n";
22         print $x509->exponent() . "\n";
23         print $x509->fingerprint_md5() . "\n";
24         print $x509->fingerprint_sha256() . "\n";
25         print $x509->as_string() . "\n";
26
27         my $x509 = Crypt::OpenSSL::X509->new_from_string(
28           $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
29         );
30
31         # given a time offset of $seconds, will the certificate be valid?
32         if ($x509->checkend($seconds)) {
33           # cert is expired at $seconds offset
34         } else {
35           # cert is ok at $seconds offset
36         }
37
38         my $exts = $x509->extensions_by_oid();
39
40         foreach my $oid (keys %$exts) {
41           my $ext = $$exts{$oid};
42           print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
43         }
44

ABSTRACT

46         Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
47

DESCRIPTION

49         This implement a large majority of OpenSSL's useful X509 API.
50
51         The email() method supports both certificates where the
52         subject is of the form:
53         "... CN=Firstname lastname/emailAddress=user@domain", and also
54         certificates where there is a X509v3 Extension of the form
55         "X509v3 Subject Alternative Name: email=user@domain".
56
57   EXPORT
58       None by default.
59
60       On request:
61
62               FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
63               FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
64

FUNCTIONS

66   X509 CONSTRUCTORS
67       new ( )
68           Create a new X509 object.
69
70       new_from_string ( STRING [ FORMAT ] )
71       new_from_file ( FILENAME [ FORMAT ] )
72           Create a new X509 object from a string or file. "FORMAT" should be
73           "FORMAT_ASN1" or "FORMAT_PEM".
74
75   X509 ACCESSORS
76       subject
77           Subject name as a string.
78
79       issuer
80           Issuer name as a string.
81
82       issuer_hash
83           Issuer name hash as a string.
84
85       serial
86           Serial number as a string.
87
88       hash
89           Alias for subject_hash
90
91       subject_hash
92           Subject name hash as a string.
93
94       notBefore
95           "notBefore" time as a string.
96
97       notAfter
98           "notAfter" time as a string.
99
100       email
101           Email addresses as string, if multiple addresses found, they are
102           separated by a space (' ').
103
104       version
105           Certificate version as a string.
106
107       sig_alg_name
108           Signature algorithm name as a string.
109
110       key_alg_name
111           Public key algorithm name as a string.
112
113       curve
114           Name of the EC curve used in the public key.
115
116   X509 METHODS
117       subject_name ( )
118       issuer_name ( )
119           Return a Name object for the subject or issuer name. Methods for
120           handling Name objects are given below.
121
122       is_selfsigned ( )
123           Return Boolean value if subject and issuer name are the same.
124
125       as_string ( [ FORMAT ] )
126           Return the certificate as a string in the specified format.
127           "FORMAT" can be one of "FORMAT_PEM" (the default) or "FORMAT_ASN1".
128
129       modulus ( )
130           Return the modulus for an RSA public key as a string of hex digits.
131           For DSA and EC return the public key. Other algorithms are not
132           supported.
133
134       bit_length ( )
135           Return the length of the modulus as a number of bits.
136
137       fingerprint_md5 ( )
138       fingerprint_sha1 ( )
139       fingerprint_sha224 ( )
140       fingerprint_sha256 ( )
141       fingerprint_sha384 ( )
142       fingerprint_sha512 ( )
143           Return the specified message digest for the certificate.
144
145       checkend( OFFSET )
146           Given an offset in seconds, will the certificate be expired?
147           Returns True if the certificate will be expired. False otherwise.
148
149       pubkey ( )
150           Return the RSA, DSA, or EC public key.
151
152       num_extensions ( )
153           Return the number of extensions in the certificate.
154
155       extension ( INDEX )
156           Return the Extension specified by the integer "INDEX".  Methods for
157           handling Extension objects are given below.
158
159       extensions_by_oid ( )
160       extensions_by_name ( )
161       extensions_by_long_name ( )
162           Return a hash of Extensions indexed by OID or name.
163
164       has_extension_oid ( OID )
165           Return true if the certificate has the extension specified by
166           "OID".
167
168   X509::Extension METHODS
169       critical ( )
170           Return a value indicating if the extension is critical or not.
171           FIXME: the value is an ASN.1 BOOLEAN value.
172
173       object ( )
174           Return the ObjectID of the extension.  Methods for handling
175           ObjectID objects are given below.
176
177       value ( )
178           Return the value of the extension as an asn1parse(1) style hex
179           dump.
180
181       as_string ( )
182           Return a human-readable version of the extension as formatted by
183           X509V3_EXT_print. Note that this will return an empty string for
184           OIDs with unknown ASN.1 encodings.
185
186   X509::ObjectID METHODS
187       name ( )
188           Return the long name of the object as a string.
189
190       oid ( )
191           Return the numeric dot-separated form of the object identifier as a
192           string.
193
194   X509::Name METHODS
195       as_string ( )
196           Return a string representation of the Name
197
198       entries ( )
199           Return an array of Name_Entry objects. Methods for handling
200           Name_Entry objects are given below.
201
202       has_entry ( TYPE [ LASTPOS ] )
203       has_long_entry ( TYPE [ LASTPOS ] )
204       has_oid_entry ( TYPE [ LASTPOS ] )
205           Return true if a name has an entry of the specified "TYPE".
206           Depending on the function the "TYPE" may be in the short form (e.g.
207           "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
208           specified then the search is made from that index rather than from
209           the start.
210
211       get_index_by_type ( TYPE [ LASTPOS ] )
212       get_index_by_long_type ( TYPE [ LASTPOS ] )
213       get_index_by_oid_type ( TYPE [ LASTPOS ] )
214           Return the index of an entry of the specified "TYPE" in a name.
215           Depending on the function the "TYPE" may be in the short form (e.g.
216           "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
217           specified then the search is made from that index rather than from
218           the start.
219
220       get_entry_by_type ( TYPE [ LASTPOS ] )
221       get_entry_by_long_type ( TYPE [ LASTPOS ] )
222           These methods work similarly to get_index_by_* but return the
223           Name_Entry rather than the index.
224
225   X509::Name_Entry METHODS
226       as_string ( [ LONG ] )
227           Return a string representation of the Name_Entry of the form
228           "typeName=Value". If "LONG" is 1, the long form of the type is
229           used.
230
231       type ( [ LONG ] )
232           Return a string representation of the type of the Name_Entry. If
233           "LONG" is 1, the long form of the type is used.
234
235       value ( )
236           Return a string representation of the value of the Name_Entry.
237
238       is_printableString ( )
239       is_ia5string ( )
240       is_utf8string ( )
241       is_asn1_type ( [ASN1_TYPE] )
242           Return true if the Name_Entry value is of the specified type. The
243           value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
244

SEE ALSO

246       OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
247

AUTHOR

249       Dan Sully
250

CONTRIBUTORS

252       •   Florian Schlichting @fschlich, release 1.9.11
253
254       •   Timonthy Legge, release 1.9.10
255
256       •   Patrick Cernko, release 1.9.9
257
258       •   Shoichi Kaji, release 1.9.3 and 1.9.8
259
260       •   Neil Bowers, release 1.8.13
261
262       •   kmx, release 1.8.9
263
264       •   Sebastian Andrzej Siewior
265
266       •   David O'Callaghan, <david.ocallaghan@cs.tcd.ie>
267
268       •   Daniel Kahn Gillmor <dkg@fifthhorseman.net>
269
271       Copyright 2004-2021 by Dan Sully
272
273       This library is free software; you can redistribute it and/or modify it
274       under the same terms as Perl itself.
275
276
277
278perl v5.36.0                      2022-07-22                           X509(3)
Impressum