1Web::ID::Certificate::GUesneerraCtoonrt(r3i)buted Perl DWoecbu:m:eInDt:a:tCieorntificate::Generator(3)
2
3
4
6 Web::ID::Certificate::Generator - role for Web::ID::Certificate
7
9 use Web::ID::Certificate::Generator;
10
11 my %options = (
12 cert_output => '/home/alice/webid.p12',
13 passphrase => 's3cr3t s0urc3',
14 rdf_output => '/home/alice/public_html/foaf.rdf',
15 subject_alt_names => [
16 Web::ID::SAN::URI->new(
17 value => 'http://example.com/~alice/foaf.rdf#me',
18 ),
19 Web::ID::SAN::Email->new(
20 value => 'alice@example.com',
21 ),
22 ],
23 subject_name => 'Alice Jones',
24 subject_locality => 'Lewes',
25 subject_region => 'East Sussex',
26 subject_country => 'GB', # ISO 3166-1 alpha-2 code
27 );
28
29 my $cert = Web::ID::Certificate->generate(%options);
30
32 This is a role that may be applied to Web::ID::Certificate. It is not
33 consumed by Web::ID::Certificate by default as I was trying to avoid
34 tainting the class with the horror that's found in this role.
35
36 The "import" routine of this package applies the role to
37 Web::ID::Certificate, so it is sufficient to do:
38
39 use Web::ID::Certificate::Generator;
40
41 You don't need to muck around with "apply_all_roles" yourself.
42
43 Constructor
44 generate(%options)
45 Generates a brand new WebID-enabled certificate.
46
47 Options
48 The following options can be passed to "generator"
49
50 • "cert_output"
51
52 A passphrase-protected PKCS12 certificate file is generated as part
53 of the certificate generation process. The PKCS12 file is what
54 you'd typically import into a browser.
55
56 You can pass a scalar reference, in which case the PKCS12 data will
57 be written to that scalar; or a file handle or string file name.
58
59 This is a required option.
60
61 • "passphrase"
62
63 The password for the PKCS12 file.
64
65 This is a required option.
66
67 • "rdf_output"
68
69 RDF data is also generated as part of the certificate generation
70 process.
71
72 Again a file handle or string file name can be passed, or an
73 RDF::Trine::Model.
74
75 This is a required option.
76
77 • "subject_alt_names"
78
79 List of Web::ID::SAN objects to generate the certificate's
80 subjectAltNames field. You want at least one Web::ID::SAN::URI in
81 there.
82
83 This is a required option.
84
85 • "subject_name"
86
87 The name of the person who will hold the certificate. (e.g. "Alice
88 Smith".)
89
90 This is a required option.
91
92 • "subject_org"
93
94 The certificate holder's organisation.
95
96 Not required.
97
98 • "subject_locality"
99
100 The locality (e.g. city) of the certificate holder's address.
101
102 Not required.
103
104 • "subject_region"
105
106 The region (e.g. state or county) of the certificate holder's
107 address.
108
109 Not required.
110
111 • "subject_country"
112
113 Two letter ISO code for the country of the certificate holder's
114 address.
115
116 Not required.
117
118 • "openssl_path"
119
120 The path to the OpenSSL binary. Yes that's right, this role calls
121 the OpenSSL binary via "system" calls. Defaults to automatic
122 discovery via Web::ID::Util::FindOpenSSL.
123
124 • "key_size"
125
126 Key size in bits. Defaults to 1024. Bigger keys are more secure.
127 Keys bigger than 2048 bits will take a ridiculously long time to
128 generate. Keys less than 512 bits are pretty poor.
129
130 • "not_after"
131
132 Date when the certificate should expire, as a DateTime object.
133 Defaults to 365 days.
134
136 Generating the private key results in shedloads of nasty crud being
137 spewed out on STDERR.
138
139 Please report any bugs to
140 <http://rt.cpan.org/Dist/Display.html?Queue=Web-ID>.
141
143 Web::ID, Web::ID::Certificate.
144
146 Toby Inkster <tobyink@cpan.org>.
147
149 This software is copyright (c) 2012 by Toby Inkster.
150
151 This is free software; you can redistribute it and/or modify it under
152 the same terms as the Perl 5 programming language system itself.
153
155 THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
156 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
157 MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
158
159
160
161perl v5.36.0 2023-01-20Web::ID::Certificate::Generator(3)