X509(3) User Contributed Perl Documentation X509(3)NAMECrypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
SYNOPSIS
use Crypt::OpenSSL::X509;
my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
print $x509->pubkey() . "\n";
print $x509->subject() . "\n";
print $x509->issuer() . "\n";
print $x509->email() . "\n";
print $x509->hash() . "\n";
print $x509->notBefore() . "\n";
print $x509->notAfter() . "\n";
print $x509->modulus() . "\n";
print $x509->exponent() . "\n";
print $x509->fingerprint_sha1() . "\n";
print $x509->fingerprint_md5() . "\n";
print $x509->as_string(Crypt::OpenSSL::X509::FORMAT_TEXT) . "\n";
my $x509 = Crypt::OpenSSL::X509->new_from_string(
$der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
);
# given a time offset of $seconds, will the certificate be valid?
if ($x509->checkend($seconds)) {
# cert is ok at $seconds offset
} else {
# cert is expired at $seconds offset
}
my $exts = $x509->extensions_by_oid();
foreach my $oid (keys %$exts) {
my $ext = $$exts{$oid};
print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
}
ABSTRACTCrypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
DESCRIPTION
This implement a large majority of OpenSSL's useful X509 API.
The email() method supports both certificates where the
subject is of the form:
"... CN=Firstname lastname/emailAddress=user@domain", and also
certificates where there is a X509v3 Extension of the form
"X509v3 Subject Alternative Name: email=user@domain".
EXPORT
None by default.
On request:
FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
FUNCTIONS
X509 CONSTRUCTORS
new ( )
Create a new X509 object.
new_from_string ( STRING [ FORMAT ] )
new_from_file ( FILENAME [ FORMAT ] )
Create a new X509 object from a string or file. "FORMAT" should be
"FORMAT_ASN1" or "FORMAT_PEM".
X509 ACCESSORS
subject
Subject name as a string.
issuer
Issuer name as a string.
serial
Serial number as a string.
hash
Subject name hash as a string.
notBefore
"notBefore" time as a string.
notAfter
"notAfter" time as a string.
email
Email address as a string.
version
Certificate version as a string.
sig_alg_name
Signature algorithm name as a string.
X509 METHODS
subject_name ( )
issuer_name ( )
Return a Name object for the subject or issuer name. Methods for
handling Name objects are given below.
is_selfsigned ( )
Return Boolean value if subject and issuer name are the same.
as_string ( [ FORMAT ] )
Return the certificate as a string in the specified format.
"FORMAT" can be one of "FORMAT_PEM" (the default), "FORMAT_ASN1",
or "FORMAT_NETSCAPE".
modulus ( )
Return the modulus for an RSA public key as a string of hex digits.
For DSA, return the public key. Other algorithms are not supported.
bit_length ( )
Return the length of the modulus as a number of bits.
fingerprint_md5 ( )
fingerprint_sha1 ( )
Return the specified message digest for the certificate.
checkend( OFFSET )
Given an offset in seconds, will the certificate be expired?
pubkey ( )
Return the RSA or DSA public key.
num_extensions ( )
Return the number of extensions in the certificate.
extension ( INDEX )
Return the Extension specified by the integer "INDEX". Methods for
handling Extension objects are given below.
extensions_by_oid ( ) =item extensions_by_name ( ) =item
extensions_by_long_name ( )
Return a hash of Extensions indexed by OID or name.
has_extension_oid ( OID )
Return true if the certificate has the extension specified by
"OID".
X509::Extension METHODS
critical ( )
Return a value indicating if the extension is critical or not.
FIXME: the value is an ASN.1 BOOLEAN value.
object ( )
Return the ObjectID of the extension. Methods for handling
ObjectID objects are given below.
value ( )
Return the value or data of the extension. FIXME: the value is
returned as a string but may represent a complex object.
X509::ObjectID METHODS
name ( )
Return the long name of the object as a string.
oid ( )
Return the numeric dot-seperated form of the object identifier as a
string.
X509::Name METHODS
as_string ( )
Return a string representation of the Name
entries ( )
Return an array of Name_Entry objects. Methods for handling
Name_Entry objects are given below.
has_entry ( TYPE [ LASTPOS ] )
has_long_entry ( TYPE [ LASTPOS ] )
has_oid_entry ( TYPE [ LASTPOS ] )
Return true if a name has an entry of the specified "TYPE".
Depending on the function the "TYPE" may be in the short form (e.g.
"CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
specified then the search is made from that index rather than from
the start.
get_index_by_type ( TYPE [ LASTPOS ] )
get_index_by_long_type ( TYPE [ LASTPOS ] )
get_index_by_oid_type ( TYPE [ LASTPOS ] )
Return the index of an entry of the specified "TYPE" in a name.
Depending on the function the "TYPE" may be in the short form (e.g.
"CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
specified then the search is made from that index rather than from
the start.
get_entry_by_type ( TYPE [ LASTPOS ] )
get_entry_by_long_type ( TYPE [ LASTPOS ] )
These methods work similarly to get_index_by_* but return the
Name_Entry rather than the index.
X509::Name_Entry METHODS
as_string ( [ LONG ] )
Return a string representation of the Name_Entry of the form
"typeName=Value". If "LONG" is 1, the long form of the type is
used.
type ( [ LONG ] )
Return a string representation of the type of the Name_Entry. If
"LONG" is 1, the long form of the type is used.
value ( )
Return a string representation of the value of the Name_Entry.
is_printableString ( )
is_ia5string ( )
is_utf8string ( )
is_asn1_type ( [ASN1_TYPE] )
Return true if the Name_Entry value is of the specified type. The
value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
SEE ALSOOpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
AUTHOR
Dan Sully, <daniel@cpan.org>
CONTRIBUTORS
David O'Callaghan, <david.ocallaghan@cs.tcd.ie> Daniel Kahn Gillmor
<dkg@fifthhorseman.net>
COPYRIGHT AND LICENSE
Copyright 2004-2011 by Dan Sully
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
perl v5.14.1 2011-05-08 X509(3)