The manakai project

Web::Transport::PKI::Certificate

A certificate

DESCRIPTION

The Web::Transport::PKI::Certificate module represents an X.509 certificate for PKIX.

METHODS

There are following methods:

$int = $cert->version

Return the version of the certificate. For a valid certificate, it is either 0 (v1), 1 (v2), or 2 (v3).

$bigint = $cert->serial_number

Return the serial number of the certificate, as a Math::BigInt object.

$dt? = $cert->not_before

Return the not before value of the validity of the certificate. If there is no valid not before value, undef is returned. Otherwise, a Web::DateTime object representing the timestamp is returned.

$dt? = $cert->not_after

Return the not after value of the validity of the certificate. If there is no valid not after value, undef is returned. Otherwise, a Web::DateTime object representing the timestamp is returned.

$name = $cert->issuer

Return the issuer of the certificate, as a Web::Transport::PKI::Name object.

$name = $cert->subject

Return the subject of the certificate, as a Web::Transport::PKI::Name object.

[$value1, $value2, ...] = $cert->san_hosts

Return an array reference of the hosts in the subject alternative names extension of the certificate.

A dNSName value (a domain or a wildcard domain) is represented by a character string in the array.

A iPAddress value (an IPv4 or IPv6 address) is represented by a Web::Host object.

$boolean? = $cert->ca

Return the cA of the basic constraints extension of the certificate. If the basic constraints extension is not found, undef is returned. Otherwise, the value of the cA is returned.

$integer? = $cert->path_len_constraint

Return the pathLenConstraint of the basic constraints extension of the certificate. If the basic constraints extension is not found, undef is returned. Otherwise, the value of the pathLenConstraint is returned.

$boolean? = $cert->key_usage ($field)

Return whether the $field bit is set in the key usage extension of the certificate. If the key usage extension is not found, undef is returned. Otherwise, the value of the field is returned.

The first argument must be the field name, i.e. one of the following values: digitalSignature, nonRepudiation, contentCommitment, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, and decipherOnly.

$boolean = $cert->extended_key_usage ($field)

Return whether the $field is set in the extended key usage extension of the certificate.

The first argument must be an object identifier (OID), or its short name or long name known to the implementaion, such as serverAuth and clientAuth.

[$string1, $string2, ...] = $cert->crl_distribution_urls

Return the CRL distribution point URLs of the certifciate. It returns an array references of character strings represeting the URLs.

$string? = $cert->aia_ocsp_url

Return the OCSP URL of the Authority Information Access extension of the certificate, if any, or undef. If specified, it returns a character string representing the URL.

$string? = $cert->aia_ca_issuers_url

Return the CA issuers URL of the Authority Information Access extension of the certificate, if any, or undef. If specified, it returns a character string representing the URL.

[$string1, $string2, ...] = $cert->policy_oids

Return the policy identifiers of the certifciation policy extension of the certificate, as an array reference of OIDs in the dotted notation.

$string? = $cert->cps_url

Return the CPS URL specified as a policy qualifer of a certifciation policy of the certificate, if any, or undef. If specifeid, it returns a character string representing the URL.

$string? = $cert->policy_user_notice_text

Return the display text of the user notice of a policy qualifier of a certification policy of the certifcate as a character string, if any, or undef.

$boolean = $cert->must_staple

Return whether there is the must-staple flag in the TLS feature extension of the certificate or not.

$string = $cert->to_pem

Return the .pem serialization of the certificate.

$text = $cert->debug_info

Return a short string that summarises the certificate, which should be useful for developments.

SPECIFICATIONS

RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile <https://tools.ietf.org/html/rfc5280>.

RFC 7468, Textual Encodings of PKIX, PKCS, and CMS Structures <https://tools.ietf.org/html/rfc7468>.

AUTHOR

Wakaba <wakaba@suikawiki.org>.

LICENSE

Copyright 2018 Wakaba <wakaba@suikawiki.org>.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.