File Coverage

lib/Crypt/Perl/X509/Name.pm

Criterion	Covered	Total	%
statement	31	31	100.0
branch	3	4	75.0
condition			n/a
subroutine	8	8	100.0
pod	0	1	0.0
total	42	44	95.4

line	stmt	bran	sub	pod	time	code
1						package Crypt::Perl::X509::Name;
2
3	5		5		520	use strict;
	5				9
	5				149
4	5		5		30	use warnings;
	5				14
	5				178
5
6						=encoding utf-8
7
8						=head1 NAME
9
10						Crypt::Perl::X509::Name - Representation of Distinguished Name
11
12						=head1 SYNOPSIS
13
14						#This encodes each key/value into separate
15						#RelativeDistinguishedName structures, as OpenSSL does by default.
16						#Unless you know otherwise, this is probably what you want.
17						#(See ENCODING below for more details.)
18						my $name = Crypt::Perl::X509::Name->new(
19						streetAddress => '...', #keys are short OID names
20						localityName => '...',
21						#...
22						);
23
24						my $der = $name->encode();
25
26						=head1 DISCUSSION
27
28						This is useful to represent the Subject and Issuer parts of an
29						X.509 (i.e., SSL/TLS) certificate as well as the name portion of
30						a PCKS #10 Certificate Signing Request (CSR).
31
32						=head1 ENCODING
33
34						L
35						defines the C type as an ordered C of unordered Cs
36						—C objects, or “RDN”s—of key/value pairs.
37						OpenSSL defaults to having each RDN contain only one key/value
38						pair. (L) I’m unclear as to why this is,
39						but I suspect it has to do with ease of matching up C values; since
40						the RDNs are unordered, to compare one multi-value RDN against another takes
41						more work than to compare two ordered lists of single-value RDNs, which can be
42						done with a simple text equality check.
43						(cf. L)
44
45						If you need a multi-value RDN, it can be gotten by grouping key/value pairs
46						in an array reference, thus:
47
48						my $name = Crypt::Perl::X509::Name->new(
49
50						#a multi-value RDN
51						[ streetAddress => '...', localityName => '...' ],
52
53						#regular key/value pair becomes its own single-value RDN
54						stateOrProvinceName => '...',
55						);
56
57						=head1 ABOUT C
58
59						Note that C is
60						deprecated (cf. L,
61						L)
62						for use in X.509 certificates, but many CAs still require it as of
63						December 2016.
64
65						=cut
66
67	5		5		24	use parent qw( Crypt::Perl::ASN1::Encodee );
	5				12
	5				25
68
69	5		5		307	use Crypt::Perl::ASN1 ();
	5				18
	5				84
70	5		5		2398	use Crypt::Perl::X509::RelativeDistinguishedName ();
	5				17
	5				207
71
72	5		5		33	use constant ASN1 => Crypt::Perl::X509::RelativeDistinguishedName::ASN1() . <
	5				9
	5				1226
73						RDNSequence ::= SEQUENCE OF ANY -- RelativeDistinguishedName
74
75						Name ::= CHOICE {
76						rdnSequence RDNSequence
77						}
78						END
79
80						#XXX TODO de-duplicate
81						*get_OID = \&Crypt::Perl::X509::RelativeDistinguishedName::get_OID;
82						*encode_string = \&Crypt::Perl::X509::RelativeDistinguishedName::encode_string;
83
84						sub new {
85	53		53	0	220	my ($class, @inputs) = @_;
86
87	53				110	my @seq;
88
89	53				209	while (@inputs) {
90	74	100			2147	if (my $ref = ref $inputs[0]) {
91	12				30	my $input = shift @inputs;
92	12	50			47	die "Invalid RDN ref: $ref" if $ref ne 'ARRAY';
93	12				43	push @seq, Crypt::Perl::X509::RelativeDistinguishedName->new( @$input )->encode();
94						}
95
96						#Legacy-ish …
97						else {
98	62				169	my ($k, $v) = splice( @inputs, 0, 2 );
99	62				346	my $rdn = Crypt::Perl::X509::RelativeDistinguishedName->new( $k, $v )->encode();
100	62				14712	push @seq, $rdn;
101						}
102						}
103
104	53				1584	return bless \@seq, $class;
105						}
106
107						sub _encode_params {
108	53		53		150	return { rdnSequence => [ @{ $_[0] } ] };
	53				293
109						}
110
111						1;