line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Crypt::Perl::X509::Name; |
2
|
|
|
|
|
|
|
|
3
|
5
|
|
|
5
|
|
520
|
use strict; |
|
5
|
|
|
|
|
9
|
|
|
5
|
|
|
|
|
149
|
|
4
|
5
|
|
|
5
|
|
30
|
use warnings; |
|
5
|
|
|
|
|
14
|
|
|
5
|
|
|
|
|
178
|
|
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
=encoding utf-8 |
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
=head1 NAME |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
Crypt::Perl::X509::Name - Representation of Distinguished Name |
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
=head1 SYNOPSIS |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
#This encodes each key/value into separate |
15
|
|
|
|
|
|
|
#RelativeDistinguishedName structures, as OpenSSL does by default. |
16
|
|
|
|
|
|
|
#Unless you know otherwise, this is probably what you want. |
17
|
|
|
|
|
|
|
#(See ENCODING below for more details.) |
18
|
|
|
|
|
|
|
my $name = Crypt::Perl::X509::Name->new( |
19
|
|
|
|
|
|
|
streetAddress => '...', #keys are short OID names |
20
|
|
|
|
|
|
|
localityName => '...', |
21
|
|
|
|
|
|
|
#... |
22
|
|
|
|
|
|
|
); |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
my $der = $name->encode(); |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
=head1 DISCUSSION |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
This is useful to represent the Subject and Issuer parts of an |
29
|
|
|
|
|
|
|
X.509 (i.e., SSL/TLS) certificate as well as the name portion of |
30
|
|
|
|
|
|
|
a PCKS #10 Certificate Signing Request (CSR). |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
=head1 ENCODING |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
L |
35
|
|
|
|
|
|
|
defines the C type as an ordered C of unordered Cs |
36
|
|
|
|
|
|
|
—C objects, or “RDN”s—of key/value pairs. |
37
|
|
|
|
|
|
|
OpenSSL defaults to having each RDN contain only one key/value |
38
|
|
|
|
|
|
|
pair. (L) I’m unclear as to why this is, |
39
|
|
|
|
|
|
|
but I suspect it has to do with ease of matching up C values; since |
40
|
|
|
|
|
|
|
the RDNs are unordered, to compare one multi-value RDN against another takes |
41
|
|
|
|
|
|
|
more work than to compare two ordered lists of single-value RDNs, which can be |
42
|
|
|
|
|
|
|
done with a simple text equality check. |
43
|
|
|
|
|
|
|
(cf. L) |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
If you need a multi-value RDN, it can be gotten by grouping key/value pairs |
46
|
|
|
|
|
|
|
in an array reference, thus: |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
my $name = Crypt::Perl::X509::Name->new( |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
#a multi-value RDN |
51
|
|
|
|
|
|
|
[ streetAddress => '...', localityName => '...' ], |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
#regular key/value pair becomes its own single-value RDN |
54
|
|
|
|
|
|
|
stateOrProvinceName => '...', |
55
|
|
|
|
|
|
|
); |
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
=head1 ABOUT C |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
Note that C is |
60
|
|
|
|
|
|
|
deprecated (cf. L, |
61
|
|
|
|
|
|
|
L) |
62
|
|
|
|
|
|
|
for use in X.509 certificates, but many CAs still require it as of |
63
|
|
|
|
|
|
|
December 2016. |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
=cut |
66
|
|
|
|
|
|
|
|
67
|
5
|
|
|
5
|
|
24
|
use parent qw( Crypt::Perl::ASN1::Encodee ); |
|
5
|
|
|
|
|
12
|
|
|
5
|
|
|
|
|
25
|
|
68
|
|
|
|
|
|
|
|
69
|
5
|
|
|
5
|
|
307
|
use Crypt::Perl::ASN1 (); |
|
5
|
|
|
|
|
18
|
|
|
5
|
|
|
|
|
84
|
|
70
|
5
|
|
|
5
|
|
2398
|
use Crypt::Perl::X509::RelativeDistinguishedName (); |
|
5
|
|
|
|
|
17
|
|
|
5
|
|
|
|
|
207
|
|
71
|
|
|
|
|
|
|
|
72
|
5
|
|
|
5
|
|
33
|
use constant ASN1 => Crypt::Perl::X509::RelativeDistinguishedName::ASN1() . <
|
|
5
|
|
|
|
|
9
|
|
|
5
|
|
|
|
|
1226
|
|
73
|
|
|
|
|
|
|
RDNSequence ::= SEQUENCE OF ANY -- RelativeDistinguishedName |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
Name ::= CHOICE { |
76
|
|
|
|
|
|
|
rdnSequence RDNSequence |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
END |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
#XXX TODO de-duplicate |
81
|
|
|
|
|
|
|
*get_OID = \&Crypt::Perl::X509::RelativeDistinguishedName::get_OID; |
82
|
|
|
|
|
|
|
*encode_string = \&Crypt::Perl::X509::RelativeDistinguishedName::encode_string; |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
sub new { |
85
|
53
|
|
|
53
|
0
|
220
|
my ($class, @inputs) = @_; |
86
|
|
|
|
|
|
|
|
87
|
53
|
|
|
|
|
110
|
my @seq; |
88
|
|
|
|
|
|
|
|
89
|
53
|
|
|
|
|
209
|
while (@inputs) { |
90
|
74
|
100
|
|
|
|
2147
|
if (my $ref = ref $inputs[0]) { |
91
|
12
|
|
|
|
|
30
|
my $input = shift @inputs; |
92
|
12
|
50
|
|
|
|
47
|
die "Invalid RDN ref: $ref" if $ref ne 'ARRAY'; |
93
|
12
|
|
|
|
|
43
|
push @seq, Crypt::Perl::X509::RelativeDistinguishedName->new( @$input )->encode(); |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
#Legacy-ish … |
97
|
|
|
|
|
|
|
else { |
98
|
62
|
|
|
|
|
169
|
my ($k, $v) = splice( @inputs, 0, 2 ); |
99
|
62
|
|
|
|
|
346
|
my $rdn = Crypt::Perl::X509::RelativeDistinguishedName->new( $k, $v )->encode(); |
100
|
62
|
|
|
|
|
14712
|
push @seq, $rdn; |
101
|
|
|
|
|
|
|
} |
102
|
|
|
|
|
|
|
} |
103
|
|
|
|
|
|
|
|
104
|
53
|
|
|
|
|
1584
|
return bless \@seq, $class; |
105
|
|
|
|
|
|
|
} |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
sub _encode_params { |
108
|
53
|
|
|
53
|
|
150
|
return { rdnSequence => [ @{ $_[0] } ] }; |
|
53
|
|
|
|
|
293
|
|
109
|
|
|
|
|
|
|
} |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
1; |