File Coverage

blib/lib/Net/SSLeay/OO/X509.pm
Criterion Covered Total %
statement 1 3 33.3
branch n/a
condition n/a
subroutine 1 1 100.0
pod n/a
total 2 4 50.0


line stmt bran cond sub pod time code
1              
2             package Net::SSLeay::OO::X509;
3              
4 1     1   2231 use Moose;
  0            
  0            
5              
6             has 'x509' => isa => 'Int',
7             is => "ro",
8             required => 1,
9             ;
10              
11             has 'no_rvinc' => isa => "Bool",
12             is => "ro",
13             ;
14              
15             sub DESTROY {
16             my $self = shift;
17             $self->free;
18             }
19              
20             sub free {
21             my $self = shift;
22             my $pointer = delete $self->{x509};
23             unless ( !$pointer or $self->no_rvinc ) {
24             Net::SSLeay::free($pointer);
25             }
26             }
27              
28             # free()
29             # get_ext()
30             # get_ext_by_NID()
31             # get_notAfter()
32             # get_notBefore()
33              
34             BEGIN {
35             no strict 'refs';
36             for my $nameFunc (qw(subject_name issuer_name)) {
37             my $get = "get_$nameFunc";
38             my $sslfunc = "Net::SSLeay::X509_$get";
39             *$get = sub {
40             my $self = shift;
41             require Net::SSLeay::OO::X509::Name;
42             my $name = &$sslfunc( $self->x509 );
43             Net::SSLeay::OO::X509::Name->new(x509_name => $name );
44             };
45             }
46             }
47              
48             use Net::SSLeay::OO::Functions 'x509';
49              
50             # load_cert_crl_file()
51             # load_cert_file()
52             # load_crl_file()
53             # verify_cert_error_string()
54              
55             1;
56              
57             __END__
58              
59             =head1 NAME
60              
61             Net::SSLeay::OO::X509 - OpenSSL SSL certificate
62              
63             =head1 SYNOPSIS
64              
65             # currently no way to create them with this module
66             my $cert = $ssl->get_peer_certificate;
67              
68             # important stuff
69             my $subject = $cert->get_subject_name;
70             my $issuer = $cert->get_issuer_name;
71              
72             say "This cert is for ".$subject->cn.
73             ", and was issued by ".$issuer->cn;
74              
75             # see full description for a less cryptic example :)
76             my $i = 0;
77             my @names = grep { $i ^= 1 } $cert->get_subjectAltNames;
78             say "This cert also covers @names";
79              
80             =head1 DESCRIPTION
81              
82             This module encapsulates X509 certificates, the C<X509*> type in
83             OpenSSL's C library.
84              
85             The functions available to this library are focused on pulling useful
86             information out of the SSL certificates that were exchanged.
87              
88             As a result, there are no methods for creating the certificates - and
89             there is seldom need to do such things outside of the typical OpenSSL
90             command-line set and existing programs to do that. See
91             F<t/certs/make-test-certs.sh> in the distribution for a shell script
92             which uses the C<openssl req> and C<openssl ca> commands to create
93             certificates which are used for the test suite.
94              
95             =head1 METHODS
96              
97             =head2 Certificate Information Methods
98              
99             =over
100              
101             =item B<get_subject_name>
102              
103             =item B<get_issuer_name>
104              
105             The Subject Name is the X.509 Name which represents the identity of
106             this certificate. Using a PGP analogy, it's like the KeyID. It has
107             fields like country, cn / commonName (normally a domain name),
108             locality and what your favourite chicken species for sacrificial use
109             are.
110              
111             The Issuer Name is another X.509 Name which represents the identity
112             which signs this certificate. Unlike PGP, individual SSL certificates
113             can only have one signature attached, which needs to lead back to some
114             trusted root certificate.
115              
116             These entities are not strings; they are L<Net::SSLeay::OO::X509::Name>
117             objects.
118              
119             =item B<get_subjectAltNames>
120              
121             This is a method in L<Net::SSLeay> which wraps up the new vhosting SSL
122             certificate support, so that you can see the alternate names on that
123             SSL certificate.
124              
125             Unlike the C<get_*_name> methods, this method returns a list of pairs;
126             the first item in the pair being the type of name, and the second one
127             being a string representation of that name.
128              
129             =item B<get_notBefore(cert)>
130              
131             =item B<get_notAfter(cert)>
132              
133             These methods probably return validity period times for the
134             certificate. To be confirmed.
135              
136             =item B<free()>
137              
138             This method will cause the object to forget its internal pointer
139             reference. Use if you have been given a reference which is not
140             refcounted, and the reference is going to expire soon.
141              
142             =back
143              
144             =head2 Arcane Internal Methods
145              
146             The notes on L<Net::SSLeay::OO::Context> about the un-triaged methods all
147             apply to these methods.
148              
149             =over
150              
151             =item B<get_ext_by_NID(x,nid,loc)>
152              
153             =item B<get_ext(x,loc)>
154              
155             These probably have something to do with extensible additions to SSL
156             certificates; the subjectAltNames implementation calls these methods.
157              
158             =item B<load_cert_file(ctx, file, type)>
159              
160             =item B<load_crl_file(ctx, file, type)>
161              
162             =item B<load_cert_crl_file(ctx, file, type)>
163              
164             These methods take a C<X509_LOOKUP*> as their first argument. I
165             really wouldn't recommend them.
166              
167             =item B<verify_cert_error_string(n)>
168              
169             Don't call this as a method. It seems to be a function that takes an
170             error code from some other function and returns the string
171             corresponding to that error.
172              
173             =back
174              
175             =head1 AUTHOR
176              
177             Sam Vilain, L<samv@cpan.org>
178              
179             =head1 COPYRIGHT
180              
181             Copyright (C) 2009 NZ Registry Services
182              
183             This program is free software: you can redistribute it and/or modify
184             it under the terms of the Artistic License 2.0 or later. You should
185             have received a copy of the Artistic License the file COPYING.txt. If
186             not, see <http://www.perlfoundation.org/artistic_license_2_0>
187              
188             =head1 SEE ALSO
189              
190             L<Net::SSLeay::OO>, L<Net::SSLeay::OO::X509::Name>,
191             L<Net::SSLeay::OO::X509::Store>, L<Net::SSLeay::X509::Context>
192              
193             =cut
194              
195             # Local Variables:
196             # mode:cperl
197             # indent-tabs-mode: t
198             # cperl-continued-statement-offset: 8
199             # cperl-brace-offset: 0
200             # cperl-close-paren-offset: 0
201             # cperl-continued-brace-offset: 0
202             # cperl-continued-statement-offset: 8
203             # cperl-extra-newline-before-brace: nil
204             # cperl-indent-level: 8
205             # cperl-indent-parens-as-block: t
206             # cperl-indent-wrt-brace: nil
207             # cperl-label-offset: -8
208             # cperl-merge-trailing-else: t
209             # End:
210             # vim: filetype=perl:noexpandtab:ts=3:sw=3