Alt-Crypt-OpenSSL-PKCS12-Broadbean
view release on metacpan or search on metacpan
const char* errorReason;
/* Just return the top error on the stack */
errorReason = ERR_reason_error_string(ERR_get_error());
ERR_clear_error();
croak("%s:%d: OpenSSL error: %s", p_file, p_line, errorReason);
}
EVP_PKEY* _load_pkey(char* keyString, EVP_PKEY*(*p_loader)(BIO*, EVP_PKEY**, pem_password_cb*, void*)) {
EVP_PKEY* pkey;
BIO* stringBIO;
if (!strncmp(keyString, "----", 4)) {
CHECK_OPEN_SSL(stringBIO = BIO_new_mem_buf(keyString, strlen(keyString)));
} else {
pkey = p_loader(stringBIO, NULL, NULL, NULL);
(void)BIO_set_close(stringBIO, BIO_CLOSE);
BIO_free_all(stringBIO);
CHECK_OPEN_SSL(pkey);
return pkey;
}
STACK_OF(X509)* _load_cert_chain(char* keyString, STACK_OF(X509_INFO)*(*p_loader)(BIO*, STACK_OF(X509_INFO)*, pem_password_cb*, void*)) {
int i;
STACK_OF(X509_INFO) *xis = NULL;
X509_INFO *xi = NULL;
BIO* stringBIO;
STACK_OF(X509) *stack = sk_X509_new_null();
if (!strncmp(keyString, "----", 4)) {
CHECK_OPEN_SSL(stringBIO = BIO_new_mem_buf(keyString, strlen(keyString)));
} else {
CHECK_OPEN_SSL(stringBIO = BIO_new_file(keyString, "r"));
in future alg_print() may be needed */
BIO_printf(bio, ", Iteration %ld\n",
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
BIO_printf(bio, "MAC length: %ld, salt length: %ld\n",
tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
#else
tmaciter = pkcs12->mac->iter;
BIO_printf(bio, "MAC Iteration %ld\n",
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
/* If we enter empty password try no password first */
if (!PKCS12_verify_mac(pkcs12, pwd, -1)) {
BIO_printf(bio, "Mac verify error: invalid password?\n");
ERR_print_errors(bio);
goto end;
}
BIO_printf(bio, "MAC verified OK\n");
end:
#endif
dump_certs_keys_p12(aTHX_ bio, pkcs12, pwd, strlen(pwd), INFO, NULL, NULL);
RETVAL = extractBioString(aTHX_ bio);
lib/Crypt/OpenSSL/PKCS12.pm view on Meta::CPAN
=encoding UTF-8
=head1 NAME
Crypt::OpenSSL::PKCS12 - Perl extension to OpenSSL's PKCS12 API.
=head1 SYNOPSIS
use Crypt::OpenSSL::PKCS12;
my $pass = "your password";
my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file('cert.p12');
print $pkcs12->certificate($pass);
print $pkcs12->private_key($pass);
if ($pkcs12->mac_ok($pass)) {
...
# Creating a file
$pkcs12->create('test-cert.pem', 'test-key.pem', $pass, 'out.p12', 'friendly name');
lib/Crypt/OpenSSL/PKCS12.pm view on Meta::CPAN
=item * as_string( [C<$pass>] )
Get the binary represenation as a string.
=item * mac_ok( [C<$pass>] )
Verifiy the certificates Message Authentication Code
=item * changepass( C<$old>, C<$new> )
Change a certificate's password.
=item * create( C<$cert>, C<$key>, C<$pass>, C<$output_file>, C<$friendly_name> )
Create a new PKCS12 certificate. $cert & $key may either be strings or filenames.
C<$friendly_name> is optional.
=item * create_as_string( C<$cert>, C<$key>, C<$pass>, C<$friendly_name> )
Create a new PKCS12 certificate string. $cert & $key may either be strings or filenames.
t/pkcs12-from-scratch.t view on Meta::CPAN
ok($pemkey, 'Asserting PEM key');
ok($pkcs12->mac_ok($pass), 'Asserting mac');
ok($pkcs12->as_string, 'Asserting PKCS12 as string');
SKIP: {
# https://github.com/openssl/openssl/issues/19092
if ($major =~ /^3\./) {
skip("OpenSSL 3.x cannot change pkcs12 passwords", 3);
} else {
# try changing the password
ok($pkcs12->changepass($pass, 'foo'), 'Changing password');
ok($pkcs12->mac_ok('foo'), 'Reasserting mac');
ok($pkcs12->changepass('foo', $pass), 'Changing password again');
}
}
# Try creating a PKCS12 file.
my $outfile = catdir($base, 'out.p12');
ok($pkcs12->create(
catdir($base, 'test-cert.pem'),
catdir($base, 'test-key.pem'),
$pass,
$outfile,
t/pkcs12-info-multiple-pkcs7-sections.t view on Meta::CPAN
$openssl_output =~ s/MAC: sha1, Iteration 2000/MAC Iteration 2000/g;
$openssl_output =~ s/MAC length: .*/MAC verified OK/;
}
my $prefix = find_openssl_prefix();
my $ssl_exec = find_openssl_exec($prefix);
my $ssl_version_string = `$ssl_exec version`;
SKIP: {
skip ("Pre OpenSSL 1.1.0 release does not support utf8 passwords", 20) if ($major le '1.0');
skip("LibreSSL does not support UTF8 passwords", 15) if ($ssl_version_string =~ /LibreSSL/);
my $pass = "σÏνθημα γνώÏισμα";
my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file('certs/shibboleth.pfx');
my $info = $pkcs12->info($pass);
ok(sha256_hex($info) eq sha256_hex($openssl_output), "Output matches OpenSSL");
my $info_hash = $pkcs12->info_as_hash($pass);
if ($major gt '1.0') {
t/pkcs12-string.t view on Meta::CPAN
ok($pemkey, 'Asserting PEM key');
ok($pkcs12->mac_ok($pass), 'Asserting mac');
ok($pkcs12->as_string, 'Asserting PKCS12 as string');
SKIP: {
# https://github.com/openssl/openssl/issues/19092
if ($major =~ /^3\./) {
skip("OpenSSL 3.x cannot change pkcs12 passwords", 3);
} else {
# try changing the password
ok($pkcs12->changepass($pass, 'foo'), 'Changing password');
ok($pkcs12->mac_ok('foo'), 'Reasserting mac');
ok($pkcs12->changepass('foo', $pass), 'Changing password again');
}
}
# Try creating a PKCS12 file.
my $outfile = catdir($base, 'out.p12');
ok($pkcs12->create(
catdir($base, 'test-cert.pem'),
catdir($base, 'test-key.pem'),
$pass,
$outfile,
ok($pemkey, 'Asserting PEM key');
ok($pkcs12->mac_ok($pass), 'Asserting mac');
ok($pkcs12->as_string, 'Asserting PKCS12 as string');
SKIP: {
# https://github.com/openssl/openssl/issues/19092
if ($major =~ /^3\./) {
skip("OpenSSL 3.x cannot change pkcs12 passwords", 3);
} else {
# try changing the password
ok($pkcs12->changepass($pass, 'foo'), 'Changing password');
ok($pkcs12->mac_ok('foo'), 'Reasserting mac');
ok($pkcs12->changepass('foo', $pass), 'Changing password again');
}
}
# Try creating a PKCS12 file.
my $outfile = catdir($base, 'out.p12');
ok($pkcs12->create(
catdir($base, 'test-cert.pem'),
catdir($base, 'test-key.pem'),
$pass,
( run in 1.127 second using v1.01-cache-2.11-cpan-49f99fa48dc )