Convert-ASN1
view release on metacpan or search on metacpan
examples/x509decode view on Meta::CPAN
-- id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
-- id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
-- id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
-- id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
-- id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
-- id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
ASN1
# decoders for basic types
my $asn_BitString = Convert::ASN1->new();
$asn_BitString->prepare("bitString BIT STRING");
my $asn_OctetString = Convert::ASN1->new();
$asn_OctetString->prepare("octetString OCTET STRING");
# decoders for extensions
my %extnoid2asn = (
'2.5.29.9' => $asn->find('SubjectDirectoryAttributes'),
'2.5.29.14' => $asn_OctetString, #'SubjectKeyIdentifier',
'2.5.29.15' => $asn_BitString, #'keyUsage',
'2.5.29.16' => $asn->find('PrivateKeyUsagePeriod'),
'2.5.29.17' => $asn->find('SubjectAltName'),
'2.5.29.18' => $asn->find('IssuerAltName'),
'2.5.29.19' => $asn->find('BasicConstraints'),
# '2.5.29.20' => 'cRLNumber',
# '2.5.29.21' => 'cRLReasons',
# '2.5.29.23' => 'holdInstructionCode',
# '2.5.29.24' => 'invalidityDate',
# '2.5.29.27' => 'deltaCRLIndicator',
# '2.5.29.28' => 'issuingDistributionPoint',
# '2.5.29.29' => 'certificateIssuer',
'2.5.29.30' => $asn->find('NameConstraints'),
'2.5.29.31' => $asn->find('cRLDistributionPoints'),
'2.5.29.32' => $asn->find('CertificatePolicies'),
'2.5.29.33' => $asn->find('PolicyMappings'),
'2.5.29.35' => $asn->find('AuthorityKeyIdentifier'),
'2.5.29.36' => $asn->find('PolicyConstraints'),
'2.5.29.37' => $asn->find('ExtKeyUsageSyntax'),
# '2.5.29.40' => 'cRLStreamIdentifier',
# '2.5.29.44' => 'cRLScope',
# '2.5.29.45' => 'statusReferrals',
# '2.5.29.46' => 'freshestCRL',
# '2.5.29.47' => 'orderedList',
# '2.5.29.51' => 'baseUpdateTime',
# '2.5.29.53' => 'deltaInfo',
# '2.5.29.54' => 'inhibitAnyPolicy',
# netscape-cert-extensions
'2.16.840.1.113730.1.1' => $asn_BitString, # netscape-cert-type
'2.16.840.1.113730.1.2' => $asn->find('DirectoryString'), # netscape-base-url
'2.16.840.1.113730.1.3' => $asn->find('DirectoryString'), # netscape-revocation-url
'2.16.840.1.113730.1.4' => $asn->find('DirectoryString'), # netscape-ca-revocation-url
'2.16.840.1.113730.1.7' => $asn->find('DirectoryString'), # netscape-cert-renewal-url
'2.16.840.1.113730.1.8' => $asn->find('DirectoryString'), # netscape-ca-policy-url
'2.16.840.1.113730.1.12' => $asn->find('DirectoryString'), # netscape-ssl-server-name
'2.16.840.1.113730.1.13' => $asn->find('DirectoryString'), # netscape-comment
);
my $asn_cert = $asn->find('Certificate');
while ( my $filename = shift ) {
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
$atime,$mtime,$ctime,$blksize,$blocks) = stat $filename;
open FILE, "<$filename" or die "no such file";
binmode FILE;
my $der_cert;
read FILE, $der_cert, $size;
close FILE;
decodeCert( $der_cert );
}
sub decodeCert {
my $der_cert = shift;
#asn_dump( $der_cert );
my $cert = $asn_cert->decode($der_cert) or die $asn_cert->error;
#extensions
foreach my $extension ( @{$cert->{'tbsCertificate'}->{'extensions'}} ) {
#print "extension: ", $oid2extension{$extension->{'extnID'}}, "\n";
if ( exists $extnoid2asn{$extension->{'extnID'}} ) {
$extension->{'extnValue'} = ($extnoid2asn{$extension->{'extnID'}})->decode( $extension->{'extnValue'} );
} else {
print STDERR "unknown ", $extension->{'critical'} ? "critical " : "", "extension: ", $extension->{'extnID'}, "\n";
asn_dump( $extension->{'extnValue'} );
}
}
print Dumper( $cert );
}
( run in 0.621 second using v1.01-cache-2.11-cpan-5735350b133 )