[prev in list] [next in list] [prev in thread] [next in thread]
List: perl-ldap-dev
Subject: Re: [Fwd] Dear Mr. Barr : ldap problem
From: Chris Ridd <chris.ridd () messagingdirect ! com>
Date: 2001-05-17 8:51:50
[Download RAW message or body]
Graham Barr <gbarr@pobox.com> wrote:
> Can anyone on this list help Mrvka ? I don't actually have
> an example of using Convert::ASN1 to encode/decode a
> certificate
>
> Graham.
>
> ----- Forwarded message from Mrvka Andreas <mrv@tuev.or.at> -----
>
> Date: Thu, 17 May 2001 10:07:35 +0200
> To: "'gbarr@pobox.com'" <gbarr@pobox.com>
> From: Mrvka Andreas <mrv@tuev.or.at>
> Subject: Dear Mr. Barr : ldap problem
> X-Mailer: Internet Mail Service (5.5.2650.10)
>
> Dear Mr. Barr,
>
> I've found your perl-ldap module and use it in my company.
> It's working fine!
>
> Now I have to check out a binary data for certificates and found your
> tool Convert-ASN1.
>
> it seems that this tool does what I need but it's a little bit too less
> documented how I can work with it.
>
> Will you please be so kind and mail me an example for encoding/decoding
> a certificate (binary data)?
>
> Just if it's no problem.
>
> Thanks for your help!
>
> best regards
>
> Mrvka Andreas
>
> --------------------------------------------------------------------
> MRVKA Andreas
> TUEV AUSTRIA Tel.: +43 1 / 514 07 - 6050
> IT - Group Fax : +43 1 / 514 07 - 6005
> A-1015 Vienna, Krugerstrasse 16 email: mrv@tuev.or.at
> AUSTRIA web : www.tuev.at
> --------------------------------------------------------------------
>
> ----- End forwarded message -----
>
You don't say what you want to extract from your certificates... Here is
some code which decodes a cert, and has a minimal DN decoder too. It prints
out the validity period and subject and issuer DNs, just as an example.
Cheers,
Chris
["testcert.pl" (application/octet-stream)]
#!/usr/bin/perl -w
use strict;
use Carp;
use Convert::ASN1;
# Uncomment next line if you want to dump PDUs to screen
#use Convert::ASN1::Debug;
# Minimal mapping of OIDs to some common attribute types
my %oid2attr = (
'2.5.4.3' => 'cn',
'2.5.4.6' => 'c',
'2.5.4.7' => 'l',
'2.5.4.8' => 'st',
'2.5.4.10' => 'o',
'2.5.4.11' => 'ou',
'0.9.2342.19200300.100.1.25' => 'dc'
);
my $cert;
{
local $/ = undef;
open CERT, "dsa.der" or die;
$cert = <CERT>;
close CERT;
}
# Uncomment next line if you want to dump PDUs to screen
#Convert::ASN1::asn_dump(\*STDOUT, $cert);
my $asn = Convert::ASN1->new;
# Stop Convert::ASN1 from changing the UTCTime values...
$asn->configure( 'decode' => { time => 'raw' });
$asn->prepare(q<
SEQUENCE {
SEQUENCE {
[0] IMPLICIT SEQUENCE {
version INTEGER
}
serialNumber ANY, -- an INTEGER, but potentially big
sigalg ANY,
issuer ANY, -- a DN
SEQUENCE {
notBefore UTCTime,
notAfter UTCTime
}
subject ANY, -- a DN
spkinfo ANY,
issueruid [1] IMPLICIT ANY OPTIONAL,
subjectuid [2] IMPLICIT ANY OPTIONAL,
[3] IMPLICIT SEQUENCE {
extensions ANY
}
}
alg ANY OPTIONAL,
sig BIT STRING
}>) or die;
my $out = $asn->decode($cert) or die;
print "Subject: " . decodeDN($out->{subject}) . "\n";
print "Issuer: " . decodeDN($out->{issuer}) . "\n";
print "NotBefore: " . $out->{notBefore} . "\n";
print "NotAfter: " . $out->{notAfter} . "\n";
sub decodeDN {
my $pdu = shift;
my $dn = Convert::ASN1->new;
$dn->prepare("rdns SEQUENCE OF ANY");
my $rdn = Convert::ASN1->new;
$rdn->prepare("rdn SET OF ANY");
my $ava = Convert::ASN1->new;
$ava->prepare(q<
SEQUENCE {
type OBJECT IDENTIFIER,
CHOICE {
p PrintableString,
t T61String,
b BMPString,
u UniversalString,
i IA5String
}
}
>);
my $rdns = $dn->decode($pdu);
my @dn;
foreach my $a (@{$rdns->{rdns}}) {
my $b = $rdn->decode($a);
my @rdn;
foreach my $c (@{$b->{rdn}}) {
my $d = $ava->decode($c);
my $s = $oid2attr{$d->{type}};
my $v = $d->{p} || $d->{t} || $d->{b} || $d->{u} || $d->{i} ||
die "Not a recognized syntax!";
$v =~ s/([+,=\\\$])/sprintf("\\%02X", ord($1))/eg;
push @rdn, "$s=$v";
}
unshift @dn, join("+", @rdn);
}
return join(", ", @dn);
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic