diff -Nru libcrypt-x509-perl-0.54/debian/changelog libcrypt-x509-perl-0.55/debian/changelog --- libcrypt-x509-perl-0.54/debian/changelog 2021-09-04 18:41:03.000000000 +0000 +++ libcrypt-x509-perl-0.55/debian/changelog 2023-01-15 16:19:22.000000000 +0000 @@ -1,3 +1,9 @@ +libcrypt-x509-perl (0.55-1) unstable; urgency=medium + + * New upstream release. + + -- Marco d'Itri Sun, 15 Jan 2023 17:19:22 +0100 + libcrypt-x509-perl (0.54-1) unstable; urgency=medium * New upstream release. diff -Nru libcrypt-x509-perl-0.54/debian/control libcrypt-x509-perl-0.55/debian/control --- libcrypt-x509-perl-0.54/debian/control 2020-05-09 12:15:03.000000000 +0000 +++ libcrypt-x509-perl-0.55/debian/control 2023-01-15 16:18:49.000000000 +0000 @@ -1,11 +1,12 @@ Source: libcrypt-x509-perl Section: perl Priority: optional -Build-Depends: debhelper-compat (= 12), +Build-Depends: debhelper-compat (= 13), Build-Depends-Indep: perl, libconvert-asn1-perl Maintainer: Marco d'Itri -Standards-Version: 4.5.0 +Standards-Version: 4.6.2.0 Rules-Requires-Root: no +Testsuite: autopkgtest-pkg-perl Vcs-Git: https://salsa.debian.org/md/libcrypt-x509-perl.git Vcs-Browser: https://salsa.debian.org/md/libcrypt-x509-perl Homepage: https://github.com/openxpki/Crypt-X509 diff -Nru libcrypt-x509-perl-0.54/debian/patches/restore_tests libcrypt-x509-perl-0.55/debian/patches/restore_tests --- libcrypt-x509-perl-0.54/debian/patches/restore_tests 1970-01-01 00:00:00.000000000 +0000 +++ libcrypt-x509-perl-0.55/debian/patches/restore_tests 2023-01-15 16:18:49.000000000 +0000 @@ -0,0 +1,137 @@ +--- /dev/null ++++ b/t/Crypt-X509.t +@@ -0,0 +1,134 @@ ++# Before `make install' is performed this script should be runnable with ++# `make test'. After `make install' it should work as `perl Crypt-X509.t' ++use Test::More tests => 71; ++use Math::BigInt; ++BEGIN { use_ok('Crypt::X509') } ++ ++$cert = loadcert('t/verisign.der'); ++is( length $cert, 774, 'certificate file loaded' ); ++$decoded = Crypt::X509->new( cert => $cert ); ++ok( defined $decoded, 'new() returned something' ); ++ok( $decoded->isa('Crypt::X509'), 'and it\'s the right class' ); ++is( $decoded->error, undef, 'decode successful' ); ++is( $decoded->not_after, 1848787199, 'not_after got parsed' ); ++is( join( ',', @{ $decoded->Issuer } ), join( ',', @{ $decoded->Subject } ), 'Root CA: Subject equals Issuer' ); ++ ++$cert = loadcert('t/aj.cer'); ++$decoded2 = Crypt::X509->new( cert => $cert ); ++is( $decoded2->error, undef, 'decode successful' ); ++is( join( ':', @{ $decoded2->KeyUsage } ), "critical:digitalSignature:keyEncipherment:dataEncipherment", 'Keyusagecheck' ); ++is( join( ':', @{ $decoded2->ExtKeyUsage } ), "clientAuth:emailProtection", 'Extkeyusagecheck' ); ++# this has also to work twice ++is( join( ':', @{ $decoded2->KeyUsage } ), "critical:digitalSignature:keyEncipherment:dataEncipherment", 'Keyusagecheck again' ); ++is( join( ':', @{ $decoded2->ExtKeyUsage } ), "clientAuth:emailProtection", 'Extkeyusagecheck again' ); ++is( join( ',', @{ $decoded2->Subject } ), "emailAddress=alexander.jung\@allianz.de,C=DE,O=Allianz Group,CN=Alexander Jung", 'Subject parsed' ); ++is( $decoded2->subject_country, "DE", "Subject_country" ); ++is( $decoded2->subject_state, undef, "Subject_state" ); ++is( $decoded2->subject_org, "Allianz Group", "Subject_org" ); ++is( $decoded2->subject_ou, undef, "Subject_ou" ); ++is( $decoded2->subject_email, "alexander.jung\@allianz.de", "Subject_email" ); ++is_deeply( $decoded2->SubjectRaw, [ ++ {'type' => '1.2.840.113549.1.9.1','value' => 'alexander.jung@allianz.de','format' => 'ia5String'}, ++ {'type' => '2.5.4.6','value' => 'DE','format' => 'printableString'}, ++ {'type' => '2.5.4.10','value' => 'Allianz Group','format' => 'printableString'}, ++ {'type' => '2.5.4.3','value' => 'Alexander Jung','format' => 'printableString'} ++]); ++is( join( ',', @{ $decoded2->Issuer } ), "C=DE,O=Allianz Group,CN=Allianz Dresdner CA", "Issuer Parsed"); ++is( $decoded2->issuer_cn, "Allianz Dresdner CA", "Issuer_cn" ); ++is( $decoded2->issuer_country, "DE", "Isssuer_country" ); ++is( $decoded2->issuer_state, undef, "Issuer_state" ); ++is( $decoded2->issuer_locality, undef, "Issuer_locality" ); ++is( $decoded2->issuer_org, "Allianz Group", "Issuer_org" ); ++is( $decoded2->issuer_email, undef, "Issuer_email" ); ++is( $decoded2->pubkey_algorithm, "1.2.840.113549.1.1.1", "pubkey_algorithm" ); ++is( $decoded2->sig_algorithm, "1.2.840.113549.1.1.5", "sig_algorithm" ); ++is( length( $decoded2->pubkey ), 140, "Pubkey length" ); ++is( length( $decoded2->signature ), 256, "Signature Length" ); ++is( join( ',', @{ $decoded2->SubjectAltName } ), "rfc822Name=alexander.jung\@allianz.de", 'SubjectAltName parsed' ); ++is_deeply( $decoded2->DecodedSubjectAltNames, [[{rfc822Name => 'alexander.jung@allianz.de'}]], 'DecodedSubjectAltName parsed' ); ++ ++ ++$cert = loadcert('t/aj2.cer'); ++$decoded3 = Crypt::X509->new( cert => $cert ); ++is( $decoded3->error, undef, 'decode successful' ); ++is( join( ':', @{ $decoded3->KeyUsage } ), "critical:digitalSignature:keyAgreement", 'KeyUsage Check AuthCert' ); ++ ++$cert = loadcert('t/allianz_root.cer'); ++$decoded = Crypt::X509->new( cert => $cert ); ++is( $decoded->error, undef, 'decode successful' ); ++is( join( ',', @{ $decoded->authorityCertIssuer } ), "C=DE,O=Allianz Group,CN=Allianz Group Root CA", "authorityCertIssuer" ); ++is( $decoded->CRLDistributionPoints->[0], "http://rootca.allianz.com/rootca.crl", "CRLDistributionPoints" ); ++is( $decoded->authority_cn, "Allianz Group Root CA", "authority_cn" ); ++is( $decoded->authority_country, "DE", "authority_country" ); ++is( $decoded->authority_state, undef, "authority_state" ); ++is( $decoded->authority_locality, undef, "authority_locality" ); ++is( $decoded->authority_org, "Allianz Group", "authority_org" ); ++is( $decoded->authority_email, undef, "authority_email" ); ++is( $decoded->pubkey_components()->{modulus}, Math::BigInt::->new('0x00d0a158415c62152e7b342f5881e5bca0842089d583929265af37099d4b4208f149c7084a3eec548fae81823884bbf0f7aee254c44a5a956eafd531b97cb7e9f7e88c9ebfb15b1126cc2edc616ea8b3be3af23a61e8ee0a5ea5af100f0bc7e3f5fcc45acf3f956f3073186fa7e815e853588d02d7942f36680e88c501c70b3d91be3fe96548a352355678c8088d6ac5bda1e9187a05dc3119c68bea1f8ee2acf0a6d261099eeaf10ca8fd380da43eb31010b4015f9e9fc0ab2075fb0b5f56796010cf46760cc73c058a1ec8dcb39e04079025446a2a45a4188bfbb3e299afb01cb5332ee56f72dce6c46fb2f6b5956afb5fece48a6ec6f82313effa057ecd874b'), 'pubkey_components modulus'); ++is( $decoded->pubkey_components()->{exponent}, Math::BigInt::->new('0x10001'), 'pubkey_components exponent' ); ++ ++$cert = loadcert('t/new_root_ca.cer'); ++$decoded = Crypt::X509->new( cert => $cert ); ++is( $decoded->error, undef, 'decode of new_root_ca.cer successful' ); ++is( join( ', ', @{ $decoded->BasicConstraints } ), 'critical, cA = 1', 'Basic Constraints' ); ++is( $decoded->EntrustVersion, 'V7.1:4.0', 'Entrust Version' ); ++is( $decoded->version_string, 'v3', 'certificate version string' ); ++%SIA = $decoded->SubjectInfoAccess; ++is( $SIA{'1.3.6.1.5.5.7.48.5'}[0], 'uniformResourceIdentifier = http://pki.treas.gov/root_sia.p7c', 'Subject Info Access' ); ++ ++$cert = loadcert('t/subca_2.cer'); ++$decoded = Crypt::X509->new( cert => $cert ); ++is( $decoded->error, undef, 'decode of subca_2.cer successful' ); ++%CDPs = $decoded->CRLDistributionPoints2; ++is( $CDPs{'1'}[0],'Directory Address: CN=CRL1,OU=US Treasury Root CA,OU=Certification Authorities,OU=Department of the Treasury,O=U.S. Government,C=US', 'CRL Distribution Points' ); ++is( unpack( "H*", $decoded->subject_keyidentifier ), '86595f93caf32da620a4f9595a4a935370e792c9', 'subject key identifier' ); ++ ++$cert = loadcert('t/telesec_799972029.crt'); ++$decoded = Crypt::X509->new( cert => $cert ); ++( $sec, $min, $hour, $mday, $mon, $year,, ) = gmtime( $decoded->not_after ); ++is( $decoded->not_after, 1111826160, 'not_after got parsed' ); ++is( $sec, 0, "generalTime Seconds" ); ++is( $min, 36, "generalTime Minutess" ); ++is( $hour, 8, "generalTime hours" ); ++is( $mday, 26, "generalTime day" ); ++is( $mon + 1, 3, "generalTime month" ); ++is( $year + 1900, 2005, "generalTime year" ); ++is( join( ',', @{ $decoded->Issuer } ), 'C=DE,O=Deutsche Telekom AG,nameDistinguisher=1,CN=NKS CA 6:PN', 'Issuer for telesec' ); ++is( join( ',', @{ $decoded->Subject } ), 'C=DE,nameDistinguisher=2,CN=Schefe, Jan', 'Subject for telesec' ); ++is_deeply( $decoded->DecodedSubjectAltNames, [[ ++ {otherName => {value => "0\x111\x0f0\x0d\x06\x03U\x04\x04\x14\x06Schefe", type => '0.2.262.1.10.3.0'}}, ++ {otherName => {value => "0\x0e1\x0c0\x0a\x06\x03U\x04*\x14\x03Jan", type => '0.2.262.1.10.3.0'}}]], ++ 'DecodedSubjectAltNames for telesec'); ++ ++$cert = loadcert('t/dsacert.der'); ++$decoded = Crypt::X509->new( cert => $cert ); ++is( $decoded->error, undef, 'decode of dsacert.der successful' ); ++ ++#test parser after invalid cert has been loaded ++$invalid_cert = Crypt::X509->new( cert => 'invalid' ); ++ok( $invalid_cert->error, 'got error on invalid data' ); ++$cert = loadcert('t/verisign.der'); ++$valid_cert = Crypt::X509->new( cert => $cert ); ++ok( defined $valid_cert, 'new() returned something' ); ++is( $valid_cert->error, undef, 'decode successful' ); ++is( $valid_cert->not_after, 1848787199, 'not_after got parsed' ); ++ ++$cert = loadcert('t/pgpextension.der'); ++$decoded = Crypt::X509->new( cert => $cert ); ++is( $decoded->error, undef, 'decode of pgpextension.der successful' ); ++is( $decoded->SigHashAlg, 'SHA512', 'Detecting SHA512 correctly' ); ++is( $decoded->PGPExtension, 1292907852, 'creation time matched' ); ++ ++exit(); ++ ++sub loadcert { ++ my $file = shift; ++ open FILE, $file || die "cannot load test certificate" . $file . "\n"; ++ binmode FILE; # HELLO Windows, dont fuss with this ++ my $holdTerminator = $/; ++ undef $/; # using slurp mode to read the DER-encoded binary certificate ++ my $cert = ; ++ $/ = $holdTerminator; ++ close FILE; ++ return $cert; ++} diff -Nru libcrypt-x509-perl-0.54/debian/patches/series libcrypt-x509-perl-0.55/debian/patches/series --- libcrypt-x509-perl-0.54/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ libcrypt-x509-perl-0.55/debian/patches/series 2023-01-15 16:18:49.000000000 +0000 @@ -0,0 +1 @@ +restore_tests diff -Nru libcrypt-x509-perl-0.54/debian/watch libcrypt-x509-perl-0.55/debian/watch --- libcrypt-x509-perl-0.54/debian/watch 2020-05-09 12:11:52.000000000 +0000 +++ libcrypt-x509-perl-0.55/debian/watch 2023-01-15 16:18:49.000000000 +0000 @@ -1,2 +1,2 @@ -version=3 -https://metacpan.org/release/Crypt-X509/ .*/Crypt-X509-(\d[\d.-]+)\.tar\.[gx]z$ +version=4 +https://metacpan.org/release/Crypt-X509/ .*/Crypt-X509-@ANY_VERSION@@ARCHIVE_EXT@$ diff -Nru libcrypt-x509-perl-0.54/lib/Crypt/X509.pm libcrypt-x509-perl-0.55/lib/Crypt/X509.pm --- libcrypt-x509-perl-0.54/lib/Crypt/X509.pm 2021-04-26 08:20:43.000000000 +0000 +++ libcrypt-x509-perl-0.55/lib/Crypt/X509.pm 2023-01-09 11:36:07.000000000 +0000 @@ -8,7 +8,7 @@ our %EXPORT_TAGS = ( 'all' => [qw()] ); our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); #our @EXPORT = qw(error new not_before not_after serial); -our $VERSION = '0.54'; +our $VERSION = '0.55'; my $parser = undef; my $asn = undef; my $error = undef; @@ -39,6 +39,7 @@ "2.5.4.11" => "OU", "1.2.840.113549.1.9.1" => "emailAddress", '1.2.840.113549.1.9.2' => 'unstructuredName', + '1.2.840.113549.1.9.8' => 'unstructuredAddress', "0.9.2342.19200300.100.1.1" => "UID", "0.9.2342.19200300.100.1.25" => "DC", "0.2.262.1.10.7.20" => "nameDistinguisher", @@ -394,6 +395,7 @@ print "DN for this Certificate is:".join(',',@{$decoded->Subject})."\n"; =cut back + sub Subject { my $self = shift; my ( $i, $type ); @@ -414,6 +416,15 @@ return $subjdn; } +=head2 SubjectRaw + +Returns the RDNs as list of hashes, values are stringified but OIDs are +not translated. + +If a component contains a SET, the component will become an array of hashes +on the second level. + +=cut sub SubjectRaw { @@ -434,6 +445,19 @@ return \@subject; } +=head2 SubjectSequence + +Returns the subject as returned from the ASN1 parser. + +=cut + +sub SubjectSequence { + + my $self = shift; + return $self->{'tbsCertificate'}->{'subject'}->{'rdnSequence'}; + +} + sub _subject_part { my $self = shift; my $oid = shift; @@ -1204,7 +1228,7 @@ for my $type ( @{$subject_dir_attrs} ) { for my $value ( @{ $type->{'values'} } ) { for my $key ( keys %{$value} ) { - push @{$attributes}, $type->{'type'} . " = " . $value->{$key} . " ($key)"; + push @{$attributes}, $type->{'type'} . " = " . $value->{$key} . " ($key)"; } } } diff -Nru libcrypt-x509-perl-0.54/META.json libcrypt-x509-perl-0.55/META.json --- libcrypt-x509-perl-0.54/META.json 2021-04-26 08:21:28.000000000 +0000 +++ libcrypt-x509-perl-0.55/META.json 2023-01-09 11:36:40.000000000 +0000 @@ -4,7 +4,7 @@ "Mike Jackson, Alexander Jung, Duncan Segrest" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010", "license" : [ "unknown" ], @@ -37,6 +37,6 @@ } }, "release_status" : "stable", - "version" : "0.54", + "version" : "0.55", "x_serialization_backend" : "JSON::PP version 2.27400_02" } diff -Nru libcrypt-x509-perl-0.54/META.yml libcrypt-x509-perl-0.55/META.yml --- libcrypt-x509-perl-0.54/META.yml 2021-04-26 08:21:28.000000000 +0000 +++ libcrypt-x509-perl-0.55/META.yml 2023-01-09 11:36:39.000000000 +0000 @@ -7,7 +7,7 @@ configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010' license: unknown meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -19,5 +19,5 @@ - inc requires: Convert::ASN1: '0.19' -version: '0.54' +version: '0.55' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -Nru libcrypt-x509-perl-0.54/t/Crypt-X509.t libcrypt-x509-perl-0.55/t/Crypt-X509.t --- libcrypt-x509-perl-0.54/t/Crypt-X509.t 2021-04-26 08:20:27.000000000 +0000 +++ libcrypt-x509-perl-0.55/t/Crypt-X509.t 1970-01-01 00:00:00.000000000 +0000 @@ -1,134 +0,0 @@ -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl Crypt-X509.t' -use Test::More tests => 71; -use Math::BigInt; -BEGIN { use_ok('Crypt::X509') } - -$cert = loadcert('t/verisign.der'); -is( length $cert, 774, 'certificate file loaded' ); -$decoded = Crypt::X509->new( cert => $cert ); -ok( defined $decoded, 'new() returned something' ); -ok( $decoded->isa('Crypt::X509'), 'and it\'s the right class' ); -is( $decoded->error, undef, 'decode successful' ); -is( $decoded->not_after, 1848787199, 'not_after got parsed' ); -is( join( ',', @{ $decoded->Issuer } ), join( ',', @{ $decoded->Subject } ), 'Root CA: Subject equals Issuer' ); - -$cert = loadcert('t/aj.cer'); -$decoded2 = Crypt::X509->new( cert => $cert ); -is( $decoded2->error, undef, 'decode successful' ); -is( join( ':', @{ $decoded2->KeyUsage } ), "critical:digitalSignature:keyEncipherment:dataEncipherment", 'Keyusagecheck' ); -is( join( ':', @{ $decoded2->ExtKeyUsage } ), "clientAuth:emailProtection", 'Extkeyusagecheck' ); -# this has also to work twice -is( join( ':', @{ $decoded2->KeyUsage } ), "critical:digitalSignature:keyEncipherment:dataEncipherment", 'Keyusagecheck again' ); -is( join( ':', @{ $decoded2->ExtKeyUsage } ), "clientAuth:emailProtection", 'Extkeyusagecheck again' ); -is( join( ',', @{ $decoded2->Subject } ), "emailAddress=alexander.jung\@allianz.de,C=DE,O=Allianz Group,CN=Alexander Jung", 'Subject parsed' ); -is( $decoded2->subject_country, "DE", "Subject_country" ); -is( $decoded2->subject_state, undef, "Subject_state" ); -is( $decoded2->subject_org, "Allianz Group", "Subject_org" ); -is( $decoded2->subject_ou, undef, "Subject_ou" ); -is( $decoded2->subject_email, "alexander.jung\@allianz.de", "Subject_email" ); -is_deeply( $decoded2->SubjectRaw, [ - {'type' => '1.2.840.113549.1.9.1','value' => 'alexander.jung@allianz.de','format' => 'ia5String'}, - {'type' => '2.5.4.6','value' => 'DE','format' => 'printableString'}, - {'type' => '2.5.4.10','value' => 'Allianz Group','format' => 'printableString'}, - {'type' => '2.5.4.3','value' => 'Alexander Jung','format' => 'printableString'} -]); -is( join( ',', @{ $decoded2->Issuer } ), "C=DE,O=Allianz Group,CN=Allianz Dresdner CA", "Issuer Parsed"); -is( $decoded2->issuer_cn, "Allianz Dresdner CA", "Issuer_cn" ); -is( $decoded2->issuer_country, "DE", "Isssuer_country" ); -is( $decoded2->issuer_state, undef, "Issuer_state" ); -is( $decoded2->issuer_locality, undef, "Issuer_locality" ); -is( $decoded2->issuer_org, "Allianz Group", "Issuer_org" ); -is( $decoded2->issuer_email, undef, "Issuer_email" ); -is( $decoded2->pubkey_algorithm, "1.2.840.113549.1.1.1", "pubkey_algorithm" ); -is( $decoded2->sig_algorithm, "1.2.840.113549.1.1.5", "sig_algorithm" ); -is( length( $decoded2->pubkey ), 140, "Pubkey length" ); -is( length( $decoded2->signature ), 256, "Signature Length" ); -is( join( ',', @{ $decoded2->SubjectAltName } ), "rfc822Name=alexander.jung\@allianz.de", 'SubjectAltName parsed' ); -is_deeply( $decoded2->DecodedSubjectAltNames, [[{rfc822Name => 'alexander.jung@allianz.de'}]], 'DecodedSubjectAltName parsed' ); - - -$cert = loadcert('t/aj2.cer'); -$decoded3 = Crypt::X509->new( cert => $cert ); -is( $decoded3->error, undef, 'decode successful' ); -is( join( ':', @{ $decoded3->KeyUsage } ), "critical:digitalSignature:keyAgreement", 'KeyUsage Check AuthCert' ); - -$cert = loadcert('t/allianz_root.cer'); -$decoded = Crypt::X509->new( cert => $cert ); -is( $decoded->error, undef, 'decode successful' ); -is( join( ',', @{ $decoded->authorityCertIssuer } ), "C=DE,O=Allianz Group,CN=Allianz Group Root CA", "authorityCertIssuer" ); -is( $decoded->CRLDistributionPoints->[0], "http://rootca.allianz.com/rootca.crl", "CRLDistributionPoints" ); -is( $decoded->authority_cn, "Allianz Group Root CA", "authority_cn" ); -is( $decoded->authority_country, "DE", "authority_country" ); -is( $decoded->authority_state, undef, "authority_state" ); -is( $decoded->authority_locality, undef, "authority_locality" ); -is( $decoded->authority_org, "Allianz Group", "authority_org" ); -is( $decoded->authority_email, undef, "authority_email" ); -is( $decoded->pubkey_components()->{modulus}, Math::BigInt::->new('0x00d0a158415c62152e7b342f5881e5bca0842089d583929265af37099d4b4208f149c7084a3eec548fae81823884bbf0f7aee254c44a5a956eafd531b97cb7e9f7e88c9ebfb15b1126cc2edc616ea8b3be3af23a61e8ee0a5ea5af100f0bc7e3f5fcc45acf3f956f3073186fa7e815e853588d02d7942f36680e88c501c70b3d91be3fe96548a352355678c8088d6ac5bda1e9187a05dc3119c68bea1f8ee2acf0a6d261099eeaf10ca8fd380da43eb31010b4015f9e9fc0ab2075fb0b5f56796010cf46760cc73c058a1ec8dcb39e04079025446a2a45a4188bfbb3e299afb01cb5332ee56f72dce6c46fb2f6b5956afb5fece48a6ec6f82313effa057ecd874b'), 'pubkey_components modulus'); -is( $decoded->pubkey_components()->{exponent}, Math::BigInt::->new('0x10001'), 'pubkey_components exponent' ); - -$cert = loadcert('t/new_root_ca.cer'); -$decoded = Crypt::X509->new( cert => $cert ); -is( $decoded->error, undef, 'decode of new_root_ca.cer successful' ); -is( join( ', ', @{ $decoded->BasicConstraints } ), 'critical, cA = 1', 'Basic Constraints' ); -is( $decoded->EntrustVersion, 'V7.1:4.0', 'Entrust Version' ); -is( $decoded->version_string, 'v3', 'certificate version string' ); -%SIA = $decoded->SubjectInfoAccess; -is( $SIA{'1.3.6.1.5.5.7.48.5'}[0], 'uniformResourceIdentifier = http://pki.treas.gov/root_sia.p7c', 'Subject Info Access' ); - -$cert = loadcert('t/subca_2.cer'); -$decoded = Crypt::X509->new( cert => $cert ); -is( $decoded->error, undef, 'decode of subca_2.cer successful' ); -%CDPs = $decoded->CRLDistributionPoints2; -is( $CDPs{'1'}[0],'Directory Address: CN=CRL1,OU=US Treasury Root CA,OU=Certification Authorities,OU=Department of the Treasury,O=U.S. Government,C=US', 'CRL Distribution Points' ); -is( unpack( "H*", $decoded->subject_keyidentifier ), '86595f93caf32da620a4f9595a4a935370e792c9', 'subject key identifier' ); - -$cert = loadcert('t/telesec_799972029.crt'); -$decoded = Crypt::X509->new( cert => $cert ); -( $sec, $min, $hour, $mday, $mon, $year,, ) = gmtime( $decoded->not_after ); -is( $decoded->not_after, 1111826160, 'not_after got parsed' ); -is( $sec, 0, "generalTime Seconds" ); -is( $min, 36, "generalTime Minutess" ); -is( $hour, 8, "generalTime hours" ); -is( $mday, 26, "generalTime day" ); -is( $mon + 1, 3, "generalTime month" ); -is( $year + 1900, 2005, "generalTime year" ); -is( join( ',', @{ $decoded->Issuer } ), 'C=DE,O=Deutsche Telekom AG,nameDistinguisher=1,CN=NKS CA 6:PN', 'Issuer for telesec' ); -is( join( ',', @{ $decoded->Subject } ), 'C=DE,nameDistinguisher=2,CN=Schefe, Jan', 'Subject for telesec' ); -is_deeply( $decoded->DecodedSubjectAltNames, [[ - {otherName => {value => "0\x111\x0f0\x0d\x06\x03U\x04\x04\x14\x06Schefe", type => '0.2.262.1.10.3.0'}}, - {otherName => {value => "0\x0e1\x0c0\x0a\x06\x03U\x04*\x14\x03Jan", type => '0.2.262.1.10.3.0'}}]], - 'DecodedSubjectAltNames for telesec'); - -$cert = loadcert('t/dsacert.der'); -$decoded = Crypt::X509->new( cert => $cert ); -is( $decoded->error, undef, 'decode of dsacert.der successful' ); - -#test parser after invalid cert has been loaded -$invalid_cert = Crypt::X509->new( cert => 'invalid' ); -ok( $invalid_cert->error, 'got error on invalid data' ); -$cert = loadcert('t/verisign.der'); -$valid_cert = Crypt::X509->new( cert => $cert ); -ok( defined $valid_cert, 'new() returned something' ); -is( $valid_cert->error, undef, 'decode successful' ); -is( $valid_cert->not_after, 1848787199, 'not_after got parsed' ); - -$cert = loadcert('t/pgpextension.der'); -$decoded = Crypt::X509->new( cert => $cert ); -is( $decoded->error, undef, 'decode of pgpextension.der successful' ); -is( $decoded->SigHashAlg, 'SHA512', 'Detecting SHA512 correctly' ); -is( $decoded->PGPExtension, 1292907852, 'creation time matched' ); - -exit(); - -sub loadcert { - my $file = shift; - open FILE, $file || die "cannot load test certificate" . $file . "\n"; - binmode FILE; # HELLO Windows, dont fuss with this - my $holdTerminator = $/; - undef $/; # using slurp mode to read the DER-encoded binary certificate - my $cert = ; - $/ = $holdTerminator; - close FILE; - return $cert; -}