Crypt-X509-0.55/000755 000765 000024 00000000000 14356776110 013520 5ustar00scottstaff000000 000000 Crypt-X509-0.55/Changes000644 000765 000024 00000004607 13561256023 015013 0ustar00scottstaff000000 000000 Revision history for Perl extension Crypt::X509. 0.52 Fr Nov 08 2019 oliwel - changed shortnames for OIDs State (ST) and Locality(L), added new shortnames 0.51 Wed Jul 06 2011 ajung - removed the explicit exports of new() and error() not needed and pollute namespace (thanks for the notice to Daniel Kahn Gillmor) 0.50 Fri Jan 07 2011 ajung - incorporated patch from Tom Harrison to keep working, even after loading a unparsable Cert - incorporated patch from Milan Kocian to access the location Attribute in the Subject DN - incorporated patch from Daniel Kahn Gillmor to parse the names of digests in the SHA-2 family - incorporated patch from Daniel Kahn Gillmor to parse/return PGPExtension (keyCreation time) - incorporated patch from Daniel Kahn Gillmor to implement the request from Toby Inkster to return public key exponent 0.40 Fri Apr 23 2009 ajung - incorporated patch from Joerg-Cornelius Schneider to access ExtKeyUsage - incorporated patch from Joerg-Cornelius Schneider to fix parsing DSA/ECDSA signed certificates - incorporated patch from Rein Tollevik to fix keyusage parsing on 64bit machines 0.32 Tue Jan 09 2007 ajung - fixed problem with not found issuer and subject parts (found by Michael Steller) 0.31 Mon Jan 08 2007 ajung - included generalTime lookup as fallback for not_after and not_before (suggested by Michael Steller) - some documentation layout fixups 0.3 Wed Dec 27 2006 gigageek - added CRLDistributionPoints2 function - updated SubjectAltNames function - added BasicConstraints function - added CertificatePolicies function - added SubjectInfoAccess function - added SubjectDirectoryAttributes function - added subject_keyidentifier funtion 0.21 Tue Nov 30 2005 ajung - removed dependency on Perl 5.8.5 0.2 Tue Aug 25 2005 ajung - integrating Convert::ASN1:X509 with Crypt::X509 0.12 (Convert::ASN1:X509) Tue Aug 18 2005 ajung - revised the interface: Parser is encapsulated in module, changed test, documentaion, code - all needed data access methods implemented - put dependency on Convert::ASN.1 into Makefile.PL 0.1 (Convert::ASN1:X509) Tue Aug 16 2005 ajung - first draft of documentation - built test - first implementation 0.01 Sun Jun 12 22:04:15 2005 jacksonm - original version; created by h2xs 1.23 with options -X -n Crypt::X509 Crypt-X509-0.55/MANIFEST000644 000765 000024 00000000460 14356776110 014651 0ustar00scottstaff000000 000000 Changes lib/Crypt/X509.pm Makefile.PL MANIFEST META.yml README t/aj.cer t/aj2.cer t/allianz_root.cer t/Crypt-X509.t t/new_root_ca.cer t/subca_2.cer t/telesec_799972029.crt t/verisign.der t/dsacert.der t/pgpextension.der META.json Module JSON meta-data (added by MakeMaker) Crypt-X509-0.55/t/000755 000765 000024 00000000000 14356776107 013771 5ustar00scottstaff000000 000000 Crypt-X509-0.55/PaxHeader/README000644 000765 000024 00000000236 13561256036 016347 xustar00scottstaff000000 000000 30 mtime=1573215262.268033359 69 LIBARCHIVE.xattr.com.apple.lastuseddate#PS=UXSGYAAAAABYXDY1AAAAAA 59 SCHILY.xattr.com.apple.lastuseddate#PS=Qt`X\65 Crypt-X509-0.55/README000644 000765 000024 00000000711 13561256036 014374 0ustar00scottstaff000000 000000 Crypt-X509 version 0.52 ======================= Crypt::X509 is an object oriented X.509 certificate parser with numerous methods for directly extracting information from certificates. INSTALLATION To install this module type the following: perl Makefile.PL make test make install DEPENDENCIES This module requires: Convert::ASN1 ISSUES, PULL REQUESTS Plesae visit [https://github.com/openxpki/Crypt-X509] for issues, pull requests, etc. Crypt-X509-0.55/META.yml000644 000765 000024 00000001074 14356776107 015001 0ustar00scottstaff000000 000000 --- abstract: 'Parse a X.509 certificate' author: - 'Mike Jackson, Alexander Jung, Duncan Segrest' build_requires: ExtUtils::MakeMaker: '0' configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 1 generated_by: 'ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010' license: unknown meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Crypt-X509 no_index: directory: - t - inc requires: Convert::ASN1: '0.19' version: '0.55' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' Crypt-X509-0.55/lib/000755 000765 000024 00000000000 14356776107 014274 5ustar00scottstaff000000 000000 Crypt-X509-0.55/PaxHeader/Makefile.PL000644 000765 000024 00000000236 13561250006 017430 xustar00scottstaff000000 000000 30 mtime=1573212166.168775515 69 LIBARCHIVE.xattr.com.apple.lastuseddate#PS=KVLFXQAAAAB12B4sAAAAAA 59 SCHILY.xattr.com.apple.lastuseddate#PS=)R]u, Crypt-X509-0.55/Makefile.PL000644 000765 000024 00000000750 13561250006 015460 0ustar00scottstaff000000 000000 use ExtUtils::MakeMaker; # See lib/ExtUtils/MakeMaker.pm for details of how to influence # the contents of the Makefile that is written. WriteMakefile( NAME => 'Crypt::X509', VERSION_FROM => 'lib/Crypt/X509.pm', PREREQ_PM => {Convert::ASN1 => 0.19}, ($] >= 5.005 ? ## Add these new keywords supported since 5.005 (ABSTRACT_FROM => 'lib/Crypt/X509.pm', AUTHOR => 'Mike Jackson, Alexander Jung, Duncan Segrest') : ()), ); Crypt-X509-0.55/META.json000644 000765 000024 00000001670 14356776110 015145 0ustar00scottstaff000000 000000 { "abstract" : "Parse a X.509 certificate", "author" : [ "Mike Jackson, Alexander Jung, Duncan Segrest" ], "dynamic_config" : 1, "generated_by" : "ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010", "license" : [ "unknown" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : "2" }, "name" : "Crypt-X509", "no_index" : { "directory" : [ "t", "inc" ] }, "prereqs" : { "build" : { "requires" : { "ExtUtils::MakeMaker" : "0" } }, "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0" } }, "runtime" : { "requires" : { "Convert::ASN1" : "0.19" } } }, "release_status" : "stable", "version" : "0.55", "x_serialization_backend" : "JSON::PP version 2.27400_02" } Crypt-X509-0.55/lib/Crypt/000755 000765 000024 00000000000 14356776107 015375 5ustar00scottstaff000000 000000 Crypt-X509-0.55/lib/Crypt/X509.pm000644 000765 000024 00000151521 14356776047 016410 0ustar00scottstaff000000 000000 package Crypt::X509; use Carp; use strict; use warnings; use Convert::ASN1 qw(:io :debug); require Exporter; our @ISA = qw(Exporter); our %EXPORT_TAGS = ( 'all' => [qw()] ); our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); #our @EXPORT = qw(error new not_before not_after serial); our $VERSION = '0.55'; my $parser = undef; my $asn = undef; my $error = undef; our %oid2enchash = ( '1.2.840.113549.1.1.1' => { 'enc' => 'RSA' }, '1.2.840.113549.1.1.2' => { 'enc' => 'RSA', 'hash' => 'MD2' }, '1.2.840.113549.1.1.3' => { 'enc' => 'RSA', 'hash' => 'MD4' }, '1.2.840.113549.1.1.4' => { 'enc' => 'RSA', 'hash' => 'MD5' }, '1.2.840.113549.1.1.5' => { 'enc' => 'RSA', 'hash' => 'SHA1' }, '1.2.840.113549.1.1.6' => { 'enc' => 'OAEP' }, '1.2.840.113549.1.1.11' => { 'enc' => 'RSA', 'hash' => 'SHA256' }, '1.2.840.113549.1.1.12' => { 'enc' => 'RSA', 'hash' => 'SHA384' }, '1.2.840.113549.1.1.13' => { 'enc' => 'RSA', 'hash' => 'SHA512' }, '1.2.840.113549.1.1.14' => { 'enc' => 'RSA', 'hash' => 'SHA224' }, '1.2.840.10045.2.1' => { 'enc' => 'EC' }, ); our %oid2attr = ( "2.5.4.3" => "CN", "2.5.4.4" => "SN", "2.5.4.42" => "GN", "2.5.4.5" => "serialNumber", "2.5.4.6" => "C", "2.5.4.7" => "L", "2.5.4.8" => "ST", '2.5.4.9' => 'streetAddress', "2.5.4.10" => "O", "2.5.4.11" => "OU", "1.2.840.113549.1.9.1" => "emailAddress", '1.2.840.113549.1.9.2' => 'unstructuredName', '1.2.840.113549.1.9.8' => 'unstructuredAddress', "0.9.2342.19200300.100.1.1" => "UID", "0.9.2342.19200300.100.1.25" => "DC", "0.2.262.1.10.7.20" => "nameDistinguisher", '2.5.4.12' => 'title', '2.5.4.13' => 'description', '2.5.4.14' => 'searchGuide', '2.5.4.15' => 'businessCategory', '2.5.4.16' => 'postalAddress', '2.5.4.17' => 'postalCode', '2.5.4.18' => 'postOfficeBox', '2.5.4.19' => 'physicalDeliveryOfficeName', '2.5.4.20' => 'telephoneNumber', '2.5.4.23' => 'facsimileTelephoneNumber', '2.5.4.41' => 'name', '2.5.4.43' => 'initials', '2.5.4.44' => 'generationQualifier', '2.5.4.45' => 'uniqueIdentifier', '2.5.4.46' => 'dnQualifier', '2.5.4.51' => 'houseIdentifier', '2.5.4.65' => 'pseudonym', ); =head1 NAME Crypt::X509 - Parse a X.509 certificate =head1 SYNOPSIS use Crypt::X509; $decoded = Crypt::X509->new( cert => $cert ); $subject_email = $decoded->subject_email; print "do not use after: ".gmtime($decoded->not_after)." GMT\n"; =head1 REQUIRES Convert::ASN1 =head1 DESCRIPTION B parses X.509 certificates. Methods are provided for accessing most certificate elements. It is based on the generic ASN.1 module by Graham Barr, on the F example by Norbert Klasen and contributions on the perl-ldap-dev-Mailinglist by Chriss Ridd. =head1 CONSTRUCTOR =head2 new ( OPTIONS ) Creates and returns a parsed X.509 certificate hash, containing the parsed contents. The data is organised as specified in RFC 2459. By default only the first ASN.1 Layer is decoded. Nested decoding is done automagically through the data access methods. =over 4 =item cert =E $certificate A variable containing the DER formatted certificate to be parsed (eg. as stored in C attribute in an LDAP-directory). =back use Crypt::X509; use Data::Dumper; $decoded= Crypt::X509->new(cert => $cert); print Dumper($decoded); =cut back sub new { my ( $class, %args ) = @_; if ( !defined($parser) || $parser->error ) { $parser = _init(); } my $self = $parser->decode( $args{'cert'} ); $self->{"_error"} = $parser->error; bless( $self, $class ); return $self; } =head1 METHODS =head2 error Returns the last error from parsing, C when no error occured. This error is updated on deeper parsing with the data access methods. $decoded= Crypt::X509->new(cert => $cert); if ($decoded->error) { warn "Error on parsing Certificate:".$decoded->error; } =cut back sub error { my $self = shift; return $self->{"_error"}; } =head1 DATA ACCESS METHODS You can access all parsed data directly from the returned hash. For convenience the following methods have been implemented to give quick access to the most-used certificate attributes. =head2 version Returns the certificate's version as an integer. NOTE that version is defined as an Integer where 0 = v1, 1 = v2, and 2 = v3. =cut back sub version { my $self = shift; return $self->{tbsCertificate}{version}; } =head2 version_string Returns the certificate's version as a string value. =cut back sub version_string { my $self = shift; my $v = $self->{tbsCertificate}{version}; return "v1" if $v == 0; return "v2" if $v == 1; return "v3" if $v == 2; } =head2 serial returns the serial number (integer or Math::BigInt Object, that gets automagic evaluated in scalar context) from the certificate $decoded= Crypt::X509->new(cert => $cert); print "Certificate has serial number:".$decoded->serial."\n"; =cut back sub serial { my $self = shift; return $self->{tbsCertificate}{serialNumber}; } =head2 not_before returns the GMT-timestamp of the certificate's beginning date of validity. If the Certificate holds this Entry in utcTime, it is guaranteed by the RFC to been correct. As utcTime is limited to 32-bit values (like unix-timestamps) newer certificates hold the timesamps as "generalTime"-entries. B, if no utcTime-entry is found. $decoded= Crypt::X509->new(cert => $cert); if ($decoded->notBefore < time()) { warn "Certificate: not yet valid!"; } =cut back sub not_before { my $self = shift; if ( $self->{tbsCertificate}{validity}{notBefore}{utcTime} ) { return $self->{tbsCertificate}{validity}{notBefore}{utcTime}; } elsif ( $self->{tbsCertificate}{validity}{notBefore}{generalTime} ) { return $self->{tbsCertificate}{validity}{notBefore}{generalTime}; } else { return undef; } } =head2 not_after returns the GMT-timestamp of the certificate's ending date of validity. If the Certificate holds this Entry in utcTime, it is guaranteed by the RFC to been correct. As utcTime is limited to 32-bit values (like unix-timestamps) newer certificates hold the timesamps as "generalTime"-entries. B, if no utcTime-entry is found. $decoded= Crypt::X509->new(cert => $cert); print "Certificate expires on ".gmtime($decoded->not_after)." GMT\n"; =cut back sub not_after { my $self = shift; if ( $self->{tbsCertificate}{validity}{notAfter}{utcTime} ) { return $self->{tbsCertificate}{validity}{notAfter}{utcTime}; } elsif ( $self->{tbsCertificate}{validity}{notAfter}{generalTime} ) { return $self->{tbsCertificate}{validity}{notAfter}{generalTime}; } else { return undef; } } =head2 signature Return's the certificate's signature in binary DER format. =cut back sub signature { my $self = shift; return $self->{signature}[0]; } =head2 pubkey Returns the certificate's public key in binary DER format. =cut back sub pubkey { my $self = shift; return $self->{tbsCertificate}{subjectPublicKeyInfo}{subjectPublicKey}[0]; } =head2 pubkey_size Returns the certificate's public key size. =cut back sub pubkey_size { my $self = shift; return $self->{tbsCertificate}{subjectPublicKeyInfo}{subjectPublicKey}[1]; } =head2 pubkey_algorithm Returns the algorithm as OID string which the public key was created with. =cut back sub pubkey_algorithm { my $self = shift; return $self->{tbsCertificate}{subjectPublicKeyInfo}{algorithm}{algorithm}; } =head2 PubKeyAlg returns the subject public key encryption algorithm (e.g. 'RSA') as string. $decoded= Crypt::X509->new(cert => $cert); print "Certificate public key is encrypted with:".$decoded->PubKeyAlg."\n"; Example Output: Certificate public key is encrypted with: RSA =cut back sub PubKeyAlg { my $self = shift; return $oid2enchash{ $self->{tbsCertificate}{subjectPublicKeyInfo}{algorithm}{algorithm} }->{'enc'}; } =head2 pubkey_components If this certificate contains an RSA key, this function returns a hashref { modulus => $m, exponent => $e) from that key; each value in the hash will be an integer scalar or a Math::BigInt object. For other pubkey types, it returns undef (implementations welcome!). =cut back sub pubkey_components { my $self = shift; if ($self->PubKeyAlg() eq 'RSA') { my $parser = _init('RSAPubKeyInfo'); my $values = $parser->decode($self->{tbsCertificate}{subjectPublicKeyInfo}{subjectPublicKey}[0]); return $values; } else { return undef; } } =head2 sig_algorithm Returns the certificate's signature algorithm as OID string $decoded= Crypt::X509->new(cert => $cert); print "Certificate signature is encrypted with:".$decoded->sig_algorithm."\n";> Example Output: Certificate signature is encrypted with: 1.2.840.113549.1.1.5 =cut back sub sig_algorithm { my $self = shift; return $self->{tbsCertificate}{signature}{algorithm}; } =head2 SigEncAlg returns the signature encryption algorithm (e.g. 'RSA') as string. $decoded= Crypt::X509->new(cert => $cert); print "Certificate signature is encrypted with:".$decoded->SigEncAlg."\n"; Example Output: Certificate signature is encrypted with: RSA =cut back sub SigEncAlg { my $self = shift; return $oid2enchash{ $self->{'signatureAlgorithm'}->{'algorithm'} }->{'enc'}; } =head2 SigHashAlg returns the signature hashing algorithm (e.g. 'SHA1') as string. $decoded= Crypt::X509->new(cert => $cert); print "Certificate signature is hashed with:".$decoded->SigHashAlg."\n"; Example Output: Certificate signature is encrypted with: SHA1 =cut back sub SigHashAlg { my $self = shift; return $oid2enchash{ $self->{'signatureAlgorithm'}->{'algorithm'} }->{'hash'}; } ######################################################################### # accessors - subject ######################################################################### =head2 Subject returns a pointer to an array of strings containing subject nameparts of the certificate. Attributenames for the most common Attributes are translated from the OID-Numbers, unknown numbers are output verbatim. $decoded= Convert::ASN1::X509->new($cert); print "DN for this Certificate is:".join(',',@{$decoded->Subject})."\n"; =cut back sub Subject { my $self = shift; my ( $i, $type ); my $subjrdn = $self->{'tbsCertificate'}->{'subject'}->{'rdnSequence'}; $self->{'tbsCertificate'}->{'subject'}->{'dn'} = []; my $subjdn = $self->{'tbsCertificate'}->{'subject'}->{'dn'}; foreach my $subj ( @{$subjrdn} ) { foreach my $i ( @{$subj} ) { if ( $oid2attr{ $i->{'type'} } ) { $type = $oid2attr{ $i->{'type'} }; } else { $type = $i->{'type'}; } my @key = keys( %{ $i->{'value'} } ); push @{$subjdn}, $type . "=" . $i->{'value'}->{ $key[0] }; } } return $subjdn; } =head2 SubjectRaw Returns the RDNs as list of hashes, values are stringified but OIDs are not translated. If a component contains a SET, the component will become an array of hashes on the second level. =cut sub SubjectRaw { my $self = shift; my @subject; foreach my $rdn (@{$self->{'tbsCertificate'}->{'subject'}->{'rdnSequence'}}) { my @sequence = map { $_->{format} = (keys %{$_->{value}})[0]; $_->{value} = (values %{$_->{value}})[0]; $_; } @{$rdn}; if (scalar @sequence > 1) { push @subject, \@sequence; } else { push @subject, $sequence[0]; } } return \@subject; } =head2 SubjectSequence Returns the subject as returned from the ASN1 parser. =cut sub SubjectSequence { my $self = shift; return $self->{'tbsCertificate'}->{'subject'}->{'rdnSequence'}; } sub _subject_part { my $self = shift; my $oid = shift; my $subjrdn = $self->{'tbsCertificate'}->{'subject'}->{'rdnSequence'}; foreach my $subj ( @{$subjrdn} ) { foreach my $i ( @{$subj} ) { if ( $i->{'type'} eq $oid ) { my @key = keys( %{ $i->{'value'} } ); return $i->{'value'}->{ $key[0] }; } } } return undef; } =head2 subject_country Returns the string value for subject's country (= the value with the OID 2.5.4.6 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no country attribute. =cut back sub subject_country { my $self = shift; return _subject_part( $self, '2.5.4.6' ); } =head2 subject_locality Returns the string value for subject's locality (= the value with the OID 2.5.4.7 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no locality attribute. =cut back sub subject_locality { my $self = shift; return _subject_part( $self, '2.5.4.7' ); } =head2 subject_state Returns the string value for subject's state or province (= the value with the OID 2.5.4.8 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no state attribute. =cut back sub subject_state { my $self = shift; return _subject_part( $self, '2.5.4.8' ); } =head2 subject_org Returns the string value for subject's organization (= the value with the OID 2.5.4.10 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no organization attribute. =cut back sub subject_org { my $self = shift; return _subject_part( $self, '2.5.4.10' ); } =head2 subject_ou Returns the string value for subject's organizational unit (= the value with the OID 2.5.4.11 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no organization attribute. =cut back sub subject_ou { my $self = shift; return _subject_part( $self, '2.5.4.11' ); } =head2 subject_cn Returns the string value for subject's common name (= the value with the OID 2.5.4.3 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no common name attribute. =cut back sub subject_cn { my $self = shift; return _subject_part( $self, '2.5.4.3' ); } =head2 subject_email Returns the string value for subject's email address (= the value with the OID 1.2.840.113549.1.9.1 or in DN Syntax everything after C). Only the first entry is returned. C if subject contains no email attribute. =cut back sub subject_email { my $self = shift; return _subject_part( $self, '1.2.840.113549.1.9.1' ); } ######################################################################### # accessors - issuer ######################################################################### =head2 Issuer returns a pointer to an array of strings building the DN of the certificate issuer (= the DN of the CA). Attributenames for the most common Attributes are translated from the OID-Numbers, unknown numbers are output verbatim. $decoded= Crypt::X509->new($cert); print "Certificate was issued by:".join(',',@{$decoded->Issuer})."\n"; =cut back sub Issuer { my $self = shift; my ( $i, $type ); my $issuerdn = $self->{'tbsCertificate'}->{'issuer'}->{'rdnSequence'}; $self->{'tbsCertificate'}->{'issuer'}->{'dn'} = []; my $issuedn = $self->{'tbsCertificate'}->{'issuer'}->{'dn'}; foreach my $issue ( @{$issuerdn} ) { foreach my $i ( @{$issue} ) { if ( $oid2attr{ $i->{'type'} } ) { $type = $oid2attr{ $i->{'type'} }; } else { $type = $i->{'type'}; } my @key = keys( %{ $i->{'value'} } ); push @{$issuedn}, $type . "=" . $i->{'value'}->{ $key[0] }; } } return $issuedn; } sub _issuer_part { my $self = shift; my $oid = shift; my $issuerrdn = $self->{'tbsCertificate'}->{'issuer'}->{'rdnSequence'}; foreach my $issue ( @{$issuerrdn} ) { foreach my $i ( @{$issue} ) { if ( $i->{'type'} eq $oid ) { my @key = keys( %{ $i->{'value'} } ); return $i->{'value'}->{ $key[0] }; } } } return undef; } =head2 issuer_cn Returns the string value for issuer's common name (= the value with the OID 2.5.4.3 or in DN Syntax everything after C). Only the first entry is returned. C if issuer contains no common name attribute. =cut back sub issuer_cn { my $self = shift; return _issuer_part( $self, '2.5.4.3' ); } =head2 issuer_country Returns the string value for issuer's country (= the value with the OID 2.5.4.6 or in DN Syntax everything after C). Only the first entry is returned. C if issuer contains no country attribute. =cut back sub issuer_country { my $self = shift; return _issuer_part( $self, '2.5.4.6' ); } =head2 issuer_state Returns the string value for issuer's state or province (= the value with the OID 2.5.4.8 or in DN Syntax everything after C). Only the first entry is returned. C if issuer contains no state attribute. =cut back sub issuer_state { my $self = shift; return _issuer_part( $self, '2.5.4.8' ); } =head2 issuer_locality Returns the string value for issuer's locality (= the value with the OID 2.5.4.7 or in DN Syntax everything after C). Only the first entry is returned. C if issuer contains no locality attribute. =cut back sub issuer_locality { my $self = shift; return _issuer_part( $self, '2.5.4.7' ); } =head2 issuer_org Returns the string value for issuer's organization (= the value with the OID 2.5.4.10 or in DN Syntax everything after C). Only the first entry is returned. C if issuer contains no organization attribute. =cut back sub issuer_org { my $self = shift; return _issuer_part( $self, '2.5.4.10' ); } =head2 issuer_email Returns the string value for issuer's email address (= the value with the OID 1.2.840.113549.1.9.1 or in DN Syntax everything after C). Only the first entry is returned. C if issuer contains no email attribute. =cut back sub issuer_email { my $self = shift; return _issuer_part( $self, '1.2.840.113549.1.9.1' ); } ######################################################################### # accessors - extensions (automate this) ######################################################################### =head2 KeyUsage returns a pointer to an array of strings describing the valid Usages for this certificate. C is returned, when the extension is not set in the certificate. If the extension is marked critical, this is also reported. $decoded= Crypt::X509->new(cert => $cert); print "Allowed usages for this Certificate are:\n".join("\n",@{$decoded->KeyUsage})."\n"; Example Output: Allowed usages for this Certificate are: critical digitalSignature keyEncipherment dataEncipherment =cut back sub KeyUsage { my $self = shift; my $ext; my $exts = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $exts ) { return undef; } ; # no extensions in certificate foreach $ext ( @{$exts} ) { if ( $ext->{'extnID'} eq '2.5.29.15' ) { #OID for keyusage my $parsKeyU = _init('KeyUsage'); # get a parser for this my $keyusage = $parsKeyU->decode( $ext->{'extnValue'} ); # decode the value if ( $parsKeyU->error ) { $self->{"_error"} = $parsKeyU->error; return undef; } my $keyu = unpack( "n", ${$keyusage}[0] . ${$keyusage}[1] ) & 0xff80; $ext->{'usage'} = []; if ( $ext->{'critical'} ) { push @{ $ext->{'usage'} }, "critical"; } # mark as critical, if appropriate if ( $keyu & 0x8000 ) { push @{ $ext->{'usage'} }, "digitalSignature"; } if ( $keyu & 0x4000 ) { push @{ $ext->{'usage'} }, "nonRepudiation"; } if ( $keyu & 0x2000 ) { push @{ $ext->{'usage'} }, "keyEncipherment"; } if ( $keyu & 0x1000 ) { push @{ $ext->{'usage'} }, "dataEncipherment"; } if ( $keyu & 0x0800 ) { push @{ $ext->{'usage'} }, "keyAgreement"; } if ( $keyu & 0x0400 ) { push @{ $ext->{'usage'} }, "keyCertSign"; } if ( $keyu & 0x0200 ) { push @{ $ext->{'usage'} }, "cRLSign"; } if ( $keyu & 0x0100 ) { push @{ $ext->{'usage'} }, "encipherOnly"; } if ( $keyu & 0x0080 ) { push @{ $ext->{'usage'} }, "decipherOnly"; } return $ext->{'usage'}; } } return undef; # keyusage extension not found } =head2 ExtKeyUsage returns a pointer to an array of ExtKeyUsage strings (or OIDs for unknown OIDs) or C if the extension is not filled. OIDs of the following ExtKeyUsages are known: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, OCSPSigning If the extension is marked critical, this is also reported. $decoded= Crypt::X509->new($cert); print "ExtKeyUsage extension of this Certificates is: ", join(", ", @{$decoded->ExtKeyUsage}), "\n"; Example Output: ExtKeyUsage extension of this Certificates is: critical, serverAuth =cut back our %oid2extkeyusage = ( '1.3.6.1.5.5.7.3.1' => 'serverAuth', '1.3.6.1.5.5.7.3.2' => 'clientAuth', '1.3.6.1.5.5.7.3.3' => 'codeSigning', '1.3.6.1.5.5.7.3.4' => 'emailProtection', '1.3.6.1.5.5.7.3.8' => 'timeStamping', '1.3.6.1.5.5.7.3.9' => 'OCSPSigning', ); sub ExtKeyUsage { my $self = shift; my $ext; my $exts = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $exts ) { return undef; } ; # no extensions in certificate foreach $ext ( @{$exts} ) { if ( $ext->{'extnID'} eq '2.5.29.37' ) { #OID for ExtKeyUsage return $ext->{'oids'} if defined $ext->{'oids'}; my $parsExtKeyUsage = _init('ExtKeyUsageSyntax'); # get a parser for this my $oids = $parsExtKeyUsage->decode( $ext->{'extnValue'} ); # decode the value if ( $parsExtKeyUsage->error ) { $self->{"_error"} = $parsExtKeyUsage->error; return undef; } $ext->{'oids'} = [ map { $oid2extkeyusage{$_} || $_ } @$oids ]; if ( $ext->{'critical'} ) { unshift @{ $ext->{'oids'} }, "critical"; } # mark as critical, if appropriate return $ext->{'oids'}; } } return undef; } =head2 SubjectAltName returns a pointer to an array of strings containing alternative Subjectnames or C if the extension is not filled. Usually this Extension holds the e-Mail address for person-certificates or DNS-Names for server certificates. It also pre-pends the field type (ie rfc822Name) to the returned value. $decoded= Crypt::X509->new($cert); print "E-Mail or Hostnames in this Certificates is/are:", join(", ", @{$decoded->SubjectAltName}), "\n"; Example Output: E-Mail or Hostnames in this Certificates is/are: rfc822Name=user@server.com =cut back sub SubjectAltName { my $self = shift; my $ext; my $exts = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $exts ) { return undef; } ; # no extensions in certificate foreach $ext ( @{$exts} ) { if ( $ext->{'extnID'} eq '2.5.29.17' ) { #OID for SubjectAltName my $parsSubjAlt = _init('SubjectAltName'); # get a parser for this my $altnames = $parsSubjAlt->decode( $ext->{'extnValue'} ); # decode the value if ( $parsSubjAlt->error ) { $self->{"_error"} = $parsSubjAlt->error; return undef; } $ext->{'names'} = []; foreach my $name ( @{$altnames} ) { foreach my $value ( keys %{$name} ) { push @{ $ext->{'names'} }, "$value=" . $name->{$value}; } } return $ext->{'names'}; } } return undef; } =head2 DecodedSubjectAltNames Returns a pointer to an array of strings containing all the alternative subject name extensions. Each such extension is represented as a decoded ASN.1 value, i.e. a pointer to a list of pointers to objects, each object having a single key with the type of the alternative name and a value specific to that type. Example return value: [ [ { 'directoryName' => { 'rdnSequence' => [ [ { 'value' => { 'utf8String' => 'example' }, 'type' => '2.5.4.3' } ] ] } }, { 'dNSName' => 'example.com' } ] ] =cut back sub DecodedSubjectAltNames { my $self = shift; my @sans = (); my $exts = $self->{'tbsCertificate'}->{'extensions'}; foreach my $ext ( @{$exts} ) { if ( $ext->{'extnID'} eq '2.5.29.17' ) { #OID for subjectAltName my $parsSubjAlt = _init('SubjectAltName'); my $altnames = $parsSubjAlt->decode( $ext->{'extnValue'} ); if ( $parsSubjAlt->error ) { $self->{'_error'} = $parsSubjAlt->error; return undef; } push @sans, $altnames; } } return \@sans; } ######################################################################### # accessors - authorityCertIssuer ######################################################################### sub _AuthorityKeyIdentifier { my $self = shift; my $ext; my $exts = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $exts ) { return undef; } ; # no extensions in certificate if ( defined $self->{'tbsCertificate'}{'AuthorityKeyIdentifier'} ) { return ( $self->{'tbsCertificate'}{'AuthorityKeyIdentifier'} ); } foreach $ext ( @{$exts} ) { if ( $ext->{'extnID'} eq '2.5.29.35' ) { #OID for AuthorityKeyIdentifier my $pars = _init('AuthorityKeyIdentifier'); # get a parser for this $self->{'tbsCertificate'}{'AuthorityKeyIdentifier'} = $pars->decode( $ext->{'extnValue'} ); # decode the value if ( $pars->error ) { $self->{"_error"} = $pars->error; return undef; } return $self->{'tbsCertificate'}{'AuthorityKeyIdentifier'}; } } return undef; } =head2 authorityCertIssuer returns a pointer to an array of strings building the DN of the Authority Cert Issuer. Attributenames for the most common Attributes are translated from the OID-Numbers, unknown numbers are output verbatim. undef if the extension is not set in the certificate. $decoded= Crypt::X509->new($cert); print "Certificate was authorised by:".join(',',@{$decoded->authorityCertIssuer})."\n"; =cut back sub authorityCertIssuer { my $self = shift; my ( $i, $type ); my $rdn = _AuthorityKeyIdentifier($self); if ( !defined($rdn) ) { return (undef); # we do not have that extension } else { $rdn = $rdn->{'authorityCertIssuer'}[0]->{'directoryName'}; } $rdn->{'dn'} = []; my $dn = $rdn->{'dn'}; $rdn = $rdn->{'rdnSequence'}; foreach my $r ( @{$rdn} ) { $i = @{$r}[0]; if ( $oid2attr{ $i->{'type'} } ) { $type = $oid2attr{ $i->{'type'} }; } else { $type = $i->{'type'}; } my @key = keys( %{ $i->{'value'} } ); push @{$dn}, $type . "=" . $i->{'value'}->{ $key[0] }; } return $dn; } sub _authcert_part { my $self = shift; my $oid = shift; my $rdn = _AuthorityKeyIdentifier($self); if ( !defined($rdn) ) { return (undef); # we do not have that extension } else { $rdn = $rdn->{'authorityCertIssuer'}[0]->{'directoryName'}->{'rdnSequence'}; } foreach my $r ( @{$rdn} ) { my $i = @{$r}[0]; if ( $i->{'type'} eq $oid ) { my @key = keys( %{ $i->{'value'} } ); return $i->{'value'}->{ $key[0] }; } } return undef; } =head2 authority_serial Returns the authority's certificate serial number. =cut back sub authority_serial { my $self = shift; return ( $self->_AuthorityKeyIdentifier )->{authorityCertSerialNumber}; } =head2 key_identifier Returns the authority key identifier or undef if it is a rooted cert =cut back sub key_identifier { my $self = shift; if ( defined $self->_AuthorityKeyIdentifier ) { return ( $self->_AuthorityKeyIdentifier )->{keyIdentifier}; } return undef; } =head2 authority_cn Returns the authority's ca. =cut back sub authority_cn { my $self = shift; return _authcert_part( $self, '2.5.4.3' ); } =head2 authority_country Returns the authority's country. =cut back sub authority_country { my $self = shift; return _authcert_part( $self, '2.5.4.6' ); } =head2 authority_state Returns the authority's state. =cut back sub authority_state { my $self = shift; return _authcert_part( $self, '2.5.4.8' ); } =head2 authority_locality Returns the authority's locality. =cut back sub authority_locality { my $self = shift; return _authcert_part( $self, '2.5.4.7' ); } =head2 authority_org Returns the authority's organization. =cut back sub authority_org { my $self = shift; return _authcert_part( $self, '2.5.4.10' ); } =head2 authority_email Returns the authority's email. =cut back sub authority_email { my $self = shift; return _authcert_part( $self, '1.2.840.113549.1.9.1' ); } =head2 CRLDistributionPoints Returns the CRL distribution points as an array of strings (with one value usually) =cut back sub CRLDistributionPoints { my $self = shift; my $ext; my $exts = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $exts ) { return undef; } ; # no extensions in certificate foreach $ext ( @{$exts} ) { if ( $ext->{'extnID'} eq '2.5.29.31' ) { #OID for cRLDistributionPoints my $crlp = _init('cRLDistributionPoints'); # get a parser for this my $points = $crlp->decode( $ext->{'extnValue'} ); # decode the value $points = $points->[0]->{'distributionPoint'}->{'fullName'}; if ( $crlp->error ) { $self->{"_error"} = $crlp->error; return undef; } foreach my $name ( @{$points} ) { push @{ $ext->{'crlpoints'} }, $name->{'uniformResourceIdentifier'}; } return $ext->{'crlpoints'}; } } return undef; } =head2 CRLDistributionPoints2 Returns the CRL distribution points as an array of hashes (allowing for some variations) =cut back # newer CRL sub CRLDistributionPoints2 { my $self = shift; my %CDPs; my $dp_cnt = 0; # this is a counter used to show which CDP a particular value is listed in my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for my $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '2.5.29.31' ) { # OID for ARRAY of cRLDistributionPoints my $parser = _init('cRLDistributionPoints'); # get a parser for CDPs my $points = $parser->decode( $extension->{'extnValue'} ); # decode the values (returns an array) for my $each_dp ( @{$points} ) { # this loops through multiple "distributionPoint" values $dp_cnt++; for my $each_fullName ( @{ $each_dp->{'distributionPoint'}->{'fullName'} } ) { # this loops through multiple "fullName" values if ( exists $each_fullName->{directoryName} ) { # found a rdnSequence my $rdn = join ',', reverse @{ my_CRL_rdn( $each_fullName->{directoryName}->{rdnSequence} ) }; push @{ $CDPs{$dp_cnt} }, "Directory Address: $rdn"; } elsif ( exists $each_fullName->{uniformResourceIdentifier} ) { # found a URI push @{ $CDPs{$dp_cnt} }, "URL: " . $each_fullName->{uniformResourceIdentifier}; } else { # found some other type of CDP value # return undef; } } } return %CDPs; } } return undef; } sub my_CRL_rdn { my $crl_rdn = shift; # this should be the passed in 'rdnSequence' array my ( $i, $type ); my $crl_dn = []; for my $part ( @{$crl_rdn} ) { $i = @{$part}[0]; if ( $oid2attr{ $i->{'type'} } ) { $type = $oid2attr{ $i->{'type'} }; } else { $type = $i->{'type'}; } my @key = keys( %{ $i->{'value'} } ); push @{$crl_dn}, $type . "=" . $i->{'value'}->{ $key[0] }; } return $crl_dn; } =head2 CertificatePolicies Returns the CertificatePolicies as an array of strings =cut back # CertificatePolicies (another extension) sub CertificatePolicies { my $self = shift; my $extension; my $CertPolicies = []; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '2.5.29.32' ) { # OID for CertificatePolicies my $parser = _init('CertificatePolicies'); # get a parser for this my $policies = $parser->decode( $extension->{'extnValue'} ); # decode the value for my $policy ( @{$policies} ) { for my $key ( keys %{$policy} ) { push @{$CertPolicies}, "$key=" . $policy->{$key}; } } return $CertPolicies; } } return undef; } =head2 EntrustVersionInfo Returns the EntrustVersion as a string print "Entrust Version: ", $decoded->EntrustVersion, "\n"; Example Output: Entrust Version: V7.0 =cut back # EntrustVersion (another extension) sub EntrustVersion { my $self = shift; my $extension; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '1.2.840.113533.7.65.0' ) { # OID for EntrustVersionInfo my $parser = _init('EntrustVersionInfo'); # get a parser for this my $entrust = $parser->decode( $extension->{'extnValue'} ); # decode the value return $entrust->{'entrustVers'}; # not doing anything with the EntrustInfoFlags BIT STRING (yet) # $entrust->{'entrustInfoFlags'} } } return undef; } =head2 SubjectDirectoryAttributes Returns the SubjectDirectoryAttributes as an array of key = value pairs, to include a data type print "Subject Directory Attributes: ", join( ', ' , @{ $decoded->SubjectDirectoryAttributes } ), "\n"; Example Output: Subject Directory Attributes: 1.2.840.113533.7.68.29 = 7 (integer) =cut back # SubjectDirectoryAttributes (another extension) sub SubjectDirectoryAttributes { my $self = shift; my $extension; my $attributes = []; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '2.5.29.9' ) { # OID for SubjectDirectoryAttributes my $parser = _init('SubjectDirectoryAttributes'); # get a parser for this my $subject_dir_attrs = $parser->decode( $extension->{'extnValue'} ); # decode the value for my $type ( @{$subject_dir_attrs} ) { for my $value ( @{ $type->{'values'} } ) { for my $key ( keys %{$value} ) { push @{$attributes}, $type->{'type'} . " = " . $value->{$key} . " ($key)"; } } } return $attributes; } } return undef; } =head2 BasicConstraints Returns the BasicConstraints as an array and the criticallity pre-pended. =cut back # BasicConstraints (another extension) sub BasicConstraints { my $self = shift; my $extension; my $constraints = []; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '2.5.29.19' ) { # OID for BasicConstraints if ( $extension->{'critical'} ) { push @{$constraints}, "critical"; } # mark this as critical as appropriate my $parser = _init('BasicConstraints'); # get a parser for this my $basic_constraints = $parser->decode( $extension->{'extnValue'} ); # decode the value for my $key ( keys %{$basic_constraints} ) { push @{$constraints}, "$key = " . $basic_constraints->{$key}; } return $constraints; } } return undef; } =head2 subject_keyidentifier Returns the subject key identifier from the extensions. =cut back # subject_keyidentifier (another extension) sub subject_keyidentifier { my $self = shift; return $self->_SubjectKeyIdentifier; } # _SubjectKeyIdentifier (another extension) sub _SubjectKeyIdentifier { my $self = shift; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate if ( defined $self->{'tbsCertificate'}{'SubjectKeyIdentifier'} ) { return ( $self->{'tbsCertificate'}{'SubjectKeyIdentifier'} ); } for my $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '2.5.29.14' ) { # OID for SubjectKeyIdentifier my $parser = _init('SubjectKeyIdentifier'); # get a parser for this $self->{'tbsCertificate'}{'SubjectKeyIdentifier'} = $parser->decode( $extension->{'extnValue'} ); # decode the value if ( $parser->error ) { $self->{"_error"} = $parser->error; return undef; } return $self->{'tbsCertificate'}{'SubjectKeyIdentifier'}; } } return undef; } =head2 SubjectInfoAccess Returns the SubjectInfoAccess as an array of hashes with key=value pairs. print "Subject Info Access: "; if ( defined $decoded->SubjectInfoAccess ) { my %SIA = $decoded->SubjectInfoAccess; for my $key ( keys %SIA ) { print "\n\t$key: \n\t"; print join( "\n\t" , @{ $SIA{$key} } ), "\n"; } } else { print "\n" } Example Output: Subject Info Access: 1.3.6.1.5.5.7.48.5: uniformResourceIdentifier = http://pki.treas.gov/root_sia.p7c uniformResourceIdentifier = ldap://ldap.treas.gov/ou=US%20Treasury%20Root%20CA,ou=Certification%20Authorities,ou=Department%20of%20the%20Treasury,o=U.S.%20Government,c=US?cACertificate;binary,crossCertificatePair;binary =cut back # SubjectInfoAccess (another extension) sub SubjectInfoAccess { my $self = shift; my $extension; my %SIA; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '1.3.6.1.5.5.7.1.11' ) { # OID for SubjectInfoAccess my $parser = _init('SubjectInfoAccessSyntax'); # get a parser for this my $subject_info_access = $parser->decode( $extension->{'extnValue'} ); # decode the value for my $sia ( @{$subject_info_access} ) { for my $key ( keys %{ $sia->{'accessLocation'} } ) { push @{ $SIA{ $sia->{'accessMethod'} } }, "$key = " . $sia->{'accessLocation'}{$key}; } } return %SIA; } } return undef; } =head2 PGPExtension Returns the creation timestamp of the corresponding OpenPGP key. (see http://www.imc.org/ietf-openpgp/mail-archive/msg05320.html) print "PGPExtension: "; if ( defined $decoded->PGPExtension ) { my $creationtime = $decoded->PGPExtension; printf "\n\tcorresponding OpenPGP Creation Time: ", $creationtime, "\n"; } Example Output: PGPExtension: whatever =cut back # PGPExtension (another extension) sub PGPExtension { my $self = shift; my $extension; my $extensions = $self->{'tbsCertificate'}->{'extensions'}; if ( !defined $extensions ) { return undef; } ; # no extensions in certificate for $extension ( @{$extensions} ) { if ( $extension->{'extnID'} eq '1.3.6.1.4.1.3401.8.1.1' ) { # OID for PGPExtension my $parser = _init('PGPExtension'); # get a parser for this my $pgpextension = $parser->decode( $extension->{'extnValue'} ); # decode the value if ($pgpextension->{version} != 0) { $self->{"_error"} = sprintf("got PGPExtension version %d. We only know how to deal with v1 (0)", $pgpextension->{version}); } else { foreach my $timetype ('generalTime', 'utcTime') { return $pgpextension->{keyCreation}->{$timetype} if exists $pgpextension->{keyCreation}->{$timetype}; } } } } return undef; } ####################################################################### # internal functions ####################################################################### sub _init { my $what = shift; if ( ( !defined $what ) || ( '' eq $what ) ) { $what = 'Certificate' } if ( !defined $asn ) { $asn = Convert::ASN1->new; $asn->prepare(<find($what); return $self; } =head1 SEE ALSO See the examples of C and the Mailing List. An example on how to load certificates can be found in F. =head1 ACKNOWLEDGEMENTS This module is based on the x509decode script, which was contributed to Convert::ASN1 in 2002 by Norbert Klasen. =head1 AUTHORS Mike Jackson , Alexander Jung , Duncan Segrest Oliver Welter =head1 COPYRIGHT Copyright (c) 2005 Mike Jackson . Copyright (c) 2001-2002 Norbert Klasen, DAASI International GmbH. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut 1; __END__ Crypt-X509-0.55/t/new_root_ca.cer000644 000765 000024 00000002530 13561250006 016741 0ustar00scottstaff000000 000000 0T0<D>:0  *H 01 0 UUS10U U.S. Government1#0!U Department of the Treasury1"0 U Certification Authorities10U US Treasury Root CA0 060805141630Z 260805144630Z01 0 UUS10U U.S. Government1#0!U Department of the Treasury1"0 U Certification Authorities10U US Treasury Root CA0"0  *H 0 $Y̘|dj;)HǻXߢ*h֋*@jn#TaviLhQ8 R6"Hwx.XP {7hbM sF鈓%m!6X ۭ"XB}~V1Ib`cpnO4˭&Cˏ$*j)Wn_O@BմQ{[̱>Dǣdhr{auvlRټ9f돚00U0U00+ 00-+0!http://pki.treas.gov/root_sia.p7c0+0ldap://ldap.treas.gov/ou=US%20Treasury%20Root%20CA,ou=Certification%20Authorities,ou=Department%20of%20the%20Treasury,o=U.S.%20Government,c=US?cACertificate;binary,crossCertificatePair;binary0 `HB0+U$0"20060805141630Z20160805024630Z0UhHTp-Xx<.Yd0 *H}A0V7.1:4.00  *H iW@hJ&bHy֨a6ոoczbIȋ^_;wqJFQw9vnU~@[``_dMpO>Ǥ0+]z: # ?OO|&OB"}3ۀNG9 $VcBLv$_tRp^Jx|,7YWoeb5:>IQ>.;^}0vKQװ7u2%4==/Ykc{Crypt-X509-0.55/t/subca_2.cer000644 000765 000024 00000002617 13561250006 015766 0ustar00scottstaff000000 000000 00sC0  *H 01 0 UUS10U U.S. Government1#0!U Department of the Treasury1"0 U Certification Authorities10U US Treasury Root CA0 060211144045Z 120211151045Z01 0 UUS10U U.S. Government1#0!U Department of the Treasury1"0 U Certification Authorities10U US Treasury Public CA0"0  *H 0 CL 잌G6t]Rgd>,mfeM2`&68z[߽пЇ\쁱;A . 9?Qܬ?nrp-uP0$򇼣FV"}Ԙ%e:82̝QWA멛cA/yHI $4fL8;xNuՉC{yyO&F+C'p9Pi'TB5dQWxVv1hC00mUd0`0\XT01 0 UUS10U U.S. Government1#0!U Department of the Treasury1"0 U Certification Authorities10U US Treasury Root CA1 0 UCRL1ldap://ldap.treas.gov/cn=CRL1,ou=US%20Treasury%20Root%20CA,ou=Certification%20Authorities,ou=Department%20of%20the%20Treasury,o=U.S.%20Government,c=US?authorityRevocationList0 U0U#0Uڦ7ВT !Ӕ r.0UY_- YZJSp0 U00 *H}A 0 V7.10  *H z(%Ra=l]Q=c y՜QSK͒qO/,oͳBnߝMidF9˨H6(Dugj +x%N MW!`EPRR8mFJ:$#:a<-?9 <1a!i &z1 )Zt5l!ٙɽ`>4~<8zZ}K|XSoqs?=fgQjO\鈪0hҊ-yZQl9ıt#ϡo*^ʗ CsP۹ OU0tӡBnDX[CgIFܑ(eδeV}7t3С4;ԛ|gQ5 -xxSWy4gSu[bFwڌ:QKۉ!DC5 DZKx'Ќk6"gyc Pu/ r'G,d # =xd{G'rb5%ds?p7o\_#'S.} } WCУ00UEiO2˨JmEF0YU#R0PEiO2˨JmEF-+0)1 0 Ude1 0 U foo1 0 Ubar 790 U00 *H810.˩qd,cfKdd.eT#D:'D-Crypt-X509-0.55/t/telesec_799972029.crt000644 000765 000024 00000001127 13561250006 017213 0ustar00scottstaff000000 000000 0S0/0 +$0O1 0 UDE10U Deutsche Telekom AG1"0  10U NKS CA 6:PN0"20020326083600Z20050326083600Z011 0 UDE1"0  20U Schefe, Jan00  *H 0!["r ntHhRv1?n?Ё|&d'IHfZQmcJ%+]^04bJYdy|D#c%# :u*JU1(w| x8f`f$]Z0X0U00FU?0= 010 USchefe 01 0 U*Jan0 +$Ob5, =J7ěe @G`,xzc> yT4%$ǜ9n(iZ8,o϶ԡIlv}dz}3S=. FFnS2Ds ۰eCrypt-X509-0.55/t/pgpextension.der000644 000765 000024 00000002330 13561250006 017164 0ustar00scottstaff000000 000000 00 9*[ @0  *H  0k1 0 UUS10U Fake Org1$0"U Digital Certificate Signing1#0!UFake Certificate Authority0 101221050413Z 201228050413Z0k1 0 UUS10U Fake Org1$0"U Digital Certificate Signing1#0!UFake Certificate Authority0"0  *H 0 p t`✨ܡ QckYBPc4F>nJ;?8l{QXY!Eɂ uΏ'NT~Ɩ& nmpzdPZp=5F-O}Ce ]Dt^Ѳ+ٳeg(%CK?M0ߔaX<[3ohZyk @bo<[-Ci۰b~PR*Ni炥d1$jtѰW -ey0u0U(̚l3G2Sy&Z'0U#0(̚l3G2Sy&Z'om0k1 0 UUS10U Fake Org1$0"U Digital Certificate Signing1#0!UFake Certificate Authority 9*[ @0 U00 U0 `HB0$ +I020101221050412Z0`UY0W0%#!http://ca.mayfirst.org/mfpl.crl0.,*(https://members.mayfirst.org/ca/mfpl.crl0  *H   Ğcw7qKH`og] UJ+_=GP$#-iNR=G*w}À"u}O=°ǽ*V|b |['oBxZU{j)ouK<yK9R'5ݹt  u 7Et&\] 3ٔů߂'o^= PεeAEM=طT8TJZn1|茞[&.an::a ^ Z?o0soSXה/6h =?eHR5VxjŽz1Ƌa 8 >_ u _Vy`Fv <ܳ%Dj*E♯3.oroj_n#~͇Kb0^0 `HB05U.0,0*(&$http://rootca.allianz.com/rootca.crl0U 00 +w00*+http://rootca.allianz.com/cps/0{+0o0Allianz Group Germany0LThis Certificate is issued by Allianz Group Root CA by Allianz Group Germany0U0 `HB/cps/0( `HBhttp://rootca.allianz.com0[ `HB NLThis Certificate is issued by Allianz Group Root CA by Allianz Group Germany0U00UQ2*P݄MgAE0mU#f0dQ2*P݄MgAEIG0E1 0 UDE10U  Allianz Group10UAllianz Group Root CA0  *H Q6Ɠdj-4DK j~?}SD}V_\ngV3PK|ijōLJbr@1k\(X2T 4'6QxU3p>RthtP_qOFApSrvqӓ=:0  *H 01 0 UUS10U VeriSign, Inc.1<0:U 3Class 1 Public Primary Certification Authority - G21:08U 1(c) 1998 VeriSign, Inc. - For authorized use only10U VeriSign Trust Network0 980518000000Z 280801235959Z01 0 UUS10U VeriSign, Inc.1<0:U 3Class 1 Public Primary Certification Authority - G21:08U 1(c) 1998 VeriSign, Inc. - For authorized use only10U VeriSign Trust Network00  *H 0к-v1ʔVooR6nuV UC!e~!k2?4A5ݪY?SmO*ZĦE]>d$vͫo{Qan4A @s=ku0  *H O g,٨-u~;r~\- km`|Ő# \JЯ]Ƕ  vOÛu[kܬrNOdt{•AesX0  *H 0C1 0 UDE10U  Allianz Group10UAllianz Dresdner CA0 050725134151Z 070726134151Z0h1(0& *H  alexander.jung@allianz.de1 0 UDE10U  Allianz Group10UAlexander Jung00  *H 0-nB*k9Dn y-꿡_%uӯz3Bu!3JS]W7sH CerԵɟ&\Uq_,gѣN^L<WY4 6M00 `HB0U02U )0%0! +w00+00Allianz Group Germany0For internal use and for use as regualted by subscriber agreements only. Not to be used for communications between third parties without express written consent of Allianz AG01+%https://rootca.allianz.com/ad-ca/cps/0:U3010/-+)http://rootca.allianz.com/ad-ca/ad-ca.crl0$U0alexander.jung@allianz.de0U#0#^A<֋XA-0U%0++0  *H &lÍ/޼BM倅8ynWc2Y˂Uu\ zu/NK'`t"Ck}2'/XpQ`:ݣ}l⪲/N .@U3٠!f@/QV[?}?";HL|Π")}y;يB޿@}Ѽ0P\{eލ´ǣ`5ȸ0 4c?<