GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10(3)

OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10

Take a pkcs10 container and extract information to the context. If a profile name and style are given and the profile has a ui section, the data extracted from the CSR is used to prefill the profile ui fields. Otherwise the extracted subject and san information is put "as is" into the context. Output definition is given below.

To get extra information from the CSR, add parameters key_params, req_attributes and req_extensions to your activity configuration.

pkcs10
The PEM formatted pkcs10 request, has priority over context key.
cert_profile
Determines the used profile, has priority over context key.
cert_subject_style
Determines the used profile substyle, has priority over context key.
key_params
If set to a true value, details of the used public key are available in the key_params context entry. Requires Crypt::PK::ECC if ECC keys need to be handled.
verify_signature
If set to a true value, the signature of the PKCS#10 container is checked and the boolean result is written to csr_signature_valid. If not set, the parameter is deleted from the context. It is recommended to check the PCKS#10 container on upload already using the validator. Note that at least the default backend will refuse broken signatures on the request to issue, so you MUST handle this.
subject_prefix
Prefix for context output keys to write the subject information into (cert_subject_parts, cert_san_parts, cert_subject_alt_name). Default is cert_.

pkcs10
Read pkcs10 request from if not set using activity param.
cert_profile
Read cert_profile request from if not set using activity param.
cert_subject_style
Read cert_subject_style request from if not set using activity param.
req_extensions
List of OIDs (or names) of request extensions, multiple items must be seperated by space. For each extensions that is found in the request, a item in the req_extension context item is created. The key is the given name, the content is the raw data as returned by Crypt::PKCS10 and depends on the extensions.
req_attributes
List of OIDs (or names) of request attributes, similar to req_extension.

Prefix cert_ can be changed by setting subject_prefix.
csr_subject
The extracted subject as string (comma seperated)
cert_subject_parts
If a valid profile is given, contains the preset values for all fields given in the profiles subject section. The values are determined by running the appropriate template string for each field with the data extracted from the csr.

In plain mode, it contains the parsed DN as key-value pairs where the key is the shortname of the component (e.g: OU) and the value is an array of values found. Note that any component is an array even if it has only one item. All items found in the SAN part are also added with a prefix "SAN_" and all uppercased names as used by openssl (SAN_OTHERNAME, SAN_EMAIL, SAN_DNS, SAN_DIRNAME, SAN_URI, SAN_IP, SAN_RID)

cert_san_parts
Only in profile mode. Contains the preset values for all fields given in the profiles san section. The values are determined by running the appropriate template string for each field with the data extracted from the csr.
cert_subject_alt_name
Only in plain mode. All SAN items as nested array list. Each item of the list is a two item array with name and value of one SAN item. The names are given as required to build then openssl extension file (otherName, email, DNS, dirName, URI, IP, RID).
csr_key_alg
Algorithm of the public key, one of rsa, dsa, ec, unsupported
csr_digest_alg
The digest algorithm used to create the signature request (e.g. md5, sha1).
csr_key_params
Hash holding additional information on the used public key, only present if key_params is set. Keys depend on the type of the key.
key_length
Size of the used public key (RSA/DSA)/curve (ECC) in bits
curve
ec keys only, name of the curve - can be empty if curve is not known to the current openssl version or if custom parameters have been used.
csr_subject_key_identifier
The key identifier of the used public key, Hex with uppercased letters. The format is identical to the return value of the API method get_key_identifier_from_data and the format used in the certificates table.
csr_signature_valid
Boolean, set only if validate_signature is set and recevies a literal 0/1 weather the PKCS#10 containers signature can be validated.
2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.