NAME
Web::ID::Certificate::Generator - role for Web::ID::Certificate
SYNOPSIS
use Web::ID::Certificate::Generator;
my %options = (
cert_output => '/home/alice/webid.p12',
passphrase => 's3cr3t s0urc3',
rdf_output => '/home/alice/public_html/foaf.rdf',
subject_alt_names => [
Web::ID::SAN::URI->new(
value => 'http://example.com/~alice/foaf.rdf#me',
),
Web::ID::SAN::Email->new(
value => 'alice@example.com',
),
],
subject_name => 'Alice Jones',
subject_locality => 'Lewes',
subject_region => 'East Sussex',
subject_country => 'GB', # ISO 3166-1 alpha-2 code
);
my $cert = Web::ID::Certificate->generate(%options);DESCRIPTION
This is a role that may be applied to Web::ID::Certificate. It is not consumed by Web::ID::Certificate by default as I was trying to avoid tainting the class with the horror that's found in this role.
The import routine of this package applies the role to Web::ID::Certificate, so it is sufficient to do:
use Web::ID::Certificate::Generator;You don't need to muck around with apply_all_roles yourself.
Constructor
Options
The following options can be passed to generator
cert_outputA passphrase-protected PKCS12 certificate file is generated as part of the certificate generation process. The PKCS12 file is what you'd typically import into a browser.
You can pass a scalar reference, in which case the PKCS12 data will be written to that scalar; or a file handle or string file name.
This is a required option.
passphraseThe password for the PKCS12 file.
This is a required option.
rdf_outputRDF data is also generated as part of the certificate generation process.
Again a file handle or string file name can be passed, or an RDF::Trine::Model.
This is a required option.
subject_alt_namesList of Web::ID::SAN objects to generate the certificate's subjectAltNames field. You want at least one Web::ID::SAN::URI in there.
This is a required option.
subject_nameThe name of the person who will hold the certificate. (e.g. "Alice Smith".)
This is a required option.
subject_orgThe certificate holder's organisation.
Not required.
subject_localityThe locality (e.g. city) of the certificate holder's address.
Not required.
subject_regionThe region (e.g. state or county) of the certificate holder's address.
Not required.
subject_countryTwo letter ISO code for the country of the certificate holder's address.
Not required.
openssl_pathThe path to the OpenSSL binary. Yes that's right, this role calls the OpenSSL binary via
systemcalls. Defaults to automatic discovery via Web::ID::Util::FindOpenSSL.key_sizeKey size in bits. Defaults to 1024. Bigger keys are more secure. Keys bigger than 2048 bits will take a ridiculously long time to generate. Keys less than 512 bits are pretty poor.
not_afterDate when the certificate should expire, as a DateTime object. Defaults to 365 days.
BUGS AND LIMITATIONS
Generating the private key results in shedloads of nasty crud being spewed out on STDERR.
Please report any bugs to http://rt.cpan.org/Dist/Display.html?Queue=Web-ID.
SEE ALSO
Web::ID, Web::ID::Certificate.
AUTHOR
Toby Inkster <tobyink@cpan.org>.
COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.