use strict;
=head1 NAME
App::CamelPKI::CertTemplate::CA0 - provide functions to allow
CA0 type certificate generation.
=cut
#use Crypt::OpenSSL::CA;
=head1 Fonctions
This module allows to generate CA0 certificates.
=cut
=head2 prepare_self_signed_certificate
This function aims at generating a root certificate of CA0 type.
=cut
sub prepare_self_signed_certificate {
my ($class, $cert) = @_;
my $start_date = App::CamelPKI::Time->now;
my $end_date = $start_date->advance_years(20);
$cert->set_notBefore($start_date->zulu);
$cert->set_notAfter($end_date->zulu);
my $dn_subject=Crypt::OpenSSL::CA::X509_NAME->new(
O => "CamelPKI.fr",
OU => "CamelPKI",
CN => ".AC racine CamelPKI",
dnQualifier => $cert->get_public_key->get_openssl_keyid);
$cert->set_subject_DN($dn_subject);
$cert->set_issuer_DN($dn_subject);
$cert->set_extension("basicConstraints",
"CA:TRUE, pathlen:1", -critical => 1);
$cert->set_extension
("subjectKeyIdentifier",
$cert->get_public_key->get_openssl_keyid);
my $serial = "0x1";
$cert->set_serial($serial);
$cert->set_extension("authorityKeyIdentifier" => {
keyid => $cert->get_public_key->get_openssl_keyid,
issuer => $dn_subject,
serial => $serial } );
$cert->set_extension("keyUsage", "keyCertSign, cRLSign");
}
use strict;
=head1 NAME
App::CamelPKI::CertTemplate::CA1 - provide functions to allow
CA1 type certificate generation.
=head1 Fonctions
This module allows to generate CA1 certificates.
=cut
=head2 prepare_certificate
This function aims at generating a root certificate of CA1 type.
=cut
sub prepare_certificate {
my ($class, $cacert, $cert, %opts) = @_;
$cert->set_notBefore(App::CamelPKI::Time->now->zulu);
$cert->set_notAfter($cacert->get_notAfter);
my $dn_subject=Crypt::OpenSSL::CA::X509_NAME->new
(O => "CamelPKI.fr",
OU => "CamelPKI",
CN => ".AC operationnelle CamelPKI",
dnQualifier => $cert->get_public_key->get_openssl_keyid);
$cert->set_subject_DN($dn_subject);
$cert->set_extension("basicConstraints", "CA:TRUE, pathlen:0", -critical => 1);
$cert->set_extension("subjectKeyIdentifier", $cert->get_public_key->get_openssl_keyid);
$class->copy_from_ca_cert
($cacert, $cert, -authoritykeyid_issuer => 1);
$cert->set_extension("keyUsage", "keyCertSign, cRLSign");
}
require My::Tests::Below unless caller;
1;
__END__
=begin internals
=head1 TEST SUITE
=cut
use Test::More qw(no_plan);
use Test::Group;
use App::CamelPKI::Test "%test_public_keys", "certificate_chain_ok", "%test_keys_plaintext";
use App::CamelPKI::PrivateKey;
use Crypt::OpenSSL::CA;
my $keysize = 1024;
test "CA0_generate"=> sub {
my $privKey = App::CamelPKI::PrivateKey->genrsa($keysize)
->as_crypt_openssl_ca_privatekey;
my $certCA0 = Crypt::OpenSSL::CA::X509->new($privKey->get_public_key);
App::CamelPKI::CertTemplate::CA0->prepare_self_signed_certificate($certCA0);
my $pem = $certCA0->sign($privKey,"sha256");
certificate_chain_ok($pem, [$pem]);
};
test "CA1_generate"=> sub {
my $privKey = App::CamelPKI::PrivateKey->genrsa($keysize)
->as_crypt_openssl_ca_privatekey;
my $certCA0 = Crypt::OpenSSL::CA::X509->new($privKey->get_public_key);
App::CamelPKI::CertTemplate::CA0->prepare_self_signed_certificate($certCA0);
my $pemCA0 = $certCA0->sign($privKey,"sha256");
my $privKeyCA1 = App::CamelPKI::PrivateKey->genrsa($keysize)
->as_crypt_openssl_ca_privatekey;
my $certCA1 = Crypt::OpenSSL::CA::X509->new($privKeyCA1->get_public_key);
App::CamelPKI::CertTemplate::CA1->prepare_certificate($certCA0, $certCA1);
my $pemCA1 = $certCA1->sign($privKey,"sha256");
certificate_chain_ok($pemCA1, [$pemCA0]);
};
=end internals
=cut