NAME¶
Web::ID::Certificate::Generator - role for Web::ID::Certificate
SYNOPSIS¶
use Web::ID::Certificate::Generator;
my %options = (
cert_output => '/home/alice/webid.p12',
passphrase => 's3cr3t s0urc3',
rdf_output => '/home/alice/public_html/foaf.rdf',
subject_alt_names => [
Web::ID::SAN::URI->new(
value => 'http://example.com/~alice/foaf.rdf#me',
),
Web::ID::SAN::Email->new(
value => 'alice@example.com',
),
],
subject_name => 'Alice Jones',
subject_locality => 'Lewes',
subject_region => 'East Sussex',
subject_country => 'GB', # ISO 3166-1 alpha-2 code
);
my $cert = Web::ID::Certificate->generate(%options);
DESCRIPTION¶
This is a role that may be applied to Web::ID::Certificate. It is not consumed
by Web::ID::Certificate by default as I was trying to avoid tainting the class
with the horror that's found in this role.
The "import" routine of this package applies the role to
Web::ID::Certificate, so it is sufficient to do:
use Web::ID::Certificate::Generator;
You don't need to muck around with "apply_all_roles" yourself.
Constructor¶
- "generate(%options)"
- Generates a brand new WebID-enabled certificate.
Options¶
The following options can be passed to "generator"
- •
- "cert_output"
A passphrase-protected PKCS12 certificate file is generated as part of the
certificate generation process. The PKCS12 file is what you'd typically
import into a browser.
You can pass a scalar reference, in which case the PKCS12 data will be
written to that scalar; or a file handle or string file name.
This is a required option.
- •
- "passphrase"
The password for the PKCS12 file.
This is a required option.
- •
- "rdf_output"
RDF data is also generated as part of the certificate generation process.
Again a file handle or string file name can be passed, or an
RDF::Trine::Model.
This is a required option.
- •
- "subject_alt_names"
List of Web::ID::SAN objects to generate the certificate's subjectAltNames
field. You want at least one Web::ID::SAN::URI in there.
This is a required option.
- •
- "subject_name"
The name of the person who will hold the certificate. (e.g. "Alice
Smith".)
This is a required option.
- •
- "subject_org"
The certificate holder's organisation.
Not required.
- •
- "subject_locality"
The locality (e.g. city) of the certificate holder's address.
Not required.
- •
- "subject_region"
The region (e.g. state or county) of the certificate holder's address.
Not required.
- •
- "subject_country"
Two letter ISO code for the country of the certificate holder's address.
Not required.
- •
- "openssl_path"
The path to the OpenSSL binary. Yes that's right, this role calls the
OpenSSL binary via "system" calls. Defaults to
"/usr/bin/openssl" (or "c:\openssl\bin\openssl.exe" on
Windows).
- •
- "key_size"
Key size in bits. Defaults to 1024. Bigger keys are more secure. Keys bigger
than 2048 bits will take a ridiculously long time to generate. Keys less
than 512 bits are pretty poor.
- •
- "not_after"
Date when the certificate should expire, as a DateTime object. Defaults to
365 days.
BUGS AND LIMITATIONS¶
Generating the private key results in shedloads of nasty crud being spewed out
on STDERR.
Please report any bugs to
http://rt.cpan.org/Dist/Display.html?Queue=Web-ID
<
http://rt.cpan.org/Dist/Display.html?Queue=Web-ID>.
SEE ALSO¶
Web::ID, Web::ID::Certificate.
AUTHOR¶
Toby Inkster <tobyink@cpan.org>.
COPYRIGHT AND LICENCE¶
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under the same
terms as the Perl 5 programming language system itself.
DISCLAIMER OF WARRANTIES¶
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.