Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Server::WOpeUserIContributedoPerloDocumentationTools::ParsePKCS10(3)

Name
       OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10

Description
       Take a pkcs10 container and extract information to the context. If a
       profile name and	style are given	and the	profile	has a ui section, the
       data extracted from the CSR is used to prefill the profile ui fields.
       Otherwise the extracted subject and san information is put "as is" into
       the context. Output definition is given below.

       To get extra information	from the CSR, add parameters key_params,
       req_attributes and req_extensions to your activity configuration.

Configuration
   Activity Parameters
       pkcs10
	   The PEM formatted pkcs10 request, has priority over context key.

       cert_profile
	   Determines the used profile,	has priority over context key.

       cert_subject_style
	   Determines the used profile substyle, has priority over context
	   key.

       key_params
	   If set to a true value, details of the used public key are
	   available in	the key_params context entry. Requires Crypt::PK::ECC
	   if ECC keys need to be handled.

       subject_prefix
	   Prefix for context output keys to write the subject information
	   into	(cert_subject_parts, cert_san_parts, cert_subject_alt_name).
	   Default is cert_.

   Expected context values
       pkcs10
	   Read	pkcs10 request from if not set using activity param.

       cert_profile
	   Read	cert_profile request from if not set using activity param.

       cert_subject_style
	   Read	cert_subject_style request from	if not set using activity
	   param.

       req_extensions
	   List	of OIDs	(or names) of request extensions, multiple items must
	   be seperated	by space. For each extensions that is found in the
	   request, a item in the req_extension	context	item is	created. The
	   key is the given name, the content is the raw data as returned by
	   Crypt::PKCS10 and depends on	the extensions.

       req_attributes
	   List	of OIDs	(or names) of request attributes, similar to
	   req_extension.

   Context value to be written
       Prefix cert_ can	be changed by setting subject_prefix.

       csr_subject
	   The extracted subject as string (comma seperated)

       cert_subject_parts
	   If a	valid profile is given,	contains the preset values for all
	   fields given	in the profiles	subject	section. The values are
	   determined by running the appropriate template string for each
	   field with the data extracted from the csr.

	   In plain mode, it contains the parsed DN as key-value pairs where
	   the key is the shortname of the component (e.g: OU) and the value
	   is an array of values found.	Note that any component	is an array
	   even	if it has only one item. All items found in the	SAN part are
	   also	added with a prefix "SAN_" and all uppercased names as used by
	   openssl (SAN_OTHERNAME, SAN_EMAIL, SAN_DNS, SAN_DIRNAME, SAN_URI,
	   SAN_IP, SAN_RID)

       cert_san_parts
	   Only	in profile mode. Contains the preset values for	all fields
	   given in the	profiles san section. The values are determined	by
	   running the appropriate template string for each field with the
	   data	extracted from the csr.

       cert_subject_alt_name
	   Only	in plain mode. All SAN items as	nested array list. Each	item
	   of the list is a two	item array with	name and value of one SAN
	   item. The names are given as	required to build then openssl
	   extension file (otherName, email, DNS, dirName, URI,	IP, RID).

       csr_key_alg
	   Algorithm of	the public key,	one of rsa, dsa, ec, unsupported

       csr_digest_alg
	   The digest algorithm	used to	create the signature request (e.g.
	   md5,	sha1).

       csr_key_params
	   Hash	holding	additional information on the used public key, only
	   present if key_params is set. Keys depend on	the type of the	key.

	   key_length
	       Size of the used	public key (RSA/DSA)/curve (ECC) in bits

	   curve
	       ec keys only, name of the curve - can be	empty if curve is not
	       known to	the current openssl version or if custom parameters
	       have been used.

       csr_subject_key_identifier
	   The key identifier of the used public key, Hex with uppercased
	   letters.  The format	is identical to	the return value of the	API
	   method get_key_identifier_from_data and the format used in the
	   certificates	table.

perl v5.32.0	   OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help