format => 'pem-certificate',
optional => 1,
},
+ 'public-key-type' => {
+ type => 'string',
+ description => 'Certificate\'s public key algorithm',
+ optional => 1,
+ },
+ 'public-key-bits' => {
+ type => 'integer',
+ description => 'Certificate\'s public key size',
+ optional => 1,
+ },
},
});
or $ssl_die->("unable to read '$cert_path' - $!\n");
my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
- if (!$cert) {
- Net::SSLeay::BIO_free($bio);
- die "unable to read certificate from '$cert_path'\n";
- }
+ Net::SSLeay::BIO_free($bio);
+ die "unable to read certificate from '$cert_path'\n" if !$cert;
return $cert;
};
return Date::Parse::str2time($iso_time);
}
+sub get_certificate_fingerprint {
+ my ($cert_path) = @_;
+
+ my $cert = $read_certificate->($cert_path);
+
+ my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
+ Net::SSLeay::X509_free($cert);
+
+ die "unable to get fingerprint for '$cert_path' - got empty value\n"
+ if !defined($fp) || $fp eq '';
+
+ return $fp;
+}
+
sub get_certificate_info {
my ($cert_path) = @_;
my $san = [ map { $_->{value} } grep { $_->{type} eq 'dns' } @$identifiers ];
die "DNS identifiers are required to generate a CSR.\n" if !scalar @$san;
+ # optional
+ my $common_name = delete($attr{common_name}) // $san->[0];
+
my $md = eval { Net::SSLeay::EVP_get_digestbyname($dig_alg) };
die "Invalid digest algorithm '$dig_alg'\n" if !$md;
}
};
- $add_name_entry->('CN', @$san[0]);
+ $add_name_entry->('CN', $common_name);
for (qw(C ST L O OU)) {
if (defined(my $v = $attr{$_})) {
$add_name_entry->($_, $v);