GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10(3)

OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10

Take a pkcs10 container and extract information to the context. If a profile name and style are given and the profile has a ui section, the data extracted from the CSR is used to prefill the profile ui fields. Otherwise the extracted subject and san information is put "as is" into the context. Output definition is given below.

To get extra information from the CSR, add parameters key_params, req_attributes and req_extensions to your activity configuration.

The PEM formatted pkcs10 request, has priority over context key.
Determines the used profile, has priority over context key.
Determines the used profile substyle, has priority over context key.
If set to a true value, details of the used public key are available in the key_params context entry. Requires Crypt::PK::ECC if ECC keys need to be handled.
If set to a true value, the signature of the PKCS#10 container is checked and the boolean result is written to csr_signature_valid. If not set, the parameter is deleted from the context. It is recommended to check the PCKS#10 container on upload already using the validator. Note that at least the default backend will refuse broken signatures on the request to issue, so you MUST handle this.
Prefix for context output keys to write the subject information into (cert_subject_parts, cert_san_parts, cert_subject_alt_name). Default is cert_.
If set, the "cleaned" PKCS10 container is written back to this context value. This is useful if you have a "dirty" input. When combined with the unwrap_pkcs7 this receives the extracted PEM encodede request.
Renewal requests made by e.g. windows servers come with the PEM headers of a "normal" PKCS10 formatted request but are enveloped into a PKCS7 signature. When set to a true value, the class will extract the payload from the given container and write it back to target_key. If not set, the container is written to pkcs10.

Read pkcs10 request from if not set using activity param.
Read cert_profile request from if not set using activity param.
Read cert_subject_style request from if not set using activity param.
List of OIDs (or names) of request extensions, multiple items must be seperated by space. For each extensions that is found in the request, a item in the req_extension context item is created. The key is the given name, the content is the raw data as returned by Crypt::PKCS10 and depends on the extensions.
List of OIDs (or names) of request attributes, similar to req_extension.

Prefix cert_ can be changed by setting subject_prefix.

The extracted subject as string (comma seperated)
If a valid profile is given, contains the preset values for all fields given in the profiles subject section. The values are determined by running the appropriate template string for each field with the data extracted from the csr.

In plain mode, it contains the parsed DN as key-value pairs where the key is the shortname of the component (e.g: OU) and the value is an array of values found. Note that any component is an array even if it has only one item. All items found in the SAN part are also added with a prefix "SAN_" and all uppercased names as used by openssl (SAN_OTHERNAME, SAN_EMAIL, SAN_DNS, SAN_DIRNAME, SAN_URI, SAN_IP, SAN_RID)

Only in profile mode. Contains the preset values for all fields given in the profiles san section. The values are determined by running the appropriate template string for each field with the data extracted from the csr.
Only in plain mode. All SAN items as nested array list. Each item of the list is a two item array with name and value of one SAN item. The names are given as required to build then openssl extension file (otherName, email, DNS, dirName, URI, IP, RID).
Algorithm of the public key, one of rsa, dsa, ec, unsupported
The digest algorithm used to create the signature request (e.g. md5, sha1).
Hash holding additional information on the used public key, only present if key_params is set. Keys depend on the type of the key.
Size of the used public key (RSA/DSA)/curve (ECC) in bits
ec keys only, name of the curve - can be empty if curve is not known to the current openssl version or if custom parameters have been used.
The key identifier of the used public key, Hex with uppercased letters. The format is identical to the return value of the API method get_key_identifier_from_data and the format used in the certificates table.
Boolean, set only if validate_signature is set and recevies a literal 0/1 weather the PKCS#10 containers signature can be validated.
2025-07-15 perl v5.40.2

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.