NAME
   Panda::NSS - Perl bindings to NSS Mozilla security library

VERSION
   version 0.004

SYNOPSIS
     # verify certificate
     use Panda::NSS;

     Panda::NSS::init($nssdb_path);
     Panda::NSS::add_builtins();

     my $cert = Panda::NSS::Cert->new($cert_data_in_der_format);

     if ($cert->simple_verify(Panda::NSS::CERTIFICATE_USAGE_OBJECT_SIGNER)) {
         print "Certificate OK\n";
     }
     else {
         print "Certificate NOT VALID\n";
     }

DESCRIPTION
   This library is in very early stage of development. Any API can change.
   Currently you can verify certificates with AIA extension (when not all
   chain exists locally).

FUNCTIONS
   "Panda::NSS::init( [ $certdb_path ] )"
       This function initialize NSS library. It calls
       "NSS_InitReadWrite(dbpath)". However you may not specify
       $certdb_path, in that case "NSS_NoDB_Init()" called, that mode not
       very useful for certificate checks.

   "Panda::NSS::reinit()"
       This function should be called after fork to reinitialize NSS
       library. Any outstanding handles will become invalid, but new will
       work.

       Actually this function compare current PID with saved in previous
       "init" or "reinit" one and calls "SECMOD_RestartModules(false)" if
       needed.

       Example:

         use Panda::NSS;

         Panda::NSS::init($nssdb_path);

         my $pid = fork();
         if ($pid == 0) {
             # child
             Panda::NSS::reinit();
             # ... other code in child
         }

   "Panda::NSS::add_builtins()"
       This function load nssckbi module, that contains default root
       certificates in NSS. May croaks if library initialized without
       certdb.

CONSTANTS
 Certificate usage
   "Panda::NSS::CERTIFICATE_USAGE_CHECK_ALL_USAGES"
   "Panda::NSS::CERTIFICATE_USAGE_SSL_CLIENT"
   "Panda::NSS::CERTIFICATE_USAGE_SSL_SERVER"
   "Panda::NSS::CERTIFICATE_USAGE_SSL_SERVER_WITH_STEP_UP"
   "Panda::NSS::CERTIFICATE_USAGE_SSL_CA"
   "Panda::NSS::CERTIFICATE_USAGE_EMAIL_SIGNER"
   "Panda::NSS::CERTIFICATE_USAGE_EMAIL_RECIPIENT"
   "Panda::NSS::CERTIFICATE_USAGE_OBJECT_SIGNER"
   "Panda::NSS::CERTIFICATE_USAGE_USER_CERT_IMPORT"
   "Panda::NSS::CERTIFICATE_USAGE_VERIFY_CA"
   "Panda::NSS::CERTIFICATE_USAGE_PROTECTED_OBJECT_SIGNER"
   "Panda::NSS::CERTIFICATE_USAGE_STATUS_RESPONDER"
   "Panda::NSS::CERTIFICATE_USAGE_ANY_CA"

CLASSES
 "Panda::NSS::Cert"
  CONSTRUCTOR
   "$cert = Panda::NSS::Cert->new( $data )"
       Constructs certificate object.

       $data can be certificate in DER binary format or in PEM format
       (Base64 encoded DER certificate, enclosed between *"-----BEGIN
       CERTIFICATE-----"* and *"-----END CERTIFICATE-----"*). Format is
       auto-detected.

  PROPERTIES
   "$cert->version"
       Returns certificate version. 1, 2 or 3.

   "$cert->serial_number"
       Returns certificate serial number as a binary string.

   "$cert->serial_number_hex"
       Returns certificate serial number as a hex encoded string.

   "$cert->subject"
       Returns certificate subject as a string.

   "$cert->issuer"
       Returns certificate issuer as a string.

   "$cert->common_name"
       Returns common name extracted from subject.

   "$cert->country_name"
       Returns country name extracted from subject.

   "$cert->locality_name"
       Returns locality name extracted from subject.

   "$cert->state_name"
       Returns state field extracted from subject.

   "$cert->org_name"
       Returns organization name extracted from subject.

   "$cert->org_unit_name"
       Returns organization unit extracted from subject.

   "$cert->domain_component_name"
       Returns domain component extracted from subject.

  METHODS
   "$rv = $cert->simple_verify( [ $usage ], [ $time ])"
       Arguments:

       $usage (Default: "CERTIFICATE_USAGE_CHECK_ALL_USAGES")
         Certificate usage. One of "CERTIFICATE_USAGE_*" constants.

       $time (Default: current time)
         Time at which the certificate should be valid.

       Method do verification process (it uses "CERT_PKIXVerifyCert" from
       *NSS*).

       Returns "true" if certificate valid.

   "$rv = $cert->verify_signed_data( $data, $signature, [ $time ])"
       Verify the signature of a signed data with the given certificate.

       Returns "true" if signature match.

SEE ALSO
   Crypt::NSS::X509
       Another try to bind NSS to Perl.

   Crypt::OpenSSL::X509
       Allow to work with certificates, but can't validate with AIA.

LICENSE
   This is free software; you can redistribute it and/or modify it under
   the same terms as the Perl 5 programming language system itself.

SUPPORT
 Bugs / Feature Requests
   Please report any bugs or feature requests through the issue tracker at
   <https://github.com/vovkasm/perl-Panda-NSS/issues>. You will be notified
   automatically of any progress on your issue.

 Source Code
   This is open source software. The code repository is available for
   public review and contribution under the terms of the license.

   <https://github.com/vovkasm/perl-Panda-NSS>

     git clone https://github.com/vovkasm/perl-Panda-NSS.git

AUTHOR
   Vladimir Timofeev <[email protected]>

COPYRIGHT AND LICENSE
   This software is copyright (c) 2017 by Vladimir Timofeev.

   This is free software; you can redistribute it and/or modify it under
   the same terms as the Perl 5 programming language system itself.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.