+sub check_csr {
+ my $self = shift;
+
+ my $in = $self->csr;
+
+ run( [qw( openssl req -subject -noout ), ],
+ '<'=>\$in,
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ ;#or die "error running openssl: $!";
+
+ #subject=/CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+ my $line = <OUT>;
+ $line =~ /^subject=\/(.*)$/ or return ();
+ my $subj = $1;
+
+ map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+ ($1=>$2);
+ } else {
+ ();
+ }
+ }
+ split('/', $subj);
+}
+
+sub generate_selfsigned {
+ my $self = shift;
+
+ my $days = 730;
+
+ my $key = $self->_file('privatekey');
+ my $csr = $self->_file('csr');
+
+ run( [qw( openssl req -x509 -nodes ),
+ '-days' => $days,
+ '-key' => $key->filename,
+ '-in' => $csr->filename,
+ ],
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ or die "error running openssl: $!";
+ #XXX error checking
+ my $certificate = join('', <OUT>);
+ $self->certificate($certificate);
+}
+
+#openssl x509 -in cert -noout -subject -issuer -dates -serial
+#subject= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+#issuer= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+#notBefore=Nov 7 05:07:42 2010 GMT
+#notAfter=Nov 6 05:07:42 2012 GMT
+#serial=B1DBF1A799EF207B
+
+sub check_certificate { shift->check_x509('certificate'); }
+sub check_cacert { shift->check_x509('cacert'); }
+
+sub check_x509 {
+ my( $self, $field ) = ( shift, shift );
+
+ my $in = $self->$field;
+ run( [qw( openssl x509 -noout -subject -issuer -dates -serial )],
+ '<'=>\$in,
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ or die "error running openssl: $!";
+ #XXX error checking
+
+ my %hash = ();
+ while (<OUT>) {
+ /^\s*(\w+)=\s*(.*)\s*$/ or next;
+ $hash{$1} = $2;
+ }
+
+ for my $f (qw( subject issuer )) {
+
+ $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+ ($1=>$2);
+ } else {
+ ();
+ }
+ }
+ split('/', $hash{$f})
+ };
+
+ }
+
+ $hash{'selfsigned'} = 1 if $hash{'subject'}->{'O'} eq $hash{'issuer'}->{'O'};
+
+ %hash;
+}
+