Decoding a subjectAltName using Convert::ASN1?

Tue, 30 Sep 2003 12:01:26 -0700 

Friends,

I am trying to decode a sample subjectAltName extension provided to me in base64.  
Here it is:

MDUwMwYDVR0RBCwwKoIMdGVzdDEuaHAuY29tggx0ZXN0Mi5ocC5jb22CDHRlc3QzLmhwLmNvbQ==

Using the x509decode sample script that came with Convert::ASN1, I tried to build some
code to parse this data, but I get the following error:

Modification of a read-only value attempted at
/opt/perl/lib/site_perl/5.6.1/Convert/ASN1/_decode.pm line 319.

Here is a snippet of code that I am using, any thoughts would be greatly appreciated!

-----BEGIN SAMPLE CODE-----
use Data::Dumper;
$Data::Dumper::Indent=1;
$Data::Dumper::Quotekeys=1;
$Data::Dumper::Useqq=1;
use MIME::Base64;
use Math::BigInt;

use Convert::ASN1 qw(:io :debug);

my $sanBase64="MDUwMwYDVR0RBCwwKoIMdGVzdDEuaHAuY29tggx0ZXN0Mi5ocC5jb22CDHRlc3QzL
mhwLmNvbQ==";

my $asn_san = $asn->find('SubjectAltName');
$binSan = decode_base64($sanBase64);
decodeSan($binSan);

sub decodeSan() {
        my $der_san = shift;
        my $san = $asn_san->decode($der_san) or die $asn_san->error;
        print Dumper($san);
}
-----END SAMPLE CODE-----

For the ASN.1 definitions, I am using the SubjectAltName stuff already present from the
existing code that parses certificates:

-- subject alternative name extension OID and syntax
-- id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }

SubjectAltName ::= GeneralNames

GeneralNames ::= SEQUENCE OF GeneralName

GeneralName ::= CHOICE {
     otherName                       [0]     AnotherName,
     rfc822Name                      [1]     IA5String,
     dNSName                         [2]     IA5String,
     x400Address                     [3]     ANY, --ORAddress,
     directoryName                   [4]     Name,
     ediPartyName                    [5]     EDIPartyName,
     uniformResourceIdentifier       [6]     IA5String,
     iPAddress                       [7]     OCTET STRING,
     registeredID                    [8]     OBJECT IDENTIFIER }

-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax

AnotherName ::= SEQUENCE {
     type    OBJECT IDENTIFIER,
     value      [0] EXPLICIT ANY } --DEFINED BY type-id }

EDIPartyName ::= SEQUENCE {
     nameAssigner            [0]     DirectoryString OPTIONAL,
     partyName               [1]     DirectoryString }





__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

Reply via email to