On 30/9/03 8:01 pm, Paul Bearer <[EMAIL PROTECTED]> wrote:
> Friends,
>
> I am trying to decode a sample subjectAltName extension provided to me in
> base64.
> Here it is:
>
> MDUwMwYDVR0RBCwwKoIMdGVzdDEuaHAuY29tggx0ZXN0Mi5ocC5jb22CDHRlc3QzLmhwLmNvbQ==
>
> Using the x509decode sample script that came with Convert::ASN1, I tried to
> build some
> code to parse this data, but I get the following error:
>
> Modification of a read-only value attempted at
> /opt/perl/lib/site_perl/5.6.1/Convert/ASN1/_decode.pm line 319.
>
> Here is a snippet of code that I am using, any thoughts would be greatly
> appreciated!
>
> -----BEGIN SAMPLE CODE-----
> use Data::Dumper;
> $Data::Dumper::Indent=1;
> $Data::Dumper::Quotekeys=1;
> $Data::Dumper::Useqq=1;
> use MIME::Base64;
> use Math::BigInt;
>
> use Convert::ASN1 qw(:io :debug);
>
> my
> $sanBase64="MDUwMwYDVR0RBCwwKoIMdGVzdDEuaHAuY29tggx0ZXN0Mi5ocC5jb22CDHRlc3QzL
> mhwLmNvbQ==";
>
> my $asn_san = $asn->find('SubjectAltName');
> $binSan = decode_base64($sanBase64);
> decodeSan($binSan);
>
> sub decodeSan() {
> my $der_san = shift;
> my $san = $asn_san->decode($der_san) or die $asn_san->error;
> print Dumper($san);
> }
> -----END SAMPLE CODE-----
One problem might be that the X.509 module is using explicit tagging, and
Convert::ASN1 uses implicit tagging. You'll need to hack the ASN.1
definitions you feed into Convert::ASN1 if this is the case. (I didn't know
about the x509decode script; it might do this already..)
However, if I just try calling Convert::ASN1::asn_dump() on $binSan, which
should just do a dump of the ASN.1 structure, I get a runtime error from
perl: Argument "opTYPE" isn't numeric in array element at
/Library/Perl/Convert/ASN1/Debug.pm line 129.
Passing the same data into dumpasn1 decodes OK, so this might be a bug in
Convert::ASN1.
0 53: SEQUENCE {
2 51: SEQUENCE {
4 3: OBJECT IDENTIFIER '2 5 29 17'
9 44: OCTET STRING, encapsulates {
11 42: SEQUENCE {
13 12: [2] 'test1.hp.com'
27 12: [2] 'test2.hp.com'
41 12: [2] 'test3.hp.com'
: }
: }
: }
: }
(I'm not sure that it really is an octet string encapsulating stuff, so
dumpasn1 could be broken too :-)
Cheers,
Chris
