CONTRIBUTING000664001750001750 531712333472214 13203 0ustar00taitai000000000000Web-ID-1.927NAME CONTRIBUTING DESCRIPTION If you're reading this document, that means you might be thinking about helping me out with this project. Thanks! Here's some ways you could help out: * Bug reports Found a bug? Great! (Well, not so great I suppose.) The place to report them is . Don't e-mail me about it, as your e-mail is more than likely to get lost amongst the spam. An example script clearly demonstrating the bug (preferably written using Test::More) would be greatly appreciated. * Patches If you've found a bug and written a fix for it, even better! Generally speaking you should check out the latest copy of the code from the source repository rather than using the CPAN distribution. The file META.yml should contain a link to the source repository. If not, then try or submit a bug report. (As far as I'm concerned the lack of a link is a bug.) Many of my distributions are also mirrored at . To submit the patch, do a pull request on GitHub or Bitbucket, or attach a diff file to a bug report. Unless otherwise stated, I'll assume that your contributions are licensed under the same terms as the rest of the project. (If using git, feel free to work in a branch. For Mercurial, I'd prefer bookmarks within the default branch.) * Documentation If there's anything unclear in the documentation, please submit this as a bug report or patch as above. Non-toy example scripts that I can bundle would also be appreciated. * Translation Translations of documentation would be welcome. For translations of error messages and other strings embedded in the code, check with me first. Sometimes the English strings may not in a stable state, so it would be a waste of time translating them. Coding Style I tend to write using something approximating the Allman style, using tabs for indentation and Unix-style line breaks. * * I nominally encode all source files as UTF-8, though in practice most of them use a 7-bit-safe ASCII-compatible subset of UTF-8. AUTHOR Toby Inkster . COPYRIGHT AND LICENCE Copyright (c) 2012-2013 by Toby Inkster. CONTRIBUTING.pod is licensed under the Creative Commons Attribution-ShareAlike 2.0 UK: England & Wales License. To view a copy of this license, visit . COPYRIGHT000664001750001750 313612333472214 12641 0ustar00taitai000000000000Web-ID-1.927Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Web-ID Upstream-Contact: Toby Inkster (TOBYINK) Source: https://metacpan.org/release/Web-ID Files: README lib/Plack/Middleware/Auth/WebID.pm lib/Web/ID.pm lib/Web/ID/Certificate.pm lib/Web/ID/Certificate/Generator.pm lib/Web/ID/FAQ.pod lib/Web/ID/RSAKey.pm lib/Web/ID/SAN.pm lib/Web/ID/SAN/Email.pm lib/Web/ID/SAN/URI.pm lib/Web/ID/Types.pm lib/Web/ID/Util.pm t/01mouse.t t/02moose.t t/03certificate.t t/04webid.t Copyright: This software is copyright (c) 2012 by Toby Inkster. License: GPL-1.0+ or Artistic-1.0 Files: CONTRIBUTING INSTALL LICENSE Makefile.PL examples/certificate-generation.pl examples/certificate-parsing.pl examples/fingerpoint-test.pl examples/web-id-validation.pl Copyright: Unknown License: Unknown Files: Changes META.json META.yml doap.ttl lib/Web/ID/Util/FindOpenSSL.pm Copyright: Copyright 2014 Toby Inkster. License: GPL-1.0+ or Artistic-1.0 Files: COPYRIGHT CREDITS SIGNATURE Copyright: None License: public-domain Files: dist.ini Copyright: Copyright 2013 Toby Inkster. License: GPL-1.0+ or Artistic-1.0 Files: t/lib/Test/HTTP/Server.pm Copyright: Copyright 2012 Toby Inkster. License: GPL-1.0+ or Artistic-1.0 License: Artistic-1.0 This software is Copyright (c) 2014 by the copyright holder(s). This is free software, licensed under: The Artistic License 1.0 License: GPL-1.0 This software is Copyright (c) 2014 by the copyright holder(s). This is free software, licensed under: The GNU General Public License, Version 1, February 1989 CREDITS000664001750001750 25712333472211 12344 0ustar00taitai000000000000Web-ID-1.927Maintainer: - Toby Inkster (TOBYINK) Thanks: - Florian Ragwitz (FLORA) - Jonas Smedegaard - Kjetil Kjernsmo (KJETILK) Changes000664001750001750 470212333472211 12636 0ustar00taitai000000000000Web-ID-1.927Web-ID ====== Created: 2012-04-26 Home page: Bug tracker: Maintainer: Toby Inkster (TOBYINK) 1.927 2014-05-10 [ Packaging ] - Bump required version of Types::Standard to 0.040. - Bump required version of match::simple to 0.008. [ Other ] - Rather than defining Datetime and Uri types in Web::ID::Types, use Types::DateTime and Types::URI from CPAN. 1.926 2013-12-10 - Updated: Use Exporter::Tiny instead of Exporter::TypeTiny. 1.925 2013-09-03 1.924_03 2013-08-10 [ Packaging ] - configure_requires File::ShareDir. 1.924_02 2013-08-09 [ Packaging ] - Package using Dist::Inkt. 1.924_01 2013-08-07 [ Bug Fixes ] - Type::Utils no longer exports `extends` by default; request it. [ Packaging ] - Minor packaging fixes. 1.923 2013-05-21 - Do a better job searching for OpenSSL binary; use Alien::OpenSSL if it can't be found. - Switched from MooseX::Types to Types::Standard. - Switched from Path::Class to Path::Tiny. - Switched from Sub::Exporter to Exporter::TypeTiny. - Switched from smartmatch to match::smart. 1.922 2012-12-15 [ Documentation ] - Documented test suite. [ Other ] - Make test suite output cleaner (no openssl junk) if Capture::Tiny is available. - Updated: RDF::Trine now uses Moose, so there's no reason for Web::ID to continue using Any::Moose. All the old Any::Moose/Mouse stuff is now gone, and Web::ID now uses Moose and MooseX::Types. - Updated: Switched from namespace::clean to namespace::sweep. 1.921 2012-05-20 [ Packaging ] - Add version number (0.06) to MouseX::Types dependency. 1.920 2012-05-10 [ Documentation ] - Minor documentation changes. [ Packaging ] - Mark as non-development release. 1.910_04 2012-05-09 - Drop dependency on Class::Load; use load_class from Plack::Util instead. - Use File::Temp and Path::Class in t/04webid.t - they're already dependencies, so might as well. Kjetil Kjernsmo++ 1.910_03 2012-05-09 - Better hooks for subclassing Plack::Middleware::Auth::WebID. 1.910_02 2012-05-08 [ Documentation ] - Add Any::Moose stuff to Web::ID BUGS section. Florian Ragwitz++ - Improve Web::ID DESCRIPTION. Jonas Smedegaard++ [ Other ] - Updated: Replace deprecated Digest::SHA1 with Digest::SHA. Jonas Smedegaard++ 1.910_01 2012-05-07 - Almost complete rewrite of CGI::Auth::FOAF_SSL. Very different (and much cleaner) API. INSTALL000664001750001750 163412333472207 12402 0ustar00taitai000000000000Web-ID-1.927 Installing Web-ID should be straightforward. INSTALLATION WITH CPANMINUS If you have cpanm, you only need one line: % cpanm Web::ID If you are installing into a system-wide directory, you may need to pass the "-S" flag to cpanm, which uses sudo to install the module: % cpanm -S Web::ID INSTALLATION WITH THE CPAN SHELL Alternatively, if your CPAN shell is set up, you should just be able to do: % cpan Web::ID MANUAL INSTALLATION As a last resort, you can manually install it. Download the tarball and unpack it. Consult the file META.json for a list of pre-requisites. Install these first. To build Web-ID: % perl Makefile.PL % make && make test Then install it: % make install If you are installing into a system-wide directory, you may need to run: % sudo make install LICENSE000664001750001750 4365312333472210 12377 0ustar00taitai000000000000Web-ID-1.927This software is copyright (c) 2014 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2014 by Toby Inkster. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Suite 500, Boston, MA 02110-1335 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2014 by Toby Inkster. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End MANIFEST000664001750001750 115512333472214 12476 0ustar00taitai000000000000Web-ID-1.927CONTRIBUTING COPYRIGHT CREDITS Changes INSTALL LICENSE MANIFEST META.json META.yml Makefile.PL README SIGNATURE dist.ini doap.ttl examples/certificate-generation.pl examples/certificate-parsing.pl examples/fingerpoint-test.pl examples/web-id-validation.pl lib/Plack/Middleware/Auth/WebID.pm lib/Web/ID.pm lib/Web/ID/Certificate.pm lib/Web/ID/Certificate/Generator.pm lib/Web/ID/FAQ.pod lib/Web/ID/RSAKey.pm lib/Web/ID/SAN.pm lib/Web/ID/SAN/Email.pm lib/Web/ID/SAN/URI.pm lib/Web/ID/Types.pm lib/Web/ID/Util.pm lib/Web/ID/Util/FindOpenSSL.pm t/01mouse.t t/02moose.t t/03certificate.t t/04webid.t t/lib/Test/HTTP/Server.pm META.json000664001750001750 651212333472213 12767 0ustar00taitai000000000000Web-ID-1.927{ "abstract" : "implementation of WebID (a.k.a. FOAF+SSL)", "author" : [ "Toby Inkster (TOBYINK) " ], "dynamic_config" : 1, "generated_by" : "Dist::Inkt::Profile::TOBYINK version 0.015, CPAN::Meta::Converter version 2.120921", "keywords" : [], "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : "2" }, "name" : "Web-ID", "no_index" : { "directory" : [ "eg", "examples", "inc", "t", "xt" ] }, "optional_features" : {}, "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "6.17", "File::ShareDir" : "0" } }, "runtime" : { "requires" : { "Crypt::X509" : "0", "DateTime" : "0", "Digest::SHA" : "0", "Exporter::Tiny" : "0", "File::ShareDir" : "0", "List::MoreUtils" : "0", "Moose" : "2.0600", "Path::Tiny" : "0.017", "Plack" : "0", "RDF::Query" : "2.900", "RDF::Trine" : "1.000", "Types::DateTime" : "0", "Types::Standard" : "0.040", "Types::URI" : "0", "URI" : "0", "match::simple" : "0.008", "namespace::sweep" : "0", "perl" : "5.010" } }, "test" : { "requires" : { "Test::More" : "0.96" } } }, "provides" : { "Plack::Middleware::Auth::WebID" : { "file" : "lib/Plack/Middleware/Auth/WebID.pm", "version" : "1.927" }, "Web::ID" : { "file" : "lib/Web/ID.pm", "version" : "1.927" }, "Web::ID::Certificate" : { "file" : "lib/Web/ID/Certificate.pm", "version" : "1.927" }, "Web::ID::Certificate::Generator" : { "file" : "lib/Web/ID/Certificate/Generator.pm", "version" : "1.927" }, "Web::ID::RSAKey" : { "file" : "lib/Web/ID/RSAKey.pm", "version" : "1.927" }, "Web::ID::SAN" : { "file" : "lib/Web/ID/SAN.pm", "version" : "1.927" }, "Web::ID::SAN::Email" : { "file" : "lib/Web/ID/SAN/Email.pm", "version" : "1.927" }, "Web::ID::SAN::URI" : { "file" : "lib/Web/ID/SAN/URI.pm", "version" : "1.927" }, "Web::ID::Types" : { "file" : "lib/Web/ID/Types.pm", "version" : "1.927" }, "Web::ID::Util" : { "file" : "lib/Web/ID/Util.pm", "version" : "1.927" }, "Web::ID::Util::FindOpenSSL" : { "file" : "lib/Web/ID/Util/FindOpenSSL.pm", "version" : "1.927" } }, "release_status" : "stable", "resources" : { "X_identifier" : "http://purl.org/NET/cpan-uri/dist/Web-ID/project", "bugtracker" : { "web" : "http://rt.cpan.org/Dist/Display.html?Queue=Web-ID" }, "homepage" : "https://metacpan.org/release/Web-ID", "license" : [ "http://dev.perl.org/licenses/" ], "repository" : { "type" : "git", "url" : "git://github.com/tobyink/p5-web-id.git", "web" : "https://github.com/tobyink/p5-web-id" } }, "version" : "1.927" } META.yml000664001750001750 376312333472213 12624 0ustar00taitai000000000000Web-ID-1.927--- abstract: 'implementation of WebID (a.k.a. FOAF+SSL)' author: - 'Toby Inkster (TOBYINK) ' build_requires: Test::More: 0.96 configure_requires: ExtUtils::MakeMaker: 6.17 File::ShareDir: 0 dynamic_config: 1 generated_by: 'Dist::Inkt::Profile::TOBYINK version 0.015, CPAN::Meta::Converter version 2.120921' keywords: [] license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 name: Web-ID no_index: directory: - eg - examples - inc - t - xt optional_features: {} provides: Plack::Middleware::Auth::WebID: file: lib/Plack/Middleware/Auth/WebID.pm version: 1.927 Web::ID: file: lib/Web/ID.pm version: 1.927 Web::ID::Certificate: file: lib/Web/ID/Certificate.pm version: 1.927 Web::ID::Certificate::Generator: file: lib/Web/ID/Certificate/Generator.pm version: 1.927 Web::ID::RSAKey: file: lib/Web/ID/RSAKey.pm version: 1.927 Web::ID::SAN: file: lib/Web/ID/SAN.pm version: 1.927 Web::ID::SAN::Email: file: lib/Web/ID/SAN/Email.pm version: 1.927 Web::ID::SAN::URI: file: lib/Web/ID/SAN/URI.pm version: 1.927 Web::ID::Types: file: lib/Web/ID/Types.pm version: 1.927 Web::ID::Util: file: lib/Web/ID/Util.pm version: 1.927 Web::ID::Util::FindOpenSSL: file: lib/Web/ID/Util/FindOpenSSL.pm version: 1.927 requires: Crypt::X509: 0 DateTime: 0 Digest::SHA: 0 Exporter::Tiny: 0 File::ShareDir: 0 List::MoreUtils: 0 Moose: 2.0600 Path::Tiny: 0.017 Plack: 0 RDF::Query: 2.900 RDF::Trine: 1.000 Types::DateTime: 0 Types::Standard: 0.040 Types::URI: 0 URI: 0 match::simple: 0.008 namespace::sweep: 0 perl: 5.010 resources: X_identifier: http://purl.org/NET/cpan-uri/dist/Web-ID/project bugtracker: http://rt.cpan.org/Dist/Display.html?Queue=Web-ID homepage: https://metacpan.org/release/Web-ID license: http://dev.perl.org/licenses/ repository: git://github.com/tobyink/p5-web-id.git version: 1.927 Makefile.PL000664001750001750 1611312333472214 13337 0ustar00taitai000000000000Web-ID-1.927use strict; use ExtUtils::MakeMaker 6.17; my $EUMM = eval( $ExtUtils::MakeMaker::VERSION ); my $meta = { "abstract" => "implementation of WebID (a.k.a. FOAF+SSL)", "author" => ["Toby Inkster (TOBYINK) "], "dynamic_config" => 1, "generated_by" => "Dist::Inkt::Profile::TOBYINK version 0.015, CPAN::Meta::Converter version 2.120921", "keywords" => [], "license" => ["perl_5"], "meta-spec" => { url => "http://search.cpan.org/perldoc?CPAN::Meta::Spec", version => 2, }, "name" => "Web-ID", "no_index" => { directory => ["eg", "examples", "inc", "t", "xt"] }, "prereqs" => { configure => { requires => { "ExtUtils::MakeMaker" => 6.17, "File::ShareDir" => 0 }, }, runtime => { requires => { "Crypt::X509" => 0, "DateTime" => 0, "Digest::SHA" => 0, "Exporter::Tiny" => 0, "File::ShareDir" => 0, "List::MoreUtils" => 0, "match::simple" => 0.008, "Moose" => "2.0600", "namespace::sweep" => 0, "Path::Tiny" => 0.017, "perl" => "5.010", "Plack" => 0, "RDF::Query" => "2.900", "RDF::Trine" => "1.000", "Types::DateTime" => 0, "Types::Standard" => "0.040", "Types::URI" => 0, "URI" => 0, }, }, test => { requires => { "Test::More" => 0.96 } }, }, "provides" => { "Plack::Middleware::Auth::WebID" => { file => "lib/Plack/Middleware/Auth/WebID.pm", version => 1.927 }, "Web::ID" => { file => "lib/Web/ID.pm", version => 1.927 }, "Web::ID::Certificate" => { file => "lib/Web/ID/Certificate.pm", version => 1.927 }, "Web::ID::Certificate::Generator" => { file => "lib/Web/ID/Certificate/Generator.pm", version => 1.927 }, "Web::ID::RSAKey" => { file => "lib/Web/ID/RSAKey.pm", version => 1.927 }, "Web::ID::SAN" => { file => "lib/Web/ID/SAN.pm", version => 1.927 }, "Web::ID::SAN::Email" => { file => "lib/Web/ID/SAN/Email.pm", version => 1.927 }, "Web::ID::SAN::URI" => { file => "lib/Web/ID/SAN/URI.pm", version => 1.927 }, "Web::ID::Types" => { file => "lib/Web/ID/Types.pm", version => 1.927 }, "Web::ID::Util" => { file => "lib/Web/ID/Util.pm", version => 1.927 }, "Web::ID::Util::FindOpenSSL" => { file => "lib/Web/ID/Util/FindOpenSSL.pm", version => 1.927 }, }, "release_status" => "stable", "resources" => { bugtracker => { web => "http://rt.cpan.org/Dist/Display.html?Queue=Web-ID" }, homepage => "https://metacpan.org/release/Web-ID", license => ["http://dev.perl.org/licenses/"], repository => { type => "git", url => "git://github.com/tobyink/p5-web-id.git", web => "https://github.com/tobyink/p5-web-id", }, X_identifier => "http://purl.org/NET/cpan-uri/dist/Web-ID/project", }, "version" => 1.927, }; my %dynamic_config; do { # If we can't find openssl via normal techniques, # add a dependency on Alien::OpenSSL. # use lib "lib"; require Web::ID::Util::FindOpenSSL; $meta->{prereqs}{runtime}{requires}{"Alien::OpenSSL"} = "0.03" unless -x Web::ID::Util::FindOpenSSL::find_openssl(); }; my %WriteMakefileArgs = ( ABSTRACT => $meta->{abstract}, AUTHOR => ($EUMM >= 6.5702 ? $meta->{author} : $meta->{author}[0]), DISTNAME => $meta->{name}, VERSION => $meta->{version}, EXE_FILES => [ map $_->{file}, values %{ $meta->{x_provides_scripts} || {} } ], NAME => do { my $n = $meta->{name}; $n =~ s/-/::/g; $n }, test => { TESTS => "t/*.t" }, %dynamic_config, ); $WriteMakefileArgs{LICENSE} = $meta->{license}[0] if $EUMM >= 6.3001; sub deps { my %r; for my $stage (@_) { for my $dep (keys %{$meta->{prereqs}{$stage}{requires}}) { next if $dep eq 'perl'; my $ver = $meta->{prereqs}{$stage}{requires}{$dep}; $r{$dep} = $ver if !exists($r{$dep}) || $ver >= $r{$dep}; } } \%r; } my ($build_requires, $configure_requires, $runtime_requires, $test_requires); if ($EUMM >= 6.6303) { $WriteMakefileArgs{BUILD_REQUIRES} ||= deps('build'); $WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure'); $WriteMakefileArgs{TEST_REQUIRES} ||= deps('test'); $WriteMakefileArgs{PREREQ_PM} ||= deps('runtime'); } elsif ($EUMM >= 6.5503) { $WriteMakefileArgs{BUILD_REQUIRES} ||= deps('build', 'test'); $WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure'); $WriteMakefileArgs{PREREQ_PM} ||= deps('runtime'); } elsif ($EUMM >= 6.52) { $WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure'); $WriteMakefileArgs{PREREQ_PM} ||= deps('runtime', 'build', 'test'); } else { $WriteMakefileArgs{PREREQ_PM} ||= deps('configure', 'build', 'test', 'runtime'); } { my ($minperl) = reverse sort( grep defined && /^[0-9]+(\.[0-9]+)?$/, map $meta->{prereqs}{$_}{requires}{perl}, qw( configure build runtime ) ); if (defined($minperl)) { die "Installing $meta->{name} requires Perl >= $minperl" unless $] >= $minperl; $WriteMakefileArgs{MIN_PERL_VERSION} ||= $minperl if $EUMM >= 6.48; } } sub FixMakefile { return unless -d 'inc'; my $file = shift; local *MAKEFILE; open MAKEFILE, "< $file" or die "FixMakefile: Couldn't open $file: $!; bailing out"; my $makefile = do { local $/; }; close MAKEFILE or die $!; $makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /; $makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g; $makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g; $makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m; $makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m; open MAKEFILE, "> $file" or die "FixMakefile: Couldn't open $file: $!; bailing out"; print MAKEFILE $makefile or die $!; close MAKEFILE or die $!; } my $mm = WriteMakefile(%WriteMakefileArgs); FixMakefile($mm->{FIRST_MAKEFILE} || 'Makefile'); exit(0); README000664001750001750 1021512333472207 12244 0ustar00taitai000000000000Web-ID-1.927NAME Web::ID - implementation of WebID (a.k.a. FOAF+SSL) SYNOPSIS my $webid = Web::ID->new(certificate => $pem_encoded_x509); if ($webid->valid) { say "Authenticated as: ", $webid->uri; } DESCRIPTION WebID is a simple authentication protocol based on TLS (Transaction Layer Security, better known as Secure Socket Layer, SSL) and the Semantic Web. This module provides a Perl implementation for authenticating clients using WebID. For more information see the Web::ID::FAQ document. Bundled with this module are Plack::Middleware::Auth::WebID, a plugin for Plack to perform WebID authentication on HTTPS connections; and Web::ID::Certificate::Generator, a module that allows you to generate WebID-enabled certificates that can be installed into web browsers. Constructor `new` Standard Moose-style constructor. Attributes `certificate` A Web::ID::Certificate object representing and x509 certificate, though a PEM-encoded string will be coerced. This is usually the only attribute you want to pass to the constructor. Allow the others to be built automatically. `first_valid_san` Probably fairly uninteresting. This is the first subjectAltName value found in the certificate that could be successfully authenticated using Web::ID. An Web::ID::SAN object. `uri` The URI associated with the first valid SAN. A URI object. This is a URI you can use to identify the person, organisation or robotic poodle holding the certificate. `profile` Data about the certificate holder. An RDF::Trine::Model object. Their FOAF file (probably). `valid` Boolean. Methods `node` Returns the same as `uri`, but as an RDF::Trine::Node object. `get(@predicates)` Queries the `profile` for triples of the form: $self->node $predicate $x . And returns literal and URI values for $x, as strings. $predicate should be an RDF::Trine::Node, or a string. If a string, it will be expanded using RDF::Trine::NamespaceMap, so you can do stuff like: my $name = $webid->get('foaf:name', 'rdfs:label'); my @mboxes = $webid->get('foaf:mbox'); BUGS Please report any bugs to . SEE ALSO Web::ID::FAQ. Web::ID::Certificate, Plack::Middleware::Auth::WebID. RDF::ACL provides an access control system that complements WebID. CGI::Auth::FOAF_SSL is the spiritual ancestor of this module though they share very little code, and have quite different APIs. General WebID information: , , , . Mailing list for general Perl RDF/SemWeb discussion and support: . AUTHOR Toby Inkster . THANKS Thanks to Kjetil Kjernsmo (cpan:KJETILK) for persuading me to port my old CGI-specific implementaton of this to Plack. Thanks Kjetil Kjernsmo (again), Florian Ragwitz (cpan:FLORA), and Jonas Smedegaard for help with testing and advice on dependencies. Thanks to Henry Story, Melvin Carvalho, Simon Reinhardt, Bruno Harbulot, Ian Jacobi and many others for developing WebID from a poorly thought out idea to a clever, yet simple and practical authentication protocol. Thanks to Gregory Williams (cpan:GWILLIAMS), Tatsuhiko Miyagawa (cpan:MIYAGAWA) and the Moose Cabal for providing really good platforms (RDF::Trine, Plack and Moose respectively) to build this on. COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. SIGNATURE000664001750001750 551212333472215 12633 0ustar00taitai000000000000Web-ID-1.927This file contains message digests of all files listed in MANIFEST, signed via the Module::Signature module, version 0.70. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: % cpansign -v It will check each file's integrity, as well as the signature's validity. If "==> Signature verified OK! <==" is not displayed, the distribution may already have been compromised, and you should not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1 294505f858f11dd062e9916e3f50d88210a9ef54 CONTRIBUTING SHA1 199672d9e950392715810ea8cb52d7ba82afd4e6 COPYRIGHT SHA1 d179492c62fdf84fa2e063a73b66ae8f28fb23d3 CREDITS SHA1 edf08d40318e0b3a5c26be590aa42fabed6ae7fb Changes SHA1 e82f15307080209d67edf4f308809497b7948d11 INSTALL SHA1 47870123f373f5185d6893cb98bf06a8a05510aa LICENSE SHA1 315e2e7a0b8fd4d766f8c9cd464a7b45a09e5251 MANIFEST SHA1 c055e51e43cbad745867187aa0e6415d64b93f41 META.json SHA1 86b8d69070647f0b5e5a616b5923d91b4efb93a3 META.yml SHA1 22891f3ba3a5498c817af81699f489a5ef1af06f Makefile.PL SHA1 d435bb1c1238a751a264f1445b53b196f3342ba4 README SHA1 ac9e2d0cc3f48317e89038cd0bfebfb3ed424059 dist.ini SHA1 7c1f9865c9577e1a95b3d29ee1caf22408d1467d doap.ttl SHA1 42fd4caeb9333e3f37e86c2bdb38cec4ccbc78c0 examples/certificate-generation.pl SHA1 03d3c6b48b15ad2bbbcfea677a3257374c208c0a examples/certificate-parsing.pl SHA1 25a49eb596594a24623220134cedcb4d7e6d477c examples/fingerpoint-test.pl SHA1 477d08c3e793ffbc4e2ed23d5a0dfbef135a304d examples/web-id-validation.pl SHA1 9af56a0e240838869e5ba9de2591f72277e55fba lib/Plack/Middleware/Auth/WebID.pm SHA1 d77967b43b726ed0a782f97eb1211d311b9a2b30 lib/Web/ID.pm SHA1 ed4470e9071785bed4852e596286b71d6ec2a4ab lib/Web/ID/Certificate.pm SHA1 a871000c6cdee1e74c11ffd0790f2b0d2e34259a lib/Web/ID/Certificate/Generator.pm SHA1 f5814fea529758d9913f8211f44e852644f14bba lib/Web/ID/FAQ.pod SHA1 7d8e70c18cb7d4e27f50e9b93a46fdf9837de297 lib/Web/ID/RSAKey.pm SHA1 3a404ea3a31e5c95e9362f109dec581923e28bd3 lib/Web/ID/SAN.pm SHA1 f4e0b01765bb742ef22a9848aeeeeeed684f9152 lib/Web/ID/SAN/Email.pm SHA1 d8426af865c0c3271063e56f8981ea8cf965599f lib/Web/ID/SAN/URI.pm SHA1 a9ed7c63fb767deab0b16e5d8645b1e4006b2030 lib/Web/ID/Types.pm SHA1 199649a794bf7454466005978b2545bc62300c25 lib/Web/ID/Util.pm SHA1 f25723dfc071f6097e326c05f69b75343deeddeb lib/Web/ID/Util/FindOpenSSL.pm SHA1 311478d30fce690179458dd8b5ca2afc951c8e42 t/01mouse.t SHA1 61357e85d9676b656a5cedf29618fbdcfc7405b3 t/02moose.t SHA1 6bccc6bac755209db20f7eb4ccfe2fbcb6780d06 t/03certificate.t SHA1 b468d166763361712722420123189e969ab2fb4f t/04webid.t SHA1 c145c4023e4f8a015b0110476aedd8deccac81e2 t/lib/Test/HTTP/Server.pm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlNudI0ACgkQzr+BKGoqfTmbRQCfRmn60i9ivvgYKpccVXYcxBOL 4IoAniB0sPBKl6p59JJMt6g6p5e2FdQl =OTD5 -----END PGP SIGNATURE----- dist.ini000664001750001750 7512333472207 12753 0ustar00taitai000000000000Web-ID-1.927;; class = 'Dist::Inkt::Profile::TOBYINK' ;; name = 'Web-ID' doap.ttl000664001750001750 3076012333472213 13040 0ustar00taitai000000000000Web-ID-1.927@prefix dc: . @prefix doap: . @prefix doap-changeset: . @prefix doap-deps: . @prefix foaf: . @prefix rdfs: . @prefix xsd: . dc:title "the same terms as the perl 5 programming language system itself". a doap:Project; doap-deps:configure-requirement [ doap-deps:on "File::ShareDir"^^doap-deps:CpanId ]; doap-deps:runtime-requirement [ doap-deps:on "perl 5.010"^^doap-deps:CpanId ], [ doap-deps:on "namespace::sweep"^^doap-deps:CpanId ], [ doap-deps:on "Path::Tiny 0.017"^^doap-deps:CpanId ], [ doap-deps:on "Plack"^^doap-deps:CpanId ], [ doap-deps:on "RDF::Query 2.900"^^doap-deps:CpanId ], [ doap-deps:on "RDF::Trine 1.000"^^doap-deps:CpanId ], [ doap-deps:on "Types::DateTime"^^doap-deps:CpanId ], [ doap-deps:on "Types::Standard 0.040"^^doap-deps:CpanId; ], [ doap-deps:on "Types::URI"^^doap-deps:CpanId ], [ doap-deps:on "URI"^^doap-deps:CpanId ], [ doap-deps:on "Crypt::X509"^^doap-deps:CpanId ], [ doap-deps:on "DateTime"^^doap-deps:CpanId ], [ doap-deps:on "Digest::SHA"^^doap-deps:CpanId ], [ doap-deps:on "Exporter::Tiny"^^doap-deps:CpanId ], [ doap-deps:on "File::ShareDir"^^doap-deps:CpanId ], [ doap-deps:on "List::MoreUtils"^^doap-deps:CpanId ], [ doap-deps:on "match::simple 0.008"^^doap-deps:CpanId; ], [ doap-deps:on "Moose 2.0600"^^doap-deps:CpanId ]; doap-deps:test-requirement [ doap-deps:on "Test::More 0.96"^^doap-deps:CpanId ]; doap:bug-database ; doap:created "2012-04-26"^^xsd:date; doap:developer ; doap:download-page ; doap:homepage ; doap:license ; doap:maintainer ; doap:name "Web-ID"; doap:programming-language "Perl"; doap:release , , , , , , , , , , , , , ; doap:repository [ a doap:GitRepository; doap:browse ; ]; doap:shortdesc "implementation of WebID (a.k.a. FOAF+SSL)"; rdfs:seeAlso . a doap:Version; dc:issued "2012-05-07"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ rdfs:label "Almost complete rewrite of CGI::Auth::FOAF_SSL. Very different (and much cleaner) API."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.910_01"^^xsd:string. a doap:Version; dc:issued "2012-05-08"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Documentation; rdfs:label "Improve Web::ID DESCRIPTION."@en; doap-changeset:thanks ; ], [ a doap-changeset:Documentation; rdfs:label "Add Any::Moose stuff to Web::ID BUGS section."@en; doap-changeset:thanks ; ], [ a doap-changeset:Update; rdfs:label "Replace deprecated Digest::SHA1 with Digest::SHA."@en; doap-changeset:thanks ; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.910_02"^^xsd:string. a doap:Version; dc:issued "2012-05-09"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ rdfs:label "Better hooks for subclassing Plack::Middleware::Auth::WebID."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.910_03"^^xsd:string. a doap:Version; dc:issued "2012-05-09"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ rdfs:label "Drop dependency on Class::Load; use load_class from Plack::Util instead."@en; ], [ rdfs:label "Use File::Temp and Path::Class in t/04webid.t - they're already dependencies, so might as well."@en; doap-changeset:thanks ; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.910_04"^^xsd:string. a doap:Version; dc:issued "2012-05-10"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Documentation; rdfs:label "Minor documentation changes."@en; ], [ a doap-changeset:Packaging; rdfs:label "Mark as non-development release."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.920"^^xsd:string. a doap:Version; dc:issued "2012-05-20"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Packaging; rdfs:label "Add version number (0.06) to MouseX::Types dependency."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.921"^^xsd:string. a doap:Version; dc:issued "2012-12-15"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Update; rdfs:label "RDF::Trine now uses Moose, so there's no reason for Web::ID to continue using Any::Moose. All the old Any::Moose/Mouse stuff is now gone, and Web::ID now uses Moose and MooseX::Types."@en; ], [ a doap-changeset:Update; rdfs:label "Switched from namespace::clean to namespace::sweep."@en; ], [ a doap-changeset:Documentation; rdfs:label "Documented test suite."@en; ], [ a doap-changeset:Change; rdfs:label "Make test suite output cleaner (no openssl junk) if Capture::Tiny is available."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.922"^^xsd:string. a doap:Version; dc:issued "2013-05-21"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Change; rdfs:label "Switched from MooseX::Types to Types::Standard."@en; ], [ a doap-changeset:Change; rdfs:label "Switched from Sub::Exporter to Exporter::TypeTiny."@en; ], [ a doap-changeset:Change; rdfs:label "Switched from smartmatch to match::smart."@en; ], [ a doap-changeset:Change; rdfs:label "Switched from Path::Class to Path::Tiny."@en; ], [ a doap-changeset:Change; rdfs:label "Do a better job searching for OpenSSL binary; use Alien::OpenSSL if it can't be found."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.923"^^xsd:string. a doap:Version; dc:issued "2013-08-07"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Packaging; rdfs:label "Minor packaging fixes."@en; ], [ a doap-changeset:Bugfix; rdfs:label "Type::Utils no longer exports `extends` by default; request it."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.924_01"^^xsd:string. a doap:Version; dc:issued "2013-08-09"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Packaging; rdfs:label "Package using Dist::Inkt."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.924_02"^^xsd:string. a doap:Version; dc:issued "2013-08-10"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Packaging; rdfs:label "configure_requires File::ShareDir."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.924_03"^^xsd:string. a doap:Version; dc:issued "2013-09-03"^^xsd:date; doap:file-release ; doap:revision "1.925"^^xsd:string; rdfs:comment "No functional changes."@en. a doap:Version; dc:issued "2013-12-10"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Update; rdfs:label "Use Exporter::Tiny instead of Exporter::TypeTiny."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.926"^^xsd:string. a doap:Version; dc:issued "2014-05-10"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Packaging; rdfs:label "Bump required version of match::simple to 0.008."@en; ], [ a doap-changeset:Packaging; rdfs:label "Bump required version of Types::Standard to 0.040."@en; ], [ a doap-changeset:Change; rdfs:label "Rather than defining Datetime and Uri types in Web::ID::Types, use Types::DateTime and Types::URI from CPAN."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "1.927"^^xsd:string. a foaf:Person; foaf:mbox ; foaf:name "Florian Ragwitz". a foaf:Person; foaf:mbox ; foaf:name "Kjetil Kjernsmo". a foaf:Person; foaf:mbox ; foaf:name "Toby Inkster". a foaf:Person; foaf:name "Jonas Smedegaard". certificate-generation.pl000664001750001750 75612333472207 20123 0ustar00taitai000000000000Web-ID-1.927/examplesuse Web::ID::Certificate::Generator; Web::ID::Certificate->generate( passphrase => 'test1234', subject_alt_names => [ Web::ID::SAN::URI->new(value => 'http://example.com/id/alice'), Web::ID::SAN::URI->new(value => 'http://example.net/id/alice'), ], cert_output => \(my $output), rdf_output => \(my $model), subject_cn => 'Alice Test', subject_country => 'gb', ); print RDF::Trine::Serializer -> new('RDFXML') -> serialize_model_to_string($model); certificate-parsing.pl000664001750001750 350412333472207 17445 0ustar00taitai000000000000Web-ID-1.927/examplesuse 5.010; use lib "../lib"; use lib "lib"; use Data::Dumper; #use Moose (); use Web::ID::Certificate; use Web::ID::SAN; use Web::ID::SAN::Email; use Web::ID::SAN::URI; my $cert = Web::ID::Certificate->new( pem => <not_before, " -- ", $cert->not_after; say "Exponent: ", $cert->exponent; say "Modulus: ", $cert->modulus; say "Subject alt names: ", Dumper($cert->subject_alt_names); say "Fingerprint: ", $cert->fingerprint; fingerpoint-test.pl000664001750001750 44712333472207 17006 0ustar00taitai000000000000Web-ID-1.927/examplesuse 5.010; use Web::ID::SAN::Email; use RDF::Trine; my $san = Web::ID::SAN::Email->new( type => 'rfc822Address', value => 'somebody@fingerpoint.tobyinkster.co.uk', ); say $san->uri_object; print RDF::Trine::Serializer -> new('Turtle') -> serialize_model_to_string( $san->model ); web-id-validation.pl000664001750001750 320412333472207 17016 0ustar00taitai000000000000Web-ID-1.927/examplesuse 5.010; use lib "../lib"; use lib "lib"; use Data::Dumper; #use Moose (); use Web::ID; my $id = Web::ID->new( certificate => <first_valid_san->to_string; say "URI: ", $id->uri; say "Email: ", join ';', $id->get('foaf:mbox'); 01mouse.t000664001750001750 63212333472207 13247 0ustar00taitai000000000000Web-ID-1.927/t=head1 PURPOSE This test has been retired. Web::ID no longer uses Any::Moose/Mouse. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut use Test::More skip_all => "eek! eek!"; 02moose.t000664001750001750 73512333472207 13246 0ustar00taitai000000000000Web-ID-1.927/t=head1 PURPOSE Check that Web::ID compiles. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut use Test::More; #eval { require Moose; require MooseX::Types::Moose; 1 } # or plan skip_all => "need Moose"; plan tests => 1; use_ok('Web::ID'); 03certificate.t000664001750001750 725312333472207 14431 0ustar00taitai000000000000Web-ID-1.927/t=head1 PURPOSE Tests that L is able to extract information from a PEM-encoded certificate. The majority of the tests are conducted on a certificate that I<< will expire on 2013-06-21T11:49:45 >> however, it is believed that the nature of these tests is such that they will continue to pass after the certificate has expired. (No tests should be relying on it being a timely certificate.) The situation may need reviewing in July 2013. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut use Test::More tests => 18; use Web::ID::Certificate; my $cert = new_ok 'Web::ID::Certificate' => [pem => <not_before, '2009-06-22T11:49:45', 'certificate not_before correct', ); is( $cert->not_after, '2013-06-21T11:49:45', 'certificate not_after correct', ); ok( ! $cert->timely( $cert->not_before->clone->subtract(days => 1) ), 'not timely before not_before', ); ok( $cert->timely( $cert->not_before ), 'timely on not_before', ); ok( $cert->timely( $cert->not_before->clone->add(days => 1) ), 'timely after not_before', ); ok( $cert->timely( $cert->not_after ), 'timely on not_after', ); ok( ! $cert->timely( $cert->not_after->clone->add(days => 1) ), 'not timely after not_after', ); is( $cert->fingerprint, 'f4651a0cd4efc7301103a7dfec983244dd47b190', 'correct fingerprint', ); ok( $cert->exponent eq '65537', 'correct exponent' ); (my $modulus = <modulus eq $modulus, 'correct modulus' ); isa_ok( $cert->subject_alt_names->[$_], 'Web::ID::SAN', "SAN $_", ) for 0..2; isa_ok( $cert->subject_alt_names->[0], 'Web::ID::SAN::URI', "SAN 0", ); isa_ok( $cert->subject_alt_names->[$_], 'Web::ID::SAN::Email', "SAN $_", ) for 1..2; is( $cert->subject_alt_names->[0]->value, 'http://tobyinkster.co.uk/#i', 'SAN 0 correct value', ); 04webid.t000664001750001750 655112333472207 13242 0ustar00taitai000000000000Web-ID-1.927/t=head1 PURPOSE Performs as close to an end-to-end test as possible without an actual HTTPS server. Generates certificates for five dummy identities using L; creates FOAF profiles for them (using a mixture of Turtle and RDF/XML) and checks that their certificates can be validated against their profiles. Destroys one of the FOAF profiles and checks that the corresponding certificate no longer validates. Alters one of the FOAF profiles and checks that the corresponding certificate no longer validates. Tries its very best to clean up after itself. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut use 5.010; use strict; use lib 'lib'; use lib 't/lib'; use File::Temp qw(); use Path::Tiny qw(); use Test::More; use Web::ID; use Web::ID::Certificate::Generator; # Attempt to silence openssl during test cases sub capture_merged (&;@); BEGIN { *capture_merged = eval { require Capture::Tiny } ? \&Capture::Tiny::capture_merged : sub (&;@) { my $code = shift; $code->() } } require Web::ID::Util::FindOpenSSL; -x Web::ID::Util::FindOpenSSL::find_openssl() or plan skip_all => "Cannot find an executable OpenSSL binary"; # They're unlikely to have /usr/bin/openssl anyway, but... $^O eq 'MSWin32' and plan skip_all => "This test will not run on MSWin32"; our @PEOPLE = qw(alice bob carol david eve); our %Certificates; my $tmpdir = "Path::Tiny"->tempdir; $tmpdir->mkpath; sub tmpfile { return $tmpdir->child(@_) if @_; return $tmpdir; } { package Test::HTTP::Server::Request; no strict 'refs'; for my $p (@::PEOPLE) { *$p = sub { if (-e main::tmpfile($p)) { shift->{out_headers}{content_type} = $p eq 'david' ? 'text/turtle' : 'application/rdf+xml'; scalar main::tmpfile($p)->slurp; } else { my $server = shift; $server->{out_code} = '404 Not Found'; $server->{out_headers}{content_type} = 'text/plain'; 'Not Found'; } } } } eval { require Test::HTTP::Server; 1; } or plan skip_all => "Could not use Test::HTTP::Server: $@"; plan tests => 12; my $server = Test::HTTP::Server->new(); my $baseuri = $server->uri; for my $p (@PEOPLE) { my $discard; my $rdf; my @captured = capture_merged { $Certificates{$p} = 'Web::ID::Certificate'->generate( passphrase => 'secret', subject_alt_names => [ Web::ID::SAN::URI->new(value => $baseuri.$p), ], subject_cn => ucfirst($p), rdf_output => \$rdf, cert_output => \$discard, )->pem }; isa_ok($rdf, 'RDF::Trine::Model', tmpfile($p).' $rdf'); RDF::Trine::Serializer -> new($p eq 'david' ? 'Turtle' : 'RDFXML') -> serialize_model_to_file(tmpfile($p)->openw, $rdf); } for my $p (@PEOPLE) { my $webid = Web::ID->new(certificate => $Certificates{$p}); ok($webid->valid, $webid->uri); } tmpfile('carol')->remove; # bye, bye my $carol = Web::ID->new(certificate => $Certificates{carol}); ok(!$carol->valid, 'bye, bye carol!'); do { (my $data = tmpfile('eve')->slurp) =~ s/exponent/component/g; my $fh = tmpfile('eve')->openw; print $fh $data; }; my $eve = Web::ID->new(certificate => $Certificates{eve}); ok(!$eve->valid, 'eve is evil!'); tmpfile()->remove_tree; ID.pm000664001750001750 1355612333472207 13514 0ustar00taitai000000000000Web-ID-1.927/lib/Webpackage Web::ID; use 5.010; use utf8; BEGIN { $Web::ID::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::VERSION = '1.927'; } use Web::ID::Types -types; use Web::ID::Certificate; use Web::ID::Util qw(:default uniq); use Moose; use namespace::sweep; has certificate => ( is => read_only, isa => Certificate, required => true, coerce => true, ); has uri => ( is => read_only, isa => Uri, lazy_build => true, coerce => true, ); has profile => ( is => read_only, isa => Model, lazy_build => true, ); has valid => ( is => read_only, isa => Bool, lazy_build => true, ); has first_valid_san => ( is => read_only, isa => San | Undef, lazy_build => true, ); sub _build_valid { my ($self) = @_; return false unless $self->certificate->timely; return true if defined $self->first_valid_san; return false; } sub _build_uri { my ($self) = @_; $self->first_valid_san->uri_object; } sub _build_profile { my ($self) = @_; $self->first_valid_san->model; } sub _build_first_valid_san { my ($self) = @_; my $cert = $self->certificate; my @sans = @{ $cert->subject_alt_names }; foreach my $san (@sans) { foreach my $key ( $san->associated_keys ) { return $san if $key->rsa_equal($cert); } } return undef; } sub node { my ($self) = @_; "RDF::Trine::Node::Resource"->new($self->uri.''); } sub get { my $self = shift; my @pred = map { if (blessed $_ and $_->isa("RDF::Trine::Node")) { $_ } else { u $_ } } @_; my @results = uniq map { $_->is_resource ? $_->uri : $_->literal_value } grep { $_->is_literal or $_->is_resource } $self->profile->objects_for_predicate_list($self->node, @pred); wantarray ? @results : $results[0]; } __PACKAGE__ __END__ =head1 NAME Web::ID - implementation of WebID (a.k.a. FOAF+SSL) =head1 SYNOPSIS my $webid = Web::ID->new(certificate => $pem_encoded_x509); if ($webid->valid) { say "Authenticated as: ", $webid->uri; } =head1 DESCRIPTION WebID is a simple authentication protocol based on TLS (Transaction Layer Security, better known as Secure Socket Layer, SSL) and the Semantic Web. This module provides a Perl implementation for authenticating clients using WebID. For more information see the L document. Bundled with this module are L, a plugin for L to perform WebID authentication on HTTPS connections; and L, a module that allows you to generate WebID-enabled certificates that can be installed into web browsers. =head2 Constructor =over =item C<< new >> Standard Moose-style constructor. =back =head2 Attributes =over =item C<< certificate >> A L object representing and x509 certificate, though a PEM-encoded string will be coerced. This is usually the only attribute you want to pass to the constructor. Allow the others to be built automatically. =item C<< first_valid_san >> Probably fairly uninteresting. This is the first subjectAltName value found in the certificate that could be successfully authenticated using Web::ID. An L object. =item C<< uri >> The URI associated with the first valid SAN. A L object. This is a URI you can use to identify the person, organisation or robotic poodle holding the certificate. =item C<< profile >> Data about the certificate holder. An L object. Their FOAF file (probably). =item C<< valid >> Boolean. =back =head2 Methods =over =item C<< node >> Returns the same as C, but as an L object. =item C<< get(@predicates) >> Queries the C for triples of the form: $self->node $predicate $x . And returns literal and URI values for $x, as strings. C<< $predicate >> should be an L, or a string. If a string, it will be expanded using L, so you can do stuff like: my $name = $webid->get('foaf:name', 'rdfs:label'); my @mboxes = $webid->get('foaf:mbox'); =back =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L. L, L. L provides an access control system that complements WebID. L is the spiritual ancestor of this module though they share very little code, and have quite different APIs. General WebID information: L, L, L, L. Mailing list for general Perl RDF/SemWeb discussion and support: L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 THANKS Thanks to Kjetil Kjernsmo (cpan:KJETILK) for persuading me to port my old CGI-specific implementaton of this to Plack. Thanks Kjetil Kjernsmo (again), Florian Ragwitz (cpan:FLORA), and Jonas Smedegaard for help with testing and advice on dependencies. Thanks to Henry Story, Melvin Carvalho, Simon Reinhardt, Bruno Harbulot, Ian Jacobi and many others for developing WebID from a poorly thought out idea to a clever, yet simple and practical authentication protocol. Thanks to Gregory Williams (cpan:GWILLIAMS), Tatsuhiko Miyagawa (cpan:MIYAGAWA) and the Moose Cabal for providing really good platforms (RDF::Trine, Plack and Moose respectively) to build this on. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Certificate.pm000664001750001750 1356112333472207 15732 0ustar00taitai000000000000Web-ID-1.927/lib/Web/IDpackage Web::ID::Certificate; use 5.010; use utf8; BEGIN { $Web::ID::Certificate::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::Certificate::VERSION = '1.927'; } use Crypt::X509 0.50 (); # why the hell does this export anything?! use DateTime 0; use Digest::SHA qw(sha1_hex); use MIME::Base64 0 qw(decode_base64); use Web::ID::Types -types; use Web::ID::SAN; use Web::ID::SAN::Email; use Web::ID::SAN::URI; use Web::ID::Util qw(:default part); # Partly sorts a list of Web::ID::SAN objects, # prioritising URIs and Email addresses. # sub _sort_san { map { ref($_) eq 'ARRAY' ? (@$_) : () } part { if ($_->isa("Web::ID::SAN::URI")) { 0 } elsif ($_->isa("Web::ID::SAN::Email")) { 1 } else { 2 } } @_; } use Moose; use namespace::sweep -also => '_sort_san'; has pem => ( is => read_only, isa => Str, required => true, coerce => false, ); has _der => ( is => read_only, isa => Str, required => true, lazy_build => true, ); has _x509 => ( is => read_only, isa => Type::Utils::class_type({ class => "Crypt::X509" }), lazy_build => true, ); has public_key => ( is => read_only, isa => Rsakey, lazy_build => true, handles => [qw(modulus exponent)], ); has subject_alt_names => ( is => read_only, isa => ArrayRef, lazy_build => true, ); has $_ => ( is => read_only, isa => DateTime, lazy_build => true, coerce => true, ) for qw( not_before not_after ); has san_factory => ( is => read_only, isa => CodeRef, lazy_build => true, ); has fingerprint => ( is => read_only, isa => Str, lazy_build => true, ); sub _build_fingerprint { lc sha1_hex( shift->_der ); } sub _build__der { my @lines = split /\n/, shift->pem; decode_base64(join "\n", grep { !/--(BEGIN|END) CERTIFICATE--/ } @lines); } sub _build__x509 { return "Crypt::X509"->new(cert => shift->_der); } sub _build_public_key { my ($self) = @_; Rsakey->new($self->_x509->pubkey_components); } sub _build_subject_alt_names { my ($self) = @_; my $factory = $self->san_factory; [_sort_san( map { my ($type, $value) = split /=/, $_, 2; $factory->(type => $type, value => $value); } @{ $self->_x509->SubjectAltName } )]; } sub _build_not_before { my ($self) = @_; return $self->_x509->not_before; } sub _build_not_after { my ($self) = @_; return $self->_x509->not_after; } my $default_san_factory = sub { my (%args) = @_; my $class = { uniformResourceIdentifier => 'Web::ID::SAN::URI', rfc822Name => 'Web::ID::SAN::Email', }->{ $args{type} } // "Web::ID::SAN"; $class->new(%args); }; sub _build_san_factory { return $default_san_factory; } sub timely { my ($self, $now) = @_; $now //= DateTime->coerce('now'); return if $now > $self->not_after; return if $now < $self->not_before; return $self; } __PACKAGE__ __END__ =head1 NAME Web::ID::Certificate - an x509 certificate =head1 SYNOPSIS my $cert = Web::ID::Certificate->new(pem => $pem_encoded_x509); foreach (@{ $cert->subject_alt_names }) { say "SAN: ", $_->type, " = ", $_->value; } =head1 DESCRIPTION =head2 Constructor =over =item C<< new >> Standard Moose-style constructor. =back =head2 Attributes =over =item C<< pem >> A PEM-encoded string for the certificate. This is usually the only attribute you want to pass to the constructor. Allow the others to be built automatically. =item C<< public_key >> A L object. =item C<< fingerprint >> A string identifier for the certificate. It is the lower-cased hexadecimal SHA1 hash of the DER-encoded certificate. This is not used in WebID authentication, but may be used as an identifier for the certificate if you need to keep it in a cache. =item C<< not_before >> L object indicating when the certificate started (or will start) to be valid. =item C<< not_after >> L object indicating when the certificate will cease (or has ceased) to be valid. =item C<< subject_alt_names >> An arrayref containing a list of subject alt names (L objects) associated with the certificate. These are sorted in the order they'll be tried for WebID authentication. =item C<< san_factory >> A coderef used for building L objects. It's very unlikely you need to play with this - the default is probably OK. But changing this is "supported" (in so much as any of this is supported). The coderef is passed a hash (not hashref) along the lines of: ( type => 'uniformResourceIdentifier', value => 'http://example.com/id/alice', ) =back =head2 Methods =over =item C<< timely >> Checks C and C against the current system time to indicate whether the certifixate is temporally valid. Returns a boolean. You can optionally pass it a L object to use instead of the current system time. =item C<< exponent >> Delegated to the C attribute. =item C<< modulus >> Delegated to the C attribute. =back =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L, L. L - augments this class to add the ability to generate new WebID certificates. L provides a pure Perl X.509 certificate parser, and is used internally by this module. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. FAQ.pod000664001750001750 1411312333472207 14257 0ustar00taitai000000000000Web-ID-1.927/lib/Web/ID=head1 NAME Web::ID::FAQ - frequently asked questions about WebID =head1 FREQUENTLY ASKED QUESTIONS =head2 So what is WebID? Web Identification and Discovery. Firstly it's the concept of identifying people with HTTP URIs. URI stands for Uniform Resource Identifier. While often used as identifiers for web pages and other digital resources, they're just string identifiers and may be used to identify anything - car parts, gorillas, abstract concepts, and, yes, people. WebID is also a protocol that allows websites to discover which URI identifies you, using a secure certificate that is installed in your browser. =head2 URIs can identify non-digital resources? Yes. Of course, if you type a URI which identifies a web page into a web browser, you'd expect to see that web page (or an error message explaining why you cannot), but if you type a URI which identifies a car part, don't expect that spark plug to jump out of your screen into your hands. URIs that identify non-digital resouces should either be unresolvable (e.g. C<< urn:isbn:978-0099800200 >> which identifies a book - your browser can't do anything with that URI); should produce an error message explaining why the resource cannot be provided; or should redirect to a digital resource (e.g. C<< http://example.com/id/alice >> might identify Alice, and redirect to C<< http://example.com/data/alice >> which is a document with information about Alice). Further reading: I, L. =head2 So I can use WebID to limit who has access to my site? On its own, no. WebID allows a website to establish an identifier for a visitor, but what the website does with that information (whether it uses it to block access to certain resources) is beyond the scope of WebID. =head2 How does WebID work? In summary, your browser establishes an HTTPS connection to a web server. As part of the SSL/TLS handshake, the server can request that the browser identifies itself with a certificate. Your browser then sends your certificate to the server. This certificate includes a URI that identifies you. Behind the scenes, the server fetches that URI, and retrieves a profile document about you (this document can include as much or as little personal data about you as you like). This document uses the RDF data model, and contains data that allows the server to verify that the certificate exchanged as part of your HTTPS request really belongs to you. The user experience is that a WebID user visits a WebID-enabled site; their browser prompts them to pick a certificate from the list of installed certificates; they choose; the site knows who they are. No passwords are required (though many browsers do offer the option to protect the installed certificates with a password). =head2 So WebID requires HTTPS? WebID could theoretically be used over other SSL/TLS protocols, such as OpenVPN, secure IMAP/POP3 connections, and so forth. But yes, it only works over secure connections. Really, would you want to be identifying yourself over an insecure channel? =head2 How can I use WebID in Perl? For Plack/PSGI-based websites, there exists a module L to make things (relatively) easy. It stuffs the client's WebID URI into C<< $env->{WEBID} >>. For Catalyst-based websites, be aware that recent versions of Catalyst are built on Plack. See L for details. Otherwise, you need to use L directly. Assuming you've configured your web server to request a client certificate from the browser, and you've managed to get that client certificate into Perl in PEM format, then it's just: my $webid = Web::ID->new(certificate => $pem); my $uri = $webid->uri; And you have the URI. What is PEM? Well, X509 certificates come in a variety of different interrelated formats. PEM is a common one, and often what web servers make available. If you have DER though, it's easy to convert it to PEM: my $pem = "\n-----BEGIN CERTIFICATE-----\n" . encode_base64($der) . "\n-----END CERTIFICATE-----\n"; If you have another format, then OpenSSL may be able to convert it. Once you have the URI, you can use it as a plain old string identifier for the user, whenever you need to identify them in databases, etc. The C<< $webid >> object in the above example, or in the Plack middleware, C<< $env->{WEBID_OBJECT} >>, is an object blessed into the L package and will allow you to retrieve further information about the user - their name, e-mail address, blog URL, interests, friends, etc - depending on what information they've chosen to include in their profile. =head2 How does WebID compare to OpenID? Both use URIs to identify people, however the way they choose their URIs differs. In OpenID you use the same URI string to identify your blog or homepage, and to identify yourself. In WebID you use different URIs to identify different things - one URI for your blog, one for you. In WebID you almost never have to type that URI - it's embedded into a certificate in your browser's certificate store. WebID doesn't require typing or passwords. This makes it more suitable than OpenID for non-interactive processes (e.g. authenticated downloads run via a cron job). WebID requires a secure connection. WebID is built upon the architecture of the Semantic Web. =head1 SEE ALSO L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. This FAQ document is additionally available under the Creative Commons Attribution-ShareAlike 2.0 UK: England and Wales licence L, and the GNU Free Documentation License version 1.3, or at your option any later version L. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. RSAKey.pm000664001750001750 323212333472207 14560 0ustar00taitai000000000000Web-ID-1.927/lib/Web/IDpackage Web::ID::RSAKey; use 5.010; use utf8; BEGIN { $Web::ID::RSAKey::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::RSAKey::VERSION = '1.927'; } use Web::ID::Types -types; use Web::ID::Util; use Moose; use namespace::sweep; for (qw( exponent modulus )) { has $_ => ( is => read_only, isa => Bigint, required => true, coerce => true, ); } sub rsa_equal { my ($self, $other) = @_; foreach (qw(exponent modulus)) { my $m1 = $self->can($_) or return; my $m2 = $other->can($_) or return; return unless $self->$m1 == $other->$m2; } return true; } __PACKAGE__ __END__ =head1 NAME Web::ID::RSAKey - an RSA key =head1 DESCRIPTION =head2 Constructor =over =item C<< new >> Standard Moose-style constructor. =back =head2 Attributes =over =item C<< exponent >> The exponent as a Math::BigInt object. =item C<< modulus >> The modulus as a Math::BigInt object. =back =head2 Methods =over =item C<< rsa_equal($that) >> Returns true iff this key is the same as that key. =back =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. SAN.pm000664001750001750 562512333472207 14113 0ustar00taitai000000000000Web-ID-1.927/lib/Web/IDpackage Web::ID::SAN; use 5.010; use utf8; BEGIN { $Web::ID::SAN::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::SAN::VERSION = '1.927'; } use Web::ID::Types -types; use RDF::Query 2.900; use URI 0; use URI::Escape 0 qw/uri_escape/; use Web::ID::RSAKey; use Web::ID::Util; use Moose; use namespace::sweep; has $_ => ( is => read_only, isa => Str, required => true, coerce => false, ) for qw(type value); has model => ( is => read_only, isa => Model, lazy_build => true, ); has key_factory => ( is => read_only, isa => CodeRef, lazy_build => true, ); sub _build_model { return Model->new; } my $default_key_factory = sub { my (%args) = @_; return unless $args{exponent}; return unless $args{modulus}; Rsakey->new(%args); }; sub _build_key_factory { return $default_key_factory; } sub uri_object { my ($self) = @_; return Uri->coerce(sprintf 'urn:x-subject-alt-name:%s:%s', map {uri_escape $_} $self->type, $self->value); } sub to_string { my ($self) = @_; sprintf('%s=%s', $self->type, $self->value); } sub associated_keys { return; } __PACKAGE__ __END__ =head1 NAME Web::ID::SAN - represents a single name from a certificate's subjectAltName field =head1 DESCRIPTION =head2 Constructor =over =item C<< new >> Standard Moose-style constructor. =back =head2 Attributes =over =item C<< type >> Something like 'uniformResourceIdentifier' or 'rfc822Name'. A string. =item C<< value >> The name itself. A string. =item C<< model >> An RDF::Trine::Model representing data about the subject identified by this name. To be useful, the C needs to be buildable automatically given C and C. =item C<< key_factory >> This is similar to the C found in L. It's a coderef used to construct L objects. =back =head2 Methods =over =item C<< uri_object >> Forces the name to take the form of a URI identifying the subject. It's not always an especially interesting URI. =item C<< to_string >> A printable form of the name. Not always very pretty. =item C<< associated_keys >> Finds RSA keys associated with this name in C, and returns them as a list of L objects. =back =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L, L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Types.pm000664001750001750 402412333472207 14566 0ustar00taitai000000000000Web-ID-1.927/lib/Web/IDpackage Web::ID::Types; use 5.010; use strict; use utf8; BEGIN { $Web::ID::Types::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::Types::VERSION = '1.927'; }; use Math::BigInt; use RDF::Trine; use Type::Library -base, -declare => qw[ Bigint Certificate Finger Model Rsakey San ]; use Type::Utils -all; BEGIN { extends qw( Types::Standard Types::DateTime Types::URI ) }; class_type Bigint, { class => "Math::BigInt" }; coerce Bigint, from Str, q { "Math::BigInt"->new($_) }; class_type Certificate, { class => "Web::ID::Certificate" }; coerce Certificate, from HashRef, q { "Web::ID::Certificate"->new(%$_) }, from Str, q { "Web::ID::Certificate"->new(pem => $_) }; class_type Finger, { class => "WWW::Finger" }; coerce Finger, from Str, q { (UNIVERSAL::can("WWW::Finger", "new") ? "WWW::Finger"->new($_) : undef) }; class_type Model, { class => "RDF::Trine::Model" }; class_type Rsakey, { class => "Web::ID::RSAKey" }; coerce Rsakey, from HashRef, q { "Web::ID::RSAKey"->new(%$_) }; class_type San, { class => "Web::ID::SAN" }; __PACKAGE__ __END__ =head1 NAME Web::ID::Types - type library for Web::ID and friends =head1 DESCRIPTION A L defining: =head2 Types =over =item * C =item * C =item * C =item * C =item * C =item * C =back ... and re-exporting everything from L, L, and L. =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Util.pm000664001750001750 1314312333472207 14421 0ustar00taitai000000000000Web-ID-1.927/lib/Web/IDpackage Web::ID::Util; use 5.010; use strict; use utf8; BEGIN { $Web::ID::Util::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::Util::VERSION = '1.927'; } use match::simple qw/match/; use Carp qw/confess/; use Math::BigInt 0 try => 'GMP'; use RDF::Trine::NamespaceMap; use List::MoreUtils qw(:all !true !false); use Exporter::Tiny; our @EXPORT = qw( make_bigint_from_node get_trine_model u uu true false read_only read_write ); our @EXPORT_OK = ( @EXPORT, grep {!/^(true|false)$/} @List::MoreUtils::EXPORT_OK ); our @ISA = qw( Exporter::Tiny ); use constant { read_only => 'ro', read_write => 'rw', }; use constant { true => !!1, false => !!0, }; sub u (;$) { state $namespaces //= RDF::Trine::NamespaceMap->new({ rdf => 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', rdfs => 'http://www.w3.org/2000/01/rdf-schema#', owl => 'http://www.w3.org/2002/07/owl#', xsd => 'http://www.w3.org/2001/XMLSchema#', foaf => 'http://xmlns.com/foaf/0.1/', cert => 'http://www.w3.org/ns/auth/cert#', rsa => 'http://www.w3.org/ns/auth/rsa#', }); if (@_) { my $rv = $namespaces->uri(@_) or confess "couldn't expand term $_[0]"; return $rv; } return $namespaces; } sub uu ($) { return u(shift)->uri; } sub get_trine_model { my ($uri, $model) = @_; $model //= "RDF::Trine::Model"->new; eval { "RDF::Trine::Parser"->parse_url_into_model($uri, $model); }; return $model; } sub make_bigint_from_node { my ($node, %opts) = @_; state $test_hex = [ uu('cert:hex'), uu('xsd:hexBinary'), ]; state $test_unsigned = [ uu('cert:decimal'), uu('cert:int'), uu('xsd:unsignedLong'), uu('xsd:unsignedInt'), uu('xsd:unsignedShort'), uu('xsd:unsignedByte'), uu('xsd:positiveInteger'), uu('xsd:nonNegitiveInteger'), ]; state $test_signed = [ uu('xsd:integer'), uu('xsd:negitiveInteger'), uu('xsd:nonPositiveInteger'), uu('xsd:long'), uu('xsd:short'), uu('xsd:int'), uu('xsd:byte'), ]; state $test_decimal = uu('xsd:decimal'); if ($node->is_literal) { for ($node->literal_datatype) { if (match $_, $test_hex) { ( my $hex = $node->literal_value ) =~ s/[^0-9A-F]//ig; return "Math::BigInt"->from_hex("0x$hex"); } if (match $_, $test_unsigned) { ( my $dec = $node->literal_value ) =~ s/[^0-9]//ig; return "Math::BigInt"->new("$dec"); } if (match $_, $test_signed) { ( my $dec = $node->literal_value ) =~ s/[^0-9-]//ig; return "Math::BigInt"->new("$dec"); } if (match $_, $test_decimal) { my ($dec, $frac) = split /\./, $node->literal_value, 2; warn "Ignoring fractional part of xsd:decimal number." if defined $frac; $dec =~ s/[^0-9-]//ig; return "Math::BigInt"->new("$dec"); } if (match $_, undef) { $opts{'fallback'} = $node; } } } if (defined( my $node = $opts{'fallback'} ) and $opts{'fallback'}->is_literal) { if ($opts{'fallback_type'} eq 'hex') { (my $hex = $node->literal_value) =~ s/[^0-9A-F]//ig; return "Math::BigInt"->from_hex("0x$hex"); } else # dec { my ($dec, $frac) = split /\./, $node->literal_value, 2; warn "Ignoring fractional part of xsd:decimal number." if defined $frac; $dec =~ s/[^0-9]//ig; return "Math::BigInt"->new("$dec"); } } return; } __PACKAGE__ __END__ =head1 NAME Web::ID::Util - utility functions used in Web-ID =head1 DESCRIPTION These are utility functions which I found useful building Web-ID. Many of them may also be useful creating the kind of apps that Web-ID is used to authenticate for. Here is a very brief summary. By B, they're B exported to your namespace. (This module uses L so you get pretty good control over what gets exported.) =over =item C - constant for true =item C - constant for false =item C - constant for string 'ro' (nice for Moose/Mouse) =item C - constant for string 'rw' (nice for Moose/Mouse) =item C<< get_trine_model($url) >> - fetches a URL and parses RDF into an L =item C<< u($curie) >> - expands a CURIE, returning an L =item C<< uu($curie) >> - as per C<< u($curie) >>, but returns string =item C<< u() >> - called with no CURIE, returns the L used to map CURIEs to URIs =item C<< make_bigint_from_node($node, %options) >> - makes a L object from a numeric L. Supports most datatypes you'd care about, including hexadecimally ones. Supported options are C which provides a fallback node which will be used when C<< $node >> is non-literal; and C either 'dec' or 'hex' which is used when parsing the fallback node, or if C<< $node >> is a plain literal. (The actual datatype of the fallback node is ignored for hysterical raisins.) =back Additionally, any function from L can be exported by request, except C and C as they conflict with the constants above. use Web::ID::Utils qw(:default uniq); =head1 BUGS I don't wanna hear about them unless they cause knock-on bugs for L itself. =head1 SEE ALSO L, L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. WebID.pm000664001750001750 1624212333472207 17440 0ustar00taitai000000000000Web-ID-1.927/lib/Plack/Middleware/Authpackage Plack::Middleware::Auth::WebID; { $Plack::Middleware::Auth::WebID::AUTHORITY = 'cpan:TOBYINK'; $Plack::Middleware::Auth::WebID::VERSION = '1.927'; } use strict; use base qw(Plack::Middleware); use Plack::Util;; use Plack::Util::Accessor qw( webid_class certificate_env_key on_unauth no_object_please cache ); my $default_unauth = sub { my ($self, $env) = @_; $env->{WEBID} = Plack::Util::FALSE; $env->{WEBID_OBJECT} = Plack::Util::FALSE; $self->app->($env); }; sub prepare_app { my ($self) = @_; $self->certificate_env_key('SSL_CLIENT_CERT') unless defined $self->certificate_env_key; $self->webid_class('Web::ID') unless defined $self->webid_class; $self->on_unauth($default_unauth) unless defined $self->on_unauth; Plack::Util::load_class('Web::ID'); } sub call { my ($self, $env) = @_; my $unauth = $self->on_unauth; my $cert = $env->{ $self->certificate_env_key } or return $self->$unauth($env); my ($webid, $was_cached) = $self->_get_webid($cert, $env); if ($webid->valid) { $env->{WEBID} = $webid->uri . ''; $env->{WEBID_OBJECT} = $webid unless $self->no_object_please; $env->{WEBID_CACHE_HIT} = $was_cached; return $self->_run_app($env); } return $self->$unauth($env); } sub _run_app { my ($self, $env) = @_; my $app = $self->app; @_ = $env; goto $app; } sub _get_webid { my ($self, $cert) = @_; my $webid = $self->webid_class->new(certificate => $cert); return ($webid, '') unless $self->cache; # I know what you're thinking... what's the point in caching these # objects, if we're already constructed it above?! # # Well, much of the heavy work for Web::ID is done in lazy builders. # If we return a cached copy of the object, then we avoid running # those builders again. # my $cached = $self->cache->get( $webid->certificate->fingerprint ); return ($cached, '1') if $cached; $self->cache->set($webid->certificate->fingerprint, $webid); return ($webid, '0'); } __PACKAGE__ __END__ =head1 NAME Plack::Middleware::Auth::WebID - authentication middleware for WebID =head1 SYNOPSIS use Plack::Builder; my $app = sub { ... }; my $cache = CHI->new( ... ); sub unauthenticated { my ($self, $env) = @_; return [ 403, [ 'Content-Type' => 'text/plain' ], [ '403 Forbidden' ], ]; } builder { enable "Auth::WebID", cache => $cache, on_unauth => \&unauthenticated; $app; }; =head1 DESCRIPTION Plack::Middleware::Auth::WebID is a WebID handler for Plack. If authentication is successful, then the handler sets C<< $env->{WEBID} >> to the user's WebID URI, and sets C<< $env->{WEBID_OBJECT} >> to a L object. =begin private =item call =item prepare_app =end private =head1 CONFIGURATION =over 4 =item cache This may be set to an object that will act as a cache for Web::ID objects. Plack::Middleware::Auth::WebID does not care what package you use for your caching needs. L, L and L should all work. In fact, any package that provides a similar one-argument C and a two-argument C ought to work. Which should you use? Well CHI seems to be best, however it's Moose-based, so usually too slow for CGI applications. Use Cache::Cache for CGI, and CHI otherwise. You don't need to set a cache at all, but if there's no cache, then reauthentication (which is computationally expensive) happens for every request. Use of a cache with an expiration time of around 15 minutes should significantly speed up the responsiveness of a WebID-secured site. (For forking servers you probably want a cache that is shared between processes, such as a memcached cache.) =item on_unauth Coderef that will be called if authentication is not successful. You can use this to return a "403 Forbidden" page for example, or try an alternative authentication method. The default coderef used will simply run the application as normal, but setting C<< $env->{WEBID} >> to the empty string. =item webid_class Name of an alternative class to use for WebID authentication instead of L. Note that any such class would need to provide a compatible C constructor. =item certificate_env_key The key within C<< $env >> where Plack::Middleware::Auth::WebID can find a PEM-encoded client SSL certificate. Apache keeps this information in C<< $env->{'SSL_CLIENT_CERT'} >>, so it should be no surprise that this setting defaults to 'SSL_CLIENT_CERT'. =item no_object_please Suppresses setting C<< $env->{WEBID_OBJECT} >>. C<< $env->{WEBID} >> will still be set as usual. =back =head1 SERVER SUPPORT WebID is an authentication system based on the Semantic Web and HTTPS. It relies on client certificates (but not on certification authorities; self-signed certificates are OK). So for this authentication module to work... =over =item * You need to be using a server which supports HTTPS. Many web PSGI web servers (e.g. HTTP::Server::Simple, Starman, etc) do not support HTTPS natively. In some cases these are used with an HTTPS proxy in front of them. =item * Your HTTPS server needs to request a client certificate from the client. =item * Your HTTPS server needs to expose the client certificate to Plack via C<< $env >>. If you're using an HTTPS proxy in front of a non-HTTPS web server, then you might need to be creative to find a way to forward this information to your backend web server. =item * The client browser needs to have a WebID-compatible certificate installed. Nuff said. =back =head2 Apache2 (mod_perl and CGI) The B directive can be used to tell Apache that you want it to request a certificate from the client. Apache is able to deposit the certifcate in an environment variable called SSL_CLIENT_CERT. However by default it might not. Check out the B directive and enable the C option, or if you're using mod_perl try L. =head2 Gepok L is one of a very small number of PSGI-compatible web servers that supports HTTPS natively. As of 0.20 it will request client certificates, but you will need to use L in order to make the certificate available in the PSGI C<< $env >> hashref. =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L, L. General WebID information: L, L, L, L. Apache mod_ssl: L, L, L. Gepok: L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Generator.pm000664001750001750 2100412333472207 17647 0ustar00taitai000000000000Web-ID-1.927/lib/Web/ID/Certificatepackage Web::ID::Certificate::Generator; use 5.010; use utf8; BEGIN { $Web::ID::Certificate::Generator::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::Certificate::Generator::VERSION = '1.927'; } use Moose::Util qw(apply_all_roles); use File::Temp qw(); use Path::Tiny qw(path); use RDF::Trine qw(statement blank iri literal); use Web::ID::Certificate; use Web::ID::Types -types; use Web::ID::Util; use Moose::Role; use namespace::sweep; sub import { apply_all_roles("Web::ID::Certificate", __PACKAGE__); } sub _openssl_path { require Web::ID::Util::FindOpenSSL; path( Web::ID::Util::FindOpenSSL::find_openssl() ); } sub generate { my ($class, %options) = @_; my $openssl = (delete $options{openssl_path}) // $class->_openssl_path; my $passphrase = (delete $options{passphrase}) or confess "need to provide passphrase option"; my $key_size = (delete $options{key_size}) // 1024; my $sans = (delete $options{subject_alt_names}) or confess "need to provide subject_alt_names option"; my $not_after = (delete $options{not_after}); my $dest = (delete $options{cert_output}) or confess "need to provide cert_output option"; my $rdf_sink = (delete $options{rdf_output}) or confess "need to provide rdf_output option"; my %subject = ( C => delete $options{subject_country}, ST => delete $options{subject_region}, L => delete $options{subject_locality}, O => delete $options{subject_org}, CN => delete $options{subject_cn}, ); confess "need to provide subject_cn option" unless $subject{CN}; confess "unsupported options: ".(join q(, ), sort keys %options) if %options; my $days = $not_after ? $not_after->delta_days( DateTime->coerce('now') )->days : 365; my $tempdir = path( File::Temp->newdir ); $tempdir->mkpath; my $config = $tempdir->child('openssl.cnf')->openw; say $config $_ for q([req]), q(default_bits = 1024), q(default_keyfile = privkey.pem), q(distinguished_name = req_distinguished_name), q(x509_extensions = v3_ca), q(prompt = no), q(), q([v3_ca]); say $config q(subjectAltName = ) . join q(,), map { my $value = $_->value; my $type = { rfc822Name => 'email', uniformResourceIdentifier => 'URI', }->{ $_->type }; $type ? (join q(:), $type, $value) : (); } @$sans; say $config $_ for q(), q([req_distinguished_name]); foreach (qw(C ST L O CN)) { next unless (defined $subject{$_} and length $subject{$_}); say $config "$_ = ", $subject{$_}; } close $config; system( $openssl, "req", "-newkey" => "rsa:".$key_size, "-x509", "-days" => $days, "-config" => $tempdir->child('openssl.cnf'), "-out" => $tempdir->child('cert.pem'), "-keyout" => $tempdir->child('privkey.pem'), "-passout" => "pass:".$passphrase, ); system( $openssl, "pkcs12", "-export", "-in" => $tempdir->child('cert.pem'), "-inkey" => $tempdir->child('privkey.pem'), "-out" => $tempdir->child('cert.p12'), "-name" => sprintf('%s <%s>', ($subject{CN}//'Unnamed'), $sans->[0]->value), "-passin" => "pass:".$passphrase, "-passout" => "pass:".$passphrase, ); if (ref $dest eq 'SCALAR') { $$dest = $tempdir->child('cert.p12')->slurp; } elsif (ref $dest =~ m/^IO/) { my $p12 = $tempdir->child('cert.p12')->slurp; print $dest $p12; } else { my $p12 = $tempdir->child('cert.p12')->slurp; my $fh = path($dest)->openw; print $fh $p12; } my ($on_triple, $on_done) = (sub {}, sub {}); if (ref $rdf_sink eq 'SCALAR') { $$rdf_sink = Model->new; $on_triple = sub { $$rdf_sink->add_statement(statement(@_)) }; } elsif (blessed($rdf_sink) and $rdf_sink->isa('RDF::Trine::Model')) { $on_triple = sub { $rdf_sink->add_statement(statement(@_)) }; } else { my $model = Model->new; my $fh = path($rdf_sink)->openw; $on_triple = sub { $model->add_statement(statement(@_)) }; $on_done = sub { "RDF::Trine::Serializer"->new('RDFXML')->serialize_model_to_file($fh, $model) }; } my $pem = $tempdir->child('cert.pem')->slurp; my $cert = $class->new(pem => $pem); my $hex = sub { (my $h = shift->as_hex) =~ s/^0x//; $h; }; my $k = blank(); $on_triple->($k, u('rdf:type'), u('cert:RSAPublicKey')); $on_triple->($k, u('cert:modulus'), literal($cert->modulus->$hex, undef, uu('xsd:hexBinary'))); $on_triple->($k, u('cert:exponent'), literal($cert->exponent->bstr, undef, uu('xsd:integer'))); foreach my $san (@$sans) { next unless $san->type eq 'uniformResourceIdentifier'; $on_triple->(iri($san->value), u('cert:key'), $k); } $on_done->(); $tempdir->remove_tree; return $cert; } __PACKAGE__ __END__ =head1 NAME Web::ID::Certificate::Generator - role for Web::ID::Certificate =head1 SYNOPSIS use Web::ID::Certificate::Generator; my %options = ( cert_output => '/home/alice/webid.p12', passphrase => 's3cr3t s0urc3', rdf_output => '/home/alice/public_html/foaf.rdf', subject_alt_names => [ Web::ID::SAN::URI->new( value => 'http://example.com/~alice/foaf.rdf#me', ), Web::ID::SAN::Email->new( value => 'alice@example.com', ), ], subject_name => 'Alice Jones', subject_locality => 'Lewes', subject_region => 'East Sussex', subject_country => 'GB', # ISO 3166-1 alpha-2 code ); my $cert = Web::ID::Certificate->generate(%options); =head1 DESCRIPTION This is a role that may be applied to L. It is not consumed by Web::ID::Certificate by default as I was trying to avoid tainting the class with the horror that's found in this role. The C routine of this package applies the role to Web::ID::Certificate, so it is sufficient to do: use Web::ID::Certificate::Generator; You don't need to muck around with C yourself. =head2 Constructor =over =item C<< generate(%options) >> Generates a brand new WebID-enabled certificate. =back =head2 Options The following options can be passed to C =over =item * C A passphrase-protected PKCS12 certificate file is generated as part of the certificate generation process. The PKCS12 file is what you'd typically import into a browser. You can pass a scalar reference, in which case the PKCS12 data will be written to that scalar; or a file handle or string file name. This is a required option. =item * C The password for the PKCS12 file. This is a required option. =item * C RDF data is also generated as part of the certificate generation process. Again a file handle or string file name can be passed, or an L. This is a required option. =item * C List of L objects to generate the certificate's subjectAltNames field. You want at least one L in there. This is a required option. =item * C The name of the person who will hold the certificate. (e.g. "Alice Smith".) This is a required option. =item * C The certificate holder's organisation. Not required. =item * C The locality (e.g. city) of the certificate holder's address. Not required. =item * C The region (e.g. state or county) of the certificate holder's address. Not required. =item * C Two letter ISO code for the country of the certificate holder's address. Not required. =item * C The path to the OpenSSL binary. Yes that's right, this role calls the OpenSSL binary via C calls. Defaults to automatic discovery via L. =item * C Key size in bits. Defaults to 1024. Bigger keys are more secure. Keys bigger than 2048 bits will take a ridiculously long time to generate. Keys less than 512 bits are pretty poor. =item * C Date when the certificate should expire, as a L object. Defaults to 365 days. =back =head1 BUGS AND LIMITATIONS Generating the private key results in shedloads of nasty crud being spewed out on STDERR. Please report any bugs to L. =head1 SEE ALSO L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Email.pm000664001750001750 661012333472207 15135 0ustar00taitai000000000000Web-ID-1.927/lib/Web/ID/SANpackage Web::ID::SAN::Email; use 5.010; use utf8; our $WWW_Finger = 0; BEGIN { $Web::ID::SAN::Email::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::SAN::Email::VERSION = '1.927'; eval { no warnings; require WWW::Finger; WWW::Finger->VERSION('0.100'); $WWW_Finger++; } } use Web::ID::Types -types; use Web::ID::Util; use Moose; use namespace::sweep; extends "Web::ID::SAN"; has '+type' => (default => 'rfc822Name'); has finger => ( is => read_only, isa => Finger | Undef, lazy => true, builder => '_build_finger', ); sub _build_finger { my ($self) = @_; return WWW::Finger->new($self->value); } around _build_model => sub { my ($orig, $self) = @_; if (my $finger = $self->finger) { if ($finger->endpoint) { my $store = "RDF::Trine::Store::SPARQL"->new($finger->endpoint); return Model->new($store); } return $finger->graph; } $self->$orig(); }; around associated_keys => sub { my ($orig, $self) = @_; my @keys = $self->$orig; my $results = $self->_query->execute( $self->model ); RESULT: while (my $result = $results->next) { my $modulus = make_bigint_from_node( $result->{modulus}, fallback => $result->{hexModulus}, fallback_type =>'hex', ); my $exponent = make_bigint_from_node( $result->{exponent}, fallback => $result->{decExponent}, fallback_type =>'dec', ); my $key = $self->key_factory->( modulus => $modulus, exponent => $exponent, ); push @keys, $key if $key; } return @keys; }; sub _query { my ($self) = @_; my $email = 'mailto:' . $self->value; return "RDF::Query"->new( sprintf(<<'SPARQL', (($email)x4)) ); PREFIX cert: PREFIX rsa: PREFIX foaf: SELECT ?webid ?modulus ?exponent ?decExponent ?hexModulus WHERE { { ?webid foaf:mbox <%s> . ?key cert:identity ?webid ; rsa:modulus ?modulus ; rsa:public_exponent ?exponent . } UNION { ?webid foaf:mbox <%s> ; cert:key ?key . ?key rsa:modulus ?modulus ; rsa:public_exponent ?exponent . } UNION { ?webid foaf:mbox <%s> . ?key cert:identity ?webid ; cert:modulus ?modulus ; cert:exponent ?exponent . } UNION { ?webid foaf:mbox <%s> ; cert:key ?key . ?key cert:modulus ?modulus ; cert:exponent ?exponent . } OPTIONAL { ?modulus cert:hex ?hexModulus . } OPTIONAL { ?exponent cert:decimal ?decExponent . } } SPARQL } __PACKAGE__ __END__ =head1 NAME Web::ID::SAN::Email - represents subjectAltNames that are e-mail addresses =head1 DESCRIPTION This module uses L (if installed) to attempt to locate some RDF data about the holder of the given e-mail address. It is probably not especially interoperable with other WebID implementations. =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. URI.pm000664001750001750 553312333472207 14550 0ustar00taitai000000000000Web-ID-1.927/lib/Web/ID/SANpackage Web::ID::SAN::URI; use 5.010; use utf8; BEGIN { $Web::ID::SAN::URI::AUTHORITY = 'cpan:TOBYINK'; $Web::ID::SAN::URI::VERSION = '1.927'; } use Web::ID::Types -types; use Web::ID::Util; use Moose; use namespace::sweep; extends 'Web::ID::SAN'; has '+type' => (default => 'uniformResourceIdentifier'); override uri_object => sub { my ($self) = @_; return Uri->coerce($self->value); }; around _build_model => sub { my ($orig, $self) = @_; my $model = $self->$orig; return get_trine_model($self->value => $model); }; around associated_keys => sub { my ($orig, $self) = @_; my @keys = $self->$orig; my $results = $self->_query->execute( $self->model ); RESULT: while (my $result = $results->next) { # trim any whitespace around modulus # (HACK for MyProfile WebIDs) # Should probably be in ::Util. $result->{modulus}->[0] =~ s/(^\s+)|(\s+$)//g; my $modulus = make_bigint_from_node( $result->{modulus}, fallback => $result->{hexModulus}, fallback_type =>'hex', ); my $exponent = make_bigint_from_node( $result->{exponent}, fallback => $result->{decExponent}, fallback_type =>'dec', ); my $key = $self->key_factory->( modulus => $modulus, exponent => $exponent, ); push @keys, $key if $key; } return @keys; }; sub _query { my ($self) = @_; return "RDF::Query"->new( sprintf(<<'SPARQL', (($self->uri_object)x4)) ); PREFIX cert: PREFIX rsa: SELECT ?modulus ?exponent ?decExponent ?hexModulus WHERE { { ?key cert:identity <%s> ; rsa:modulus ?modulus ; rsa:public_exponent ?exponent . } UNION { <%s> cert:key ?key . ?key rsa:modulus ?modulus ; rsa:public_exponent ?exponent . } UNION { ?key cert:identity <%s> ; cert:modulus ?modulus ; cert:exponent ?exponent . } UNION { <%s> cert:key ?key . ?key cert:modulus ?modulus ; cert:exponent ?exponent . } OPTIONAL { ?modulus cert:hex ?hexModulus . } OPTIONAL { ?exponent cert:decimal ?decExponent . } } SPARQL } __PACKAGE__ __END__ =head1 NAME Web::ID::SAN::URI - represents subjectAltNames that are URIs =head1 DESCRIPTION subjectAltNames such as these are the foundation of the whole WebID idea. =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2012 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. FindOpenSSL.pm000664001750001750 116512333472207 16466 0ustar00taitai000000000000Web-ID-1.927/lib/Web/ID/Utilpackage Web::ID::Util::FindOpenSSL; our $AUTHORITY = "cpan:TOBYINK"; our $VERSION = "1.927"; use strict; use File::ShareDir qw/dist_dir/; use File::Spec; my @possible = ( 'c:\\openssl\\bin\\openssl.exe', '/usr/bin/openssl', '/usr/local/bin/openssl', ); push @possible, $ENV{OPENSSL_PATH} if exists $ENV{OPENSSL_PATH}; push @possible, File::Spec->catfile( dist_dir("Alien-OpenSSL"), "bin", "openssl", ) if eval { dist_dir("Alien-OpenSSL") }; my $openssl; sub find_openssl { return $openssl if defined $openssl && -f $openssl; for my $try (@possible) { return ($openssl = $try) if -f $try; } return; } 1; Server.pm000664001750001750 1627412333472207 15712 0ustar00taitai000000000000Web-ID-1.927/t/lib/Test/HTTPpackage Test::HTTP::Server; # # 2011 (c) Przemysław Iskra # This program is free software, # you may distribute it under the same terms as Perl. # use strict; use warnings; use IO::Socket; use POSIX ":sys_wait_h"; our $VERSION = '0.03'; sub _open_socket { my $frompid = $$; $frompid %= 63 * 1024; $frompid += 63 * 1024 if $frompid < 1024; my $port = $ENV{HTTP_PORT} || $frompid; foreach ( 0..100 ) { my $socket = IO::Socket::INET->new( Proto => 'tcp', LocalPort => $port, Listen => 5, Reuse => 1, Blocking => 1, ); return ( $port, $socket ) if $socket; $port = 1024 + int rand 63 * 1024; } } sub new { my $class = shift; my ( $port, $socket ) = _open_socket() or die "Could not start HTTP server\n"; my $pid = fork; die "Could not fork\n" unless defined $pid; if ( $pid ) { my $self = { address => "127.0.0.1", port => $port, pid => $pid, }; return bless $self, $class; } else { $SIG{CHLD} = \&_sigchld; _main_loop( $socket, @_ ); exec "true"; die "Should not be here\n"; } } sub uri { my $self = shift; return "http://$self->{address}:$self->{port}/"; } sub port { my $self = shift; $self->{port}; } sub address { my $self = shift; if ( @_ ) { $self->{address} = shift; } $self->{address}; } sub _sigchld { my $kid; local $?; do { $kid = waitpid -1, WNOHANG; } while ( $kid > 0 ); } sub DESTROY { my $self = shift; my $done = 0; local $SIG{CHLD} = \&_sigchld; my $cnt = kill 15, $self->{pid}; return unless $cnt; foreach my $sig ( 15, 15, 15, 9, 9, 9 ) { $cnt = kill $sig, $self->{pid}; last unless $cnt; select undef, undef, undef, 0.1; } } sub _term { exec "true"; die "Should not be here\n"; } sub _main_loop { my $socket = shift; $SIG{TERM} = \&_term; for (;;) { my $client = $socket->accept() or redo; my $pid = fork; die "Could not fork\n" unless defined $pid; if ( $pid ) { close $client; } else { Test::HTTP::Server::Request->open( $client, @_ ); _term(); } } } package Test::HTTP::Server::Connection; BEGIN { eval { require URI::Escape; URI::Escape->import( qw(uri_unescape) ); }; if ( $@ ) { *uri_unescape = sub { local $_ = shift; s/%(..)/chr hex $1/eg; return $_; }; } } use constant DNAME => [qw(Sun Mon Tue Wed Thu Fri Sat)]; use constant MNAME => [qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec)]; sub _http_time { my $self = shift; my @t = gmtime( shift || time ); return sprintf '%s, %02d %s %04d %02d:%02d:%02d GMT', DNAME->[ $t[6] ], $t[3], MNAME->[ $t[4] ], 1900+$t[5], $t[2], $t[1], $t[0]; } sub open { my $class = shift; my $socket = shift; open STDOUT, '>&', $socket; open STDIN, '<&', $socket; my $self = { version => "1.0", @_, socket => $socket, }; bless $self, $class; $self->process; } sub process { my $self = shift; $self->in_all; $self->out_all; close STDIN; close STDOUT; close $self->{socket}; } sub in_all { my $self = shift; $self->{request} = $self->in_request; $self->{headers} = $self->in_headers; if ( $self->{request}->[0] =~ /^(?:POST|PUT)/ ) { $self->{body} = $self->in_body; } else { delete $self->{body}; } } sub in_request { my $self = shift; local $/ = "\r\n"; $_ = ; $self->{head} = $_; chomp; return [ split /\s+/, $_ ]; } sub in_headers { my $self = shift; local $/ = "\r\n"; my @headers; while ( ) { $self->{head} .= $_; chomp; last unless length $_; s/(\S+):\s*//; my $header = $1; $header =~ tr/-/_/; push @headers, ( lc $header, $_ ); } return \@headers; } sub in_body { my $self = shift; my %headers = @{ $self->{headers} }; $_ = ""; my $len = $headers{content_length}; $len = 10 * 1024 * 1024 unless defined $len; read STDIN, $_, $len; return $_; } sub out_response { my $self = shift; my $code = shift; print "HTTP/$self->{version} $code\r\n"; } sub out_headers { my $self = shift; while ( my ( $name, $value ) = splice @_, 0, 2 ) { $name = join "-", map { ucfirst lc $_ } split /[_-]+/, $name; if ( ref $value ) { # must be an array foreach my $val ( @$value ) { print "$name: $val\r\n"; } } else { print "$name: $value\r\n"; } } } sub out_body { my $self = shift; my $body = shift; use bytes; my $len = length $body; print "Content-Length: $len\r\n"; print "\r\n"; print $body; } sub out_all { my $self = shift; my %default_headers = ( content_type => "text/plain", date => $self->_http_time, ); $self->{out_headers} = { %default_headers }; my $req = $self->{request}->[1]; $req =~ s#^/##; my @args = map { uri_unescape $_ } split m#/#, $req; my $func = shift @args; $func = "index" unless defined $func and length $func; my $body; eval { $body = $self->$func( @args ); }; if ( $@ ) { warn "Server error: $@\n"; $self->out_response( "404 Not Found" ); $self->out_headers( %default_headers ); $self->out_body( "Server error: $@\n" ); } elsif ( defined $body ) { $self->out_response( $self->{out_code} || "200 OK" ); $self->out_headers( %{ $self->{out_headers} } ); $self->out_body( $body ); } } # default handlers sub index { my $self = shift; my $body = "Available functions:\n"; $body .= ( join "", map "- $_\n", sort { $a cmp $b} grep { not __PACKAGE__->can( $_ ) } grep { Test::HTTP::Server::Request->can( $_ ) } keys %{Test::HTTP::Server::Request::} ) || "NONE\n"; return $body; } sub echo { my $self = shift; my $type = shift; my $body = ""; if ( not $type or $type eq "head" ) { $body .= $self->{head}; } if ( ( not $type or $type eq "body" ) and defined $self->{body} ) { $body .= $self->{body}; } return $body; } sub cookie { my $self = shift; my $num = shift || 1; my $template = shift || "test_cookie%n=true; expires=%date(+600); path=/"; my $expdate = sub { my $time = shift; $time += time if $time =~ m/^[+-]/; return $self->_http_time( $time ); }; my @cookies; foreach my $n ( 1..$num ) { $_ = $template; s/%n/$n/; s/%date\(\s*([+-]?\d+)\s*\)/$expdate->( $1 )/e; push @cookies, $_; } $self->{out_headers}->{set_cookie} = \@cookies; return "Sent $num cookies matching template:\n$template\n"; } sub repeat { my $self = shift; my $num = shift || 1024; my $pattern = shift || "="; return $pattern x $num; } package Test::HTTP::Server::Request; our @ISA = qw(Test::HTTP::Server::Connection); 1; __END__ =head1 NAME Test::HTTP::Server - simple forking http server =head1 SYNOPSIS my $server = Test::HTTP::Server->new(); client_get( $server->uri . "my_request" ); sub Test::HTTP::Server::Request::my_request { my $self = shift; return "foobar!\n" } =head1 DESCRIPTION This package provices a simple forking http server which can be used for testing http clients. =head1 DEFAULT METHODS =over =item index Lists user methods. =item echo / TYPE Returns whole request in the body. If TYPE is "head", only request head will be echoed, if TYPE is "body" (i.g. post requests) only body will be sent. system "wget", $server->uri . "echo/head"; =item cookie / REPEAT / PATTERN Sets a cookie. REPEAT is the number of cookies to be sent. PATTERN is the cookie pattern. system "wget", $server->uri . "cookie/3"; =item repeat / REPEAT / PATTERN Sends a pattern. system "wget", $server->uri . "repeat/2/foobar"; =back =cut