CONTRIBUTING 000664 001750 001750 5317 12333472214 13203 0 ustar 00tai tai 000000 000000 Web-ID-1.927 NAME
CONTRIBUTING
DESCRIPTION
If you're reading this document, that means you might be thinking about
helping me out with this project. Thanks!
Here's some ways you could help out:
* Bug reports
Found a bug? Great! (Well, not so great I suppose.)
The place to report them is . Don't e-mail me
about it, as your e-mail is more than likely to get lost amongst the
spam.
An example script clearly demonstrating the bug (preferably written
using Test::More) would be greatly appreciated.
* Patches
If you've found a bug and written a fix for it, even better!
Generally speaking you should check out the latest copy of the code
from the source repository rather than using the CPAN distribution.
The file META.yml should contain a link to the source repository. If
not, then try or submit a bug report.
(As far as I'm concerned the lack of a link is a bug.) Many of my
distributions are also mirrored at .
To submit the patch, do a pull request on GitHub or Bitbucket, or
attach a diff file to a bug report. Unless otherwise stated, I'll
assume that your contributions are licensed under the same terms as
the rest of the project.
(If using git, feel free to work in a branch. For Mercurial, I'd
prefer bookmarks within the default branch.)
* Documentation
If there's anything unclear in the documentation, please submit this
as a bug report or patch as above.
Non-toy example scripts that I can bundle would also be appreciated.
* Translation
Translations of documentation would be welcome.
For translations of error messages and other strings embedded in the
code, check with me first. Sometimes the English strings may not in
a stable state, so it would be a waste of time translating them.
Coding Style
I tend to write using something approximating the Allman style, using
tabs for indentation and Unix-style line breaks.
*
*
I nominally encode all source files as UTF-8, though in practice most of
them use a 7-bit-safe ASCII-compatible subset of UTF-8.
AUTHOR
Toby Inkster .
COPYRIGHT AND LICENCE
Copyright (c) 2012-2013 by Toby Inkster.
CONTRIBUTING.pod is licensed under the Creative Commons
Attribution-ShareAlike 2.0 UK: England & Wales License. To view a copy
of this license, visit
.
COPYRIGHT 000664 001750 001750 3136 12333472214 12641 0 ustar 00tai tai 000000 000000 Web-ID-1.927 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: Web-ID
Upstream-Contact: Toby Inkster (TOBYINK)
Source: https://metacpan.org/release/Web-ID
Files: README
lib/Plack/Middleware/Auth/WebID.pm
lib/Web/ID.pm
lib/Web/ID/Certificate.pm
lib/Web/ID/Certificate/Generator.pm
lib/Web/ID/FAQ.pod
lib/Web/ID/RSAKey.pm
lib/Web/ID/SAN.pm
lib/Web/ID/SAN/Email.pm
lib/Web/ID/SAN/URI.pm
lib/Web/ID/Types.pm
lib/Web/ID/Util.pm
t/01mouse.t
t/02moose.t
t/03certificate.t
t/04webid.t
Copyright: This software is copyright (c) 2012 by Toby Inkster.
License: GPL-1.0+ or Artistic-1.0
Files: CONTRIBUTING
INSTALL
LICENSE
Makefile.PL
examples/certificate-generation.pl
examples/certificate-parsing.pl
examples/fingerpoint-test.pl
examples/web-id-validation.pl
Copyright: Unknown
License: Unknown
Files: Changes
META.json
META.yml
doap.ttl
lib/Web/ID/Util/FindOpenSSL.pm
Copyright: Copyright 2014 Toby Inkster.
License: GPL-1.0+ or Artistic-1.0
Files: COPYRIGHT
CREDITS
SIGNATURE
Copyright: None
License: public-domain
Files: dist.ini
Copyright: Copyright 2013 Toby Inkster.
License: GPL-1.0+ or Artistic-1.0
Files: t/lib/Test/HTTP/Server.pm
Copyright: Copyright 2012 Toby Inkster.
License: GPL-1.0+ or Artistic-1.0
License: Artistic-1.0
This software is Copyright (c) 2014 by the copyright holder(s).
This is free software, licensed under:
The Artistic License 1.0
License: GPL-1.0
This software is Copyright (c) 2014 by the copyright holder(s).
This is free software, licensed under:
The GNU General Public License, Version 1, February 1989
CREDITS 000664 001750 001750 257 12333472211 12344 0 ustar 00tai tai 000000 000000 Web-ID-1.927 Maintainer:
- Toby Inkster (TOBYINK)
Thanks:
- Florian Ragwitz (FLORA)
- Jonas Smedegaard
- Kjetil Kjernsmo (KJETILK)
Changes 000664 001750 001750 4702 12333472211 12636 0 ustar 00tai tai 000000 000000 Web-ID-1.927 Web-ID
======
Created: 2012-04-26
Home page:
Bug tracker:
Maintainer: Toby Inkster (TOBYINK)
1.927 2014-05-10
[ Packaging ]
- Bump required version of Types::Standard to 0.040.
- Bump required version of match::simple to 0.008.
[ Other ]
- Rather than defining Datetime and Uri types in Web::ID::Types, use
Types::DateTime and Types::URI from CPAN.
1.926 2013-12-10
- Updated: Use Exporter::Tiny instead of Exporter::TypeTiny.
1.925 2013-09-03
1.924_03 2013-08-10
[ Packaging ]
- configure_requires File::ShareDir.
1.924_02 2013-08-09
[ Packaging ]
- Package using Dist::Inkt.
1.924_01 2013-08-07
[ Bug Fixes ]
- Type::Utils no longer exports `extends` by default; request it.
[ Packaging ]
- Minor packaging fixes.
1.923 2013-05-21
- Do a better job searching for OpenSSL binary; use Alien::OpenSSL if it
can't be found.
- Switched from MooseX::Types to Types::Standard.
- Switched from Path::Class to Path::Tiny.
- Switched from Sub::Exporter to Exporter::TypeTiny.
- Switched from smartmatch to match::smart.
1.922 2012-12-15
[ Documentation ]
- Documented test suite.
[ Other ]
- Make test suite output cleaner (no openssl junk) if Capture::Tiny is
available.
- Updated: RDF::Trine now uses Moose, so there's no reason for Web::ID to
continue using Any::Moose. All the old Any::Moose/Mouse stuff is now
gone, and Web::ID now uses Moose and MooseX::Types.
- Updated: Switched from namespace::clean to namespace::sweep.
1.921 2012-05-20
[ Packaging ]
- Add version number (0.06) to MouseX::Types dependency.
1.920 2012-05-10
[ Documentation ]
- Minor documentation changes.
[ Packaging ]
- Mark as non-development release.
1.910_04 2012-05-09
- Drop dependency on Class::Load; use load_class from Plack::Util instead.
- Use File::Temp and Path::Class in t/04webid.t - they're already
dependencies, so might as well.
Kjetil Kjernsmo++
1.910_03 2012-05-09
- Better hooks for subclassing Plack::Middleware::Auth::WebID.
1.910_02 2012-05-08
[ Documentation ]
- Add Any::Moose stuff to Web::ID BUGS section.
Florian Ragwitz++
- Improve Web::ID DESCRIPTION.
Jonas Smedegaard++
[ Other ]
- Updated: Replace deprecated Digest::SHA1 with Digest::SHA.
Jonas Smedegaard++
1.910_01 2012-05-07
- Almost complete rewrite of CGI::Auth::FOAF_SSL. Very different (and much
cleaner) API.
INSTALL 000664 001750 001750 1634 12333472207 12402 0 ustar 00tai tai 000000 000000 Web-ID-1.927 Installing Web-ID should be straightforward.
INSTALLATION WITH CPANMINUS
If you have cpanm, you only need one line:
% cpanm Web::ID
If you are installing into a system-wide directory, you may need to pass
the "-S" flag to cpanm, which uses sudo to install the module:
% cpanm -S Web::ID
INSTALLATION WITH THE CPAN SHELL
Alternatively, if your CPAN shell is set up, you should just be able to
do:
% cpan Web::ID
MANUAL INSTALLATION
As a last resort, you can manually install it. Download the tarball and
unpack it.
Consult the file META.json for a list of pre-requisites. Install these
first.
To build Web-ID:
% perl Makefile.PL
% make && make test
Then install it:
% make install
If you are installing into a system-wide directory, you may need to run:
% sudo make install
LICENSE 000664 001750 001750 43653 12333472210 12377 0 ustar 00tai tai 000000 000000 Web-ID-1.927 This software is copyright (c) 2014 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
Terms of the Perl programming language system itself
a) the GNU General Public License as published by the Free
Software Foundation; either version 1, or (at your option) any
later version, or
b) the "Artistic License"
--- The GNU General Public License, Version 1, February 1989 ---
This software is Copyright (c) 2014 by Toby Inkster.
This is free software, licensed under:
The GNU General Public License, Version 1, February 1989
GNU GENERAL PUBLIC LICENSE
Version 1, February 1989
Copyright (C) 1989 Free Software Foundation, Inc.
51 Franklin St, Suite 500, Boston, MA 02110-1335 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The license agreements of most software companies try to keep users
at the mercy of those companies. By contrast, our General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. The
General Public License applies to the Free Software Foundation's
software and to any other program whose authors commit to using it.
You can use it for your programs, too.
When we speak of free software, we are referring to freedom, not
price. Specifically, the General Public License is designed to make
sure that you have the freedom to give away or sell copies of free
software, that you receive source code or can get it if you want it,
that you can change the software or use pieces of it in new free
programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of a such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must tell them their rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any program or other work which
contains a notice placed by the copyright holder saying it may be
distributed under the terms of this General Public License. The
"Program", below, refers to any such program or work, and a "work based
on the Program" means either the Program or any work containing the
Program or a portion of it, either verbatim or with modifications. Each
licensee is addressed as "you".
1. You may copy and distribute verbatim copies of the Program's source
code as you receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice and
disclaimer of warranty; keep intact all the notices that refer to this
General Public License and to the absence of any warranty; and give any
other recipients of the Program a copy of this General Public License
along with the Program. You may charge a fee for the physical act of
transferring a copy.
2. You may modify your copy or copies of the Program or any portion of
it, and copy and distribute such modifications under the terms of Paragraph
1 above, provided that you also do the following:
a) cause the modified files to carry prominent notices stating that
you changed the files and the date of any change; and
b) cause the whole of any work that you distribute or publish, that
in whole or in part contains the Program or any part thereof, either
with or without modifications, to be licensed at no charge to all
third parties under the terms of this General Public License (except
that you may choose to grant warranty protection to some or all
third parties, at your option).
c) If the modified program normally reads commands interactively when
run, you must cause it, when started running for such interactive use
in the simplest and most usual way, to print or display an
announcement including an appropriate copyright notice and a notice
that there is no warranty (or else, saying that you provide a
warranty) and that users may redistribute the program under these
conditions, and telling the user how to view a copy of this General
Public License.
d) You may charge a fee for the physical act of transferring a
copy, and you may at your option offer warranty protection in
exchange for a fee.
Mere aggregation of another independent work with the Program (or its
derivative) on a volume of a storage or distribution medium does not bring
the other work under the scope of these terms.
3. You may copy and distribute the Program (or a portion or derivative of
it, under Paragraph 2) in object code or executable form under the terms of
Paragraphs 1 and 2 above provided that you also do one of the following:
a) accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of
Paragraphs 1 and 2 above; or,
b) accompany it with a written offer, valid for at least three
years, to give any third party free (except for a nominal charge
for the cost of distribution) a complete machine-readable copy of the
corresponding source code, to be distributed under the terms of
Paragraphs 1 and 2 above; or,
c) accompany it with the information you received as to where the
corresponding source code may be obtained. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form alone.)
Source code for a work means the preferred form of the work for making
modifications to it. For an executable file, complete source code means
all the source code for all modules it contains; but, as a special
exception, it need not include source code for modules which are standard
libraries that accompany the operating system on which the executable
file runs, or for standard header files or definitions files that
accompany that operating system.
4. You may not copy, modify, sublicense, distribute or transfer the
Program except as expressly provided under this General Public License.
Any attempt otherwise to copy, modify, sublicense, distribute or transfer
the Program is void, and will automatically terminate your rights to use
the Program under this License. However, parties who have received
copies, or rights to use copies, from you under this General Public
License will not have their licenses terminated so long as such parties
remain in full compliance.
5. By copying, distributing or modifying the Program (or any work based
on the Program) you indicate your acceptance of this license to do so,
and all its terms and conditions.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the original
licensor to copy, distribute or modify the Program subject to these
terms and conditions. You may not impose any further restrictions on the
recipients' exercise of the rights granted herein.
7. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of the license which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
the license, you may choose any version ever published by the Free Software
Foundation.
8. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Appendix: How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to humanity, the best way to achieve this is to make it
free software which everyone can redistribute and change under these
terms.
To do so, attach the following notices to the program. It is safest to
attach them to the start of each source file to most effectively convey
the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
Copyright (C) 19yy
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 1, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19xx name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the
appropriate parts of the General Public License. Of course, the
commands you use may be called something other than `show w' and `show
c'; they could even be mouse-clicks or menu items--whatever suits your
program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
program `Gnomovision' (a program to direct compilers to make passes
at assemblers) written by James Hacker.
, 1 April 1989
Ty Coon, President of Vice
That's all there is to it!
--- The Artistic License 1.0 ---
This software is Copyright (c) 2014 by Toby Inkster.
This is free software, licensed under:
The Artistic License 1.0
The Artistic License
Preamble
The intent of this document is to state the conditions under which a Package
may be copied, such that the Copyright Holder maintains some semblance of
artistic control over the development of the package, while giving the users of
the package the right to use and distribute the Package in a more-or-less
customary fashion, plus the right to make reasonable modifications.
Definitions:
- "Package" refers to the collection of files distributed by the Copyright
Holder, and derivatives of that collection of files created through
textual modification.
- "Standard Version" refers to such a Package if it has not been modified,
or has been modified in accordance with the wishes of the Copyright
Holder.
- "Copyright Holder" is whoever is named in the copyright or copyrights for
the package.
- "You" is you, if you're thinking about copying or distributing this Package.
- "Reasonable copying fee" is whatever you can justify on the basis of media
cost, duplication charges, time of people involved, and so on. (You will
not be required to justify it to the Copyright Holder, but only to the
computing community at large as a market that must bear the fee.)
- "Freely Available" means that no fee is charged for the item itself, though
there may be fees involved in handling the item. It also means that
recipients of the item may redistribute it under the same conditions they
received it.
1. You may make and give away verbatim copies of the source form of the
Standard Version of this Package without restriction, provided that you
duplicate all of the original copyright notices and associated disclaimers.
2. You may apply bug fixes, portability fixes and other modifications derived
from the Public Domain or from the Copyright Holder. A Package modified in such
a way shall still be considered the Standard Version.
3. You may otherwise modify your copy of this Package in any way, provided that
you insert a prominent notice in each changed file stating how and when you
changed that file, and provided that you do at least ONE of the following:
a) place your modifications in the Public Domain or otherwise make them
Freely Available, such as by posting said modifications to Usenet or an
equivalent medium, or placing the modifications on a major archive site
such as ftp.uu.net, or by allowing the Copyright Holder to include your
modifications in the Standard Version of the Package.
b) use the modified Package only within your corporation or organization.
c) rename any non-standard executables so the names do not conflict with
standard executables, which must also be provided, and provide a separate
manual page for each non-standard executable that clearly documents how it
differs from the Standard Version.
d) make other distribution arrangements with the Copyright Holder.
4. You may distribute the programs of this Package in object code or executable
form, provided that you do at least ONE of the following:
a) distribute a Standard Version of the executables and library files,
together with instructions (in the manual page or equivalent) on where to
get the Standard Version.
b) accompany the distribution with the machine-readable source of the Package
with your modifications.
c) accompany any non-standard executables with their corresponding Standard
Version executables, giving the non-standard executables non-standard
names, and clearly documenting the differences in manual pages (or
equivalent), together with instructions on where to get the Standard
Version.
d) make other distribution arrangements with the Copyright Holder.
5. You may charge a reasonable copying fee for any distribution of this
Package. You may charge any fee you choose for support of this Package. You
may not charge a fee for this Package itself. However, you may distribute this
Package in aggregate with other (possibly commercial) programs as part of a
larger (possibly commercial) software distribution provided that you do not
advertise this Package as a product of your own.
6. The scripts and library files supplied as input to or produced as output
from the programs of this Package do not automatically fall under the copyright
of this Package, but belong to whomever generated them, and may be sold
commercially, and may be aggregated with this Package.
7. C or perl subroutines supplied by you and linked into this Package shall not
be considered part of this Package.
8. The name of the Copyright Holder may not be used to endorse or promote
products derived from this software without specific prior written permission.
9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The End
MANIFEST 000664 001750 001750 1155 12333472214 12476 0 ustar 00tai tai 000000 000000 Web-ID-1.927 CONTRIBUTING
COPYRIGHT
CREDITS
Changes
INSTALL
LICENSE
MANIFEST
META.json
META.yml
Makefile.PL
README
SIGNATURE
dist.ini
doap.ttl
examples/certificate-generation.pl
examples/certificate-parsing.pl
examples/fingerpoint-test.pl
examples/web-id-validation.pl
lib/Plack/Middleware/Auth/WebID.pm
lib/Web/ID.pm
lib/Web/ID/Certificate.pm
lib/Web/ID/Certificate/Generator.pm
lib/Web/ID/FAQ.pod
lib/Web/ID/RSAKey.pm
lib/Web/ID/SAN.pm
lib/Web/ID/SAN/Email.pm
lib/Web/ID/SAN/URI.pm
lib/Web/ID/Types.pm
lib/Web/ID/Util.pm
lib/Web/ID/Util/FindOpenSSL.pm
t/01mouse.t
t/02moose.t
t/03certificate.t
t/04webid.t
t/lib/Test/HTTP/Server.pm
META.json 000664 001750 001750 6512 12333472213 12767 0 ustar 00tai tai 000000 000000 Web-ID-1.927 {
"abstract" : "implementation of WebID (a.k.a. FOAF+SSL)",
"author" : [
"Toby Inkster (TOBYINK) "
],
"dynamic_config" : 1,
"generated_by" : "Dist::Inkt::Profile::TOBYINK version 0.015, CPAN::Meta::Converter version 2.120921",
"keywords" : [],
"license" : [
"perl_5"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : "2"
},
"name" : "Web-ID",
"no_index" : {
"directory" : [
"eg",
"examples",
"inc",
"t",
"xt"
]
},
"optional_features" : {},
"prereqs" : {
"configure" : {
"requires" : {
"ExtUtils::MakeMaker" : "6.17",
"File::ShareDir" : "0"
}
},
"runtime" : {
"requires" : {
"Crypt::X509" : "0",
"DateTime" : "0",
"Digest::SHA" : "0",
"Exporter::Tiny" : "0",
"File::ShareDir" : "0",
"List::MoreUtils" : "0",
"Moose" : "2.0600",
"Path::Tiny" : "0.017",
"Plack" : "0",
"RDF::Query" : "2.900",
"RDF::Trine" : "1.000",
"Types::DateTime" : "0",
"Types::Standard" : "0.040",
"Types::URI" : "0",
"URI" : "0",
"match::simple" : "0.008",
"namespace::sweep" : "0",
"perl" : "5.010"
}
},
"test" : {
"requires" : {
"Test::More" : "0.96"
}
}
},
"provides" : {
"Plack::Middleware::Auth::WebID" : {
"file" : "lib/Plack/Middleware/Auth/WebID.pm",
"version" : "1.927"
},
"Web::ID" : {
"file" : "lib/Web/ID.pm",
"version" : "1.927"
},
"Web::ID::Certificate" : {
"file" : "lib/Web/ID/Certificate.pm",
"version" : "1.927"
},
"Web::ID::Certificate::Generator" : {
"file" : "lib/Web/ID/Certificate/Generator.pm",
"version" : "1.927"
},
"Web::ID::RSAKey" : {
"file" : "lib/Web/ID/RSAKey.pm",
"version" : "1.927"
},
"Web::ID::SAN" : {
"file" : "lib/Web/ID/SAN.pm",
"version" : "1.927"
},
"Web::ID::SAN::Email" : {
"file" : "lib/Web/ID/SAN/Email.pm",
"version" : "1.927"
},
"Web::ID::SAN::URI" : {
"file" : "lib/Web/ID/SAN/URI.pm",
"version" : "1.927"
},
"Web::ID::Types" : {
"file" : "lib/Web/ID/Types.pm",
"version" : "1.927"
},
"Web::ID::Util" : {
"file" : "lib/Web/ID/Util.pm",
"version" : "1.927"
},
"Web::ID::Util::FindOpenSSL" : {
"file" : "lib/Web/ID/Util/FindOpenSSL.pm",
"version" : "1.927"
}
},
"release_status" : "stable",
"resources" : {
"X_identifier" : "http://purl.org/NET/cpan-uri/dist/Web-ID/project",
"bugtracker" : {
"web" : "http://rt.cpan.org/Dist/Display.html?Queue=Web-ID"
},
"homepage" : "https://metacpan.org/release/Web-ID",
"license" : [
"http://dev.perl.org/licenses/"
],
"repository" : {
"type" : "git",
"url" : "git://github.com/tobyink/p5-web-id.git",
"web" : "https://github.com/tobyink/p5-web-id"
}
},
"version" : "1.927"
}
META.yml 000664 001750 001750 3763 12333472213 12624 0 ustar 00tai tai 000000 000000 Web-ID-1.927 ---
abstract: 'implementation of WebID (a.k.a. FOAF+SSL)'
author:
- 'Toby Inkster (TOBYINK) '
build_requires:
Test::More: 0.96
configure_requires:
ExtUtils::MakeMaker: 6.17
File::ShareDir: 0
dynamic_config: 1
generated_by: 'Dist::Inkt::Profile::TOBYINK version 0.015, CPAN::Meta::Converter version 2.120921'
keywords: []
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
version: 1.4
name: Web-ID
no_index:
directory:
- eg
- examples
- inc
- t
- xt
optional_features: {}
provides:
Plack::Middleware::Auth::WebID:
file: lib/Plack/Middleware/Auth/WebID.pm
version: 1.927
Web::ID:
file: lib/Web/ID.pm
version: 1.927
Web::ID::Certificate:
file: lib/Web/ID/Certificate.pm
version: 1.927
Web::ID::Certificate::Generator:
file: lib/Web/ID/Certificate/Generator.pm
version: 1.927
Web::ID::RSAKey:
file: lib/Web/ID/RSAKey.pm
version: 1.927
Web::ID::SAN:
file: lib/Web/ID/SAN.pm
version: 1.927
Web::ID::SAN::Email:
file: lib/Web/ID/SAN/Email.pm
version: 1.927
Web::ID::SAN::URI:
file: lib/Web/ID/SAN/URI.pm
version: 1.927
Web::ID::Types:
file: lib/Web/ID/Types.pm
version: 1.927
Web::ID::Util:
file: lib/Web/ID/Util.pm
version: 1.927
Web::ID::Util::FindOpenSSL:
file: lib/Web/ID/Util/FindOpenSSL.pm
version: 1.927
requires:
Crypt::X509: 0
DateTime: 0
Digest::SHA: 0
Exporter::Tiny: 0
File::ShareDir: 0
List::MoreUtils: 0
Moose: 2.0600
Path::Tiny: 0.017
Plack: 0
RDF::Query: 2.900
RDF::Trine: 1.000
Types::DateTime: 0
Types::Standard: 0.040
Types::URI: 0
URI: 0
match::simple: 0.008
namespace::sweep: 0
perl: 5.010
resources:
X_identifier: http://purl.org/NET/cpan-uri/dist/Web-ID/project
bugtracker: http://rt.cpan.org/Dist/Display.html?Queue=Web-ID
homepage: https://metacpan.org/release/Web-ID
license: http://dev.perl.org/licenses/
repository: git://github.com/tobyink/p5-web-id.git
version: 1.927
Makefile.PL 000664 001750 001750 16113 12333472214 13337 0 ustar 00tai tai 000000 000000 Web-ID-1.927 use strict;
use ExtUtils::MakeMaker 6.17;
my $EUMM = eval( $ExtUtils::MakeMaker::VERSION );
my $meta = {
"abstract" => "implementation of WebID (a.k.a. FOAF+SSL)",
"author" => ["Toby Inkster (TOBYINK) "],
"dynamic_config" => 1,
"generated_by" => "Dist::Inkt::Profile::TOBYINK version 0.015, CPAN::Meta::Converter version 2.120921",
"keywords" => [],
"license" => ["perl_5"],
"meta-spec" => {
url => "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
version => 2,
},
"name" => "Web-ID",
"no_index" => { directory => ["eg", "examples", "inc", "t", "xt"] },
"prereqs" => {
configure => {
requires => { "ExtUtils::MakeMaker" => 6.17, "File::ShareDir" => 0 },
},
runtime => {
requires => {
"Crypt::X509" => 0,
"DateTime" => 0,
"Digest::SHA" => 0,
"Exporter::Tiny" => 0,
"File::ShareDir" => 0,
"List::MoreUtils" => 0,
"match::simple" => 0.008,
"Moose" => "2.0600",
"namespace::sweep" => 0,
"Path::Tiny" => 0.017,
"perl" => "5.010",
"Plack" => 0,
"RDF::Query" => "2.900",
"RDF::Trine" => "1.000",
"Types::DateTime" => 0,
"Types::Standard" => "0.040",
"Types::URI" => 0,
"URI" => 0,
},
},
test => { requires => { "Test::More" => 0.96 } },
},
"provides" => {
"Plack::Middleware::Auth::WebID" => { file => "lib/Plack/Middleware/Auth/WebID.pm", version => 1.927 },
"Web::ID" => { file => "lib/Web/ID.pm", version => 1.927 },
"Web::ID::Certificate" => { file => "lib/Web/ID/Certificate.pm", version => 1.927 },
"Web::ID::Certificate::Generator" => { file => "lib/Web/ID/Certificate/Generator.pm", version => 1.927 },
"Web::ID::RSAKey" => { file => "lib/Web/ID/RSAKey.pm", version => 1.927 },
"Web::ID::SAN" => { file => "lib/Web/ID/SAN.pm", version => 1.927 },
"Web::ID::SAN::Email" => { file => "lib/Web/ID/SAN/Email.pm", version => 1.927 },
"Web::ID::SAN::URI" => { file => "lib/Web/ID/SAN/URI.pm", version => 1.927 },
"Web::ID::Types" => { file => "lib/Web/ID/Types.pm", version => 1.927 },
"Web::ID::Util" => { file => "lib/Web/ID/Util.pm", version => 1.927 },
"Web::ID::Util::FindOpenSSL" => { file => "lib/Web/ID/Util/FindOpenSSL.pm", version => 1.927 },
},
"release_status" => "stable",
"resources" => {
bugtracker => { web => "http://rt.cpan.org/Dist/Display.html?Queue=Web-ID" },
homepage => "https://metacpan.org/release/Web-ID",
license => ["http://dev.perl.org/licenses/"],
repository => {
type => "git",
url => "git://github.com/tobyink/p5-web-id.git",
web => "https://github.com/tobyink/p5-web-id",
},
X_identifier => "http://purl.org/NET/cpan-uri/dist/Web-ID/project",
},
"version" => 1.927,
};
my %dynamic_config;
do {
# If we can't find openssl via normal techniques,
# add a dependency on Alien::OpenSSL.
#
use lib "lib";
require Web::ID::Util::FindOpenSSL;
$meta->{prereqs}{runtime}{requires}{"Alien::OpenSSL"} = "0.03"
unless -x Web::ID::Util::FindOpenSSL::find_openssl();
};
my %WriteMakefileArgs = (
ABSTRACT => $meta->{abstract},
AUTHOR => ($EUMM >= 6.5702 ? $meta->{author} : $meta->{author}[0]),
DISTNAME => $meta->{name},
VERSION => $meta->{version},
EXE_FILES => [ map $_->{file}, values %{ $meta->{x_provides_scripts} || {} } ],
NAME => do { my $n = $meta->{name}; $n =~ s/-/::/g; $n },
test => { TESTS => "t/*.t" },
%dynamic_config,
);
$WriteMakefileArgs{LICENSE} = $meta->{license}[0] if $EUMM >= 6.3001;
sub deps
{
my %r;
for my $stage (@_)
{
for my $dep (keys %{$meta->{prereqs}{$stage}{requires}})
{
next if $dep eq 'perl';
my $ver = $meta->{prereqs}{$stage}{requires}{$dep};
$r{$dep} = $ver if !exists($r{$dep}) || $ver >= $r{$dep};
}
}
\%r;
}
my ($build_requires, $configure_requires, $runtime_requires, $test_requires);
if ($EUMM >= 6.6303)
{
$WriteMakefileArgs{BUILD_REQUIRES} ||= deps('build');
$WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure');
$WriteMakefileArgs{TEST_REQUIRES} ||= deps('test');
$WriteMakefileArgs{PREREQ_PM} ||= deps('runtime');
}
elsif ($EUMM >= 6.5503)
{
$WriteMakefileArgs{BUILD_REQUIRES} ||= deps('build', 'test');
$WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure');
$WriteMakefileArgs{PREREQ_PM} ||= deps('runtime');
}
elsif ($EUMM >= 6.52)
{
$WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure');
$WriteMakefileArgs{PREREQ_PM} ||= deps('runtime', 'build', 'test');
}
else
{
$WriteMakefileArgs{PREREQ_PM} ||= deps('configure', 'build', 'test', 'runtime');
}
{
my ($minperl) = reverse sort(
grep defined && /^[0-9]+(\.[0-9]+)?$/,
map $meta->{prereqs}{$_}{requires}{perl},
qw( configure build runtime )
);
if (defined($minperl))
{
die "Installing $meta->{name} requires Perl >= $minperl"
unless $] >= $minperl;
$WriteMakefileArgs{MIN_PERL_VERSION} ||= $minperl
if $EUMM >= 6.48;
}
}
sub FixMakefile
{
return unless -d 'inc';
my $file = shift;
local *MAKEFILE;
open MAKEFILE, "< $file" or die "FixMakefile: Couldn't open $file: $!; bailing out";
my $makefile = do { local $/; };
close MAKEFILE or die $!;
$makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /;
$makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g;
$makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g;
$makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m;
$makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m;
open MAKEFILE, "> $file" or die "FixMakefile: Couldn't open $file: $!; bailing out";
print MAKEFILE $makefile or die $!;
close MAKEFILE or die $!;
}
my $mm = WriteMakefile(%WriteMakefileArgs);
FixMakefile($mm->{FIRST_MAKEFILE} || 'Makefile');
exit(0);
README 000664 001750 001750 10215 12333472207 12244 0 ustar 00tai tai 000000 000000 Web-ID-1.927 NAME
Web::ID - implementation of WebID (a.k.a. FOAF+SSL)
SYNOPSIS
my $webid = Web::ID->new(certificate => $pem_encoded_x509);
if ($webid->valid)
{
say "Authenticated as: ", $webid->uri;
}
DESCRIPTION
WebID is a simple authentication protocol based on TLS (Transaction Layer
Security, better known as Secure Socket Layer, SSL) and the Semantic Web.
This module provides a Perl implementation for authenticating clients
using WebID.
For more information see the Web::ID::FAQ document.
Bundled with this module are Plack::Middleware::Auth::WebID, a plugin for
Plack to perform WebID authentication on HTTPS connections; and
Web::ID::Certificate::Generator, a module that allows you to generate
WebID-enabled certificates that can be installed into web browsers.
Constructor
`new`
Standard Moose-style constructor.
Attributes
`certificate`
A Web::ID::Certificate object representing and x509 certificate,
though a PEM-encoded string will be coerced.
This is usually the only attribute you want to pass to the
constructor. Allow the others to be built automatically.
`first_valid_san`
Probably fairly uninteresting. This is the first subjectAltName value
found in the certificate that could be successfully authenticated
using Web::ID. An Web::ID::SAN object.
`uri`
The URI associated with the first valid SAN. A URI object.
This is a URI you can use to identify the person, organisation or
robotic poodle holding the certificate.
`profile`
Data about the certificate holder. An RDF::Trine::Model object. Their
FOAF file (probably).
`valid`
Boolean.
Methods
`node`
Returns the same as `uri`, but as an RDF::Trine::Node object.
`get(@predicates)`
Queries the `profile` for triples of the form:
$self->node $predicate $x .
And returns literal and URI values for $x, as strings.
$predicate should be an RDF::Trine::Node, or a string. If a string, it
will be expanded using RDF::Trine::NamespaceMap, so you can do stuff
like:
my $name = $webid->get('foaf:name', 'rdfs:label');
my @mboxes = $webid->get('foaf:mbox');
BUGS
Please report any bugs to
.
SEE ALSO
Web::ID::FAQ.
Web::ID::Certificate, Plack::Middleware::Auth::WebID.
RDF::ACL provides an access control system that complements WebID.
CGI::Auth::FOAF_SSL is the spiritual ancestor of this module though they
share very little code, and have quite different APIs.
General WebID information: ,
,
,
.
Mailing list for general Perl RDF/SemWeb discussion and support:
.
AUTHOR
Toby Inkster .
THANKS
Thanks to Kjetil Kjernsmo (cpan:KJETILK) for persuading me to port my old
CGI-specific implementaton of this to Plack.
Thanks Kjetil Kjernsmo (again), Florian Ragwitz (cpan:FLORA), and Jonas
Smedegaard for help with testing and advice on dependencies.
Thanks to Henry Story, Melvin Carvalho, Simon Reinhardt, Bruno Harbulot,
Ian Jacobi and many others for developing WebID from a poorly thought out
idea to a clever, yet simple and practical authentication protocol.
Thanks to Gregory Williams (cpan:GWILLIAMS), Tatsuhiko Miyagawa
(cpan:MIYAGAWA) and the Moose Cabal for providing really good platforms
(RDF::Trine, Plack and Moose respectively) to build this on.
COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under the
same terms as the Perl 5 programming language system itself.
DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
SIGNATURE 000664 001750 001750 5512 12333472215 12633 0 ustar 00tai tai 000000 000000 Web-ID-1.927 This file contains message digests of all files listed in MANIFEST,
signed via the Module::Signature module, version 0.70.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
% cpansign -v
It will check each file's integrity, as well as the signature's
validity. If "==> Signature verified OK! <==" is not displayed,
the distribution may already have been compromised, and you should
not run its Makefile.PL or Build.PL.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SHA1 294505f858f11dd062e9916e3f50d88210a9ef54 CONTRIBUTING
SHA1 199672d9e950392715810ea8cb52d7ba82afd4e6 COPYRIGHT
SHA1 d179492c62fdf84fa2e063a73b66ae8f28fb23d3 CREDITS
SHA1 edf08d40318e0b3a5c26be590aa42fabed6ae7fb Changes
SHA1 e82f15307080209d67edf4f308809497b7948d11 INSTALL
SHA1 47870123f373f5185d6893cb98bf06a8a05510aa LICENSE
SHA1 315e2e7a0b8fd4d766f8c9cd464a7b45a09e5251 MANIFEST
SHA1 c055e51e43cbad745867187aa0e6415d64b93f41 META.json
SHA1 86b8d69070647f0b5e5a616b5923d91b4efb93a3 META.yml
SHA1 22891f3ba3a5498c817af81699f489a5ef1af06f Makefile.PL
SHA1 d435bb1c1238a751a264f1445b53b196f3342ba4 README
SHA1 ac9e2d0cc3f48317e89038cd0bfebfb3ed424059 dist.ini
SHA1 7c1f9865c9577e1a95b3d29ee1caf22408d1467d doap.ttl
SHA1 42fd4caeb9333e3f37e86c2bdb38cec4ccbc78c0 examples/certificate-generation.pl
SHA1 03d3c6b48b15ad2bbbcfea677a3257374c208c0a examples/certificate-parsing.pl
SHA1 25a49eb596594a24623220134cedcb4d7e6d477c examples/fingerpoint-test.pl
SHA1 477d08c3e793ffbc4e2ed23d5a0dfbef135a304d examples/web-id-validation.pl
SHA1 9af56a0e240838869e5ba9de2591f72277e55fba lib/Plack/Middleware/Auth/WebID.pm
SHA1 d77967b43b726ed0a782f97eb1211d311b9a2b30 lib/Web/ID.pm
SHA1 ed4470e9071785bed4852e596286b71d6ec2a4ab lib/Web/ID/Certificate.pm
SHA1 a871000c6cdee1e74c11ffd0790f2b0d2e34259a lib/Web/ID/Certificate/Generator.pm
SHA1 f5814fea529758d9913f8211f44e852644f14bba lib/Web/ID/FAQ.pod
SHA1 7d8e70c18cb7d4e27f50e9b93a46fdf9837de297 lib/Web/ID/RSAKey.pm
SHA1 3a404ea3a31e5c95e9362f109dec581923e28bd3 lib/Web/ID/SAN.pm
SHA1 f4e0b01765bb742ef22a9848aeeeeeed684f9152 lib/Web/ID/SAN/Email.pm
SHA1 d8426af865c0c3271063e56f8981ea8cf965599f lib/Web/ID/SAN/URI.pm
SHA1 a9ed7c63fb767deab0b16e5d8645b1e4006b2030 lib/Web/ID/Types.pm
SHA1 199649a794bf7454466005978b2545bc62300c25 lib/Web/ID/Util.pm
SHA1 f25723dfc071f6097e326c05f69b75343deeddeb lib/Web/ID/Util/FindOpenSSL.pm
SHA1 311478d30fce690179458dd8b5ca2afc951c8e42 t/01mouse.t
SHA1 61357e85d9676b656a5cedf29618fbdcfc7405b3 t/02moose.t
SHA1 6bccc6bac755209db20f7eb4ccfe2fbcb6780d06 t/03certificate.t
SHA1 b468d166763361712722420123189e969ab2fb4f t/04webid.t
SHA1 c145c4023e4f8a015b0110476aedd8deccac81e2 t/lib/Test/HTTP/Server.pm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlNudI0ACgkQzr+BKGoqfTmbRQCfRmn60i9ivvgYKpccVXYcxBOL
4IoAniB0sPBKl6p59JJMt6g6p5e2FdQl
=OTD5
-----END PGP SIGNATURE-----
dist.ini 000664 001750 001750 75 12333472207 12753 0 ustar 00tai tai 000000 000000 Web-ID-1.927 ;; class = 'Dist::Inkt::Profile::TOBYINK'
;; name = 'Web-ID'
doap.ttl 000664 001750 001750 30760 12333472213 13040 0 ustar 00tai tai 000000 000000 Web-ID-1.927 @prefix dc: .
@prefix doap: .
@prefix doap-changeset: .
@prefix doap-deps: .
@prefix foaf: .
@prefix rdfs: .
@prefix xsd: .
dc:title "the same terms as the perl 5 programming language system itself".
a doap:Project;
doap-deps:configure-requirement [ doap-deps:on "File::ShareDir"^^doap-deps:CpanId ];
doap-deps:runtime-requirement [ doap-deps:on "perl 5.010"^^doap-deps:CpanId ], [ doap-deps:on "namespace::sweep"^^doap-deps:CpanId ], [ doap-deps:on "Path::Tiny 0.017"^^doap-deps:CpanId ], [ doap-deps:on "Plack"^^doap-deps:CpanId ], [ doap-deps:on "RDF::Query 2.900"^^doap-deps:CpanId ], [ doap-deps:on "RDF::Trine 1.000"^^doap-deps:CpanId ], [ doap-deps:on "Types::DateTime"^^doap-deps:CpanId ], [
doap-deps:on "Types::Standard 0.040"^^doap-deps:CpanId;
], [ doap-deps:on "Types::URI"^^doap-deps:CpanId ], [ doap-deps:on "URI"^^doap-deps:CpanId ], [ doap-deps:on "Crypt::X509"^^doap-deps:CpanId ], [ doap-deps:on "DateTime"^^doap-deps:CpanId ], [ doap-deps:on "Digest::SHA"^^doap-deps:CpanId ], [ doap-deps:on "Exporter::Tiny"^^doap-deps:CpanId ], [ doap-deps:on "File::ShareDir"^^doap-deps:CpanId ], [ doap-deps:on "List::MoreUtils"^^doap-deps:CpanId ], [
doap-deps:on "match::simple 0.008"^^doap-deps:CpanId;
], [ doap-deps:on "Moose 2.0600"^^doap-deps:CpanId ];
doap-deps:test-requirement [ doap-deps:on "Test::More 0.96"^^doap-deps:CpanId ];
doap:bug-database ;
doap:created "2012-04-26"^^xsd:date;
doap:developer ;
doap:download-page ;
doap:homepage ;
doap:license ;
doap:maintainer ;
doap:name "Web-ID";
doap:programming-language "Perl";
doap:release , , , , , , , , , , , , , ;
doap:repository [
a doap:GitRepository;
doap:browse ;
];
doap:shortdesc "implementation of WebID (a.k.a. FOAF+SSL)";
rdfs:seeAlso .
a doap:Version;
dc:issued "2012-05-07"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
rdfs:label "Almost complete rewrite of CGI::Auth::FOAF_SSL. Very different (and much cleaner) API."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.910_01"^^xsd:string.
a doap:Version;
dc:issued "2012-05-08"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Documentation;
rdfs:label "Improve Web::ID DESCRIPTION."@en;
doap-changeset:thanks ;
], [
a doap-changeset:Documentation;
rdfs:label "Add Any::Moose stuff to Web::ID BUGS section."@en;
doap-changeset:thanks ;
], [
a doap-changeset:Update;
rdfs:label "Replace deprecated Digest::SHA1 with Digest::SHA."@en;
doap-changeset:thanks ;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.910_02"^^xsd:string.
a doap:Version;
dc:issued "2012-05-09"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
rdfs:label "Better hooks for subclassing Plack::Middleware::Auth::WebID."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.910_03"^^xsd:string.
a doap:Version;
dc:issued "2012-05-09"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
rdfs:label "Drop dependency on Class::Load; use load_class from Plack::Util instead."@en;
], [
rdfs:label "Use File::Temp and Path::Class in t/04webid.t - they're already dependencies, so might as well."@en;
doap-changeset:thanks ;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.910_04"^^xsd:string.
a doap:Version;
dc:issued "2012-05-10"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Documentation;
rdfs:label "Minor documentation changes."@en;
], [
a doap-changeset:Packaging;
rdfs:label "Mark as non-development release."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.920"^^xsd:string.
a doap:Version;
dc:issued "2012-05-20"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Packaging;
rdfs:label "Add version number (0.06) to MouseX::Types dependency."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.921"^^xsd:string.
a doap:Version;
dc:issued "2012-12-15"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Update;
rdfs:label "RDF::Trine now uses Moose, so there's no reason for Web::ID to continue using Any::Moose. All the old Any::Moose/Mouse stuff is now gone, and Web::ID now uses Moose and MooseX::Types."@en;
], [
a doap-changeset:Update;
rdfs:label "Switched from namespace::clean to namespace::sweep."@en;
], [
a doap-changeset:Documentation;
rdfs:label "Documented test suite."@en;
], [
a doap-changeset:Change;
rdfs:label "Make test suite output cleaner (no openssl junk) if Capture::Tiny is available."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.922"^^xsd:string.
a doap:Version;
dc:issued "2013-05-21"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Change;
rdfs:label "Switched from MooseX::Types to Types::Standard."@en;
], [
a doap-changeset:Change;
rdfs:label "Switched from Sub::Exporter to Exporter::TypeTiny."@en;
], [
a doap-changeset:Change;
rdfs:label "Switched from smartmatch to match::smart."@en;
], [
a doap-changeset:Change;
rdfs:label "Switched from Path::Class to Path::Tiny."@en;
], [
a doap-changeset:Change;
rdfs:label "Do a better job searching for OpenSSL binary; use Alien::OpenSSL if it can't be found."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.923"^^xsd:string.
a doap:Version;
dc:issued "2013-08-07"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Packaging;
rdfs:label "Minor packaging fixes."@en;
], [
a doap-changeset:Bugfix;
rdfs:label "Type::Utils no longer exports `extends` by default; request it."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.924_01"^^xsd:string.
a doap:Version;
dc:issued "2013-08-09"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Packaging;
rdfs:label "Package using Dist::Inkt."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.924_02"^^xsd:string.
a doap:Version;
dc:issued "2013-08-10"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Packaging;
rdfs:label "configure_requires File::ShareDir."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.924_03"^^xsd:string.
a doap:Version;
dc:issued "2013-09-03"^^xsd:date;
doap:file-release ;
doap:revision "1.925"^^xsd:string;
rdfs:comment "No functional changes."@en.
a doap:Version;
dc:issued "2013-12-10"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Update;
rdfs:label "Use Exporter::Tiny instead of Exporter::TypeTiny."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.926"^^xsd:string.
a doap:Version;
dc:issued "2014-05-10"^^xsd:date;
doap-changeset:changeset [
doap-changeset:item [
a doap-changeset:Packaging;
rdfs:label "Bump required version of match::simple to 0.008."@en;
], [
a doap-changeset:Packaging;
rdfs:label "Bump required version of Types::Standard to 0.040."@en;
], [
a doap-changeset:Change;
rdfs:label "Rather than defining Datetime and Uri types in Web::ID::Types, use Types::DateTime and Types::URI from CPAN."@en;
];
doap-changeset:versus ;
];
doap:file-release ;
doap:revision "1.927"^^xsd:string.
a foaf:Person;
foaf:mbox ;
foaf:name "Florian Ragwitz".
a foaf:Person;
foaf:mbox ;
foaf:name "Kjetil Kjernsmo".
a foaf:Person;
foaf:mbox ;
foaf:name "Toby Inkster".
a foaf:Person;
foaf:name "Jonas Smedegaard".
certificate-generation.pl 000664 001750 001750 756 12333472207 20123 0 ustar 00tai tai 000000 000000 Web-ID-1.927/examples use Web::ID::Certificate::Generator;
Web::ID::Certificate->generate(
passphrase => 'test1234',
subject_alt_names => [
Web::ID::SAN::URI->new(value => 'http://example.com/id/alice'),
Web::ID::SAN::URI->new(value => 'http://example.net/id/alice'),
],
cert_output => \(my $output),
rdf_output => \(my $model),
subject_cn => 'Alice Test',
subject_country => 'gb',
);
print RDF::Trine::Serializer
-> new('RDFXML')
-> serialize_model_to_string($model);
certificate-parsing.pl 000664 001750 001750 3504 12333472207 17445 0 ustar 00tai tai 000000 000000 Web-ID-1.927/examples use 5.010;
use lib "../lib";
use lib "lib";
use Data::Dumper;
#use Moose ();
use Web::ID::Certificate;
use Web::ID::SAN;
use Web::ID::SAN::Email;
use Web::ID::SAN::URI;
my $cert = Web::ID::Certificate->new( pem => <not_before, " -- ", $cert->not_after;
say "Exponent: ", $cert->exponent;
say "Modulus: ", $cert->modulus;
say "Subject alt names: ", Dumper($cert->subject_alt_names);
say "Fingerprint: ", $cert->fingerprint;
fingerpoint-test.pl 000664 001750 001750 447 12333472207 17006 0 ustar 00tai tai 000000 000000 Web-ID-1.927/examples use 5.010;
use Web::ID::SAN::Email;
use RDF::Trine;
my $san = Web::ID::SAN::Email->new(
type => 'rfc822Address',
value => 'somebody@fingerpoint.tobyinkster.co.uk',
);
say $san->uri_object;
print RDF::Trine::Serializer
-> new('Turtle')
-> serialize_model_to_string( $san->model );
web-id-validation.pl 000664 001750 001750 3204 12333472207 17016 0 ustar 00tai tai 000000 000000 Web-ID-1.927/examples use 5.010;
use lib "../lib";
use lib "lib";
use Data::Dumper;
#use Moose ();
use Web::ID;
my $id = Web::ID->new( certificate => <first_valid_san->to_string;
say "URI: ", $id->uri;
say "Email: ", join ';', $id->get('foaf:mbox');
01mouse.t 000664 001750 001750 632 12333472207 13247 0 ustar 00tai tai 000000 000000 Web-ID-1.927/t =head1 PURPOSE
This test has been retired. Web::ID no longer uses Any::Moose/Mouse.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=cut
use Test::More skip_all => "eek! eek!";
02moose.t 000664 001750 001750 735 12333472207 13246 0 ustar 00tai tai 000000 000000 Web-ID-1.927/t =head1 PURPOSE
Check that Web::ID compiles.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=cut
use Test::More;
#eval { require Moose; require MooseX::Types::Moose; 1 }
# or plan skip_all => "need Moose";
plan tests => 1;
use_ok('Web::ID');
03certificate.t 000664 001750 001750 7253 12333472207 14431 0 ustar 00tai tai 000000 000000 Web-ID-1.927/t =head1 PURPOSE
Tests that L is able to extract information from a
PEM-encoded certificate.
The majority of the tests are conducted on a certificate that I<< will
expire on 2013-06-21T11:49:45 >> however, it is believed that the nature
of these tests is such that they will continue to pass after the certificate
has expired. (No tests should be relying on it being a timely certificate.)
The situation may need reviewing in July 2013.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=cut
use Test::More tests => 18;
use Web::ID::Certificate;
my $cert = new_ok 'Web::ID::Certificate' => [pem => <not_before,
'2009-06-22T11:49:45',
'certificate not_before correct',
);
is(
$cert->not_after,
'2013-06-21T11:49:45',
'certificate not_after correct',
);
ok(
! $cert->timely( $cert->not_before->clone->subtract(days => 1) ),
'not timely before not_before',
);
ok(
$cert->timely( $cert->not_before ),
'timely on not_before',
);
ok(
$cert->timely( $cert->not_before->clone->add(days => 1) ),
'timely after not_before',
);
ok(
$cert->timely( $cert->not_after ),
'timely on not_after',
);
ok(
! $cert->timely( $cert->not_after->clone->add(days => 1) ),
'not timely after not_after',
);
is(
$cert->fingerprint,
'f4651a0cd4efc7301103a7dfec983244dd47b190',
'correct fingerprint',
);
ok(
$cert->exponent eq '65537',
'correct exponent'
);
(my $modulus = <modulus eq $modulus,
'correct modulus'
);
isa_ok(
$cert->subject_alt_names->[$_],
'Web::ID::SAN',
"SAN $_",
) for 0..2;
isa_ok(
$cert->subject_alt_names->[0],
'Web::ID::SAN::URI',
"SAN 0",
);
isa_ok(
$cert->subject_alt_names->[$_],
'Web::ID::SAN::Email',
"SAN $_",
) for 1..2;
is(
$cert->subject_alt_names->[0]->value,
'http://tobyinkster.co.uk/#i',
'SAN 0 correct value',
);
04webid.t 000664 001750 001750 6551 12333472207 13242 0 ustar 00tai tai 000000 000000 Web-ID-1.927/t =head1 PURPOSE
Performs as close to an end-to-end test as possible without an actual
HTTPS server.
Generates certificates for five dummy identities using
L; creates FOAF profiles for them
(using a mixture of Turtle and RDF/XML) and checks that their
certificates can be validated against their profiles.
Destroys one of the FOAF profiles and checks that the corresponding
certificate no longer validates.
Alters one of the FOAF profiles and checks that the corresponding
certificate no longer validates.
Tries its very best to clean up after itself.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=cut
use 5.010;
use strict;
use lib 'lib';
use lib 't/lib';
use File::Temp qw();
use Path::Tiny qw();
use Test::More;
use Web::ID;
use Web::ID::Certificate::Generator;
# Attempt to silence openssl during test cases
sub capture_merged (&;@);
BEGIN {
*capture_merged = eval { require Capture::Tiny }
? \&Capture::Tiny::capture_merged
: sub (&;@) { my $code = shift; $code->() }
}
require Web::ID::Util::FindOpenSSL;
-x Web::ID::Util::FindOpenSSL::find_openssl()
or plan skip_all => "Cannot find an executable OpenSSL binary";
# They're unlikely to have /usr/bin/openssl anyway, but...
$^O eq 'MSWin32'
and plan skip_all => "This test will not run on MSWin32";
our @PEOPLE = qw(alice bob carol david eve);
our %Certificates;
my $tmpdir = "Path::Tiny"->tempdir;
$tmpdir->mkpath;
sub tmpfile
{
return $tmpdir->child(@_) if @_;
return $tmpdir;
}
{
package Test::HTTP::Server::Request;
no strict 'refs';
for my $p (@::PEOPLE)
{
*$p = sub {
if (-e main::tmpfile($p))
{
shift->{out_headers}{content_type} =
$p eq 'david' ? 'text/turtle' : 'application/rdf+xml';
scalar main::tmpfile($p)->slurp;
}
else
{
my $server = shift;
$server->{out_code} = '404 Not Found';
$server->{out_headers}{content_type} = 'text/plain';
'Not Found';
}
}
}
}
eval { require Test::HTTP::Server; 1; }
or plan skip_all => "Could not use Test::HTTP::Server: $@";
plan tests => 12;
my $server = Test::HTTP::Server->new();
my $baseuri = $server->uri;
for my $p (@PEOPLE)
{
my $discard;
my $rdf;
my @captured = capture_merged {
$Certificates{$p} = 'Web::ID::Certificate'->generate(
passphrase => 'secret',
subject_alt_names => [
Web::ID::SAN::URI->new(value => $baseuri.$p),
],
subject_cn => ucfirst($p),
rdf_output => \$rdf,
cert_output => \$discard,
)->pem
};
isa_ok($rdf, 'RDF::Trine::Model', tmpfile($p).' $rdf');
RDF::Trine::Serializer
-> new($p eq 'david' ? 'Turtle' : 'RDFXML')
-> serialize_model_to_file(tmpfile($p)->openw, $rdf);
}
for my $p (@PEOPLE)
{
my $webid = Web::ID->new(certificate => $Certificates{$p});
ok($webid->valid, $webid->uri);
}
tmpfile('carol')->remove; # bye, bye
my $carol = Web::ID->new(certificate => $Certificates{carol});
ok(!$carol->valid, 'bye, bye carol!');
do {
(my $data = tmpfile('eve')->slurp)
=~ s/exponent/component/g;
my $fh = tmpfile('eve')->openw;
print $fh $data;
};
my $eve = Web::ID->new(certificate => $Certificates{eve});
ok(!$eve->valid, 'eve is evil!');
tmpfile()->remove_tree;
ID.pm 000664 001750 001750 13556 12333472207 13514 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web package Web::ID;
use 5.010;
use utf8;
BEGIN {
$Web::ID::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::VERSION = '1.927';
}
use Web::ID::Types -types;
use Web::ID::Certificate;
use Web::ID::Util qw(:default uniq);
use Moose;
use namespace::sweep;
has certificate => (
is => read_only,
isa => Certificate,
required => true,
coerce => true,
);
has uri => (
is => read_only,
isa => Uri,
lazy_build => true,
coerce => true,
);
has profile => (
is => read_only,
isa => Model,
lazy_build => true,
);
has valid => (
is => read_only,
isa => Bool,
lazy_build => true,
);
has first_valid_san => (
is => read_only,
isa => San | Undef,
lazy_build => true,
);
sub _build_valid
{
my ($self) = @_;
return false unless $self->certificate->timely;
return true if defined $self->first_valid_san;
return false;
}
sub _build_uri
{
my ($self) = @_;
$self->first_valid_san->uri_object;
}
sub _build_profile
{
my ($self) = @_;
$self->first_valid_san->model;
}
sub _build_first_valid_san
{
my ($self) = @_;
my $cert = $self->certificate;
my @sans = @{ $cert->subject_alt_names };
foreach my $san (@sans)
{
foreach my $key ( $san->associated_keys )
{
return $san if $key->rsa_equal($cert);
}
}
return undef;
}
sub node
{
my ($self) = @_;
"RDF::Trine::Node::Resource"->new($self->uri.'');
}
sub get
{
my $self = shift;
my @pred = map {
if (blessed $_ and $_->isa("RDF::Trine::Node")) { $_ }
else { u $_ }
} @_;
my @results = uniq
map { $_->is_resource ? $_->uri : $_->literal_value }
grep { $_->is_literal or $_->is_resource }
$self->profile->objects_for_predicate_list($self->node, @pred);
wantarray ? @results : $results[0];
}
__PACKAGE__
__END__
=head1 NAME
Web::ID - implementation of WebID (a.k.a. FOAF+SSL)
=head1 SYNOPSIS
my $webid = Web::ID->new(certificate => $pem_encoded_x509);
if ($webid->valid)
{
say "Authenticated as: ", $webid->uri;
}
=head1 DESCRIPTION
WebID is a simple authentication protocol based on TLS (Transaction
Layer Security, better known as Secure Socket Layer, SSL) and the
Semantic Web. This module provides a Perl implementation for
authenticating clients using WebID.
For more information see the L document.
Bundled with this module are L, a
plugin for L to perform WebID authentication on HTTPS
connections; and L, a module that
allows you to generate WebID-enabled certificates that can be
installed into web browsers.
=head2 Constructor
=over
=item C<< new >>
Standard Moose-style constructor.
=back
=head2 Attributes
=over
=item C<< certificate >>
A L object representing and x509 certificate,
though a PEM-encoded string will be coerced.
This is usually the only attribute you want to pass to the constructor.
Allow the others to be built automatically.
=item C<< first_valid_san >>
Probably fairly uninteresting. This is the first subjectAltName value
found in the certificate that could be successfully authenticated
using Web::ID. An L object.
=item C<< uri >>
The URI associated with the first valid SAN. A L object.
This is a URI you can use to identify the person, organisation or
robotic poodle holding the certificate.
=item C<< profile >>
Data about the certificate holder. An L object.
Their FOAF file (probably).
=item C<< valid >>
Boolean.
=back
=head2 Methods
=over
=item C<< node >>
Returns the same as C, but as an L object.
=item C<< get(@predicates) >>
Queries the C for triples of the form:
$self->node $predicate $x .
And returns literal and URI values for $x, as strings.
C<< $predicate >> should be an L, or a string. If a
string, it will be expanded using L, so you
can do stuff like:
my $name = $webid->get('foaf:name', 'rdfs:label');
my @mboxes = $webid->get('foaf:mbox');
=back
=head1 BUGS
Please report any bugs to
L.
=head1 SEE ALSO
L.
L,
L.
L provides an access control system that complements WebID.
L is the spiritual ancestor of this module though
they share very little code, and have quite different APIs.
General WebID information:
L,
L,
L,
L.
Mailing list for general Perl RDF/SemWeb discussion and support:
L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 THANKS
Thanks to Kjetil Kjernsmo (cpan:KJETILK) for persuading me to port my old
CGI-specific implementaton of this to Plack.
Thanks Kjetil Kjernsmo (again), Florian Ragwitz (cpan:FLORA), and
Jonas Smedegaard for help with testing and advice on dependencies.
Thanks to Henry Story, Melvin Carvalho, Simon Reinhardt, Bruno Harbulot,
Ian Jacobi and many others for developing WebID from a poorly thought
out idea to a clever, yet simple and practical authentication protocol.
Thanks to Gregory Williams (cpan:GWILLIAMS), Tatsuhiko Miyagawa
(cpan:MIYAGAWA) and the Moose Cabal for providing really good platforms
(RDF::Trine, Plack and Moose respectively) to build this on.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Certificate.pm 000664 001750 001750 13561 12333472207 15732 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID package Web::ID::Certificate;
use 5.010;
use utf8;
BEGIN {
$Web::ID::Certificate::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::Certificate::VERSION = '1.927';
}
use Crypt::X509 0.50 (); # why the hell does this export anything?!
use DateTime 0;
use Digest::SHA qw(sha1_hex);
use MIME::Base64 0 qw(decode_base64);
use Web::ID::Types -types;
use Web::ID::SAN;
use Web::ID::SAN::Email;
use Web::ID::SAN::URI;
use Web::ID::Util qw(:default part);
# Partly sorts a list of Web::ID::SAN objects,
# prioritising URIs and Email addresses.
#
sub _sort_san
{
map { ref($_) eq 'ARRAY' ? (@$_) : () }
part {
if ($_->isa("Web::ID::SAN::URI")) { 0 }
elsif ($_->isa("Web::ID::SAN::Email")) { 1 }
else { 2 }
}
@_;
}
use Moose;
use namespace::sweep -also => '_sort_san';
has pem => (
is => read_only,
isa => Str,
required => true,
coerce => false,
);
has _der => (
is => read_only,
isa => Str,
required => true,
lazy_build => true,
);
has _x509 => (
is => read_only,
isa => Type::Utils::class_type({ class => "Crypt::X509" }),
lazy_build => true,
);
has public_key => (
is => read_only,
isa => Rsakey,
lazy_build => true,
handles => [qw(modulus exponent)],
);
has subject_alt_names => (
is => read_only,
isa => ArrayRef,
lazy_build => true,
);
has $_ => (
is => read_only,
isa => DateTime,
lazy_build => true,
coerce => true,
) for qw( not_before not_after );
has san_factory => (
is => read_only,
isa => CodeRef,
lazy_build => true,
);
has fingerprint => (
is => read_only,
isa => Str,
lazy_build => true,
);
sub _build_fingerprint
{
lc sha1_hex( shift->_der );
}
sub _build__der
{
my @lines = split /\n/, shift->pem;
decode_base64(join "\n", grep { !/--(BEGIN|END) CERTIFICATE--/ } @lines);
}
sub _build__x509
{
return "Crypt::X509"->new(cert => shift->_der);
}
sub _build_public_key
{
my ($self) = @_;
Rsakey->new($self->_x509->pubkey_components);
}
sub _build_subject_alt_names
{
my ($self) = @_;
my $factory = $self->san_factory;
[_sort_san(
map {
my ($type, $value) = split /=/, $_, 2;
$factory->(type => $type, value => $value);
}
@{ $self->_x509->SubjectAltName }
)];
}
sub _build_not_before
{
my ($self) = @_;
return $self->_x509->not_before;
}
sub _build_not_after
{
my ($self) = @_;
return $self->_x509->not_after;
}
my $default_san_factory = sub
{
my (%args) = @_;
my $class = {
uniformResourceIdentifier => 'Web::ID::SAN::URI',
rfc822Name => 'Web::ID::SAN::Email',
}->{ $args{type} }
// "Web::ID::SAN";
$class->new(%args);
};
sub _build_san_factory
{
return $default_san_factory;
}
sub timely
{
my ($self, $now) = @_;
$now //= DateTime->coerce('now');
return if $now > $self->not_after;
return if $now < $self->not_before;
return $self;
}
__PACKAGE__
__END__
=head1 NAME
Web::ID::Certificate - an x509 certificate
=head1 SYNOPSIS
my $cert = Web::ID::Certificate->new(pem => $pem_encoded_x509);
foreach (@{ $cert->subject_alt_names })
{
say "SAN: ", $_->type, " = ", $_->value;
}
=head1 DESCRIPTION
=head2 Constructor
=over
=item C<< new >>
Standard Moose-style constructor.
=back
=head2 Attributes
=over
=item C<< pem >>
A PEM-encoded string for the certificate.
This is usually the only attribute you want to pass to the constructor.
Allow the others to be built automatically.
=item C<< public_key >>
A L object.
=item C<< fingerprint >>
A string identifier for the certificate. It is the lower-cased
hexadecimal SHA1 hash of the DER-encoded certificate.
This is not used in WebID authentication, but may be used as an
identifier for the certificate if you need to keep it in a cache.
=item C<< not_before >>
L object indicating when the certificate started (or will
start) to be valid.
=item C<< not_after >>
L object indicating when the certificate will cease (or
has ceased) to be valid.
=item C<< subject_alt_names >>
An arrayref containing a list of subject alt names (L
objects) associated with the certificate. These are sorted in the order
they'll be tried for WebID authentication.
=item C<< san_factory >>
A coderef used for building L objects. It's very unlikely
you need to play with this - the default is probably OK. But changing this
is "supported" (in so much as any of this is supported).
The coderef is passed a hash (not hashref) along the lines of:
(
type => 'uniformResourceIdentifier',
value => 'http://example.com/id/alice',
)
=back
=head2 Methods
=over
=item C<< timely >>
Checks C and C against the current system time to
indicate whether the certifixate is temporally valid. Returns a boolean.
You can optionally pass it a L object to use instead of the
current system time.
=item C<< exponent >>
Delegated to the C attribute.
=item C<< modulus >>
Delegated to the C attribute.
=back
=head1 BUGS
Please report any bugs to
L.
=head1 SEE ALSO
L,
L,
L.
L - augments this class to add the
ability to generate new WebID certificates.
L provides a pure Perl X.509 certificate parser, and is
used internally by this module.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
FAQ.pod 000664 001750 001750 14113 12333472207 14257 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID =head1 NAME
Web::ID::FAQ - frequently asked questions about WebID
=head1 FREQUENTLY ASKED QUESTIONS
=head2 So what is WebID?
Web Identification and Discovery.
Firstly it's the concept of identifying people with HTTP URIs. URI
stands for Uniform Resource Identifier. While often used as identifiers
for web pages and other digital resources, they're just string
identifiers and may be used to identify anything - car parts, gorillas,
abstract concepts, and, yes, people.
WebID is also a protocol that allows websites to discover which URI
identifies you, using a secure certificate that is installed in your
browser.
=head2 URIs can identify non-digital resources?
Yes. Of course, if you type a URI which identifies a web page into a web
browser, you'd expect to see that web page (or an error message explaining
why you cannot), but if you type a URI which identifies a car part, don't
expect that spark plug to jump out of your screen into your hands.
URIs that identify non-digital resouces should either be unresolvable
(e.g. C<< urn:isbn:978-0099800200 >> which identifies a book - your
browser can't do anything with that URI); should produce an error message
explaining why the resource cannot be provided; or should redirect to
a digital resource (e.g. C<< http://example.com/id/alice >> might
identify Alice, and redirect to C<< http://example.com/data/alice >>
which is a document with information about Alice).
Further reading: I,
L.
=head2 So I can use WebID to limit who has access to my site?
On its own, no.
WebID allows a website to establish an identifier for a visitor,
but what the website does with that information (whether it uses
it to block access to certain resources) is beyond the scope of
WebID.
=head2 How does WebID work?
In summary, your browser establishes an HTTPS connection to a web
server. As part of the SSL/TLS handshake, the server can request
that the browser identifies itself with a certificate. Your browser
then sends your certificate to the server. This certificate includes
a URI that identifies you.
Behind the scenes, the server fetches that URI, and retrieves a
profile document about you (this document can include as much or as
little personal data about you as you like). This document uses the
RDF data model, and contains data that allows the server to verify
that the certificate exchanged as part of your HTTPS request really
belongs to you.
The user experience is that a WebID user visits a WebID-enabled site;
their browser prompts them to pick a certificate from the list of
installed certificates; they choose; the site knows who they are.
No passwords are required (though many browsers do offer the option
to protect the installed certificates with a password).
=head2 So WebID requires HTTPS?
WebID could theoretically be used over other SSL/TLS protocols, such as
OpenVPN, secure IMAP/POP3 connections, and so forth.
But yes, it only works over secure connections. Really, would you want to
be identifying yourself over an insecure channel?
=head2 How can I use WebID in Perl?
For Plack/PSGI-based websites, there exists a module
L to make things (relatively) easy.
It stuffs the client's WebID URI into C<< $env->{WEBID} >>.
For Catalyst-based websites, be aware that recent versions of
Catalyst are built on Plack. See L for details.
Otherwise, you need to use L directly. Assuming you've
configured your web server to request a client certificate from the
browser, and you've managed to get that client certificate into
Perl in PEM format, then it's just:
my $webid = Web::ID->new(certificate => $pem);
my $uri = $webid->uri;
And you have the URI.
What is PEM? Well, X509 certificates come in a variety of different
interrelated formats. PEM is a common one, and often what web servers
make available. If you have DER though, it's easy to convert it to
PEM:
my $pem = "\n-----BEGIN CERTIFICATE-----\n"
. encode_base64($der)
. "\n-----END CERTIFICATE-----\n";
If you have another format, then OpenSSL may be able to convert it.
Once you have the URI, you can use it as a plain old string identifier
for the user, whenever you need to identify them in databases, etc.
The C<< $webid >> object in the above example, or in the Plack
middleware, C<< $env->{WEBID_OBJECT} >>, is an object blessed into
the L package and will allow you to retrieve further
information about the user - their name, e-mail address, blog URL,
interests, friends, etc - depending on what information they've
chosen to include in their profile.
=head2 How does WebID compare to OpenID?
Both use URIs to identify people, however the way they choose their URIs
differs. In OpenID you use the same URI string to identify your blog or
homepage, and to identify yourself. In WebID you use different URIs to
identify different things - one URI for your blog, one for you.
In WebID you almost never have to type that URI - it's embedded into a
certificate in your browser's certificate store.
WebID doesn't require typing or passwords. This makes it more suitable
than OpenID for non-interactive processes (e.g. authenticated downloads
run via a cron job).
WebID requires a secure connection.
WebID is built upon the architecture of the Semantic Web.
=head1 SEE ALSO
L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
This FAQ document is additionally available under the Creative Commons
Attribution-ShareAlike 2.0 UK: England and Wales licence
L, and the GNU
Free Documentation License version 1.3, or at your option any later
version L.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
RSAKey.pm 000664 001750 001750 3232 12333472207 14560 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID package Web::ID::RSAKey;
use 5.010;
use utf8;
BEGIN {
$Web::ID::RSAKey::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::RSAKey::VERSION = '1.927';
}
use Web::ID::Types -types;
use Web::ID::Util;
use Moose;
use namespace::sweep;
for (qw( exponent modulus ))
{
has $_ => (
is => read_only,
isa => Bigint,
required => true,
coerce => true,
);
}
sub rsa_equal
{
my ($self, $other) = @_;
foreach (qw(exponent modulus))
{
my $m1 = $self->can($_) or return;
my $m2 = $other->can($_) or return;
return unless $self->$m1 == $other->$m2;
}
return true;
}
__PACKAGE__
__END__
=head1 NAME
Web::ID::RSAKey - an RSA key
=head1 DESCRIPTION
=head2 Constructor
=over
=item C<< new >>
Standard Moose-style constructor.
=back
=head2 Attributes
=over
=item C<< exponent >>
The exponent as a Math::BigInt object.
=item C<< modulus >>
The modulus as a Math::BigInt object.
=back
=head2 Methods
=over
=item C<< rsa_equal($that) >>
Returns true iff this key is the same as that key.
=back
=head1 BUGS
Please report any bugs to
L.
=head1 SEE ALSO
L, L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
SAN.pm 000664 001750 001750 5625 12333472207 14113 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID package Web::ID::SAN;
use 5.010;
use utf8;
BEGIN {
$Web::ID::SAN::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::SAN::VERSION = '1.927';
}
use Web::ID::Types -types;
use RDF::Query 2.900;
use URI 0;
use URI::Escape 0 qw/uri_escape/;
use Web::ID::RSAKey;
use Web::ID::Util;
use Moose;
use namespace::sweep;
has $_ => (
is => read_only,
isa => Str,
required => true,
coerce => false,
) for qw(type value);
has model => (
is => read_only,
isa => Model,
lazy_build => true,
);
has key_factory => (
is => read_only,
isa => CodeRef,
lazy_build => true,
);
sub _build_model
{
return Model->new;
}
my $default_key_factory = sub
{
my (%args) = @_;
return unless $args{exponent};
return unless $args{modulus};
Rsakey->new(%args);
};
sub _build_key_factory
{
return $default_key_factory;
}
sub uri_object
{
my ($self) = @_;
return Uri->coerce(sprintf 'urn:x-subject-alt-name:%s:%s', map {uri_escape $_} $self->type, $self->value);
}
sub to_string
{
my ($self) = @_;
sprintf('%s=%s', $self->type, $self->value);
}
sub associated_keys
{
return;
}
__PACKAGE__
__END__
=head1 NAME
Web::ID::SAN - represents a single name from a certificate's subjectAltName field
=head1 DESCRIPTION
=head2 Constructor
=over
=item C<< new >>
Standard Moose-style constructor.
=back
=head2 Attributes
=over
=item C<< type >>
Something like 'uniformResourceIdentifier' or 'rfc822Name'. A string.
=item C<< value >>
The name itself. A string.
=item C<< model >>
An RDF::Trine::Model representing data about the subject identified by
this name.
To be useful, the C needs to be buildable automatically given
C and C.
=item C<< key_factory >>
This is similar to the C found in L.
It's a coderef used to construct L objects.
=back
=head2 Methods
=over
=item C<< uri_object >>
Forces the name to take the form of a URI identifying the subject. It's
not always an especially interesting URI.
=item C<< to_string >>
A printable form of the name. Not always very pretty.
=item C<< associated_keys >>
Finds RSA keys associated with this name in C, and returns them as
a list of L objects.
=back
=head1 BUGS
Please report any bugs to
L.
=head1 SEE ALSO
L,
L,
L,
L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Types.pm 000664 001750 001750 4024 12333472207 14566 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID package Web::ID::Types;
use 5.010;
use strict;
use utf8;
BEGIN {
$Web::ID::Types::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::Types::VERSION = '1.927';
};
use Math::BigInt;
use RDF::Trine;
use Type::Library
-base,
-declare => qw[ Bigint Certificate Finger Model Rsakey San ];
use Type::Utils -all;
BEGIN { extends qw( Types::Standard Types::DateTime Types::URI ) };
class_type Bigint, { class => "Math::BigInt" };
coerce Bigint,
from Str, q { "Math::BigInt"->new($_) };
class_type Certificate, { class => "Web::ID::Certificate" };
coerce Certificate,
from HashRef, q { "Web::ID::Certificate"->new(%$_) },
from Str, q { "Web::ID::Certificate"->new(pem => $_) };
class_type Finger, { class => "WWW::Finger" };
coerce Finger,
from Str, q { (UNIVERSAL::can("WWW::Finger", "new") ? "WWW::Finger"->new($_) : undef) };
class_type Model, { class => "RDF::Trine::Model" };
class_type Rsakey, { class => "Web::ID::RSAKey" };
coerce Rsakey,
from HashRef, q { "Web::ID::RSAKey"->new(%$_) };
class_type San, { class => "Web::ID::SAN" };
__PACKAGE__
__END__
=head1 NAME
Web::ID::Types - type library for Web::ID and friends
=head1 DESCRIPTION
A L defining:
=head2 Types
=over
=item * C
=item * C
=item * C
=item * C
=item * C
=item * C
=back
... and re-exporting everything from L,
L, and L.
=head1 BUGS
Please report any bugs to
L.
=head1 SEE ALSO
L, L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Util.pm 000664 001750 001750 13143 12333472207 14421 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID package Web::ID::Util;
use 5.010;
use strict;
use utf8;
BEGIN {
$Web::ID::Util::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::Util::VERSION = '1.927';
}
use match::simple qw/match/;
use Carp qw/confess/;
use Math::BigInt 0 try => 'GMP';
use RDF::Trine::NamespaceMap;
use List::MoreUtils qw(:all !true !false);
use Exporter::Tiny;
our @EXPORT = qw(
make_bigint_from_node get_trine_model u uu
true false read_only read_write
);
our @EXPORT_OK = (
@EXPORT,
grep {!/^(true|false)$/} @List::MoreUtils::EXPORT_OK
);
our @ISA = qw( Exporter::Tiny );
use constant {
read_only => 'ro',
read_write => 'rw',
};
use constant {
true => !!1,
false => !!0,
};
sub u (;$)
{
state $namespaces //= RDF::Trine::NamespaceMap->new({
rdf => 'http://www.w3.org/1999/02/22-rdf-syntax-ns#',
rdfs => 'http://www.w3.org/2000/01/rdf-schema#',
owl => 'http://www.w3.org/2002/07/owl#',
xsd => 'http://www.w3.org/2001/XMLSchema#',
foaf => 'http://xmlns.com/foaf/0.1/',
cert => 'http://www.w3.org/ns/auth/cert#',
rsa => 'http://www.w3.org/ns/auth/rsa#',
});
if (@_)
{
my $rv = $namespaces->uri(@_)
or confess "couldn't expand term $_[0]";
return $rv;
}
return $namespaces;
}
sub uu ($)
{
return u(shift)->uri;
}
sub get_trine_model
{
my ($uri, $model) = @_;
$model //= "RDF::Trine::Model"->new;
eval {
"RDF::Trine::Parser"->parse_url_into_model($uri, $model);
};
return $model;
}
sub make_bigint_from_node
{
my ($node, %opts) = @_;
state $test_hex = [
uu('cert:hex'),
uu('xsd:hexBinary'),
];
state $test_unsigned = [
uu('cert:decimal'),
uu('cert:int'),
uu('xsd:unsignedLong'),
uu('xsd:unsignedInt'),
uu('xsd:unsignedShort'),
uu('xsd:unsignedByte'),
uu('xsd:positiveInteger'),
uu('xsd:nonNegitiveInteger'),
];
state $test_signed = [
uu('xsd:integer'),
uu('xsd:negitiveInteger'),
uu('xsd:nonPositiveInteger'),
uu('xsd:long'),
uu('xsd:short'),
uu('xsd:int'),
uu('xsd:byte'),
];
state $test_decimal = uu('xsd:decimal');
if ($node->is_literal)
{
for ($node->literal_datatype)
{
if (match $_, $test_hex)
{
( my $hex = $node->literal_value ) =~ s/[^0-9A-F]//ig;
return "Math::BigInt"->from_hex("0x$hex");
}
if (match $_, $test_unsigned)
{
( my $dec = $node->literal_value ) =~ s/[^0-9]//ig;
return "Math::BigInt"->new("$dec");
}
if (match $_, $test_signed)
{
( my $dec = $node->literal_value ) =~ s/[^0-9-]//ig;
return "Math::BigInt"->new("$dec");
}
if (match $_, $test_decimal)
{
my ($dec, $frac) = split /\./, $node->literal_value, 2;
warn "Ignoring fractional part of xsd:decimal number."
if defined $frac;
$dec =~ s/[^0-9-]//ig;
return "Math::BigInt"->new("$dec");
}
if (match $_, undef)
{
$opts{'fallback'} = $node;
}
}
}
if (defined( my $node = $opts{'fallback'} )
and $opts{'fallback'}->is_literal)
{
if ($opts{'fallback_type'} eq 'hex')
{
(my $hex = $node->literal_value) =~ s/[^0-9A-F]//ig;
return "Math::BigInt"->from_hex("0x$hex");
}
else # dec
{
my ($dec, $frac) = split /\./, $node->literal_value, 2;
warn "Ignoring fractional part of xsd:decimal number."
if defined $frac;
$dec =~ s/[^0-9]//ig;
return "Math::BigInt"->new("$dec");
}
}
return;
}
__PACKAGE__
__END__
=head1 NAME
Web::ID::Util - utility functions used in Web-ID
=head1 DESCRIPTION
These are utility functions which I found useful building Web-ID.
Many of them may also be useful creating the kind of apps that
Web-ID is used to authenticate for.
Here is a very brief summary. By B, they're B exported
to your namespace. (This module uses L so you get
pretty good control over what gets exported.)
=over
=item C - constant for true
=item C - constant for false
=item C - constant for string 'ro' (nice for Moose/Mouse)
=item C - constant for string 'rw' (nice for Moose/Mouse)
=item C<< get_trine_model($url) >> - fetches a URL and parses RDF into
an L
=item C<< u($curie) >> - expands a CURIE, returning an
L
=item C<< uu($curie) >> - as per C<< u($curie) >>, but returns string
=item C<< u() >> - called with no CURIE, returns the
L used to map CURIEs to URIs
=item C<< make_bigint_from_node($node, %options) >> - makes a L
object from a numeric L. Supports most datatypes
you'd care about, including hexadecimally ones.
Supported options are C which provides a fallback node which will
be used when C<< $node >> is non-literal; and C either 'dec'
or 'hex' which is used when parsing the fallback node, or if C<< $node >>
is a plain literal. (The actual datatype of the fallback node is ignored for
hysterical raisins.)
=back
Additionally, any function from L can be exported by request,
except C and C as they conflict with the constants above.
use Web::ID::Utils qw(:default uniq);
=head1 BUGS
I don't wanna hear about them unless they cause knock-on bugs for
L itself.
=head1 SEE ALSO
L,
L,
L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
WebID.pm 000664 001750 001750 16242 12333472207 17440 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Plack/Middleware/Auth package Plack::Middleware::Auth::WebID;
{
$Plack::Middleware::Auth::WebID::AUTHORITY = 'cpan:TOBYINK';
$Plack::Middleware::Auth::WebID::VERSION = '1.927';
}
use strict;
use base qw(Plack::Middleware);
use Plack::Util;;
use Plack::Util::Accessor qw(
webid_class
certificate_env_key
on_unauth
no_object_please
cache
);
my $default_unauth = sub
{
my ($self, $env) = @_;
$env->{WEBID} = Plack::Util::FALSE;
$env->{WEBID_OBJECT} = Plack::Util::FALSE;
$self->app->($env);
};
sub prepare_app
{
my ($self) = @_;
$self->certificate_env_key('SSL_CLIENT_CERT')
unless defined $self->certificate_env_key;
$self->webid_class('Web::ID')
unless defined $self->webid_class;
$self->on_unauth($default_unauth)
unless defined $self->on_unauth;
Plack::Util::load_class('Web::ID');
}
sub call
{
my ($self, $env) = @_;
my $unauth = $self->on_unauth;
my $cert = $env->{ $self->certificate_env_key }
or return $self->$unauth($env);
my ($webid, $was_cached) = $self->_get_webid($cert, $env);
if ($webid->valid)
{
$env->{WEBID} = $webid->uri . '';
$env->{WEBID_OBJECT} = $webid unless $self->no_object_please;
$env->{WEBID_CACHE_HIT} = $was_cached;
return $self->_run_app($env);
}
return $self->$unauth($env);
}
sub _run_app
{
my ($self, $env) = @_;
my $app = $self->app;
@_ = $env;
goto $app;
}
sub _get_webid
{
my ($self, $cert) = @_;
my $webid = $self->webid_class->new(certificate => $cert);
return ($webid, '') unless $self->cache;
# I know what you're thinking... what's the point in caching these
# objects, if we're already constructed it above?!
#
# Well, much of the heavy work for Web::ID is done in lazy builders.
# If we return a cached copy of the object, then we avoid running
# those builders again.
#
my $cached = $self->cache->get( $webid->certificate->fingerprint );
return ($cached, '1') if $cached;
$self->cache->set($webid->certificate->fingerprint, $webid);
return ($webid, '0');
}
__PACKAGE__
__END__
=head1 NAME
Plack::Middleware::Auth::WebID - authentication middleware for WebID
=head1 SYNOPSIS
use Plack::Builder;
my $app = sub { ... };
my $cache = CHI->new( ... );
sub unauthenticated
{
my ($self, $env) = @_;
return [
403,
[ 'Content-Type' => 'text/plain' ],
[ '403 Forbidden' ],
];
}
builder
{
enable "Auth::WebID",
cache => $cache,
on_unauth => \&unauthenticated;
$app;
};
=head1 DESCRIPTION
Plack::Middleware::Auth::WebID is a WebID handler for Plack.
If authentication is successful, then the handler sets C<< $env->{WEBID} >>
to the user's WebID URI, and sets C<< $env->{WEBID_OBJECT} >> to a
L object.
=begin private
=item call
=item prepare_app
=end private
=head1 CONFIGURATION
=over 4
=item cache
This may be set to an object that will act as a cache for Web::ID
objects.
Plack::Middleware::Auth::WebID does not care what package you use for
your caching needs. L, L and L should all
work. In fact, any package that provides a similar one-argument C
and a two-argument C ought to work. Which should you use? Well
CHI seems to be best, however it's Moose-based, so usually too slow
for CGI applications. Use Cache::Cache for CGI, and CHI otherwise.
You don't need to set a cache at all, but if there's no cache, then
reauthentication (which is computationally expensive) happens for
every request. Use of a cache with an expiration time of around 15
minutes should significantly speed up the responsiveness of a
WebID-secured site. (For forking servers you probably want a cache
that is shared between processes, such as a memcached cache.)
=item on_unauth
Coderef that will be called if authentication is not successful. You
can use this to return a "403 Forbidden" page for example, or try an
alternative authentication method.
The default coderef used will simply run the application as normal,
but setting C<< $env->{WEBID} >> to the empty string.
=item webid_class
Name of an alternative class to use for WebID authentication instead
of L. Note that any such class would need to provide a compatible
C constructor.
=item certificate_env_key
The key within C<< $env >> where Plack::Middleware::Auth::WebID can find
a PEM-encoded client SSL certificate.
Apache keeps this information in C<< $env->{'SSL_CLIENT_CERT'} >>, so
it should be no surprise that this setting defaults to 'SSL_CLIENT_CERT'.
=item no_object_please
Suppresses setting C<< $env->{WEBID_OBJECT} >>. C<< $env->{WEBID} >> will
still be set as usual.
=back
=head1 SERVER SUPPORT
WebID is an authentication system based on the Semantic Web and HTTPS.
It relies on client certificates (but not on certification authorities;
self-signed certificates are OK).
So for this authentication module to work...
=over
=item * You need to be using a server which supports HTTPS.
Many web PSGI web servers (e.g. HTTP::Server::Simple, Starman, etc) do
not support HTTPS natively. In some cases these are used with an HTTPS
proxy in front of them.
=item * Your HTTPS server needs to request a client certificate from the client.
=item * Your HTTPS server needs to expose the client certificate to Plack via C<< $env >>.
If you're using an HTTPS proxy in front of a non-HTTPS web server,
then you might need to be creative to find a way to forward this
information to your backend web server.
=item * The client browser needs to have a WebID-compatible certificate installed.
Nuff said.
=back
=head2 Apache2 (mod_perl and CGI)
The B directive can be used to tell Apache that you want it
to request a certificate from the client.
Apache is able to deposit the certifcate in an environment variable called
SSL_CLIENT_CERT. However by default it might not. Check out the B
directive and enable the C option, or if you're using mod_perl
try L.
=head2 Gepok
L is one of a very small number of PSGI-compatible web servers that
supports HTTPS natively. As of 0.20 it will request client certificates, but
you will need to use L in order to make
the certificate available in the PSGI C<< $env >> hashref.
=head1 BUGS
Please report any bugs to
L.
=head1 SEE ALSO
L, L, L.
General WebID information:
L,
L,
L,
L.
Apache mod_ssl:
L,
L,
L.
Gepok:
L,
L.
=head1 AUTHOR
Toby Inkster Etobyink@cpan.orgE.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Generator.pm 000664 001750 001750 21004 12333472207 17647 0 ustar 00tai tai 000000 000000 Web-ID-1.927/lib/Web/ID/Certificate package Web::ID::Certificate::Generator;
use 5.010;
use utf8;
BEGIN {
$Web::ID::Certificate::Generator::AUTHORITY = 'cpan:TOBYINK';
$Web::ID::Certificate::Generator::VERSION = '1.927';
}
use Moose::Util qw(apply_all_roles);
use File::Temp qw();
use Path::Tiny qw(path);
use RDF::Trine qw(statement blank iri literal);
use Web::ID::Certificate;
use Web::ID::Types -types;
use Web::ID::Util;
use Moose::Role;
use namespace::sweep;
sub import
{
apply_all_roles("Web::ID::Certificate", __PACKAGE__);
}
sub _openssl_path
{
require Web::ID::Util::FindOpenSSL;
path( Web::ID::Util::FindOpenSSL::find_openssl() );
}
sub generate
{
my ($class, %options) = @_;
my $openssl = (delete $options{openssl_path}) // $class->_openssl_path;
my $passphrase = (delete $options{passphrase})
or confess "need to provide passphrase option";
my $key_size = (delete $options{key_size}) // 1024;
my $sans = (delete $options{subject_alt_names})
or confess "need to provide subject_alt_names option";
my $not_after = (delete $options{not_after});
my $dest = (delete $options{cert_output})
or confess "need to provide cert_output option";
my $rdf_sink = (delete $options{rdf_output})
or confess "need to provide rdf_output option";
my %subject = (
C => delete $options{subject_country},
ST => delete $options{subject_region},
L => delete $options{subject_locality},
O => delete $options{subject_org},
CN => delete $options{subject_cn},
);
confess "need to provide subject_cn option" unless $subject{CN};
confess "unsupported options: ".(join q(, ), sort keys %options) if %options;
my $days = $not_after
? $not_after->delta_days( DateTime->coerce('now') )->days
: 365;
my $tempdir = path( File::Temp->newdir );
$tempdir->mkpath;
my $config = $tempdir->child('openssl.cnf')->openw;
say $config $_ for
q([req]),
q(default_bits = 1024),
q(default_keyfile = privkey.pem),
q(distinguished_name = req_distinguished_name),
q(x509_extensions = v3_ca),
q(prompt = no),
q(),
q([v3_ca]);
say $config
q(subjectAltName = ) .
join q(,),
map {
my $value = $_->value;
my $type = {
rfc822Name => 'email',
uniformResourceIdentifier => 'URI',
}->{ $_->type };
$type ? (join q(:), $type, $value) : ();
} @$sans;
say $config $_ for
q(),
q([req_distinguished_name]);
foreach (qw(C ST L O CN))
{
next unless (defined $subject{$_} and length $subject{$_});
say $config "$_ = ", $subject{$_};
}
close $config;
system(
$openssl,
"req",
"-newkey" => "rsa:".$key_size,
"-x509",
"-days" => $days,
"-config" => $tempdir->child('openssl.cnf'),
"-out" => $tempdir->child('cert.pem'),
"-keyout" => $tempdir->child('privkey.pem'),
"-passout" => "pass:".$passphrase,
);
system(
$openssl,
"pkcs12",
"-export",
"-in" => $tempdir->child('cert.pem'),
"-inkey" => $tempdir->child('privkey.pem'),
"-out" => $tempdir->child('cert.p12'),
"-name" => sprintf('%s <%s>', ($subject{CN}//'Unnamed'), $sans->[0]->value),
"-passin" => "pass:".$passphrase,
"-passout" => "pass:".$passphrase,
);
if (ref $dest eq 'SCALAR')
{
$$dest = $tempdir->child('cert.p12')->slurp;
}
elsif (ref $dest =~ m/^IO/)
{
my $p12 = $tempdir->child('cert.p12')->slurp;
print $dest $p12;
}
else
{
my $p12 = $tempdir->child('cert.p12')->slurp;
my $fh = path($dest)->openw;
print $fh $p12;
}
my ($on_triple, $on_done) = (sub {}, sub {});
if (ref $rdf_sink eq 'SCALAR')
{
$$rdf_sink = Model->new;
$on_triple = sub { $$rdf_sink->add_statement(statement(@_)) };
}
elsif (blessed($rdf_sink) and $rdf_sink->isa('RDF::Trine::Model'))
{
$on_triple = sub { $rdf_sink->add_statement(statement(@_)) };
}
else
{
my $model = Model->new;
my $fh = path($rdf_sink)->openw;
$on_triple = sub { $model->add_statement(statement(@_)) };
$on_done = sub { "RDF::Trine::Serializer"->new('RDFXML')->serialize_model_to_file($fh, $model) };
}
my $pem = $tempdir->child('cert.pem')->slurp;
my $cert = $class->new(pem => $pem);
my $hex = sub {
(my $h = shift->as_hex) =~ s/^0x//;
$h;
};
my $k = blank();
$on_triple->($k, u('rdf:type'), u('cert:RSAPublicKey'));
$on_triple->($k, u('cert:modulus'), literal($cert->modulus->$hex, undef, uu('xsd:hexBinary')));
$on_triple->($k, u('cert:exponent'), literal($cert->exponent->bstr, undef, uu('xsd:integer')));
foreach my $san (@$sans)
{
next unless $san->type eq 'uniformResourceIdentifier';
$on_triple->(iri($san->value), u('cert:key'), $k);
}
$on_done->();
$tempdir->remove_tree;
return $cert;
}
__PACKAGE__
__END__
=head1 NAME
Web::ID::Certificate::Generator - role for Web::ID::Certificate
=head1 SYNOPSIS
use Web::ID::Certificate::Generator;
my %options = (
cert_output => '/home/alice/webid.p12',
passphrase => 's3cr3t s0urc3',
rdf_output => '/home/alice/public_html/foaf.rdf',
subject_alt_names => [
Web::ID::SAN::URI->new(
value => 'http://example.com/~alice/foaf.rdf#me',
),
Web::ID::SAN::Email->new(
value => 'alice@example.com',
),
],
subject_name => 'Alice Jones',
subject_locality => 'Lewes',
subject_region => 'East Sussex',
subject_country => 'GB', # ISO 3166-1 alpha-2 code
);
my $cert = Web::ID::Certificate->generate(%options);
=head1 DESCRIPTION
This is a role that may be applied to L. It is not
consumed by Web::ID::Certificate by default as I was trying to avoid
tainting the class with the horror that's found in this role.
The C routine of this package applies the role to
Web::ID::Certificate, so it is sufficient to do:
use Web::ID::Certificate::Generator;
You don't need to muck around with C yourself.
=head2 Constructor
=over
=item C<< generate(%options) >>
Generates a brand new WebID-enabled certificate.
=back
=head2 Options
The following options can be passed to C