File Coverage

blib/lib/Authen/HTTP/Signature/Method/RSA.pm

Criterion	Covered	Total	%
statement	21	27	77.7
branch	0	2	0.0
condition			n/a
subroutine	7	8	87.5
pod			n/a
total	28	37	75.6

line	stmt	bran	sub	time	code
1					package Authen::HTTP::Signature::Method::RSA;
2
3	2		2	12	use strict;
	2			5
	2			85
4	2		2	13	use warnings;
	2			3
	2			68
5
6	2		2	58	use 5.010;
	2			7
	2			89
7
8	2		2	11	use Moo;
	2			4
	2			16
9	2		2	2565	use Crypt::OpenSSL::RSA;
	2			20008
	2			234
10	2		2	1817	use MIME::Base64 qw(encode_base64 decode_base64);
	2			2097
	2			168
11	2		2	15	use Carp qw(confess);
	2			5
	2			1311
12
13					=head1 NAME
14
15					Crypt::HTTP::Signature::Method::RSA - Compute digest using asymmetric keys
16
17					=cut
18
19					our $VERSION = '0.02';
20
21					=head1 PURPOSE
22
23					This class uses asymmetric RSA keys to compute a HTTP signature digest. It implements the
24					RSA-SHA{1, 256, 512} algorithms.
25
26					=head1 ATTRIBUTES
27
28					=over
29
30					=item key
31
32					Holds the key data. This should be a string that L can instantiate into
33					a private or public key.
34
35					If the operation is C, then this attribute must hold a private key.
36					In other words, the string this attribute holds should start with
37
38					-----BEGIN RSA PRIVATE KEY-----
39
40
41					If the operation is C, then this attribute must hold a public key.
42					In other words, the string this attribute holds should start with
43
44					-----BEGIN PUBLIC KEY-----
45
46					=back
47
48					=cut
49
50					has 'key' => (
51					is => 'ro',
52					required => 1,
53					);
54
55					=over
56
57					=item data
58
59					Holds the data to be signed or verified. This is typically the C attribute
60					from L. Read-only. Required.
61
62					=back
63
64					=cut
65
66					has 'data' => (
67					is => 'ro',
68					required => 1,
69					);
70
71					=over
72
73					=item hash
74
75					Digest algorithm. Read-only. Required.
76
77					=back
78
79					=cut
80
81					has 'hash' => (
82					is => 'ro',
83					required => 1,
84					);
85
86					=head1 METHODS
87
88					=over
89
90					=item sign()
91
92					Signs C using C.
93
94					Returns a base 64 encoded signature.
95
96					=back
97
98					=cut
99
100					sub sign {
101	0		0		my $self = shift;
102
103	0				my $key = Crypt::OpenSSL::RSA->new_private_key($self->key);
104	0	0			confess "I don't have a key!" unless $key;
105
106	0				$self->_set_digest($key);
107
108	0				my $s = $key->sign($self->data);
109
110					# pass empty string as second arg to prevent line breaks in stream
111	0				return encode_base64($s, "");
112					}
113
114					sub _set_digest {
115					my $self = shift;
116					my $key = shift;
117
118					for ( $self->hash ) {
119					when ( /sha1/ ) {
120					$key->use_sha1_hash();
121					}
122					when ( /sha256/ ) {
123					$key->use_sha256_hash();
124					}
125					when ( /sha512/ ) {
126					$key->use_sha512_hash();
127					}
128					}
129					}
130
131					=over
132
133					=item verify()
134
135					This method validates a signature was generated by a specific private key by using the corresponding
136					public key.
137
138					Takes a Base64 encoded signature string as input.
139
140					Returns a boolean.
141
142					=back
143
144					=cut
145
146					sub verify {
147					my $self = shift;
148					my $signature = shift;
149
150					confess "I don't have a signature to verify!" unless $signature;
151
152					my $key = Crypt::OpenSSL::RSA->new_public_key($self->key);
153					confess "I don't have a key!" unless $key;
154
155					$self->_set_digest($key);
156
157					return $key->verify($self->data, decode_base64( $signature ));
158					}
159
160					=head1 SEE ALSO
161
162					L
163
164					=cut
165
166					1;