Source

p5-rdf-crypt / lib / RDF / Crypt / Signer.pm

Full commit
package RDF::Crypt::Signer;

use 5.010;
use Any::Moose;
with qw(
	RDF::Crypt::Role::WithPrivateKey
	RDF::Crypt::Role::DoesVerify
	RDF::Crypt::Role::DoesSign	
	RDF::Crypt::Role::StandardSignatureMarkers
	RDF::Crypt::Role::ToString
);

use MIME::Base64 qw(
	encode_base64
	decode_base64
);

use namespace::clean;
use constant SIG_MARK => 'CANONICAL_SIGNATURE';  # DRY violation!

BEGIN {
	$RDF::Crypt::Signer::AUTHORITY = 'cpan:TOBYINK';
	$RDF::Crypt::Signer::VERSION   = '0.002';
}

sub sign_bytes
{
	my ($self, $text) = @_;
	encode_base64(
		$self->private_key->sign($text),
		q(),
	);
}

sub verify_bytes
{
	my ($self, $text, $signature) = @_;
	!!$self->private_key->verify(
		$text,
		decode_base64($signature),
	);
}

1;

=head1 NAME

RDF::Crypt::Signer - signs RDF graphs with RSA

=head1 DESCRIPTION

A Signer object is created using an RSA private key. The object can be used
to sign multiple RDF graphs. The signature should be independent of the RDF
serialisation used, so that Turtle and RDF/XML files containing equivalent
triples should generate the same signature.

RDF::Crypt::Signer is a subclass of RDF::Crypt::Verifier, and can thus
also be used to verify signatures using the private key of the signer. See
L<RDF::Crypt::Verifier> for details of the verification methods.

=head2 Constructors

=over

=item C<< new_from_file($file) >>

Given a filename containing a DER or PEM encoded RSA private key, constructs
a Signer object.

=item C<< new_from_string($str) >>

Given a string containing a DER or PEM encoded RSA private key, constructs
a Signer object.

=item C<< new_from_privkey($key) >>

Given a L<Crypt::OpenSSL::RSA> private key object, constructs a Signer object.

=back

=head2 Object Methods

=over

=item C<< sign_model($model) >>

Given an L<RDF::Trine::Model>, returns a signature as a string.

The model is converted to a canonicalised N-Triples representation (see
L<RDF::Trine::Serializer::NTriples::Canonical>) with any triples that
cannot be canonicalised being truncated. This representation is then
signed using an MD5 digest, and the resulting binary signature encoded
using base64.

=item C<< generate_manifest($webid, \@urls) >>

Given a WebID that people can use to recover your public key, and a
list of URLs that need signing, signs each and returns an
L<RDF::Trine::Model> containing the results of processing. This
can be serialised as, say, Turtle to act as an endorsement for
a bunch of RDF graphs.

=item C<< sign_embed_turtle($turtle, $baseuri) >>

Parses the given Turtle into a model, generates a signature for that
and then returns the original Turtle with the signature embedded as
a comment. This allows the signature to sit in the same file as the
data itself.

The base URI is used to resolve any relative URI references. Note that
if a different base URI is provided when verifying the signature, this
may cause verification to fail. The base URI is optional.

=item C<< sign_embed_rdfxml($xml, $baseuri) >>

As per C<sign_embed_turtle>, but RDF/XML.

=item C<< sign_embed_rdfa($html, $baseuri, \%config) >>

Similar to C<sign_embed_turtle> and C<sign_embed_rdfxml>. The base
URI is required. A set of configuration options may be provided,
which will be passed along to L<RDF::RDFa::Parser>'s constructor.

Rather than storing the signature as an XML/HTML comment, the
signature is stored on the root element as an attribute.

=item C<< sign_text($str) >>

Bonus method - signs a literal string which may or may not have anything
to do with RDF.

=back

=head1 SEE ALSO

L<RDF::Crypt::Verifier>.

=head1 BUGS

Please report any bugs to L<http://rt.cpan.org/>.

=head1 AUTHOR

Toby Inkster E<lt>tobyink@cpan.orgE<gt>.

=head1 COPYRIGHT

Copyright 2010 Toby Inkster

This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.

=cut