App-CamelPKI
view release on metacpan or search on metacpan
lib/App/CamelPKI/SysV/Apache.pm view on Meta::CPAN
=head2 test_php_directory()
=head2 test_php_directory($dir)
=head2 test_php_directory(undef)
Gets, sets or disables the test PHP script directory in this instance
of I<App::CamelPKI::SysV::Apache>. The default is to disable this feature,
which only serves for Camel-PKI's self-tests (unit and integration).
The value of I<test_php_directory> is persisted to disk, so that it need
not be reset at each construction. It only takes effect the next time
the server is restarted with L</start>.
=head2 has_camel_pki()
=head2 has_camel_pki($boolean)
Gets or sets the "has App-PKI" flag, which defaults to true.
Instances of I<App::CamelPKI::SysV::Apache> that have I<has_camel_pki()> set
to false do not contain the Camel-PKI application. Again, this is only
useful for tests.
The value of I<has_camel_pki> is persisted to disk, so that it need not
be reset at each construction. It only takes effect the next time the
server is restarted with L</start>.
=cut
{
my %defaults =
(https_port =>
(IO::Socket::INET->new(LocalPort => 443, ReuseAddr => 1) ?
443 : 3443),
test_php_directory => undef,
has_camel_pki => 1);
foreach my $persistent_field (keys %defaults) {
my $getsetter = sub {
my ($self, @set) = @_;
if (@set) {
($self->{$persistent_field}) = @set;
$self->_write_config_file(); # Persist
}
unless (exists($self->{$persistent_field})) {
$self->{$persistent_field} = $defaults{$persistent_field};
}
return $self->{$persistent_field};
};
no strict "refs"; *{$persistent_field} = $getsetter;
}
}
=head2 set_keys(-certificate => $cert, -key => $key,
-certification_chain => \@chain)
Installs key material that will allow this Apache daemon to
authenticate itself to its HTTP/S clients ($cert and $key, which must
be instances of L<App::CamelPKI::Certificate> and L<App::CamelPKI::PrivateKey>
respectively), and also to verify the identity of HTTP/S clients that
themselves use a certificate (@chain, which is a list of instances of
L<App::CamelPKI::Certificate>; see also L</update_crl>). If $cert is a
self-signed certificate, C<-certification_chain> and its parameter
\@chain may be omitted.
=cut
sub set_keys {
throw App::CamelPKI::Error::Internal("WRONG_NUMBER_ARGS")
unless (@_ % 2);
my ($self, %keys) = @_;
while(my ($k, $v) = each %keys) {
if ($k eq "-certificate") {
write_file($self->_certificate_filename, $v->serialize());
} elsif ($k eq "-key") {
write_file($self->_key_filename, $v->serialize());
} elsif ($k eq "-certification_chain") {
write_file($self->_ca_bundle_filename,
join("", map { $_->serialize } @$v));
} else {
throw App::CamelPKI::Error::Internal
("INCORRECT_ARGS",
-details => "Unknown named option $k");
}
}
}
=head2 is_operational()
Returns true if and only if the ad-hoc cryptographic material has been
added to this Web server using L</set_keys>.
=cut
# The above POD is ambiguous on purpose: ->is_operational may someday
# return true even if there is no CA chain available.
sub is_operational {
my ($self) = @_;
-r $self->_key_filename && -r $self->_certificate_filename &&
-r $self->_ca_bundle_filename;
}
=head2 certificate()
Returns the Web server's SSL certificate, as an instance of
L<App::CamelPKI::Certificate>.
=cut
sub certificate {
App::CamelPKI::Certificate->load(shift->_certificate_filename);
}
=head2 update_crl($crl)
Given $crl, an instance of L<App::CamelPKI::CRL>, verifies the signature
thereof and stores it into this Apache server if and only if it
matches one of the CAs previously installed using L</set_keys>'
C<-certificate_chain> named option, B<and> $crl is older than any CRL
previously added with I<update_crl()>. If these security checks are
( run in 0.914 second using v1.01-cache-2.11-cpan-75ffa21a3d4 )