Authen-NZRealMe
view release on metacpan or search on metacpan
lib/Authen/NZRealMe/ServiceProvider/CertFactory.pm view on Meta::CPAN
%args = $class->_prompt_for_parameters(\%args) or exit 1;
_check_args(\%args);
$args{conf_dir} = $conf_dir;
die "'$conf_dir' is not a directory\n" unless -d "$conf_dir/.";
$args{domain} =~ s/^(www|secure)[.]//;
my $key_file = "$conf_dir/sp-sign-key.pem";
_generate_private_key($key_file);
_generate_certificate('sig', $key_file, \%args);
$key_file = "$conf_dir/sp-ssl-key.pem";
_generate_private_key($key_file);
_generate_certificate('ssl', $key_file, \%args);
if(not $args{self_signed}) {
print "\nSuccessfully generated two certificate signing requests.\n"
. "You can dump the CSR contents to confirm with:\n\n"
. " openssl req -in sp-sign.csr -text\n"
. " openssl req -in sp-ssl.csr -text\n\n"
. "Once you have the certificates signed, save them as\n"
. "sp-sign-crt.pem and sp-ssl-crt.pem\n";
}
lib/Authen/NZRealMe/ServiceProvider/CertFactory.pm view on Meta::CPAN
while(1) {
my $resp = $term->readline($prompt, $default);
next unless defined $resp;
return 1 if $resp =~ /^(y|yes)$/i;
return 0 if $resp =~ /^(n|no)$/i;
}
}
sub _generate_private_key {
my($key_path) = @_;
system('openssl', 'genrsa', '-out', $key_path, '2048') == 0
or exit 1;
}
sub _generate_certificate {
my($type, $key_path, $args) = @_;
lib/Authen/NZRealMe/XMLEnc.pm view on Meta::CPAN
my $algorithm_ns = $xc->findvalue(
'./xenc:EncryptionMethod/@Algorithm', $encrypted_key
) or die "Unable to find Algorithm in <EncryptedKey>";
my $algorithm = $self->_find_enc_alg($algorithm_ns);
my $b64_value = $xc->findvalue(
'./xenc:CipherData/xenc:CipherValue', $encrypted_key
) or die "Unable to find <CipherData><CipherValue> for <EncryptedKey>";
my $ciphertext = decode_base64($b64_value);
return $self->_decrypt($algorithm, $self->rsa_private_key, $ciphertext);
}
sub _encrypt_bytes {
my($self, $algorithm, @args) = @_;
my $method = $algorithm->{encrypt_method}
or die "no encrypt_method for $algorithm->{name}";
$self->$method(@args);
}
sub rsa_private_key {
my($self) = @_;
return Crypt::OpenSSL::RSA->new_private_key($self->key_text);
}
sub rsa_public_key {
my($self) = @_;
return Crypt::OpenSSL::RSA->new_public_key($self->pub_key_text);
}
lib/Authen/NZRealMe/XMLEnc.pm view on Meta::CPAN
}
1;
__END__
=head1 SYNOPSIS
my $decrypter = Authen::NZRealMe->class_for('xml_encrypter')->new(
pub_cert_file => $self->signing_cert_pathname,
key_file => $path_to_private_key_file,
);
my $xml = $decrypter->decrypt_encrypted_data_elements($xml);
=head1 METHODS
=head2 new( )
Constructor. Generally called indirectly via the
L<Authen::NZRealMe::ServiceProvider/resolve_posted_assertion> method, which
lib/Authen/NZRealMe/XMLEnc.pm view on Meta::CPAN
'pub_key_text' argument to the constructor, or indirectly with the
'pub_cert_text' or 'pub_cert_file' arguments.
=head2 register_encryption_algorithm
Used at module-load-time to register handler methods for each supported
encryption algorithm - i.e.: the method is called once per algorithm. A
sub-class which added support for addition algorithms would need to ensure that
this routine is called for each.
=head2 rsa_private_key
Accessor method which returns a L<Crypt::OpenSSL::RSA> private key object
using the C<key_text> method.
=head2 rsa_public_key
Accessor method which returns a L<Crypt::OpenSSL::RSA> public key object
using the C<pub_key_text> method.
=head1 SUPPORTED ALGORITHMS
lib/Authen/NZRealMe/XMLSig.pm view on Meta::CPAN
my($self, $plaintext, $bin_sig) = @_;
my $rsa_pub_key = Crypt::OpenSSL::RSA->new_public_key($self->pub_key_text);
$rsa_pub_key->use_pkcs1_oaep_padding();
$rsa_pub_key->use_sha256_hash();
return $rsa_pub_key->verify($plaintext, $bin_sig);
}
sub _create_signature_rsa_sha1 {
my($self, $plaintext) = @_;
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($self->key_text);
$rsa_key->use_pkcs1_padding();
$rsa_key->use_sha1_hash();
return $rsa_key->sign($plaintext);
}
sub _create_signature_rsa_sha256 {
my($self, $plaintext) = @_;
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($self->key_text);
$rsa_key->use_pkcs1_oaep_padding();
$rsa_key->use_sha256_hash();
return $rsa_key->sign($plaintext);
}
1;
__END__
=head1 SYNOPSIS
my $signer = Authen::NZRealMe->class_for('xml_signer')->new(
key_file => $path_to_private_key_file,
);
my $signed_xml = $signer->sign($xml, $target_id);
my $verifier = Authen::NZRealMe->class_for('xml_signer')->new(
pub_cert_text => $self->signing_cert_pem_data(),
);
$verifier->verify($xml);
t/30-xml-sigs-sha1.t view on Meta::CPAN
is($sha1_digest, $digest_from_xml, 'manual digest matches digest from sig');
my($sig_value_from_xml) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignatureValue}
);
$sig_value_from_xml =~ s/\s+//g;
my($sig_info) = $xc->findnodes(q{//DSIG:Signature/DSIG:SignedInfo});
my $plaintext = $sig_info->toStringEC14N(0, '', [$dsig_ns]);
my($key_text) = slurp_file($key_file);
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text);
$rsa_key->use_pkcs1_padding();
my $bin_signature = $rsa_key->sign($plaintext);
my $sig_value = encode_base64($bin_signature, '');
is($sig_value, $sig_value_from_xml, 'base64 encoded signature');
##############################################################################
# Verify a signature
t/32-xml-sigs-sha256.t view on Meta::CPAN
is($sha1_digest, $digest_from_xml, 'manual digest matches digest from sig');
my($sig_value_from_xml) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignatureValue}
);
$sig_value_from_xml =~ s/\s+//g;
my($sig_info) = $xc->findnodes(q{//DSIG:Signature/DSIG:SignedInfo});
my $plaintext = $sig_info->toStringEC14N(0, '', [$dsig_ns]);
my($key_text) = slurp_file($key_file);
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text);
$rsa_key->use_pkcs1_oaep_padding();
$rsa_key->use_sha256_hash();
my $bin_signature = $rsa_key->sign($plaintext);
my $sig_value = encode_base64($bin_signature, '');
is($sig_value, $sig_value_from_xml, 'base64 encoded signature');
##############################################################################
# Verify a signature
( run in 0.254 second using v1.01-cache-2.11-cpan-4d50c553e7e )