verify results from the CPAN

verify

App-MatrixTool

view release on metacpan or search on metacpan

lib/App/MatrixTool/Command/notary.pm view on Meta::CPAN


package App::MatrixTool::Command::notary;

use strict;
use warnings;
use base qw( App::MatrixTool );

our $VERSION = '0.08';

use MIME::Base64 qw( decode_base64 );
use Protocol::Matrix qw( verify_json_signature );

use constant DESCRIPTION => "Fetch a server's signing key via another server";
use constant ARGUMENTS => ( "server_name", "via" );

=head1 NAME

matrixtool notary - Fetch a server's signing key via another server

=head1 SYNOPSIS

lib/App/MatrixTool/Command/notary.pm view on Meta::CPAN

   my ( $server_name, $via ) = @_;

   $self->get_key_notary_v2( $server_name, $via )->then( sub {
      my ( $result ) = @_;

      $self->output( "Keys from $result->{server_name} via notary $via" );
      $self->output();

      my $store = $self->server_key_store;

      foreach my $key_id ( keys %{ $result->{verify_keys} } ) {
         my $key = decode_base64 $result->{verify_keys}{$key_id}{key};

         $self->output( "Key id $key_id" );
         $self->output( "  " . $self->format_binary( $key ) );

         my $ok;
         foreach my $signing_server ( keys %{ $result->{signatures} } ) {
            foreach my $signing_key_id ( keys %{ $result->{signatures}{$signing_server} } ) {
               my $signing_key = $store->get( server => $signing_server, id => $key_id );
               next unless defined $signing_key;

               my $verified = eval { verify_json_signature( $result,
                  public_key => $signing_key,
                  origin     => $signing_server,
                  key_id     => $signing_key_id,
               ); 1 };

               $verified or
                  $self->output_check_failure( "Signature verification failed for server_name=$signing_server key_id=$signing_key_id" );

               $verified and $ok++,
                  $self->output_ok( "Verified using server_name=$signing_server key_id=$signing_key_id" );

lib/App/MatrixTool/Command/server_key.pm view on Meta::CPAN


package App::MatrixTool::Command::server_key;

use strict;
use warnings;
use base qw( App::MatrixTool );

our $VERSION = '0.08';

use MIME::Base64 qw( decode_base64 );
use Protocol::Matrix qw( verify_json_signature );

use Net::Async::HTTP;
Net::Async::HTTP->VERSION( '0.40' ); # ->request on_ready

use constant SHA256_ALGO => do {
   require Net::SSLeay;
   Net::SSLeay::SSLeay_add_ssl_algorithms();
   Net::SSLeay::EVP_get_digestbyname( "sha256" );
};

lib/App/MatrixTool/Command/server_key.pm view on Meta::CPAN

      my $bio = Net::SSLeay::BIO_new( Net::SSLeay::BIO_s_mem() );
      Net::SSLeay::BIO_write( $bio, decode_base64 $body->{tls_certificate} );

      my $got_cert = Net::SSLeay::d2i_X509_bio( $bio ) or
         die Net::SSLeay::print_errs("d2i_X509_bio");

      Net::SSLeay::X509_digest( $server_cert, SHA256_ALGO ) eq Net::SSLeay::X509_digest( $got_cert, SHA256_ALGO )
         ? $self->output_ok( "TLS certificate fingerprint matches (SHA-256)" )
         : $self->output_check_failure( "TLS certificate fingerprint does not match" );

      my $keys = $body->{verify_keys};
      my @keys = map { { id => $_, key => decode_base64 $keys->{$_} } } sort keys %$keys;

      $self->verify( $body, @keys );

      Future->done(
         version     => "v1",
         server_name => $body->{server_name},
         keys        => \@keys,
      );
   });
}

sub get_key_v2

lib/App/MatrixTool/Command/server_key.pm view on Meta::CPAN

         $self->output_check_failure( "Returned server_name does not match" );

      my $fprint_ok;
      foreach ( @{ $body->{tls_fingerprints} } ) {
         $_->{sha256} or next;
         decode_base64( $_->{sha256} ) eq $fingerprint and $fprint_ok++, last;
      }
      $fprint_ok ? $self->output_ok( "TLS fingerprint matches (SHA-256)" )
         : $self->output_check_failure( "TLS fingerprint does not match any listed" );

      my $keys = $body->{verify_keys};
      my @keys = map { { id => $_, key => decode_base64 $keys->{$_}{key} } } sort keys %$keys;

      $self->verify( $body, @keys );

      Future->done(
         version     => "v2",
         server_name => $body->{server_name},
         keys        => \@keys,
      );
   });
}

sub verify
{
   my $self = shift;
   my ( $body, @keys ) = @_;

   my %keys_by_id = map { $_->{id} => $_->{key} } @keys;

   my $ok;
   foreach my $origin ( sort keys %{ $body->{signatures} } ) {
      foreach my $key_id ( sort keys %{ $body->{signatures}{$origin} } ) {
         my $key = $keys_by_id{$key_id} or do {
            $self->output_info( "Skipping origin=$origin key_id=$key_id as there is no useable public key" );
            next;
         };

         my $verified = eval { verify_json_signature( $body,
            public_key => $key,
            origin     => $origin,
            key_id     => $key_id,
         ); 1 };

         $verified or
            $self->output_check_failure( "Signature verification failed for origin=$origin key_id=$key_id" );

         $verified and $ok++,
            $self->output_ok( "Verified using origin=$origin key_id=$key_id" );

lib/App/MatrixTool/HTTPClient.pm view on Meta::CPAN


sub ua
{
   my $self = shift;
   return $self->{ua} ||= do {
      require IO::Async::SSL;
      require Net::Async::HTTP;
      require HTTP::Request;

      my $ua = Net::Async::HTTP->new(
         SSL_verify_mode => 0,
         fail_on_error => 1,  # turn 4xx/5xx errors into Future failures
      );

      $self->{loop}->add( $ua );
      $ua;
   };
}

=head2 resolve_matrix

( run in 1.166 second using v1.01-cache-2.11-cpan-e1769b4cff6 )