• Your recent searches
Apache-AppSamurai
6 results

 view release on metacpan or  search on metacpan

Build.PL  view on Meta::CPAN 

    print STDERR "mod_perl not detected: Setting requirements for mod_perl 2.x\n";
}

# Try to find a supported cipher module now.  If none
# are present, Crypt::Rijndael is set as a requirement.
# No requirement set otherwise.  (Recommendation will still appear)
my @blockciphers = ('Crypt::Rijndael', 'Crypt::OpenSSL::AES', 'Crypt::Twofish',  'Crypt::Blowfish');
my $bc;
while ($bc = shift @blockciphers) {
    if (eval{requires $bc;}) {
	print STDERR "$bc detected: Crypt::CBC block cipher needs met\n";
	last;
    }
}

if (scalar @blockciphers) {
    push(@extrareq, 'Crypt::Rijndael', 0);
    print STDERR "No suitable block ciphers detected. Setting requirement for Crypt::Rijndael\n";
}

 # Add extra processing to install example files

Build.PL  view on Meta::CPAN 

			  requires => {
			      'Test::More'   => 0,
			      'CGI::Cookie'  => 0,
			      'URI'          => 0,
			      'Time::HiRes'  => 0,
			      'MIME::Base64' => 0,
			      'Carp'         => 0,
			      'Apache::Session' => 0,
			      'Digest::SHA'  => 0,
			      'Storable'     => 0,
			      'Crypt::CBC' => 2.17,
			      @extrareq
			  },
			  add_to_cleanup      => [ 'Apache-AppSamurai-*' ],
			  recommends => {
			      'Crypt::OpenSSL::AES' => 0, # Needs one
			      'Crypt::Twofish'      => 0, # good block cipher
			      'Crypt::Blowfish'     => 0, # for Crypt::CBC to
			      'Crypt::Rijndael'     => 0, # use.
			      'Apache::Test'        => 0, # Full tests
			      'LWP::UserAgent'      => 0, # AuthBasic.pm
			      'HTTP::Request'       => 0, # AuthBasic.pm
			      'Authen::Radius'      => 0, # AuthRadius.pm
			      'Authen::Simple'      => 0, # AuthSimple.pm
			  },
			  auto_features => {
			      Apache_Test_support =>
			      {

Changes  view on Meta::CPAN 


        * Added AuthSimple.pm, a authentication module for the
          Authen::Simple authentication framework, which supports
          numerous authentication methods (Kerberos, LDAP, PAM, etc.)

	* Changed Build.PL to attempt to pre-detect mod_perl version
          installed, adding requirement for mod_perl 2 if nothing is
          found

        * Changed Build.PL to attempt to pre-detect cipher module
          for use with Crypt::CBC, adding requirement for
          Crypt::Rijndael if none are found

        * Added "use warnings" to all modules

	* Added Pod test (Pod Coverage test left disabled until more methods
          are documented or set to ignore)
 
1.00	2007-10-01
	First release with Apache 2.x/mod_perl 2.x support.  Changes
	include:
	
	* Unified Apache 1.x/mod_perl 1.x and Apache 2.x/mod_perl 2.x
	  support (adds requirement for libapreq)

	* mod_perl 1.x/mod_perl 2.x examples in Apache::AppSamurai
	  documentation and a unified example in examples/conf/

	* Crypt::CBC used for session data encryption with support for
	  for Crypt::Rijndael, Crypt::OpenSSL::AES, Crypt::Twofish, or
	  Crypt::Blowfish as the backend block cipher module.

	* Added SessionSerializeCipher option to specify the block cipher
	  module to use.  (If undefined, Apache::AppSamurai attempts to
	  auto-detect a suitable module.)

	* Ships with ExtUtils::MakeMaker Makefile.PL for users without
	  Module::Build. (Module::Build install is still preferred)

META.yml  view on Meta::CPAN 

resources:
  MailingList: mailto:appsamurai-misc@lists.sourceforge.net
  bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Apache-AppSamurai
  homepage: http://appsamurai.sourceforge.net
  license: http://dev.perl.org/licenses/
requires:
  Apache::Request: 0
  Apache::Session: 0
  CGI::Cookie: 0
  Carp: 0
  Crypt::CBC: 2.17
  Digest::SHA: 0
  MIME::Base64: 0
  Storable: 0
  Test::More: 0
  Time::HiRes: 0
  URI: 0
  mod_perl: 1.07
recommends:
  Apache::Test: 0
  Authen::Radius: 0

lib/Apache/AppSamurai.pm  view on Meta::CPAN 

L<Apache::AppSamurai::Session::Serialize::CryptBase64|Apache::AppSamurai::Session::Serialize::CryptBase64>
This special module uses server key and a session authentication key to
encrypt session data using a block cipher before Base64 encoding it.
(All keys are 256 bit hex strings.)

Base64 allows for storage in file, database, etc without worrying about binary
data issues.  In addition, this module allows for safer storage of data on
disk, requiring both the local server key and the secret session key from the
user before unlocking the data.

L<Crypt::CBC|Crypt::CBC> is used with a support block cipher module to perform
encryption/decryption.  (See the next section for information on
configuring a cipher.)

As this is tied closely into the current Apache::AppSamurai code, please do not
use an alternate serializer without first reviewing the related code.

=head3 SessionI<SerializeCipher> C<CIPHER_MODULE>

(Default: undef)
Select the block cipher provider module for

lib/Apache/AppSamurai/Session/Serialize/CryptBase64.pm  view on Meta::CPAN 

# Apache::AppSamurai::Session::Serialize::CryptBase64 - Apache::Session
#                                Serialize module.  Replaces Base64 serializer
#                                with one that uses Crypt::CBC to
#                                encrypt the Base64 encoded and frozen data
#                                before encoding into Base64 for final delivery

# $Id: CryptBase64.pm,v 1.18 2008/04/30 21:40:12 pauldoom Exp $

##
# Copyright (c) 2008 Paul M. Hirsch (paul@voltagenoir.org).
# All rights reserved.
#
# This program is free software; you can redistribute it and/or modify it under
# the same terms as Perl itself.
##

package Apache::AppSamurai::Session::Serialize::CryptBase64;
use strict;
use warnings;

use Crypt::CBC 2.17;
use MIME::Base64;
use Storable qw(nfreeze thaw);

use vars qw($VERSION);
$VERSION = substr(q$Revision: 1.18 $, 10, -1);

# Set keylength in hex chars (bytes x 2) - This should stay 64 (256bits)
# at least.  Note that the session key generator must have the same
# size output
my $keylength = 64;

lib/Apache/AppSamurai/Session/Serialize/CryptBase64.pm  view on Meta::CPAN 

# A cipher lookup table
my %allowedcl = map { $_ => 1 } @allowedciphers;


sub serialize {
    my $session = shift;
    
    # Setup crypt engine
    my $c = &setup_crypt($session);
    
    # Turn off Crypt::CBC automatic salt creation - (Note: This is done to
    # avoid a taint bug related to Crypt::CBC and some cipher modules.
    # Eventually this should be fixed and all salt handling should be done
    # by Crypt::CBC)
    $c->{make_random_salt} = 0;
    
    # Use existing salt or create one if not set
    unless ($session->{args}->{salt}) {
	$session->{args}->{salt} = $c->random_bytes(8);
    }
    
    # Check for valid salt and untaint
    ($session->{args}->{salt} =~ /^(.{8})$/s) or die "Invalid salt value (must be 8 bytes)";
    $c->salt($1);

lib/Apache/AppSamurai/Session/Serialize/CryptBase64.pm  view on Meta::CPAN 

	die "No session SerializeCipher defined!  Configure one of: " . join(',', @allowedciphers);

    # Check passed in cipher against list of supported ciphers.
    # (No, I will not allow you to use Crypt::DES.  So sorry.)
    } elsif (!exists($allowedcl{$session->{args}->{SerializeCipher}})) {
	die "Bad session SerializeCipher defined: \"" . $session->{args}->{SerializeCipher} . "\".  CryptBase64 requires one of: " . join(',', @allowedciphers);
    }
    
    # Only allow a specific set of 
    # Try to setup the encryptor.  (Note - key and block sizes are NOT
    # hardcoded below.  The default IV generator from Crypt::CBC is used.)
    my $c = Crypt::CBC->new(
			    -key => $k,
			    -cipher => $session->{args}->{SerializeCipher},
			    -header => 'salt'
			    );
    
    ($c) or die "Failed to create CBC encrypt/decrypt instance: $!";
    
    return $c;
}

# Search through list of allowed ciphers for one present on this system.
# (This should be called once per-run at most per-process. You don't want to be
# module searching on every call!)
sub find_cipher {
    
    # Search in order, returning the first found

lib/Apache/AppSamurai/Session/Serialize/CryptBase64.pm  view on Meta::CPAN 


=head1 NAME

Apache::AppSamurai::Session::Serialize::CryptBase64 - Storable, AES,
and MIME::Base64 for session serializer

=head1 SYNOPSIS

 use Apache::AppSamurai::Session::Serialize::CryptBase64;
 
 # You must choose a Crypt::CBC compatible cipher. (See the DESCRIPTION
 # section for the supported list.)  This can be done either by
 # setting a specific value (the recommended way):
 $s->{args}->{SerializeCipher} = 'Crypt::OpenSSL::AES';

 # ... or by using the find_cipher() utility method:
 $s->{args}->{SerializeCipher} = Apache::AppSamurai::Session::Serialize::CryptBase64::find_cipher

 # serialize and unserialze take a single hash reference with required
 # subhashes.  {args} must include two 256 bit hex string key/value pairs:
 # key = Session authentication key

lib/Apache/AppSamurai/Session/Serialize/CryptBase64.pm  view on Meta::CPAN 


=head1 DESCRIPTION

This module fulfils the serialization interface of
L<Apache::Session|Apache::Session> and
L<Apache::AppSamurai::Session|Apache::AppSamurai::Session>.
It serializes the data in the session object by use of L<Storable|Storable>'s
C<nfreeze()> function.  Then, using the configured cipher module
in {args}->{SerializeCipher}, the passed in {args}->{key}, (session
authentication key), and the passed in {args}->{ServerKey}, (server key),
it encrypts using the C<encrypt()> method of L<Crypt::CBC|Crypt::CBC>. 
Finally, MIME::Base64 encode is used on the ciphertext for safe storage.

The unserialize method uses a combination of MIME::Base64's C<decode_base64>,
Crypt::CBC's decrypt, and Storable's thaw methods to decode, decrypt,
and reconstitute the data.

The serialized data is ASCII text, suitable for storage in backing stores that
don't handle binary data gracefully, such as Postgres.  The following
Crypt modules are currently supported:

 Crypt::Rijndael     - AES implementation
 Crypt::OpenSSL::AES - OpenSSL AES wrapper
 Crypt::Twofish      - Twofish implementation
 Crypt::Blowfish     - Blowfish implementation

The configured module must be installed before use.  For efficiency, it
is recommended that you staticly set the SerializeCipher argument when
calling this module.  That said, for convenience, a simple utility method,
find_cipher() is provided.

=head1 SEE ALSO

L<Apache::AppSamurai::Session>, L<Storable>, L<MIME::Base64>, 
L<Apache::Session>, L<Crypt::CBC>, L<Crypt::Rijndael>,
L<Crypt::OpenSSL::AES>, L<Crypt::Twofish>, L<Crypt::Blowfish>

=head1 AUTHOR

Paul M. Hirsch, C<< <paul at voltagenoir.org> >>

=head1 BUGS

See L<Apache::AppSamurai> for information on bug submission and tracking.

t/12-session-ser-cryptbase64.t  view on Meta::CPAN 

            pass => $pass
          },
	  args => {
	    ServerKey => 'e1fccb94da476b7c2a8e4ebfc88526590f14ba37410c5106a9df672fc42626f5',
	    key => 'e4ee059335e587e501cc4bf90613e0814f00a7b08bc7c648fd865a2af6a22cc2',
	    SerializeCipher => &Apache::AppSamurai::Session::Serialize::CryptBase64::find_cipher()
          }
};

unless($sess->{args}->{SerializeCipher}) {
    diag("WARNING: No supported Crypt::CBC compatible block cipher module found!");
} else { 
    diag("NOTICE: Testing using Crypt::CBC with " . $sess->{args}->{SerializeCipher});
}

ok(Apache::AppSamurai::Session::Serialize::CryptBase64::serialize($sess), "serialize() - Serialized (encoded and encrypted) data");

# Clear session data before reloading
$sess->{data} = '';

ok((Apache::AppSamurai::Session::Serialize::CryptBase64::unserialize($sess)) && ($sess->{data}->{pass} eq $pass), "unserialize() - Correctly unserialized (decrypted and decoded) saved data");



( run in 0.490 second using v1.01-cache-2.11-cpan-df04353d9ac )