libwebauth-perl 4.7.0-6build2 / usr / lib / x86_64-linux-gnu / perl5 / 5.26 / WebAuth / Keyring.pm

This file is indexed.

/usr/lib/x86_64-linux-gnu/perl5/5.26/WebAuth/Keyring.pm is in libwebauth-perl 4.7.0-6build2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
# Documentation and supplemental methods for WebAuth keyrings.
#
# The primary implementation of the WebAuth::Keyring class is done in the
# WebAuth XS module since it's primarily implemented in C.  This file adds
# some supplemental methods that are implemented in terms of other underlying
# calls and provides version and documentation information.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2012, 2013
#     The Board of Trustees of the Leland Stanford Junior University
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.

package WebAuth::Keyring;

require 5.006;
use strict;
use warnings;

use Carp qw(croak);
use WebAuth ();

our $VERSION;

# This version matches the version of WebAuth with which this module was
# released, but with two digits for the minor and patch versions.
BEGIN {
    $VERSION = '4.0700';
}

# Constructor.  Takes a WebAuth context and either a capacity or a key to wrap
# a keyring around.  Note that subclasses are not supported since the object
# is created by the XS module and will always be a WebAuth::Keyring.
sub new {
    my ($type, $ctx, $key_or_size) = @_;
    if ($type ne 'WebAuth::Keyring') {
        croak ('subclassing of WebAuth::Keyring is not supported');
    }
    unless (ref ($ctx) eq 'WebAuth') {
        croak ('second argument must be a WebAuth object');
    }
    return $ctx->keyring_new ($key_or_size);
}

# Construct a keyring by decoding it from the serialization format.  Takes the
# WebAuth context and the encoded data.  As above, subclasses are not
# supported since the object is created by the XS module and will always be a
# WebAuth::Keyring.
sub decode {
    my ($type, $ctx, $data) = @_;
    if ($type ne 'WebAuth::Keyring') {
        croak ('subclassing of WebAuth::Keyring is not supported');
    }
    unless (ref ($ctx) eq 'WebAuth') {
        croak ('second argument must be a WebAuth object');
    }
    return $ctx->keyring_decode ($data);
}

# Construct a keyring by reading it from a file.  Takes the WebAuth context
# and the name of the file to read.  As above, subclasses are not supported
# since the object is created by the XS module and will always be a
# WebAuth::Keyring.
sub read {
    my ($type, $ctx, $file) = @_;
    if ($type ne 'WebAuth::Keyring') {
        croak ('subclassing of WebAuth::Keyring is not supported');
    }
    unless (ref ($ctx) eq 'WebAuth') {
        croak ('second argument must be a WebAuth object');
    }
    return $ctx->keyring_read ($file);
}

1;

__END__

=for stopwords
WebAuth keyring keyrings WebKDCs WEBAUTH timestamp decrypted Allbery

=head1 NAME

WebAuth::Keyring - WebAuth keyring to hold encryption and decryption keys

=head1 SYNOPSIS

    use WebAuth qw(WA_KEY_AES WA_AES_128);
    use WebAuth::Key;
    use WebAuth::Keyring;

    my $wa = WebAuth->new;
    eval {
        $key = WebAuth::Key->new ($wa, WA_KEY_AES, WA_AES_128);
        $ring = WebAuth::Keyring->new ($wa, $key);
        ...
    };
    if ($@) {
        # handle exception
    }

=head1 DESCRIPTION

This Perl class represents a keyring, which is a set of WebAuth keys with
associated creation times and times after which they become valid.  These
keyrings can be read from and stored to files on disk and are used by
WebAuth Application Servers and WebKDCs to store their encryption keys.

A WebAuth::Keyring object will be destroyed when the WebAuth context used
to create it is destroyed, and subsequent accesses to it may cause memory
access errors or other serious bugs.  Be careful not to retain a copy of a
WebAuth::Keyring object after the WebAuth object that created it has been
destroyed.

=head1 CLASS METHODS

As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.

=over 4

=item new (WEBAUTH, KEY)

=item new (WEBAUTH, SIZE)

Create a new keyring attached to the WebAuth context WEBAUTH.

The second argument to this method may be either a WebAuth::Key object or
a numeric size.  If a WebAuth::Key object is provided, a new keyring
containing only that key will be created and returned.  If a size is
provided, a new, empty keyring with space preallocated to hold that many
keys is created and returned.  (Regardless of the allocated size of a
keyring, keyrings will always dynamically expand to hold any new keys that
are added to them.)

This is a convenience wrapper around the WebAuth keyring_new() method.

=item decode (WEBAUTH, FILE)

Create a new WebAuth::Keyring object by decoding its contents from the
provided serialized keyring data.

This is a convenience wrapper around the WebAuth keyring_read() method.

=item read (WEBAUTH, FILE)

Create a new WebAuth::Keyring object by reading its contents from the
provided file.  The created keyring object will have no association with
the file after being created; it won't automatically be saved, or updated
when the file changes.

This is a convenience wrapper around the WebAuth keyring_read() method.

=back

=head1 INSTANCE METHODS

As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.

=over 4

=item add (CREATION, VALID_AFTER, KEY)

Add a new KEY to the keyring with CREATION as the creation time and
VALID_AFTER as the valid-after time.  Both of the times should be in
seconds since epoch.  The key must be a WebAuth::Key object.

Keys will not used for encryption until after their valid-after time,
which provides an opportunity to synchronize the keyring between multiple
systems before the keys are used.

=item best_key (USAGE, HINT)

Returns the best key available in the keyring for a particular purpose and
time.  USAGE should be either WebAuth::WA_KEY_DECRYPT or
WebAuth::WA_KEY_ENCRYPT and indicates whether the key will be used for
decryption or encryption.  For decryption keys, HINT is the timestamp of
the data that will be decrypted.

If USAGE is WebAuth::WA_KEY_ENCRYPT, this method will return the valid key
in the keyring that was created most recently, since this is the best key
to use for encryption going forward.  If USAGE is WebAuth::WA_KEY_DECRYPT
is false, this method will return the key most likely to have been used to
encrypt something at the time HINT, where HINT is given in seconds since
epoch.

=item encode ()

Encode the keyring in the same serialization format that is used when
writing it to a file, readable by decode() or read(), and return the
encoded form.

=item entries ()

In a scalar context, returns the number of entries in the keyring.  In an
array context, returns a list of keyring entries as WebAuth::KeyringEntry
objects.

=item remove (INDEX)

Removes the INDEX entry in the keyring, where INDEX is a numeric key
number starting from 0.  The keyring will then be compacted, so all
subsequent entries in the keyring will have their index decreased by one.
If you are removing multiple entries from a keyring, you should therefore
remove them from the end of the keyring (the highest INDEX number) first.

=item write (FILE)

Writes the keyring out to FILE in the format suitable for later reading by
read().

=back

=head1 AUTHOR

Russ Allbery <eagle@eyrie.org>

=head1 SEE ALSO

WebAuth(3), WebAuth::Key(3), WebAuth::KeyringEntry(3)

This module is part of WebAuth.  The current version is available from
L<http://webauth.stanford.edu/>.

=cut

APT Browse - Built by Thomas Orozco.