/usr/lib/x86_64-linux-gnu/perl5/5.26/WebAuth/Keyring.pm is in libwebauth-perl 4.7.0-6build2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 | # Documentation and supplemental methods for WebAuth keyrings.
#
# The primary implementation of the WebAuth::Keyring class is done in the
# WebAuth XS module since it's primarily implemented in C. This file adds
# some supplemental methods that are implemented in terms of other underlying
# calls and provides version and documentation information.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2012, 2013
# The Board of Trustees of the Leland Stanford Junior University
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
package WebAuth::Keyring;
require 5.006;
use strict;
use warnings;
use Carp qw(croak);
use WebAuth ();
our $VERSION;
# This version matches the version of WebAuth with which this module was
# released, but with two digits for the minor and patch versions.
BEGIN {
$VERSION = '4.0700';
}
# Constructor. Takes a WebAuth context and either a capacity or a key to wrap
# a keyring around. Note that subclasses are not supported since the object
# is created by the XS module and will always be a WebAuth::Keyring.
sub new {
my ($type, $ctx, $key_or_size) = @_;
if ($type ne 'WebAuth::Keyring') {
croak ('subclassing of WebAuth::Keyring is not supported');
}
unless (ref ($ctx) eq 'WebAuth') {
croak ('second argument must be a WebAuth object');
}
return $ctx->keyring_new ($key_or_size);
}
# Construct a keyring by decoding it from the serialization format. Takes the
# WebAuth context and the encoded data. As above, subclasses are not
# supported since the object is created by the XS module and will always be a
# WebAuth::Keyring.
sub decode {
my ($type, $ctx, $data) = @_;
if ($type ne 'WebAuth::Keyring') {
croak ('subclassing of WebAuth::Keyring is not supported');
}
unless (ref ($ctx) eq 'WebAuth') {
croak ('second argument must be a WebAuth object');
}
return $ctx->keyring_decode ($data);
}
# Construct a keyring by reading it from a file. Takes the WebAuth context
# and the name of the file to read. As above, subclasses are not supported
# since the object is created by the XS module and will always be a
# WebAuth::Keyring.
sub read {
my ($type, $ctx, $file) = @_;
if ($type ne 'WebAuth::Keyring') {
croak ('subclassing of WebAuth::Keyring is not supported');
}
unless (ref ($ctx) eq 'WebAuth') {
croak ('second argument must be a WebAuth object');
}
return $ctx->keyring_read ($file);
}
1;
__END__
=for stopwords
WebAuth keyring keyrings WebKDCs WEBAUTH timestamp decrypted Allbery
=head1 NAME
WebAuth::Keyring - WebAuth keyring to hold encryption and decryption keys
=head1 SYNOPSIS
use WebAuth qw(WA_KEY_AES WA_AES_128);
use WebAuth::Key;
use WebAuth::Keyring;
my $wa = WebAuth->new;
eval {
$key = WebAuth::Key->new ($wa, WA_KEY_AES, WA_AES_128);
$ring = WebAuth::Keyring->new ($wa, $key);
...
};
if ($@) {
# handle exception
}
=head1 DESCRIPTION
This Perl class represents a keyring, which is a set of WebAuth keys with
associated creation times and times after which they become valid. These
keyrings can be read from and stored to files on disk and are used by
WebAuth Application Servers and WebKDCs to store their encryption keys.
A WebAuth::Keyring object will be destroyed when the WebAuth context used
to create it is destroyed, and subsequent accesses to it may cause memory
access errors or other serious bugs. Be careful not to retain a copy of a
WebAuth::Keyring object after the WebAuth object that created it has been
destroyed.
=head1 CLASS METHODS
As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.
=over 4
=item new (WEBAUTH, KEY)
=item new (WEBAUTH, SIZE)
Create a new keyring attached to the WebAuth context WEBAUTH.
The second argument to this method may be either a WebAuth::Key object or
a numeric size. If a WebAuth::Key object is provided, a new keyring
containing only that key will be created and returned. If a size is
provided, a new, empty keyring with space preallocated to hold that many
keys is created and returned. (Regardless of the allocated size of a
keyring, keyrings will always dynamically expand to hold any new keys that
are added to them.)
This is a convenience wrapper around the WebAuth keyring_new() method.
=item decode (WEBAUTH, FILE)
Create a new WebAuth::Keyring object by decoding its contents from the
provided serialized keyring data.
This is a convenience wrapper around the WebAuth keyring_read() method.
=item read (WEBAUTH, FILE)
Create a new WebAuth::Keyring object by reading its contents from the
provided file. The created keyring object will have no association with
the file after being created; it won't automatically be saved, or updated
when the file changes.
This is a convenience wrapper around the WebAuth keyring_read() method.
=back
=head1 INSTANCE METHODS
As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.
=over 4
=item add (CREATION, VALID_AFTER, KEY)
Add a new KEY to the keyring with CREATION as the creation time and
VALID_AFTER as the valid-after time. Both of the times should be in
seconds since epoch. The key must be a WebAuth::Key object.
Keys will not used for encryption until after their valid-after time,
which provides an opportunity to synchronize the keyring between multiple
systems before the keys are used.
=item best_key (USAGE, HINT)
Returns the best key available in the keyring for a particular purpose and
time. USAGE should be either WebAuth::WA_KEY_DECRYPT or
WebAuth::WA_KEY_ENCRYPT and indicates whether the key will be used for
decryption or encryption. For decryption keys, HINT is the timestamp of
the data that will be decrypted.
If USAGE is WebAuth::WA_KEY_ENCRYPT, this method will return the valid key
in the keyring that was created most recently, since this is the best key
to use for encryption going forward. If USAGE is WebAuth::WA_KEY_DECRYPT
is false, this method will return the key most likely to have been used to
encrypt something at the time HINT, where HINT is given in seconds since
epoch.
=item encode ()
Encode the keyring in the same serialization format that is used when
writing it to a file, readable by decode() or read(), and return the
encoded form.
=item entries ()
In a scalar context, returns the number of entries in the keyring. In an
array context, returns a list of keyring entries as WebAuth::KeyringEntry
objects.
=item remove (INDEX)
Removes the INDEX entry in the keyring, where INDEX is a numeric key
number starting from 0. The keyring will then be compacted, so all
subsequent entries in the keyring will have their index decreased by one.
If you are removing multiple entries from a keyring, you should therefore
remove them from the end of the keyring (the highest INDEX number) first.
=item write (FILE)
Writes the keyring out to FILE in the format suitable for later reading by
read().
=back
=head1 AUTHOR
Russ Allbery <eagle@eyrie.org>
=head1 SEE ALSO
WebAuth(3), WebAuth::Key(3), WebAuth::KeyringEntry(3)
This module is part of WebAuth. The current version is available from
L<http://webauth.stanford.edu/>.
=cut
|