1 package Crypt::Monkeysphere::Validator;
6 use parent 'Crypt::Monkeysphere::Keyserver';
12 Create a new Crypt::Monkeysphere::Validator instance
16 Param hash, all optional.
18 findall => 0|1 return all suitable keys, rather than first suitable
20 context => 'e-mail' | something else.
21 control what counts as a suitable key.
23 kspolicy => 'always|never|unlessvalid'
24 when to fetch keys from keyserver.
26 (plus arguments for Crypt::Monkeysphere::{Keyserver,Logger}::new )
34 my $self=$class->SUPER::new(%opts);
36 $self->{findall} = $opts{findall} || 0;
37 $self->{context}=$opts{context} || 'ssh';
38 $self->{kspolicy}=$opts{kspolicy} || 'unlessvalid';
46 if ($self->{context} eq 'e-mail') {
47 if ($subkey->usage_flags =~ /s/) {
48 $self->log('verbose', "...and is signing-capable...\n");
51 $self->log('verbose', "...but is not signing-capable (%s).\n",$subkey->usage_flags);
54 if ($subkey->usage_flags =~ /a/) {
55 $self->log('verbose', "...and is authentication-capable...\n");
58 $self->log('verbose', "...but is not authentication-capable (%s).\n",$subkey->usage_flags);
68 my $uid=$opts{uid} || croak "uid argument is mandatory";
72 my $gpgquery = defined($fpr) ? '0x'.$fpr : '='.$uid;
74 my $ret= { valid_keys => [],
75 subvalid_keys => [] };
81 if ($self->{kspolicy} eq 'always') {
83 $self->fetch_fpr($fpr);
85 $self->fetch_uid($uid);
88 } elsif ($self->{kspolicy} eq 'never') {
93 foreach my $gpgkey ($self->{gnupg}->get_public_keys($gpgquery)) {
95 foreach my $tryuid ($gpgkey->user_ids) {
96 if ($tryuid->as_string eq $uid) {
97 $validity = $tryuid->validity;
100 # treat primary keys just like subkeys:
101 foreach my $subkey ($gpgkey, @{$gpgkey->subkeys}) {
102 if ((!defined($key) && (!defined($fpr))) ||
103 (defined($key) && $self->keycomp($key, $subkey)) ||
104 (defined($fpr) && ($subkey->fingerprint->as_hex_string eq $fpr))) {
105 $self->log('verbose', "key 0x%s matches...\n",$subkey->hex_id);
106 if ($self->test_capable($subkey) ) {
107 if ($validity =~ /^[fu]$/) {
109 $self->log('verbose', "...and is fully valid!\n");
110 push(@{$ret->{valid_keys}},
111 { fingerprint => $subkey->fingerprint, val => $validity });
112 last unless($self->{findall});
114 $self->log('verbose', "...but is not fully valid (%s).\n",$validity);
115 push(@{$ret->{subvalid_keys}},
116 {fingerprint => $subkey->fingerprint, val => $validity }) if $lastloop;
121 last if ($foundvalid);
123 if ($lastloop || $foundvalid) {
128 $self->fetch_fpr($fpr);
130 $self->fetch_uid($uid);
146 if ($gpgkey->algo_num != 1) {
147 my $self->log('verbose', "Monkeysphere only does RSA keys. This key is algorithm #%d\n", $gpgkey->algo_num);
149 if ($rsakey->{exponent}->bcmp($gpgkey->pubkey_data->[1]) == 0 &&
150 $rsakey->{modulus}->bcmp($gpgkey->pubkey_data->[0]) == 0) {