3 # Monkeysphere Validation Agent, Perl version
4 # Copyright © 2010 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 # This program is free software: you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation, either version 3 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 use Crypt::Monkeysphere::MSVA qw( msvalog reviewcert );
23 use Crypt::Monkeysphere::MSVA::Client qw( create_apd);
27 my $pkctype = shift || 'x509der';
29 my $apd = create_apd($context,$peer,$pkctype);
30 my ($status,$ret) = reviewcert($apd);
32 msvalog('info', "status: %s\n", $status);
33 msvalog('info', "valid: %s\n", $ret->{valid});
34 msvalog('info', "message: %s\n", $ret->{message});
46 msva-review-cert - review a certificate for validity
50 msva-review-cert CONTEXT PEER PKC_TYPE < PKC_DATA
54 msva-review-cert provides...
58 Takes as input a public key carrier (a raw public key, or some flavor
59 of certificate), the supposed name of the remote peer offering the
60 pubkey, and the context in which the validation check is relevant
61 (e.g. ssh, https, etc). Reports on the validity of the peer's use of
62 the public key in the given context.
66 msva-review-cert create an agent post data (APD) object which is
67 reviewed by the monkeysphere. The return code of the client indicates
68 the validity of the certificate. If the certificate is valid, the
69 return code is 0. Otherwise, the return code if 1.
71 The APD is created from certificate data provided on stdin (PKC_DATA),
72 and the following information provided on the command line:
78 Context of query, e.g. 'https', 'ssh', etc.
82 Service address portion of url, e.g. 'foo.example.net'.
86 Type of public key carrier data provided on stdin, e.g. 'x509der',
91 Public key carrier data provided on stdin.
95 =head1 ENVIRONMENT VARIABLES
97 msva-review-cert accepts some environment variables:
103 Log messages about its operation to stderr. MSVA_LOG_LEVEL controls
104 its verbosity, and should be one of (in increasing verbosity): silent,
105 quiet, fatal, error, info, verbose, debug, debug1, debug2, debug3.
108 =item MSVA_KEYSERVER_POLICY
110 msva-perl must decide when to check with keyservers (for new keys,
111 revocation certificates, new certifications, etc). There are three
112 possible options: 'always' means to check with the keyserver on every
113 query it receives. 'never' means to never check with a
114 keyserver. 'unlessvalid' will only check with the keyserver on a
115 specific query if no keys are already locally known to be valid for
116 the requested peer. Default is 'unlessvalid'.
122 msva-query-agent(1), msva-perl(1), monkeysphere(1), monkeysphere(7)
124 =head1 BUGS AND FEEDBACK
126 Bugs or feature requests for msva-perl should be filed with the
127 Monkeysphere project's bug tracker at
128 https://labs.riseup.net/code/projects/monkeysphere/issues/
130 =head1 AUTHORS AND CONTRIBUTORS
132 Jameson Graef Rollins E<lt>jrollins@finestructure.net<gt>
133 Daniel Kahn Gillmor E<lt>dkg@fifthhorseman.net<gt>
135 The Monkeysphere Team http://web.monkeysphere.info/
137 =head1 COPYRIGHT AND LICENSE
139 Copyright © Jameson Graef Rollins and others from the Monkeysphere
140 team. msva-query-agent is free software, distributed under the GNU
141 Public License, version 3 or later.