JMX::Jmx4Perl::Agent::Verifier - Handler for various verifiers which picks the most secure one first.
Entry module for verification of downloaded artifacts. Depending on modules installed, various validation mechanisms are tried in decreasing order fo vialibility:
The strongest validation is provided by PGP signatures with which Jolokia artifact is signed. The verifier uses Crypt::OpenPGP for verifying PGP signatures.
If OpenPGP is not available or when no signature is provided from the Jolokia site (unlikely), a simple SHA1 checksum is fetched and compared to the artifact downloaded. This is not secure, but guarantees some degree of consistency.
As last resort, when this module is availabl, a MD5 checksum is calculated and compared to the checksum also downloaded from www.jolokia.org.
- $verifier = JMX::Jmx4Perl::Agent::Jolokia::Verifier->new(%args)
Creates a new verifier. It takes an expanded hash als argument, where the following keys are respected:
"ua_config" UserAgent configuration used for accessing remote signatures/checksums "logger" Logger
- $verifier->verify(url => $url,path => $file)
- $verifier->verify(url => $url,data => $data)
Verifies the given file (
path) or scalar data (
data) by trying various validators in turn. Technically, each validator is asked for an extension (e.g. ".asc" for a PGP signature), which is appended to URL and this URL is tried for downloading the signature/checksum. If found, the content of the signature/checksum is passed to specific verifier along with the data/file to validate. A verifier will die, if validation fails, so one should put this in an eval if required. If validation passes, the method returns silently.
This file is part of jmx4perl. Jmx4perl is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by The Free Software Foundation, either version 2 of the License, or (at your option) any later version.
jmx4perl is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with jmx4perl. If not, see <http://www.gnu.org/licenses/>.
A commercial license is available as well. Please contact firstname.lastname@example.org for further details.