—

              
package Web::ID;
use 5.010;
use utf8;
BEGIN {
        $Web::ID::AUTHORITY = 'cpan:TOBYINK';
        $Web::ID::VERSION   = '1.921';
}
use Any::Moose 'X::Types::Moose' => [':all'];
use Web::ID::Types ':all';
use Web::ID::Certificate;
use Web::ID::Util qw(:default uniq);
use Any::Moose;
use namespace::clean -except => 'meta';
has certificate => (
        is          => read_only,
        isa         => Certificate,
        required    => true,
        coerce      => true,
        );
has uri => (
        is          => read_only,
        isa         => Uri,
        lazy_build  => true,
        coerce      => true,
        );
has profile => (
        is          => read_only,
        isa         => Model,
        lazy_build  => true,
        );
has valid => (
        is          => read_only,
        isa         => Bool,
        lazy_build  => true,
        );
has first_valid_san => (
        is          => read_only,
        isa         => San | Undef,
        lazy_build  => true,
        );
sub _build_valid
{
        my ($self) = @_;
        return false unless $self->certificate->timely;
        return true if defined $self->first_valid_san;
        return false;
}
sub _build_uri
{
        my ($self) = @_;
        $self->first_valid_san->uri_object;
}
sub _build_profile
{
        my ($self) = @_;
        $self->first_valid_san->model;
}
sub _build_first_valid_san
{
        my ($self) = @_;
        my $cert   = $self->certificate;
        my @sans   = @{ $cert->subject_alt_names };
         
        foreach my $san (@sans)
        {
                foreach my $key ( $san->associated_keys )
                {
                        return $san if $key->rsa_equal($cert);
                }
        }
         
        return undef;
}
sub node
{
        my ($self) = @_;
        RDF::Trine::Node::Resource->new($self->uri.'');
}
sub get
{
        my $self = shift;
        my @pred = map {
                if (blessed $_ and $_->isa('RDF::Trine::Node'))   {   $_ }
                else                                              { u $_ }
        } @_;
         
        my @results = uniq
                map { $_->is_resource ? $_->uri : $_->literal_value }
                grep { $_->is_literal or $_->is_resource }
                $self->profile->objects_for_predicate_list($self->node, @pred);
         
        wantarray ? @results : $results[0];
}
__PACKAGE__
__END__
HideShow 208 lines of Pod
=head1 NAME
Web::ID - implementation of WebID (a.k.a. FOAF+SSL)
=head1 SYNOPSIS
 my $webid = Web::ID->new(certificate => $pem_encoded_x509);
 if ($webid->valid)
 {
   say "Authenticated as: ", $webid->uri;
 }
=head1 DESCRIPTION
WebID is a simple authentication protocol based on TLS (Transaction
Layer Security, better known as Secure Socket Layer, SSL) and the
Semantic Web. This module provides a Perl implementation for
authenticating clients using WebID.
For more information see the L<Web::ID::FAQ> document.
Bundled with this module are L<Plack::Middleware::Auth::WebID>, a
plugin for L<Plack> to perform WebID authentication on HTTPS
connections; and L<Web::ID::Certificate::Generator>, a module that
allows you to generate WebID-enabled certificates that can be
installed into web browsers.
=head2 Constructor
=over
=item C<< new >>
Standard Moose-style constructor. (This class uses L<Any::Moose>.)
=back
=head2 Attributes
=over
=item C<< certificate >>
A L<Web::ID::Certificate> object representing and x509 certificate,
though a PEM-encoded string will be coerced.
This is usually the only attribute you want to pass to the constructor.
Allow the others to be built automatically.
=item C<< first_valid_san >>
Probably fairly uninteresting. This is the first subjectAltName value
found in the certificate that could be successfully authenticated
using Web::ID. An L<Web::ID::SAN> object.
=item C<< uri >>
The URI associated with the first valid SAN. A L<URI> object.
This is a URI you can use to identify the person, organisation or
robotic poodle holding the certificate.
=item C<< profile >>
Data about the certificate holder. An L<RDF::Trine::Model> object.
Their FOAF file (probably).
=item C<< valid >>
Boolean.
=back
=head2 Methods
=over
=item C<< node >>
Returns the same as C<uri>, but as an L<RDF::Trine::Node> object.
=item C<< get(@predicates) >>
Queries the C<profile> for triples of the form:
  $self->node $predicate $x .
And returns literal and URI values for $x, as strings.
C<< $predicate >> should be an L<RDF::Trine::Node>, or a string. If a
string, it will be expanded using L<RDF::Trine::NamespaceMap>, so you 
can do stuff like:
  my $name   = $webid->get('foaf:name', 'rdfs:label');
  my @mboxes = $webid->get('foaf:mbox');
=back
=head1 BUGS AND LIMITATIONS
=head2 Any::Moose
This module uses L<Any::Moose> which means that if it detects that
you're using the rather heavyweight L<Moose> toolkit, then this module
will use it too. But if you're not using it, then this module will
use the lighter-weight L<Mouse> toolkit.
Similarly, this module will use either L<MouseX::Types> or
L<MooseX::Types>.
As the decision to use Moose or Mouse is made at runtime, this makes
expressing Web::ID's dependencies rather challenging. Web::ID requires
B<either>:
=over
=item * Any::Moose,
=item * Mouse, and
=item * MouseX::Types
=back
B<or>:
=over
=item * Any::Moose,
=item * Moose, and
=item * MooseX::Types
=back
The installation script for Web-ID checks the first set of
dependencies, but if you only ever plan on using Moose, and never
Mouse, then you don't need them - you need the second set.
Yes, it's possible to have the installation script figure out
a list of dependencies dynamically when you install Web-ID, but
that's not especially helpful, as Any::Moose makes its decision
about what module to use at run time, not at install time.
The long and the short of it is: if you use Web::ID as part
of a Moose application, then make sure you have MooseX::Types
installed.
=head2 Other
Please report any other bugs to
L<http://rt.cpan.org/Dist/Display.html?Queue=Web-ID>.
=head1 SEE ALSO
L<Web::ID::FAQ>.
L<Web::ID::Certificate>,
L<Plack::Middleware::Auth::WebID>.
L<RDF::ACL> provides an access control system that complements WebID.
L<CGI::Auth::FOAF_SSL> is the spiritual ancestor of this module though
they share very little code, and have quite different APIs.
General WebID information:
L<http://webid.info/>,
L<http://www.w3.org/wiki/WebID>,
L<http://www.w3.org/2005/Incubator/webid/spec/>,
L<http://lists.foaf-project.org/mailman/listinfo/foaf-protocols>.
Mailing list for general Perl RDF/SemWeb discussion and support:
L<http://www.perlrdf.org/>.
=head1 AUTHOR
Toby Inkster E<lt>tobyink@cpan.orgE<gt>.
=head1 THANKS
Thanks to Kjetil Kjernsmo (cpan:KJETILK) for persuading me to port my old
CGI-specific implementaton of this to Plack.
Thanks Kjetil Kjernsmo (again), Florian Ragwitz (cpan:FLORA), and
Jonas Smedegaard for help with testing and advice on dependencies.
Thanks to Henry Story, Melvin Carvalho, Simon Reinhardt, Bruno Harbulot,
Ian Jacobi and many others for developing WebID from a poorly thought
out idea to a clever, yet simple and practical authentication protocol.
Thanks to Gregory Williams (cpan:GWILLIAMS), Tatsuhiko Miyagawa
(cpan:MIYAGAWA) and the Moose Cabal for providing really good platforms
(RDF::Trine, Plack and Moose respectively) to build this on.
=head1 COPYRIGHT AND LICENCE
This software is copyright (c) 2012 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
=head1 DISCLAIMER OF WARRANTIES
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.