OAuth::Lite::SignatureMethod::RSA_SHA1 - RSA_SHA1 signature method class;

OAuth-Lite documentation Contained in the OAuth-Lite distribution.

Index

Code Index:

NAME

Top

OAuth::Lite::SignatureMethod::RSA_SHA1 - RSA_SHA1 signature method class;

SYNOPSIS

Top

    # Consumer side
    my $signer = OAuth::Lite::SignatureMethod::RSA_SHA1->new(
        consumer_secret => $rsa_private_key,
    );

    my $signature = $signer->sign($base_string);

    # Service Provider side
    my $verifier = OAuth::Lite::SignatureMethod::RSA_SHA1->new(
        consumer_secret => $rsa_public_key,
    );
    unless ($verifier->verify($base_string, $signature)) {
        say "Signature is invalid!";
    }

DESCRIPTION

Top

RSA_SHA1 signature method class.

PRIVATE KEY AND PUBLIC KEY

Top

RSA needs two keys that called public key and private key. If you runs OAuth consumer application and want to use this RSA_SHA1 method for signature on OAuth protocol, you have to prepare these keys.

To generate them in Perl, here is an example.

    my $rsa = Crypt::OpenSSL::RSA->generate_key(1024);
    my $public_key  = $rsa->get_public_key_string();
    my $private_key = $rsa->get_private_key_string();

And prior to use OAuth protocol with a service provider, you have to register public key onto the service provider.

METHODS

Top

method_name

Class method. Returns this method's name.

    say OAuth::Lite::SignatureMethod::RSA_SHA1->method_name;
    # RSA_SHA1

build_body_hash

    say OAuth::Lite::SignatureMethod::RSA_SHA1->build_body_hash($content);

new(%params)

On the consumer side, you should pass RSA private key for consumer_secret, But for service provider to verify signature, pass RSA public key that consumer register on service provider beforehand.

parameters

consumer_secret
    my $signer = OAuth::Lite::SignatureMethod::RSA_SHA1->new(
        consumer_secret => $rsa_private_key, 
    );

    my $verifier = OAuth::Lite::SignatureMethod::RSA_SHA1->new(
        consumer_secret => $rsa_public_key, 
    );

sign($base_string)

Generate signature from base string.

    my $signature = $method->sign($base_string);

verify($base_string, $signature)

Verify signature with base string.

    my $signature_is_valid = $method->verify($base_string, $signature);
    unless ($signature_is_valid) {
        say "Signature is invalid!";
    }

AUTHOR

Top

Lyo Kato, lyo.kato _at_ gmail.com

COPYRIGHT AND LICENSE

Top

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.

OAuth-Lite documentation Contained in the OAuth-Lite distribution. 
package OAuth::Lite::SignatureMethod::RSA_SHA1;

use strict;
use warnings;

use base 'OAuth::Lite::SignatureMethod';

use Crypt::OpenSSL::RSA;
use Digest::SHA ();
use MIME::Base64 ();

__PACKAGE__->method_name('RSA-SHA1');


sub build_body_hash {
    my ( $class, $content ) = @_;
    my $hash = MIME::Base64::encode_base64(Digest::SHA::sha1($content));
    $hash =~ s/\n//g;
    return $hash;
}


sub sign {
    my ($self, $base_string) = @_;
    my $private_key_pem = $self->{consumer_secret};
    my $private_key = Crypt::OpenSSL::RSA->new_private_key($private_key_pem);
    my $signature = MIME::Base64::encode_base64($private_key->sign($base_string));
    chomp $signature;
    $signature;
}


sub verify {
    my ($self, $base_string, $signature) = @_;
    my $public_key_pem = $self->{consumer_secret};
    my $public_key = Crypt::OpenSSL::RSA->new_public_key($public_key_pem);
    return $public_key->verify($base_string, MIME::Base64::decode_base64($signature));
}


1;