VisualDreams::Yubikey::online - Yubikey online authentication

VisualDreams-Yubikey-online documentation Contained in the VisualDreams-Yubikey-online distribution.

Index

Code Index:

NAME

Top

VisualDreams::Yubikey::online - Yubikey online authentication

DESCRIPTION

Top

This module will authenticate with the online Yubico API authentication server and return its results in a HASH. This module is to be implemented in the VisualDreams engine.

VERSION

Top

Version 0.06

SYNOPSIS

Top

  use VisualDreams::Yubikey::online;

  my $yubify = VisualDreams::Yubikey::online->new("ID","Base64 encoded API key");

  my $yubirecord = $yubify->verifyOnline($otp);

  my $url = $yubify->createUrl($otp);
  my $signedurl = $yubify->createSignedUrl($otp);
  my $signUrl = $yubify->signUrl($url);

FUNCTIONS

Top

new

Input : API-ID and API-KEY

Initializes the module to standard API-ID, API-KEY and API-URL. WARNING: Signed messages will automagically work with a valid Base-64 API key!

signUrl

Signs the URL with API-ID, API-KEY and incoming url

Input : url Output : signed base-64 encoded hmac

createUrl

Create standard URL with API-ID and OTP

Input : otp Output : piece of url containing id and otp

createSignedUrl

Create Signed URL with API-ID, API-KEY and OTP

Input : otp Output : piece of url containing id, otp and base-64 hmac signature

verifyOnline

Verify the OTP with the Yubico server

Input : otp Output : record with hmac, status and timestamp

REQUIRES

Top

Perl 5, Digest::HMAC_SHA1, LWP::Simple, MIME::Base64, URI::Escape

SUPPORT

Top

You can find documentation for this module with the perldoc command.

    perldoc VisualDreams::Yubikey::online

EXPORT

None by default.

AUTHOR

Top

Gunther Voet, Freaking Wildchild: <oss@xsrv.net> and <gunther.voet@gmail.com>

VisualDreams

Top

Specifically created for the VisualDreams engine. More to come soon!

COPYRIGHT & LICENSE

Top

Copyright 2008 Gunther Voet, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

VisualDreams-Yubikey-online documentation Contained in the VisualDreams-Yubikey-online distribution. 
package VisualDreams::Yubikey::online;

our $VERSION = '0.06';

use warnings;
use strict;
use Digest::HMAC_SHA1 qw(hmac_sha1);
use LWP::Simple;
use MIME::Base64;
use URI::Escape;


sub new {
  my $class = shift;
  my $apiId = shift || die("Need atleast an Yubikey API ID");
  my $apiKey = shift || "";
  my $apiUrl = shift || 'http://api.yubico.com/wsapi/verify?';
  my $self = { apiId    => $apiId,
               apiKey   => $apiKey,
               apiUrl   => $apiUrl,
             };

  bless $self, $class;
  return $self;
}


sub signUrl($) {
  my $self = shift;
  my $message = shift;
  my $apiKeyDecoded = MIME::Base64::decode($self->{apiKey});
  my $hmac = hmac_sha1($message, $apiKeyDecoded);
  my $signature = uri_escape(MIME::Base64::encode($hmac),"\x2b");
  return($signature);
}



sub createUrl {
  my $self = shift;
  my $otp = shift;
  my $message = "id=$self->{apiId}&otp=$otp";
  return($message);
}


sub createSignedUrl {
  my $self = shift;
  my $otp = shift;
  my $message = $self->createUrl($otp);
  my $apiSignature = $self->signUrl($message);     
     $message .= "&h=$apiSignature";
  return($message);
}

sub returnYubiField {
  my $self = shift;
  my $content = shift;
  my $identifier = shift;
  chomp($content);
  if ($content =~ m/$identifier=(.*)/i) {
    my $return = $1;
    return($return);
  } 
}



sub verifyOnline {
  my $self = shift;
  my $otp = shift;
  my $signed;
  my $url = $self->{apiUrl};
  my $yubirecord;
  my $errorstatus;

  if ($self->{apiKey}) {
    $url .= $self->createSignedUrl($otp);
  } else {
    $url .= $self->createUrl($otp);
  }    

  my $content = get($url);

  # offer support for more responses later on!

  if ($content) {
    my %yubiResponses =  ("hmac",   "h", 
                          "time",   "t",
                          "status", "status");

  
    while (my ($humanIdentifier, $yubIdentifier) = each(%yubiResponses)) {
         $yubirecord->{$humanIdentifier} = $self->returnYubiField($content,$yubIdentifier);
    }

  } else {
    $yubirecord->{status} = "Could not retrieve status from Yubico";
  }

  return($yubirecord);
}



1;
__END__