package Crypt::OpenPGP::KeyServer;
use strict;
use Crypt::OpenPGP;
use Crypt::OpenPGP::KeyRing;
use LWP::UserAgent;
use URI::Escape;
use Crypt::OpenPGP::ErrorHandler;
use base qw( Crypt::OpenPGP::ErrorHandler );
sub new {
my $class = shift;
my $server = bless { }, $class;
$server->init(@_)
or return $class->error($server->errstr);
$server;
}
sub init {
my $server = shift;
my %param = @_;
$server->{keyserver} = $param{Server}
or return $server->error("Need a keyserver ('Server')");
$server->{keyserver} = 'http://' . $server->{keyserver} . ':11371' .
'/pks/lookup';
$server->{include_revoked} = $param{IncludeRevoked} || 0;
$server;
}
sub find_keyblock_by_uid {
my $server = shift;
my($address) = @_;
my $ua = LWP::UserAgent->new;
$ua->agent('Crypt::OpenPGP/' . Crypt::OpenPGP->VERSION);
my $url = $server->{keyserver} . '?op=index&search=' .
uri_escape($address);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $server->error("HTTP error: " . $res->status_line)
unless $res->is_success;
my $page = $res->content;
my @kb;
while ($page =~ m!(pub.*?>)!gs) {
my $line = $1;
next if index($line, "*** KEY REVOKED ***") != -1 &&
!$server->{include_revoked};
my($key_id) = $line =~ m!<a.*?>(.{8})</a>!g;
my $kb = $server->find_keyblock_by_keyid(pack 'H*', $key_id) or next;
push @kb, $kb;
}
@kb;
}
sub find_keyblock_by_keyid {
my $server = shift;
my($key_id) = @_;
$key_id = unpack 'H*', $key_id;
my $ua = LWP::UserAgent->new;
$ua->agent('Crypt::OpenPGP/' . Crypt::OpenPGP->VERSION);
$key_id = substr($key_id, -8, 8);
my $url = $server->{keyserver} . '?op=get&search=0x' . $key_id;
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $server->error("HTTP error: " . $res->status_line)
unless $res->is_success;
my $page = $res->content;
my($key) = $page =~ /(-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----)/s;
return $server->error("No matching keys") unless $key;
my $ring = Crypt::OpenPGP::KeyRing->new( Data => $key )
or return Crypt::OpenPGP::KeyRing->errstr;
$ring->find_keyblock_by_index(0);
}
1;
__END__
=head1 NAME
Crypt::OpenPGP::KeyServer - Interface to HKP keyservers
=head1 SYNOPSIS
use Crypt::OpenPGP::KeyServer;
my $key_id = '...';
my $server = Crypt::OpenPGP::KeyServer->new(
Server => 'wwwkeys.us.pgp.net'
);
my $kb = $server->find_keyblock_by_keyid($key_id);
print $kb->primary_uid, "\n";
my $cert = $kb->key;
my @kbs = $server->find_keyblock_by_uid( 'foo@bar.com' );
=head1 DESCRIPTION
I<Crypt::OpenPGP::KeyServer> is an interface to HKP keyservers; it provides
lookup by UID and by key ID. At the moment only HKP keyservers are
supported; future releases will likely support the NAI LDAP servers and
the email keyservers.
=head1 USAGE
=head2 Crypt::OpenPGP::KeyServer->new( %arg )
Constructs a new I<Crypt::OpenPGP::KeyServer> object and returns that
object.
I<%arg> can contain:
=over 4
=item * Server
The hostname of the HKP keyserver. This is a required argument. You can get
a list of keyservers through
% host -l pgp.net | grep wwwkeys
=item * IncludeRevoked
By default, revoked keys will be skipped when calling I<find_keyblock_by_uid>.
If you set I<IncludeRevoked> to C<1>, I<find_keyblock_by_keyid> will include
any revoked keys in the list of keys returned.
=back
=head2 $ring->find_keyblock_by_keyid($key_id)
Looks up the key ID I<$key_id> in the keyring I<$ring>. For consistency
with the I<Crypt::OpenPGP::KeyRing::find_keyblock_by_keyid> interface,
I<$key_id> should be either a 4-octet or 8-octet string--it should
B<not> be a string of hexadecimal digits. If you have the hex key ID, use
I<pack> to convert it to an octet string:
pack 'H*', $hex_key_id
Returns false on failure.
=head2 $ring->find_keyblock_by_uid($uid)
Given a string I<$uid>, searches the keyserver for all keyblocks matching
the user ID I<$uid>, including partial matches. Returns all of the matching
keyblocks, the empty list on failure.
=head1 AUTHOR & COPYRIGHTS
Please see the Crypt::OpenPGP manpage for author, copyright, and
license information.
=cut