Roland Huß > jmx4perl-1.05 > JMX::Jmx4Perl::Agent::Jolokia::Verifier

Download:
jmx4perl-1.05.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  5
View/Report Bugs
Source   Latest Release: jmx4perl-1.11_2

NAME ^

JMX::Jmx4Perl::Agent::Verifier - Handler for various verifiers which picks the most secure one first.

DESCRIPTION ^

Entry module for verification of downloaded artifacts. Depending on modules installed, various validation mechanisms are tried in decreasing order fo vialibility:

Crypt::OpenPGP

The strongest validation is provided by PGP signatures with which Jolokia artifact is signed. The verifier uses Crypt::OpenPGP for verifying PGP signatures.

Digest::SHA1

If OpenPGP is not available or when no signature is provided from the Jolokia site (unlikely), a simple SHA1 checksum is fetched and compared to the artifact downloaded. This is not secure, but guarantees some degree of consistency.

Digest::MD5

As last resort, when this module is availabl, a MD5 checksum is calculated and compared to the checksum also downloaded from www.jolokia.org.

METHODS ^

$verifier = JMX::Jmx4Perl::Agent::Jolokia::Verifier->new(%args)

Creates a new verifier. It takes an expanded hash als argument, where the following keys are respected:

    "ua_config"         UserAgent configuration used for accessing 
                        remote signatures/checksums
    "logger"            Logger
$verifier->verify(url => $url,path => $file)
$verifier->verify(url => $url,data => $data)

Verifies the given file (path) or scalar data (data) by trying various validators in turn. Technically, each validator is asked for an extension (e.g. ".asc" for a PGP signature), which is appended to URL and this URL is tried for downloading the signature/checksum. If found, the content of the signature/checksum is passed to specific verifier along with the data/file to validate. A verifier will die, if validation fails, so one should put this in an eval if required. If validation passes, the method returns silently.

LICENSE ^

This file is part of jmx4perl. Jmx4perl is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by The Free Software Foundation, either version 2 of the License, or (at your option) any later version.

jmx4perl is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with jmx4perl. If not, see <http://www.gnu.org/licenses/>.

A commercial license is available as well. Please contact roland@cpan.org for further details.

AUTHOR ^

roland@cpan.org

syntax highlighting: