-
package MooseX::Storage::Base::WithChecksum;
use Moose::Role;
-use Digest ();
-use Storable ();
-use MooseX::Storage::Engine;
+with 'MooseX::Storage::Basic';
+
+use Digest ();
+use Data::Dumper ();
-our $VERSION = '0.01';
+our $VERSION = '0.20';
+our $AUTHORITY = 'cpan:STEVAN';
our $DIGEST_MARKER = '__DIGEST__';
-sub pack {
- my ($self, @args ) = @_;
+around pack => sub {
+ my $orig = shift;
+ my $self = shift;
+ my @args = @_;
- my $e = MooseX::Storage::Engine->new( object => $self );
+ my $collapsed = $self->$orig( @args );
- my $collapsed = $e->collapse_object;
-
$collapsed->{$DIGEST_MARKER} = $self->_digest_packed($collapsed, @args);
-
+
return $collapsed;
-}
+};
-sub unpack {
- my ($class, $data, @args) = @_;
+around unpack => sub {
+ my ($orig, $class, $data, @args) = @_;
# check checksum on data
-
- my $old_checksum = $data->{$DIGEST_MARKER};
- delete $data->{$DIGEST_MARKER};
-
+ my $old_checksum = delete $data->{$DIGEST_MARKER};
+
my $checksum = $class->_digest_packed($data, @args);
($checksum eq $old_checksum)
- || confess "Bad Checksum got=($checksum) expected=($old_checksum)";
+ || confess "Bad Checksum got=($checksum) expected=($old_checksum)";
- my $e = MooseX::Storage::Engine->new(class => $class);
- $class->new($e->expand_object($data));
-}
+ $class->$orig( $data, @args );
+};
sub _digest_packed {
my ( $self, $collapsed, @args ) = @_;
- my $d = shift @args;
+ my $d = $self->_digest_object(@args);
+
+ {
+ local $Data::Dumper::Indent = 0;
+ local $Data::Dumper::Sortkeys = 1;
+ local $Data::Dumper::Terse = 1;
+ local $Data::Dumper::Useqq = 0;
+ local $Data::Dumper::Deparse = 0; # FIXME?
+ my $str = Data::Dumper::Dumper($collapsed);
+ # NOTE:
+ # Canonicalize numbers to strings even if it
+ # mangles numbers inside strings. It really
+ # does not matter since its just the checksum
+ # anyway.
+ # - YK/SL
+ $str =~ s/(?<! ['"] ) \b (\d+) \b (?! ['"] )/'$1'/gx;
+ $d->add( $str );
+ }
+
+ return $d->hexdigest;
+}
+
+sub _digest_object {
+ my ( $self, %options ) = @_;
+ my $digest_opts = $options{digest};
+
+ $digest_opts = [ $digest_opts ]
+ if !ref($digest_opts) or ref($digest_opts) ne 'ARRAY';
+
+ my ( $d, @args ) = @$digest_opts;
if ( ref $d ) {
if ( $d->can("clone") ) {
- $d = $d->clone;
- } elsif ( $d->can("reset") ) {
+ return $d->clone;
+ }
+ elsif ( $d->can("reset") ) {
$d->reset;
- } else {
+ return $d;
+ }
+ else {
die "Can't clone or reset digest object: $d";
}
- } else {
- $d = Digest->new($d || "SHA1", @args);
}
-
- {
- local $Storable::canonical = 1;
- $d->add( Storable::nfreeze($collapsed) );
+ else {
+ return Digest->new($d || "SHA1", @args);
}
-
- return $d->hexdigest;
}
-
1;
__END__
=head1 NAME
-MooseX::Storage::Base::WithChecksum
-
-=head1 SYNOPSIS
+MooseX::Storage::Base::WithChecksum - A more secure serialization role
=head1 DESCRIPTION
+This is an early implementation of a more secure Storage role,
+which does integrity checks on the data. It is still being
+developed so I recommend using it with caution.
+
+Any thoughts, ideas or suggestions on improving our technique
+are very welcome.
+
=head1 METHODS
=over 4
=head1 BUGS
-All complex software has bugs lurking in it, and this module is no
+All complex software has bugs lurking in it, and this module is no
exception. If you find a bug please either email me, or add the bug
to cpan-RT.
Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
+Yuval Kogman
+
=head1 COPYRIGHT AND LICENSE
-Copyright 2007 by Infinity Interactive, Inc.
+Copyright 2007-2008 by Infinity Interactive, Inc.
L<http://www.iinteractive.com>