X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FMooseX%2FStorage%2FBase%2FWithChecksum.pm;h=5cd9e27c36d1bf7d422688fb99ff3d15755a8417;hb=08d0f48e13425d8f0e2cb21ac2eea0d8c4cab3ca;hp=2f327876530d5211dd1e94d6a88249c02fe81763;hpb=c4a322ec86aff913da11191ac43d3edfbc403ab5;p=gitmo%2FMooseX-Storage.git

diff --git a/lib/MooseX/Storage/Base/WithChecksum.pm b/lib/MooseX/Storage/Base/WithChecksum.pm
index 2f32787..5cd9e27 100644
--- a/lib/MooseX/Storage/Base/WithChecksum.pm
+++ b/lib/MooseX/Storage/Base/WithChecksum.pm
@@ -1,56 +1,96 @@
-
 package MooseX::Storage::Base::WithChecksum;
 use Moose::Role;
 
-use Digest::MD5  ('md5_hex');
+with 'MooseX::Storage::Basic';
+
+use Digest       ();
 use Data::Dumper ();
-use MooseX::Storage::Engine;
-
-our $VERSION = '0.01';
-
-sub pack {
-    my ($self, $salt) = @_;
-    my $e = MooseX::Storage::Engine->new( object => $self );
-    my $collapsed = $e->collapse_object;
-    
-    # create checksum
-    
-    local $Data::Dumper::Sortkeys = 1;
-    my $dumped = Data::Dumper::Dumper($collapsed);
-
-    #warn $dumped;
-    
-    $salt ||= $dumped;
-    
-    $collapsed->{checksum} = md5_hex($dumped, $salt);
-    
+
+our $VERSION   = '0.29';
+our $AUTHORITY = 'cpan:STEVAN';
+
+our $DIGEST_MARKER = '__DIGEST__';
+
+around pack => sub {
+    my $orig = shift;
+    my $self = shift;
+    my @args = @_;
+
+    my $collapsed = $self->$orig( @args );
+
+    $collapsed->{$DIGEST_MARKER} = $self->_digest_packed($collapsed, @args);
+
     return $collapsed;
-}
+};
 
-sub unpack {
-    my ($class, $data, $salt) = @_;
+around unpack  => sub {
+    my ($orig, $class, $data, @args) = @_;
 
     # check checksum on data
-    
-    my $old_checksum = $data->{checksum};
-    delete $data->{checksum};
-    
-    local $Data::Dumper::Sortkeys = 1;
-    my $dumped = Data::Dumper::Dumper($data);
-    
-    #warn $dumped;
-    
-    $salt ||= $dumped;
-    
-    my $checksum = md5_hex($dumped, $salt);
-    
+    my $old_checksum = delete $data->{$DIGEST_MARKER};
+
+    my $checksum = $class->_digest_packed($data, @args);
+
     ($checksum eq $old_checksum)
-        || confess "Bad Checksum got=($checksum) expected=($data->{checksum})";    
+        || confess "Bad Checksum got=($checksum) expected=($old_checksum)";
+
+    $class->$orig( $data, @args );
+};
+
+
+sub _digest_packed {
+    my ( $self, $collapsed, @args ) = @_;
+
+    my $d = $self->_digest_object(@args);
+
+    {
+        local $Data::Dumper::Indent   = 0;
+        local $Data::Dumper::Sortkeys = 1;
+        local $Data::Dumper::Terse    = 1;
+        local $Data::Dumper::Useqq    = 0;
+        local $Data::Dumper::Deparse  = 0; # FIXME?
+        my $str = Data::Dumper::Dumper($collapsed);
+        # NOTE:
+        # Canonicalize numbers to strings even if it
+        # mangles numbers inside strings. It really
+        # does not matter since its just the checksum
+        # anyway.
+        # - YK/SL
+        $str =~ s/(?<! ['"] ) \b (\d+) \b (?! ['"] )/'$1'/gx;
+        $d->add( $str );
+    }
+
+    return $d->hexdigest;
+}
 
-    my $e = MooseX::Storage::Engine->new(class => $class);
-    $class->new($e->expand_object($data));
+sub _digest_object {
+    my ( $self, %options ) = @_;
+    my $digest_opts = $options{digest};
+
+    $digest_opts = [ $digest_opts ]
+        if !ref($digest_opts) or ref($digest_opts) ne 'ARRAY';
+
+    my ( $d, @args ) = @$digest_opts;
+
+    if ( ref $d ) {
+        if ( $d->can("clone") ) {
+            return $d->clone;
+        }
+        elsif ( $d->can("reset") ) {
+            $d->reset;
+            return $d;
+        }
+        else {
+            die "Can't clone or reset digest object: $d";
+        }
+    }
+    else {
+        return Digest->new($d || "SHA1", @args);
+    }
 }
 
+no Moose::Role;
+
 1;
 
 __END__
@@ -59,12 +99,17 @@ __END__
 
 =head1 NAME
 
-MooseX::Storage::Base::WithChecksum
-
-=head1 SYNOPSIS
+MooseX::Storage::Base::WithChecksum - A more secure serialization role
 
 =head1 DESCRIPTION
 
+This is an early implementation of a more secure Storage role,
+which does integrity checks on the data. It is still being
+developed so I recommend using it with caution.
+
+Any thoughts, ideas or suggestions on improving our technique
+are very welcome.
+
 =head1 METHODS
 
 =over 4
@@ -85,7 +130,7 @@ MooseX::Storage::Base::WithChecksum
 
 =head1 BUGS
 
-All complex software has bugs lurking in it, and this module is no 
+All complex software has bugs lurking in it, and this module is no
 exception. If you find a bug please either email me, or add the bug
 to cpan-RT.
 
@@ -93,9 +138,11 @@ to cpan-RT.
 
 Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
 
+Yuval Kogman
+
 =head1 COPYRIGHT AND LICENSE
 
-Copyright 2007 by Infinity Interactive, Inc.
+Copyright 2007-2008 by Infinity Interactive, Inc.
 
 L<http://www.iinteractive.com>