NAME
    Object::Signature::Portable - generate portable signatures of objects

SYNOPSIS
        use Object::Signature::Portable;

        my $sig = signature( $object ); # MD5 hex of object signature

        my $sig = signature(
          digest => 'SHA1',             # SHA-1 digest
          format => 'b64udigest',       # as URL-safe base-64
          data   => $object,
        );

DESCRIPTION
    This module provides a simple function for generating *portable*
    cryptographic signatures of Perl data structures.

    The object is serialized into a canonical JSON structure, and then
    hashed using the MD5 algorithm.

    Any two machines running different versions of Perl on different
    architectures should produce identical signatures.

    Note that this module is useful in cases where the consistency of
    signatures between machine is more important than the speed of signature
    generation.

    However, the serialization method, hash algorithm and signature format
    can be customized, as needed.

EXPORTS
  "signature"
      my $sig = signature( $data );

      my $sig = signature(
        data       => $data,
        digest     => 'MD5',         # default
        format     => 'hexdigest',   # default
        serializer => sub { ... },
      );

    Generate a cryptographic signature of the $data.

    The following options are supported:

    "digest"
        The cyptographic digest algorithm, as supported by Crypt::Digest.

        Note that for most purposes (detecting when two Perl data structures
        are the same), MD5 is probably good enough. However, if you are
        hashing that in part comes from untrusted sources, or the
        consequences of two different data structures having the same
        signature are significant, then you should consider using a
        different algorithm.

    "format"
        The Crypt::Digest formatting method for the signature, which can be
        one of:

        "digest"
            The raw bytes of the digest.

        "hexdigest"
            The digest as a string of hexidecimal numbers.

        "b64digest"
            The digest as a MIME base-64 string.

        "b64udigest"
            The digest as a URL-friendly base-64 string.

    "prefix"
        If set to a true value, the digest is prefixed by the name of the
        digest algorithm.

        This is useful when you may want to change the digest algorithm used
        by an application in the future, but do not want to regenerate
        signatures for existing objects in a data store.

    "serializer"
        The serialization method, which is a subroutine that takes the data
        as a single argument, and returns the serialized data to be hashed.

        It is recommended that you use a serializer that produces canonical
        (normalized) output, and preferably one that produces consistent
        output across all of the platforms that you are using.

        By default, it uses JSON::MaybeXS. See "LIMITATIONS" below.

LIMITATIONS
    By default, this module uses JSON::MaybeXS to serialize Perl objects.

    This requires the objects to have a "TO_JSON" method in order to be
    serialized. Unfortunately, this is not suitable for many objects
    (particularly those generated by modules that are not under your
    control, e.g. many CPAN modules) without monkey-patching or
    subclassesing them.

    One solution is to use a different serializer that can handle the
    object.

    Alternatively, you can write a wrapper function that uses a module such
    as Object::Serializer to translate an object into a hash reference that
    can then be passed to the "signature" function, e.g.

        package Foo;

        use parent 'Object::Serializer';

        use Object::Signature::Portable ();

        sub signature {
            my $self = shift;
            return Object::Signature::Portable::signature(
              data => $self->serialize
            );
        }

    Note that Object::Serializer allows you to define custom serialization
    strategies for various reference types.

SEE ALSO
  Similar Modules
    Object::Signature
        This uses Storable to serialise objects and generate a MD5
        hexidecimal string as a signature.

        This has the drawback that machines with different architectures,
        different versions of Perl, or different versions Storable may not
        produce the same signature for the same data. (This does not mean
        that Storable is unable to de-serialize data produced by different
        versions; it only means that the serialized data is not identical
        across different versions.)

        Object::Signature does not allow for customizing the hash algorithm
        or signature format.

        Object::Signature::Portable module can replicate the signatures
        generated by Object::Signature, using the following:

          use Storable 2.11;

          my $sig = signature(
            data       => $data,
            serializer => sub {
              local $Storable::canonical = 1;
              return Storable::nfreeze($_[0]);
            },
          );

        As noted above, using Storable will not produce portable signatures.

AUTHOR
    Robert Rothenberg <rrwo@cpan.org> (on behalf of Foxtons, Ltd.)

LICENSE AND COPYRIGHT
    Copyright 2013 Robert Rothenberg.

    This program is free software; you can redistribute it and/or modify it
    under the terms of the the Artistic License (2.0). You may obtain a copy
    of the full license at:

    <http://www.perlfoundation.org/artistic_license_2_0>

    Any use, modification, and distribution of the Standard or Modified
    Versions is governed by this Artistic License. By using, modifying or
    distributing the Package, you accept this license. Do not use, modify,
    or distribute the Package, if you do not accept this license.

    If your Modified Version has been derived from a Modified Version made
    by someone other than you, you are nevertheless required to ensure that
    your Modified Version complies with the requirements of this license.

    This license does not grant you the right to use any trademark, service
    mark, tradename, or logo of the Copyright Holder.

    This license includes the non-exclusive, worldwide, free-of-charge
    patent license to make, have made, use, offer to sell, sell, import and
    otherwise transfer the Package with respect to any patent claims
    licensable by the Copyright Holder that are necessarily infringed by the
    Package. If you institute patent litigation (including a cross-claim or
    counterclaim) against any party alleging that the Package constitutes
    direct or contributory patent infringement, then this Artistic License
    to you shall terminate on the date that such litigation is filed.

    Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER
    AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.
    THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
    PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY
    YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR
    CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR
    CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE,
    EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

