--- a/src/main/resources/template/WebIdService.about.xhtml Mon Dec 19 13:23:20 2011 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head id="head">
- <title>WebId Identity Provider Info Page</title>
- <script src="/public/logout.js" type="text/javascript" />
-</head>
-<body>
-
-<div id="tx-content">
- <p>This is a simple Identity Provider for <a href="http://webid.info/spec">WebID</a>. It is meant to help
- sites that would like to provide WebID authentication to their users quickly.</p>
- <p>If you are hosting such a site then you can rely on this service to help authenticate your users with WebID,
- without your needing to set up https on your server. When you are satisfied of its usefulness you can deploy it
- to your site.</p>
- <p>There are two stages to get going. First you need to create the login button linking to this service. Then you need to
- understand how to interpret what will be returned, so that you can write a script to authenticate
- your users with the given WebID - ie, set a cookie for them.</p>
-
- <h2>Create your login link</h2>
- <p>Create a login button or link that points to this service. This needs to contain an attribute as a URL to a
- script on your site so that we can send you the response. This will be done by redirecting the user's browser
- with a signed response containing his WebID. To create such a link enter the URL of your login service here:</p>
- <form action="" method="get">Requesting auth service URL:
- <input name="rs" size="80" type="text" />
- <input type="submit" value="Log into this service provider" />
- </form>
- <p>By clicking on the form you will land on a page whose URL is the one you should enter into your
- login button/link. You will also see what identity you were logged in as, and given some options to change
- it.
- </p>
-
- <h2>Understanding the response</h2>
- <p>The redirected to URL is constructed on the following pattern: </p>
- <pre><b>$relyingService?webid=$webid&ts=$timeStamp</b>&sig=$URLSignature</pre>
- <p>Where the above variables have the following meanings: </p>
- <ul>
- <li><code>$relyingService</code> is the URL passed by the server in
- the initial request as the <code>rs</code> parameter, and is the service to which the response is sent.</li>
- <li><code>$webid</code> is the WebID of the user connecting.</li>
- <li><code>$timeStamp</code> is a time stamp in XML Schema format
- (same as used by Atom). This is needed to reduce the ease of developing
- replay attacks.</li>
- <li><code>$URLSignature</code> is the signature of the whole URL
- in bold above using the public key shown below, and encoded in a
- <a href="http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html#encodeBase64URLSafeString%28byte[]%29">URL friendly base64</a> encoding.</li>
- </ul>
-
- <h3>Error responses</h3>
- <p>In case of error the service gets redirected to <code>$relyingService?error=$code</code>Where
- $code can be either one of</p>
- <ul>
- <li><code>nocert</code>: when the client has no cert. </li>
- <li><code>noVerifiedWebId</code>: no verified WebId was found in the certificate</li>
- <li><code>noWebId</code>: todo: show this error when there are no webids at all</li>
- <li><code>IdPError</code>: for some error in the IdP setup. Warn
- the IdP administrator!</li>
- <li>other messages, not standardised yet</li>
- </ul>
-
- <h2>Verifiying the WebId</h2>
-
- <p>In order for the Relying Party to to be comfortable that the returned WebId
- was not altered in transit, the whole URL is signed by this server as
- shown above. Here are the public keys and algorithms this us using:</p>
-
-
- <p>The signature uses the RSA with SHA-1 algorithm.</p>
-
- <p>The public key used by this service that verifies the signature is: </p>
-
- <ul>
- <li>Key Type: <pre>http://www.w3.org/ns/auth/rsa#RSAPublicKey</pre></li>
- <li>public exponent (decimal): <pre>65537</pre> </li>
- <li>modulus (decimal):<br />
- <pre>84:56:e8:8b:04:b9:1f:3b:10:00:07:ab:18:e8:fc:66:4e:aa:bc:47:f6:
-41:56:ab:96:6f:9c:d5:fc:5d:e9:fd:ce:a1:0f:5e:ce:26:f5:2e:35:e2:
-b7:0f:b3:db:17:0b:1b:c9:73:69:39:8a:39:4d:23:c3:b2:99:a7:a5:8b:
-5b:a8:2a:84:05:a3:d8:14:35:2e:49:7d:47:b6:80:52:90:37:ca:99:39:
-da:08:a4:f2:ef:f9:26:25:a9:4e:dd:44:57:df:43:3f:95:cd:cf:34:3f:
-41:58:e4:bc:19:63:ad:8f:b5:65:e3:3e:5e:d2:b3:19:f6:ca:ed:e5:a1:
-e7:cd:f1:9f:70:04:ea:66:a9:ad:77:cb:02:8d:c1:8d:45:89:39:07:b4:
-54:71:98:82:b0:55:39:c4:50:ad:24:3a:df:8f:df:fa:39:36:da:d9:98:
-65:1c:dd:4d:3f:d9:09:a7:5e:2d:de:cd:af:22:1e:25:b1:2e:d1:6d:74:
-e4:96:2f:2a:87:5a:c1:23:37:ff:38:ed:e1:f5:c5:20:fc:81:cf:cb:c7:
-1e:61:d1:77:6b:32:0d:6a:94:cb:8e:98:55:07:ea:09:f5:01:75:79:07:
-6e:f5:50:06:d0:1f:bd:11:94:85:86:c5:42:6f:76:e9:a9:fa:cf:db:91:
-13:92:c2:69:
-</pre>
- </li>
- </ul>
-
- <p>For ease of use, depending on which tool you use, here is the public key in a PEM format:</p>
-<pre>
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFboiwS5HzsQAAerGOj8
-Zk6qvEf2QVarlm+c1fxd6f3OoQ9ezib1LjXitw+z2xcLG8lzaTmKOU0jw7KZp6WL
-W6gqhAWj2BQ1Lkl9R7aAUpA3ypk52gik8u/5JiWpTt1EV99DP5XNzzQ/QVjkvBlj
-rY+1ZeM+XtKzGfbK7eWh583xn3AE6maprXfLAo3BjUWJOQe0VHGYgrBVOcRQrSQ6
-34/f+jk22tmYZRzdTT/ZCadeLd7NryIeJbEu0W105JYvKodawSM3/zjt4fXFIPyB
-z8vHHmHRd2syDWqUy46YVQfqCfUBdXkHbvVQBtAfvRGUhYbFQm926an6z9uRE5LC
-aQIDAQAB
------END PUBLIC KEY-----
-</pre>
-</div>
-
-</body>
-</html>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/resources/template/webidp/WebIdService.about.html Mon Dec 19 18:02:50 2011 +0100
@@ -0,0 +1,150 @@
+<!DOCTYPE html>
+<!--
+ ~ Copyright (c) 2011 Henry Story (bblfish.net)
+ ~ under the MIT licence defined at
+ ~ http://www.opensource.org/licenses/mit-license.html
+ -->
+<html>
+<head>
+ <title>WebID Authentication Service</title>
+ <script src="/public/logout.js" type="text/javascript"></script>
+ <!-- using unfiltered urls just because of super big hurry, replace them with local variants by new year -->
+ <link type="text/css" media="screen, projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/screen.css"/>
+ <link type="text/css" media="screen and (min-device-width: 800px), projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/grid.css"/>
+ <link type="text/css" media="print" rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/print.css"/>
+ <!--[if lt IE 8]>
+ <link rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/ie.css" type="text/css" media="screen, projection"/>
+ <![endif]-->
+ <link type="text/css" media="screen, projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/pamflet.css"/>
+ <link type="text/css" media="print" rel="stylesheet" href="http://unfiltered.databinder.net/css/pamflet-print.css"/>
+ <link type="text/css" media="screen and (min-device-width: 800px), projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/pamflet-grid.css"/>
+
+ <script src="js/jquery-1.6.2.min.js"></script>
+ <script src="js/pamflet.js"></script>
+ <script type="text/javascript" src="http://unfiltered.databinder.net/js/prettify/prettify.js"></script><script type="text/javascript" src="js/prettify/lang-scala.js"></script><link type="text/css" rel="stylesheet" href="css/prettify.css"/><script type="text/javascript"><!--
+ window.onload=function() { prettyPrint(); };
+ --></script>
+ <meta charset="utf-8"></meta>
+ <meta name="viewport" content="width=device-width, initial-scale=1"></meta>
+</head>
+<body>
+
+
+<a class="page prev nav" href="Plans+and+Intents.html">
+ <span class="space"></span>
+ <span class="flip">☯</span>
+</a><a class="page next nav" href="Project+Setup.html">
+ <span class="space"></span>
+ <span>☯</span>
+</a>
+
+<div class="container">
+ <div class="span-16 prepend-1 append-1">
+ <div class="top nav span-16 title">
+ <span>WebID Identity Provider</span>
+ </div>
+ </div>
+ <div class="span-16 prepend-1 append-1 contents">
+ <p>This is a simple Identity Provider for <a href="http://webid.info/spec">WebID</a>. It is meant to help
+ sites that would like to provide WebID authentication to their users quickly. .</p>
+
+ <p>If you are hosting such a site then you can rely on this service to help authenticate your users with WebID,
+ without your needing to set up https on your server. When you are satisfied of its usefulness you can deploy
+ it to your site.</p>
+
+ <p>There are two stages to get going. First you need to create the login button linking to this service. Then
+ you need to
+ understand how to interpret what will be returned, so that you can write a script to authenticate
+ your users with the given WebID - ie, set a cookie for them.</p>
+
+ <h2>Create your login link</h2>
+
+ <p>Create a login button or link that points to this service. This needs to contain an attribute as a URL to a
+ script on your site so that we can send you the response. This will be done by redirecting the user's
+ browser
+ with a signed response containing his WebID. To create such a link enter the URL of your login service
+ here:</p>
+
+ <form action="" method="get">Requesting auth service URL: <br/>
+ <input name="rs" size="80" type="text"/>
+ <input type="submit" value="Use this Service"/>
+ </form>
+ <p>By clicking on the form you will land on a page whose URL is the one you should enter into your
+ login button/link. You will also see what identity you were logged in as, and given some options to change
+ it.
+ </p>
+
+ <h2>Understanding the response</h2>
+
+ <p>The redirected to URL is constructed on the following pattern: </p>
+ <pre><b>$relyingService?webid=$webid&ts=$timeStamp</b>&sig=$URLSignature</pre>
+ <p>Where the above variables have the following meanings: </p>
+ <ul>
+ <li><code>$relyingService</code> is the URL passed by the server in
+ the initial request as the <code>rs</code> parameter, and is the service to which the response is sent.
+ </li>
+ <li><code>$webid</code> is the WebID of the user connecting.</li>
+ <li><code>$timeStamp</code> is a time stamp in XML Schema format
+ (same as used by Atom). This is needed to reduce the ease of developing
+ replay attacks.
+ </li>
+ <li><code>$URLSignature</code> is the signature of the whole URL
+ in bold above using the public key shown below, and encoded in a
+ <a href="http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html#encodeBase64URLSafeString%28byte[]%29">URL
+ friendly base64</a> encoding.
+ </li>
+ </ul>
+
+ <h3>Error responses</h3>
+
+ <p>In case of error the service gets redirected to <code>$relyingService?error=$code</code>Where
+ $code can be either one of</p>
+ <ul>
+ <li><code>nocert</code>: when the client has no cert.</li>
+ <li><code>noVerifiedWebId</code>: no verified WebId was found in the certificate</li>
+ <li><code>noWebId</code>: todo: show this error when there are no webids at all</li>
+ <li><code>IdPError</code>: for some error in the IdP setup. Warn
+ the IdP administrator!
+ </li>
+ <li>other messages, not standardised yet</li>
+ </ul>
+
+ <h2>Verifiying the WebId</h2>
+
+ <p>In order for the Relying Party to to be comfortable that the returned WebId
+ was not altered in transit, the whole URL is signed by this server as
+ shown above. Here are the public keys and algorithms this us using:</p>
+
+
+ <p>The signature uses the RSA with SHA-1 algorithm.</p>
+
+ <p>The public key used by this service that verifies the signature is: </p>
+
+ <ul>
+ <li>Key Type:
+ <pre>http://www.w3.org/ns/auth/rsa#RSAPublicKey</pre>
+ </li>
+ <li>public exponent (decimal):
+ <pre class="exponent">65537</pre>
+ </li>
+ <li>modulus (decimal):<br/>
+ <pre class="modulus">84:56:e8:8b:04:b9:1f:3b:10:00:07:ab:18:e8:fc:66:4e:aa:bc:47:f6:
+41:56:ab:96:6f:9c:d5:fc:5d:e9:fd:ce:a1:0f:5e:ce:26:f5:2e:35:e2:
+b7:0f:b3:db:17:0b:1b:c9:73:69:39:8a:39:4d:23:c3:b2:99:a7:a5:8b:
+5b:a8:2a:84:05:a3:d8:14:35:2e:49:7d:47:b6:80:52:90:37:ca:99:39:
+da:08:a4:f2:ef:f9:26:25:a9:4e:dd:44:57:df:43:3f:95:cd:cf:34:3f:
+41:58:e4:bc:19:63:ad:8f:b5:65:e3:3e:5e:d2:b3:19:f6:ca:ed:e5:a1:
+e7:cd:f1:9f:70:04:ea:66:a9:ad:77:cb:02:8d:c1:8d:45:89:39:07:b4:
+54:71:98:82:b0:55:39:c4:50:ad:24:3a:df:8f:df:fa:39:36:da:d9:98:
+65:1c:dd:4d:3f:d9:09:a7:5e:2d:de:cd:af:22:1e:25:b1:2e:d1:6d:74:
+e4:96:2f:2a:87:5a:c1:23:37:ff:38:ed:e1:f5:c5:20:fc:81:cf:cb:c7:
+1e:61:d1:77:6b:32:0d:6a:94:cb:8e:98:55:07:ea:09:f5:01:75:79:07:
+6e:f5:50:06:d0:1f:bd:11:94:85:86:c5:42:6f:76:e9:a9:fa:cf:db:91:
+13:92:c2:69:
+</pre>
+ </li>
+ </ul>
+ </div>
+</div>
+</body>
+</html>
\ No newline at end of file
--- a/src/main/resources/template/webidp/WebIdService.about.xhtml Mon Dec 19 13:23:20 2011 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head id="head">
- <title>WebId Identity Provider Info Page</title>
- <script src="/public/logout.js" type="text/javascript" />
-</head>
-<body>
-
-<div id="tx-content">
- <p>This is a simple Identity Provider for <a href="http://webid.info/spec">WebID</a>. It is meant to help
- sites that would like to provide WebID authentication to their users quickly.</p>
- <p>If you are hosting such a site then you can rely on this service to help authenticate your users with WebID,
- without your needing to set up https on your server. When you are satisfied of its usefulness you can deploy it
- to your site.</p>
- <p>There are two stages to get going. First you need to create the login button linking to this service. Then you need to
- understand how to interpret what will be returned, so that you can write a script to authenticate
- your users with the given WebID - ie, set a cookie for them.</p>
-
- <h2>Create your login link</h2>
- <p>Create a login button or link that points to this service. This needs to contain an attribute as a URL to a
- script on your site so that we can send you the response. This will be done by redirecting the user's browser
- with a signed response containing his WebID. To create such a link enter the URL of your login service here:</p>
- <form action="" method="get">Requesting auth service URL:
- <input name="rs" size="80" type="text" />
- <input type="submit" value="Log into this service provider" />
- </form>
- <p>By clicking on the form you will land on a page whose URL is the one you should enter into your
- login button/link. You will also see what identity you were logged in as, and given some options to change
- it.
- </p>
-
- <h2>Understanding the response</h2>
- <p>The redirected to URL is constructed on the following pattern: </p>
- <pre><b>$relyingService?webid=$webid&ts=$timeStamp</b>&sig=$URLSignature</pre>
- <p>Where the above variables have the following meanings: </p>
- <ul>
- <li><code>$relyingService</code> is the URL passed by the server in
- the initial request as the <code>rs</code> parameter, and is the service to which the response is sent.</li>
- <li><code>$webid</code> is the WebID of the user connecting.</li>
- <li><code>$timeStamp</code> is a time stamp in XML Schema format
- (same as used by Atom). This is needed to reduce the ease of developing
- replay attacks.</li>
- <li><code>$URLSignature</code> is the signature of the whole URL
- in bold above using the public key shown below, and encoded in a
- <a href="http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html#encodeBase64URLSafeString%28byte[]%29">URL friendly base64</a> encoding.</li>
- </ul>
-
- <h3>Error responses</h3>
- <p>In case of error the service gets redirected to <code>$relyingService?error=$code</code>Where
- $code can be either one of</p>
- <ul>
- <li><code>nocert</code>: when the client has no cert. </li>
- <li><code>noVerifiedWebId</code>: no verified WebId was found in the certificate</li>
- <li><code>noWebId</code>: todo: show this error when there are no webids at all</li>
- <li><code>IdPError</code>: for some error in the IdP setup. Warn
- the IdP administrator!</li>
- <li>other messages, not standardised yet</li>
- </ul>
-
- <h2>Verifiying the WebId</h2>
-
- <p>In order for the Relying Party to to be comfortable that the returned WebId
- was not altered in transit, the whole URL is signed by this server as
- shown above. Here are the public keys and algorithms this us using:</p>
-
-
- <p>The signature uses the RSA with SHA-1 algorithm.</p>
-
- <p>The public key used by this service that verifies the signature is: </p>
-
- <ul>
- <li>Key Type: <pre>http://www.w3.org/ns/auth/rsa#RSAPublicKey</pre></li>
- <li>public exponent (decimal): <pre>65537</pre> </li>
- <li>modulus (decimal):<br />
- <pre>84:56:e8:8b:04:b9:1f:3b:10:00:07:ab:18:e8:fc:66:4e:aa:bc:47:f6:
-41:56:ab:96:6f:9c:d5:fc:5d:e9:fd:ce:a1:0f:5e:ce:26:f5:2e:35:e2:
-b7:0f:b3:db:17:0b:1b:c9:73:69:39:8a:39:4d:23:c3:b2:99:a7:a5:8b:
-5b:a8:2a:84:05:a3:d8:14:35:2e:49:7d:47:b6:80:52:90:37:ca:99:39:
-da:08:a4:f2:ef:f9:26:25:a9:4e:dd:44:57:df:43:3f:95:cd:cf:34:3f:
-41:58:e4:bc:19:63:ad:8f:b5:65:e3:3e:5e:d2:b3:19:f6:ca:ed:e5:a1:
-e7:cd:f1:9f:70:04:ea:66:a9:ad:77:cb:02:8d:c1:8d:45:89:39:07:b4:
-54:71:98:82:b0:55:39:c4:50:ad:24:3a:df:8f:df:fa:39:36:da:d9:98:
-65:1c:dd:4d:3f:d9:09:a7:5e:2d:de:cd:af:22:1e:25:b1:2e:d1:6d:74:
-e4:96:2f:2a:87:5a:c1:23:37:ff:38:ed:e1:f5:c5:20:fc:81:cf:cb:c7:
-1e:61:d1:77:6b:32:0d:6a:94:cb:8e:98:55:07:ea:09:f5:01:75:79:07:
-6e:f5:50:06:d0:1f:bd:11:94:85:86:c5:42:6f:76:e9:a9:fa:cf:db:91:
-13:92:c2:69:
-</pre>
- </li>
- </ul>
-
- <p>For ease of use, depending on which tool you use, here is the public key in a PEM format:</p>
-<pre>
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFboiwS5HzsQAAerGOj8
-Zk6qvEf2QVarlm+c1fxd6f3OoQ9ezib1LjXitw+z2xcLG8lzaTmKOU0jw7KZp6WL
-W6gqhAWj2BQ1Lkl9R7aAUpA3ypk52gik8u/5JiWpTt1EV99DP5XNzzQ/QVjkvBlj
-rY+1ZeM+XtKzGfbK7eWh583xn3AE6maprXfLAo3BjUWJOQe0VHGYgrBVOcRQrSQ6
-34/f+jk22tmYZRzdTT/ZCadeLd7NryIeJbEu0W105JYvKodawSM3/zjt4fXFIPyB
-z8vHHmHRd2syDWqUy46YVQfqCfUBdXkHbvVQBtAfvRGUhYbFQm926an6z9uRE5LC
-aQIDAQAB
------END PUBLIC KEY-----
-</pre>
-</div>
-
-</body>
-</html>
\ No newline at end of file
--- a/src/main/resources/template/webidp/WebIdService.entry.html Mon Dec 19 13:23:20 2011 +0100
+++ b/src/main/resources/template/webidp/WebIdService.entry.html Mon Dec 19 18:02:50 2011 +0100
@@ -6,8 +6,9 @@
-->
<html>
<head>
-<title>WebID Authentication Service</title>
-<link rel="stylesheet" type="text/css" href="idp/production.min.css"/>
+ <title>WebID Authentication Service</title>
+ <link rel="stylesheet" type="text/css" href="idp/production.min.css"/>
+ <script src="/public/logout.js" type="text/javascript"></script>
</head>
<body class="form">
@@ -35,7 +36,7 @@
<img class="depiction" src="idp/profile_anonymous.png"/>
<div class="form_section">
<div class="submit cf">
- <input type="submit" class="button" tabindex="3" value="sign in"/>
+ <input type="submit" class="button" tabindex="3" value="sign in" onclick="logout()"/>
</div>
</div>
</div>
--- a/src/main/scala/auth/WebIDSrvc.scala Mon Dec 19 13:23:20 2011 +0100
+++ b/src/main/scala/auth/WebIDSrvc.scala Mon Dec 19 18:02:50 2011 +0100
@@ -41,6 +41,7 @@
import java.lang.String
import xml._
import unfiltered.response._
+import java.security.interfaces.RSAPublicKey
object WebIDSrvc {
val dateFormat: SimpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
@@ -82,23 +83,29 @@
lazy val profilePg: Elem = XML.loadFile(new File(fileDir, "WebIdService.entry.html"))
def intent : Cycle.Intent[Req,Res] = {
- case req @ Path(Seg("srv" :: "idp":: file :: Nil)) => srvStaticFiles(file)
- case req @ Path("/srv/idp") & Params(RelyingParty(rp)) => req match {
- // we authenticate the user only if he has agreed to be authenticated on the page, which we know if the
- // request is a POST
- case POST(_) & X509Claim(claim: X509Claim) => { //repetition because of intellij scala 0.5.273 bug
- val pg = if ( claim.verified.size > 0 ) authenticatedPg else errorPg
- Ok ~> Html5(new ServiceTrans(rp,claim).apply(pg))
- }
- // nevertheless the user may have authenticated allready
+ case req @ Path(Seg("srv" :: "idp" :: next)) => { //easy partial function entry match
+ if (next!=Nil && next.size==1) srvStaticFiles(next.head)
+ else req match {
+ case Params(RelyingParty(rp)) => req match {
+ //GET=>The user just arrived on the page. We recuperated the X509 claim in case he has authenticated already
case GET(_) & XClaim(claim: XClaim) => {
val pg = claim match {
case NoClaim => profilePg
- case claim: X509Claim => if ( claim.verified.size > 0 ) authenticatedPg else errorPg
+ case claim: X509Claim => if (claim.verified.size > 0) authenticatedPg else errorPg
}
- Ok ~> Html5(new ServiceTrans(rp,claim).apply(pg))
+ Ok ~> Html5(new ServiceTrans(rp, claim).apply(pg))
+ }
+ //POST=> we authenticate the user because he has agreed to be authenticated on the page, which we know if the
+ // request is a POST
+ case POST(_) & X509Claim(claim: X509Claim) => {
+ //repetition because of intellij scala 0.5.273 bug
+ val pg = if (claim.verified.size > 0) authenticatedPg else errorPg
+ Ok ~> Html5(new ServiceTrans(rp, claim).apply(pg))
+ }
+ case _ => Ok ~> Html5(new ServiceTrans(rp, NoClaim).apply(errorPg))
+ }
+ case _ => Ok ~> Html5(aboutTransform.apply(aboutPg))
}
- case _ => Ok ~> Html5(aboutTransform(aboutPg))
}
}
@@ -123,7 +130,11 @@
override def toLocal(file: String) = "/template/webidp/idp/"+file
}
- object aboutTransform extends Transformer //todo: need to change public keys in template
+ object aboutTransform extends Transformer {
+ val key = signer.signingCert.getPublicKey.asInstanceOf[RSAPublicKey]
+ $(".modulus").contents = key.getModulus.toString(16)
+ $(".exponent").contents = key.getPublicExponent.toString
+ }
class ServiceTrans(relyingParty: URL, claim: XClaim) extends Transformer {
$(".webidform") { node =>
--- a/src/main/scala/auth/X509Cert.scala Mon Dec 19 13:23:20 2011 +0100
+++ b/src/main/scala/auth/X509Cert.scala Mon Dec 19 18:02:50 2011 +0100
@@ -59,7 +59,7 @@
}
class X509CertSigner(
- signingCert: X509Certificate,
+ val signingCert: X509Certificate,
signingKey: PrivateKey ) {
val WebID_DN="""O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority"""
@@ -82,9 +82,9 @@
*
* Create a self-signed X.509 Certificate
* @param subjectDN the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
- * @param pair the KeyPair
+ * @param subjectKey the public key for the subject
* @param days how many days from now the Certificate is valid for
- * @param algorithm the signing algorithm, eg "SHA1withRSA"
+ * @param webId a WebID to place in the Subject Alternative Name field of the Cert to be generated
*/
def generate(
subjectDN: String,
Binary file src/test/resources/KEYSTORE.jks has changed