Made the idp entry page look good by using unfiltered styles. webid
authorHenry Story <henry.story@bblfish.net>
Mon, 19 Dec 2011 18:02:50 +0100
branchwebid
changeset 153 37dd439c9383
parent 152 5df9d155c38d
child 154 697b8fe7cb0d
Made the idp entry page look good by using unfiltered styles.
src/main/resources/template/WebIdService.about.xhtml
src/main/resources/template/webidp/WebIdService.about.html
src/main/resources/template/webidp/WebIdService.about.xhtml
src/main/resources/template/webidp/WebIdService.entry.html
src/main/scala/auth/WebIDSrvc.scala
src/main/scala/auth/X509Cert.scala
src/test/resources/KEYSTORE.jks
--- a/src/main/resources/template/WebIdService.about.xhtml	Mon Dec 19 13:23:20 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head id="head">
-	<title>WebId Identity Provider Info Page</title>
-	<script src="/public/logout.js" type="text/javascript" />
-</head>
-<body>
-
-<div id="tx-content">
-    <p>This is a simple Identity Provider for <a href="http://webid.info/spec">WebID</a>. It is meant to help
-        sites that would like to provide WebID authentication to their users quickly.</p>
-    <p>If you are hosting such a site then you can rely on this service to help authenticate your users with WebID,
-        without your needing to set up https on your server. When you are satisfied of its usefulness you can deploy it
-        to your site.</p>
-    <p>There are two stages to get going. First you need to create the login button linking to this service. Then you need to
-        understand how to interpret what will be returned, so that you can write a script to authenticate
-        your users with the given WebID - ie, set a cookie for them.</p>
-
-    <h2>Create your login link</h2>
-    <p>Create a login button or link that points to this service. This needs to contain an attribute as a URL to a
-        script on your site so that we can send you the response. This will be done by redirecting the user's browser
-        with a signed response containing his WebID. To create such a link enter the URL of your login service here:</p>
-    <form action="" method="get">Requesting auth service URL:
-        <input name="rs" size="80" type="text" />
-        <input type="submit" value="Log into this service provider" />
-    </form>
-    <p>By clicking on the form you will land on a page whose URL is the one you should enter into your
-        login button/link. You will also see what identity you were logged in as, and given some options to change
-        it.
-    </p>
-
-    <h2>Understanding the response</h2>
-    <p>The redirected to URL is constructed on the following pattern: </p>
-    <pre><b>$relyingService?webid=$webid&amp;ts=$timeStamp</b>&amp;sig=$URLSignature</pre>
-    <p>Where the above variables have the following meanings: </p>
-    <ul>
-        <li><code>$relyingService</code> is the URL passed by the server in
-            the initial request as the <code>rs</code> parameter, and is the service to which the response is sent.</li>
-        <li><code>$webid</code> is the WebID of the user connecting.</li>
-        <li><code>$timeStamp</code> is a time stamp in XML Schema format
-            (same as used by Atom). This is needed to reduce the ease of developing
-            replay attacks.</li>
-        <li><code>$URLSignature</code> is the signature of the whole URL
-            in bold above using the public key shown below, and encoded in a
-            <a href="http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html#encodeBase64URLSafeString%28byte[]%29">URL friendly base64</a> encoding.</li>
-    </ul>
-
-    <h3>Error responses</h3>
-    <p>In case of error the service gets redirected to <code>$relyingService?error=$code</code>Where
-        $code can be either one of</p>
-    <ul>
-        <li><code>nocert</code>: when the client has no cert. </li>
-        <li><code>noVerifiedWebId</code>: no verified WebId was found in the certificate</li>
-        <li><code>noWebId</code>: todo: show this error when there are no webids at all</li>
-        <li><code>IdPError</code>: for some error in the IdP setup. Warn
-            the IdP administrator!</li>
-        <li>other messages, not standardised yet</li>
-    </ul>
-
-    <h2>Verifiying the WebId</h2>
-
-    <p>In order for the Relying Party to to be comfortable that the returned WebId
-        was not altered in transit, the whole URL is signed by this server as
-        shown above. Here are the public keys and algorithms this us using:</p>
-
-
-    <p>The signature uses the RSA with SHA-1 algorithm.</p>
-
-    <p>The public key used by this service that verifies the signature is: </p>
-
-    <ul>
-        <li>Key Type: <pre>http://www.w3.org/ns/auth/rsa#RSAPublicKey</pre></li>
-        <li>public exponent (decimal): <pre>65537</pre> </li>
-        <li>modulus (decimal):<br />
-           <pre>84:56:e8:8b:04:b9:1f:3b:10:00:07:ab:18:e8:fc:66:4e:aa:bc:47:f6:
-41:56:ab:96:6f:9c:d5:fc:5d:e9:fd:ce:a1:0f:5e:ce:26:f5:2e:35:e2:
-b7:0f:b3:db:17:0b:1b:c9:73:69:39:8a:39:4d:23:c3:b2:99:a7:a5:8b:
-5b:a8:2a:84:05:a3:d8:14:35:2e:49:7d:47:b6:80:52:90:37:ca:99:39:
-da:08:a4:f2:ef:f9:26:25:a9:4e:dd:44:57:df:43:3f:95:cd:cf:34:3f:
-41:58:e4:bc:19:63:ad:8f:b5:65:e3:3e:5e:d2:b3:19:f6:ca:ed:e5:a1:
-e7:cd:f1:9f:70:04:ea:66:a9:ad:77:cb:02:8d:c1:8d:45:89:39:07:b4:
-54:71:98:82:b0:55:39:c4:50:ad:24:3a:df:8f:df:fa:39:36:da:d9:98:
-65:1c:dd:4d:3f:d9:09:a7:5e:2d:de:cd:af:22:1e:25:b1:2e:d1:6d:74:
-e4:96:2f:2a:87:5a:c1:23:37:ff:38:ed:e1:f5:c5:20:fc:81:cf:cb:c7:
-1e:61:d1:77:6b:32:0d:6a:94:cb:8e:98:55:07:ea:09:f5:01:75:79:07:
-6e:f5:50:06:d0:1f:bd:11:94:85:86:c5:42:6f:76:e9:a9:fa:cf:db:91:
-13:92:c2:69:
-</pre>
-        </li>
-    </ul>
-
-    <p>For ease of use, depending on which tool you use, here is the public key in a PEM format:</p>
-<pre>
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFboiwS5HzsQAAerGOj8
-Zk6qvEf2QVarlm+c1fxd6f3OoQ9ezib1LjXitw+z2xcLG8lzaTmKOU0jw7KZp6WL
-W6gqhAWj2BQ1Lkl9R7aAUpA3ypk52gik8u/5JiWpTt1EV99DP5XNzzQ/QVjkvBlj
-rY+1ZeM+XtKzGfbK7eWh583xn3AE6maprXfLAo3BjUWJOQe0VHGYgrBVOcRQrSQ6
-34/f+jk22tmYZRzdTT/ZCadeLd7NryIeJbEu0W105JYvKodawSM3/zjt4fXFIPyB
-z8vHHmHRd2syDWqUy46YVQfqCfUBdXkHbvVQBtAfvRGUhYbFQm926an6z9uRE5LC
-aQIDAQAB
------END PUBLIC KEY-----
-</pre>
-</div>
-
-</body>
-</html>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/resources/template/webidp/WebIdService.about.html	Mon Dec 19 18:02:50 2011 +0100
@@ -0,0 +1,150 @@
+<!DOCTYPE html>
+<!--
+  ~ Copyright (c) 2011 Henry Story (bblfish.net)
+  ~ under the MIT licence defined at
+  ~    http://www.opensource.org/licenses/mit-license.html
+  -->
+<html>
+<head>
+    <title>WebID Authentication Service</title>
+    <script src="/public/logout.js" type="text/javascript"></script>
+    <!-- using unfiltered urls just because of super big hurry, replace them with local variants by new year -->
+    <link type="text/css" media="screen, projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/screen.css"/>
+    <link type="text/css" media="screen and (min-device-width: 800px), projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/grid.css"/>
+    <link type="text/css" media="print" rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/print.css"/>
+    <!--[if lt IE 8]>
+    <link rel="stylesheet" href="http://unfiltered.databinder.net/css/blueprint/ie.css" type="text/css" media="screen, projection"/>
+    <![endif]-->
+    <link type="text/css" media="screen, projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/pamflet.css"/>
+    <link type="text/css" media="print" rel="stylesheet" href="http://unfiltered.databinder.net/css/pamflet-print.css"/>
+    <link type="text/css" media="screen and (min-device-width: 800px), projection" rel="stylesheet" href="http://unfiltered.databinder.net/css/pamflet-grid.css"/>
+
+    <script src="js/jquery-1.6.2.min.js"></script>
+    <script src="js/pamflet.js"></script>
+    <script type="text/javascript" src="http://unfiltered.databinder.net/js/prettify/prettify.js"></script><script type="text/javascript" src="js/prettify/lang-scala.js"></script><link type="text/css" rel="stylesheet" href="css/prettify.css"/><script type="text/javascript"><!--
+        window.onload=function() { prettyPrint(); };
+      --></script>
+    <meta charset="utf-8"></meta>
+    <meta name="viewport" content="width=device-width, initial-scale=1"></meta>
+</head>
+<body>
+
+
+<a class="page prev nav" href="Plans+and+Intents.html">
+    <span class="space"></span>
+    <span class="flip">☯</span>
+</a><a class="page next nav" href="Project+Setup.html">
+    <span class="space"></span>
+    <span>☯</span>
+</a>
+
+<div class="container">
+    <div class="span-16 prepend-1 append-1">
+        <div class="top nav span-16 title">
+            <span>WebID Identity Provider</span>
+        </div>
+    </div>
+    <div class="span-16 prepend-1 append-1 contents">
+        <p>This is a simple Identity Provider for <a href="http://webid.info/spec">WebID</a>. It is meant to help
+            sites that would like to provide WebID authentication to their users quickly. .</p>
+
+        <p>If you are hosting such a site then you can rely on this service to help authenticate your users with WebID,
+            without your needing to set up https on your server. When you are satisfied of its usefulness you can deploy
+            it to your site.</p>
+
+        <p>There are two stages to get going. First you need to create the login button linking to this service. Then
+            you need to
+            understand how to interpret what will be returned, so that you can write a script to authenticate
+            your users with the given WebID - ie, set a cookie for them.</p>
+
+        <h2>Create your login link</h2>
+
+        <p>Create a login button or link that points to this service. This needs to contain an attribute as a URL to a
+            script on your site so that we can send you the response. This will be done by redirecting the user's
+            browser
+            with a signed response containing his WebID. To create such a link enter the URL of your login service
+            here:</p>
+
+        <form action="" method="get">Requesting auth service URL: <br/>
+            <input name="rs" size="80" type="text"/>
+            <input type="submit" value="Use this Service"/>
+        </form>
+        <p>By clicking on the form you will land on a page whose URL is the one you should enter into your
+            login button/link. You will also see what identity you were logged in as, and given some options to change
+            it.
+        </p>
+
+        <h2>Understanding the response</h2>
+
+        <p>The redirected to URL is constructed on the following pattern: </p>
+        <pre><b>$relyingService?webid=$webid&amp;ts=$timeStamp</b>&amp;sig=$URLSignature</pre>
+        <p>Where the above variables have the following meanings: </p>
+        <ul>
+            <li><code>$relyingService</code> is the URL passed by the server in
+                the initial request as the <code>rs</code> parameter, and is the service to which the response is sent.
+            </li>
+            <li><code>$webid</code> is the WebID of the user connecting.</li>
+            <li><code>$timeStamp</code> is a time stamp in XML Schema format
+                (same as used by Atom). This is needed to reduce the ease of developing
+                replay attacks.
+            </li>
+            <li><code>$URLSignature</code> is the signature of the whole URL
+                in bold above using the public key shown below, and encoded in a
+                <a href="http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html#encodeBase64URLSafeString%28byte[]%29">URL
+                    friendly base64</a> encoding.
+            </li>
+        </ul>
+
+        <h3>Error responses</h3>
+
+        <p>In case of error the service gets redirected to <code>$relyingService?error=$code</code>Where
+            $code can be either one of</p>
+        <ul>
+            <li><code>nocert</code>: when the client has no cert.</li>
+            <li><code>noVerifiedWebId</code>: no verified WebId was found in the certificate</li>
+            <li><code>noWebId</code>: todo: show this error when there are no webids at all</li>
+            <li><code>IdPError</code>: for some error in the IdP setup. Warn
+                the IdP administrator!
+            </li>
+            <li>other messages, not standardised yet</li>
+        </ul>
+
+        <h2>Verifiying the WebId</h2>
+
+        <p>In order for the Relying Party to to be comfortable that the returned WebId
+            was not altered in transit, the whole URL is signed by this server as
+            shown above. Here are the public keys and algorithms this us using:</p>
+
+
+        <p>The signature uses the RSA with SHA-1 algorithm.</p>
+
+        <p>The public key used by this service that verifies the signature is: </p>
+
+        <ul>
+            <li>Key Type:
+                <pre>http://www.w3.org/ns/auth/rsa#RSAPublicKey</pre>
+            </li>
+            <li>public exponent (decimal):
+                <pre class="exponent">65537</pre>
+            </li>
+            <li>modulus (decimal):<br/>
+           <pre class="modulus">84:56:e8:8b:04:b9:1f:3b:10:00:07:ab:18:e8:fc:66:4e:aa:bc:47:f6:
+41:56:ab:96:6f:9c:d5:fc:5d:e9:fd:ce:a1:0f:5e:ce:26:f5:2e:35:e2:
+b7:0f:b3:db:17:0b:1b:c9:73:69:39:8a:39:4d:23:c3:b2:99:a7:a5:8b:
+5b:a8:2a:84:05:a3:d8:14:35:2e:49:7d:47:b6:80:52:90:37:ca:99:39:
+da:08:a4:f2:ef:f9:26:25:a9:4e:dd:44:57:df:43:3f:95:cd:cf:34:3f:
+41:58:e4:bc:19:63:ad:8f:b5:65:e3:3e:5e:d2:b3:19:f6:ca:ed:e5:a1:
+e7:cd:f1:9f:70:04:ea:66:a9:ad:77:cb:02:8d:c1:8d:45:89:39:07:b4:
+54:71:98:82:b0:55:39:c4:50:ad:24:3a:df:8f:df:fa:39:36:da:d9:98:
+65:1c:dd:4d:3f:d9:09:a7:5e:2d:de:cd:af:22:1e:25:b1:2e:d1:6d:74:
+e4:96:2f:2a:87:5a:c1:23:37:ff:38:ed:e1:f5:c5:20:fc:81:cf:cb:c7:
+1e:61:d1:77:6b:32:0d:6a:94:cb:8e:98:55:07:ea:09:f5:01:75:79:07:
+6e:f5:50:06:d0:1f:bd:11:94:85:86:c5:42:6f:76:e9:a9:fa:cf:db:91:
+13:92:c2:69:
+</pre>
+            </li>
+        </ul>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
--- a/src/main/resources/template/webidp/WebIdService.about.xhtml	Mon Dec 19 13:23:20 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head id="head">
-	<title>WebId Identity Provider Info Page</title>
-	<script src="/public/logout.js" type="text/javascript" />
-</head>
-<body>
-
-<div id="tx-content">
-    <p>This is a simple Identity Provider for <a href="http://webid.info/spec">WebID</a>. It is meant to help
-        sites that would like to provide WebID authentication to their users quickly.</p>
-    <p>If you are hosting such a site then you can rely on this service to help authenticate your users with WebID,
-        without your needing to set up https on your server. When you are satisfied of its usefulness you can deploy it
-        to your site.</p>
-    <p>There are two stages to get going. First you need to create the login button linking to this service. Then you need to
-        understand how to interpret what will be returned, so that you can write a script to authenticate
-        your users with the given WebID - ie, set a cookie for them.</p>
-
-    <h2>Create your login link</h2>
-    <p>Create a login button or link that points to this service. This needs to contain an attribute as a URL to a
-        script on your site so that we can send you the response. This will be done by redirecting the user's browser
-        with a signed response containing his WebID. To create such a link enter the URL of your login service here:</p>
-    <form action="" method="get">Requesting auth service URL:
-        <input name="rs" size="80" type="text" />
-        <input type="submit" value="Log into this service provider" />
-    </form>
-    <p>By clicking on the form you will land on a page whose URL is the one you should enter into your
-        login button/link. You will also see what identity you were logged in as, and given some options to change
-        it.
-    </p>
-
-    <h2>Understanding the response</h2>
-    <p>The redirected to URL is constructed on the following pattern: </p>
-    <pre><b>$relyingService?webid=$webid&amp;ts=$timeStamp</b>&amp;sig=$URLSignature</pre>
-    <p>Where the above variables have the following meanings: </p>
-    <ul>
-        <li><code>$relyingService</code> is the URL passed by the server in
-            the initial request as the <code>rs</code> parameter, and is the service to which the response is sent.</li>
-        <li><code>$webid</code> is the WebID of the user connecting.</li>
-        <li><code>$timeStamp</code> is a time stamp in XML Schema format
-            (same as used by Atom). This is needed to reduce the ease of developing
-            replay attacks.</li>
-        <li><code>$URLSignature</code> is the signature of the whole URL
-            in bold above using the public key shown below, and encoded in a
-            <a href="http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html#encodeBase64URLSafeString%28byte[]%29">URL friendly base64</a> encoding.</li>
-    </ul>
-
-    <h3>Error responses</h3>
-    <p>In case of error the service gets redirected to <code>$relyingService?error=$code</code>Where
-        $code can be either one of</p>
-    <ul>
-        <li><code>nocert</code>: when the client has no cert. </li>
-        <li><code>noVerifiedWebId</code>: no verified WebId was found in the certificate</li>
-        <li><code>noWebId</code>: todo: show this error when there are no webids at all</li>
-        <li><code>IdPError</code>: for some error in the IdP setup. Warn
-            the IdP administrator!</li>
-        <li>other messages, not standardised yet</li>
-    </ul>
-
-    <h2>Verifiying the WebId</h2>
-
-    <p>In order for the Relying Party to to be comfortable that the returned WebId
-        was not altered in transit, the whole URL is signed by this server as
-        shown above. Here are the public keys and algorithms this us using:</p>
-
-
-    <p>The signature uses the RSA with SHA-1 algorithm.</p>
-
-    <p>The public key used by this service that verifies the signature is: </p>
-
-    <ul>
-        <li>Key Type: <pre>http://www.w3.org/ns/auth/rsa#RSAPublicKey</pre></li>
-        <li>public exponent (decimal): <pre>65537</pre> </li>
-        <li>modulus (decimal):<br />
-           <pre>84:56:e8:8b:04:b9:1f:3b:10:00:07:ab:18:e8:fc:66:4e:aa:bc:47:f6:
-41:56:ab:96:6f:9c:d5:fc:5d:e9:fd:ce:a1:0f:5e:ce:26:f5:2e:35:e2:
-b7:0f:b3:db:17:0b:1b:c9:73:69:39:8a:39:4d:23:c3:b2:99:a7:a5:8b:
-5b:a8:2a:84:05:a3:d8:14:35:2e:49:7d:47:b6:80:52:90:37:ca:99:39:
-da:08:a4:f2:ef:f9:26:25:a9:4e:dd:44:57:df:43:3f:95:cd:cf:34:3f:
-41:58:e4:bc:19:63:ad:8f:b5:65:e3:3e:5e:d2:b3:19:f6:ca:ed:e5:a1:
-e7:cd:f1:9f:70:04:ea:66:a9:ad:77:cb:02:8d:c1:8d:45:89:39:07:b4:
-54:71:98:82:b0:55:39:c4:50:ad:24:3a:df:8f:df:fa:39:36:da:d9:98:
-65:1c:dd:4d:3f:d9:09:a7:5e:2d:de:cd:af:22:1e:25:b1:2e:d1:6d:74:
-e4:96:2f:2a:87:5a:c1:23:37:ff:38:ed:e1:f5:c5:20:fc:81:cf:cb:c7:
-1e:61:d1:77:6b:32:0d:6a:94:cb:8e:98:55:07:ea:09:f5:01:75:79:07:
-6e:f5:50:06:d0:1f:bd:11:94:85:86:c5:42:6f:76:e9:a9:fa:cf:db:91:
-13:92:c2:69:
-</pre>
-        </li>
-    </ul>
-
-    <p>For ease of use, depending on which tool you use, here is the public key in a PEM format:</p>
-<pre>
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFboiwS5HzsQAAerGOj8
-Zk6qvEf2QVarlm+c1fxd6f3OoQ9ezib1LjXitw+z2xcLG8lzaTmKOU0jw7KZp6WL
-W6gqhAWj2BQ1Lkl9R7aAUpA3ypk52gik8u/5JiWpTt1EV99DP5XNzzQ/QVjkvBlj
-rY+1ZeM+XtKzGfbK7eWh583xn3AE6maprXfLAo3BjUWJOQe0VHGYgrBVOcRQrSQ6
-34/f+jk22tmYZRzdTT/ZCadeLd7NryIeJbEu0W105JYvKodawSM3/zjt4fXFIPyB
-z8vHHmHRd2syDWqUy46YVQfqCfUBdXkHbvVQBtAfvRGUhYbFQm926an6z9uRE5LC
-aQIDAQAB
------END PUBLIC KEY-----
-</pre>
-</div>
-
-</body>
-</html>
\ No newline at end of file
--- a/src/main/resources/template/webidp/WebIdService.entry.html	Mon Dec 19 13:23:20 2011 +0100
+++ b/src/main/resources/template/webidp/WebIdService.entry.html	Mon Dec 19 18:02:50 2011 +0100
@@ -6,8 +6,9 @@
   -->
 <html>
 <head>
-<title>WebID Authentication Service</title>
-<link rel="stylesheet" type="text/css" href="idp/production.min.css"/>
+    <title>WebID Authentication Service</title>
+    <link rel="stylesheet" type="text/css" href="idp/production.min.css"/>
+    <script src="/public/logout.js" type="text/javascript"></script>
 </head>
 
 <body class="form">
@@ -35,7 +36,7 @@
                         <img class="depiction" src="idp/profile_anonymous.png"/>
                         <div class="form_section">
                             <div class="submit cf">
-                                <input type="submit" class="button" tabindex="3" value="sign in"/>
+                                <input type="submit" class="button" tabindex="3" value="sign in" onclick="logout()"/>
                             </div>
                         </div>
                     </div>
--- a/src/main/scala/auth/WebIDSrvc.scala	Mon Dec 19 13:23:20 2011 +0100
+++ b/src/main/scala/auth/WebIDSrvc.scala	Mon Dec 19 18:02:50 2011 +0100
@@ -41,6 +41,7 @@
 import java.lang.String
 import xml._
 import unfiltered.response._
+import java.security.interfaces.RSAPublicKey
 
 object WebIDSrvc {
   val dateFormat: SimpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
@@ -82,23 +83,29 @@
   lazy val profilePg: Elem = XML.loadFile(new File(fileDir, "WebIdService.entry.html"))
 
   def intent : Cycle.Intent[Req,Res] = {
-    case req @ Path(Seg("srv" :: "idp":: file :: Nil)) => srvStaticFiles(file)
-    case req @ Path("/srv/idp") & Params(RelyingParty(rp))  => req match {
-          // we authenticate the user only if he has agreed to be authenticated on the page, which we know if the
-          // request is a POST
-          case POST(_) & X509Claim(claim: X509Claim) => { //repetition because of intellij scala 0.5.273 bug
-            val pg = if ( claim.verified.size > 0 ) authenticatedPg else errorPg 
-            Ok ~> Html5(new ServiceTrans(rp,claim).apply(pg))
-          }
-          // nevertheless the user may have authenticated allready
+    case req @ Path(Seg("srv" :: "idp" :: next))  => { //easy partial function entry match
+      if (next!=Nil && next.size==1) srvStaticFiles(next.head)
+      else req match {
+        case Params(RelyingParty(rp)) => req match {
+          //GET=>The user just arrived on the page. We recuperated the X509 claim in case he has authenticated already
           case GET(_) & XClaim(claim: XClaim) => {
             val pg = claim match {
               case NoClaim => profilePg
-              case claim: X509Claim => if ( claim.verified.size > 0 ) authenticatedPg else errorPg
+              case claim: X509Claim => if (claim.verified.size > 0) authenticatedPg else errorPg
             }
-            Ok ~> Html5(new ServiceTrans(rp,claim).apply(pg))
+            Ok ~> Html5(new ServiceTrans(rp, claim).apply(pg))
+          }
+          //POST=> we authenticate the user because he has agreed to be authenticated on the page, which we know if the
+          // request is a POST
+          case POST(_) & X509Claim(claim: X509Claim) => {
+            //repetition because of intellij scala 0.5.273 bug
+            val pg = if (claim.verified.size > 0) authenticatedPg else errorPg
+            Ok ~> Html5(new ServiceTrans(rp, claim).apply(pg))
+          }
+          case _ => Ok ~> Html5(new ServiceTrans(rp, NoClaim).apply(errorPg))
+        }
+        case _ => Ok ~> Html5(aboutTransform.apply(aboutPg))
       }
-      case _ => Ok ~> Html5(aboutTransform(aboutPg))
     }
 
   }
@@ -123,7 +130,11 @@
     override def toLocal(file: String) = "/template/webidp/idp/"+file
   }
   
-  object aboutTransform extends Transformer //todo: need to change public keys in template
+  object aboutTransform extends Transformer {
+    val key = signer.signingCert.getPublicKey.asInstanceOf[RSAPublicKey]
+    $(".modulus").contents = key.getModulus.toString(16)
+    $(".exponent").contents = key.getPublicExponent.toString
+  }
 
   class ServiceTrans(relyingParty: URL, claim: XClaim) extends Transformer {
     $(".webidform") { node =>
--- a/src/main/scala/auth/X509Cert.scala	Mon Dec 19 13:23:20 2011 +0100
+++ b/src/main/scala/auth/X509Cert.scala	Mon Dec 19 18:02:50 2011 +0100
@@ -59,7 +59,7 @@
 }
 
 class X509CertSigner(
-    signingCert: X509Certificate,
+    val signingCert: X509Certificate,
     signingKey: PrivateKey ) {
   val WebID_DN="""O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority"""
 
@@ -82,9 +82,9 @@
    *
    * Create a self-signed X.509 Certificate
    * @param subjectDN the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
-   * @param pair the KeyPair
+   * @param subjectKey the public key for the subject
    * @param days how many days from now the Certificate is valid for
-   * @param algorithm the signing algorithm, eg "SHA1withRSA"
+   * @param webId a WebID to place in the Subject Alternative Name field of the Cert to be generated
    */
   def generate(
       subjectDN: String,
Binary file src/test/resources/KEYSTORE.jks has changed