3 fixes: trySome return None if value is null, X509Cert contradiction is removed (noticed on WebIDXG mailing list), certificates don't pass if they are not valid
--- a/src/main/scala/auth/Authz.scala Thu Nov 17 14:43:16 2011 +0100
+++ b/src/main/scala/auth/Authz.scala Sun Nov 20 01:10:35 2011 +0100
@@ -23,16 +23,13 @@
package org.w3.readwriteweb.auth
-import unfiltered.filter.Plan
import unfiltered.request._
import collection.JavaConverters._
import javax.security.auth.Subject
import java.net.URL
-import com.hp.hpl.jena.query.{QueryExecutionFactory, QueryExecution, QuerySolutionMap, QueryFactory}
-import sun.management.resources.agent
+import com.hp.hpl.jena.query.{QueryExecutionFactory, QuerySolutionMap, QueryFactory}
import unfiltered.response.{ResponseFunction, Unauthorized}
-import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
-import com.hp.hpl.jena.rdf.model.{RDFNode, ResourceFactory}
+import com.hp.hpl.jena.rdf.model.ResourceFactory
import org.w3.readwriteweb.{Authoritative, Resource, ResourceManager, WebCache}
import org.w3.readwriteweb.util.HttpMethod
@@ -46,10 +43,10 @@
implicit def x509toSubject(x509c: X509Claim)(implicit cache: WebCache): Subject = {
val subject = new Subject()
subject.getPublicCredentials.add(x509c)
- val verified = for (
- claim <- x509c.webidclaims if (claim.verified)
- ) yield claim.principal
- subject.getPrincipals.addAll(verified.asJava)
+ if (x509c.isCurrent()) {
+ val verified = x509c.verifiedClaims.map(claim => claim.principal)
+ subject.getPrincipals.addAll(verified.asJava)
+ }
subject
}
}
@@ -91,9 +88,9 @@
class RDFAuthZ[Request, Response](val webCache: WebCache, rm: ResourceManager)
(implicit val m: Manifest[Request]) extends AuthZ[Request,Response] {
-
+
import AuthZ.x509toSubject
-
+
implicit val cache: WebCache = webCache
def subject(req: Req) = req match {
@@ -174,12 +171,3 @@
}
-class ResourceGuard(path: String, reqMethod: Method) {
-
- def allow(subjFunc: () => Option[Subject]) = {
- subjFunc().isEmpty
- }
-}
-
-
-
--- a/src/main/scala/auth/X509Cert.scala Thu Nov 17 14:43:16 2011 +0100
+++ b/src/main/scala/auth/X509Cert.scala Sun Nov 20 01:10:35 2011 +0100
@@ -69,6 +69,8 @@
*
* WARNING THIS IS in construction
*
+ * Look in detail at http://www.ietf.org/rfc/rfc2459.txt
+ *
* Create a self-signed X.509 Certificate
* @param subjectDN the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
@@ -116,7 +118,7 @@
import KeyUsageExtension._
val keyUsage = new KeyUsageExtension
val usages =
- List(DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, KEY_AGREEMENT, KEY_CERTSIGN)
+ List(DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, KEY_AGREEMENT)
usages foreach { usage => keyUsage.set(usage, true) }
extensions.set(keyUsage.getName,keyUsage)
}
--- a/src/main/scala/util/package.scala Thu Nov 17 14:43:16 2011 +0100
+++ b/src/main/scala/util/package.scala Sun Nov 20 01:10:35 2011 +0100
@@ -41,7 +41,8 @@
// I wonder if this is already defined somewhere...
def trySome[T](body: => T): Option[T] =
try {
- Option(body)
+ val res = body;
+ if (res == null) None else Option(res)
} catch {
case _ => None
}