Mercurial > hg > read-write-web / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset
We can now create a WebId, and limit access control to a file. webid
authorHenry Story <henry.story@bblfish.net>
Thu, 27 Oct 2011 01:06:22 +0200
branchwebid
changeset 102 9ca474c333e8
parent 101 0e91da4bc405
child 103 c0bf9b280888
We can now create a WebId, and limit access control to a file.
src/main/scala/auth/Authz.scala
src/main/scala/auth/X509Cert.scala
src/test/scala/auth/CreateWebIDSpec.scala 
--- a/src/main/scala/auth/Authz.scala	Wed Oct 26 16:12:18 2011 +0200
+++ b/src/main/scala/auth/Authz.scala	Thu Oct 27 01:06:22 2011 +0200
@@ -140,9 +140,11 @@
     import org.w3.readwriteweb.util.wrapValidation
     import org.w3.readwriteweb.util.ValidationW
 
+    lazy val dir = path.substring(0,path.lastIndexOf('/')+1) // we assume it always starts with /
+
 
     def allow(subj: () => Option[Subject]) = {
-      val resurl = "file://local"+path + ".protect.n3"
+      val resurl = "file://local"+dir + ".meta.n3"
       val r: Resource = rm.resource(new URL(resurl))
       val res: ValidationW[Boolean,Boolean] = for {
         model <- r.get() failMap { x => true }
--- a/src/main/scala/auth/X509Cert.scala	Wed Oct 26 16:12:18 2011 +0200
+++ b/src/main/scala/auth/X509Cert.scala	Thu Oct 27 01:06:22 2011 +0200
@@ -31,6 +31,7 @@
 import java.util.Date
 import java.math.BigInteger
 import java.security.{SecureRandom, KeyPair}
+import java.net.URL
 import sun.security.x509._
 
 object X509Cert {
@@ -50,7 +51,8 @@
    */
     def generate_self_signed(issuerDN: String,
                  pair: KeyPair,
-                 days: Int, 
+                 days: Int,
+                 webId: URL,
                  algorithm: String="SHA1withRSA"): X509Certificate = {
       var info = new X509CertInfo
       val from = new Date
@@ -64,9 +66,13 @@
       info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner))
       info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic))
       info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3))
-      val algo: AlgorithmId = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)
+      val extensions = new CertificateExtensions();
+      val san = new SubjectAlternativeNameExtension(new GeneralNames().add(new GeneralName(new URIName(webId.toExternalForm))))
+      extensions.set(san.getName,san)
+      info.set(X509CertInfo.EXTENSIONS,extensions)
+      val algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)
       info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo))
-      var cert: X509CertImpl = new X509CertImpl(info)
+      var cert = new X509CertImpl(info)
       cert.sign(pair.getPrivate, algorithm)
       val sigAlgo = cert.get(X509CertImpl.SIG_ALG).asInstanceOf[AlgorithmId]
       info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, sigAlgo)
--- a/src/test/scala/auth/CreateWebIDSpec.scala	Wed Oct 26 16:12:18 2011 +0200
+++ b/src/test/scala/auth/CreateWebIDSpec.scala	Thu Oct 27 01:06:22 2011 +0200
@@ -34,6 +34,7 @@
 import java.security._
 import interfaces.RSAPublicKey
 import org.w3.readwriteweb.{RDFXML, TURTLE}
+import java.net.URL
 
 /**
  * @author hjs
@@ -45,9 +46,11 @@
   lazy val webidProfileDir = peopleDirUri / "Lambda/"
   lazy val webidProfile = webidProfileDir / "Joe"
   lazy val joeProfileOnDisk = new File(root,"people/Lambda/Joe")
+  lazy val lambdaMetaURI = webidProfileDir/".meta.n3"
 
   lazy val directory = new File(root, "people")
   lazy val lambdaDir = new File(directory,"Lambda")
+  lazy val lambdaMeta = new File(lambdaDir,".meta.n3")
 
 {
   val  sslContext = javax.net.ssl.SSLContext.getInstance("TLS");
@@ -88,8 +91,10 @@
   rsagen.initialize(512)
   val rsaKP = rsagen.generateKeyPair()
   val certFct = CertificateFactory.getInstance("X.509")
-  val testCert = X509Cert.generate_self_signed("CN=RoboTester, OU=DIG, O=W3C",rsaKP,1)
-  val testCertPk: RSAPublicKey = testCert.getPublicKey.asInstanceOf[RSAPublicKey]
+  val webID = new URL(webidProfile.secure.to_uri + "#me")
+  val testCert = X509Cert.generate_self_signed("CN=RoboTester, OU=DIG, O=W3C", rsaKP, 1, webID)
+
+  val testCertPk = testCert.getPublicKey.asInstanceOf[RSAPublicKey]
   
   "PUTing nothing on /people/" should {
        "return a 201" in {
@@ -101,7 +106,7 @@
        }
    }
   
-  
+
   "PUTing nothing on /people/Lambda/" should { // but should it really? Should it not create a resource too? Perhaps index.html?
      "return a 201" in {
        val httpCode = Http(webidProfileDir.secure.put(TURTLE, "") get_statusCode)
@@ -141,6 +146,37 @@
      }
    }
 
+  val aclRestriction = """
+  @prefix acl: <http://www.w3.org/ns/auth/acl#> .
+  @prefix : <#> .
+
+  :a1 a acl:Authorization;
+     acl:accessTo <foaf.n3>;
+     acl:mode acl:Read;
+     acl:agent <%s> .
+  """
+
+
+  "PUT access control statements in directory" should {
+    "return a 201" in {
+      val httpCode = Http( lambdaMetaURI.secure.put(TURTLE, aclRestriction.format(webID.toExternalForm)) get_statusCode )
+       httpCode must_== 201
+    }
+
+    "create a resource on disk" in {
+       lambdaMeta must be file
+    }
+    "make the initial resource inaccessible to anyone other than the user" in {
+      val httpCode = Http.when(_ == 401)(webidProfile.secure.get get_statusCode)
+      httpCode must_== 401
+    }
+//    "access it as the user" in {
+//    ok so here we have to set the client certificate for the connection only.
+//      Http.client.getConnectionManager.
+//    }
+
+  }
+
 
 
 }
\ No newline at end of file
read-write-web

Hosted by W3C Systems Team, please report bugs to sysreq@w3.org