Wiki source code of Create your WebId Certificate
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | {{velocity}} | ||
2 | $xwiki.jsx.use("WebId.CreateCert") | ||
3 | {{html}} | ||
4 | <script type="text/javascript"> | ||
5 | document.observe("dom:loaded", function() { | ||
6 | configurePage(); | ||
7 | }); | ||
8 | if (typeof XMLHttpRequest == "undefined") { | ||
9 | XMLHttpRequest = function () { | ||
10 | try { return new ActiveXObject("Msxml2.XMLHTTP.6.0"); } | ||
11 | catch (e1) {} | ||
12 | try { return new ActiveXObject("Msxml2.XMLHTTP.3.0"); } | ||
13 | catch (e2) {} | ||
14 | try { return new ActiveXObject("Msxml2.XMLHTTP"); } | ||
15 | catch (e3) {} | ||
16 | //Microsoft.XMLHTTP points to Msxml2.XMLHTTP.3.0 and is redundant | ||
17 | throw new Error("This browser does not support XMLHttpRequest."); | ||
18 | }; | ||
19 | } | ||
20 | </script> | ||
21 | {{/html}} | ||
22 | #set ( $nodebug = $request.getParameter("nodebug") ) | ||
23 | #set( $foafssl = $services.foafssl ) | ||
24 | #set( $homepage = $xwiki.getDocument($context.user) ) | ||
25 | #set( $addKey = true ) | ||
26 | $xwiki.jsx.use("WebId.CreateCert") | ||
27 | |||
28 | #set( $incomplete = ($request.getParameterMap().isEmpty() || $nodebug) ) | ||
29 | |||
30 | #if(! $!xwiki.exists("WebId.RSAPubKeyClass")) | ||
31 | |||
32 | You need to create the WebId.RSAPubKeyClass | ||
33 | It should come with this installation's XAR file. If not you can [[create it here>>WebId.RSAPubKeyClass]] with the following properties: | ||
34 | * A hexModulus TextArea | ||
35 | * An intExponent NumberField | ||
36 | * A name String Field | ||
37 | * A validTo and validFrom date Field | ||
38 | #elseif ( $incomplete ) | ||
39 | {{html clean="false"}} | ||
40 | <div id="iehelptext" style="display: none;"> | ||
41 | <p>Using Internet Explorer under Windows Vista or above or Windows | ||
42 | Server 2008, you need to configure the following for this to work:</p> | ||
43 | <ul> | ||
44 | <li>Add this site to the <i>Trusted Sites</i> list: in Internet | ||
45 | Options -> Security -> Trusted Sites -> Sites -> Add ...</li> | ||
46 | <li>You may need to configure the trust level (in this tab), using | ||
47 | <i>Custom Level...</i>: enable <i>Initialize and script ActiveX | ||
48 | controls not marked as safe for scripting</i>.</li> | ||
49 | <li>If you are using Windows Vista without SP1 or above, you will | ||
50 | probably need to install <a href="cacert.crt">this certificate</a> as a | ||
51 | Trusted Root Certification Authority Certificate for your own | ||
52 | certificate installation to succeed. You should probably remove that | ||
53 | trusted root CA certificate afterwards.</li> | ||
54 | </ul> | ||
55 | </div> | ||
56 | |||
57 | <form id="keygenform" action="" method="post"> | ||
58 | <table width="95%"> | ||
59 | <tr> | ||
60 | <td>Common Name: </td> | ||
61 | #set($cn = $request.getParameter("cn")) | ||
62 | <td><input name="cn" size="30" id="cn" type="text" value="$!cn" /></td> | ||
63 | </tr> | ||
64 | <tr> | ||
65 | <td>WebID: </td> | ||
66 | <td><input name="webid" size="60" id="webid" type="text" value="${homepage.getExternalURL()}#me"/></td> | ||
67 | </tr> | ||
68 | <tr> | ||
69 | <td>Key strength: </td> | ||
70 | <td id="keystrenghtd"><keygen id="spkac" name="spkac" challenge="TheChallenge1"/></td> | ||
71 | </tr> | ||
72 | <tr> | ||
73 | <td>Valid for: <br/> | ||
74 | (defaults to 1 year)</td> | ||
75 | <td><input type="text" name="hours" value="0.0" size="4"/> hours<br/> | ||
76 | <input type="text" name="days" value="356" size="4"/> days </td> | ||
77 | </tr> | ||
78 | #if (!$nodebug) | ||
79 | <tr> | ||
80 | <td>Debug: </td> | ||
81 | <td><input type="checkbox" name="viewParams" value="yes" /> view parameters<br/> | ||
82 | <input type="checkbox" name="showCert" value="yes" /> show certificate<br/> | ||
83 | <input type="checkbox" name="makeKeyObj" value="yes" /> create local objects<br/> | ||
84 | <input type="checkbox" name="nodebug" value="yes" /> simulate input from a personal profile document<br/> | ||
85 | </td> | ||
86 | </tr> | ||
87 | #end | ||
88 | <tr> | ||
89 | <td colspan="2"> | ||
90 | #if ($nodebug) | ||
91 | Clicking the submit button will start the following sequence of events: | ||
92 | #else | ||
93 | If none of the above debug options are checked then the following will happen on clicking submit: | ||
94 | #end | ||
95 | <ol> | ||
96 | <li>your browser will create a public/private key pair</li> | ||
97 | <li>send us your public key, in what is known as a <a href="http://en.wikipedia.org/wiki/Certification_request">certification request</a> along with information from the form above</li> | ||
98 | <li>we will create a certificate with the parameters specified</li> | ||
99 | <li>it will be returned to you and your browser will match it with your private key and add the pair to your keychain</li> | ||
100 | <li>a <a href="$xwiki.getDocument('WebId.RSAPubKeyClass').getURL('edit','editor=class')">WebId.RSAPubKeyClass</a> object will be created in <a href="$homepage.getURL()">your public profile</a>, which you will then see clearly in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>. Your profile should also have an RDF view of the key.</li> | ||
101 | </ol> | ||
102 | </td> | ||
103 | </tr> | ||
104 | </table> | ||
105 | <input id="keygensubmit" type="submit" value="submit certificate request" /> | ||
106 | </form> | ||
107 | <p>To test your certificate try some of <a href="http://esw.w3.org/topic/foaf+ssl/RelyingParties">the services listed here</a>.</p> | ||
108 | {{/html}} | ||
109 | #elseif($request.getParameter('viewParams') eq "yes") | ||
110 | #foreach($key in $request.parameterNames) | ||
111 | $key = $request.getParameter($key) | ||
112 | #end | ||
113 | #set( $addKey = false ) | ||
114 | #end | ||
115 | |||
116 | #if (!$nodebug) #### if we come from the user's page we don't create a key | ||
117 | |||
118 | #if( $request.csrdata ) ## for Microsoft Browsers (see javascript rewriting of html) | ||
119 | #set( $cert = $foafssl.createFromPEM( $request.csrdata ) ) | ||
120 | #elseif( $request.spkac ) | ||
121 | #set( $cert = $foafssl.createFromSpkac( $request.spkac ) ) | ||
122 | #end | ||
123 | #if ($cert) | ||
124 | #set( $pk = $cert.getSubjectPublicKey() ) | ||
125 | |||
126 | $cert.setSubjectWebID( $request.webid ) | ||
127 | $cert.setSubjectCommonName( $request.cn ) | ||
128 | |||
129 | #set ($hours = $request.getParameter('hours') ) | ||
130 | $cert.startEarlier("2") | ||
131 | |||
132 | #if ($hours && $hours ne "") | ||
133 | $cert.addDurationInHours( $hours) | ||
134 | #end | ||
135 | |||
136 | #set ($days = $request.getParameter('days') ) | ||
137 | #if ($days && $days ne "") | ||
138 | $cert.addDurationInDays( $days ) | ||
139 | #end | ||
140 | |||
141 | #set($s = $cert.getSerialisation()) | ||
142 | |||
143 | #if( $request.getParameter('showCert') eq "yes") | ||
144 | The certificate that would have been sent back to you is: | ||
145 | mime-type: $s.getMimeType() | ||
146 | Content-Length: $s.getLength() | ||
147 | |||
148 | cert = $s.toString() | ||
149 | #set( $addKey = false ) | ||
150 | #end | ||
151 | #if ( $addKey ) ## up to here if addKey is still true, then we are creating a cert | ||
152 | $s.writeTo( $response ) | ||
153 | $context.setFinished(true) | ||
154 | #end | ||
155 | |||
156 | #if ( $request.getParameter('makeKeyObj') eq "yes" ) | ||
157 | The Public Key, that will be stored on the server is: | ||
158 | * hex= $pk.getHexModulus() | ||
159 | * int= $pk.getIntExponent() | ||
160 | {{html}}More info in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>{{/html}} | ||
161 | #set( $addKey = true ) | ||
162 | #end | ||
163 | |||
164 | #if ( $addKey && ($request.getParameter('webid') eq "${homepage.getExternalURL()}#me") ) | ||
165 | ## create and save the public key to the user's profile page | ||
166 | #set( $rsaKey = $homepage.newObject("WebId.RSAPubKeyClass")) | ||
167 | $!rsaKey.set("hexModulus", $pk.getHexModulus() ) | ||
168 | $!rsaKey.set("intExponent", $pk.getIntExponent() ) | ||
169 | $!rsaKey.set("name", $request.getParameter('cn') ) | ||
170 | $!rsaKey.set("validFrom", $cert.getStartDate() ) | ||
171 | $!rsaKey.set("validTo", $cert.getEndDate() ) | ||
172 | $!homepage.save() | ||
173 | #end | ||
174 | #end | ||
175 | #end | ||
176 | |||
177 | {{/velocity}} |