Show last authors
1 {{velocity}}
2 $xwiki.jsx.use("WebId.CreateCert")
3 {{html}}
4 <script type="text/javascript">
5 document.observe("dom:loaded", function() {
6  configurePage();
7 });
8 if (typeof XMLHttpRequest == "undefined") {
9  XMLHttpRequest = function () {
10    try { return new ActiveXObject("Msxml2.XMLHTTP.6.0"); }
11      catch (e1) {}
12    try { return new ActiveXObject("Msxml2.XMLHTTP.3.0"); }
13      catch (e2) {}
14    try { return new ActiveXObject("Msxml2.XMLHTTP"); }
15      catch (e3) {}
16    //Microsoft.XMLHTTP points to Msxml2.XMLHTTP.3.0 and is redundant
17    throw new Error("This browser does not support XMLHttpRequest.");
18  };
19 }
20 </script>
21 {{/html}}
22 #set ( $nodebug = $request.getParameter("nodebug") )
23 #set( $foafssl = $services.foafssl )
24 #set( $homepage = $xwiki.getDocument($context.user) )
25 #set( $addKey = true )
26 $xwiki.jsx.use("WebId.CreateCert")
27
28 #set( $incomplete = ($request.getParameterMap().isEmpty() || $nodebug) )
29
30 #if(! $!xwiki.exists("WebId.RSAPubKeyClass"))
31
32 You need to create the WebId.RSAPubKeyClass
33 It should come with this installation's XAR file. If not you can [[create it here>>WebId.RSAPubKeyClass]] with the following properties:
34 * A hexModulus TextArea
35 * An intExponent NumberField
36 * A name String Field
37 * A validTo and validFrom date Field
38 #elseif ( $incomplete )
39 {{html clean="false"}}
40 <div id="iehelptext" style="display: none;">
41 <p>Using Internet Explorer under Windows Vista or above or Windows
42 Server 2008, you need to configure the following for this to work:</p>
43 <ul>
44 <li>Add this site to the <i>Trusted Sites</i> list: in Internet
45 Options -&gt; Security -&gt; Trusted Sites -&gt; Sites -&gt; Add ...</li>
46 <li>You may need to configure the trust level (in this tab), using
47 <i>Custom Level...</i>: enable <i>Initialize and script ActiveX
48 controls not marked as safe for scripting</i>.</li>
49 <li>If you are using Windows Vista without SP1 or above, you will
50 probably need to install <a href="cacert.crt">this certificate</a> as a
51 Trusted Root Certification Authority Certificate for your own
52 certificate installation to succeed. You should probably remove that
53 trusted root CA certificate afterwards.</li>
54 </ul>
55 </div>
56
57 <form id="keygenform" action="" method="post">
58 <table width="95%">
59 <tr>
60 <td>Common Name: </td>
61 #set($cn = $request.getParameter("cn"))
62 <td><input name="cn" size="30" id="cn" type="text" value="$!cn" /></td>
63 </tr>
64 <tr>
65 <td>WebID: </td>
66 <td><input name="webid" size="60" id="webid" type="text" value="${homepage.getExternalURL()}#me"/></td>
67 </tr>
68 <tr>
69 <td>Key strength: </td>
70 <td id="keystrenghtd"><keygen id="spkac" name="spkac" challenge="TheChallenge1"/></td>
71 </tr>
72 <tr>
73 <td>Valid for: <br/>
74 (defaults to 1 year)</td>
75 <td><input type="text" name="hours" value="0.0" size="4"/> hours<br/>
76 <input type="text" name="days" value="356" size="4"/> days </td>
77 </tr>
78 #if (!$nodebug)
79 <tr>
80 <td>Debug: </td>
81 <td><input type="checkbox" name="viewParams" value="yes" /> view parameters<br/>
82 <input type="checkbox" name="showCert" value="yes" /> show certificate<br/>
83 <input type="checkbox" name="makeKeyObj" value="yes" /> create local objects<br/>
84 <input type="checkbox" name="nodebug" value="yes" /> simulate input from a personal profile document<br/>
85 </td>
86 </tr>
87 #end
88 <tr>
89 <td colspan="2">
90 #if ($nodebug)
91 Clicking the submit button will start the following sequence of events:
92 #else
93 If none of the above debug options are checked then the following will happen on clicking submit:
94 #end
95 <ol>
96 <li>your browser will create a public/private key pair</li>
97 <li>send us your public key, in what is known as a <a href="http://en.wikipedia.org/wiki/Certification_request">certification request</a> along with information from the form above</li>
98 <li>we will create a certificate with the parameters specified</li>
99 <li>it will be returned to you and your browser will match it with your private key and add the pair to your keychain</li>
100 <li>a <a href="$xwiki.getDocument('WebId.RSAPubKeyClass').getURL('edit','editor=class')">WebId.RSAPubKeyClass</a> object will be created in <a href="$homepage.getURL()">your public profile</a>, which you will then see clearly in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>. Your profile should also have an RDF view of the key.</li>
101 </ol>
102 </td>
103 </tr>
104 </table>
105 <input id="keygensubmit" type="submit" value="submit certificate request" />
106 </form>
107 <p>To test your certificate try some of <a href="http://esw.w3.org/topic/foaf+ssl/RelyingParties">the services listed here</a>.</p>
108 {{/html}}
109 #elseif($request.getParameter('viewParams') eq "yes")
110 #foreach($key in $request.parameterNames)
111 $key = $request.getParameter($key)
112 #end
113 #set( $addKey = false )
114 #end
115
116 #if (!$nodebug) #### if we come from the user's page we don't create a key
117
118 #if( $request.csrdata ) ## for Microsoft Browsers (see javascript rewriting of html)
119 #set( $cert = $foafssl.createFromPEM( $request.csrdata ) )
120 #elseif( $request.spkac )
121 #set( $cert = $foafssl.createFromSpkac( $request.spkac ) )
122 #end
123 #if ($cert)
124 #set( $pk = $cert.getSubjectPublicKey() )
125
126 $cert.setSubjectWebID( $request.webid )
127 $cert.setSubjectCommonName( $request.cn )
128
129 #set ($hours = $request.getParameter('hours') )
130 $cert.startEarlier("2")
131
132 #if ($hours && $hours ne "")
133 $cert.addDurationInHours( $hours)
134 #end
135
136 #set ($days = $request.getParameter('days') )
137 #if ($days && $days ne "")
138 $cert.addDurationInDays( $days )
139 #end
140
141 #set($s = $cert.getSerialisation())
142
143 #if( $request.getParameter('showCert') eq "yes")
144 The certificate that would have been sent back to you is:
145 mime-type: $s.getMimeType()
146 Content-Length: $s.getLength()
147
148 cert = $s.toString()
149 #set( $addKey = false )
150 #end
151 #if ( $addKey ) ## up to here if addKey is still true, then we are creating a cert
152 $s.writeTo( $response )
153 $context.setFinished(true)
154 #end
155
156 #if ( $request.getParameter('makeKeyObj') eq "yes" )
157 The Public Key, that will be stored on the server is:
158 * hex= $pk.getHexModulus()
159 * int= $pk.getIntExponent()
160 {{html}}More info in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>{{/html}}
161 #set( $addKey = true )
162 #end
163
164 #if ( $addKey && ($request.getParameter('webid') eq "${homepage.getExternalURL()}#me") )
165 ## create and save the public key to the user's profile page
166 #set( $rsaKey = $homepage.newObject("WebId.RSAPubKeyClass"))
167 $!rsaKey.set("hexModulus", $pk.getHexModulus() )
168 $!rsaKey.set("intExponent", $pk.getIntExponent() )
169 $!rsaKey.set("name", $request.getParameter('cn') )
170 $!rsaKey.set("validFrom", $cert.getStartDate() )
171 $!rsaKey.set("validTo", $cert.getEndDate() )
172 $!homepage.save()
173 #end
174 #end
175 #end
176
177 {{/velocity}}