Wiki source code of Create your WebId Certificate
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | {{velocity}} | ||
2 | $xwiki.jsx.use("WebId.CreateCert") | ||
3 | {{html}} | ||
4 | <script type="text/javascript"> | ||
5 | document.observe("dom:loaded", function() { | ||
6 | configurePage(); | ||
7 | }); | ||
8 | if (typeof XMLHttpRequest == "undefined") { | ||
9 | XMLHttpRequest = function () { | ||
10 | try { return new ActiveXObject("Msxml2.XMLHTTP.6.0"); } | ||
11 | catch (e1) {} | ||
12 | try { return new ActiveXObject("Msxml2.XMLHTTP.3.0"); } | ||
13 | catch (e2) {} | ||
14 | try { return new ActiveXObject("Msxml2.XMLHTTP"); } | ||
15 | catch (e3) {} | ||
16 | //Microsoft.XMLHTTP points to Msxml2.XMLHTTP.3.0 and is redundant | ||
17 | throw new Error("This browser does not support XMLHttpRequest."); | ||
18 | }; | ||
19 | } | ||
20 | </script> | ||
21 | {{/html}} | ||
22 | #set ( $debug = $request.getParameter("nodebug") eq "") | ||
23 | #set( $foafssl = $services.foafssl ) | ||
24 | #set( $homepage = $xwiki.getDocument($context.user) ) | ||
25 | #set( $addKey = true ) | ||
26 | $xwiki.jsx.use("WebId.CreateCert") | ||
27 | |||
28 | #set( $incomplete = $request.getParameterMap().isEmpty() || ( !$debug && $request.getParameter("spkac")=="" ) ) | ||
29 | |||
30 | #if(! $!xwiki.exists("WebId.RSAPubKeyClass")) | ||
31 | |||
32 | You need to create the WebId.RSAPubKeyClass | ||
33 | It should come with this installation's XAR file. If not you can [[create it here>>WebId.RSAPubKeyClass]] with the following properties: | ||
34 | * A hexModulus TextArea | ||
35 | * An intExponent NumberField | ||
36 | * A name String Field | ||
37 | * A validTo and validFrom date Field | ||
38 | #elseif ( $request.getParameterMap().isEmpty()) | ||
39 | {{html clean="false"}} | ||
40 | <div id="iehelptext" style="display: none;"> | ||
41 | <p>Using Internet Explorer under Windows Vista or above or Windows | ||
42 | Server 2008, you need to configure the following for this to work:</p> | ||
43 | <ul> | ||
44 | <li>Add this site to the <i>Trusted Sites</i> list: in Internet | ||
45 | Options -> Security -> Trusted Sites -> Sites -> Add ...</li> | ||
46 | <li>You may need to configure the trust level (in this tab), using | ||
47 | <i>Custom Level...</i>: enable <i>Initialize and script ActiveX | ||
48 | controls not marked as safe for scripting</i>.</li> | ||
49 | <li>If you are using Windows Vista without SP1 or above, you will | ||
50 | probably need to install <a href="cacert.crt">this certificate</a> as a | ||
51 | Trusted Root Certification Authority Certificate for your own | ||
52 | certificate installation to succeed. You should probably remove that | ||
53 | trusted root CA certificate afterwards.</li> | ||
54 | </ul> | ||
55 | </div> | ||
56 | <form id="keygenform" action="" method="post"> | ||
57 | <table width="95%"> | ||
58 | <tr> | ||
59 | <td>Common Name: </td> | ||
60 | <td><input name="cn" size="30" id="cn" type="text" value="Xwiki Test Cert" /></td> | ||
61 | </tr> | ||
62 | <tr> | ||
63 | <td>WebID: </td> | ||
64 | <td><input name="webid" size="60" id="webid" type="text" value="${homepage.getExternalURL()}#me"/></td> | ||
65 | </tr> | ||
66 | <tr> | ||
67 | <td>Key strength: </td> | ||
68 | <td id="keystrenghtd"><keygen id="spkac" name="spkac" challenge="TheChallenge1"/></td> | ||
69 | </tr> | ||
70 | <tr> | ||
71 | <td>Valid for: <br/> | ||
72 | (defaults to 1 year)</td> | ||
73 | <td><input type="text" name="hours" value="0.0" size="4"/> hours<br/> | ||
74 | <input type="text" name="days" value="0" size="4"/> days </td> | ||
75 | </tr> | ||
76 | #if ($debug) | ||
77 | <tr> | ||
78 | <td>Debug: </td> | ||
79 | <td><input type="checkbox" name="viewParams" value="yes" /> view parameters<br/> | ||
80 | <input type="checkbox" name="showCert" value="yes" /> show certificate<br/> | ||
81 | <input type="checkbox" name="makeKeyObj" value="yes" /> create local objects<br/> | ||
82 | </td> | ||
83 | </tr> | ||
84 | #end | ||
85 | <tr> | ||
86 | <td colspan="2"> | ||
87 | If none of the above debug options are checked then the following will happen on clicking submit: | ||
88 | <ol> | ||
89 | <li>your browser will create a public/private key pair</li> | ||
90 | <li>send us your public key, in what is known as a <a href="http://en.wikipedia.org/wiki/Certification_request">certification request</a> along with information from the form above</li> | ||
91 | <li>we will create a certificate with the parameters specified</li> | ||
92 | <li>it will be returned to you and your browser will match it with your private key and add the pair to your keychain</li> | ||
93 | <li>a <a href="$xwiki.getDocument('WebId.RSAPubKeyClass').getURL('edit','editor=class')">WebId.RSAPubKeyClass</a> object will be created in <a href="$homepage.getURL()">your public profile</a>, which you will then see clearly in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>. Your profile should also have an RDF view of the key.</li> | ||
94 | </ol> | ||
95 | </td> | ||
96 | </tr> | ||
97 | </table> | ||
98 | <input id="keygensubmit" type="submit" value="submit certificate request" /> | ||
99 | </form> | ||
100 | <p>To test your certificates try some of <a href="http://esw.w3.org/topic/foaf+ssl">the foaf+ssl test pages</a>.</p> | ||
101 | {{/html}} | ||
102 | #elseif($request.getParameter('viewParams') eq "yes") | ||
103 | #foreach($key in $request.parameterNames) | ||
104 | $key = $request.getParameter($key) | ||
105 | #end | ||
106 | #set( $addKey = false ) | ||
107 | #end | ||
108 | |||
109 | #if( $request.csrdata ) ## for Microsoft Browsers (see javascript rewriting of html) | ||
110 | #set( $cert = $foafssl.createFromPEM( $request.csrdata ) ) | ||
111 | #elseif( $request.spkac ) | ||
112 | #set( $cert = $foafssl.createFromSpkac( $request.spkac ) ) | ||
113 | #end | ||
114 | #if ($cert) | ||
115 | #set( $pk = $cert.getSubjectPublicKey() ) | ||
116 | |||
117 | $cert.setSubjectWebID( $request.webid ) | ||
118 | $cert.setSubjectCommonName( $request.cn ) | ||
119 | |||
120 | #set ($hours = $request.getParameter('hours') ) | ||
121 | #if ($hours && $hours ne "") | ||
122 | $cert.addDurationInHours( $hours ) | ||
123 | #end | ||
124 | |||
125 | #set ($days = $request.getParameter('days') ) | ||
126 | #if ($days && $days ne "") | ||
127 | $cert.addDurationInDays( $days ) | ||
128 | #end | ||
129 | |||
130 | #set($s = $cert.getSerialisation()) | ||
131 | |||
132 | #if( $request.getParameter('showCert') eq "yes") | ||
133 | The certificate that would have been sent back to you is: | ||
134 | mime-type: $s.getMimeType() | ||
135 | Content-Length: $s.getLength() | ||
136 | |||
137 | cert = $s.toString() | ||
138 | #set( $addKey = false ) | ||
139 | #end | ||
140 | #if ( $addKey ) ## up to here if addKey is still true, then we are creating a cert | ||
141 | $s.writeTo( $response ) | ||
142 | $context.setFinished(true) | ||
143 | #end | ||
144 | |||
145 | #if ( $request.getParameter('makeKeyObj') eq "yes" ) | ||
146 | The Public Key, that will be stored on the server is: | ||
147 | * hex= $pk.getHexModulus() | ||
148 | * int= $pk.getIntExponent() | ||
149 | {{html}}More info in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>{{/html}} | ||
150 | #set( $addKey = true ) | ||
151 | #end | ||
152 | |||
153 | #if ( $addKey ) | ||
154 | ## create and save the public key to the user's profile page | ||
155 | #set( $rsaKey = $homepage.newObject("WebId.RSAPubKeyClass")) | ||
156 | $!rsaKey.set("hexModulus", $pk.getHexModulus() ) | ||
157 | $!rsaKey.set("intExponent", $pk.getIntExponent() ) | ||
158 | $!rsaKey.set("name", $request.getParameter('cn') ) | ||
159 | $!rsaKey.set("validFrom", $cert.getStartDate() ) | ||
160 | $!rsaKey.set("validTo", $cert.getEndDate() ) | ||
161 | $!homepage.save() | ||
162 | #end | ||
163 | #end | ||
164 | |||
165 | {{/velocity}} |