XWiki - WebId - Create your WebId Certificate

<li>send us your public key, in what is known as a <a href="http://en.wikipedia.org/wiki/Certification_request">certification request</a> along with information from the form above</li>

100

<li>we will create a certificate with the parameters specified</li>

101

<li>it will be returned to you and your browser will match it with your private key and add the pair to your keychain</li>

102

<li>a <a href="$xwiki.getDocument('WebId.RSAPubKeyClass').getURL('edit','editor=class')">WebId.RSAPubKeyClass</a> object will be created in <a href="$homepage.getURL()">your public profile</a>, which you will then see clearly in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>. Your profile should also have an RDF view of the key.</li>

</ol>

</td>

</tr>

</table>

</form>

<p>To test your certificate try some of <a href="http://esw.w3.org/topic/foaf+ssl/RelyingParties">the services listed here</a>.</p>

110

111

#elseif($request.getParameter('viewParams') eq "yes")

112

#foreach($key in $request.parameterNames)

113

$key = $request.getParameter($key)

114

#end

115

#set( $addKey = false )

116

#end

117

118

#if (!$nodebug) #### if we come from the user's page we don't create a key

119

120

#if( $request.csrdata ) ## for Microsoft Browsers (see javascript rewriting of html)

121

#set( $cert = $foafssl.createFromPEM( $request.csrdata ) )

122

#elseif( $request.spkac )

123

#set( $cert = $foafssl.createFromSpkac( $request.spkac ) )

124

#end

125

#if ($cert)

126

#set( $pk = $cert.getSubjectPublicKey() )

127

128

$cert.setSubjectWebID( $request.webid )

129

$cert.setSubjectCommonName( $request.cn )

130

131

#set ($hours = $request.getParameter('hours') )

132

#if ($hours && $hours ne "")

133

$cert.addDurationInHours( $hours )

134

#end

135

136

#set ($days = $request.getParameter('days') )

137

#if ($days && $days ne "")

138

$cert.addDurationInDays( $days )

139

#end

140

141

#set( $startTme = $xwiki.jodatime.getMutableDateTime() )

142

$startTme.add( -7200000 )

143

$cert.setStartDate( $startTme.toDate() )

144

145

146

#set($s = $cert.getSerialisation())

147

148

#if( $request.getParameter('showCert') eq "yes")

149

The certificate that would have been sent back to you is:

150

mime-type: $s.getMimeType()

151

Content-Length: $s.getLength()

152

153

cert = $s.toString()

154

#set( $addKey = false )

155

#end

156

#if ( $addKey ) ## up to here if addKey is still true, then we are creating a cert

157

$s.writeTo( $response )

158

$context.setFinished(true)

159

#end

160

161

#if ( $request.getParameter('makeKeyObj') eq "yes" )

162

The Public Key, that will be stored on the server is:

163

* hex= $pk.getHexModulus()

164

* int= $pk.getIntExponent()

165

{{html}}More info in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>{{/html}}

166

#set( $addKey = true )

167

#end

168

169

#if ( $addKey && ($request.getParameter('webid') eq "${homepage.getExternalURL()}#me") )

170

## create and save the public key to the user's profile page

171

#set( $rsaKey = $homepage.newObject("WebId.RSAPubKeyClass"))

172

$!rsaKey.set("hexModulus", $pk.getHexModulus() )

173

$!rsaKey.set("intExponent", $pk.getIntExponent() )

174

$!rsaKey.set("name", $request.getParameter('cn') )

175

$!rsaKey.set("validFrom", $cert.getStartDate() )

176

$!rsaKey.set("validTo", $cert.getEndDate() )

$!homepage.save()

#end

#end

#end

author	version	line-number	content
		1	{{velocity}}
		2	$xwiki.jsx.use("WebId.CreateCert")
		3	{{html}}
		4	<script type="text/javascript">
		5	document.observe("dom:loaded", function() {
		6	configurePage();
		7	});
		8	if (typeof XMLHttpRequest == "undefined") {
		9	XMLHttpRequest = function () {
		10	try { return new ActiveXObject("Msxml2.XMLHTTP.6.0"); }
		11	catch (e1) {}
		12	try { return new ActiveXObject("Msxml2.XMLHTTP.3.0"); }
		13	catch (e2) {}
		14	try { return new ActiveXObject("Msxml2.XMLHTTP"); }
		15	catch (e3) {}
		16	//Microsoft.XMLHTTP points to Msxml2.XMLHTTP.3.0 and is redundant
		17	throw new Error("This browser does not support XMLHttpRequest.");
		18	};
		19	}
		20	</script>
		21	{{/html}}
		22	#set ( $nodebug = $request.getParameter("nodebug") )
		23	#set( $foafssl = $services.foafssl )
		24	#set( $homepage = $xwiki.getDocument($context.user) )
		25	#set( $addKey = true )
		26	$xwiki.jsx.use("WebId.CreateCert")
		27
		28	#set( $incomplete = ($request.getParameterMap().isEmpty() \|\| $nodebug) )
		29
		30	#if(! $!xwiki.exists("WebId.RSAPubKeyClass"))
		31
		32	You need to create the WebId.RSAPubKeyClass
		33	It should come with this installation's XAR file. If not you can [[create it here>>WebId.RSAPubKeyClass]] with the following properties:
		34	* A hexModulus TextArea
		35	* An intExponent NumberField
		36	* A name String Field
		37	* A validTo and validFrom date Field
		38	#elseif ( $incomplete )
		39	{{html clean="false"}}
		40	<div id="iehelptext" style="display: none;">
		41	<p>Using Internet Explorer under Windows Vista or above or Windows
		42	Server 2008, you need to configure the following for this to work:</p>
		43	<ul>
		44	<li>Add this site to the <i>Trusted Sites</i> list: in Internet
		45	Options -> Security -> Trusted Sites -> Sites -> Add ...</li>
		46	<li>You may need to configure the trust level (in this tab), using
		47	<i>Custom Level...</i>: enable <i>Initialize and script ActiveX
		48	controls not marked as safe for scripting</i>.</li>
		49	<li>If you are using Windows Vista without SP1 or above, you will
		50	probably need to install <a href="cacert.crt">this certificate</a> as a
		51	Trusted Root Certification Authority Certificate for your own
		52	certificate installation to succeed. You should probably remove that
		53	trusted root CA certificate afterwards.</li>
		54	</ul>
		55	</div>
		56	#set( $startTme = $xwiki.jodatime.getMutableDateTime() )
		57	Time = $startTme.toDate()
		58
		59	<form id="keygenform" action="" method="post">
		60	<table width="95%">
		61	<tr>
		62	<td>Common Name: </td>
		63	#set($cn = $request.getParameter("cn"))
		64	<td><input name="cn" size="30" id="cn" type="text" value="$!cn" /></td>
		65	</tr>
		66	<tr>
		67	<td>WebID: </td>
		68	<td><input name="webid" size="60" id="webid" type="text" value="${homepage.getExternalURL()}#me"/></td>
		69	</tr>
		70	<tr>
		71	<td>Key strength: </td>
		72	<td id="keystrenghtd"><keygen id="spkac" name="spkac" challenge="TheChallenge1"/></td>
		73	</tr>
		74	<tr>
		75	<td>Valid for: <br/>
		76	(defaults to 1 year)</td>
		77	<td><input type="text" name="hours" value="0.0" size="4"/> hours<br/>
		78	<input type="text" name="days" value="0" size="4"/> days </td>
		79	</tr>
		80	#if (!$nodebug)
		81	<tr>
		82	<td>Debug: </td>
		83	<td><input type="checkbox" name="viewParams" value="yes" /> view parameters<br/>
		84	<input type="checkbox" name="showCert" value="yes" /> show certificate<br/>
		85	<input type="checkbox" name="makeKeyObj" value="yes" /> create local objects<br/>
		86	<input type="checkbox" name="nodebug" value="yes" /> simulate input from a personal profile document<br/>
		87	</td>
		88	</tr>
		89	#end
		90	<tr>
		91	<td colspan="2">
		92	#if ($nodebug)
		93	Clicking the submit button will start the following sequence of events:
		94	#else
		95	If none of the above debug options are checked then the following will happen on clicking submit:
		96	#end
		97	<ol>
		98	<li>your browser will create a public/private key pair</li>
		99	<li>send us your public key, in what is known as a <a href="http://en.wikipedia.org/wiki/Certification_request">certification request</a> along with information from the form above</li>
		100	<li>we will create a certificate with the parameters specified</li>
		101	<li>it will be returned to you and your browser will match it with your private key and add the pair to your keychain</li>
		102	<li>a <a href="$xwiki.getDocument('WebId.RSAPubKeyClass').getURL('edit','editor=class')">WebId.RSAPubKeyClass</a> object will be created in <a href="$homepage.getURL()">your public profile</a>, which you will then see clearly in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>. Your profile should also have an RDF view of the key.</li>
		103	</ol>
		104	</td>
		105	</tr>
		106	</table>
		107	<input id="keygensubmit" type="submit" value="submit certificate request" />
		108	</form>
		109	<p>To test your certificate try some of <a href="http://esw.w3.org/topic/foaf+ssl/RelyingParties">the services listed here</a>.</p>
		110	{{/html}}
		111	#elseif($request.getParameter('viewParams') eq "yes")
		112	#foreach($key in $request.parameterNames)
		113	$key = $request.getParameter($key)
		114	#end
		115	#set( $addKey = false )
		116	#end
		117
		118	#if (!$nodebug) #### if we come from the user's page we don't create a key
		119
		120	#if( $request.csrdata ) ## for Microsoft Browsers (see javascript rewriting of html)
		121	#set( $cert = $foafssl.createFromPEM( $request.csrdata ) )
		122	#elseif( $request.spkac )
		123	#set( $cert = $foafssl.createFromSpkac( $request.spkac ) )
		124	#end
		125	#if ($cert)
		126	#set( $pk = $cert.getSubjectPublicKey() )
		127
		128	$cert.setSubjectWebID( $request.webid )
		129	$cert.setSubjectCommonName( $request.cn )
		130
		131	#set ($hours = $request.getParameter('hours') )
		132	#if ($hours && $hours ne "")
		133	$cert.addDurationInHours( $hours )
		134	#end
		135
		136	#set ($days = $request.getParameter('days') )
		137	#if ($days && $days ne "")
		138	$cert.addDurationInDays( $days )
		139	#end
		140
		141	#set( $startTme = $xwiki.jodatime.getMutableDateTime() )
		142	$startTme.add( -7200000 )
		143	$cert.setStartDate( $startTme.toDate() )
		144
		145
		146	#set($s = $cert.getSerialisation())
		147
		148	#if( $request.getParameter('showCert') eq "yes")
		149	The certificate that would have been sent back to you is:
		150	mime-type: $s.getMimeType()
		151	Content-Length: $s.getLength()
		152
		153	cert = $s.toString()
		154	#set( $addKey = false )
		155	#end
		156	#if ( $addKey ) ## up to here if addKey is still true, then we are creating a cert
		157	$s.writeTo( $response )
		158	$context.setFinished(true)
		159	#end
		160
		161	#if ( $request.getParameter('makeKeyObj') eq "yes" )
		162	The Public Key, that will be stored on the server is:
		163	* hex= $pk.getHexModulus()
		164	* int= $pk.getIntExponent()
		165	{{html}}More info in <a target="_blank" href="${homepage.getURL('edit','editor=object')}">its object view</a>{{/html}}
		166	#set( $addKey = true )
		167	#end
		168
		169	#if ( $addKey && ($request.getParameter('webid') eq "${homepage.getExternalURL()}#me") )
		170	## create and save the public key to the user's profile page
		171	#set( $rsaKey = $homepage.newObject("WebId.RSAPubKeyClass"))
		172	$!rsaKey.set("hexModulus", $pk.getHexModulus() )
		173	$!rsaKey.set("intExponent", $pk.getIntExponent() )
		174	$!rsaKey.set("name", $request.getParameter('cn') )
		175	$!rsaKey.set("validFrom", $cert.getStartDate() )
		176	$!rsaKey.set("validTo", $cert.getEndDate() )
		177	$!homepage.save()
		178	#end
		179	#end
		180	#end
		181
		182	{{/velocity}}

Wiki source code of Create your WebId Certificate