Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/StaticKeygenService.java URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/StaticKeygenService.java?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/StaticKeygenService.java (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/StaticKeygenService.java Wed Sep 29 20:47:46 2010 @@ -0,0 +1,93 @@ +/* + * New BSD license: http://opensource.org/licenses/bsd-license.php + * + * Copyright (c) 2010. + * Henry Story + * http://bblfish.net/ + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of Sun Microsystems, Inc. nor the names of its contributors * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +package org.apache.clerezza.ssl.keygen.bouncy; + +import org.apache.clerezza.ssl.keygen.Certificate; +import org.apache.clerezza.ssl.keygen.KeygenService; + +import java.security.InvalidParameterException; +import java.util.logging.Level; +import java.util.logging.Logger; + +/** + * A static class to deal with keygen requests + * <p/> + * The disadvantage of using it is that if it fails, it will probably need restarting + * the whole container. The advantage is that one can get this going on non osgi frameworks + * easily. + * <p/> + * If this class is never called it will never get loaded. + * + * @author Henry Story + */ +public class StaticKeygenService implements KeygenService { + static transient final Logger log = Logger.getLogger(StaticKeygenService.class.getName()); + static BouncyKeygenService keygenService; + + static { + keygenService = new BouncyKeygenService(); + try { + keygenService.initialize(); + } catch (Exception e) { + log.log(Level.SEVERE, "Could not start static keygen service ", e); + } + } + + /** + * Create certificates from PEM requests, coming from Internet Explorer usually + * + * @param pemCsr + * @return A yet incomplete certificate + */ + @Override + public Certificate createFromPEM(String pemCsr) { + return keygenService.createFromPEM(pemCsr); + } + + + /** + * Create Certificates from SPKAC requests coming from the other browsers + * + * @param spkac + * @return an as yet incomplete Certificate + * @throws InvalidParameterException + */ + @Override + public Certificate createFromSpkac(String spkac) { + return keygenService.createFromSpkac(spkac); + } + + @Override + public Certificate createFromCRMF(String crmfReq) { + return keygenService.createFromCRMF(crmfReq); + } + +}
Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/META-INF/components.txt URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/META-INF/components.txt?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/META-INF/components.txt (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/META-INF/components.txt Wed Sep 29 20:47:46 2010 @@ -0,0 +1 @@ +org.jsslutils.keygen.bouncy.BouncyKeygenService Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/cacert.p12 URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/cacert.p12?rev=1002843&view=auto ============================================================================== Binary file - no diff available. Propchange: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/cacert.p12 ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/index.html URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/index.html?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/index.html (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/main/resources/index.html Wed Sep 29 20:47:46 2010 @@ -0,0 +1,50 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + <title>Keygen sample webapp</title> + <script type="text/javascript" src="crosskeygen.js"> + /**/ + </script> +</head> +<body onload="configurePage()"> +<div id="iehelptext" style="display: none;"> + <p>Using Internet Explorer under Windows Vista or above or Windows + Server 2008, you need to configure the following for this to work:</p> + <ul> + <li>Add this site to the <i>Trusted Sites</i> list: in Internet + Options -> Security -> Trusted Sites -> Sites -> Add ... + </li> + <li>You may need to configure the trust level (in this tab), using + <i>Custom Level...</i>: enable <i>Initialize and script ActiveX + controls not marked as safe for scripting</i>. + </li> + <li>If you are using Windows Vista without SP1 or above, you will + probably need to install <a href="cacert.crt">this certificate</a> as a + Trusted Root Certification Authority Certificate for your own + certificate installation to succeed. You should probably remove that + trusted root CA certificate afterwards. + </li> + </ul> +</div> +<form id="keygenform" action="http://localhost:8080/xwiki/bin/view/XWiki/keygen"; method="POST"> + <table> + <tr> + <td>Common Name (to help you identify the certificate):</td> + <td><input name="cn" id="cn" type="text" value=""/></td> + </tr> + <tr> + <td>WebID:</td> + <td><input name="webid" id="webid" type="text" value=""/></td> + </tr> + <tr> + <td>Key strength:</td> + <td id="keystrenghtd"> + <keygen id="spkac" name="spkac" + challenge="TheChallenge1"/> + </td> + </tr> + </table> + <input id="keygensubmit" type="submit"/></form> +</body> +</html> Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java Wed Sep 29 20:47:46 2010 @@ -0,0 +1,213 @@ +/* + * New BSD license: http://opensource.org/licenses/bsd-license.php + * + * Copyright (c) 2010. + * Henry Story + * http://bblfish.net/ + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of Sun Microsystems, Inc. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package org.apache.clerezza.ssl.keygen.bouncy; + +import org.apache.clerezza.ssl.keygen.bouncy.BouncyKeygenService; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Date; +import java.util.List; + +import static org.apache.clerezza.ssl.keygen.Certificate.*; + +import junit.framework.TestCase; +import org.apache.clerezza.ssl.keygen.*; +import org.apache.clerezza.ssl.keygen.KeygenService; +import org.bouncycastle.asn1.x509.X509Name; + + +/** + * Tests for the {...@link org.jsslutils.keygen.KeygenService} component. + * + * @version $Id: $ + */ +public class CertificateServiceTest extends TestCase { + public static final String WEBID = "http://test.com/#me";; + static String spkac = "MIIBRzCBsTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwWxHp09gHwgec98X\n" + + "2hxynxlAlN9IeiSu7T1CSry4uMPCkujkcpTg0n7ofhHvke/kwlv9QpK/Ko4gcQTI\n" + + "nWu3Sl5hcRdP1KvRTq+VdyPp0QUTStlri3uYMZcOC5yXFqAFVywRWvQDtBYMYtqp\n" + + "KcyvaRpKKRC+lpWTIjbvOSgfy4UCAwEAARYNVGhlQ2hhbGxlbmdlMTANBgkqhkiG\n" + + "9w0BAQQFAAOBgQClhG6itMJneOfwSt5gaCzg/HRt94WKtJivbLvlYwNi2NkZu014\n" + + "308EhhG0onhBIy5hXopa7pvYzqMv2gbipj89ucqoUYybqaoP+qJ0eDbSlJOaISlB\n" + + "2b6nVDYhlj/ihT40qv6+3WNdiUgayB+INLQW1hPvqPirjHfMJOfpfQcwIw=="; + + /** + * test the creation of an spkac certificate + * + * @throws Exception + */ + public void testSpkac() throws Exception { + BouncyKeygenService srvc = new BouncyKeygenService(); + srvc.initialize(); + Certificate cert = srvc.createFromSpkac(spkac); + PubKey spk = cert.getSubjectPublicKey(); + assertNotNull(spk); + assertTrue(spk instanceof RSAPubKey); + assertEquals("the expected and real values don't match", + "c16c47a74f601f081e73df17da1c729f194094df487a24aeed3d424abcb8\r\n" + + "b8c3c292e8e47294e0d27ee87e11ef91efe4c25bfd4292bf2a8e207104c8\r\n" + + "9d6bb74a5e6171174fd4abd14eaf957723e9d105134ad96b8b7b9831970e\r\n" + + "0b9c9716a005572c115af403b4160c62daa929ccaf691a4a2910be969593\r\n" + + "2236ef39281fcb85\r\n", ((RSAPubKey) spk).getHexModulus()); + assertEquals("int exponent is not correct", "65537", ((RSAPubKey) spk).getIntExponent()); + Date now = new Date(); + cert.addDurationInDays("3"); + cert.setSubjectCommonName("Test"); + cert.setSubjectWebID(WEBID); + CertSerialisation certByte = cert.getSerialisation(); + + //test that the returned certificate contains the correct values... + Date endDate = cert.getEndDate(); + assertTrue("end date is too early (we added 10 seconds)", + endDate.getTime() < (now.getTime() + (3 * 24 * 60 * 60 * SECOND) + (10 * SECOND))); + assertTrue("end date is too late (we removed 10 seconds)", + endDate.getTime() > (now.getTime() + (3 * 24 * 60 * 60 * SECOND) - (10 * SECOND))); + + ByteArrayOutputStream bout = new ByteArrayOutputStream(certByte.getLength()); + certByte.writeTo(bout); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate x509 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(bout.toByteArray())); + + Collection<List<?>> sanlst = x509.getSubjectAlternativeNames(); + assertNotNull(sanlst); + + assertEquals("only one SAN", 1, sanlst.size()); + List<?> next = sanlst.iterator().next(); + assertEquals("Uniform Resource identifiers is nbr 6", next.get(0), 6); + assertEquals("testing WebId", next.get(1), WEBID); + + Date notAfter = x509.getNotAfter(); + assertTrue("end date is too early (we added 10 seconds)", + notAfter.getTime() < (now.getTime() + (3 * 24 * HOUR) + (10 * SECOND))); + assertTrue("end date is too late (we removed 10 seconds)", + notAfter.getTime() > (now.getTime() + (3 * 24 * HOUR) - (10 * SECOND))); + System.out.println("not after=" + notAfter); + + Date notbefore = x509.getNotBefore(); + assertTrue("start date is too early (we added 10 seconds)", + notbefore.getTime() < (now.getTime() + (10 * SECOND))); + assertTrue("start date is too late (we removed 10 seconds)", + notbefore.getTime() > (now.getTime() - (10 * SECOND))); + System.out.println("not before=" + notbefore); + } + + + /** + * test the creation of an spkac certificate + * + * @throws Exception + */ + public void testSpkacOneYear() throws Exception { + BouncyKeygenService srvc = new BouncyKeygenService(); + srvc.initialize(); + Certificate cert = srvc.createFromSpkac(spkac); + PubKey spk = cert.getSubjectPublicKey(); + assertNotNull(spk); + assertTrue(spk instanceof RSAPubKey); + assertEquals("the expected and real values don't match", + "c16c47a74f601f081e73df17da1c729f194094df487a24aeed3d424abcb8\r\n" + + "b8c3c292e8e47294e0d27ee87e11ef91efe4c25bfd4292bf2a8e207104c8\r\n" + + "9d6bb74a5e6171174fd4abd14eaf957723e9d105134ad96b8b7b9831970e\r\n" + + "0b9c9716a005572c115af403b4160c62daa929ccaf691a4a2910be969593\r\n" + + "2236ef39281fcb85\r\n", ((RSAPubKey) spk).getHexModulus()); + assertEquals("int exponent is not correct", "65537", ((RSAPubKey) spk).getIntExponent()); + Date now = new Date(); + + cert.setSubjectCommonName("Test"); + cert.setSubjectWebID(WEBID); + cert.startEarlier("2"); + CertSerialisation certByte = cert.getSerialisation(); + + + //test that the returned certificate contains the correct values... + Date endDate = cert.getEndDate(); + long end10 = now.getTime() + YEAR + (10 * SECOND); + assertTrue("end date (" + endDate + ") is too late . It should be before " + new Date(end10) + " - we added 10 seconds .", + endDate.getTime() < end10); + end10 = now.getTime() + YEAR - (10 * SECOND); + assertTrue("end date (" + endDate + ") is too early. It should be after " + new Date(end10) + " - we removed 10 seconds .", + endDate.getTime() > end10); + + Date startDate = cert.getStartDate(); + long start10 = now.getTime() - (2 * HOUR) - (10 * SECOND); + assertTrue("start date (" + startDate + ") is too early. It should be after " + new Date(start10) + "- we removed 2 hours and 10 seconds.", + startDate.getTime() > start10); + assertTrue("start date (" + startDate + ") is too late It should be after " + new Date(start10) + "- we removed 10 secondes short of 2 hours.", + startDate.getTime() < (now.getTime() - (2 * HOUR) + (10 * SECOND))); + + + ByteArrayOutputStream bout = new ByteArrayOutputStream(certByte.getLength()); + certByte.writeTo(bout); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate x509 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(bout.toByteArray())); + + Collection<List<?>> sanlst = x509.getSubjectAlternativeNames(); + assertNotNull(sanlst); + + assertEquals("only one SAN", 1, sanlst.size()); + List<?> next = sanlst.iterator().next(); + assertEquals("Uniform Resource identifiers is nbr 6", next.get(0), 6); + assertEquals("testing WebId", next.get(1), WEBID); + + Date notAfter = x509.getNotAfter(); + assertTrue("end date is too early (we added 10 seconds)", + notAfter.getTime() < (now.getTime() + YEAR + (10 * SECOND))); + assertTrue("end date is too late (we removed 10 seconds)", + notAfter.getTime() > (now.getTime() + YEAR - (10 * SECOND))); + System.out.println("not after=" + notAfter); + + Date notbefore = x509.getNotBefore(); + end10 = now.getTime() - (2 * HOUR) - (10 * SECOND); + assertTrue("NotBefore date of cert (" + notbefore + ") should be after " + new Date(end10) + "( ie, now less 2 hours and 10 sec )", + notbefore.getTime() > end10); + end10 = (now.getTime() - (2 * HOUR) + (10 * SECOND)); + assertTrue("NotBefore date of cert (" + notbefore + ") should be before " + new Date(end10) + "( ie, now less 2 hours less 10 sec )", + notbefore.getTime() < end10); + System.out.println("not before=" + notbefore); + } + + + public void testDN() throws Exception { + X509Name x509Name = new X509Name(KeygenService.issuer); + //todo some testing on this way of doing things. + } + + public void testInit() throws Exception { + BouncyKeygenService srvc = new BouncyKeygenService(); + srvc.initialize(); + } + +} Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultRSAPubKeyTest.java URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultRSAPubKeyTest.java?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultRSAPubKeyTest.java (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultRSAPubKeyTest.java Wed Sep 29 20:47:46 2010 @@ -0,0 +1,69 @@ +/* + * New BSD license: http://opensource.org/licenses/bsd-license.php + * + * Copyright (c) 2010. + * Henry Story + * http://bblfish.net/ + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * - Neither the name of Sun Microsystems, Inc. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package org.apache.clerezza.ssl.keygen.bouncy; + +import org.apache.clerezza.ssl.keygen.bouncy.DefaultRSAPubKey; +import junit.framework.TestCase; + +import java.io.BufferedReader; +import java.io.StringReader; + +/** + * Test cases always useful + * <p/> + * User: hjs + * Date: Feb 18, 2010 + * Time: 3:59:02 PM + */ +public class DefaultRSAPubKeyTest extends TestCase { + public void testGetHexModulus() throws Exception { + } + + public void testGetIntExponent() throws Exception { + } + + public void testGetPublicKey() throws Exception { + } + + public void testBeautify() throws Exception { + String longStr = "The Velocity User Guide is intended to help page designers and content providers get acquainted with Velocity and the syntax of its simple yet powerful scripting language, the Velocity Template Language (VTL). Many of the examples in this guide deal with using Velocity to embed dynamic content in web sites, but all VTL examples are equally applicable to other pages and templates."; + String res = DefaultRSAPubKey.beautify(longStr); + BufferedReader sbuf = new BufferedReader(new StringReader(res)); + String line; + while ((line = sbuf.readLine()) != null) { + if (line.length() != 60) { + assertTrue("only the last line can be less than 60 chars", sbuf.readLine() == null); + } + } + } +} Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/pom.xml URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/pom.xml?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/pom.xml (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/pom.xml Wed Sep 29 20:47:46 2010 @@ -0,0 +1,121 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.clerezza</groupId> + <artifactId>org.apache.clerezza.parent</artifactId> + <version>0.2-incubating-SNAPSHOT</version> + </parent> + <groupId>org.apache.clerezza</groupId> + <artifactId>org.apache.clerezza.ssl.keygen</artifactId> + <packaging>pom</packaging> + <version>0.5</version> + <name>FOAF+SSL Keygen Lib :: Creating WebIDs in one Click</name> + <url>http://www.rcs.manchester.ac.uk/</url> + + <licenses> + <license> + <name>BSD</name> + <url>LICENSE.txt</url> + <distribution>repo</distribution> + </license> + </licenses> + + <modules> + <module>base</module> + <module>samplewebapp</module> + </modules> + + <build> + <plugins> + <plugin> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.6</source> + <target>1.6</target> + </configuration> + </plugin> + </plugins> + </build> + + <reporting> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>findbugs-maven-plugin</artifactId> + <version>1.2</version> + <configuration> + <findbugsXmlOutput>true</findbugsXmlOutput> + <findbugsXmlWithMessages>true</findbugsXmlWithMessages> + <xmlOutput>true</xmlOutput> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-checkstyle-plugin</artifactId> + <version>2.3</version> + </plugin> + </plugins> + </reporting> + + <dependencyManagement> + <dependencies> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <version>2.5</version> + </dependency> + <dependency> + <groupId>javax.servlet.jsp</groupId> + <artifactId>jsp-api</artifactId> + <version>2.1</version> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk16</artifactId> + <version>1.45</version> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>1.1</version> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.4</version> + <scope>test</scope> + </dependency> + </dependencies> + </dependencyManagement> + + <developers> + <developer> + <id>bruno.harbulot</id> + <name>Bruno Harbulot</name> + <email>[email protected]</email> + <organization>The University of Manchester</organization> + <organizationUrl>http://www.manchester.ac.uk/</organizationUrl> + <roles> + <role>architect</role> + <role>developer</role> + </roles> + <timezone>0</timezone> + </developer> + <developer> + <id>http://bblfish.net/#hjs</id> + <name>Henry Story</name> + <email>[email protected]</email> + <organization>Self Employed</organization> + <organizationUrl>http://bblfish.net/</organizationUrl> + <roles> + <role>architect</role> + <role>developer</role> + </roles> + <timezone>0</timezone> + </developer> + </developers> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> +</project> Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/pom.xml URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/pom.xml?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/pom.xml (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/pom.xml Wed Sep 29 20:47:46 2010 @@ -0,0 +1,30 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.clerezza</groupId> + <artifactId>org.apache.clerezza.ssl.keygen</artifactId> + <version>0.5</version> + </parent> + <groupId>org.apache.clerezza</groupId> + <artifactId>org.apache.clerezza.ssl.keygen.samplewebapp</artifactId> + <packaging>war</packaging> + <name>FOAF+SSL Keygen :: Sample WebApp</name> + <dependencies> + <dependency> + <groupId>org.apache.clerezza</groupId> + <artifactId>org.apache.clerezza.ssl.keygen.base</artifactId> + <version>0.5</version> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>javax.servlet.jsp</groupId> + <artifactId>jsp-api</artifactId> + <scope>provided</scope> + </dependency> + </dependencies> +</project> Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java Wed Sep 29 20:47:46 2010 @@ -0,0 +1,107 @@ +/** + + Copyright (c) 2008-2010, The University of Manchester, United Kingdom. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the The University of Manchester nor the names of + its contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + Author........: Bruno Harbulot + + */ +package org.apache.clerezza.ssl.keygen.webapp; + +import org.apache.clerezza.ssl.keygen.Certificate; +import org.apache.clerezza.ssl.keygen.bouncy.BouncyKeygenService; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + + +/** + * A small certificate authority service. Creates WebID enabled certificates. + * + * TODO: add XHTML functionality developed in Clerezza + * + * @author Bruno Harbulot + * @author Henry Story + * + */ +public class MiniCaServlet extends HttpServlet { + private static final long serialVersionUID = -1103006284486954147L; + private final transient BouncyKeygenService keygen = new BouncyKeygenService(); + + @Override + public void init() throws ServletException { + super.init(); + try { + keygen.initialize(); + } catch (Exception e) { + throw new ServletException("could not initialise keygen ", e); + } + } + + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + } + + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + String webId = request.getParameter("webid"); + String spkacData = request.getParameter("spkac"); + String pemCsrData = request.getParameter("csrdata"); + String cn = request.getParameter("cn"); + if (cn == null || cn.length() == 0) { + // really this should be tested at the UI level, the user should be made to + // enter a name for his certificate that is easy to understand when he selects + // it in the browser (so it has to be somewhat different from his others) + // a webid is not a good idea, but this will at least be something. + if (webId != null && webId.length() > 0) cn = webId; + else cn = "default name (please improve keygen UI code)"; + } + + Certificate cert; + if ((spkacData == null) || spkacData.isEmpty()) { + cert = keygen.createFromSpkac(spkacData); + + } else { + cert = keygen.createFromPEM(pemCsrData); + } + cert.setSubjectCommonName(cn); + cert.setSubjectWebID(webId); + cert.addDurationInDays("365"); + cert.startEarlier("1"); //always start one hour earlier at least, to avoid clock synchronisation issues + cert.getSerialisation().writeTo(response); + } catch (Exception e) { + throw new ServletException("could not create certificate",e); + } + } +} Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/META-INF/MANIFEST.MF URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/META-INF/MANIFEST.MF?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/META-INF/MANIFEST.MF (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/META-INF/MANIFEST.MF Wed Sep 29 20:47:46 2010 @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/classes/cacert.p12 URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/classes/cacert.p12?rev=1002843&view=auto ============================================================================== Binary file - no diff available. Propchange: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/classes/cacert.p12 ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/web.xml?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/web.xml (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/WEB-INF/web.xml Wed Sep 29 20:47:46 2010 @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; + id="WebApp_ID" version="2.5"> + <display-name>MiniCA WebApp</display-name> + <servlet> + <servlet-name>minica</servlet-name> + <servlet-class> + uk.ac.manchester._rcs.bruno.keygenapp.webapp.MiniCaServlet</servlet-class> + + <init-param> + <param-name>keystoreResourcePath</param-name> + <param-value>/cacert.p12</param-value> + </init-param> + <init-param> + <param-name>keystoreType</param-name> + <param-value>PKCS12</param-value> + </init-param> + <init-param> + <param-name>keystorePassword</param-name> + <param-value>testtest</param-value> + </init-param> + <init-param> + <param-name>keyPassword</param-name> + <param-value>testtest</param-value> + </init-param> + <init-param> + <param-name>issuerName</param-name> + <param-value>C=UK,ST=Greater Manchester,O=University of Manchester,OU=Research Computing Services,CN=Dummy Certification Authority</param-value> + </init-param> + </servlet> + + <servlet-mapping> + <servlet-name>minica</servlet-name> + <url-pattern>/minica/*</url-pattern> + </servlet-mapping> + + <mime-mapping> + <extension>crt</extension> + <mime-type>application/x-x509-certificate</mime-type> + </mime-mapping> + +</web-app> \ No newline at end of file Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/cacert.crt URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/cacert.crt?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/cacert.crt (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/cacert.crt Wed Sep 29 20:47:46 2010 @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqjCCAxOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmzELMAkGA1UEBhMCVUsx +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEhMB8GA1UEChMYVW5pdmVyc2l0 +eSBvZiBNYW5jaGVzdGVyMSQwIgYDVQQLExtSZXNlYXJjaCBDb21wdXRpbmcgU2Vy +dmljZXMxJjAkBgNVBAMTHUR1bW15IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X +DTEwMDExMjE1NDcyM1oXDTEzMDExMTE1NDcyM1owgZsxCzAJBgNVBAYTAlVLMRsw +GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxITAfBgNVBAoTGFVuaXZlcnNpdHkg +b2YgTWFuY2hlc3RlcjEkMCIGA1UECxMbUmVzZWFyY2ggQ29tcHV0aW5nIFNlcnZp +Y2VzMSYwJAYDVQQDEx1EdW1teSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0UWqReFEo6iHr6XHBnYBZNgSZyUCyWnM +26nBFAhZluji/T4+DymT3Ld4+ggMxJVuqa+/tS9ZiV8RfW9ZHHvfqJ1mJeyLHnKo +t+JZbSURLpGWlijBTzvVgVKsw7nJRd1ayHCAaQSPt0B+rOM70wC7ineoQdkVqgw8 +dfscoEj9Od0CAwEAAaOB+zCB+DAdBgNVHQ4EFgQU9auR4V+EjrVgQ1bN21kFYFRr +sFAwgcgGA1UdIwSBwDCBvYAU9auR4V+EjrVgQ1bN21kFYFRrsFChgaGkgZ4wgZsx +CzAJBgNVBAYTAlVLMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxITAfBgNV +BAoTGFVuaXZlcnNpdHkgb2YgTWFuY2hlc3RlcjEkMCIGA1UECxMbUmVzZWFyY2gg +Q29tcHV0aW5nIFNlcnZpY2VzMSYwJAYDVQQDEx1EdW1teSBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAItv +5iVsyCPxXSCRNoFCLkm/sc8Bw6RdQw+K1H9E2hrfxnXsIpqbCJ5JIlDDdb2Wq4c0 +AvFFI+2/6PF+2wuIMNu893H5aDaGG0albr8wv7uSAEffjtXYaO6nX7oxAKz8t74T +0KCYBs+ymdTzQan6hnkTBAYS/U9mKDTt4ivW977C +-----END CERTIFICATE----- Added: incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/crosskeygen.js URL: http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/crosskeygen.js?rev=1002843&view=auto ============================================================================== --- incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/crosskeygen.js (added) +++ incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.ssl.keygen/samplewebapp/src/main/webapp/crosskeygen.js Wed Sep 29 20:47:46 2010 @@ -0,0 +1,261 @@ +/** + * + * Copyright (c) 2008-2010, The University of Manchester, United Kingdom. All + * rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. Redistributions in binary + * form must reproduce the above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or other materials provided + * with the distribution. Neither the name of the The University of Manchester + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * Author........: Bruno Harbulot + * + */ +function createCsrCertEnroll(enrollFactObj, keylength) { + /* + * Creates a CX509EnrollmentWebClassFactory (used to create all the other + * objects). + */ + if (enrollFactObj == null) { + enrollFactObj = new ActiveXObject( + "X509Enrollment.CX509EnrollmentWebClassFactory"); + } + + /* + * Load the information about the providers. + */ + var providerInfosObj = enrollFactObj + .CreateObject("X509Enrollment.CCspInformations"); + providerInfosObj.AddAvailableCsps(); + + /* + * Find the provider of RSA type (sufficient for this example). The type + * numbers for this are 1, 2 and 24. + * http://msdn.microsoft.com/en-us/library/aa379427%28VS.85%29.aspx + */ + var providerType = -1; + var providerName = null; + for ( var i = 0; i < providerInfosObj.Count; i++) { + var providerInfoObj = providerInfosObj.ItemByIndex(i); + switch (providerInfoObj.Type) { + case 1: + case 2: + case 24: + providerType = providerInfoObj.Type; + providerName = providerInfoObj.Name; + break; + default: + } + } + + /* + * Creates a 2048-bit key with this provider. + */ + var privKeyObj = enrollFactObj + .CreateObject("X509Enrollment.CX509PrivateKey"); + privKeyObj.ProviderType = providerInfoObj.Type; + privKeyObj.KeySpec = 1; + privKeyObj.Length = keylength; + // http://msdn.microsoft.com/en-us/library/aa379024%28VS.85%29.aspx + privKeyObj.MachineContext = false; + // http://msdn.microsoft.com/en-us/library/aa379414%28VS.85%29.aspx + privKeyObj.KeyProtection = 2; + // http://msdn.microsoft.com/en-us/library/aa379002%28VS.85%29.aspx + privKeyObj.ExportPolicy = 1; + + /* + * Creates the PKCS#10 object and initialise as a user context. + */ + var pkcs10CsrObj = enrollFactObj + .CreateObject("X509Enrollment.CX509CertificateRequestPkcs10"); + pkcs10CsrObj.InitializeFromPrivateKey(1, privKeyObj, ""); + + /* + * Creates the enrolment object and exports the CSR. + */ + var enrollObj = enrollFactObj + .CreateObject("X509Enrollment.CX509Enrollment"); + enrollObj.InitializeFromRequest(pkcs10CsrObj); + var csr = enrollObj.CreateRequest(1); + csr = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + csr + + "-----END CERTIFICATE REQUEST-----"; + + /* + * Makes the request to the server. + */ + var xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open("POST", "minica/", true); + + var params = "webid=" + + encodeURIComponent(document.getElementById("webid").value); + params += "&cn=" + encodeURIComponent(document.getElementById("cn").value); + params += "&csrdata=" + encodeURIComponent(csr); + + xmlHttpRequest.setRequestHeader("Content-type", + "application/x-www-form-urlencoded"); + xmlHttpRequest.setRequestHeader("Content-length", params.length); + xmlHttpRequest.setRequestHeader("Connection", "close"); + + xmlHttpRequest.send(params); + + xmlHttpRequest.onreadystatechange = function() { + if (xmlHttpRequest.readyState == 4) { + if (xmlHttpRequest.status == 200) { + /* + * Installs the certificate. + */ + try { + enrollObj.InstallResponse(4, xmlHttpRequest.responseText, + 0, ""); + window.alert("A certificate has been installed."); + } catch (e1) { + try { + enrollObj.InstallResponse(0, + xmlHttpRequest.responseText, 0, ""); + window.alert("A certificate has been installed."); + } catch (e2) { + window + .alert("You're probably using Vista without SP1 or above, in which case you need to add the certificate of this authority as a trusted root certificate (not recommended in general)."); + } + } + } else { + window.alert("The server returned an error status: " + + xmlHttpRequest.status); + } + } + } +} + +function createCsrXenroll(enrollObj, keylength) { + if (enrollObj == null) { + enrollObj = new ActiveXObject("CEnroll.CEnroll"); + } + + // http://msdn.microsoft.com/en-us/library/aa379941%28VS.85%29.aspx + // CRYPT_EXPORTABLE: 1? + enrollObj.GenKeyFlags = (keylength * 256 * 256) + 1; + enrollObj.KeySpec = 2; + + var csr = enrollObj.createPKCS10("", ""); + csr = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + csr + + "-----END CERTIFICATE REQUEST-----"; + + var xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open("POST", "minica/", true); + + var params = "webid=" + + encodeURIComponent(document.getElementById("webid").value); + params += "&cn=" + encodeURIComponent(document.getElementById("cn").value); + params += "&csrdata=" + encodeURIComponent(csr); + + xmlHttpRequest.setRequestHeader("Content-type", + "application/x-www-form-urlencoded"); + xmlHttpRequest.setRequestHeader("Content-length", params.length); + xmlHttpRequest.setRequestHeader("Connection", "close"); + + xmlHttpRequest.send(params); + + xmlHttpRequest.onreadystatechange = function() { + if (xmlHttpRequest.readyState == 4) { + if (xmlHttpRequest.status == 200) { + enrollObj.acceptPKCS7(xmlHttpRequest.responseText); + window.alert("A certificate has been installed."); + } else { + window.alert("The server returned an error status: " + + xmlHttpRequest.status); + } + } + } +} + +function createCsr() { + var keystrengthSelectElem = document.getElementById("keylength"); + var keylength = keystrengthSelectElem.value; + + var enrollFactObj = null; + try { + enrollFactObj = new ActiveXObject( + "X509Enrollment.CX509EnrollmentWebClassFactory"); + } catch (e) { + } + + if (enrollFactObj != null) { + createCsrCertEnroll(enrollFactObj, keylength); + } else { + var enrollObj = null; + try { + enrollObj = new ActiveXObject("CEnroll.CEnroll"); + } catch (e) { + } + if (enrollObj != null) { + createCsrXenroll(enrollObj, keylength); + } else { + window + .alert("ActiveX certificate creation not supported or not enabled."); + } + } +} + +function configurePage() { + var keygenElem = document.getElementById("spkac"); + + if (navigator.appName != "Microsoft Internet Explorer") { + var keygenFormElem = document.getElementById("keygenform"); + keygenFormElem.setAttribute("action", "minica/"); + keygenFormElem.setAttribute("method", "POST"); + } else { + /* + * Try the ActiveX approach, assume Internet Explorer. + */ + + var iehelptextElem = document.getElementById("iehelptext"); + iehelptextElem.style.display = "block"; + + var submitButtonElem = document.getElementById("keygensubmit"); + var newSumbitButtonElem = document.createElement("input"); + newSumbitButtonElem.setAttribute("type", "button"); + newSumbitButtonElem.setAttribute("value", "Submit"); + submitButtonElem.parentNode.replaceChild(newSumbitButtonElem, + submitButtonElem); + submitButtonElem = newSumbitButtonElem; + + if (submitButtonElem.attachEvent) { + submitButtonElem.attachEvent("onclick", createCsr); + } else { + submitButtonElem.setAttribute("onclick", "createCsr()"); + } + + var keystrengthSelectElem = document.createElement("select"); + keystrengthSelectElem.setAttribute("id", "keylength"); + keystrengthSelectElem.setAttribute("name", "keylength"); + var optionElem; + optionElem = document.createElement("option"); + optionElem.setAttribute("value", "1024"); + optionElem.appendChild(document.createTextNode("1024")); + keystrengthSelectElem.appendChild(optionElem); + optionElem = document.createElement("option"); + optionElem.setAttribute("value", "2048"); + optionElem.appendChild(document.createTextNode("2048")); + keystrengthSelectElem.appendChild(optionElem); + var keystrengthTdElem = document.getElementById("keystrenghtd"); + keystrengthTdElem.appendChild(keystrengthSelectElem); + } +} \ No newline at end of file
