Author: bblfish
Date: Wed Nov 10 22:05:00 2010
New Revision: 1033753
URL: http://svn.apache.org/viewvc?rev=1033753&view=rev
Log:
synchronised with issues/CLEREZZA-243/
Added:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/IEKeygen.js
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-panel.ssp
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/profile.js
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-panel.ssp
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-panel.ssp?rev=1033753&r1=1033752&r2=1033753&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-panel.ssp
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-panel.ssp
Wed Nov 10 22:05:00 2010
@@ -9,6 +9,7 @@ def cp(s: Any) = new UriRef("http://cler
def platform(s: Any) = new UriRef("http://clerezza.org/2009/08/platform#"; + s)
resultDocModifier.addStyleSheet("profile/style/profile.css");
resultDocModifier.addScriptReference("profile/scripts/profile.js");
+resultDocModifier.addScriptReference("profile/scripts/IEKeygen.js");
resultDocModifier.setTitle("Account Control Panel");
resultDocModifier.addNodes2Elem("tx-module", <h1>Account Control Panel</h1>);
resultDocModifier.addNodes2Elem("tx-module-tabs-ol", <li class="tx-active">
@@ -33,9 +34,8 @@ def createWebId() = {
profile here.
</p>
<form action="#" id="associateSelection">
- <input type="radio" id="newWebIdButton">Create a new Web-Id</input>
- <br/>
- <input type="radio" id="existingWebIdButton">I already have a Web-ID and
want to use it</input>
+ <button type="button" id="newWebIdButton">Create a new
Web-Id</button>
+ <button type="button" id="existingWebIdButton">I
already have a Web-ID and want to use it</button>
</form>
</div>
<div id="createNewWebId">
@@ -48,83 +48,11 @@ def createWebId() = {
webId += "#me";
webId}
</li>
- <li>Personal-Profile Document: http://localhost/user/admin/profile</li>
+ <li>Personal-Profile Document:
{res/cp("suggestedPPDUri")*}</li>
</ol>
</p>
- <form id="keygenform" method="post" action="profile/keygen">
- <table width="95%">
- <tr>
- <td>Common Name:</td>
- <td>
- <input name="cn" size="30" id="cn" type="text"
value="m...@clerezza"/> <!-- find some way perhaps to get hostname-->
- </td>
- </tr>
- <tr>
- <td>WebID:</td>
- <td>
- {<input name="webId" size="60" id="webId"
type="text"/>%Attribute(None,"value",Text(webId),Null)}
- </td>
- </tr>
- <tr>
- <td>Key strength:</td>
- <td id="keystrenghtd">
- <keygen id="spkac" name="spkac" challenge="TheChallenge1"/>
- </td>
- </tr>
- <tr>
- <td>Valid for:
- <br/>
- (defaults to 1 year)</td>
- <td>
- <input type="text" name="hours" value="0.0" size="4"/>
- hours
- <br/>
- <input type="text" name="days" value="356" size="4"/>
- days</td>
- </tr>
- <!--#if (!$nodebug)
- <tr>
- <td>Debug:</td>
- <td>
- <input type="checkbox" name="viewParams" value="yes"/>
- view parameters
- <br/>
- <input type="checkbox" name="showCert" value="yes"/>
- show certificate
- <br/>
- <input type="checkbox" name="makeKeyObj" value="yes"/>
- create local objects
- <br/>
- <input type="checkbox" name="nodebug" value="yes"/>
- simulate input from a personal profile document
- <br/>
- </td>
- </tr>
- #end -->
- <tr>
- <td colspan="2">
- #if ($nodebug)
- Clicking the submit button will start the following sequence of
events:
- #else
- If none of the above debug options are checked then the following
will happen on clicking submit:
- #end
- <ol>
- <li>your browser will create a public/private key pair</li>
- <li>send us your public key, in what is known as a
- <a
href="http://en.wikipedia.org/wiki/Certification_request";>certification
request</a>
- along with information from the form above</li>
- <li>we will create a certificate with the parameters
specified</li>
- <li>it will be returned to you and your browser will match it
with your private key and add the pair to your keychain</li>
- <li>a
- <a
href="$xwiki.getDocument('WebId.RSAPubKeyClass').getURL('edit','editor=class')">WebId.RSAPubKeyClass</a>
- object will be created in
- <a href="$homepage.getURL()">your public profile</a>, which
you will then see clearly in
- <a target="_blank"
href="${homepage.getURL('edit','editor=object')}">its object view</a>.Your
profile should also have an RDF view of the key.</li>
- </ol>
- </td>
- </tr>
- </table>
- <input id="keygensubmit" type="submit" value="submit certificate
request" />
+ <form method="post" action="profile/create-new-web-id">
+ <input value="Create it!" type="submit"/>
</form>
</div>
<div id="setExistingWebId">
@@ -156,18 +84,69 @@ def existingLocalWebId() = {
<input type="hidden" name="webId" value={agent *}/>
<label for="name">name</label> <input type="text" name="name"
value={agent / FOAF.name *}/>
<br/>
- <label for="description">description</label> <textarea
name="description">
- {agent / DC.description *}
- </textarea> <br/>
+ <label for="description">description</label>
+ <textarea name="description">{agent / DC.description
*}</textarea> <br/>
<input value="Modify" type="submit"/>
<p/>
</form>
+
+ <h3>WebID Login</h3>
+
+ <script type="text/javascript"><![CDATA[
+ $(document).ready( function(){ configurePage(); } );
+ ]]></script>
+
+ <div id="iehelptext" style="display: none;">
+ <p>Using Internet Explorer under Windows Vista or above or
Windows
+ Server 2008, you need to configure the following for
this to work:</p>
+ <ul>
+ <li>Add this site to the <i>Trusted Sites</i> list: in
Internet
+ Options -> Security -> Trusted Sites
-> Sites -> Add ...</li>
+ <li>You may need to configure the trust level (in this
tab), using
+ <i>Custom Level...</i>: enable <i>Initialize
and script ActiveX
+ controls not marked as safe for
scripting</i>.</li>
+ <li>If you are using Windows Vista without SP1 or
above, you will
+ probably need to install <a
href="cacert.crt">this certificate</a> as a
+ Trusted Root Certification Authority
Certificate for your own
+ certificate installation to succeed. You should
probably remove that
+ trusted root CA certificate afterwards.</li>
+ </ul>
+ </div>
+ <form id="keygenform" method="post" action="profile/keygen">
+ <input name="webId" size="60" id="webId" type="hidden"
value={agent*} />
+ <table>
+ <tr>
+ <td>Common Name (for identifying certificate in
browser):</td>
+ <td>
+ <input name="cn" size="35" id="cn"
type="text" value={ ((agent/FOAF.name*)+"@clerezza")}/>
+ </td>
+ </tr>
+ <tr>
+ <td>Key strength:</td>
+ <td id="keystrenghtd">
+ <keygen id="spkac" name="spkac"
challenge="TheChallenge1"/>
+ </td>
+ </tr>
+ <tr>
+ <td>Valid for:
+ <br/>
+ (defaults to 1 year)</td>
+ <td>
+ <input type="text" name="hours"
value="0.0" size="4"/>
+ hours
+ <br/>
+ <input type="text" name="days"
value="365" size="4"/>
+ days</td>
+ </tr>
+ </table>
+ <input id="keygensubmit" type="submit" value="submit
certificate request" />
+ </form>
}
def roamingUser() = {
<h3>Using remote profile</h3>
<p>
- {agent / FOAF.nick *}, you have accessed this site using you Web-Id
+ {agent / FOAF.nick *}, you have accessed this site using your
Web-Id
{"<" + (agent *) + ">"}
which has not been
created on this site.To edit your profile you should visit the
site issuing the
Added:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/IEKeygen.js
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/IEKeygen.js?rev=1033753&view=auto
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/IEKeygen.js
(added)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/IEKeygen.js
Wed Nov 10 22:05:00 2010
@@ -0,0 +1,266 @@
+/**
+ *
+ * Copyright (c) 2008-2010, The University of Manchester, United Kingdom. All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer. Redistributions in binary
+ * form must reproduce the above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or other materials
provided
+ * with the distribution. Neither the name of the The University of Manchester
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Author........: Bruno Harbulot
+ *
+ */
+
+
+
+function createCsrCertEnroll(enrollFactObj, keylength) {
+ /*
+ * Creates a CX509EnrollmentWebClassFactory (used to create all the
other
+ * objects).
+ */
+ if (enrollFactObj == null) {
+ enrollFactObj = new ActiveXObject(
+ "X509Enrollment.CX509EnrollmentWebClassFactory");
+ }
+
+ /*
+ * Load the information about the providers.
+ */
+ var providerInfosObj = enrollFactObj
+ .CreateObject("X509Enrollment.CCspInformations");
+ providerInfosObj.AddAvailableCsps();
+
+ /*
+ * Find the provider of RSA type (sufficient for this example). The type
+ * numbers for this are 1, 2 and 24.
+ * http://msdn.microsoft.com/en-us/library/aa379427%28VS.85%29.aspx
+ */
+ var providerType = -1;
+ var providerName = null;
+ for ( var i = 0; i < providerInfosObj.Count; i++) {
+ var providerInfoObj = providerInfosObj.ItemByIndex(i);
+ switch (providerInfoObj.Type) {
+ case 1:
+ case 2:
+ case 24:
+ providerType = providerInfoObj.Type;
+ providerName = providerInfoObj.Name;
+ break;
+ default:
+ }
+ }
+
+ /*
+ * Creates a 2048-bit key with this provider.
+ */
+ var privKeyObj = enrollFactObj
+ .CreateObject("X509Enrollment.CX509PrivateKey");
+ privKeyObj.ProviderType = providerInfoObj.Type;
+ privKeyObj.KeySpec = 1;
+ privKeyObj.Length = keylength;
+ // http://msdn.microsoft.com/en-us/library/aa379024%28VS.85%29.aspx
+ privKeyObj.MachineContext = false;
+ // http://msdn.microsoft.com/en-us/library/aa379414%28VS.85%29.aspx
+ privKeyObj.KeyProtection = 2;
+ // http://msdn.microsoft.com/en-us/library/aa379002%28VS.85%29.aspx
+ privKeyObj.ExportPolicy = 1;
+
+ /*
+ * Creates the PKCS#10 object and initialise as a user context.
+ */
+ var pkcs10CsrObj = enrollFactObj
+ .CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
+ pkcs10CsrObj.InitializeFromPrivateKey(1, privKeyObj, "");
+
+ /*
+ * Creates the enrolment object and exports the CSR.
+ */
+ var enrollObj = enrollFactObj
+ .CreateObject("X509Enrollment.CX509Enrollment");
+ enrollObj.InitializeFromRequest(pkcs10CsrObj);
+ var csr = enrollObj.CreateRequest(1);
+ csr = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + csr
+ + "-----END CERTIFICATE REQUEST-----";
+
+ /*
+ * Makes the request to the server.
+ */
+ xmlHttpRequest = createRequest(csr);
+
+ /**
+ * What to do on response
+ */
+ xmlHttpRequest.onreadystatechange = function() {
+ if (xmlHttpRequest.readyState == 4) {
+ if (xmlHttpRequest.status == 200) {
+ /*
+ * Installs the certificate.
+ */
+ try {
+ enrollObj.InstallResponse(4,
xmlHttpRequest.responseText,
+ 0, "");
+ window.alert("A certificate has been
installed.");
+ } catch (e1) {
+ try {
+ enrollObj.InstallResponse(0,
+
xmlHttpRequest.responseText, 0, "");
+ window.alert("A certificate has
been installed.");
+ } catch (e2) {
+ window
+ .alert("You're probably using
Vista without SP1 or above, in which case you need to add the certificate of
this authority as a trusted root certificate (not recommended in general).");
+ }
+ }
+ } else {
+ window.alert("The server returned an error
status: "
+ + xmlHttpRequest.status);
+ }
+ }
+ }
+}
+
+
+function createRequest(csrString) {
+ var xmlHttpRequest = new XMLHttpRequest();
+
+ xmlHttpRequest.open("POST", kgnFloctn, true);
+
+ var params = "webId=" +
encodeURIComponent(document.getElementById("webId").value);
+ params += "&cn=" +
encodeURIComponent(document.getElementById("cn").value);
+ params += "&csr=" + encodeURIComponent(csrString);
+ params +=
"&days="+encodeURIComponent(document.getElementById("days").value);
+ params +=
"&hours="+encodeURIComponent(document.getElementById("hours").value);
+
+ xmlHttpRequest.setRequestHeader("Content-type",
"application/x-www-form-urlencoded");
+ xmlHttpRequest.setRequestHeader("Content-length", params.length);
+ xmlHttpRequest.setRequestHeader("Connection", "close");
+
+ xmlHttpRequest.send(params);
+
+ return xmlHttpRequest;
+
+}
+
+
+function createCsrXenroll(enrollObj, keylength) {
+ if (enrollObj == null) {
+ enrollObj = new ActiveXObject("CEnroll.CEnroll");
+ }
+
+ // http://msdn.microsoft.com/en-us/library/aa379941%28VS.85%29.aspx
+ // CRYPT_EXPORTABLE: 1?
+ enrollObj.GenKeyFlags = (keylength * 256 * 256) + 1;
+ enrollObj.KeySpec = 2;
+
+ var csr = enrollObj.createPKCS10("", "");
+ csr = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + csr
+ + "-----END CERTIFICATE REQUEST-----";
+
+ xmlHttpRequest = createRequest(csr);
+
+ xmlHttpRequest.onreadystatechange = function() {
+ if (xmlHttpRequest.readyState == 4) {
+ if (xmlHttpRequest.status == 200) {
+
enrollObj.acceptPKCS7(xmlHttpRequest.responseText);
+ window.alert("A certificate has been
installed.");
+ } else {
+ window.alert("The server returned an error
status: "
+ + xmlHttpRequest.status);
+ }
+ }
+ }
+}
+
+function createCsr() {
+ var keystrengthSelectElem = document.getElementById("keylength");
+ var keylength = keystrengthSelectElem.value;
+
+ var enrollFactObj = null;
+ try {
+ enrollFactObj = new ActiveXObject(
+ "X509Enrollment.CX509EnrollmentWebClassFactory");
+ } catch (e) {
+ }
+
+ if (enrollFactObj != null) {
+ createCsrCertEnroll(enrollFactObj, keylength);
+ } else {
+ var enrollObj = null;
+ try {
+ enrollObj = new ActiveXObject("CEnroll.CEnroll");
+ } catch (e) {
+ }
+ if (enrollObj != null) {
+ createCsrXenroll(enrollObj, keylength);
+ } else {
+ window.alert("ActiveX certificate creation not
supported or not enabled.");
+ }
+ }
+}
+// kgnFloctn needs to be calculated first
+var kgnFloctn = "errorKeyGenLoctn";
+function configurePage() {
+ kgnFloctn =
document.getElementById("keygenform").getAttribute("action");
+
+ var keygenElem = document.getElementById("spkac");
+
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ var keygenFormElem = document.getElementById("keygenform");
+ keygenFormElem.removeAttribute("action");
+ keygenFormElem.removeAttribute("method");
+
+ /*
+ * Try the ActiveX approach, assume Internet Explorer.
+ */
+
+ var iehelptextElem = document.getElementById("iehelptext");
+ iehelptextElem.style.display = "block";
+
+ var submitButtonElem = document.getElementById("keygensubmit");
+ var newSumbitButtonElem = document.createElement("input");
+ newSumbitButtonElem.setAttribute("type", "button");
+ newSumbitButtonElem.setAttribute("value", "Submit");
+ submitButtonElem.parentNode.replaceChild(newSumbitButtonElem,
+ submitButtonElem);
+ submitButtonElem = newSumbitButtonElem;
+
+ if (submitButtonElem.attachEvent) {
+ submitButtonElem.attachEvent("onclick", createCsr);
+ } else {
+ submitButtonElem.setAttribute("onclick", "createCsr()");
+ }
+
+ var keystrengthSelectElem = document.createElement("select");
+ keystrengthSelectElem.setAttribute("id", "keylength");
+ keystrengthSelectElem.setAttribute("name", "keylength");
+ var optionElem;
+ optionElem = document.createElement("option");
+ optionElem.setAttribute("value", "1024");
+ optionElem.appendChild(document.createTextNode("1024"));
+ keystrengthSelectElem.appendChild(optionElem);
+ optionElem = document.createElement("option");
+ optionElem.setAttribute("value", "2048");
+ optionElem.appendChild(document.createTextNode("2048"));
+ keystrengthSelectElem.appendChild(optionElem);
+ var keystrengthTdElem = document.getElementById("keystrenghtd");
+ keystrengthTdElem.appendChild(keystrengthSelectElem);
+ }
+}
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/profile.js
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/profile.js?rev=1033753&r1=1033752&r2=1033753&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/profile.js
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.accountcontrolpanel/org.apache.clerezza.platform.accountcontrolpanel.core/src/main/resources/org/apache/clerezza/platform/accountcontrolpanel/profile-staticweb/scripts/profile.js
Wed Nov 10 22:05:00 2010
@@ -7,5 +7,37 @@ $(document).ready(function() {
$("#newOrExistingSelection").css({display: "none"})
$("#setExistingWebId").css({display: "block"})
});
- //$('form').submit(function () { return false; })
+ $("#keygenform").submit(function() {
+ return spkacFix();
+ });
});
+
+var crmfObject;
+function setCRMFRequest() {
+ var hiddenField = $("<input type=\"hidden\" name=\"crmf\" id=\"crmf\"
\/>");
+ $("#keygenform").append(hiddenField)
+ //var formContents = $("#keygenform").serialize();
+ //var newContents = jQuery.extend({}, formContents);
+ hiddenField.val(crmfObject.request)
+ $("#keygenform").submit()
+}
+
+function spkacFix() {
+
+ if ($("#spkac").val()) {
+ return true;
+ } else {
+ if ($("#crmf").val()) {
+ return true;
+ }
+ //alert("fix needed by firefox in xhtml mode")
+ crmfObject = crypto.generateCRMFRequest(
+ 'CN=Ignored',
+ "regToken", "authenticator", // not sure
+ null, // base-64 cert for key
+ // escrow. set this to null
+ "setCRMFRequest();", // callback
+ 2048, null, "rsa-dual-use"); // key parameters
+ return false;
+ }
+}
