summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-07-01 15:11:25 +0200
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-07-01 15:11:25 +0200
commit7c082abec97e1ca5090a9b5d0956d53549d19a9f (patch)
tree3527ffa3ac2c269a38018539327f1a99d206010b /src
parent22acc50a5aa38b20c13a5fa650c7988d4cb2a677 (diff)
Support WebID login for registered users.
Diffstat (limited to 'src')
-rw-r--r--src/mulk/benki/auth.clj66
-rw-r--r--src/mulk/benki/main.clj3
2 files changed, 48 insertions, 21 deletions
diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj
index b92b3fa..f3e2a95 100644
--- a/src/mulk/benki/auth.clj
+++ b/src/mulk/benki/auth.clj
@@ -13,7 +13,8 @@
[clojure.java.jdbc :as sql]
[com.twinql.clojure.http :as http])
(:import [org.openid4java.consumer ConsumerManager]
- [org.openid4java.message ParameterList]))
+ [org.openid4java.message ParameterList]
+ [net.java.dev.sommer.foafssl.claims WebIdClaim]))
(defonce manager (ConsumerManager.))
@@ -104,6 +105,25 @@
[:script {:type "text/javascript", :src (resolve-uri "/js/openid-login.js")}]
)})
+(defn try-webid [cert]
+ (log (fmt nil "Attempting WebID authentication."))
+ (let [webid (second (re-find #"^URI:(.*)" (:subject-alt-name cert)))
+ modulus (:modulus cert)
+ exponent (:exponent cert)
+ pubkey
+ (.generatePublic (java.security.KeyFactory/getInstance
+ "RSA")
+ (java.security.spec.RSAPublicKeySpec.
+ (BigInteger. (str modulus)) (BigInteger. (str exponent))))]
+ (log (fmt nil "Verifying WebID: ~a" webid))
+ (if (.verify (WebIdClaim. (java.net.URI. webid) pubkey))
+ (do
+ (log "WebID verified!")
+ (with-dbt
+ (:user
+ (query1 "SELECT \"user\" FROM webids WHERE webid = ?" webid))))
+ (log "WebID verification failed."))))
+
(defpage "/login" []
(let [return-uri (or (session/flash-get ::return-uri)
(get-in (request/ring-request) [:headers "referer"]))]
@@ -120,23 +140,29 @@
(if return-uri
(redirect return-uri)
(layout {} "Authenticated!" [:p "Welcome back, " (:first_name cert-user) "!"])))
- (do
- (session/flash-put! ::return-uri return-uri)
- (layout login-page-layout "Benki Login"
- [:div#browserid-box
- [:h2 "BrowserID login"]
- [:a#browserid {:href "#"}
- [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png")
- :alt "Sign in using BrowserID"}]]]
- [:div#openid-login-panel
- [:h2 "OpenID login"]
- [:form {:action (resolve-uri "/login/authenticate"),
- :method "GET"
- :id "openid_form"}
- [:div {:id "openid_choice"}
- [:p "Please select your OpenID provider:"]
- [:div {:id "openid_btns"}]]
- [:div {:id "openid_input_area"}
- [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}]
- [:input {:type "submit"}]]]]))))))
+ (if-let [webid-user-id (and *client-cert* (try-webid *client-cert*))]
+ (let [cert-user (find-user webid-user-id)]
+ (session/put! :user webid-user-id)
+ (if return-uri
+ (redirect return-uri)
+ (layout {} "Authenticated!" [:p "Welcome back, " (:first_name cert-user) "!"])))
+ (do
+ (session/flash-put! ::return-uri return-uri)
+ (layout login-page-layout "Benki Login"
+ [:div#browserid-box
+ [:h2 "BrowserID login"]
+ [:a#browserid {:href "#"}
+ [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png")
+ :alt "Sign in using BrowserID"}]]]
+ [:div#openid-login-panel
+ [:h2 "OpenID login"]
+ [:form {:action (resolve-uri "/login/authenticate"),
+ :method "GET"
+ :id "openid_form"}
+ [:div {:id "openid_choice"}
+ [:p "Please select your OpenID provider:"]
+ [:div {:id "openid_btns"}]]
+ [:div {:id "openid_input_area"}
+ [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}]
+ [:input {:type "submit"}]]]])))))))
\ No newline at end of file
diff --git a/src/mulk/benki/main.clj b/src/mulk/benki/main.clj
index bf15e1f..0c2f20f 100644
--- a/src/mulk/benki/main.clj
+++ b/src/mulk/benki/main.clj
@@ -137,7 +137,8 @@
(defn init-security! []
(java.security.Security/addProvider
- (org.bouncycastle.jce.provider.BouncyCastleProvider.)))
+ (org.bouncycastle.jce.provider.BouncyCastleProvider.))
+ (Class/forName "net.java.dev.sommer.foafssl.sesame.verifier.SesameFoafSslVerifier"))
(defn -main [& args]
(do