From 95f8ddb6de40e59f8209f8b96d543bb18a434e20 Mon Sep 17 00:00:00 2001 From: Matthias Andreas Benkard Date: Mon, 18 Jun 2012 22:58:35 +0200 Subject: Issue webID-enabled certificates to users. --- src/mulk/benki/db.clj | 2 +- src/mulk/benki/genkey.clj | 23 ++++++++++++++++------- src/mulk/benki/id.clj | 3 +++ src/mulk/benki/util.clj | 10 +++++++++- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/src/mulk/benki/db.clj b/src/mulk/benki/db.clj index 343b09f..b45ec30 100644 --- a/src/mulk/benki/db.clj +++ b/src/mulk/benki/db.clj @@ -1,6 +1,6 @@ (ns mulk.benki.db (:refer-clojure) - (:use [mulk.benki util config]) + (:use [mulk.benki config]) (:require [clojure.java.jdbc :as sql])) diff --git a/src/mulk/benki/genkey.clj b/src/mulk/benki/genkey.clj index 0378181..381bc00 100644 --- a/src/mulk/benki/genkey.clj +++ b/src/mulk/benki/genkey.clj @@ -24,7 +24,10 @@ BcRSAContentSignerBuilder] [org.bouncycastle.asn1.x509 X509Name - SubjectPublicKeyInfo] + X509Extension + SubjectPublicKeyInfo + GeneralName + GeneralNames] [org.bouncycastle.asn1.x500 X500Name])) @@ -70,7 +73,7 @@ (defn twenty-years-from-now [] (java.util.Date. (+ (* 20 3600 24 365 1000) (.getTime (now))))) -(defn sign-spkac [spkac] +(defn sign-spkac [spkac user] (let [serial (swap! cert-serial inc) pubkeyinfo (-> spkac (.getPublicKeyAndChallenge) @@ -80,10 +83,16 @@ (java.math.BigInteger. (str serial)) (now) (twenty-years-from-now) - (X500Name. "CN=Benki User") - pubkeyinfo) - cert (.build builder cert-signer)] - cert)) + (X500Name. (fmt nil "CN=Benki User (~a)" (user-nickname user))) + pubkeyinfo)] + (.addExtension builder + X509Extension/subjectAlternativeName + true + (GeneralNames. + (GeneralName. + GeneralName/uniformResourceIdentifier + (link :profile user)))) + (.build builder cert-signer))) (defpage "/genkey" [] (redirect "/keys")) @@ -100,7 +109,7 @@ ;;(redirect (linkrel :keys)) {:status 200 :headers {"Content-Type" "application/x-x509-user-cert"} - :body (.getEncoded (sign-spkac spkac))}))) + :body (.getEncoded (sign-spkac spkac *user*))}))) (defpage "/keys" [] (with-auth diff --git a/src/mulk/benki/id.clj b/src/mulk/benki/id.clj index efff197..d1f8263 100644 --- a/src/mulk/benki/id.clj +++ b/src/mulk/benki/id.clj @@ -112,3 +112,6 @@ (get-in (request/ring-request) [:headers "accept"])) (render-xrds nickname) (show-profile-page))) + +(defpage [:get "/~:nickname"] {nickname :nickname} + (redirect (link :profile nickname))) diff --git a/src/mulk/benki/util.clj b/src/mulk/benki/util.clj index 46e187d..7f85ead 100644 --- a/src/mulk/benki/util.clj +++ b/src/mulk/benki/util.clj @@ -3,7 +3,7 @@ (:use [hiccup core page-helpers] [clojure.core.match :only [match]] noir.core - [mulk.benki config]) + [mulk.benki config db]) (:require [noir.session :as session] [noir.request :as request] [noir.response :as response] @@ -57,6 +57,13 @@ content (:bottom kind)])) +(defmulti user-nickname type) +(defmethod user-nickname java.lang.String [x] + x) +(defmethod user-nickname java.lang.Number [x] + (with-dbt + (:nickname (query1 "SELECT * FROM user_nicknames WHERE \"user\" = ?" x)))) + (defn linkrel [& args] (match [(vec args)] [[:login]] (str (:cert-req-base @benki-config) "/login") @@ -71,6 +78,7 @@ [[:wiki title & xs]] (fmt nil "/wiki/~a~@[~a~]" title (first xs)) [[:keys]] "/keys" [[:keys :register]] "/keys/register" + [[:profile user]] (fmt nil "/~~~a" (user-nickname user)) )) (defn link [& args] -- cgit v1.2.3