From 95f8ddb6de40e59f8209f8b96d543bb18a434e20 Mon Sep 17 00:00:00 2001 From: Matthias Andreas Benkard Date: Mon, 18 Jun 2012 22:58:35 +0200 Subject: Issue webID-enabled certificates to users. --- src/mulk/benki/genkey.clj | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'src/mulk/benki/genkey.clj') diff --git a/src/mulk/benki/genkey.clj b/src/mulk/benki/genkey.clj index 0378181..381bc00 100644 --- a/src/mulk/benki/genkey.clj +++ b/src/mulk/benki/genkey.clj @@ -24,7 +24,10 @@ BcRSAContentSignerBuilder] [org.bouncycastle.asn1.x509 X509Name - SubjectPublicKeyInfo] + X509Extension + SubjectPublicKeyInfo + GeneralName + GeneralNames] [org.bouncycastle.asn1.x500 X500Name])) @@ -70,7 +73,7 @@ (defn twenty-years-from-now [] (java.util.Date. (+ (* 20 3600 24 365 1000) (.getTime (now))))) -(defn sign-spkac [spkac] +(defn sign-spkac [spkac user] (let [serial (swap! cert-serial inc) pubkeyinfo (-> spkac (.getPublicKeyAndChallenge) @@ -80,10 +83,16 @@ (java.math.BigInteger. (str serial)) (now) (twenty-years-from-now) - (X500Name. "CN=Benki User") - pubkeyinfo) - cert (.build builder cert-signer)] - cert)) + (X500Name. (fmt nil "CN=Benki User (~a)" (user-nickname user))) + pubkeyinfo)] + (.addExtension builder + X509Extension/subjectAlternativeName + true + (GeneralNames. + (GeneralName. + GeneralName/uniformResourceIdentifier + (link :profile user)))) + (.build builder cert-signer))) (defpage "/genkey" [] (redirect "/keys")) @@ -100,7 +109,7 @@ ;;(redirect (linkrel :keys)) {:status 200 :headers {"Content-Type" "application/x-x509-user-cert"} - :body (.getEncoded (sign-spkac spkac))}))) + :body (.getEncoded (sign-spkac spkac *user*))}))) (defpage "/keys" [] (with-auth -- cgit v1.2.3