diff options
author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-10-03 15:32:23 +0200 |
---|---|---|
committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-10-03 15:32:23 +0200 |
commit | 72abba77573c3583dc373526f6ce86b895eacc6d (patch) | |
tree | b718d8a9704e2ee37e83ffb7fc9eddc438f5a60a | |
parent | f531f6cd518feef0814911675152c18dcbc890da (diff) |
Make PEM file location configurable.
-rwxr-xr-x | setup.pl | 43 | ||||
-rwxr-xr-x | www/sign.pl | 10 |
2 files changed, 44 insertions, 9 deletions
@@ -9,6 +9,7 @@ use File::Slurp; use File::Path qw(make_path); use File::Copy; use LWP::Simple qw(getstore); +use Data::Dumper; sub printspec($$) { my ($outfile, $key) = @_; @@ -19,8 +20,16 @@ sub printspec($$) { "provisioning" => "/browserid/provision.html"}); }; -my $configpath = "/etc/mulkyid"; -my $pemfile = "$configpath/rsa2048.pem"; +my $conffile = "www/config.pl"; + +# Generate configuration file. +our $MULKONF = { }; +if (stat($conffile)) { + say "Found existing configuration ($conffile)."; + do $conffile; +} +my $configpath = $MULKONF->{configpath} // "etc/mulkyid"; +my $pemfile = $MULKONF->{pemfile} // "$configpath/rsa2048.pem"; # Download jQuery. make_path("www/jquery"); @@ -30,6 +39,7 @@ if (stat("www/jquery/jquery.js")) { say "Fetching jQuery..."; getstore("http://code.jquery.com/jquery-1.7.2.min.js", "www/jquery/jquery.js") or die "Could not fetch jQuery"; + say "jQuery saved to: www/jquery/jquery.js"; } # Generate the private key. @@ -45,7 +55,8 @@ if (stat($pemfile)) { or die "Cannot open $pemfile for writing: $!"; print $keyfile $key->get_private_key_string(); close $keyfile; - system "chmod 440 $pemfile"; + say "Private key saved to: $pemfile". + chmod 0440, $pemfile; } # Generate spec file. @@ -53,14 +64,34 @@ open(my $specfile, ">", "browserid.json") or die "Cannot open browserid.json for writing: $!"; printspec $specfile, $key; close($specfile); +say "Persona spec file saved to: browserid.json"; + +# Generate configuration file. +$MULKONF = { + configpath => $configpath, + pemfile => $pemfile +}; +open(my $conffd, ">", $conffile) + or die "Cannot open $conffile for writing: $!"; +print $conffd <<EOF; +#! /usr/bin/env perl +# NB. Do not edit this file directly. It is overwritten with each run of setup.pl. +@{[Data::Dumper->Dump([$MULKONF], ["MULKONF"])]} +1; +EOF +close $conffd; +say "Configuration saved to: $conffile"; -say "\n"; +say ""; say "******************************************************************"; say "* FINISHED. *"; say "* *"; say "* Please put browserid.json where it will be served as *"; say "* https://<whatever>/.well-known/browserid *"; -say "* with a content type of *"; +say "* with a content type of: *"; say "* application/json *"; -say "* . *"; +say "* *"; +say "* In addition, please ensure that the private key file can be *"; +say "* read by the web server by assigning the file to the *"; +say "* appropriate owner. *"; say "******************************************************************"; diff --git a/www/sign.pl b/www/sign.pl index c7e51ad..85f75b3 100755 --- a/www/sign.pl +++ b/www/sign.pl @@ -65,12 +65,15 @@ sub sign($$$$) { } +our $MULKONF; +do "config.pl"; + while (my $cgi = new CGI::Fast) { my $cookie = $cgi->cookie('mulkid_session') or die "No session cookie"; my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"}) or die "Invalid session cookie"; print $cgi->header(-content_type => 'application/json; charset=UTF-8'); - my $key = Crypt::OpenSSL::RSA->new_private_key(scalar read_file('/etc/mulkid/rsa2048.pem')); + my $key = Crypt::OpenSSL::RSA->new_private_key(scalar read_file($MULKONF->{pemfile})); $key->use_pkcs1_padding(); $key->use_sha256_hash(); @@ -81,12 +84,13 @@ while (my $cgi = new CGI::Fast) { my $session_user = $session->param('user'); my $alias; - if ($email =~ /^(.*?)@/) { $alias = $1; } + my $domain; + if ($email =~ /^(.*?)@(.*)/) { $alias = $1; $domain = $2; } my $email_users = $aliases->expand($alias) or die "User not found"; die "User is not authorized to use this email address" unless ($session_user ~~ @$email_users); - my $sig = sign $key, decode_json($user_pubkey), $email, $duration; + my $sig = sign $key, decode_json($user_pubkey), $email, $duration, $domain; say encode_json({signature => $sig}); } |