aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsetup.pl43
-rwxr-xr-xwww/sign.pl10
2 files changed, 44 insertions, 9 deletions
diff --git a/setup.pl b/setup.pl
index 3e6d765..1b25259 100755
--- a/setup.pl
+++ b/setup.pl
@@ -9,6 +9,7 @@ use File::Slurp;
use File::Path qw(make_path);
use File::Copy;
use LWP::Simple qw(getstore);
+use Data::Dumper;
sub printspec($$) {
my ($outfile, $key) = @_;
@@ -19,8 +20,16 @@ sub printspec($$) {
"provisioning" => "/browserid/provision.html"});
};
-my $configpath = "/etc/mulkyid";
-my $pemfile = "$configpath/rsa2048.pem";
+my $conffile = "www/config.pl";
+
+# Generate configuration file.
+our $MULKONF = { };
+if (stat($conffile)) {
+ say "Found existing configuration ($conffile).";
+ do $conffile;
+}
+my $configpath = $MULKONF->{configpath} // "etc/mulkyid";
+my $pemfile = $MULKONF->{pemfile} // "$configpath/rsa2048.pem";
# Download jQuery.
make_path("www/jquery");
@@ -30,6 +39,7 @@ if (stat("www/jquery/jquery.js")) {
say "Fetching jQuery...";
getstore("http://code.jquery.com/jquery-1.7.2.min.js", "www/jquery/jquery.js")
or die "Could not fetch jQuery";
+ say "jQuery saved to: www/jquery/jquery.js";
}
# Generate the private key.
@@ -45,7 +55,8 @@ if (stat($pemfile)) {
or die "Cannot open $pemfile for writing: $!";
print $keyfile $key->get_private_key_string();
close $keyfile;
- system "chmod 440 $pemfile";
+ say "Private key saved to: $pemfile".
+ chmod 0440, $pemfile;
}
# Generate spec file.
@@ -53,14 +64,34 @@ open(my $specfile, ">", "browserid.json")
or die "Cannot open browserid.json for writing: $!";
printspec $specfile, $key;
close($specfile);
+say "Persona spec file saved to: browserid.json";
+
+# Generate configuration file.
+$MULKONF = {
+ configpath => $configpath,
+ pemfile => $pemfile
+};
+open(my $conffd, ">", $conffile)
+ or die "Cannot open $conffile for writing: $!";
+print $conffd <<EOF;
+#! /usr/bin/env perl
+# NB. Do not edit this file directly. It is overwritten with each run of setup.pl.
+@{[Data::Dumper->Dump([$MULKONF], ["MULKONF"])]}
+1;
+EOF
+close $conffd;
+say "Configuration saved to: $conffile";
-say "\n";
+say "";
say "******************************************************************";
say "* FINISHED. *";
say "* *";
say "* Please put browserid.json where it will be served as *";
say "* https://<whatever>/.well-known/browserid *";
-say "* with a content type of *";
+say "* with a content type of: *";
say "* application/json *";
-say "* . *";
+say "* *";
+say "* In addition, please ensure that the private key file can be *";
+say "* read by the web server by assigning the file to the *";
+say "* appropriate owner. *";
say "******************************************************************";
diff --git a/www/sign.pl b/www/sign.pl
index c7e51ad..85f75b3 100755
--- a/www/sign.pl
+++ b/www/sign.pl
@@ -65,12 +65,15 @@ sub sign($$$$) {
}
+our $MULKONF;
+do "config.pl";
+
while (my $cgi = new CGI::Fast) {
my $cookie = $cgi->cookie('mulkid_session') or die "No session cookie";
my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"}) or die "Invalid session cookie";
print $cgi->header(-content_type => 'application/json; charset=UTF-8');
- my $key = Crypt::OpenSSL::RSA->new_private_key(scalar read_file('/etc/mulkid/rsa2048.pem'));
+ my $key = Crypt::OpenSSL::RSA->new_private_key(scalar read_file($MULKONF->{pemfile}));
$key->use_pkcs1_padding();
$key->use_sha256_hash();
@@ -81,12 +84,13 @@ while (my $cgi = new CGI::Fast) {
my $session_user = $session->param('user');
my $alias;
- if ($email =~ /^(.*?)@/) { $alias = $1; }
+ my $domain;
+ if ($email =~ /^(.*?)@(.*)/) { $alias = $1; $domain = $2; }
my $email_users = $aliases->expand($alias) or die "User not found";
die "User is not authorized to use this email address"
unless ($session_user ~~ @$email_users);
- my $sig = sign $key, decode_json($user_pubkey), $email, $duration;
+ my $sig = sign $key, decode_json($user_pubkey), $email, $duration, $domain;
say encode_json({signature => $sig});
}