Author: bblfish
Date: Wed Apr 6 22:22:17 2011
New Revision: 1089651
URL: http://svn.apache.org/viewvc?rev=1089651&view=rev
Log:
CLEREZZA-479 "WebID Test Suite" -- deal graciously with Subject Alternative
Names with unsupported protocols
Modified:
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/CertificateDescription.scala
Modified:
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala?rev=1089651&r1=1089650&r2=1089651&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
(original)
+++
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
Wed Apr 6 22:22:17 2011
@@ -45,141 +45,158 @@ import org.apache.clerezza.platform.secu
*/
class WebIDClaim(val webId: UriRef, val key: PublicKey) {
- import X509Claim._
+ import X509Claim._
- val errors = new LinkedList[java.lang.Throwable]()
+ val errors = new LinkedList[java.lang.Throwable]()
- lazy val principal = new PrincipalImpl(userName)
- var verified = Verification.Unverified
+ lazy val principal = new PrincipalImpl(userName)
+ var verified = Verification.Unverified
- /*private lazy val selectQuery = {
- val query = """PREFIX cert: <http://www.w3.org/ns/auth/cert#>
- PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
- SELECT ?m ?e ?mod ?exp
- WHERE {
- [] cert:identity ?webid ;
- rsa:modulus ?m ;
- rsa:public_exponent ?e .
- OPTIONAL { ?m cert:hex ?mod . }
- OPTIONAL { ?e cert:decimal ?exp . }
- }"""
- queryParser.parse(query).asInstanceOf[SelectQuery]
- }*/
-
- //todo: not at all a satisfactory username method. Find something better.
- lazy val userName = for (c <- webId.getUnicodeString) yield
- c match {
- case ':' => '_';
- case '#' => '_';
- case '/' => '_';
- case _ => c
- }
-
- /**
- * verify this claim
- * @param authSrvc: the authentication service contains information about
where to get graphs
- */
- //todo: make this asynchronous
- def verify(authSrvc: FoafSslAuthentication) {
- try {
- var webIdInfo = authSrvc.webIdSrvc.getWebIDInfo(webId, Cache.CacheOnly)
- if (
- !verify(webIdInfo.publicUserGraph)
- ) {
- webIdInfo = authSrvc.webIdSrvc.getWebIDInfo(webId, Cache.ForceUpdate)
- if (
- !verify(webIdInfo.publicUserGraph)
- ) {
- verified = Verification.Failed
- return
- }
- }
- } catch {
- case e => {
- errors.add(e)
- verified = Verification.Failed
- return
- }
- }
- verified = Verification.Verified
- }
-
- def verify(tc: TripleCollection): Boolean = {
- key match {
- case k: RSAPublicKey => verify(k, tc);
- case _ => throw new CertificateException("Unsupported key format")
- }
- }
-
- private def verify(publicKey: RSAPublicKey, tc: TripleCollection): Boolean =
{
- val publicKeysInGraph = getPublicKeysInGraph(tc)
- val publicKeyTuple = (new BigInt(publicKey.getModulus), new
BigInt(publicKey.getPublicExponent))
- val result = publicKeysInGraph.contains(publicKeyTuple)
- if (logger.isDebugEnabled) {
- if (!result) {
- val baos = new ByteArrayOutputStream
- Serializer.getInstance.serialize(baos, tc, SupportedFormat.TURTLE);
- logger.debug("no matching key in: \n{}", new String(baos.toByteArray));
- logger.debug("the public key is not among the " +
- publicKeysInGraph.size + " keys in the profile graph of size " +
- tc.size)
- logger.debug("PublicKey: " + publicKeyTuple)
- publicKeysInGraph.foreach(k => logger.debug("PublikKey in graph: " +
k))
- }
- }
- result
- }
-
- private def getPublicKeysInGraph(tc: TripleCollection): Array[(BigInt,
BigInt)] = {
- import scala.collection.JavaConversions._
- val publicKeys = for (t <- tc.filter(null, CERT.identity, webId)) yield {
- t.getSubject
- }
- (for (p <- publicKeys) yield {
- val node = new GraphNode(p, tc)
- val modulusRes = node / RSA.modulus
- val modulus = intValueOfResource(modulusRes) match {
- case Some(x) => x
- case _ => BigInt(0)
- }
- val exponentRes = node / RSA.public_exponent
- val exponent = intValueOfResource(exponentRes) match {
- case Some(x) => x
- case _ => BigInt(0)
- }
- (modulus, exponent)
- }).toArray
- }
-
-
-
- def canEqual(other: Any) = other.isInstanceOf[WebIDClaim]
-
- override
- def equals(other: Any): Boolean =
- other match {
- case that: WebIDClaim => (that eq this) || (that.canEqual(this) && webId
== that.webId && key == that.key)
- case _ => false
- }
-
- override
- lazy val hashCode: Int = 41 * (
- 41 * (
- 41 + (if (webId != null) webId.hashCode else 0)
- ) + (if (key != null) key.hashCode else 0)
- )
+ /*private lazy val selectQuery = {
+ val query = """PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+ PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+ SELECT ?m ?e ?mod ?exp
+ WHERE {
+ [] cert:identity ?webid ;
+ rsa:modulus ?m ;
+ rsa:public_exponent ?e .
+ OPTIONAL { ?m cert:hex ?mod . }
+ OPTIONAL { ?e cert:decimal ?exp . }
+ }"""
+ queryParser.parse(query).asInstanceOf[SelectQuery]
+ }*/
+
+ //todo: not at all a satisfactory username method. Find something
better.
+ lazy val userName = for (c <- webId.getUnicodeString) yield
+ c match {
+ case ':' => '_';
+ case '#' => '_';
+ case '/' => '_';
+ case _ => c
+ }
+
+
+ /**
+ * verify this claim
+ * @param authSrvc: the authentication service contains information
about where to get graphs
+ */
+ //todo: make this asynchronous
+ def verify(authSrvc: FoafSslAuthentication) {
+ if (!webId.getUnicodeString.startsWith("http:") &&
!webId.getUnicodeString.startsWith("https:")) {
+ //todo: ftp, and ftps should also be doable, though
content negoations is then lacking
+ verified = Verification.Unsupported
+ return
+ }
+ try {
+ var webIdInfo = authSrvc.webIdSrvc.getWebIDInfo(webId,
Cache.CacheOnly)
+ if (
+ !verify(webIdInfo.publicUserGraph)
+ ) {
+ webIdInfo =
authSrvc.webIdSrvc.getWebIDInfo(webId, Cache.ForceUpdate)
+ if (
+ !verify(webIdInfo.publicUserGraph)
+ ) {
+ verified = Verification.Failed
+ return
+ }
+ }
+ } catch {
+ case e => {
+ errors.add(e)
+ verified = Verification.Failed
+ return
+ }
+ }
+ verified = Verification.Verified
+ }
+
+ def verify(tc: TripleCollection): Boolean = {
+ key match {
+ case k: RSAPublicKey => verify(k, tc);
+ case _ => throw new CertificateException("Unsupported
key format")
+ }
+ }
+
+ private def verify(publicKey: RSAPublicKey, tc: TripleCollection):
Boolean = {
+ val publicKeysInGraph = getPublicKeysInGraph(tc)
+ val publicKeyTuple = (new BigInt(publicKey.getModulus), new
BigInt(publicKey.getPublicExponent))
+ val result = publicKeysInGraph.contains(publicKeyTuple)
+ if (logger.isDebugEnabled) {
+ if (!result) {
+ val baos = new ByteArrayOutputStream
+ Serializer.getInstance.serialize(baos, tc,
SupportedFormat.TURTLE);
+ logger.debug("no matching key in: \n{}", new
String(baos.toByteArray));
+ logger.debug("the public key is not among the "
+
+ publicKeysInGraph.size + " keys in the
profile graph of size " +
+ tc.size)
+ logger.debug("PublicKey: " + publicKeyTuple)
+ publicKeysInGraph.foreach(k =>
logger.debug("PublikKey in graph: " + k))
+ }
+ }
+ result
+ }
+
+ private def getPublicKeysInGraph(tc: TripleCollection): Array[(BigInt,
BigInt)] = {
+ import scala.collection.JavaConversions._
+ val publicKeys = for (t <- tc.filter(null, CERT.identity,
webId)) yield {
+ t.getSubject
+ }
+ (for (p <- publicKeys) yield {
+ val node = new GraphNode(p, tc)
+ val modulusRes = node / RSA.modulus
+ val modulus = intValueOfResource(modulusRes) match {
+ case Some(x) => x
+ case _ => BigInt(0)
+ }
+ val exponentRes = node / RSA.public_exponent
+ val exponent = intValueOfResource(exponentRes) match {
+ case Some(x) => x
+ case _ => BigInt(0)
+ }
+ (modulus, exponent)
+ }).toArray
+ }
+
+
+ def canEqual(other: Any) = other.isInstanceOf[WebIDClaim]
+
+ override
+ def equals(other: Any): Boolean =
+ other match {
+ case that: WebIDClaim => (that eq this) ||
(that.canEqual(this) && webId == that.webId && key == that.key)
+ case _ => false
+ }
+
+ override
+ lazy val hashCode: Int = 41 * (
+ 41 * (
+ 41 + (if (webId != null) webId.hashCode else 0)
+ ) + (if (key != null) key.hashCode else 0)
+ )
}
object Verification extends Enumeration {
+ /**
+ * the claim has not yet been verified
+ */
val Unverified = Value
+ /**
+ * The claim was verified and succeeded
+ */
val Verified = Value
- val Failed = Value
-
-}
+ /**
+ * The claim was verified and failed
+ */
+ val Failed = Value
+ /**
+ * The claim cannot be verified by this agent
+ */
+ val Unsupported = Value
+}
Modified:
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala?rev=1089651&r1=1089650&r2=1089651&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
(original)
+++
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
Wed Apr 6 22:22:17 2011
@@ -20,17 +20,14 @@
package org.apache.clerezza.foafssl.test
import org.apache.clerezza.platform.security.UserUtil
-import org.apache.clerezza.platform.usermanager.UserManager
-import javax.ws.rs.{Produces, GET, Path}
import org.osgi.service.component.ComponentContext
import org.apache.clerezza.foafssl.auth.X509Claim
-import javax.ws.rs.core.Response
import org.apache.clerezza.rdf.utils.GraphNode
import org.apache.clerezza.rdf.core.impl.SimpleMGraph
-import org.apache.clerezza.rdf.ontologies.{FOAF, PLATFORM, RDF}
import org.apache.clerezza.rdf.core.{BNode, UriRef}
-import pages.XhtmlCertificate
-
+import javax.ws.rs._
+import org.apache.clerezza.rdf.ontologies._
+import org.slf4j.{LoggerFactory, Logger}
/**
* implementation of (very early) version of test server for WebID so that the
following tests
* can be checked.
@@ -40,6 +37,8 @@ import pages.XhtmlCertificate
object WebIDTester {
val testCls = new UriRef("https://localhost/test/WebID/ont/tests";) //todo:
change url
+ private val logger: Logger = LoggerFactory.getLogger(classOf[WebIDTester])
+
}
@Path("/test/WebId")
@@ -74,4 +73,5 @@ class WebIDTester {
}
+
}
Modified:
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/CertificateDescription.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/CertificateDescription.scala?rev=1089651&r1=1089650&r2=1089651&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/CertificateDescription.scala
(original)
+++
incubator/clerezza/trunk/parent/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/CertificateDescription.scala
Wed Apr 6 22:22:17 2011
@@ -87,6 +87,7 @@ class XhtmlCertificate(arguments: XmlRes
claim.verified match {
case Verification.Verified => verifiedClaim(claim)
case Verification.Failed => claimFailure(claim)
+ case Verification.Unsupported => <p>WebId's with this protocol are
currently unsupported</p>
case Verification.Unverified => <p>Currently this is not possible, but
in asynchronous situations it will be</p>
}
}
