On 02/10/2010 12:44 PM, Story Henry wrote: > Hi, > > Having got Xwiki to produce RDFa (very easy), and having switched of > Twitter to allow me to concentrate,I am now working on allowing a > user to click a button in his profile, and have it create a foaf+ssl > certificate (which is just a normal certificate, but with a URL in > the subject alternative name). The code for this is very simple: > > http://github.com/harbulot/keygenapp/blob/master/samplewebapp/src/main/java/uk/ac/manchester/_rcs/bruno/keygenapp/webapp/MiniCaServlet.java > > (with a few lines of tweaks required to add the certificate > information to the profile page). > > What happens is that a<keygen> XML element is added to a<form> > element in the user's profile page. This forces the browser (Safari, > Firefox, Opera) to create a<public, private> key pair and send the > public part to the servlet referred to above (MiniCaServlet). That
What about IE? Not that I like it, but most enterprise users are still on IE6. > servlet creates a certificate and sends it back to an invisible > iframe. The browser then adds that cert to the keystore (this is done > automatically, it's part of browser behavior). Do you have a link to some documentation about this behavior? > So to move this code to XWiki, I understand I should create a > component. I read about it here: > > http://platform.xwiki.org/xwiki/bin/view/DevGuide/WritingComponents Yes, that's the right approach. You should also read about the new scripting service, see http://jira.xwiki.org/jira/browse/XWIKI-4853 and http://markmail.org/thread/g4z56pl734lng2ym > and it makes sense. From a component I can get the user, and from > that I can get his profile page, and then I can add the public key > information to his profile (I wrote a RSAKeyClass in Xwiki to do > this). RSAKeyClass as a class inside com.xpn.xwiki.objects.classes, similar to PasswordClass, NumberClass and the like? Yes, that is good. You also need a RSAKeyMetaClass in com.xpn.xwiki.objects.meta, and register it in com.xpn.xwiki.objects.meta.MetaClass Alternatively, you could just use the TextAreaClass for the moment, although that's 0 security. > The component should finally send the newly generated certificate > back to the client, which it can do because it has access the the > HTTPServletResponse. > > But where would I put such a component? In a specific wiki page? Better as a jar inside WEB-INF/lib. Given that it adds a new property type to the data model, it should be a key component inside the platform. > Does all that make sense? If not let me know before I go and code it > up. Looks good to me so far, but I have a couple more questions/suggestions: - You must make sure that the private key can't be publicly accessed - What do you plan to do with these keys afterwards? - The process that you described (browser creates key, sends public part to server, server creates certificate and sends back to browser) does not mention anything about what happens within the user profile. Could you go into more details? > Henry > > PS. It would be fun later to have the User's Profile page be a bit > Ajaxy, so that if it notices a change to the invisible iframe the > browser can make a reques to XWiki to refresh the table of public > keys displayed to the user. > > Social Web Architect http://bblfish.net/ -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
