Squashed 'mod/foafssl/' content from commit 3c1da1e

git-subtree-dir: mod/foafssl
git-subtree-split: 3c1da1eaff8f61049b45ad99528f8f4e09ac7e62

22 files changed, 1110 insertions, 0 deletions

diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 000000000..d69e4f4ab
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,3 @@
+Sean Donovan / mrsdonovanca at bitbucket
+Pablo Martin <devel@lorea.cc>
+
diff --git a/COPYING b/COPYING
new file mode 100755
index 000000000..60549be51
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/README.txt b/README.txt
new file mode 100644
index 000000000..ee06969d4
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,53 @@
+Elgg Foaf-SSL support
+----------------------
+
+Foaf ssl support for elgg. Allows to manage client certificates, link them in the foaf file, and login with a certificate authenticating with foaf-ssl.
+
+ installation: 
+	place in mod/ folder as "foafssl"
+
+        expects "lib" and "arc" folders from libAuthentications inside the module folder.
+        (check git://github.com/melvincarvalho/libAuthentication.git)
+        also, you need to configure a database for libAuthentication, you can find the details
+        in the authentication.php file ;)
+
+ apache config:
+	yes, you need some apache config to get this running... basically the following should go
+        in your vhost file (change the location dirs if you have a different root):
+# ---------------
+
+    	SSLOptions +ExportCertData +StdEnvVars
+
+	# location to login
+        <Location /pg/foafssl/login>
+            SSLRequireSSL
+            SSLVerifyClient optional_no_ca
+            SSLVerifyDepth 1
+            SSLOptions +ExportCertData +StdEnvVars
+        </Location>
+
+	# location to suck a certificate into a logged in account
+        <Location /action/foafssl/suck>
+            SSLRequireSSL
+            SSLVerifyClient optional_no_ca
+            SSLVerifyDepth 1
+            SSLOptions +ExportCertData +StdEnvVars
+        </Location>
+
+
+# ---------------
+
+ elgg mod:
+   if you want elgg to work with content-type appropriately, you need to apply the following patch to elgglib.php (approximate):
+   http://trac.elgg.org/ticket/2223
+
+------
+
+ code repo:
+	https://rhizomatik@bitbucket.org/rhizomatik/elgg_foafssl
+ license:
+	GPLv2 (see COPYING)
+
+--
+
+devel@lorea.cc
diff --git a/actions/add.php b/actions/add.php
new file mode 100644
index 000000000..494229aad
--- /dev/null
+++ b/actions/add.php
@@ -0,0 +1,43 @@
+<?php
+global $CONFIG;
+$user = get_loggedin_user();
+$name = get_input('name');
+$webid = get_input('webid');
+$modulus = get_input('modulus');
+$exponent = get_input('exponent');
+
+error_log($name);
+error_log($webid);
+error_log($modulus);
+error_log($exponent);
+
+if (isset($_FILES['cert_file'])) {
+	$cert = get_uploaded_file('cert_file');
+        $res = openssl_x509_read($cert);
+	$cert_data = openssl_x509_parse($cert);
+	$pubKey  = openssl_pkey_get_public($res);
+        $keyData = openssl_pkey_get_details($pubKey);
+        $webid = $cert_data["extensions"]["subjectAltName"];
+
+        //Remove certificate armour
+        $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+        $modulus = strtoupper($unpacked_n[1]);
+
+        $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+        $exponent = hexdec($unpacked_e[1]);
+	$name = $cert_data["subject"]["CN"];
+	error_log("load file");
+	error_log("webid:".$webid);
+	error_log("exponent".$exponent);
+	error_log("mod".$modulus);
+}
+
+if ($modulus && $exponent && $user && $webid) {
+	$key = elgg_foafssl_createkey($modulus, $exponent, $user, $webid, $name);
+	system_message(elgg_echo("foafssl:addkey"));
+}
+else {
+	register_error(elgg_echo("foafssl:cantadd"));
+}
+forward($CONFIG->wwwroot."pg/foafssl/manage");
+?>
diff --git a/actions/generate.php b/actions/generate.php
new file mode 100644
index 000000000..e899d3dd0
--- /dev/null
+++ b/actions/generate.php
@@ -0,0 +1,53 @@
+<?php
+
+require_once($CONFIG->pluginspath."foafssl/lib/Authentication.php");
+require_once($CONFIG->pluginspath."foafssl/cert_proxy.php");
+
+global $CONFIG;
+
+
+function toBASE64($encodeMe) {
+    // does openssl really need this?
+    $data = base64_encode($encodeMe);
+    $datalb = "";
+    while (strlen($data) > 64) {
+        $datalb .= substr($data, 0, 64) . "\n";
+        $data = substr($data,64);
+    }
+    $datalb .= $data;
+    return $datalb;
+}
+
+
+$user = get_loggedin_user();
+$webid = $user->getURL();
+$name = get_input("name");
+$pubkey = get_input("pubkey");
+
+$cert = request_identity_p12($name, $webid, $pubkey);
+
+if ($cert && $user) {
+	$armored_cert = "-----BEGIN CERTIFICATE-----\n";
+	$armored_cert .= toBase64($cert);
+	$armored_cert .= "\n-----END CERTIFICATE-----\n";
+	$res = openssl_x509_read($armored_cert);
+	$cert_data = openssl_x509_parse($armored_cert);
+	$uid = $cert_data["subject"]["UID"];
+	$altName = $cert_data["extensions"]["subjectAltName"];
+        $pubKey  = openssl_pkey_get_public($res);
+        $keyData = openssl_pkey_get_details($pubKey);
+
+        //Remove certificate armour
+        $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+        $modulus = strtoupper($unpacked_n[1]);
+        $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+        $exponent = hexdec($unpacked_e[1]);
+ 	  set_input("name",$cert_data["subject"]["CN"]);
+	    set_input("webid",$altName);
+	    set_input("modulus",$modulus);
+	    set_input("exponent",$exponent);
+	    // now really include
+	    include($CONFIG->pluginspath."foafssl/actions/add.php");
+}
+
+?>
diff --git a/actions/register.php b/actions/register.php
new file mode 100755
index 000000000..ff5e495b5
--- /dev/null
+++ b/actions/register.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * Elgg registration action
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ */
+
+global $CONFIG;
+error_log("register user foaf!");
+// Get variables
+$username = get_input('username');
+$password = get_input('password');
+$password2 = get_input('password2');
+$email = get_input('email');
+$name = get_input('name');
+$friend_guid = (int) get_input('friend_guid',0);
+$invitecode = get_input('invitecode');
+$exponent = get_input('key_exp');
+$modulus = get_input('key_mod');
+$webid = get_input('key_webid');
+
+if (!($exponent && $modulus && $webid))
+	forward();
+
+$admin = get_input('admin');
+if (is_array($admin)) {
+	$admin = $admin[0];
+}
+
+if (!$CONFIG->disable_registration) {
+// For now, just try and register the user
+	try {
+		$guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);
+		if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
+			$new_user = get_entity($guid);
+error_log("register user foaf2!");
+			elgg_set_ignore_access(true);
+			elgg_foafssl_createkey($modulus, $exponent, $new_user, $webid, $name." register cert");
+			elgg_set_ignore_access(false);
+			if (($guid) && ($admin)) {
+				// Only admins can make someone an admin
+				admin_gatekeeper();
+				$new_user->makeAdmin();
+			}
+
+			// Send user validation request on register only
+			global $registering_admin;
+			if (!$registering_admin) {
+				request_user_validation($guid);
+			}
+
+			if (!$new_user->isAdmin()) {
+				// Now disable if not an admin
+				// Don't do a recursive disable.  Any entities owned by the user at this point
+				// are products of plugins that hook into create user and might need
+				// access to the entities.
+				$new_user->disable('new_user', false);
+			}
+
+			system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
+
+			// Forward on success, assume everything else is an error...
+			forward();
+		} else {
+			register_error(elgg_echo("registerbad"));
+		}
+	} catch (RegistrationException $r) {
+		register_error($r->getMessage());
+	}
+} else {
+	register_error(elgg_echo('registerdisabled'));
+}
+
+$qs = explode('?',$_SERVER['HTTP_REFERER']);
+$qs = $qs[0];
+$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid;
+
+forward($qs);
diff --git a/actions/suck.php b/actions/suck.php
new file mode 100644
index 000000000..fd801e2de
--- /dev/null
+++ b/actions/suck.php
@@ -0,0 +1,56 @@
+<?php
+
+//require_once("config.php");
+global $CONFIG;
+require_once($CONFIG->pluginspath."foafssl/lib/Authentication.php");
+
+$config = array('db_name'=>'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests');
+if ($_SERVER['SSL_CLIENT_CERT']) {
+	error_log("going to add");
+	$cert = $_SERVER['SSL_CLIENT_CERT'];
+	$res = openssl_x509_read($cert);
+	$cert_data = openssl_x509_parse($cert);
+	$uid = $cert_data["subject"]["UID"];
+	$altName = $cert_data["extensions"]["subjectAltName"];
+        $pubKey  = openssl_pkey_get_public($res);
+        $keyData = openssl_pkey_get_details($pubKey);
+
+        //Remove certificate armour
+        $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+        $modulus = strtoupper($unpacked_n[1]);
+        $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+        $exponent = hexdec($unpacked_e[1]);
+ 	  set_input("name",$cert_data["subject"]["CN"]);
+	    set_input("webid",$altName);
+	    set_input("modulus",$modulus);
+	    set_input("exponent",$exponent);
+	    include($CONFIG->pluginspath."foafssl/actions/add.php");
+}
+
+
+/*
+$auth = new Authentication_FoafSSLARC($config);
+//$auth = new Authentication_AgentARC($config, $webId);
+//var_dump($auth);
+//if ($auth->agentId !== $auth->agentURI) {
+if ($auth->isAuthenticated()) {
+    //print "Hello : $auth->webid<br/>";
+    $base_url = $CONFIG->wwwroot."pg/profile/";
+    if (strpos($auth->webid, $base_url) == 0) {
+	$root_len = strlen($base_url);
+    	$username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-strlen("?view=foaf"));
+	$user = get_user_by_username($username);
+	login($user, true);
+	system_message(elgg_echo("you logged in successfully with your certificate!"));
+	forward();
+	
+	}
+}
+else {
+    print "Sorry you are not logged in<br/>";
+	print $auth->authnDiagnostic;
+}
+*/
+//$auth->logout();
+
+?>
diff --git a/add.php b/add.php
new file mode 100644
index 000000000..b06bc4218
--- /dev/null
+++ b/add.php
@@ -0,0 +1,24 @@
+<?php
+set_context("settings");
+global $CONFIG;
+$form_body = elgg_echo('foafssl:name');
+$form_body .= elgg_view('input/text',array('internalname' => 'name'));
+/*$form_body .= elgg_echo('foafssl:modulus');
+$form_body .= elgg_view('input/text',array('internalname' => 'modulus'));
+$form_body .= elgg_echo('foafssl:exponent');
+$form_body .= elgg_view('input/text',array('internalname' => 'exponent'));*/
+$form_body .= elgg_view("input/file", array(
+                        'internalname' => 'cert_file')).'</p><br>';
+$form_body .= elgg_view('input/submit', array('value'=>'submit'));
+$objects = elgg_view('input/form',array('body' => $form_body, 'action' => $CONFIG->wwwroot . 'action/foafssl/add', 'method' => 'post'));
+
+$body = elgg_view_title($title);
+$body .= $objects;
+
+$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3);
+
+// Finally draw the page
+page_draw($title, $body);
+
+
+?>
diff --git a/authenticationlogin.php b/authenticationlogin.php
new file mode 100644
index 000000000..556fbe3b0
--- /dev/null
+++ b/authenticationlogin.php
@@ -0,0 +1,71 @@
+<?php
+
+//require_once("config.php");
+global $CONFIG;
+require_once("lib/Authentication.php");
+
+$config = array('db_name'=>'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests');
+
+$auth = new Authentication_FoafSSLARC($config);
+if ($auth->isAuthenticated()) {
+    $base_url = $CONFIG->wwwroot."pg/profile/";
+    if (strpos($auth->webid, $base_url) === 0) {
+	// local
+	$root_len = strlen($base_url);
+	$trim = 0;
+	if (!strpos($auth->webid, "?view=foaf") === false) {
+		$trim = strlen("?view=foaf");
+	}
+    	$username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-$trim);
+	$user = get_user_by_username($username);
+    }
+    else {
+	// remote
+	$options = array('metadata_name' => 'webid', 
+			'metadata_value' => "URI:".$auth->webid, 
+			'owner_guid' => ELGG_ENTITIES_ANY_VALUE, 
+			'types' => 'object', 
+			'subtypes' => 'sslkey');
+	$certs = elgg_get_entities_from_metadata($options);
+	if ($certs) {
+		$user = $certs[0]->getOwnerEntity();
+	}
+	else {
+		// maybe you already exist here?
+		$options = array('metadata_name' => 'webid',
+				'metadata_value' => $auth->webid,
+				'owner_guid' => ELGG_ENTITIES_ANY_VALUE,
+				'types'=>'user');
+		$remote_users = elgg_get_entities_from_metadata($options);
+		//if ($remote_users) {
+		if (false) {
+			$user = $remote_users[0];
+			$user->foreign = false; // not foreign any more
+		}
+		else {
+			// maybe you want to create an account here
+			$register = true;
+			set_input("u", $username);
+			set_input("n", $username);
+			$mod = $auth->certModulus;
+			$exp = $auth->certExponent;
+			$body = elgg_view("foafssl/register", array('exp'=>$exp, 'mod'=>$mod, 'webid' => "URI:".$auth->webid));
+			echo page_draw(elgg_echo('register'), $body);
+		}
+	}
+    }
+}
+// now login if we found a user
+if ($user) {
+	login($user, true);
+        system_message(elgg_echo("foafssl:loggedin"));
+        forward();
+}
+elseif (!$register) {
+	register_error(elgg_echo('foafssl:cantlogin').":".$auth->authnDiagnostic);
+        forward();
+}
+
+// logout the cert session since we dont need it
+
+?>
diff --git a/cert_proxy.php b/cert_proxy.php
new file mode 100644
index 000000000..5dc4f8b67
--- /dev/null
+++ b/cert_proxy.php
@@ -0,0 +1,64 @@
+<?php
+
+//-----------------------------------------------------------------------------------------------------------------------------------
+//
+// Filename   : cert.php                                                                                                            
+// Version    : 1.0
+// Date       : 3rd Jan 2009
+//
+// Decription : This script creates an PKCS12 encoded SSL Certificate which is file transfered to the script caller.
+//
+// Usage      : cert.php?foaf=http://foaf.me/jsmith&
+//                       commonName=J Smith&
+//                       emailAddress=jsmith@example.com&
+//                       organizationName=My Company Ltd&
+//                       organizationalUnitName=Technology Division&
+//                       localityName=Newbury&
+//				         stateOrProvinceName=Berkshire&
+//                       countryName=GB&
+//                       password=secret
+//
+//              All parameters except 'foaf' are optional. Some parameters if missing will default as per openssl.cnf 
+//
+// See Also   : Using PHP to create self-signed X.509 Client Certificates
+//              http://foaf.me/Using_PHP_to_create_X.509_Client_Certificates.php
+//
+//-----------------------------------------------------------------------------------------------------------------------------------
+
+// Check if the foaf loaction is specified in the script call
+
+function request_identity_p12($commonName, $webid, $pubkey, $hours=0.0, $days=0.0) {
+	$post_fields = array();
+	$post_fields['webid'] = $webid;
+	$post_fields['spkac'] = $pubkey;
+	$post_fields['hours'] = $hours;
+	$post_fields['days'] = $days;
+	$post_fields['keygensubmit'] = "submit certificate request";
+	$post_fields['cn'] = $commonName;
+	$ch = curl_init('http://webid.myxwiki.org/xwiki/bin/view/WebId/CreateCert');
+	curl_setopt($ch, CURLOPT_POST      ,1);
+	curl_setopt($ch, CURLOPT_POSTFIELDS    ,$post_fields);
+	curl_setopt($ch, CURLOPT_FOLLOWLOCATION  ,1);
+	curl_setopt($ch, CURLOPT_HEADER      ,0);  // DO NOT RETURN HTTP HEADERS
+	curl_setopt($ch, CURLOPT_RETURNTRANSFER  ,1);  // RETURN THE CONTENTS OF THE CALL
+	// should check the error code and warn if something goes wrong
+        $Rec_Data = curl_exec($ch);
+	header('Last-Modified: '.date('r+b'));
+        header('Accept-Ranges: bytes');
+        header('Content-Length: '.strlen($Rec_Data));
+	header('Content-Type: application/x-x509-user-cert');
+	echo $Rec_Data;
+	return $Rec_Data;
+
+}
+
+/*// Create a PKCS12 encoded SSL certificate
+if ( $p12 = request_identity_p12(
+			$countryName, $stateOrProvinceName, $localityName, $organizationName, $organizationalUnitName, $commonName, $emailAddress,
+			$foafLocation, $pubkey ) )
+{	
+	// Send the PKCS12 encoded SSL certificate to the script caller as a file transfer
+	download_identity_p12($p12, $foafLocation);
+}*/
+
+?>
diff --git a/foafssl.png b/foafssl.png
new file mode 100644
index 000000000..17fa6da59
--- /dev/null
+++ b/foafssl.png
diff --git a/generate.php b/generate.php
new file mode 100644
index 000000000..1e86a7070
--- /dev/null
+++ b/generate.php
@@ -0,0 +1,22 @@
+<?php
+set_context("settings");
+global $CONFIG;
+$form_body = "<p>".elgg_echo('foafssl:generate:description')."</p>";
+$form_body .= elgg_echo('foafssl:name').":";
+$form_body .= elgg_view('input/text',array('internalname' => 'name'));
+$form_body .= '<keygen name="pubkey" challenge="TheChallenge1" style="display:none">';
+$form_body .= elgg_view('input/submit', array('value'=>elgg_echo('foafssl:generate')));
+$objects = elgg_view('input/form',array('body' => $form_body, 'action' => $CONFIG->wwwroot . 'action/foafssl/generate', 'method' => 'post'));
+
+
+$title = elgg_echo('foafssl:generatecert');
+$body = elgg_view_title($title);
+$body .= $objects;
+$body .= "<a href='".$CONFIG->wwwroot."pg/foafssl/manage"."'>".elgg_echo('foafssl:return')."</a>";
+
+$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3);
+
+// Finally draw the page
+echo page_draw($title, $body);
+
+?>
diff --git a/languages/en.php b/languages/en.php
new file mode 100755
index 000000000..13141fd41
--- /dev/null
+++ b/languages/en.php
@@ -0,0 +1,25 @@
+<?php

+

+	$english = array(

+		"foafssl:manage" => "Manage ssl certificates",

+		"foafssl:suck" => "Suck an identity",

+		"foafssl:addforeign" => "Import a certificate",

+		"foafssl:generate" => "Generate",

+		"foafssl:generatecert" => "Generate a certificate",

+		"foafssl:your" => "Your ssl certificates",

+		"foafssl:name" => "Name",

+		"foafssl:generate:description" => "Write a name for your certificate (it should describe your identity on this network) and click on generate.",

+		"foafssl:return" => "After generating the certificate return to the manage page",

+		"foafssl:modulus" => "Modulus",

+		"foafssl:exponent" => "Exponent",

+		"foafssl:loggedin" => "You logged in successfully with your certificate!",

+		"foafssl:cantlogin" => "Couldnt login with the certificate",

+		"foafssl:addkey" => "Your new key has been added",

+		"foafssl:cantadd" => "Couldnt add the certificate, check that it is a correct foaf ssl certificate",

+		"foafssl:login" => "Foaf-ssl Login",

+		"foafssl:explain" => "You can generate your certificate for this network by using the generate button, also you can import from a file, or suck one you have installed on your browser.",

+	);

+	

+	add_translation("en",$english);

+

+?>

diff --git a/languages/es.php b/languages/es.php
new file mode 100755
index 000000000..fbe170595
--- /dev/null
+++ b/languages/es.php
@@ -0,0 +1,26 @@
+<?php

+/**

+         * Elgg spotlight lorea

+         * 

+         * @package

+         * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2

+         * @author lorea

+         * @copyright lorea

+         * @link http://lorea.cc

+         */

+

+	$spanish = array(

+                "foafssl:manage" => "Gestionar certificados ssl",

+                "foafssl:addforeign" => "Importar un certificado",

+                "foafssl:generate" => "Generar",

+                "foafssl:your" => "Tus certificados ssl",

+                "foafssl:name" => "Nombre",

+                "foafssl:modulus" => "Modulo",

+                "foafssl:exponent" => "Exponente",

+                "foafssl:loggedin" => "Has entrado a la red con tu certificado",

+                "foafssl:cantlogin" => "No se ha podido validar tu certificado",

+	);

+	

+	add_translation("es",$spanish);

+

+?>

diff --git a/manage.php b/manage.php
new file mode 100644
index 000000000..4a38c7342
--- /dev/null
+++ b/manage.php
@@ -0,0 +1,27 @@
+<?php
+gatekeeper();
+global $CONFIG;
+set_context("settings");
+$user = get_loggedin_user();
+
+$title = elgg_echo("foafssl:your");
+$options = array('types'=>'object','subtypes'=>'sslkey','owner_guid'=>$user->getGUID(),'full_view'=>false);
+$objects = elgg_list_entities($options);
+
+$body = elgg_view_title($title);
+$body .= "<div class='contentWrapper'>";
+$body .= sprintf(elgg_echo("foafssl:explain"), $user->getURL()."?view=foaf")."<br/><br/>";
+$body .= "<a class='add_topic_button' href='".$CONFIG->wwwroot."pg/foafssl/add'>".elgg_echo('foafssl:addforeign')."</a> ";
+$body .= "<a class='add_topic_button' href='".$CONFIG->wwwroot."pg/foafssl/generate'>".elgg_echo('foafssl:generate')."</a> ";
+$body .= "<a class='add_topic_button' href='".elgg_add_action_tokens_to_url($CONFIG->wwwroot."action/foafssl/suck")."'>".elgg_echo('foafssl:suck')."</a><br/>";
+$body .= "</div>";
+
+//$body .= elgg_view("pages/welcome", array('entity' => $welcome_message));
+$body .= $objects;
+
+$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3);
+
+// Finally draw the page
+page_draw($title, $body);
+
+?>
diff --git a/manifest.xml b/manifest.xml
new file mode 100644
index 000000000..5cb3b9afa
--- /dev/null
+++ b/manifest.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<plugin_manifest>

+	<field key="author" value="Pablo Martin" />

+	<field key="version" value="0.5" />

+	<field key="license" value="GPLv2" />

+	<field key="description" value="Brings the power of foaf ssl to elgg" />

+	<field key="copyright" value="(c) Pablo Martin 2010" />

+    <field key="website" value="http://bitbucket.org/rhizomatik/elgg_foafssl" />

+</plugin_manifest>

diff --git a/start.php b/start.php
new file mode 100644
index 000000000..a9e20c77f
--- /dev/null
+++ b/start.php
@@ -0,0 +1,83 @@
+<?php
+/**
+         * Elgg powered plugin
+         * 
+         * @package
+         * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+         * @author lorea
+         * @copyright lorea
+         * @link http://lorea.cc
+         */
+
+	function elgg_foafssl_createkey($modulus, $exponent, $user, $webid, $name) {
+		error_log("create foaf ssl key:".$modulus.":".$exponent);
+		$user_guid = $user->getGUID();
+		$key = new ElggObject();
+		$key->name = $name;
+		$key->title = $name;
+		$key->subtype = 'sslkey';
+		$key->owner_guid = $user_guid;
+		$key->container_guid = $user_guid;
+		$key->access_id = ACCESS_PUBLIC;
+		$key->save();
+		$key->webid = $webid;
+		$key->modulus = $modulus;
+		$key->exponent = $exponent;
+		return $key;
+	}
+
+
+	function foafssl_page_handler($page) {
+		global $CONFIG;
+		switch ($page[0]) {
+			case 'manage':
+				include($CONFIG->pluginspath.'foafssl/manage.php');
+				break;
+			case 'add':
+				include($CONFIG->pluginspath.'foafssl/add.php');
+				break;
+			case 'generate':
+				include($CONFIG->pluginspath.'foafssl/generate.php');
+				break;
+			case 'login':
+				include($CONFIG->pluginspath.'foafssl/authenticationlogin.php');
+				break;
+		}
+	}
+
+        function foafssl_pagesetup() {
+                global $CONFIG;
+                if (get_context() == 'settings') {
+                        add_submenu_item(elgg_echo('foafssl:manage'), $CONFIG->wwwroot . "pg/foafssl/manage");
+                }
+        }
+
+
+ 	function foafssl_init(){
+			global $CONFIG;
+			register_action("foafssl/add",false, $CONFIG->pluginspath . "foafssl/actions/add.php");
+			register_action("foafssl/generate",false, $CONFIG->pluginspath . "foafssl/actions/generate.php");
+			register_action("foafssl/suck",false, $CONFIG->pluginspath . "foafssl/actions/suck.php");
+			register_action("foafssl/delete",false, $CONFIG->pluginspath . "foafssl/actions/delete.php");
+			register_action('entities/delete');
+			register_page_handler('foafssl','foafssl_page_handler');
+			register_elgg_event_handler('pagesetup','system','foafssl_pagesetup');
+			elgg_extend_view("account/forms/login", "foafssl/loginbox");
+			register_action("foafssl/register",true, $CONFIG->pluginspath . "foafssl/actions/register.php");
+
+
+			//elgg_extend_view("canvas/layouts/widgets", "foafssl/profile");
+			/*
+			register_action("microthemes/clear",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/clear.php");
+			register_action("microthemes/edit",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/edit.php");
+			register_action("microthemes/choose",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/choose.php");
+			register_plugin_hook('entity:icon:url', 'object', 'microthemes_tasksicon_hook');
+			register_elgg_event_handler('pagesetup','system','microthemes_pagesetup');
+
+                        elgg_extend_view("metatags", "microthemes/metatags");
+			//elgg_extend_view('profile/menu/linksownpage','microthemes/profilemenu');*/
+	}
+
+register_elgg_event_handler('init','system','foafssl_init');
+
+?>
diff --git a/views/default/foafssl/loginbox.php b/views/default/foafssl/loginbox.php
new file mode 100644
index 000000000..732074d9f
--- /dev/null
+++ b/views/default/foafssl/loginbox.php
@@ -0,0 +1,4 @@
+<?php
+	$loginurl = $vars['url']."pg/foafssl/login";
+	echo " <a href='".$loginurl."'>".elgg_echo("foafssl:login")." <img src='".$vars['url']."mod/foafssl/foafssl.png"."' /></a>";
+?>
diff --git a/views/default/foafssl/register.php b/views/default/foafssl/register.php
new file mode 100755
index 000000000..4681db9c5
--- /dev/null
+++ b/views/default/foafssl/register.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * Elgg register form
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ */
+
+$username = get_input('u');
+$email = get_input('e');
+$name = get_input('n');
+
+$admin_option = false;
+$loggedin_user = get_loggedin_user();
+
+if ($loggedin_user && $loggedin_user->isAdmin() && isset($vars['show_admin'])) {
+	$admin_option = true;
+}
+
+$form_body = "<p><label>" . elgg_echo('name') . "<br />" . elgg_view('input/text' , array('internalname' => 'name', 'class' => "general-textarea", 'value' => $name)) . "</label><br />";
+
+$form_body .= "<label>" . elgg_echo('email') . "<br />" . elgg_view('input/text' , array('internalname' => 'email', 'class' => "general-textarea", 'value' => $email)) . "</label><br />";
+$form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea", 'value' => $username)) . "</label><br />";
+$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password' , array('internalname' => 'password', 'class' => "general-textarea")) . "</label><br />";
+$form_body .= "<label>" . elgg_echo('passwordagain') . "<br />" . elgg_view('input/password' , array('internalname' => 'password2', 'class' => "general-textarea")) . "</label><br />";
+
+// view to extend to add more fields to the registration form
+$form_body .= elgg_view('register/extend');
+
+// Add captcha hook
+$form_body .= elgg_view('input/captcha');
+
+if ($admin_option) {
+	$form_body .= elgg_view('input/checkboxes', array('internalname' => "admin", 'options' => array(elgg_echo('admin_option'))));
+}
+
+$form_body .= elgg_view('input/hidden', array('internalname' => 'key_mod', 'value' => $vars['mod']));
+//$form_body .= $vars['mod'];
+$form_body .= elgg_view('input/hidden', array('internalname' => 'key_exp', 'value' => $vars['exp']));
+$form_body .= elgg_view('input/hidden', array('internalname' => 'key_webid', 'value' => $vars['webid']));
+//$form_body .= $vars['webid'];
+
+$form_body .= elgg_view('input/hidden', array('internalname' => 'friend_guid', 'value' => $vars['friend_guid']));
+$form_body .= elgg_view('input/hidden', array('internalname' => 'invitecode', 'value' => $vars['invitecode']));
+//$form_body .= elgg_view('input/hidden', array('internalname' => 'action', 'value' => 'register'));
+$form_body .= elgg_view('input/submit', array('internalname' => 'submit', 'value' => elgg_echo('register'))) . "</p>";
+?>
+
+<div id="register-box">
+<h2><?php echo elgg_echo('register'); ?></h2>
+<?php echo elgg_view('input/form', array('action' => "{$vars['url']}action/foafssl/register", 'body' => $form_body, 'method'=>'post')) ?>
+</div>
diff --git a/views/foaf/canvas/layouts/widgets.php b/views/foaf/canvas/layouts/widgets.php
new file mode 100644
index 000000000..acb6c3546
--- /dev/null
+++ b/views/foaf/canvas/layouts/widgets.php
@@ -0,0 +1,2 @@
+<?php
+?>
diff --git a/views/foaf/foafssl/profile.php b/views/foaf/foafssl/profile.php
new file mode 100644
index 000000000..b11708a32
--- /dev/null
+++ b/views/foaf/foafssl/profile.php
@@ -0,0 +1,16 @@
+<?php
+$user = $vars['user'];
+if ($user) {
+	$options = array('types'=>'object','subtypes'=>'sslkey','owner_guid'=>$user->getGUID());
+	$userkeys = elgg_get_entities($options);
+	foreach($userkeys as $key) {
+?>
+<rsa:RSAPublicKey>
+        <cert:identity rdf:resource="#me"/>
+        <rsa:public_exponent cert:decimal="<?php echo $key->exponent; ?>"/>
+        <rsa:modulus cert:hex="<?php echo $key->modulus; ?>"/>
+</rsa:RSAPublicKey>
+<?php
+	}
+}
+?>
diff --git a/views/foaf/pageshells/pageshell.php b/views/foaf/pageshells/pageshell.php
new file mode 100755
index 000000000..909c9aa58
--- /dev/null
+++ b/views/foaf/pageshells/pageshell.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * Elgg XML output pageshell
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ *
+ */
+
+header("Content-Type: application/rdf+xml");
+// echo $vars['body'];
+
+echo "<?xml version='1.0'?>\n";
+
+if (!$owner = page_owner_entity()) {
+	if (!isloggedin()) {
+		exit;
+	} else {
+		$owner = $vars['user'];
+	}
+}
+
+?>
+<rdf:RDF
+	xml:lang="en"
+	xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+	xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
+	xmlns:foaf="http://xmlns.com/foaf/0.1/"
+	xmlns:cert="http://www.w3.org/ns/auth/cert#"
+	xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
+	xmlns:ya="http://blogs.yandex.ru/schema/foaf/"
+	xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#"
+	xmlns:dc="http://purl.org/dc/elements/1.1/">
+	<rdf:Description rdf:about="">
+		<rdf:type rdf:resource="http://xmlns.com/foaf/0.1/PersonalProfileDocument"/>
+		<foaf:maker rdf:resource="#me"/>
+		<foaf:primaryTopic rdf:resource="#me"/>
+	</rdf:Description>
+	<foaf:Person rdf:about="#me">
+		<foaf:nick><?php echo $owner->username; ?></foaf:nick>
+		<foaf:name><?php echo $owner->name; ?></foaf:name>
+		<foaf:homepage rdf:resource="<?php echo $owner->getURL(); ?>" />
+		<foaf:mbox_sha1sum><?php echo sha1("mailto:" . $owner->email); ?></foaf:mbox_sha1sum>
+		<foaf:img rdf:resource="<?php echo $vars['url']; ?>pg/icon/<?php echo $owner->username; ?>/large/icon.jpg" />
+		<?php
+			echo $vars['body'];
+		?>
+	</foaf:Person>
+	<?php
+		echo elgg_view('foafssl/profile', array('user'=>$owner));
+	?>
+</rdf:RDF>