aboutsummaryrefslogtreecommitdiff
path: root/mod/foafssl
diff options
context:
space:
mode:
Diffstat (limited to 'mod/foafssl')
-rw-r--r--mod/foafssl/AUTHORS3
-rwxr-xr-xmod/foafssl/COPYING340
-rw-r--r--mod/foafssl/README.txt53
-rw-r--r--mod/foafssl/actions/add.php43
-rw-r--r--mod/foafssl/actions/generate.php53
-rwxr-xr-xmod/foafssl/actions/register.php81
-rw-r--r--mod/foafssl/actions/suck.php56
-rw-r--r--mod/foafssl/add.php24
-rw-r--r--mod/foafssl/authenticationlogin.php71
-rw-r--r--mod/foafssl/cert_proxy.php64
-rw-r--r--mod/foafssl/foafssl.pngbin0 -> 1355 bytes
-rw-r--r--mod/foafssl/generate.php22
-rwxr-xr-xmod/foafssl/languages/en.php25
-rwxr-xr-xmod/foafssl/languages/es.php26
-rw-r--r--mod/foafssl/manage.php27
-rw-r--r--mod/foafssl/manifest.xml9
-rw-r--r--mod/foafssl/start.php83
-rw-r--r--mod/foafssl/views/default/foafssl/loginbox.php4
-rwxr-xr-xmod/foafssl/views/default/foafssl/register.php54
-rw-r--r--mod/foafssl/views/foaf/canvas/layouts/widgets.php2
-rw-r--r--mod/foafssl/views/foaf/foafssl/profile.php16
-rwxr-xr-xmod/foafssl/views/foaf/pageshells/pageshell.php54
22 files changed, 1110 insertions, 0 deletions
diff --git a/mod/foafssl/AUTHORS b/mod/foafssl/AUTHORS
new file mode 100644
index 000000000..d69e4f4ab
--- /dev/null
+++ b/mod/foafssl/AUTHORS
@@ -0,0 +1,3 @@
+Sean Donovan / mrsdonovanca at bitbucket
+Pablo Martin <devel@lorea.cc>
+
diff --git a/mod/foafssl/COPYING b/mod/foafssl/COPYING
new file mode 100755
index 000000000..60549be51
--- /dev/null
+++ b/mod/foafssl/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/mod/foafssl/README.txt b/mod/foafssl/README.txt
new file mode 100644
index 000000000..ee06969d4
--- /dev/null
+++ b/mod/foafssl/README.txt
@@ -0,0 +1,53 @@
+Elgg Foaf-SSL support
+----------------------
+
+Foaf ssl support for elgg. Allows to manage client certificates, link them in the foaf file, and login with a certificate authenticating with foaf-ssl.
+
+ installation:
+ place in mod/ folder as "foafssl"
+
+ expects "lib" and "arc" folders from libAuthentications inside the module folder.
+ (check git://github.com/melvincarvalho/libAuthentication.git)
+ also, you need to configure a database for libAuthentication, you can find the details
+ in the authentication.php file ;)
+
+ apache config:
+ yes, you need some apache config to get this running... basically the following should go
+ in your vhost file (change the location dirs if you have a different root):
+# ---------------
+
+ SSLOptions +ExportCertData +StdEnvVars
+
+ # location to login
+ <Location /pg/foafssl/login>
+ SSLRequireSSL
+ SSLVerifyClient optional_no_ca
+ SSLVerifyDepth 1
+ SSLOptions +ExportCertData +StdEnvVars
+ </Location>
+
+ # location to suck a certificate into a logged in account
+ <Location /action/foafssl/suck>
+ SSLRequireSSL
+ SSLVerifyClient optional_no_ca
+ SSLVerifyDepth 1
+ SSLOptions +ExportCertData +StdEnvVars
+ </Location>
+
+
+# ---------------
+
+ elgg mod:
+ if you want elgg to work with content-type appropriately, you need to apply the following patch to elgglib.php (approximate):
+ http://trac.elgg.org/ticket/2223
+
+------
+
+ code repo:
+ https://rhizomatik@bitbucket.org/rhizomatik/elgg_foafssl
+ license:
+ GPLv2 (see COPYING)
+
+--
+
+devel@lorea.cc
diff --git a/mod/foafssl/actions/add.php b/mod/foafssl/actions/add.php
new file mode 100644
index 000000000..494229aad
--- /dev/null
+++ b/mod/foafssl/actions/add.php
@@ -0,0 +1,43 @@
+<?php
+global $CONFIG;
+$user = get_loggedin_user();
+$name = get_input('name');
+$webid = get_input('webid');
+$modulus = get_input('modulus');
+$exponent = get_input('exponent');
+
+error_log($name);
+error_log($webid);
+error_log($modulus);
+error_log($exponent);
+
+if (isset($_FILES['cert_file'])) {
+ $cert = get_uploaded_file('cert_file');
+ $res = openssl_x509_read($cert);
+ $cert_data = openssl_x509_parse($cert);
+ $pubKey = openssl_pkey_get_public($res);
+ $keyData = openssl_pkey_get_details($pubKey);
+ $webid = $cert_data["extensions"]["subjectAltName"];
+
+ //Remove certificate armour
+ $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+ $modulus = strtoupper($unpacked_n[1]);
+
+ $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+ $exponent = hexdec($unpacked_e[1]);
+ $name = $cert_data["subject"]["CN"];
+ error_log("load file");
+ error_log("webid:".$webid);
+ error_log("exponent".$exponent);
+ error_log("mod".$modulus);
+}
+
+if ($modulus && $exponent && $user && $webid) {
+ $key = elgg_foafssl_createkey($modulus, $exponent, $user, $webid, $name);
+ system_message(elgg_echo("foafssl:addkey"));
+}
+else {
+ register_error(elgg_echo("foafssl:cantadd"));
+}
+forward($CONFIG->wwwroot."pg/foafssl/manage");
+?>
diff --git a/mod/foafssl/actions/generate.php b/mod/foafssl/actions/generate.php
new file mode 100644
index 000000000..e899d3dd0
--- /dev/null
+++ b/mod/foafssl/actions/generate.php
@@ -0,0 +1,53 @@
+<?php
+
+require_once($CONFIG->pluginspath."foafssl/lib/Authentication.php");
+require_once($CONFIG->pluginspath."foafssl/cert_proxy.php");
+
+global $CONFIG;
+
+
+function toBASE64($encodeMe) {
+ // does openssl really need this?
+ $data = base64_encode($encodeMe);
+ $datalb = "";
+ while (strlen($data) > 64) {
+ $datalb .= substr($data, 0, 64) . "\n";
+ $data = substr($data,64);
+ }
+ $datalb .= $data;
+ return $datalb;
+}
+
+
+$user = get_loggedin_user();
+$webid = $user->getURL();
+$name = get_input("name");
+$pubkey = get_input("pubkey");
+
+$cert = request_identity_p12($name, $webid, $pubkey);
+
+if ($cert && $user) {
+ $armored_cert = "-----BEGIN CERTIFICATE-----\n";
+ $armored_cert .= toBase64($cert);
+ $armored_cert .= "\n-----END CERTIFICATE-----\n";
+ $res = openssl_x509_read($armored_cert);
+ $cert_data = openssl_x509_parse($armored_cert);
+ $uid = $cert_data["subject"]["UID"];
+ $altName = $cert_data["extensions"]["subjectAltName"];
+ $pubKey = openssl_pkey_get_public($res);
+ $keyData = openssl_pkey_get_details($pubKey);
+
+ //Remove certificate armour
+ $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+ $modulus = strtoupper($unpacked_n[1]);
+ $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+ $exponent = hexdec($unpacked_e[1]);
+ set_input("name",$cert_data["subject"]["CN"]);
+ set_input("webid",$altName);
+ set_input("modulus",$modulus);
+ set_input("exponent",$exponent);
+ // now really include
+ include($CONFIG->pluginspath."foafssl/actions/add.php");
+}
+
+?>
diff --git a/mod/foafssl/actions/register.php b/mod/foafssl/actions/register.php
new file mode 100755
index 000000000..ff5e495b5
--- /dev/null
+++ b/mod/foafssl/actions/register.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * Elgg registration action
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ */
+
+global $CONFIG;
+error_log("register user foaf!");
+// Get variables
+$username = get_input('username');
+$password = get_input('password');
+$password2 = get_input('password2');
+$email = get_input('email');
+$name = get_input('name');
+$friend_guid = (int) get_input('friend_guid',0);
+$invitecode = get_input('invitecode');
+$exponent = get_input('key_exp');
+$modulus = get_input('key_mod');
+$webid = get_input('key_webid');
+
+if (!($exponent && $modulus && $webid))
+ forward();
+
+$admin = get_input('admin');
+if (is_array($admin)) {
+ $admin = $admin[0];
+}
+
+if (!$CONFIG->disable_registration) {
+// For now, just try and register the user
+ try {
+ $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);
+ if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
+ $new_user = get_entity($guid);
+error_log("register user foaf2!");
+ elgg_set_ignore_access(true);
+ elgg_foafssl_createkey($modulus, $exponent, $new_user, $webid, $name." register cert");
+ elgg_set_ignore_access(false);
+ if (($guid) && ($admin)) {
+ // Only admins can make someone an admin
+ admin_gatekeeper();
+ $new_user->makeAdmin();
+ }
+
+ // Send user validation request on register only
+ global $registering_admin;
+ if (!$registering_admin) {
+ request_user_validation($guid);
+ }
+
+ if (!$new_user->isAdmin()) {
+ // Now disable if not an admin
+ // Don't do a recursive disable. Any entities owned by the user at this point
+ // are products of plugins that hook into create user and might need
+ // access to the entities.
+ $new_user->disable('new_user', false);
+ }
+
+ system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
+
+ // Forward on success, assume everything else is an error...
+ forward();
+ } else {
+ register_error(elgg_echo("registerbad"));
+ }
+ } catch (RegistrationException $r) {
+ register_error($r->getMessage());
+ }
+} else {
+ register_error(elgg_echo('registerdisabled'));
+}
+
+$qs = explode('?',$_SERVER['HTTP_REFERER']);
+$qs = $qs[0];
+$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid;
+
+forward($qs);
diff --git a/mod/foafssl/actions/suck.php b/mod/foafssl/actions/suck.php
new file mode 100644
index 000000000..fd801e2de
--- /dev/null
+++ b/mod/foafssl/actions/suck.php
@@ -0,0 +1,56 @@
+<?php
+
+//require_once("config.php");
+global $CONFIG;
+require_once($CONFIG->pluginspath."foafssl/lib/Authentication.php");
+
+$config = array('db_name'=>'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests');
+if ($_SERVER['SSL_CLIENT_CERT']) {
+ error_log("going to add");
+ $cert = $_SERVER['SSL_CLIENT_CERT'];
+ $res = openssl_x509_read($cert);
+ $cert_data = openssl_x509_parse($cert);
+ $uid = $cert_data["subject"]["UID"];
+ $altName = $cert_data["extensions"]["subjectAltName"];
+ $pubKey = openssl_pkey_get_public($res);
+ $keyData = openssl_pkey_get_details($pubKey);
+
+ //Remove certificate armour
+ $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+ $modulus = strtoupper($unpacked_n[1]);
+ $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+ $exponent = hexdec($unpacked_e[1]);
+ set_input("name",$cert_data["subject"]["CN"]);
+ set_input("webid",$altName);
+ set_input("modulus",$modulus);
+ set_input("exponent",$exponent);
+ include($CONFIG->pluginspath."foafssl/actions/add.php");
+}
+
+
+/*
+$auth = new Authentication_FoafSSLARC($config);
+//$auth = new Authentication_AgentARC($config, $webId);
+//var_dump($auth);
+//if ($auth->agentId !== $auth->agentURI) {
+if ($auth->isAuthenticated()) {
+ //print "Hello : $auth->webid<br/>";
+ $base_url = $CONFIG->wwwroot."pg/profile/";
+ if (strpos($auth->webid, $base_url) == 0) {
+ $root_len = strlen($base_url);
+ $username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-strlen("?view=foaf"));
+ $user = get_user_by_username($username);
+ login($user, true);
+ system_message(elgg_echo("you logged in successfully with your certificate!"));
+ forward();
+
+ }
+}
+else {
+ print "Sorry you are not logged in<br/>";
+ print $auth->authnDiagnostic;
+}
+*/
+//$auth->logout();
+
+?>
diff --git a/mod/foafssl/add.php b/mod/foafssl/add.php
new file mode 100644
index 000000000..b06bc4218
--- /dev/null
+++ b/mod/foafssl/add.php
@@ -0,0 +1,24 @@
+<?php
+set_context("settings");
+global $CONFIG;
+$form_body = elgg_echo('foafssl:name');
+$form_body .= elgg_view('input/text',array('internalname' => 'name'));
+/*$form_body .= elgg_echo('foafssl:modulus');
+$form_body .= elgg_view('input/text',array('internalname' => 'modulus'));
+$form_body .= elgg_echo('foafssl:exponent');
+$form_body .= elgg_view('input/text',array('internalname' => 'exponent'));*/
+$form_body .= elgg_view("input/file", array(
+ 'internalname' => 'cert_file')).'</p><br>';
+$form_body .= elgg_view('input/submit', array('value'=>'submit'));
+$objects = elgg_view('input/form',array('body' => $form_body, 'action' => $CONFIG->wwwroot . 'action/foafssl/add', 'method' => 'post'));
+
+$body = elgg_view_title($title);
+$body .= $objects;
+
+$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3);
+
+// Finally draw the page
+page_draw($title, $body);
+
+
+?>
diff --git a/mod/foafssl/authenticationlogin.php b/mod/foafssl/authenticationlogin.php
new file mode 100644
index 000000000..556fbe3b0
--- /dev/null
+++ b/mod/foafssl/authenticationlogin.php
@@ -0,0 +1,71 @@
+<?php
+
+//require_once("config.php");
+global $CONFIG;
+require_once("lib/Authentication.php");
+
+$config = array('db_name'=>'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests');
+
+$auth = new Authentication_FoafSSLARC($config);
+if ($auth->isAuthenticated()) {
+ $base_url = $CONFIG->wwwroot."pg/profile/";
+ if (strpos($auth->webid, $base_url) === 0) {
+ // local
+ $root_len = strlen($base_url);
+ $trim = 0;
+ if (!strpos($auth->webid, "?view=foaf") === false) {
+ $trim = strlen("?view=foaf");
+ }
+ $username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-$trim);
+ $user = get_user_by_username($username);
+ }
+ else {
+ // remote
+ $options = array('metadata_name' => 'webid',
+ 'metadata_value' => "URI:".$auth->webid,
+ 'owner_guid' => ELGG_ENTITIES_ANY_VALUE,
+ 'types' => 'object',
+ 'subtypes' => 'sslkey');
+ $certs = elgg_get_entities_from_metadata($options);
+ if ($certs) {
+ $user = $certs[0]->getOwnerEntity();
+ }
+ else {
+ // maybe you already exist here?
+ $options = array('metadata_name' => 'webid',
+ 'metadata_value' => $auth->webid,
+ 'owner_guid' => ELGG_ENTITIES_ANY_VALUE,
+ 'types'=>'user');
+ $remote_users = elgg_get_entities_from_metadata($options);
+ //if ($remote_users) {
+ if (false) {
+ $user = $remote_users[0];
+ $user->foreign = false; // not foreign any more
+ }
+ else {
+ // maybe you want to create an account here
+ $register = true;
+ set_input("u", $username);
+ set_input("n", $username);
+ $mod = $auth->certModulus;
+ $exp = $auth->certExponent;
+ $body = elgg_view("foafssl/register", array('exp'=>$exp, 'mod'=>$mod, 'webid' => "URI:".$auth->webid));
+ echo page_draw(elgg_echo('register'), $body);
+ }
+ }
+ }
+}
+// now login if we found a user
+if ($user) {
+ login($user, true);
+ system_message(elgg_echo("foafssl:loggedin"));
+ forward();
+}
+elseif (!$register) {
+ register_error(elgg_echo('foafssl:cantlogin').":".$auth->authnDiagnostic);
+ forward();
+}
+
+// logout the cert session since we dont need it
+
+?>
diff --git a/mod/foafssl/cert_proxy.php b/mod/foafssl/cert_proxy.php
new file mode 100644
index 000000000..5dc4f8b67
--- /dev/null
+++ b/mod/foafssl/cert_proxy.php
@@ -0,0 +1,64 @@
+<?php
+
+//-----------------------------------------------------------------------------------------------------------------------------------
+//
+// Filename : cert.php
+// Version : 1.0
+// Date : 3rd Jan 2009
+//
+// Decription : This script creates an PKCS12 encoded SSL Certificate which is file transfered to the script caller.
+//
+// Usage : cert.php?foaf=http://foaf.me/jsmith&
+// commonName=J Smith&
+// emailAddress=jsmith@example.com&
+// organizationName=My Company Ltd&
+// organizationalUnitName=Technology Division&
+// localityName=Newbury&
+// stateOrProvinceName=Berkshire&
+// countryName=GB&
+// password=secret
+//
+// All parameters except 'foaf' are optional. Some parameters if missing will default as per openssl.cnf
+//
+// See Also : Using PHP to create self-signed X.509 Client Certificates
+// http://foaf.me/Using_PHP_to_create_X.509_Client_Certificates.php
+//
+//-----------------------------------------------------------------------------------------------------------------------------------
+
+// Check if the foaf loaction is specified in the script call
+
+function request_identity_p12($commonName, $webid, $pubkey, $hours=0.0, $days=0.0) {
+ $post_fields = array();
+ $post_fields['webid'] = $webid;
+ $post_fields['spkac'] = $pubkey;
+ $post_fields['hours'] = $hours;
+ $post_fields['days'] = $days;
+ $post_fields['keygensubmit'] = "submit certificate request";
+ $post_fields['cn'] = $commonName;
+ $ch = curl_init('http://webid.myxwiki.org/xwiki/bin/view/WebId/CreateCert');
+ curl_setopt($ch, CURLOPT_POST ,1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS ,$post_fields);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1);
+ curl_setopt($ch, CURLOPT_HEADER ,0); // DO NOT RETURN HTTP HEADERS
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1); // RETURN THE CONTENTS OF THE CALL
+ // should check the error code and warn if something goes wrong
+ $Rec_Data = curl_exec($ch);
+ header('Last-Modified: '.date('r+b'));
+ header('Accept-Ranges: bytes');
+ header('Content-Length: '.strlen($Rec_Data));
+ header('Content-Type: application/x-x509-user-cert');
+ echo $Rec_Data;
+ return $Rec_Data;
+
+}
+
+/*// Create a PKCS12 encoded SSL certificate
+if ( $p12 = request_identity_p12(
+ $countryName, $stateOrProvinceName, $localityName, $organizationName, $organizationalUnitName, $commonName, $emailAddress,
+ $foafLocation, $pubkey ) )
+{
+ // Send the PKCS12 encoded SSL certificate to the script caller as a file transfer
+ download_identity_p12($p12, $foafLocation);
+}*/
+
+?>
diff --git a/mod/foafssl/foafssl.png b/mod/foafssl/foafssl.png
new file mode 100644
index 000000000..17fa6da59
--- /dev/null
+++ b/mod/foafssl/foafssl.png
Binary files differ
diff --git a/mod/foafssl/generate.php b/mod/foafssl/generate.php
new file mode 100644
index 000000000..1e86a7070
--- /dev/null
+++ b/mod/foafssl/generate.php
@@ -0,0 +1,22 @@
+<?php
+set_context("settings");
+global $CONFIG;
+$form_body = "<p>".elgg_echo('foafssl:generate:description')."</p>";
+$form_body .= elgg_echo('foafssl:name').":";
+$form_body .= elgg_view('input/text',array('internalname' => 'name'));
+$form_body .= '<keygen name="pubkey" challenge="TheChallenge1" style="display:none">';
+$form_body .= elgg_view('input/submit', array('value'=>elgg_echo('foafssl:generate')));
+$objects = elgg_view('input/form',array('body' => $form_body, 'action' => $CONFIG->wwwroot . 'action/foafssl/generate', 'method' => 'post'));
+
+
+$title = elgg_echo('foafssl:generatecert');
+$body = elgg_view_title($title);
+$body .= $objects;
+$body .= "<a href='".$CONFIG->wwwroot."pg/foafssl/manage"."'>".elgg_echo('foafssl:return')."</a>";
+
+$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3);
+
+// Finally draw the page
+echo page_draw($title, $body);
+
+?>
diff --git a/mod/foafssl/languages/en.php b/mod/foafssl/languages/en.php
new file mode 100755
index 000000000..13141fd41
--- /dev/null
+++ b/mod/foafssl/languages/en.php
@@ -0,0 +1,25 @@
+<?php
+
+ $english = array(
+ "foafssl:manage" => "Manage ssl certificates",
+ "foafssl:suck" => "Suck an identity",
+ "foafssl:addforeign" => "Import a certificate",
+ "foafssl:generate" => "Generate",
+ "foafssl:generatecert" => "Generate a certificate",
+ "foafssl:your" => "Your ssl certificates",
+ "foafssl:name" => "Name",
+ "foafssl:generate:description" => "Write a name for your certificate (it should describe your identity on this network) and click on generate.",
+ "foafssl:return" => "After generating the certificate return to the manage page",
+ "foafssl:modulus" => "Modulus",
+ "foafssl:exponent" => "Exponent",
+ "foafssl:loggedin" => "You logged in successfully with your certificate!",
+ "foafssl:cantlogin" => "Couldnt login with the certificate",
+ "foafssl:addkey" => "Your new key has been added",
+ "foafssl:cantadd" => "Couldnt add the certificate, check that it is a correct foaf ssl certificate",
+ "foafssl:login" => "Foaf-ssl Login",
+ "foafssl:explain" => "You can generate your certificate for this network by using the generate button, also you can import from a file, or suck one you have installed on your browser.",
+ );
+
+ add_translation("en",$english);
+
+?>
diff --git a/mod/foafssl/languages/es.php b/mod/foafssl/languages/es.php
new file mode 100755
index 000000000..fbe170595
--- /dev/null
+++ b/mod/foafssl/languages/es.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Elgg spotlight lorea
+ *
+ * @package
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author lorea
+ * @copyright lorea
+ * @link http://lorea.cc
+ */
+
+ $spanish = array(
+ "foafssl:manage" => "Gestionar certificados ssl",
+ "foafssl:addforeign" => "Importar un certificado",
+ "foafssl:generate" => "Generar",
+ "foafssl:your" => "Tus certificados ssl",
+ "foafssl:name" => "Nombre",
+ "foafssl:modulus" => "Modulo",
+ "foafssl:exponent" => "Exponente",
+ "foafssl:loggedin" => "Has entrado a la red con tu certificado",
+ "foafssl:cantlogin" => "No se ha podido validar tu certificado",
+ );
+
+ add_translation("es",$spanish);
+
+?>
diff --git a/mod/foafssl/manage.php b/mod/foafssl/manage.php
new file mode 100644
index 000000000..4a38c7342
--- /dev/null
+++ b/mod/foafssl/manage.php
@@ -0,0 +1,27 @@
+<?php
+gatekeeper();
+global $CONFIG;
+set_context("settings");
+$user = get_loggedin_user();
+
+$title = elgg_echo("foafssl:your");
+$options = array('types'=>'object','subtypes'=>'sslkey','owner_guid'=>$user->getGUID(),'full_view'=>false);
+$objects = elgg_list_entities($options);
+
+$body = elgg_view_title($title);
+$body .= "<div class='contentWrapper'>";
+$body .= sprintf(elgg_echo("foafssl:explain"), $user->getURL()."?view=foaf")."<br/><br/>";
+$body .= "<a class='add_topic_button' href='".$CONFIG->wwwroot."pg/foafssl/add'>".elgg_echo('foafssl:addforeign')."</a> ";
+$body .= "<a class='add_topic_button' href='".$CONFIG->wwwroot."pg/foafssl/generate'>".elgg_echo('foafssl:generate')."</a> ";
+$body .= "<a class='add_topic_button' href='".elgg_add_action_tokens_to_url($CONFIG->wwwroot."action/foafssl/suck")."'>".elgg_echo('foafssl:suck')."</a><br/>";
+$body .= "</div>";
+
+//$body .= elgg_view("pages/welcome", array('entity' => $welcome_message));
+$body .= $objects;
+
+$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3);
+
+// Finally draw the page
+page_draw($title, $body);
+
+?>
diff --git a/mod/foafssl/manifest.xml b/mod/foafssl/manifest.xml
new file mode 100644
index 000000000..5cb3b9afa
--- /dev/null
+++ b/mod/foafssl/manifest.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<plugin_manifest>
+ <field key="author" value="Pablo Martin" />
+ <field key="version" value="0.5" />
+ <field key="license" value="GPLv2" />
+ <field key="description" value="Brings the power of foaf ssl to elgg" />
+ <field key="copyright" value="(c) Pablo Martin 2010" />
+ <field key="website" value="http://bitbucket.org/rhizomatik/elgg_foafssl" />
+</plugin_manifest>
diff --git a/mod/foafssl/start.php b/mod/foafssl/start.php
new file mode 100644
index 000000000..a9e20c77f
--- /dev/null
+++ b/mod/foafssl/start.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Elgg powered plugin
+ *
+ * @package
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author lorea
+ * @copyright lorea
+ * @link http://lorea.cc
+ */
+
+ function elgg_foafssl_createkey($modulus, $exponent, $user, $webid, $name) {
+ error_log("create foaf ssl key:".$modulus.":".$exponent);
+ $user_guid = $user->getGUID();
+ $key = new ElggObject();
+ $key->name = $name;
+ $key->title = $name;
+ $key->subtype = 'sslkey';
+ $key->owner_guid = $user_guid;
+ $key->container_guid = $user_guid;
+ $key->access_id = ACCESS_PUBLIC;
+ $key->save();
+ $key->webid = $webid;
+ $key->modulus = $modulus;
+ $key->exponent = $exponent;
+ return $key;
+ }
+
+
+ function foafssl_page_handler($page) {
+ global $CONFIG;
+ switch ($page[0]) {
+ case 'manage':
+ include($CONFIG->pluginspath.'foafssl/manage.php');
+ break;
+ case 'add':
+ include($CONFIG->pluginspath.'foafssl/add.php');
+ break;
+ case 'generate':
+ include($CONFIG->pluginspath.'foafssl/generate.php');
+ break;
+ case 'login':
+ include($CONFIG->pluginspath.'foafssl/authenticationlogin.php');
+ break;
+ }
+ }
+
+ function foafssl_pagesetup() {
+ global $CONFIG;
+ if (get_context() == 'settings') {
+ add_submenu_item(elgg_echo('foafssl:manage'), $CONFIG->wwwroot . "pg/foafssl/manage");
+ }
+ }
+
+
+ function foafssl_init(){
+ global $CONFIG;
+ register_action("foafssl/add",false, $CONFIG->pluginspath . "foafssl/actions/add.php");
+ register_action("foafssl/generate",false, $CONFIG->pluginspath . "foafssl/actions/generate.php");
+ register_action("foafssl/suck",false, $CONFIG->pluginspath . "foafssl/actions/suck.php");
+ register_action("foafssl/delete",false, $CONFIG->pluginspath . "foafssl/actions/delete.php");
+ register_action('entities/delete');
+ register_page_handler('foafssl','foafssl_page_handler');
+ register_elgg_event_handler('pagesetup','system','foafssl_pagesetup');
+ elgg_extend_view("account/forms/login", "foafssl/loginbox");
+ register_action("foafssl/register",true, $CONFIG->pluginspath . "foafssl/actions/register.php");
+
+
+ //elgg_extend_view("canvas/layouts/widgets", "foafssl/profile");
+ /*
+ register_action("microthemes/clear",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/clear.php");
+ register_action("microthemes/edit",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/edit.php");
+ register_action("microthemes/choose",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/choose.php");
+ register_plugin_hook('entity:icon:url', 'object', 'microthemes_tasksicon_hook');
+ register_elgg_event_handler('pagesetup','system','microthemes_pagesetup');
+
+ elgg_extend_view("metatags", "microthemes/metatags");
+ //elgg_extend_view('profile/menu/linksownpage','microthemes/profilemenu');*/
+ }
+
+register_elgg_event_handler('init','system','foafssl_init');
+
+?>
diff --git a/mod/foafssl/views/default/foafssl/loginbox.php b/mod/foafssl/views/default/foafssl/loginbox.php
new file mode 100644
index 000000000..732074d9f
--- /dev/null
+++ b/mod/foafssl/views/default/foafssl/loginbox.php
@@ -0,0 +1,4 @@
+<?php
+ $loginurl = $vars['url']."pg/foafssl/login";
+ echo " <a href='".$loginurl."'>".elgg_echo("foafssl:login")." <img src='".$vars['url']."mod/foafssl/foafssl.png"."' /></a>";
+?>
diff --git a/mod/foafssl/views/default/foafssl/register.php b/mod/foafssl/views/default/foafssl/register.php
new file mode 100755
index 000000000..4681db9c5
--- /dev/null
+++ b/mod/foafssl/views/default/foafssl/register.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * Elgg register form
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ */
+
+$username = get_input('u');
+$email = get_input('e');
+$name = get_input('n');
+
+$admin_option = false;
+$loggedin_user = get_loggedin_user();
+
+if ($loggedin_user && $loggedin_user->isAdmin() && isset($vars['show_admin'])) {
+ $admin_option = true;
+}
+
+$form_body = "<p><label>" . elgg_echo('name') . "<br />" . elgg_view('input/text' , array('internalname' => 'name', 'class' => "general-textarea", 'value' => $name)) . "</label><br />";
+
+$form_body .= "<label>" . elgg_echo('email') . "<br />" . elgg_view('input/text' , array('internalname' => 'email', 'class' => "general-textarea", 'value' => $email)) . "</label><br />";
+$form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea", 'value' => $username)) . "</label><br />";
+$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password' , array('internalname' => 'password', 'class' => "general-textarea")) . "</label><br />";
+$form_body .= "<label>" . elgg_echo('passwordagain') . "<br />" . elgg_view('input/password' , array('internalname' => 'password2', 'class' => "general-textarea")) . "</label><br />";
+
+// view to extend to add more fields to the registration form
+$form_body .= elgg_view('register/extend');
+
+// Add captcha hook
+$form_body .= elgg_view('input/captcha');
+
+if ($admin_option) {
+ $form_body .= elgg_view('input/checkboxes', array('internalname' => "admin", 'options' => array(elgg_echo('admin_option'))));
+}
+
+$form_body .= elgg_view('input/hidden', array('internalname' => 'key_mod', 'value' => $vars['mod']));
+//$form_body .= $vars['mod'];
+$form_body .= elgg_view('input/hidden', array('internalname' => 'key_exp', 'value' => $vars['exp']));
+$form_body .= elgg_view('input/hidden', array('internalname' => 'key_webid', 'value' => $vars['webid']));
+//$form_body .= $vars['webid'];
+
+$form_body .= elgg_view('input/hidden', array('internalname' => 'friend_guid', 'value' => $vars['friend_guid']));
+$form_body .= elgg_view('input/hidden', array('internalname' => 'invitecode', 'value' => $vars['invitecode']));
+//$form_body .= elgg_view('input/hidden', array('internalname' => 'action', 'value' => 'register'));
+$form_body .= elgg_view('input/submit', array('internalname' => 'submit', 'value' => elgg_echo('register'))) . "</p>";
+?>
+
+<div id="register-box">
+<h2><?php echo elgg_echo('register'); ?></h2>
+<?php echo elgg_view('input/form', array('action' => "{$vars['url']}action/foafssl/register", 'body' => $form_body, 'method'=>'post')) ?>
+</div>
diff --git a/mod/foafssl/views/foaf/canvas/layouts/widgets.php b/mod/foafssl/views/foaf/canvas/layouts/widgets.php
new file mode 100644
index 000000000..acb6c3546
--- /dev/null
+++ b/mod/foafssl/views/foaf/canvas/layouts/widgets.php
@@ -0,0 +1,2 @@
+<?php
+?>
diff --git a/mod/foafssl/views/foaf/foafssl/profile.php b/mod/foafssl/views/foaf/foafssl/profile.php
new file mode 100644
index 000000000..b11708a32
--- /dev/null
+++ b/mod/foafssl/views/foaf/foafssl/profile.php
@@ -0,0 +1,16 @@
+<?php
+$user = $vars['user'];
+if ($user) {
+ $options = array('types'=>'object','subtypes'=>'sslkey','owner_guid'=>$user->getGUID());
+ $userkeys = elgg_get_entities($options);
+ foreach($userkeys as $key) {
+?>
+<rsa:RSAPublicKey>
+ <cert:identity rdf:resource="#me"/>
+ <rsa:public_exponent cert:decimal="<?php echo $key->exponent; ?>"/>
+ <rsa:modulus cert:hex="<?php echo $key->modulus; ?>"/>
+</rsa:RSAPublicKey>
+<?php
+ }
+}
+?>
diff --git a/mod/foafssl/views/foaf/pageshells/pageshell.php b/mod/foafssl/views/foaf/pageshells/pageshell.php
new file mode 100755
index 000000000..909c9aa58
--- /dev/null
+++ b/mod/foafssl/views/foaf/pageshells/pageshell.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * Elgg XML output pageshell
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ *
+ */
+
+header("Content-Type: application/rdf+xml");
+// echo $vars['body'];
+
+echo "<?xml version='1.0'?>\n";
+
+if (!$owner = page_owner_entity()) {
+ if (!isloggedin()) {
+ exit;
+ } else {
+ $owner = $vars['user'];
+ }
+}
+
+?>
+<rdf:RDF
+ xml:lang="en"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
+ xmlns:foaf="http://xmlns.com/foaf/0.1/"
+ xmlns:cert="http://www.w3.org/ns/auth/cert#"
+ xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
+ xmlns:ya="http://blogs.yandex.ru/schema/foaf/"
+ xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#"
+ xmlns:dc="http://purl.org/dc/elements/1.1/">
+ <rdf:Description rdf:about="">
+ <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/PersonalProfileDocument"/>
+ <foaf:maker rdf:resource="#me"/>
+ <foaf:primaryTopic rdf:resource="#me"/>
+ </rdf:Description>
+ <foaf:Person rdf:about="#me">
+ <foaf:nick><?php echo $owner->username; ?></foaf:nick>
+ <foaf:name><?php echo $owner->name; ?></foaf:name>
+ <foaf:homepage rdf:resource="<?php echo $owner->getURL(); ?>" />
+ <foaf:mbox_sha1sum><?php echo sha1("mailto:" . $owner->email); ?></foaf:mbox_sha1sum>
+ <foaf:img rdf:resource="<?php echo $vars['url']; ?>pg/icon/<?php echo $owner->username; ?>/large/icon.jpg" />
+ <?php
+ echo $vars['body'];
+ ?>
+ </foaf:Person>
+ <?php
+ echo elgg_view('foafssl/profile', array('user'=>$owner));
+ ?>
+</rdf:RDF>