From 4fb376687dc1546f51e637cae1478582309f85f0 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 15 Mar 2014 15:09:48 -0300 Subject: Squashed 'mod/foafssl/' content from commit 3c1da1e git-subtree-dir: mod/foafssl git-subtree-split: 3c1da1eaff8f61049b45ad99528f8f4e09ac7e62 --- AUTHORS | 3 + COPYING | 340 ++++++++++++++++++++++++++++++++++ README.txt | 53 ++++++ actions/add.php | 43 +++++ actions/generate.php | 53 ++++++ actions/register.php | 81 ++++++++ actions/suck.php | 56 ++++++ add.php | 24 +++ authenticationlogin.php | 71 +++++++ cert_proxy.php | 64 +++++++ foafssl.png | Bin 0 -> 1355 bytes generate.php | 22 +++ languages/en.php | 25 +++ languages/es.php | 26 +++ manage.php | 27 +++ manifest.xml | 9 + start.php | 83 +++++++++ views/default/foafssl/loginbox.php | 4 + views/default/foafssl/register.php | 54 ++++++ views/foaf/canvas/layouts/widgets.php | 2 + views/foaf/foafssl/profile.php | 16 ++ views/foaf/pageshells/pageshell.php | 54 ++++++ 22 files changed, 1110 insertions(+) create mode 100644 AUTHORS create mode 100755 COPYING create mode 100644 README.txt create mode 100644 actions/add.php create mode 100644 actions/generate.php create mode 100755 actions/register.php create mode 100644 actions/suck.php create mode 100644 add.php create mode 100644 authenticationlogin.php create mode 100644 cert_proxy.php create mode 100644 foafssl.png create mode 100644 generate.php create mode 100755 languages/en.php create mode 100755 languages/es.php create mode 100644 manage.php create mode 100644 manifest.xml create mode 100644 start.php create mode 100644 views/default/foafssl/loginbox.php create mode 100755 views/default/foafssl/register.php create mode 100644 views/foaf/canvas/layouts/widgets.php create mode 100644 views/foaf/foafssl/profile.php create mode 100755 views/foaf/pageshells/pageshell.php diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 000000000..d69e4f4ab --- /dev/null +++ b/AUTHORS @@ -0,0 +1,3 @@ +Sean Donovan / mrsdonovanca at bitbucket +Pablo Martin + diff --git a/COPYING b/COPYING new file mode 100755 index 000000000..60549be51 --- /dev/null +++ b/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/README.txt b/README.txt new file mode 100644 index 000000000..ee06969d4 --- /dev/null +++ b/README.txt @@ -0,0 +1,53 @@ +Elgg Foaf-SSL support +---------------------- + +Foaf ssl support for elgg. Allows to manage client certificates, link them in the foaf file, and login with a certificate authenticating with foaf-ssl. + + installation: + place in mod/ folder as "foafssl" + + expects "lib" and "arc" folders from libAuthentications inside the module folder. + (check git://github.com/melvincarvalho/libAuthentication.git) + also, you need to configure a database for libAuthentication, you can find the details + in the authentication.php file ;) + + apache config: + yes, you need some apache config to get this running... basically the following should go + in your vhost file (change the location dirs if you have a different root): +# --------------- + + SSLOptions +ExportCertData +StdEnvVars + + # location to login + + SSLRequireSSL + SSLVerifyClient optional_no_ca + SSLVerifyDepth 1 + SSLOptions +ExportCertData +StdEnvVars + + + # location to suck a certificate into a logged in account + + SSLRequireSSL + SSLVerifyClient optional_no_ca + SSLVerifyDepth 1 + SSLOptions +ExportCertData +StdEnvVars + + + +# --------------- + + elgg mod: + if you want elgg to work with content-type appropriately, you need to apply the following patch to elgglib.php (approximate): + http://trac.elgg.org/ticket/2223 + +------ + + code repo: + https://rhizomatik@bitbucket.org/rhizomatik/elgg_foafssl + license: + GPLv2 (see COPYING) + +-- + +devel@lorea.cc diff --git a/actions/add.php b/actions/add.php new file mode 100644 index 000000000..494229aad --- /dev/null +++ b/actions/add.php @@ -0,0 +1,43 @@ +wwwroot."pg/foafssl/manage"); +?> diff --git a/actions/generate.php b/actions/generate.php new file mode 100644 index 000000000..e899d3dd0 --- /dev/null +++ b/actions/generate.php @@ -0,0 +1,53 @@ +pluginspath."foafssl/lib/Authentication.php"); +require_once($CONFIG->pluginspath."foafssl/cert_proxy.php"); + +global $CONFIG; + + +function toBASE64($encodeMe) { + // does openssl really need this? + $data = base64_encode($encodeMe); + $datalb = ""; + while (strlen($data) > 64) { + $datalb .= substr($data, 0, 64) . "\n"; + $data = substr($data,64); + } + $datalb .= $data; + return $datalb; +} + + +$user = get_loggedin_user(); +$webid = $user->getURL(); +$name = get_input("name"); +$pubkey = get_input("pubkey"); + +$cert = request_identity_p12($name, $webid, $pubkey); + +if ($cert && $user) { + $armored_cert = "-----BEGIN CERTIFICATE-----\n"; + $armored_cert .= toBase64($cert); + $armored_cert .= "\n-----END CERTIFICATE-----\n"; + $res = openssl_x509_read($armored_cert); + $cert_data = openssl_x509_parse($armored_cert); + $uid = $cert_data["subject"]["UID"]; + $altName = $cert_data["extensions"]["subjectAltName"]; + $pubKey = openssl_pkey_get_public($res); + $keyData = openssl_pkey_get_details($pubKey); + + //Remove certificate armour + $unpacked_n = unpack("H*",$keyData['rsa']['n']); + $modulus = strtoupper($unpacked_n[1]); + $unpacked_e = unpack("H*",$keyData['rsa']['e']); + $exponent = hexdec($unpacked_e[1]); + set_input("name",$cert_data["subject"]["CN"]); + set_input("webid",$altName); + set_input("modulus",$modulus); + set_input("exponent",$exponent); + // now really include + include($CONFIG->pluginspath."foafssl/actions/add.php"); +} + +?> diff --git a/actions/register.php b/actions/register.php new file mode 100755 index 000000000..ff5e495b5 --- /dev/null +++ b/actions/register.php @@ -0,0 +1,81 @@ +disable_registration) { +// For now, just try and register the user + try { + $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode); + if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) { + $new_user = get_entity($guid); +error_log("register user foaf2!"); + elgg_set_ignore_access(true); + elgg_foafssl_createkey($modulus, $exponent, $new_user, $webid, $name." register cert"); + elgg_set_ignore_access(false); + if (($guid) && ($admin)) { + // Only admins can make someone an admin + admin_gatekeeper(); + $new_user->makeAdmin(); + } + + // Send user validation request on register only + global $registering_admin; + if (!$registering_admin) { + request_user_validation($guid); + } + + if (!$new_user->isAdmin()) { + // Now disable if not an admin + // Don't do a recursive disable. Any entities owned by the user at this point + // are products of plugins that hook into create user and might need + // access to the entities. + $new_user->disable('new_user', false); + } + + system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); + + // Forward on success, assume everything else is an error... + forward(); + } else { + register_error(elgg_echo("registerbad")); + } + } catch (RegistrationException $r) { + register_error($r->getMessage()); + } +} else { + register_error(elgg_echo('registerdisabled')); +} + +$qs = explode('?',$_SERVER['HTTP_REFERER']); +$qs = $qs[0]; +$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid; + +forward($qs); diff --git a/actions/suck.php b/actions/suck.php new file mode 100644 index 000000000..fd801e2de --- /dev/null +++ b/actions/suck.php @@ -0,0 +1,56 @@ +pluginspath."foafssl/lib/Authentication.php"); + +$config = array('db_name'=>'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests'); +if ($_SERVER['SSL_CLIENT_CERT']) { + error_log("going to add"); + $cert = $_SERVER['SSL_CLIENT_CERT']; + $res = openssl_x509_read($cert); + $cert_data = openssl_x509_parse($cert); + $uid = $cert_data["subject"]["UID"]; + $altName = $cert_data["extensions"]["subjectAltName"]; + $pubKey = openssl_pkey_get_public($res); + $keyData = openssl_pkey_get_details($pubKey); + + //Remove certificate armour + $unpacked_n = unpack("H*",$keyData['rsa']['n']); + $modulus = strtoupper($unpacked_n[1]); + $unpacked_e = unpack("H*",$keyData['rsa']['e']); + $exponent = hexdec($unpacked_e[1]); + set_input("name",$cert_data["subject"]["CN"]); + set_input("webid",$altName); + set_input("modulus",$modulus); + set_input("exponent",$exponent); + include($CONFIG->pluginspath."foafssl/actions/add.php"); +} + + +/* +$auth = new Authentication_FoafSSLARC($config); +//$auth = new Authentication_AgentARC($config, $webId); +//var_dump($auth); +//if ($auth->agentId !== $auth->agentURI) { +if ($auth->isAuthenticated()) { + //print "Hello : $auth->webid
"; + $base_url = $CONFIG->wwwroot."pg/profile/"; + if (strpos($auth->webid, $base_url) == 0) { + $root_len = strlen($base_url); + $username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-strlen("?view=foaf")); + $user = get_user_by_username($username); + login($user, true); + system_message(elgg_echo("you logged in successfully with your certificate!")); + forward(); + + } +} +else { + print "Sorry you are not logged in
"; + print $auth->authnDiagnostic; +} +*/ +//$auth->logout(); + +?> diff --git a/add.php b/add.php new file mode 100644 index 000000000..b06bc4218 --- /dev/null +++ b/add.php @@ -0,0 +1,24 @@ + 'name')); +/*$form_body .= elgg_echo('foafssl:modulus'); +$form_body .= elgg_view('input/text',array('internalname' => 'modulus')); +$form_body .= elgg_echo('foafssl:exponent'); +$form_body .= elgg_view('input/text',array('internalname' => 'exponent'));*/ +$form_body .= elgg_view("input/file", array( + 'internalname' => 'cert_file')).'


'; +$form_body .= elgg_view('input/submit', array('value'=>'submit')); +$objects = elgg_view('input/form',array('body' => $form_body, 'action' => $CONFIG->wwwroot . 'action/foafssl/add', 'method' => 'post')); + +$body = elgg_view_title($title); +$body .= $objects; + +$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3); + +// Finally draw the page +page_draw($title, $body); + + +?> diff --git a/authenticationlogin.php b/authenticationlogin.php new file mode 100644 index 000000000..556fbe3b0 --- /dev/null +++ b/authenticationlogin.php @@ -0,0 +1,71 @@ +'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests'); + +$auth = new Authentication_FoafSSLARC($config); +if ($auth->isAuthenticated()) { + $base_url = $CONFIG->wwwroot."pg/profile/"; + if (strpos($auth->webid, $base_url) === 0) { + // local + $root_len = strlen($base_url); + $trim = 0; + if (!strpos($auth->webid, "?view=foaf") === false) { + $trim = strlen("?view=foaf"); + } + $username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-$trim); + $user = get_user_by_username($username); + } + else { + // remote + $options = array('metadata_name' => 'webid', + 'metadata_value' => "URI:".$auth->webid, + 'owner_guid' => ELGG_ENTITIES_ANY_VALUE, + 'types' => 'object', + 'subtypes' => 'sslkey'); + $certs = elgg_get_entities_from_metadata($options); + if ($certs) { + $user = $certs[0]->getOwnerEntity(); + } + else { + // maybe you already exist here? + $options = array('metadata_name' => 'webid', + 'metadata_value' => $auth->webid, + 'owner_guid' => ELGG_ENTITIES_ANY_VALUE, + 'types'=>'user'); + $remote_users = elgg_get_entities_from_metadata($options); + //if ($remote_users) { + if (false) { + $user = $remote_users[0]; + $user->foreign = false; // not foreign any more + } + else { + // maybe you want to create an account here + $register = true; + set_input("u", $username); + set_input("n", $username); + $mod = $auth->certModulus; + $exp = $auth->certExponent; + $body = elgg_view("foafssl/register", array('exp'=>$exp, 'mod'=>$mod, 'webid' => "URI:".$auth->webid)); + echo page_draw(elgg_echo('register'), $body); + } + } + } +} +// now login if we found a user +if ($user) { + login($user, true); + system_message(elgg_echo("foafssl:loggedin")); + forward(); +} +elseif (!$register) { + register_error(elgg_echo('foafssl:cantlogin').":".$auth->authnDiagnostic); + forward(); +} + +// logout the cert session since we dont need it + +?> diff --git a/cert_proxy.php b/cert_proxy.php new file mode 100644 index 000000000..5dc4f8b67 --- /dev/null +++ b/cert_proxy.php @@ -0,0 +1,64 @@ + diff --git a/foafssl.png b/foafssl.png new file mode 100644 index 000000000..17fa6da59 Binary files /dev/null and b/foafssl.png differ diff --git a/generate.php b/generate.php new file mode 100644 index 000000000..1e86a7070 --- /dev/null +++ b/generate.php @@ -0,0 +1,22 @@ +".elgg_echo('foafssl:generate:description')."

"; +$form_body .= elgg_echo('foafssl:name').":"; +$form_body .= elgg_view('input/text',array('internalname' => 'name')); +$form_body .= ''; +$form_body .= elgg_view('input/submit', array('value'=>elgg_echo('foafssl:generate'))); +$objects = elgg_view('input/form',array('body' => $form_body, 'action' => $CONFIG->wwwroot . 'action/foafssl/generate', 'method' => 'post')); + + +$title = elgg_echo('foafssl:generatecert'); +$body = elgg_view_title($title); +$body .= $objects; +$body .= "".elgg_echo('foafssl:return').""; + +$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3); + +// Finally draw the page +echo page_draw($title, $body); + +?> diff --git a/languages/en.php b/languages/en.php new file mode 100755 index 000000000..13141fd41 --- /dev/null +++ b/languages/en.php @@ -0,0 +1,25 @@ + "Manage ssl certificates", + "foafssl:suck" => "Suck an identity", + "foafssl:addforeign" => "Import a certificate", + "foafssl:generate" => "Generate", + "foafssl:generatecert" => "Generate a certificate", + "foafssl:your" => "Your ssl certificates", + "foafssl:name" => "Name", + "foafssl:generate:description" => "Write a name for your certificate (it should describe your identity on this network) and click on generate.", + "foafssl:return" => "After generating the certificate return to the manage page", + "foafssl:modulus" => "Modulus", + "foafssl:exponent" => "Exponent", + "foafssl:loggedin" => "You logged in successfully with your certificate!", + "foafssl:cantlogin" => "Couldnt login with the certificate", + "foafssl:addkey" => "Your new key has been added", + "foafssl:cantadd" => "Couldnt add the certificate, check that it is a correct foaf ssl certificate", + "foafssl:login" => "Foaf-ssl Login", + "foafssl:explain" => "You can generate your certificate for this network by using the generate button, also you can import from a file, or suck one you have installed on your browser.", + ); + + add_translation("en",$english); + +?> diff --git a/languages/es.php b/languages/es.php new file mode 100755 index 000000000..fbe170595 --- /dev/null +++ b/languages/es.php @@ -0,0 +1,26 @@ + "Gestionar certificados ssl", + "foafssl:addforeign" => "Importar un certificado", + "foafssl:generate" => "Generar", + "foafssl:your" => "Tus certificados ssl", + "foafssl:name" => "Nombre", + "foafssl:modulus" => "Modulo", + "foafssl:exponent" => "Exponente", + "foafssl:loggedin" => "Has entrado a la red con tu certificado", + "foafssl:cantlogin" => "No se ha podido validar tu certificado", + ); + + add_translation("es",$spanish); + +?> diff --git a/manage.php b/manage.php new file mode 100644 index 000000000..4a38c7342 --- /dev/null +++ b/manage.php @@ -0,0 +1,27 @@ +'object','subtypes'=>'sslkey','owner_guid'=>$user->getGUID(),'full_view'=>false); +$objects = elgg_list_entities($options); + +$body = elgg_view_title($title); +$body .= "
"; +$body .= sprintf(elgg_echo("foafssl:explain"), $user->getURL()."?view=foaf")."

"; +$body .= "".elgg_echo('foafssl:addforeign')." "; +$body .= "".elgg_echo('foafssl:generate')." "; +$body .= "".elgg_echo('foafssl:suck')."
"; +$body .= "
"; + +//$body .= elgg_view("pages/welcome", array('entity' => $welcome_message)); +$body .= $objects; + +$body = elgg_view_layout('two_column_left_sidebar', '', $body, $area3); + +// Finally draw the page +page_draw($title, $body); + +?> diff --git a/manifest.xml b/manifest.xml new file mode 100644 index 000000000..5cb3b9afa --- /dev/null +++ b/manifest.xml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/start.php b/start.php new file mode 100644 index 000000000..a9e20c77f --- /dev/null +++ b/start.php @@ -0,0 +1,83 @@ +getGUID(); + $key = new ElggObject(); + $key->name = $name; + $key->title = $name; + $key->subtype = 'sslkey'; + $key->owner_guid = $user_guid; + $key->container_guid = $user_guid; + $key->access_id = ACCESS_PUBLIC; + $key->save(); + $key->webid = $webid; + $key->modulus = $modulus; + $key->exponent = $exponent; + return $key; + } + + + function foafssl_page_handler($page) { + global $CONFIG; + switch ($page[0]) { + case 'manage': + include($CONFIG->pluginspath.'foafssl/manage.php'); + break; + case 'add': + include($CONFIG->pluginspath.'foafssl/add.php'); + break; + case 'generate': + include($CONFIG->pluginspath.'foafssl/generate.php'); + break; + case 'login': + include($CONFIG->pluginspath.'foafssl/authenticationlogin.php'); + break; + } + } + + function foafssl_pagesetup() { + global $CONFIG; + if (get_context() == 'settings') { + add_submenu_item(elgg_echo('foafssl:manage'), $CONFIG->wwwroot . "pg/foafssl/manage"); + } + } + + + function foafssl_init(){ + global $CONFIG; + register_action("foafssl/add",false, $CONFIG->pluginspath . "foafssl/actions/add.php"); + register_action("foafssl/generate",false, $CONFIG->pluginspath . "foafssl/actions/generate.php"); + register_action("foafssl/suck",false, $CONFIG->pluginspath . "foafssl/actions/suck.php"); + register_action("foafssl/delete",false, $CONFIG->pluginspath . "foafssl/actions/delete.php"); + register_action('entities/delete'); + register_page_handler('foafssl','foafssl_page_handler'); + register_elgg_event_handler('pagesetup','system','foafssl_pagesetup'); + elgg_extend_view("account/forms/login", "foafssl/loginbox"); + register_action("foafssl/register",true, $CONFIG->pluginspath . "foafssl/actions/register.php"); + + + //elgg_extend_view("canvas/layouts/widgets", "foafssl/profile"); + /* + register_action("microthemes/clear",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/clear.php"); + register_action("microthemes/edit",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/edit.php"); + register_action("microthemes/choose",false, $CONFIG->pluginspath . "microthemes/actions/microthemes/choose.php"); + register_plugin_hook('entity:icon:url', 'object', 'microthemes_tasksicon_hook'); + register_elgg_event_handler('pagesetup','system','microthemes_pagesetup'); + + elgg_extend_view("metatags", "microthemes/metatags"); + //elgg_extend_view('profile/menu/linksownpage','microthemes/profilemenu');*/ + } + +register_elgg_event_handler('init','system','foafssl_init'); + +?> diff --git a/views/default/foafssl/loginbox.php b/views/default/foafssl/loginbox.php new file mode 100644 index 000000000..732074d9f --- /dev/null +++ b/views/default/foafssl/loginbox.php @@ -0,0 +1,4 @@ +".elgg_echo("foafssl:login")." "; +?> diff --git a/views/default/foafssl/register.php b/views/default/foafssl/register.php new file mode 100755 index 000000000..4681db9c5 --- /dev/null +++ b/views/default/foafssl/register.php @@ -0,0 +1,54 @@ +isAdmin() && isset($vars['show_admin'])) { + $admin_option = true; +} + +$form_body = "


"; + +$form_body .= "
"; +$form_body .= "
"; +$form_body .= "
"; +$form_body .= "
"; + +// view to extend to add more fields to the registration form +$form_body .= elgg_view('register/extend'); + +// Add captcha hook +$form_body .= elgg_view('input/captcha'); + +if ($admin_option) { + $form_body .= elgg_view('input/checkboxes', array('internalname' => "admin", 'options' => array(elgg_echo('admin_option')))); +} + +$form_body .= elgg_view('input/hidden', array('internalname' => 'key_mod', 'value' => $vars['mod'])); +//$form_body .= $vars['mod']; +$form_body .= elgg_view('input/hidden', array('internalname' => 'key_exp', 'value' => $vars['exp'])); +$form_body .= elgg_view('input/hidden', array('internalname' => 'key_webid', 'value' => $vars['webid'])); +//$form_body .= $vars['webid']; + +$form_body .= elgg_view('input/hidden', array('internalname' => 'friend_guid', 'value' => $vars['friend_guid'])); +$form_body .= elgg_view('input/hidden', array('internalname' => 'invitecode', 'value' => $vars['invitecode'])); +//$form_body .= elgg_view('input/hidden', array('internalname' => 'action', 'value' => 'register')); +$form_body .= elgg_view('input/submit', array('internalname' => 'submit', 'value' => elgg_echo('register'))) . "

"; +?> + +
+

+ "{$vars['url']}action/foafssl/register", 'body' => $form_body, 'method'=>'post')) ?> +
diff --git a/views/foaf/canvas/layouts/widgets.php b/views/foaf/canvas/layouts/widgets.php new file mode 100644 index 000000000..acb6c3546 --- /dev/null +++ b/views/foaf/canvas/layouts/widgets.php @@ -0,0 +1,2 @@ + diff --git a/views/foaf/foafssl/profile.php b/views/foaf/foafssl/profile.php new file mode 100644 index 000000000..b11708a32 --- /dev/null +++ b/views/foaf/foafssl/profile.php @@ -0,0 +1,16 @@ +'object','subtypes'=>'sslkey','owner_guid'=>$user->getGUID()); + $userkeys = elgg_get_entities($options); + foreach($userkeys as $key) { +?> + + + + + + diff --git a/views/foaf/pageshells/pageshell.php b/views/foaf/pageshells/pageshell.php new file mode 100755 index 000000000..909c9aa58 --- /dev/null +++ b/views/foaf/pageshells/pageshell.php @@ -0,0 +1,54 @@ +\n"; + +if (!$owner = page_owner_entity()) { + if (!isloggedin()) { + exit; + } else { + $owner = $vars['user']; + } +} + +?> + + + + + + + + username; ?> + name; ?> + + email); ?> + + + + $owner)); + ?> + -- cgit v1.2.3