Return-Path:
X-Original-To: apmail-clerezza-commits-archive@www.apache.org
Delivered-To: apmail-clerezza-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 77789104EE
for ;
Wed, 4 Dec 2013 15:21:29 +0000 (UTC)
Received: (qmail 6125 invoked by uid 500); 4 Dec 2013 15:21:21 -0000
Delivered-To: apmail-clerezza-commits-archive@clerezza.apache.org
Received: (qmail 6095 invoked by uid 500); 4 Dec 2013 15:21:20 -0000
Mailing-List: contact commits-help@clerezza.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: dev@clerezza.apache.org
Delivered-To: mailing list commits@clerezza.apache.org
Received: (qmail 6026 invoked by uid 99); 4 Dec 2013 15:21:19 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
(140.211.11.114)
by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Dec 2013 15:21:19 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
id 336D4B34F; Wed, 4 Dec 2013 15:21:19 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: reto@apache.org
To: commits@clerezza.apache.org
Date: Wed, 04 Dec 2013 15:21:22 -0000
Message-Id: <461e0f80b9a24bdab0469ba361530cca@git.apache.org>
In-Reply-To: <1f142b8ebee54188999069f70f15e0b3@git.apache.org>
References: <1f142b8ebee54188999069f70f15e0b3@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [5/9] CLEREZZA-435: repaced tabs with spaces in scala files
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.logging/initializer/src/main/scala/org/apache/clerezza/platform/logging/initializer/Activator.scala
----------------------------------------------------------------------
diff --git a/platform.logging/initializer/src/main/scala/org/apache/clerezza/platform/logging/initializer/Activator.scala b/platform.logging/initializer/src/main/scala/org/apache/clerezza/platform/logging/initializer/Activator.scala
index cfdc270..c8220db 100644
--- a/platform.logging/initializer/src/main/scala/org/apache/clerezza/platform/logging/initializer/Activator.scala
+++ b/platform.logging/initializer/src/main/scala/org/apache/clerezza/platform/logging/initializer/Activator.scala
@@ -35,54 +35,54 @@ import org.osgi.framework.BundleActivator
class Activator extends BundleActivator {
- private val configurationAdminClassName = classOf[ConfigurationAdmin].getName
+ private val configurationAdminClassName = classOf[ConfigurationAdmin].getName
- def start(context: BundleContext) {
- import scala.collection.JavaConversions._
- val paxLoggingLocation: String = context.getBundles().
- find(bundle => bundle.getSymbolicName().equals("org.ops4j.pax.logging.pax-logging-service")) match {
- case Some(b) => b.getLocation();
- case _ => throw new RuntimeException("org.ops4j.pax.logging.pax-logging-service not found")
- }
- val serviceReference = context.getServiceReference(configurationAdminClassName);
- def configureIfUnconfigured(serviceReference: ServiceReference[_]) {
- val configurationAdmin = context.getService(serviceReference).asInstanceOf[ConfigurationAdmin]
- val config: Configuration = configurationAdmin.getConfiguration(
- "org.ops4j.pax.logging", paxLoggingLocation);
- if (config.getProperties() == null) {
- val props: Dictionary[String, String] = new Hashtable[String, String]();
- props.put("log4j.rootLogger", "INFO, R, stdout");
- props.put("log4j.logger.org.apache.clerezza","DEBUG")
- props.put("log4j.appender.stdout", "org.apache.log4j.ConsoleAppender");
- props.put("log4j.appender.stdout.layout", "org.apache.log4j.PatternLayout");
- props.put("log4j.appender.stdout.Threshold", "WARN");
- // Pattern to output the caller's file name and line number.
- props.put("log4j.appender.stdout.layout.ConversionPattern", "%d [%t] %5p [%t] (%F\\:%L) - %m%n");
- props.put("log4j.appender.R", "org.apache.log4j.FileAppender");
- props.put("log4j.appender.R.File", "clerezza.log");
- props.put("log4j.appender.R.layout", "org.apache.log4j.PatternLayout");
- props.put("log4j.appender.R.layout.ConversionPattern", "%d [%t] %p %t %c - %m%n");
+ def start(context: BundleContext) {
+ import scala.collection.JavaConversions._
+ val paxLoggingLocation: String = context.getBundles().
+ find(bundle => bundle.getSymbolicName().equals("org.ops4j.pax.logging.pax-logging-service")) match {
+ case Some(b) => b.getLocation();
+ case _ => throw new RuntimeException("org.ops4j.pax.logging.pax-logging-service not found")
+ }
+ val serviceReference = context.getServiceReference(configurationAdminClassName);
+ def configureIfUnconfigured(serviceReference: ServiceReference[_]) {
+ val configurationAdmin = context.getService(serviceReference).asInstanceOf[ConfigurationAdmin]
+ val config: Configuration = configurationAdmin.getConfiguration(
+ "org.ops4j.pax.logging", paxLoggingLocation);
+ if (config.getProperties() == null) {
+ val props: Dictionary[String, String] = new Hashtable[String, String]();
+ props.put("log4j.rootLogger", "INFO, R, stdout");
+ props.put("log4j.logger.org.apache.clerezza","DEBUG")
+ props.put("log4j.appender.stdout", "org.apache.log4j.ConsoleAppender");
+ props.put("log4j.appender.stdout.layout", "org.apache.log4j.PatternLayout");
+ props.put("log4j.appender.stdout.Threshold", "WARN");
+ // Pattern to output the caller's file name and line number.
+ props.put("log4j.appender.stdout.layout.ConversionPattern", "%d [%t] %5p [%t] (%F\\:%L) - %m%n");
+ props.put("log4j.appender.R", "org.apache.log4j.FileAppender");
+ props.put("log4j.appender.R.File", "clerezza.log");
+ props.put("log4j.appender.R.layout", "org.apache.log4j.PatternLayout");
+ props.put("log4j.appender.R.layout.ConversionPattern", "%d [%t] %p %t %c - %m%n");
- config.update(props);
- }
- }
- if (serviceReference != null) {
- configureIfUnconfigured(serviceReference);
- } else {
- val filter: String = "(objectclass=" + configurationAdminClassName + ")";
- context.addServiceListener(new ServiceListener{
- def serviceChanged(e: ServiceEvent) {
- if (e.getType == ServiceEvent.REGISTERED) {
- configureIfUnconfigured(e.getServiceReference)
- }
- }
- },filter)
- }
-
- }
+ config.update(props);
+ }
+ }
+ if (serviceReference != null) {
+ configureIfUnconfigured(serviceReference);
+ } else {
+ val filter: String = "(objectclass=" + configurationAdminClassName + ")";
+ context.addServiceListener(new ServiceListener{
+ def serviceChanged(e: ServiceEvent) {
+ if (e.getType == ServiceEvent.REGISTERED) {
+ configureIfUnconfigured(e.getServiceReference)
+ }
+ }
+ },filter)
+ }
+
+ }
- def stop(context: BundleContext) {
+ def stop(context: BundleContext) {
- }
+ }
}
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
index 45a274a..670c28a 100644
--- a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
+++ b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
@@ -78,14 +78,14 @@ class FoafSslAuthentication extends WeightedAuthenticationMethod {
claim.principal
}
- subject.getPublicCredentials.add(x509c)
- if (verified.size > 0) {
- subject.getPrincipals().remove(UserUtil.ANONYMOUS)
- subject.getPrincipals().addAll(verified)
- return true
- } else {
- return false
- }
+ subject.getPublicCredentials.add(x509c)
+ if (verified.size > 0) {
+ subject.getPrincipals().remove(UserUtil.ANONYMOUS)
+ subject.getPrincipals().addAll(verified)
+ return true
+ } else {
+ return false
+ }
}
def addAgentToSystem(id: WebIDClaim) {
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
index 8ae8429..468b350 100644
--- a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
+++ b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
@@ -44,129 +44,129 @@ import scala.None
*/
class WebIDClaim(val webId: UriRef, val key: PublicKey) {
- import X509Claim._
-
- val errors = new LinkedList[java.lang.Throwable]()
-
- lazy val principal = new WebIdPrincipal(webId)
- var verified = Verification.Unverified
-
- /*private lazy val selectQuery = {
- val query = """PREFIX cert:
- PREFIX rsa:
- SELECT ?m ?e ?mod ?exp
- WHERE {
- [] cert:identity ?webid ;
- rsa:modulus ?m ;
- rsa:public_exponent ?e .
- OPTIONAL { ?m cert:hex ?mod . }
- OPTIONAL { ?e cert:decimal ?exp . }
- }"""
- queryParser.parse(query).asInstanceOf[SelectQuery]
- }*/
-
-
-
- /**
- * verify this claim
- * @param authSrvc: the authentication service contains information about where to get graphs
- */
- //todo: make this asynchronous
- def verify(authSrvc: FoafSslAuthentication) {
- if (!webId.getUnicodeString.startsWith("http:") && !webId.getUnicodeString.startsWith("https:")) {
- //todo: ftp, and ftps should also be doable, though content negoations is then lacking
- verified = Verification.Unsupported
- return
- }
- verified = try {
- var webIdInfo = authSrvc.webIdSrvc.getWebIdInfo(webId)
- verify(webIdInfo.localPublicUserData) match {
- case None => Verification.Verified
- case Some(err) => {
- webIdInfo.forceCacheUpdate()
- webIdInfo = authSrvc.webIdSrvc.getWebIdInfo(webId)
- verify(webIdInfo.localPublicUserData) match {
- case None => Verification.Verified
- case Some(err) => {
- errors.add(err)
- Verification.Failed
- }
- }
- }
- }
- } catch {
- case e => {
- errors.add(e)
- Verification.Failed
- }
- }
- }
-
- def verify(tc: TripleCollection): Option[WebIDVerificationError] = {
- key match {
- case k: RSAPublicKey => verify(k, tc);
- case x => Some(new WebIDVerificationError("Unsupported key format "+x.getClass) )
- }
- }
-
- private def verify(publicKey: RSAPublicKey, tc: TripleCollection): Option[WebIDVerificationError] = {
- val publicKeysInGraph = getPublicKeysInGraph(tc)
- if (publicKeysInGraph.size==0) return Some(new WebIDVerificationError("No public keys found in WebID Profile for "+webId.getUnicodeString))
- val publicKeyTuple = (new BigInt(publicKey.getModulus), new BigInt(publicKey.getPublicExponent))
- val result = publicKeysInGraph.contains(publicKeyTuple)
- if (logger.isDebugEnabled) {
- if (!result) {
- val baos = new ByteArrayOutputStream
- Serializer.getInstance.serialize(baos, tc, SupportedFormat.TURTLE);
- logger.debug("no matching key in: \n{}", new String(baos.toByteArray));
- logger.debug("the public key is not among the " +
- publicKeysInGraph.size + " keys in the profile graph of size " +
- tc.size)
- logger.debug("PublicKey: " + publicKeyTuple)
- publicKeysInGraph.foreach(k => logger.debug("PublikKey in graph: " + k))
- }
- }
- if (result) return None
- else return Some(new WebIDVerificationError("No matching keys found in WebID Profile"))
- }
-
- private def getPublicKeysInGraph(tc: TripleCollection): Array[(BigInt, BigInt)] = {
- import scala.collection.JavaConversions._
- val publicKeys = for (t <- tc.filter(null, CERT.identity, webId)) yield {
- t.getSubject
- }
- (for (p <- publicKeys) yield {
- val node = new GraphNode(p, tc)
- val modulusRes = node / RSA.modulus
- val modulus = intValueOfResource(modulusRes) match {
- case Some(x) => x
- case _ => BigInt(0)
- }
- val exponentRes = node / RSA.public_exponent
- val exponent = intValueOfResource(exponentRes) match {
- case Some(x) => x
- case _ => BigInt(0)
- }
- (modulus, exponent)
- }).toArray
- }
-
-
- def canEqual(other: Any) = other.isInstanceOf[WebIDClaim]
-
- override
- def equals(other: Any): Boolean =
- other match {
- case that: WebIDClaim => (that eq this) || (that.canEqual(this) && webId == that.webId && key == that.key)
- case _ => false
- }
-
- override
- lazy val hashCode: Int = 41 * (
- 41 * (
- 41 + (if (webId != null) webId.hashCode else 0)
- ) + (if (key != null) key.hashCode else 0)
- )
+ import X509Claim._
+
+ val errors = new LinkedList[java.lang.Throwable]()
+
+ lazy val principal = new WebIdPrincipal(webId)
+ var verified = Verification.Unverified
+
+ /*private lazy val selectQuery = {
+ val query = """PREFIX cert:
+ PREFIX rsa:
+ SELECT ?m ?e ?mod ?exp
+ WHERE {
+ [] cert:identity ?webid ;
+ rsa:modulus ?m ;
+ rsa:public_exponent ?e .
+ OPTIONAL { ?m cert:hex ?mod . }
+ OPTIONAL { ?e cert:decimal ?exp . }
+ }"""
+ queryParser.parse(query).asInstanceOf[SelectQuery]
+ }*/
+
+
+
+ /**
+ * verify this claim
+ * @param authSrvc: the authentication service contains information about where to get graphs
+ */
+ //todo: make this asynchronous
+ def verify(authSrvc: FoafSslAuthentication) {
+ if (!webId.getUnicodeString.startsWith("http:") && !webId.getUnicodeString.startsWith("https:")) {
+ //todo: ftp, and ftps should also be doable, though content negoations is then lacking
+ verified = Verification.Unsupported
+ return
+ }
+ verified = try {
+ var webIdInfo = authSrvc.webIdSrvc.getWebIdInfo(webId)
+ verify(webIdInfo.localPublicUserData) match {
+ case None => Verification.Verified
+ case Some(err) => {
+ webIdInfo.forceCacheUpdate()
+ webIdInfo = authSrvc.webIdSrvc.getWebIdInfo(webId)
+ verify(webIdInfo.localPublicUserData) match {
+ case None => Verification.Verified
+ case Some(err) => {
+ errors.add(err)
+ Verification.Failed
+ }
+ }
+ }
+ }
+ } catch {
+ case e => {
+ errors.add(e)
+ Verification.Failed
+ }
+ }
+ }
+
+ def verify(tc: TripleCollection): Option[WebIDVerificationError] = {
+ key match {
+ case k: RSAPublicKey => verify(k, tc);
+ case x => Some(new WebIDVerificationError("Unsupported key format "+x.getClass) )
+ }
+ }
+
+ private def verify(publicKey: RSAPublicKey, tc: TripleCollection): Option[WebIDVerificationError] = {
+ val publicKeysInGraph = getPublicKeysInGraph(tc)
+ if (publicKeysInGraph.size==0) return Some(new WebIDVerificationError("No public keys found in WebID Profile for "+webId.getUnicodeString))
+ val publicKeyTuple = (new BigInt(publicKey.getModulus), new BigInt(publicKey.getPublicExponent))
+ val result = publicKeysInGraph.contains(publicKeyTuple)
+ if (logger.isDebugEnabled) {
+ if (!result) {
+ val baos = new ByteArrayOutputStream
+ Serializer.getInstance.serialize(baos, tc, SupportedFormat.TURTLE);
+ logger.debug("no matching key in: \n{}", new String(baos.toByteArray));
+ logger.debug("the public key is not among the " +
+ publicKeysInGraph.size + " keys in the profile graph of size " +
+ tc.size)
+ logger.debug("PublicKey: " + publicKeyTuple)
+ publicKeysInGraph.foreach(k => logger.debug("PublikKey in graph: " + k))
+ }
+ }
+ if (result) return None
+ else return Some(new WebIDVerificationError("No matching keys found in WebID Profile"))
+ }
+
+ private def getPublicKeysInGraph(tc: TripleCollection): Array[(BigInt, BigInt)] = {
+ import scala.collection.JavaConversions._
+ val publicKeys = for (t <- tc.filter(null, CERT.identity, webId)) yield {
+ t.getSubject
+ }
+ (for (p <- publicKeys) yield {
+ val node = new GraphNode(p, tc)
+ val modulusRes = node / RSA.modulus
+ val modulus = intValueOfResource(modulusRes) match {
+ case Some(x) => x
+ case _ => BigInt(0)
+ }
+ val exponentRes = node / RSA.public_exponent
+ val exponent = intValueOfResource(exponentRes) match {
+ case Some(x) => x
+ case _ => BigInt(0)
+ }
+ (modulus, exponent)
+ }).toArray
+ }
+
+
+ def canEqual(other: Any) = other.isInstanceOf[WebIDClaim]
+
+ override
+ def equals(other: Any): Boolean =
+ other match {
+ case that: WebIDClaim => (that eq this) || (that.canEqual(this) && webId == that.webId && key == that.key)
+ case _ => false
+ }
+
+ override
+ lazy val hashCode: Int = 41 * (
+ 41 * (
+ 41 + (if (webId != null) webId.hashCode else 0)
+ ) + (if (key != null) key.hashCode else 0)
+ )
}
class WebIDVerificationError(msg: String) extends Error(msg) {
@@ -174,14 +174,14 @@ class WebIDVerificationError(msg: String) extends Error(msg) {
}
object WebIdPrincipal {
- //todo: not at all a satisfactory username method. Find something better.
- def userName(webId: UriRef) = for (c <- webId.getUnicodeString) yield
- c match {
- case ':' => '_';
- case '#' => '_';
- case '/' => '_';
- case _ => c
- }
+ //todo: not at all a satisfactory username method. Find something better.
+ def userName(webId: UriRef) = for (c <- webId.getUnicodeString) yield
+ c match {
+ case ':' => '_';
+ case '#' => '_';
+ case '/' => '_';
+ case _ => c
+ }
}
class WebIdPrincipal(val webId: UriRef) extends PrincipalImpl(WebIdPrincipal.userName(webId)) {
@@ -191,26 +191,26 @@ class WebIdPrincipal(val webId: UriRef) extends PrincipalImpl(WebIdPrincipal.use
object Verification extends Enumeration {
- /**
- * the claim has not yet been verified
- */
- val Unverified = Value
+ /**
+ * the claim has not yet been verified
+ */
+ val Unverified = Value
- /**
- * The claim was verified and succeeded
- */
- val Verified = Value
+ /**
+ * The claim was verified and succeeded
+ */
+ val Verified = Value
- /**
- * The claim was verified and failed
- */
- val Failed = Value
+ /**
+ * The claim was verified and failed
+ */
+ val Failed = Value
- /**
- * The claim cannot be verified by this agent
- */
- val Unsupported = Value
+ /**
+ * The claim cannot be verified by this agent
+ */
+ val Unsupported = Value
}
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/X509Claim.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/X509Claim.scala b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/X509Claim.scala
index 96ef674..72004de 100644
--- a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/X509Claim.scala
+++ b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/X509Claim.scala
@@ -163,13 +163,13 @@ object X509Claim {
}
/*
- * This method helps us deal with the old style notation
- * of key rsa:modulus [ cert:hex "a342342bde..." ]
- * rsa:public_exponent [ cert:int "256" ]
- *
- * where the numbers are representated by blank nodes identified by their relation to a string
- *
- */
+ * This method helps us deal with the old style notation
+ * of key rsa:modulus [ cert:hex "a342342bde..." ]
+ * rsa:public_exponent [ cert:int "256" ]
+ *
+ * where the numbers are representated by blank nodes identified by their relation to a string
+ *
+ */
def intValueOfResourceByProperty(n: GraphNode): Option[BigInt] = {
val hexValues = n / CERT.hex
if (hexValues.length > 0) {
@@ -186,10 +186,10 @@ object X509Claim {
return None
}
- /**
- * @prefix a typed literal of some some numeric type
- * @return the BigInteger it represents
- */
+ /**
+ * @prefix a typed literal of some some numeric type
+ * @return the BigInteger it represents
+ */
def intValueOfTypedLiteral(l: TypedLiteral): Option[BigInt] = {
try {
(l.getLexicalForm, l.getDataType) match {
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/Activator.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/Activator.scala b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/Activator.scala
index ee30378..21e43ee 100644
--- a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/Activator.scala
+++ b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/Activator.scala
@@ -33,16 +33,16 @@ import org.wymiwyg.jetty.httpservice.{Activator => ServiceActivator}
*/
class Activator() {
-
- var x509TrustManagerWrapperService: X509TrustManagerWrapperService = null;
- protected def bindX509TrustManagerWrapperService(s: X509TrustManagerWrapperService) = {
- x509TrustManagerWrapperService = s
- }
- protected def unbindX509TrustManagerWrapperService(s: X509TrustManagerWrapperService) = {
- x509TrustManagerWrapperService = null
- }
-
- protected def activate(context: ComponentContext) = {
+
+ var x509TrustManagerWrapperService: X509TrustManagerWrapperService = null;
+ protected def bindX509TrustManagerWrapperService(s: X509TrustManagerWrapperService) = {
+ x509TrustManagerWrapperService = s
+ }
+ protected def unbindX509TrustManagerWrapperService(s: X509TrustManagerWrapperService) = {
+ x509TrustManagerWrapperService = null
+ }
+
+ protected def activate(context: ComponentContext) = {
try{
val bundleContext = context.getBundleContext
//TODO set jvm default ca-store
@@ -50,7 +50,7 @@ class Activator() {
if (http!=null && "true".equals(http)) {
val sslContextFactory = new X509SSLContextFactory(
getServerCertKeyStore(context),
- getKeyStorePassword(bundleContext),
+ getKeyStorePassword(bundleContext),
getServerCertKeyStore(context));//getCaKeyStore());
sslContextFactory
.setTrustManagerWrapper(x509TrustManagerWrapperService);
@@ -64,44 +64,44 @@ class Activator() {
catch{
case e : Exception => println("unable to activate FOAF+SSL")
}
- }
-
-
- def getServerCertKeyStore(context: ComponentContext): KeyStore = {
- val bundleContext = context.getBundleContext
- val keyStoreLoader = new KeyStoreLoader
- keyStoreLoader.setKeyStoreType(getKeyStoreType(bundleContext))
- keyStoreLoader.setKeyStorePath(getKeyStorePath(bundleContext))
- keyStoreLoader.setKeyStorePassword(getKeyStorePassword(bundleContext))
+ }
+
+
+ def getServerCertKeyStore(context: ComponentContext): KeyStore = {
+ val bundleContext = context.getBundleContext
+ val keyStoreLoader = new KeyStoreLoader
+ keyStoreLoader.setKeyStoreType(getKeyStoreType(bundleContext))
+ keyStoreLoader.setKeyStorePath(getKeyStorePath(bundleContext))
+ keyStoreLoader.setKeyStorePassword(getKeyStorePassword(bundleContext))
return keyStoreLoader.loadKeyStore();
}
-
- protected def getKeyStoreType(context: BundleContext) = {
- val property = context.getProperty(ServiceActivator.CONTEXT_PROPERTY_KEYSTORE_TYPE);
- if (property != null) {
- property;
- } else {
- "JKS"
- }
- }
+
+ protected def getKeyStoreType(context: BundleContext) = {
+ val property = context.getProperty(ServiceActivator.CONTEXT_PROPERTY_KEYSTORE_TYPE);
+ if (property != null) {
+ property;
+ } else {
+ "JKS"
+ }
+ }
- protected def getKeyStorePath(context: BundleContext) = {
- val property = context.getProperty(ServiceActivator.CONTEXT_PROPERTY_KEYSTORE_PATH);
- if (property != null) {
- property;
- } else {
- new File(new File(System.getProperty("user.home")), ".keystore").getAbsolutePath
- }
- }
+ protected def getKeyStorePath(context: BundleContext) = {
+ val property = context.getProperty(ServiceActivator.CONTEXT_PROPERTY_KEYSTORE_PATH);
+ if (property != null) {
+ property;
+ } else {
+ new File(new File(System.getProperty("user.home")), ".keystore").getAbsolutePath
+ }
+ }
- protected def getKeyStorePassword(context: BundleContext) = {
- val property = context.getProperty(ServiceActivator.CONTEXT_PROPERTY_KEYSTORE_PASSWORD);
- if (property != null) {
- property;
- } else {
- "password";
- }
- }
+ protected def getKeyStorePassword(context: BundleContext) = {
+ val property = context.getProperty(ServiceActivator.CONTEXT_PROPERTY_KEYSTORE_PASSWORD);
+ if (property != null) {
+ property;
+ } else {
+ "password";
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
index e418ed4..ad039b1 100644
--- a/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
+++ b/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
@@ -30,41 +30,41 @@ import org.apache.clerezza.foafssl.auth.X509Claim
object X509TrustManagerWrapperService {
- private val logger = LoggerFactory.getLogger(classOf[X509TrustManagerWrapperService])
+ private val logger = LoggerFactory.getLogger(classOf[X509TrustManagerWrapperService])
}
class X509TrustManagerWrapperService() extends X509TrustManagerWrapper {
- import X509TrustManagerWrapperService._
+ import X509TrustManagerWrapperService._
- override def wrapTrustManager(trustManager: X509TrustManager): X509TrustManager = {
+ override def wrapTrustManager(trustManager: X509TrustManager): X509TrustManager = {
- new TrustAllClientsWrappingTrustManager(trustManager) {
+ new TrustAllClientsWrappingTrustManager(trustManager) {
- //At this level we just check if there are webids
- override def checkClientTrusted(chain: Array[X509Certificate], authType: String): Unit = {
- try {
- val webIdUriRefs = X509Claim.getClaimedWebIds(chain(0))
- if (webIdUriRefs.isEmpty) {
- trustManager.checkClientTrusted(chain, authType)
- }
- return
+ //At this level we just check if there are webids
+ override def checkClientTrusted(chain: Array[X509Certificate], authType: String): Unit = {
+ try {
+ val webIdUriRefs = X509Claim.getClaimedWebIds(chain(0))
+ if (webIdUriRefs.isEmpty) {
+ trustManager.checkClientTrusted(chain, authType)
+ }
+ return
- } catch {
- //todo: this should be more clever, only displaying full stack trace if requested
- //todo: currently could be a denial of service attack - by filling up your hard drive
- case ex: Throwable => {
- logger.info("can't check client", ex)
- throw new CertificateException("cannot check client" + ex.getMessage);
- }
- }
- }
- }
- }
+ } catch {
+ //todo: this should be more clever, only displaying full stack trace if requested
+ //todo: currently could be a denial of service attack - by filling up your hard drive
+ case ex: Throwable => {
+ logger.info("can't check client", ex)
+ throw new CertificateException("cannot check client" + ex.getMessage);
+ }
+ }
+ }
+ }
+ }
- protected def activate(context: ComponentContext) = { }
+ protected def activate(context: ComponentContext) = { }
}
-
\ No newline at end of file
+
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala b/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
index 42fdda0..1868112 100644
--- a/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
+++ b/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/WebIDTester.scala
@@ -65,606 +65,606 @@ class WebIDTester {
protected def activate(componentContext: ComponentContext) = {
- // configure(componentContext.getBundleContext(), "profile-staticweb");
+ // configure(componentContext.getBundleContext(), "profile-staticweb");
}
- /**
- * don't bother converting to rdf here for the moment.
- */
+ /**
+ * don't bother converting to rdf here for the moment.
+ */
@GET
@Produces(Array("application/xhtml","text/html"))
def getTestMe(): GraphNode = {
val resultNode: GraphNode = new GraphNode(new BNode(),new SimpleMGraph())
resultNode.addProperty(RDF.`type`, testCls)
- resultNode.addProperty(RDF.`type`,PLATFORM.HeadedPage)
+ resultNode.addProperty(RDF.`type`,PLATFORM.HeadedPage)
return resultNode
}
- @GET
- @Produces(Array("text/n3","text/rdf+n3","text/turtle"))
- @Path("n3")
- def getTestMe_N3(): TripleCollection = getTestMeRDF()
-
- @GET
- def getTestMeRDF(): TripleCollection = {
- val certTester = new CertTester(UserUtil.getCurrentSubject(), webIdGraphsService)
- certTester.runTests()
- return certTester.toRdf()
- }
-
- @GET
- @Path("x509")
- @Produces(Array("text/plain"))
- def getTestX509(): String = {
- val subject = UserUtil.getCurrentSubject();
- val creds = subject.getPublicCredentials
+ @GET
+ @Produces(Array("text/n3","text/rdf+n3","text/turtle"))
+ @Path("n3")
+ def getTestMe_N3(): TripleCollection = getTestMeRDF()
+
+ @GET
+ def getTestMeRDF(): TripleCollection = {
+ val certTester = new CertTester(UserUtil.getCurrentSubject(), webIdGraphsService)
+ certTester.runTests()
+ return certTester.toRdf()
+ }
+
+ @GET
+ @Path("x509")
+ @Produces(Array("text/plain"))
+ def getTestX509(): String = {
+ val subject = UserUtil.getCurrentSubject();
+ val creds = subject.getPublicCredentials
if (creds.size == 0) return "No public keys found"
- return creds.iterator.next match {
- case x509: X509Claim => "X509 Certificate found. " + x509.cert.toString
- case other: Any => "no X509 certificate found: found " + other.getClass()
- }
+ return creds.iterator.next match {
+ case x509: X509Claim => "X509 Certificate found. " + x509.cert.toString
+ case other: Any => "no X509 certificate found: found " + other.getClass()
+ }
- }
+ }
- private var webIdGraphsService: WebIdGraphsService = null
- protected def bindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
- this.webIdGraphsService = webIdGraphsService
- }
+ private var webIdGraphsService: WebIdGraphsService = null
+ protected def bindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
+ this.webIdGraphsService = webIdGraphsService
+ }
- protected def unbindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
- this.webIdGraphsService = null
- }
+ protected def unbindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
+ this.webIdGraphsService = null
+ }
}
/** All the cert tests are placed here */
class CertTester(subj: Subject, webIdGraphsService: WebIdGraphsService) extends Assertor {
- import EARL.{passed, failed, cantTell, untested, inapplicable}
-
- val creds: scala.collection.mutable.Set[X509Claim] = subj.getPublicCredentials(classOf[X509Claim]);
- val now = new Date()
-
-
- def runTests() {
-
- import g._
- val thisDoc = (g.bnode.a(FOAF.Document) //there really has to be a way to get THIS doc url, to add relative urls to the graph
- -- DCTERMS.created --> now
- )
- //
- // Description of certificates and their public profileKeys
- //
- val x509claimRefs = for (claim <- creds) yield {
- val cert = g.bnode
- (
- cert.a(CERT.Certificate)
- -- CERT.base64der --> Base64.encode(claim.cert.getEncoded())
- )
-
- //
- // Assertion public key
- //
- val pubkey = claim.cert.getPublicKey
- val testCertKey = create(TEST.certificatePubkeyRecognised, cert)
-
- pubkey match {
- case rsa: RSAPublicKey => {
- val pk = (g.bnode.a(RSA.RSAPublicKey)
- -- RSA.modulus --> new TypedLiteralImpl(rsa.getModulus.toString(16), CERT.hex)
- -- RSA.public_exponent --> new TypedLiteralImpl(rsa.getPublicExponent.toString(10), CERT.int_)
- )
- cert -- CERT.principal_key --> pk
- val res = testCertKey.result;
- res.description = "Certificate contains RSA key which is recognised"
- res.outcome = EARL.passed
- res.pointer(pk.getNode.asInstanceOf[NonLiteral])
- }
- case _ => {
- testCertKey.result.description = "Certificate contains key that is not understood by WebID layer " +
- "Pubkey algorith is " + pubkey.getAlgorithm
- testCertKey.result.outcome = EARL.failed
- }
- }
-
- //
- // Assertion time stamp of certificate
- //
- val dateOkAss = create(TEST.certificateDateOk, cert)
- val notBefore = claim.cert.getNotBefore
- val notAfter = claim.cert.getNotAfter
-
- if (now.before(notBefore)) {
- dateOkAss.result("Certificate time is too early. Watch out this is often due to time " +
- "synchronisation issues accross servers", failed)
- } else if (now.after(notAfter)) {
- dateOkAss.result("Certificate validity time has expired. ", failed, thisDoc.getNode)
- } else {
- dateOkAss.result("Certificate time is valid", passed, thisDoc.getNode)
- }
-
- cert -> claim
- }
-
- //
- // certificate was provided
- //
- val eC = x509claimRefs.size > 0
- val ass = (
- g.bnode.a(EARL.Assertion)
- -- EARL.test --> TEST.certificateProvided
- -- EARL.result --> (g.bnode.a(EARL.TestResult)
- -- DC.description --> {if (eC) "Certificate available" else "No Certificate Found"}
- -- EARL.outcome --> {if (eC) EARL.passed else EARL.failed})
- )
- if (eC) ass -- EARL.subject -->> x509claimRefs.map(p => p._1)
- else return g
-
-
- //
- // WebID authentication succeeded
- //
- val principals = for (p <- subj.getPrincipals
- if p.isInstanceOf[WebIdPrincipal]) yield p.asInstanceOf[WebIdPrincipal]
- (g.bnode.a(EARL.Assertion)
- -- EARL.test --> TEST.webidAuthentication
- -- EARL.result --> (g.bnode.a(EARL.TestResult)
- -- DC.description --> {"found " + principals.size + " valid principals"}
- -- EARL.outcome --> {if (principals.size > 0) EARL.passed else EARL.failed}
- -- EARL.pointer -->> principals.map(p => p.webId)
- )
- -- EARL.subject -->> x509claimRefs.map(p => p._1)
- )
- import collection.JavaConversions._
-
- for ((certRef, claim) <- x509claimRefs) {
- for (widc <- claim.webidclaims) {
- import Verification._
- val webidAss = create(TEST.webidClaim,
- Seq(widc.webId, certRef)) //todo, we need to add a description of the profileKeys as found in the remote file
- val result = webidAss.result
- result.pointer(widc.webId)
- result.exceptions = widc.errors
- widc.verified match {
- case Verified => {
- result("claim for WebId " + widc.webId + " was verified", passed)
- claimTests(widc)
- }
- case Failed => {
- result("claim for WebID " + widc.webId + " failed", failed)
- claimTests(widc)
- }
- case Unverified => {
- result("claim for WebId " + widc.webId + " was not verified",untested)
- }
- case Unsupported => {
- result("this webid is unsupported ",cantTell)
- }
- }
- }
- }
- }
-
- // more detailed tester for claims that passed or failed
- // even tester that succeed could be just succeeding by chance (if public profileKeys are badly written out for eg)
- def claimTests(claim: WebIDClaim) {
- val sem: Option[GraphNode] = try {
- Some(new GraphNode(claim.webId, webIdGraphsService.getWebIdInfo(claim.webId).publicProfile)) //webProxy.fetchSemantics(claim.webId, Cache.CacheOnly)
- } catch {
- case e: NoSuchEntityException => None
- }
- val profileXst = create(TEST.profileGet, claim.webId)
-
- sem match {
- case Some(profile) => {
- if (profile.getGraph.size() > 0) {
- profileXst.result("Profile was fetched. The information about this is not yet very detailed" +
- " in Clerezza. Later will be able to give more details.", passed)
- testKeys(profile /- CERT.identity)
-
- } else {
- profileXst.result("Profile seems to have been fetched but it contains very little" +
- " information. There may be other issues too", cantTell)
- }
-
- }
- case None => {
- profileXst.result("No profile was found or is in store", failed)
- }
- }
-
- }
-
- /**
- * @param exponentNode the node in the remote profile descrbing the modulus - can be a literal or a resource
- * @param litRef a resource to the literal as described in the test graph
- * @return true, if the modulus is recognised as parsing
- */
- def testRSAModulus(modulusNode: RichGraphNode, litRef: Resource):Boolean = {
- val asrtKeyModulusLit = create(TEST.pubkeyRSAModulusLiteral, litRef)
- val asrtKeyMod = create(TEST.pubkeyRSAModulus, litRef)
- val asrtKeyModulusOldFunc = create(TEST.pubkeyRSAModulusOldFunctional,litRef)
- var result = false
-
- modulusNode! match {
- case ref: NonLiteral => {
- asrtKeyModulusLit.result("the modulus of this key is not described directly as" +
- " a literal. It is currently the preferred practice.", failed)
- val hex = modulusNode / CERT.hex
- if (hex.size == 0) {
- asrtKeyModulusOldFunc.result("no hexadecimal value for the modulus found", failed)
- } else if (hex.size > 1) {
- asrtKeyModulusOldFunc.result((hex.size - 1) + " too many hexadecimal values for " +
- "the modulus found. 1 is enough. If the numbers don't end up matching this is very likely" +
- " to cause random behavior ", failed)
- } else {
- asrtKeyModulusOldFunc.result("one hex value for modulus", EARL.passed)
- val kmres = asrtKeyMod.result
- hex(0) ! match {
- case refh: NonLiteral => {
- asrtKeyMod.result("The modulus is using old notation and it's hex is not " +
- "a literal. Going further would require reasoning engines which it is currently unlikely" +
- "many sites have access to.", failed)
- }
- case lith: Literal => {
- lith match {
- case plainLit: PlainLiteral => {
- if (plainLit.getLanguage != null)
- kmres("keymodulus exists and is parseable", passed)
- else
- kmres("keymodulus exists and is parseable, but has a language tag", passed)
- result = true
- }
- case typedLit: TypedLiteral => {
- if (typedLit.getDataType == null ||
- XSD.string == typedLit.getDataType) {
- kmres("keymodulus exists and is parseable", passed)
- result = true
- } else {
- kmres("keymodulus exists but does not have a string type", failed)
- }
- }
- case lit => {
- // cert:hex cannot be mistyped, since anything that is odd in the string is
- //removed
- kmres("keymodulus exists and is parseable", passed)
- result = true
- }
- }
- }
- }
- }
-
- }
- case numLit: Literal => {
- val reskeyModLit = asrtKeyModulusLit.result
- numLit match {
- case tl: TypedLiteral => tl.getDataType match {
- case CERT.int_ => {
- try {
- BigInt(tl.getLexicalForm)
- reskeyModLit("Modulus is of type cert:int. It parsed ok.", passed, tl)
- result = true
- } catch {
- case e: NumberFormatException => {
- reskeyModLit("Modulus cert:int failed to parse as one", failed, tl)
- }
- }
- }
- case CERT.decimal => {
- //todo: need to add cert:decimal parsing flexibility to ontology
- reskeyModLit("Modulus is of type cert:decimal. It always parses ok", passed, tl)
- result = true
- }
- case CERT.hex => {
- result = true
- reskeyModLit("Modulus is of type cert:hex. It will always parse to a positive number.", passed, tl)
- }
- case XSD.int_ => {
- try {
- BigInt(tl.getLexicalForm)
- reskeyModLit("Modulus is of type xsd:int. It parsed but it is certainly too small for " +
- "a modulus", failed)
- } catch {
- case e: NumberFormatException => {
- reskeyModLit("Modulus cert:decimal is failed to parse", failed, tl)
- }
- }
- }
- case XSD.base64Binary => reskeyModLit("Base 64 binaries are not numbers. If you wish to have " +
- "a base64 integer notation let the WebId Group know. We can define one easily.", failed, tl)
- case XSD.hexBinary => reskeyModLit("Base hex binary literals are not a numbers. If you wish to have a hex " +
- " integer notation use the " + CERT.hex +
- " relation. It is easier for people to write out.", failed, tl)
- case XSD.nonNegativeInteger => {
- try {
- val bi = BigInt(tl.getLexicalForm)
- if (bi >= 0) {
- reskeyModLit("Modulus is declared to be of type non-negative integer and it is", passed, tl)
- result = true
- } else {
- reskeyModLit("Modulus is declared to be of type non-negative integer but it is negative", failed, tl)
- }
- } catch {
- case e: NumberFormatException => {
- reskeyModLit("Modulus xsd:int is very likely too short a number for a modulus. It also " +
- "failed to parse as one", failed, tl)
- }
- }
-
- }
- case XSD.integer => {
- try {
- BigInt(tl.getLexicalForm)
- reskeyModLit("Modulus is of type xsd:integer. It parsed.", passed, tl)
- result = true
- } catch {
- case e: NumberFormatException => {
- reskeyModLit("Modulus xsd:integer is failed to parse", failed, tl)
- }
- }
-
- }
- case XSD.positiveInteger => {
- try {
- val bi = BigInt(tl.getLexicalForm)
- if (bi > 0) {
- reskeyModLit("Modulus is declared to be of type positive integer and it is", passed, tl)
- result = true
- } else if (bi == 0) {
- reskeyModLit("Modulus is 0 which is certainly too small", failed, tl)
- } else {
- reskeyModLit("Modulus is declared to be of type positive integer but it is not", failed, tl)
- }
- } catch {
- case e: NumberFormatException => {
- reskeyModLit("Modulus xsd:positiveInteger failed to parse", failed, tl)
- }
- }
-
- }
- case littype => reskeyModLit("We don't know how to interpret numbers of type " + littype +
- "It would be better to use either cert:hex or cert:int", cantTell, tl)
- }
- case lit: Literal => reskeyModLit("The literal needs to be of a number type, not a string", failed, lit)
- }
- }
-
-
- //its ok, and do other modulus verification
- }
- return result
- }
-
-
- /**
- * @param exponentNode the node in the remote profile describing the expontent - can be a literal or a resource
- * @param litRef a reference to the literal as described in the test graph
- * @return true if the exponent parses correctly
- */
- def testRSAExp(exponentNode: RichGraphNode, litRef: Resource) : Boolean = {
- val asrtKeyExpLit = create(TEST.pubkeyRSAExponentLiteral, litRef)
- val asrtKeyExp = create(TEST.pubkeyRSAExponent, litRef)
- val asrtKeyExpOldFunc = create(TEST.pubkeyRSAExponentOldFunctional,litRef)
- var result = false
-
- exponentNode! match {
- case ref: NonLiteral => {
- asrtKeyExpLit.result("the exponent of this key is not described directly as" +
- " a literal. It is currently the preferred practice.", failed)
- val decml = exponentNode / CERT.decimal
- if (decml.size == 0) {
- asrtKeyExpOldFunc.result("no decimal value for the exponent found", failed)
- } else if (decml.size > 1) {
- asrtKeyExpOldFunc.result((decml.size - 1) + " too many decimal values for " +
- "the exponent found. 1 is enough. If the numbers don't end up matching this is very likely" +
- " to cause random behavior ", failed)
- } else {
- asrtKeyExpOldFunc.result("one hex value for modulus", EARL.passed)
- val kExpres = asrtKeyExp.result
- decml(0) ! match {
- case refh: NonLiteral => {
- asrtKeyExp.result("The exponent is using old notation and it's cert:decimal relation is not " +
- "to a literal. Going further would require reasoning engines which it is currently unlikely" +
- "many sites have access to.", failed)
- }
- case lith: Literal => {
- lith match {
- case plainLit: PlainLiteral => {
- if (plainLit.getLanguage != null)
- kExpres("key exponent exists and is parseable", passed)
- else
- kExpres("key exponent exists and is parseable, but has a language tag", passed)
- result = true
- }
- case typedLit: TypedLiteral => {
- if (typedLit.getDataType == null ||
- XSD.string == typedLit.getDataType) {
- kExpres("keymodulus exists and is parseable", passed)
- result = true
- } else {
- kExpres("keymodulus exists but does not have a string type", failed)
- }
- }
- case lit => {
- //todo: can cert:int not be mistyped?
- kExpres("keymodulus exists and is parseable", passed)
- }
- }
- }
- }
- }
-
- }
- case numLit: Literal => {
- val reskeyExpLit = asrtKeyExpLit.result
- numLit match {
- case tl: TypedLiteral => tl.getDataType match {
- case CERT.int_ => {
- try {
- BigInt(tl.getLexicalForm)
- reskeyExpLit("Exponent is of type cert:int. It parsed ok.", passed, tl)
- result = true
- } catch {
- case e: NumberFormatException => {
- reskeyExpLit("Exponent cert:int failed to parse as one", failed, tl)
- }
- }
- }
- case CERT.hex => {
- reskeyExpLit("Exponent is of type cert:hex. It will always parse to a positive number.", passed, tl)
- result = true
- }
- case CERT.decimal => {
- try {
- BigInt(tl.getLexicalForm)
- reskeyExpLit("Exponent is of type xsd:int. It parsed ok.", passed)
- result = true
- } catch {
- case e: NumberFormatException => {
- reskeyExpLit("Exeponent of type cert:decimal failed to parse", failed, tl)
- }
- }
- }
- case XSD.base64Binary => reskeyExpLit("Base 64 binaries are not numbers. If you wish to have " +
- "a base64 integer notation let the WebId Group know. We can define one easily.", failed, tl)
- case XSD.hexBinary => reskeyExpLit("Base hex binary literals are not a numbers. If you wish to have a hex " +
- " integer notation use the " + CERT.hex +
- " relation. It is easier for people to write out.", failed, tl)
- case XSD.nonNegativeInteger => {
- try {
- val bi = BigInt(tl.getLexicalForm)
- if (bi >= 0) {
- reskeyExpLit("Exponent is declared to be of type non-negative integer and it is", passed, tl)
- result = true
- } else {
- reskeyExpLit("Exponent is declared to be of type non-negative integer but it is negative", failed, tl)
- }
- } catch {
- case e: NumberFormatException => {
- reskeyExpLit("Exponent xsd:nonNegativeInteger failed to parse as one", failed, tl)
- }
- }
-
- }
- case XSD.integer => {
- try {
- BigInt(tl.getLexicalForm)
- reskeyExpLit("Exponent is of type xsd:integer. It parsed.", passed, tl)
- result = true
- } catch {
- case e: NumberFormatException => {
- reskeyExpLit("Exponent xsd:integer is failed to parse", failed, tl)
- }
- }
-
- }
- case XSD.positiveInteger => {
- try {
- val bi = BigInt(tl.getLexicalForm)
- if (bi > 0) {
- reskeyExpLit("Exponent is declared to be of type positive integer and it is", passed, tl)
- result = true
- } else if (bi == 0) {
- reskeyExpLit("Exponent is 0 which is certainly too small", failed, tl)
- } else {
- reskeyExpLit("Exponent is declared to be of type positive integer but it is not", failed, tl)
- }
- } catch {
- case e: NumberFormatException => {
- reskeyExpLit("Exponent xsd:positiveInteger failed to parse", failed, tl)
- }
- }
-
- }
- case littype => reskeyExpLit("We don't know how to interpret numbers of type " + littype +
- "It would be better to use either cert:hex or cert:int", cantTell, tl)
- }
- case lit: Literal => reskeyExpLit("The literal needs to be of a number type, not a string", failed, lit)
- }
- }
- }
- return result
- }
-
-
- def testKeys(profileKeys: CollectedIter[RichGraphNode]) {
-
- for (pkey <- profileKeys) yield {
- //
- //create a pointer to this key, so that future tester can refer to it
- //
- val graph: Graph = pkey.getNodeContext
- val sout = Serializer.getInstance()
- val out = new ByteArrayOutputStream(512)
- sout.serialize(out, graph, "text/rdf+n3")
- val n3String = out.toString("UTF-8")
- //todo: turtle mime type literal?
- import g._
- val keylit: GraphNode = g.bnode -- OWL.sameAs --> (n3String^^"http://example.com/turtle".uri)
-
-
- //
- // some of the tester we will complete here
- //
- val asrtKeyModulusFunc = create(TEST.pubkeyRSAModulusFunctional, keylit.getNode)
- val asrtKeyExpoFunc = create(TEST.pubkeyRSAExponentFunctional, keylit.getNode)
- val asrtWffkey = create(TEST.profileWellFormedKey, keylit.getNode)
-
-
- var claimsTobeRsaKey = pkey.hasProperty(RDF.`type`, RSA.RSAPublicKey)
-
- val mods = pkey / RSA.modulus
- val exps = pkey / RSA.public_exponent
-
- claimsTobeRsaKey = claimsTobeRsaKey || mods.size > 0 || exps.size > 0
-
- if (!claimsTobeRsaKey) {
- asrtWffkey.result("Do not recognise the type of this key", cantTell)
- }
-
- var rsaExpOk, rsaModOk: Boolean = false
-
- if (mods.size == 0) {
- if (claimsTobeRsaKey) {
- asrtKeyModulusFunc.result("Missing modulus in RSA key", failed)
- }
- else {
- asrtKeyModulusFunc.result("Can't tell if this is an RSA key", cantTell)
- }
- } else if (mods.size > 1) {
- asrtKeyModulusFunc.result("Found more than one modulus. Careful, unless the numbers are" +
- " exactly the same, there is a danger of erratic behavior", failed)
- } else {
- asrtKeyModulusFunc.result("Found one Modulus", passed)
-
- rsaModOk = testRSAModulus(mods, keylit.getNode)
- }
-
- if (exps.size == 0) {
- if (claimsTobeRsaKey) {
- asrtKeyExpoFunc.result("Missing exponent in RSA key", failed)
- }
- else {
- asrtKeyExpoFunc.result("Can't tell if this is an RSA key", cantTell)
- }
- } else if (exps.size > 1) {
- asrtKeyExpoFunc.result("Found more than one exponents. Careful, unless the numbers are" +
- " exactly the same, there is a danger of erratic behavior", failed)
- //we could have a problem
- } else {
- asrtKeyExpoFunc.result("Found one Modulus", passed)
- rsaExpOk = testRSAExp(mods, keylit.getNode)
- }
-
- if (rsaExpOk && rsaModOk) {
- asrtWffkey.result("Modulus and Exponent of key good", passed)
- }
-
- }
- }
+ import EARL.{passed, failed, cantTell, untested, inapplicable}
+
+ val creds: scala.collection.mutable.Set[X509Claim] = subj.getPublicCredentials(classOf[X509Claim]);
+ val now = new Date()
+
+
+ def runTests() {
+
+ import g._
+ val thisDoc = (g.bnode.a(FOAF.Document) //there really has to be a way to get THIS doc url, to add relative urls to the graph
+ -- DCTERMS.created --> now
+ )
+ //
+ // Description of certificates and their public profileKeys
+ //
+ val x509claimRefs = for (claim <- creds) yield {
+ val cert = g.bnode
+ (
+ cert.a(CERT.Certificate)
+ -- CERT.base64der --> Base64.encode(claim.cert.getEncoded())
+ )
+
+ //
+ // Assertion public key
+ //
+ val pubkey = claim.cert.getPublicKey
+ val testCertKey = create(TEST.certificatePubkeyRecognised, cert)
+
+ pubkey match {
+ case rsa: RSAPublicKey => {
+ val pk = (g.bnode.a(RSA.RSAPublicKey)
+ -- RSA.modulus --> new TypedLiteralImpl(rsa.getModulus.toString(16), CERT.hex)
+ -- RSA.public_exponent --> new TypedLiteralImpl(rsa.getPublicExponent.toString(10), CERT.int_)
+ )
+ cert -- CERT.principal_key --> pk
+ val res = testCertKey.result;
+ res.description = "Certificate contains RSA key which is recognised"
+ res.outcome = EARL.passed
+ res.pointer(pk.getNode.asInstanceOf[NonLiteral])
+ }
+ case _ => {
+ testCertKey.result.description = "Certificate contains key that is not understood by WebID layer " +
+ "Pubkey algorith is " + pubkey.getAlgorithm
+ testCertKey.result.outcome = EARL.failed
+ }
+ }
+
+ //
+ // Assertion time stamp of certificate
+ //
+ val dateOkAss = create(TEST.certificateDateOk, cert)
+ val notBefore = claim.cert.getNotBefore
+ val notAfter = claim.cert.getNotAfter
+
+ if (now.before(notBefore)) {
+ dateOkAss.result("Certificate time is too early. Watch out this is often due to time " +
+ "synchronisation issues accross servers", failed)
+ } else if (now.after(notAfter)) {
+ dateOkAss.result("Certificate validity time has expired. ", failed, thisDoc.getNode)
+ } else {
+ dateOkAss.result("Certificate time is valid", passed, thisDoc.getNode)
+ }
+
+ cert -> claim
+ }
+
+ //
+ // certificate was provided
+ //
+ val eC = x509claimRefs.size > 0
+ val ass = (
+ g.bnode.a(EARL.Assertion)
+ -- EARL.test --> TEST.certificateProvided
+ -- EARL.result --> (g.bnode.a(EARL.TestResult)
+ -- DC.description --> {if (eC) "Certificate available" else "No Certificate Found"}
+ -- EARL.outcome --> {if (eC) EARL.passed else EARL.failed})
+ )
+ if (eC) ass -- EARL.subject -->> x509claimRefs.map(p => p._1)
+ else return g
+
+
+ //
+ // WebID authentication succeeded
+ //
+ val principals = for (p <- subj.getPrincipals
+ if p.isInstanceOf[WebIdPrincipal]) yield p.asInstanceOf[WebIdPrincipal]
+ (g.bnode.a(EARL.Assertion)
+ -- EARL.test --> TEST.webidAuthentication
+ -- EARL.result --> (g.bnode.a(EARL.TestResult)
+ -- DC.description --> {"found " + principals.size + " valid principals"}
+ -- EARL.outcome --> {if (principals.size > 0) EARL.passed else EARL.failed}
+ -- EARL.pointer -->> principals.map(p => p.webId)
+ )
+ -- EARL.subject -->> x509claimRefs.map(p => p._1)
+ )
+ import collection.JavaConversions._
+
+ for ((certRef, claim) <- x509claimRefs) {
+ for (widc <- claim.webidclaims) {
+ import Verification._
+ val webidAss = create(TEST.webidClaim,
+ Seq(widc.webId, certRef)) //todo, we need to add a description of the profileKeys as found in the remote file
+ val result = webidAss.result
+ result.pointer(widc.webId)
+ result.exceptions = widc.errors
+ widc.verified match {
+ case Verified => {
+ result("claim for WebId " + widc.webId + " was verified", passed)
+ claimTests(widc)
+ }
+ case Failed => {
+ result("claim for WebID " + widc.webId + " failed", failed)
+ claimTests(widc)
+ }
+ case Unverified => {
+ result("claim for WebId " + widc.webId + " was not verified",untested)
+ }
+ case Unsupported => {
+ result("this webid is unsupported ",cantTell)
+ }
+ }
+ }
+ }
+ }
+
+ // more detailed tester for claims that passed or failed
+ // even tester that succeed could be just succeeding by chance (if public profileKeys are badly written out for eg)
+ def claimTests(claim: WebIDClaim) {
+ val sem: Option[GraphNode] = try {
+ Some(new GraphNode(claim.webId, webIdGraphsService.getWebIdInfo(claim.webId).publicProfile)) //webProxy.fetchSemantics(claim.webId, Cache.CacheOnly)
+ } catch {
+ case e: NoSuchEntityException => None
+ }
+ val profileXst = create(TEST.profileGet, claim.webId)
+
+ sem match {
+ case Some(profile) => {
+ if (profile.getGraph.size() > 0) {
+ profileXst.result("Profile was fetched. The information about this is not yet very detailed" +
+ " in Clerezza. Later will be able to give more details.", passed)
+ testKeys(profile /- CERT.identity)
+
+ } else {
+ profileXst.result("Profile seems to have been fetched but it contains very little" +
+ " information. There may be other issues too", cantTell)
+ }
+
+ }
+ case None => {
+ profileXst.result("No profile was found or is in store", failed)
+ }
+ }
+
+ }
+
+ /**
+ * @param exponentNode the node in the remote profile descrbing the modulus - can be a literal or a resource
+ * @param litRef a resource to the literal as described in the test graph
+ * @return true, if the modulus is recognised as parsing
+ */
+ def testRSAModulus(modulusNode: RichGraphNode, litRef: Resource):Boolean = {
+ val asrtKeyModulusLit = create(TEST.pubkeyRSAModulusLiteral, litRef)
+ val asrtKeyMod = create(TEST.pubkeyRSAModulus, litRef)
+ val asrtKeyModulusOldFunc = create(TEST.pubkeyRSAModulusOldFunctional,litRef)
+ var result = false
+
+ modulusNode! match {
+ case ref: NonLiteral => {
+ asrtKeyModulusLit.result("the modulus of this key is not described directly as" +
+ " a literal. It is currently the preferred practice.", failed)
+ val hex = modulusNode / CERT.hex
+ if (hex.size == 0) {
+ asrtKeyModulusOldFunc.result("no hexadecimal value for the modulus found", failed)
+ } else if (hex.size > 1) {
+ asrtKeyModulusOldFunc.result((hex.size - 1) + " too many hexadecimal values for " +
+ "the modulus found. 1 is enough. If the numbers don't end up matching this is very likely" +
+ " to cause random behavior ", failed)
+ } else {
+ asrtKeyModulusOldFunc.result("one hex value for modulus", EARL.passed)
+ val kmres = asrtKeyMod.result
+ hex(0) ! match {
+ case refh: NonLiteral => {
+ asrtKeyMod.result("The modulus is using old notation and it's hex is not " +
+ "a literal. Going further would require reasoning engines which it is currently unlikely" +
+ "many sites have access to.", failed)
+ }
+ case lith: Literal => {
+ lith match {
+ case plainLit: PlainLiteral => {
+ if (plainLit.getLanguage != null)
+ kmres("keymodulus exists and is parseable", passed)
+ else
+ kmres("keymodulus exists and is parseable, but has a language tag", passed)
+ result = true
+ }
+ case typedLit: TypedLiteral => {
+ if (typedLit.getDataType == null ||
+ XSD.string == typedLit.getDataType) {
+ kmres("keymodulus exists and is parseable", passed)
+ result = true
+ } else {
+ kmres("keymodulus exists but does not have a string type", failed)
+ }
+ }
+ case lit => {
+ // cert:hex cannot be mistyped, since anything that is odd in the string is
+ //removed
+ kmres("keymodulus exists and is parseable", passed)
+ result = true
+ }
+ }
+ }
+ }
+ }
+
+ }
+ case numLit: Literal => {
+ val reskeyModLit = asrtKeyModulusLit.result
+ numLit match {
+ case tl: TypedLiteral => tl.getDataType match {
+ case CERT.int_ => {
+ try {
+ BigInt(tl.getLexicalForm)
+ reskeyModLit("Modulus is of type cert:int. It parsed ok.", passed, tl)
+ result = true
+ } catch {
+ case e: NumberFormatException => {
+ reskeyModLit("Modulus cert:int failed to parse as one", failed, tl)
+ }
+ }
+ }
+ case CERT.decimal => {
+ //todo: need to add cert:decimal parsing flexibility to ontology
+ reskeyModLit("Modulus is of type cert:decimal. It always parses ok", passed, tl)
+ result = true
+ }
+ case CERT.hex => {
+ result = true
+ reskeyModLit("Modulus is of type cert:hex. It will always parse to a positive number.", passed, tl)
+ }
+ case XSD.int_ => {
+ try {
+ BigInt(tl.getLexicalForm)
+ reskeyModLit("Modulus is of type xsd:int. It parsed but it is certainly too small for " +
+ "a modulus", failed)
+ } catch {
+ case e: NumberFormatException => {
+ reskeyModLit("Modulus cert:decimal is failed to parse", failed, tl)
+ }
+ }
+ }
+ case XSD.base64Binary => reskeyModLit("Base 64 binaries are not numbers. If you wish to have " +
+ "a base64 integer notation let the WebId Group know. We can define one easily.", failed, tl)
+ case XSD.hexBinary => reskeyModLit("Base hex binary literals are not a numbers. If you wish to have a hex " +
+ " integer notation use the " + CERT.hex +
+ " relation. It is easier for people to write out.", failed, tl)
+ case XSD.nonNegativeInteger => {
+ try {
+ val bi = BigInt(tl.getLexicalForm)
+ if (bi >= 0) {
+ reskeyModLit("Modulus is declared to be of type non-negative integer and it is", passed, tl)
+ result = true
+ } else {
+ reskeyModLit("Modulus is declared to be of type non-negative integer but it is negative", failed, tl)
+ }
+ } catch {
+ case e: NumberFormatException => {
+ reskeyModLit("Modulus xsd:int is very likely too short a number for a modulus. It also " +
+ "failed to parse as one", failed, tl)
+ }
+ }
+
+ }
+ case XSD.integer => {
+ try {
+ BigInt(tl.getLexicalForm)
+ reskeyModLit("Modulus is of type xsd:integer. It parsed.", passed, tl)
+ result = true
+ } catch {
+ case e: NumberFormatException => {
+ reskeyModLit("Modulus xsd:integer is failed to parse", failed, tl)
+ }
+ }
+
+ }
+ case XSD.positiveInteger => {
+ try {
+ val bi = BigInt(tl.getLexicalForm)
+ if (bi > 0) {
+ reskeyModLit("Modulus is declared to be of type positive integer and it is", passed, tl)
+ result = true
+ } else if (bi == 0) {
+ reskeyModLit("Modulus is 0 which is certainly too small", failed, tl)
+ } else {
+ reskeyModLit("Modulus is declared to be of type positive integer but it is not", failed, tl)
+ }
+ } catch {
+ case e: NumberFormatException => {
+ reskeyModLit("Modulus xsd:positiveInteger failed to parse", failed, tl)
+ }
+ }
+
+ }
+ case littype => reskeyModLit("We don't know how to interpret numbers of type " + littype +
+ "It would be better to use either cert:hex or cert:int", cantTell, tl)
+ }
+ case lit: Literal => reskeyModLit("The literal needs to be of a number type, not a string", failed, lit)
+ }
+ }
+
+
+ //its ok, and do other modulus verification
+ }
+ return result
+ }
+
+
+ /**
+ * @param exponentNode the node in the remote profile describing the expontent - can be a literal or a resource
+ * @param litRef a reference to the literal as described in the test graph
+ * @return true if the exponent parses correctly
+ */
+ def testRSAExp(exponentNode: RichGraphNode, litRef: Resource) : Boolean = {
+ val asrtKeyExpLit = create(TEST.pubkeyRSAExponentLiteral, litRef)
+ val asrtKeyExp = create(TEST.pubkeyRSAExponent, litRef)
+ val asrtKeyExpOldFunc = create(TEST.pubkeyRSAExponentOldFunctional,litRef)
+ var result = false
+
+ exponentNode! match {
+ case ref: NonLiteral => {
+ asrtKeyExpLit.result("the exponent of this key is not described directly as" +
+ " a literal. It is currently the preferred practice.", failed)
+ val decml = exponentNode / CERT.decimal
+ if (decml.size == 0) {
+ asrtKeyExpOldFunc.result("no decimal value for the exponent found", failed)
+ } else if (decml.size > 1) {
+ asrtKeyExpOldFunc.result((decml.size - 1) + " too many decimal values for " +
+ "the exponent found. 1 is enough. If the numbers don't end up matching this is very likely" +
+ " to cause random behavior ", failed)
+ } else {
+ asrtKeyExpOldFunc.result("one hex value for modulus", EARL.passed)
+ val kExpres = asrtKeyExp.result
+ decml(0) ! match {
+ case refh: NonLiteral => {
+ asrtKeyExp.result("The exponent is using old notation and it's cert:decimal relation is not " +
+ "to a literal. Going further would require reasoning engines which it is currently unlikely" +
+ "many sites have access to.", failed)
+ }
+ case lith: Literal => {
+ lith match {
+ case plainLit: PlainLiteral => {
+ if (plainLit.getLanguage != null)
+ kExpres("key exponent exists and is parseable", passed)
+ else
+ kExpres("key exponent exists and is parseable, but has a language tag", passed)
+ result = true
+ }
+ case typedLit: TypedLiteral => {
+ if (typedLit.getDataType == null ||
+ XSD.string == typedLit.getDataType) {
+ kExpres("keymodulus exists and is parseable", passed)
+ result = true
+ } else {
+ kExpres("keymodulus exists but does not have a string type", failed)
+ }
+ }
+ case lit => {
+ //todo: can cert:int not be mistyped?
+ kExpres("keymodulus exists and is parseable", passed)
+ }
+ }
+ }
+ }
+ }
+
+ }
+ case numLit: Literal => {
+ val reskeyExpLit = asrtKeyExpLit.result
+ numLit match {
+ case tl: TypedLiteral => tl.getDataType match {
+ case CERT.int_ => {
+ try {
+ BigInt(tl.getLexicalForm)
+ reskeyExpLit("Exponent is of type cert:int. It parsed ok.", passed, tl)
+ result = true
+ } catch {
+ case e: NumberFormatException => {
+ reskeyExpLit("Exponent cert:int failed to parse as one", failed, tl)
+ }
+ }
+ }
+ case CERT.hex => {
+ reskeyExpLit("Exponent is of type cert:hex. It will always parse to a positive number.", passed, tl)
+ result = true
+ }
+ case CERT.decimal => {
+ try {
+ BigInt(tl.getLexicalForm)
+ reskeyExpLit("Exponent is of type xsd:int. It parsed ok.", passed)
+ result = true
+ } catch {
+ case e: NumberFormatException => {
+ reskeyExpLit("Exeponent of type cert:decimal failed to parse", failed, tl)
+ }
+ }
+ }
+ case XSD.base64Binary => reskeyExpLit("Base 64 binaries are not numbers. If you wish to have " +
+ "a base64 integer notation let the WebId Group know. We can define one easily.", failed, tl)
+ case XSD.hexBinary => reskeyExpLit("Base hex binary literals are not a numbers. If you wish to have a hex " +
+ " integer notation use the " + CERT.hex +
+ " relation. It is easier for people to write out.", failed, tl)
+ case XSD.nonNegativeInteger => {
+ try {
+ val bi = BigInt(tl.getLexicalForm)
+ if (bi >= 0) {
+ reskeyExpLit("Exponent is declared to be of type non-negative integer and it is", passed, tl)
+ result = true
+ } else {
+ reskeyExpLit("Exponent is declared to be of type non-negative integer but it is negative", failed, tl)
+ }
+ } catch {
+ case e: NumberFormatException => {
+ reskeyExpLit("Exponent xsd:nonNegativeInteger failed to parse as one", failed, tl)
+ }
+ }
+
+ }
+ case XSD.integer => {
+ try {
+ BigInt(tl.getLexicalForm)
+ reskeyExpLit("Exponent is of type xsd:integer. It parsed.", passed, tl)
+ result = true
+ } catch {
+ case e: NumberFormatException => {
+ reskeyExpLit("Exponent xsd:integer is failed to parse", failed, tl)
+ }
+ }
+
+ }
+ case XSD.positiveInteger => {
+ try {
+ val bi = BigInt(tl.getLexicalForm)
+ if (bi > 0) {
+ reskeyExpLit("Exponent is declared to be of type positive integer and it is", passed, tl)
+ result = true
+ } else if (bi == 0) {
+ reskeyExpLit("Exponent is 0 which is certainly too small", failed, tl)
+ } else {
+ reskeyExpLit("Exponent is declared to be of type positive integer but it is not", failed, tl)
+ }
+ } catch {
+ case e: NumberFormatException => {
+ reskeyExpLit("Exponent xsd:positiveInteger failed to parse", failed, tl)
+ }
+ }
+
+ }
+ case littype => reskeyExpLit("We don't know how to interpret numbers of type " + littype +
+ "It would be better to use either cert:hex or cert:int", cantTell, tl)
+ }
+ case lit: Literal => reskeyExpLit("The literal needs to be of a number type, not a string", failed, lit)
+ }
+ }
+ }
+ return result
+ }
+
+
+ def testKeys(profileKeys: CollectedIter[RichGraphNode]) {
+
+ for (pkey <- profileKeys) yield {
+ //
+ //create a pointer to this key, so that future tester can refer to it
+ //
+ val graph: Graph = pkey.getNodeContext
+ val sout = Serializer.getInstance()
+ val out = new ByteArrayOutputStream(512)
+ sout.serialize(out, graph, "text/rdf+n3")
+ val n3String = out.toString("UTF-8")
+ //todo: turtle mime type literal?
+ import g._
+ val keylit: GraphNode = g.bnode -- OWL.sameAs --> (n3String^^"http://example.com/turtle".uri)
+
+
+ //
+ // some of the tester we will complete here
+ //
+ val asrtKeyModulusFunc = create(TEST.pubkeyRSAModulusFunctional, keylit.getNode)
+ val asrtKeyExpoFunc = create(TEST.pubkeyRSAExponentFunctional, keylit.getNode)
+ val asrtWffkey = create(TEST.profileWellFormedKey, keylit.getNode)
+
+
+ var claimsTobeRsaKey = pkey.hasProperty(RDF.`type`, RSA.RSAPublicKey)
+
+ val mods = pkey / RSA.modulus
+ val exps = pkey / RSA.public_exponent
+
+ claimsTobeRsaKey = claimsTobeRsaKey || mods.size > 0 || exps.size > 0
+
+ if (!claimsTobeRsaKey) {
+ asrtWffkey.result("Do not recognise the type of this key", cantTell)
+ }
+
+ var rsaExpOk, rsaModOk: Boolean = false
+
+ if (mods.size == 0) {
+ if (claimsTobeRsaKey) {
+ asrtKeyModulusFunc.result("Missing modulus in RSA key", failed)
+ }
+ else {
+ asrtKeyModulusFunc.result("Can't tell if this is an RSA key", cantTell)
+ }
+ } else if (mods.size > 1) {
+ asrtKeyModulusFunc.result("Found more than one modulus. Careful, unless the numbers are" +
+ " exactly the same, there is a danger of erratic behavior", failed)
+ } else {
+ asrtKeyModulusFunc.result("Found one Modulus", passed)
+
+ rsaModOk = testRSAModulus(mods, keylit.getNode)
+ }
+
+ if (exps.size == 0) {
+ if (claimsTobeRsaKey) {
+ asrtKeyExpoFunc.result("Missing exponent in RSA key", failed)
+ }
+ else {
+ asrtKeyExpoFunc.result("Can't tell if this is an RSA key", cantTell)
+ }
+ } else if (exps.size > 1) {
+ asrtKeyExpoFunc.result("Found more than one exponents. Careful, unless the numbers are" +
+ " exactly the same, there is a danger of erratic behavior", failed)
+ //we could have a problem
+ } else {
+ asrtKeyExpoFunc.result("Found one Modulus", passed)
+ rsaExpOk = testRSAExp(mods, keylit.getNode)
+ }
+
+ if (rsaExpOk && rsaModOk) {
+ asrtWffkey.result("Modulus and Exponent of key good", passed)
+ }
+
+ }
+ }
}
/**
@@ -678,80 +678,80 @@ class CertTester(subj: Subject, webIdGraphsService: WebIdGraphsService) extends
*/
class Assertor {
- val g = new EzMGraph(new SimpleMGraph)
-
- var assertions: List[Assertion] = Nil
-
- def add(newAssertion: Assertion) = {
- assertions = newAssertion :: assertions
- newAssertion
- }
-
- def create(testName: UriRef, subjects: Seq[Resource]) = new Assertion(testName, subjects)
-
- def create(testName: UriRef, subject: Resource) = new Assertion(testName, Seq[Resource](subject))
-
- def toRdf(): TripleCollection = {
- for (test <- assertions) {
- test.toRdf()
- }
- g
- }
-
- class Assertion(testName: UriRef,
- subjects: Seq[Resource]) {
-
- //only add this runTests to the list of assertions if there is a result
- //this makes it easier to write code that keeps track of assertions, without ending up having to
- //publish all of them
- lazy val result = {
- add(this)
- new TstResult
- }
-
- import g._
- def toRdf(): GraphNode = (
- g.bnode.a(EARL.Assertion)
- -- EARL.test --> testName
- -- EARL.result --> result.toRdf()
- -- EARL.subject -->> subjects
- )
- }
-
- class TstResult {
- var description: String = _
- var outcome: UriRef = _
- var pointers: Seq[Resource] = Nil
- var exceptions: Iterable[java.lang.Throwable] = Nil
-
- def pointer(point: NonLiteral) {
- pointers = Seq(point)
- }
-
-
- // a method to deal with most usual case
- def apply(desc: String, success: UriRef) {
- description = desc
- outcome = success
- }
-
- def apply(desc: String, success: UriRef, pointer: Resource) {
- description = desc
- outcome = success
- pointers = Seq(pointer)
- }
-
-
- def toRdf(): GraphNode = {
- import g._
- (g.bnode.a(EARL.TestResult)
- -- DC.description --> description
- -- EARL.outcome --> outcome
- -- EARL.pointer -->> pointers
- -- EARL.info -->> { for (e <- exceptions) yield new PlainLiteralImpl(e.toString) }
- )
- }
-
- }
+ val g = new EzMGraph(new SimpleMGraph)
+
+ var assertions: List[Assertion] = Nil
+
+ def add(newAssertion: Assertion) = {
+ assertions = newAssertion :: assertions
+ newAssertion
+ }
+
+ def create(testName: UriRef, subjects: Seq[Resource]) = new Assertion(testName, subjects)
+
+ def create(testName: UriRef, subject: Resource) = new Assertion(testName, Seq[Resource](subject))
+
+ def toRdf(): TripleCollection = {
+ for (test <- assertions) {
+ test.toRdf()
+ }
+ g
+ }
+
+ class Assertion(testName: UriRef,
+ subjects: Seq[Resource]) {
+
+ //only add this runTests to the list of assertions if there is a result
+ //this makes it easier to write code that keeps track of assertions, without ending up having to
+ //publish all of them
+ lazy val result = {
+ add(this)
+ new TstResult
+ }
+
+ import g._
+ def toRdf(): GraphNode = (
+ g.bnode.a(EARL.Assertion)
+ -- EARL.test --> testName
+ -- EARL.result --> result.toRdf()
+ -- EARL.subject -->> subjects
+ )
+ }
+
+ class TstResult {
+ var description: String = _
+ var outcome: UriRef = _
+ var pointers: Seq[Resource] = Nil
+ var exceptions: Iterable[java.lang.Throwable] = Nil
+
+ def pointer(point: NonLiteral) {
+ pointers = Seq(point)
+ }
+
+
+ // a method to deal with most usual case
+ def apply(desc: String, success: UriRef) {
+ description = desc
+ outcome = success
+ }
+
+ def apply(desc: String, success: UriRef, pointer: Resource) {
+ description = desc
+ outcome = success
+ pointers = Seq(pointer)
+ }
+
+
+ def toRdf(): GraphNode = {
+ import g._
+ (g.bnode.a(EARL.TestResult)
+ -- DC.description --> description
+ -- EARL.outcome --> outcome
+ -- EARL.pointer -->> pointers
+ -- EARL.info -->> { for (e <- exceptions) yield new PlainLiteralImpl(e.toString) }
+ )
+ }
+
+ }
}
http://git-wip-us.apache.org/repos/asf/clerezza/blob/35448624/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/WebIDClaimPg.scala
----------------------------------------------------------------------
diff --git a/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/WebIDClaimPg.scala b/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/WebIDClaimPg.scala
index 8bf32ed..890a9d7 100644
--- a/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/WebIDClaimPg.scala
+++ b/platform.security.foafssl/test/src/main/scala/org/apache/clerezza/foafssl/test/pages/WebIDClaimPg.scala
@@ -42,21 +42,21 @@ import org.apache.clerezza.platform.users.WebIdGraphsService
*/
class WebIDClaimPg extends SRenderlet {
- def getRdfType() = WebIDTester.testCls
+ def getRdfType() = WebIDTester.testCls
- override def renderedPage(arguments: XmlResult.Arguments) = new XhtmlWebIDClaimPg(arguments, webIdGraphsService)
+ override def renderedPage(arguments: XmlResult.Arguments) = new XhtmlWebIDClaimPg(arguments, webIdGraphsService)
- //TODO a renderlet should not need services,
+ //TODO a renderlet should not need services,
- private var webIdGraphsService: WebIdGraphsService = null
+ private var webIdGraphsService: WebIdGraphsService = null
- protected def bindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
- this.webIdGraphsService = webIdGraphsService
- }
+ protected def bindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
+ this.webIdGraphsService = webIdGraphsService
+ }
- protected def unbindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
- this.webIdGraphsService = null
- }
+ protected def unbindWebIdGraphsService(webIdGraphsService: WebIdGraphsService): Unit = {
+ this.webIdGraphsService = null
+ }
@@ -69,9 +69,9 @@ object XhtmlWebIDClaimPg {
class XhtmlWebIDClaimPg(arguments: XmlResult.Arguments, webIdGraphsService: WebIdGraphsService) extends XmlResult(arguments ) {
import XhtmlWebIDClaimPg._
- resultDocModifier.setTitle("WebId Tests");
- resultDocModifier.addNodes2Elem("tx-module", Test Panel
);
- resultDocModifier.addNodes2Elem("tx-module-tabs-ol", WebId Tester);
+ resultDocModifier.setTitle("WebId Tests");
+ resultDocModifier.addNodes2Elem("tx-module", Test Panel
);
+ resultDocModifier.addNodes2Elem("tx-module-tabs-ol", WebId Tester);
override def content = WebID Login Test Page
The TLS connection was established. We do not test the basic TLS connection.
@@ -81,7 +81,7 @@ class XhtmlWebIDClaimPg(arguments: XmlResult.Arguments, webIdGraphsService: WebI
if (creds.size==0)
No X509 credentials available.
else for (cred <- creds) yield describeX509Claim(cred)
}
-
For very detailed test information to send to support download this n3 file.
+
For very detailed test information to send to support download this n3 file.
@@ -144,97 +144,97 @@ class XhtmlWebIDClaimPg(arguments: XmlResult.Arguments, webIdGraphsService: WebI
def displayKey(key: RichGraphNode) =
- {val errs = verifyKeyClosely(key)
- if (errs.size > 0)
- else scala.xml.Null
- }
-
- {val graph: Graph = key.getNodeContext
- val sout = Serializer.getInstance()
- val out = new ByteArrayOutputStream(1024)
- sout.serialize(out, graph, "text/rdf+n3")
- out.toString("UTF-8")}
-
+ {val errs = verifyKeyClosely(key)
+ if (errs.size > 0)
+ else scala.xml.Null
+ }
+
+ {val graph: Graph = key.getNodeContext
+ val sout = Serializer.getInstance()
+ val out = new ByteArrayOutputStream(1024)
+ sout.serialize(out, graph, "text/rdf+n3")
+ out.toString("UTF-8")}
+
- /**
- * test numbers written in the old style with non literals
- *
- * @param The node that is the number. Should be a non literal
- * @param The relation name to the string that identifies the number
- * @param The role of the number in the public key (modulus, exponent, ...)
- *
- */
- def nonLiteralNumTest(number: RichGraphNode, relToString: UriRef, numberRole: String ): NodeSeq = {
- val typeTest = number! match {
- case uri: UriRef => Warning: your {numberRole} is a uri. The new spec requires this to be a literal.
- Uri found: {uri.getUnicodeString}
- case _: BNode => Warning: your {numberRole} is a blank node. The newer spec requires this to be a literal
- }
- typeTest++
- {
- val hexs = number / relToString
- if (hexs.size > 1) {
- WARNING: Your {numberRole} has more than one relation to a hexadecimal string. Unless both of those strings
- map to the same number, your identification experience will be very random
- } else if (hexs.size == 0) {
- WARNING: your {numberRole} has no decimal literal attached by the {relToString} relation
- } else hexs! match {
- case bnode: NonLiteral => Warning: Your {numberRole} has a relation to a non literal, where it should be a
- relation to a literal. It is possible that logically it all works out, but don't even expect a few engines to
- bother reflecting deeply on this. We don't check past here.
- case lit: Literal => emptyxml
- }
- }
-
- }
-
- def literalNumTest(number: Literal): NodeSeq = {
- number match {
- case tl: TypedLiteral => tl.getDataType match {
- case CERT.int_ => emptyxml
- case CERT.hex => emptyxml
- case CERT.decimal => emptyxml
- case XSD.base64Binary => Base 64 binary is not a number. If you wish to have a base64 integer notation
- let the WebId Group know
- case XSD.hexBinary => Base hex binary is not a number. If you wish to have a hex integer notation
- use the {CERT.hex} relation. It is easier for people to write out
- case XSD.nonNegativeInteger => emptyxml
- case XSD.integer => emptyxml
- case XSD.positiveInteger => emptyxml
- case XSD.int_ => emptyxml
- case littype => We don't know how to interpret numbers of {littype}.
- It would be better to use either
- cert:hex or cert:int
- }
- case _: Literal => Warning: you need to put a literal type, so we can know how to interpret the string.
-
- }
- }
-
- def verifyKeyClosely(key: RichGraphNode) : NodeSeq= {
- val moduli = key/RSA.modulus
- val modWarn = if (moduli.size>1) {
- Warning: you have written the modulus out in more than one way. If they a are not equal your
- connections might be alternatively successful
- } else if (moduli.size==0) {
- Warning: you have no modulus here. RSA keys must have one modulus
- } else moduli! match {
- case _: NonLiteral => nonLiteralNumTest(moduli(0),CERT.hex,"modulus")
- case lit: Literal => literalNumTest(lit)
- }
- val expts = key/RSA.public_exponent
- val expWarn = if (expts.size>1) {
- Warning: you have more than one exponent. They must be equal, or your connections will be unpredicable
-
- } else if (expts.size==0) {
- Warning: you have no exponent here. RSA keys must have one public exponent
- } else expts! match {
- case _: NonLiteral => nonLiteralNumTest(expts(0),CERT.decimal,"exponent")
- case lit: Literal => literalNumTest(lit)
- }
-
- return modWarn ++ expWarn
- }
+ /**
+ * test numbers written in the old style with non literals
+ *
+ * @param The node that is the number. Should be a non literal
+ * @param The relation name to the string that identifies the number
+ * @param The role of the number in the public key (modulus, exponent, ...)
+ *
+ */
+ def nonLiteralNumTest(number: RichGraphNode, relToString: UriRef, numberRole: String ): NodeSeq = {
+ val typeTest = number! match {
+ case uri: UriRef => Warning: your {numberRole} is a uri. The new spec requires this to be a literal.
+ Uri found: {uri.getUnicodeString}
+ case _: BNode => Warning: your {numberRole} is a blank node. The newer spec requires this to be a literal
+ }
+ typeTest++
+ {
+ val hexs = number / relToString
+ if (hexs.size > 1) {
+ WARNING: Your {numberRole} has more than one relation to a hexadecimal string. Unless both of those strings
+ map to the same number, your identification experience will be very random
+ } else if (hexs.size == 0) {
+ WARNING: your {numberRole} has no decimal literal attached by the {relToString} relation
+ } else hexs! match {
+ case bnode: NonLiteral => Warning: Your {numberRole} has a relation to a non literal, where it should be a
+ relation to a literal. It is possible that logically it all works out, but don't even expect a few engines to
+ bother reflecting deeply on this. We don't check past here.
+ case lit: Literal => emptyxml
+ }
+ }
+
+ }
+
+ def literalNumTest(number: Literal): NodeSeq = {
+ number match {
+ case tl: TypedLiteral => tl.getDataType match {
+ case CERT.int_ => emptyxml
+ case CERT.hex => emptyxml
+ case CERT.decimal => emptyxml
+ case XSD.base64Binary => Base 64 binary is not a number. If you wish to have a base64 integer notation
+ let the WebId Group know
+ case XSD.hexBinary => Base hex binary is not a number. If you wish to have a hex integer notation
+ use the {CERT.hex} relation. It is easier for people to write out
+ case XSD.nonNegativeInteger => emptyxml
+ case XSD.integer => emptyxml
+ case XSD.positiveInteger => emptyxml
+ case XSD.int_ => emptyxml
+ case littype => We don't know how to interpret numbers of {littype}.
+ It would be better to use either
+ cert:hex or cert:int
+ }
+ case _: Literal => Warning: you need to put a literal type, so we can know how to interpret the string.
+
+ }
+ }
+
+ def verifyKeyClosely(key: RichGraphNode) : NodeSeq= {
+ val moduli = key/RSA.modulus
+ val modWarn = if (moduli.size>1) {
+ Warning: you have written the modulus out in more than one way. If they a are not equal your
+ connections might be alternatively successful
+ } else if (moduli.size==0) {
+ Warning: you have no modulus here. RSA keys must have one modulus
+ } else moduli! match {
+ case _: NonLiteral => nonLiteralNumTest(moduli(0),CERT.hex,"modulus")
+ case lit: Literal => literalNumTest(lit)
+ }
+ val expts = key/RSA.public_exponent
+ val expWarn = if (expts.size>1) {
+ Warning: you have more than one exponent. They must be equal, or your connections will be unpredicable
+
+ } else if (expts.size==0) {
+ Warning: you have no exponent here. RSA keys must have one public exponent
+ } else expts! match {
+ case _: NonLiteral => nonLiteralNumTest(expts(0),CERT.decimal,"exponent")
+ case lit: Literal => literalNumTest(lit)
+ }
+
+ return modWarn ++ expWarn
+ }
}