foafssl.org converted - an example without SPARQL from Henry Story on 2011-11-26 (public-xg-webid@w3.org from November 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Sun, 27 Nov 2011 00:11:43 +0100
To: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>
Message-Id: <04737380-B413-4B1E-A79C-FD868FCFE2E3@bblfish.net>

I have not converted the authentication service of https://foafssl.org/srv/idp to be compliant 
with the new spec. foafssl.org is currently running a version of Clerezza, which does not have
SPARQL support btw, so it is interesting to see how things are done in that case.

First one can see in the diff that it was again mostly code removal. So that is good !

https://github.com/bblfish/clerezza/commit/71e0135aa9cacaa866c251333688969133804951

The verify method is not as clean and easy as the SPARQL equivalent, but in Scala it is not too bad either.
This is the main part of the code:

    (id/-CERT.modulus) exists  { key =>
      if (tc.filter(webId,CERT.key,key.getNode).hasNext) {  //then we just need to check the exponent ...
         (key/CERT.exponent) exists { exponentOk(_) }
       } else false
    }

First it creates a modulus hexBinary and then it seeks the key(s) that go with it. It verifies if one
of those is correctly linked to the WebID and if so if there is a relation to the right exponent.

private def verify(publicKey: RSAPublicKey, tc: TripleCollection): Boolean = {
    import WebIDClaim.hex
    val modulusLit = new TypedLiteralImpl(hex(publicKey.getModulus.toByteArray), XSD.hexBinary)
    val id = new RichGraphNode(modulusLit,tc);
//    Serializer.getInstance().serialize(System.out,tc,"text/turtle")

    // test if node is the exponent in the public key
    def exponentOk(exp: RichGraphNode): Boolean = exp.getNode match {
        case lit: TypedLiteral if  integerTypes contains lit.getDataType => try {
          val bi = new BigInteger(lit.getLexicalForm.trim())
          bi.equals(publicKey.getPublicExponent)
        } catch {
          case ex => logger.warn("problem comparing exponents...", ex)
          false
        }
        case _ => false
      }

    (id/-CERT.modulus) exists  { key =>
      if (tc.filter(webId,CERT.key,key.getNode).hasNext) {  //then we just need to check the exponent ...
         (key/CERT.exponent) exists { exponentOk(_) }
       } else false
    }
  }

So not too bad, but SPARQL is a nice way to say the same thing.

Henry

PS. code here:
https://github.com/bblfish/clerezza/blob/71e0135aa9cacaa866c251333688969133804951/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala




Social Web Architect
http://bblfish.net/

Received on Saturday, 26 November 2011 23:12:21 UTC