First release candidate version with attached documentation.

Author: Jonathon Duerig

README.md

@@ -1,4 +1,72 @@
-xml-signer
-==========
+=GENI Authorization Tool=
 
-xmldsig signatures in a browser
+This tool will sign credentials that allow a tool to act on behalf of
+a user. Aside from direct user interaction, there are two kinds of
+entities that interact with this tool: Member Authorities and Tool
+frontends.
+
+As a federation-wide utility, this tool will reside at a trusted
+location accessible via SSL connection. Any tool frontend can invoke a
+JavaScript function which will popup an authorization window for the
+user.
+
+==Test Environment==
+
+To try out GENI Authorization, you will need a GENI certificate and
+key bundle in PEM format, and the ability to host the source files on
+a webhost. For testing, you need not host them via SSL.
+
+Upload all of the files in the repository to your chosen
+destination. You may need to tweak geni-auth.js. The 'trustedHost'
+variable at the top is intended to point to the final trusted hostname
+for added security. But for testing, you will need to point it at the
+hostname and port of your test server.
+
+Once you have the files hosted, you can visit index.html by itself to
+simply load and clear your certificate. Or you can visit tool.html to
+try out the example tool and get a signed credential.
+
+==Tool API==
+
+To use the GENI Authorization Tool in your tool, you will need to
+include geni-auth.js into the web frontend of your tool. In your event
+function that handles the user's authorization, invoke the
+genilib.authorize method.
+
+===genilib.authorize (id, cert, callback)===
+
+This method pops up an authorization window allowing the user to
+create a speaks-for credential for your tool. This should only be
+invoked in response to a user-driven event such as a click or the
+browser's popup blocker may interfere.
+
+Parameters:
+- id: An opaque string, usually the URN of the tool
+- cert: PEM-encoded certificate of the tool. Should be valid for any authority your tool needs to establish trust with.
+- callback: This method will be invoked with a string containing the XML GENI credential. There is no timeout and this method may never be called if the user closes the authorization window.
+
+Returns: Nothing
+
+==Member Authority API==
+
+Member Authorities may optionally present a web interface that lets
+the user pass their certificate to the GENI Authorization Tool. If
+they do not present a web interface, it will be up to the user to
+manually paste in their certificate file.
+
+Once the user's identity has been verified, the member authority
+invokes genilib.sendCertificate to pass the certificate to the trusted
+signer.
+
+===genilib.sendCertificate (cert)===
+
+This method sends a user's GENI certificate to the GENI Authorization
+Tool which is presumed to live in the browser window that opened the
+current one. After sending the message, it will close the current
+window or tab. If this function is invoked in some other circumstance,
+it simply closes the current window or tab.
+
+Parameters:
+- cert: A pem-encoded certificate and private key belonging to the logged in user.
+
+Returns: Nothing

emulab.html

@@ -6,9 +6,7 @@
 
   <link rel="shortcut icon" href="favicon.ico"/>
   <link rel="stylesheet" style="text/css"
-        href="lib/bootstrap/css/bootstrap.min.css">
-  <link rel="stylesheet" style="text/css"
-        href="lib/bootstrap/css/bootstrap-responsive.min.css">
+        href="lib/amelia.min.css">
   <script src="geni-auth.js"></script>
   <script data-main="emulab" src="require-jquery.js"></script>
 </head>

emulab.js

@@ -1,6 +1,6 @@
 /*global require: true */
 
-require(['jquery', 'text!example.pem'],
+require(['jquery', 'text!cred/user.pem'],
 function ($, cert) {
   'use strict';
 

geni-auth.js

@@ -1,24 +1,34 @@
 
 var genilib = {};
-//genilib.trustedHost = 'http://localhost:8080';
-genilib.trustedHost = 'https://www.emulab.net';
+genilib.trustedHost = 'http://localhost:8080';
+//genilib.trustedHost = 'https://www.emulab.net';
 
-genilib.authorize = function(id, callback)
+genilib.authorize = function(id, cert, callback)
 {
   var wrapper = {};
 
   wrapper.other = window.open('index.html?id=' + encodeURIComponent(id), 'GENI Tool Authorization',
-                              'height=400,width=600');
+                              'height=400,width=800');
 
   wrapper.listener = function (event) {
+    var data;
     if (event.source === wrapper.other &&
         event.origin === genilib.trustedHost &&
-        event.data.id && event.data.id === id && event.data.credential)
+        event.data.ready)
+    {
+      data = {
+        certificate: cert
+      };
+      wrapper.other.postMessage(data, genilib.trustedHost);
+    }
+    else if (event.source === wrapper.other &&
+             event.origin === genilib.trustedHost &&
+             event.data.id && event.data.id === id && event.data.credential)
     {
       window.removeEventListener('message', wrapper.listener, false);
       wrapper.other.removeEventListener('close', wrapper.close, false);
 
-      var data = {
+      data = {
         id: event.data.id,
         ack: true
       };

index.html

@@ -2,13 +2,11 @@
 <html lang="en">
 <head>
   <meta charset="utf-8">
-  <title>Credential Signer</title>
+  <title>GENI Authorization Tool</title>
 
   <link rel="shortcut icon" href="favicon.ico"/>
   <link rel="stylesheet" style="text/css"
-        href="lib/bootstrap/css/bootstrap.min.css">
-  <link rel="stylesheet" style="text/css"
-        href="lib/bootstrap/css/bootstrap-responsive.min.css">
+        href="lib/cyborg.min.css">
   <script src="lib/jsrsasign/asn1hex-1.1.js"></script>
   <script src="lib/jsrsasign/base64.js"></script>
   <script src="lib/jsrsasign/jsbn.js"></script>
@@ -34,6 +32,7 @@
 </head>
 <body>
   <div class="container" id="main-content">
+    <h1>Initializing...</h1>
   </div>
 </body>
 </html>

lib/amelia.min.css

@@ -1,11 +1,11 @@
 /*!
  * Bootstrap Responsive v2.3.2
  *
- * Copyright 2012 Twitter, Inc
+ * Copyright 2013 Twitter, Inc
  * Licensed under the Apache License v2.0
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Designed and built with all the love in the world @twitter by @mdo and @fat.
+ * Designed and built with all the love in the world by @mdo and @fat.
  */
 
 .clearfix {

lib/bootstrap/css/bootstrap-responsive.css

@@ -1,11 +1,11 @@
 /*!
  * Bootstrap v2.3.2
  *
- * Copyright 2012 Twitter, Inc
+ * Copyright 2013 Twitter, Inc
  * Licensed under the Apache License v2.0
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Designed and built with all the love in the world @twitter by @mdo and @fat.
+ * Designed and built with all the love in the world by @mdo and @fat.
  */
 
 .clearfix {

lib/bootstrap/css/bootstrap-responsive.min.css

@@ -1,8 +1,8 @@
 /* ===================================================
  * bootstrap-transition.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#transitions
+ * http://getbootstrap.com/2.3.2/javascript.html#transitions
  * ===================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,9 +59,9 @@
 
 }(window.jQuery);/* ==========================================================
  * bootstrap-alert.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#alerts
+ * http://getbootstrap.com/2.3.2/javascript.html#alerts
  * ==========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -157,9 +157,9 @@
 
 }(window.jQuery);/* ============================================================
  * bootstrap-button.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#buttons
+ * http://getbootstrap.com/2.3.2/javascript.html#buttons
  * ============================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -261,9 +261,9 @@
 
 }(window.jQuery);/* ==========================================================
  * bootstrap-carousel.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#carousel
+ * http://getbootstrap.com/2.3.2/javascript.html#carousel
  * ==========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -467,9 +467,9 @@
 
 }(window.jQuery);/* =============================================================
  * bootstrap-collapse.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#collapse
+ * http://getbootstrap.com/2.3.2/javascript.html#collapse
  * =============================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -633,9 +633,9 @@
 
 }(window.jQuery);/* ============================================================
  * bootstrap-dropdown.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#dropdowns
+ * http://getbootstrap.com/2.3.2/javascript.html#dropdowns
  * ============================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -802,9 +802,9 @@
 }(window.jQuery);
 /* =========================================================
  * bootstrap-modal.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#modals
+ * http://getbootstrap.com/2.3.2/javascript.html#modals
  * =========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1049,10 +1049,10 @@
 }(window.jQuery);
 /* ===========================================================
  * bootstrap-tooltip.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#tooltips
+ * http://getbootstrap.com/2.3.2/javascript.html#tooltips
  * Inspired by the original jQuery.tipsy by Jason Frame
  * ===========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1410,9 +1410,9 @@
 }(window.jQuery);
 /* ===========================================================
  * bootstrap-popover.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#popovers
+ * http://getbootstrap.com/2.3.2/javascript.html#popovers
  * ===========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1524,9 +1524,9 @@
 }(window.jQuery);
 /* =============================================================
  * bootstrap-scrollspy.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#scrollspy
+ * http://getbootstrap.com/2.3.2/javascript.html#scrollspy
  * =============================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1685,9 +1685,9 @@
 
 }(window.jQuery);/* ========================================================
  * bootstrap-tab.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#tabs
+ * http://getbootstrap.com/2.3.2/javascript.html#tabs
  * ========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1828,9 +1828,9 @@
 
 }(window.jQuery);/* =============================================================
  * bootstrap-typeahead.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#typeahead
+ * http://getbootstrap.com/2.3.2/javascript.html#typeahead
  * =============================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -2163,9 +2163,9 @@
 }(window.jQuery);
 /* ==========================================================
  * bootstrap-affix.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#affix
+ * http://getbootstrap.com/2.3.2/javascript.html#affix
  * ==========================================================
- * Copyright 2012 Twitter, Inc.
+ * Copyright 2013 Twitter, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

lib/bootstrap/css/bootstrap.css

@@ -1,12 +1,29 @@
 <div class="hero-unit">
-  <h1>GENI Tool Authorization</h1>
-  <p>To authorize, enter the passphrase for your GENI certificate below. Once you authorize, the tool will be able to act on your behalf when talking to GENI infrastructure. Only authorize if you trust the tool.</p>
-  <h3>Tool URN: <%= id %></h3>
-  <div id="error-box"></div>
-  <form id="private">
-    <input id="password" type="password" placeholder="Passphrase" class="span8">
-    <fieldset>
-      <button id="sign" class="btn btn-primary">Authorize</button>
-    </fieldset>
+  <h1>GENI Authorization Tool</h1>
+  <p>The GENI Authorization Tool allows you to authorize applications to speak on your behalf to allocate slices or slivers. Your credentials are stored locally in your browser and your passphrase is never transmitted over the network.</p>
+  <p class="tool-info">To authorize, enter the passphrase for your GENI certificate below. Once you authorize, the tool will be able to act on your behalf when talking to GENI infrastructure. Only authorize if you trust the tool.</p>
+  <h5 class="tool-info">Tool URN: <%= id %></h5>
+  <div class="tool-info" id="error-box"></div>
+  <form class="tool-info form-horizontal" role="form" id="private">
+    <div class="form-group">
+      <label class="col-lg-2 control-label" for="time">Duration (days)</label>
+      <div class="col-lg-10">
+        <input id="time" class="form-control" type="text" value="30">
+      </div>
+    </div>
+    <div class="form-group">
+      <label class="control-label col-lg-2" for="password">Passphrase</label>
+      <div class="col-lg-10">
+        <input id="password" class="form-control" type="password" placeholder="Passphrase">
+      </div>
+    </div>
+    <div class="form-group">
+      <div class="col-offset-2 col-lg-10">
+        <button id="sign" class="btn btn-primary">Authorize</button>
+      </div>
+    </div>
   </form>
+  <h3 class="no-tool-info">Your Certificate is Saved.</h3>
+  <p class="no-tool-info">When you choose to authorize a tool, you will be redirected here to complete the process.</p>
+  <button id="logout" class="btn btn-default pull-right">Delete Certificate</button>
 </div>