Download Latest Version
xdc-utils-src.zip (13.6 kB)
Get an email when there's a new version of Cross-Domain (XDC) Cookies
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| README.txt | 2012-01-01 | 4.3 kB | |
| xdc.war | 2012-01-01 | 29.8 kB | |
| xdc-utils-src.zip | 2012-01-01 | 13.6 kB | |
| xdc@rabinovich.name.zip | 2012-01-01 | 53.9 kB | |
| Totals: 4 Items | 101.7 kB | 0 |
The Safe Cross-Domain (XDC) Cookies for HTTP Project
====================================================
I. Bill of materials
====================
- The Web app (read.jsp and write.jsp).
- The utilities to generate XDC channel certificates and XDC authorizations.
- The Firefox extension (xdc@rabinovich.name). Tested with Firefox 6 and 7 on Windows 7. (To try with newer versions of Firefox modify attribute maxVersion file install.rdf.)
The Java code was built using Java 1.6.0_27.
- The Bouncy Castle libraries can be downloaded from http://bouncycastle.org/ (version 1.46). They are NOT redistributed with the software.
II. Instructions
================
0. Download the Bouncy Castle (BC) JARs and build xdc-support.jar. Install the BC JARs as needed to run the utilities. Copy the BC JARs into the java directory of the Firefox extension.
Copy the BC JARs into the WEB-INF/lib directory of the Web application.
1. Create a channel cert in a file
java -cp bcmail-jdk16-146.jar;bcprov-ext-jdk16-146.jar;bcprov-jdk16-146.jar;xdc-support.jar name.rabinovich.xdc.util.XdcChannelCertGenerator
-o <owner-X500-name>
-s <serial #>
-b <not-before> (format: MM/dd/yyyy HH:mm:ss z)
-a <not-after> (format: MM/dd/yyyy HH:mm:ss z)
-A <channel-name-algorithm-id> (legal values: 1.3.14.3.2.26 (sha-1), 2.16.840.1.101.3.4.2.1 (sha-256), 2.16.840.1.101.3.4.2.3 (sha-512))
-d <description>
[-S] (secure?)
-c <output-file-cert>
-k <output-file-key>
-p <output-file-key-password>
2. Create a channel cert ready for transport (run, and copy 'Encoded cert' from the output)
java -cp bcmail-jdk16-146.jar;bcprov-ext-jdk16-146.jar;bcprov-jdk16-146.jar;xdc-support.jar name.rabinovich.xdc.util.XdcChannelCert -f <xdc-channel-cert-file>
3. Create an authz cert in a file
java -cp bcmail-jdk16-146.jar;bcprov-ext-jdk16-146.jar;bcprov-jdk16-146.jar;xdc-support.jar name.rabinovich.xdc.util.XdcAuthzCertGenerator
-c <owner-cert-file>
-k <owner-key-file>
-p <owner-key-file-password>
-s <serial #>
-b <not-before> (format: MM/dd/yyyy HH:mm:ss z)
-a <not-after> (format: MM/dd/yyyy HH:mm:ss z)
[-r] (include read permission?)
[-w] (include write permission?)
[-i] (include channel certificate?)
[-C <server-SSL-cert-file>] (for secure channels)
(-D <dns-name> | I <ip-address>)
-d <description>
-f <output-file>
4. Create an authz cert ready for transport (run, and copy 'Encoded cert' from the output)
java -cp bcmail-jdk16-146.jar;bcprov-ext-jdk16-146.jar;bcprov-jdk16-146.jar;xdc-support.jar name.rabinovich.xdc.util.XdcAuthzCert -f <xdc-authz-file>
5. Configure Apache to respond to preflight requests
1) Eanble mod_rewrite and mod_headers
2) Configure globally or per virtual host
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^OPTIONS$
RewriteCond %{HTTP:Xdc-Info-Request} ^true$
RewriteRule .* - [E=XdcInfoRequest:true]
Header add Xdc-Channel "<xdc-channel-cert>" env=XdcInfoRequest
Header add Xdc-Authorization "<xdc-authz>" env=XdcInfoRequest
Header add Xdc-Max-Age "<duration-in-seconds>" env=XdcInfoRequest
Header add Xdc-Options "<dns-max-age=duration-in-seconds>" env=XdcInfoRequest
3) Escape every % with another %, so %20 will become %%20
6. Install the XDC extension (note: Firefox appears to mishandle jar: URLs so installing as an XPI file will most likely not work. Install as a directory)
1) Unzip the directory. Say, the root directory is D
2) In the default profile directory (on Windows 7 %APPDATA%\Mozilla\Firefox\Profiles\xxx.default\extensions) create a file with content
D\
7. To build the XPI (compact Firefox extension) file:
1) Unzip the ZIP file
2) Copy the BC files into the java directory
3) Re-zip the file renaming into xdc@rabinovich.name.xpi (or any other name with the extension .xpi).
III. Misc
=========
1. XDC cookie attributes as currently implemented by the Web app and the extension:
- channelName (base 64- and URL-encoded name)
- name
- value
- notBefore (number of seconds since the Epoch)
- notAfter (number of seconds since the Epoch)
- description
- isPersistent (true|false)
2. Please, send your feedback or questions to paul.rabinovich at exostar.com