diff --git a/example/primary/provision.html b/example/primary/provision.html
new file mode 100644
index 0000000000000000000000000000000000000000..be4ecdb93dcd23c48ec30895625f28bba39299dc
--- /dev/null
+++ b/example/primary/provision.html
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type="text/javascript" src="https://browserid.org/provisioning_api.js"></script>
+<script type="text/javascript" src="/jquery.js"></script>
+<script type="text/javascript">
+
+ // an alias
+ var fail = navigator.id.raiseProvisioningFailure;
+
+ // begin provisioning! This both gives us indicated to browserid that we're
+ // a well formed provisioning page and gives us the parameters of the provisioning
+ navigator.id.beginProvisioning(function(email, cert_duration) {
+ var user = /^([^@]+)@/.exec(email)[1];
+
+ // now we have the email address that wishes to be provisioned!
+ // is he authenticated to eyedee.me?
+ $.get('/api/whoami')
+ .success(function(who) {
+ if (user != who) {
+ return fail('user is not authenticated as target user');
+ }
+
+ // Awesome! The user is authenticated as who we want to provision. let's
+ // generate a keypair
+ navigator.id.genKeyPair(function(pubkey) {
+ // finally, once we have a public key from the browser, we'll certify it, and
+ // go pass it back
+ $.ajax({
+ url: '/api/cert_key',
+ data: JSON.stringify({
+ pubkey: pubkey,
+ duration: cert_duration
+ }),
+ type: 'POST',
+ headers: { "Content-Type": 'application/json' },
+ dataType: 'json',
+ success: function(r) {
+ // all done! woo!
+ navigator.id.registerCertificate(r.cert);
+ },
+ error: function(r) {
+ fail("couldn't certify key");
+ }
+ });
+ });
+ })
+ .error(function() {
+ fail('user is not authenticated');
+ });
+ });
+</script>
+</head>
+</html>
diff --git a/scripts/run_locally.js b/scripts/run_locally.js
index 24648fc53f6fb2799c9b835c635593268e306758..6f11891f40acac11fc9168b00af3a7051fb6b8dc 100755
--- a/scripts/run_locally.js
+++ b/scripts/run_locally.js
@@ -30,6 +30,7 @@ var daemonsToRun = {
HOST: HOST
},
example_primary: {
+ SHIMMED_DOMAIN: "example.domain",
path: path.join(__dirname, "..", "scripts", "serve_example_primary.js"),
PORT: 10005,
HOST: HOST
diff --git a/scripts/serve_example_primary.js b/scripts/serve_example_primary.js
index 4a08f7c116784773b62939676a8bda7aeb306e92..8367145e8347306318f8916b0b1cda66be5bffb8 100755
--- a/scripts/serve_example_primary.js
+++ b/scripts/serve_example_primary.js
@@ -7,7 +7,9 @@ path = require('path'),
urlparse = require('urlparse'),
postprocess = require('postprocess'),
querystring = require('querystring'),
-sessions = require('connect-cookie-session');
+sessions = require('connect-cookie-session'),
+jwk = require('jwcrypto/jwk'),
+jwcert = require('jwcrypto/jwcert');
var exampleServer = express.createServer();
@@ -60,6 +62,24 @@ exampleServer.get("/api/logout", function (req, res) {
return res.json(null);
});
+var _privKey = jwk.SecretKey.fromSimpleObject(
+ JSON.parse(require('fs').readFileSync(
+ path.join(__dirname, '..', 'example', 'primary', 'sample.privatekey'))));
+
+exampleServer.post("/api/cert_key", function (req, res) {
+ var user = req.session.user;
+
+ var domain = process.env['SHIMMED_DOMAIN'];
+
+ var expiration = new Date();
+ var pubkey = jwk.PublicKey.fromSimpleObject(req.body.pubkey);
+ expiration.setTime(new Date().valueOf() + req.body.duration * 1000);
+ var cert = new jwcert.JWCert(domain, expiration, new Date(),
+ pubkey, {email: user + "@" + domain}).sign(_privKey);
+
+ res.json({ cert: cert });
+});
+
exampleServer.listen(
process.env['PORT'] || 10001,