W3C home > Mailing lists > Public > public-xg-webid@w3.org > August 2011

Re: Node.js WebID implementation

From: Thomas Fritz <fritztho@gmail.com>
Date: Tue, 30 Aug 2011 21:29:45 +0200
Message-ID: <CAA1jL=qCCsFm7P7psK33dgczK6uzrGuKswTN+SOM5rpKaf5W9Q@mail.gmail.com>
To: WebID List <public-xg-webid@w3.org>
Hello!

For anyones interest, i just began to play with node and wanted to try
to create a simple webid demo with it. At the moment i have a simple
https server, it requests a client certificate and i can
(theoretically) read the client certificate. But it seems there is an
issue in nodes SSL/TLS implementation because i just get the "subject"
property from the certificate.
The server code:
var https = require("https");
var fs = require("fs");

var options  = {
  key: fs.readFileSync('keys/agent-key.pem'),
  cert: fs.readFileSync('keys/agent-cert.pem'),
  requestCert:true
};

https.createServer(options, function(req, res) {
  console.log(req.connection.getPeerCertificate());
  res.writeHead(200);
  res.end("Hello WebID\n");
}).listen(8000);



I generated a certificate here: https://webid.fcns.eu/certgen.php
When i export it and call from the shell: openssl x509 -in Cert.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f5:8a:b2:d1:76:06:13:d7
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=FR, ST=Essonne, O=webid.fcns.eu,
CN=webid.fcns.eu/emailAddress=webid@fcns.eu
        Validity
            Not Before: Aug 30 18:21:02 2011 GMT
            Not After : Aug 29 18:21:02 2012 GMT
        Subject: C=Austria, O=Test Org, OU=Test Unit, CN=Thomas Fritz
2/emailAddress=fritztho@gmail.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:bc:ea:02:e3:4a:1e:c4:f2:a2:c9:db:6b:51:02:
                    84:22:ce:61:53:0e:9f:ce:bd:bc:2f:17:60:c5:e0:
                    4b:c4:65:57:f1:a3:9c:7d:b9:60:69:65:71:ee:1d:
                    40:eb:7f:3d:2c:2a:ff:27:f0:9e:c4:dd:7b:03:b2:
                    52:a2:e2:e5:1b:62:27:f1:07:9b:85:e5:51:79:2a:
                    71:63:f8:fa:1b:46:70:64:10:0c:90:33:75:3b:a7:
                    61:ea:2a:83:03:cb:94:38:f6:45:25:0f:bb:a4:1c:
                    92:04:53:80:b8:d2:c6:76:7c:43:cf:c7:c5:4d:8c:
                    ba:50:9e:44:7e:fe:d1:0f:3b:78:4d:eb:6f:01:e9:
                    af:a5:fb:ed:49:35:55:07:b4:10:4a:a4:a0:1f:c9:
                    0e:8b:7d:6a:f0:7e:7e:04:64:10:3d:4c:31:e3:88:
                    5b:38:bc:03:e4:a1:09:ec:3e:e5:0d:ba:9d:6a:fa:
                    9b:22:a0:b1:1b:2b:69:5a:e1:51:7c:73:96:a9:13:
                    18:9c:b8:9d:24:7d:d9:28:34:52:f5:67:3f:35:98:
                    76:f2:43:da:d3:9a:82:a4:21:7b:56:cd:26:ae:59:
                    48:14:44:ac:b5:0d:86:cf:86:90:89:31:65:b6:10:
                    5d:a2:0d:4f:90:29:35:a3:bb:41:f9:76:65:16:d3:
                    b0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                56:81:A8:D8:D7:2E:91:E3:2A:F4:BA:B9:F8:07:1D:6C:C5:24:49:3A
            X509v3 Authority Key Identifier:

keyid:2B:DF:EF:BF:79:13:73:CB:E4:D4:35:A5:0B:EC:18:2C:63:E4:D2:F0

            X509v3 Subject Alternative Name:
                email:fritztho@gmail.com, URI:http://fritzthomas.com/profile#me
    Signature Algorithm: sha1WithRSAEncryption
        8d:d9:06:54:1a:13:27:91:33:1d:a9:a0:33:b9:16:96:69:3a:
        ae:18:39:08:e2:ad:c5:dc:45:0e:b9:21:21:4b:0b:28:08:e8:
        d8:8a:3d:82:c1:cd:c2:5d:35:7e:79:d7:ad:04:c4:74:4f:7c:
        aa:65:49:27:c2:1f:21:a8:37:c0:1b:35:f4:eb:d6:f2:4b:40:
        1b:4a:8b:97:8f:d9:a2:ef:cf:82:ea:7b:1d:6f:95:e2:5e:7b:
        49:f9:a9:41:f7:a0:b9:b6:c1:90:c3:f1:d3:7e:2c:2d:d3:ec:
        e3:ee:c5:7d:7d:0d:73:a7:f0:f7:d7:20:a9:61:a1:0e:e2:88:
        9f:cb
-----BEGIN CERTIFICATE-----
MIIDozCCAwygAwIBAgIJAPWKstF2BhPXMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
BAYTAkZSMRAwDgYDVQQIEwdFc3Nvbm5lMRYwFAYDVQQKEw13ZWJpZC5mY25zLmV1
MRYwFAYDVQQDEw13ZWJpZC5mY25zLmV1MRwwGgYJKoZIhvcNAQkBFg13ZWJpZEBm
Y25zLmV1MB4XDTExMDgzMDE4MjEwMloXDTEyMDgyOTE4MjEwMlowdTEQMA4GA1UE
BhMHQXVzdHJpYTERMA8GA1UEChMIVGVzdCBPcmcxEjAQBgNVBAsTCVRlc3QgVW5p
dDEXMBUGA1UEAxMOVGhvbWFzIEZyaXR6IDIxITAfBgkqhkiG9w0BCQEWEmZyaXR6
dGhvQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzq
AuNKHsTyosnba1EChCLOYVMOn869vC8XYMXgS8RlV/GjnH25YGllce4dQOt/PSwq
/yfwnsTdewOyUqLi5RtiJ/EHm4XlUXkqcWP4+htGcGQQDJAzdTunYeoqgwPLlDj2
RSUPu6QckgRTgLjSxnZ8Q8/HxU2MulCeRH7+0Q87eE3rbwHpr6X77Uk1VQe0EEqk
oB/JDot9avB+fgRkED1MMeOIWzi8A+ShCew+5Q26nWr6myKgsRsraVrhUXxzlqkT
GJy4nSR92Sg0UvVnPzWYdvJD2tOagqQhe1bNJq5ZSBRErLUNhs+GkIkxZbYQXaIN
T5ApNaO7Qfl2ZRbTsJcCAwEAAaOBvjCBuzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUVoGo
2NcukeMq9Lq5+AcdbMUkSTowHwYDVR0jBBgwFoAUK9/vv3kTc8vk1DWlC+wYLGPk
0vAwQAYDVR0RBDkwN4ESZnJpdHp0aG9AZ21haWwuY29thiFodHRwOi8vZnJpdHp0
aG9tYXMuY29tL3Byb2ZpbGUjbWUwDQYJKoZIhvcNAQEFBQADgYEAjdkGVBoTJ5Ez
HamgM7kWlmk6rhg5COKtxdxFDrkhIUsLKAjo2Io9gsHNwl01fnnXrQTEdE98qmVJ
J8IfIag3wBs19OvW8ktAG0qLl4/Zou/Pgup7HW+V4l57SfmpQfegubbBkMPx034s
LdPs4+7FfX0Nc6fw99cgqWGhDuKIn8s=
-----END CERTIFICATE-----


That should be correct right? I am asking because there is an issue on
github for node https://github.com/joyent/node/issues/1568 . In this
example the subjectAltName gets saved in the certificate in an other
way than i got from https://webid.fcns.eu/certgen.php


The debug output from my tiny node https server when i connect and
select this certificate:
{ subject:
   { C: 'Austria',
     O: 'Test Org',
     OU: 'Test Unit',
     CN: 'Thomas Fritz 2',
     emailAddress: 'fritztho@gmail.com' },
  issuer:
   { C: 'FR',
     ST: 'Essonne',
     O: 'webid.fcns.eu',
     CN: 'webid.fcns.eu',
     emailAddress: 'webid@fcns.eu' },
  valid_from: 'Aug 30 18:21:02 2011 GMT',
  valid_to: 'Aug 29 18:21:02 2012 GMT',
  fingerprint: '9C:74:C6:AA:95:41:FC:C2:6A:76:61:D7:2C:45:F9:28:8B:0B:69:F6' }

Any ideas

---
Thomas FRITZ
web http://fritzthomas.com
twitter http://twitter.com/thomasf



2011/8/29 Thomas Fritz <fritztho@gmail.com>:
> Hi
>
> Are there any known implementations for the WebID stack for node.js?
>
> Kind regards
>
>
>
> ---
> Thomas FRITZ
> web http://fritzthomas.com
> twitter http://twitter.com/thomasf
>
Received on Tuesday, 30 August 2011 19:32:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 30 August 2011 19:32:14 GMT