- From: Thomas Fritz <fritztho@gmail.com>
- Date: Tue, 30 Aug 2011 21:29:45 +0200
- To: WebID List <public-xg-webid@w3.org>
Hello!
For anyones interest, i just began to play with node and wanted to try
to create a simple webid demo with it. At the moment i have a simple
https server, it requests a client certificate and i can
(theoretically) read the client certificate. But it seems there is an
issue in nodes SSL/TLS implementation because i just get the "subject"
property from the certificate.
The server code:
var https = require("https");
var fs = require("fs");
var options = {
key: fs.readFileSync('keys/agent-key.pem'),
cert: fs.readFileSync('keys/agent-cert.pem'),
requestCert:true
};
https.createServer(options, function(req, res) {
console.log(req.connection.getPeerCertificate());
res.writeHead(200);
res.end("Hello WebID\n");
}).listen(8000);
I generated a certificate here: https://webid.fcns.eu/certgen.php
When i export it and call from the shell: openssl x509 -in Cert.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f5:8a:b2:d1:76:06:13:d7
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST=Essonne, O=webid.fcns.eu,
CN=webid.fcns.eu/emailAddress=webid@fcns.eu
Validity
Not Before: Aug 30 18:21:02 2011 GMT
Not After : Aug 29 18:21:02 2012 GMT
Subject: C=Austria, O=Test Org, OU=Test Unit, CN=Thomas Fritz
2/emailAddress=fritztho@gmail.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bc:ea:02:e3:4a:1e:c4:f2:a2:c9:db:6b:51:02:
84:22:ce:61:53:0e:9f:ce:bd:bc:2f:17:60:c5:e0:
4b:c4:65:57:f1:a3:9c:7d:b9:60:69:65:71:ee:1d:
40:eb:7f:3d:2c:2a:ff:27:f0:9e:c4:dd:7b:03:b2:
52:a2:e2:e5:1b:62:27:f1:07:9b:85:e5:51:79:2a:
71:63:f8:fa:1b:46:70:64:10:0c:90:33:75:3b:a7:
61:ea:2a:83:03:cb:94:38:f6:45:25:0f:bb:a4:1c:
92:04:53:80:b8:d2:c6:76:7c:43:cf:c7:c5:4d:8c:
ba:50:9e:44:7e:fe:d1:0f:3b:78:4d:eb:6f:01:e9:
af:a5:fb:ed:49:35:55:07:b4:10:4a:a4:a0:1f:c9:
0e:8b:7d:6a:f0:7e:7e:04:64:10:3d:4c:31:e3:88:
5b:38:bc:03:e4:a1:09:ec:3e:e5:0d:ba:9d:6a:fa:
9b:22:a0:b1:1b:2b:69:5a:e1:51:7c:73:96:a9:13:
18:9c:b8:9d:24:7d:d9:28:34:52:f5:67:3f:35:98:
76:f2:43:da:d3:9a:82:a4:21:7b:56:cd:26:ae:59:
48:14:44:ac:b5:0d:86:cf:86:90:89:31:65:b6:10:
5d:a2:0d:4f:90:29:35:a3:bb:41:f9:76:65:16:d3:
b0:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
56:81:A8:D8:D7:2E:91:E3:2A:F4:BA:B9:F8:07:1D:6C:C5:24:49:3A
X509v3 Authority Key Identifier:
keyid:2B:DF:EF:BF:79:13:73:CB:E4:D4:35:A5:0B:EC:18:2C:63:E4:D2:F0
X509v3 Subject Alternative Name:
email:fritztho@gmail.com, URI:http://fritzthomas.com/profile#me
Signature Algorithm: sha1WithRSAEncryption
8d:d9:06:54:1a:13:27:91:33:1d:a9:a0:33:b9:16:96:69:3a:
ae:18:39:08:e2:ad:c5:dc:45:0e:b9:21:21:4b:0b:28:08:e8:
d8:8a:3d:82:c1:cd:c2:5d:35:7e:79:d7:ad:04:c4:74:4f:7c:
aa:65:49:27:c2:1f:21:a8:37:c0:1b:35:f4:eb:d6:f2:4b:40:
1b:4a:8b:97:8f:d9:a2:ef:cf:82:ea:7b:1d:6f:95:e2:5e:7b:
49:f9:a9:41:f7:a0:b9:b6:c1:90:c3:f1:d3:7e:2c:2d:d3:ec:
e3:ee:c5:7d:7d:0d:73:a7:f0:f7:d7:20:a9:61:a1:0e:e2:88:
9f:cb
-----BEGIN CERTIFICATE-----
MIIDozCCAwygAwIBAgIJAPWKstF2BhPXMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
BAYTAkZSMRAwDgYDVQQIEwdFc3Nvbm5lMRYwFAYDVQQKEw13ZWJpZC5mY25zLmV1
MRYwFAYDVQQDEw13ZWJpZC5mY25zLmV1MRwwGgYJKoZIhvcNAQkBFg13ZWJpZEBm
Y25zLmV1MB4XDTExMDgzMDE4MjEwMloXDTEyMDgyOTE4MjEwMlowdTEQMA4GA1UE
BhMHQXVzdHJpYTERMA8GA1UEChMIVGVzdCBPcmcxEjAQBgNVBAsTCVRlc3QgVW5p
dDEXMBUGA1UEAxMOVGhvbWFzIEZyaXR6IDIxITAfBgkqhkiG9w0BCQEWEmZyaXR6
dGhvQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzq
AuNKHsTyosnba1EChCLOYVMOn869vC8XYMXgS8RlV/GjnH25YGllce4dQOt/PSwq
/yfwnsTdewOyUqLi5RtiJ/EHm4XlUXkqcWP4+htGcGQQDJAzdTunYeoqgwPLlDj2
RSUPu6QckgRTgLjSxnZ8Q8/HxU2MulCeRH7+0Q87eE3rbwHpr6X77Uk1VQe0EEqk
oB/JDot9avB+fgRkED1MMeOIWzi8A+ShCew+5Q26nWr6myKgsRsraVrhUXxzlqkT
GJy4nSR92Sg0UvVnPzWYdvJD2tOagqQhe1bNJq5ZSBRErLUNhs+GkIkxZbYQXaIN
T5ApNaO7Qfl2ZRbTsJcCAwEAAaOBvjCBuzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUVoGo
2NcukeMq9Lq5+AcdbMUkSTowHwYDVR0jBBgwFoAUK9/vv3kTc8vk1DWlC+wYLGPk
0vAwQAYDVR0RBDkwN4ESZnJpdHp0aG9AZ21haWwuY29thiFodHRwOi8vZnJpdHp0
aG9tYXMuY29tL3Byb2ZpbGUjbWUwDQYJKoZIhvcNAQEFBQADgYEAjdkGVBoTJ5Ez
HamgM7kWlmk6rhg5COKtxdxFDrkhIUsLKAjo2Io9gsHNwl01fnnXrQTEdE98qmVJ
J8IfIag3wBs19OvW8ktAG0qLl4/Zou/Pgup7HW+V4l57SfmpQfegubbBkMPx034s
LdPs4+7FfX0Nc6fw99cgqWGhDuKIn8s=
-----END CERTIFICATE-----
That should be correct right? I am asking because there is an issue on
github for node https://github.com/joyent/node/issues/1568 . In this
example the subjectAltName gets saved in the certificate in an other
way than i got from https://webid.fcns.eu/certgen.php
The debug output from my tiny node https server when i connect and
select this certificate:
{ subject:
{ C: 'Austria',
O: 'Test Org',
OU: 'Test Unit',
CN: 'Thomas Fritz 2',
emailAddress: 'fritztho@gmail.com' },
issuer:
{ C: 'FR',
ST: 'Essonne',
O: 'webid.fcns.eu',
CN: 'webid.fcns.eu',
emailAddress: 'webid@fcns.eu' },
valid_from: 'Aug 30 18:21:02 2011 GMT',
valid_to: 'Aug 29 18:21:02 2012 GMT',
fingerprint: '9C:74:C6:AA:95:41:FC:C2:6A:76:61:D7:2C:45:F9:28:8B:0B:69:F6' }
Any ideas
---
Thomas FRITZ
web http://fritzthomas.com
twitter http://twitter.com/thomasf
2011/8/29 Thomas Fritz <fritztho@gmail.com>:
> Hi
>
> Are there any known implementations for the WebID stack for node.js?
>
> Kind regards
>
>
>
> ---
> Thomas FRITZ
> web http://fritzthomas.com
> twitter http://twitter.com/thomasf
>
Received on Tuesday, 30 August 2011 19:32:12 UTC