[foaf-protocols] Problem with certificate on home-grown WebID

Henry Story henry.story at bblfish.net
Sun Dec 18 11:22:48 CET 2011 

On 18 Dec 2011, at 10:03, Sebastian Trüg wrote:

> On 12/17/2011 10:18 PM, Henry Story wrote:
>> 
>> On 17 Dec 2011, at 22:09, Sebastian Trüg wrote:
>> 
>>> On 12/17/2011 08:26 PM, Henry Story wrote:
>>>> 
>>>> On 17 Dec 2011, at 17:12, Sebastian Trüg wrote:
>>>> 
>>>>>>>> 
>>>>>>>> https://foafssl.org/test/WebId
>>>>>>> 
>>>>>>> Yes, same error.
>>>>>> 
>>>>>> Ok, I rebuilt the whole thing just to make sure. I think the loading of new modules does not work in 
>>>>>> my version anymore.
>>>>>> 
>>>>>> Can you try the above test again, and send me the output?
>>>>> 
>>>>> Looks a bit better now. The public keys are identical but still the
>>>>> error persists (attached).
>>>> 
>>>> Yep, it is very odd, because everything seems to line up but without you being able to log in.
>>>> 
>>>> I have made a few more changes. Can you try once more?
>>> 
>>> Sorry, the error is still the same as last time: the public keys are the
>>> same but the verification still fails.
>>> 
>>> But as mentioned I can log into ODS.
>> 
>> yes. I know. But this bother me. Because we are not just creating a service that works for ODS but for
>> everyone. Can you send me again the output of the test please?
>> 
>>   https://foafssl.org/test/WebId
> 
> Attached.
> 
>> That is all I have to go on. If I can't fix it from there, I'll probably push out the other version
>> I have been working on. The Clerezza version is too much for me to maintain.
> 
> The way see it there are two possibilities:
> 1. There is an actual bug in your solution and my profile exposes it
> 2. My profile or the way I publish it is not 100% correct and the ODS is
> less strict about it
> 
> In any case I doubt that my very simple foaf could be the problem. So it
> is probably the way I serve the file by rewriting "foaf" to "foaf.ttl".

no need that part seems well done at present.

$ curl -I http://www.trueg.de/sebastian/foaf
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2011 10:09:13 GMT
Server: Apache/2
Last-Modified: Sat, 17 Dec 2011 19:16:43 GMT
ETag: "438090-5c2-4b44e8ecb9cc0"
Accept-Ranges: bytes
Content-Length: 1474
X-Powered-By: PleskLin
Connection: close
Content-Type: text/turtle

$ cwm http://www.trueg.de/sebastian/foaf --ntriples | grep cert
    <http://www.trueg.de/sebastian/foaf#me>     <http://www.w3.org/ns/auth/cert#key> _:L22C14 .
    _:L22C14     <http://www.w3.org/ns/auth/cert#exponent> "65537"^^<http://www.w3.org/2001/XMLSchema#integer> .
    _:L22C14     <http://www.w3.org/ns/auth/cert#modulus> "c7e391a372f193354c4bf63254516e951dae1167763aef8991f5d07732ba92e09e35944b88d36197aff5177eb7d3142ce083b37f8ac074a47a8eeb8325aef5308baf799852c340a102f09a52fd17ed13a2b3b09fc2a43b164c8815ecaab681961599aaa6826e68c58ac678da043e0a11723d239a153fb828fc801c0ea1689adcddb7a8b65b2a2b1fe688b79bff500ff8530fbac7609f6a97a51901f05e2e9a7998e34ba5f700c51fbfe97bb6332f438b885ca5641970739778e948798f26199c349d51df411dc9304bee1a31b09cbe291744ef78ecddcf4b99e615cdce660f58370f6bec58943f354acee283b8be09dd5f002b064c9533fd26993a5251e83439"^^<http://www.w3.org/2001/XMLSchema#hexBinary> .

But when I now look into my database to see what graph clerezza received I don't see anything. It's empty. It was not yesterday though... Perhaps you reconnected with a missing foaf file in between...

Your certificate also seems to be good.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f5:8a:b2:d1:76:06:14:14
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=FR, ST=Essonne, O=webid.fcns.eu, CN=webid.fcns.eu/emailAddress=webid at fcns.eu
        Validity
            Not Before: Dec 16 18:56:36 2011 GMT
            Not After : Dec 15 18:56:36 2012 GMT
        Subject: C=FR, CN=Sebastian Trueg/emailAddress=sebastian at trueg.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c7:e3:91:a3:72:f1:93:35:4c:4b:f6:32:54:51:
                    6e:95:1d:ae:11:67:76:3a:ef:89:91:f5:d0:77:32:
                    ba:92:e0:9e:35:94:4b:88:d3:61:97:af:f5:17:7e:
                    b7:d3:14:2c:e0:83:b3:7f:8a:c0:74:a4:7a:8e:eb:
                    83:25:ae:f5:30:8b:af:79:98:52:c3:40:a1:02:f0:
                    9a:52:fd:17:ed:13:a2:b3:b0:9f:c2:a4:3b:16:4c:
                    88:15:ec:aa:b6:81:96:15:99:aa:a6:82:6e:68:c5:
                    8a:c6:78:da:04:3e:0a:11:72:3d:23:9a:15:3f:b8:
                    28:fc:80:1c:0e:a1:68:9a:dc:dd:b7:a8:b6:5b:2a:
                    2b:1f:e6:88:b7:9b:ff:50:0f:f8:53:0f:ba:c7:60:
                    9f:6a:97:a5:19:01:f0:5e:2e:9a:79:98:e3:4b:a5:
                    f7:00:c5:1f:bf:e9:7b:b6:33:2f:43:8b:88:5c:a5:
                    64:19:70:73:97:78:e9:48:79:8f:26:19:9c:34:9d:
                    51:df:41:1d:c9:30:4b:ee:1a:31:b0:9c:be:29:17:
                    44:ef:78:ec:dd:cf:4b:99:e6:15:cd:ce:66:0f:58:
                    37:0f:6b:ec:58:94:3f:35:4a:ce:e2:83:b8:be:09:
                    dd:5f:00:2b:06:4c:95:33:fd:26:99:3a:52:51:e8:
                    34:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                EC:27:9F:D7:A7:99:58:2C:39:DE:38:5E:0A:D7:F3:1F:61:54:D9:78
            X509v3 Authority Key Identifier: 
                keyid:2B:DF:EF:BF:79:13:73:CB:E4:D4:35:A5:0B:EC:18:2C:63:E4:D2:F0

            X509v3 Subject Alternative Name: 
                email:sebastian at trueg.de, URI:http://www.trueg.de/sebastian/foaf#me
    Signature Algorithm: sha1WithRSAEncryption
        5b:c3:8b:b4:f9:a4:6c:19:65:6f:2a:fa:8d:22:b4:2a:a1:a2:
        6f:c0:f2:62:94:cb:58:38:92:46:50:f0:08:b6:ce:27:b2:c6:
        63:21:4a:cf:29:33:c2:43:28:c1:c4:82:d5:5d:aa:0a:93:24:
        9b:7d:47:bc:1d:4e:34:25:c5:0c:d0:7c:87:55:ba:04:de:b4:
        19:be:30:fa:79:e0:48:c3:89:ba:d3:49:46:4d:3b:92:c7:91:
        da:13:51:71:fc:ca:2e:d6:d8:72:cd:db:b7:fb:4f:a3:ca:1e:
        97:90:04:49:cf:33:70:f1:f1:2f:d5:71:18:5e:40:e1:10:f0:
        de:d5


> 
> So I tried to create a new profile for my daughter Clara, uploaded it to
> http://www.trueg.de/clara/foaf.ttl and used the WebID
> http://www.trueg.de/clara/foaf.ttl#me. Sadly this does not work either.
> The error is the same. But it also works in ODS.

yes, but I am sure clara will be happier if she does not have her WebID tied to one representation. 
It would be best for long term if you used

http://www.trueg.de/clara#me

or

http://www.trueg.de/clara#tiny

or perhaps even

https://www.trueg.de/clara

:-)

The spec was pointing at this. (But the link is not visible, so I'll fix it)

http://www.w3.org/TR/swbp-vocab-pub/

> 
> Please let me know if you want me to try other things. SSL maybe?

SSL longer term is certainly a good idea. But the issue here is not SSL unless someone is man in the middle
attacking me and changing your rdf along the way. But from your test report it seems that that was not the case
as at the time my server was able to analyse your rdf.

I only recently rewrote clerezza to work with our new ontology, so that is why you are seeing
these problems. Clerezza does not have SPARQL either, so there are a lot of little
places there can be a bug. But it is odd that you stumbled on it, but not me before. 

Still your turtle looks good, and we accept turtle... I'll think about this.

If you read the spec and you find things that you learnt through this conversation that would have helped
you were they in the spec, please let us know.

Henry

> 
> Cheers,
> Sebastian
> 
>> Thanks,
>> 
>> 	Henry
>> 
>>> 
>>> Cheers,
>>> Sebastian
>>> 
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
> <WebId.xht>

Social Web Architect
http://bblfish.net/

More information about the foaf-protocols mailing list