Friday, November 25, 2016

Latest Node Solid server Installation Notes

On a recent install, I tried first updating node with the n program available with npm. (https://davidwalsh.name/upgrade-nodejs)

I then tried https://github.com/solid/node-solid-server  with the command
npm install -g solid-server . 
 
I got the following log:
 
npm install -g solid-server
npm WARN deprecated node-uuid@1.4.7: use uuid module instead
/home/brent/.nvm/versions/node/v6.2.2/bin/solid -> /home/brent/.nvm/versions/node/v6.2.2/lib/node_modules/solid-server/bin/solid.js

> spawn-sync@1.0.15 postinstall /home/brent/.nvm/versions/node/v6.2.2/lib/node_modules/solid-server/node_modules/spawn-sync
> node postinstall


> solid-permissions@0.4.2 postinstall /home/brent/.nvm/versions/node/v6.2.2/lib/node_modules/solid-server/node_modules/solid-permissions
> npm run build


> solid-permissions@0.4.2 build /home/brent/.nvm/versions/node/v6.2.2/lib/node_modules/solid-server/node_modules/solid-permissions
> babel src -d lib

src/acl-group.js -> lib/acl-group.js
src/authorization.js -> lib/authorization.js
src/index.js -> lib/index.js
src/permission-set.js -> lib/permission-set.js
- readable-stream@2.0.6 node_modules/solid-server/node_modules/bl/node_modules/readable-stream
- bl@1.1.2 node_modules/solid-server/node_modules/bl
- cookie@0.2.3 node_modules/solid-server/node_modules/express-session/node_modules/cookie
- qs@6.2.0 node_modules/solid-server/node_modules/express/node_modules/qs
isarray@1.0.0 node_modules/solid-server/node_modules/bl/node_modules/isarray -> node_modules/solid-server/node_modules/readdirp/node_modules/isarray
- http-errors@1.5.0 node_modules/solid-server/node_modules/send/node_modules/http-errors
/home/brent/.nvm/versions/node/v6.2.2/lib
└─┬ solid-server@3.3.0 
  ├─┬ body-parser@1.15.2 
  │ ├── bytes@2.4.0 
  │ ├── debug@2.2.0 
  │ ├─┬ http-errors@1.5.1 
  │ │ ├── setprototypeof@1.0.2 
  │ │ └── statuses@1.3.1 
  │ ├── qs@6.2.0 
  │ ├── raw-body@2.1.7 
  │ └── type-is@1.6.14 
  ├── cors@2.8.1 
  ├─┬ debug@2.3.3 
  │ └── ms@0.7.2 
  ├─┬ express@4.14.0
  │ ├── debug@2.2.0 
  │ ├─┬ finalhandler@0.5.0
  │ │ └── debug@2.2.0 
  │ └─┬ send@0.14.1
  │   └── debug@2.2.0 
  ├─┬ express-session@1.14.2 
  │ ├── crc@3.4.1 
  │ └── debug@2.2.0 
  ├─┬ from2@2.3.0 
  │ ├── inherits@2.0.3 
  │ └── readable-stream@2.2.2 
  ├─┬ fs-extra@0.30.0
  │ ├── graceful-fs@4.1.11 
  │ ├── jsonfile@2.4.0 
  │ ├── klaw@1.3.1 
  │ └── path-is-absolute@1.0.1 
  ├─┬ glob@7.1.1 
  │ ├── inflight@1.0.6 
  │ ├─┬ minimatch@3.0.3 
  │ │ └─┬ brace-expansion@1.1.6 
  │ │   └── balanced-match@0.4.2 
  │ └── once@1.4.0 
  ├─┬ inquirer@1.2.3 
  │ ├─┬ external-editor@1.1.1 
  │ │ ├─┬ spawn-sync@1.0.15 
  │ │ │ ├── concat-stream@1.5.2 
  │ │ │ └── os-shim@0.1.3 
  │ │ └─┬ tmp@0.0.29 
  │ │   └── os-tmpdir@1.0.2 
  │ ├── lodash@4.17.2 
  │ └─┬ string-width@1.0.2 
  │   ├── code-point-at@1.1.0 
  │   └─┬ is-fullwidth-code-point@1.0.0
  │     └── number-is-nan@1.0.1 
  ├── li@1.1.0 
  ├─┬ mime-types@2.1.13 
  │ └── mime-db@1.25.0 
  ├── moment@2.17.0 
  ├── node-forge@0.6.45 
  ├─┬ nodemailer@2.6.4 
  │ ├── libmime@2.1.0 
  │ ├─┬ mailcomposer@3.12.0 
  │ │ └── buildmail@3.10.0 
  │ ├─┬ nodemailer-direct-transport@3.3.2 
  │ │ └── smtp-connection@2.12.0 
  │ ├─┬ nodemailer-shared@1.1.0 
  │ │ └── nodemailer-fetch@1.6.0 
  │ ├─┬ nodemailer-smtp-pool@2.8.2 
  │ │ └── nodemailer-wellknown@0.1.10 
  │ ├── nodemailer-smtp-transport@2.7.2 
  │ └─┬ socks@1.1.9
  │   └── ip@1.1.4 
  ├── rdflib@0.10.0 
  ├─┬ request@2.79.0 
  │ ├── aws4@1.5.0 
  │ ├─┬ form-data@2.1.2 
  │ │ └── asynckit@0.4.0 
  │ ├─┬ har-validator@2.0.6
  │ │ └─┬ is-my-json-valid@2.15.0 
  │ │   └── jsonpointer@4.0.0 
  │ ├─┬ http-signature@1.1.1
  │ │ ├─┬ jsprim@1.3.1 
  │ │ │ └── json-schema@0.2.3 
  │ │ └─┬ sshpk@1.10.1 
  │ │   ├── bcrypt-pbkdf@1.0.0 
  │ │   ├── dashdash@1.14.1 
  │ │   └── tweetnacl@0.14.3 
  │ ├── qs@6.3.0 
  │ ├── tough-cookie@2.3.2 
  │ └── uuid@3.0.0 
  ├── rimraf@2.5.4 
  ├─┬ solid-namespace@0.1.0 
  │ └── rdf-ns@0.1.0 
  ├─┬ solid-permissions@0.4.2 
  │ ├─┬ babel-cli@6.18.0 
  │ │ ├─┬ babel-core@6.18.2 
  │ │ │ ├─┬ babel-code-frame@6.16.0 
  │ │ │ │ ├── esutils@2.0.2 
  │ │ │ │ └── js-tokens@2.0.0 
  │ │ │ ├─┬ babel-generator@6.19.0 
  │ │ │ │ ├─┬ detect-indent@4.0.0 
  │ │ │ │ │ └─┬ repeating@2.0.1 
  │ │ │ │ │   └── is-finite@1.0.2 
  │ │ │ │ └── jsesc@1.3.0 
  │ │ │ ├── babel-helpers@6.16.0 
  │ │ │ ├── babel-messages@6.8.0 
  │ │ │ ├── babel-template@6.16.0 
  │ │ │ ├─┬ babel-traverse@6.19.0 
  │ │ │ │ ├── globals@9.14.0 
  │ │ │ │ └─┬ invariant@2.2.2 
  │ │ │ │   └── loose-envify@1.3.0 
  │ │ │ ├─┬ babel-types@6.19.0 
  │ │ │ │ └── to-fast-properties@1.0.2 
  │ │ │ ├── babylon@6.14.1 
  │ │ │ ├── json5@0.5.0 
  │ │ │ └── private@0.1.6 
  │ │ ├─┬ babel-polyfill@6.16.0 
  │ │ │ ├── core-js@2.4.1 
  │ │ │ └── regenerator-runtime@0.9.6 
  │ │ ├─┬ babel-register@6.18.0 
  │ │ │ ├─┬ home-or-tmp@2.0.0 
  │ │ │ │ └── os-homedir@1.0.2 
  │ │ │ ├─┬ mkdirp@0.5.1 
  │ │ │ │ └── minimist@0.0.8 
  │ │ │ └── source-map-support@0.4.6 
  │ │ ├── babel-runtime@6.18.0 
  │ │ ├─┬ chokidar@1.6.1 
  │ │ │ ├─┬ anymatch@1.3.0 
  │ │ │ │ ├── arrify@1.0.1 
  │ │ │ │ └─┬ micromatch@2.3.11 
  │ │ │ │   ├─┬ arr-diff@2.0.0 
  │ │ │ │   │ └── arr-flatten@1.0.1 
  │ │ │ │   ├── array-unique@0.2.1 
  │ │ │ │   ├─┬ braces@1.8.5 
  │ │ │ │   │ ├─┬ expand-range@1.8.2 
  │ │ │ │   │ │ └─┬ fill-range@2.2.3 
  │ │ │ │   │ │   ├── is-number@2.1.0 
  │ │ │ │   │ │   ├─┬ isobject@2.1.0 
  │ │ │ │   │ │   │ └── isarray@1.0.0 
  │ │ │ │   │ │   ├── randomatic@1.1.6 
  │ │ │ │   │ │   └── repeat-string@1.6.1 
  │ │ │ │   │ ├── preserve@0.2.0 
  │ │ │ │   │ └── repeat-element@1.1.2 
  │ │ │ │   ├─┬ expand-brackets@0.1.5 
  │ │ │ │   │ └── is-posix-bracket@0.1.1 
  │ │ │ │   ├── extglob@0.3.2 
  │ │ │ │   ├── filename-regex@2.0.0 
  │ │ │ │   ├── kind-of@3.0.4 
  │ │ │ │   ├── normalize-path@2.0.1 
  │ │ │ │   ├─┬ object.omit@2.0.1 
  │ │ │ │   │ ├─┬ for-own@0.1.4 
  │ │ │ │   │ │ └── for-in@0.1.6 
  │ │ │ │   │ └── is-extendable@0.1.1 
  │ │ │ │   ├─┬ parse-glob@3.0.4 
  │ │ │ │   │ ├── glob-base@0.3.0 
  │ │ │ │   │ └── is-dotfile@1.0.2 
  │ │ │ │   └─┬ regex-cache@0.4.3 
  │ │ │ │     ├── is-equal-shallow@0.1.3 
  │ │ │ │     └── is-primitive@2.0.0 
  │ │ │ ├── async-each@1.0.1 
  │ │ │ ├── glob-parent@2.0.0 
  │ │ │ ├─┬ is-binary-path@1.0.1 
  │ │ │ │ └── binary-extensions@1.7.0 
  │ │ │ ├─┬ is-glob@2.0.1 
  │ │ │ │ └── is-extglob@1.0.0 
  │ │ │ └─┬ readdirp@2.1.0 
  │ │ │   ├── readable-stream@2.2.2 
  │ │ │   └── set-immediate-shim@1.0.1 
  │ │ ├── convert-source-map@1.3.0 
  │ │ ├── fs-readdir-recursive@1.0.0 
  │ │ ├── glob@5.0.15 
  │ │ ├── output-file-sync@1.1.2 
  │ │ ├── slash@1.0.0 
  │ │ └─┬ v8flags@2.0.11 
  │ │   └── user-home@1.1.1 
  │ └─┬ babel-preset-es2015@6.18.0 
  │   ├── babel-plugin-check-es2015-constants@6.8.0 
  │   ├── babel-plugin-transform-es2015-arrow-functions@6.8.0 
  │   ├── babel-plugin-transform-es2015-block-scoped-functions@6.8.0 
  │   ├── babel-plugin-transform-es2015-block-scoping@6.18.0 
  │   ├─┬ babel-plugin-transform-es2015-classes@6.18.0 
  │   │ ├── babel-helper-define-map@6.18.0 
  │   │ ├── babel-helper-function-name@6.18.0 
  │   │ ├── babel-helper-optimise-call-expression@6.18.0 
  │   │ └── babel-helper-replace-supers@6.18.0 
  │   ├── babel-plugin-transform-es2015-computed-properties@6.8.0 
  │   ├── babel-plugin-transform-es2015-destructuring@6.19.0 
  │   ├── babel-plugin-transform-es2015-duplicate-keys@6.8.0 
  │   ├── babel-plugin-transform-es2015-for-of@6.18.0 
  │   ├── babel-plugin-transform-es2015-function-name@6.9.0 
  │   ├── babel-plugin-transform-es2015-literals@6.8.0 
  │   ├── babel-plugin-transform-es2015-modules-amd@6.18.0 
  │   ├─┬ babel-plugin-transform-es2015-modules-commonjs@6.18.0 
  │   │ └── babel-plugin-transform-strict-mode@6.18.0 
  │   ├─┬ babel-plugin-transform-es2015-modules-systemjs@6.19.0 
  │   │ └── babel-helper-hoist-variables@6.18.0 
  │   ├── babel-plugin-transform-es2015-modules-umd@6.18.0 
  │   ├── babel-plugin-transform-es2015-object-super@6.8.0 
  │   ├─┬ babel-plugin-transform-es2015-parameters@6.18.0 
  │   │ ├── babel-helper-call-delegate@6.18.0 
  │   │ └── babel-helper-get-function-arity@6.18.0 
  │   ├── babel-plugin-transform-es2015-shorthand-properties@6.18.0 
  │   ├── babel-plugin-transform-es2015-spread@6.8.0 
  │   ├─┬ babel-plugin-transform-es2015-sticky-regex@6.8.0 
  │   │ └── babel-helper-regex@6.18.0 
  │   ├── babel-plugin-transform-es2015-template-literals@6.8.0 
  │   ├── babel-plugin-transform-es2015-typeof-symbol@6.18.0 
  │   ├─┬ babel-plugin-transform-es2015-unicode-regex@6.11.0 
  │   │ └─┬ regexpu-core@2.0.0 
  │   │   ├── regenerate@1.3.2 
  │   │   ├── regjsgen@0.2.0 
  │   │   └─┬ regjsparser@0.1.5 
  │   │     └── jsesc@0.5.0 
  │   └── babel-plugin-transform-regenerator@6.16.1 
  ├─┬ solid-ws@0.2.2
  │ └─┬ ws@0.8.1
  │   └─┬ bufferutil@1.2.1
  │     └── nan@2.4.0 
  ├── string@3.3.3 
  ├─┬ uid-safe@2.1.3 
  │ ├── base64-url@1.3.3 
  │ └── random-bytes@1.0.0 
  ├── uuid@2.0.3 
  └─┬ webid@0.3.7
    └─┬ rdflib@0.2.11
      ├─┬ browserify@13.1.1 
      │ ├─┬ browser-pack@6.0.2 
      │ │ └─┬ combine-source-map@0.7.2
      │ │   └── convert-source-map@1.1.3 
      │ ├─┬ browserify-zlib@0.1.4
      │ │ └── pako@0.2.9 
      │ ├─┬ buffer@4.9.1 
      │ │ ├── base64-js@1.2.0 
      │ │ └── ieee754@1.1.8 
      │ ├── cached-path-relative@1.0.0 
      │ ├─┬ crypto-browserify@3.11.0
      │ │ ├─┬ browserify-sign@4.0.0
      │ │ │ ├── bn.js@4.11.6 
      │ │ │ ├─┬ elliptic@6.3.2 
      │ │ │ │ └── brorand@1.0.6 
      │ │ │ └─┬ parse-asn1@5.0.0
      │ │ │   └── asn1.js@4.9.0 
      │ │ ├─┬ create-hash@1.1.2
      │ │ │ └── cipher-base@1.0.3 
      │ │ └── pbkdf2@3.0.9 
      │ ├─┬ duplexer2@0.1.4
      │ │ └── readable-stream@2.2.2 
      │ ├── events@1.1.1 
      │ ├─┬ insert-module-globals@7.0.1
      │ │ └── is-buffer@1.1.4 
      │ ├── JSONStream@1.2.1 
      │ ├─┬ labeled-stream-splicer@2.0.0
      │ │ └─┬ stream-splicer@2.0.0
      │ │   └── readable-stream@2.2.2 
      │ ├─┬ module-deps@4.0.8 
      │ │ ├─┬ detective@4.3.2 
      │ │ │ └── acorn@3.3.0 
      │ │ ├── readable-stream@2.2.2 
      │ │ └─┬ stream-combiner2@1.1.1
      │ │   └── readable-stream@2.2.2 
      │ ├── process@0.11.9 
      │ ├─┬ read-only-stream@2.0.0
      │ │ └── readable-stream@2.2.2 
      │ ├── readable-stream@2.2.2 
      │ ├─┬ shasum@1.0.2
      │ │ └── sha.js@2.4.8 
      │ ├─┬ stream-browserify@2.0.1
      │ │ └── readable-stream@2.2.2 
      │ ├─┬ stream-http@2.5.0 
      │ │ └── readable-stream@2.2.2 
      │ ├─┬ subarg@1.0.0
      │ │ └── minimist@1.2.0 
      │ └─┬ util@0.10.3
      │   └── inherits@2.0.1 
      └── coffee-script@1.11.1 

npm WARN optional Skipping failed optional dependency /solid-server/chokidar/fsevents:
npm WARN notsup Not compatible with your operating system or architecture: fsevents@1.0.15
 
Investigating I found fsevents at https://www.npmjs.com/package/fsevents . It is developed for OSX. 

Thursday, August 25, 2016

Steps Taken for Creating a Self-Signed Certificate targeted for SOLiD with OpenSSL

[1] Modify /etc/ssl/openssl.cnf

[2] Add under [ v3_ca ] the line:
subjectAltName=URI:'http://bshambaugh.org/profile#me'

basicConstraints = CA:false


[3] openssl 2048 > localhost.key

[4] openssl req -new -x509 -nodes -sha256 \-days 3650 -key localhost.key -subj '/O=WebID/CN=Brent Shambaugh/' > localhost.crt


[5] openssl x509 -noout -text -in localhost.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12316411301973396186 (0xaaecaed2f1bb0ada)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=WebID, CN=Brent Shambaugh
        Validity
            Not Before: Aug 25 15:07:43 2016 GMT
            Not After : Aug 23 15:07:43 2026 GMT
        Subject: O=WebID, CN=Brent Shambaugh
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c4:1f:69:30:21:88:e6:13:f3:df:09:e5:cd:50:
                    68:59:9e:5c:c6:f8:90:45:b5:1a:b6:c1:cf:d6:86:
                    25:b6:52:bc:58:59:36:1d:1e:ca:34:5c:47:37:a3:
                    23:e9:f9:de:bd:53:44:2f:dd:18:38:b0:de:19:10:
                    73:79:5c:70:8c:3c:44:22:e7:64:06:ff:83:c8:2f:
                    ca:ab:7a:13:e9:13:55:c7:ed:b2:75:cb:d4:93:d6:
                    ef:1a:25:c3:ed:74:cb:3a:9f:2d:a6:c8:61:83:f7:
                    04:e1:af:4c:d9:a5:93:fa:0c:21:cd:5f:cc:86:21:
                    8f:8f:63:bc:ba:0c:c0:b8:41:d4:5e:2a:16:b5:cb:
                    48:d1:29:be:e3:ff:36:3f:22:a3:34:d8:4c:06:0e:
                    96:58:38:75:da:40:83:cb:1f:e0:7b:6f:b1:00:dc:
                    63:21:22:a4:6d:39:89:e6:3d:79:ca:ff:7f:10:4f:
                    16:b0:43:6f:26:f6:04:bb:69:49:87:ac:15:cc:8a:
                    24:40:df:74:92:28:d5:83:5d:77:43:3c:7a:31:2f:
                    32:8a:51:e2:dd:c0:d3:8b:a5:95:45:50:4f:2f:6d:
                    fa:d1:6d:e6:02:db:19:3a:2d:ca:60:11:bd:53:14:
                    98:74:4a:90:52:16:c2:87:d8:c2:f9:cb:fe:63:fe:
                    e3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BB:34:0C:42:38:F8:8E:A1:E7:D7:B9:05:30:2B:BF:49:AD:74:4C
            X509v3 Authority Key Identifier:
                keyid:35:BB:34:0C:42:38:F8:8E:A1:E7:D7:B9:05:30:2B:BF:49:AD:74:4C

            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Alternative Name:
                URI:http://bshambaugh.org/profile#me
    Signature Algorithm: sha256WithRSAEncryption
         0f:b3:65:41:cc:d1:9f:81:a4:62:be:80:7f:f1:0a:ee:b2:24:
         85:d3:b2:41:e6:f6:e3:10:e4:72:61:d0:d5:5e:07:71:ef:63:
         6d:43:5b:ea:e1:77:9e:66:05:f2:de:17:c1:b7:9c:7b:91:d8:
         41:45:a2:b3:1e:f8:c1:41:c0:58:6f:f3:43:22:7c:a8:17:8d:
         b7:51:ae:b8:fc:5d:2f:bb:88:ae:b4:8e:d4:65:fe:8d:05:95:
         09:ec:c5:42:04:9d:ce:f7:25:f7:02:b5:87:54:46:d7:9f:90:
         ad:e3:6a:8e:bc:17:a1:33:b1:47:bd:a2:99:69:ef:b3:47:72:
         63:07:be:4a:fe:6e:c4:0e:59:f9:14:c7:49:0b:97:d6:13:97:
         0f:d7:52:e2:c8:19:54:24:a0:fb:54:2e:a7:12:d7:f2:e8:e7:
         1e:26:62:7f:0f:2f:58:ed:f4:fb:7a:e1:21:4b:e1:e0:0c:f2:
         36:ab:cd:a2:ab:f5:25:14:55:b1:78:95:b4:23:af:e2:ce:95:
         28:07:21:5e:74:2e:7d:1b:67:b1:67:66:9e:49:22:9e:82:2f:
         9a:64:eb:53:41:ee:0f:ce:18:0e:80:94:f0:4a:5d:ab:50:fc:
         f3:4d:5c:94:e4:7f:82:c0:65:8d:1e:1f:0e:21:ca:c5:a4:77:
         29:f7:c3:ee

------------
Inspiration: http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl
Reference: https://tools.ietf.org/html/rfc5280

-------------------

The idea is to embed this in the php exec() or shell_exec() function. If this does not work satisfactorily of if Node.js is desired instead try https://www.npmjs.com/package/webid

Wednesday, August 24, 2016

Question about creating a certificate for SOLiD

I'm trying to use PHP to create a certificate for SOLiD.  It is not immediately clear to me how to set things other than distinguished name. I'm after "subject alternative name" etc. I see it here with openssl (http://blog.endpoint.com/2014/10/openssl-csr-with-alternative-names-one.html) but not with php
( http://php.net/manual/en/ref.openssl.php ). The functionality may not built into php. I may need to use the exec or shell_exec php function.

Also see: http://stackoverflow.com/questions/29861501/using-exec-with-php-to-run-a-command

Saturday, July 23, 2016

Candidate Resources for Cryptography for use with custom SOLiD

PHP:

http://php.net/manual/en/book.openssl.php

http://phpseclib.sourceforge.net/x509/guide.html

http://phpseclib.sourceforge.net/x509/guide.html#selfsigned

( Reference: https://en.wikipedia.org/wiki/X.509 )

JavaScript:

[SSL Client Authentication in Node.js]    
http://nategood.com/nodejs-ssl-client-cert-auth-api-rest

[Client Side Certificate Auth in Nginx]
http://blog.nategood.com/client-side-certificate-authentication-in-ngi

[List of JavaScript Crypto Libraries]
https://gist.github.com/jo/8619441

[Stanford JavaScript Crypto Library]
https://crypto.stanford.edu/sjcl/ -> https://github.com/bitwiseshiftleft/sjcl 



HTML5 Keygen

[Client Certificates and the HTML5 keygen Tag]
http://orcaman.blogspot.com/2013/12/client-certificates-and-html5-kegen-tag.html?m=1

    A demo:
    https://openweb.or.kr/html5/index_en.php
    which points to:
    https://openweb.or.kr/html5/download.txt

    (useful: see setting www-data permissions: http://stackoverflow.com/questions/9133024/www-data-permissions,
http://www.cyberciti.biz/faq/ubuntu-add-user-to-group-www-data/)
guess:sudo chown -RW www-data ./demoCA
 
    which is related to:
    https://github.com/melvincarvalho/foafssl/blob/master  /simpleCreateClientCertificate.php

 see especially (https://github.com/melvincarvalho/foafssl/blob/master/cert.php), and compare it to the first link (http://php.net/manual/en/book.openssl.php)


    https://lists.w3.org/Archives/Public/public-xg-webid/2011Aug/0042.html





Tuesday, June 21, 2016

Setting Up a SOLiD Server Using the WebID from databox.me {draft}

The SOLiD Server [1] is a later generation of the personal data store rww.io described in Dr. Andrei Sambra's Dissertation [2] and implemented as part of CIMBA or Client-Integrated MicroBlogging Application [3].

CIMBA decoupled the front end of the web application from the back end data such that the data can exist on any server and the front end application can exist on another server. Sandro Hawke posted several videos beginning with the title "Building Social Applications with Linked Data Platform (LDP) -- Crosscloud"
Part 2 of this video series [4] shows a demonstration of CIMBA by Dr. Andrei Sambra.

Although CIMBA was targeted towards microblogging, the personal data store can be targeted at any front end application. For microblogging, and other applications, a special standard pattern is developed that utilizes the linked data platform [5],[6].

SOLiD, a platform  that gained a lot of energy in mid-2015 with the Crosscloud project [7], is described on GitHub [8] and serves as a foundation in the initiative. It follows the Linked Data Platform standard that is used to build the LDP server Apache Marmotta [9] and in Fedora 4 in Islandora [10] for organizing library collections, amongst other things. One thing that is unique about SOLiD is its use of the WebID URI in the authentication and authorization process.

Athough many implementations of SOLiD exist [11], the one with present significant effort is for Node.js. This is available through the link at [1].

In a previous post [15], the use of databox.me to create a WebID, client certificate, and private key was presented. This is useful for authenticating as a user to a SOLiD based server and authorizing the user to access resources through the access control language [12].

In order to launch our own SOLiD server, we need a server side certificate to support HTTPS in order to verify the servers integrity to the client [13]. We could run it without TLS/SSL, that is over HTTP, but this is risky. For proof of this, the author has run a SOLiD server (previously called ldnode) with a Linked Data File Manager called WARP [14]; and achieved an environment on localhost (i.e. on the local machine) that looked very similar to rww.io when it was operational.

Fortunately, the README for node-solid-server [1] goes into how to set this up. We already created a client side certificate and private key with databox.me and stored it in our browser. The public personal profile document  created upon databox.me signup and used for FOAF+SSL authentication is available at http://bshambaugh.databox.me/profile/card .

We could have a similar setup elsewhere as the requirement for FOAF+SSL is that we have RDF somewhere that points a WebID to a public key (in this case, modulus and exponent) along with the following in the browser:  a client certificate in the form of the previous databox.me post along with the corresponding private key.

To create the server side certificate (as opposed to the client side certificate to authenticate an entity with a WebID)  to allow the SOLiD server to serve itself over HTTPS we have multiple options. We could purchase one online signed by a root certificate authority [16], obtain a free one through a service like letsencrypt [17], or create our own self-signed certificate with openssl (or the like).

Since we are testing SOLiD locally, lets try using a server side certificate. The README [1] suggests the following commands:

openssl genrsa 2048 > ../localhost.key
 
openssl req -new -x509 -nodes -sha256 -days 3650 -key ../localhost.key -subj '/CN=*.localhost' > ../localhost.cert

This creates a private key called localhost.key and a certificate called localhost.cert in the directory above the local one. I went ahead and added the extension .pem to both of them since they are already in the PEM [18] format.

cp localhost.key localhost.key.pem
cp localhost.cert localhost.cert.pem

Now that we have our server certificates, we need to have node-solid-server running. In order to do this, we need Node.js v6.  I chose to also have the latest version of Ubuntu, 16.04 to run Node. N.B: I was running with Ubuntu 12.04 before but I discovered that this required a special configuration as the version of g++ included with the distribution did not support some of the recent additions in v8 requiring me to configure for another C compiler [19].

I found the instructions at Digital Ocean useful [20], specifically the section titled "How To Install Using NVM" .

Once I have Node.js Installed I can install node solid server. I do this by following the instructions in the README [1]. Specifically:

npm install -g solid-server
  

Now that I have solid server installed with the -g flag (which means I can access it globally) I can tell it about my server side certificates. There are two ways to do this.
I can either use the solid-server installation to create a json file to point to them, or I can tell solid about then at each startup.

To create the json [21] file I use the following command:

solid init
 
 




I then follow by pressing enter for each input request except for those that prompt with a y/N option or a path the SSL private key or SSL certificate.

For the y/N options I select y (at least for "Enable WebID authentication"). For the path to the SSL certificate and SSL key I point to the relative path to them. Since the ones I created were in the present directory where initiated solid with "solid init" then they are simply localhost.key (or localhost.key.pem) and localhost.cert (or localhost.cert.pem or localhost.crt.pem, or localhost.crt) .


Going through this process creates a file called config.json . After this I can go ahead and start the solid server from the same directory using the command:


solid start



Alternatively, I may want to avoid  using the config.json file and pass everything in as an input parameter in the shell at startup. I found it effective to delete the config.json file (if it exists) before trying this.

solid start ---port 8443 --ssl-key localhost.key.pem --ssl-cert localhost.cert.pem \
--webid -v

I am specifying port 8443, localhost.key.pem as private key for my server certificate, localhost.cert.pem as the server certificate, use of webid based authentication with --webid, and verbose output in the shell with -v .


[1] https://github.com/solid/node-solid-server
[2] https://halshs.archives-ouvertes.fr/tel-00917965/document
[3] http://crosscloud.org/2014/iswc-sambra-pdf.pdf
[4] https://www.youtube.com/watch?v=GtnB7aM1mTM
[5] https://www.w3.org/TR/ldp-primer/
[6] https://www.youtube.com/watch?v=Yth7O6yeZRE&t=1h34m50s
[7] http://crosscloud.org/
[8] https://github.com/solid/solid
[9] http://marmotta.apache.org/
[10] https://www.youtube.com/watch?v=9wTFAwvBRbY
[11] http://crosscloud.org/2016/www-mansour-pdf.pdf
[12] https://www.w3.org/wiki/WebAccessControl
[13] http://robertheaton.com/2014/03/27/how-does-https-actually-work/
[14] https://github.com/linkeddata/warp
[15] http://adistributedeconomy.blogspot.com/2016/06/creating-client-side-certificate.html
[16] https://en.wikipedia.org/wiki/Root_certificate
[17] https://letsencrypt.org/
[18] http://how2ssl.com/articles/working_with_pem_files/
[19] https://github.com/nodesource/distributions/blob/master/OLDER_DISTROS.md
[20] https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-16-04
[21] http://json.org/

Accessing the Linked Data Platform based SOLiD Server created with databox.me

Type in https://yourusername.databox.me/ . For me it was https://bshambaugh.databox.me/ .


A certificate authentication should be presented. Make sure you are presented with the client certificate that was created by the method of the previous post (or if everything was done manually, in the same form as the result). Press okay. If you see the certificate again, press okay again.

Enter location of the LDP server. In this case, https://bshambaugh.databox.me/ .


If all goes well, you should see the contents of your "file system" . That is the Linked Data Platform Resources which consist of Linked Data Platform Containers (LDP standardized RDF) and RDF and non-RDF resources (binary or text) [1].

I see things served from the URL http://linkeddata.github.io/warp/#/list/https/bshambaugh.databox.me/ .

Edit: It is also a useful exercise to start this process with something like https://bshambaugh.databox.me/storage/ in the browser bar with https://bshambaugh.databox.me/storage/ as the location for the LDP server. Occasionally, this can fail with a 304 Not Modified Response or even a CORS failure as it did later when I tried it again. I started out with https://bshambaugh.databox.me/storage/ when I first discovered this process.

[1] https://www.w3.org/TR/ldp/