-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Getting-Started-with-Akka-http-signature.md #3
base: master
Are you sure you want to change the base?
Conversation
write(wd/"publicKey.pem", RSAKeys.save(pub)) | ||
write(wd/"privateKey.pem", RSAKeys.save(priv)) | ||
write(wd/".keys"/"publicKey.pem", RSAKeys.save(pub)) | ||
write(wd/".keys"/"privateKey.pem", RSAKeys.save(priv)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no it's not in the wd which could be anywhere, and is usually not in the home directory (eg. I have a ~/Programming/Scala/
dir. ammonite.io has a home
variable for the home dir.
@@ -329,4 +329,19 @@ could not find actor for Actor[akka://rww/user/rootContainer/card]rww.ldp.LDPExc | |||
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) | |||
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) | |||
``` | |||
## Certificate Authority |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the title should be: ## Adding new CAs to the trust store
The point is that test servers running on local machines or internally in an organisations don't need to have the certificates signed by a well known CA - whose keys are located in the Trust Store (the store of CAs one trusts). That is why we show how to add a self signed certificate to the trust store using the config file.
|
||
We have now shown how to use public and private keys to verify the identity of the user. But often we also want to let the user be able to confirm the identity of the server they are connecting to as well. This can be done through Certificate Authority. The user can view this on the rww-play server as it makes a CA for the locally hosted server. | ||
|
||
In order to test whether this functionality works, one first has to save rww-play's certificate locally by using the following command after the server has been run: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add a line to show what not doing this looks like. You get some form of error on connection. Show the error in detail.
@@ -114,111 +114,77 @@ This will save the contents of the key in String format within the file found by | |||
|
|||
### Saving a public Key to RDF | |||
|
|||
A user can also transform his public keys to an RDF. In order to do this one must first import multiple files in order to resolve the required dependencies. | |||
A user can also transform his public keys to an RDF. In order to do this one must first import multiple files in order to resolve the required dependencies: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
->"to an RDF Graph".
There is no such thing as an RDF.
Also I don't think we should be speaking of "user" here. Just stick to the generic one. Users are often thought of as end users, whereas here we are speaking of programmers, but that is obvious and a mouthful.
``` | ||
|
||
Finally, after that, the user can create the Cert object that contains the required dependencies to turn a Key into a Pointed Graph | ||
Finally, after that, the user can create a value for the public key String collected from the .pem file in located within the .keys directory. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
horrible grammar. A value?
The thing to point out here is that different software could be using this public and private keys on different days, and so need to read this in order to be able to authenticate to different resources on the web. So we need to de-serialise a.k.a marshal the public key. Those are all terms you should learn of, and use correctly.
``` | ||
|
||
After this all dependencies should be resolved and the user will be able to transform the keys into a Pointed Graph: | ||
After this all dependencies should be resolved and the user will be able to transform the keys into a Pointed Graph using the following function |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the function below is hardly a function worth mentioning: It's more of a piece of test code to verify that things are working correctly. That is obvious because there are no attributes passed to the funciton.
``` | ||
One can then retrieve both the pointer and the graph: | ||
After that the user can simply call said function to get a pointed graph: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a little note as to what the binderWithName
function does.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am unsure what you mean by this - where can I find this function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think if you search the PR you will find that function. It's from the client code.
``` | ||
|
||
After this, one can simply change the header by into something simple by calling this function like so: | ||
The function pubKeyPG returns a Try[PointedGraph[Jena]]. We can then retreive both the pointer and the graph from this PointedGraph like so: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should be able to do that in one step I think using val (pointer,graph) = ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah this is how it works:
val org.w3.banana.PointedGraph(p,g) = res2.value.get.get._1.content
Read up pattern matching in Ordersky's book.
``` | ||
|
||
As evident, the Blank node is now changed to something more readable and useful. | ||
As evident, the pointer of this graph is a useful identifier "#key" and the graph itself is the key information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it useful? Also note that it is a relative URI. That should help you understand what is interesting about it when you post it. (It is useful also because how it is used in access control settings).
@@ -249,6 +215,12 @@ write(wd/"publicKey.ttl", toTurtle) | |||
|
|||
### Attaching Public keys to a File/URI | |||
|
|||
The most efficient way to attach a public key to a server is by using the rww-play library's httpMethods.sc script which makes use of the solid-server POST definition. That way the user can use the postLocal() and postLocalGood() functions to pubish his public key on a web and local server respectively. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's not rww-play's httpMethod.sc !
@@ -15,7 +15,7 @@ The user can also run the rww-play web server and manipulate the access control | |||
|
|||
## The Key Pair | |||
|
|||
The Akka-Http-Signature library uses asymmetrical cryptography. As detailed in the [Public-Key cryptography wikipedia page](https://en.wikipedia.org/wiki/Public-key_cryptography), this is a cryptographic system that uses pairs of private and public keys. The library uses them to form Digital Signatures. In such a system public keys can be looked up by anyone and private keys are only known by their owner. Communication is achieved the following way : | |||
The Akka-Http-Signature library uses what is known as asymmetrical cryptography. As detailed in the [Public-Key cryptography wikipedia page](https://en.wikipedia.org/wiki/Public-key_cryptography), this is a cryptographic system that uses pairs of private and public keys. The library uses them to form Digital Signatures. In such a system public keys can be looked up by anyone and private keys are only known by their owner. Communication is achieved the following way : | |||
1. The sender sends a message with a header that is signed by his own private key | |||
2. The server then receives the message and uses the sender's public key to verify that sender's identity |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add that the server discovers the public key through using the keyId
argument passed in the the message sent by the client. The rww-play server works with http and https:// urls and fetches the public key that way.
@ val keyFinalGraph = keyGraph.get.graph | ||
|
||
keyFinalGraph: Jena#Graph = {#key @http://www.w3.org/1999/02/22-rdf-syntax-ns#type http://www.w3.org/ns/auth/cert#RSAPublicKey; #key @http://www.w3.org/ns/auth/cert#modulus "009195c8e386fc421ee8357cc6be674649a9f5722b1dccebab5965a1792c6fafdcc77b9932361f14b5565e5634ec46bfd29f0130aa6d4a2518aed027e7ca34d99a1419262b590e383eb13743c77a5cc67b4231f7248117da1be3233836cbd954cd1f368360795ec7457021370f1fb4633f1259c9898095583e31631f5f654e04fa9d0516713b40f21fa91a90436d813d1327d5cd115587fa0a5ecdceba8e0a6dcffc2bcb309a5686dd174e364ef439568642e606af50c803b874b74e24fd2d70454f71e0035f21d2a6990e4c097ba9870ff6942d5ad96317fd8ab1894004b66934073bfcdd4496b394c5fba1642b551a4299ccff04ba60c73e31f480b484785359"^^http://www.w3.org/2001/XMLSchema#hexBinary; #key @http://www.w3.org/ns/auth/cert#exponent "65537"^^http://www.w3.org/2001/XMLSchema#integer} | ||
@ val(keyFinalPointer, keyFinalGraph) = (keyGraph.get.pointer -> keyGraph.get.graph) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
val org.w3.banana.PointedGraph(p,g) = keyGraph.get
@@ -215,10 +211,10 @@ write(wd/"publicKey.ttl", toTurtle) | |||
|
|||
### Attaching Public keys to a File/URI |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Publishing the Public key to the Web
There are a number of ad hoc ways to do this and one simple standard way to publish it.
The ad hoc ways requires placing the public key on the server by either copying it over to the right location with ftp, sftp, scp, ... or of connecting to the remote server using telnet, or ssh and building the object there. In each case this requires knowing a lot in addition to the location (URL) one wants the document to be found at. It requires knowing:
- the type of server that is running
- which files are metadata files, their conventions and usually their syntax
- how to make sure content negotiation is working correctly to avoid tying semantic web URIs to representations,
- where the root of the file system is
- what the password or access control system is on that server
- and usually getting access to the server via ssh gives access to all the conentent there, rather than allowing
access control rules to be set per resource.
For illustration see the document [ I pointed you to twice already] and to the setup for rww-play.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you please add that to the doc as is, with the last link filled in.
Added functions that make use of the GETpg, DELETE, PUT and PATCHsparql functions from the solid-client library for a the local server. The patchLocal function takes as arguments the specific String identifier for the Sparql query which the user can choose when calling the function
Create httpMethods.sc
Added information about the Certificate Authority and updated information about where to store the keys (within the .keys folder)