--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/earl/RelyingParty.n3 Wed Sep 21 00:25:32 2011 +0200
@@ -0,0 +1,137 @@
+@prefix cert: <http://www.w3.org/ns/auth/cert#> .
+@prefix earl: <http://www.w3.org/ns/earl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix dct: <http://purl.org/dc/terms/> .
+@prefix skos: <http://www.w3.org/2004/02/skos/core#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix wit: <http://www.w3.org/2005/Incubator/webid/earl/RelyingParty#> .
+
+
+wit: a owl:Ontology;
+ rdfs:seeAlso <http://www.w3.org/2005/Incubator/webid/earl/RelyingPartyExample#>.
+
+
+#
+# pure certificate tests
+#
+wit:certificateProvided a earl:TestCase;
+ dct:title "Did the client provide a X509 certificate?";
+ skos:note "If the client provided an certificate, the earl:subject property must point to it. The certificate is described with the class cert:Certificate using the property cert:base64der. The property cert:principal_key should point to the contained public key.".
+
+wit:certificateProvidedSAN a earl:TestCase;
+ dct:title "Does the client certificate contain a subject alternative name?";
+ skos:note "The earl:subject property must point to the certificate. The earl:pointer must contain the complete subject alternative name string. The certificate is described with the class cert:Certificate using the property cert:base64der. The property cert:principal_key should point to the contained public key.".
+
+wit:certificateDateOk a earl:TestCase;
+ dct:title "Is the current timestamp between begin and end date of the certificate?";
+ skos:note "The earl:subject property must point to the certificate. The certificate is described with the class cert:Certificate using the property cert:base64der. The property cert:principal_key should point to the contained public key.".
+
+wit:certificatePubkeyRecognised a earl:TestCase;
+ dct:title "Could the public key be recognised?";
+ dct:description "The public key in the certificate is recognised by the WebId code. If it is not then it is not going to be possible to match it with the remote certificate.";
+ skos:note "The earl:subject property must point to the certificate. The earl:pointer must point to the public key. The certificate is described with the class cert:Certificate using the property cert:base64der. The property cert:principal_key should point to the contained public key. The public key is described with the class rsa:RSAPublicKey with the properties rsa:modulus and rsa:public_exponent like described in the WebID specification.".
+
+wit:certificateCriticalExtensionsOk a earl:TestCase;
+ dct:title "Does the certificate contain no unnecessary critical extensions?";
+ dct:description "Critical Extensions are not a direct problem for WebID, but can cause many servers to reject the certificate before the WebID code gets to see the certificate. These tests should not generate errors but only warnings";
+ skos:note "The earl:subject property must point to the certificate. The certificate is described with the class cert:Certificate using the property cert:base64der. The property cert:principal_key should point to the contained public key.".
+
+wit:certificateOk a earl:TestRequirement;
+ dct:title "Does the certificate fulfill all requirements for a WebID certificate?";
+ dct:hasPart
+ wit:certificateProvided,
+ wit:certificateProvidedSAN,
+ wit:certificateDateOk,
+ wit:certificatePubkeyRecognised,
+ wit:certificateCriticalExtensionsOk;
+ skos:note "If any of the child test cases fails this test requirement must return earl:failed.".
+
+#
+# profile tests
+#
+wit:profileGet a earl:TestCase;
+ dct:title "Is the WebID Profile accessible and downloadable?";
+ skos:note "The earl:subject property must point to the profile. ".
+
+wit:profileWellFormed a earl:TestCase;
+ dct:title "Is the profile well formed?";
+ dct:description "The WebId Profile is parseable Content and transformable to RDF".
+
+wit:profileAllKeysWellFormed a earl:TestCase;
+ dct:title "Does the profile contain only well formed keys for that WebID?";
+ dct:description "All the keys in the profile are well formed and not misleading";
+ skos:note "One does not need to test all keys in a profile, only those that are tied to the WebIDs found in the X509 cert. But to help users one could give them a deeper test of the profile.";
+ dct:hasPart
+ wit:profileWellFormedPubkey.
+
+wit:profileWellFormedPubkey a earl:TestRequirement;
+ dct:title "Is the public key well formed?";
+ dct:description "A particular Public key is well formed";
+ skos:note "The current cert ontology doesn't include properties for DSA, what will be the best way to integrate those?";
+ dct:hasPart
+ wit:pubkeyRSAModulus,
+ wit:pubkeyRSAExponent.
+
+wit:pubkeyRSAModulus a earl:TestCase;
+ dct:title "Is the RSA modulus well formed?";
+ dct:hasPart
+ wit:pubkeyRSAModulusFunctional,
+ wit:pubkeyRSAModulusLiteral.
+
+wit:pubkeyRSAModulusFunctional a earl:TestCase;
+ dct:title "Does the public key contain only one modulus?";
+ dct:description "More than one modulus if they don't convert to the same number will lead to erratic behavior (one server will choose one the other server will chose the other)".
+
+wit:pubkeyRSAModulusLiteral a earl:TestCase;
+ dct:title "Is the RSA modulus a literal number?";
+ dct:description "In the current ontology we have moved to literals as the standard way of describing modulus and exponents".
+
+wit:pubkeyRSAExponent a earl:TestCase;
+ dct:title "Is the RSA public exponent well formed?";
+ dct:hasPart
+ wit:pubkeyRSAExponentFunctional,
+ wit:pubkeyRSAExponentLiteral.
+
+wit:pubkeyRSAExponentFunctional a earl:TestCase;
+ dct:title "Does the public key contain only one public exponent?";
+ dct:description "More than one exponent if they don't convert to the same number is very likely to create erratic behavior (one server will choose one the other server will chose the other)".
+
+wit:pubkeyRSAExponentLiteral a earl:TestCase;
+ dct:title "Is the RSA public exponent a literal number?";
+ dct:description "In the current ontology we have moved to literals as the standard way of describing modulus and exponents".
+
+wit:profileOk a earl:TestRequirement;
+ dct:title "Does the profile fulfill all requirements for WebID authentication?";
+ dct:hasPart
+ wit:profileGet,
+ wit:profileWellFormed,
+ wit:profileAllKeysWellFormed.
+
+wit:pubkeyRSAModulusOldFunctional a earl:TestCase;
+ dct:title "If modulus is using non literal notation, is there only one cert:hex relation to plain literal?";
+ skos:note "this should be a deprecated test sooner rather than later. Warn people to move to newer notation.".
+
+wit:pubkeyRSAExponentOldFunctional a earl:TestCase;
+ dct:title "If public exponent is using non literal notation, is there only one cert:decimal relation to plain literal?".
+
+wit:pubkeyOldOk a earl:TestRequirement;
+ dct:title "Is the public key present in valid old non literal notation?";
+ dct:hasPart
+ wit:pubkeyRSAModulusOldFunctional,
+ wit:pubkeyRSAExponentOldFunctional.
+
+#
+# webid protocol tests: ie: tying pubkey and Webid in certificate to remote WebID identifying description
+#
+wit:webidClaim a earl:TestRequirement;
+ dct:title "Could the particular WebID claim be verified?";
+ dct:description "Verification of a particular WebID claim";
+ dct:hasPart
+ wit:certificateOk,
+ wit:profileOk.
+
+wit:webidAuthentication a earl:TestRequirement;
+ dct:title "Could at least one WebID claim be verified?";
+ dct:description "At least one WebID claimed in the certificate has public key that verifies.";
+ dct:hasPart wit:webidClaim.
Binary file tests/earl/RelyingParty.png has changed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/earl/RelyingPartyExample.n3 Wed Sep 21 00:25:32 2011 +0200
@@ -0,0 +1,143 @@
+@prefix cert: <http://www.w3.org/ns/auth/cert#> .
+@prefix dct: <http://purl.org/dc/terms/> .
+@prefix doap: <http://usefulinc.com/ns/doap#> .
+@prefix earl: <http://www.w3.org/ns/earl#> .
+@prefix http: <http://www.w3.org/2006/http#> .
+@prefix wit: <http://www.w3.org/2005/Incubator/webid/earl/RelyingParty#> . #Web Id Test
+@prefix zz: <http://clerezza.org/release/#> . #for the clerezza agent
+
+
+zz:r05 a earl:Software;
+ doap:repository <https://svn.apache.org/repos/asf/incubator/clerezza/trunk/parent/platform.security.foafssl/test>;
+ doap:programming-language "Scala";
+ doap:developer <http://bblfish.net/#hjs>;
+ doap:name "WebID Test suite in Clerezza" .
+
+
+<https://svn.apache.org/repos/asf/incubator/clerezza/trunk/parent/platform.security.foafssl/test> a doap:SVNRepository .
+
+
+
+
+
+
+
+
+
+
+
+## TODO: move me to the example
+## certificate information example
+##
+_:b1 a <http://www.w3.org/ns/auth/cert#Certificate>;
+ <http://www.w3.org/ns/auth/cert#base64der> "MIIB4jCCAUugAwIBAgIGATJ8slFiMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMTAk1lMB4XDTExMDkxODEzMjA1M1oXDTExMDkyMDEzMjA1M1owDTELMAkGA1UEAxMCTWUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKn+nJLQWb5gJh59yvAOfxJFmirHSlw8oRJNavCRl8xsDnciyibUIVQZQS9fja52OlgPkNQk3wHwrKQpcS/T7laTFg+89ssvBYHfePnU7IWE0Qacn6M1EM7krbNSOZ2bTrpZrPdvrBAgPNI1M7+Ox6T9mnf/ulW6fwzeLpxVbqJLAgMBAAGjTTBLMEkGA1UdEQEB/wQ/MD2GO2h0dHA6Ly9iZXJnbmV0LmR5bmRucy5vcmcvfmJlcmduZXQvd2ViaWRfdGVzdC9zaW1wbGUucmRmI21lMA0GCSqGSIb3DQEBCwUAA4GBAIUhRBp9wUd4jbDFbOof1s35vRIaXYm5YUSm63f0NadhMM6nhGfPcCv4CVvZv7BWWELLIzxp/hNhzTlhxTW7QjZLcSQhXie4GCq3WlxpgookzRc3oqGHtBz2CHlvhGNFUOtlC3D+tggW3XjPua4vQgjyX8DDs+pXgqFpefpaaGXK"^^<http://www.w3.org/2001/XMLSchema#string> ;
+ <http://www.w3.org/ns/auth/cert#principal_key> _:b3.
+
+_:b3 a <http://www.w3.org/ns/auth/rsa#RSAPublicKey>;
+ <http://www.w3.org/ns/auth/rsa#modulus> "a9fe9c92d059be60261e7dcaf00e7f12459a2ac74a5c3ca1124d6af09197cc6c0e7722ca26d4215419412f5f8dae763a580f90d424df01f0aca429712fd3ee5693160fbcf6cb2f0581df78f9d4ec8584d1069c9fa33510cee4adb352399d9b4eba59acf76fac10203cd23533bf8ec7a4fd9a77ffba55ba7f0cde2e9c556ea24b"^^<http://www.w3.org/ns/auth/cert#hex> ;
+ <http://www.w3.org/ns/auth/rsa#public_exponent> "65537"^^<http://www.w3.org/ns/auth/cert#int>.
+
+
+
+
+
+
+
+
+
+
+
+
+###############################################
+#
+# Example test result to make sure the above ontology is at least partially correct
+#
+################################################
+
+@prefix : <http://test.example/> .
+
+[] a earl:Assertion;
+ earl:test wit:webid_verification;
+ earl:result [ a earl:TestResult;
+ dct:description "rsa public key has two relations for modulus";
+ earl:outcome earl:failed ];
+ earl:subject :webProfile, :x509;
+#{
+# for turtle parsers
+# [] cert:identity <http://bblfish.net/person/henry/card#me>;
+# cert:modulus "as123123..."^^cert:hex, "dfff32093sd..."^^cert:hex;
+# cert:public_exponent "65537"^^cert:int .
+#};
+ earl:assertedBy zz:0_5-SNAPSHOT .
+
+
+[] a earl:Assertion;
+ earl:test wit:pubkeyMod_func;
+ earl:result [ a earl:TestResult;
+ dct:description "webid http://user.example/#me does not have a matching public key in profile";
+ earl:outcome earl:success ];
+ earl:subject :webProfile, :x509;
+ earl:assertedBy zz:0_5-SNAPSHOT .
+
+[] a earl:Assertion;
+earl:test wit:certificate_provided_san;
+earl:result [ a earl:TestResult;
+ dct:description "SAN missing";
+ earl:outcome earl:failed;
+ earl:pointer :x509 ];
+earl:subject :webProfile, :x509 .
+
+[] a earl:Assertion;
+earl:test wit:webid_verification;
+earl:result [ a earl:TestResult;
+ dct:description "ok";
+ earl:outcome earl:passed ];
+earl:subject :webProfile, :x509 .
+
+[] a earl:Assertion;
+# verification also on the URI level!!!
+earl:test wit:webid_verification_uri;
+earl:result [ a earl:TestResult;
+ dct:description "ok";
+ earl:outcome earl:passed;
+ earl:pointer <http://bblfish.net/person/henry/card#me> ];
+earl:subject :webProfile, :x509 .
+
+[] a earl:Assertion;
+earl:test wit:pubkey_rsa_modulus;
+earl:result [ a earl:TestResult;
+ dct:description "modulus missing";
+ earl:outcome earl:failed;
+ earl:pointer <http://bblfish.net/person/henry/card#me2> ];
+earl:subject :webProfile, :x509 .
+
+:x509 a cert:X509Certificate;
+ cert:base64der """
+MIIDgzCCAuygAwIBAgIQZ84ABvhjj7hqFoWqSsvBFjANBgkqhkiG9w0BAQUFADBj
+MREwDwYDVQQKDAhGT0FGK1NTTDEmMCQGA1UECwwdVGhlIENvbW11bml0eSBvZiBT
+ZWxmIFNpZ25lcnMxJjAkBgNVBAMMHU5vdCBhIENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5MB4XDTExMDMyODE0MDY1MFoXDTEyMDMxODE2MDY1MFowgYsxETAPBgNVBAoM
+CEZPQUYrU1NMMSYwJAYDVQQLDB1UaGUgQ29tbXVuaXR5IE9mIFNlbGYgU2lnbmVy
+czE3MDUGCgmSJomT8ixkAQEMJ2h0dHA6Ly9iYmxmaXNoLm5ldC9wZW9wbGUvaGVu
+cnkvY2FyZCNtZTEVMBMGA1UEAwwMYmJsZmlzaCBjYXJkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5+kuueCGksuOuQciIrf7hjSRiahB8c3hd8hPjTH/
+6k+NBKN+H0MRHPiSVCVwvvhstF2zmE6Ms0NwzSDWHuSOqjEwu6+CKE8tvL0Y0OHk
+bkhVDhenLPQagKIWjXe0k4CDIcizyNj1L8zRwsN0TaxrYZZPlaTx2/VpMI3ApaVK
+yb/4+mJ4UZDBol9TMkTfyBbPq3iISMz6rt3vsNgksXar0DCftGag2V2E1L/t8Hvu
+De0UaqKajsIlVtu/iUMSYKu41dZJCVCYm/DrqcX0m1aUwHAYWKtSap9Z5p7PnJVo
+wqp2/3jnsf7h6WlUN9yQtm/FeEeMp+3Mx7DokAYYTElTaQIDAQABo4GKMIGHMAwG
+A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgLsMBEGCWCGSAGG+EIBAQQEAwIFoDAd
+BgNVHQ4EFgQUzoQy71OnKyW8qE7boOHpLrjN2aQwNQYDVR0RAQH/BCswKYYnaHR0
+cDovL2JibGZpc2gubmV0L3Blb3BsZS9oZW5yeS9jYXJkI21lMA0GCSqGSIb3DQEB
+BQUAA4GBAH0kxSBDYGAMah4cloznjsnglGNMCTd2zPtxnWDFUjuD2YWhc8QXd/k7
+T1GlVZdLfT175/D7jYpXEVH7UyO8DTnttlAePmDqbspT+vcpV1orUrWlMTJ7hAzP
+Ev9aBOHrZPyKDeUJO0JgwAWxOU/ND347Ssg3lTbFt0jrZxDLHLxC""";
+ # should we also have a relation to the openssl type text format? Is that a standard?
+ cert:subjectAlternativeName <http://bblfish.net/people/henry/card#me>;
+ cert:IssuerDistinguishedName "O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority".
+
+:webProfile a http:Response;
+ http:httpVersion "1.1";
+ http:headers [];
+ http:body "#the rdf file used. could be n3, or something. This could also point to the content?..." .
+
--- a/tests/earl/test.n3 Sun Aug 07 12:58:26 2011 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,234 +0,0 @@
-@prefix cert: <http://www.w3.org/ns/auth/cert#> .
-@prefix earl: <http://www.w3.org/ns/earl#> .
-@prefix zz: <http://clerezza.org/release/#> . #for the clerezza agent
-@prefix doap: <http://usefulinc.com/ns/doap#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix wit: <http://www.w3.org/2005/Incubator/webid/test/> . #Web Id Test
-@prefix http: <http://www.w3.org/2006/http#> .
-@prefix dct: <http://purl.org/dc/terms/> .
-@prefix skos: <http://www.w3.org/2004/02/skos/core#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix : <#> .
-
-wit: a owl:Ontology .
-
-zz:r05 a earl:Software;
- doap:repository <https://svn.apache.org/repos/asf/incubator/clerezza/trunk/parent/platform.security.foafssl/test>;
- doap:programming-language "Scala";
- doap:developer <http://bblfish.net/#hjs>;
- doap:name "WebID Test suite in Clerezza" .
-
-
-<https://svn.apache.org/repos/asf/incubator/clerezza/trunk/parent/platform.security.foafssl/test> a doap:SVNRepository .
-
-###############################################
-#
-# Initial Test vocabulary to write somewhere
-#
-# todo: where should these be placed?
-#
-################################################
-
-#
-# pure certificate tests
-#
-wit:certificateProvided a earl:TestRequirement;
- dct:title "Did the client provide a X509 certificate?".
-
-wit:certificateProvidedSAN a earl:TestRequirement;
- dct:title "Does the client certificate contain a subject alternative name?".
-
-wit:certificateDateOk a earl:TestRequirement;
- dct:title "Is the current timestamp between begin and end date of the certificate?".
-
-wit:certificatePubkeyRecognised a earl:TestRequirement;
- dct:title "Could the public key be recognised?";
- dct:description "The public key in the certificate is recognised by the WebId code. If it is not then it is not going to be possible to match it with the remote certificate.".
-
-wit:certificateCriticalExtensionsOk a earl:TestRequirement;
- dct:title "Does the certificate contain no unnecessary critical extensions?";
- dct:description "Critical Extensions are not a direct problem for WebID, but can cause many servers to reject the certificate before the WebID code gets to see the certificate. These tests should not generate errors but only warnings".
-
-wit:certificateOk a earl:TestRequirement;
- dct:title "Does the certificate fulfill all requirements for a WebID certificate?";
- dct:hasPart
- wit:certificateProvided,
- wit:certificateProvidedSAN,
- wit:certificateDateOk,
- wit:certificatePubkeyRecognised,
- wit:certificateCriticalExtensionsOk.
-
-#
-# profile tests
-#
-wit:profileGet a earl:TestRequirement;
- dct:title "Is the WebID Profile accessible and downloadable?".
-
-wit:profileWellFormed a earl:TestRequirement;
- dct:title "Is the profile well formed?";
- dct:description "The WebId Profile is parseable Content and transformable to RDF".
-
-wit:profileWellFormedKey a earl:TestRequirement;
- dct:title "Does the profile contain well formed keys?";
- dct:description "All the keys in the profile are well formed and not misleading";
- skos:note "One does not need to test all keys in a profile, only those that are tied to the WebIDs found in the X509 cert. But to help users one could give them a deeper test of the profile.".
-
-wit:profileWellFormedPubkey a earl:TestRequirement;
- dct:title "Is the public key well formed?";
- dct:description "A particular Public key is well formed".
-
-wit:pubkeyRSAModulus a earl:TestRequirement;
- dct:title "Is the RSA modulus well formed?".
-
-wit:pubkeyRSAModulusFunctional a earl:TestCase;
- dct:title "Does the public key contain only one modulus?";
- dct:description "More than one modulus if they don't convert to the same number will lead to erratic behavior (one server will choose one the other server will chose the other)".
-
-wit:pubkeyRSAModulusLiteral a earl:TestCase;
- dct:title "Is the RSA modulus a literal number?";
- dct:description "In the current ontology we have moved to literals as the standard way of describing modulus and exponents".
-
-wit:pubkeyRSAExponent a earl:TestRequirement;
- dct:title "Is the RSA public exponent well formed?".
-
-wit:pubkeyRSAExponentFunctional a earl:TestCase;
- dct:title "Does the public key contain only one public exponent?";
- dct:description "More than one exponent if they don't convert to the same number is very likely to create erratic behavior (one server will choose one the other server will chose the other)".
-
-wit:pubkeyRSAExponentLiteral a earl:TestCase;
- dct:title "Is the RSA public exponent a literal number?";
- dct:description "In the current ontology we have moved to literals as the standard way of describing modulus and exponents".
-
-wit:profileOk a earl:TestRequirement;
- dct:title "Does the profile fulfill all requirements for WebID authentication?";
- dct:hasPart
- wit:profileGet,
- wit:profileWellFormed,
- wit:profileWellFormedKey,
- wit:profileWellFormedPubkey,
- wit:pubkeyRSAModulus,
- wit:pubkeyRSAModulusFunctional,
- wit:pubkeyRSAModulusLiteral.
-
-wit:pubkeyRSAModulusOldFunctional a earl:TestCase;
- dct:title "If modulus is using non literal notation, is there only one cert:hex relation to plain literal?";
- skos:note "this should be a deprecated test sooner rather than later. Warn people to move to newer notation.".
-
-wit:pubkeyRSAExponentOldFunctional a earl:TestCase;
- dct:title "If public exponent is using non literal notation, is there only one cert:decimal relation to plain literal?".
-
-wit:pubkeyOldOk a earl:TestRequirement;
- dct:title "Is the public key present in valid old non literal notation?";
- dct:hasPart
- wit:pubkeyRSAModulusOldFunctional,
- wit:pubkeyRSAExponentOldFunctional.
-
-#
-# webid protocol tests: ie: tying pubkey and Webid in certificate to remote WebID identifying description
-#
-wit:webidClaim a earl:TestRequirement;
- dct:title "Could the particular WebID claim be verified?";
- dct:description "Verification of a particular WebID claim";
- dct:hasPart
- wit:certificateOk,
- wit:profileOk.
-
-wit:webidAuthentication a earl:TestRequirement;
- dct:title "Could at least one WebID claim be verified?";
- dct:description "At least one WebID claimed in the certificate has public key that verifies.";
- dct:hasPart wit:webidClaim.
-
-###############################################
-#
-# Example test result to make sure the above ontology is at least partially correct
-#
-################################################
-
-@prefix : <http://test.example/> .
-
-[] a earl:Assertion;
- earl:test wit:webid_verification;
- earl:result [ a earl:TestResult;
- dct:description "rsa public key has two relations for modulus";
- earl:outcome earl:failed ];
- earl:subject :webProfile, :x509;
-#{
-# for turtle parsers
-# [] cert:identity <http://bblfish.net/person/henry/card#me>;
-# cert:modulus "as123123..."^^cert:hex, "dfff32093sd..."^^cert:hex;
-# cert:public_exponent "65537"^^cert:int .
-#};
- earl:assertedBy zz:0_5-SNAPSHOT .
-
-
-[] a earl:Assertion;
- earl:test wit:pubkeyMod_func;
- earl:result [ a earl:TestResult;
- dct:description "webid http://user.example/#me does not have a matching public key in profile";
- earl:outcome earl:success ];
- earl:subject :webProfile, :x509;
- earl:assertedBy zz:0_5-SNAPSHOT .
-
-[] a earl:Assertion;
-earl:test wit:certificate_provided_san;
-earl:result [ a earl:TestResult;
- dct:description "SAN missing";
- earl:outcome earl:failed;
- earl:pointer :x509 ];
-earl:subject :webProfile, :x509 .
-
-[] a earl:Assertion;
-earl:test wit:webid_verification;
-earl:result [ a earl:TestResult;
- dct:description "ok";
- earl:outcome earl:passed ];
-earl:subject :webProfile, :x509 .
-
-[] a earl:Assertion;
-# verification also on the URI level!!!
-earl:test wit:webid_verification_uri;
-earl:result [ a earl:TestResult;
- dct:description "ok";
- earl:outcome earl:passed;
- earl:pointer <http://bblfish.net/person/henry/card#me> ];
-earl:subject :webProfile, :x509 .
-
-[] a earl:Assertion;
-earl:test wit:pubkey_rsa_modulus;
-earl:result [ a earl:TestResult;
- dct:description "modulus missing";
- earl:outcome earl:failed;
- earl:pointer <http://bblfish.net/person/henry/card#me2> ];
-earl:subject :webProfile, :x509 .
-
-:x509 a cert:X509Certificate;
- cert:base64der """
-MIIDgzCCAuygAwIBAgIQZ84ABvhjj7hqFoWqSsvBFjANBgkqhkiG9w0BAQUFADBj
-MREwDwYDVQQKDAhGT0FGK1NTTDEmMCQGA1UECwwdVGhlIENvbW11bml0eSBvZiBT
-ZWxmIFNpZ25lcnMxJjAkBgNVBAMMHU5vdCBhIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTExMDMyODE0MDY1MFoXDTEyMDMxODE2MDY1MFowgYsxETAPBgNVBAoM
-CEZPQUYrU1NMMSYwJAYDVQQLDB1UaGUgQ29tbXVuaXR5IE9mIFNlbGYgU2lnbmVy
-czE3MDUGCgmSJomT8ixkAQEMJ2h0dHA6Ly9iYmxmaXNoLm5ldC9wZW9wbGUvaGVu
-cnkvY2FyZCNtZTEVMBMGA1UEAwwMYmJsZmlzaCBjYXJkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEA5+kuueCGksuOuQciIrf7hjSRiahB8c3hd8hPjTH/
-6k+NBKN+H0MRHPiSVCVwvvhstF2zmE6Ms0NwzSDWHuSOqjEwu6+CKE8tvL0Y0OHk
-bkhVDhenLPQagKIWjXe0k4CDIcizyNj1L8zRwsN0TaxrYZZPlaTx2/VpMI3ApaVK
-yb/4+mJ4UZDBol9TMkTfyBbPq3iISMz6rt3vsNgksXar0DCftGag2V2E1L/t8Hvu
-De0UaqKajsIlVtu/iUMSYKu41dZJCVCYm/DrqcX0m1aUwHAYWKtSap9Z5p7PnJVo
-wqp2/3jnsf7h6WlUN9yQtm/FeEeMp+3Mx7DokAYYTElTaQIDAQABo4GKMIGHMAwG
-A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgLsMBEGCWCGSAGG+EIBAQQEAwIFoDAd
-BgNVHQ4EFgQUzoQy71OnKyW8qE7boOHpLrjN2aQwNQYDVR0RAQH/BCswKYYnaHR0
-cDovL2JibGZpc2gubmV0L3Blb3BsZS9oZW5yeS9jYXJkI21lMA0GCSqGSIb3DQEB
-BQUAA4GBAH0kxSBDYGAMah4cloznjsnglGNMCTd2zPtxnWDFUjuD2YWhc8QXd/k7
-T1GlVZdLfT175/D7jYpXEVH7UyO8DTnttlAePmDqbspT+vcpV1orUrWlMTJ7hAzP
-Ev9aBOHrZPyKDeUJO0JgwAWxOU/ND347Ssg3lTbFt0jrZxDLHLxC""";
- # should we also have a relation to the openssl type text format? Is that a standard?
- cert:subjectAlternativeName <http://bblfish.net/people/henry/card#me>;
- cert:IssuerDistinguishedName "O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority".
-
-:webProfile a http:Response;
- http:httpVersion "1.1";
- http:headers [];
- http:body "#the rdf file used. could be n3, or something. This could also point to the content?..." .
-