Merge branch 'feature-https-new-webid' into develop

* feature-https-new-webid:
  Generate test certificates for localhost (no port).
  Add new key locations in config.
  Added example server and client certificates for HTTPS + scripts to generate them
  Call Forbidden html template
  Added views
  Better error handling. Fixed https options
  Fixed forbidden handler
  Created WebID extension
  Added client certificate request

Author: RubenVerborgh

config/certs/localhost-ca.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIJAJReVCJmAejyMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
+BAYTAkJFMQwwCgYDVQQIDANPVkwxDjAMBgNVBAcMBUdoZW50MRcwFQYDVQQKDA5N
+eU9yZ2FuaXphdGlvbjESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE2MTAxMTEzNDgy
+NVoXDTE3MTAxMTEzNDgyNVowWDELMAkGA1UEBhMCQkUxDDAKBgNVBAgMA09WTDEO
+MAwGA1UEBwwFR2hlbnQxFzAVBgNVBAoMDk15T3JnYW5pemF0aW9uMRIwEAYDVQQD
+DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9sATM
+WHU2zvPOI6RsWiPDFUdqxEqar3+kyLSXF9pBy9SvF/QTOQr1hKTIFOlBTs9wrMER
+3JGO/FgSZU+ctbjAWu4x/AFVB8RO8MZCtIlAjyS2Zu12HlJmi3zViuAWBd/rTyN8
+WgEDhj8S/cva4LDCIbHJmXSS2KskeqrH7w+g2Ecx3lyQvKx1wdHtQZDOTvfDKn0P
+c+EtTxACYXKc9x2MaKKlopK02aqVIjBNU0VFOxiQhBW9fW+NgAsVmF6qxy8rNwn4
+FeY6nSfEGSFXzREH1DUlHJHQ370b/JDA6kBoE/1qR8t2lIgLgGfHspsP1mcmUr+D
+pq6PTSpf8JRJgJhdAgMBAAGjUDBOMB0GA1UdDgQWBBQYXlhNRvS4MSZsjGeZnDSr
+2s1PEjAfBgNVHSMEGDAWgBQYXlhNRvS4MSZsjGeZnDSr2s1PEjAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCfFfaPxk9h7JTyn/Azkndlwv6MrkDiHX47
+WhfwjM6KqEPI98O6X2xfpD7uMiNGxyuodCautuMYfQwKCjZbcCnJi0eLtMqPT1Im
+KH8DwKi1QZ+tFsR3FCoOZXF6zH9HVhQEcCesoCObS76n7AcZeGwJKtXW/BWLvrLI
+AkNSc79NY619oMn+J5kxwGEyJtjSZHztDW8JJU6+dLA3JPjY0Rt5XvEaN3qHYhNw
+hOkVg62lcU+ffS69MV3YpKLgZSTDheAbwqZpbA9Batmq7jZJbUWJ/aq46YzheO3x
+RjNSeFlMlBBP54J+NPLvmRQs9zO7EMwOAAMLfiq9ujKx/rn6KXNn
+-----END CERTIFICATE-----

config/certs/localhost-ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvbAEzFh1Ns7zziOkbFojwxVHasRKmq9/pMi0lxfaQcvUrxf0
+EzkK9YSkyBTpQU7PcKzBEdyRjvxYEmVPnLW4wFruMfwBVQfETvDGQrSJQI8ktmbt
+dh5SZot81YrgFgXf608jfFoBA4Y/Ev3L2uCwwiGxyZl0ktirJHqqx+8PoNhHMd5c
+kLysdcHR7UGQzk73wyp9D3PhLU8QAmFynPcdjGiipaKStNmqlSIwTVNFRTsYkIQV
+vX1vjYALFZheqscvKzcJ+BXmOp0nxBkhV80RB9Q1JRyR0N+9G/yQwOpAaBP9akfL
+dpSIC4Bnx7KbD9ZnJlK/g6auj00qX/CUSYCYXQIDAQABAoIBAHcv0WQAtO3STZka
+Bida4BulFDG+0s2tNjv5LJe/khFDnQjDuUYW0o8AYHWjxgiWF3vJ4KpzeDZq0oAE
+jmh+Om8K854OpVujPLMJUNn7DD63cq71r4FHfikWvkKDN1g/Krp1CGwLNZXcVWd+
+dwe5pPbmKwrsVDYs1CRgu0xTJvO9uub7CZ0RXZIyByBZyn21np2pGlcsD7lI+IIu
+PRRqDLgHt7dBvNpYgTzdMJ4MoZCejWcWw7TTVZd5m0bxM3s0LJIk7Wkh3FXYUr+Q
+qttm5/6Anp5gOS1tT3kdCJ2eoTpwOpoXW/FZRNhc4OTS2Oy9ip/hIGBRLO0uIqjk
+Yr1L2WECgYEA+BQN81bu/aYeI1OtN9lIzm1hWjyUPmi+d+NLV41tUJ1jbR7JXHLk
+oDO9z/gLUfCTRZGT4xZzO2QNK09z7sM3t8xmhr2XNXxsBBFOZmu3NIM0r9M6z508
+BjS0b2A1YaPFHrv0jrwj43hFw/ul0Trc/+Ldpjlo1Uac19NlxOHyTWkCgYEAw76k
+X8A0J+3DF+QOifXzHhS90Led5oJ9H+aYoZZcQXXMCP1y86aXhj9CaUCwiZguaSUx
+91wNk61qublYY1G9Fhao4Jdorh8NHBCecHhH8odxFLDZn6awqIva3CzIWSZJoP1z
+y0+/JAVgcT6FUg5gfMiHWxd3Q+fIELUE7zx+sNUCgYBGtqi3WWtsYAKtPTfd+JDZ
+TrJ2X1g+ZesND3w1a7niRcrGmwT41kM3KyiK9IB9jd7c8L8/9vFH16AtXUuFnp3u
+RVRgSgClHV9I1YoMhd3GGTRWfhaAgahPeIyKRtlQiLcyqI7wdM6iE3GHiN7eQjIm
+uotFy42HZcZlevvCYEmKKQKBgQCDmb9vNIycL6jTfhscO8P4/F7lXR2GpUI0WVdS
+hAGAbQ8BGEzZbK5ArnUayEgoKa1COaSPNk9Wcufm96pqE8E5gYCGhqT1M6Eftjif
+Su6sKs0m6QNW572rg2NgVadY8HneB6h7DyFluUuutybxFQNfwX3nCy6+86y5Nsqb
+gSN4BQKBgQCL8+gJLJzMmVn/GRph4deUPEXYBc7yJY1LzkX4egnrzQOH0rZ4SOsu
+wEH8r3d6NiCFT+ajekx6/tO80zCzcuxaq1om3a94Wrqm92lSK4tgsrG4CHLuv6nF
+gtcS7f5ZqgCjVkMYXbVoa76HYZZxCSKKIu+xdt3rQ0TZN4WgqFYpTQ==
+-----END RSA PRIVATE KEY-----

config/certs/localhost-client.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoUCCQDRuh2YndurRTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJC
+RTEMMAoGA1UECAwDT1ZMMQ4wDAYDVQQHDAVHaGVudDEXMBUGA1UECgwOTXlPcmdh
+bml6YXRpb24xEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjEwMTExMzQ4NDZaFw0x
+NzEwMTExMzQ4NDZaMIHIMQswCQYDVQQGEwJCRTENMAsGA1UECAwETy1WTDEOMAwG
+A1UEBwwFR2hlbnQxFzAVBgNVBAoMDk15T3JnYW5pemF0aW9uMRIwEAYDVQQDDAls
+b2NhbGhvc3QxbTBrBgNVHREMZHVuaWZvcm1SZXNvdXJjZUlkZW50aWZpZXI6aHR0
+cHM6Ly9hcmNoaXZlLm9yZy9zZXJ2aWNlcy9wdXJsL3B1cmwvbGlua2VkZGF0YWZy
+YWdtZW50cy93ZWJpZC50dGwjd2ViaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDMQrIHGAo+mwCFaDDXIMg6rSKZVboiYibhTC6JRAlxmDrBaR7428Ou
+izZe99y6lqnQiYd24xdmpDWH09PH9xzXJT2ToRlS45Mh0Mp+g2As1HwBPvTu53co
+MSeToVVKruJYcH5VgEwx5+1f/EDN5MMxmhbcxhGDa/e4va7omZbyUKdCZjVXRPG2
+cY/xSypzcZuZdzfnP0E5JubCHm1l0X+A5oZ/T3kM++sFxPTBMMtfYmzM0Dp1BSDm
+qt08MOSoDPp1SGXE1jNQZV8Am47Upjbj5C1cAKzDYx/c2uKpMTUgpXIfiRuU8r3O
+CRb/d7ld1TsPgzRFrkb3LkhX/kCb3wYrAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
+AH82Szu99xmb4y0K2bKs8Yr1Jb3cRRYxr60rTIC/RO6COMpSv7qnnOUAg3RgfIfj
+imM8s0+DGdB90/0KnnJqL6YERi9+CXYDDHPF5mJCNUe0Zx2VMiQ9+VRQPTPVSImb
+JFdbwUKeuIOSNMPwd7CgaLI05Fpzuk1hOUbEvfiVkKoQVcHzNfjFzedhJbsv3xXx
+W8HLdees87Guyi8rIFeV6IfgTs4TfJ+zyYIeMBh6CydJGGRA+cVYvRX9VoayjGjL
+o56eDSZatZsFizG6XhiKDhqUX+mY2T/OoxnaLZdiOjKUv8m/RUnyVxtdLvEAeWS9
+L6bbR2h72VjFyKgJbSa1JNc=
+-----END CERTIFICATE-----

config/certs/localhost-client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzEKyBxgKPpsAhWgw1yDIOq0imVW6ImIm4UwuiUQJcZg6wWke
++NvDros2Xvfcupap0ImHduMXZqQ1h9PTx/cc1yU9k6EZUuOTIdDKfoNgLNR8AT70
+7ud3KDEnk6FVSq7iWHB+VYBMMeftX/xAzeTDMZoW3MYRg2v3uL2u6JmW8lCnQmY1
+V0TxtnGP8Usqc3GbmXc35z9BOSbmwh5tZdF/gOaGf095DPvrBcT0wTDLX2JszNA6
+dQUg5qrdPDDkqAz6dUhlxNYzUGVfAJuO1KY24+QtXACsw2Mf3NriqTE1IKVyH4kb
+lPK9zgkW/3e5XdU7D4M0Ra5G9y5IV/5Am98GKwIDAQABAoIBAQCboJFd4E4l5xld
+i8XykvKb6kA7TdrUya3P6KhoQ2Ninlbd+Ab2GxMb0MurTfRqYdKepbqFtX6l4KU8
+iQOKDth1f9VLvum5gtUeZaNzAwvq/DZDCMG7qLXb9J+v1rNShK7GLWfEI01qlMgC
+YwLJHOwvxbR3n53GYSPMKRGz/RnKIpbZdsWtWijp06hEluDwWaRyn/u5vIxOW+Mk
+XIHditKOqK1ssT9Nq2assa4VQif5RPA3wJCHUwLFelU92f/WVA9Yv6DxqpRzwEcm
+kLFv+B1FBUBnoakziYcI+QARtjs4sb9Y/K5aPZVJt+pmVmJ3RmBnbY7kVvnahSPz
+Uhvr2b+ZAoGBAOjiwJGVxMQ/kamarYb+ny28a1eY116j6fddLenmA/pncbeUePJx
+XVQ4EOV5mc18RXZmudV/PFXS8c5JwLjUNoZUiC2LIZ51pAC0tJsuJe6NoeAo5+DQ
+9DVcs5K1adcjL8qqSIV4Gc5jDupk/qA4vqZ1SgFRr7cyXogNxsVLG0MlAoGBAOCI
+n3dYpZOl59SeXZX3Y9/WaPaFvmva+lRTYbv7UNq8eBLbUhVZwuAThj3zKhc40xjg
+6buW4hqosE2Z/5jUBIZ8/Q6AXcm/KfZNyiYkPBleduVcTmoRpFR3Hq2u5II06Cb9
+gku08lNuapSLVaGs1+lIsOZJUlF620Df4+hIPYsPAoGACuCUZ/hb0WK6tfZAhp6b
+5rH3PYcpAAWd5uzWOSeCJg7w08c+guxilI1t1JoCYgOc5vPTWDJyKfwJST5OnxNi
+XJHULnRiJJmQCGxoRxs3sFWzKtoeQnTgAyIKTR7mC6NcFxYu/vTmF6quxqni7q7X
+0MSHqVocX+0dVzN1hj+EzXUCgYEAkbJVt73AA2TeYCs7Evrqxe59Qapbe+UmFt3c
+R3y2ZJlzWNkUFGKgf4Jr03scTuFCqZwYTu+DXEUl0dUh8+tv3EzycBx/v0/aTMcB
+a2qLzPJtODuDbnRwK5b4Qz9/a7YlBlft2m5Z6CV351fagwSDPg87KtNdJR4Rc7FU
+U/+8X6UCgYB+4fAIFv7PYF85QUZN4wTS0HJVgvSmYiO6AsPYQ6CCaGJaL9MY+Udo
+uT0KaJzbiK4f8/K/2/W2yAGJhLco77Ub9GAXkPU6dLZNozOF9EgqeNyNKjjwV+Jf
+yba8on8FqS2mDGeCDANFn8WjVEADHMa16NlIKBxEFzIiS1xiTyysqw==
+-----END RSA PRIVATE KEY-----

config/certs/localhost-client.p12

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhQCCQDbQA633L23ajANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJC
+RTEMMAoGA1UECAwDT1ZMMQ4wDAYDVQQHDAVHaGVudDEXMBUGA1UECgwOTXlPcmdh
+bml6YXRpb24xEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjEwMTExMzQ4MjVaFw0x
+NzEwMTExMzQ4MjVaMFgxCzAJBgNVBAYTAkJFMQwwCgYDVQQIDANPVkwxDjAMBgNV
+BAcMBUdoZW50MRcwFQYDVQQKDA5NeU9yZ2FuaXphdGlvbjESMBAGA1UEAwwJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ2iYHxWSfo+
+recMcm4YUBJQIsX7cdbkl9GnGCMlYV5mGPP8mmDzS56nUVVu6z6I1IE1wDoaWkXr
+5/z5rfRFqcjUDe3G9OnBW76yvCZPoyUpOPPOfDBrZw4uNGM6Ogu7cYBVk7up636P
+yZko1qnsGGcQ8wrM5wCpsNbMnxBzfkZ4i/QftcnKaw73YmWOUnwRYDY1ThbP5fEF
+NrMW2IJezkJsILuJOo2OQKQNiY/pIItfJr5yCGC9FBTm245szwFvedfYn2OueNsJ
+pZGN/avvcHKv6LgH6+sb3U5goZRpAB1couvt29mx4S6qKc6zqICxmLFLsuGzw7+A
+RG8CwKdUPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBRAYmoi8hqdBegaokIaPFI
+G7uFiKGWCMhJY+tqYnGSK8n6N2SGXC/ysymuehJY7xtaSe57kKVwwGGxlVlxDm5a
+6WgEyBnwXo5ueipV15C+dAYMa9LovX7ypRxtkwpjTHvVpvmw95mdcjuIgKEkCsPz
+A3I4Z3Jb1LpSbVwnUou0tSC+a7V3ZIrYR17Rz/PTIgl7IA1fI1VMKxG7u5z8SEDD
+x86ImCyye6t6lqmABE0Gtp5uWiseneYjvJ5d88ZKRqGJ5VpUg5LltaIRoyTlUnry
+Ro9qBRk4i8crKNGek1YfFru+5c9+bik6mbD26NTVYFihGlReXr1Ktg43ma92xlwJ
+-----END CERTIFICATE-----

config/certs/localhost-server.crt

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArJ2iYHxWSfo+recMcm4YUBJQIsX7cdbkl9GnGCMlYV5mGPP8
+mmDzS56nUVVu6z6I1IE1wDoaWkXr5/z5rfRFqcjUDe3G9OnBW76yvCZPoyUpOPPO
+fDBrZw4uNGM6Ogu7cYBVk7up636PyZko1qnsGGcQ8wrM5wCpsNbMnxBzfkZ4i/Qf
+tcnKaw73YmWOUnwRYDY1ThbP5fEFNrMW2IJezkJsILuJOo2OQKQNiY/pIItfJr5y
+CGC9FBTm245szwFvedfYn2OueNsJpZGN/avvcHKv6LgH6+sb3U5goZRpAB1couvt
+29mx4S6qKc6zqICxmLFLsuGzw7+ARG8CwKdUPwIDAQABAoIBAQCpvKg7MIi5XfXc
+k2JN86y8sAVU7FIA80r9bw9cUNMlF+pVhzZRqBwVtADbnaLgeDGcpSHx0DCxrCf5
+i20JfTYzamP6/mGx21pjmPWwxgtxZc1PT48v130FbZBJu3k6MuczCPsdtl+0TlOd
+7ZmW3KhoppCoLWqnjKNQXSgBEfA/rfXo6ySaGEU8wdOaf/G3+/FJfL4ctunSzBTB
+ZO6HdnxSyw+6RbgJBLWNElq7FJjkLVV5TxPgXjBIRI0nX/ZeyGxy/a/+bn/6JfAw
+c4U+2IlWx40fu2/i/Ja9mZ5EF/Ai1kWo9aeawj/yRMfQe78/ki2jcgUgenBXEode
+6BSpqoXhAoGBAODTDCGw/VvhT0Mm6OTmfZG/9PilfHXhTyvKrVQXTzVXnsXAVfMU
+yG3D2AwMHvBJeYNC5n77qyIXX2u5vck2KckcMIhjS+JF4eGNdyCHsKhrVsILe4s8
+xFtI/50Mli52BGktiMUObuPYNBzKuDjae/o5rqwjTkggO5mvaLyql2XTAoGBAMSN
+QLsFx78447mFucnyz+urtArGXEKfHu9wdwX3gc0feG+FEI0cfMlXSBLqViZ04Mjo
+OhiFGRKgl7a8Icf5RCoDzenneFWUVpAxxC/k/wrlU3baS2CU2hfaZWArONhYdtNl
+Y5ogZu7QR/mLP0ki1RLv+VNT5UgCBCMl8PuzAjhlAoGBAIV8ybc3Xzcuj+FPOPiv
+4d6oGsuHdl6HaHqX3FIRhPYnEB5aFK4/qMGDhsOgbr484ekNz82VoAad2gocPpM5
+lZXTJv3T9zpiQ7uoQxMNfdaB5QFR0AjcC7onnZ2h24m6iOPqJUrbRvwBYu+1baxU
+DUiE9zE9xT0N5lVZ0NY0c7ABAoGAV5UlufC6cEAWYW3wOsfi1H4fbQm0xM8IxuMT
+dmoywcd7MB5YILkH9ePZruwS1XIRVBT/BjwQzxcWY4vzdZtiP2KQl+DX4zKFXB2A
+8WKWLzG+/mAJZJEPmb9smuzHmMfasxojxuMXWuUenVjqK1nFHnomXHYu3eZgF5Vp
+i47Zt20CgYAxvOTb9iLAWDGA19gY1+uyIxVq5CfUYPEZXaIpXRocdJZLP6HRERva
+Z+IhFAa3+8/x3+ZkQIU+gtHuv+CbHAGkyzpcM/sSC2NaAr3QRSv1OEW2qelFA64+
+JYLYEVakFgxZ0VqpgrwrwBxZnUrmXNqpHkyrKk48goLyxNDTKohJMQ==
+-----END RSA PRIVATE KEY-----

config/certs/localhost-server.key

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Generate server and ca certificates first!
+# This will generate the following keys and certificates in the current directory: 
+# localhost-client.key
+# localhost-client.crt 
+# localhost-client.p12
+
+# Create a client key 
+openssl genrsa -out localhost-client.key 2048
+
+# Create a client certificate request
+# NOTE: You MUST match CN to the domain name or ip address you want to use
+openssl req -new -key localhost-client.key -out localhost-client.csr -subj "/C=BE/ST=O-VL/L=Ghent/O=MyOrganization/CN=localhost/subjectAltName=uniformResourceIdentifier:https:\/\/archive.org\/services\/purl\/purl\/linkeddatafragments\/webid.ttl#webid" -config webid.cnf
+
+# Sign the request from client with your CA
+openssl x509 -req -in localhost-client.csr -CA localhost-ca.crt -CAkey localhost-ca.key -CAcreateserial -out localhost-client.crt -days 365
+
+# Decode public key to extract exponent and modulus
+echo ""
+echo "Add the following modulus to your webid:"
+openssl rsa -in localhost-client.key -modulus -noout
+echo "Add the following exponent to your webid:"
+openssl rsa -in localhost-client.key -text -noout | awk '/Exponent/ { print $2 }'
+
+# Generate a PK12, which you need for access in the browser
+echo ""
+echo "You must create a p12 passphrase. Consider using 'secret' for testing and demo purposes."
+openssl pkcs12 -export -in localhost-client.crt -inkey localhost-client.key  -out localhost-client.p12
+
+# CLEANUP
+# Delete the csr (we can always regenerate it using the key)
+rm localhost-client.csr
+# Delete the srl 
+rm localhost-ca.srl

config/certs/make-client-certificates.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# This will generate the following keys and certificates in the current directory: 
+# localhost-ca.key & localhost-ca.crt
+# localhost-server.key & localhost-server.crt
+
+# Create a key for your own Certificate Authority
+openssl genrsa -out localhost-ca.key 2048
+
+# Self-sign your Certificate Authority
+openssl req -x509 -new -nodes -key localhost-ca.key -days 365 -out localhost-ca.crt -subj "/C=BE/ST=OVL/L=Ghent/O=MyOrganization/CN=localhost" -config ./webid.cnf
+
+# Create a server certificate 
+# NOTE: You MUST match CN to the domain name or ip address you want to use
+openssl genrsa -out localhost-server.key 2048
+
+# Create a certificate request for the server, which your CA will sign
+openssl req -new -key localhost-server.key -out localhost-server.csr -subj "/C=BE/ST=OVL/L=Ghent/O=MyOrganization/CN=localhost" -config ./webid.cnf
+
+# Sign the request with your CA
+openssl x509  -req -in localhost-server.csr -CA localhost-ca.crt -CAkey localhost-ca.key -CAcreateserial -out localhost-server.crt -days 365
+
+# CLEANUP
+# Delete the csr (we can always regenerate it using the key)
+rm localhost-server.csr
+# Delete the srl 
+rm localhost-ca.srl