diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-20 06:34:44 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-20 06:34:44 -0500 |
commit | df5eb4c682ddda18282d6d2230b1451c4dcd644f (patch) | |
tree | 8dd3ed58e9f62916ad9c63ea432571129f70d8dc | |
parent | 84a16ec6d536837861d543f6ff42d042151fbe52 (diff) |
fix all GHC warnings
-rw-r--r-- | acme-encrypt.cabal | 2 | ||||
-rw-r--r-- | acme.hs | 18 |
2 files changed, 18 insertions, 2 deletions
diff --git a/acme-encrypt.cabal b/acme-encrypt.cabal index 371f8fe..0faf99b 100644 --- a/acme-encrypt.cabal +++ b/acme-encrypt.cabal | |||
@@ -20,7 +20,7 @@ cabal-version: >=1.10 | |||
20 | executable acme-encrypt-exe | 20 | executable acme-encrypt-exe |
21 | -- hs-source-dirs: app | 21 | -- hs-source-dirs: app |
22 | main-is: acme.hs | 22 | main-is: acme.hs |
23 | ghc-options: -threaded -rtsopts -with-rtsopts=-N | 23 | ghc-options: -threaded -rtsopts -with-rtsopts=-N -Wall |
24 | build-depends: base, cryptonite, aeson, bytestring, base64-bytestring, SHA, text, HsOpenSSL, process | 24 | build-depends: base, cryptonite, aeson, bytestring, base64-bytestring, SHA, text, HsOpenSSL, process |
25 | -- , acme-encrypt | 25 | -- , acme-encrypt |
26 | default-language: Haskell2010 | 26 | default-language: Haskell2010 |
@@ -73,21 +73,25 @@ main = do | |||
73 | 73 | ||
74 | -------------------------------------------------------------------------------- | 74 | -------------------------------------------------------------------------------- |
75 | -- | Sign and write a payload to a file with a nonce-protected header. | 75 | -- | Sign and write a payload to a file with a nonce-protected header. |
76 | signPayload :: RSAKey k => String -> k -> ByteString -> ByteString -> IO () | ||
76 | signPayload name key protected payload = do | 77 | signPayload name key protected payload = do |
77 | writePayload name protected payload | 78 | writePayload name protected payload |
78 | sig <- sign name | 79 | sig <- sign name |
79 | writeBody name key protected payload sig | 80 | writeBody name key protected payload sig |
80 | 81 | ||
81 | -- | Write a payload to file with a nonce-protected header. | 82 | -- | Write a payload to file with a nonce-protected header. |
83 | writePayload :: String -> ByteString -> ByteString -> IO () | ||
82 | writePayload name protected payload = | 84 | writePayload name protected payload = |
83 | LB.writeFile (name ++ ".txt") (LB.fromChunks [protected, ".", payload]) | 85 | LB.writeFile (name ++ ".txt") (LB.fromChunks [protected, ".", payload]) |
84 | 86 | ||
85 | -- | Sign a payload file using the user key. | 87 | -- | Sign a payload file using the user key. |
88 | sign :: String -> IO ByteString | ||
86 | sign name = do | 89 | sign name = do |
87 | sign_ (name ++ ".txt") (name ++ ".sig") | 90 | sign_ (name ++ ".txt") (name ++ ".sig") |
88 | sig_ <- B.readFile (name ++ ".sig") | 91 | sig_ <- B.readFile (name ++ ".sig") |
89 | return (b64 sig_) | 92 | return (b64 sig_) |
90 | 93 | ||
94 | sign_ :: String -> String -> IO () | ||
91 | sign_ inp out = do | 95 | sign_ inp out = do |
92 | _ <- readProcess "openssl" | 96 | _ <- readProcess "openssl" |
93 | [ "dgst", "-sha256" | 97 | [ "dgst", "-sha256" |
@@ -100,37 +104,49 @@ sign_ inp out = do | |||
100 | 104 | ||
101 | -- | Write a signed payload to a file. It can be used as the body of a POST | 105 | -- | Write a signed payload to a file. It can be used as the body of a POST |
102 | -- request. | 106 | -- request. |
107 | writeBody :: RSAKey k => String -> k -> ByteString -> ByteString -> ByteString -> IO () | ||
103 | writeBody name key protected payload sig = LB.writeFile (name ++ ".body") | 108 | writeBody name key protected payload sig = LB.writeFile (name ++ ".body") |
104 | (encode (Request (header' key) protected payload sig)) | 109 | (encode (Request (header' key) protected payload sig)) |
105 | 110 | ||
106 | -------------------------------------------------------------------------------- | 111 | -------------------------------------------------------------------------------- |
107 | -- | Base64URL encoding of Integer with padding '=' removed. | 112 | -- | Base64URL encoding of Integer with padding '=' removed. |
113 | b64i :: Integer -> ByteString | ||
108 | b64i = b64 . i2osp | 114 | b64i = b64 . i2osp |
109 | 115 | ||
116 | b64 :: ByteString -> ByteString | ||
110 | b64 = B.takeWhile (/= 61) . Base64.encode | 117 | b64 = B.takeWhile (/= 61) . Base64.encode |
111 | 118 | ||
119 | toStrict :: LB.ByteString -> ByteString | ||
112 | toStrict = B.concat . LB.toChunks | 120 | toStrict = B.concat . LB.toChunks |
113 | 121 | ||
122 | header' :: RSAKey k => k -> Header | ||
114 | header' key = Header "RS256" (JWK (rsaE key) "RSA" (rsaN key)) Nothing | 123 | header' key = Header "RS256" (JWK (rsaE key) "RSA" (rsaN key)) Nothing |
115 | 124 | ||
125 | header :: RSAKey k => k -> String -> ByteString | ||
116 | header key nonce = (toStrict . encode) | 126 | header key nonce = (toStrict . encode) |
117 | (Header "RS256" (JWK (rsaE key) "RSA" (rsaN key)) (Just nonce)) | 127 | (Header "RS256" (JWK (rsaE key) "RSA" (rsaN key)) (Just nonce)) |
118 | 128 | ||
119 | -- | Registration payload to sign with user key. | 129 | -- | Registration payload to sign with user key. |
120 | registration email = (b64 . toStrict . encode) (Reg email terms) | 130 | registration :: String -> ByteString |
131 | registration emailAddr = (b64 . toStrict . encode) (Reg emailAddr terms) | ||
121 | 132 | ||
122 | -- | Challenge request payload to sign with user key. | 133 | -- | Challenge request payload to sign with user key. |
134 | authz :: String -> ByteString | ||
123 | authz = b64. toStrict . encode . Authz | 135 | authz = b64. toStrict . encode . Authz |
124 | 136 | ||
125 | -- | Challenge response payload to sign with user key. | 137 | -- | Challenge response payload to sign with user key. |
138 | challenge :: ByteString -> ByteString | ||
126 | challenge = b64 . toStrict . encode . Challenge . BC.unpack | 139 | challenge = b64 . toStrict . encode . Challenge . BC.unpack |
127 | 140 | ||
128 | -- | CSR request payload to sign with user key. | 141 | -- | CSR request payload to sign with user key. |
142 | csr :: ByteString -> ByteString | ||
129 | csr = b64 . toStrict . encode . CSR . b64 | 143 | csr = b64 . toStrict . encode . CSR . b64 |
130 | 144 | ||
145 | thumbprint :: JWK -> ByteString | ||
131 | thumbprint = b64 . toStrict .bytestringDigest . sha256 . encodeOrdered | 146 | thumbprint = b64 . toStrict .bytestringDigest . sha256 . encodeOrdered |
132 | 147 | ||
133 | -- | There is an `encodePretty'` in `aeson-pretty`, but do it by hand here. | 148 | -- | There is an `encodePretty'` in `aeson-pretty`, but do it by hand here. |
149 | encodeOrdered :: JWK -> LB.ByteString | ||
134 | encodeOrdered JWK{..} = LC.pack $ | 150 | encodeOrdered JWK{..} = LC.pack $ |
135 | "{\"e\":\"" ++ hE' ++ "\",\"kty\":\"" ++ hKty ++ "\",\"n\":\"" ++ hN' ++ "\"}" | 151 | "{\"e\":\"" ++ hE' ++ "\",\"kty\":\"" ++ hKty ++ "\",\"n\":\"" ++ hN' ++ "\"}" |
136 | where | 152 | where |