1 files changed, 5 insertions, 19 deletions
diff --git a/src/Network/ACME/Encoding.hs b/src/Network/ACME/Encoding.hs
index dc2c963..315ff49 100644
--- a/src/Network/ACME/Encoding.hs
+++ b/src/Network/ACME/Encoding.hs
@@ -3,8 +3,6 @@
 {-# LANGUAGE ScopedTypeVariables #-}
 module Network.ACME.Encoding (
-    Keys(..),
-    readKeys,
    thumbprint,
    JWK(..),
    toStrict,
@@ -12,7 +10,7 @@ module Network.ACME.Encoding (
    challenge,
    registration,
    authz,
-    signPayload,
+    signPayload',
    ) where
 import           Crypto.Number.Serialize    (i2osp)
@@ -27,29 +25,17 @@ import           Data.Digest.Pure.SHA       (bytestringDigest, sha256)
 import           Data.Maybe
 import           Data.Text.Encoding         (decodeUtf8)
 import           OpenSSL
-import           OpenSSL.EVP.Digest
-import           OpenSSL.EVP.PKey
-import           OpenSSL.EVP.Sign
-import           OpenSSL.PEM
 import           OpenSSL.RSA
 import           Text.Email.Validate
 import qualified Data.Text                  as T
-data Keys = Keys RSAKeyPair RSAPubKey
-readKeys :: String -> IO (Maybe Keys)
-readKeys privKeyData = do
-  keypair :: SomeKeyPair <- readPrivateKey privKeyData PwTTY
-  let (priv :: Maybe RSAKeyPair) = toKeyPair keypair
-  pub <- maybe (return Nothing) (fmap Just . rsaCopyPublic) priv
-  return $ Keys <$> priv <*> pub
 --------------------------------------------------------------------------------
 -- | Sign return a payload with a nonce-protected header.
-signPayload :: Keys -> String -> ByteString -> IO LC.ByteString
-signPayload (Keys priv pub) nonce_ payload = withOpenSSL $ do
+signPayload' :: (ByteString -> IO ByteString) -> RSAPubKey -> String -> ByteString -> IO LC.ByteString
+signPayload' sign pub nonce_ payload = withOpenSSL $ do
  let protected = b64 (header pub nonce_)
-  Just dig <- getDigestByName "SHA256"
+  sig <- b64 <$> sign (B.concat [protected, ".", payload])
-  sig <- b64 <$> signBS dig priv (B.concat [protected, ".", payload])
  return $ encode (Request (header' pub) protected payload sig)
 --------------------------------------------------------------------------------

diff --git a/src/Network/ACME/Encoding.hs b/src/Network/ACME/Encoding.hs index dc2c963..315ff49 100644 --- a/src/Network/ACME/Encoding.hs +++ b/src/Network/ACME/Encoding.hs
@@ -3,8 +3,6 @@
3	{-# LANGUAGE ScopedTypeVariables #-}	3	{-# LANGUAGE ScopedTypeVariables #-}
4		4
5	module Network.ACME.Encoding (	5	module Network.ACME.Encoding (
6	Keys(..),
7	readKeys,
8	thumbprint,	6	thumbprint,
9	JWK(..),	7	JWK(..),
10	toStrict,	8	toStrict,
@@ -12,7 +10,7 @@ module Network.ACME.Encoding (
12	challenge,	10	challenge,
13	registration,	11	registration,
14	authz,	12	authz,
15	signPayload,	13	signPayload',
16	) where	14	) where
17		15
18	import Crypto.Number.Serialize (i2osp)	16	import Crypto.Number.Serialize (i2osp)
@@ -27,29 +25,17 @@ import Data.Digest.Pure.SHA (bytestringDigest, sha256)
27	import Data.Maybe	25	import Data.Maybe
28	import Data.Text.Encoding (decodeUtf8)	26	import Data.Text.Encoding (decodeUtf8)
29	import OpenSSL	27	import OpenSSL
30	import OpenSSL.EVP.Digest
31	import OpenSSL.EVP.PKey
32	import OpenSSL.EVP.Sign
33	import OpenSSL.PEM
34	import OpenSSL.RSA	28	import OpenSSL.RSA
35	import Text.Email.Validate	29	import Text.Email.Validate
36	import qualified Data.Text as T	30	import qualified Data.Text as T
37		31
38	data Keys = Keys RSAKeyPair RSAPubKey
39	readKeys :: String -> IO (Maybe Keys)
40	readKeys privKeyData = do
41	keypair :: SomeKeyPair <- readPrivateKey privKeyData PwTTY
42	let (priv :: Maybe RSAKeyPair) = toKeyPair keypair
43	pub <- maybe (return Nothing) (fmap Just . rsaCopyPublic) priv
44	return $ Keys <$> priv <*> pub
45
46	--------------------------------------------------------------------------------	32	--------------------------------------------------------------------------------
47	-- \| Sign return a payload with a nonce-protected header.	33	-- \| Sign return a payload with a nonce-protected header.
48	signPayload :: Keys -> String -> ByteString -> IO LC.ByteString	34
49	signPayload (Keys priv pub) nonce_ payload = withOpenSSL $ do	35	signPayload' :: (ByteString -> IO ByteString) -> RSAPubKey -> String -> ByteString -> IO LC.ByteString
		36	signPayload' sign pub nonce_ payload = withOpenSSL $ do
50	let protected = b64 (header pub nonce_)	37	let protected = b64 (header pub nonce_)
51	Just dig <- getDigestByName "SHA256"	38	sig <- b64 <$> sign (B.concat [protected, ".", payload])
52	sig <- b64 <$> signBS dig priv (B.concat [protected, ".", payload])
53	return $ encode (Request (header' pub) protected payload sig)	39	return $ encode (Request (header' pub) protected payload sig)
54		40
55	--------------------------------------------------------------------------------	41	--------------------------------------------------------------------------------