diff options
| author | joe <joe@jerkface.net> | 2014-05-20 18:48:23 -0400 |
|---|---|---|
| committer | joe <joe@jerkface.net> | 2014-05-20 18:48:23 -0400 |
| commit | c7f0c80ab09c3ff8de29e2c4e0da6900f483bccd (patch) | |
| tree | b969e93ac12dbed89f1a9696478130da79373528 | |
| parent | ddbd029984f703d9c15fb646dfbbfe84d3352e0d (diff) | |
documentaiton tweeks
| -rw-r--r-- | TLSA.hs | 15 | ||||
| -rw-r--r-- | validatecert.hs | 2 |
2 files changed, 9 insertions, 8 deletions
| @@ -237,13 +237,13 @@ data IssuanceTest = IssuanceTest | |||
| 237 | -- supplied via a 'TLSA' record but not otherwise present in the chain. | 237 | -- supplied via a 'TLSA' record but not otherwise present in the chain. |
| 238 | } | 238 | } |
| 239 | 239 | ||
| 240 | -- | Use the the given set of 'TLSA' records to validate, or paritally validate | 240 | -- | Use the the given set of 'TLSA' records to validate or paritally validate |
| 241 | -- a certificate, given a list of other probably relevent certificates. Results | 241 | -- a certificate given a list of other probably relevent certificates. Results |
| 242 | -- are interpreted as follows: | 242 | -- are interpreted as follows: |
| 243 | -- | 243 | -- |
| 244 | -- [@ Nothing @] The certificate passed validation. | 244 | -- [@ Nothing @] The certificate PASSED validation. |
| 245 | -- | 245 | -- |
| 246 | -- [@ Just \[\] @] Failed validation. | 246 | -- [@ Just \[\] @] The certificate FAILED validation. |
| 247 | -- | 247 | -- |
| 248 | -- [@ Just xss @] A set of certificate issued-by chains. If you trust any | 248 | -- [@ Just xss @] A set of certificate issued-by chains. If you trust any |
| 249 | -- certificate in any of these chains, you may consider the | 249 | -- certificate in any of these chains, you may consider the |
| @@ -252,11 +252,12 @@ data IssuanceTest = IssuanceTest | |||
| 252 | validate :: IssuanceTest -> [TLSA] -> SignedCertificate -> [SignedCertificate] | 252 | validate :: IssuanceTest -> [TLSA] -> SignedCertificate -> [SignedCertificate] |
| 253 | -> Maybe [[SignedCertificate]] | 253 | -> Maybe [[SignedCertificate]] |
| 254 | validate (IssuanceTest isIssuedBy isSignedBy) rs cert chain | 254 | validate (IssuanceTest isIssuedBy isSignedBy) rs cert chain |
| 255 | | not (null domainIssued) = Nothing | 255 | | domainIssued = Nothing |
| 256 | | any hasAnchor chains = Nothing | 256 | | any hasAnchor chains = Nothing |
| 257 | | null rs = Just $ (certv !) .: chains | ||
| 257 | | otherwise = Just $ (certv !) .: filter satisfiesConstraints chains | 258 | | otherwise = Just $ (certv !) .: filter satisfiesConstraints chains |
| 258 | where | 259 | where |
| 259 | domainIssued = filter (`match` cert) daneEEs | 260 | domainIssued = any (`match` cert) daneEEs |
| 260 | 261 | ||
| 261 | threshold = length chain | 262 | threshold = length chain |
| 262 | 263 | ||
diff --git a/validatecert.hs b/validatecert.hs index 1871b24..6984b2c 100644 --- a/validatecert.hs +++ b/validatecert.hs | |||
| @@ -18,7 +18,7 @@ import System.IO | |||
| 18 | import Data.Map ( Map ) | 18 | import Data.Map ( Map ) |
| 19 | import Data.Time.LocalTime ( getZonedTime ) | 19 | import Data.Time.LocalTime ( getZonedTime ) |
| 20 | import Data.Time.Format ( formatTime ) | 20 | import Data.Time.Format ( formatTime ) |
| 21 | import Data.X509 as X509 ( SignedCertificate, Certificate, decodeSignedObject, getCertificate ) | 21 | import Data.X509 as X509 ( SignedCertificate, decodeSignedObject ) |
| 22 | import System.Exit | 22 | import System.Exit |
| 23 | import System.Posix.Process ( getProcessID ) | 23 | import System.Posix.Process ( getProcessID ) |
| 24 | import System.Locale ( defaultTimeLocale ) | 24 | import System.Locale ( defaultTimeLocale ) |