summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoe <joe@jerkface.net>2014-05-20 20:47:28 -0400
committerjoe <joe@jerkface.net>2014-05-20 20:47:28 -0400
commitd3b5c1eebb57b492e1b52b5a1111a1fd9bb8b3c6 (patch)
treec84aa4c156c32f7d6d536306135453e7b25d99da
parentb1b7214755b48eb2446e6036183e0f65294a3f25 (diff)
export certOrKey
-rw-r--r--TLSA.hs8
1 files changed, 6 insertions, 2 deletions
diff --git a/TLSA.hs b/TLSA.hs
index 8bc4203..3224397 100644
--- a/TLSA.hs
+++ b/TLSA.hs
@@ -7,6 +7,7 @@ module TLSA
7 , fromByteString 7 , fromByteString
8 , toByteString 8 , toByteString
9 , match 9 , match
10 , certOrKey
10 , IssuanceTest(..) 11 , IssuanceTest(..)
11 , validate 12 , validate
12 ) where 13 ) where
@@ -40,7 +41,7 @@ toWord8 = toEnum . fromEnum
40 41
41-- | The Certificate Usage Field as described in RFC 6698, section 2.1.1. 42-- | The Certificate Usage Field as described in RFC 6698, section 2.1.1.
42-- 43--
43-- It is used by the 'validate' function in making a 'Validation' decision. 44-- It is used by the 'validate' function in making a validation decision.
44data CertUsage 45data CertUsage
45 46
46 -- | This is usage value 0 in RFC 6698. Any CA certificate that 'match'es 47 -- | This is usage value 0 in RFC 6698. Any CA certificate that 'match'es
@@ -233,7 +234,8 @@ data IssuanceTest = IssuanceTest
233 -- ^ This is used to validate a single link in a certificate chain. 234 -- ^ This is used to validate a single link in a certificate chain.
234 , isSignedBy :: SignedCertificate -> PubKey -> Bool 235 , isSignedBy :: SignedCertificate -> PubKey -> Bool
235 -- ^ This is used to check signatures for trust anchor keys that are 236 -- ^ This is used to check signatures for trust anchor keys that are
236 -- supplied via a 'TLSA' record but not otherwise present in the input. 237 -- obtained from a 'TLSA' using 'certOrKey' but are not otherwise present
238 -- in the input.
237 } 239 }
238 240
239-- | Use the the given set of 'TLSA' records to validate or paritally validate 241-- | Use the the given set of 'TLSA' records to validate or paritally validate
@@ -314,6 +316,8 @@ pairings op = loop
314 [] -> (m,[]):loop ms cs 316 [] -> (m,[]):loop ms cs
315 (as,b:bs):_ -> (m,[b]):loop ms (as++bs) 317 (as,b:bs):_ -> (m,[b]):loop ms (as++bs)
316 318
319-- | If a 'SignedCertificate' or a 'PubKey' is embedded in the 'TLSA' record
320-- (i.e. 'matchingType' = 'Match_Exact'), then extract it.
317certOrKey :: TLSA -> Maybe (Either PubKey SignedCertificate) 321certOrKey :: TLSA -> Maybe (Either PubKey SignedCertificate)
318certOrKey tlsa@(matchingType->Match_Exact) = 322certOrKey tlsa@(matchingType->Match_Exact) =
319 case selector tlsa of 323 case selector tlsa of