diff options
author | joe <joe@jerkface.net> | 2014-05-20 20:47:28 -0400 |
---|---|---|
committer | joe <joe@jerkface.net> | 2014-05-20 20:47:28 -0400 |
commit | d3b5c1eebb57b492e1b52b5a1111a1fd9bb8b3c6 (patch) | |
tree | c84aa4c156c32f7d6d536306135453e7b25d99da | |
parent | b1b7214755b48eb2446e6036183e0f65294a3f25 (diff) |
export certOrKey
-rw-r--r-- | TLSA.hs | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -7,6 +7,7 @@ module TLSA | |||
7 | , fromByteString | 7 | , fromByteString |
8 | , toByteString | 8 | , toByteString |
9 | , match | 9 | , match |
10 | , certOrKey | ||
10 | , IssuanceTest(..) | 11 | , IssuanceTest(..) |
11 | , validate | 12 | , validate |
12 | ) where | 13 | ) where |
@@ -40,7 +41,7 @@ toWord8 = toEnum . fromEnum | |||
40 | 41 | ||
41 | -- | The Certificate Usage Field as described in RFC 6698, section 2.1.1. | 42 | -- | The Certificate Usage Field as described in RFC 6698, section 2.1.1. |
42 | -- | 43 | -- |
43 | -- It is used by the 'validate' function in making a 'Validation' decision. | 44 | -- It is used by the 'validate' function in making a validation decision. |
44 | data CertUsage | 45 | data CertUsage |
45 | 46 | ||
46 | -- | This is usage value 0 in RFC 6698. Any CA certificate that 'match'es | 47 | -- | This is usage value 0 in RFC 6698. Any CA certificate that 'match'es |
@@ -233,7 +234,8 @@ data IssuanceTest = IssuanceTest | |||
233 | -- ^ This is used to validate a single link in a certificate chain. | 234 | -- ^ This is used to validate a single link in a certificate chain. |
234 | , isSignedBy :: SignedCertificate -> PubKey -> Bool | 235 | , isSignedBy :: SignedCertificate -> PubKey -> Bool |
235 | -- ^ This is used to check signatures for trust anchor keys that are | 236 | -- ^ This is used to check signatures for trust anchor keys that are |
236 | -- supplied via a 'TLSA' record but not otherwise present in the input. | 237 | -- obtained from a 'TLSA' using 'certOrKey' but are not otherwise present |
238 | -- in the input. | ||
237 | } | 239 | } |
238 | 240 | ||
239 | -- | Use the the given set of 'TLSA' records to validate or paritally validate | 241 | -- | Use the the given set of 'TLSA' records to validate or paritally validate |
@@ -314,6 +316,8 @@ pairings op = loop | |||
314 | [] -> (m,[]):loop ms cs | 316 | [] -> (m,[]):loop ms cs |
315 | (as,b:bs):_ -> (m,[b]):loop ms (as++bs) | 317 | (as,b:bs):_ -> (m,[b]):loop ms (as++bs) |
316 | 318 | ||
319 | -- | If a 'SignedCertificate' or a 'PubKey' is embedded in the 'TLSA' record | ||
320 | -- (i.e. 'matchingType' = 'Match_Exact'), then extract it. | ||
317 | certOrKey :: TLSA -> Maybe (Either PubKey SignedCertificate) | 321 | certOrKey :: TLSA -> Maybe (Either PubKey SignedCertificate) |
318 | certOrKey tlsa@(matchingType->Match_Exact) = | 322 | certOrKey tlsa@(matchingType->Match_Exact) = |
319 | case selector tlsa of | 323 | case selector tlsa of |