diff options
| author | joe <joe@jerkface.net> | 2014-05-20 20:47:28 -0400 |
|---|---|---|
| committer | joe <joe@jerkface.net> | 2014-05-20 20:47:28 -0400 |
| commit | d3b5c1eebb57b492e1b52b5a1111a1fd9bb8b3c6 (patch) | |
| tree | c84aa4c156c32f7d6d536306135453e7b25d99da /TLSA.hs | |
| parent | b1b7214755b48eb2446e6036183e0f65294a3f25 (diff) | |
export certOrKey
Diffstat (limited to 'TLSA.hs')
| -rw-r--r-- | TLSA.hs | 8 |
1 files changed, 6 insertions, 2 deletions
| @@ -7,6 +7,7 @@ module TLSA | |||
| 7 | , fromByteString | 7 | , fromByteString |
| 8 | , toByteString | 8 | , toByteString |
| 9 | , match | 9 | , match |
| 10 | , certOrKey | ||
| 10 | , IssuanceTest(..) | 11 | , IssuanceTest(..) |
| 11 | , validate | 12 | , validate |
| 12 | ) where | 13 | ) where |
| @@ -40,7 +41,7 @@ toWord8 = toEnum . fromEnum | |||
| 40 | 41 | ||
| 41 | -- | The Certificate Usage Field as described in RFC 6698, section 2.1.1. | 42 | -- | The Certificate Usage Field as described in RFC 6698, section 2.1.1. |
| 42 | -- | 43 | -- |
| 43 | -- It is used by the 'validate' function in making a 'Validation' decision. | 44 | -- It is used by the 'validate' function in making a validation decision. |
| 44 | data CertUsage | 45 | data CertUsage |
| 45 | 46 | ||
| 46 | -- | This is usage value 0 in RFC 6698. Any CA certificate that 'match'es | 47 | -- | This is usage value 0 in RFC 6698. Any CA certificate that 'match'es |
| @@ -233,7 +234,8 @@ data IssuanceTest = IssuanceTest | |||
| 233 | -- ^ This is used to validate a single link in a certificate chain. | 234 | -- ^ This is used to validate a single link in a certificate chain. |
| 234 | , isSignedBy :: SignedCertificate -> PubKey -> Bool | 235 | , isSignedBy :: SignedCertificate -> PubKey -> Bool |
| 235 | -- ^ This is used to check signatures for trust anchor keys that are | 236 | -- ^ This is used to check signatures for trust anchor keys that are |
| 236 | -- supplied via a 'TLSA' record but not otherwise present in the input. | 237 | -- obtained from a 'TLSA' using 'certOrKey' but are not otherwise present |
| 238 | -- in the input. | ||
| 237 | } | 239 | } |
| 238 | 240 | ||
| 239 | -- | Use the the given set of 'TLSA' records to validate or paritally validate | 241 | -- | Use the the given set of 'TLSA' records to validate or paritally validate |
| @@ -314,6 +316,8 @@ pairings op = loop | |||
| 314 | [] -> (m,[]):loop ms cs | 316 | [] -> (m,[]):loop ms cs |
| 315 | (as,b:bs):_ -> (m,[b]):loop ms (as++bs) | 317 | (as,b:bs):_ -> (m,[b]):loop ms (as++bs) |
| 316 | 318 | ||
| 319 | -- | If a 'SignedCertificate' or a 'PubKey' is embedded in the 'TLSA' record | ||
| 320 | -- (i.e. 'matchingType' = 'Match_Exact'), then extract it. | ||
| 317 | certOrKey :: TLSA -> Maybe (Either PubKey SignedCertificate) | 321 | certOrKey :: TLSA -> Maybe (Either PubKey SignedCertificate) |
| 318 | certOrKey tlsa@(matchingType->Match_Exact) = | 322 | certOrKey tlsa@(matchingType->Match_Exact) = |
| 319 | case selector tlsa of | 323 | case selector tlsa of |