certificate 0.2 → 0.2.1
raw patch · 2 files changed
+36/−37 lines, 2 filesdep ~asn1-dataPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: asn1-data
API changes (from Hackage documentation)
Files
- Data/Certificate/X509.hs +34/−35
- certificate.cabal +2/−2
Data/Certificate/X509.hs view
@@ -73,36 +73,36 @@ deriving (Show, Eq) data PubKeyDesc =- PubKeyRSA (Int, Integer, Integer) -- len modulus, modulus, e- | PubKeyDSA (L.ByteString, Integer, Integer, Integer) -- pub, p, q, g- | PubKeyUnknown [Word8]+ PubKeyRSA (Int, Integer, Integer) -- ^ RSA format with (len modulus, modulus, e)+ | PubKeyDSA (L.ByteString, Integer, Integer, Integer) -- ^ DSA format with (pub, p, q, g)+ | PubKeyUnknown [Word8] -- ^ unrecognized format deriving (Show,Eq) data PubKey = PubKey SignatureALG PubKeyDesc -- OID RSA|DSA|rawdata deriving (Show,Eq) -data CertificateDN = CertificateDN {- cdnCommonName :: Maybe String,- cdnCountry :: Maybe String,- cdnOrganization :: Maybe String,- cdnOrganizationUnit :: Maybe String,- cdnOthers :: [ (OID, String) ]+data CertificateDN = CertificateDN+ { cdnCommonName :: Maybe String -- ^ Certificate DN Common Name+ , cdnCountry :: Maybe String -- ^ Certificate DN Country of Issuance+ , cdnOrganization :: Maybe String -- ^ Certificate DN Organization+ , cdnOrganizationUnit :: Maybe String -- ^ Certificate DN Organization Unit+ , cdnOthers :: [ (OID, String) ] -- ^ Certificate DN Other Attributes } deriving (Show,Eq) -- FIXME use a proper standard type for representing time. type Time = (Int, Int, Int, Int, Int, Int, Bool) -data Certificate = Certificate {- certVersion :: Int,- certSerial :: Integer,- certSignatureAlg :: SignatureALG,- certIssuerDN :: CertificateDN,- certSubjectDN :: CertificateDN,- certValidity :: (Time, Time),- certPubKey :: PubKey,- certExtensions :: Maybe [ASN1],- certSignature :: Maybe (SignatureALG, [Word8]),- certOthers :: [ASN1]+data Certificate = Certificate+ { certVersion :: Int -- ^ Certificate Version+ , certSerial :: Integer -- ^ Certificate Serial number+ , certSignatureAlg :: SignatureALG -- ^ Certificate Signature algorithm+ , certIssuerDN :: CertificateDN -- ^ Certificate Issuer DN+ , certSubjectDN :: CertificateDN -- ^ Certificate Subject DN+ , certValidity :: (Time, Time) -- ^ Certificate Validity period+ , certPubKey :: PubKey -- ^ Certificate Public key+ , certExtensions :: Maybe [ASN1] -- ^ Certificate Extensions (format will change)+ , certSignature :: Maybe (SignatureALG, [Word8]) -- ^ Certificate Signature Algorithm and Signature+ , certOthers :: [ASN1] -- ^ any others fields not parsed } deriving (Show,Eq) {- | parse a RSA pubkeys from ASN1 encoded bits.@@ -154,8 +154,8 @@ parseCertHeaderVersion = do n <- lookNext v <- case n of- Other Application 0 (Right [ IntVal v ]) -> getNext >> return (fromIntegral v)- _ -> return 1+ Other Context 0 (Right [ IntVal v ]) -> getNext >> return (fromIntegral v)+ _ -> return 1 return v parseCertHeaderSerial :: ParseCert Integer@@ -262,8 +262,8 @@ then do n <- lookNext case n of- Other Application 3 (Right l) -> getNext >> return (Just l)- _ -> return Nothing+ Other Context 3 (Right l) -> getNext >> return (Just l)+ _ -> return Nothing else return Nothing {- | parse header structure of a x509 certificate. it contains@@ -294,8 +294,12 @@ certOthers = l } -processCertificate :: ASN1 -> ASN1 -> ASN1 -> Either String Certificate-processCertificate header sigalg sig = do+{- | parse root structure of a x509 certificate. this has to be a sequence of 3 objects :+ - * the header+ - * the signature algorithm+ - * the signature -}+processCertificate :: ASN1 -> Either String Certificate+processCertificate (Sequence [ header, sigalg, sig ]) = do let sigAlg = case sigalg of Sequence [ OID oid, Null ] -> oidSig oid@@ -310,17 +314,11 @@ either Left (\c -> Right $ c { certSignature = Just (sigAlg, L.unpack sigbits) }) cert _ -> Left "Certificate is not a sequence" --{- | parse root structure of a x509 certificate. this has to be a sequence of 3 objects :- - * the header- - * the signature algorithm- - * the signature -}-parseCertRoot :: ASN1 -> Either String Certificate-parseCertRoot (Sequence [ header, sigalg, sig ]) = processCertificate header sigalg sig-parseCertRoot x = Left ("certificate root element error: " ++ show x)+processCertificate x = Left ("certificate root element error: " ++ show x) +{- | decode a X509 certificate from a bytestring -} decodeCertificate :: L.ByteString -> Either String Certificate-decodeCertificate by = either (Left . show) parseCertRoot $ decodeASN1 by+decodeCertificate by = either (Left . show) processCertificate $ decodeASN1 by encodeDN :: CertificateDN -> ASN1 encodeDN dn = Sequence sets@@ -360,6 +358,7 @@ epkinfo = encodePK $ certPubKey cert others = [] +{-| encode a X509 certificate to a bytestring -} encodeCertificate :: Certificate -> L.ByteString encodeCertificate cert = encodeASN1 rootSeq where
certificate.cabal view
@@ -1,5 +1,5 @@ Name: certificate-Version: 0.2+Version: 0.2.1 Description: Certificates and Key reader/writer .@@ -25,7 +25,7 @@ binary >= 0.5, bytestring, mtl,- asn1-data,+ asn1-data >= 0.2, base64-bytestring Exposed-modules: Data.Certificate.X509, Data.Certificate.PEM,