certificate 0.7.0 → 0.8.0
raw patch · 5 files changed
+40/−98 lines, 5 filesdep +Win32dep ~asn1-datadep ~base
Dependencies added: Win32
Dependency ranges changed: asn1-data, base
Files
- Certificate.hs +16/−16
- Data/Certificate/X509.hs +6/−5
- Data/Certificate/X509Cert.hs +1/−2
- System/Certificate/X509.hs +10/−72
- certificate.cabal +7/−3
Certificate.hs view
@@ -1,4 +1,4 @@-{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveDataTypeable, OverloadedStrings #-} import qualified Data.ByteString.Lazy as L import qualified Data.ByteString.Lazy.Char8 as LC@@ -32,12 +32,12 @@ | n > 0xa = showHex n "" | otherwise = "0" ++ showHex n "" -showDN dn = mapM_ (\(oid, (_,t)) -> putStrLn (" " ++ show oid ++ ": " ++ T.unpack t)) dn+showDN dn = mapM_ (\(oid, (_,t)) -> putStrLn (" " ++ show oid ++ ": " ++ t)) dn showExts e = putStrLn $ show e showCert :: X509.X509 -> IO ()-showCert (X509.X509 cert _ sigalg sigbits) = do+showCert (X509.X509 cert _ _ sigalg sigbits) = do putStrLn ("version: " ++ show (X509.certVersion cert)) putStrLn ("serial: " ++ show (X509.certSerial cert)) putStrLn ("sigalg: " ++ show (X509.certSignatureAlg cert))@@ -94,7 +94,7 @@ p (OID is) = putStr ("OID: " ++ show is) p (Real d) = putStr "real" p (Enumerated) = putStr "enum"- p (UTF8String t) = putStr ("utf8string:" ++ T.unpack t)+ p (UTF8String t) = putStr ("utf8string:" ++ t) p (Start Sequence) = putStr "sequence" p (End Sequence) = putStr "end-sequence" p (Start Set) = putStr "set"@@ -102,7 +102,7 @@ p (Start _) = putStr "container" p (End _) = putStr "end-container" p (NumericString bs) = putStr "numericstring:"- p (PrintableString t) = putStr ("printablestring: " ++ T.unpack t)+ p (PrintableString t) = putStr ("printablestring: " ++ t) p (T61String bs) = putStr "t61string:" p (VideoTexString bs) = putStr "videotexstring:" p (IA5String bs) = putStr "ia5string:"@@ -111,9 +111,9 @@ p (GraphicString bs) = putStr "graphicstring:" p (VisibleString bs) = putStr "visiblestring:" p (GeneralString bs) = putStr "generalstring:"- p (UniversalString t) = putStr ("universalstring:" ++ T.unpack t)+ p (UniversalString t) = putStr ("universalstring:" ++ t) p (CharacterString bs) = putStr "characterstring:"- p (BMPString t) = putStr ("bmpstring: " ++ T.unpack t)+ p (BMPString t) = putStr ("bmpstring: " ++ t) p (Other tc tn x) = putStr "other" doMain :: CertMainOpts -> IO ()@@ -133,11 +133,11 @@ when (verify opts) $ verifyCert x509 exitSuccess where- verifyCert x509@(X509.X509 cert _ sigalg sig) = do+ verifyCert x509@(X509.X509 cert _ _ sigalg sig) = do sysx509 <- SysCert.findCertificate (matchsysX509 cert) case sysx509 of Nothing -> putStrLn "couldn't find signing certificate"- Just (X509.X509 syscert _ _ _) -> do+ Just (X509.X509 syscert _ _ _ _) -> do verifyAlg (B.concat $ L.toChunks $ X509.getSigningData x509) (B.pack sig) sigalg@@ -145,14 +145,14 @@ rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b - verifyF X509.SignatureALG_md2WithRSAEncryption (X509.PubKeyRSA rsakey) =- rsaVerify MD2.hash (B.pack [0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10]) (mkRSA rsakey)+ verifyF X509.SignatureALG_md2WithRSAEncryption (X509.PubKeyRSA rsak) = rsaVerify MD2.hash asn1 (mkRSA rsak)+ where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10" - verifyF X509.SignatureALG_md5WithRSAEncryption (X509.PubKeyRSA rsakey) =- rsaVerify MD5.hash (B.pack [0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10]) (mkRSA rsakey)+ verifyF X509.SignatureALG_md5WithRSAEncryption (X509.PubKeyRSA rsak) = rsaVerify MD5.hash asn1 (mkRSA rsak)+ where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10" - verifyF X509.SignatureALG_sha1WithRSAEncryption (X509.PubKeyRSA rsakey) =- rsaVerify SHA1.hash (B.pack [0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10]) (mkRSA rsakey)+ verifyF X509.SignatureALG_sha1WithRSAEncryption (X509.PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 (mkRSA rsak)+ where asn1 = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14" verifyF X509.SignatureALG_dsaWithSHA1 (X509.PubKeyDSA (pub,p,q,g)) = (\_ _ -> Left "unimplemented DSA checking")@@ -170,7 +170,7 @@ Right True -> putStrLn "certificate verified" Right False -> putStrLn "certificate not verified" - matchsysX509 cert (X509.X509 syscert _ _ _) = do+ matchsysX509 cert (X509.X509 syscert _ _ _ _) = do let x = X509.certSubjectDN syscert let y = X509.certIssuerDN cert x == y
Data/Certificate/X509.hs view
@@ -38,14 +38,14 @@ import Data.Certificate.X509Internal import Data.Certificate.X509Cert -data X509 = X509 Certificate (Maybe L.ByteString) SignatureALG [Word8]+data X509 = X509 Certificate (Maybe L.ByteString) (Maybe L.ByteString) SignatureALG [Word8] deriving (Show,Eq) {- | get signing data related to a X509 message, - which is either the cached data or the encoded certificate -} getSigningData :: X509 -> L.ByteString-getSigningData (X509 _ (Just e) _ _) = e-getSigningData (X509 cert Nothing _ _) = e+getSigningData (X509 _ (Just e) _ _ _) = e+getSigningData (X509 cert Nothing _ _ _) = e where (Right e) = encodeASN1Stream header header = asn1Container Sequence $ encodeCertificateHeader cert@@ -72,7 +72,7 @@ (Right c, [BitString _ b]) -> let certevs = toBytes $ concatMap snd certrepr in let sigalg = onContainer sigalgseq (parseSigAlg . map fst) in- Right $ X509 c (Just certevs) sigalg (L.unpack b)+ Right $ X509 c (Just certevs) (Just by) sigalg (L.unpack b) (Left err, _) -> Left $ ("certificate error: " ++ show err) _ -> Left $ "certificate structure error" where@@ -89,7 +89,8 @@ {-| encode a X509 certificate to a bytestring -} encodeCertificate :: X509 -> L.ByteString-encodeCertificate (X509 cert _ sigalg sigbits) = case encodeASN1Stream rootSeq of+encodeCertificate (X509 _ _ (Just lbs) _ _ ) = lbs+encodeCertificate (X509 cert _ Nothing sigalg sigbits) = case encodeASN1Stream rootSeq of Right x -> x Left err -> error (show err) where
Data/Certificate/X509Cert.hs view
@@ -29,7 +29,6 @@ import Data.ASN1.DER import Data.Maybe import Data.ByteString.Lazy (ByteString)-import Data.Text.Lazy (Text) import qualified Data.ByteString.Lazy as L import Control.Monad.State import Control.Monad.Error@@ -79,7 +78,7 @@ deriving (Show, Eq) data ASN1StringType = UTF8 | Printable | Univ | BMP | IA5 | T61 deriving (Show,Eq)-type ASN1String = (ASN1StringType, Text)+type ASN1String = (ASN1StringType, String) data Certificate = Certificate { certVersion :: Int -- ^ Certificate Version
System/Certificate/X509.hs view
@@ -1,81 +1,19 @@+{-# LANGUAGE CPP #-} -- | -- Module : System.Certificate.X509 -- License : BSD-style -- Maintainer : Vincent Hanquez <vincent@snarc.org> -- Stability : experimental--- Portability : linux only------ this module is portable to unix system where there is usually--- a /etc/ssl/certs with system X509 certificates.------ the path can be dynamically override using the environment variable--- defined by envPathOverride in the module, which by--- default is SYSTEM_CERTIFICATE_PATH+-- Portability : good -- module System.Certificate.X509- ( getSystemPath- , readAll- , findCertificate+ ( findCertificate ) where -import System.Directory (getDirectoryContents)-import System.Environment (getEnv)-import Data.List (isPrefixOf)--import Data.Either-import Data.Certificate.X509-import Data.Certificate.PEM-import qualified Data.ByteString as B-import qualified Data.ByteString.Lazy as L--import Control.Applicative ((<$>))-import Control.Exception-import Control.Monad--import Prelude hiding (catch)--defaultSystemPath :: FilePath-defaultSystemPath = "/etc/ssl/certs/"--envPathOverride :: String-envPathOverride = "SYSTEM_CERTIFICATE_PATH"--getSystemPath :: IO FilePath-getSystemPath = catch (getEnv envPathOverride) inDefault- where- inDefault :: IOException -> IO FilePath- inDefault _ = return defaultSystemPath--data ReadErr =- Exception IOException- | CertError String- deriving (Show,Eq)--readCertificate :: FilePath -> IO (Either ReadErr X509)-readCertificate file = do- rawdata <- try $ B.readFile file :: IO (Either IOException B.ByteString)- either (return . Left . Exception) parseCert $ rawdata- where- parseCert pemdata = case parsePEMCert pemdata of- Nothing -> return $ Left $ CertError "certificate not in PEM format"- Just certdata -> do- return $ either (Left . CertError) Right $ decodeCertificate $ L.fromChunks [certdata]--readAll :: IO [Either ReadErr X509]-readAll = do- path <- getSystemPath- certfiles <- filter (not . isPrefixOf ".") <$> getDirectoryContents path- forM certfiles $ \certfile -> readCertificate (path ++ certfile)--findCertificate :: (X509 -> Bool) -> IO (Maybe X509)-findCertificate f = do- path <- getSystemPath- certfiles <- filter (not . isPrefixOf ".") <$> getDirectoryContents path- loop $ map (path ++) certfiles- where- loop [] = return Nothing- loop (x:xs) = do- ox509 <- readCertificate x- case ox509 of- Left _ -> loop xs- Right x509 -> if f x509 then return $ Just x509 else loop xs+#if defined(WINDOWS)+import System.Certificate.X509.Win32+#elif defined(MACOSX)+import System.Certificate.X509.MacOS+#else+import System.Certificate.X509.Unix+#endif
certificate.cabal view
@@ -1,5 +1,5 @@ Name: certificate-Version: 0.7.0+Version: 0.8.0 Description: Certificates and Key reader/writer .@@ -28,9 +28,8 @@ Library Build-Depends: base >= 3 && < 5 , bytestring- , text >= 0.11 , mtl- , asn1-data >= 0.4.6 && < 0.5+ , asn1-data >= 0.5.0 && < 0.6 , base64-bytestring , directory Exposed-modules: Data.Certificate.X509,@@ -41,6 +40,11 @@ System.Certificate.X509 Other-modules: Data.Certificate.X509Internal ghc-options: -Wall+ if os(windows)+ cpp-options: -DWINDOWS+ Build-Depends: Win32+ if os(OSX)+ cpp-options: -DMACOSX Executable certificate Main-Is: Certificate.hs