certificate 1.3.3 → 1.3.5
raw patch · 5 files changed
+45/−27 lines, 5 filesdep +crypto-pubkeydep −cryptocipherPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependencies added: crypto-pubkey
Dependencies removed: cryptocipher
API changes (from Hackage documentation)
- Data.Certificate.X509.Ext: ExtBasicConstraints :: Bool -> ExtBasicConstraints
+ Data.Certificate.X509.Ext: ExtBasicConstraints :: Bool -> (Maybe Integer) -> ExtBasicConstraints
Files
- Certificate.hs +25/−15
- Data/Certificate/KeyDSA.hs +4/−4
- Data/Certificate/X509/Ext.hs +9/−4
- System/Certificate/X509/Unix.hs +5/−2
- certificate.cabal +2/−2
Certificate.hs view
@@ -22,10 +22,15 @@ -- for signing/verifying certificate import qualified Crypto.Hash.SHA1 as SHA1+import qualified Crypto.Hash.SHA224 as SHA224+import qualified Crypto.Hash.SHA256 as SHA256+import qualified Crypto.Hash.SHA512 as SHA512 import qualified Crypto.Hash.MD2 as MD2 import qualified Crypto.Hash.MD5 as MD5-import qualified Crypto.Cipher.RSA as RSA-import qualified Crypto.Cipher.DSA as DSA+import qualified Crypto.PubKey.HashDescr as HD+import qualified Crypto.PubKey.RSA as RSA+import qualified Crypto.PubKey.RSA.PKCS15 as RSA+import qualified Crypto.PubKey.DSA as DSA import Data.ASN1.Encoding import Data.ASN1.BinaryEncoding@@ -115,13 +120,13 @@ showDSAKey :: (DSA.PublicKey,DSA.PrivateKey) -> String showDSAKey (pubkey,privkey) = unlines- [ "priv " ++ (show $ DSA.private_x privkey)- , "pub: " ++ (show $ DSA.public_y pubkey)- , "p: " ++ (show p)- , "q: " ++ (show g)- , "g: " ++ (show q)+ [ "priv " ++ (printf "%x" $ DSA.private_x privkey)+ , "pub: " ++ (printf "%x" $ DSA.public_y pubkey)+ , "p: " ++ (printf "%x" p)+ , "q: " ++ (printf "%x" g)+ , "g: " ++ (printf "%x" q) ]- where (p,g,q) = DSA.private_params privkey+ where (p,q,g) = DSA.private_params privkey showASN1 :: Int -> [ASN1] -> IO () showASN1 at = prettyPrint at where@@ -192,16 +197,21 @@ sigalg (X509.certPubKey syscert) - rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b+ rsaVerify hdesc pk a b = Right $ RSA.verify hdesc pk a b verifyF (X509.SignatureALG hash X509.PubKeyALG_RSA) (X509.PubKeyRSA rsak) =- let (f, asn1) = case hash of- X509.HashMD2 -> (MD2.hash, "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10")- X509.HashMD5 -> (MD5.hash, "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10")- X509.HashSHA1 -> (SHA1.hash, "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14")- _ -> error ("unsupported hash in RSA: " ++ show hash)+ let hdesc = case hash of+ -- "ASN.1 DER X algorithm designator prefix"+ X509.HashMD2 -> HD.hashDescrMD2+ X509.HashMD5 -> HD.hashDescrMD5+ X509.HashSHA1 -> HD.hashDescrSHA1+ X509.HashSHA224 -> HD.hashDescrSHA224+ X509.HashSHA256 -> HD.hashDescrSHA256+ X509.HashSHA384 -> HD.hashDescrSHA384+ X509.HashSHA512 -> HD.hashDescrSHA512+ _ -> error ("unsupported hash in RSA: " ++ show hash) in- rsaVerify f asn1 rsak+ rsaVerify hdesc rsak verifyF (X509.SignatureALG _ X509.PubKeyALG_DSA) (X509.PubKeyDSA dsak) = (\_ _ -> Left "unimplemented DSA checking")
Data/Certificate/KeyDSA.hs view
@@ -22,7 +22,7 @@ parsePrivate :: [ASN1] -> Either String (DSA.PublicKey, DSA.PrivateKey) parsePrivate [ Start Sequence- , IntVal 0, IntVal pub, IntVal priv, IntVal p, IntVal g, IntVal q+ , IntVal 0, IntVal p, IntVal q, IntVal g, IntVal pub, IntVal priv , End Sequence ] = Right (pubkey, privkey) where privkey = DSA.PrivateKey { DSA.private_params = params, DSA.private_x = priv }@@ -42,11 +42,11 @@ where pkseq = [ Start Sequence , IntVal 0- , IntVal $ DSA.public_y pubkey- , IntVal $ DSA.private_x privkey , IntVal p- , IntVal g , IntVal q+ , IntVal g+ , IntVal $ DSA.public_y pubkey+ , IntVal $ DSA.private_x privkey , End Sequence ] (p,g,q) = DSA.private_params privkey
Data/Certificate/X509/Ext.hs view
@@ -65,14 +65,19 @@ | otherwise -> extensionGet xs Left _ -> extensionGet xs -data ExtBasicConstraints = ExtBasicConstraints Bool+data ExtBasicConstraints = ExtBasicConstraints Bool (Maybe Integer) deriving (Show,Eq) instance Extension ExtBasicConstraints where extOID = const [2,5,29,19]- extEncode (ExtBasicConstraints b) = [Start Sequence,Boolean b,End Sequence]- extDecode [Start Sequence,Boolean b,End Sequence] = Right (ExtBasicConstraints b)- extDecode [Start Sequence,End Sequence] = Right (ExtBasicConstraints False)+ extEncode (ExtBasicConstraints b Nothing) = [Start Sequence,Boolean b,End Sequence]+ extEncode (ExtBasicConstraints b (Just i)) = [Start Sequence,Boolean b,IntVal i,End Sequence]++ extDecode [Start Sequence,Boolean b,IntVal v,End Sequence]+ | v >= 0 = Right (ExtBasicConstraints b (Just v))+ | otherwise = Left "invalid pathlen"+ extDecode [Start Sequence,Boolean b,End Sequence] = Right (ExtBasicConstraints b Nothing)+ extDecode [Start Sequence,End Sequence] = Right (ExtBasicConstraints False Nothing) extDecode _ = Left "unknown sequence" data ExtKeyUsage = ExtKeyUsage [ExtKeyUsageFlag]
System/Certificate/X509/Unix.hs view
@@ -59,5 +59,8 @@ inDefault _ = return defaultSystemPath readCertificates :: FilePath -> IO [X509]-readCertificates file = either (const []) (rights . map getCert) . pemParseBS <$> B.readFile file- where getCert pem = decodeCertificate $ L.fromChunks [pemContent pem]+readCertificates file = E.catch (either (const []) (rights . map getCert) . pemParseBS <$> B.readFile file) skipIOError+ where+ getCert pem = decodeCertificate $ L.fromChunks [pemContent pem]+ skipIOError :: E.IOException -> IO [X509]+ skipIOError _ = return []
certificate.cabal view
@@ -1,5 +1,5 @@ Name: certificate-Version: 1.3.3+Version: 1.3.5 Description: Certificates and Key reader/writer .@@ -63,7 +63,7 @@ Build-depends: cmdargs , text >= 0.11 , cryptohash- , cryptocipher >= 0.3.0+ , crypto-pubkey , directory else Buildable: False