packages feed

certificate 1.3.3 → 1.3.5

raw patch · 5 files changed

+45/−27 lines, 5 filesdep +crypto-pubkeydep −cryptocipherPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

Dependencies added: crypto-pubkey

Dependencies removed: cryptocipher

API changes (from Hackage documentation)

- Data.Certificate.X509.Ext: ExtBasicConstraints :: Bool -> ExtBasicConstraints
+ Data.Certificate.X509.Ext: ExtBasicConstraints :: Bool -> (Maybe Integer) -> ExtBasicConstraints

Files

Certificate.hs view
@@ -22,10 +22,15 @@  -- for signing/verifying certificate import qualified Crypto.Hash.SHA1 as SHA1+import qualified Crypto.Hash.SHA224 as SHA224+import qualified Crypto.Hash.SHA256 as SHA256+import qualified Crypto.Hash.SHA512 as SHA512 import qualified Crypto.Hash.MD2 as MD2 import qualified Crypto.Hash.MD5 as MD5-import qualified Crypto.Cipher.RSA as RSA-import qualified Crypto.Cipher.DSA as DSA+import qualified Crypto.PubKey.HashDescr as HD+import qualified Crypto.PubKey.RSA as RSA+import qualified Crypto.PubKey.RSA.PKCS15 as RSA+import qualified Crypto.PubKey.DSA as DSA  import Data.ASN1.Encoding import Data.ASN1.BinaryEncoding@@ -115,13 +120,13 @@  showDSAKey :: (DSA.PublicKey,DSA.PrivateKey) -> String showDSAKey (pubkey,privkey) = unlines-	[ "priv     " ++ (show $ DSA.private_x privkey)-	, "pub:     " ++ (show $ DSA.public_y pubkey)-	, "p:       " ++ (show p)-	, "q:       " ++ (show g)-	, "g:       " ++ (show q)+	[ "priv     " ++ (printf "%x" $ DSA.private_x privkey)+	, "pub:     " ++ (printf "%x" $ DSA.public_y pubkey)+	, "p:       " ++ (printf "%x" p)+	, "q:       " ++ (printf "%x" g)+	, "g:       " ++ (printf "%x" q) 	]-    where (p,g,q) = DSA.private_params privkey+    where (p,q,g) = DSA.private_params privkey  showASN1 :: Int -> [ASN1] -> IO () showASN1 at = prettyPrint at where@@ -192,16 +197,21 @@ 					          sigalg 					          (X509.certPubKey syscert) -		rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b+		rsaVerify hdesc pk a b = Right $ RSA.verify hdesc pk a b  		verifyF (X509.SignatureALG hash X509.PubKeyALG_RSA) (X509.PubKeyRSA rsak) =-			let (f, asn1) = case hash of-				X509.HashMD2  -> (MD2.hash, "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10")-				X509.HashMD5  -> (MD5.hash, "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10")-				X509.HashSHA1 -> (SHA1.hash, "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14")-				_             -> error ("unsupported hash in RSA: " ++ show hash)+			let hdesc = case hash of+				-- "ASN.1 DER X algorithm designator prefix"+				X509.HashMD2    -> HD.hashDescrMD2+				X509.HashMD5    -> HD.hashDescrMD5+				X509.HashSHA1   -> HD.hashDescrSHA1+				X509.HashSHA224 -> HD.hashDescrSHA224+				X509.HashSHA256 -> HD.hashDescrSHA256+				X509.HashSHA384 -> HD.hashDescrSHA384+				X509.HashSHA512 -> HD.hashDescrSHA512+				_               -> error ("unsupported hash in RSA: " ++ show hash) 				in-			rsaVerify f asn1 rsak+			rsaVerify hdesc rsak  		verifyF (X509.SignatureALG _ X509.PubKeyALG_DSA) (X509.PubKeyDSA dsak) = 			(\_ _ -> Left "unimplemented DSA checking")
Data/Certificate/KeyDSA.hs view
@@ -22,7 +22,7 @@ parsePrivate :: [ASN1] -> Either String (DSA.PublicKey, DSA.PrivateKey) parsePrivate         [ Start Sequence-        , IntVal 0, IntVal pub, IntVal priv, IntVal p, IntVal g, IntVal q+        , IntVal 0, IntVal p, IntVal q, IntVal g, IntVal pub, IntVal priv         , End Sequence ] = Right (pubkey, privkey)     where         privkey = DSA.PrivateKey { DSA.private_params = params, DSA.private_x = priv }@@ -42,11 +42,11 @@         where pkseq =                 [ Start Sequence                 , IntVal 0-                , IntVal $ DSA.public_y pubkey-                , IntVal $ DSA.private_x privkey                 , IntVal p-                , IntVal g                 , IntVal q+                , IntVal g+                , IntVal $ DSA.public_y pubkey+                , IntVal $ DSA.private_x privkey                 , End Sequence                 ]               (p,g,q) = DSA.private_params privkey
Data/Certificate/X509/Ext.hs view
@@ -65,14 +65,19 @@                 | otherwise       -> extensionGet xs         Left _                    -> extensionGet xs -data ExtBasicConstraints = ExtBasicConstraints Bool+data ExtBasicConstraints = ExtBasicConstraints Bool (Maybe Integer)         deriving (Show,Eq)  instance Extension ExtBasicConstraints where         extOID = const [2,5,29,19]-        extEncode (ExtBasicConstraints b) = [Start Sequence,Boolean b,End Sequence]-        extDecode [Start Sequence,Boolean b,End Sequence] = Right (ExtBasicConstraints b)-        extDecode [Start Sequence,End Sequence] = Right (ExtBasicConstraints False)+        extEncode (ExtBasicConstraints b Nothing)  = [Start Sequence,Boolean b,End Sequence]+        extEncode (ExtBasicConstraints b (Just i)) = [Start Sequence,Boolean b,IntVal i,End Sequence]++        extDecode [Start Sequence,Boolean b,IntVal v,End Sequence]+            | v >= 0    = Right (ExtBasicConstraints b (Just v))+            | otherwise = Left "invalid pathlen"+        extDecode [Start Sequence,Boolean b,End Sequence] = Right (ExtBasicConstraints b Nothing)+        extDecode [Start Sequence,End Sequence] = Right (ExtBasicConstraints False Nothing)         extDecode _ = Left "unknown sequence"  data ExtKeyUsage = ExtKeyUsage [ExtKeyUsageFlag]
System/Certificate/X509/Unix.hs view
@@ -59,5 +59,8 @@         inDefault _ = return defaultSystemPath  readCertificates :: FilePath -> IO [X509]-readCertificates file = either (const []) (rights . map getCert) . pemParseBS <$> B.readFile file-    where getCert pem = decodeCertificate $ L.fromChunks [pemContent pem]+readCertificates file = E.catch (either (const []) (rights . map getCert) . pemParseBS <$> B.readFile file) skipIOError+    where+        getCert pem = decodeCertificate $ L.fromChunks [pemContent pem]+        skipIOError :: E.IOException -> IO [X509]+        skipIOError _ = return []
certificate.cabal view
@@ -1,5 +1,5 @@ Name:                certificate-Version:             1.3.3+Version:             1.3.5 Description:     Certificates and Key reader/writer     .@@ -63,7 +63,7 @@     Build-depends:   cmdargs                    , text >= 0.11                    , cryptohash-                   , cryptocipher >= 0.3.0+                   , crypto-pubkey                    , directory   else     Buildable:       False