x509-ocsp 0.1.1.0 → 0.2.0.0
raw patch · 4 files changed
+41/−34 lines, 4 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
Files
- Changelog.md +6/−0
- Data/X509/OCSP.hs +26/−25
- test/test-ocsp.hs +8/−8
- x509-ocsp.cabal +1/−1
Changelog.md view
@@ -1,3 +1,9 @@+### 0.2.0.0++- **Breaking changes**: flip the order of arguments in *encodeOCSPRequestASN1*+ and *encodeOCSPRequest* (the new order is *cert → issuerCert*).+- Various improvements in the *client-ocsp* example.+ ### 0.1.1.0 - Improvements in module *Data.X509.AIA*.
Data/X509/OCSP.hs view
@@ -74,7 +74,7 @@ , certIdIssuerKeyHash :: ByteString -- ^ Value of /issuerKeyHash/ as defined in /rfc6960/ , certIdSerialNumber :: Integer- -- ^ Serial number of checked certificate+ -- ^ Certificate serial number } deriving (Show, Eq) -- | Build and encode OCSP request in ASN1 format.@@ -82,10 +82,10 @@ -- The returned value contains the encoded request and an object of type -- 'CertId' with hashes calculated by /SHA1/ algorithm. encodeOCSPRequestASN1- :: Certificate -- ^ Issuer certificate- -> Certificate -- ^ Checked certificate+ :: Certificate -- ^ Certificate+ -> Certificate -- ^ Issuer certificate -> ([ASN1], CertId)-encodeOCSPRequestASN1 issuerCert cert =+encodeOCSPRequestASN1 cert issuerCert = let h1 = issuerDNHash cert h2 = pubKeyHash issuerCert sn = certSerial cert@@ -115,8 +115,8 @@ -- The returned value contains the encoded request and an object of type -- 'CertId' with hashes calculated by /SHA1/ algorithm. encodeOCSPRequest- :: Certificate -- ^ Issuer certificate- -> Certificate -- ^ Checked certificate+ :: Certificate -- ^ Certificate+ -> Certificate -- ^ Issuer certificate -> (L.ByteString, CertId) encodeOCSPRequest = (first (encodeASN1 DER) .) . encodeOCSPRequestASN1 @@ -138,25 +138,25 @@ | OCSPRespUnauthorized deriving (Show, Eq, Bounded, Enum) --- | OCSP response payload data.+-- | Payload data of OCSP response. data OCSPResponsePayload = OCSPResponsePayload { ocspRespCertData :: OCSPResponseCertData- -- ^ Checked certificate data+ -- ^ Selected certificate data , ocspRespData :: [ASN1] -- ^ Whole response payload } deriving (Show, Eq) --- | OCSP response certificate data.+-- | Selected certificate data of OCSP response. data OCSPResponseCertData = OCSPResponseCertData { ocspRespCertStatus :: OCSPResponseCertStatus- -- ^ Status of checked certificate+ -- ^ Certificate status , ocspRespCertThisUpdate :: ASN1 -- ^ Value of /thisUpdate/ as defined in /rfc6960/ , ocspRespCertNextUpdate :: Maybe ASN1 -- ^ Value of /nextUpdate/ as defined in /rfc6960/ } deriving (Show, Eq) --- | Status of the checked certificate as defined in /rfc6960/.+-- | Certificate status of OCSP response as defined in /rfc6960/. data OCSPResponseCertStatus = OCSPRespCertGood | OCSPRespCertRevoked | OCSPRespCertUnknown@@ -164,11 +164,12 @@ -- | Decode OCSP response. ----- Value of the /certificate id/ is expected to be equal to what was returned--- by 'encodeOCSPRequest': it is used to check the correctness of the response.+-- The value of the /certificate id/ is expected to be equal to what was+-- returned by 'encodeOCSPRequest' as it is used to check the correctness of+-- the response. ----- /Left/ value gets returned on parse errors detected by 'decodeASN1'.--- /Right/ value with /Nothing/ gets returned on unexpected ASN1 contents.+-- The /Left/ value gets returned on parse errors detected by 'decodeASN1'.+-- The /Right/ value with /Nothing/ gets returned on unexpected ASN.1 contents. decodeOCSPResponse :: CertId -- ^ Certificate Id -> L.ByteString -- ^ OCSP response@@ -177,7 +178,7 @@ [ Start Sequence , Enumerated (toEnum . fromIntegral -> v) , End Sequence- ] -> return $ Just $ OCSPResponse v Nothing+ ] -> Right $ Just $ OCSPResponse v Nothing [ Start Sequence , Enumerated (toEnum . fromIntegral -> v) , Start (Container Context 0)@@ -189,18 +190,18 @@ , End Sequence ] -> do pl <- decodeASN1 DER $ L.fromStrict resp'- return $+ Right $ case pl of Start Sequence : Start Sequence : Start (Container Context ctx)- : c1 | ctx `elem` [0..2] ->+ : c1 | ctx `elem` [0..2] -> do let skipVersion = if ctx == 0 then drop 1 . skipCurrentContainer else id- in Just $ getCurrentContainerContents $- drop 2 $ skipCurrentContainer $ skipVersion c1+ Just $ getCurrentContainerContents $+ drop 2 $ skipCurrentContainer $ skipVersion c1 _ -> Nothing >>= \case Start Sequence@@ -225,17 +226,17 @@ tu@(ASN1Time TimeGeneralized _ _) : c4 -> Just (n, tu, c4) _ -> Nothing- >>= \(st, tu, tc2) ->+ >>= \(st, tu, tc2) -> do let nu = case tc2 of Start (Container Context 0) : t@(ASN1Time TimeGeneralized _ _) : End (Container Context 0) : _ -> Just t _ -> Nothing- in Just $ OCSPResponse v $- Just $ OCSPResponsePayload- (OCSPResponseCertData st tu nu) pl- _ -> return Nothing+ Just $ OCSPResponse v $+ Just $ OCSPResponsePayload+ (OCSPResponseCertData st tu nu) pl+ _ -> Right Nothing where getCurrentContainerContents = fst . getConstructedEnd 0 skipCurrentContainer = snd . getConstructedEnd 0
test/test-ocsp.hs view
@@ -31,12 +31,12 @@ ] testOCSPRequestASN1 :: Certificate -> Certificate -> [ASN1] -> Test-testOCSPRequestASN1 issuerCert cert = TestCase . (buildRequest @?=)- where buildRequest = fst $ encodeOCSPRequestASN1 issuerCert cert+testOCSPRequestASN1 cert issuerCert = TestCase . (buildRequest @?=)+ where buildRequest = fst $ encodeOCSPRequestASN1 cert issuerCert testOCSPRequest :: Certificate -> Certificate -> ByteString -> Test-testOCSPRequest issuerCert cert = TestCase . (buildRequest @?=) . L.fromStrict- where buildRequest = fst $ encodeOCSPRequest issuerCert cert+testOCSPRequest cert issuerCert = TestCase . (buildRequest @?=) . L.fromStrict+ where buildRequest = fst $ encodeOCSPRequest cert issuerCert testOCSPResponse :: CertId -> ByteString -> Test testOCSPResponse certId resp =@@ -49,9 +49,9 @@ main :: IO () main = do certS <- toCertificate <$> B.readFile "test/data/certs/server/server.crt"- certR <- toCertificate <$> B.readFile "test/data/certs/root/rootCA.crt"+ certI <- toCertificate <$> B.readFile "test/data/certs/root/rootCA.crt" - let certId = snd $ encodeOCSPRequestASN1 certR certS+ let certId = snd $ encodeOCSPRequestASN1 certS certI reqDer <- B.readFile "test/data/req.der" let req = either (error . show) id $ decodeASN1 DER $ L.fromStrict reqDer@@ -60,8 +60,8 @@ runTestTTAndExit $ TestList [TestLabel "testAIA" $ testAIA certS- ,TestLabel "testOCSPRequestASN1" $ testOCSPRequestASN1 certR certS req- ,TestLabel "testOCSPRequest" $ testOCSPRequest certR certS reqDer+ ,TestLabel "testOCSPRequestASN1" $ testOCSPRequestASN1 certS certI req+ ,TestLabel "testOCSPRequest" $ testOCSPRequest certS certI reqDer ,TestLabel "testOCSPResponse" $ testOCSPResponse certId respDer ]
x509-ocsp.cabal view
@@ -1,7 +1,7 @@ cabal-version: 2.4 name: x509-ocsp-version: 0.1.1.0+version: 0.2.0.0 synopsis: Basic X509 OCSP implementation description: Build X509 OCSP requests and parse responses homepage: https://github.com/lyokha/x509-ocsp