packages feed

x509-ocsp 0.1.1.0 → 0.2.0.0

raw patch · 4 files changed

+41/−34 lines, 4 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

Files

Changelog.md view
@@ -1,3 +1,9 @@+### 0.2.0.0++- **Breaking changes**: flip the order of arguments in *encodeOCSPRequestASN1*+  and *encodeOCSPRequest* (the new order is *cert → issuerCert*).+- Various improvements in the *client-ocsp* example.+ ### 0.1.1.0  - Improvements in module *Data.X509.AIA*.
Data/X509/OCSP.hs view
@@ -74,7 +74,7 @@                      , certIdIssuerKeyHash :: ByteString                        -- ^ Value of /issuerKeyHash/ as defined in /rfc6960/                      , certIdSerialNumber :: Integer-                       -- ^ Serial number of checked certificate+                       -- ^ Certificate serial number                      } deriving (Show, Eq)  -- | Build and encode OCSP request in ASN1 format.@@ -82,10 +82,10 @@ -- The returned value contains the encoded request and an object of type -- 'CertId' with hashes calculated by /SHA1/ algorithm. encodeOCSPRequestASN1-    :: Certificate              -- ^ Issuer certificate-    -> Certificate              -- ^ Checked certificate+    :: Certificate              -- ^ Certificate+    -> Certificate              -- ^ Issuer certificate     -> ([ASN1], CertId)-encodeOCSPRequestASN1 issuerCert cert =+encodeOCSPRequestASN1 cert issuerCert =     let h1 = issuerDNHash cert         h2 = pubKeyHash issuerCert         sn = certSerial cert@@ -115,8 +115,8 @@ -- The returned value contains the encoded request and an object of type -- 'CertId' with hashes calculated by /SHA1/ algorithm. encodeOCSPRequest-    :: Certificate              -- ^ Issuer certificate-    -> Certificate              -- ^ Checked certificate+    :: Certificate              -- ^ Certificate+    -> Certificate              -- ^ Issuer certificate     -> (L.ByteString, CertId) encodeOCSPRequest = (first (encodeASN1 DER) .) . encodeOCSPRequestASN1 @@ -138,25 +138,25 @@                         | OCSPRespUnauthorized                         deriving (Show, Eq, Bounded, Enum) --- | OCSP response payload data.+-- | Payload data of OCSP response. data OCSPResponsePayload =     OCSPResponsePayload { ocspRespCertData :: OCSPResponseCertData-                          -- ^ Checked certificate data+                          -- ^ Selected certificate data                         , ocspRespData :: [ASN1]                           -- ^ Whole response payload                         } deriving (Show, Eq) --- | OCSP response certificate data.+-- | Selected certificate data of OCSP response. data OCSPResponseCertData =     OCSPResponseCertData { ocspRespCertStatus :: OCSPResponseCertStatus-                           -- ^ Status of checked certificate+                           -- ^ Certificate status                          , ocspRespCertThisUpdate :: ASN1                            -- ^ Value of /thisUpdate/ as defined in /rfc6960/                          , ocspRespCertNextUpdate :: Maybe ASN1                            -- ^ Value of /nextUpdate/ as defined in /rfc6960/                          } deriving (Show, Eq) --- | Status of the checked certificate as defined in /rfc6960/.+-- | Certificate status of OCSP response as defined in /rfc6960/. data OCSPResponseCertStatus = OCSPRespCertGood                             | OCSPRespCertRevoked                             | OCSPRespCertUnknown@@ -164,11 +164,12 @@  -- | Decode OCSP response. ----- Value of the /certificate id/ is expected to be equal to what was returned--- by 'encodeOCSPRequest': it is used to check the correctness of the response.+-- The value of the /certificate id/ is expected to be equal to what was+-- returned by 'encodeOCSPRequest' as it is used to check the correctness of+-- the response. ----- /Left/ value gets returned on parse errors detected by 'decodeASN1'.--- /Right/ value with /Nothing/ gets returned on unexpected ASN1 contents.+-- The /Left/ value gets returned on parse errors detected by 'decodeASN1'.+-- The /Right/ value with /Nothing/ gets returned on unexpected ASN.1 contents. decodeOCSPResponse     :: CertId                   -- ^ Certificate Id     -> L.ByteString             -- ^ OCSP response@@ -177,7 +178,7 @@     [ Start Sequence       , Enumerated (toEnum . fromIntegral -> v)       , End Sequence-      ] -> return $ Just $ OCSPResponse v Nothing+      ] -> Right $ Just $ OCSPResponse v Nothing     [ Start Sequence       , Enumerated (toEnum . fromIntegral -> v)       , Start (Container Context 0)@@ -189,18 +190,18 @@       , End Sequence       ] -> do           pl <- decodeASN1 DER $ L.fromStrict resp'-          return $+          Right $               case pl of                   Start Sequence                     : Start Sequence                     : Start (Container Context ctx)-                    : c1 | ctx `elem` [0..2] ->+                    : c1 | ctx `elem` [0..2] -> do                         let skipVersion =                                 if ctx == 0                                     then drop 1 . skipCurrentContainer                                     else id-                        in Just $ getCurrentContainerContents $-                               drop 2 $ skipCurrentContainer $ skipVersion c1+                        Just $ getCurrentContainerContents $+                            drop 2 $ skipCurrentContainer $ skipVersion c1                   _ -> Nothing               >>= \case                       Start Sequence@@ -225,17 +226,17 @@                                    tu@(ASN1Time TimeGeneralized _ _)                                      : c4 -> Just (n, tu, c4)                                    _ -> Nothing-              >>= \(st, tu, tc2) ->+              >>= \(st, tu, tc2) -> do                   let nu = case tc2 of                                Start (Container Context 0)                                  : t@(ASN1Time TimeGeneralized _ _)                                  : End (Container Context 0)                                  : _ -> Just t                                _ -> Nothing-                  in Just $ OCSPResponse v $-                         Just $ OCSPResponsePayload-                             (OCSPResponseCertData st tu nu) pl-    _ -> return Nothing+                  Just $ OCSPResponse v $+                      Just $ OCSPResponsePayload+                          (OCSPResponseCertData st tu nu) pl+    _ -> Right Nothing     where getCurrentContainerContents = fst . getConstructedEnd 0           skipCurrentContainer = snd . getConstructedEnd 0 
test/test-ocsp.hs view
@@ -31,12 +31,12 @@                   ]   testOCSPRequestASN1 :: Certificate -> Certificate -> [ASN1] -> Test-testOCSPRequestASN1 issuerCert cert = TestCase . (buildRequest @?=)-    where buildRequest = fst $ encodeOCSPRequestASN1 issuerCert cert+testOCSPRequestASN1 cert issuerCert = TestCase . (buildRequest @?=)+    where buildRequest = fst $ encodeOCSPRequestASN1 cert issuerCert   testOCSPRequest :: Certificate -> Certificate -> ByteString -> Test-testOCSPRequest issuerCert cert = TestCase . (buildRequest @?=) . L.fromStrict-    where buildRequest = fst $ encodeOCSPRequest issuerCert cert+testOCSPRequest cert issuerCert = TestCase . (buildRequest @?=) . L.fromStrict+    where buildRequest = fst $ encodeOCSPRequest cert issuerCert   testOCSPResponse :: CertId -> ByteString -> Test testOCSPResponse certId resp =@@ -49,9 +49,9 @@ main :: IO () main = do     certS <- toCertificate <$> B.readFile "test/data/certs/server/server.crt"-    certR <- toCertificate <$> B.readFile "test/data/certs/root/rootCA.crt"+    certI <- toCertificate <$> B.readFile "test/data/certs/root/rootCA.crt" -    let certId = snd $ encodeOCSPRequestASN1 certR certS+    let certId = snd $ encodeOCSPRequestASN1 certS certI      reqDer <- B.readFile "test/data/req.der"     let req = either (error . show) id $ decodeASN1 DER $ L.fromStrict reqDer@@ -60,8 +60,8 @@      runTestTTAndExit $ TestList         [TestLabel "testAIA"             $ testAIA certS-        ,TestLabel "testOCSPRequestASN1" $ testOCSPRequestASN1 certR certS req-        ,TestLabel "testOCSPRequest"     $ testOCSPRequest certR certS reqDer+        ,TestLabel "testOCSPRequestASN1" $ testOCSPRequestASN1 certS certI req+        ,TestLabel "testOCSPRequest"     $ testOCSPRequest certS certI reqDer         ,TestLabel "testOCSPResponse"    $ testOCSPResponse certId respDer         ] 
x509-ocsp.cabal view
@@ -1,7 +1,7 @@ cabal-version:          2.4  name:                   x509-ocsp-version:                0.1.1.0+version:                0.2.0.0 synopsis:               Basic X509 OCSP implementation description:            Build X509 OCSP requests and parse responses homepage:               https://github.com/lyokha/x509-ocsp