Safe Haskell | None |
---|---|
Language | Haskell2010 |
Implement the correct HTTPS client configuration for using Great Black Swamp. This is necessary and correct for authenticating Great Black Swamp's self-authenticating URLs.
Synopsis
- newtype SPKIHash = SPKIHash ByteString
- mkGBSManagerSettings :: SPKIHash -> Text -> ManagerSettings
- gbsTLSSettings :: SPKIHash -> TLSSettings
- validateGBSCertificate :: SPKIHash -> CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason]
- sha256 :: ByteString -> ByteString
- spki :: Certificate -> PubKey
- spkiBytes :: Certificate -> ByteString
- spkiFingerprint :: Certificate -> SPKIHash
- addAuthorization :: Applicative f => Text -> Request -> f Request
- addAuthorizationPrint :: Text -> Request -> IO Request
Documentation
:: SPKIHash | The SPKI hash of the certificate of the storage service to access. |
-> Text | The secret capability identifying the storage service to access. |
-> ManagerSettings | The settings. |
Create a ManagerSettings suitable for use with Great Black Swamp client requests.
gbsTLSSettings :: SPKIHash -> TLSSettings Source #
The TLSSettings suitable for use with Great Black Swamp client requests. These ensure we can authenticate the server before using it.
validateGBSCertificate :: SPKIHash -> CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason] Source #
Determine the validity of an x509 certificate presented during a TLS handshake for a GBS connection.
The certificate is considered valid if its signature can be validated and the sha256 hash of its SPKI fields match the expected value.
If not exactly one certificate is presented then validation fails.
sha256 :: ByteString -> ByteString Source #
spki :: Certificate -> PubKey Source #
Extract the SubjectPublicKeyInfo from a Certificate.
The PubKey type contains all of the values related to the SubjectPublicKeyInfo and serializes correctly for this type so we just extract that.
spkiBytes :: Certificate -> ByteString Source #
Construct the bytes which can be hashed to produce the SPKI Fingerprint for the given Certificate.
spkiFingerprint :: Certificate -> SPKIHash Source #
Compute the SPKI Fingerprint (RFC 7469) for the given Certificate.
addAuthorization :: Applicative f => Text -> Request -> f Request Source #