Safe Haskell | None |
---|---|
Language | Haskell2010 |
Hackage.Security.Server
Contents
- Re-exports
- Key types
- Types abstracting over key types
- Key types in isolation
- Hiding key types
- Operations on keys
- Key IDs
- Signing
- Types
- Utility
- Cache layout
- Repository layout
- Repository layout
- TUF types
- Repository
- Index
- Cache
- Datatypes
- TUF types
- Construction and verification
- JSON aids
- Avoid interpreting signatures
- TUF types
Description
Main entry point into the Hackage Security framework for clients
Synopsis
- class FromJSON m a where
- class ToJSON m a where
- data WriteJSON a
- data ReadJSON_NoKeys_NoLayout a
- data ReadJSON_Keys_NoLayout a
- data ReadJSON_Keys_Layout a
- data DeserializationError
- parseJSON_Keys_Layout :: FromJSON ReadJSON_Keys_Layout a => KeyEnv -> RepoLayout -> ByteString -> Either DeserializationError a
- parseJSON_Keys_NoLayout :: FromJSON ReadJSON_Keys_NoLayout a => KeyEnv -> ByteString -> Either DeserializationError a
- parseJSON_NoKeys_NoLayout :: FromJSON ReadJSON_NoKeys_NoLayout a => ByteString -> Either DeserializationError a
- readJSON_Keys_Layout :: (FsRoot root, FromJSON ReadJSON_Keys_Layout a) => KeyEnv -> RepoLayout -> Path root -> IO (Either DeserializationError a)
- readJSON_Keys_NoLayout :: (FsRoot root, FromJSON ReadJSON_Keys_NoLayout a) => KeyEnv -> Path root -> IO (Either DeserializationError a)
- readJSON_NoKeys_NoLayout :: (FsRoot root, FromJSON ReadJSON_NoKeys_NoLayout a) => Path root -> IO (Either DeserializationError a)
- renderJSON :: ToJSON WriteJSON a => RepoLayout -> a -> ByteString
- renderJSON_NoLayout :: ToJSON Identity a => a -> ByteString
- writeJSON :: ToJSON WriteJSON a => RepoLayout -> Path Absolute -> a -> IO ()
- writeJSON_NoLayout :: ToJSON Identity a => Path Absolute -> a -> IO ()
- data Ed25519
- data Key a where
- KeyEd25519 :: PublicKey -> SecretKey -> Key Ed25519
- data PublicKey a where
- data PrivateKey a where
- data KeyType typ where
- somePublicKey :: Some Key -> Some PublicKey
- somePublicKeyType :: Some PublicKey -> Some KeyType
- someKeyId :: HasKeyId key => Some key -> KeyId
- publicKey :: Key a -> PublicKey a
- privateKey :: Key a -> PrivateKey a
- createKey :: KeyType key -> IO (Key key)
- createKey' :: KeyType key -> IO (Some Key)
- newtype KeyId = KeyId {}
- class HasKeyId key where
- sign :: PrivateKey typ -> ByteString -> ByteString
- verify :: PublicKey typ -> ByteString -> ByteString -> Bool
- newtype FileLength = FileLength {
- fileLength :: Int54
- newtype Hash = Hash String
- newtype KeyThreshold = KeyThreshold Int54
- data FileInfo = FileInfo {}
- data HashFn
- newtype Hash = Hash String
- fileInfo :: ByteString -> FileInfo
- computeFileInfo :: FsRoot root => Path root -> IO FileInfo
- compareTrustedFileInfo :: FileInfo -> FileInfo -> Bool
- knownFileInfoEqual :: FileInfo -> FileInfo -> Bool
- fileInfoSHA256 :: FileInfo -> Maybe Hash
- data Int54
- data FileChange
- data TargetPath
- data FileMap
- fileMapChanges :: FileMap -> FileMap -> Map TargetPath FileChange
- class HasHeader a where
- fileExpires :: Lens' a FileExpires
- fileVersion :: Lens' a FileVersion
- newtype FileVersion = FileVersion Int54
- newtype FileExpires = FileExpires (Maybe UTCTime)
- data Header = Header {}
- expiresInDays :: UTCTime -> Integer -> FileExpires
- expiresNever :: FileExpires
- isExpired :: UTCTime -> FileExpires -> Bool
- versionInitial :: FileVersion
- versionIncrement :: FileVersion -> FileVersion
- data CacheLayout = CacheLayout {}
- cabalCacheLayout :: CacheLayout
- data IndexLayout = IndexLayout {
- indexFileToPath :: forall dec. IndexFile dec -> IndexPath
- indexFileFromPath :: IndexPath -> Maybe (Some IndexFile)
- data IndexFile :: * -> * where
- IndexPkgMetadata :: PackageIdentifier -> IndexFile (Signed Targets)
- IndexPkgCabal :: PackageIdentifier -> IndexFile ()
- IndexPkgPrefs :: PackageName -> IndexFile ()
- hackageIndexLayout :: IndexLayout
- indexLayoutPkgMetadata :: IndexLayout -> PackageIdentifier -> IndexPath
- indexLayoutPkgCabal :: IndexLayout -> PackageIdentifier -> IndexPath
- indexLayoutPkgPrefs :: IndexLayout -> PackageName -> IndexPath
- data RepoLayout = RepoLayout {}
- hackageRepoLayout :: RepoLayout
- cabalLocalRepoLayout :: RepoLayout
- data Mirrors = Mirrors {}
- data Mirror = Mirror {}
- data MirrorContent = MirrorFull
- type MirrorDescription = String
- describeMirror :: Mirror -> MirrorDescription
- data RepoRoot
- type RepoPath = Path RepoRoot
- anchorRepoPathLocally :: Path root -> RepoPath -> Path root
- anchorRepoPathRemotely :: Path Web -> RepoPath -> Path Web
- data IndexRoot
- type IndexPath = Path IndexRoot
- data CacheRoot
- type CachePath = Path CacheRoot
- anchorCachePath :: Path root -> CachePath -> Path root
- data Root = Root {}
- data RootRoles = RootRoles {}
- data RoleSpec a = RoleSpec {}
- data Signed a = Signed {
- signed :: a
- signatures :: Signatures
- newtype Signatures = Signatures [Signature]
- data Signature = Signature {}
- unsigned :: a -> Signed a
- withSignatures :: ToJSON WriteJSON a => RepoLayout -> [Some Key] -> a -> Signed a
- withSignatures' :: ToJSON Identity a => [Some Key] -> a -> Signed a
- signRendered :: [Some Key] -> ByteString -> Signatures
- verifySignature :: ByteString -> Signature -> Bool
- signedFromJSON :: (MonadKeys m, FromJSON m a) => JSValue -> m (Signed a)
- verifySignatures :: JSValue -> Signatures -> Bool
- data UninterpretedSignatures a = UninterpretedSignatures {}
- data PreSignature = PreSignature {}
- fromPreSignature :: MonadKeys m => PreSignature -> m Signature
- fromPreSignatures :: MonadKeys m => [PreSignature] -> m Signatures
- toPreSignature :: Signature -> PreSignature
- toPreSignatures :: Signatures -> [PreSignature]
- data Snapshot = Snapshot {}
- data Targets = Targets {}
- data Delegations = Delegations {}
- data DelegationSpec = DelegationSpec {}
- data Delegation = Delegation (Pattern a) (Replacement a)
- targetsLookup :: TargetPath -> Targets -> Maybe FileInfo
- data Timestamp = Timestamp {}
Re-exports
class FromJSON m a where Source #
Instances
class ToJSON m a where Source #
Instances
Instances
Monad WriteJSON Source # | |
Functor WriteJSON Source # | |
Applicative WriteJSON Source # | |
MonadReader RepoLayout WriteJSON Source # | |
Defined in Hackage.Security.JSON Methods ask :: WriteJSON RepoLayout # local :: (RepoLayout -> RepoLayout) -> WriteJSON a -> WriteJSON a # reader :: (RepoLayout -> a) -> WriteJSON a # |
data ReadJSON_NoKeys_NoLayout a Source #
Instances
data ReadJSON_Keys_NoLayout a Source #
Instances
data ReadJSON_Keys_Layout a Source #
Instances
data DeserializationError Source #
Constructors
DeserializationErrorMalformed String | Malformed JSON has syntax errors in the JSON itself (i.e., we cannot even parse it to a JSValue) |
DeserializationErrorSchema String | Invalid JSON has valid syntax but invalid structure The string gives a hint about what we expected instead |
DeserializationErrorUnknownKey KeyId | The JSON file contains a key ID of an unknown key |
DeserializationErrorValidation String | Some verification step failed |
DeserializationErrorFileType String String | Wrong file type Records actual and expected types. |
Instances
parseJSON_Keys_Layout :: FromJSON ReadJSON_Keys_Layout a => KeyEnv -> RepoLayout -> ByteString -> Either DeserializationError a Source #
parseJSON_Keys_NoLayout :: FromJSON ReadJSON_Keys_NoLayout a => KeyEnv -> ByteString -> Either DeserializationError a Source #
parseJSON_NoKeys_NoLayout :: FromJSON ReadJSON_NoKeys_NoLayout a => ByteString -> Either DeserializationError a Source #
readJSON_Keys_Layout :: (FsRoot root, FromJSON ReadJSON_Keys_Layout a) => KeyEnv -> RepoLayout -> Path root -> IO (Either DeserializationError a) Source #
readJSON_Keys_NoLayout :: (FsRoot root, FromJSON ReadJSON_Keys_NoLayout a) => KeyEnv -> Path root -> IO (Either DeserializationError a) Source #
readJSON_NoKeys_NoLayout :: (FsRoot root, FromJSON ReadJSON_NoKeys_NoLayout a) => Path root -> IO (Either DeserializationError a) Source #
renderJSON :: ToJSON WriteJSON a => RepoLayout -> a -> ByteString Source #
Render to canonical JSON format
renderJSON_NoLayout :: ToJSON Identity a => a -> ByteString Source #
Variation on renderJSON
for files that don't require the repo layout
Key types
Types abstracting over key types
Constructors
KeyEd25519 :: PublicKey -> SecretKey -> Key Ed25519 |
data PublicKey a where Source #
Constructors
PublicKeyEd25519 :: PublicKey -> PublicKey Ed25519 |
Instances
SomeShow PublicKey Source # | |
SomeEq PublicKey Source # | |
HasKeyId PublicKey Source # | |
ReportSchemaErrors m => FromJSON m (Some PublicKey) Source # | |
Monad m => ToJSON m (Some PublicKey) Source # | |
Monad m => ToJSON m (PublicKey typ) Source # | |
Eq (PublicKey typ) Source # | |
Show (PublicKey typ) Source # | |
data PrivateKey a where Source #
Constructors
PrivateKeyEd25519 :: SecretKey -> PrivateKey Ed25519 |
Instances
SomeShow PrivateKey Source # | |
Defined in Hackage.Security.Key Methods someShow :: DictShow (PrivateKey a) Source # | |
SomeEq PrivateKey Source # | |
Defined in Hackage.Security.Key Methods someEq :: DictEq (PrivateKey a) Source # | |
Eq (PrivateKey typ) Source # | |
Defined in Hackage.Security.Key Methods (==) :: PrivateKey typ -> PrivateKey typ -> Bool # (/=) :: PrivateKey typ -> PrivateKey typ -> Bool # | |
Show (PrivateKey typ) Source # | |
Defined in Hackage.Security.Key Methods showsPrec :: Int -> PrivateKey typ -> ShowS # show :: PrivateKey typ -> String # showList :: [PrivateKey typ] -> ShowS # |
Key types in isolation
data KeyType typ where Source #
Constructors
KeyTypeEd25519 :: KeyType Ed25519 |
Hiding key types
Operations on keys
privateKey :: Key a -> PrivateKey a Source #
Key IDs
The key ID of a key, by definition, is the hexdigest of the SHA-256 hash of the canonical JSON form of the key where the private object key is excluded.
NOTE: The FromJSON and ToJSON instances for KeyId are ntentially omitted. Use writeKeyAsId instead.
Constructors
KeyId | |
Fields |
Signing
sign :: PrivateKey typ -> ByteString -> ByteString Source #
Sign a bytestring and return the signature
TODO: It is unfortunate that we have to convert to a strict bytestring for ed25519
verify :: PublicKey typ -> ByteString -> ByteString -> Bool Source #
Types
newtype FileLength Source #
File length
Having verified file length information means we can protect against endless data attacks and similar.
Constructors
FileLength | |
Fields
|
Instances
Eq FileLength Source # | |
Defined in Hackage.Security.TUF.Common | |
Ord FileLength Source # | |
Defined in Hackage.Security.TUF.Common Methods compare :: FileLength -> FileLength -> Ordering # (<) :: FileLength -> FileLength -> Bool # (<=) :: FileLength -> FileLength -> Bool # (>) :: FileLength -> FileLength -> Bool # (>=) :: FileLength -> FileLength -> Bool # max :: FileLength -> FileLength -> FileLength # min :: FileLength -> FileLength -> FileLength # | |
Show FileLength Source # | |
Defined in Hackage.Security.TUF.Common Methods showsPrec :: Int -> FileLength -> ShowS # show :: FileLength -> String # showList :: [FileLength] -> ShowS # | |
ReportSchemaErrors m => FromJSON m FileLength Source # | |
Defined in Hackage.Security.TUF.Common Methods fromJSON :: JSValue -> m FileLength Source # | |
Monad m => ToJSON m FileLength Source # | |
Defined in Hackage.Security.TUF.Common Methods toJSON :: FileLength -> m JSValue Source # |
File hash
newtype KeyThreshold Source #
Key threshold
The key threshold is the minimum number of keys a document must be signed
with. Key thresholds are specified in RoleSpec
or DelegationsSpec
.
Constructors
KeyThreshold Int54 |
Instances
Eq KeyThreshold Source # | |
Defined in Hackage.Security.TUF.Common | |
Ord KeyThreshold Source # | |
Defined in Hackage.Security.TUF.Common Methods compare :: KeyThreshold -> KeyThreshold -> Ordering # (<) :: KeyThreshold -> KeyThreshold -> Bool # (<=) :: KeyThreshold -> KeyThreshold -> Bool # (>) :: KeyThreshold -> KeyThreshold -> Bool # (>=) :: KeyThreshold -> KeyThreshold -> Bool # max :: KeyThreshold -> KeyThreshold -> KeyThreshold # min :: KeyThreshold -> KeyThreshold -> KeyThreshold # | |
Show KeyThreshold Source # | |
Defined in Hackage.Security.TUF.Common Methods showsPrec :: Int -> KeyThreshold -> ShowS # show :: KeyThreshold -> String # showList :: [KeyThreshold] -> ShowS # | |
ReportSchemaErrors m => FromJSON m KeyThreshold Source # | |
Defined in Hackage.Security.TUF.Common Methods fromJSON :: JSValue -> m KeyThreshold Source # | |
Monad m => ToJSON m KeyThreshold Source # | |
Defined in Hackage.Security.TUF.Common Methods toJSON :: KeyThreshold -> m JSValue Source # |
File information
This intentionally does not have an Eq
instance; see knownFileInfoEqual
and verifyFileInfo
instead.
NOTE: Throughout we compute file information always over the raw bytes.
For example, when timestamp.json
lists the hash of snapshot.json
, this
hash is computed over the actual snapshot.json
file (as opposed to the
canonical form of the embedded JSON). This brings it in line with the hash
computed over target files, where that is the only choice available.
Constructors
FileInfo | |
Fields |
Constructors
HashFnSHA256 | |
HashFnMD5 |
Instances
Eq HashFn Source # | |
Ord HashFn Source # | |
Show HashFn Source # | |
ReportSchemaErrors m => FromObjectKey m HashFn Source # | |
Defined in Hackage.Security.TUF.FileInfo | |
Monad m => ToObjectKey m HashFn Source # | |
Defined in Hackage.Security.TUF.FileInfo Methods toObjectKey :: HashFn -> m String Source # |
File hash
Utility
fileInfo :: ByteString -> FileInfo Source #
Compute FileInfo
TODO: Currently this will load the entire input bytestring into memory. We need to make this incremental, by computing the length and all hashes in a single traversal over the input.
Re-exports
54-bit integer values
JavaScript can only safely represent numbers between -(2^53 - 1)
and
2^53 - 1
.
TODO: Although we introduce the type here, we don't actually do any bounds
checking and just inherit all type class instance from Int64. We should
probably define fromInteger
to do bounds checking, give different instances
for type classes such as Bounded
and FiniteBits
, etc.
Instances
data FileChange Source #
Constructors
FileChanged FileInfo | File got added or modified; we record the new file info |
FileDeleted | File got deleted |
Instances
Show FileChange Source # | |
Defined in Hackage.Security.TUF.FileMap Methods showsPrec :: Int -> FileChange -> ShowS # show :: FileChange -> String # showList :: [FileChange] -> ShowS # |
data TargetPath Source #
Entries in FileMap
either talk about the repository or the index
Constructors
TargetPathRepo RepoPath | |
TargetPathIndex IndexPath |
Instances
Mapping from paths to file info
File maps are used in target files; the paths are relative to the location of the target files containing the file map.
Arguments
:: FileMap | Old |
-> FileMap | New |
-> Map TargetPath FileChange |
class HasHeader a where Source #
Methods
fileExpires :: Lens' a FileExpires Source #
File expiry date
fileVersion :: Lens' a FileVersion Source #
File version (monotonically increasing counter)
Instances
HasHeader Header Source # | |
Defined in Hackage.Security.TUF.Header Methods fileExpires :: Lens' Header FileExpires Source # fileVersion :: Lens' Header FileVersion Source # | |
HasHeader Mirrors Source # | |
Defined in Hackage.Security.TUF.Mirrors Methods fileExpires :: Lens' Mirrors FileExpires Source # fileVersion :: Lens' Mirrors FileVersion Source # | |
HasHeader Timestamp Source # | |
Defined in Hackage.Security.TUF.Timestamp Methods fileExpires :: Lens' Timestamp FileExpires Source # fileVersion :: Lens' Timestamp FileVersion Source # | |
HasHeader Targets Source # | |
Defined in Hackage.Security.TUF.Targets Methods fileExpires :: Lens' Targets FileExpires Source # fileVersion :: Lens' Targets FileVersion Source # | |
HasHeader Snapshot Source # | |
Defined in Hackage.Security.TUF.Snapshot Methods fileExpires :: Lens' Snapshot FileExpires Source # fileVersion :: Lens' Snapshot FileVersion Source # | |
HasHeader Root Source # | |
Defined in Hackage.Security.TUF.Root |
newtype FileVersion Source #
File version
The file version is a flat integer which must monotonically increase on every file update.
Show
and Read
instance are defined in terms of the underlying Int
(this is use for example by hackage during the backup process).
Constructors
FileVersion Int54 |
Instances
newtype FileExpires Source #
File expiry date
A Nothing
value here means no expiry. That makes it possible to set some
files to never expire. (Note that not having the Maybe in the type here still
allows that, because you could set an expiry date 2000 years into the future.
By having the Maybe here we avoid the _need_ for such encoding issues.)
Constructors
FileExpires (Maybe UTCTime) |
Instances
Eq FileExpires Source # | |
Defined in Hackage.Security.TUF.Header | |
Ord FileExpires Source # | |
Defined in Hackage.Security.TUF.Header Methods compare :: FileExpires -> FileExpires -> Ordering # (<) :: FileExpires -> FileExpires -> Bool # (<=) :: FileExpires -> FileExpires -> Bool # (>) :: FileExpires -> FileExpires -> Bool # (>=) :: FileExpires -> FileExpires -> Bool # max :: FileExpires -> FileExpires -> FileExpires # min :: FileExpires -> FileExpires -> FileExpires # | |
Show FileExpires Source # | |
Defined in Hackage.Security.TUF.Header Methods showsPrec :: Int -> FileExpires -> ShowS # show :: FileExpires -> String # showList :: [FileExpires] -> ShowS # | |
ReportSchemaErrors m => FromJSON m FileExpires Source # | |
Defined in Hackage.Security.TUF.Header Methods fromJSON :: JSValue -> m FileExpires Source # | |
Monad m => ToJSON m FileExpires Source # | |
Defined in Hackage.Security.TUF.Header Methods toJSON :: FileExpires -> m JSValue Source # |
Occassionally it is useful to read only a header from a file.
HeaderOnly
intentionally only has a FromJSON
instance (no ToJSON
).
Constructors
Header | |
Fields |
Instances
HasHeader Header Source # | |
Defined in Hackage.Security.TUF.Header Methods fileExpires :: Lens' Header FileExpires Source # fileVersion :: Lens' Header FileVersion Source # | |
ReportSchemaErrors m => FromJSON m Header Source # | |
Utility
expiresInDays :: UTCTime -> Integer -> FileExpires Source #
Cache layout
data CacheLayout Source #
Location of the various files we cache
Although the generic TUF algorithms do not care how we organize the cache,
we nonetheless specity this here because as long as there are tools which
access files in the cache directly we need to define the cache layout.
See also comments for defaultCacheLayout
.
Constructors
CacheLayout | |
Fields
|
cabalCacheLayout :: CacheLayout Source #
The cache layout cabal-install uses
We cache the index as cache/00-index.tar
; this is important because
`cabal-install` expects to find it there (and does not currently go through
the hackage-security library to get files from the index).
Repository layout
data IndexLayout Source #
Layout of the files within the index tarball
Constructors
IndexLayout | |
Fields
|
data IndexFile :: * -> * where Source #
Files that we might request from the index
The type index tells us the type of the decoded file, if any. For files for
which the library does not support decoding this will be ()
.
NOTE: Clients should NOT rely on this type index being ()
, or they might
break if we add support for parsing additional file formats in the future.
TODO: If we wanted to support legacy Hackage, we should also have a case for the global preferred-versions file. But supporting legacy Hackage will probably require more work anyway..
Constructors
IndexPkgMetadata :: PackageIdentifier -> IndexFile (Signed Targets) | |
IndexPkgCabal :: PackageIdentifier -> IndexFile () | |
IndexPkgPrefs :: PackageName -> IndexFile () |
hackageIndexLayout :: IndexLayout Source #
The layout of the index as maintained on Hackage
Utility
Repository layout
data RepoLayout Source #
Layout of a repository
Constructors
RepoLayout | |
Fields
|
Instances
MonadReader RepoLayout WriteJSON Source # | |
Defined in Hackage.Security.JSON Methods ask :: WriteJSON RepoLayout # local :: (RepoLayout -> RepoLayout) -> WriteJSON a -> WriteJSON a # reader :: (RepoLayout -> a) -> WriteJSON a # | |
MonadReader RepoLayout ReadJSON_Keys_Layout Source # | |
Defined in Hackage.Security.JSON Methods ask :: ReadJSON_Keys_Layout RepoLayout # local :: (RepoLayout -> RepoLayout) -> ReadJSON_Keys_Layout a -> ReadJSON_Keys_Layout a # reader :: (RepoLayout -> a) -> ReadJSON_Keys_Layout a # |
hackageRepoLayout :: RepoLayout Source #
The layout used on Hackage
cabalLocalRepoLayout :: RepoLayout Source #
Layout used by cabal for ("legacy") local repos
Obviously, such repos do not normally contain any of the TUF files, so their location is more or less arbitrary here.
TUF types
Constructors
Mirrors | |
Fields |
Instances
HasHeader Mirrors Source # | |
Defined in Hackage.Security.TUF.Mirrors Methods fileExpires :: Lens' Mirrors FileExpires Source # fileVersion :: Lens' Mirrors FileVersion Source # | |
VerifyRole Mirrors Source # | |
Defined in Hackage.Security.Trusted Methods verifyRole :: Trusted Root -> TargetPath -> Maybe FileVersion -> Maybe UTCTime -> Signed Mirrors -> Either VerificationError (SignaturesVerified Mirrors) Source # | |
(MonadError DeserializationError m, ReportSchemaErrors m) => FromJSON m Mirrors Source # | |
Monad m => ToJSON m Mirrors Source # | |
MonadKeys m => FromJSON m (Signed Mirrors) Source # | |
Definition of a mirror
NOTE: Unlike the TUF specification, we require that all mirrors must have
the same format. That is, we omit metapath
and targetspath
.
Constructors
Mirror | |
Fields |
data MirrorContent Source #
Full versus partial mirrors
The TUF spec explicitly allows for partial mirrors, with the mirrors file specifying (through patterns) what is available from partial mirrors.
For now we only support full mirrors; if we wanted to add partial mirrors,
we would add a second MirrorPartial
constructor here with arguments
corresponding to TUF's metacontent
and targetscontent
fields.
Constructors
MirrorFull |
Instances
Show MirrorContent Source # | |
Defined in Hackage.Security.TUF.Mirrors Methods showsPrec :: Int -> MirrorContent -> ShowS # show :: MirrorContent -> String # showList :: [MirrorContent] -> ShowS # |
Utility
type MirrorDescription = String Source #
describeMirror :: Mirror -> MirrorDescription Source #
Give a human-readable description of a particular mirror
(for use in error messages)
Repository
The root of the repository
Repository roots can be anchored at a remote URL or a local directory.
Note that even for remote repos RepoRoot
is (potentially) different from
Web
-- for a repository located at, say, http://hackage.haskell.org
they happen to coincide, but for one location at
http://example.com/some/subdirectory
they do not.
Index
The root of the index tarball
Cache
The cache directory
anchorCachePath :: Path root -> CachePath -> Path root Source #
Anchor a cache path to the location of the cache
Datatypes
The root metadata
NOTE: We must have the invariant that ALL keys (apart from delegation keys)
must be listed in rootKeys
. (Delegation keys satisfy a similar invariant,
see Targets.)
Constructors
Root | |
Fields
|
Instances
HasHeader Root Source # | |
Defined in Hackage.Security.TUF.Root | |
VerifyRole Root Source # | |
Defined in Hackage.Security.Trusted Methods verifyRole :: Trusted Root -> TargetPath -> Maybe FileVersion -> Maybe UTCTime -> Signed Root -> Either VerificationError (SignaturesVerified Root) Source # | |
Monad m => ToJSON m Root Source # | |
MonadKeys m => FromJSON m (Signed Root) Source # | We give an instance for Signed Root rather than Root because the key environment from the root data is necessary to resolve the explicit sharing in the signatures. |
Constructors
RootRoles | |
Role specification
The phantom type indicates what kind of type this role is meant to verify.
Constructors
RoleSpec | |
Fields |
TUF types
Constructors
Signed | |
Fields
|
Instances
MonadKeys m => FromJSON m (Signed Mirrors) Source # | |
(MonadKeys m, MonadReader RepoLayout m) => FromJSON m (Signed Timestamp) Source # | |
MonadKeys m => FromJSON m (Signed Targets) Source # | |
(MonadKeys m, MonadReader RepoLayout m) => FromJSON m (Signed Snapshot) Source # | |
MonadKeys m => FromJSON m (Signed Root) Source # | We give an instance for Signed Root rather than Root because the key environment from the root data is necessary to resolve the explicit sharing in the signatures. |
(Monad m, ToJSON m a) => ToJSON m (Signed a) Source # | |
newtype Signatures Source #
A list of signatures
Invariant: each signature must be made with a different key.
We enforce this invariant for incoming untrusted data (fromPreSignatures
)
but not for lists of signatures that we create in code.
Constructors
Signatures [Signature] |
Instances
MonadKeys m => FromJSON m Signatures Source # | |
Defined in Hackage.Security.TUF.Signed Methods fromJSON :: JSValue -> m Signatures Source # | |
Monad m => ToJSON m Signatures Source # | |
Defined in Hackage.Security.TUF.Signed Methods toJSON :: Signatures -> m JSValue Source # |
Constructors
Signature | |
Fields |
Construction and verification
withSignatures :: ToJSON WriteJSON a => RepoLayout -> [Some Key] -> a -> Signed a Source #
Sign a document
withSignatures' :: ToJSON Identity a => [Some Key] -> a -> Signed a Source #
Variation on withSignatures
that doesn't need the repo layout
signRendered :: [Some Key] -> ByteString -> Signatures Source #
Construct signatures for already rendered value
verifySignature :: ByteString -> Signature -> Bool Source #
JSON aids
signedFromJSON :: (MonadKeys m, FromJSON m a) => JSValue -> m (Signed a) Source #
General FromJSON instance for signed datatypes
We don't give a general FromJSON instance for Signed because for some datatypes we need to do something special (datatypes where we need to read key environments); for instance, see the "Signed Root" instance.
verifySignatures :: JSValue -> Signatures -> Bool Source #
Signature verification
NOTES: 1. By definition, the signature must be verified against the canonical JSON format. This means we _must_ parse and then pretty print (as we do here) because the document as stored may or may not be in canonical format. 2. However, it is important that we NOT translate from the JSValue to whatever internal datatype we are using and then back to JSValue, because that may not roundtrip: we must allow for additional fields in the JSValue that we ignore (and would therefore lose when we attempt to roundtrip). 3. We verify that all signatures are valid, but we cannot verify (here) that these signatures are signed with the right key, or that we have a sufficient number of signatures. This will be the responsibility of the calling code.
Avoid interpreting signatures
data UninterpretedSignatures a Source #
File with uninterpreted signatures
Sometimes we want to be able to read a file without interpreting the signatures (that is, resolving the key IDs) or doing any kind of checks on them. One advantage of this is that this allows us to read many file types without any key environment at all, which is sometimes useful.
Constructors
UninterpretedSignatures | |
Fields |
Instances
(ReportSchemaErrors m, FromJSON m a) => FromJSON m (UninterpretedSignatures a) Source # | |
Defined in Hackage.Security.TUF.Signed Methods fromJSON :: JSValue -> m (UninterpretedSignatures a) Source # | |
(Monad m, ToJSON m a) => ToJSON m (UninterpretedSignatures a) Source # | |
Defined in Hackage.Security.TUF.Signed Methods toJSON :: UninterpretedSignatures a -> m JSValue Source # | |
Show a => Show (UninterpretedSignatures a) Source # | |
Defined in Hackage.Security.TUF.Signed Methods showsPrec :: Int -> UninterpretedSignatures a -> ShowS # show :: UninterpretedSignatures a -> String # showList :: [UninterpretedSignatures a] -> ShowS # |
data PreSignature Source #
A signature with a key ID (rather than an actual key)
This corresponds precisely to the TUF representation of a signature.
Constructors
PreSignature | |
Fields |
Instances
Show PreSignature Source # | |
Defined in Hackage.Security.TUF.Signed Methods showsPrec :: Int -> PreSignature -> ShowS # show :: PreSignature -> String # showList :: [PreSignature] -> ShowS # | |
ReportSchemaErrors m => FromJSON m PreSignature Source # | |
Defined in Hackage.Security.TUF.Signed Methods fromJSON :: JSValue -> m PreSignature Source # | |
Monad m => ToJSON m PreSignature Source # | |
Defined in Hackage.Security.TUF.Signed Methods toJSON :: PreSignature -> m JSValue Source # |
Utility
fromPreSignature :: MonadKeys m => PreSignature -> m Signature Source #
Convert a pre-signature to a signature
Verifies that the key type matches the advertised method.
fromPreSignatures :: MonadKeys m => [PreSignature] -> m Signatures Source #
Convert a list of PreSignature
s to a list of Signature
s
This verifies the invariant that all signatures are made with different keys. We do this on the presignatures rather than the signatures so that we can do the check on key IDs, rather than keys (the latter don't have an Ord instance).
toPreSignature :: Signature -> PreSignature Source #
Convert signature to pre-signature
toPreSignatures :: Signatures -> [PreSignature] Source #
Convert list of pre-signatures to a list of signatures
Constructors
Snapshot | |
Fields
|
Instances
HasHeader Snapshot Source # | |
Defined in Hackage.Security.TUF.Snapshot Methods fileExpires :: Lens' Snapshot FileExpires Source # fileVersion :: Lens' Snapshot FileVersion Source # | |
VerifyRole Snapshot Source # | |
Defined in Hackage.Security.Trusted Methods verifyRole :: Trusted Root -> TargetPath -> Maybe FileVersion -> Maybe UTCTime -> Signed Snapshot -> Either VerificationError (SignaturesVerified Snapshot) Source # | |
(MonadReader RepoLayout m, MonadError DeserializationError m, ReportSchemaErrors m) => FromJSON m Snapshot Source # | |
MonadReader RepoLayout m => ToJSON m Snapshot Source # | |
(MonadKeys m, MonadReader RepoLayout m) => FromJSON m (Signed Snapshot) Source # | |
TUF types
Target metadata
Most target files do not need expiry dates because they are not subject to change (and hence attacks like freeze attacks are not a concern).
Constructors
Targets | |
Instances
Show Targets Source # | |
HasHeader Targets Source # | |
Defined in Hackage.Security.TUF.Targets Methods fileExpires :: Lens' Targets FileExpires Source # fileVersion :: Lens' Targets FileVersion Source # | |
MonadKeys m => FromJSON m Targets Source # | |
Monad m => ToJSON m Targets Source # | |
MonadKeys m => FromJSON m (Signed Targets) Source # | |
data Delegations Source #
Delegations
Much like the Root datatype, this must have an invariant that ALL used keys
(apart from the global keys, which are in the root key environment) must
be listed in delegationsKeys
.
Constructors
Delegations | |
Fields |
Instances
Show Delegations Source # | |
Defined in Hackage.Security.TUF.Targets Methods showsPrec :: Int -> Delegations -> ShowS # show :: Delegations -> String # showList :: [Delegations] -> ShowS # | |
MonadKeys m => FromJSON m Delegations Source # | |
Defined in Hackage.Security.TUF.Targets Methods fromJSON :: JSValue -> m Delegations Source # | |
Monad m => ToJSON m Delegations Source # | |
Defined in Hackage.Security.TUF.Targets Methods toJSON :: Delegations -> m JSValue Source # |
data DelegationSpec Source #
Delegation specification
NOTE: This is a close analogue of RoleSpec
.
Constructors
DelegationSpec | |
Fields |
Instances
Show DelegationSpec Source # | |
Defined in Hackage.Security.TUF.Targets Methods showsPrec :: Int -> DelegationSpec -> ShowS # show :: DelegationSpec -> String # showList :: [DelegationSpec] -> ShowS # | |
MonadKeys m => FromJSON m DelegationSpec Source # | |
Defined in Hackage.Security.TUF.Targets Methods fromJSON :: JSValue -> m DelegationSpec Source # | |
Monad m => ToJSON m DelegationSpec Source # | |
Defined in Hackage.Security.TUF.Targets Methods toJSON :: DelegationSpec -> m JSValue Source # |
data Delegation Source #
A delegation
A delegation is a pair of a pattern and a replacement.
See match
for an example.
Constructors
Delegation (Pattern a) (Replacement a) |
Instances
Show Delegation Source # | |
Defined in Hackage.Security.TUF.Patterns Methods showsPrec :: Int -> Delegation -> ShowS # show :: Delegation -> String # showList :: [Delegation] -> ShowS # | |
Lift Delegation Source # | |
Defined in Hackage.Security.TUF.Patterns Methods lift :: Delegation -> Q Exp # |
Util
targetsLookup :: TargetPath -> Targets -> Maybe FileInfo Source #
Constructors
Timestamp | |
Instances
HasHeader Timestamp Source # | |
Defined in Hackage.Security.TUF.Timestamp Methods fileExpires :: Lens' Timestamp FileExpires Source # fileVersion :: Lens' Timestamp FileVersion Source # | |
VerifyRole Timestamp Source # | |
Defined in Hackage.Security.Trusted Methods verifyRole :: Trusted Root -> TargetPath -> Maybe FileVersion -> Maybe UTCTime -> Signed Timestamp -> Either VerificationError (SignaturesVerified Timestamp) Source # | |
(MonadReader RepoLayout m, MonadError DeserializationError m, ReportSchemaErrors m) => FromJSON m Timestamp Source # | |
MonadReader RepoLayout m => ToJSON m Timestamp Source # | |
(MonadKeys m, MonadReader RepoLayout m) => FromJSON m (Signed Timestamp) Source # | |