module Network.TLS.X509
( CertificateChain(..)
, Certificate(..)
, SignedCertificate
, getCertificate
, isNullCertificateChain
, getCertificateChainLeaf
, CertificateRejectReason(..)
, CertificateUsage(..)
, CertificateStore
, ValidationCache
, exceptionValidationCache
, validateDefault
, FailedReason
, ServiceID
, wrapCertificateChecks
, pubkeyType
) where
import Data.X509
import Data.X509.Validation
import Data.X509.CertificateStore
isNullCertificateChain :: CertificateChain -> Bool
isNullCertificateChain (CertificateChain l) = null l
getCertificateChainLeaf :: CertificateChain -> SignedExact Certificate
getCertificateChainLeaf (CertificateChain []) = error "empty certificate chain"
getCertificateChainLeaf (CertificateChain (x:_)) = x
data CertificateRejectReason =
CertificateRejectExpired
| CertificateRejectRevoked
| CertificateRejectUnknownCA
| CertificateRejectAbsent
| CertificateRejectOther String
deriving (Show,Eq)
data CertificateUsage =
CertificateUsageAccept
| CertificateUsageReject CertificateRejectReason
deriving (Show,Eq)
wrapCertificateChecks :: [FailedReason] -> CertificateUsage
wrapCertificateChecks [] = CertificateUsageAccept
wrapCertificateChecks l
| Expired `elem` l = CertificateUsageReject CertificateRejectExpired
| InFuture `elem` l = CertificateUsageReject CertificateRejectExpired
| UnknownCA `elem` l = CertificateUsageReject CertificateRejectUnknownCA
| SelfSigned `elem` l = CertificateUsageReject CertificateRejectUnknownCA
| EmptyChain `elem` l = CertificateUsageReject CertificateRejectAbsent
| otherwise = CertificateUsageReject $ CertificateRejectOther (show l)
pubkeyType :: PubKey -> String
pubkeyType = show . pubkeyToAlg