webauthn-0.10.0.0: Relying party (server) implementation of the WebAuthn 2 specification
Stabilityexperimental
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.WebAuthn.Metadata.Service.Processing

Description

This module exposes functions for processing and querying FIDO Metadata Service blobs and entries.

Synopsis

Documentation

data RootCertificate Source #

A root certificate along with the host it should be verified against

Constructors

RootCertificate 

Fields

data ProcessingError Source #

Errors related to the processing of the metadata

Constructors

ProcessingValidationErrors (NonEmpty FailedReason)

An error wrapping the errors encountered by the X509 Validation

ProcessingMissingX5CHeader

There was no x5c header present in the metadata JWT

ProcessingJWSError Error

An error wrapping the general Errors from the JOSE library

ProcessingJWTError JWTError

An error wrapping the JWT specific Errors from the JOSE library

ProcessingX5UPresent URI

There was a x5u header present in the metadata JWT but this is unimplemented TODO: Implement step 4 of the (spec)

Instances

Instances details
Show ProcessingError Source # 
Instance details

Defined in Crypto.WebAuthn.Metadata.Service.Processing

Eq ProcessingError Source # 
Instance details

Defined in Crypto.WebAuthn.Metadata.Service.Processing

AsError ProcessingError Source #

Instantiate JOSE's AsError typeclass as a simple cast to our own error type. This allows using our own error type in JOSE operations.

Instance details

Defined in Crypto.WebAuthn.Metadata.Service.Processing

AsJWTError ProcessingError Source #

Instantiate JOSE's AsJWTError typeclass as a simple cast to our own error type. This allows using our own error type in JWT operations.

Instance details

Defined in Crypto.WebAuthn.Metadata.Service.Processing

createMetadataRegistry :: [SomeMetadataEntry] -> MetadataServiceRegistry Source #

Creates a MetadataServiceRegistry from a list of SomeMetadataEntry, which can either be obtained from a MetadataPayloads mpEntries field, or be constructed directly

The resulting structure can be queried efficiently for MetadataEntry using queryMetadata

jwtToJson Source #

Arguments

:: ByteString

The bytes of the JWT blob

-> RootCertificate

The root certificate the blob is signed with

-> DateTime

The current time for which to validate the JWT blob

-> Either ProcessingError (HashMap Text Value) 

Extracts a FIDO Metadata payload JSON value from a JWT bytestring according to https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html

jsonToPayload :: HashMap Text Value -> These (NonEmpty Text) MetadataPayload Source #

Decodes a FIDO Metadata payload JSON value to a MetadataPayload, returning an error when the JSON is invalid, and ignoring any entries not relevant for webauthn. For the purposes of implementing the relying party the mpNextUpdate and mpEntries fields are most important.

fidoAllianceRootCertificate :: RootCertificate Source #

The root certificate used for the blob downloaded from https://mds.fidoalliance.org/, which can be found in here, see also https://fidoalliance.org/metadata/