Safe Haskell	None
Language	Haskell2010

TahoeLAFS.Internal.Client

Description

Implement the correct HTTPS client configuration for using Great Black Swamp. This is necessary and correct for authenticating Great Black Swamp's self-authenticating URLs.

Synopsis

newtype SPKIHash = SPKIHash ByteString
mkGBSManagerSettings :: SPKIHash -> Text -> ManagerSettings
gbsTLSSettings :: SPKIHash -> TLSSettings
validateGBSCertificate :: SPKIHash -> CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason]
sha256 :: ByteString -> ByteString
spki :: Certificate -> PubKey
spkiBytes :: Certificate -> ByteString
spkiFingerprint :: Certificate -> SPKIHash
addAuthorization :: Applicative f => Text -> Request -> f Request
addAuthorizationPrint :: Text -> Request -> IO Request

Documentation

newtype SPKIHash Source #

Constructors

SPKIHash ByteString

Instances

Instances details

Eq SPKIHash Source #
Instance details Defined in TahoeLAFS.Internal.Client Methods (==) :: SPKIHash -> SPKIHash -> Bool # (/=) :: SPKIHash -> SPKIHash -> Bool #
Ord SPKIHash Source #
Instance details Defined in TahoeLAFS.Internal.Client Methods compare :: SPKIHash -> SPKIHash -> Ordering # (<) :: SPKIHash -> SPKIHash -> Bool # (<=) :: SPKIHash -> SPKIHash -> Bool # (>) :: SPKIHash -> SPKIHash -> Bool # (>=) :: SPKIHash -> SPKIHash -> Bool # max :: SPKIHash -> SPKIHash -> SPKIHash # min :: SPKIHash -> SPKIHash -> SPKIHash #
Show SPKIHash Source #
Instance details Defined in TahoeLAFS.Internal.Client Methods showsPrec :: Int -> SPKIHash -> ShowS # show :: SPKIHash -> String # showList :: [SPKIHash] -> ShowS #

mkGBSManagerSettings Source #

Arguments

:: SPKIHash	The SPKI hash of the certificate of the storage service to access.
-> Text	The secret capability identifying the storage service to access.
-> ManagerSettings	The settings.

Create a ManagerSettings suitable for use with Great Black Swamp client requests.

gbsTLSSettings :: SPKIHash -> TLSSettings Source #

The TLSSettings suitable for use with Great Black Swamp client requests. These ensure we can authenticate the server before using it.

validateGBSCertificate :: SPKIHash -> CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason] Source #

Determine the validity of an x509 certificate presented during a TLS handshake for a GBS connection.

The certificate is considered valid if its signature can be validated and the sha256 hash of its SPKI fields match the expected value.

If not exactly one certificate is presented then validation fails.

sha256 :: ByteString -> ByteString Source #

spki :: Certificate -> PubKey Source #

Extract the SubjectPublicKeyInfo from a Certificate.

The PubKey type contains all of the values related to the SubjectPublicKeyInfo and serializes correctly for this type so we just extract that.

spkiBytes :: Certificate -> ByteString Source #

Construct the bytes which can be hashed to produce the SPKI Fingerprint for the given Certificate.

spkiFingerprint :: Certificate -> SPKIHash Source #

Compute the SPKI Fingerprint (RFC 7469) for the given Certificate.

addAuthorization :: Applicative f => Text -> Request -> f Request Source #

addAuthorizationPrint :: Text -> Request -> IO Request Source #