| Stability | experimental |
|---|---|
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Crypto.WebAuthn.Metadata.Service.Processing
Description
This module exposes functions for processing and querying FIDO Metadata Service blobs and entries.
Synopsis
- data RootCertificate = RootCertificate {}
- data ProcessingError
- createMetadataRegistry :: [SomeMetadataEntry] -> MetadataServiceRegistry
- queryMetadata :: MetadataServiceRegistry -> AuthenticatorIdentifier p -> Maybe (MetadataEntry p)
- jwtToJson :: ByteString -> RootCertificate -> DateTime -> Either ProcessingError (HashMap Text Value)
- jsonToPayload :: HashMap Text Value -> These (NonEmpty Text) MetadataPayload
- fidoAllianceRootCertificate :: RootCertificate
Documentation
data RootCertificate Source #
A root certificate along with the host it should be verified against
Constructors
| RootCertificate | |
Fields
| |
Instances
| (MonadError ProcessingError m, MonadReader DateTime m) => VerificationKeyStore m (JWSHeader ()) p RootCertificate Source # | |
Defined in Crypto.WebAuthn.Metadata.Service.Processing Methods getVerificationKeys :: JWSHeader () -> p -> RootCertificate -> m [JWK] # | |
data ProcessingError Source #
Errors related to the processing of the metadata
Constructors
| ProcessingValidationErrors (NonEmpty FailedReason) | An error wrapping the errors encountered by the X509 Validation |
| ProcessingMissingX5CHeader | There was no x5c header present in the metadata JWT |
| ProcessingJWSError Error | An error wrapping the general Errors from the JOSE library |
| ProcessingJWTError JWTError | An error wrapping the JWT specific Errors from the JOSE library |
| ProcessingX5UPresent URI | There was a x5u header present in the metadata JWT but this is unimplemented TODO: Implement step 4 of the (spec) |
Instances
createMetadataRegistry :: [SomeMetadataEntry] -> MetadataServiceRegistry Source #
Creates a MetadataServiceRegistry from a list of
SomeMetadataEntry, which can either be obtained from a
MetadataPayloads mpEntries field, or be constructed
directly
The resulting structure can be queried efficiently for
MetadataEntry using queryMetadata
queryMetadata :: MetadataServiceRegistry -> AuthenticatorIdentifier p -> Maybe (MetadataEntry p) Source #
Query a MetadataEntry for an AuthenticatorIdentifier
Arguments
| :: ByteString | The bytes of the JWT blob |
| -> RootCertificate | The root certificate the blob is signed with |
| -> DateTime | The current time for which to validate the JWT blob |
| -> Either ProcessingError (HashMap Text Value) |
Extracts a FIDO Metadata payload JSON value from a JWT bytestring according to https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
jsonToPayload :: HashMap Text Value -> These (NonEmpty Text) MetadataPayload Source #
Decodes a FIDO Metadata payload JSON value to a MetadataPayload,
returning an error when the JSON is invalid, and ignoring any entries not
relevant for webauthn. For the purposes of implementing the
relying party the mpNextUpdate
and mpEntries fields are most
important.
fidoAllianceRootCertificate :: RootCertificate Source #
The root certificate used for the blob downloaded from https://mds.fidoalliance.org/, which can be found in here, see also https://fidoalliance.org/metadata/