Stability	experimental
Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.WebAuthn.Metadata

Description

A function for decoding a FIDO Alliance Metadata Service BLOB in order to be able to enforce a set of requirements on the authenticator used, e.g. to only allow authenticators that have been FIDO certified.

Synopsis

metadataBlobToRegistry :: ByteString -> DateTime -> Either Text MetadataServiceRegistry
data MetadataServiceRegistry

Documentation

metadataBlobToRegistry Source #

Arguments

:: ByteString	A Metadata BLOB fetched from https://mds.fidoalliance.org
-> DateTime	The time at which it was fetched
-> Either Text MetadataServiceRegistry	Either an error on a registry of metadata entries

Verifies, decodes and extracts a MetadataServiceRegistry from a FIDO Alliance Metadata Service BLOB. The result can be passed to verifyRegistrationResponse.

data MetadataServiceRegistry Source #

A registry of MetadataEntrys, allowing fast lookup using AAGUIDs or SubjectKeyIdentifiers. This is used by verifyRegistrationResponse as a way to look up root certificates of authenticators and return meta information. Using createMetadataRegistry it's also possible to create additional custom entries, which can be merged with <>. Meanwhile mempty can be used if no metadata is needed.

Instances

Instances details

Monoid MetadataServiceRegistry Source #
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Types Methods mempty :: MetadataServiceRegistry # mappend :: MetadataServiceRegistry -> MetadataServiceRegistry -> MetadataServiceRegistry # mconcat :: [MetadataServiceRegistry] -> MetadataServiceRegistry #
Semigroup MetadataServiceRegistry Source #
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Types Methods (<>) :: MetadataServiceRegistry -> MetadataServiceRegistry -> MetadataServiceRegistry # sconcat :: NonEmpty MetadataServiceRegistry -> MetadataServiceRegistry # stimes :: Integral b => b -> MetadataServiceRegistry -> MetadataServiceRegistry #