| Stability | experimental |
|---|---|
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Crypto.WebAuthn.Metadata
Description
A function for decoding a FIDO Alliance Metadata Service BLOB in order to be able to enforce a set of requirements on the authenticator used, e.g. to only allow authenticators that have been FIDO certified.
Synopsis
Documentation
metadataBlobToRegistry Source #
Arguments
| :: ByteString | A Metadata BLOB fetched from https://mds.fidoalliance.org |
| -> DateTime | The time at which it was fetched |
| -> Either Text (These (NonEmpty Text) MetadataServiceRegistry) | Either a certifcate error or a list of errors, a registry of metadata entries or both where the MDS has bad entries |
Verifies, decodes and extracts a MetadataServiceRegistry from a
FIDO Alliance Metadata Service BLOB.
The result can be passed to verifyRegistrationResponse.
data MetadataServiceRegistry Source #
A registry of MetadataEntrys, allowing fast lookup using AAGUIDs or
SubjectKeyIdentifiers. This is used by verifyRegistrationResponse
as a way to look up root certificates of authenticators and return meta information.
Using createMetadataRegistry
it's also possible to create additional custom entries, which can be merged
with <>. Meanwhile mempty can be used if no metadata is needed.