Stability | experimental |
---|---|
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
A function for decoding a FIDO Alliance Metadata Service. BLOB in order to be able to enforce a set of requirements on he uthenticator used, e.g. to only allow authenticators that have been FIDO certified.
Synopsis
Documentation
metadataBlobToRegistry Source #
:: ByteString | A Metadata BLOB fetched from https://mds.fidoalliance.org |
-> DateTime | The time at which it was fetched |
-> Either Text (These (NonEmpty Text) MetadataServiceRegistry) | Either a certifcate error or a list of errors, a registry of metadata entries or both where the MDS has bad entries |
Verifies, decodes and extracts a MetadataServiceRegistry
from a
FIDO Alliance Metadata Service BLOB.
The result can be passed to verifyRegistrationResponse
.
data MetadataServiceRegistry Source #
A registry of MetadataEntry
s, allowing fast lookup using AAGUID
s or
SubjectKeyIdentifier
s. This is used by verifyRegistrationResponse
as a way to look up root certificates of authenticators and return meta information.
Using createMetadataRegistry
it's also possible to create additional custom entries, which can be merged
with <>
. Meanwhile mempty
can be used if no metadata is needed.