Stability	experimental
Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.WebAuthn.Metadata.Service.Processing

Description

This module exposes functions for processing and querying FIDO Metadata Service blobs and entries.

Synopsis

Documentation

data RootCertificate Source #

A root certificate along with the host it should be verified against

Constructors

RootCertificate
Fields rootCertificateStore :: CertificateStore The root certificate itself rootCertificateHostName :: HostName The hostname it is for

Instances

Instances details

(MonadError ProcessingError m, MonadReader DateTime m) => VerificationKeyStore m (JWSHeader ()) p RootCertificate Source #
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Processing Methods getVerificationKeys :: JWSHeader () -> p -> RootCertificate -> m [JWK] #

data ProcessingError Source #

Errors related to the processing of the metadata

Constructors

ProcessingValidationErrors (NonEmpty FailedReason)	An error wrapping the errors encountered by the X509 Validation
ProcessingMissingX5CHeader	There was no x5c header present in the metadata JWT
ProcessingJWSError Error	An error wrapping the general Errors from the JOSE library
ProcessingJWTError JWTError	An error wrapping the JWT specific Errors from the JOSE library
ProcessingX5UPresent URI	There was a x5u header present in the metadata JWT but this is unimplemented TODO: Implement step 4 of the (spec)

Instances

Instances details

Show ProcessingError Source #
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Processing Methods showsPrec :: Int -> ProcessingError -> ShowS # show :: ProcessingError -> String # showList :: [ProcessingError] -> ShowS #
Eq ProcessingError Source #
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Processing Methods (==) :: ProcessingError -> ProcessingError -> Bool # (/=) :: ProcessingError -> ProcessingError -> Bool #
AsError ProcessingError Source #	Instantiate JOSE's AsError typeclass as a simple cast to our own error type. This allows using our own error type in JOSE operations.
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Processing Methods _Error :: Prism' ProcessingError Error # _AlgorithmNotImplemented :: Prism' ProcessingError () # _AlgorithmMismatch :: Prism' ProcessingError String # _KeyMismatch :: Prism' ProcessingError Text # _KeySizeTooSmall :: Prism' ProcessingError () # _OtherPrimesNotSupported :: Prism' ProcessingError () # _RSAError :: Prism' ProcessingError Error # _CryptoError :: Prism' ProcessingError CryptoError # _CompactDecodeError :: Prism' ProcessingError CompactDecodeError # _JSONDecodeError :: Prism' ProcessingError String # _NoUsableKeys :: Prism' ProcessingError () # _JWSCritUnprotected :: Prism' ProcessingError () # _JWSNoValidSignatures :: Prism' ProcessingError () # _JWSInvalidSignature :: Prism' ProcessingError () # _JWSNoSignatures :: Prism' ProcessingError () #
AsJWTError ProcessingError Source #	Instantiate JOSE's AsJWTError typeclass as a simple cast to our own error type. This allows using our own error type in JWT operations.
Instance details Defined in Crypto.WebAuthn.Metadata.Service.Processing Methods _JWTError :: Prism' ProcessingError JWTError # _JWSError :: Prism' ProcessingError Error # _JWTClaimsSetDecodeError :: Prism' ProcessingError String # _JWTExpired :: Prism' ProcessingError () # _JWTNotYetValid :: Prism' ProcessingError () # _JWTNotInIssuer :: Prism' ProcessingError () # _JWTNotInAudience :: Prism' ProcessingError () # _JWTIssuedAtFuture :: Prism' ProcessingError () #

createMetadataRegistry :: [SomeMetadataEntry] -> MetadataServiceRegistry Source #

Creates a MetadataServiceRegistry from a list of SomeMetadataEntry, which can either be obtained from a MetadataPayloads mpEntries field, or be constructed directly

The resulting structure can be queried efficiently for MetadataEntry using queryMetadata

queryMetadata :: MetadataServiceRegistry -> AuthenticatorIdentifier p -> Maybe (MetadataEntry p) Source #

Query a MetadataEntry for an AuthenticatorIdentifier

jwtToAdditionalData Source #

Arguments

:: FromJSON addData
=> ByteString	The bytes of the JWT blob
-> RootCertificate	The root certificate the blob is signed with
-> DateTime	The current time for which to validate the JWT blob
-> Either ProcessingError addData

Extracts additional data from a JWT bytestring

fidoAllianceRootCertificate :: RootCertificate Source #

The root certificate used for the blob downloaded from https://mds.fidoalliance.org/, which can be found in here, see also https://fidoalliance.org/metadata/