diff --git a/core/Network/TLS.hs b/core/Network/TLS.hs index ae670e5..4b23c7e 100644 --- a/core/Network/TLS.hs +++ b/core/Network/TLS.hs @@ -62,6 +62,7 @@ module Network.TLS , Credentials(..) , Credential , credentialLoadX509 + , credentialLoadX509FromMemory -- * Initialisation and Termination of context , bye diff --git a/core/Network/TLS/Credentials.hs b/core/Network/TLS/Credentials.hs index 236b3c2..d5867a9 100644 --- a/core/Network/TLS/Credentials.hs +++ b/core/Network/TLS/Credentials.hs @@ -9,6 +9,7 @@ module Network.TLS.Credentials ( Credential , Credentials(..) , credentialLoadX509 + , credentialLoadX509FromMemory , credentialsFindForSigning , credentialsFindForDecrypting , credentialsListSigningAlgorithms @@ -20,6 +21,7 @@ import Data.List (find) import Network.TLS.Struct import Network.TLS.X509 import Data.X509.File +import Data.X509.Memory import Data.X509 type Credential = (CertificateChain, PrivKey) @@ -43,6 +45,19 @@ credentialLoadX509 certFile privateFile = do [] -> return $ Left "no keys found" (k:_) -> return $ Right (CertificateChain x509, k) +-- | similar to 'credentialLoadX509' but take the certificate +-- and private key from memory instead of from the filesystem. +credentialLoadX509FromMemory :: Bytes + -> Bytes + -> Either String Credential +credentialLoadX509FromMemory certData privateData = do + let x509 = readSignedObjectFromMemory certData + keys = readKeyFileFromMemory privateData + in case keys of + [] -> Left "no keys found" + (k:_) -> Right (CertificateChain x509, k) + where + credentialsListSigningAlgorithms :: Credentials -> [SignatureAlgorithm] credentialsListSigningAlgorithms (Credentials l) = catMaybes $ map credentialCanSign l diff --git a/core/tls.cabal b/core/tls.cabal index 2f6bdf7..5033444 100644 --- a/core/tls.cabal +++ b/core/tls.cabal @@ -49,7 +49,7 @@ Library , asn1-types >= 0.2.0 , asn1-encoding , x509 >= 1.4.3 && < 1.5.0 - , x509-store + , x509-store >= 1.4.4 , x509-validation >= 1.5.0 && < 1.6.0 Exposed-modules: Network.TLS Network.TLS.Cipher