50 lines
1.7 KiB
Haskell
50 lines
1.7 KiB
Haskell
-- |
|
|
-- Module : Network.TLS.Extra.File
|
|
-- License : BSD-style
|
|
-- Maintainer : Vincent Hanquez <vincent@snarc.org>
|
|
-- Stability : experimental
|
|
-- Portability : unknown
|
|
--
|
|
-- Simple helpers to load private key and certificate files
|
|
-- to be handled by the TLS stack
|
|
module Network.TLS.Extra.File
|
|
( fileReadCertificate
|
|
, fileReadCertificateChain
|
|
, fileReadPrivateKey
|
|
) where
|
|
|
|
import Control.Applicative ((<$>))
|
|
import Data.X509.File
|
|
import Data.X509
|
|
|
|
-- | read one X509 certificate from a file.
|
|
--
|
|
-- the certificate must be in the usual PEM format
|
|
--
|
|
-- If no valid PEM encoded certificate is found in the file
|
|
-- this function will raise an error.
|
|
fileReadCertificate :: FilePath -> IO SignedCertificate
|
|
fileReadCertificate filepath = headError <$> readSignedObject filepath
|
|
where headError [] = error ("read certificate: not found in " ++ show filepath)
|
|
headError (x:_) = x
|
|
|
|
-- | read a CertificateChain from a file.
|
|
--
|
|
-- No checks are performed on the chain itself for validity or consistency.
|
|
--
|
|
-- the expected format is the list of PEM encoded signed certificate,
|
|
-- with the first one being the subject of the chain.
|
|
--
|
|
fileReadCertificateChain :: FilePath -> IO CertificateChain
|
|
fileReadCertificateChain filepath = CertificateChain <$> readSignedObject filepath
|
|
|
|
-- | read one private key from a file.
|
|
--
|
|
-- the private key must be in the usual PEM format
|
|
--
|
|
-- If no valid PEM encoded private key is found in the file
|
|
-- this function will raise an error.
|
|
fileReadPrivateKey :: FilePath -> IO PrivKey
|
|
fileReadPrivateKey filepath = headError <$> readKeyFile filepath
|
|
where headError [] = error ("read private key: no key found in " ++ show filepath)
|
|
headError (x:_) = x
|