summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/x509.erl11
1 files changed, 5 insertions, 6 deletions
diff --git a/src/x509.erl b/src/x509.erl
index aef9ae7..42c6b89 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -6,12 +6,11 @@
-include_lib("public_key/include/public_key.hrl").
--type der_encoded() :: public_key:der_encoded().
-type reason() :: {chain_too_long | root_unknown | chain_broken}.
-define(MAX_CHAIN_LENGTH, 10).
--spec normalise_chain([der_encoded()], [der_encoded()]) -> [der_encoded()].
+-spec normalise_chain([binary()], [binary()]) -> [binary()].
normalise_chain(AcceptableRootCerts, CertChain) ->
case valid_chain_p(AcceptableRootCerts, CertChain, ?MAX_CHAIN_LENGTH) of
{false, Reason} ->
@@ -27,7 +26,7 @@ normalise_chain(AcceptableRootCerts, CertChain) ->
%% is: leaf cert in head, chain in tail. Order of first argument is
%% irrelevant.
--spec valid_chain_p([der_encoded()], [der_encoded()], integer()) ->
+-spec valid_chain_p([binary()], [binary()], integer()) ->
{false, reason()} | {true, list()}.
valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 ->
%% Chain too long.
@@ -55,7 +54,7 @@ valid_chain_p(AcceptableRootCerts, [BottomCert|Rest], MaxChainLength) ->
end.
%% @doc Return list with first
--spec signer(der_encoded(), [der_encoded()]) -> list().
+-spec signer(binary(), [binary()]) -> list().
signer(_Cert, []) ->
notfound;
signer(Cert, [H|T]) ->
@@ -64,7 +63,7 @@ signer(Cert, [H|T]) ->
false -> signer(Cert, T)
end.
--spec signed_by_p(der_encoded(), der_encoded()) -> boolean().
+-spec signed_by_p(binary(), binary()) -> boolean().
signed_by_p(Cert, IssuerCert) ->
%% FIXME: Validate presence and contents (against constraints) of
%% names (subject, subjectAltName, emailAddress) too?
@@ -75,7 +74,7 @@ signed_by_p(Cert, IssuerCert) ->
false
end.
--spec public_key(der_encoded() | #'OTPCertificate'{}) -> public_key:public_key().
+-spec public_key(binary() | #'OTPCertificate'{}) -> public_key:public_key().
public_key(CertDer) when is_binary(CertDer) ->
public_key(public_key:pkix_decode_cert(CertDer, otp));
public_key(#'OTPCertificate'{