diff options
Diffstat (limited to 'src/x509.erl')
| -rw-r--r-- | src/x509.erl | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/x509.erl b/src/x509.erl index aef9ae7..42c6b89 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -6,12 +6,11 @@ -include_lib("public_key/include/public_key.hrl"). --type der_encoded() :: public_key:der_encoded(). -type reason() :: {chain_too_long | root_unknown | chain_broken}. -define(MAX_CHAIN_LENGTH, 10). --spec normalise_chain([der_encoded()], [der_encoded()]) -> [der_encoded()]. +-spec normalise_chain([binary()], [binary()]) -> [binary()]. normalise_chain(AcceptableRootCerts, CertChain) -> case valid_chain_p(AcceptableRootCerts, CertChain, ?MAX_CHAIN_LENGTH) of {false, Reason} -> @@ -27,7 +26,7 @@ normalise_chain(AcceptableRootCerts, CertChain) -> %% is: leaf cert in head, chain in tail. Order of first argument is %% irrelevant. --spec valid_chain_p([der_encoded()], [der_encoded()], integer()) -> +-spec valid_chain_p([binary()], [binary()], integer()) -> {false, reason()} | {true, list()}. valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 -> %% Chain too long. @@ -55,7 +54,7 @@ valid_chain_p(AcceptableRootCerts, [BottomCert|Rest], MaxChainLength) -> end. %% @doc Return list with first --spec signer(der_encoded(), [der_encoded()]) -> list(). +-spec signer(binary(), [binary()]) -> list(). signer(_Cert, []) -> notfound; signer(Cert, [H|T]) -> @@ -64,7 +63,7 @@ signer(Cert, [H|T]) -> false -> signer(Cert, T) end. --spec signed_by_p(der_encoded(), der_encoded()) -> boolean(). +-spec signed_by_p(binary(), binary()) -> boolean(). signed_by_p(Cert, IssuerCert) -> %% FIXME: Validate presence and contents (against constraints) of %% names (subject, subjectAltName, emailAddress) too? @@ -75,7 +74,7 @@ signed_by_p(Cert, IssuerCert) -> false end. --spec public_key(der_encoded() | #'OTPCertificate'{}) -> public_key:public_key(). +-spec public_key(binary() | #'OTPCertificate'{}) -> public_key:public_key(). public_key(CertDer) when is_binary(CertDer) -> public_key(public_key:pkix_decode_cert(CertDer, otp)); public_key(#'OTPCertificate'{ |