xlphs/public_key_verify.exs

## public_key_verify.exs
defmodule PublicKey do

	def verify_fun(_, {:extension, _}, state) do
		IO.puts "verify_fun -- extension"
	  {:unknown, state}
	end
	def verify_fun(_, {:revoked, _}, state) do
		IO.puts "verify_fun -- revoked"
	  {:fail, state}
	end
	def verify_fun(cert, event, state) do
		IO.puts "verify_fun --"
	  IO.inspect event
	  {:unknown, state}
	end

	def verify do
		Application.ensure_all_started :inets
		Application.ensure_all_started :ssl
		Application.ensure_all_started :public_key

		{:ok, resp} = :httpc.request(:get, {'https://s3.amazonaws.com/echo.api/echo-api-cert.pem', []}, [], [body_format: :binary])
		{_, _headers, certificate_chain_bin} = resp
		# alternatively, read from local file
		# {:ok, certificate_chain_bin} = :file.read_file("echo-api-cert.pem")
		cert_chain = :public_key.pem_decode(certificate_chain_bin)
		cert_chain_decoded = Enum.map(cert_chain,
			fn {_, bin, _} -> bin
		end)

		{:ok, resp} = :httpc.request(:get, {'https://www.symantec.com/content/dam/symantec/docs/other-resources/verisign-class-3-public-primary-certification-authority-g5-en.pem', []}, [], [body_format: :binary])
		{_, _headers, root_cert_bin} = resp
		# {:ok, root_cert_bin} = :file.read_file("auth_root.pem")
		[{_, root_cer, _}] = :public_key.pem_decode(root_cert_bin)

		case :public_key.pkix_path_validation(root_cer, cert_chain_decoded,
					[{:verify_fun, {&PublicKey.verify_fun/3, {}}}]) do
			{:ok, {public_key_info, _policy_tree}} ->
				IO.inspect public_key_info
			{:error, {:bad_cert, reason}} ->
				IO.puts "validation failed with bad cert"
				IO.inspect reason
		end
	end
end

PublicKey.verify()
	defmodule PublicKey do

	def verify_fun(_, {:extension, _}, state) do
	IO.puts "verify_fun -- extension"
	{:unknown, state}
	end
	def verify_fun(_, {:revoked, _}, state) do
	IO.puts "verify_fun -- revoked"
	{:fail, state}
	end
	def verify_fun(cert, event, state) do
	IO.puts "verify_fun --"
	IO.inspect event
	{:unknown, state}
	end

	def verify do
	Application.ensure_all_started :inets
	Application.ensure_all_started :ssl
	Application.ensure_all_started :public_key

	{:ok, resp} = :httpc.request(:get, {'https://s3.amazonaws.com/echo.api/echo-api-cert.pem', []}, [], [body_format: :binary])
	{_, _headers, certificate_chain_bin} = resp
	# alternatively, read from local file
	# {:ok, certificate_chain_bin} = :file.read_file("echo-api-cert.pem")
	cert_chain = :public_key.pem_decode(certificate_chain_bin)
	cert_chain_decoded = Enum.map(cert_chain,
	fn {_, bin, _} -> bin
	end)

	{:ok, resp} = :httpc.request(:get, {'https://www.symantec.com/content/dam/symantec/docs/other-resources/verisign-class-3-public-primary-certification-authority-g5-en.pem', []}, [], [body_format: :binary])
	{_, _headers, root_cert_bin} = resp
	# {:ok, root_cert_bin} = :file.read_file("auth_root.pem")
	[{_, root_cer, _}] = :public_key.pem_decode(root_cert_bin)

	case :public_key.pkix_path_validation(root_cer, cert_chain_decoded,
	[{:verify_fun, {&PublicKey.verify_fun/3, {}}}]) do
	{:ok, {public_key_info, _policy_tree}} ->
	IO.inspect public_key_info
	{:error, {:bad_cert, reason}} ->
	IO.puts "validation failed with bad cert"
	IO.inspect reason
	end
	end
	end

	PublicKey.verify()