Copyright | (c) Galois Inc. 2007-2009 Duncan Coutts 2015 |
---|---|
Safe Haskell | None |
Language | Haskell2010 |
Minimal implementation of Canonical JSON.
http://wiki.laptop.org/go/Canonical_JSON
A "canonical JSON" format is provided in order to provide meaningful and repeatable hashes of JSON-encoded data. Canonical JSON is parsable with any full JSON parser, but security-conscious applications will want to verify that input is in canonical form before authenticating any hash or signature on that input.
This implementation is derived from the json parser from the json package, with simplifications to meet the Canonical JSON grammar.
TODO: Known bugs/limitations:
- Decoding/encoding Unicode code-points beyond
U+00ff
is currently broken
- data JSValue
- data Int54
- parseCanonicalJSON :: ByteString -> Either String JSValue
- renderCanonicalJSON :: JSValue -> ByteString
- prettyCanonicalJSON :: JSValue -> String
Documentation
54-bit integer values
JavaScript can only safely represent numbers between -(2^53 - 1)
and
2^53 - 1
.
TODO: Although we introduce the type here, we don't actually do any bounds
checking and just inherit all type class instance from Int64. We should
probably define fromInteger
to do bounds checking, give different instances
for type classes such as Bounded
and FiniteBits
, etc.
parseCanonicalJSON :: ByteString -> Either String JSValue #
Parse a canonical JSON format string as a JSON value. The input string does not have to be in canonical form, just in the "canonical JSON" format.
Use renderCanonicalJSON
to convert into canonical form.
renderCanonicalJSON :: JSValue -> ByteString #
Render a JSON value in canonical form. This rendered form is canonical and so allows repeatable hashes.
For pretty printing, see prettyCanonicalJSON.
NB: Canonical JSON's string escaping rules deviate from RFC 7159 JSON which requires
"All Unicode characters may be placed within the quotation
marks, except for the characters that must be escaped: quotation
mark, reverse solidus, and the control characters (U+0000
through U+001F
)."
Whereas the current specification of Canonical JSON explicitly requires to violate this by only escaping the quotation mark and the reverse solidus. This, however, contradicts Canonical JSON's statement that "Canonical JSON is parsable with any full JSON parser"
Consequently, Canonical JSON is not a proper subset of RFC 7159.
prettyCanonicalJSON :: JSValue -> String #
Render a JSON value in a reasonable human-readable form. This rendered
form is not the canonical form used for repeatable hashes, use
renderCanonicalJSON
for that.