Validation test suite

[ocheron]

This adds a test suite to the package x509-validation:

• includes tests for all failure reasons and all validation checks

• however validation cache is left out (state is difficult to test)

• the full suite is run four times, once for each signature algorithm RSA/RSAPSS/DSA/ECDSA

• all data is dynamically generated, however to speed computations up, a fixed set of keys is shared and reused among test cases

Additional changes:

• fixed signature verification for DSA certificates

• added some missing OIDs

• it was difficult to sign cleanly with objectToSignedExact because signature function often have a MonadRandom constraint, so I had to introduce a new variant of the function

Also some surprises and remarks:

• The validation functions never return the failure reasons InvalidName and InvalidWildcard. Instead NameMismatch is returned. This behavior comes from the consolidation of matching results from all names in the certificate, so it's probably best not to change this. I just added a note in the description of the data type.

• A CertificateStore is usually just a Map so it cannot contain multiple CAs with the same Subject DN. Maybe this constraint should be removed to support renewals and re-keyings better. For instance using something like Map DistinguishedName [SignedCertificate] instead.

[vincenthz]

nice work ! thanks

[ocheron]

Great, fortunately you guys noticed the module I forgot in the cabal file.