License	BSD-style
Maintainer	Vincent Hanquez <vincent@snarc.org>
Stability	experimental
Portability	unknown
Safe Haskell	None
Language	Haskell98

Data.X509

Contents

Types
Common extension usually found in x509v3
Accessor turning extension into a specific one
Certificate Revocation List (CRL)
Naming
Certificate Chain
marshall between CertificateChain and CertificateChainRaw
Signed types and marshalling
Parametrized Signed accessor
Hash distinguished names related function

Description

Read/Write X509 Certificate, CRL and their signed equivalents.

Follows RFC5280 / RFC6818

Synopsis

Types

type SignedCertificate = SignedExact Certificate #

A Signed Certificate

type SignedCRL = SignedExact CRL #

A Signed CRL

data Certificate #

X.509 Certificate type.

This type doesn't include the signature, it's describe in the RFC as tbsCertificate.

Constructors

Certificate
Fields certVersion :: Int Version certSerial :: Integer Serial number certSignatureAlg :: SignatureALG Signature algorithm certIssuerDN :: DistinguishedName Issuer DN certValidity :: (DateTime, DateTime) Validity period (UTC) certSubjectDN :: DistinguishedName Subject DN certPubKey :: PubKey Public key certExtensions :: Extensions Extensions

Instances

Eq Certificate #
Methods (==) :: Certificate -> Certificate -> Bool # (/=) :: Certificate -> Certificate -> Bool #
Show Certificate #
Methods showsPrec :: Int -> Certificate -> ShowS # show :: Certificate -> String # showList :: [Certificate] -> ShowS #
ASN1Object Certificate #
Methods toASN1 :: Certificate -> ASN1S # fromASN1 :: [ASN1] -> Either String (Certificate, [ASN1]) #

data PubKey #

Public key types known and used in X.509

Constructors

PubKeyRSA PublicKey	RSA public key
PubKeyDSA PublicKey	DSA public key
PubKeyDH (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer))	DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyEC PubKeyEC	EC public key
PubKeyUnknown OID ByteString	unrecognized format

Instances

Eq PubKey #
Methods (==) :: PubKey -> PubKey -> Bool # (/=) :: PubKey -> PubKey -> Bool #
Show PubKey #
Methods showsPrec :: Int -> PubKey -> ShowS # show :: PubKey -> String # showList :: [PubKey] -> ShowS #
ASN1Object PubKey #
Methods toASN1 :: PubKey -> ASN1S # fromASN1 :: [ASN1] -> Either String (PubKey, [ASN1]) #

data PubKeyEC #

Elliptic Curve Public Key

TODO: missing support for binary curve.

Constructors

PubKeyEC_Prime
Fields pubkeyEC_pub :: SerializedPoint pubkeyEC_a :: Integer pubkeyEC_b :: Integer pubkeyEC_prime :: Integer pubkeyEC_generator :: SerializedPoint pubkeyEC_order :: Integer pubkeyEC_cofactor :: Integer pubkeyEC_seed :: Integer
PubKeyEC_Named
Fields pubkeyEC_name :: CurveName pubkeyEC_pub :: SerializedPoint

Instances

Eq PubKeyEC #
Methods (==) :: PubKeyEC -> PubKeyEC -> Bool # (/=) :: PubKeyEC -> PubKeyEC -> Bool #
Show PubKeyEC #
Methods showsPrec :: Int -> PubKeyEC -> ShowS # show :: PubKeyEC -> String # showList :: [PubKeyEC] -> ShowS #

newtype SerializedPoint #

Serialized Elliptic Curve Point

Constructors

SerializedPoint ByteString

Instances

Eq SerializedPoint #
Methods (==) :: SerializedPoint -> SerializedPoint -> Bool # (/=) :: SerializedPoint -> SerializedPoint -> Bool #
Show SerializedPoint #
Methods showsPrec :: Int -> SerializedPoint -> ShowS # show :: SerializedPoint -> String # showList :: [SerializedPoint] -> ShowS #

data PrivKey #

Private key types known and used in X.509

Constructors

PrivKeyRSA PrivateKey	RSA private key
PrivKeyDSA PrivateKey	DSA private key

Instances

Eq PrivKey #
Methods (==) :: PrivKey -> PrivKey -> Bool # (/=) :: PrivKey -> PrivKey -> Bool #
Show PrivKey #
Methods showsPrec :: Int -> PrivKey -> ShowS # show :: PrivKey -> String # showList :: [PrivKey] -> ShowS #

pubkeyToAlg :: PubKey -> PubKeyALG #

Convert a Public key to the Public Key Algorithm type

privkeyToAlg :: PrivKey -> PubKeyALG #

Convert a Public key to the Public Key Algorithm type

data HashALG #

Hash Algorithm

Constructors

HashMD2
HashMD5
HashSHA1
HashSHA224
HashSHA256
HashSHA384
HashSHA512

Instances

Eq HashALG #
Methods (==) :: HashALG -> HashALG -> Bool # (/=) :: HashALG -> HashALG -> Bool #
Show HashALG #
Methods showsPrec :: Int -> HashALG -> ShowS # show :: HashALG -> String # showList :: [HashALG] -> ShowS #

data PubKeyALG #

Public Key Algorithm

Constructors

PubKeyALG_RSA	RSA Public Key algorithm
PubKeyALG_RSAPSS	RSA PSS Key algorithm (RFC 3447)
PubKeyALG_DSA	DSA Public Key algorithm
PubKeyALG_EC	ECDSA & ECDH Public Key algorithm
PubKeyALG_DH	Diffie Hellman Public Key algorithm
PubKeyALG_Unknown OID	Unknown Public Key algorithm

Instances

Eq PubKeyALG #
Methods (==) :: PubKeyALG -> PubKeyALG -> Bool # (/=) :: PubKeyALG -> PubKeyALG -> Bool #
Show PubKeyALG #
Methods showsPrec :: Int -> PubKeyALG -> ShowS # show :: PubKeyALG -> String # showList :: [PubKeyALG] -> ShowS #
OIDable PubKeyALG #
Methods getObjectID :: PubKeyALG -> OID #

data SignatureALG #

Signature Algorithm often composed of a public key algorithm and a hash algorithm

Constructors

SignatureALG HashALG PubKeyALG
SignatureALG_Unknown OID

Instances

Eq SignatureALG #
Methods (==) :: SignatureALG -> SignatureALG -> Bool # (/=) :: SignatureALG -> SignatureALG -> Bool #
Show SignatureALG #
Methods showsPrec :: Int -> SignatureALG -> ShowS # show :: SignatureALG -> String # showList :: [SignatureALG] -> ShowS #
ASN1Object SignatureALG #
Methods toASN1 :: SignatureALG -> ASN1S # fromASN1 :: [ASN1] -> Either String (SignatureALG, [ASN1]) #

class Extension a where #

Extension class.

each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.

Minimal complete definition

extOID, extEncode, extDecode

Methods

extOID :: a -> OID #

extEncode :: a -> [ASN1] #

extDecode :: [ASN1] -> Either String a #

Instances

Extension ExtCrlDistributionPoints #
Methods extOID :: ExtCrlDistributionPoints -> OID # extEncode :: ExtCrlDistributionPoints -> [ASN1] # extDecode :: [ASN1] -> Either String ExtCrlDistributionPoints #
Extension ExtAuthorityKeyId #
Methods extOID :: ExtAuthorityKeyId -> OID # extEncode :: ExtAuthorityKeyId -> [ASN1] # extDecode :: [ASN1] -> Either String ExtAuthorityKeyId #
Extension ExtSubjectAltName #
Methods extOID :: ExtSubjectAltName -> OID # extEncode :: ExtSubjectAltName -> [ASN1] # extDecode :: [ASN1] -> Either String ExtSubjectAltName #
Extension ExtSubjectKeyId #
Methods extOID :: ExtSubjectKeyId -> OID # extEncode :: ExtSubjectKeyId -> [ASN1] # extDecode :: [ASN1] -> Either String ExtSubjectKeyId #
Extension ExtExtendedKeyUsage #
Methods extOID :: ExtExtendedKeyUsage -> OID # extEncode :: ExtExtendedKeyUsage -> [ASN1] # extDecode :: [ASN1] -> Either String ExtExtendedKeyUsage #
Extension ExtKeyUsage #
Methods extOID :: ExtKeyUsage -> OID # extEncode :: ExtKeyUsage -> [ASN1] # extDecode :: [ASN1] -> Either String ExtKeyUsage #
Extension ExtBasicConstraints #
Methods extOID :: ExtBasicConstraints -> OID # extEncode :: ExtBasicConstraints -> [ASN1] # extDecode :: [ASN1] -> Either String ExtBasicConstraints #

Common extension usually found in x509v3

data ExtBasicConstraints #

Basic Constraints

Constructors

ExtBasicConstraints Bool (Maybe Integer)

Instances

Eq ExtBasicConstraints #
Methods (==) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool # (/=) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool #
Show ExtBasicConstraints #
Methods showsPrec :: Int -> ExtBasicConstraints -> ShowS # show :: ExtBasicConstraints -> String # showList :: [ExtBasicConstraints] -> ShowS #
Extension ExtBasicConstraints #
Methods extOID :: ExtBasicConstraints -> OID # extEncode :: ExtBasicConstraints -> [ASN1] # extDecode :: [ASN1] -> Either String ExtBasicConstraints #

data ExtKeyUsage #

Describe key usage

Constructors

ExtKeyUsage [ExtKeyUsageFlag]

Instances

Eq ExtKeyUsage #
Methods (==) :: ExtKeyUsage -> ExtKeyUsage -> Bool # (/=) :: ExtKeyUsage -> ExtKeyUsage -> Bool #
Show ExtKeyUsage #
Methods showsPrec :: Int -> ExtKeyUsage -> ShowS # show :: ExtKeyUsage -> String # showList :: [ExtKeyUsage] -> ShowS #
Extension ExtKeyUsage #
Methods extOID :: ExtKeyUsage -> OID # extEncode :: ExtKeyUsage -> [ASN1] # extDecode :: [ASN1] -> Either String ExtKeyUsage #

data ExtKeyUsageFlag #

key usage flag that is found in the key usage extension field.

Constructors

KeyUsage_digitalSignature
KeyUsage_nonRepudiation
KeyUsage_keyEncipherment
KeyUsage_dataEncipherment
KeyUsage_keyAgreement
KeyUsage_keyCertSign
KeyUsage_cRLSign
KeyUsage_encipherOnly
KeyUsage_decipherOnly

Instances

Enum ExtKeyUsageFlag #
Methods succ :: ExtKeyUsageFlag -> ExtKeyUsageFlag # pred :: ExtKeyUsageFlag -> ExtKeyUsageFlag # toEnum :: Int -> ExtKeyUsageFlag # fromEnum :: ExtKeyUsageFlag -> Int # enumFrom :: ExtKeyUsageFlag -> [ExtKeyUsageFlag] # enumFromThen :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> [ExtKeyUsageFlag] # enumFromTo :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> [ExtKeyUsageFlag] # enumFromThenTo :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> ExtKeyUsageFlag -> [ExtKeyUsageFlag] #
Eq ExtKeyUsageFlag #
Methods (==) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (/=) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool #
Ord ExtKeyUsageFlag #
Methods compare :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Ordering # (<) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (<=) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (>) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (>=) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # max :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> ExtKeyUsageFlag # min :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> ExtKeyUsageFlag #
Show ExtKeyUsageFlag #
Methods showsPrec :: Int -> ExtKeyUsageFlag -> ShowS # show :: ExtKeyUsageFlag -> String # showList :: [ExtKeyUsageFlag] -> ShowS #

data ExtExtendedKeyUsage #

Extended key usage extension

Constructors

ExtExtendedKeyUsage [ExtKeyUsagePurpose]

Instances

Eq ExtExtendedKeyUsage #
Methods (==) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool # (/=) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool #
Show ExtExtendedKeyUsage #
Methods showsPrec :: Int -> ExtExtendedKeyUsage -> ShowS # show :: ExtExtendedKeyUsage -> String # showList :: [ExtExtendedKeyUsage] -> ShowS #
Extension ExtExtendedKeyUsage #
Methods extOID :: ExtExtendedKeyUsage -> OID # extEncode :: ExtExtendedKeyUsage -> [ASN1] # extDecode :: [ASN1] -> Either String ExtExtendedKeyUsage #

data ExtKeyUsagePurpose #

Key usage purposes for the ExtendedKeyUsage extension

Constructors

KeyUsagePurpose_ServerAuth
KeyUsagePurpose_ClientAuth
KeyUsagePurpose_CodeSigning
KeyUsagePurpose_EmailProtection
KeyUsagePurpose_TimeStamping
KeyUsagePurpose_OCSPSigning
KeyUsagePurpose_Unknown OID

Instances

Eq ExtKeyUsagePurpose #
Methods (==) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (/=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool #
Ord ExtKeyUsagePurpose #
Methods compare :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Ordering # (<) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (<=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (>) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (>=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # max :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose # min :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose #
Show ExtKeyUsagePurpose #
Methods showsPrec :: Int -> ExtKeyUsagePurpose -> ShowS # show :: ExtKeyUsagePurpose -> String # showList :: [ExtKeyUsagePurpose] -> ShowS #

data ExtSubjectKeyId #

Provide a way to identify a public key by a short hash.

Constructors

ExtSubjectKeyId ByteString

Instances

Eq ExtSubjectKeyId #
Methods (==) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool # (/=) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool #
Show ExtSubjectKeyId #
Methods showsPrec :: Int -> ExtSubjectKeyId -> ShowS # show :: ExtSubjectKeyId -> String # showList :: [ExtSubjectKeyId] -> ShowS #
Extension ExtSubjectKeyId #
Methods extOID :: ExtSubjectKeyId -> OID # extEncode :: ExtSubjectKeyId -> [ASN1] # extDecode :: [ASN1] -> Either String ExtSubjectKeyId #

data ExtSubjectAltName #

Provide a way to supply alternate name that can be used for matching host name.

Constructors

ExtSubjectAltName [AltName]

Instances

Eq ExtSubjectAltName #
Methods (==) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (/=) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool #
Ord ExtSubjectAltName #
Methods compare :: ExtSubjectAltName -> ExtSubjectAltName -> Ordering # (<) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (<=) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (>) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (>=) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # max :: ExtSubjectAltName -> ExtSubjectAltName -> ExtSubjectAltName # min :: ExtSubjectAltName -> ExtSubjectAltName -> ExtSubjectAltName #
Show ExtSubjectAltName #
Methods showsPrec :: Int -> ExtSubjectAltName -> ShowS # show :: ExtSubjectAltName -> String # showList :: [ExtSubjectAltName] -> ShowS #
Extension ExtSubjectAltName #
Methods extOID :: ExtSubjectAltName -> OID # extEncode :: ExtSubjectAltName -> [ASN1] # extDecode :: [ASN1] -> Either String ExtSubjectAltName #

data ExtAuthorityKeyId #

Provide a mean to identify the public key corresponding to the private key used to signed a certificate.

Constructors

ExtAuthorityKeyId ByteString

Instances

Eq ExtAuthorityKeyId #
Methods (==) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool # (/=) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool #
Show ExtAuthorityKeyId #
Methods showsPrec :: Int -> ExtAuthorityKeyId -> ShowS # show :: ExtAuthorityKeyId -> String # showList :: [ExtAuthorityKeyId] -> ShowS #
Extension ExtAuthorityKeyId #
Methods extOID :: ExtAuthorityKeyId -> OID # extEncode :: ExtAuthorityKeyId -> [ASN1] # extDecode :: [ASN1] -> Either String ExtAuthorityKeyId #

data ExtCrlDistributionPoints #

Identify how CRL information is obtained

Constructors

ExtCrlDistributionPoints [DistributionPoint]

Instances

Eq ExtCrlDistributionPoints #
Methods (==) :: ExtCrlDistributionPoints -> ExtCrlDistributionPoints -> Bool # (/=) :: ExtCrlDistributionPoints -> ExtCrlDistributionPoints -> Bool #
Show ExtCrlDistributionPoints #
Methods showsPrec :: Int -> ExtCrlDistributionPoints -> ShowS # show :: ExtCrlDistributionPoints -> String # showList :: [ExtCrlDistributionPoints] -> ShowS #
Extension ExtCrlDistributionPoints #
Methods extOID :: ExtCrlDistributionPoints -> OID # extEncode :: ExtCrlDistributionPoints -> [ASN1] # extDecode :: [ASN1] -> Either String ExtCrlDistributionPoints #

data AltName #

Different naming scheme use by the extension.

Not all name types are available, missing: otherName x400Address directoryName ediPartyName registeredID

Constructors

AltNameRFC822 String
AltNameDNS String
AltNameURI String
AltNameIP ByteString
AltNameXMPP String
AltNameDNSSRV String

Instances

Eq AltName #
Methods (==) :: AltName -> AltName -> Bool # (/=) :: AltName -> AltName -> Bool #
Ord AltName #
Methods compare :: AltName -> AltName -> Ordering # (<) :: AltName -> AltName -> Bool # (<=) :: AltName -> AltName -> Bool # (>) :: AltName -> AltName -> Bool # (>=) :: AltName -> AltName -> Bool # max :: AltName -> AltName -> AltName # min :: AltName -> AltName -> AltName #
Show AltName #
Methods showsPrec :: Int -> AltName -> ShowS # show :: AltName -> String # showList :: [AltName] -> ShowS #

data DistributionPoint #

Distribution point as either some GeneralNames or a DN

Constructors

DistributionPointFullName [AltName]
DistributionNameRelative DistinguishedName

Instances

Eq DistributionPoint #
Methods (==) :: DistributionPoint -> DistributionPoint -> Bool # (/=) :: DistributionPoint -> DistributionPoint -> Bool #
Show DistributionPoint #
Methods showsPrec :: Int -> DistributionPoint -> ShowS # show :: DistributionPoint -> String # showList :: [DistributionPoint] -> ShowS #

data ReasonFlag #

Reason flag for the CRL

Constructors

Reason_Unused
Reason_KeyCompromise
Reason_CACompromise
Reason_AffiliationChanged
Reason_Superseded
Reason_CessationOfOperation
Reason_CertificateHold
Reason_PrivilegeWithdrawn
Reason_AACompromise

Instances

Enum ReasonFlag #
Methods succ :: ReasonFlag -> ReasonFlag # pred :: ReasonFlag -> ReasonFlag # toEnum :: Int -> ReasonFlag # fromEnum :: ReasonFlag -> Int # enumFrom :: ReasonFlag -> [ReasonFlag] # enumFromThen :: ReasonFlag -> ReasonFlag -> [ReasonFlag] # enumFromTo :: ReasonFlag -> ReasonFlag -> [ReasonFlag] # enumFromThenTo :: ReasonFlag -> ReasonFlag -> ReasonFlag -> [ReasonFlag] #
Eq ReasonFlag #
Methods (==) :: ReasonFlag -> ReasonFlag -> Bool # (/=) :: ReasonFlag -> ReasonFlag -> Bool #
Ord ReasonFlag #
Methods compare :: ReasonFlag -> ReasonFlag -> Ordering # (<) :: ReasonFlag -> ReasonFlag -> Bool # (<=) :: ReasonFlag -> ReasonFlag -> Bool # (>) :: ReasonFlag -> ReasonFlag -> Bool # (>=) :: ReasonFlag -> ReasonFlag -> Bool # max :: ReasonFlag -> ReasonFlag -> ReasonFlag # min :: ReasonFlag -> ReasonFlag -> ReasonFlag #
Show ReasonFlag #
Methods showsPrec :: Int -> ReasonFlag -> ShowS # show :: ReasonFlag -> String # showList :: [ReasonFlag] -> ShowS #

Accessor turning extension into a specific one

extensionGet :: Extension a => Extensions -> Maybe a #

Get a specific extension from a lists of raw extensions

extensionGetE :: Extension a => Extensions -> Maybe (Either String a) #

Get a specific extension from a lists of raw extensions

extensionDecode :: Extension a => ExtensionRaw -> Maybe (Either String a) #

Try to decode an ExtensionRaw.

If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decoded

extensionEncode :: Extension a => Bool -> a -> ExtensionRaw #

Encode an Extension to extensionRaw

data ExtensionRaw #

An undecoded extension

Constructors

ExtensionRaw
Fields extRawOID :: OID OID of this extension extRawCritical :: Bool if this extension is critical extRawASN1 :: [ASN1] the associated ASN1

Instances

Eq ExtensionRaw #
Methods (==) :: ExtensionRaw -> ExtensionRaw -> Bool # (/=) :: ExtensionRaw -> ExtensionRaw -> Bool #
Show ExtensionRaw #
Methods showsPrec :: Int -> ExtensionRaw -> ShowS # show :: ExtensionRaw -> String # showList :: [ExtensionRaw] -> ShowS #
ASN1Object ExtensionRaw #
Methods toASN1 :: ExtensionRaw -> ASN1S # fromASN1 :: [ASN1] -> Either String (ExtensionRaw, [ASN1]) #

newtype Extensions #

a Set of ExtensionRaw

Constructors

Extensions (Maybe [ExtensionRaw])

Instances

Eq Extensions #
Methods (==) :: Extensions -> Extensions -> Bool # (/=) :: Extensions -> Extensions -> Bool #
Show Extensions #
Methods showsPrec :: Int -> Extensions -> ShowS # show :: Extensions -> String # showList :: [Extensions] -> ShowS #
ASN1Object Extensions #
Methods toASN1 :: Extensions -> ASN1S # fromASN1 :: [ASN1] -> Either String (Extensions, [ASN1]) #

Certificate Revocation List (CRL)

data CRL #

Describe a Certificate revocation list

Constructors

CRL
Fields crlVersion :: Integer crlSignatureAlg :: SignatureALG crlIssuer :: DistinguishedName crlThisUpdate :: DateTime crlNextUpdate :: Maybe DateTime crlRevokedCertificates :: [RevokedCertificate] crlExtensions :: Extensions

Instances

Eq CRL #
Methods (==) :: CRL -> CRL -> Bool # (/=) :: CRL -> CRL -> Bool #
Show CRL #
Methods showsPrec :: Int -> CRL -> ShowS # show :: CRL -> String # showList :: [CRL] -> ShowS #
ASN1Object CRL #
Methods toASN1 :: CRL -> ASN1S # fromASN1 :: [ASN1] -> Either String (CRL, [ASN1]) #

data RevokedCertificate #

Describe a revoked certificate identifiable by serial number.

Constructors

RevokedCertificate
Fields revokedSerialNumber :: Integer revokedDate :: DateTime revokedExtensions :: Extensions

Instances

Eq RevokedCertificate #
Methods (==) :: RevokedCertificate -> RevokedCertificate -> Bool # (/=) :: RevokedCertificate -> RevokedCertificate -> Bool #
Show RevokedCertificate #
Methods showsPrec :: Int -> RevokedCertificate -> ShowS # show :: RevokedCertificate -> String # showList :: [RevokedCertificate] -> ShowS #
ASN1Object RevokedCertificate #
Methods toASN1 :: RevokedCertificate -> ASN1S # fromASN1 :: [ASN1] -> Either String (RevokedCertificate, [ASN1]) #

Naming

newtype DistinguishedName #

A list of OID and strings.

Constructors

DistinguishedName
Fields getDistinguishedElements :: [(OID, ASN1CharacterString)]

Instances

Eq DistinguishedName #
Methods (==) :: DistinguishedName -> DistinguishedName -> Bool # (/=) :: DistinguishedName -> DistinguishedName -> Bool #
Ord DistinguishedName #
Methods compare :: DistinguishedName -> DistinguishedName -> Ordering # (<) :: DistinguishedName -> DistinguishedName -> Bool # (<=) :: DistinguishedName -> DistinguishedName -> Bool # (>) :: DistinguishedName -> DistinguishedName -> Bool # (>=) :: DistinguishedName -> DistinguishedName -> Bool # max :: DistinguishedName -> DistinguishedName -> DistinguishedName # min :: DistinguishedName -> DistinguishedName -> DistinguishedName #
Show DistinguishedName #
Methods showsPrec :: Int -> DistinguishedName -> ShowS # show :: DistinguishedName -> String # showList :: [DistinguishedName] -> ShowS #
Monoid DistinguishedName #
Methods mempty :: DistinguishedName # mappend :: DistinguishedName -> DistinguishedName -> DistinguishedName # mconcat :: [DistinguishedName] -> DistinguishedName #
ASN1Object DistinguishedName #
Methods toASN1 :: DistinguishedName -> ASN1S # fromASN1 :: [ASN1] -> Either String (DistinguishedName, [ASN1]) #

data DnElement #

Elements commonly available in a DistinguishedName structure

Constructors

DnCommonName	CN
DnCountry	Country
DnOrganization	O
DnOrganizationUnit	OU
DnEmailAddress	Email Address (legacy)

Instances

Eq DnElement #
Methods (==) :: DnElement -> DnElement -> Bool # (/=) :: DnElement -> DnElement -> Bool #
Show DnElement #
Methods showsPrec :: Int -> DnElement -> ShowS # show :: DnElement -> String # showList :: [DnElement] -> ShowS #
OIDable DnElement #
Methods getObjectID :: DnElement -> OID #

data ASN1CharacterString :: * #

ASN1 Character String with encoding

Constructors

ASN1CharacterString
Fields characterEncoding :: ASN1StringEncoding getCharacterStringRawData :: ByteString

Instances

Eq ASN1CharacterString
Methods (==) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (/=) :: ASN1CharacterString -> ASN1CharacterString -> Bool #
Ord ASN1CharacterString
Methods compare :: ASN1CharacterString -> ASN1CharacterString -> Ordering # (<) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (<=) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (>) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (>=) :: ASN1CharacterString -> ASN1CharacterString -> Bool # max :: ASN1CharacterString -> ASN1CharacterString -> ASN1CharacterString # min :: ASN1CharacterString -> ASN1CharacterString -> ASN1CharacterString #
Show ASN1CharacterString
Methods showsPrec :: Int -> ASN1CharacterString -> ShowS # show :: ASN1CharacterString -> String # showList :: [ASN1CharacterString] -> ShowS #
IsString ASN1CharacterString
Methods fromString :: String -> ASN1CharacterString #

getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString #

Try to get a specific element in a DistinguishedName structure

Certificate Chain

newtype CertificateChain #

A chain of X.509 certificates in exact form.

Constructors

CertificateChain [SignedExact Certificate]

Instances

Eq CertificateChain #
Methods (==) :: CertificateChain -> CertificateChain -> Bool # (/=) :: CertificateChain -> CertificateChain -> Bool #
Show CertificateChain #
Methods showsPrec :: Int -> CertificateChain -> ShowS # show :: CertificateChain -> String # showList :: [CertificateChain] -> ShowS #

newtype CertificateChainRaw #

Represent a chain of X.509 certificates in bytestring form.

Constructors

CertificateChainRaw [ByteString]

Instances

Eq CertificateChainRaw #
Methods (==) :: CertificateChainRaw -> CertificateChainRaw -> Bool # (/=) :: CertificateChainRaw -> CertificateChainRaw -> Bool #
Show CertificateChainRaw #
Methods showsPrec :: Int -> CertificateChainRaw -> ShowS # show :: CertificateChainRaw -> String # showList :: [CertificateChainRaw] -> ShowS #

marshall between CertificateChain and CertificateChainRaw

decodeCertificateChain :: CertificateChainRaw -> Either (Int, String) CertificateChain #

Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.

encodeCertificateChain :: CertificateChain -> CertificateChainRaw #

Convert a CertificateChain into a CertificateChainRaw

Signed types and marshalling

data (Show a, Eq a, ASN1Object a) => Signed a #

Represent a signed object using a traditional X509 structure.

When dealing with external certificate, use the SignedExact structure not this one.

Constructors

Signed
Fields signedObject :: a Object to sign signedAlg :: SignatureALG Signature Algorithm used signedSignature :: ByteString Signature as bytes

Instances

(ASN1Object a, Eq a, Show a) => Eq (Signed a) #
Methods (==) :: Signed a -> Signed a -> Bool # (/=) :: Signed a -> Signed a -> Bool #
(ASN1Object a, Eq a, Show a) => Show (Signed a) #
Methods showsPrec :: Int -> Signed a -> ShowS # show :: Signed a -> String # showList :: [Signed a] -> ShowS #

data (Show a, Eq a, ASN1Object a) => SignedExact a #

Represent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.

Instances

(ASN1Object a, Eq a, Show a) => Eq (SignedExact a) #
Methods (==) :: SignedExact a -> SignedExact a -> Bool # (/=) :: SignedExact a -> SignedExact a -> Bool #
(ASN1Object a, Eq a, Show a) => Show (SignedExact a) #
Methods showsPrec :: Int -> SignedExact a -> ShowS # show :: SignedExact a -> String # showList :: [SignedExact a] -> ShowS #

getSigned :: SignedExact a -> Signed a #

get the decoded Signed data

getSignedData :: (Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString #

Get the signed data for the signature

objectToSignedExact #

Arguments

:: (Show a, Eq a, ASN1Object a)
=> (ByteString -> (ByteString, SignatureALG, r))	signature function
-> a	object to sign
-> (SignedExact a, r)

Transform an object into a SignedExact object

objectToSignedExactF #

Arguments

:: (Functor f, Show a, Eq a, ASN1Object a)
=> (ByteString -> f (ByteString, SignatureALG))	signature function
-> a	object to sign
-> f (SignedExact a)

A generalization of objectToSignedExact where the signature function runs in an arbitrary functor. This allows for example to sign using an algorithm needing random values.

encodeSignedObject :: SignedExact a -> ByteString #

The raw representation of the whole signed structure

decodeSignedObject :: (Show a, Eq a, ASN1Object a) => ByteString -> Either String (SignedExact a) #

Try to parse a bytestring that use the typical X509 signed structure format