| License | BSD-style |
|---|---|
| Maintainer | Vincent Hanquez <vincent@snarc.org> |
| Stability | experimental |
| Portability | unknown |
| Safe Haskell | None |
| Language | Haskell2010 |
Data.X509
Contents
- Types
- Common extension usually found in x509v3
- Accessor turning extension into a specific one
- Certificate Revocation List (CRL)
- Naming
- Certificate Chain
- marshall between CertificateChain and CertificateChainRaw
- Signed types and marshalling
- Parametrized Signed accessor
- Hash distinguished names related function
Description
Read/Write X509 Certificate, CRL and their signed equivalents.
Follows RFC5280 / RFC6818
Synopsis
- type SignedCertificate = SignedExact Certificate
- type SignedCRL = SignedExact CRL
- data Certificate = Certificate {}
- data PubKey
- data PubKeyEC
- = PubKeyEC_Prime { }
- | PubKeyEC_Named { }
- newtype SerializedPoint = SerializedPoint ByteString
- data PrivKey
- data PrivKeyEC
- = PrivKeyEC_Prime { }
- | PrivKeyEC_Named { }
- pubkeyToAlg :: PubKey -> PubKeyALG
- privkeyToAlg :: PrivKey -> PubKeyALG
- data HashALG
- data PubKeyALG
- data SignatureALG
- class Extension a where
- extOID :: a -> OID
- extHasNestedASN1 :: Proxy a -> Bool
- extEncode :: a -> [ASN1]
- extDecode :: [ASN1] -> Either String a
- extDecodeBs :: ByteString -> Either String a
- extEncodeBs :: a -> ByteString
- data ExtBasicConstraints = ExtBasicConstraints Bool (Maybe Integer)
- data ExtKeyUsage = ExtKeyUsage [ExtKeyUsageFlag]
- data ExtKeyUsageFlag
- data ExtExtendedKeyUsage = ExtExtendedKeyUsage [ExtKeyUsagePurpose]
- data ExtKeyUsagePurpose
- data ExtSubjectKeyId = ExtSubjectKeyId ByteString
- data ExtSubjectAltName = ExtSubjectAltName [AltName]
- data ExtAuthorityKeyId = ExtAuthorityKeyId ByteString
- data ExtCrlDistributionPoints = ExtCrlDistributionPoints [DistributionPoint]
- data ExtNetscapeComment = ExtNetscapeComment ByteString
- data AltName
- data DistributionPoint
- data ReasonFlag
- extensionGet :: Extension a => Extensions -> Maybe a
- extensionGetE :: Extension a => Extensions -> Maybe (Either String a)
- extensionDecode :: forall a. Extension a => ExtensionRaw -> Maybe (Either String a)
- extensionEncode :: forall a. Extension a => Bool -> a -> ExtensionRaw
- data ExtensionRaw = ExtensionRaw {}
- tryExtRawASN1 :: ExtensionRaw -> Either String [ASN1]
- extRawASN1 :: ExtensionRaw -> [ASN1]
- newtype Extensions = Extensions (Maybe [ExtensionRaw])
- data CRL = CRL {}
- data RevokedCertificate = RevokedCertificate {}
- newtype DistinguishedName = DistinguishedName {}
- data DnElement
- data ASN1CharacterString = ASN1CharacterString {}
- getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString
- newtype CertificateChain = CertificateChain [SignedExact Certificate]
- newtype CertificateChainRaw = CertificateChainRaw [ByteString]
- decodeCertificateChain :: CertificateChainRaw -> Either (Int, String) CertificateChain
- encodeCertificateChain :: CertificateChain -> CertificateChainRaw
- data (Show a, Eq a, ASN1Object a) => Signed a = Signed {}
- data (Show a, Eq a, ASN1Object a) => SignedExact a
- getSigned :: SignedExact a -> Signed a
- getSignedData :: (Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString
- objectToSignedExact :: (Show a, Eq a, ASN1Object a) => (ByteString -> (ByteString, SignatureALG, r)) -> a -> (SignedExact a, r)
- objectToSignedExactF :: (Functor f, Show a, Eq a, ASN1Object a) => (ByteString -> f (ByteString, SignatureALG)) -> a -> f (SignedExact a)
- encodeSignedObject :: SignedExact a -> ByteString
- decodeSignedObject :: (Show a, Eq a, ASN1Object a) => ByteString -> Either String (SignedExact a)
- getCertificate :: SignedCertificate -> Certificate
- getCRL :: SignedCRL -> CRL
- decodeSignedCertificate :: ByteString -> Either String SignedCertificate
- decodeSignedCRL :: ByteString -> Either String SignedCRL
- hashDN :: DistinguishedName -> ByteString
- hashDN_old :: DistinguishedName -> ByteString
Types
type SignedCertificate = SignedExact Certificate #
A Signed Certificate
type SignedCRL = SignedExact CRL #
A Signed CRL
data Certificate #
X.509 Certificate type.
This type doesn't include the signature, it's describe in the RFC as tbsCertificate.
Constructors
| Certificate | |
Fields
| |
Instances
| Eq Certificate # | |
Defined in Data.X509.Cert | |
| Show Certificate # | |
Defined in Data.X509.Cert Methods showsPrec :: Int -> Certificate -> ShowS # show :: Certificate -> String # showList :: [Certificate] -> ShowS # | |
| ASN1Object Certificate # | |
Defined in Data.X509.Cert | |
Public key types known and used in X.509
Constructors
| PubKeyRSA PublicKey | RSA public key |
| PubKeyDSA PublicKey | DSA public key |
| PubKeyDH (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) | DH format with (p,g,q,j,(seed,pgenCounter)) |
| PubKeyEC PubKeyEC | EC public key |
| PubKeyX25519 PublicKey | X25519 public key |
| PubKeyX448 PublicKey | X448 public key |
| PubKeyEd25519 PublicKey | Ed25519 public key |
| PubKeyEd448 PublicKey | Ed448 public key |
| PubKeyUnknown OID ByteString | unrecognized format |
Elliptic Curve Public Key
TODO: missing support for binary curve.
Constructors
| PubKeyEC_Prime | |
Fields | |
| PubKeyEC_Named | |
Fields | |
newtype SerializedPoint #
Serialized Elliptic Curve Point
Constructors
| SerializedPoint ByteString |
Instances
| Eq SerializedPoint # | |
Defined in Data.X509.PublicKey Methods (==) :: SerializedPoint -> SerializedPoint -> Bool # (/=) :: SerializedPoint -> SerializedPoint -> Bool # | |
| Show SerializedPoint # | |
Defined in Data.X509.PublicKey Methods showsPrec :: Int -> SerializedPoint -> ShowS # show :: SerializedPoint -> String # showList :: [SerializedPoint] -> ShowS # | |
Private key types known and used in X.509
Constructors
| PrivKeyRSA PrivateKey | RSA private key |
| PrivKeyDSA PrivateKey | DSA private key |
| PrivKeyEC PrivKeyEC | EC private key |
| PrivKeyX25519 SecretKey | X25519 private key |
| PrivKeyX448 SecretKey | X448 private key |
| PrivKeyEd25519 SecretKey | Ed25519 private key |
| PrivKeyEd448 SecretKey | Ed448 private key |
Elliptic Curve Private Key
TODO: missing support for binary curve.
Constructors
| PrivKeyEC_Prime | |
| PrivKeyEC_Named | |
Fields | |
pubkeyToAlg :: PubKey -> PubKeyALG #
Convert a Public key to the Public Key Algorithm type
privkeyToAlg :: PrivKey -> PubKeyALG #
Convert a Private key to the Public Key Algorithm type
Hash Algorithm
Constructors
| HashMD2 | |
| HashMD5 | |
| HashSHA1 | |
| HashSHA224 | |
| HashSHA256 | |
| HashSHA384 | |
| HashSHA512 |
Public Key Algorithm
Constructors
| PubKeyALG_RSA | RSA Public Key algorithm |
| PubKeyALG_RSAPSS | RSA PSS Key algorithm (RFC 3447) |
| PubKeyALG_DSA | DSA Public Key algorithm |
| PubKeyALG_EC | ECDSA & ECDH Public Key algorithm |
| PubKeyALG_X25519 | ECDH 25519 key agreement |
| PubKeyALG_X448 | ECDH 448 key agreement |
| PubKeyALG_Ed25519 | EdDSA 25519 signature algorithm |
| PubKeyALG_Ed448 | EdDSA 448 signature algorithm |
| PubKeyALG_DH | Diffie Hellman Public Key algorithm |
| PubKeyALG_Unknown OID | Unknown Public Key algorithm |
data SignatureALG #
Signature Algorithm, often composed of a public key algorithm and a hash algorithm. For some signature algorithms the hash algorithm is intrinsic to the public key algorithm and is not needed in the data type.
Constructors
| SignatureALG HashALG PubKeyALG | |
| SignatureALG_IntrinsicHash PubKeyALG | |
| SignatureALG_Unknown OID |
Instances
| Eq SignatureALG # | |
Defined in Data.X509.AlgorithmIdentifier | |
| Show SignatureALG # | |
Defined in Data.X509.AlgorithmIdentifier Methods showsPrec :: Int -> SignatureALG -> ShowS # show :: SignatureALG -> String # showList :: [SignatureALG] -> ShowS # | |
| ASN1Object SignatureALG # | |
Defined in Data.X509.AlgorithmIdentifier | |
Extension class.
each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.
Errata: turns out, the content is not necessarily ASN1, it could be data that is only parsable by the extension e.g. raw ascii string. Add method to parse and encode with ByteString
Minimal complete definition
Methods
extHasNestedASN1 :: Proxy a -> Bool #
extDecode :: [ASN1] -> Either String a #
extDecodeBs :: ByteString -> Either String a #
extEncodeBs :: a -> ByteString #
Instances
Common extension usually found in x509v3
data ExtBasicConstraints #
Basic Constraints
Constructors
| ExtBasicConstraints Bool (Maybe Integer) |
Instances
| Eq ExtBasicConstraints # | |
Defined in Data.X509.Ext Methods (==) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool # (/=) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool # | |
| Show ExtBasicConstraints # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtBasicConstraints -> ShowS # show :: ExtBasicConstraints -> String # showList :: [ExtBasicConstraints] -> ShowS # | |
| Extension ExtBasicConstraints # | |
Defined in Data.X509.Ext Methods extOID :: ExtBasicConstraints -> OID # extHasNestedASN1 :: Proxy ExtBasicConstraints -> Bool # extEncode :: ExtBasicConstraints -> [ASN1] # extDecode :: [ASN1] -> Either String ExtBasicConstraints # extDecodeBs :: ByteString -> Either String ExtBasicConstraints # | |
data ExtKeyUsage #
Describe key usage
Constructors
| ExtKeyUsage [ExtKeyUsageFlag] |
Instances
| Eq ExtKeyUsage # | |
Defined in Data.X509.Ext | |
| Show ExtKeyUsage # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtKeyUsage -> ShowS # show :: ExtKeyUsage -> String # showList :: [ExtKeyUsage] -> ShowS # | |
| Extension ExtKeyUsage # | |
Defined in Data.X509.Ext Methods extOID :: ExtKeyUsage -> OID # extHasNestedASN1 :: Proxy ExtKeyUsage -> Bool # extEncode :: ExtKeyUsage -> [ASN1] # extDecode :: [ASN1] -> Either String ExtKeyUsage # extDecodeBs :: ByteString -> Either String ExtKeyUsage # extEncodeBs :: ExtKeyUsage -> ByteString # | |
data ExtKeyUsageFlag #
key usage flag that is found in the key usage extension field.
Constructors
Instances
data ExtExtendedKeyUsage #
Extended key usage extension
Constructors
| ExtExtendedKeyUsage [ExtKeyUsagePurpose] |
Instances
| Eq ExtExtendedKeyUsage # | |
Defined in Data.X509.Ext Methods (==) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool # (/=) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool # | |
| Show ExtExtendedKeyUsage # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtExtendedKeyUsage -> ShowS # show :: ExtExtendedKeyUsage -> String # showList :: [ExtExtendedKeyUsage] -> ShowS # | |
| Extension ExtExtendedKeyUsage # | |
Defined in Data.X509.Ext Methods extOID :: ExtExtendedKeyUsage -> OID # extHasNestedASN1 :: Proxy ExtExtendedKeyUsage -> Bool # extEncode :: ExtExtendedKeyUsage -> [ASN1] # extDecode :: [ASN1] -> Either String ExtExtendedKeyUsage # extDecodeBs :: ByteString -> Either String ExtExtendedKeyUsage # | |
data ExtKeyUsagePurpose #
Key usage purposes for the ExtendedKeyUsage extension
Constructors
| KeyUsagePurpose_ServerAuth | |
| KeyUsagePurpose_ClientAuth | |
| KeyUsagePurpose_CodeSigning | |
| KeyUsagePurpose_EmailProtection | |
| KeyUsagePurpose_TimeStamping | |
| KeyUsagePurpose_OCSPSigning | |
| KeyUsagePurpose_Unknown OID |
Instances
| Eq ExtKeyUsagePurpose # | |
Defined in Data.X509.Ext Methods (==) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (/=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # | |
| Ord ExtKeyUsagePurpose # | |
Defined in Data.X509.Ext Methods compare :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Ordering # (<) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (<=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (>) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (>=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # max :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose # min :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose # | |
| Show ExtKeyUsagePurpose # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtKeyUsagePurpose -> ShowS # show :: ExtKeyUsagePurpose -> String # showList :: [ExtKeyUsagePurpose] -> ShowS # | |
data ExtSubjectKeyId #
Provide a way to identify a public key by a short hash.
Constructors
| ExtSubjectKeyId ByteString |
Instances
| Eq ExtSubjectKeyId # | |
Defined in Data.X509.Ext Methods (==) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool # (/=) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool # | |
| Show ExtSubjectKeyId # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtSubjectKeyId -> ShowS # show :: ExtSubjectKeyId -> String # showList :: [ExtSubjectKeyId] -> ShowS # | |
| Extension ExtSubjectKeyId # | |
Defined in Data.X509.Ext Methods extOID :: ExtSubjectKeyId -> OID # extHasNestedASN1 :: Proxy ExtSubjectKeyId -> Bool # extEncode :: ExtSubjectKeyId -> [ASN1] # extDecode :: [ASN1] -> Either String ExtSubjectKeyId # extDecodeBs :: ByteString -> Either String ExtSubjectKeyId # | |
data ExtSubjectAltName #
Provide a way to supply alternate name that can be used for matching host name.
Constructors
| ExtSubjectAltName [AltName] |
Instances
data ExtAuthorityKeyId #
Provide a mean to identify the public key corresponding to the private key used to signed a certificate.
Constructors
| ExtAuthorityKeyId ByteString |
Instances
| Eq ExtAuthorityKeyId # | |
Defined in Data.X509.Ext Methods (==) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool # (/=) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool # | |
| Show ExtAuthorityKeyId # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtAuthorityKeyId -> ShowS # show :: ExtAuthorityKeyId -> String # showList :: [ExtAuthorityKeyId] -> ShowS # | |
| Extension ExtAuthorityKeyId # | |
Defined in Data.X509.Ext Methods extOID :: ExtAuthorityKeyId -> OID # extHasNestedASN1 :: Proxy ExtAuthorityKeyId -> Bool # extEncode :: ExtAuthorityKeyId -> [ASN1] # extDecode :: [ASN1] -> Either String ExtAuthorityKeyId # extDecodeBs :: ByteString -> Either String ExtAuthorityKeyId # | |
data ExtCrlDistributionPoints #
Identify how CRL information is obtained
Constructors
| ExtCrlDistributionPoints [DistributionPoint] |
Instances
| Eq ExtCrlDistributionPoints # | |
Defined in Data.X509.Ext Methods (==) :: ExtCrlDistributionPoints -> ExtCrlDistributionPoints -> Bool # (/=) :: ExtCrlDistributionPoints -> ExtCrlDistributionPoints -> Bool # | |
| Show ExtCrlDistributionPoints # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtCrlDistributionPoints -> ShowS # show :: ExtCrlDistributionPoints -> String # showList :: [ExtCrlDistributionPoints] -> ShowS # | |
| Extension ExtCrlDistributionPoints # | |
Defined in Data.X509.Ext Methods extOID :: ExtCrlDistributionPoints -> OID # extHasNestedASN1 :: Proxy ExtCrlDistributionPoints -> Bool # extEncode :: ExtCrlDistributionPoints -> [ASN1] # extDecode :: [ASN1] -> Either String ExtCrlDistributionPoints # extDecodeBs :: ByteString -> Either String ExtCrlDistributionPoints # | |
data ExtNetscapeComment #
Constructors
| ExtNetscapeComment ByteString |
Instances
| Eq ExtNetscapeComment # | |
Defined in Data.X509.Ext Methods (==) :: ExtNetscapeComment -> ExtNetscapeComment -> Bool # (/=) :: ExtNetscapeComment -> ExtNetscapeComment -> Bool # | |
| Show ExtNetscapeComment # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ExtNetscapeComment -> ShowS # show :: ExtNetscapeComment -> String # showList :: [ExtNetscapeComment] -> ShowS # | |
| Extension ExtNetscapeComment # | |
Defined in Data.X509.Ext Methods extOID :: ExtNetscapeComment -> OID # extHasNestedASN1 :: Proxy ExtNetscapeComment -> Bool # extEncode :: ExtNetscapeComment -> [ASN1] # extDecode :: [ASN1] -> Either String ExtNetscapeComment # extDecodeBs :: ByteString -> Either String ExtNetscapeComment # | |
Different naming scheme use by the extension.
Not all name types are available, missing: otherName x400Address directoryName ediPartyName registeredID
Constructors
| AltNameRFC822 String | |
| AltNameDNS String | |
| AltNameURI String | |
| AltNameIP ByteString | |
| AltNameXMPP String | |
| AltNameDNSSRV String |
data DistributionPoint #
Distribution point as either some GeneralNames or a DN
Instances
| Eq DistributionPoint # | |
Defined in Data.X509.Ext Methods (==) :: DistributionPoint -> DistributionPoint -> Bool # (/=) :: DistributionPoint -> DistributionPoint -> Bool # | |
| Show DistributionPoint # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> DistributionPoint -> ShowS # show :: DistributionPoint -> String # showList :: [DistributionPoint] -> ShowS # | |
data ReasonFlag #
Reason flag for the CRL
Constructors
| Reason_Unused | |
| Reason_KeyCompromise | |
| Reason_CACompromise | |
| Reason_AffiliationChanged | |
| Reason_Superseded | |
| Reason_CessationOfOperation | |
| Reason_CertificateHold | |
| Reason_PrivilegeWithdrawn | |
| Reason_AACompromise |
Instances
| Enum ReasonFlag # | |
Defined in Data.X509.Ext Methods succ :: ReasonFlag -> ReasonFlag # pred :: ReasonFlag -> ReasonFlag # toEnum :: Int -> ReasonFlag # fromEnum :: ReasonFlag -> Int # enumFrom :: ReasonFlag -> [ReasonFlag] # enumFromThen :: ReasonFlag -> ReasonFlag -> [ReasonFlag] # enumFromTo :: ReasonFlag -> ReasonFlag -> [ReasonFlag] # enumFromThenTo :: ReasonFlag -> ReasonFlag -> ReasonFlag -> [ReasonFlag] # | |
| Eq ReasonFlag # | |
Defined in Data.X509.Ext | |
| Ord ReasonFlag # | |
Defined in Data.X509.Ext Methods compare :: ReasonFlag -> ReasonFlag -> Ordering # (<) :: ReasonFlag -> ReasonFlag -> Bool # (<=) :: ReasonFlag -> ReasonFlag -> Bool # (>) :: ReasonFlag -> ReasonFlag -> Bool # (>=) :: ReasonFlag -> ReasonFlag -> Bool # max :: ReasonFlag -> ReasonFlag -> ReasonFlag # min :: ReasonFlag -> ReasonFlag -> ReasonFlag # | |
| Show ReasonFlag # | |
Defined in Data.X509.Ext Methods showsPrec :: Int -> ReasonFlag -> ShowS # show :: ReasonFlag -> String # showList :: [ReasonFlag] -> ShowS # | |
Accessor turning extension into a specific one
extensionGet :: Extension a => Extensions -> Maybe a #
Get a specific extension from a lists of raw extensions
extensionGetE :: Extension a => Extensions -> Maybe (Either String a) #
Get a specific extension from a lists of raw extensions
extensionDecode :: forall a. Extension a => ExtensionRaw -> Maybe (Either String a) #
Try to decode an ExtensionRaw.
If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decoded
extensionEncode :: forall a. Extension a => Bool -> a -> ExtensionRaw #
Encode an Extension to extensionRaw
data ExtensionRaw #
An undecoded extension
Constructors
| ExtensionRaw | |
Fields
| |
Instances
| Eq ExtensionRaw # | |
Defined in Data.X509.ExtensionRaw | |
| Show ExtensionRaw # | |
Defined in Data.X509.ExtensionRaw Methods showsPrec :: Int -> ExtensionRaw -> ShowS # show :: ExtensionRaw -> String # showList :: [ExtensionRaw] -> ShowS # | |
| ASN1Object ExtensionRaw # | |
Defined in Data.X509.ExtensionRaw | |
tryExtRawASN1 :: ExtensionRaw -> Either String [ASN1] #
extRawASN1 :: ExtensionRaw -> [ASN1] #
Deprecated: use tryExtRawASN1 instead
newtype Extensions #
a Set of ExtensionRaw
Constructors
| Extensions (Maybe [ExtensionRaw]) |
Instances
| Eq Extensions # | |
Defined in Data.X509.ExtensionRaw | |
| Show Extensions # | |
Defined in Data.X509.ExtensionRaw Methods showsPrec :: Int -> Extensions -> ShowS # show :: Extensions -> String # showList :: [Extensions] -> ShowS # | |
| ASN1Object Extensions # | |
Defined in Data.X509.ExtensionRaw | |
Certificate Revocation List (CRL)
Describe a Certificate revocation list
Constructors
| CRL | |
data RevokedCertificate #
Describe a revoked certificate identifiable by serial number.
Constructors
| RevokedCertificate | |
Fields | |
Instances
| Eq RevokedCertificate # | |
Defined in Data.X509.CRL Methods (==) :: RevokedCertificate -> RevokedCertificate -> Bool # (/=) :: RevokedCertificate -> RevokedCertificate -> Bool # | |
| Show RevokedCertificate # | |
Defined in Data.X509.CRL Methods showsPrec :: Int -> RevokedCertificate -> ShowS # show :: RevokedCertificate -> String # showList :: [RevokedCertificate] -> ShowS # | |
| ASN1Object RevokedCertificate # | |
Defined in Data.X509.CRL | |
Naming
newtype DistinguishedName #
A list of OID and strings.
Constructors
| DistinguishedName | |
Fields | |
Instances
Elements commonly available in a DistinguishedName structure
Constructors
| DnCommonName | CN |
| DnCountry | Country |
| DnOrganization | O |
| DnOrganizationUnit | OU |
| DnEmailAddress | Email Address (legacy) |
data ASN1CharacterString #
ASN1 Character String with encoding
Constructors
| ASN1CharacterString | |
Instances
getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString #
Try to get a specific element in a DistinguishedName structure
Certificate Chain
newtype CertificateChain #
A chain of X.509 certificates in exact form.
Constructors
| CertificateChain [SignedExact Certificate] |
Instances
| Eq CertificateChain # | |
Defined in Data.X509.CertificateChain Methods (==) :: CertificateChain -> CertificateChain -> Bool # (/=) :: CertificateChain -> CertificateChain -> Bool # | |
| Show CertificateChain # | |
Defined in Data.X509.CertificateChain Methods showsPrec :: Int -> CertificateChain -> ShowS # show :: CertificateChain -> String # showList :: [CertificateChain] -> ShowS # | |
newtype CertificateChainRaw #
Represent a chain of X.509 certificates in bytestring form.
Constructors
| CertificateChainRaw [ByteString] |
Instances
| Eq CertificateChainRaw # | |
Defined in Data.X509.CertificateChain Methods (==) :: CertificateChainRaw -> CertificateChainRaw -> Bool # (/=) :: CertificateChainRaw -> CertificateChainRaw -> Bool # | |
| Show CertificateChainRaw # | |
Defined in Data.X509.CertificateChain Methods showsPrec :: Int -> CertificateChainRaw -> ShowS # show :: CertificateChainRaw -> String # showList :: [CertificateChainRaw] -> ShowS # | |
marshall between CertificateChain and CertificateChainRaw
decodeCertificateChain :: CertificateChainRaw -> Either (Int, String) CertificateChain #
Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.
encodeCertificateChain :: CertificateChain -> CertificateChainRaw #
Convert a CertificateChain into a CertificateChainRaw
Signed types and marshalling
data (Show a, Eq a, ASN1Object a) => Signed a #
Represent a signed object using a traditional X509 structure.
When dealing with external certificate, use the SignedExact structure not this one.
Constructors
| Signed | |
Fields
| |
data (Show a, Eq a, ASN1Object a) => SignedExact a #
Represent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.
Instances
| (Show a, Eq a, ASN1Object a) => Eq (SignedExact a) # | |
Defined in Data.X509.Signed Methods (==) :: SignedExact a -> SignedExact a -> Bool # (/=) :: SignedExact a -> SignedExact a -> Bool # | |
| (Show a, Eq a, ASN1Object a) => Show (SignedExact a) # | |
Defined in Data.X509.Signed Methods showsPrec :: Int -> SignedExact a -> ShowS # show :: SignedExact a -> String # showList :: [SignedExact a] -> ShowS # | |
getSigned :: SignedExact a -> Signed a #
get the decoded Signed data
getSignedData :: (Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString #
Get the signed data for the signature
Arguments
| :: (Show a, Eq a, ASN1Object a) | |
| => (ByteString -> (ByteString, SignatureALG, r)) | signature function |
| -> a | object to sign |
| -> (SignedExact a, r) |
Transform an object into a SignedExact object
Arguments
| :: (Functor f, Show a, Eq a, ASN1Object a) | |
| => (ByteString -> f (ByteString, SignatureALG)) | signature function |
| -> a | object to sign |
| -> f (SignedExact a) |
A generalization of objectToSignedExact where the signature function
runs in an arbitrary functor. This allows for example to sign using an
algorithm needing random values.
encodeSignedObject :: SignedExact a -> ByteString #
The raw representation of the whole signed structure
decodeSignedObject :: (Show a, Eq a, ASN1Object a) => ByteString -> Either String (SignedExact a) #
Try to parse a bytestring that use the typical X509 signed structure format
Parametrized Signed accessor
getCertificate :: SignedCertificate -> Certificate #
Get the Certificate associated to a SignedCertificate
decodeSignedCertificate :: ByteString -> Either String SignedCertificate #
Try to decode a bytestring to a SignedCertificate
decodeSignedCRL :: ByteString -> Either String SignedCRL #
Try to decode a bytestring to a SignedCRL
Hash distinguished names related function
hashDN :: DistinguishedName -> ByteString #
Make an OpenSSL style hash of distinguished name
OpenSSL algorithm is odd, and has been replicated here somewhat. only lower the case of ascii character.
hashDN_old :: DistinguishedName -> ByteString #
Create an openssl style old hash of distinguished name