License	BSD-style
Maintainer	Vincent Hanquez <vincent@snarc.org>
Stability	experimental
Portability	unknown
Safe Haskell	None
Language	Haskell98

Data.X509

Contents

Types
Common extension usually found in x509v3
Accessor turning extension into a specific one
Certificate Revocation List (CRL)
Naming
Certificate Chain
marshall between CertificateChain and CertificateChainRaw
Signed types and marshalling
Parametrized Signed accessor
Hash distinguished names related function

Description

Read/Write X509 Certificate, CRL and their signed equivalents.

Follows RFC5280 / RFC6818

Synopsis

Types

type SignedCertificate = SignedExact Certificate Source #

A Signed Certificate

type SignedCRL = SignedExact CRL Source #

A Signed CRL

data Certificate Source #

X.509 Certificate type.

This type doesn't include the signature, it's describe in the RFC as tbsCertificate.

Constructors

Certificate
Fields certVersion :: Int Version certSerial :: Integer Serial number certSignatureAlg :: SignatureALG Signature algorithm certIssuerDN :: DistinguishedName Issuer DN certValidity :: (DateTime, DateTime) Validity period (UTC) certSubjectDN :: DistinguishedName Subject DN certPubKey :: PubKey Public key certExtensions :: Extensions Extensions

Instances

Eq Certificate Source #
Methods (==) :: Certificate -> Certificate -> Bool # (/=) :: Certificate -> Certificate -> Bool #
Show Certificate Source #
Methods showsPrec :: Int -> Certificate -> ShowS # show :: Certificate -> String # showList :: [Certificate] -> ShowS #
ASN1Object Certificate Source #
Methods toASN1 :: Certificate -> ASN1S fromASN1 :: [ASN1] -> Either String (Certificate, [ASN1])

data PubKey Source #

Public key types known and used in X.509

Constructors

PubKeyRSA PublicKey	RSA public key
PubKeyDSA PublicKey	DSA public key
PubKeyDH (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer))	DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyEC PubKeyEC	EC public key
PubKeyUnknown OID ByteString	unrecognized format

Instances

Eq PubKey Source #
Methods (==) :: PubKey -> PubKey -> Bool # (/=) :: PubKey -> PubKey -> Bool #
Show PubKey Source #
Methods showsPrec :: Int -> PubKey -> ShowS # show :: PubKey -> String # showList :: [PubKey] -> ShowS #
ASN1Object PubKey Source #
Methods toASN1 :: PubKey -> ASN1S fromASN1 :: [ASN1] -> Either String (PubKey, [ASN1])

data PubKeyEC Source #

Elliptic Curve Public Key

TODO: missing support for binary curve.

Constructors

PubKeyEC_Prime
Fields pubkeyEC_pub :: SerializedPoint pubkeyEC_a :: Integer pubkeyEC_b :: Integer pubkeyEC_prime :: Integer pubkeyEC_generator :: SerializedPoint pubkeyEC_order :: Integer pubkeyEC_cofactor :: Integer pubkeyEC_seed :: Integer
PubKeyEC_Named
Fields pubkeyEC_name :: CurveName pubkeyEC_pub :: SerializedPoint

Instances

Eq PubKeyEC Source #
Methods (==) :: PubKeyEC -> PubKeyEC -> Bool # (/=) :: PubKeyEC -> PubKeyEC -> Bool #
Show PubKeyEC Source #
Methods showsPrec :: Int -> PubKeyEC -> ShowS # show :: PubKeyEC -> String # showList :: [PubKeyEC] -> ShowS #

newtype SerializedPoint Source #

Serialized Elliptic Curve Point

Constructors

SerializedPoint ByteString

Instances

Eq SerializedPoint Source #
Methods (==) :: SerializedPoint -> SerializedPoint -> Bool # (/=) :: SerializedPoint -> SerializedPoint -> Bool #
Show SerializedPoint Source #
Methods showsPrec :: Int -> SerializedPoint -> ShowS # show :: SerializedPoint -> String # showList :: [SerializedPoint] -> ShowS #

data PrivKey Source #

Private key types known and used in X.509

Constructors

PrivKeyRSA PrivateKey	RSA private key
PrivKeyDSA PrivateKey	DSA private key

Instances

Eq PrivKey Source #
Methods (==) :: PrivKey -> PrivKey -> Bool # (/=) :: PrivKey -> PrivKey -> Bool #
Show PrivKey Source #
Methods showsPrec :: Int -> PrivKey -> ShowS # show :: PrivKey -> String # showList :: [PrivKey] -> ShowS #

pubkeyToAlg :: PubKey -> PubKeyALG Source #

Convert a Public key to the Public Key Algorithm type

privkeyToAlg :: PrivKey -> PubKeyALG Source #

Convert a Public key to the Public Key Algorithm type

data HashALG Source #

Hash Algorithm

Constructors

HashMD2
HashMD5
HashSHA1
HashSHA224
HashSHA256
HashSHA384
HashSHA512

Instances

Eq HashALG Source #
Methods (==) :: HashALG -> HashALG -> Bool # (/=) :: HashALG -> HashALG -> Bool #
Show HashALG Source #
Methods showsPrec :: Int -> HashALG -> ShowS # show :: HashALG -> String # showList :: [HashALG] -> ShowS #

data PubKeyALG Source #

Public Key Algorithm

Constructors

PubKeyALG_RSA	RSA Public Key algorithm
PubKeyALG_RSAPSS	RSA PSS Key algorithm (RFC 3447)
PubKeyALG_DSA	DSA Public Key algorithm
PubKeyALG_EC	ECDSA & ECDH Public Key algorithm
PubKeyALG_DH	Diffie Hellman Public Key algorithm
PubKeyALG_Unknown OID	Unknown Public Key algorithm

Instances

Eq PubKeyALG Source #
Methods (==) :: PubKeyALG -> PubKeyALG -> Bool # (/=) :: PubKeyALG -> PubKeyALG -> Bool #
Show PubKeyALG Source #
Methods showsPrec :: Int -> PubKeyALG -> ShowS # show :: PubKeyALG -> String # showList :: [PubKeyALG] -> ShowS #
OIDable PubKeyALG Source #
Methods getObjectID :: PubKeyALG -> OID

data SignatureALG Source #

Signature Algorithm often composed of a public key algorithm and a hash algorithm

Constructors

SignatureALG HashALG PubKeyALG
SignatureALG_Unknown OID

Instances

Eq SignatureALG Source #
Methods (==) :: SignatureALG -> SignatureALG -> Bool # (/=) :: SignatureALG -> SignatureALG -> Bool #
Show SignatureALG Source #
Methods showsPrec :: Int -> SignatureALG -> ShowS # show :: SignatureALG -> String # showList :: [SignatureALG] -> ShowS #
ASN1Object SignatureALG Source #
Methods toASN1 :: SignatureALG -> ASN1S fromASN1 :: [ASN1] -> Either String (SignatureALG, [ASN1])

class Extension a where Source #

Extension class.

each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.

Minimal complete definition

extOID, extEncode, extDecode

Methods

extOID :: a -> OID Source #

extEncode :: a -> [ASN1] Source #

extDecode :: [ASN1] -> Either String a Source #

Instances

Extension ExtCrlDistributionPoints Source #
Methods extOID :: ExtCrlDistributionPoints -> OID Source # extEncode :: ExtCrlDistributionPoints -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtCrlDistributionPoints Source #
Extension ExtAuthorityKeyId Source #
Methods extOID :: ExtAuthorityKeyId -> OID Source # extEncode :: ExtAuthorityKeyId -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtAuthorityKeyId Source #
Extension ExtSubjectAltName Source #
Methods extOID :: ExtSubjectAltName -> OID Source # extEncode :: ExtSubjectAltName -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtSubjectAltName Source #
Extension ExtSubjectKeyId Source #
Methods extOID :: ExtSubjectKeyId -> OID Source # extEncode :: ExtSubjectKeyId -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtSubjectKeyId Source #
Extension ExtExtendedKeyUsage Source #
Methods extOID :: ExtExtendedKeyUsage -> OID Source # extEncode :: ExtExtendedKeyUsage -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtExtendedKeyUsage Source #
Extension ExtKeyUsage Source #
Methods extOID :: ExtKeyUsage -> OID Source # extEncode :: ExtKeyUsage -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtKeyUsage Source #
Extension ExtBasicConstraints Source #
Methods extOID :: ExtBasicConstraints -> OID Source # extEncode :: ExtBasicConstraints -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtBasicConstraints Source #

Common extension usually found in x509v3

data ExtBasicConstraints Source #

Basic Constraints

Constructors

ExtBasicConstraints Bool (Maybe Integer)

Instances

Eq ExtBasicConstraints Source #
Methods (==) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool # (/=) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool #
Show ExtBasicConstraints Source #
Methods showsPrec :: Int -> ExtBasicConstraints -> ShowS # show :: ExtBasicConstraints -> String # showList :: [ExtBasicConstraints] -> ShowS #
Extension ExtBasicConstraints Source #
Methods extOID :: ExtBasicConstraints -> OID Source # extEncode :: ExtBasicConstraints -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtBasicConstraints Source #

data ExtKeyUsage Source #

Describe key usage

Constructors

ExtKeyUsage [ExtKeyUsageFlag]

Instances

Eq ExtKeyUsage Source #
Methods (==) :: ExtKeyUsage -> ExtKeyUsage -> Bool # (/=) :: ExtKeyUsage -> ExtKeyUsage -> Bool #
Show ExtKeyUsage Source #
Methods showsPrec :: Int -> ExtKeyUsage -> ShowS # show :: ExtKeyUsage -> String # showList :: [ExtKeyUsage] -> ShowS #
Extension ExtKeyUsage Source #
Methods extOID :: ExtKeyUsage -> OID Source # extEncode :: ExtKeyUsage -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtKeyUsage Source #

data ExtKeyUsageFlag Source #

key usage flag that is found in the key usage extension field.

Constructors

KeyUsage_digitalSignature
KeyUsage_nonRepudiation
KeyUsage_keyEncipherment
KeyUsage_dataEncipherment
KeyUsage_keyAgreement
KeyUsage_keyCertSign
KeyUsage_cRLSign
KeyUsage_encipherOnly
KeyUsage_decipherOnly

Instances

Enum ExtKeyUsageFlag Source #
Methods succ :: ExtKeyUsageFlag -> ExtKeyUsageFlag # pred :: ExtKeyUsageFlag -> ExtKeyUsageFlag # toEnum :: Int -> ExtKeyUsageFlag # fromEnum :: ExtKeyUsageFlag -> Int # enumFrom :: ExtKeyUsageFlag -> [ExtKeyUsageFlag] # enumFromThen :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> [ExtKeyUsageFlag] # enumFromTo :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> [ExtKeyUsageFlag] # enumFromThenTo :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> ExtKeyUsageFlag -> [ExtKeyUsageFlag] #
Eq ExtKeyUsageFlag Source #
Methods (==) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (/=) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool #
Ord ExtKeyUsageFlag Source #
Methods compare :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Ordering # (<) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (<=) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (>) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # (>=) :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> Bool # max :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> ExtKeyUsageFlag # min :: ExtKeyUsageFlag -> ExtKeyUsageFlag -> ExtKeyUsageFlag #
Show ExtKeyUsageFlag Source #
Methods showsPrec :: Int -> ExtKeyUsageFlag -> ShowS # show :: ExtKeyUsageFlag -> String # showList :: [ExtKeyUsageFlag] -> ShowS #

data ExtExtendedKeyUsage Source #

Extended key usage extension

Constructors

ExtExtendedKeyUsage [ExtKeyUsagePurpose]

Instances

Eq ExtExtendedKeyUsage Source #
Methods (==) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool # (/=) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool #
Show ExtExtendedKeyUsage Source #
Methods showsPrec :: Int -> ExtExtendedKeyUsage -> ShowS # show :: ExtExtendedKeyUsage -> String # showList :: [ExtExtendedKeyUsage] -> ShowS #
Extension ExtExtendedKeyUsage Source #
Methods extOID :: ExtExtendedKeyUsage -> OID Source # extEncode :: ExtExtendedKeyUsage -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtExtendedKeyUsage Source #

data ExtKeyUsagePurpose Source #

Key usage purposes for the ExtendedKeyUsage extension

Constructors

KeyUsagePurpose_ServerAuth
KeyUsagePurpose_ClientAuth
KeyUsagePurpose_CodeSigning
KeyUsagePurpose_EmailProtection
KeyUsagePurpose_TimeStamping
KeyUsagePurpose_OCSPSigning
KeyUsagePurpose_Unknown OID

Instances

Eq ExtKeyUsagePurpose Source #
Methods (==) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (/=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool #
Ord ExtKeyUsagePurpose Source #
Methods compare :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Ordering # (<) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (<=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (>) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # (>=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool # max :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose # min :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose #
Show ExtKeyUsagePurpose Source #
Methods showsPrec :: Int -> ExtKeyUsagePurpose -> ShowS # show :: ExtKeyUsagePurpose -> String # showList :: [ExtKeyUsagePurpose] -> ShowS #

data ExtSubjectKeyId Source #

Provide a way to identify a public key by a short hash.

Constructors

ExtSubjectKeyId ByteString

Instances

Eq ExtSubjectKeyId Source #
Methods (==) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool # (/=) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool #
Show ExtSubjectKeyId Source #
Methods showsPrec :: Int -> ExtSubjectKeyId -> ShowS # show :: ExtSubjectKeyId -> String # showList :: [ExtSubjectKeyId] -> ShowS #
Extension ExtSubjectKeyId Source #
Methods extOID :: ExtSubjectKeyId -> OID Source # extEncode :: ExtSubjectKeyId -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtSubjectKeyId Source #

data ExtSubjectAltName Source #

Provide a way to supply alternate name that can be used for matching host name.

Constructors

ExtSubjectAltName [AltName]

Instances

Eq ExtSubjectAltName Source #
Methods (==) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (/=) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool #
Ord ExtSubjectAltName Source #
Methods compare :: ExtSubjectAltName -> ExtSubjectAltName -> Ordering # (<) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (<=) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (>) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # (>=) :: ExtSubjectAltName -> ExtSubjectAltName -> Bool # max :: ExtSubjectAltName -> ExtSubjectAltName -> ExtSubjectAltName # min :: ExtSubjectAltName -> ExtSubjectAltName -> ExtSubjectAltName #
Show ExtSubjectAltName Source #
Methods showsPrec :: Int -> ExtSubjectAltName -> ShowS # show :: ExtSubjectAltName -> String # showList :: [ExtSubjectAltName] -> ShowS #
Extension ExtSubjectAltName Source #
Methods extOID :: ExtSubjectAltName -> OID Source # extEncode :: ExtSubjectAltName -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtSubjectAltName Source #

data ExtAuthorityKeyId Source #

Provide a mean to identify the public key corresponding to the private key used to signed a certificate.

Constructors

ExtAuthorityKeyId ByteString

Instances

Eq ExtAuthorityKeyId Source #
Methods (==) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool # (/=) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool #
Show ExtAuthorityKeyId Source #
Methods showsPrec :: Int -> ExtAuthorityKeyId -> ShowS # show :: ExtAuthorityKeyId -> String # showList :: [ExtAuthorityKeyId] -> ShowS #
Extension ExtAuthorityKeyId Source #
Methods extOID :: ExtAuthorityKeyId -> OID Source # extEncode :: ExtAuthorityKeyId -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtAuthorityKeyId Source #

data ExtCrlDistributionPoints Source #

Identify how CRL information is obtained

Constructors

ExtCrlDistributionPoints [DistributionPoint]

Instances

Eq ExtCrlDistributionPoints Source #
Methods (==) :: ExtCrlDistributionPoints -> ExtCrlDistributionPoints -> Bool # (/=) :: ExtCrlDistributionPoints -> ExtCrlDistributionPoints -> Bool #
Show ExtCrlDistributionPoints Source #
Methods showsPrec :: Int -> ExtCrlDistributionPoints -> ShowS # show :: ExtCrlDistributionPoints -> String # showList :: [ExtCrlDistributionPoints] -> ShowS #
Extension ExtCrlDistributionPoints Source #
Methods extOID :: ExtCrlDistributionPoints -> OID Source # extEncode :: ExtCrlDistributionPoints -> [ASN1] Source # extDecode :: [ASN1] -> Either String ExtCrlDistributionPoints Source #

data AltName Source #

Different naming scheme use by the extension.

Not all name types are available, missing: otherName x400Address directoryName ediPartyName registeredID

Constructors

AltNameRFC822 String
AltNameDNS String
AltNameURI String
AltNameIP ByteString
AltNameXMPP String
AltNameDNSSRV String

Instances

Eq AltName Source #
Methods (==) :: AltName -> AltName -> Bool # (/=) :: AltName -> AltName -> Bool #
Ord AltName Source #
Methods compare :: AltName -> AltName -> Ordering # (<) :: AltName -> AltName -> Bool # (<=) :: AltName -> AltName -> Bool # (>) :: AltName -> AltName -> Bool # (>=) :: AltName -> AltName -> Bool # max :: AltName -> AltName -> AltName # min :: AltName -> AltName -> AltName #
Show AltName Source #
Methods showsPrec :: Int -> AltName -> ShowS # show :: AltName -> String # showList :: [AltName] -> ShowS #

data DistributionPoint Source #

Distribution point as either some GeneralNames or a DN

Constructors

DistributionPointFullName [AltName]
DistributionNameRelative DistinguishedName

Instances

Eq DistributionPoint Source #
Methods (==) :: DistributionPoint -> DistributionPoint -> Bool # (/=) :: DistributionPoint -> DistributionPoint -> Bool #
Show DistributionPoint Source #
Methods showsPrec :: Int -> DistributionPoint -> ShowS # show :: DistributionPoint -> String # showList :: [DistributionPoint] -> ShowS #

data ReasonFlag Source #

Reason flag for the CRL

Constructors

Reason_Unused
Reason_KeyCompromise
Reason_CACompromise
Reason_AffiliationChanged
Reason_Superseded
Reason_CessationOfOperation
Reason_CertificateHold
Reason_PrivilegeWithdrawn
Reason_AACompromise

Instances

Enum ReasonFlag Source #
Methods succ :: ReasonFlag -> ReasonFlag # pred :: ReasonFlag -> ReasonFlag # toEnum :: Int -> ReasonFlag # fromEnum :: ReasonFlag -> Int # enumFrom :: ReasonFlag -> [ReasonFlag] # enumFromThen :: ReasonFlag -> ReasonFlag -> [ReasonFlag] # enumFromTo :: ReasonFlag -> ReasonFlag -> [ReasonFlag] # enumFromThenTo :: ReasonFlag -> ReasonFlag -> ReasonFlag -> [ReasonFlag] #
Eq ReasonFlag Source #
Methods (==) :: ReasonFlag -> ReasonFlag -> Bool # (/=) :: ReasonFlag -> ReasonFlag -> Bool #
Ord ReasonFlag Source #
Methods compare :: ReasonFlag -> ReasonFlag -> Ordering # (<) :: ReasonFlag -> ReasonFlag -> Bool # (<=) :: ReasonFlag -> ReasonFlag -> Bool # (>) :: ReasonFlag -> ReasonFlag -> Bool # (>=) :: ReasonFlag -> ReasonFlag -> Bool # max :: ReasonFlag -> ReasonFlag -> ReasonFlag # min :: ReasonFlag -> ReasonFlag -> ReasonFlag #
Show ReasonFlag Source #
Methods showsPrec :: Int -> ReasonFlag -> ShowS # show :: ReasonFlag -> String # showList :: [ReasonFlag] -> ShowS #

Accessor turning extension into a specific one

extensionGet :: Extension a => Extensions -> Maybe a Source #

Get a specific extension from a lists of raw extensions

extensionGetE :: Extension a => Extensions -> Maybe (Either String a) Source #

Get a specific extension from a lists of raw extensions

extensionDecode :: Extension a => ExtensionRaw -> Maybe (Either String a) Source #

Try to decode an ExtensionRaw.

If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decoded

extensionEncode :: Extension a => Bool -> a -> ExtensionRaw Source #

Encode an Extension to extensionRaw

data ExtensionRaw Source #

An undecoded extension

Constructors

ExtensionRaw
Fields extRawOID :: OID OID of this extension extRawCritical :: Bool if this extension is critical extRawASN1 :: [ASN1] the associated ASN1

Instances

Eq ExtensionRaw Source #
Methods (==) :: ExtensionRaw -> ExtensionRaw -> Bool # (/=) :: ExtensionRaw -> ExtensionRaw -> Bool #
Show ExtensionRaw Source #
Methods showsPrec :: Int -> ExtensionRaw -> ShowS # show :: ExtensionRaw -> String # showList :: [ExtensionRaw] -> ShowS #
ASN1Object ExtensionRaw Source #
Methods toASN1 :: ExtensionRaw -> ASN1S fromASN1 :: [ASN1] -> Either String (ExtensionRaw, [ASN1])

newtype Extensions Source #

a Set of ExtensionRaw

Constructors

Extensions (Maybe [ExtensionRaw])

Instances

Eq Extensions Source #
Methods (==) :: Extensions -> Extensions -> Bool # (/=) :: Extensions -> Extensions -> Bool #
Show Extensions Source #
Methods showsPrec :: Int -> Extensions -> ShowS # show :: Extensions -> String # showList :: [Extensions] -> ShowS #
ASN1Object Extensions Source #
Methods toASN1 :: Extensions -> ASN1S fromASN1 :: [ASN1] -> Either String (Extensions, [ASN1])

Certificate Revocation List (CRL)

data CRL Source #

Describe a Certificate revocation list

Constructors

CRL
Fields crlVersion :: Integer crlSignatureAlg :: SignatureALG crlIssuer :: DistinguishedName crlThisUpdate :: DateTime crlNextUpdate :: Maybe DateTime crlRevokedCertificates :: [RevokedCertificate] crlExtensions :: Extensions

Instances

Eq CRL Source #
Methods (==) :: CRL -> CRL -> Bool # (/=) :: CRL -> CRL -> Bool #
Show CRL Source #
Methods showsPrec :: Int -> CRL -> ShowS # show :: CRL -> String # showList :: [CRL] -> ShowS #
ASN1Object CRL Source #
Methods toASN1 :: CRL -> ASN1S fromASN1 :: [ASN1] -> Either String (CRL, [ASN1])

data RevokedCertificate Source #

Describe a revoked certificate identifiable by serial number.

Constructors

RevokedCertificate
Fields revokedSerialNumber :: Integer revokedDate :: DateTime revokedExtensions :: Extensions

Instances

Eq RevokedCertificate Source #
Methods (==) :: RevokedCertificate -> RevokedCertificate -> Bool # (/=) :: RevokedCertificate -> RevokedCertificate -> Bool #
Show RevokedCertificate Source #
Methods showsPrec :: Int -> RevokedCertificate -> ShowS # show :: RevokedCertificate -> String # showList :: [RevokedCertificate] -> ShowS #
ASN1Object RevokedCertificate Source #
Methods toASN1 :: RevokedCertificate -> ASN1S fromASN1 :: [ASN1] -> Either String (RevokedCertificate, [ASN1])

Naming

newtype DistinguishedName Source #

A list of OID and strings.

Constructors

DistinguishedName
Fields getDistinguishedElements :: [(OID, ASN1CharacterString)]

Instances

Eq DistinguishedName Source #
Methods (==) :: DistinguishedName -> DistinguishedName -> Bool # (/=) :: DistinguishedName -> DistinguishedName -> Bool #
Ord DistinguishedName Source #
Methods compare :: DistinguishedName -> DistinguishedName -> Ordering # (<) :: DistinguishedName -> DistinguishedName -> Bool # (<=) :: DistinguishedName -> DistinguishedName -> Bool # (>) :: DistinguishedName -> DistinguishedName -> Bool # (>=) :: DistinguishedName -> DistinguishedName -> Bool # max :: DistinguishedName -> DistinguishedName -> DistinguishedName # min :: DistinguishedName -> DistinguishedName -> DistinguishedName #
Show DistinguishedName Source #
Methods showsPrec :: Int -> DistinguishedName -> ShowS # show :: DistinguishedName -> String # showList :: [DistinguishedName] -> ShowS #
Monoid DistinguishedName Source #
Methods mempty :: DistinguishedName # mappend :: DistinguishedName -> DistinguishedName -> DistinguishedName # mconcat :: [DistinguishedName] -> DistinguishedName #
ASN1Object DistinguishedName Source #
Methods toASN1 :: DistinguishedName -> ASN1S fromASN1 :: [ASN1] -> Either String (DistinguishedName, [ASN1])

data DnElement Source #

Elements commonly available in a DistinguishedName structure

Constructors

DnCommonName	CN
DnCountry	Country
DnOrganization	O
DnOrganizationUnit	OU
DnEmailAddress	Email Address (legacy)

Instances

Eq DnElement Source #
Methods (==) :: DnElement -> DnElement -> Bool # (/=) :: DnElement -> DnElement -> Bool #
Show DnElement Source #
Methods showsPrec :: Int -> DnElement -> ShowS # show :: DnElement -> String # showList :: [DnElement] -> ShowS #
OIDable DnElement Source #
Methods getObjectID :: DnElement -> OID

data ASN1CharacterString :: * #

Constructors

ASN1CharacterString
Fields characterEncoding :: ASN1StringEncoding getCharacterStringRawData :: ByteString

Instances

Eq ASN1CharacterString
Methods (==) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (/=) :: ASN1CharacterString -> ASN1CharacterString -> Bool #
Ord ASN1CharacterString
Methods compare :: ASN1CharacterString -> ASN1CharacterString -> Ordering # (<) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (<=) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (>) :: ASN1CharacterString -> ASN1CharacterString -> Bool # (>=) :: ASN1CharacterString -> ASN1CharacterString -> Bool # max :: ASN1CharacterString -> ASN1CharacterString -> ASN1CharacterString # min :: ASN1CharacterString -> ASN1CharacterString -> ASN1CharacterString #
Show ASN1CharacterString
Methods showsPrec :: Int -> ASN1CharacterString -> ShowS # show :: ASN1CharacterString -> String # showList :: [ASN1CharacterString] -> ShowS #
IsString ASN1CharacterString
Methods fromString :: String -> ASN1CharacterString #

getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString Source #

Try to get a specific element in a DistinguishedName structure

Certificate Chain

newtype CertificateChain Source #

A chain of X.509 certificates in exact form.

Constructors

CertificateChain [SignedExact Certificate]

Instances

Eq CertificateChain Source #
Methods (==) :: CertificateChain -> CertificateChain -> Bool # (/=) :: CertificateChain -> CertificateChain -> Bool #
Show CertificateChain Source #
Methods showsPrec :: Int -> CertificateChain -> ShowS # show :: CertificateChain -> String # showList :: [CertificateChain] -> ShowS #

newtype CertificateChainRaw Source #

Represent a chain of X.509 certificates in bytestring form.

Constructors

CertificateChainRaw [ByteString]

Instances

Eq CertificateChainRaw Source #
Methods (==) :: CertificateChainRaw -> CertificateChainRaw -> Bool # (/=) :: CertificateChainRaw -> CertificateChainRaw -> Bool #
Show CertificateChainRaw Source #
Methods showsPrec :: Int -> CertificateChainRaw -> ShowS # show :: CertificateChainRaw -> String # showList :: [CertificateChainRaw] -> ShowS #

marshall between CertificateChain and CertificateChainRaw

decodeCertificateChain :: CertificateChainRaw -> Either (Int, String) CertificateChain Source #

Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.

encodeCertificateChain :: CertificateChain -> CertificateChainRaw Source #

Convert a CertificateChain into a CertificateChainRaw

Signed types and marshalling

data (Show a, Eq a, ASN1Object a) => Signed a Source #

Represent a signed object using a traditional X509 structure.

When dealing with external certificate, use the SignedExact structure not this one.

Constructors

Signed
Fields signedObject :: a Object to sign signedAlg :: SignatureALG Signature Algorithm used signedSignature :: ByteString Signature as bytes

Instances

(ASN1Object a, Eq a, Show a) => Eq (Signed a) Source #
Methods (==) :: Signed a -> Signed a -> Bool # (/=) :: Signed a -> Signed a -> Bool #
(ASN1Object a, Eq a, Show a) => Show (Signed a) Source #
Methods showsPrec :: Int -> Signed a -> ShowS # show :: Signed a -> String # showList :: [Signed a] -> ShowS #

data (Show a, Eq a, ASN1Object a) => SignedExact a Source #

Represent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.

Instances

(ASN1Object a, Eq a, Show a) => Eq (SignedExact a) Source #
Methods (==) :: SignedExact a -> SignedExact a -> Bool # (/=) :: SignedExact a -> SignedExact a -> Bool #
(ASN1Object a, Eq a, Show a) => Show (SignedExact a) Source #
Methods showsPrec :: Int -> SignedExact a -> ShowS # show :: SignedExact a -> String # showList :: [SignedExact a] -> ShowS #

getSigned :: SignedExact a -> Signed a Source #

get the decoded Signed data

getSignedData :: (Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString Source #

Get the signed data for the signature

objectToSignedExact Source #

Arguments

:: (Show a, Eq a, ASN1Object a)
=> (ByteString -> (ByteString, SignatureALG, r))	signature function
-> a	object to sign
-> (SignedExact a, r)

Transform an object into a SignedExact object

objectToSignedExactF Source #

Arguments

:: (Functor f, Show a, Eq a, ASN1Object a)
=> (ByteString -> f (ByteString, SignatureALG))	signature function
-> a	object to sign
-> f (SignedExact a)

A generalization of objectToSignedExact where the signature function runs in an arbitrary functor. This allows for example to sign using an algorithm needing random values.

encodeSignedObject :: SignedExact a -> ByteString Source #

The raw representation of the whole signed structure

decodeSignedObject :: (Show a, Eq a, ASN1Object a) => ByteString -> Either String (SignedExact a) Source #

Try to parse a bytestring that use the typical X509 signed structure format