x509-1.7.7: X509 reader and writer
License BSD-style
Maintainer Vincent Hanquez <vincent@snarc.org>
Stability experimental
Portability unknown
Safe Haskell None
Language Haskell2010

Data.X509

Description

Read/Write X509 Certificate, CRL and their signed equivalents.

Follows RFC5280 / RFC6818

Synopsis

Types

pubkeyToAlg :: PubKey -> PubKeyALG Source #

Convert a Public key to the Public Key Algorithm type

privkeyToAlg :: PrivKey -> PubKeyALG Source #

Convert a Private key to the Public Key Algorithm type

data PubKeyALG Source #

Public Key Algorithm

Constructors

PubKeyALG_RSA

RSA Public Key algorithm

PubKeyALG_RSAPSS

RSA PSS Key algorithm (RFC 3447)

PubKeyALG_DSA

DSA Public Key algorithm

PubKeyALG_EC

ECDSA & ECDH Public Key algorithm

PubKeyALG_X25519

ECDH 25519 key agreement

PubKeyALG_X448

ECDH 448 key agreement

PubKeyALG_Ed25519

EdDSA 25519 signature algorithm

PubKeyALG_Ed448

EdDSA 448 signature algorithm

PubKeyALG_DH

Diffie Hellman Public Key algorithm

PubKeyALG_Unknown OID

Unknown Public Key algorithm

class Extension a where Source #

Extension class.

each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.

Errata: turns out, the content is not necessarily ASN1, it could be data that is only parsable by the extension e.g. raw ascii string. Add method to parse and encode with ByteString

Instances

Instances details
Extension ExtNetscapeComment Source #
Instance details

Defined in Data.X509.Ext

Extension ExtCrlDistributionPoints Source #
Instance details

Defined in Data.X509.Ext

Extension ExtAuthorityKeyId Source #
Instance details

Defined in Data.X509.Ext

Extension ExtSubjectAltName Source #
Instance details

Defined in Data.X509.Ext

Extension ExtSubjectKeyId Source #
Instance details

Defined in Data.X509.Ext

Extension ExtExtendedKeyUsage Source #
Instance details

Defined in Data.X509.Ext

Extension ExtKeyUsage Source #
Instance details

Defined in Data.X509.Ext

Extension ExtBasicConstraints Source #
Instance details

Defined in Data.X509.Ext

Common extension usually found in x509v3

data ExtKeyUsageFlag Source #

key usage flag that is found in the key usage extension field.

Instances

Instances details
Enum ExtKeyUsageFlag Source #
Instance details

Defined in Data.X509.Ext

Eq ExtKeyUsageFlag Source #
Instance details

Defined in Data.X509.Ext

Ord ExtKeyUsageFlag Source #
Instance details

Defined in Data.X509.Ext

Show ExtKeyUsageFlag Source #
Instance details

Defined in Data.X509.Ext

data ExtSubjectAltName Source #

Provide a way to supply alternate name that can be used for matching host name.

data ReasonFlag Source #

Reason flag for the CRL

Accessor turning extension into a specific one

extensionGet :: Extension a => Extensions -> Maybe a Source #

Get a specific extension from a lists of raw extensions

extensionGetE :: Extension a => Extensions -> Maybe ( Either String a) Source #

Get a specific extension from a lists of raw extensions

extensionDecode :: forall a. Extension a => ExtensionRaw -> Maybe ( Either String a) Source #

Try to decode an ExtensionRaw.

If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decoded

extensionEncode :: forall a. Extension a => Bool -> a -> ExtensionRaw Source #

Encode an Extension to extensionRaw

extRawASN1 :: ExtensionRaw -> [ ASN1 ] Source #

Deprecated: use tryExtRawASN1 instead

Certificate Revocation List (CRL)

Naming

newtype DistinguishedName Source #

A list of OID and strings.

Instances

Instances details
Eq DistinguishedName Source #
Instance details

Defined in Data.X509.DistinguishedName

Ord DistinguishedName Source #
Instance details

Defined in Data.X509.DistinguishedName

Show DistinguishedName Source #
Instance details

Defined in Data.X509.DistinguishedName

Semigroup DistinguishedName Source #
Instance details

Defined in Data.X509.DistinguishedName

Monoid DistinguishedName Source #
Instance details

Defined in Data.X509.DistinguishedName

ASN1Object DistinguishedName Source #
Instance details

Defined in Data.X509.DistinguishedName

Certificate Chain

marshall between CertificateChain and CertificateChainRaw

decodeCertificateChain :: CertificateChainRaw -> Either ( Int , String ) CertificateChain Source #

Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.

encodeCertificateChain :: CertificateChain -> CertificateChainRaw Source #

Convert a CertificateChain into a CertificateChainRaw

Signed types and marshalling

data ( Show a, Eq a, ASN1Object a) => Signed a Source #

Represent a signed object using a traditional X509 structure.

When dealing with external certificate, use the SignedExact structure not this one.

Constructors

Signed

Fields

data ( Show a, Eq a, ASN1Object a) => SignedExact a Source #

Represent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.

getSigned :: SignedExact a -> Signed a Source #

get the decoded Signed data

getSignedData :: ( Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString Source #

Get the signed data for the signature

objectToSignedExact Source #

Arguments

:: ( Show a, Eq a, ASN1Object a)
=> ( ByteString -> ( ByteString , SignatureALG , r))

signature function

-> a

object to sign

-> ( SignedExact a, r)

Transform an object into a SignedExact object

objectToSignedExactF Source #

Arguments

:: ( Functor f, Show a, Eq a, ASN1Object a)
=> ( ByteString -> f ( ByteString , SignatureALG ))

signature function

-> a

object to sign

-> f ( SignedExact a)

A generalization of objectToSignedExact where the signature function runs in an arbitrary functor. This allows for example to sign using an algorithm needing random values.

encodeSignedObject :: SignedExact a -> ByteString Source #

The raw representation of the whole signed structure

decodeSignedObject :: ( Show a, Eq a, ASN1Object a) => ByteString -> Either String ( SignedExact a) Source #

Try to parse a bytestring that use the typical X509 signed structure format

Parametrized Signed accessor

getCertificate :: SignedCertificate -> Certificate Source #

Get the Certificate associated to a SignedCertificate

getCRL :: SignedCRL -> CRL Source #

Get the CRL associated to a SignedCRL

Hash distinguished names related function

hashDN :: DistinguishedName -> ByteString Source #

Make an OpenSSL style hash of distinguished name

OpenSSL algorithm is odd, and has been replicated here somewhat. only lower the case of ascii character.

hashDN_old :: DistinguishedName -> ByteString Source #

Create an openssl style old hash of distinguished name