License | BSD-style |
---|---|
Maintainer | Vincent Hanquez <vincent@snarc.org> |
Stability | experimental |
Portability | unknown |
Safe Haskell | None |
Language | Haskell2010 |
- Types
- Common extension usually found in x509v3
- Accessor turning extension into a specific one
- Certificate Revocation List (CRL)
- Naming
- Certificate Chain
- marshall between CertificateChain and CertificateChainRaw
- Signed types and marshalling
- Parametrized Signed accessor
- Hash distinguished names related function
Read/Write X509 Certificate, CRL and their signed equivalents.
Follows RFC5280 / RFC6818
Synopsis
- type SignedCertificate = SignedExact Certificate
- type SignedCRL = SignedExact CRL
- data Certificate = Certificate { }
-
data
PubKey
- = PubKeyRSA PublicKey
- | PubKeyDSA PublicKey
- | PubKeyDH ( Integer , Integer , Integer , Maybe Integer , ([ Word8 ], Integer ))
- | PubKeyEC PubKeyEC
- | PubKeyX25519 PublicKey
- | PubKeyX448 PublicKey
- | PubKeyEd25519 PublicKey
- | PubKeyEd448 PublicKey
- | PubKeyUnknown OID ByteString
-
data
PubKeyEC
- = PubKeyEC_Prime { }
- | PubKeyEC_Named { }
- newtype SerializedPoint = SerializedPoint ByteString
- data PrivKey
-
data
PrivKeyEC
- = PrivKeyEC_Prime { }
- | PrivKeyEC_Named { }
- pubkeyToAlg :: PubKey -> PubKeyALG
- privkeyToAlg :: PrivKey -> PubKeyALG
-
data
HashALG
- = HashMD2
- | HashMD5
- | HashSHA1
- | HashSHA224
- | HashSHA256
- | HashSHA384
- | HashSHA512
- data PubKeyALG
- data SignatureALG
-
class
Extension
a
where
- extOID :: a -> OID
- extHasNestedASN1 :: Proxy a -> Bool
- extEncode :: a -> [ ASN1 ]
- extDecode :: [ ASN1 ] -> Either String a
- extDecodeBs :: ByteString -> Either String a
- extEncodeBs :: a -> ByteString
- data ExtBasicConstraints = ExtBasicConstraints Bool ( Maybe Integer )
- data ExtKeyUsage = ExtKeyUsage [ ExtKeyUsageFlag ]
- data ExtKeyUsageFlag
- data ExtExtendedKeyUsage = ExtExtendedKeyUsage [ ExtKeyUsagePurpose ]
- data ExtKeyUsagePurpose
- data ExtSubjectKeyId = ExtSubjectKeyId ByteString
- data ExtSubjectAltName = ExtSubjectAltName [ AltName ]
- data ExtAuthorityKeyId = ExtAuthorityKeyId ByteString
- data ExtCrlDistributionPoints = ExtCrlDistributionPoints [ DistributionPoint ]
- data ExtNetscapeComment = ExtNetscapeComment ByteString
- data AltName
- data DistributionPoint
- data ReasonFlag
- extensionGet :: Extension a => Extensions -> Maybe a
- extensionGetE :: Extension a => Extensions -> Maybe ( Either String a)
- extensionDecode :: forall a. Extension a => ExtensionRaw -> Maybe ( Either String a)
- extensionEncode :: forall a. Extension a => Bool -> a -> ExtensionRaw
-
data
ExtensionRaw
=
ExtensionRaw
{
- extRawOID :: OID
- extRawCritical :: Bool
- extRawContent :: ByteString
- tryExtRawASN1 :: ExtensionRaw -> Either String [ ASN1 ]
- extRawASN1 :: ExtensionRaw -> [ ASN1 ]
- newtype Extensions = Extensions ( Maybe [ ExtensionRaw ])
- data CRL = CRL { }
- data RevokedCertificate = RevokedCertificate { }
-
newtype
DistinguishedName
=
DistinguishedName
{
- getDistinguishedElements :: [( OID , ASN1CharacterString )]
- data DnElement
- data ASN1CharacterString = ASN1CharacterString { }
- getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString
- newtype CertificateChain = CertificateChain [ SignedExact Certificate ]
- newtype CertificateChainRaw = CertificateChainRaw [ ByteString ]
- decodeCertificateChain :: CertificateChainRaw -> Either ( Int , String ) CertificateChain
- encodeCertificateChain :: CertificateChain -> CertificateChainRaw
-
data
(
Show
a,
Eq
a,
ASN1Object
a) =>
Signed
a =
Signed
{
- signedObject :: a
- signedAlg :: SignatureALG
- signedSignature :: ByteString
- data ( Show a, Eq a, ASN1Object a) => SignedExact a
- getSigned :: SignedExact a -> Signed a
- getSignedData :: ( Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString
- objectToSignedExact :: ( Show a, Eq a, ASN1Object a) => ( ByteString -> ( ByteString , SignatureALG , r)) -> a -> ( SignedExact a, r)
- objectToSignedExactF :: ( Functor f, Show a, Eq a, ASN1Object a) => ( ByteString -> f ( ByteString , SignatureALG )) -> a -> f ( SignedExact a)
- encodeSignedObject :: SignedExact a -> ByteString
- decodeSignedObject :: ( Show a, Eq a, ASN1Object a) => ByteString -> Either String ( SignedExact a)
- getCertificate :: SignedCertificate -> Certificate
- getCRL :: SignedCRL -> CRL
- decodeSignedCertificate :: ByteString -> Either String SignedCertificate
- decodeSignedCRL :: ByteString -> Either String SignedCRL
- hashDN :: DistinguishedName -> ByteString
- hashDN_old :: DistinguishedName -> ByteString
Types
type SignedCertificate = SignedExact Certificate Source #
A Signed Certificate
type SignedCRL = SignedExact CRL Source #
A Signed CRL
data Certificate Source #
X.509 Certificate type.
This type doesn't include the signature, it's describe in the RFC as tbsCertificate.
Certificate | |
|
Instances
Eq Certificate Source # | |
Defined in Data.X509.Cert (==) :: Certificate -> Certificate -> Bool Source # (/=) :: Certificate -> Certificate -> Bool Source # |
|
Show Certificate Source # | |
Defined in Data.X509.Cert |
|
ASN1Object Certificate Source # | |
Defined in Data.X509.Cert |
Public key types known and used in X.509
PubKeyRSA PublicKey |
RSA public key |
PubKeyDSA PublicKey |
DSA public key |
PubKeyDH ( Integer , Integer , Integer , Maybe Integer , ([ Word8 ], Integer )) |
DH format with (p,g,q,j,(seed,pgenCounter)) |
PubKeyEC PubKeyEC |
EC public key |
PubKeyX25519 PublicKey |
X25519 public key |
PubKeyX448 PublicKey |
X448 public key |
PubKeyEd25519 PublicKey |
Ed25519 public key |
PubKeyEd448 PublicKey |
Ed448 public key |
PubKeyUnknown OID ByteString |
unrecognized format |
Elliptic Curve Public Key
TODO: missing support for binary curve.
newtype SerializedPoint Source #
Serialized Elliptic Curve Point
Instances
Eq SerializedPoint Source # | |
Defined in Data.X509.PublicKey (==) :: SerializedPoint -> SerializedPoint -> Bool Source # (/=) :: SerializedPoint -> SerializedPoint -> Bool Source # |
|
Show SerializedPoint Source # | |
Defined in Data.X509.PublicKey |
Private key types known and used in X.509
PrivKeyRSA PrivateKey |
RSA private key |
PrivKeyDSA PrivateKey |
DSA private key |
PrivKeyEC PrivKeyEC |
EC private key |
PrivKeyX25519 SecretKey |
X25519 private key |
PrivKeyX448 SecretKey |
X448 private key |
PrivKeyEd25519 SecretKey |
Ed25519 private key |
PrivKeyEd448 SecretKey |
Ed448 private key |
Elliptic Curve Private Key
TODO: missing support for binary curve.
pubkeyToAlg :: PubKey -> PubKeyALG Source #
Convert a Public key to the Public Key Algorithm type
privkeyToAlg :: PrivKey -> PubKeyALG Source #
Convert a Private key to the Public Key Algorithm type
Public Key Algorithm
PubKeyALG_RSA |
RSA Public Key algorithm |
PubKeyALG_RSAPSS |
RSA PSS Key algorithm (RFC 3447) |
PubKeyALG_DSA |
DSA Public Key algorithm |
PubKeyALG_EC |
ECDSA & ECDH Public Key algorithm |
PubKeyALG_X25519 |
ECDH 25519 key agreement |
PubKeyALG_X448 |
ECDH 448 key agreement |
PubKeyALG_Ed25519 |
EdDSA 25519 signature algorithm |
PubKeyALG_Ed448 |
EdDSA 448 signature algorithm |
PubKeyALG_DH |
Diffie Hellman Public Key algorithm |
PubKeyALG_Unknown OID |
Unknown Public Key algorithm |
data SignatureALG Source #
Signature Algorithm, often composed of a public key algorithm and a hash algorithm. For some signature algorithms the hash algorithm is intrinsic to the public key algorithm and is not needed in the data type.
Instances
Eq SignatureALG Source # | |
Defined in Data.X509.AlgorithmIdentifier (==) :: SignatureALG -> SignatureALG -> Bool Source # (/=) :: SignatureALG -> SignatureALG -> Bool Source # |
|
Show SignatureALG Source # | |
Defined in Data.X509.AlgorithmIdentifier |
|
ASN1Object SignatureALG Source # | |
Defined in Data.X509.AlgorithmIdentifier |
class Extension a where Source #
Extension class.
each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.
Errata: turns out, the content is not necessarily ASN1, it could be data that is only parsable by the extension e.g. raw ascii string. Add method to parse and encode with ByteString
extHasNestedASN1 :: Proxy a -> Bool Source #
extEncode :: a -> [ ASN1 ] Source #
extDecode :: [ ASN1 ] -> Either String a Source #
extDecodeBs :: ByteString -> Either String a Source #
extEncodeBs :: a -> ByteString Source #
Instances
Common extension usually found in x509v3
data ExtBasicConstraints Source #
Basic Constraints
Instances
Eq ExtBasicConstraints Source # | |
Defined in Data.X509.Ext (==) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool Source # (/=) :: ExtBasicConstraints -> ExtBasicConstraints -> Bool Source # |
|
Show ExtBasicConstraints Source # | |
Defined in Data.X509.Ext |
|
Extension ExtBasicConstraints Source # | |
Defined in Data.X509.Ext extOID :: ExtBasicConstraints -> OID Source # extHasNestedASN1 :: Proxy ExtBasicConstraints -> Bool Source # extEncode :: ExtBasicConstraints -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtBasicConstraints Source # extDecodeBs :: ByteString -> Either String ExtBasicConstraints Source # |
data ExtKeyUsage Source #
Describe key usage
Instances
Eq ExtKeyUsage Source # | |
Defined in Data.X509.Ext (==) :: ExtKeyUsage -> ExtKeyUsage -> Bool Source # (/=) :: ExtKeyUsage -> ExtKeyUsage -> Bool Source # |
|
Show ExtKeyUsage Source # | |
Defined in Data.X509.Ext |
|
Extension ExtKeyUsage Source # | |
Defined in Data.X509.Ext extOID :: ExtKeyUsage -> OID Source # extHasNestedASN1 :: Proxy ExtKeyUsage -> Bool Source # extEncode :: ExtKeyUsage -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtKeyUsage Source # extDecodeBs :: ByteString -> Either String ExtKeyUsage Source # extEncodeBs :: ExtKeyUsage -> ByteString Source # |
data ExtKeyUsageFlag Source #
key usage flag that is found in the key usage extension field.
Instances
data ExtExtendedKeyUsage Source #
Extended key usage extension
Instances
Eq ExtExtendedKeyUsage Source # | |
Defined in Data.X509.Ext (==) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool Source # (/=) :: ExtExtendedKeyUsage -> ExtExtendedKeyUsage -> Bool Source # |
|
Show ExtExtendedKeyUsage Source # | |
Defined in Data.X509.Ext |
|
Extension ExtExtendedKeyUsage Source # | |
Defined in Data.X509.Ext extOID :: ExtExtendedKeyUsage -> OID Source # extHasNestedASN1 :: Proxy ExtExtendedKeyUsage -> Bool Source # extEncode :: ExtExtendedKeyUsage -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtExtendedKeyUsage Source # extDecodeBs :: ByteString -> Either String ExtExtendedKeyUsage Source # |
data ExtKeyUsagePurpose Source #
Key usage purposes for the ExtendedKeyUsage extension
KeyUsagePurpose_ServerAuth | |
KeyUsagePurpose_ClientAuth | |
KeyUsagePurpose_CodeSigning | |
KeyUsagePurpose_EmailProtection | |
KeyUsagePurpose_TimeStamping | |
KeyUsagePurpose_OCSPSigning | |
KeyUsagePurpose_Unknown OID |
Instances
Eq ExtKeyUsagePurpose Source # | |
Defined in Data.X509.Ext (==) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool Source # (/=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool Source # |
|
Ord ExtKeyUsagePurpose Source # | |
Defined in Data.X509.Ext compare :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Ordering Source # (<) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool Source # (<=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool Source # (>) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool Source # (>=) :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> Bool Source # max :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose Source # min :: ExtKeyUsagePurpose -> ExtKeyUsagePurpose -> ExtKeyUsagePurpose Source # |
|
Show ExtKeyUsagePurpose Source # | |
Defined in Data.X509.Ext |
data ExtSubjectKeyId Source #
Provide a way to identify a public key by a short hash.
Instances
Eq ExtSubjectKeyId Source # | |
Defined in Data.X509.Ext (==) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool Source # (/=) :: ExtSubjectKeyId -> ExtSubjectKeyId -> Bool Source # |
|
Show ExtSubjectKeyId Source # | |
Defined in Data.X509.Ext |
|
Extension ExtSubjectKeyId Source # | |
Defined in Data.X509.Ext extOID :: ExtSubjectKeyId -> OID Source # extHasNestedASN1 :: Proxy ExtSubjectKeyId -> Bool Source # extEncode :: ExtSubjectKeyId -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtSubjectKeyId Source # extDecodeBs :: ByteString -> Either String ExtSubjectKeyId Source # |
data ExtSubjectAltName Source #
Provide a way to supply alternate name that can be used for matching host name.
Instances
data ExtAuthorityKeyId Source #
Provide a mean to identify the public key corresponding to the private key used to signed a certificate.
Instances
Eq ExtAuthorityKeyId Source # | |
Defined in Data.X509.Ext (==) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool Source # (/=) :: ExtAuthorityKeyId -> ExtAuthorityKeyId -> Bool Source # |
|
Show ExtAuthorityKeyId Source # | |
Defined in Data.X509.Ext |
|
Extension ExtAuthorityKeyId Source # | |
Defined in Data.X509.Ext extOID :: ExtAuthorityKeyId -> OID Source # extHasNestedASN1 :: Proxy ExtAuthorityKeyId -> Bool Source # extEncode :: ExtAuthorityKeyId -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtAuthorityKeyId Source # extDecodeBs :: ByteString -> Either String ExtAuthorityKeyId Source # |
data ExtCrlDistributionPoints Source #
Identify how CRL information is obtained
Instances
Eq ExtCrlDistributionPoints Source # | |
Defined in Data.X509.Ext |
|
Show ExtCrlDistributionPoints Source # | |
Defined in Data.X509.Ext |
|
Extension ExtCrlDistributionPoints Source # | |
Defined in Data.X509.Ext extOID :: ExtCrlDistributionPoints -> OID Source # extHasNestedASN1 :: Proxy ExtCrlDistributionPoints -> Bool Source # extEncode :: ExtCrlDistributionPoints -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtCrlDistributionPoints Source # extDecodeBs :: ByteString -> Either String ExtCrlDistributionPoints Source # extEncodeBs :: ExtCrlDistributionPoints -> ByteString Source # |
data ExtNetscapeComment Source #
Instances
Eq ExtNetscapeComment Source # | |
Defined in Data.X509.Ext (==) :: ExtNetscapeComment -> ExtNetscapeComment -> Bool Source # (/=) :: ExtNetscapeComment -> ExtNetscapeComment -> Bool Source # |
|
Show ExtNetscapeComment Source # | |
Defined in Data.X509.Ext |
|
Extension ExtNetscapeComment Source # | |
Defined in Data.X509.Ext extOID :: ExtNetscapeComment -> OID Source # extHasNestedASN1 :: Proxy ExtNetscapeComment -> Bool Source # extEncode :: ExtNetscapeComment -> [ ASN1 ] Source # extDecode :: [ ASN1 ] -> Either String ExtNetscapeComment Source # extDecodeBs :: ByteString -> Either String ExtNetscapeComment Source # |
Different naming scheme use by the extension.
Not all name types are available, missing: otherName x400Address directoryName ediPartyName registeredID
AltNameRFC822 String | |
AltNameDNS String | |
AltNameURI String | |
AltNameIP ByteString | |
AltNameXMPP String | |
AltNameDNSSRV String |
Instances
Eq AltName Source # | |
Ord AltName Source # | |
Show AltName Source # | |
data DistributionPoint Source #
Distribution point as either some GeneralNames or a DN
Instances
Eq DistributionPoint Source # | |
Defined in Data.X509.Ext (==) :: DistributionPoint -> DistributionPoint -> Bool Source # (/=) :: DistributionPoint -> DistributionPoint -> Bool Source # |
|
Show DistributionPoint Source # | |
Defined in Data.X509.Ext |
data ReasonFlag Source #
Reason flag for the CRL
Reason_Unused | |
Reason_KeyCompromise | |
Reason_CACompromise | |
Reason_AffiliationChanged | |
Reason_Superseded | |
Reason_CessationOfOperation | |
Reason_CertificateHold | |
Reason_PrivilegeWithdrawn | |
Reason_AACompromise |
Instances
Accessor turning extension into a specific one
extensionGet :: Extension a => Extensions -> Maybe a Source #
Get a specific extension from a lists of raw extensions
extensionGetE :: Extension a => Extensions -> Maybe ( Either String a) Source #
Get a specific extension from a lists of raw extensions
extensionDecode :: forall a. Extension a => ExtensionRaw -> Maybe ( Either String a) Source #
Try to decode an ExtensionRaw.
If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decoded
extensionEncode :: forall a. Extension a => Bool -> a -> ExtensionRaw Source #
Encode an Extension to extensionRaw
data ExtensionRaw Source #
An undecoded extension
ExtensionRaw | |
|
Instances
Eq ExtensionRaw Source # | |
Defined in Data.X509.ExtensionRaw (==) :: ExtensionRaw -> ExtensionRaw -> Bool Source # (/=) :: ExtensionRaw -> ExtensionRaw -> Bool Source # |
|
Show ExtensionRaw Source # | |
Defined in Data.X509.ExtensionRaw |
|
ASN1Object ExtensionRaw Source # | |
Defined in Data.X509.ExtensionRaw |
tryExtRawASN1 :: ExtensionRaw -> Either String [ ASN1 ] Source #
extRawASN1 :: ExtensionRaw -> [ ASN1 ] Source #
Deprecated: use tryExtRawASN1 instead
newtype Extensions Source #
a Set of
ExtensionRaw
Extensions ( Maybe [ ExtensionRaw ]) |
Instances
Eq Extensions Source # | |
Defined in Data.X509.ExtensionRaw (==) :: Extensions -> Extensions -> Bool Source # (/=) :: Extensions -> Extensions -> Bool Source # |
|
Show Extensions Source # | |
Defined in Data.X509.ExtensionRaw |
|
ASN1Object Extensions Source # | |
Defined in Data.X509.ExtensionRaw |
Certificate Revocation List (CRL)
Describe a Certificate revocation list
data RevokedCertificate Source #
Describe a revoked certificate identifiable by serial number.
Instances
Eq RevokedCertificate Source # | |
Defined in Data.X509.CRL (==) :: RevokedCertificate -> RevokedCertificate -> Bool Source # (/=) :: RevokedCertificate -> RevokedCertificate -> Bool Source # |
|
Show RevokedCertificate Source # | |
Defined in Data.X509.CRL |
|
ASN1Object RevokedCertificate Source # | |
Defined in Data.X509.CRL |
Naming
newtype DistinguishedName Source #
A list of OID and strings.
Instances
Elements commonly available in a
DistinguishedName
structure
DnCommonName |
CN |
DnCountry |
Country |
DnOrganization |
O |
DnOrganizationUnit |
OU |
DnEmailAddress |
Email Address (legacy) |
data ASN1CharacterString Source #
ASN1 Character String with encoding
Instances
Eq ASN1CharacterString | |
Defined in Data.ASN1.Types.String (==) :: ASN1CharacterString -> ASN1CharacterString -> Bool Source # (/=) :: ASN1CharacterString -> ASN1CharacterString -> Bool Source # |
|
Ord ASN1CharacterString | |
Defined in Data.ASN1.Types.String compare :: ASN1CharacterString -> ASN1CharacterString -> Ordering Source # (<) :: ASN1CharacterString -> ASN1CharacterString -> Bool Source # (<=) :: ASN1CharacterString -> ASN1CharacterString -> Bool Source # (>) :: ASN1CharacterString -> ASN1CharacterString -> Bool Source # (>=) :: ASN1CharacterString -> ASN1CharacterString -> Bool Source # max :: ASN1CharacterString -> ASN1CharacterString -> ASN1CharacterString Source # min :: ASN1CharacterString -> ASN1CharacterString -> ASN1CharacterString Source # |
|
Show ASN1CharacterString | |
Defined in Data.ASN1.Types.String |
|
IsString ASN1CharacterString | |
Defined in Data.ASN1.Types.String |
getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString Source #
Try to get a specific element in a
DistinguishedName
structure
Certificate Chain
newtype CertificateChain Source #
A chain of X.509 certificates in exact form.
Instances
Eq CertificateChain Source # | |
Defined in Data.X509.CertificateChain (==) :: CertificateChain -> CertificateChain -> Bool Source # (/=) :: CertificateChain -> CertificateChain -> Bool Source # |
|
Show CertificateChain Source # | |
Defined in Data.X509.CertificateChain |
newtype CertificateChainRaw Source #
Represent a chain of X.509 certificates in bytestring form.
Instances
Eq CertificateChainRaw Source # | |
Defined in Data.X509.CertificateChain (==) :: CertificateChainRaw -> CertificateChainRaw -> Bool Source # (/=) :: CertificateChainRaw -> CertificateChainRaw -> Bool Source # |
|
Show CertificateChainRaw Source # | |
Defined in Data.X509.CertificateChain |
marshall between CertificateChain and CertificateChainRaw
decodeCertificateChain :: CertificateChainRaw -> Either ( Int , String ) CertificateChain Source #
Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.
encodeCertificateChain :: CertificateChain -> CertificateChainRaw Source #
Convert a CertificateChain into a CertificateChainRaw
Signed types and marshalling
data ( Show a, Eq a, ASN1Object a) => Signed a Source #
Represent a signed object using a traditional X509 structure.
When dealing with external certificate, use the SignedExact structure not this one.
Signed | |
|
data ( Show a, Eq a, ASN1Object a) => SignedExact a Source #
Represent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.
Instances
( Show a, Eq a, ASN1Object a) => Eq ( SignedExact a) Source # | |
Defined in Data.X509.Signed (==) :: SignedExact a -> SignedExact a -> Bool Source # (/=) :: SignedExact a -> SignedExact a -> Bool Source # |
|
( Show a, Eq a, ASN1Object a) => Show ( SignedExact a) Source # | |
Defined in Data.X509.Signed |
getSigned :: SignedExact a -> Signed a Source #
get the decoded Signed data
getSignedData :: ( Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString Source #
Get the signed data for the signature
:: ( Show a, Eq a, ASN1Object a) | |
=> ( ByteString -> ( ByteString , SignatureALG , r)) |
signature function |
-> a |
object to sign |
-> ( SignedExact a, r) |
Transform an object into a
SignedExact
object
:: ( Functor f, Show a, Eq a, ASN1Object a) | |
=> ( ByteString -> f ( ByteString , SignatureALG )) |
signature function |
-> a |
object to sign |
-> f ( SignedExact a) |
A generalization of
objectToSignedExact
where the signature function
runs in an arbitrary functor. This allows for example to sign using an
algorithm needing random values.
encodeSignedObject :: SignedExact a -> ByteString Source #
The raw representation of the whole signed structure
decodeSignedObject :: ( Show a, Eq a, ASN1Object a) => ByteString -> Either String ( SignedExact a) Source #
Try to parse a bytestring that use the typical X509 signed structure format
Parametrized Signed accessor
getCertificate :: SignedCertificate -> Certificate Source #
Get the Certificate associated to a SignedCertificate
decodeSignedCertificate :: ByteString -> Either String SignedCertificate Source #
Try to decode a bytestring to a SignedCertificate
decodeSignedCRL :: ByteString -> Either String SignedCRL Source #
Try to decode a bytestring to a SignedCRL
Hash distinguished names related function
hashDN :: DistinguishedName -> ByteString Source #
Make an OpenSSL style hash of distinguished name
OpenSSL algorithm is odd, and has been replicated here somewhat. only lower the case of ascii character.
hashDN_old :: DistinguishedName -> ByteString Source #
Create an openssl style old hash of distinguished name