Copyright	(c) Alexey Radkov 2024
License	BSD-style
Maintainer	alexey.radkov@gmail.com
Stability	experimental
Portability	portable
Safe Haskell	Safe-Inferred
Language	Haskell2010

Data.X509.OCSP

Description

Encode and decode X509 OCSP requests and responses.

This module complies with rfc6960.

Synopsis

data CertId = CertId {
}
encodeOCSPRequestASN1 :: Certificate -> Certificate -> ([ASN1], CertId)
encodeOCSPRequest :: Certificate -> Certificate -> (ByteString, CertId)
data OCSPResponse = OCSPResponse {
- ocspRespStatus :: OCSPResponseStatus
- ocspRespPayload :: Maybe OCSPResponsePayload
}
data OCSPResponseStatus
data OCSPResponsePayload = OCSPResponsePayload {
- ocspRespCertData :: OCSPResponseCertData
- ocspRespData :: [ASN1]
}
data OCSPResponseCertData = OCSPResponseCertData {
}
data OCSPResponseCertStatus
decodeOCSPResponse :: CertId -> ByteString -> Either ASN1Error (Maybe OCSPResponse)

Documentation

data CertId Source #

Certificate Id.

This data is used when building OCSP requests and parsing OCSP responses.

Constructors

CertId
Fields certIdIssuerNameHash :: ByteString Value of issuerNameHash as defined in rfc6960 certIdIssuerKeyHash :: ByteString Value of issuerKeyHash as defined in rfc6960 certIdSerialNumber :: Integer Certificate serial number

Instances

Instances details

Show CertId Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> CertId -> ShowS # show :: CertId -> String # showList :: [CertId] -> ShowS #
Eq CertId Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: CertId -> CertId -> Bool # (/=) :: CertId -> CertId -> Bool #

encodeOCSPRequestASN1 Source #

Arguments

:: Certificate	Certificate
-> Certificate	Issuer certificate
-> ([ASN1], CertId)

Build and encode OCSP request in ASN.1 format.

The returned value contains the encoded request and an object of type CertId with hashes calculated by the SHA1 algorithm.

encodeOCSPRequest Source #

Arguments

:: Certificate	Certificate
-> Certificate	Issuer certificate
-> (ByteString, CertId)

Build and encode OCSP request in ASN.1/DER format.

The returned value contains the encoded request and an object of type CertId with hashes calculated by the SHA1 algorithm.

data OCSPResponse Source #

OCSP response data.

Constructors

OCSPResponse
Fields ocspRespStatus :: OCSPResponseStatus Response status ocspRespPayload :: Maybe OCSPResponsePayload Response payload data

Instances

Instances details

Show OCSPResponse Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponse -> ShowS # show :: OCSPResponse -> String # showList :: [OCSPResponse] -> ShowS #
Eq OCSPResponse Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponse -> OCSPResponse -> Bool # (/=) :: OCSPResponse -> OCSPResponse -> Bool #

data OCSPResponseStatus Source #

Status of OCSP response as defined in rfc6960.

Constructors

OCSPRespSuccessful
OCSPRespMalformedRequest
OCSPRespInternalError
OCSPRespUnused1
OCSPRespTryLater
OCSPRespSigRequired
OCSPRespUnauthorized

Instances

Instances details

Bounded OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods minBound :: OCSPResponseStatus # maxBound :: OCSPResponseStatus #
Enum OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods succ :: OCSPResponseStatus -> OCSPResponseStatus # pred :: OCSPResponseStatus -> OCSPResponseStatus # toEnum :: Int -> OCSPResponseStatus # fromEnum :: OCSPResponseStatus -> Int # enumFrom :: OCSPResponseStatus -> [OCSPResponseStatus] # enumFromThen :: OCSPResponseStatus -> OCSPResponseStatus -> [OCSPResponseStatus] # enumFromTo :: OCSPResponseStatus -> OCSPResponseStatus -> [OCSPResponseStatus] # enumFromThenTo :: OCSPResponseStatus -> OCSPResponseStatus -> OCSPResponseStatus -> [OCSPResponseStatus] #
Show OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponseStatus -> ShowS # show :: OCSPResponseStatus -> String # showList :: [OCSPResponseStatus] -> ShowS #
Eq OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponseStatus -> OCSPResponseStatus -> Bool # (/=) :: OCSPResponseStatus -> OCSPResponseStatus -> Bool #

data OCSPResponsePayload Source #

Payload data of OCSP response.

Constructors

OCSPResponsePayload
Fields ocspRespCertData :: OCSPResponseCertData Selected certificate data ocspRespData :: [ASN1] Whole response payload

Instances

Instances details

Show OCSPResponsePayload Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponsePayload -> ShowS # show :: OCSPResponsePayload -> String # showList :: [OCSPResponsePayload] -> ShowS #
Eq OCSPResponsePayload Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponsePayload -> OCSPResponsePayload -> Bool # (/=) :: OCSPResponsePayload -> OCSPResponsePayload -> Bool #

data OCSPResponseCertData Source #

Selected certificate data of OCSP response.

Constructors

OCSPResponseCertData
Fields ocspRespCertStatus :: OCSPResponseCertStatus Certificate status ocspRespCertThisUpdate :: ASN1 Value of thisUpdate as defined in rfc6960 ocspRespCertNextUpdate :: Maybe ASN1 Value of nextUpdate as defined in rfc6960

Instances

Instances details

Show OCSPResponseCertData Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponseCertData -> ShowS # show :: OCSPResponseCertData -> String # showList :: [OCSPResponseCertData] -> ShowS #
Eq OCSPResponseCertData Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponseCertData -> OCSPResponseCertData -> Bool # (/=) :: OCSPResponseCertData -> OCSPResponseCertData -> Bool #

data OCSPResponseCertStatus Source #

Certificate status of OCSP response as defined in rfc6960.

Constructors

OCSPRespCertGood
OCSPRespCertRevoked
OCSPRespCertUnknown

Instances

Instances details

Bounded OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods minBound :: OCSPResponseCertStatus # maxBound :: OCSPResponseCertStatus #
Enum OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods succ :: OCSPResponseCertStatus -> OCSPResponseCertStatus # pred :: OCSPResponseCertStatus -> OCSPResponseCertStatus # toEnum :: Int -> OCSPResponseCertStatus # fromEnum :: OCSPResponseCertStatus -> Int # enumFrom :: OCSPResponseCertStatus -> [OCSPResponseCertStatus] # enumFromThen :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> [OCSPResponseCertStatus] # enumFromTo :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> [OCSPResponseCertStatus] # enumFromThenTo :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> OCSPResponseCertStatus -> [OCSPResponseCertStatus] #
Show OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponseCertStatus -> ShowS # show :: OCSPResponseCertStatus -> String # showList :: [OCSPResponseCertStatus] -> ShowS #
Eq OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> Bool # (/=) :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> Bool #

decodeOCSPResponse Source #

Arguments

:: CertId	Certificate Id
-> ByteString	OCSP response
-> Either ASN1Error (Maybe OCSPResponse)

Decode OCSP response.

The value of the certificate id is expected to be equal to what was returned by encodeOCSPRequest as it is used to check the correctness of the response.

The Left value gets returned on parse errors detected by decodeASN1. The Right value with Nothing gets returned on unexpected ASN.1 contents.