HsOpenSSL-0.11.1: Partial OpenSSL binding for Haskell

Safe HaskellNone
LanguageHaskell98

OpenSSL.X509

Contents

Description

An interface to X.509 certificate.

Synopsis

Type

data X509 Source

X509 is an opaque object that represents X.509 certificate.

Functions to manipulate certificate

newX509 :: IO X509 Source

newX509 creates an empty certificate. You must set the following properties to and sign it (see signX509) to actually use the certificate.

Version
See setVersion.
Serial number
See setSerialNumber.
Issuer name
See setIssuerName.
Subject name
See setSubjectName.
Validity
See setNotBefore and setNotAfter.
Public Key
See setPublicKey.

compareX509 :: X509 -> X509 -> IO Ordering Source

compareX509 cert1 cert2 compares two certificates.

signX509 Source

Arguments

:: KeyPair key 
=> X509

The certificate to be signed.

-> key

The private key to sign with.

-> Maybe Digest

A hashing algorithm to use. If Nothing the most suitable algorithm for the key is automatically used.

-> IO () 

signX509 signs a certificate with an issuer private key.

verifyX509 Source

Arguments

:: PublicKey key 
=> X509

The certificate to be verified.

-> key

The public key to verify with.

-> IO VerifyStatus 

verifyX509 verifies a signature of certificate with an issuer public key.

printX509 :: X509 -> IO String Source

printX509 cert translates a certificate into human-readable format.

Accessors

getVersion :: X509 -> IO Int Source

getVersion cert returns the version number of certificate. It seems the number is 0-origin: version 2 means X.509 v3.

setVersion :: X509 -> Int -> IO () Source

setVersion cert ver updates the version number of certificate.

getSerialNumber :: X509 -> IO Integer Source

getSerialNumber cert returns the serial number of certificate.

setSerialNumber :: X509 -> Integer -> IO () Source

setSerialNumber cert num updates the serial number of certificate.

getIssuerName Source

Arguments

:: X509

The certificate to examine.

-> Bool

True if you want the keys of each parts to be of long form (e.g. "commonName"), or False if you don't (e.g. "CN").

-> IO [(String, String)]

Pairs of key and value, for example [("C", "JP"), ("ST", "Some-State"), ...].

getIssuerName returns the issuer name of certificate.

setIssuerName :: X509 -> [(String, String)] -> IO () Source

setIssuerName cert name updates the issuer name of certificate. Keys of each parts may be of either long form or short form. See getIssuerName.

getSubjectName :: X509 -> Bool -> IO [(String, String)] Source

getSubjectName cert wantLongName returns the subject name of certificate. See getIssuerName.

setSubjectName :: X509 -> [(String, String)] -> IO () Source

setSubjectName cert name updates the subject name of certificate. See setIssuerName.

getNotBefore :: X509 -> IO UTCTime Source

getNotBefore cert returns the time when the certificate begins to be valid.

setNotBefore :: X509 -> UTCTime -> IO () Source

setNotBefore cert utc updates the time when the certificate begins to be valid.

getNotAfter :: X509 -> IO UTCTime Source

getNotAfter cert returns the time when the certificate expires.

setNotAfter :: X509 -> UTCTime -> IO () Source

setNotAfter cert utc updates the time when the certificate expires.

getPublicKey :: X509 -> IO SomePublicKey Source

getPublicKey cert returns the public key of the subject of certificate.

setPublicKey :: PublicKey key => X509 -> key -> IO () Source

setPublicKey cert pubkey updates the public key of the subject of certificate.

getSubjectEmail :: X509 -> IO [String] Source

getSubjectEmail cert returns every subject email addresses in the certificate.