-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Certificates and Key Reader/Writer
--   
--   Certificates and Key reader/writer
--   
--   At the moment only X509 certificate and unencrypted private key are
--   supported, but will include PGP certificate and pkcs8 private keys
@package certificate
@version 1.2.0


-- | Read/Write Private RSA Key
module Data.Certificate.KeyRSA
decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
encodePrivate :: (PublicKey, PrivateKey) -> ByteString


-- | Read/Write Private Key
module Data.Certificate.KeyDSA
decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
encodePrivate :: (PublicKey, PrivateKey) -> ByteString


-- | extension processing module.
module Data.Certificate.X509.Ext
type ExtensionRaw = (OID, Bool, [ASN1])
class Extension a
extOID :: Extension a => a -> OID
extEncode :: Extension a => a -> [ASN1]
extDecode :: Extension a => [ASN1] -> Either String a
data ExtBasicConstraints
ExtBasicConstraints :: Bool -> ExtBasicConstraints
data ExtKeyUsage
ExtKeyUsage :: [ExtKeyUsageFlag] -> ExtKeyUsage

-- | key usage flag that is found in the key usage extension field.
data ExtKeyUsageFlag
KeyUsage_digitalSignature :: ExtKeyUsageFlag
KeyUsage_nonRepudiation :: ExtKeyUsageFlag
KeyUsage_keyEncipherment :: ExtKeyUsageFlag
KeyUsage_dataEncipherment :: ExtKeyUsageFlag
KeyUsage_keyAgreement :: ExtKeyUsageFlag
KeyUsage_keyCertSign :: ExtKeyUsageFlag
KeyUsage_cRLSign :: ExtKeyUsageFlag
KeyUsage_encipherOnly :: ExtKeyUsageFlag
KeyUsage_decipherOnly :: ExtKeyUsageFlag
data ExtSubjectKeyId
ExtSubjectKeyId :: ByteString -> ExtSubjectKeyId
data ExtSubjectAltName
ExtSubjectAltName :: [String] -> ExtSubjectAltName
data ExtAuthorityKeyId
ExtAuthorityKeyId :: ByteString -> ExtAuthorityKeyId
extensionGet :: Extension a => [ExtensionRaw] -> Maybe a
instance Show ExtKeyUsageFlag
instance Eq ExtKeyUsageFlag
instance Ord ExtKeyUsageFlag
instance Enum ExtKeyUsageFlag
instance Show ExtBasicConstraints
instance Eq ExtBasicConstraints
instance Show ExtKeyUsage
instance Eq ExtKeyUsage
instance Show ExtSubjectKeyId
instance Eq ExtSubjectKeyId
instance Show ExtSubjectAltName
instance Eq ExtSubjectAltName
instance Show ExtAuthorityKeyId
instance Eq ExtAuthorityKeyId
instance Extension ExtAuthorityKeyId
instance Extension ExtSubjectAltName
instance Extension ExtSubjectKeyId
instance Extension ExtKeyUsage
instance Extension ExtBasicConstraints

module Data.Certificate.X509.Cert
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG
data PubKeyALG
PubKeyALG_RSA :: PubKeyALG
PubKeyALG_DSA :: PubKeyALG
PubKeyALG_ECDSA :: PubKeyALG
PubKeyALG_DH :: PubKeyALG
PubKeyALG_Unknown :: OID -> PubKeyALG
data PubKey

-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey

-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey

-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey

-- | ECDSA format not done yet FIXME
PubKeyECDSA :: [ASN1] -> PubKey

-- | unrecognized format
PubKeyUnknown :: OID -> [Word8] -> PubKey
data ASN1StringType
UTF8 :: ASN1StringType
Printable :: ASN1StringType
Univ :: ASN1StringType
BMP :: ASN1StringType
IA5 :: ASN1StringType
T61 :: ASN1StringType
type ASN1String = (ASN1StringType, String)
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> [(OID, ASN1String)] -> [(OID, ASN1String)] -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate

-- | Certificate Version
certVersion :: Certificate -> Int

-- | Certificate Serial number
certSerial :: Certificate -> Integer

-- | Certificate Signature algorithm
certSignatureAlg :: Certificate -> SignatureALG

-- | Certificate Issuer DN
certIssuerDN :: Certificate -> [(OID, ASN1String)]

-- | Certificate Subject DN
certSubjectDN :: Certificate -> [(OID, ASN1String)]

-- | Certificate Validity period
certValidity :: Certificate -> (Time, Time)

-- | Certificate Public key
certPubKey :: Certificate -> PubKey

-- | Certificate Extensions
certExtensions :: Certificate -> Maybe [ExtensionRaw]
oidCommonName, oidOrganizationUnit, oidOrganization, oidCountry :: OID
oidSig :: OID -> SignatureALG
sigOID :: SignatureALG -> OID

-- | parse header structure of a x509 certificate. the structure the
--   following: Version Serial Number Algorithm ID Issuer Validity Not
--   Before Not After Subject Subject Public Key Info Public Key Algorithm
--   Subject Public Key Issuer Unique Identifier (Optional) (&gt;= 2)
--   Subject Unique Identifier (Optional) (&gt;= 2) Extensions (Optional)
--   (&gt;= v3)
parseCertificate :: ParseASN1 Certificate
encodeCertificateHeader :: Certificate -> [ASN1]
instance Show HashALG
instance Eq HashALG
instance Show PubKeyALG
instance Eq PubKeyALG
instance Show SignatureALG
instance Eq SignatureALG
instance Show PubKey
instance Eq PubKey
instance Show CertKeyUsage
instance Eq CertKeyUsage
instance Show ASN1StringType
instance Eq ASN1StringType
instance Show Certificate
instance Eq Certificate


-- | Read/Write X509 certificate
module Data.Certificate.X509
data X509
X509 :: Certificate -> (Maybe ByteString) -> (Maybe ByteString) -> SignatureALG -> [Word8] -> X509

-- | the certificate part of a X509 structure
x509Cert :: X509 -> Certificate

-- | a cache of the raw representation of the x509 part for signing since
--   encoding+decoding might not result in the same data being signed.
x509CachedSigningData :: X509 -> (Maybe ByteString)

-- | a cache of the raw representation of the whole x509.
x509CachedData :: X509 -> (Maybe ByteString)

-- | the signature algorithm used.
x509SignatureALG :: X509 -> SignatureALG

-- | the signature.
x509Signature :: X509 -> [Word8]
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG
data PubKeyALG
PubKeyALG_RSA :: PubKeyALG
PubKeyALG_DSA :: PubKeyALG
PubKeyALG_ECDSA :: PubKeyALG
PubKeyALG_DH :: PubKeyALG
PubKeyALG_Unknown :: OID -> PubKeyALG
data PubKey

-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey

-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey

-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey

-- | ECDSA format not done yet FIXME
PubKeyECDSA :: [ASN1] -> PubKey

-- | unrecognized format
PubKeyUnknown :: OID -> [Word8] -> PubKey
data ASN1StringType
UTF8 :: ASN1StringType
Printable :: ASN1StringType
Univ :: ASN1StringType
BMP :: ASN1StringType
IA5 :: ASN1StringType
T61 :: ASN1StringType
type ASN1String = (ASN1StringType, String)
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> [(OID, ASN1String)] -> [(OID, ASN1String)] -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate

-- | Certificate Version
certVersion :: Certificate -> Int

-- | Certificate Serial number
certSerial :: Certificate -> Integer

-- | Certificate Signature algorithm
certSignatureAlg :: Certificate -> SignatureALG

-- | Certificate Issuer DN
certIssuerDN :: Certificate -> [(OID, ASN1String)]

-- | Certificate Subject DN
certSubjectDN :: Certificate -> [(OID, ASN1String)]

-- | Certificate Validity period
certValidity :: Certificate -> (Time, Time)

-- | Certificate Public key
certPubKey :: Certificate -> PubKey

-- | Certificate Extensions
certExtensions :: Certificate -> Maybe [ExtensionRaw]

-- | get signing data related to a X509 message, - which is either the
--   cached data or the encoded certificate
getSigningData :: X509 -> ByteString

-- | decode an X509 from a bytestring - the structure is the following: -
--   Certificate - Certificate Signature Algorithm - Certificate Signature
decodeCertificate :: ByteString -> Either String X509

-- | encode a X509 certificate to a bytestring
encodeCertificate :: X509 -> ByteString
instance Show X509
instance Eq X509


module System.Certificate.X509
findCertificate :: (X509 -> Bool) -> IO (Maybe X509)