-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Certificates and Key Reader/Writer
--   
--   Certificates and Key reader/writer
--   
--   At the moment only X509 certificate and unencrypted private key are
--   supported, but will include PGP certificate and pkcs8 private keys
@package certificate
@version 1.2.7


-- | Read/Write Private Key
module Data.Certificate.KeyDSA
decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
encodePrivate :: (PublicKey, PrivateKey) -> ByteString


-- | Read<i>Write Private</i>Public RSA Key
module Data.Certificate.KeyRSA
decodePublic :: ByteString -> Either String PublicKey
decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
encodePublic :: PublicKey -> ByteString
encodePrivate :: (PublicKey, PrivateKey) -> ByteString

-- | parse a RSA pubkeys from ASN1 encoded bits. - return RSA.PublicKey
--   (len-modulus, modulus, e) if successful
parse_RSA :: ByteString -> Either String PublicKey


-- | extension processing module.
module Data.Certificate.X509.Ext
type ExtensionRaw = (OID, Bool, [ASN1])
class Extension a
extOID :: Extension a => a -> OID
extEncode :: Extension a => a -> [ASN1]
extDecode :: Extension a => [ASN1] -> Either String a
data ExtBasicConstraints
ExtBasicConstraints :: Bool -> ExtBasicConstraints
data ExtKeyUsage
ExtKeyUsage :: [ExtKeyUsageFlag] -> ExtKeyUsage

-- | key usage flag that is found in the key usage extension field.
data ExtKeyUsageFlag
KeyUsage_digitalSignature :: ExtKeyUsageFlag
KeyUsage_nonRepudiation :: ExtKeyUsageFlag
KeyUsage_keyEncipherment :: ExtKeyUsageFlag
KeyUsage_dataEncipherment :: ExtKeyUsageFlag
KeyUsage_keyAgreement :: ExtKeyUsageFlag
KeyUsage_keyCertSign :: ExtKeyUsageFlag
KeyUsage_cRLSign :: ExtKeyUsageFlag
KeyUsage_encipherOnly :: ExtKeyUsageFlag
KeyUsage_decipherOnly :: ExtKeyUsageFlag
data ExtSubjectKeyId
ExtSubjectKeyId :: ByteString -> ExtSubjectKeyId
data ExtSubjectAltName
ExtSubjectAltName :: [String] -> ExtSubjectAltName
data ExtAuthorityKeyId
ExtAuthorityKeyId :: ByteString -> ExtAuthorityKeyId
extensionGet :: Extension a => [ExtensionRaw] -> Maybe a
instance Show ExtKeyUsageFlag
instance Eq ExtKeyUsageFlag
instance Ord ExtKeyUsageFlag
instance Enum ExtKeyUsageFlag
instance Show ExtBasicConstraints
instance Eq ExtBasicConstraints
instance Show ExtKeyUsage
instance Eq ExtKeyUsage
instance Show ExtSubjectKeyId
instance Eq ExtSubjectKeyId
instance Show ExtSubjectAltName
instance Eq ExtSubjectAltName
instance Show ExtAuthorityKeyId
instance Eq ExtAuthorityKeyId
instance Extension ExtAuthorityKeyId
instance Extension ExtSubjectAltName
instance Extension ExtSubjectKeyId
instance Extension ExtKeyUsage
instance Extension ExtBasicConstraints

module Data.Certificate.X509.Cert
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG
data PubKeyALG
PubKeyALG_RSA :: PubKeyALG
PubKeyALG_DSA :: PubKeyALG
PubKeyALG_ECDSA :: PubKeyALG
PubKeyALG_DH :: PubKeyALG
PubKeyALG_Unknown :: OID -> PubKeyALG
data PubKey

-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey

-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey

-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey

-- | ECDSA format not done yet FIXME
PubKeyECDSA :: [ASN1] -> PubKey

-- | unrecognized format
PubKeyUnknown :: OID -> [Word8] -> PubKey
data ASN1StringType
UTF8 :: ASN1StringType
Printable :: ASN1StringType
Univ :: ASN1StringType
BMP :: ASN1StringType
IA5 :: ASN1StringType
T61 :: ASN1StringType
type ASN1String = (ASN1StringType, String)
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> DistinguishedName -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate

-- | Certificate Version
certVersion :: Certificate -> Int

-- | Certificate Serial number
certSerial :: Certificate -> Integer

-- | Certificate Signature algorithm
certSignatureAlg :: Certificate -> SignatureALG

-- | Certificate Issuer DN
certIssuerDN :: Certificate -> DistinguishedName

-- | Certificate Subject DN
certSubjectDN :: Certificate -> DistinguishedName

-- | Certificate Validity period
certValidity :: Certificate -> (Time, Time)

-- | Certificate Public key
certPubKey :: Certificate -> PubKey

-- | Certificate Extensions
certExtensions :: Certificate -> Maybe [ExtensionRaw]
type DistinguishedName = [(OID, ASN1String)]
type OID = [Integer]
oidCommonName :: OID
oidCountry :: OID
oidOrganization :: OID
oidOrganizationUnit :: OID
oidSig :: OID -> SignatureALG
sigOID :: SignatureALG -> OID

-- | parse header structure of a x509 certificate. the structure the
--   following: Version Serial Number Algorithm ID Issuer Validity Not
--   Before Not After Subject Subject Public Key Info Public Key Algorithm
--   Subject Public Key Issuer Unique Identifier (Optional) (&gt;= 2)
--   Subject Unique Identifier (Optional) (&gt;= 2) Extensions (Optional)
--   (&gt;= v3)
parseCertificate :: ParseASN1 Certificate
encodeCertificateHeader :: Certificate -> [ASN1]
parseDN :: ParseASN1 [(OID, ASN1String)]
encodeDN :: [(OID, ASN1String)] -> [ASN1]
instance Show HashALG
instance Eq HashALG
instance Show PubKeyALG
instance Eq PubKeyALG
instance Show SignatureALG
instance Eq SignatureALG
instance Show PubKey
instance Eq PubKey
instance Show CertKeyUsage
instance Eq CertKeyUsage
instance Show ASN1StringType
instance Eq ASN1StringType
instance Show Certificate
instance Eq Certificate


-- | Read/Write X509 certificate
module Data.Certificate.X509
data X509
X509 :: Certificate -> (Maybe ByteString) -> (Maybe ByteString) -> SignatureALG -> [Word8] -> X509

-- | the certificate part of a X509 structure
x509Cert :: X509 -> Certificate

-- | a cache of the raw representation of the x509 part for signing since
--   encoding+decoding might not result in the same data being signed.
x509CachedSigningData :: X509 -> (Maybe ByteString)

-- | a cache of the raw representation of the whole x509.
x509CachedData :: X509 -> (Maybe ByteString)

-- | the signature algorithm used.
x509SignatureALG :: X509 -> SignatureALG

-- | the signature.
x509Signature :: X509 -> [Word8]
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG
data PubKeyALG
PubKeyALG_RSA :: PubKeyALG
PubKeyALG_DSA :: PubKeyALG
PubKeyALG_ECDSA :: PubKeyALG
PubKeyALG_DH :: PubKeyALG
PubKeyALG_Unknown :: OID -> PubKeyALG
data PubKey

-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey

-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey

-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey

-- | ECDSA format not done yet FIXME
PubKeyECDSA :: [ASN1] -> PubKey

-- | unrecognized format
PubKeyUnknown :: OID -> [Word8] -> PubKey
type OID = [Integer]
data ASN1StringType
UTF8 :: ASN1StringType
Printable :: ASN1StringType
Univ :: ASN1StringType
BMP :: ASN1StringType
IA5 :: ASN1StringType
T61 :: ASN1StringType
type ASN1String = (ASN1StringType, String)
type DistinguishedName = [(OID, ASN1String)]
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> DistinguishedName -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate

-- | Certificate Version
certVersion :: Certificate -> Int

-- | Certificate Serial number
certSerial :: Certificate -> Integer

-- | Certificate Signature algorithm
certSignatureAlg :: Certificate -> SignatureALG

-- | Certificate Issuer DN
certIssuerDN :: Certificate -> DistinguishedName

-- | Certificate Subject DN
certSubjectDN :: Certificate -> DistinguishedName

-- | Certificate Validity period
certValidity :: Certificate -> (Time, Time)

-- | Certificate Public key
certPubKey :: Certificate -> PubKey

-- | Certificate Extensions
certExtensions :: Certificate -> Maybe [ExtensionRaw]

-- | get signing data related to a X509 message, - which is either the
--   cached data or the encoded certificate
getSigningData :: X509 -> ByteString

-- | decode an X509 from a bytestring - the structure is the following: -
--   Certificate - Certificate Signature Algorithm - Certificate Signature
decodeCertificate :: ByteString -> Either String X509

-- | encode a X509 certificate to a bytestring
encodeCertificate :: X509 -> ByteString
decodeDN :: ByteString -> Either String DistinguishedName
encodeDN :: DistinguishedName -> ByteString
instance Show X509
instance Eq X509


-- | this module is portable to unix system where there is usually a
--   <i>etc</i>ssl/certs with system X509 certificates.
--   
--   the path can be dynamically override using the environment variable
--   defined by envPathOverride in the module, which by default is
--   SYSTEM_CERTIFICATE_PATH
module System.Certificate.X509.Unix
getSystemPath :: IO FilePath
readAll :: IO [X509]
findCertificate :: (X509 -> Bool) -> IO (Maybe X509)


module System.Certificate.X509
findCertificate :: (X509 -> Bool) -> IO (Maybe X509)

module System.Certificate.X509.MacOS
findCertificate :: (X509 -> Bool) -> IO (Maybe X509)