-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Certificates and Key Reader/Writer
--
-- Certificates and Key reader/writer
--
-- At the moment only X509 certificate and unencrypted private key are
-- supported, but will include PGP certificate and pkcs8 private keys
@package certificate
@version 1.3.0
-- | Read/Write Private Key
module Data.Certificate.KeyDSA
decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
encodePrivate :: (PublicKey, PrivateKey) -> ByteString
-- | ReadWrite PrivatePublic RSA Key
module Data.Certificate.KeyRSA
decodePublic :: ByteString -> Either String PublicKey
decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
encodePublic :: PublicKey -> ByteString
encodePrivate :: (PublicKey, PrivateKey) -> ByteString
-- | parse a RSA pubkeys from ASN1 encoded bits. - return RSA.PublicKey
-- (len-modulus, modulus, e) if successful
parse_RSA :: ByteString -> Either String PublicKey
-- | extension processing module.
module Data.Certificate.X509.Ext
type ExtensionRaw = (OID, Bool, [ASN1])
class Extension a
extOID :: Extension a => a -> OID
extEncode :: Extension a => a -> [ASN1]
extDecode :: Extension a => [ASN1] -> Either String a
data ExtBasicConstraints
ExtBasicConstraints :: Bool -> ExtBasicConstraints
data ExtKeyUsage
ExtKeyUsage :: [ExtKeyUsageFlag] -> ExtKeyUsage
-- | key usage flag that is found in the key usage extension field.
data ExtKeyUsageFlag
KeyUsage_digitalSignature :: ExtKeyUsageFlag
KeyUsage_nonRepudiation :: ExtKeyUsageFlag
KeyUsage_keyEncipherment :: ExtKeyUsageFlag
KeyUsage_dataEncipherment :: ExtKeyUsageFlag
KeyUsage_keyAgreement :: ExtKeyUsageFlag
KeyUsage_keyCertSign :: ExtKeyUsageFlag
KeyUsage_cRLSign :: ExtKeyUsageFlag
KeyUsage_encipherOnly :: ExtKeyUsageFlag
KeyUsage_decipherOnly :: ExtKeyUsageFlag
data ExtSubjectKeyId
ExtSubjectKeyId :: ByteString -> ExtSubjectKeyId
data ExtSubjectAltName
ExtSubjectAltName :: [String] -> ExtSubjectAltName
data ExtAuthorityKeyId
ExtAuthorityKeyId :: ByteString -> ExtAuthorityKeyId
extensionGet :: Extension a => [ExtensionRaw] -> Maybe a
instance Show ExtKeyUsageFlag
instance Eq ExtKeyUsageFlag
instance Ord ExtKeyUsageFlag
instance Enum ExtKeyUsageFlag
instance Show ExtBasicConstraints
instance Eq ExtBasicConstraints
instance Show ExtKeyUsage
instance Eq ExtKeyUsage
instance Show ExtSubjectKeyId
instance Eq ExtSubjectKeyId
instance Show ExtSubjectAltName
instance Eq ExtSubjectAltName
instance Show ExtAuthorityKeyId
instance Eq ExtAuthorityKeyId
instance Extension ExtAuthorityKeyId
instance Extension ExtSubjectAltName
instance Extension ExtSubjectKeyId
instance Extension ExtKeyUsage
instance Extension ExtBasicConstraints
module Data.Certificate.X509.Cert
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG
data PubKeyALG
PubKeyALG_RSA :: PubKeyALG
PubKeyALG_DSA :: PubKeyALG
PubKeyALG_ECDSA :: PubKeyALG
PubKeyALG_DH :: PubKeyALG
PubKeyALG_Unknown :: OID -> PubKeyALG
data PubKey
-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey
-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey
-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey
-- | ECDSA format not done yet FIXME
PubKeyECDSA :: ECDSA_Hash -> ByteString -> PubKey
-- | unrecognized format
PubKeyUnknown :: OID -> [Word8] -> PubKey
data ECDSA_Hash
ECDSA_Hash_SHA384 :: ECDSA_Hash
data ASN1StringType
UTF8 :: ASN1StringType
Printable :: ASN1StringType
Univ :: ASN1StringType
BMP :: ASN1StringType
IA5 :: ASN1StringType
T61 :: ASN1StringType
type ASN1String = (ASN1StringType, String)
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> DistinguishedName -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate
-- | Certificate Version
certVersion :: Certificate -> Int
-- | Certificate Serial number
certSerial :: Certificate -> Integer
-- | Certificate Signature algorithm
certSignatureAlg :: Certificate -> SignatureALG
-- | Certificate Issuer DN
certIssuerDN :: Certificate -> DistinguishedName
-- | Certificate Subject DN
certSubjectDN :: Certificate -> DistinguishedName
-- | Certificate Validity period
certValidity :: Certificate -> (Time, Time)
-- | Certificate Public key
certPubKey :: Certificate -> PubKey
-- | Certificate Extensions
certExtensions :: Certificate -> Maybe [ExtensionRaw]
newtype DistinguishedName
DistinguishedName :: [(OID, ASN1String)] -> DistinguishedName
getDistinguishedElements :: DistinguishedName -> [(OID, ASN1String)]
type OID = [Integer]
oidCommonName :: OID
oidCountry :: OID
oidOrganization :: OID
oidOrganizationUnit :: OID
oidSig :: OID -> SignatureALG
sigOID :: SignatureALG -> OID
parseDN :: ParseASN1 DistinguishedName
encodeDNinner :: (ASN1String -> ASN1String) -> DistinguishedName -> [ASN1]
encodeDN :: DistinguishedName -> [ASN1]
instance Show HashALG
instance Eq HashALG
instance Show PubKeyALG
instance Eq PubKeyALG
instance Show SignatureALG
instance Eq SignatureALG
instance Show ECDSA_Hash
instance Eq ECDSA_Hash
instance Show PubKey
instance Eq PubKey
instance Show CertKeyUsage
instance Eq CertKeyUsage
instance Show ASN1StringType
instance Eq ASN1StringType
instance Ord ASN1StringType
instance Enum ASN1StringType
instance Show DistinguishedName
instance Eq DistinguishedName
instance Ord DistinguishedName
instance Show Certificate
instance Eq Certificate
instance ASN1Object Certificate
instance Monoid DistinguishedName
-- | Read/Write X509 certificate
module Data.Certificate.X509
data X509
X509 :: Certificate -> (Maybe ByteString) -> (Maybe ByteString) -> SignatureALG -> [Word8] -> X509
-- | the certificate part of a X509 structure
x509Cert :: X509 -> Certificate
-- | a cache of the raw representation of the x509 part for signing since
-- encoding+decoding might not result in the same data being signed.
x509CachedSigningData :: X509 -> (Maybe ByteString)
-- | a cache of the raw representation of the whole x509.
x509CachedData :: X509 -> (Maybe ByteString)
-- | the signature algorithm used.
x509SignatureALG :: X509 -> SignatureALG
-- | the signature.
x509Signature :: X509 -> [Word8]
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG
data PubKeyALG
PubKeyALG_RSA :: PubKeyALG
PubKeyALG_DSA :: PubKeyALG
PubKeyALG_ECDSA :: PubKeyALG
PubKeyALG_DH :: PubKeyALG
PubKeyALG_Unknown :: OID -> PubKeyALG
data PubKey
-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey
-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey
-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey
-- | ECDSA format not done yet FIXME
PubKeyECDSA :: ECDSA_Hash -> ByteString -> PubKey
-- | unrecognized format
PubKeyUnknown :: OID -> [Word8] -> PubKey
type OID = [Integer]
data ASN1StringType
UTF8 :: ASN1StringType
Printable :: ASN1StringType
Univ :: ASN1StringType
BMP :: ASN1StringType
IA5 :: ASN1StringType
T61 :: ASN1StringType
type ASN1String = (ASN1StringType, String)
newtype DistinguishedName
DistinguishedName :: [(OID, ASN1String)] -> DistinguishedName
getDistinguishedElements :: DistinguishedName -> [(OID, ASN1String)]
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> DistinguishedName -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate
-- | Certificate Version
certVersion :: Certificate -> Int
-- | Certificate Serial number
certSerial :: Certificate -> Integer
-- | Certificate Signature algorithm
certSignatureAlg :: Certificate -> SignatureALG
-- | Certificate Issuer DN
certIssuerDN :: Certificate -> DistinguishedName
-- | Certificate Subject DN
certSubjectDN :: Certificate -> DistinguishedName
-- | Certificate Validity period
certValidity :: Certificate -> (Time, Time)
-- | Certificate Public key
certPubKey :: Certificate -> PubKey
-- | Certificate Extensions
certExtensions :: Certificate -> Maybe [ExtensionRaw]
-- | get signing data related to a X509 message, - which is either the
-- cached data or the encoded certificate
getSigningData :: X509 -> ByteString
-- | decode an X509 from a bytestring - the structure is the following: -
-- Certificate - Certificate Signature Algorithm - Certificate Signature
decodeCertificate :: ByteString -> Either String X509
-- | encode a X509 certificate to a bytestring
encodeCertificate :: X509 -> ByteString
decodeDN :: ByteString -> Either String DistinguishedName
encodeDN :: DistinguishedName -> ByteString
-- | Make an openssl style hash of distinguished name
hashDN :: DistinguishedName -> ByteString
-- | Create an openssl style old hash of distinguished name
hashDN_old :: DistinguishedName -> ByteString
instance Show X509
instance Eq X509
module Data.CertificateStore
-- | A Collection of certificate or store of certificates.
data CertificateStore
-- | Create a certificate store out of a list of X509 certificate
makeCertificateStore :: [X509] -> CertificateStore
-- | Find a certificate using the subject distinguished name
findCertificate :: DistinguishedName -> CertificateStore -> Maybe X509
-- | List all certificates in a store
listCertificates :: CertificateStore -> [X509]
instance Monoid CertificateStore
-- | this module is portable to unix system where there is usually a
-- etcssl/certs with system X509 certificates.
--
-- the path can be dynamically override using the environment variable
-- defined by envPathOverride in the module, which by default is
-- SYSTEM_CERTIFICATE_PATH
module System.Certificate.X509.Unix
getSystemCertificateStore :: IO CertificateStore
module System.Certificate.X509
getSystemCertificateStore :: IO CertificateStore
module System.Certificate.X509.MacOS
getSystemCertificateStore :: IO CertificateStore