-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | Certificates and Key Reader/Writer -- @package certificate @version 1.3.2 -- | Read/Write Private Key module Data.Certificate.KeyDSA decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey) encodePrivate :: (PublicKey, PrivateKey) -> ByteString -- | Read/Write Private/Public RSA Key module Data.Certificate.KeyRSA decodePublic :: ByteString -> Either String PublicKey decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey) encodePublic :: PublicKey -> ByteString encodePrivate :: (PublicKey, PrivateKey) -> ByteString -- | parse a RSA pubkeys from ASN1 encoded bits. - return RSA.PublicKey -- (len-modulus, modulus, e) if successful parse_RSA :: ByteString -> Either String PublicKey -- | extension processing module. module Data.Certificate.X509.Ext type ExtensionRaw = (OID, Bool, [ASN1]) class Extension a extOID :: Extension a => a -> OID extEncode :: Extension a => a -> [ASN1] extDecode :: Extension a => [ASN1] -> Either String a data ExtBasicConstraints ExtBasicConstraints :: Bool -> ExtBasicConstraints data ExtKeyUsage ExtKeyUsage :: [ExtKeyUsageFlag] -> ExtKeyUsage -- | key usage flag that is found in the key usage extension field. data ExtKeyUsageFlag KeyUsage_digitalSignature :: ExtKeyUsageFlag KeyUsage_nonRepudiation :: ExtKeyUsageFlag KeyUsage_keyEncipherment :: ExtKeyUsageFlag KeyUsage_dataEncipherment :: ExtKeyUsageFlag KeyUsage_keyAgreement :: ExtKeyUsageFlag KeyUsage_keyCertSign :: ExtKeyUsageFlag KeyUsage_cRLSign :: ExtKeyUsageFlag KeyUsage_encipherOnly :: ExtKeyUsageFlag KeyUsage_decipherOnly :: ExtKeyUsageFlag data ExtSubjectKeyId ExtSubjectKeyId :: ByteString -> ExtSubjectKeyId data ExtSubjectAltName ExtSubjectAltName :: [String] -> ExtSubjectAltName data ExtAuthorityKeyId ExtAuthorityKeyId :: ByteString -> ExtAuthorityKeyId extensionGet :: Extension a => [ExtensionRaw] -> Maybe a instance Show ExtKeyUsageFlag instance Eq ExtKeyUsageFlag instance Ord ExtKeyUsageFlag instance Enum ExtKeyUsageFlag instance Show ExtBasicConstraints instance Eq ExtBasicConstraints instance Show ExtKeyUsage instance Eq ExtKeyUsage instance Show ExtSubjectKeyId instance Eq ExtSubjectKeyId instance Show ExtSubjectAltName instance Eq ExtSubjectAltName instance Show ExtAuthorityKeyId instance Eq ExtAuthorityKeyId instance Extension ExtAuthorityKeyId instance Extension ExtSubjectAltName instance Extension ExtSubjectKeyId instance Extension ExtKeyUsage instance Extension ExtBasicConstraints module Data.Certificate.X509.Cert data SignatureALG SignatureALG :: HashALG -> PubKeyALG -> SignatureALG SignatureALG_Unknown :: OID -> SignatureALG data HashALG HashMD2 :: HashALG HashMD5 :: HashALG HashSHA1 :: HashALG HashSHA224 :: HashALG HashSHA256 :: HashALG HashSHA384 :: HashALG HashSHA512 :: HashALG data PubKeyALG PubKeyALG_RSA :: PubKeyALG PubKeyALG_DSA :: PubKeyALG PubKeyALG_ECDSA :: PubKeyALG PubKeyALG_DH :: PubKeyALG PubKeyALG_Unknown :: OID -> PubKeyALG data PubKey -- | RSA public key PubKeyRSA :: PublicKey -> PubKey -- | DSA public key PubKeyDSA :: PublicKey -> PubKey -- | DH format with (p,g,q,j,(seed,pgenCounter)) PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey -- | ECDSA format not done yet FIXME PubKeyECDSA :: ECDSA_Hash -> ByteString -> PubKey -- | unrecognized format PubKeyUnknown :: OID -> [Word8] -> PubKey data ECDSA_Hash ECDSA_Hash_SHA384 :: ECDSA_Hash data ASN1StringType UTF8 :: ASN1StringType Printable :: ASN1StringType Univ :: ASN1StringType BMP :: ASN1StringType IA5 :: ASN1StringType T61 :: ASN1StringType type ASN1String = (ASN1StringType, String) data Certificate Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> DistinguishedName -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate -- | Certificate Version certVersion :: Certificate -> Int -- | Certificate Serial number certSerial :: Certificate -> Integer -- | Certificate Signature algorithm certSignatureAlg :: Certificate -> SignatureALG -- | Certificate Issuer DN certIssuerDN :: Certificate -> DistinguishedName -- | Certificate Subject DN certSubjectDN :: Certificate -> DistinguishedName -- | Certificate Validity period certValidity :: Certificate -> (Time, Time) -- | Certificate Public key certPubKey :: Certificate -> PubKey -- | Certificate Extensions certExtensions :: Certificate -> Maybe [ExtensionRaw] newtype DistinguishedName DistinguishedName :: [(OID, ASN1String)] -> DistinguishedName getDistinguishedElements :: DistinguishedName -> [(OID, ASN1String)] type OID = [Integer] oidCommonName :: OID oidCountry :: OID oidOrganization :: OID oidOrganizationUnit :: OID oidSig :: OID -> SignatureALG sigOID :: SignatureALG -> OID parseDN :: ParseASN1 DistinguishedName encodeDNinner :: (ASN1String -> ASN1String) -> DistinguishedName -> [ASN1] encodeDN :: DistinguishedName -> [ASN1] instance Show HashALG instance Eq HashALG instance Show PubKeyALG instance Eq PubKeyALG instance Show SignatureALG instance Eq SignatureALG instance Show ECDSA_Hash instance Eq ECDSA_Hash instance Show PubKey instance Eq PubKey instance Show CertKeyUsage instance Eq CertKeyUsage instance Show ASN1StringType instance Eq ASN1StringType instance Ord ASN1StringType instance Enum ASN1StringType instance Show DistinguishedName instance Eq DistinguishedName instance Ord DistinguishedName instance Show Certificate instance Eq Certificate instance ASN1Object Certificate instance Monoid DistinguishedName -- | Read/Write X509 certificate module Data.Certificate.X509 data X509 X509 :: Certificate -> (Maybe ByteString) -> (Maybe ByteString) -> SignatureALG -> [Word8] -> X509 -- | the certificate part of a X509 structure x509Cert :: X509 -> Certificate -- | a cache of the raw representation of the x509 part for signing since -- encoding+decoding might not result in the same data being signed. x509CachedSigningData :: X509 -> (Maybe ByteString) -- | a cache of the raw representation of the whole x509. x509CachedData :: X509 -> (Maybe ByteString) -- | the signature algorithm used. x509SignatureALG :: X509 -> SignatureALG -- | the signature. x509Signature :: X509 -> [Word8] data SignatureALG SignatureALG :: HashALG -> PubKeyALG -> SignatureALG SignatureALG_Unknown :: OID -> SignatureALG data HashALG HashMD2 :: HashALG HashMD5 :: HashALG HashSHA1 :: HashALG HashSHA224 :: HashALG HashSHA256 :: HashALG HashSHA384 :: HashALG HashSHA512 :: HashALG data PubKeyALG PubKeyALG_RSA :: PubKeyALG PubKeyALG_DSA :: PubKeyALG PubKeyALG_ECDSA :: PubKeyALG PubKeyALG_DH :: PubKeyALG PubKeyALG_Unknown :: OID -> PubKeyALG data PubKey -- | RSA public key PubKeyRSA :: PublicKey -> PubKey -- | DSA public key PubKeyDSA :: PublicKey -> PubKey -- | DH format with (p,g,q,j,(seed,pgenCounter)) PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey -- | ECDSA format not done yet FIXME PubKeyECDSA :: ECDSA_Hash -> ByteString -> PubKey -- | unrecognized format PubKeyUnknown :: OID -> [Word8] -> PubKey type OID = [Integer] data ASN1StringType UTF8 :: ASN1StringType Printable :: ASN1StringType Univ :: ASN1StringType BMP :: ASN1StringType IA5 :: ASN1StringType T61 :: ASN1StringType type ASN1String = (ASN1StringType, String) newtype DistinguishedName DistinguishedName :: [(OID, ASN1String)] -> DistinguishedName getDistinguishedElements :: DistinguishedName -> [(OID, ASN1String)] data Certificate Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> DistinguishedName -> (Time, Time) -> PubKey -> Maybe [ExtensionRaw] -> Certificate -- | Certificate Version certVersion :: Certificate -> Int -- | Certificate Serial number certSerial :: Certificate -> Integer -- | Certificate Signature algorithm certSignatureAlg :: Certificate -> SignatureALG -- | Certificate Issuer DN certIssuerDN :: Certificate -> DistinguishedName -- | Certificate Subject DN certSubjectDN :: Certificate -> DistinguishedName -- | Certificate Validity period certValidity :: Certificate -> (Time, Time) -- | Certificate Public key certPubKey :: Certificate -> PubKey -- | Certificate Extensions certExtensions :: Certificate -> Maybe [ExtensionRaw] -- | get signing data related to a X509 message, - which is either the -- cached data or the encoded certificate getSigningData :: X509 -> ByteString -- | decode an X509 from a bytestring - the structure is the following: - -- Certificate - Certificate Signature Algorithm - Certificate Signature decodeCertificate :: ByteString -> Either String X509 -- | encode a X509 certificate to a bytestring encodeCertificate :: X509 -> ByteString decodeDN :: ByteString -> Either String DistinguishedName encodeDN :: DistinguishedName -> ByteString -- | Make an openssl style hash of distinguished name hashDN :: DistinguishedName -> ByteString -- | Create an openssl style old hash of distinguished name hashDN_old :: DistinguishedName -> ByteString instance Show X509 instance Eq X509 module Data.CertificateStore -- | A Collection of certificate or store of certificates. data CertificateStore -- | Create a certificate store out of a list of X509 certificate makeCertificateStore :: [X509] -> CertificateStore -- | Find a certificate using the subject distinguished name findCertificate :: DistinguishedName -> CertificateStore -> Maybe X509 -- | List all certificates in a store listCertificates :: CertificateStore -> [X509] instance Monoid CertificateStore -- | this module is portable to unix system where there is usually a -- etcssl/certs with system X509 certificates. -- -- the path can be dynamically override using the environment variable -- defined by envPathOverride in the module, which by default is -- SYSTEM_CERTIFICATE_PATH module System.Certificate.X509.Unix getSystemCertificateStore :: IO CertificateStore module System.Certificate.X509 getSystemCertificateStore :: IO CertificateStore module System.Certificate.X509.MacOS getSystemCertificateStore :: IO CertificateStore