Safe Haskell | None |
---|---|
Language | Haskell98 |
An interface to Certificate Revocation List.
- data CRL
- data RevokedCertificate = RevokedCertificate {}
- newCRL :: IO CRL
- signCRL :: KeyPair key => CRL -> key -> Maybe Digest -> IO ()
- verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatus
- printCRL :: CRL -> IO String
- sortCRL :: CRL -> IO ()
- getVersion :: CRL -> IO Int
- setVersion :: CRL -> Int -> IO ()
- getLastUpdate :: CRL -> IO UTCTime
- setLastUpdate :: CRL -> UTCTime -> IO ()
- getNextUpdate :: CRL -> IO UTCTime
- setNextUpdate :: CRL -> UTCTime -> IO ()
- getIssuerName :: CRL -> Bool -> IO [(String, String)]
- setIssuerName :: CRL -> [(String, String)] -> IO ()
- getRevokedList :: CRL -> IO [RevokedCertificate]
- addRevoked :: CRL -> RevokedCertificate -> IO ()
- getRevoked :: CRL -> Integer -> IO (Maybe RevokedCertificate)
Types
data RevokedCertificate Source
represents a revoked certificate in a
list. Each certificates are supposed to be distinguishable by
issuer name and serial number, so it is sufficient to have only
serial number on each entries.RevokedCertificate
Functions to manipulate revocation list
creates an empty revocation list. You must set the
following properties to and sign it (see newCRL
signCRL
) to actually use
the revocation list. If you have any certificates to be listed, you
must of course add them (see addRevoked
) before signing the list.
- Version
- See
setVersion
. - Last Update
- See
setLastUpdate
. - Next Update
- See
setNextUpdate
. - Issuer Name
- See
setIssuerName
.
:: KeyPair key | |
=> CRL | The revocation list to be signed. |
-> key | The private key to sign with. |
-> Maybe Digest | A hashing algorithm to use. If |
-> IO () |
signs a revocation list with an issuer private key.signCRL
verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatus Source
verifies a signature of revocation list with an
issuer public key.verifyCRL
printCRL :: CRL -> IO String Source
translates a revocation list into human-readable
format.printCRL
Accessors
getVersion :: CRL -> IO Int Source
returns the version number of revocation list.getVersion
crl
setVersion :: CRL -> Int -> IO () Source
updates the version number of revocation
list.setVersion
crl ver
getLastUpdate :: CRL -> IO UTCTime Source
returns the time when the revocation list
has last been updated.getLastUpdate
crl
setLastUpdate :: CRL -> UTCTime -> IO () Source
updates the time when the revocation
list has last been updated.setLastUpdate
crl utc
getNextUpdate :: CRL -> IO UTCTime Source
returns the time when the revocation list
will next be updated.getNextUpdate
crl
setNextUpdate :: CRL -> UTCTime -> IO () Source
updates the time when the revocation
list will next be updated.setNextUpdate
crl utc
getIssuerName :: CRL -> Bool -> IO [(String, String)] Source
returns the issuer name of
revocation list. See getIssuerName
crl wantLongNamegetIssuerName
of
OpenSSL.X509.
setIssuerName :: CRL -> [(String, String)] -> IO () Source
updates the issuer name of revocation
list. See setIssuerName
crl namesetIssuerName
of OpenSSL.X509.
getRevokedList :: CRL -> IO [RevokedCertificate] Source
returns the list of revoked certificates.getRevokedList
crl
addRevoked :: CRL -> RevokedCertificate -> IO () Source
add the certificate to the revocation
list.addRevoked
crl revoked
getRevoked :: CRL -> Integer -> IO (Maybe RevokedCertificate) Source
looks up the corresponding revocation.getRevoked
crl serial