HsOpenSSL-0.11.4.15: Partial OpenSSL binding for Haskell

Safe HaskellNone
LanguageHaskell2010

OpenSSL.X509

Contents

Description

An interface to X.509 certificate.

Synopsis

Type

data X509 Source #

X509 is an opaque object that represents X.509 certificate.

Functions to manipulate certificate

newX509 :: IO X509 Source #

newX509 creates an empty certificate. You must set the following properties to and sign it (see signX509) to actually use the certificate.

Version
See setVersion.
Serial number
See setSerialNumber.
Issuer name
See setIssuerName.
Subject name
See setSubjectName.
Validity
See setNotBefore and setNotAfter.
Public Key
See setPublicKey.

writeDerX509 :: X509 -> IO ByteString Source #

writeDerX509 cert writes an X.509 certificate to DER string.

readDerX509 :: ByteString -> IO X509 Source #

readDerX509 der reads in a certificate.

compareX509 :: X509 -> X509 -> IO Ordering Source #

compareX509 cert1 cert2 compares two certificates.

signX509 Source #

Arguments

:: KeyPair key 
=> X509

The certificate to be signed.

-> key

The private key to sign with.

-> Maybe Digest

A hashing algorithm to use. If Nothing the most suitable algorithm for the key is automatically used.

-> IO () 

signX509 signs a certificate with an issuer private key.

verifyX509 Source #

Arguments

:: PublicKey key 
=> X509

The certificate to be verified.

-> key

The public key to verify with.

-> IO VerifyStatus 

verifyX509 verifies a signature of certificate with an issuer public key.

printX509 :: X509 -> IO String Source #

printX509 cert translates a certificate into human-readable format.

Accessors

getVersion :: X509 -> IO Int Source #

getVersion cert returns the version number of certificate. It seems the number is 0-origin: version 2 means X.509 v3.

setVersion :: X509 -> Int -> IO () Source #

setVersion cert ver updates the version number of certificate.

getSerialNumber :: X509 -> IO Integer Source #

getSerialNumber cert returns the serial number of certificate.

setSerialNumber :: X509 -> Integer -> IO () Source #

setSerialNumber cert num updates the serial number of certificate.

getIssuerName Source #

Arguments

:: X509

The certificate to examine.

-> Bool

True if you want the keys of each parts to be of long form (e.g. "commonName"), or False if you don't (e.g. "CN").

-> IO [(String, String)]

Pairs of key and value, for example \[(\"C\", \"JP\"), (\"ST\", \"Some-State\"), ...\].

getIssuerName returns the issuer name of certificate.

setIssuerName :: X509 -> [(String, String)] -> IO () Source #

setIssuerName cert name updates the issuer name of certificate. Keys of each parts may be of either long form or short form. See getIssuerName.

getSubjectName :: X509 -> Bool -> IO [(String, String)] Source #

getSubjectName cert wantLongName returns the subject name of certificate. See getIssuerName.

setSubjectName :: X509 -> [(String, String)] -> IO () Source #

setSubjectName cert name updates the subject name of certificate. See setIssuerName.

getNotBefore :: X509 -> IO UTCTime Source #

getNotBefore cert returns the time when the certificate begins to be valid.

setNotBefore :: X509 -> UTCTime -> IO () Source #

setNotBefore cert utc updates the time when the certificate begins to be valid.

getNotAfter :: X509 -> IO UTCTime Source #

getNotAfter cert returns the time when the certificate expires.

setNotAfter :: X509 -> UTCTime -> IO () Source #

setNotAfter cert utc updates the time when the certificate expires.

getPublicKey :: X509 -> IO SomePublicKey Source #

getPublicKey cert returns the public key of the subject of certificate.

setPublicKey :: PublicKey key => X509 -> key -> IO () Source #

setPublicKey cert pubkey updates the public key of the subject of certificate.

getSubjectEmail :: X509 -> IO [String] Source #

getSubjectEmail cert returns every subject email addresses in the certificate.