Safe Haskell | None |
---|---|
Language | Haskell2010 |
An interface to X.509 certificate.
Synopsis
- data X509
- newX509 :: IO X509
- writeDerX509 :: X509 -> IO ByteString
- readDerX509 :: ByteString -> IO X509
- compareX509 :: X509 -> X509 -> IO Ordering
- signX509 :: KeyPair key => X509 -> key -> Maybe Digest -> IO ()
- verifyX509 :: PublicKey key => X509 -> key -> IO VerifyStatus
- printX509 :: X509 -> IO String
- getVersion :: X509 -> IO Int
- setVersion :: X509 -> Int -> IO ()
- getSerialNumber :: X509 -> IO Integer
- setSerialNumber :: X509 -> Integer -> IO ()
- getIssuerName :: X509 -> Bool -> IO [(String, String)]
- setIssuerName :: X509 -> [(String, String)] -> IO ()
- getSubjectName :: X509 -> Bool -> IO [(String, String)]
- setSubjectName :: X509 -> [(String, String)] -> IO ()
- getNotBefore :: X509 -> IO UTCTime
- setNotBefore :: X509 -> UTCTime -> IO ()
- getNotAfter :: X509 -> IO UTCTime
- setNotAfter :: X509 -> UTCTime -> IO ()
- getPublicKey :: X509 -> IO SomePublicKey
- setPublicKey :: PublicKey key => X509 -> key -> IO ()
- getSubjectEmail :: X509 -> IO [String]
Type
Functions to manipulate certificate
creates an empty certificate. You must set the
following properties to and sign it (see newX509
signX509
) to actually
use the certificate.
- Version
- See
setVersion
. - Serial number
- See
setSerialNumber
. - Issuer name
- See
setIssuerName
. - Subject name
- See
setSubjectName
. - Validity
- See
setNotBefore
andsetNotAfter
. - Public Key
- See
setPublicKey
.
writeDerX509 :: X509 -> IO ByteString Source #
writes an X.509 certificate to DER string.writeDerX509
cert
readDerX509 :: ByteString -> IO X509 Source #
reads in a certificate.readDerX509
der
compareX509 :: X509 -> X509 -> IO Ordering Source #
compares two certificates.compareX509
cert1 cert2
:: KeyPair key | |
=> X509 | The certificate to be signed. |
-> key | The private key to sign with. |
-> Maybe Digest | A hashing algorithm to use. If |
-> IO () |
signs a certificate with an issuer private key.signX509
:: PublicKey key | |
=> X509 | The certificate to be verified. |
-> key | The public key to verify with. |
-> IO VerifyStatus |
verifies a signature of certificate with an issuer
public key.verifyX509
printX509 :: X509 -> IO String Source #
translates a certificate into human-readable
format.printX509
cert
Accessors
getVersion :: X509 -> IO Int Source #
returns the version number of certificate. It
seems the number is 0-origin: version 2 means X.509 v3.getVersion
cert
setVersion :: X509 -> Int -> IO () Source #
updates the version number of certificate.setVersion
cert ver
getSerialNumber :: X509 -> IO Integer Source #
returns the serial number of certificate.getSerialNumber
cert
setSerialNumber :: X509 -> Integer -> IO () Source #
updates the serial number of
certificate.setSerialNumber
cert num
:: X509 | The certificate to examine. |
-> Bool |
|
-> IO [(String, String)] | Pairs of key and value, for example \[(\"C\", \"JP\"), (\"ST\", \"Some-State\"), ...\]. |
returns the issuer name of certificate.getIssuerName
setIssuerName :: X509 -> [(String, String)] -> IO () Source #
updates the issuer name of
certificate. Keys of each parts may be of either long form or short
form. See setIssuerName
cert namegetIssuerName
.
getSubjectName :: X509 -> Bool -> IO [(String, String)] Source #
returns the subject name of
certificate. See getSubjectName
cert wantLongNamegetIssuerName
.
setSubjectName :: X509 -> [(String, String)] -> IO () Source #
updates the subject name of
certificate. See setSubjectName
cert namesetIssuerName
.
getNotBefore :: X509 -> IO UTCTime Source #
returns the time when the certificate begins
to be valid.getNotBefore
cert
setNotBefore :: X509 -> UTCTime -> IO () Source #
updates the time when the certificate
begins to be valid.setNotBefore
cert utc
getNotAfter :: X509 -> IO UTCTime Source #
returns the time when the certificate
expires.getNotAfter
cert
setNotAfter :: X509 -> UTCTime -> IO () Source #
updates the time when the certificate
expires.setNotAfter
cert utc
getPublicKey :: X509 -> IO SomePublicKey Source #
returns the public key of the subject of
certificate.getPublicKey
cert
setPublicKey :: PublicKey key => X509 -> key -> IO () Source #
updates the public key of the subject
of certificate.setPublicKey
cert pubkey
getSubjectEmail :: X509 -> IO [String] Source #
returns every subject email addresses in
the certificate.getSubjectEmail
cert