Copyright	(c) Leo D 2023
License	BSD-3-Clause
Maintainer	leo@apotheca.io
Stability	experimental
Portability	POSIX
Safe Haskell	Safe-Inferred
Language	Haskell2010

Botan.Bindings.X509

Description

A certificate is a binding between some identifying information (called a subject) and a public key. This binding is asserted by a signature on the certificate, which is placed there by some authority (the issuer) that at least claims that it knows the subject named in the certificate really “owns” the private key corresponding to the public key in the certificate.

The major certificate format in use today is X.509v3, used for instance in the Transport Layer Security (TLS) protocol.

Synopsis

data BotanX509CertStruct
newtype BotanX509Cert = MkBotanX509Cert {
- runBotanX509Cert :: Ptr BotanX509CertStruct
}
botan_x509_cert_destroy :: FinalizerPtr BotanX509CertStruct
botan_x509_cert_load :: Ptr BotanX509Cert -> ConstPtr Word8 -> CSize -> IO CInt
botan_x509_cert_load_file :: Ptr BotanX509Cert -> ConstPtr CChar -> IO CInt
botan_x509_cert_dup :: Ptr BotanX509Cert -> BotanX509Cert -> IO CInt
botan_x509_cert_get_time_starts :: BotanX509Cert -> Ptr CChar -> Ptr CSize -> IO CInt
botan_x509_cert_get_time_expires :: BotanX509Cert -> Ptr CChar -> Ptr CSize -> IO CInt
botan_x509_cert_not_before :: BotanX509Cert -> Ptr Word64 -> IO CInt
botan_x509_cert_not_after :: BotanX509Cert -> Ptr Word64 -> IO CInt
botan_x509_cert_get_fingerprint :: BotanX509Cert -> ConstPtr CChar -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_get_serial_number :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_get_authority_key_id :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_get_subject_key_id :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_get_public_key_bits :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_view_public_key_bits :: BotanX509Cert -> BotanViewContext ctx -> FunPtr (BotanViewBinCallback ctx) -> IO CInt
botan_x509_cert_get_public_key :: BotanX509Cert -> Ptr BotanPubKey -> IO CInt
botan_x509_cert_get_issuer_dn :: BotanX509Cert -> ConstPtr CChar -> CSize -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_get_subject_dn :: BotanX509Cert -> ConstPtr CChar -> CSize -> Ptr Word8 -> Ptr CSize -> IO CInt
botan_x509_cert_to_string :: BotanX509Cert -> Ptr CChar -> Ptr CSize -> IO CInt
botan_x509_cert_view_as_string :: BotanX509Cert -> BotanViewContext ctx -> FunPtr (BotanViewStrCallback ctx) -> IO CInt
pattern NO_CONSTRAINTS :: (Eq a, Num a) => a
pattern DIGITAL_SIGNATURE :: (Eq a, Num a) => a
pattern NON_REPUDIATION :: (Eq a, Num a) => a
pattern KEY_ENCIPHERMENT :: (Eq a, Num a) => a
pattern DATA_ENCIPHERMENT :: (Eq a, Num a) => a
pattern KEY_AGREEMENT :: (Eq a, Num a) => a
pattern KEY_CERT_SIGN :: (Eq a, Num a) => a
pattern CRL_SIGN :: (Eq a, Num a) => a
pattern ENCIPHER_ONLY :: (Eq a, Num a) => a
pattern DECIPHER_ONLY :: (Eq a, Num a) => a
botan_x509_cert_allowed_usage :: BotanX509Cert -> CUInt -> IO CInt
botan_x509_cert_hostname_match :: BotanX509Cert -> ConstPtr CChar -> IO CInt
botan_x509_cert_verify :: Ptr CInt -> BotanX509Cert -> ConstPtr BotanX509Cert -> CSize -> ConstPtr BotanX509Cert -> CSize -> ConstPtr CChar -> CSize -> ConstPtr CChar -> Word64 -> IO CInt
botan_x509_cert_validation_status :: CInt -> IO (ConstPtr CChar)
data BotanX509CRLStruct
newtype BotanX509CRL = MkBotanX509CRL {
- runBotanX509CRL :: Ptr BotanX509CRLStruct
}
botan_x509_crl_destroy :: FinalizerPtr BotanX509CRLStruct
botan_x509_crl_load_file :: Ptr BotanX509CRL -> ConstPtr CChar -> IO CInt
botan_x509_crl_load :: Ptr BotanX509CRL -> ConstPtr Word8 -> CSize -> IO CInt
botan_x509_is_revoked :: BotanX509CRL -> BotanX509Cert -> IO CInt
botan_x509_cert_verify_with_crl :: Ptr CInt -> BotanX509Cert -> ConstPtr BotanX509Cert -> CSize -> ConstPtr BotanX509Cert -> CSize -> ConstPtr BotanX509CRL -> CSize -> ConstPtr CChar -> CSize -> ConstPtr CChar -> Word64 -> IO CInt

Documentation

data BotanX509CertStruct Source #

Opaque X509Cert struct

newtype BotanX509Cert Source #

Botan X509Cert object

Constructors

MkBotanX509Cert
Fields runBotanX509Cert :: Ptr BotanX509CertStruct

Instances

Instances details

Storable BotanX509Cert Source #
Instance details Defined in Botan.Bindings.X509 Methods sizeOf :: BotanX509Cert -> Int # alignment :: BotanX509Cert -> Int # peekElemOff :: Ptr BotanX509Cert -> Int -> IO BotanX509Cert # pokeElemOff :: Ptr BotanX509Cert -> Int -> BotanX509Cert -> IO () # peekByteOff :: Ptr b -> Int -> IO BotanX509Cert # pokeByteOff :: Ptr b -> Int -> BotanX509Cert -> IO () # peek :: Ptr BotanX509Cert -> IO BotanX509Cert # poke :: Ptr BotanX509Cert -> BotanX509Cert -> IO () #
Eq BotanX509Cert Source #
Instance details Defined in Botan.Bindings.X509 Methods (==) :: BotanX509Cert -> BotanX509Cert -> Bool # (/=) :: BotanX509Cert -> BotanX509Cert -> Bool #
Ord BotanX509Cert Source #
Instance details Defined in Botan.Bindings.X509 Methods compare :: BotanX509Cert -> BotanX509Cert -> Ordering # (<) :: BotanX509Cert -> BotanX509Cert -> Bool # (<=) :: BotanX509Cert -> BotanX509Cert -> Bool # (>) :: BotanX509Cert -> BotanX509Cert -> Bool # (>=) :: BotanX509Cert -> BotanX509Cert -> Bool # max :: BotanX509Cert -> BotanX509Cert -> BotanX509Cert # min :: BotanX509Cert -> BotanX509Cert -> BotanX509Cert #

botan_x509_cert_destroy :: FinalizerPtr BotanX509CertStruct Source #

Destroy a X509Cert instance

botan_x509_cert_load Source #

Arguments

:: Ptr BotanX509Cert	cert_obj
-> ConstPtr Word8	cert[]
-> CSize	cert_len
-> IO CInt

botan_x509_cert_load_file Source #

Arguments

:: Ptr BotanX509Cert	cert_obj
-> ConstPtr CChar	filename
-> IO CInt

botan_x509_cert_dup Source #

Arguments

:: Ptr BotanX509Cert	new_cert
-> BotanX509Cert	cert
-> IO CInt

botan_x509_cert_get_time_starts Source #

Arguments

:: BotanX509Cert	cert
-> Ptr CChar	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_get_time_expires Source #

Arguments

:: BotanX509Cert	cert
-> Ptr CChar	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_not_before Source #

Arguments

:: BotanX509Cert	cert
-> Ptr Word64	time_since_epoch
-> IO CInt

botan_x509_cert_not_after Source #

Arguments

:: BotanX509Cert	cert
-> Ptr Word64	time_since_epoch
-> IO CInt

botan_x509_cert_get_fingerprint Source #

Arguments

:: BotanX509Cert	cert
-> ConstPtr CChar	hash
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_get_serial_number Source #

Arguments

:: BotanX509Cert	cert
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_get_authority_key_id Source #

Arguments

:: BotanX509Cert	cert
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_get_subject_key_id Source #

Arguments

:: BotanX509Cert	cert
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_get_public_key_bits Source #

Arguments

:: BotanX509Cert	cert
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_view_public_key_bits Source #

Arguments

:: BotanX509Cert	cert
-> BotanViewContext ctx	ctx
-> FunPtr (BotanViewBinCallback ctx)	view
-> IO CInt

botan_x509_cert_get_public_key Source #

Arguments

:: BotanX509Cert	cert
-> Ptr BotanPubKey	key
-> IO CInt

botan_x509_cert_get_issuer_dn Source #

Arguments

:: BotanX509Cert	cert
-> ConstPtr CChar	key
-> CSize	index
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_get_subject_dn Source #

Arguments

:: BotanX509Cert	cert
-> ConstPtr CChar	key
-> CSize	index
-> Ptr Word8	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_to_string Source #

Arguments

:: BotanX509Cert	cert
-> Ptr CChar	out[]
-> Ptr CSize	out_len
-> IO CInt

botan_x509_cert_view_as_string Source #

Arguments

:: BotanX509Cert	cert
-> BotanViewContext ctx	ctx
-> FunPtr (BotanViewStrCallback ctx)	view
-> IO CInt

pattern NO_CONSTRAINTS :: (Eq a, Num a) => a Source #

pattern DIGITAL_SIGNATURE :: (Eq a, Num a) => a Source #

pattern NON_REPUDIATION :: (Eq a, Num a) => a Source #

pattern KEY_ENCIPHERMENT :: (Eq a, Num a) => a Source #

pattern DATA_ENCIPHERMENT :: (Eq a, Num a) => a Source #

pattern KEY_AGREEMENT :: (Eq a, Num a) => a Source #

pattern KEY_CERT_SIGN :: (Eq a, Num a) => a Source #

pattern CRL_SIGN :: (Eq a, Num a) => a Source #

pattern ENCIPHER_ONLY :: (Eq a, Num a) => a Source #

pattern DECIPHER_ONLY :: (Eq a, Num a) => a Source #

botan_x509_cert_allowed_usage Source #

Arguments

:: BotanX509Cert	cert
-> CUInt	key_usage
-> IO CInt

botan_x509_cert_hostname_match Source #

Arguments

:: BotanX509Cert	cert
-> ConstPtr CChar	hostname
-> IO CInt

Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.

botan_x509_cert_verify Source #

Arguments

:: Ptr CInt	validation_result
-> BotanX509Cert	cert
-> ConstPtr BotanX509Cert	intermediates
-> CSize	intermediates_len
-> ConstPtr BotanX509Cert	trusted
-> CSize	trusted_len
-> ConstPtr CChar	trusted_path
-> CSize	required_strength
-> ConstPtr CChar	hostname
-> Word64	reference_time
-> IO CInt

Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result

Intermediates or trusted lists can be null Trusted path can be null

botan_x509_cert_validation_status Source #

Arguments

:: CInt	code
-> IO (ConstPtr CChar)

Returns a pointer to a static character string explaining the status code, or else NULL if unknown.

data BotanX509CRLStruct Source #

Opaque X509CRL struct

newtype BotanX509CRL Source #

Botan X509CRL object

Constructors

MkBotanX509CRL
Fields runBotanX509CRL :: Ptr BotanX509CRLStruct

Instances

Instances details

Storable BotanX509CRL Source #
Instance details Defined in Botan.Bindings.X509 Methods sizeOf :: BotanX509CRL -> Int # alignment :: BotanX509CRL -> Int # peekElemOff :: Ptr BotanX509CRL -> Int -> IO BotanX509CRL # pokeElemOff :: Ptr BotanX509CRL -> Int -> BotanX509CRL -> IO () # peekByteOff :: Ptr b -> Int -> IO BotanX509CRL # pokeByteOff :: Ptr b -> Int -> BotanX509CRL -> IO () # peek :: Ptr BotanX509CRL -> IO BotanX509CRL # poke :: Ptr BotanX509CRL -> BotanX509CRL -> IO () #
Eq BotanX509CRL Source #
Instance details Defined in Botan.Bindings.X509 Methods (==) :: BotanX509CRL -> BotanX509CRL -> Bool # (/=) :: BotanX509CRL -> BotanX509CRL -> Bool #
Ord BotanX509CRL Source #
Instance details Defined in Botan.Bindings.X509 Methods compare :: BotanX509CRL -> BotanX509CRL -> Ordering # (<) :: BotanX509CRL -> BotanX509CRL -> Bool # (<=) :: BotanX509CRL -> BotanX509CRL -> Bool # (>) :: BotanX509CRL -> BotanX509CRL -> Bool # (>=) :: BotanX509CRL -> BotanX509CRL -> Bool # max :: BotanX509CRL -> BotanX509CRL -> BotanX509CRL # min :: BotanX509CRL -> BotanX509CRL -> BotanX509CRL #

botan_x509_crl_destroy :: FinalizerPtr BotanX509CRLStruct Source #

Destroy a X509CRL instance

botan_x509_crl_load_file Source #

Arguments

:: Ptr BotanX509CRL	crl_obj
-> ConstPtr CChar	crl_path
-> IO CInt

botan_x509_crl_load Source #

Arguments

:: Ptr BotanX509CRL	crl_obj
-> ConstPtr Word8	crl_bits[]
-> CSize	crl_bits_len
-> IO CInt

botan_x509_is_revoked Source #

Arguments

:: BotanX509CRL	crl
-> BotanX509Cert	cert
-> IO CInt

Given a CRL and a certificate, check if the certificate is revoked on that particular CRL

botan_x509_cert_verify_with_crl Source #

Arguments

:: Ptr CInt	validation_result
-> BotanX509Cert	cert
-> ConstPtr BotanX509Cert	intermediates
-> CSize	intermediates_len
-> ConstPtr BotanX509Cert	trusted
-> CSize	trusted_len
-> ConstPtr BotanX509CRL	crls
-> CSize	crls_len
-> ConstPtr CChar	trusted_path
-> CSize	required_strength
-> ConstPtr CChar	hostname
-> Word64	reference_time
-> IO CInt

Different flavor of botan_x509_cert_verify, supports revocation lists. CRLs are passed as an array, same as intermediates and trusted CAs