Copyright | (c) Leo D 2023 |
---|---|
License | BSD-3-Clause |
Maintainer | leo@apotheca.io |
Stability | experimental |
Portability | POSIX |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
A certificate is a binding between some identifying information (called a subject) and a public key. This binding is asserted by a signature on the certificate, which is placed there by some authority (the issuer) that at least claims that it knows the subject named in the certificate really “owns” the private key corresponding to the public key in the certificate.
The major certificate format in use today is X.509v3, used for instance in the Transport Layer Security (TLS) protocol.
Synopsis
- data BotanX509CertStruct
- newtype BotanX509Cert = MkBotanX509Cert {}
- botan_x509_cert_destroy :: FinalizerPtr BotanX509CertStruct
- botan_x509_cert_load :: Ptr BotanX509Cert -> ConstPtr Word8 -> CSize -> IO CInt
- botan_x509_cert_load_file :: Ptr BotanX509Cert -> ConstPtr CChar -> IO CInt
- botan_x509_cert_dup :: Ptr BotanX509Cert -> BotanX509Cert -> IO CInt
- botan_x509_cert_get_time_starts :: BotanX509Cert -> Ptr CChar -> Ptr CSize -> IO CInt
- botan_x509_cert_get_time_expires :: BotanX509Cert -> Ptr CChar -> Ptr CSize -> IO CInt
- botan_x509_cert_not_before :: BotanX509Cert -> Ptr Word64 -> IO CInt
- botan_x509_cert_not_after :: BotanX509Cert -> Ptr Word64 -> IO CInt
- botan_x509_cert_get_fingerprint :: BotanX509Cert -> ConstPtr CChar -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_get_serial_number :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_get_authority_key_id :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_get_subject_key_id :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_get_public_key_bits :: BotanX509Cert -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_view_public_key_bits :: BotanX509Cert -> BotanViewContext ctx -> FunPtr (BotanViewBinCallback ctx) -> IO CInt
- botan_x509_cert_get_public_key :: BotanX509Cert -> Ptr BotanPubKey -> IO CInt
- botan_x509_cert_get_issuer_dn :: BotanX509Cert -> ConstPtr CChar -> CSize -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_get_subject_dn :: BotanX509Cert -> ConstPtr CChar -> CSize -> Ptr Word8 -> Ptr CSize -> IO CInt
- botan_x509_cert_to_string :: BotanX509Cert -> Ptr CChar -> Ptr CSize -> IO CInt
- botan_x509_cert_view_as_string :: BotanX509Cert -> BotanViewContext ctx -> FunPtr (BotanViewStrCallback ctx) -> IO CInt
- pattern NO_CONSTRAINTS :: (Eq a, Num a) => a
- pattern DIGITAL_SIGNATURE :: (Eq a, Num a) => a
- pattern NON_REPUDIATION :: (Eq a, Num a) => a
- pattern KEY_ENCIPHERMENT :: (Eq a, Num a) => a
- pattern DATA_ENCIPHERMENT :: (Eq a, Num a) => a
- pattern KEY_AGREEMENT :: (Eq a, Num a) => a
- pattern KEY_CERT_SIGN :: (Eq a, Num a) => a
- pattern CRL_SIGN :: (Eq a, Num a) => a
- pattern ENCIPHER_ONLY :: (Eq a, Num a) => a
- pattern DECIPHER_ONLY :: (Eq a, Num a) => a
- botan_x509_cert_allowed_usage :: BotanX509Cert -> CUInt -> IO CInt
- botan_x509_cert_hostname_match :: BotanX509Cert -> ConstPtr CChar -> IO CInt
- botan_x509_cert_verify :: Ptr CInt -> BotanX509Cert -> ConstPtr BotanX509Cert -> CSize -> ConstPtr BotanX509Cert -> CSize -> ConstPtr CChar -> CSize -> ConstPtr CChar -> Word64 -> IO CInt
- botan_x509_cert_validation_status :: CInt -> IO (ConstPtr CChar)
- data BotanX509CRLStruct
- newtype BotanX509CRL = MkBotanX509CRL {}
- botan_x509_crl_destroy :: FinalizerPtr BotanX509CRLStruct
- botan_x509_crl_load_file :: Ptr BotanX509CRL -> ConstPtr CChar -> IO CInt
- botan_x509_crl_load :: Ptr BotanX509CRL -> ConstPtr Word8 -> CSize -> IO CInt
- botan_x509_is_revoked :: BotanX509CRL -> BotanX509Cert -> IO CInt
- botan_x509_cert_verify_with_crl :: Ptr CInt -> BotanX509Cert -> ConstPtr BotanX509Cert -> CSize -> ConstPtr BotanX509Cert -> CSize -> ConstPtr BotanX509CRL -> CSize -> ConstPtr CChar -> CSize -> ConstPtr CChar -> Word64 -> IO CInt
Documentation
data BotanX509CertStruct Source #
Opaque X509Cert struct
newtype BotanX509Cert Source #
Botan X509Cert object
Instances
botan_x509_cert_destroy :: FinalizerPtr BotanX509CertStruct Source #
Destroy a X509Cert instance
:: Ptr BotanX509Cert | new_cert |
-> BotanX509Cert | cert |
-> IO CInt |
botan_x509_cert_not_before Source #
:: BotanX509Cert | cert |
-> Ptr Word64 | time_since_epoch |
-> IO CInt |
botan_x509_cert_not_after Source #
:: BotanX509Cert | cert |
-> Ptr Word64 | time_since_epoch |
-> IO CInt |
botan_x509_cert_view_public_key_bits Source #
:: BotanX509Cert | cert |
-> BotanViewContext ctx | ctx |
-> FunPtr (BotanViewBinCallback ctx) | view |
-> IO CInt |
botan_x509_cert_get_public_key Source #
:: BotanX509Cert | cert |
-> Ptr BotanPubKey | key |
-> IO CInt |
botan_x509_cert_view_as_string Source #
:: BotanX509Cert | cert |
-> BotanViewContext ctx | ctx |
-> FunPtr (BotanViewStrCallback ctx) | view |
-> IO CInt |
pattern NO_CONSTRAINTS :: (Eq a, Num a) => a Source #
pattern DIGITAL_SIGNATURE :: (Eq a, Num a) => a Source #
pattern NON_REPUDIATION :: (Eq a, Num a) => a Source #
pattern KEY_ENCIPHERMENT :: (Eq a, Num a) => a Source #
pattern DATA_ENCIPHERMENT :: (Eq a, Num a) => a Source #
pattern KEY_AGREEMENT :: (Eq a, Num a) => a Source #
pattern KEY_CERT_SIGN :: (Eq a, Num a) => a Source #
pattern ENCIPHER_ONLY :: (Eq a, Num a) => a Source #
pattern DECIPHER_ONLY :: (Eq a, Num a) => a Source #
botan_x509_cert_allowed_usage Source #
:: BotanX509Cert | cert |
-> CUInt | key_usage |
-> IO CInt |
botan_x509_cert_hostname_match Source #
:: BotanX509Cert | cert |
-> ConstPtr CChar | hostname |
-> IO CInt |
Check if the certificate matches the specified hostname via alternative name or CN match. RFC 5280 wildcards also supported.
botan_x509_cert_verify Source #
:: Ptr CInt | validation_result |
-> BotanX509Cert | cert |
-> ConstPtr BotanX509Cert | intermediates |
-> CSize | intermediates_len |
-> ConstPtr BotanX509Cert | trusted |
-> CSize | trusted_len |
-> ConstPtr CChar | trusted_path |
-> CSize | required_strength |
-> ConstPtr CChar | hostname |
-> Word64 | reference_time |
-> IO CInt |
Returns 0 if the validation was successful, 1 if validation failed, and negative on error. A status code with details is written to *validation_result
Intermediates or trusted lists can be null Trusted path can be null
botan_x509_cert_validation_status Source #
Returns a pointer to a static character string explaining the status code, or else NULL if unknown.
data BotanX509CRLStruct Source #
Opaque X509CRL struct
newtype BotanX509CRL Source #
Botan X509CRL object
Instances
Storable BotanX509CRL Source # | |
Defined in Botan.Bindings.X509 sizeOf :: BotanX509CRL -> Int # alignment :: BotanX509CRL -> Int # peekElemOff :: Ptr BotanX509CRL -> Int -> IO BotanX509CRL # pokeElemOff :: Ptr BotanX509CRL -> Int -> BotanX509CRL -> IO () # peekByteOff :: Ptr b -> Int -> IO BotanX509CRL # pokeByteOff :: Ptr b -> Int -> BotanX509CRL -> IO () # peek :: Ptr BotanX509CRL -> IO BotanX509CRL # poke :: Ptr BotanX509CRL -> BotanX509CRL -> IO () # | |
Eq BotanX509CRL Source # | |
Defined in Botan.Bindings.X509 (==) :: BotanX509CRL -> BotanX509CRL -> Bool # (/=) :: BotanX509CRL -> BotanX509CRL -> Bool # | |
Ord BotanX509CRL Source # | |
Defined in Botan.Bindings.X509 compare :: BotanX509CRL -> BotanX509CRL -> Ordering # (<) :: BotanX509CRL -> BotanX509CRL -> Bool # (<=) :: BotanX509CRL -> BotanX509CRL -> Bool # (>) :: BotanX509CRL -> BotanX509CRL -> Bool # (>=) :: BotanX509CRL -> BotanX509CRL -> Bool # max :: BotanX509CRL -> BotanX509CRL -> BotanX509CRL # min :: BotanX509CRL -> BotanX509CRL -> BotanX509CRL # |
botan_x509_crl_destroy :: FinalizerPtr BotanX509CRLStruct Source #
Destroy a X509CRL instance
botan_x509_is_revoked Source #
:: BotanX509CRL | crl |
-> BotanX509Cert | cert |
-> IO CInt |
Given a CRL and a certificate, check if the certificate is revoked on that particular CRL
botan_x509_cert_verify_with_crl Source #
:: Ptr CInt | validation_result |
-> BotanX509Cert | cert |
-> ConstPtr BotanX509Cert | intermediates |
-> CSize | intermediates_len |
-> ConstPtr BotanX509Cert | trusted |
-> CSize | trusted_len |
-> ConstPtr BotanX509CRL | crls |
-> CSize | crls_len |
-> ConstPtr CChar | trusted_path |
-> CSize | required_strength |
-> ConstPtr CChar | hostname |
-> Word64 | reference_time |
-> IO CInt |
Different flavor of botan_x509_cert_verify
, supports revocation lists.
CRLs are passed as an array, same as intermediates and trusted CAs