Copyright	(c) Alexey Radkov 2024
License	BSD-style
Maintainer	alexey.radkov@gmail.com
Stability	experimental
Portability	portable
Safe Haskell	Safe-Inferred
Language	Haskell2010

Data.X509.OCSP

Description

Encode and decode X509 OCSP requests and responses.

This module complies with rfc6960.

Synopsis

data CertId = CertId {
}
encodeOCSPRequestASN1 :: Certificate -> Certificate -> ([ASN1], CertId)
encodeOCSPRequest :: Certificate -> Certificate -> (ByteString, CertId)
data OCSPResponse = OCSPResponse {
- ocspRespStatus :: OCSPResponseStatus
- ocspRespPayload :: Maybe OCSPResponsePayload
}
data OCSPResponseStatus
data OCSPResponsePayload = OCSPResponsePayload {
- ocspRespCertData :: OCSPResponseCertData
- ocspRespData :: [ASN1]
}
data OCSPResponseCertData = OCSPResponseCertData {
}
data OCSPResponseCertStatus
decodeOCSPResponse :: CertId -> ByteString -> Either ASN1Error (Maybe OCSPResponse)

Documentation

data CertId Source #

Certificate Id.

This data is used when building OCSP requests and parsing OCSP responses.

Constructors

CertId
Fields certIdIssuerNameHash :: ByteString Value of issuerNameHash as defined in rfc6960 certIdIssuerKeyHash :: ByteString Value of issuerKeyHash as defined in rfc6960 certIdSerialNumber :: Integer Serial number of checked certificate

Instances

Instances details

Show CertId Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> CertId -> ShowS # show :: CertId -> String # showList :: [CertId] -> ShowS #
Eq CertId Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: CertId -> CertId -> Bool # (/=) :: CertId -> CertId -> Bool #

encodeOCSPRequestASN1 Source #

Arguments

:: Certificate	Issuer certificate
-> Certificate	Checked certificate
-> ([ASN1], CertId)

Build and encode OCSP request in ASN1 format.

The returned value contains the encoded request and an object of type CertId with hashes calculated by SHA1 algorithm.

encodeOCSPRequest Source #

Arguments

:: Certificate	Issuer certificate
-> Certificate	Checked certificate
-> (ByteString, CertId)

Build and encode OCSP request in ASN1 DER format.

The returned value contains the encoded request and an object of type CertId with hashes calculated by SHA1 algorithm.

data OCSPResponse Source #

OCSP response data.

Constructors

OCSPResponse
Fields ocspRespStatus :: OCSPResponseStatus Response status ocspRespPayload :: Maybe OCSPResponsePayload Response payload data

Instances

Instances details

Show OCSPResponse Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponse -> ShowS # show :: OCSPResponse -> String # showList :: [OCSPResponse] -> ShowS #
Eq OCSPResponse Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponse -> OCSPResponse -> Bool # (/=) :: OCSPResponse -> OCSPResponse -> Bool #

data OCSPResponseStatus Source #

Status of OCSP response as defined in rfc6960.

Constructors

OCSPRespSuccessful
OCSPRespMalformedRequest
OCSPRespInternalError
OCSPRespUnused1
OCSPRespTryLater
OCSPRespSigRequired
OCSPRespUnauthorized

Instances

Instances details

Bounded OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods minBound :: OCSPResponseStatus # maxBound :: OCSPResponseStatus #
Enum OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods succ :: OCSPResponseStatus -> OCSPResponseStatus # pred :: OCSPResponseStatus -> OCSPResponseStatus # toEnum :: Int -> OCSPResponseStatus # fromEnum :: OCSPResponseStatus -> Int # enumFrom :: OCSPResponseStatus -> [OCSPResponseStatus] # enumFromThen :: OCSPResponseStatus -> OCSPResponseStatus -> [OCSPResponseStatus] # enumFromTo :: OCSPResponseStatus -> OCSPResponseStatus -> [OCSPResponseStatus] # enumFromThenTo :: OCSPResponseStatus -> OCSPResponseStatus -> OCSPResponseStatus -> [OCSPResponseStatus] #
Show OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponseStatus -> ShowS # show :: OCSPResponseStatus -> String # showList :: [OCSPResponseStatus] -> ShowS #
Eq OCSPResponseStatus Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponseStatus -> OCSPResponseStatus -> Bool # (/=) :: OCSPResponseStatus -> OCSPResponseStatus -> Bool #

data OCSPResponsePayload Source #

OCSP response payload data.

Constructors

OCSPResponsePayload
Fields ocspRespCertData :: OCSPResponseCertData Checked certificate data ocspRespData :: [ASN1] Whole response payload

Instances

Instances details

Show OCSPResponsePayload Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponsePayload -> ShowS # show :: OCSPResponsePayload -> String # showList :: [OCSPResponsePayload] -> ShowS #
Eq OCSPResponsePayload Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponsePayload -> OCSPResponsePayload -> Bool # (/=) :: OCSPResponsePayload -> OCSPResponsePayload -> Bool #

data OCSPResponseCertData Source #

OCSP response certificate data.

Constructors

OCSPResponseCertData
Fields ocspRespCertStatus :: OCSPResponseCertStatus Status of checked certificate ocspRespCertThisUpdate :: ASN1 Value of thisUpdate as defined in rfc6960 ocspRespCertNextUpdate :: Maybe ASN1 Value of nextUpdate as defined in rfc6960

Instances

Instances details

Show OCSPResponseCertData Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponseCertData -> ShowS # show :: OCSPResponseCertData -> String # showList :: [OCSPResponseCertData] -> ShowS #
Eq OCSPResponseCertData Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponseCertData -> OCSPResponseCertData -> Bool # (/=) :: OCSPResponseCertData -> OCSPResponseCertData -> Bool #

data OCSPResponseCertStatus Source #

Status of the checked certificate as defined in rfc6960.

Constructors

OCSPRespCertGood
OCSPRespCertRevoked
OCSPRespCertUnknown

Instances

Instances details

Bounded OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods minBound :: OCSPResponseCertStatus # maxBound :: OCSPResponseCertStatus #
Enum OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods succ :: OCSPResponseCertStatus -> OCSPResponseCertStatus # pred :: OCSPResponseCertStatus -> OCSPResponseCertStatus # toEnum :: Int -> OCSPResponseCertStatus # fromEnum :: OCSPResponseCertStatus -> Int # enumFrom :: OCSPResponseCertStatus -> [OCSPResponseCertStatus] # enumFromThen :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> [OCSPResponseCertStatus] # enumFromTo :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> [OCSPResponseCertStatus] # enumFromThenTo :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> OCSPResponseCertStatus -> [OCSPResponseCertStatus] #
Show OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods showsPrec :: Int -> OCSPResponseCertStatus -> ShowS # show :: OCSPResponseCertStatus -> String # showList :: [OCSPResponseCertStatus] -> ShowS #
Eq OCSPResponseCertStatus Source #
Instance details Defined in Data.X509.OCSP Methods (==) :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> Bool # (/=) :: OCSPResponseCertStatus -> OCSPResponseCertStatus -> Bool #

decodeOCSPResponse Source #

Arguments

:: CertId	Certificate Id
-> ByteString	OCSP response
-> Either ASN1Error (Maybe OCSPResponse)

Decode OCSP response.

Value of the certificate id is expected to be equal to what was returned by encodeOCSPRequest: it is used to check the correctness of the response.

Left value gets returned on parse errors detected by decodeASN1. Right value with Nothing gets returned on unexpected ASN1 contents.