-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | X509 reader and writer
--   
--   X509 reader and writer
@package x509
@version 1.6.4


-- | Read/Write X509 Certificate, CRL and their signed equivalents.
--   
--   Follows RFC5280 / RFC6818
module Data.X509

-- | A Signed Certificate
type SignedCertificate = SignedExact Certificate

-- | A Signed CRL
type SignedCRL = SignedExact CRL

-- | X.509 Certificate type.
--   
--   This type doesn't include the signature, it's describe in the RFC as
--   tbsCertificate.
data Certificate
Certificate :: Int -> Integer -> SignatureALG -> DistinguishedName -> (DateTime, DateTime) -> DistinguishedName -> PubKey -> Extensions -> Certificate

-- | Version
[certVersion] :: Certificate -> Int

-- | Serial number
[certSerial] :: Certificate -> Integer

-- | Signature algorithm
[certSignatureAlg] :: Certificate -> SignatureALG

-- | Issuer DN
[certIssuerDN] :: Certificate -> DistinguishedName

-- | Validity period (UTC)
[certValidity] :: Certificate -> (DateTime, DateTime)

-- | Subject DN
[certSubjectDN] :: Certificate -> DistinguishedName

-- | Public key
[certPubKey] :: Certificate -> PubKey

-- | Extensions
[certExtensions] :: Certificate -> Extensions

-- | Public key types known and used in X.509
data PubKey

-- | RSA public key
PubKeyRSA :: PublicKey -> PubKey

-- | DSA public key
PubKeyDSA :: PublicKey -> PubKey

-- | DH format with (p,g,q,j,(seed,pgenCounter))
PubKeyDH :: (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) -> PubKey

-- | EC public key
PubKeyEC :: PubKeyEC -> PubKey

-- | unrecognized format
PubKeyUnknown :: OID -> ByteString -> PubKey

-- | Elliptic Curve Public Key
--   
--   TODO: missing support for binary curve.
data PubKeyEC
PubKeyEC_Prime :: SerializedPoint -> Integer -> Integer -> Integer -> SerializedPoint -> Integer -> Integer -> Integer -> PubKeyEC
[pubkeyEC_pub] :: PubKeyEC -> SerializedPoint
[pubkeyEC_a] :: PubKeyEC -> Integer
[pubkeyEC_b] :: PubKeyEC -> Integer
[pubkeyEC_prime] :: PubKeyEC -> Integer
[pubkeyEC_generator] :: PubKeyEC -> SerializedPoint
[pubkeyEC_order] :: PubKeyEC -> Integer
[pubkeyEC_cofactor] :: PubKeyEC -> Integer
[pubkeyEC_seed] :: PubKeyEC -> Integer
PubKeyEC_Named :: CurveName -> SerializedPoint -> PubKeyEC
[pubkeyEC_name] :: PubKeyEC -> CurveName
[pubkeyEC_pub] :: PubKeyEC -> SerializedPoint

-- | Serialized Elliptic Curve Point
newtype SerializedPoint
SerializedPoint :: ByteString -> SerializedPoint

-- | Private key types known and used in X.509
data PrivKey

-- | RSA private key
PrivKeyRSA :: PrivateKey -> PrivKey

-- | DSA private key
PrivKeyDSA :: PrivateKey -> PrivKey

-- | Convert a Public key to the Public Key Algorithm type
pubkeyToAlg :: PubKey -> PubKeyALG

-- | Convert a Public key to the Public Key Algorithm type
privkeyToAlg :: PrivKey -> PubKeyALG

-- | Hash Algorithm
data HashALG
HashMD2 :: HashALG
HashMD5 :: HashALG
HashSHA1 :: HashALG
HashSHA224 :: HashALG
HashSHA256 :: HashALG
HashSHA384 :: HashALG
HashSHA512 :: HashALG

-- | Public Key Algorithm
data PubKeyALG

-- | RSA Public Key algorithm
PubKeyALG_RSA :: PubKeyALG

-- | DSA Public Key algorithm
PubKeyALG_DSA :: PubKeyALG

-- | ECDSA &amp; ECDH Public Key algorithm
PubKeyALG_EC :: PubKeyALG

-- | Diffie Hellman Public Key algorithm
PubKeyALG_DH :: PubKeyALG

-- | Unknown Public Key algorithm
PubKeyALG_Unknown :: OID -> PubKeyALG

-- | Signature Algorithm often composed of a public key algorithm and a
--   hash algorithm
data SignatureALG
SignatureALG :: HashALG -> PubKeyALG -> SignatureALG
SignatureALG_Unknown :: OID -> SignatureALG

-- | Extension class.
--   
--   each extension have a unique OID associated, and a way to encode and
--   decode an ASN1 stream.
class Extension a
extOID :: Extension a => a -> OID
extEncode :: Extension a => a -> [ASN1]
extDecode :: Extension a => [ASN1] -> Either String a

-- | Basic Constraints
data ExtBasicConstraints
ExtBasicConstraints :: Bool -> (Maybe Integer) -> ExtBasicConstraints

-- | Describe key usage
data ExtKeyUsage
ExtKeyUsage :: [ExtKeyUsageFlag] -> ExtKeyUsage

-- | key usage flag that is found in the key usage extension field.
data ExtKeyUsageFlag
KeyUsage_digitalSignature :: ExtKeyUsageFlag
KeyUsage_nonRepudiation :: ExtKeyUsageFlag
KeyUsage_keyEncipherment :: ExtKeyUsageFlag
KeyUsage_dataEncipherment :: ExtKeyUsageFlag
KeyUsage_keyAgreement :: ExtKeyUsageFlag
KeyUsage_keyCertSign :: ExtKeyUsageFlag
KeyUsage_cRLSign :: ExtKeyUsageFlag
KeyUsage_encipherOnly :: ExtKeyUsageFlag
KeyUsage_decipherOnly :: ExtKeyUsageFlag

-- | Extended key usage extension
data ExtExtendedKeyUsage
ExtExtendedKeyUsage :: [ExtKeyUsagePurpose] -> ExtExtendedKeyUsage

-- | Key usage purposes for the ExtendedKeyUsage extension
data ExtKeyUsagePurpose
KeyUsagePurpose_ServerAuth :: ExtKeyUsagePurpose
KeyUsagePurpose_ClientAuth :: ExtKeyUsagePurpose
KeyUsagePurpose_CodeSigning :: ExtKeyUsagePurpose
KeyUsagePurpose_EmailProtection :: ExtKeyUsagePurpose
KeyUsagePurpose_TimeStamping :: ExtKeyUsagePurpose
KeyUsagePurpose_OCSPSigning :: ExtKeyUsagePurpose
KeyUsagePurpose_Unknown :: OID -> ExtKeyUsagePurpose

-- | Provide a way to identify a public key by a short hash.
data ExtSubjectKeyId
ExtSubjectKeyId :: ByteString -> ExtSubjectKeyId

-- | Provide a way to supply alternate name that can be used for matching
--   host name.
data ExtSubjectAltName
ExtSubjectAltName :: [AltName] -> ExtSubjectAltName

-- | Provide a mean to identify the public key corresponding to the private
--   key used to signed a certificate.
data ExtAuthorityKeyId
ExtAuthorityKeyId :: ByteString -> ExtAuthorityKeyId

-- | Identify how CRL information is obtained
data ExtCrlDistributionPoints
ExtCrlDistributionPoints :: [DistributionPoint] -> ExtCrlDistributionPoints

-- | Different naming scheme use by the extension.
--   
--   Not all name types are available, missing: otherName x400Address
--   directoryName ediPartyName registeredID
data AltName
AltNameRFC822 :: String -> AltName
AltNameDNS :: String -> AltName
AltNameURI :: String -> AltName
AltNameIP :: ByteString -> AltName
AltNameXMPP :: String -> AltName
AltNameDNSSRV :: String -> AltName

-- | Distribution point as either some GeneralNames or a DN
data DistributionPoint
DistributionPointFullName :: [AltName] -> DistributionPoint
DistributionNameRelative :: DistinguishedName -> DistributionPoint

-- | Reason flag for the CRL
data ReasonFlag
Reason_Unused :: ReasonFlag
Reason_KeyCompromise :: ReasonFlag
Reason_CACompromise :: ReasonFlag
Reason_AffiliationChanged :: ReasonFlag
Reason_Superseded :: ReasonFlag
Reason_CessationOfOperation :: ReasonFlag
Reason_CertificateHold :: ReasonFlag
Reason_PrivilegeWithdrawn :: ReasonFlag
Reason_AACompromise :: ReasonFlag

-- | Get a specific extension from a lists of raw extensions
extensionGet :: Extension a => Extensions -> Maybe a

-- | Get a specific extension from a lists of raw extensions
extensionGetE :: Extension a => Extensions -> Maybe (Either String a)

-- | Try to decode an ExtensionRaw.
--   
--   If this function return: * Nothing, the OID doesn't match * Just Left,
--   the OID matched, but the extension couldn't be decoded * Just Right,
--   the OID matched, and the extension has been succesfully decoded
extensionDecode :: Extension a => ExtensionRaw -> Maybe (Either String a)

-- | Encode an Extension to extensionRaw
extensionEncode :: Extension a => Bool -> a -> ExtensionRaw

-- | An undecoded extension
data ExtensionRaw
ExtensionRaw :: OID -> Bool -> [ASN1] -> ExtensionRaw

-- | OID of this extension
[extRawOID] :: ExtensionRaw -> OID

-- | if this extension is critical
[extRawCritical] :: ExtensionRaw -> Bool

-- | the associated ASN1
[extRawASN1] :: ExtensionRaw -> [ASN1]

-- | a Set of <a>ExtensionRaw</a>
newtype Extensions
Extensions :: (Maybe [ExtensionRaw]) -> Extensions

-- | Describe a Certificate revocation list
data CRL
CRL :: Integer -> SignatureALG -> DistinguishedName -> DateTime -> Maybe DateTime -> [RevokedCertificate] -> Extensions -> CRL
[crlVersion] :: CRL -> Integer
[crlSignatureAlg] :: CRL -> SignatureALG
[crlIssuer] :: CRL -> DistinguishedName
[crlThisUpdate] :: CRL -> DateTime
[crlNextUpdate] :: CRL -> Maybe DateTime
[crlRevokedCertificates] :: CRL -> [RevokedCertificate]
[crlExtensions] :: CRL -> Extensions

-- | Describe a revoked certificate identifiable by serial number.
data RevokedCertificate
RevokedCertificate :: Integer -> DateTime -> Extensions -> RevokedCertificate
[revokedSerialNumber] :: RevokedCertificate -> Integer
[revokedDate] :: RevokedCertificate -> DateTime
[revokedExtensions] :: RevokedCertificate -> Extensions

-- | A list of OID and strings.
newtype DistinguishedName
DistinguishedName :: [(OID, ASN1CharacterString)] -> DistinguishedName
[getDistinguishedElements] :: DistinguishedName -> [(OID, ASN1CharacterString)]

-- | Elements commonly available in a <a>DistinguishedName</a> structure
data DnElement

-- | CN
DnCommonName :: DnElement

-- | Country
DnCountry :: DnElement

-- | O
DnOrganization :: DnElement

-- | OU
DnOrganizationUnit :: DnElement

-- | Email Address (legacy)
DnEmailAddress :: DnElement

-- | ASN1 Character String with encoding
data ASN1CharacterString :: *
ASN1CharacterString :: ASN1StringEncoding -> ByteString -> ASN1CharacterString
[characterEncoding] :: ASN1CharacterString -> ASN1StringEncoding
[getCharacterStringRawData] :: ASN1CharacterString -> ByteString

-- | Try to get a specific element in a <a>DistinguishedName</a> structure
getDnElement :: DnElement -> DistinguishedName -> Maybe ASN1CharacterString

-- | A chain of X.509 certificates in exact form.
newtype CertificateChain
CertificateChain :: [SignedExact Certificate] -> CertificateChain

-- | Represent a chain of X.509 certificates in bytestring form.
newtype CertificateChainRaw
CertificateChainRaw :: [ByteString] -> CertificateChainRaw

-- | Decode a CertificateChainRaw into a CertificateChain if every raw
--   certificate are decoded correctly, otherwise return the index of the
--   failed certificate and the error associated.
decodeCertificateChain :: CertificateChainRaw -> Either (Int, String) CertificateChain

-- | Convert a CertificateChain into a CertificateChainRaw
encodeCertificateChain :: CertificateChain -> CertificateChainRaw

-- | Represent a signed object using a traditional X509 structure.
--   
--   When dealing with external certificate, use the SignedExact structure
--   not this one.
data (Show a, Eq a, ASN1Object a) => Signed a
Signed :: a -> SignatureALG -> ByteString -> Signed a

-- | Object to sign
[signedObject] :: Signed a -> a

-- | Signature Algorithm used
[signedAlg] :: Signed a -> SignatureALG

-- | Signature as bytes
[signedSignature] :: Signed a -> ByteString

-- | Represent the signed object plus the raw data that we need to keep
--   around for non compliant case to be able to verify signature.
data (Show a, Eq a, ASN1Object a) => SignedExact a

-- | get the decoded Signed data
getSigned :: SignedExact a -> Signed a

-- | Get the signed data for the signature
getSignedData :: (Show a, Eq a, ASN1Object a) => SignedExact a -> ByteString

-- | Transform an object into a <a>SignedExact</a> object
objectToSignedExact :: (Show a, Eq a, ASN1Object a) => (ByteString -> (ByteString, SignatureALG, r)) -> a -> (SignedExact a, r)

-- | The raw representation of the whole signed structure
encodeSignedObject :: SignedExact a -> ByteString

-- | Try to parse a bytestring that use the typical X509 signed structure
--   format
decodeSignedObject :: (Show a, Eq a, ASN1Object a) => ByteString -> Either String (SignedExact a)

-- | Get the Certificate associated to a SignedCertificate
getCertificate :: SignedCertificate -> Certificate

-- | Get the CRL associated to a SignedCRL
getCRL :: SignedCRL -> CRL

-- | Try to decode a bytestring to a SignedCertificate
decodeSignedCertificate :: ByteString -> Either String SignedCertificate

-- | Try to decode a bytestring to a SignedCRL
decodeSignedCRL :: ByteString -> Either String SignedCRL

-- | Make an OpenSSL style hash of distinguished name
--   
--   OpenSSL algorithm is odd, and has been replicated here somewhat. only
--   lower the case of ascii character.
hashDN :: DistinguishedName -> ByteString

-- | Create an openssl style old hash of distinguished name
hashDN_old :: DistinguishedName -> ByteString
