Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
An interface to PKCS#10 certificate request.
Synopsis
- data X509Req
- newX509Req :: IO X509Req
- signX509Req :: KeyPair key => X509Req -> key -> Maybe Digest -> IO ()
- verifyX509Req :: PublicKey key => X509Req -> key -> IO VerifyStatus
- printX509Req :: X509Req -> IO String
- writeX509ReqDER :: X509Req -> IO ByteString
- makeX509FromReq :: X509Req -> X509 -> IO X509
- getVersion :: X509Req -> IO Int
- setVersion :: X509Req -> Int -> IO ()
- getSubjectName :: X509Req -> Bool -> IO [(String, String)]
- setSubjectName :: X509Req -> [(String, String)] -> IO ()
- getPublicKey :: X509Req -> IO SomePublicKey
- setPublicKey :: PublicKey key => X509Req -> key -> IO ()
- addExtensions :: X509Req -> [(Int, String)] -> IO CInt
- addExtensionToX509 :: X509 -> Int -> String -> IO Bool
Type
Functions to manipulate request
newX509Req :: IO X509Req Source #
creates an empty certificate request. You must set
the following properties to and sign it (see newX509Req
signX509Req
) to
actually use the certificate request.
- Version
- See
setVersion
. - Subject Name
- See
setSubjectName
. - Public Key
- See
setPublicKey
.
:: KeyPair key | |
=> X509Req | The request to be signed. |
-> key | The private key to sign with. |
-> Maybe Digest | A hashing algorithm to use. If
|
-> IO () |
signs a certificate request with a subject private
key.signX509Req
:: PublicKey key | |
=> X509Req | The request to be verified. |
-> key | The public key to verify with. |
-> IO VerifyStatus |
verifies a signature of certificate request with
a subject public key.verifyX509Req
printX509Req :: X509Req -> IO String Source #
translates a certificate request into
human-readable format.printX509Req
req
writeX509ReqDER :: X509Req -> IO ByteString Source #
writes a PKCS#10 certificate request to DER string.writeX509ReqDER
req
makeX509FromReq :: X509Req -> X509 -> IO X509 Source #
creates an empty X.509 certificate
and copies as much data from the request as possible. The resulting
certificate doesn't have the following data and it isn't signed so
you must fill them and sign it yourself.makeX509FromReq
req cert
- Serial number
- Validity (Not Before and Not After)
Example:
import Data.Time.Clock genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509 genCert caCert caKey serial days req = do cert <- makeX509FromReq req caCert now <- getCurrentTime setSerialNumber cert serial setNotBefore cert $ addUTCTime (-1) now setNotAfter cert $ addUTCTime (days * 24 * 60 * 60) now signX509 cert caKey Nothing return cert
Accessors
getVersion :: X509Req -> IO Int Source #
returns the version number of certificate
request.getVersion
req
setVersion :: X509Req -> Int -> IO () Source #
updates the version number of certificate
request.setVersion
req ver
getSubjectName :: X509Req -> Bool -> IO [(String, String)] Source #
returns the subject name of
certificate request. See getSubjectName
req wantLongNamegetSubjectName
of
OpenSSL.X509.
setSubjectName :: X509Req -> [(String, String)] -> IO () Source #
updates the subject name of
certificate request. See setSubjectName
req namesetSubjectName
of
OpenSSL.X509.
getPublicKey :: X509Req -> IO SomePublicKey Source #
returns the public key of the subject of
certificate request.getPublicKey
req
setPublicKey :: PublicKey key => X509Req -> key -> IO () Source #
updates the public key of the subject of
certificate request.setPublicKey
req
addExtensions :: X509Req -> [(Int, String)] -> IO CInt Source #
addExtensions
req [(nid, str)]
E.g., nid 85 = subjectAltName
http://osxr.org:8080/openssl/source/crypto/objects/objects.h#0476
(TODO: more docs; NID type)