jon.recoil.org

Module X509.ExtensionSource

X.509v3 extensions

type key_usage = [
  1. | `Digital_signature
  2. | `Content_commitment
  3. | `Key_encipherment
  4. | `Data_encipherment
  5. | `Key_agreement
  6. | `Key_cert_sign
  7. | `CRL_sign
  8. | `Encipher_only
  9. | `Decipher_only
]

The polymorphic variant of key usages.

type extended_key_usage = [
  1. | `Any
  2. | `Server_auth
  3. | `Client_auth
  4. | `Code_signing
  5. | `Email_protection
  6. | `Ipsec_end
  7. | `Ipsec_tunnel
  8. | `Ipsec_user
  9. | `Time_stamping
  10. | `Ocsp_signing
  11. | `Other of Asn.oid
]

The polymorphic variant of extended key usages.

type authority_key_id = string option * X509.General_name.t * string option

The authority key identifier, as present in the Authority Key Identifier extension.

type priv_key_usage_period = [
  1. | `Interval of Ptime.t * Ptime.t
  2. | `Not_after of Ptime.t
  3. | `Not_before of Ptime.t
]

The private key usage period, as defined in RFC 3280.

type name_constraint = (X509.General_name.b * int * int option) list

Name constraints, as defined in RFC 5280.

type policy = [
  1. | `Any
  2. | `Something of Asn.oid
]

Certificate policies, the policy extension.

type reason = [
  1. | `Unspecified
  2. | `Key_compromise
  3. | `CA_compromise
  4. | `Affiliation_changed
  5. | `Superseded
  6. | `Cessation_of_operation
  7. | `Certificate_hold
  8. | `Remove_from_CRL
  9. | `Privilege_withdrawn
  10. | `AA_compromise
]

Type of revocation reasons for a given distribution point.

type distribution_point_name = [
  1. | `Full of X509.General_name.t
  2. | `Relative of X509.Distinguished_name.t
]

Distribution point name, either a full one using general names, or a relative one using a distinguished name.

type distribution_point = X509.Extension.distribution_point_name option * X509.Extension.reason list option * X509.General_name.t option

Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.

type 'a extension = bool * 'a

The type of an extension: the critical flag and the value itself.

type _ k =
  1. | Unsupported : Asn.oid -> string X509.Extension.extension X509.Extension.k
  2. | Subject_alt_name : X509.General_name.t X509.Extension.extension X509.Extension.k
  3. | Authority_key_id : X509.Extension.authority_key_id X509.Extension.extension X509.Extension.k
  4. | Subject_key_id : string X509.Extension.extension X509.Extension.k
  5. | Issuer_alt_name : X509.General_name.t X509.Extension.extension X509.Extension.k
  6. | Key_usage : X509.Extension.key_usage list X509.Extension.extension X509.Extension.k
  7. | Ext_key_usage : X509.Extension.extended_key_usage list X509.Extension.extension X509.Extension.k
  8. | Basic_constraints : (bool * int option) X509.Extension.extension X509.Extension.k
  9. | CRL_number : int X509.Extension.extension X509.Extension.k
  10. | Delta_CRL_indicator : int X509.Extension.extension X509.Extension.k
  11. | Priv_key_period : X509.Extension.priv_key_usage_period X509.Extension.extension X509.Extension.k
  12. | Name_constraints : (X509.Extension.name_constraint * X509.Extension.name_constraint) X509.Extension.extension X509.Extension.k
  13. | CRL_distribution_points : X509.Extension.distribution_point list X509.Extension.extension X509.Extension.k
  14. | Issuing_distribution_point : (X509.Extension.distribution_point_name option * bool * bool * X509.Extension.reason list option * bool * bool) X509.Extension.extension X509.Extension.k
  15. | Freshest_CRL : X509.Extension.distribution_point list X509.Extension.extension X509.Extension.k
  16. | Reason : X509.Extension.reason X509.Extension.extension X509.Extension.k
  17. | Invalidity_date : Ptime.t X509.Extension.extension X509.Extension.k
  18. | Certificate_issuer : X509.General_name.t X509.Extension.extension X509.Extension.k
  19. | Policies : X509.Extension.policy list X509.Extension.extension X509.Extension.k

The type of supported X509v3 and CRL extensions.

include Gmap.S with type 'a key = 'a X509.Extension.k
type 'a key = 'a X509.Extension.k

The type for map keys whose lookup value is 'a.

type t

The type of maps from type 'a key to 'a.

Constructors

val empty : X509.Extension.t

empty is the empty map.

val singleton : 'a X509.Extension.key -> 'a -> X509.Extension.t

singleton key value creates a one-element map that contains a binding value for key.

Basic operations

val is_empty : X509.Extension.t -> bool

is_empty m returns true if the map m is empty, false otherwise.

val cardinal : X509.Extension.t -> int

cardinal m returns the number of bindings of the map m.

Lookup operations

val mem : 'a X509.Extension.key -> X509.Extension.t -> bool

mem key m returns true if the map m contains a binding for key.

val find : 'a X509.Extension.key -> X509.Extension.t -> 'a option

find key m returns Some v if the binding of key in m is v, or None if key is not bound m.

val get : 'a X509.Extension.key -> X509.Extension.t -> 'a

find key m returns v if the binding of key in m is v.

  • raises Not_found

    if m does not contain a binding for key.

Insertion and removal operations

val add_unless_bound : 'a X509.Extension.key -> 'a -> X509.Extension.t -> X509.Extension.t option

add_unless_bound key value m returns Some m', a map containing the same bindings as m, plus a binding of key to value. Or, None if key was already bound in m.

add key value m returns a map containing the same bindings as m, plus a binding of key to value. If key was already bound in m, the previous binding disappears.

remove key m returns a map containing the same bindings as m, except for key which is not bound in the returned map. If key was not bound in m, m is returned unchanged.

val update : 'a X509.Extension.key -> ('a option -> 'a option) -> X509.Extension.t -> X509.Extension.t

update k f m returns a map containing the same bindings as m, except for the binding v of k. Depending the value of v, which is f (find k m), the binding of k is added, removed, or updated.

Bindings

type b =
  1. | B : 'a X509.Extension.key * 'a -> X509.Extension.b
    (*

    The type for a binding: a pair containing a key and its value.

    *)

Selection of bindings

val min_binding : X509.Extension.t -> X509.Extension.b option

min_binding m is the minimal binding in m, None if m is empty.

val max_binding : X509.Extension.t -> X509.Extension.b option

max_binding m is the maximal binding in m, None if m is empty.

val any_binding : X509.Extension.t -> X509.Extension.b option

any_binding m is any binding in m, None if m is empty.

val bindings : X509.Extension.t -> X509.Extension.b list

bindings m returns the list of all bindings in the given map m. The list is sorted with respect to the ordering over the type of the keys.

Higher-order functions

type eq = {
  1. f : 'a. 'a X509.Extension.key -> 'a -> 'a -> bool;
}

The function type for the equal operation, using a record type for "first-class" semi-explicit polymorphism.

equal p m m' tests whether the maps m and m' are equal, that is contain equal keys and associate them with equal data. p is the equality predicate used to compare the data associated with the keys.

type mapper = {
  1. f : 'a. 'a X509.Extension.key -> 'a -> 'a;
}

The function type for the map operation, using a record type for "first-class" semi-explicit polymorphism.

map f m returns a map with the same domain as m, where the associated binding b has been replaced by the result of the application of f to b. The bindings are passed to f in increasing order with respect to the ordering over the type of the keys.

val iter : (X509.Extension.b -> unit) -> X509.Extension.t -> unit

iter f m applies f to all bindings in m. The bindings are passed in increasing order with respect to the ordering over the type of keys.

val fold : (X509.Extension.b -> 'a -> 'a) -> X509.Extension.t -> 'a -> 'a

fold f m acc computes (f bN .. (f b1 acc)), where b1 .. bN are the bindings of m in increasing order with respect to the ordering over the type of the keys.

val for_all : (X509.Extension.b -> bool) -> X509.Extension.t -> bool

for_all p m checks if all bindings of the map m satisfy the predicate p.

val exists : (X509.Extension.b -> bool) -> X509.Extension.t -> bool

exists p m checks if at least one binding of the map m satisfies p.

filter p m returns the map with all the bindings in m that satisfy p.

type merger = {
  1. f : 'a. 'a X509.Extension.key -> 'a option -> 'a option -> 'a option;
}

The function type for the merge operation, using a record type for "first-class" semi-explicit polymorphism.

merge f m m' computes a map whose keys is a subset of keys of m and m'. The presence of each such binding, and the corresponding value, is determined with the function f.

type unionee = {
  1. f : 'a. 'a X509.Extension.key -> 'a -> 'a -> 'a option;
}

The function type for the union operation, using a record type for "first-class" semi-explicit polymorphism.

union f m m' computes a map whose keys is the union of the keys of m and m'. When the same binding is defined in both maps, the function f is used to combine them.

val critical : 'a X509.Extension.key -> 'a -> bool

critical ext_key ext_value is the critical bit in ext_value.

pp ppf ext_map pretty-prints the extension map.

val pp' : (Asn.oid * string) Fmt.t -> X509.Extension.t Fmt.t

pp' custom ppf ext_map pretty-prints the extension map using custom to print Unsupported _ extensions.