-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | TLS extra default values and helpers
--   
--   a set of extra definitions, default values and helpers for tls.
@package tls-extra
@version 0.6.6


module Network.TLS.Extra

-- | all encrypted ciphers supported ordered from strong to weak. this
--   choice of ciphersuite should satisfy most normal need
ciphersuite_all :: [Cipher]

-- | list of medium ciphers.
ciphersuite_medium :: [Cipher]

-- | the strongest ciphers supported.
ciphersuite_strong :: [Cipher]

-- | all unencrypted ciphers, do not use on insecure network.
ciphersuite_unencrypted :: [Cipher]

-- | unencrypted cipher using RSA for key exchange and SHA1 for digest
cipher_null_SHA1 :: Cipher

-- | unencrypted cipher using RSA for key exchange and MD5 for digest
cipher_null_MD5 :: Cipher

-- | RC4 cipher, RSA key exchange and MD5 for digest
cipher_RC4_128_MD5 :: Cipher

-- | RC4 cipher, RSA key exchange and SHA1 for digest
cipher_RC4_128_SHA1 :: Cipher

-- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest
cipher_AES128_SHA1 :: Cipher

-- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest
cipher_AES256_SHA1 :: Cipher

-- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest
cipher_AES128_SHA256 :: Cipher

-- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest
cipher_AES256_SHA256 :: Cipher

-- | Returns <a>CertificateUsageAccept</a> if all the checks pass, or the
--   first failure.
certificateChecks :: [[X509] -> IO CertificateUsage] -> [X509] -> IO CertificateUsage

-- | verify a certificates chain using the system certificates available.
--   
--   each certificate of the list is verified against the next certificate,
--   until it can be verified against a system certificate (system
--   certificates are assumed as trusted)
--   
--   This helper only check that the chain of certificate is valid, which
--   means that each items received are signed by the next one, or by a
--   system certificate. Some extra checks need to be done at the user
--   level so that the certificate chain received make sense in the
--   context.
--   
--   for example for HTTP, the user should typically verify the certificate
--   subject match the URL of connection.
--   
--   TODO: verify validity, check revocation list if any, add optional user
--   output to know the rejection reason.
certificateVerifyChain :: CertificateStore -> [X509] -> IO CertificateUsage

-- | verify a certificate against another one. the first certificate need
--   to be signed by the second one for this function to succeed.
certificateVerifyAgainst :: X509 -> X509 -> Bool

-- | Is this certificate self signed?
certificateSelfSigned :: X509 -> Bool

-- | Verify that the given certificate chain is application to the given
--   fully qualified host name.
certificateVerifyDomain :: String -> [X509] -> CertificateUsage

-- | Verify certificate validity period that need to between the bounds of
--   the certificate. TODO: maybe should verify whole chain.
certificateVerifyValidity :: Day -> [X509] -> CertificateUsage

-- | hash the certificate signing data using the supplied hash function.
certificateFingerprint :: (ByteString -> ByteString) -> X509 -> ByteString

-- | <tt>connectionClient host port param rng</tt> opens a TCP client
--   connection to a destination host and port description (number or
--   name). For example:
--   
--   <pre>
--   import Network.TLS.Extra
--   import Crypto.Random.AESCtr
--   ...
--     conn <a>makeSystem</a>&gt;= connectionClient 192.168.2.2 7777 defaultParams
--   </pre>
--   
--   will make a new RNG (using cprng-aes) and connect to IP 192.168.2.2 on
--   port 7777.
connectionClient :: CPRG g => String -> String -> TLSParams -> g -> IO Context

-- | read one X509 certificate from a file.
--   
--   the certificate must be in the usual PEM format with the TRUSTED
--   CERTIFICATE or CERTIFICATE pem name.
--   
--   If no valid PEM encoded certificate is found in the file this function
--   will raise an error.
fileReadCertificate :: FilePath -> IO X509

-- | read one private key from a file.
--   
--   the private key must be in the usual PEM format and at the moment only
--   RSA PRIVATE KEY are supported.
--   
--   If no valid PEM encoded private key is found in the file this function
--   will raise an error.
fileReadPrivateKey :: FilePath -> IO PrivateKey
