Module X509.Extension

X.509v3 extensions

type key_usage = [
| `Digital_signature
| `Content_commitment
| `Key_encipherment
| `Data_encipherment
| `Key_agreement
| `Key_cert_sign
| `CRL_sign
| `Encipher_only
| `Decipher_only
]

The polymorphic variant of key usages.

type extended_key_usage = [
| `Any
| `Server_auth
| `Client_auth
| `Code_signing
| `Email_protection
| `Ipsec_end
| `Ipsec_tunnel
| `Ipsec_user
| `Time_stamping
| `Ocsp_signing
| `Other of Asn.oid
]

The polymorphic variant of extended key usages.

type authority_key_id = Cstruct.t option * General_name.t * Z.t option

The authority key identifier, as present in the Authority Key Identifier extension.

type priv_key_usage_period = [
| `Interval of Ptime.t * Ptime.t
| `Not_after of Ptime.t
| `Not_before of Ptime.t
]

The private key usage period, as defined in RFC 3280.

type name_constraint = (General_name.b * int * int option) list

Name constraints, as defined in RFC 5280.

type policy = [
| `Any
| `Something of Asn.oid
]

Certificate policies, the policy extension.

type reason = [
| `Unspecified
| `Key_compromise
| `CA_compromise
| `Affiliation_changed
| `Superseded
| `Cessation_of_operation
| `Certificate_hold
| `Remove_from_CRL
| `Privilege_withdrawn
| `AA_compromise
]

Type of revocation reasons for a given distribution point.

type distribution_point_name = [
| `Full of General_name.t
| `Relative of Distinguished_name.t
]

Distribution point name, either a full one using general names, or a relative one using a distinguished name.

type distribution_point = distribution_point_name option * reason list option * General_name.t option

Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.

type 'a extension = bool * 'a

The type of an extension: the critical flag and the value itself.

type _ k =
| Unsupported : Asn.oid -> Cstruct.t extension k
| Subject_alt_name : General_name.t extension k
| Authority_key_id : authority_key_id extension k
| Subject_key_id : Cstruct.t extension k
| Issuer_alt_name : General_name.t extension k
| Key_usage : key_usage list extension k
| Ext_key_usage : extended_key_usage list extension k
| Basic_constraints : (bool * int option) extension k
| CRL_number : int extension k
| Delta_CRL_indicator : int extension k
| Priv_key_period : priv_key_usage_period extension k
| Name_constraints : (name_constraint * name_constraint) extension k
| CRL_distribution_points : distribution_point list extension k
| Issuing_distribution_point : (distribution_point_name option * bool * bool * reason list option * bool * bool) extension k
| Freshest_CRL : distribution_point list extension k
| Reason : reason extension k
| Invalidity_date : Ptime.t extension k
| Certificate_issuer : General_name.t extension k
| Policies : policy list extension k

The type of supported X509v3 and CRL extensions.

include Gmap.S with type 'a key = 'a k
type 'a key = 'a k

The type for map keys whose lookup value is 'a.

type t

The type of maps from type 'a key to 'a.

Constructors

val empty : t

empty is the empty map.

val singleton : 'a key -> 'a -> t

singleton key value creates a one-element map that contains a binding value for key.

Basic operations

val is_empty : t -> bool

is_empty m returns true if the map m is empty, false otherwise.

val cardinal : t -> int

cardinal m returns the number of bindings of the map m.

Lookup operations

val mem : 'a key -> t -> bool

mem key m returns true if the map m contains a binding for key.

val find : 'a key -> t -> 'a option

find key m returns Some v if the binding of key in m is v, or None if key is not bound m.

val get : 'a key -> t -> 'a

find key m returns v if the binding of key in m is v.

raises Not_found

if m does not contain a binding for key.

Insertion and removal operations

val add_unless_bound : 'a key -> 'a -> t -> t option

add_unless_bound key value m returns Some m', a map containing the same bindings as m, plus a binding of key to value. Or, None if key was already bound in m.

val add : 'a key -> 'a -> t -> t

add key value m returns a map containing the same bindings as m, plus a binding of key to value. If key was already bound in m, the previous binding disappears.

val remove : 'a key -> t -> t

remove key m returns a map containing the same bindings as m, except for key which is not bound in the returned map. If key was not bound in m, m is returned unchanged.

val update : 'a key -> ('a option -> 'a option) -> t -> t

update k f m returns a map containing the same bindings as m, except for the binding v of k. Depending the value of v, which is f (find k m), the binding of k is added, removed, or updated.

Bindings

type b =
| B : 'a key * 'a -> b

The type for a binding: a pair containing a key and its value.

Selection of bindings

val min_binding : t -> b option

min_binding m is the minimal binding in m, None if m is empty.

val max_binding : t -> b option

max_binding m is the maximal binding in m, None if m is empty.

val any_binding : t -> b option

any_binding m is any binding in m, None if m is empty.

val bindings : t -> b list

bindings m returns the list of all bindings in the given map m. The list is sorted with respect to the ordering over the type of the keys.

Higher-order functions

type eq = {
f : a. 'a key -> 'a -> 'a -> bool;
}

The function type for the equal operation, using a record type for "first-class" semi-explicit polymorphism.

val equal : eq -> t -> t -> bool

equal p m m' tests whether the maps m and m' are equal, that is contain equal keys and associate them with equal data. p is the equality predicate used to compare the data associated with the keys.

type mapper = {
f : a. 'a key -> 'a -> 'a;
}

The function type for the map operation, using a record type for "first-class" semi-explicit polymorphism.

val map : mapper -> t -> t

map f m returns a map with the same domain as m, where the associated binding b has been replaced by the result of the application of f to b. The bindings are passed to f in increasing order with respect to the ordering over the type of the keys.

val iter : (b -> unit) -> t -> unit

iter f m applies f to all bindings in m. The bindings are passed in increasing order with respect to the ordering over the type of keys.

val fold : (b -> 'a -> 'a) -> t -> 'a -> 'a

fold f m acc computes (f bN .. (f b1 acc)), where b1 .. bN are the bindings of m in increasing order with respect to the ordering over the type of the keys.

val for_all : (b -> bool) -> t -> bool

for_all p m checks if all bindings of the map m satisfy the predicate p.

val exists : (b -> bool) -> t -> bool

exists p m checks if at least one binding of the map m satisfies p.

val filter : (b -> bool) -> t -> t

filter p m returns the map with all the bindings in m that satisfy p.

type merger = {
f : a. 'a key -> 'a option -> 'a option -> 'a option;
}

The function type for the merge operation, using a record type for "first-class" semi-explicit polymorphism.

val merge : merger -> t -> t -> t

merge f m m' computes a map whose keys is a subset of keys of m and m'. The presence of each such binding, and the corresponding value, is determined with the function f.

type unionee = {
f : a. 'a key -> 'a -> 'a -> 'a option;
}

The function type for the union operation, using a record type for "first-class" semi-explicit polymorphism.

val union : unionee -> t -> t -> t

union f m m' computes a map whose keys is the union of the keys of m and m'. When the same binding is defined in both maps, the function f is used to combine them.

val critical : 'a key -> 'a -> bool

critical ext_key ext_value is the critical bit in ext_value.

val pp : t Fmt.t

pp ppf ext_map pretty-prints the extension map.