type key_usage = [
| `Digital_signature |
| `Content_commitment |
| `Key_encipherment |
| `Data_encipherment |
| `Key_agreement |
| `Key_cert_sign |
| `CRL_sign |
| `Encipher_only |
| `Decipher_only |
]
The polymorphic variant of key usages.
type extended_key_usage = [
| `Any |
| `Server_auth |
| `Client_auth |
| `Code_signing |
| `Email_protection |
| `Ipsec_end |
| `Ipsec_tunnel |
| `Ipsec_user |
| `Time_stamping |
| `Ocsp_signing |
| `Other of Asn.oid |
]
The polymorphic variant of extended key usages.
type authority_key_id = Cstruct.t option * General_name.t * Z.t option
The authority key identifier, as present in the Authority Key Identifier extension.
type priv_key_usage_period = [
| `Interval of Ptime.t * Ptime.t |
| `Not_after of Ptime.t |
| `Not_before of Ptime.t |
]
The private key usage period, as defined in RFC 3280.
type name_constraint = (General_name.b * int * int option) list
Name constraints, as defined in RFC 5280.
Certificate policies, the policy extension.
type reason = [
| `Unspecified |
| `Key_compromise |
| `CA_compromise |
| `Affiliation_changed |
| `Superseded |
| `Cessation_of_operation |
| `Certificate_hold |
| `Remove_from_CRL |
| `Privilege_withdrawn |
| `AA_compromise |
]
Type of revocation reasons for a given distribution point.
Distribution point name, either a full one using general names, or a relative one using a distinguished name.
type distribution_point = distribution_point_name option * reason list option * General_name.t option
Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.
type _ k =
| Unsupported : Asn.oid -> Cstruct.t extension k |
| Subject_alt_name : General_name.t extension k |
| Authority_key_id : authority_key_id extension k |
| Subject_key_id : Cstruct.t extension k |
| Issuer_alt_name : General_name.t extension k |
| Key_usage : key_usage list extension k |
| Ext_key_usage : extended_key_usage list extension k |
| Basic_constraints : (bool * int option) extension k |
| CRL_number : int extension k |
| Delta_CRL_indicator : int extension k |
| Priv_key_period : priv_key_usage_period extension k |
| Name_constraints : (name_constraint * name_constraint) extension k |
| CRL_distribution_points : distribution_point list extension k |
| Issuing_distribution_point : (distribution_point_name option * bool * bool * reason list option * bool * bool) extension k |
| Freshest_CRL : distribution_point list extension k |
| Reason : reason extension k |
| Invalidity_date : Ptime.t extension k |
| Certificate_issuer : General_name.t extension k |
| Policies : policy list extension k |
include Gmap.S with type 'a key = 'a k
type 'a key = 'a k
The type for map keys whose lookup value is 'a
.
Constructors
val empty : t
empty
is the empty map.
singleton key value
creates a one-element map that contains a binding value
for key
.
Basic operations
val is_empty : t -> bool
is_empty m
returns true
if the map m
is empty, false
otherwise.
val cardinal : t -> int
cardinal m
returns the number of bindings of the map m
.
Lookup operations
find key m
returns Some v
if the binding of key
in m
is v
, or None
if key
is not bound m
.
find key m
returns v
if the binding of key
in m
is v
.
- raises Not_found
if
m
does not contain a binding forkey
.
Insertion and removal operations
add_unless_bound key value m
returns Some m'
, a map containing the same bindings as m
, plus a binding of key
to value
. Or, None
if key
was already bound in m
.
add key value m
returns a map containing the same bindings as m
, plus a binding of key
to value
. If key
was already bound in m
, the previous binding disappears.
remove key m
returns a map containing the same bindings as m
, except for key
which is not bound in the returned map. If key
was not bound in m
, m
is returned unchanged.
update k f m
returns a map containing the same bindings as m
, except for the binding v
of k
. Depending the value of v
, which is f (find k m)
, the binding of k
is added, removed, or updated.
Bindings
Selection of bindings
bindings m
returns the list of all bindings in the given map m
. The list is sorted with respect to the ordering over the type of the keys.
Higher-order functions
The function type for the equal operation, using a record type for "first-class" semi-explicit polymorphism.
equal p m m'
tests whether the maps m
and m'
are equal, that is contain equal keys and associate them with equal data. p
is the equality predicate used to compare the data associated with the keys.
The function type for the map operation, using a record type for "first-class" semi-explicit polymorphism.
map f m
returns a map with the same domain as m
, where the associated binding b
has been replaced by the result of the application of f
to b
. The bindings are passed to f
in increasing order with respect to the ordering over the type of the keys.
iter f m
applies f
to all bindings in m
. The bindings are passed in increasing order with respect to the ordering over the type of keys.
fold f m acc
computes (f bN .. (f b1 acc))
, where b1 .. bN
are the bindings of m
in increasing order with respect to the ordering over the type of the keys.
for_all p m
checks if all bindings of the map m
satisfy the predicate p
.
exists p m
checks if at least one binding of the map m
satisfies p
.
filter p m
returns the map with all the bindings in m
that satisfy p
.
The function type for the merge operation, using a record type for "first-class" semi-explicit polymorphism.
merge f m m'
computes a map whose keys is a subset of keys of m
and m'
. The presence of each such binding, and the corresponding value, is determined with the function f
.
The function type for the union operation, using a record type for "first-class" semi-explicit polymorphism.
val critical : 'a key -> 'a -> bool
critical ext_key ext_value
is the critical bit in ext_value
.