Liking cljdoc? Tell your friends :D
Clojure only.

puppetlabs.ssl-utils.core


assoc-cert!clj

(assoc-cert! keystore alias cert)

Inputs: [keystore :- KeyStore alias :- schema/Str cert :- X509Certificate] Returns: KeyStore

Add a certificate to a keystore. Arguments:

keystore: the KeyStore to add the certificate to alias: a String alias to associate with the certificate cert: an X509Certificate to add to the keystore

Inputs: [keystore :- KeyStore alias :- schema/Str cert :- X509Certificate]
Returns: KeyStore

Add a certificate to a keystore.  Arguments:

`keystore`: the `KeyStore` to add the certificate to
`alias`:    a String alias to associate with the certificate
`cert`:     an `X509Certificate` to add to the keystore
sourceraw docstring

assoc-certs-from-file!clj

Alias for assoc-certs-from-reader! for backwards compatibility.

Alias for `assoc-certs-from-reader!` for backwards compatibility.
sourceraw docstring

assoc-certs-from-reader!clj

(assoc-certs-from-reader! keystore prefix pem)

Inputs: [keystore :- KeyStore prefix :- schema/Str pem :- Readerable] Returns: KeyStore

Add all certificates from a PEM file to a keystore. Arguments:

keystore: the KeyStore to add certificates to prefix: an alias to associate with the certificates. each certificate will have a numeric index appended to its alias, starting with '-0' pem: the path to a PEM file containing the certificate (or some other object supported by clojure's reader)

Inputs: [keystore :- KeyStore prefix :- schema/Str pem :- Readerable]
Returns: KeyStore

Add all certificates from a PEM file to a keystore.  Arguments:

`keystore`: the `KeyStore` to add certificates to
`prefix`:   an alias to associate with the certificates. each
            certificate will have a numeric index appended to
            its alias, starting with '-0'
`pem`:      the path to a PEM file containing the certificate
            (or some other object supported by clojure's `reader`)
sourceraw docstring

assoc-private-key!clj

(assoc-private-key! keystore alias private-key pw certs)

Inputs: [keystore :- KeyStore alias :- schema/Str private-key :- PrivateKey pw :- schema/Str certs :- (schema/maybe (schema/cond-pre [X509Certificate] X509Certificate))] Returns: KeyStore

Add a private key to a keystore. Arguments:

keystore: the KeyStore to add the private key to alias: a String alias to associate with the private key private-key: the PrivateKey to add to the keystore pw: a password to use to protect the key in the keystore certs: the X509Certificate or a list of X509Certificates for the private key; a private key cannot be added to a keystore without at least one signed certificate.

Inputs: [keystore :- KeyStore alias :- schema/Str private-key :- PrivateKey pw :- schema/Str certs :- (schema/maybe (schema/cond-pre [X509Certificate] X509Certificate))]
Returns: KeyStore

Add a private key to a keystore.  Arguments:

`keystore`:    the `KeyStore` to add the private key to
`alias`:       a String alias to associate with the private key
`private-key`: the `PrivateKey` to add to the keystore
`pw`:          a password to use to protect the key in the keystore
`certs`:       the `X509Certificate` or a list of `X509Certificate`s for the
               private key; a private key cannot be added to a keystore
               without at least one signed certificate.
sourceraw docstring

assoc-private-key-file!clj

Alias for assoc-private-key-from-reader! for backwards compatibility.

Alias for `assoc-private-key-from-reader!` for backwards compatibility.
sourceraw docstring

assoc-private-key-from-reader!clj

(assoc-private-key-from-reader! keystore alias pem-private-key pw pem-cert)

Inputs: [keystore :- KeyStore alias :- schema/Str pem-private-key :- Readerable pw :- schema/Str pem-cert :- Readerable] Returns: KeyStore

Add a private key to a keystore. Arguments:

keystore: the KeyStore to add the private key to alias: a String alias to associate with the private key pem-private-key: the path to a PEM file containing the private key to add to the keystore (or some other object supported by clojure's reader) pw: a password to use to protect the key in the keystore pem-cert: the path to a PEM file (or some other object supported by clojure's reader) containing the certificate for the private key; a private key cannot be added to a keystore without a signed certificate.

Inputs: [keystore :- KeyStore alias :- schema/Str pem-private-key :- Readerable pw :- schema/Str pem-cert :- Readerable]
Returns: KeyStore

Add a private key to a keystore.  Arguments:

`keystore`:        the `KeyStore` to add the private key to
`alias`:           a String alias to associate with the private key
`pem-private-key`: the path to a PEM file containing the private key to add to
                   the keystore (or some other object supported by clojure's `reader`)
`pw`:              a password to use to protect the key in the keystore
`pem-cert`:        the path to a PEM file (or some other object supported by clojure's `reader`)
                   containing the certificate for the private key; a private key cannot be added
                   to a keystore without a signed certificate.
sourceraw docstring

authority-key-identifierclj

source

authority-key-identifier-oidclj

AuthorityKeyIdentifier OID 2.5.29.35

AuthorityKeyIdentifier OID 2.5.29.35
sourceraw docstring

authority-key-identifier-optionsclj

(authority-key-identifier-options cert)
(authority-key-identifier-options public-key critical)
(authority-key-identifier-options issuer-dn serial critical)
(authority-key-identifier-options public-key issuer-dn serial critical)

Inputs: ([cert] [public-key critical] [issuer-dn serial critical] [public-key :- PublicKey issuer-dn :- ValidX500Name serial :- schema/Int critical :- Object]) Returns: SSLExtension

Create an Authority Key Identifier extension from a PublicKey object or copy the existing SubjectKeyIdentifier from a certificate. This function is intended to be passed into sign-certificate and generate-certificate-request.

PublicKey details: A type 1 identifier will be computed from the public key.

Certificate details: An X509Certificate can be used instead of a PublicKey. The SubjectKeyIdentifierof the certificate is copied and used for the AuthorityKeyIdentifier for the certificate about to be signed. When a certificate is used, no hash computation takes place.

Inputs: ([cert] [public-key critical] [issuer-dn serial critical] [public-key :- PublicKey issuer-dn :- ValidX500Name serial :- schema/Int critical :- Object])
Returns: SSLExtension

Create an `Authority Key Identifier` extension from a `PublicKey` object or
 copy the existing `SubjectKeyIdentifier` from a certificate. This function is
 intended to be passed into `sign-certificate` and `generate-certificate-request`.

 PublicKey details:
 A type 1 identifier will be computed from the public key.

 Certificate details:
 An `X509Certificate` can be used instead of a `PublicKey`. The
 `SubjectKeyIdentifier`of the certificate is copied and used for the
 `AuthorityKeyIdentifier` for the certificate about to be signed. When a
 certificate is used, no hash computation takes place.
sourceraw docstring

basic-constraints-for-caclj

(basic-constraints-for-ca)
(basic-constraints-for-ca max-path-len)

Inputs: ([] [max-path-len :- schema/Int]) Returns: SSLExtension

Create a Basic Constraints extension for a CA certificate. max-path-len refers to the maximum number of non-self-issued intermediate certificates that may follow the CA certificate in a valid certification path. If max-path-len is not specified, no limit will be imposed.

Inputs: ([] [max-path-len :- schema/Int])
Returns: SSLExtension

Create a `Basic Constraints` extension for a CA certificate.  `max-path-len`
refers to the maximum number of non-self-issued intermediate certificates that
may follow the CA certificate in a valid certification path.  If `max-path-len`
is not specified, no limit will be imposed.
sourceraw docstring

basic-constraints-for-non-caclj

(basic-constraints-for-non-ca critical)

Inputs: [critical :- Object] Returns: SSLExtension

Create a Basic Constraints extension for a non-CA certificate.

Inputs: [critical :- Object]
Returns: SSLExtension

Create a `Basic Constraints` extension for a non-CA certificate.
sourceraw docstring

ca-cert-and-crl-pems->ssl-contextclj

(ca-cert-and-crl-pems->ssl-context ca-cert crls)

Inputs: [ca-cert :- Readerable crls :- Readerable] Returns: SSLContext

Given a pem for a CA certificate and one or more CRLs, creates an in-memory SSLContext initialized with a TrustStore generated from the input CA cert and enabled for revocation checking against the CRLs.

ca-cert must be an object suitable for use with clojure's reader and reference a PEM that contains the CA cert.

crls must be an object suitable for use with clojure's reader and reference a PEM that contains one or more CRLs.

Returns the SSLContext instance.

Inputs: [ca-cert :- Readerable crls :- Readerable]
Returns: SSLContext

Given a pem for a CA certificate and one or more CRLs, creates an in-memory
SSLContext initialized with a TrustStore generated from the input CA cert
and enabled for revocation checking against the CRLs.

`ca-cert` must be an object suitable for use with clojure's `reader` and
reference a PEM that contains the CA cert.

`crls` must be an object suitable for use with clojure's `reader` and
reference a PEM that contains one or more CRLs.

Returns the SSLContext instance.
sourceraw docstring

ca-cert-pem->ssl-contextclj

(ca-cert-pem->ssl-context ca-cert)

Inputs: [ca-cert :- Readerable] Returns: SSLContext

Given a pem for a CA certificate, creates an in-memory SSLContext initialized with a TrustStore generated from the input CA cert.

ca-cert must be an object suitable for use with clojure's reader, and reference a PEM that contains the CA cert.

Returns the SSLContext instance.

Inputs: [ca-cert :- Readerable]
Returns: SSLContext

Given a pem for a CA certificate, creates an in-memory SSLContext initialized
with a TrustStore generated from the input CA cert.

`ca-cert` must be an object suitable for use with clojure's `reader`, and
reference a PEM that contains the CA cert.

Returns the SSLContext instance.
sourceraw docstring

cert->pem!clj

(cert->pem! cert pem)

Inputs: [cert :- X509Certificate pem :- Writerable]

Encodes a certificate to PEM format, and writes it to a file (or other stream). Arguments:

cert: the X509Certificate to encode and write pem: the file path to write the PEM output to (or some other object supported by clojure's writer)

Inputs: [cert :- X509Certificate pem :- Writerable]

Encodes a certificate to PEM format, and writes it to a file (or other stream).
 Arguments:

 `cert`: the `X509Certificate` to encode and write
 `pem`: the file path to write the PEM output to
        (or some other object supported by clojure's `writer`)
sourceraw docstring

certificate-list?clj

(certificate-list? x)

Returns true if the given data structure is a list that contains certificates.

Returns true if the given data structure is a list that contains
certificates.
sourceraw docstring

certificate-request?clj

(certificate-request? x)

Returns true if x is an instance of PKCS10CertificationRequest (see generate-certificate-request).

Returns true if x is an instance of `PKCS10CertificationRequest` (see `generate-certificate-request`).
sourceraw docstring

certificate-revocation-list?clj

(certificate-revocation-list? x)

Returns true if x is an instance of X509CRL (see generate-crl).

Returns true if x is an instance of `X509CRL` (see `generate-crl`).
sourceraw docstring

certificate?clj

(certificate? x)

Returns true if x is an instance of X509Certificate (see sign-certificate-request).

Returns true if x is an instance of `X509Certificate` (see `sign-certificate-request`).
sourceraw docstring

CertOrCSRclj

source

clojureizeclj

(clojureize data-structure)

Convert a Java data structure returned from a Java utility method into a Clojure data structure.

Convert a Java data structure returned from a Java utility method into a
Clojure data structure.
sourceraw docstring

cnclj

(cn common-name)

Inputs: [common-name :- schema/Str] Returns: ValidX500Name

Given a common name, generate an X.500 RDN from it

Inputs: [common-name :- schema/Str]
Returns: ValidX500Name

Given a common name, generate an X.500 RDN from it
sourceraw docstring

convertToSSLMultiValueAttributeclj

(convertToSSLMultiValueAttribute attr)

Inputs: [attr :- ExtensionsUtils$AttributeDescriptor] Returns: SSLMultiValueAttribute

Inputs: [attr :- ExtensionsUtils$AttributeDescriptor]
Returns: SSLMultiValueAttribute
sourceraw docstring

create-ca-extensionsclj

(create-ca-extensions issuer-public-key ca-public-key)
(create-ca-extensions ca-name ca-serial ca-public-key)

Inputs: ([issuer-public-key :- (schema/pred public-key?) ca-public-key :- (schema/pred public-key?)] [ca-name :- (schema/pred valid-x500-name?) ca-serial :- (schema/pred number?) ca-public-key :- (schema/pred public-key?)]) Returns: (schema/pred extension-list?)

Create a list of extensions to be added to the CA certificate.

Inputs: ([issuer-public-key :- (schema/pred public-key?) ca-public-key :- (schema/pred public-key?)] [ca-name :- (schema/pred valid-x500-name?) ca-serial :- (schema/pred number?) ca-public-key :- (schema/pred public-key?)])
Returns: (schema/pred extension-list?)

Create a list of extensions to be added to the CA certificate.
sourceraw docstring

crl->pem!clj

(crl->pem! crl pem)

Inputs: [crl :- X509CRL pem :- Writerable]

Encodes a CRL to PEM format, and writes it to a file (or other stream). Arguments:

crl: the X509CRL to encode pem: the file path to write the PEM output to (or some other object supported by clojure's writer)

Inputs: [crl :- X509CRL pem :- Writerable]

Encodes a CRL to PEM format, and writes it to a file (or other stream).
 Arguments:

 `crl`: the `X509CRL` to encode
 `pem`: the file path to write the PEM output to
        (or some other object supported by clojure's `writer`)
sourceraw docstring

crl-issued-by-cert?clj

(crl-issued-by-cert? crl cert)

Inputs: [crl :- X509CRL cert :- X509Certificate] Returns: schema/Bool

Given a CRL and a certificate, determine whether the CRL was issued by the certificate.

Inputs: [crl :- X509CRL cert :- X509Certificate]
Returns: schema/Bool

Given a CRL and a certificate, determine whether the CRL was issued by the
certificate.
sourceraw docstring

crl-numberclj

(crl-number number)

Inputs: [number :- schema/Int] Returns: SSLExtension

Create a CRL Number extension

Inputs: [number :- schema/Int]
Returns: SSLExtension

Create a `CRL Number` extension
sourceraw docstring

crl-number-oidclj

CRLNumber OID 2.5.29.20

CRLNumber OID 2.5.29.20
sourceraw docstring

default-key-lengthclj

The default key length to use when generating a keypair.

The default key length to use when generating a keypair.
sourceraw docstring

delta-crl-indicatorclj

(delta-crl-indicator base-crl-number)

Inputs: [base-crl-number :- BigInteger] Returns: SSLExtension

Create a Delta CRL Indicator extension.

Inputs: [base-crl-number :- BigInteger]
Returns: SSLExtension

Create a `Delta CRL Indicator` extension.
sourceraw docstring

delta-crl-indicator-oidclj

DeltaCRLIndicator OID 2.5.29.27

DeltaCRLIndicator OID 2.5.29.27
sourceraw docstring

delta-crl?clj

(delta-crl? crl)

Inputs: [crl :- X509CRL] Returns: schema/Bool

Inputs: [crl :- X509CRL]
Returns: schema/Bool
sourceraw docstring

dnclj

(dn rdns)

Inputs: [rdns :- (schema/pred (fn* [p1__4627#] (and (sequential? p1__4627#) (even? (count p1__4627#)) (not-empty p1__4627#))))] Returns: ValidX500Name

Given a sequence of attribute names and value pairs, generate an X.500 DN string. For example, [:cn "common" :o "org"] would return "CN=common,O=org"

Inputs: [rdns :- (schema/pred (fn* [p1__4627#] (and (sequential? p1__4627#) (even? (count p1__4627#)) (not-empty p1__4627#))))]
Returns: ValidX500Name

Given a sequence of attribute names and value pairs, generate an X.500 DN
string. For example, [:cn "common" :o "org"] would return
"CN=common,O=org"
sourceraw docstring

ext-key-usagesclj

(ext-key-usages oid-list critical)

Inputs: [oid-list :- [schema/Str] critical :- Object] Returns: SSLExtension

Create an Extended Key Usages extensions from a list of OIDs.

Inputs: [oid-list :- [schema/Str] critical :- Object]
Returns: SSLExtension

Create an `Extended Key Usages` extensions from a list of OIDs.
sourceraw docstring

extension-list?clj

(extension-list? x)

Returns true if the given data structure is a list that contains extensions.

Returns true if the given data structure is a list that contains extensions.
sourceraw docstring

extension?clj

(extension? x)

Returns true if the given map contains all the fields required to define an extension.

Returns true if the given map contains all the fields required to define an
extension.
sourceraw docstring

ExtensionContainerclj

A schema for all the things that can hold an SSL extension.

A schema for all the things that can hold an SSL extension.
sourceraw docstring

fingerprintclj

(fingerprint c digest)

Inputs: [c :- CertOrCSR digest :- schema/Str] Returns: schema/Str

Given a certificate or CSR, hash the object using the digest algorithm and return it as a hex string. The digest algorithm is expected to be one of SHA-1, SHA-256, or SHA-512.

Inputs: [c :- CertOrCSR digest :- schema/Str]
Returns: schema/Str

Given a certificate or CSR, hash the object using the digest algorithm and
 return it as a hex string. The digest algorithm is expected to be one of
 SHA-1, SHA-256, or SHA-512.
sourceraw docstring

generate-certificate-requestclj

(generate-certificate-request keypair subject-dn)
(generate-certificate-request keypair subject-dn extensions)
(generate-certificate-request keypair subject-dn extensions attributes)

Inputs: ([keypair subject-dn] [keypair :- KeyPair subject-dn :- ValidX500Name extensions :- SSLExtensionList] [keypair :- KeyPair subject-dn :- ValidX500Name extensions :- SSLExtensionList attributes :- SSLAttributeList]) Returns: PKCS10CertificationRequest

Given the subject's keypair and name, create and return a certificate signing request (CSR). Arguments:

keypair: subject's public & private keys subject-name: subject's X500 distinguished name extensions: an optional collection of Extension objects to add to the certificate request

See sign-certificate-request, obj->pem!, and pem->csr to sign & read/write CSRs.

Inputs: ([keypair subject-dn] [keypair :- KeyPair subject-dn :- ValidX500Name extensions :- SSLExtensionList] [keypair :- KeyPair subject-dn :- ValidX500Name extensions :- SSLExtensionList attributes :- SSLAttributeList])
Returns: PKCS10CertificationRequest

Given the subject's keypair and name, create and return a certificate signing request (CSR).
Arguments:

`keypair`:      subject's public & private keys
`subject-name`: subject's X500 distinguished name
`extensions`: an optional collection of `Extension` objects to add to the certificate request

See `sign-certificate-request`, `obj->pem!`, and `pem->csr` to sign & read/write CSRs.
sourceraw docstring

generate-crlclj

(generate-crl issuer issuer-private-key issuer-public-key)
(generate-crl issuer
              issuer-private-key
              issuer-public-key
              this-update
              next-update
              crl-number
              extensions)

Inputs: ([issuer :- X500Principal issuer-private-key :- PrivateKey issuer-public-key :- PublicKey] [issuer :- X500Principal issuer-private-key :- PrivateKey issuer-public-key :- PublicKey this-update :- Date next-update :- Date crl-number :- BigInteger extensions :- SSLExtensionList]) Returns: X509CRL

Given the certificate authority's principal identifier and private & public keys, create and return a X509CRL certificate revocation list (CRL). The CRL will have an AuthorityKeyIdentifier and CRLNumber extensions. Typical usage of this will be with the 3 argument arity; the fuller arity is exposed here for testing purposes.

Arguments: issuer: the issuer's X500Principal issuer-private-key: the issuer's PrivateKey issuer-public-key: the issuer's PublicKey this-update: date for when this crl is created next-update: when to fetch the rcl next crl-number: number to start revocation count at extensions: any extensions to sign onto the crl

Inputs: ([issuer :- X500Principal issuer-private-key :- PrivateKey issuer-public-key :- PublicKey] [issuer :- X500Principal issuer-private-key :- PrivateKey issuer-public-key :- PublicKey this-update :- Date next-update :- Date crl-number :- BigInteger extensions :- SSLExtensionList])
Returns: X509CRL

Given the certificate authority's principal identifier and private & public
 keys, create and return a `X509CRL` certificate revocation list (CRL).
 The CRL will have an AuthorityKeyIdentifier and CRLNumber extensions. Typical
 usage of this will be with the 3 argument arity; the fuller arity is exposed
 here for testing purposes.

 Arguments:
 `issuer`:             the issuer's `X500Principal`
 `issuer-private-key`: the issuer's `PrivateKey`
 `issuer-public-key`:  the issuer's `PublicKey`
 `this-update`:        date for when this crl is created
 `next-update`:        when to fetch the rcl next
 `crl-number`:         number to start revocation count at
 `extensions`:         any extensions to sign onto the crl
sourceraw docstring

generate-key-pairclj

(generate-key-pair)
(generate-key-pair key-length)

Inputs: ([] [key-length :- schema/Int]) Returns: KeyPair

Given a key length (defaults to 4096), generate a new public & private key pair.

Inputs: ([] [key-length :- schema/Int])
Returns: KeyPair

Given a key length (defaults to 4096), generate a new public & private key pair.
sourceraw docstring

generate-ssl-contextclj

(generate-ssl-context options)

Inputs: [options :- SSLContextOptions] Returns: (schema/maybe SSLContext)

Given a map of options, extracts the SSL Options and attempts to create an SSLContext.

This function grabs five keys from a map, all of which are optional: :ssl-context, :ssl-key, :ssl-ca-cert, :ssl-cert, and :ssl-ca-crl. The value stored at :ssl-context, if present, should be an instance of an SSLContext object. The other keys should be objects suitable for use with clojure's reader and reference PEMs that contain the proper cert/key/crl list.

If the :ssl-context key is present, returns the value stored at that key.

Otherwise, if the :ssl-cert, :ssl-key, and :ssl-ca-cert keys are all present, returns an SSLContext constructed from those pems.

Otherwise, if the :ssl-ca-cert and :ssl-ca-crl keys are present, returns an SSLContext constructed from those pems.

Otherwise, if the :ssl-ca-cert key is present, returns an SSLContext constructed from the ca-cert pem.

If none of the :ssl-cert, :ssl-key, :ssl-ca-cert, :ssl-ca-crl, or :ssl-context keys are present, returns nil.

If the :ssl-context and :ssl-ca-cert keys are both missing, an exception will be thrown.

Inputs: [options :- SSLContextOptions]
Returns: (schema/maybe SSLContext)

Given a map of options, extracts the SSL Options and attempts to create an SSLContext.

 This function grabs five keys from a map, all of which are optional: :ssl-context, :ssl-key,
 :ssl-ca-cert, :ssl-cert, and :ssl-ca-crl. The value stored at :ssl-context, if present, should
 be an instance of an SSLContext object. The other keys should be objects suitable for use with
 clojure's `reader` and reference PEMs that contain the proper cert/key/crl list.

 If the :ssl-context key is present, returns the value stored at that key.

 Otherwise, if the :ssl-cert, :ssl-key, and :ssl-ca-cert keys are all present, returns an
 SSLContext constructed from those pems.

 Otherwise, if the :ssl-ca-cert and :ssl-ca-crl keys are present, returns an SSLContext
 constructed from those pems.

 Otherwise, if the :ssl-ca-cert key is present, returns an SSLContext constructed from the
 ca-cert pem.

 If none of the :ssl-cert, :ssl-key, :ssl-ca-cert, :ssl-ca-crl, or :ssl-context keys are present,
 returns nil.

 If the :ssl-context and :ssl-ca-cert keys are both missing, an exception will be thrown.
sourceraw docstring

get-attributesclj

(get-attributes csr)

Inputs: [csr :- PKCS10CertificationRequest] Returns: SSLMultiValueAttributeList

Given a CSR, retrieve a list of maps of all attributes. Each map in the list contains the following keys:

oid : The OID of the extension values : An array of values for the oid

Inputs: [csr :- PKCS10CertificationRequest]
Returns: SSLMultiValueAttributeList

Given a CSR, retrieve a list of maps of all attributes.
Each map in the list contains the following keys:

`oid`      : The OID of the extension
`values`   : An array of values for the oid
sourceraw docstring

get-cn-from-x500-principalclj

(get-cn-from-x500-principal x500-principal)

Inputs: [x500-principal :- X500Principal] Returns: schema/Str

Given an X500Principal object, retrieve the common name (CN).

Inputs: [x500-principal :- X500Principal]
Returns: schema/Str

Given an X500Principal object, retrieve the common name (CN).
sourceraw docstring

get-cn-from-x509-certificateclj

(get-cn-from-x509-certificate x509-certificate)

Inputs: [x509-certificate :- X509Certificate] Returns: schema/Str

Given an X509Certificate object, retrieve its common name (CN).

Inputs: [x509-certificate :- X509Certificate]
Returns: schema/Str

Given an X509Certificate object, retrieve its common name (CN).
sourceraw docstring

get-crl-numberclj

(get-crl-number crl)

Inputs: [crl :- X509CRL] Returns: (schema/maybe BigInteger)

Given a CRL, return the value of the CRL Number extension, or nil if the extension is not present.

Inputs: [crl :- X509CRL]
Returns: (schema/maybe BigInteger)

Given a CRL, return the value of the CRL Number extension, or nil if the
extension is not present.
sourceraw docstring

get-extensionclj

(get-extension ext-container oid)

Inputs: [ext-container :- ExtensionContainer oid :- schema/Str] Returns: SSLExtension

Given a X509 certificate object, CRL, CSR, or a list of extensions returned by get-extensions, return a map describing the value and criticality of the extension described by its OID.

Inputs: [ext-container :- ExtensionContainer oid :- schema/Str]
Returns: SSLExtension

Given a X509 certificate object, CRL, CSR, or a list of extensions
returned by `get-extensions`, return a map describing the value and
criticality of the extension described by its OID.
sourceraw docstring

get-extension-valueclj

(get-extension-value ext-container oid)

Inputs: [ext-container :- ExtensionContainer oid :- schema/Str] Returns: schema/Any

Given a X509 certificate object, CRL, CSR or a list of extensions returned by get-extensions, return the value of an extension by its OID. If the OID doesn't exist on the provided object, then nil is returned.

Inputs: [ext-container :- ExtensionContainer oid :- schema/Str]
Returns: schema/Any

Given a X509 certificate object, CRL, CSR or a list of extensions returned by
`get-extensions`, return the value of an extension by its OID. If the OID
doesn't exist on the provided object, then nil is returned.
sourceraw docstring

get-extensionsclj

(get-extensions ext-container)

Inputs: [ext-container :- (schema/cond-pre X509Certificate PKCS10CertificationRequest X509CRL)] Returns: SSLExtensionList

Given an object containing X509 extensions, retrieve a list of maps of all extensions. Each map in the list contains the following keys:

oid : The OID of the extension value : The value of the extensions critical : True if this is a critical extensions, false if it is not.

Inputs: [ext-container :- (schema/cond-pre X509Certificate PKCS10CertificationRequest X509CRL)]
Returns: SSLExtensionList

Given an object containing X509 extensions, retrieve a list of maps of all
extensions. Each map in the list contains the following keys:

`oid`      : The OID of the extension
`value`    : The value of the extensions
`critical` : True if this is a critical extensions, false if it is not.
sourceraw docstring

get-key-manager-factoryclj

(get-key-manager-factory {:keys [keystore keystore-pw]})

Inputs: [{:keys [keystore keystore-pw]} :- {:keystore KeyStore, :keystore-pw schema/Str}] Returns: KeyManagerFactory

Given a map containing a KeyStore and keystore password (e.g. as generated by pems->key-and-trust-stores), return a KeyManagerFactory that contains the KeyStore.

Inputs: [{:keys [keystore keystore-pw]} :- {:keystore KeyStore, :keystore-pw schema/Str}]
Returns: KeyManagerFactory

Given a map containing a KeyStore and keystore password (e.g. as generated by
pems->key-and-trust-stores), return a KeyManagerFactory that contains the
KeyStore.
sourceraw docstring

get-private-keyclj

(get-private-key key-object)

Inputs: [key-object :- KeyPair] Returns: PrivateKey

Given an object which contains a private key, extract and return it.

Inputs: [key-object :- KeyPair]
Returns: PrivateKey

Given an object which contains a private key, extract and return it.
sourceraw docstring

get-public-keyclj

(get-public-key key-object)

Inputs: [key-object :- (schema/cond-pre KeyPair PKCS10CertificationRequest)] Returns: PublicKey

Given an object which contains a public key, extract the public key and return it.

Inputs: [key-object :- (schema/cond-pre KeyPair PKCS10CertificationRequest)]
Returns: PublicKey

Given an object which contains a public key, extract the public key
and return it.
sourceraw docstring

get-serialclj

(get-serial cert)

Inputs: [cert :- X509Certificate] Returns: BigInteger

Given an X509 certificate, return the serial number from it.

Inputs: [cert :- X509Certificate]
Returns: BigInteger

Given an X509 certificate, return the serial number from it.
sourceraw docstring

get-subject-dns-alt-namesclj

(get-subject-dns-alt-names cert-or-csr)

Inputs: [cert-or-csr :- CertOrCSR] Returns: (schema/maybe [schema/Str])

Given a certificate or CSR, return the list of DNS alternative names on the Subject Alternative Names extension, or nil if the extension is not present.

Inputs: [cert-or-csr :- CertOrCSR]
Returns: (schema/maybe [schema/Str])

Given a certificate or CSR, return the list of DNS alternative names on the
 Subject Alternative Names extension, or nil if the extension is not present.
sourceraw docstring

get-subject-from-x509-certificateclj

(get-subject-from-x509-certificate x509-certificate)

Inputs: [x509-certificate :- X509Certificate] Returns: schema/Str

Given an X509Certificate object, retrieve its subject.

Inputs: [x509-certificate :- X509Certificate]
Returns: schema/Str

Given an X509Certificate object, retrieve its subject.
sourceraw docstring

get-subject-ip-alt-namesclj

(get-subject-ip-alt-names cert-or-csr)

Inputs: [cert-or-csr :- CertOrCSR] Returns: (schema/maybe [schema/Str])

Given a certificate or CSR, return the list of IP alternative names on the Subject Alternative Names extension, or nil if the extension is not present.

Inputs: [cert-or-csr :- CertOrCSR]
Returns: (schema/maybe [schema/Str])

Given a certificate or CSR, return the list of IP alternative names on the
Subject Alternative Names extension, or nil if the extension is not present.
sourceraw docstring

get-trust-manager-factoryclj

(get-trust-manager-factory {:keys [truststore]})

Inputs: [{:keys [truststore]} :- {:truststore KeyStore}] Returns: TrustManagerFactory

Given a map containing a trust store (e.g. as generated by pems->key-and-trust-stores), return a TrustManagerFactory that contains the trust store.

Inputs: [{:keys [truststore]} :- {:truststore KeyStore}]
Returns: TrustManagerFactory

Given a map containing a trust store (e.g. as generated by
pems->key-and-trust-stores), return a TrustManagerFactory that contains the
trust store.
sourceraw docstring

javaizeclj

(javaize data-structure)

Convert a Clojure data structure passed into a function by a user into a Java data structure suitable for passing into a Java utility method.

Convert a Clojure data structure passed into a function by a user into a Java
data structure suitable for passing into a Java utility method.
sourceraw docstring

key->pem!clj

(key->pem! key pem)

Inputs: [key :- Key pem :- Writerable]

Encodes a public or private key to PEM format, and writes it to a file (or other stream). Arguments:

key: the key to encode and write; usually an instance of PrivateKey or PublicKey pem: the file path to write the PEM output to (or some other object supported by clojure's writer)

Inputs: [key :- Key pem :- Writerable]

Encodes a public or private key to PEM format, and writes it to a file (or other
stream).  Arguments:

`key`: the key to encode and write; usually an instance of `PrivateKey` or `PublicKey`
`pem`: the file path to write the PEM output to (or some other object supported by clojure's `writer`)
sourceraw docstring

key-usageclj

(key-usage flag-set critical)

Inputs: [flag-set :- #{Object} critical :- Object] Returns: SSLExtension

Create a Key Usage extension from a set of flags to enable. See the README.md for the keys supported.

Inputs: [flag-set :- #{Object} critical :- Object]
Returns: SSLExtension

Create a `Key Usage` extension from a set of flags to enable. See the
README.md for the keys supported.
sourceraw docstring

KeyAndTrustStoreclj

source

keylengthclj

(keylength key)

Inputs: [key :- PublicOrPrivateKey] Returns: schema/Int

Given a key, return the length key length that was used when generating it.

Inputs: [key :- PublicOrPrivateKey]
Returns: schema/Int

Given a key, return the length key length that was used when generating it.
sourceraw docstring

keypair?clj

(keypair? x)

Returns true if x is a keypair (see generate-key-pair).

Returns true if x is a keypair (see `generate-key-pair`).
sourceraw docstring

keystoreclj

(keystore)

Inputs: [] Returns: KeyStore

Create an empty in-memory Java KeyStore object.

Inputs: []
Returns: KeyStore

Create an empty in-memory Java KeyStore object.
sourceraw docstring

netscape-commentclj

(netscape-comment comment)

Inputs: [comment :- schema/Str] Returns: SSLExtension

Create a Netscape Certificate Comment extension.

Inputs: [comment :- schema/Str]
Returns: SSLExtension

Create a `Netscape Certificate Comment` extension.
sourceraw docstring

obj->pem!clj

(obj->pem! obj pem)

Inputs: [obj :- Object pem :- Writerable]

Encodes an object in PEM format, and writes it to a file (or other stream). Arguments:

obj: the object to encode and write. Must be of a type that can be encoded to PEM; usually this is limited to certain types from the java.security packages.

pem: the file path to write the PEM output to (or some other object supported by clojure's writer)

Inputs: [obj :- Object pem :- Writerable]

Encodes an object in PEM format, and writes it to a file (or other stream).  Arguments:

`obj`: the object to encode and write.  Must be of a type that can be encoded
       to PEM; usually this is limited to certain types from the `java.security`
       packages.

`pem`: the file path to write the PEM output to (or some other object supported by clojure's `writer`)
sourceraw docstring

obj->private-keyclj

(obj->private-key obj)

Inputs: [obj :- Object] Returns: PrivateKey

Decodes the given object (read from a .pem via pem->objs) into an instance of PrivateKey.

Inputs: [obj :- Object]
Returns: PrivateKey

Decodes the given object (read from a .pem via `pem->objs`) into an instance of `PrivateKey`.
sourceraw docstring

objs->pem!clj

(objs->pem! objs buf)

Inputs: [objs :- [Object] buf :- Writerable]

Adds one or more cert related objects, PEM encoded, to the supplied writer

Inputs: [objs :- [Object] buf :- Writerable]

Adds one or more cert related objects, PEM encoded, to the supplied writer
sourceraw docstring

pem->ca-certclj

(pem->ca-cert cert-chain-pem key-or-keypair-pem)

Inputs: [cert-chain-pem :- Readerable key-or-keypair-pem :- Readerable] Returns: X509Certificate

Given a CA certificate chain and key pair, extract and verify the certificate matching the key pair.

Inputs: [cert-chain-pem :- Readerable key-or-keypair-pem :- Readerable]
Returns: X509Certificate

Given a CA certificate chain and key pair, extract and verify the certificate
matching the key pair.
sourceraw docstring

pem->ca-crlclj

(pem->ca-crl crl-chain ca-cert)

Inputs: [crl-chain :- Readerable ca-cert :- X509Certificate] Returns: X509CRL

Given a CRL chain and CA certificate, extract the CRL issued by the certificate

Inputs: [crl-chain :- Readerable ca-cert :- X509Certificate]
Returns: X509CRL

Given a CRL chain and CA certificate, extract the CRL issued by the
certificate
sourceraw docstring

pem->certclj

(pem->cert pem)

Inputs: [pem :- Readerable] Returns: X509Certificate

Given the path to a PEM file (or some other object supported by clojure's reader), decodes the contents into an X509Certificate.

Inputs: [pem :- Readerable]
Returns: X509Certificate

Given the path to a PEM file (or some other object supported by clojure's `reader`),
decodes the contents into an `X509Certificate`.
sourceraw docstring

pem->certsclj

(pem->certs pem)

Inputs: [pem :- Readerable] Returns: [X509Certificate]

Given the path to a PEM file (or some other object supported by clojure's reader), decodes the contents into a collection of X509Certificate instances.

Inputs: [pem :- Readerable]
Returns: [X509Certificate]

Given the path to a PEM file (or some other object supported by clojure's `reader`),
decodes the contents into a collection of `X509Certificate` instances.
sourceraw docstring

pem->crlclj

(pem->crl pem)

Inputs: [pem :- Readerable] Returns: X509CRL

Given the path to a PEM file (or some other object supported by clojure's reader), decode the contents into a X509CRL.

See crl->pem! to PEM-encode a certificate revocation list.

Inputs: [pem :- Readerable]
Returns: X509CRL

Given the path to a PEM file (or some other object supported by clojure's `reader`),
 decode the contents into a `X509CRL`.

 See `crl->pem!` to PEM-encode a certificate revocation list.
sourceraw docstring

pem->crlsclj

(pem->crls pem)

Inputs: [pem :- Readerable] Returns: [X509CRL]

Given the path to a PEM file (or some other object supported by clojure's reader), decode the contents into a collection of X509CRL instances.

Inputs: [pem :- Readerable]
Returns: [X509CRL]

Given the path to a PEM file (or some other object supported by clojure's
`reader`), decode the contents into a collection of `X509CRL` instances.
sourceraw docstring

pem->csrclj

(pem->csr pem)

Inputs: [pem :- Readerable] Returns: PKCS10CertificationRequest

Given the path to a PEM file (or some other object supported by clojure's reader), decode the contents into a PKCS10CertificationRequest.

See obj->pem! to PEM-encode a certificate signing request.

Inputs: [pem :- Readerable]
Returns: PKCS10CertificationRequest

Given the path to a PEM file (or some other object supported by clojure's `reader`),
decode the contents into a `PKCS10CertificationRequest`.

See `obj->pem!` to PEM-encode a certificate signing request.
sourceraw docstring

pem->objsclj

(pem->objs pem)

Inputs: [pem :- Readerable] Returns: [Object]

Given a file path (or some other object supported by clojure's reader), reads PEM-encoded objects and returns a collection of objects of the corresponding type from java.security.

Inputs: [pem :- Readerable]
Returns: [Object]

Given a file path (or some other object supported by clojure's `reader`), reads
PEM-encoded objects and returns a collection of objects of the corresponding
type from `java.security`.
sourceraw docstring

pem->private-keyclj

(pem->private-key pem)

Inputs: [pem :- Readerable] Returns: PrivateKey

Given the path to a PEM file (or some other object supported by clojure's reader), decode the contents into a PrivateKey instance. Throws an exception if multiple keys are found in the PEM. See key->pem! and pem->private-keys to write/read keys.

Inputs: [pem :- Readerable]
Returns: PrivateKey

Given the path to a PEM file (or some other object supported by clojure's `reader`),
decode the contents into a `PrivateKey` instance. Throws an exception if multiple keys
are found in the PEM.
See `key->pem!` and `pem->private-keys` to write/read keys.
sourceraw docstring

pem->private-keysclj

(pem->private-keys pem)

Inputs: [pem :- Readerable] Returns: [PrivateKey]

Given the path to a PEM file (or some other object supported by clojure's reader), decodes the contents into a collection of PrivateKey instances.

Inputs: [pem :- Readerable]
Returns: [PrivateKey]

Given the path to a PEM file (or some other object supported by clojure's `reader`),
decodes the contents into a collection of `PrivateKey` instances.
sourceraw docstring

pem->public-keyclj

(pem->public-key pem)

Inputs: [pem :- Readerable] Returns: PublicKey

Given the path to a PEM file (or some other object supported by clojure's reader), decode the contents into a PublicKey instance. Throws an exception if multiple keys are found in the PEM. See key->pem! to write public keys.

Inputs: [pem :- Readerable]
Returns: PublicKey

Given the path to a PEM file (or some other object supported by clojure's `reader`),
 decode the contents into a `PublicKey` instance. Throws an exception if multiple
 keys are found in the PEM.
 See `key->pem!` to write public keys.
sourceraw docstring

pems->key-and-trust-storesclj

(pems->key-and-trust-stores cert private-key ca-cert)

Inputs: [cert :- Readerable private-key :- Readerable ca-cert :- Readerable] Returns: KeyAndTrustStore

Given pems for a certificate, private key, and CA certificate, creates an in-memory KeyStore and TrustStore.

Argument should be a map containing the keys :cert, :key, and :ca-cert. Each value must be an object suitable for use with clojure's reader, and reference a PEM that contains the appropriate cert/key.

Returns a map containing the following keys:

:keystore - an instance of KeyStore initialized with the cert and private key :keystore-pw - a string containing a dynamically generated password for the KeyStore :truststore - an instance of KeyStore containing the CA cert.

Inputs: [cert :- Readerable private-key :- Readerable ca-cert :- Readerable]
Returns: KeyAndTrustStore

Given pems for a certificate, private key, and CA certificate, creates an
in-memory KeyStore and TrustStore.

Argument should be a map containing the keys `:cert`, `:key`, and `:ca-cert`.
Each value must be an object suitable for use with clojure's `reader`, and
reference a PEM that contains the appropriate cert/key.

Returns a map containing the following keys:

`:keystore`    - an instance of KeyStore initialized with the cert and private key
`:keystore-pw` - a string containing a dynamically generated password for the KeyStore
`:truststore`  - an instance of KeyStore containing the CA cert.
sourceraw docstring

pems->ssl-contextclj

(pems->ssl-context cert private-key ca-cert)
(pems->ssl-context cert private-key ca-cert crls)

Inputs: ([cert private-key ca-cert] [cert :- Readerable private-key :- Readerable ca-cert :- Readerable crls :- (schema/maybe Readerable)]) Returns: SSLContext

Given pems for a certificate, private key, and CA certificate, creates an in-memory SSLContext initialized with a KeyStore/TrustStore generated from the input certs/key. If an optional argument containing CRLs is provided, the SSLContext is also enabled for revocation checking against the CRLs.

Each argument must be an object suitable for use with clojure's reader, and reference a PEM that contains the appropriate cert/key/crl list.

Returns the SSLContext instance.

Inputs: ([cert private-key ca-cert] [cert :- Readerable private-key :- Readerable ca-cert :- Readerable crls :- (schema/maybe Readerable)])
Returns: SSLContext

Given pems for a certificate, private key, and CA certificate, creates an
in-memory SSLContext initialized with a KeyStore/TrustStore generated from
the input certs/key.  If an optional argument containing CRLs is provided,
the SSLContext is also enabled for revocation checking against the CRLs.

Each argument must be an object suitable for use with clojure's `reader`, and
reference a PEM that contains the appropriate cert/key/crl list.

Returns the SSLContext instance.
sourceraw docstring

private-key?clj

(private-key? x)

Returns true if x is a private key (see generate-key-pair).

Returns true if x is a private key (see `generate-key-pair`).
sourceraw docstring

public-key?clj

(public-key? x)

Returns true if x is a public key (see generate-key-pair).

Returns true if x is a public key (see `generate-key-pair`).
sourceraw docstring

PublicOrPrivateKeyclj

source

puppet-node-image-nameclj

(puppet-node-image-name name critical)

Inputs: [name :- schema/Str critical :- Object] Returns: SSLExtension

Create a Puppet Node Image Name extension.

Inputs: [name :- schema/Str critical :- Object]
Returns: SSLExtension

Create a `Puppet Node Image Name` extension.
sourceraw docstring

puppet-node-instance-idclj

(puppet-node-instance-id id critical)

Inputs: [id :- schema/Str critical :- Object] Returns: SSLExtension

Create a Puppet Node Instance ID extension.

Inputs: [id :- schema/Str critical :- Object]
Returns: SSLExtension

Create a `Puppet Node Instance ID` extension.
sourceraw docstring

puppet-node-preshared-keyclj

(puppet-node-preshared-key key critical)

Inputs: [key :- schema/Str critical :- Object] Returns: SSLExtension

Create a Puppet Node Preshared Key extension.

Inputs: [key :- schema/Str critical :- Object]
Returns: SSLExtension

Create a `Puppet Node Preshared Key` extension.
sourceraw docstring

puppet-node-uidclj

(puppet-node-uid uid critical)

Inputs: [uid :- schema/Str critical :- Object] Returns: SSLExtension

Create a Puppet Node UID extension.

Inputs: [uid :- schema/Str critical :- Object]
Returns: SSLExtension

Create a `Puppet Node UID` extension.
sourceraw docstring

Readerableclj

Schema for anything that can be handed off to clojure's reader function.

Schema for anything that can be handed off to clojure's reader function.
sourceraw docstring

revokeclj

(revoke crl issuer-private-key issuer-public-key cert-serial)

Inputs: [crl :- X509CRL issuer-private-key :- PrivateKey issuer-public-key :- PublicKey cert-serial :- schema/Int] Returns: X509CRL

Given a certificate revocation list and certificate serial number, revoke the certificate by adding its serial number to the list and return the updated CRL. The issuer keys should be the same ones that were used when generating the CRL.

The CRLNumber extension on the CRL will be incremented by 1, or the extension will be added if it doesn't already exist.

The AuthorityKeyIdentifier extension will be added to the CRL if it doesn't already exist.

Inputs: [crl :- X509CRL issuer-private-key :- PrivateKey issuer-public-key :- PublicKey cert-serial :- schema/Int]
Returns: X509CRL

Given a certificate revocation list and certificate serial number,
 revoke the certificate by adding its serial number to the list and
 return the updated CRL. The issuer keys should be the same ones
 that were used when generating the CRL.

 The CRLNumber extension on the CRL will be incremented by 1,
 or the extension will be added if it doesn't already exist.

 The AuthorityKeyIdentifier extension will be added to the CRL
 if it doesn't already exist.
sourceraw docstring

revoke-multipleclj

(revoke-multiple crl issuer-private-key issuer-public-key cert-serials)

Inputs: [crl :- X509CRL issuer-private-key :- PrivateKey issuer-public-key :- PublicKey cert-serials :- [schema/Int]] Returns: X509CRL

Given a certificate revocation list and a list of certificate serial numbers, revoke the certificates by adding their serial numbers to the list and returning the updated CRL. The issuer keys should be the same ones that were used when generating the CRL.

The CRLNumber extension on the CRL will be incremented by 1, or the extension will be added if it doesn't already exist.

The AuthorityKeyIdentifier extension will be added to the CRL if it doesn't already exist.

Inputs: [crl :- X509CRL issuer-private-key :- PrivateKey issuer-public-key :- PublicKey cert-serials :- [schema/Int]]
Returns: X509CRL

Given a certificate revocation list and a list of certificate
 serial numbers, revoke the certificates by adding their serial
 numbers to the list and returning the updated CRL. The issuer
 keys should be the same ones that were used when generating
 the CRL.

 The CRLNumber extension on the CRL will be incremented by 1,
 or the extension will be added if it doesn't already exist.

 The AuthorityKeyIdentifier extension will be added to the CRL
 if it doesn't already exist.
sourceraw docstring

revoked?clj

(revoked? crl certificate)

Inputs: [crl :- X509CRL certificate :- X509Certificate] Returns: schema/Bool

Given a certificate revocation list and certificate, test if the certificate has been revoked.

Note that if the certificate and CRL have different issuers, false will be returned even if the certificate's serial number is on the CRL (i.e. previously revoked).

Inputs: [crl :- X509CRL certificate :- X509Certificate]
Returns: schema/Bool

Given a certificate revocation list and certificate, test if the
 certificate has been revoked.

 Note that if the certificate and CRL have different issuers, false
 will be returned even if the certificate's serial number is on the
 CRL (i.e. previously revoked).
sourceraw docstring

sign-certificateclj

(sign-certificate issuer-dn
                  issuer-priv-key
                  serial
                  not-before
                  not-after
                  subject-dn
                  subject-pub-key)
(sign-certificate issuer-dn
                  issuer-priv-key
                  serial
                  not-before
                  not-after
                  subject-dn
                  subject-pub-key
                  extensions)

Inputs: ([issuer-dn issuer-priv-key serial not-before not-after subject-dn subject-pub-key] [issuer-dn :- ValidX500Name issuer-priv-key :- PrivateKey serial :- schema/Int not-before :- Date not-after :- Date subject-dn :- ValidX500Name subject-pub-key :- PublicKey extensions :- SSLExtensionList]) Returns: X509Certificate

Given a subject, certificate authority information and other certificate info, return a signed X509Certificate object.

Arguments:

issuer-dn: a string containing the issuer's DN. issuer-priv-key: the issuer's private key. serial: an arbitrary serial number integer. not-before: the certificate's 'not before' date. not-after: the certificate's 'not after' date. subject-dn: the subject's DN subject-pub-key: the subject's public key extensions: an optional list of X509 extensions, each of which is a map with an oid, value and critical flag. The value format is dependent upon the oid.

Inputs: ([issuer-dn issuer-priv-key serial not-before not-after subject-dn subject-pub-key] [issuer-dn :- ValidX500Name issuer-priv-key :- PrivateKey serial :- schema/Int not-before :- Date not-after :- Date subject-dn :- ValidX500Name subject-pub-key :- PublicKey extensions :- SSLExtensionList])
Returns: X509Certificate

Given a subject, certificate authority information and other certificate info,
return a signed  `X509Certificate` object.

Arguments:

`issuer-dn`:          a string containing the issuer's DN.
`issuer-priv-key`:    the issuer's private key.
`serial`:             an arbitrary serial number integer.
`not-before`:         the certificate's 'not before' date.
`not-after`:          the certificate's 'not after' date.
`subject-dn`:         the subject's DN
`subject-pub-key`:    the subject's public key
`extensions`:         an optional list of X509 extensions, each of which is
                      a map with an `oid`, `value` and `critical` flag. The
                      value format is dependent upon the oid.
sourceraw docstring

signature-valid?clj

(signature-valid? csr)

Inputs: [csr :- PKCS10CertificationRequest] Returns: schema/Bool

Does the given CSR have a valid signature on it? i.e., was it signed by the private key corresponding to the public key included in the CSR?

Inputs: [csr :- PKCS10CertificationRequest]
Returns: schema/Bool

Does the given CSR have a valid signature on it?  i.e., was it signed by the
private key corresponding to the public key included in the CSR?
sourceraw docstring

SSLAttributeclj

source

SSLAttributeListclj

source

SSLContextOptionsclj

Schema for the options map that generate-ssl-context requires.

Schema for the options map that generate-ssl-context requires.
sourceraw docstring

SSLExtensionclj

A map containing all the fields required to define an extension. This is not the actual SSL Extension itself but the required oid, critical boolean, and value for the Extension. Use the optional :options to to modify how the extension is created in ExtensionsUtils.

A map containing all the fields required to define an extension. This is not
the actual SSL Extension itself but the required oid, critical boolean, and
value for the Extension. Use the optional :options to to modify how the
extension is created in ExtensionsUtils.
sourceraw docstring

SSLExtensionListclj

source

SSLMultiValueAttributeclj

source

SSLMultiValueAttributeListclj

source

subject-alt-name-oidclj

SubjectAlternativeName OID 2.5.29.17

SubjectAlternativeName OID 2.5.29.17
sourceraw docstring

subject-alt-namesclj

(subject-alt-names alt-names-hashmap critical)

Inputs: [alt-names-hashmap :- #:schema{Keyword [schema/Str]} critical :- Object] Returns: SSLExtension

Create a Subject Alternative Names extensions (OID=2.5.29.17) which contains a list of DNS and/maybe IP names as alternative names. The critical argument sets the criticality flag of this extension.

Inputs: [alt-names-hashmap :- #:schema{Keyword [schema/Str]} critical :- Object]
Returns: SSLExtension

Create a Subject Alternative Names extensions (OID=2.5.29.17) which contains
a list of DNS and/maybe IP names as alternative names. The `critical` argument sets the
criticality flag of this extension.
sourceraw docstring

subject-dns-alt-namesclj

(subject-dns-alt-names alt-names-list critical)

Inputs: [alt-names-list :- [schema/Str] critical :- Object] Returns: SSLExtension

Create a Subject Alternative Names extensions (OID=2.5.29.17) which contains a list of DNS names as alternative names. The critical argument sets the criticality flag of this extension.

Inputs: [alt-names-list :- [schema/Str] critical :- Object]
Returns: SSLExtension

Create a Subject Alternative Names extensions (OID=2.5.29.17) which contains
a list of DNS names as alternative names. The `critical` argument sets the
criticality flag of this extension.
sourceraw docstring

subject-key-identifierclj

(subject-key-identifier public-key critical)

Inputs: [public-key :- PublicKey critical :- Object] Returns: SSLExtension

Create a Subject Key Identifier extension from a PublicKey object. The extension created by this function is intended to be passed into sign-certificate and generate-certificate-request, at which time the key's hash will be computed and stored in the resulting object.

Inputs: [public-key :- PublicKey critical :- Object]
Returns: SSLExtension

Create a `Subject Key Identifier` extension from a `PublicKey` object. The
extension created by this function is intended to be passed into
`sign-certificate` and `generate-certificate-request`, at which time the key's
hash will be computed and stored in the resulting object.
sourceraw docstring

subject-key-identifier-oidclj

SubjectKeyIdentifier OID 2.5.29.14

SubjectKeyIdentifier OID 2.5.29.14
sourceraw docstring

subtree-of?clj

(subtree-of? parent-oid oid)

Inputs: [parent-oid :- schema/Str oid :- schema/Str] Returns: schema/Bool

Given an OID and a a parent tree OID return true if the OID is within the subtree of the parent OID.

Inputs: [parent-oid :- schema/Str oid :- schema/Str]
Returns: schema/Bool

Given an OID and a a parent tree OID return true if the OID is within
the subtree of the parent OID.
sourceraw docstring

valid-x500-name?clj

(valid-x500-name? x)

Returns true if x is a valid X500 name string.

Returns true if x is a valid X500 name string.
sourceraw docstring

validate-cert-chainclj

(validate-cert-chain cert-chain crl-chain)

Inputs: [cert-chain :- [X509Certificate] crl-chain :- [X509CRL]]

Given a list of certificates and a list of CRLs, validate the certificate chain, i.e. ensure that none of the certs have been revoked by checking the appropriate CRL, which must be present and currently valid. Returns nil if successful.

Inputs: [cert-chain :- [X509Certificate] crl-chain :- [X509CRL]]

Given a list of certificates and a list of CRLs, validate the certificate
 chain, i.e. ensure that none of the certs have been revoked by checking the
 appropriate CRL, which must be present and currently valid.
 Returns nil if successful.
sourceraw docstring

ValidX500Nameclj

source

Writerableclj

Schema for anything that can be handed off to clojure's writer function.

Schema for anything that can be handed off to clojure's writer function.
sourceraw docstring

x500-name->CNclj

(x500-name->CN x500-name)

Inputs: [x500-name :- ValidX500Name] Returns: schema/Str

Given an X500 name, return the common name from it.

Inputs: [x500-name :- ValidX500Name]
Returns: schema/Str

Given an X500 name, return the common name from it.
sourceraw docstring

x500-principal?clj

(x500-principal? x)

Returns true if x is an instance of 'X500Principal'.

Returns true if x is an instance of 'X500Principal'.
sourceraw docstring

x509-extension?clj

(x509-extension? x)

Returns true if the given object contains X509 extensions, this generally refers to X509Certificate and X509CRL objects.

Returns true if the given object contains X509 extensions, this generally
refers to `X509Certificate` and `X509CRL` objects.
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close