Utilities for working with certificates and keys. More...

#include <qgsauthcertutils.h>

Public Types
enum	CaCertSource { SystemRoot = 0, FromFile = 1, InDatabase = 2, Connection = 3 }
	Type of CA certificate source. More...

enum	CertTrustPolicy { DefaultTrust = 0, Trusted = 1, Untrusted = 2, NoPolicy = 3 }
	Type of certificate trust policy. More...

enum	CertUsageType { UndeterminedUsage = 0, AnyOrUnspecifiedUsage, CertAuthorityUsage, CertIssuerUsage, TlsServerUsage, TlsServerEvUsage, TlsClientUsage, CodeSigningUsage, EmailProtectionUsage, TimeStampingUsage, CRLSigningUsage }
	Type of certificate usage. More...

enum	ConstraintGroup { KeyUsage = 0, ExtendedKeyUsage = 1 }
	Type of certificate key group. More...

Static Public Member Functions
static QSslCertificate	certFromFile (const QString &certpath)
	Return first cert from a PEM or DER formatted file. More...

static bool	certificateIsAuthority (const QSslCertificate &cert)
	Get whether a certificate is an Authority. More...

static bool	certificateIsAuthorityOrIssuer (const QSslCertificate &cert)
	Get whether a certificate is an Authority or can at least sign other certificates. More...

static bool	certificateIsIssuer (const QSslCertificate &cert)
	Get whether a certificate can sign other certificates. More...

static bool	certificateIsSslClient (const QSslCertificate &cert)
	Get whether a certificate is probably used for a client identity. More...

static bool	certificateIsSslServer (const QSslCertificate &cert)
	Get whether a certificate is probably used for a SSL server. More...

static QList< QgsAuthCertUtils::CertUsageType >	certificateUsageTypes (const QSslCertificate &cert)
	Try to determine the certificates usage types. More...

static QString	certificateUsageTypeString (QgsAuthCertUtils::CertUsageType usagetype)
	Certificate usage type strings per enum. More...

static QStringList	certKeyBundleToPem (const QString &certpath, const QString &keypath, const QString &keypass=QString(), bool reencrypt=true)
	Return list of certificate, private key and algorithm (as PEM text) from file path components. More...

static QList< QSslCertificate >	certsFromFile (const QString &certspath)
	Return list of concatenated certs from a PEM or DER formatted file. More...

static QList< QSslCertificate >	certsFromString (const QString &pemtext)
	Return list of concatenated certs from a PEM Base64 text block. More...

static QMap< QString, QList< QSslCertificate > >	certsGroupedByOrg (const QList< QSslCertificate > &certs)
	Map certificates to their oraganization. More...

static QString	getCaSourceName (QgsAuthCertUtils::CaCertSource source, bool single=false)
	Get the general name for CA source enum type. More...

static QString	getCertDistinguishedName (const QSslCertificate &qcert, const QCA::Certificate &acert=QCA::Certificate(), bool issuer=false)
	Get combined distinguished name for certificate. More...

static QString	getCertTrustName (QgsAuthCertUtils::CertTrustPolicy trust)
	Get the general name for certificate trust. More...

static QString	getColonDelimited (const QString &txt)
	Get string with colon delimeters every 2 characters. More...

static QString	getSslProtocolName (QSsl::SslProtocol protocol)
	SSL Protocol name strings per enum. More...

static QSslKey	keyFromFile (const QString &keypath, const QString &keypass=QString(), QString *algtype=nullptr)
	Return non-encrypted key from a PEM or DER formatted file. More...

static QMap< QString, QSslCertificate >	mapDigestToCerts (const QList< QSslCertificate > &certs)
	Map certificate sha1 to certificate as simple cache. More...

static QMap< QString, QgsAuthConfigSslServer >	mapDigestToSslConfigs (const QList< QgsAuthConfigSslServer > &configs)
	Map SSL custom configs' certificate sha1 to custom config as simple cache. More...

static QString	pemTextToTempFile (const QString &name, const QByteArray &pemtext)
	Write a temporary file for a PEM text of cert/key/CAs bundle component. More...

static QStringList	pkcs12BundleToPem (const QString &bundlepath, const QString &bundlepass=QString(), bool reencrypt=true)
	Return list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle. More...

static QCA::KeyBundle	qcaKeyBundle (const QString &path, const QString &pass)
	PKI key/cert bundle from file path, e.g. More...

static QString	qcaKnownConstraint (QCA::ConstraintTypeKnown constraint)
	Certificate well-known constraint strings per enum. More...

static QString	qcaSignatureAlgorithm (QCA::SignatureAlgorithm algorithm)
	Certificate signature algorithm strings per enum. More...

static QString	qcaValidityMessage (QCA::Validity validity)
	Certificate validity check messages per enum. More...

static QCA::CertificateCollection	qtCertsToQcaCollection (const QList< QSslCertificate > &certs)
	Convert a QList of QSslCertificate to a QCA::CertificateCollection. More...

static QCA::Certificate	qtCertToQcaCert (const QSslCertificate &cert)
	Convert a QSslCertificate to a QCA::Certificate. More...

static QString	resolvedCertName (const QSslCertificate &cert, bool issuer=false)
	Get the general name via RFC 5280 resolution. More...

static QString	shaHexForCert (const QSslCertificate &cert, bool formatted=false)
	Get the sha1 hash for certificate. More...

static QMap< QString, QList< QgsAuthConfigSslServer > >	sslConfigsGroupedByOrg (const QList< QgsAuthConfigSslServer > &configs)
	Map SSL custom configs' certificates to their oraganization. More...

static QString	sslErrorEnumString (QSslError::SslError errenum)
	Get short strings describing an SSL error. More...

static QList< QPair< QSslError::SslError, QString > >	sslErrorEnumStrings ()
	Get short strings describing SSL errors. More...

Detailed Description

Utilities for working with certificates and keys.

Definition at line 43 of file qgsauthcertutils.h.

Member Enumeration Documentation

◆ CaCertSource

enum QgsAuthCertUtils::CaCertSource

Type of CA certificate source.

Enumerator
SystemRoot
FromFile
InDatabase
Connection

Definition at line 47 of file qgsauthcertutils.h.

◆ CertTrustPolicy

enum QgsAuthCertUtils::CertTrustPolicy

Type of certificate trust policy.

Enumerator
DefaultTrust
Trusted
Untrusted
NoPolicy

Definition at line 56 of file qgsauthcertutils.h.

◆ CertUsageType

enum QgsAuthCertUtils::CertUsageType

Type of certificate usage.

Enumerator
UndeterminedUsage
AnyOrUnspecifiedUsage
CertAuthorityUsage
CertIssuerUsage
TlsServerUsage
TlsServerEvUsage
TlsClientUsage
CodeSigningUsage
EmailProtectionUsage
TimeStampingUsage
CRLSigningUsage

Definition at line 65 of file qgsauthcertutils.h.

◆ ConstraintGroup

enum QgsAuthCertUtils::ConstraintGroup

Type of certificate key group.

Enumerator
KeyUsage
ExtendedKeyUsage

Definition at line 81 of file qgsauthcertutils.h.

Member Function Documentation

◆ certFromFile()

QSslCertificate QgsAuthCertUtils::certFromFile ( const QString & certpath )

static

Return first cert from a PEM or DER formatted file.

Definition at line 130 of file qgsauthcertutils.cpp.

◆ certificateIsAuthority()

bool QgsAuthCertUtils::certificateIsAuthority ( const QSslCertificate & cert )

static

Get whether a certificate is an Authority.

Definition at line 681 of file qgsauthcertutils.cpp.

◆ certificateIsAuthorityOrIssuer()

bool QgsAuthCertUtils::certificateIsAuthorityOrIssuer ( const QSslCertificate & cert )

static

Get whether a certificate is an Authority or can at least sign other certificates.

Definition at line 691 of file qgsauthcertutils.cpp.

◆ certificateIsIssuer()

bool QgsAuthCertUtils::certificateIsIssuer ( const QSslCertificate & cert )

static

Get whether a certificate can sign other certificates.

Definition at line 686 of file qgsauthcertutils.cpp.

◆ certificateIsSslClient()

bool QgsAuthCertUtils::certificateIsSslClient ( const QSslCertificate & cert )

static

Get whether a certificate is probably used for a client identity.

Definition at line 818 of file qgsauthcertutils.cpp.

◆ certificateIsSslServer()

bool QgsAuthCertUtils::certificateIsSslServer ( const QSslCertificate & cert )

static

Get whether a certificate is probably used for a SSL server.

Definition at line 697 of file qgsauthcertutils.cpp.

◆ certificateUsageTypes()

QList< QgsAuthCertUtils::CertUsageType > QgsAuthCertUtils::certificateUsageTypes ( const QSslCertificate & cert )

static

Try to determine the certificates usage types.

Definition at line 606 of file qgsauthcertutils.cpp.

◆ certificateUsageTypeString()

QString QgsAuthCertUtils::certificateUsageTypeString ( QgsAuthCertUtils::CertUsageType usagetype )

static

Certificate usage type strings per enum.

Note: not available in Python bindings

Definition at line 576 of file qgsauthcertutils.cpp.

◆ certKeyBundleToPem()

QStringList QgsAuthCertUtils::certKeyBundleToPem	(	const QString &	certpath,
		const QString &	keypath,
		const QString &	keypass = `QString()`,
		bool	reencrypt = `true`
	)

static

Return list of certificate, private key and algorithm (as PEM text) from file path components.

Parameters

certpath	File path to certificate
keypath	File path to private key
keypass	Passphrase for private key
reencrypt	Whether to re-encrypt the private key with the passphrase

Returns: certificate, private key, key's algorithm type

Definition at line 193 of file qgsauthcertutils.cpp.

◆ certsFromFile()

QList< QSslCertificate > QgsAuthCertUtils::certsFromFile ( const QString & certspath )

static

Return list of concatenated certs from a PEM or DER formatted file.

Definition at line 118 of file qgsauthcertutils.cpp.

◆ certsFromString()

QList< QSslCertificate > QgsAuthCertUtils::certsFromString ( const QString & pemtext )

static

Return list of concatenated certs from a PEM Base64 text block.

Definition at line 182 of file qgsauthcertutils.cpp.

◆ certsGroupedByOrg()

QMap< QString, QList< QSslCertificate > > QgsAuthCertUtils::certsGroupedByOrg ( const QList< QSslCertificate > & certs )

static

Map certificates to their oraganization.

Note: not available in Python bindings

Definition at line 60 of file qgsauthcertutils.cpp.

◆ getCaSourceName()

QString QgsAuthCertUtils::getCaSourceName	(	QgsAuthCertUtils::CaCertSource	source,
		bool	single = `false`
	)

static

Get the general name for CA source enum type.

Parameters

source	The enum source type for the CA
single	Whether to return singular or plural description

Definition at line 280 of file qgsauthcertutils.cpp.

◆ getCertDistinguishedName()

QString QgsAuthCertUtils::getCertDistinguishedName	(	const QSslCertificate &	qcert,
		const QCA::Certificate &	acert = `QCA::Certificate()`,
		bool	issuer = `false`
	)

static

Get combined distinguished name for certificate.

Parameters

qcert	Qt SSL cert object
acert	QCA SSL cert object to add more info to the output
issuer	Whether to return cert's subject or issuer combined name

Note: not available in Python bindings

Definition at line 335 of file qgsauthcertutils.cpp.

◆ getCertTrustName()

QString QgsAuthCertUtils::getCertTrustName ( QgsAuthCertUtils::CertTrustPolicy trust )

static

Get the general name for certificate trust.

Definition at line 385 of file qgsauthcertutils.cpp.

◆ getColonDelimited()

QString QgsAuthCertUtils::getColonDelimited ( const QString & txt )

static

Get string with colon delimeters every 2 characters.

Definition at line 400 of file qgsauthcertutils.cpp.

◆ getSslProtocolName()

QString QgsAuthCertUtils::getSslProtocolName ( QSsl::SslProtocol protocol )

static

SSL Protocol name strings per enum.

Definition at line 29 of file qgsauthcertutils.cpp.

◆ keyFromFile()

QSslKey QgsAuthCertUtils::keyFromFile	(	const QString &	keypath,
		const QString &	keypass = `QString()`,
		QString *	algtype = `nullptr`
	)

static

Return non-encrypted key from a PEM or DER formatted file.

Parameters

keypath	File path to private key
keypass	Passphrase for private key
algtype	QString to set with resolved algorithm type

Definition at line 145 of file qgsauthcertutils.cpp.

◆ mapDigestToCerts()

QMap< QString, QSslCertificate > QgsAuthCertUtils::mapDigestToCerts ( const QList< QSslCertificate > & certs )

static

Map certificate sha1 to certificate as simple cache.

Definition at line 50 of file qgsauthcertutils.cpp.

◆ mapDigestToSslConfigs()

QMap< QString, QgsAuthConfigSslServer > QgsAuthCertUtils::mapDigestToSslConfigs ( const QList< QgsAuthConfigSslServer > & configs )

static

Map SSL custom configs' certificate sha1 to custom config as simple cache.

Definition at line 74 of file qgsauthcertutils.cpp.

◆ pemTextToTempFile()

QString QgsAuthCertUtils::pemTextToTempFile	(	const QString &	name,
		const QByteArray &	pemtext
	)

static

Write a temporary file for a PEM text of cert/key/CAs bundle component.

Parameters

pemtext	Component content as PEM text
name	Name of file

Returns: File path to temporary file

Definition at line 251 of file qgsauthcertutils.cpp.

◆ pkcs12BundleToPem()

QStringList QgsAuthCertUtils::pkcs12BundleToPem	(	const QString &	bundlepath,
		const QString &	bundlepass = `QString()`,
		bool	reencrypt = `true`
	)

static

Return list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle.

Parameters

bundlepath	File path to the PKCS bundle
bundlepass	Passphrase for bundle
reencrypt	Whether to re-encrypt the private key with the passphrase

Returns: certificate, private key, key's algorithm type

Definition at line 218 of file qgsauthcertutils.cpp.

◆ qcaKeyBundle()

QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle	(	const QString &	path,
		const QString &	pass
	)

static

PKI key/cert bundle from file path, e.g.

from .p12 or pfx files.

Note: not available in Python bindings

Definition at line 455 of file qgsauthcertutils.cpp.

◆ qcaKnownConstraint()

QString QgsAuthCertUtils::qcaKnownConstraint ( QCA::ConstraintTypeKnown constraint )

static

Certificate well-known constraint strings per enum.

Note: not available in Python bindings

Definition at line 531 of file qgsauthcertutils.cpp.

◆ qcaSignatureAlgorithm()

QString QgsAuthCertUtils::qcaSignatureAlgorithm ( QCA::SignatureAlgorithm algorithm )

static

Certificate signature algorithm strings per enum.

Note: not available in Python bindings

Definition at line 500 of file qgsauthcertutils.cpp.

◆ qcaValidityMessage()

QString QgsAuthCertUtils::qcaValidityMessage ( QCA::Validity validity )

static

Certificate validity check messages per enum.

Note: not available in Python bindings

Definition at line 467 of file qgsauthcertutils.cpp.

◆ qtCertsToQcaCollection()

QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection ( const QList< QSslCertificate > & certs )

static

Convert a QList of QSslCertificate to a QCA::CertificateCollection.

Note: not available in Python bindings

Definition at line 438 of file qgsauthcertutils.cpp.

◆ qtCertToQcaCert()

QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert ( const QSslCertificate & cert )

static

Convert a QSslCertificate to a QCA::Certificate.

Note: not available in Python bindings

Definition at line 423 of file qgsauthcertutils.cpp.

◆ resolvedCertName()

QString QgsAuthCertUtils::resolvedCertName	(	const QSslCertificate &	cert,
		bool	issuer = `false`
	)

static

Get the general name via RFC 5280 resolution.

Definition at line 297 of file qgsauthcertutils.cpp.

◆ shaHexForCert()

QString QgsAuthCertUtils::shaHexForCert	(	const QSslCertificate &	cert,
		bool	formatted = `false`
	)

static

Get the sha1 hash for certificate.

Parameters

cert	Qt SSL certificate to generate hash from
formatted	Whether to colon-delimit the hash

Definition at line 413 of file qgsauthcertutils.cpp.

◆ sslConfigsGroupedByOrg()

QMap< QString, QList< QgsAuthConfigSslServer > > QgsAuthCertUtils::sslConfigsGroupedByOrg ( const QList< QgsAuthConfigSslServer > & configs )

static

Map SSL custom configs' certificates to their oraganization.

Note: not available in Python bindings

Definition at line 84 of file qgsauthcertutils.cpp.

◆ sslErrorEnumString()

QString QgsAuthCertUtils::sslErrorEnumString ( QSslError::SslError errenum )

static

Get short strings describing an SSL error.

Definition at line 823 of file qgsauthcertutils.cpp.

◆ sslErrorEnumStrings()

QList< QPair< QSslError::SslError, QString > > QgsAuthCertUtils::sslErrorEnumStrings ( )

static

Get short strings describing SSL errors.

Note: not available in Python bindings

Definition at line 884 of file qgsauthcertutils.cpp.

The documentation for this class was generated from the following files:

/tmp/buildd/qgis-2.18.21+99unstable/src/core/auth/qgsauthcertutils.h
/tmp/buildd/qgis-2.18.21+99unstable/src/core/auth/qgsauthcertutils.cpp

Public Types

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

◆ CaCertSource

◆ CertTrustPolicy

◆ CertUsageType

◆ ConstraintGroup

Member Function Documentation

◆ certFromFile()

◆ certificateIsAuthority()

◆ certificateIsAuthorityOrIssuer()

◆ certificateIsIssuer()

◆ certificateIsSslClient()

◆ certificateIsSslServer()

◆ certificateUsageTypes()

◆ certificateUsageTypeString()

◆ certKeyBundleToPem()

◆ certsFromFile()

◆ certsFromString()

◆ certsGroupedByOrg()

◆ getCaSourceName()

◆ getCertDistinguishedName()

◆ getCertTrustName()

◆ getColonDelimited()

◆ getSslProtocolName()

◆ keyFromFile()

◆ mapDigestToCerts()

◆ mapDigestToSslConfigs()

◆ pemTextToTempFile()

◆ pkcs12BundleToPem()

◆ qcaKeyBundle()

◆ qcaKnownConstraint()

◆ qcaSignatureAlgorithm()

◆ qcaValidityMessage()

◆ qtCertsToQcaCollection()

◆ qtCertToQcaCert()

◆ resolvedCertName()

◆ shaHexForCert()

◆ sslConfigsGroupedByOrg()

◆ sslErrorEnumString()

◆ sslErrorEnumStrings()