QGIS API Documentation  3.0.2-Girona (307d082)
qgsauthcertutils.h
Go to the documentation of this file.
1 /***************************************************************************
2  qgsauthcertutils.h
3  ---------------------
4  begin : May 1, 2015
5  copyright : (C) 2015 by Boundless Spatial, Inc. USA
6  author : Larry Shaffer
7  email : lshaffer at boundlessgeo dot com
8  ***************************************************************************
9  * *
10  * This program is free software; you can redistribute it and/or modify *
11  * it under the terms of the GNU General Public License as published by *
12  * the Free Software Foundation; either version 2 of the License, or *
13  * (at your option) any later version. *
14  * *
15  ***************************************************************************/
16 
17 
18 #ifndef QGSAUTHCERTUTILS_H
19 #define QGSAUTHCERTUTILS_H
20 
21 #include <QFile>
22 #include "qgis_sip.h"
23 #include <QtCrypto>
24 #include <QSslCertificate>
25 #include <QSslError>
26 
27 #include "qgsauthconfig.h"
28 #include "qgis_core.h"
29 
30 class QgsAuthConfigSslServer;
31 
32 #define SSL_ISSUER_INFO( var, prop ) var.issuerInfo( prop ).value(0)
33 
34 #define SSL_SUBJECT_INFO( var, prop ) var.subjectInfo( prop ).value(0)
35 
40 class CORE_EXPORT QgsAuthCertUtils
41 {
42  public:
44  enum CaCertSource
45  {
46  SystemRoot = 0,
47  FromFile = 1,
48  InDatabase = 2,
49  Connection = 3
50  };
51 
53  enum CertTrustPolicy
54  {
55  DefaultTrust = 0,
56  Trusted = 1,
57  Untrusted = 2,
58  NoPolicy = 3
59  };
60 
62  enum CertUsageType
63  {
64  UndeterminedUsage = 0,
65  AnyOrUnspecifiedUsage,
66  CertAuthorityUsage,
67  CertIssuerUsage,
68  TlsServerUsage,
69  TlsServerEvUsage,
70  TlsClientUsage,
71  CodeSigningUsage,
72  EmailProtectionUsage,
73  TimeStampingUsage,
74  CRLSigningUsage
75  };
76 
78  enum ConstraintGroup
79  {
80  KeyUsage = 0,
81  ExtendedKeyUsage = 1
82  };
83 
84 
86  static QString getSslProtocolName( QSsl::SslProtocol protocol );
87 
89  static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );
90 
95  static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( const QList<QSslCertificate> &certs ) SIP_SKIP;
96 
100  static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );
101 
106  static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( const QList<QgsAuthConfigSslServer> &configs ) SIP_SKIP;
107 
113  static QByteArray fileData( const QString &path );
114 
116  static QList<QSslCertificate> certsFromFile( const QString &certspath );
117 
119  static QList<QSslCertificate> casFromFile( const QString &certspath );
120 
122  static QSslCertificate certFromFile( const QString &certpath );
123 
131  static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
132  const QList<QSslCertificate> &bundle2 );
133 
140  static QSslKey keyFromFile( const QString &keypath,
141  const QString &keypass = QString(),
142  QString *algtype = nullptr );
143 
145  static QList<QSslCertificate> certsFromString( const QString &pemtext );
146 
147 
153  static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );
154 
163  static QStringList certKeyBundleToPem( const QString &certpath,
164  const QString &keypath,
165  const QString &keypass = QString(),
166  bool reencrypt = true );
167 
173  static bool pemIsPkcs8( const QString &keyPemTxt );
174 
175 #ifdef Q_OS_MAC
176 
190  static QByteArray pkcs8PrivateKey( QByteArray &pkcs8Der ) SIP_SKIP;
191 #endif
192 
200  static QStringList pkcs12BundleToPem( const QString &bundlepath,
201  const QString &bundlepass = QString(),
202  bool reencrypt = true );
203 
210  static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
211  const QString &bundlepass = QString() );
212 
213 
219  static QByteArray certsToPemText( const QList<QSslCertificate> &certs );
220 
227  static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );
228 
234  static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );
235 
237  static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );
238 
246  static QString getCertDistinguishedName( const QSslCertificate &qcert,
247  const QCA::Certificate &acert = QCA::Certificate(),
248  bool issuer = false ) SIP_SKIP;
249 
251  static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
252 
254  static QString getColonDelimited( const QString &txt );
255 
261  static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );
262 
267  static QCA::Certificate qtCertToQcaCert( const QSslCertificate &cert ) SIP_SKIP;
268 
273  static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate> &certs ) SIP_SKIP;
274 
279  static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ) SIP_SKIP;
280 
285  static QString qcaValidityMessage( QCA::Validity validity ) SIP_SKIP;
286 
291  static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ) SIP_SKIP;
292 
297  static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ) SIP_SKIP;
298 
303  static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ) SIP_SKIP;
304 
306  static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );
307 
309  static bool certificateIsAuthority( const QSslCertificate &cert );
310 
312  static bool certificateIsIssuer( const QSslCertificate &cert );
313 
315  static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );
316 
318  static bool certificateIsSslServer( const QSslCertificate &cert );
319 
321  static bool certificateIsSslClient( const QSslCertificate &cert );
322 
324  static QString sslErrorEnumString( QSslError::SslError errenum );
325 
330  static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings() SIP_SKIP;
331 
336  static bool certIsCurrent( const QSslCertificate &cert );
337 
343  static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );
344 
350  static bool certIsViable( const QSslCertificate &cert );
351 
359  static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
360  const QString &hostName = QString(),
361  bool trustRootCa = false ) ;
362 
372  static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );
373 
374  private:
375  static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value );
376 
377  static QSsl::EncodingFormat sniffEncoding( const QByteArray &payload );
378 };
379 
380 #endif // QGSAUTHCERTUTILS_H
QgsAuthCertUtils::ConstraintGroup
ConstraintGroup
Type of certificate key group.
Definition: qgsauthcertutils.h:78
QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition: qgsauthconfig.h:371
QgsAuthCertUtils::CertUsageType
CertUsageType
Type of certificate usage.
Definition: qgsauthcertutils.h:62
QgsAuthCertUtils
Utilities for working with certificates and keys.
Definition: qgsauthcertutils.h:40
QgsPkiBundle
Storage set for PKI bundle: SSL certificate, key, optional CA cert chain.
Definition: qgsauthconfig.h:189
SIP_SKIP
#define SIP_SKIP
Definition: qgis_sip.h:119
qgis_sip.h
QgsAuthCertUtils::CaCertSource
CaCertSource
Type of CA certificate source.
Definition: qgsauthcertutils.h:44
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:53
Generated on Sat Apr 21 2018 11:45:00 for QGIS API Documentation by   doxygen 1.8.13