QGIS API Documentation  3.14.0-Pi (9f7028fd23)
qgsauthcertutils.h
Go to the documentation of this file.
1 /***************************************************************************
2  qgsauthcertutils.h
3  ---------------------
4  begin : May 1, 2015
5  copyright : (C) 2015 by Boundless Spatial, Inc. USA
6  author : Larry Shaffer
7  email : lshaffer at boundlessgeo dot com
8  ***************************************************************************
9  * *
10  * This program is free software; you can redistribute it and/or modify *
11  * it under the terms of the GNU General Public License as published by *
12  * the Free Software Foundation; either version 2 of the License, or *
13  * (at your option) any later version. *
14  * *
15  ***************************************************************************/
16 
17 
18 #ifndef QGSAUTHCERTUTILS_H
19 #define QGSAUTHCERTUTILS_H
20 
21 #include <QFile>
22 #include "qgis_sip.h"
23 #include <QtCrypto>
24 #include <QSslCertificate>
25 #include <QSslError>
26 
27 #include "qgsauthconfig.h"
28 #include "qgis_core.h"
29 
31 
32 #define SSL_ISSUER_INFO( var, prop ) var.issuerInfo( prop ).value(0)
33 
34 #define SSL_SUBJECT_INFO( var, prop ) var.subjectInfo( prop ).value(0)
35 
40 class CORE_EXPORT QgsAuthCertUtils
41 {
42  public:
45  {
46  SystemRoot = 0,
47  FromFile = 1,
48  InDatabase = 2,
49  Connection = 3
50  };
51 
54  {
55  DefaultTrust = 0,
56  Trusted = 1,
57  Untrusted = 2,
58  NoPolicy = 3
59  };
60 
63  {
64  UndeterminedUsage = 0,
74  CRLSigningUsage
75  };
76 
79  {
80  KeyUsage = 0,
81  ExtendedKeyUsage = 1
82  };
83 
84 
86  static QString getSslProtocolName( QSsl::SslProtocol protocol );
87 
89  static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );
90 
95  static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( const QList<QSslCertificate> &certs ) SIP_SKIP;
96 
100  static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );
101 
106  static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( const QList<QgsAuthConfigSslServer> &configs ) SIP_SKIP;
107 
113  static QByteArray fileData( const QString &path );
114 
116  static QList<QSslCertificate> certsFromFile( const QString &certspath );
117 
119  static QList<QSslCertificate> casFromFile( const QString &certspath );
120 
122  static QSslCertificate certFromFile( const QString &certpath );
123 
131  static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
132  const QList<QSslCertificate> &bundle2 );
133 
140  static QSslKey keyFromFile( const QString &keypath,
141  const QString &keypass = QString(),
142  QString *algtype = nullptr );
143 
145  static QList<QSslCertificate> certsFromString( const QString &pemtext );
146 
147 
153  static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );
154 
163  static QStringList certKeyBundleToPem( const QString &certpath,
164  const QString &keypath,
165  const QString &keypass = QString(),
166  bool reencrypt = true );
167 
173  static bool pemIsPkcs8( const QString &keyPemTxt );
174 
175 #ifdef Q_OS_MAC
176 
190  static QByteArray pkcs8PrivateKey( QByteArray &pkcs8Der ) SIP_SKIP;
191 #endif
192 
200  static QStringList pkcs12BundleToPem( const QString &bundlepath,
201  const QString &bundlepass = QString(),
202  bool reencrypt = true );
203 
210  static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
211  const QString &bundlepass = QString() );
212 
213 
219  static QByteArray certsToPemText( const QList<QSslCertificate> &certs );
220 
227  static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );
228 
234  static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );
235 
237  static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );
238 
246  static QString getCertDistinguishedName( const QSslCertificate &qcert,
247  const QCA::Certificate &acert = QCA::Certificate(),
248  bool issuer = false ) SIP_SKIP;
249 
251  static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
252 
254  static QString getColonDelimited( const QString &txt );
255 
261  static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );
262 
267  static QCA::Certificate qtCertToQcaCert( const QSslCertificate &cert ) SIP_SKIP;
268 
273  static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate> &certs ) SIP_SKIP;
274 
279  static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ) SIP_SKIP;
280 
285  static QString qcaValidityMessage( QCA::Validity validity ) SIP_SKIP;
286 
291  static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ) SIP_SKIP;
292 
297  static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ) SIP_SKIP;
298 
303  static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ) SIP_SKIP;
304 
306  static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );
307 
309  static bool certificateIsAuthority( const QSslCertificate &cert );
310 
312  static bool certificateIsIssuer( const QSslCertificate &cert );
313 
315  static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );
316 
318  static bool certificateIsSslServer( const QSslCertificate &cert );
319 
321  static bool certificateIsSslClient( const QSslCertificate &cert );
322 
324  static QString sslErrorEnumString( QSslError::SslError errenum );
325 
330  static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings() SIP_SKIP;
331 
336  static bool certIsCurrent( const QSslCertificate &cert );
337 
343  static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );
344 
350  static bool certIsViable( const QSslCertificate &cert );
351 
359  static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
360  const QString &hostName = QString(),
361  bool trustRootCa = false ) ;
362 
372  static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );
373 
374  private:
375  static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value );
376 
377  static QSsl::EncodingFormat sniffEncoding( const QByteArray &payload );
378 };
379 
380 #endif // QGSAUTHCERTUTILS_H
qgsauthconfig.h
QgsAuthCertUtils::CaCertSource
CaCertSource
Type of CA certificate source.
Definition: qgsauthcertutils.h:44
algorithm
As part of the API refactoring and improvements which landed in the Processing API was substantially reworked from the x version This was done in order to allow much of the underlying Processing framework to be ported into allowing algorithms to be written in pure substantial changes are required in order to port existing x Processing algorithms for QGIS x The most significant changes are outlined not GeoAlgorithm For algorithms which operate on features one by consider subclassing the QgsProcessingFeatureBasedAlgorithm class This class allows much of the boilerplate code for looping over features from a vector layer to be bypassed and instead requires implementation of a processFeature method Ensure that your algorithm(or algorithm 's parent class) implements the new pure virtual createInstance(self) call
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:53
QCA
Definition: qgsauthmanager.h:45
QgsPkiBundle
Storage set for PKI bundle: SSL certificate, key, optional CA cert chain.
Definition: qgsauthconfig.h:189
SIP_SKIP
#define SIP_SKIP
Definition: qgis_sip.h:126
qgis_sip.h
QgsAuthCertUtils::TlsServerEvUsage
@ TlsServerEvUsage
Definition: qgsauthcertutils.h:69
QgsAuthCertUtils::CodeSigningUsage
@ CodeSigningUsage
Definition: qgsauthcertutils.h:71
QgsAuthCertUtils::ConstraintGroup
ConstraintGroup
Type of certificate key group.
Definition: qgsauthcertutils.h:78
QgsAuthCertUtils::CertAuthorityUsage
@ CertAuthorityUsage
Definition: qgsauthcertutils.h:66
QgsAuthCertUtils
Utilities for working with certificates and keys.
Definition: qgsauthcertutils.h:40
QgsAuthCertUtils::AnyOrUnspecifiedUsage
@ AnyOrUnspecifiedUsage
Definition: qgsauthcertutils.h:65
QgsAuthCertUtils::TimeStampingUsage
@ TimeStampingUsage
Definition: qgsauthcertutils.h:73
QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition: qgsauthconfig.h:371
QgsAuthCertUtils::TlsClientUsage
@ TlsClientUsage
Definition: qgsauthcertutils.h:70
QgsAuthCertUtils::CertUsageType
CertUsageType
Type of certificate usage.
Definition: qgsauthcertutils.h:62
QgsAuthCertUtils::TlsServerUsage
@ TlsServerUsage
Definition: qgsauthcertutils.h:68
QgsAuthCertUtils::CertIssuerUsage
@ CertIssuerUsage
Definition: qgsauthcertutils.h:67
QgsAuthCertUtils::EmailProtectionUsage
@ EmailProtectionUsage
Definition: qgsauthcertutils.h:72