QGIS API Documentation
3.8.0-Zanzibar (11aff65)
|
Utilities for working with certificates and keys. More...
#include <qgsauthcertutils.h>
Public Types | |
enum | CaCertSource { SystemRoot = 0, FromFile = 1, InDatabase = 2, Connection = 3 } |
Type of CA certificate source. More... | |
enum | CertTrustPolicy { DefaultTrust = 0, Trusted = 1, Untrusted = 2, NoPolicy = 3 } |
Type of certificate trust policy. More... | |
enum | CertUsageType { UndeterminedUsage = 0, AnyOrUnspecifiedUsage, CertAuthorityUsage, CertIssuerUsage, TlsServerUsage, TlsServerEvUsage, TlsClientUsage, CodeSigningUsage, EmailProtectionUsage, TimeStampingUsage, CRLSigningUsage } |
Type of certificate usage. More... | |
enum | ConstraintGroup { KeyUsage = 0, ExtendedKeyUsage = 1 } |
Type of certificate key group. More... | |
Static Public Member Functions | |
static QList< QSslCertificate > | casFromFile (const QString &certspath) |
Returns a list of concatenated CAs from a PEM or DER formatted file. More... | |
static QList< QSslCertificate > | casMerge (const QList< QSslCertificate > &bundle1, const QList< QSslCertificate > &bundle2) |
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there More... | |
static QList< QSslCertificate > | casRemoveSelfSigned (const QList< QSslCertificate > &caList) |
casRemoveSelfSigned remove self-signed CA certificates from caList More... | |
static QSslCertificate | certFromFile (const QString &certpath) |
Returns the first cert from a PEM or DER formatted file. More... | |
static bool | certificateIsAuthority (const QSslCertificate &cert) |
Gets whether a certificate is an Authority. More... | |
static bool | certificateIsAuthorityOrIssuer (const QSslCertificate &cert) |
Gets whether a certificate is an Authority or can at least sign other certificates. More... | |
static bool | certificateIsIssuer (const QSslCertificate &cert) |
Gets whether a certificate can sign other certificates. More... | |
static bool | certificateIsSslClient (const QSslCertificate &cert) |
Gets whether a certificate is probably used for a client identity. More... | |
static bool | certificateIsSslServer (const QSslCertificate &cert) |
Gets whether a certificate is probably used for a SSL server. More... | |
static QList< QgsAuthCertUtils::CertUsageType > | certificateUsageTypes (const QSslCertificate &cert) |
Try to determine the certificates usage types. More... | |
static QString | certificateUsageTypeString (QgsAuthCertUtils::CertUsageType usagetype) |
Certificate usage type strings per enum. More... | |
static bool | certIsCurrent (const QSslCertificate &cert) |
certIsCurrent checks if cert is viable for its not before and not after dates More... | |
static bool | certIsViable (const QSslCertificate &cert) |
certIsViable checks for viability errors of cert and whether it is NULL More... | |
static QStringList | certKeyBundleToPem (const QString &certpath, const QString &keypath, const QString &keypass=QString(), bool reencrypt=true) |
Returns list of certificate, private key and algorithm (as PEM text) from file path components. More... | |
static QList< QSslCertificate > | certsFromFile (const QString &certspath) |
Returns a list of concatenated certs from a PEM or DER formatted file. More... | |
static QList< QSslCertificate > | certsFromString (const QString &pemtext) |
Returns a list of concatenated certs from a PEM Base64 text block. More... | |
static QMap< QString, QList< QSslCertificate > > | certsGroupedByOrg (const QList< QSslCertificate > &certs) |
Map certificates to their oraganization. More... | |
static QByteArray | certsToPemText (const QList< QSslCertificate > &certs) |
certsToPemText dump a list of QSslCertificates to PEM text More... | |
static QList< QSslError > | certViabilityErrors (const QSslCertificate &cert) |
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert More... | |
static QByteArray | fileData (const QString &path) |
Returns data from a local file via a read-only operation. More... | |
static QString | getCaSourceName (QgsAuthCertUtils::CaCertSource source, bool single=false) |
Gets the general name for CA source enum type. More... | |
static QString | getCertDistinguishedName (const QSslCertificate &qcert, const QCA::Certificate &acert=QCA::Certificate(), bool issuer=false) |
Gets combined distinguished name for certificate. More... | |
static QString | getCertTrustName (QgsAuthCertUtils::CertTrustPolicy trust) |
Gets the general name for certificate trust. More... | |
static QString | getColonDelimited (const QString &txt) |
Gets string with colon delimiters every 2 characters. More... | |
static QString | getSslProtocolName (QSsl::SslProtocol protocol) |
SSL Protocol name strings per enum. More... | |
static QSslKey | keyFromFile (const QString &keypath, const QString &keypass=QString(), QString *algtype=nullptr) |
Returns non-encrypted key from a PEM or DER formatted file. More... | |
static QMap< QString, QSslCertificate > | mapDigestToCerts (const QList< QSslCertificate > &certs) |
Map certificate sha1 to certificate as simple cache. More... | |
static QMap< QString, QgsAuthConfigSslServer > | mapDigestToSslConfigs (const QList< QgsAuthConfigSslServer > &configs) |
Map SSL custom configs' certificate sha1 to custom config as simple cache. More... | |
static bool | pemIsPkcs8 (const QString &keyPemTxt) |
Determine if the PEM-encoded text of a key is PKCS#8 format. More... | |
static QString | pemTextToTempFile (const QString &name, const QByteArray &pemtext) |
Write a temporary file for a PEM text of cert/key/CAs bundle component. More... | |
static QList< QSslCertificate > | pkcs12BundleCas (const QString &bundlepath, const QString &bundlepass=QString()) |
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle. More... | |
static QStringList | pkcs12BundleToPem (const QString &bundlepath, const QString &bundlepass=QString(), bool reencrypt=true) |
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle. More... | |
static QCA::KeyBundle | qcaKeyBundle (const QString &path, const QString &pass) |
PKI key/cert bundle from file path, e.g. More... | |
static QString | qcaKnownConstraint (QCA::ConstraintTypeKnown constraint) |
Certificate well-known constraint strings per enum. More... | |
static QString | qcaSignatureAlgorithm (QCA::SignatureAlgorithm algorithm) |
Certificate signature algorithm strings per enum. More... | |
static QString | qcaValidityMessage (QCA::Validity validity) |
Certificate validity check messages per enum. More... | |
static QCA::CertificateCollection | qtCertsToQcaCollection (const QList< QSslCertificate > &certs) |
Convert a QList of QSslCertificate to a QCA::CertificateCollection. More... | |
static QCA::Certificate | qtCertToQcaCert (const QSslCertificate &cert) |
Convert a QSslCertificate to a QCA::Certificate. More... | |
static QString | resolvedCertName (const QSslCertificate &cert, bool issuer=false) |
Gets the general name via RFC 5280 resolution. More... | |
static QString | shaHexForCert (const QSslCertificate &cert, bool formatted=false) |
Gets the sha1 hash for certificate. More... | |
static QMap< QString, QList< QgsAuthConfigSslServer > > | sslConfigsGroupedByOrg (const QList< QgsAuthConfigSslServer > &configs) |
Map SSL custom configs' certificates to their oraganization. More... | |
static QString | sslErrorEnumString (QSslError::SslError errenum) |
Gets short strings describing an SSL error. More... | |
static QList< QPair< QSslError::SslError, QString > > | sslErrorEnumStrings () |
Gets short strings describing SSL errors. More... | |
static QList< QSslError > | validateCertChain (const QList< QSslCertificate > &certificateChain, const QString &hostName=QString(), bool trustRootCa=false) |
validateCertChain validates the given certificateChain More... | |
static QStringList | validatePKIBundle (QgsPkiBundle &bundle, bool useIntermediates=true, bool trustRootCa=false) |
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA More... | |
Utilities for working with certificates and keys.
Definition at line 40 of file qgsauthcertutils.h.
Type of CA certificate source.
Enumerator | |
---|---|
SystemRoot | |
FromFile | |
InDatabase | |
Connection |
Definition at line 44 of file qgsauthcertutils.h.
Type of certificate trust policy.
Enumerator | |
---|---|
DefaultTrust | |
Trusted | |
Untrusted | |
NoPolicy |
Definition at line 53 of file qgsauthcertutils.h.
Type of certificate usage.
Definition at line 62 of file qgsauthcertutils.h.
Type of certificate key group.
Enumerator | |
---|---|
KeyUsage | |
ExtendedKeyUsage |
Definition at line 78 of file qgsauthcertutils.h.
|
static |
Returns a list of concatenated CAs from a PEM or DER formatted file.
Definition at line 137 of file qgsauthcertutils.cpp.
|
static |
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there
bundle1 | first bundle |
bundle2 | second bundle |
Definition at line 151 of file qgsauthcertutils.cpp.
|
static |
casRemoveSelfSigned remove self-signed CA certificates from caList
caList | list of CA certificates |
Definition at line 250 of file qgsauthcertutils.cpp.
|
static |
Returns the first cert from a PEM or DER formatted file.
Definition at line 173 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is an Authority.
Definition at line 1006 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is an Authority or can at least sign other certificates.
Definition at line 1016 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate can sign other certificates.
Definition at line 1011 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is probably used for a client identity.
Definition at line 1143 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is probably used for a SSL server.
Definition at line 1022 of file qgsauthcertutils.cpp.
|
static |
Try to determine the certificates usage types.
Definition at line 931 of file qgsauthcertutils.cpp.
|
static |
Certificate usage type strings per enum.
Definition at line 901 of file qgsauthcertutils.cpp.
|
static |
certIsCurrent checks if cert is viable for its not before and not after dates
cert | certificate to be checked |
Definition at line 1263 of file qgsauthcertutils.cpp.
|
static |
certIsViable checks for viability errors of cert and whether it is NULL
cert | certificate to be checked |
false
if cert is NULL or has viability errors Definition at line 1295 of file qgsauthcertutils.cpp.
|
static |
Returns list of certificate, private key and algorithm (as PEM text) from file path components.
certpath | File path to certificate |
keypath | File path to private key |
keypass | Passphrase for private key |
reencrypt | Whether to re-encrypt the private key with the passphrase |
Definition at line 263 of file qgsauthcertutils.cpp.
|
static |
Returns a list of concatenated certs from a PEM or DER formatted file.
Definition at line 125 of file qgsauthcertutils.cpp.
|
static |
Returns a list of concatenated certs from a PEM Base64 text block.
Definition at line 239 of file qgsauthcertutils.cpp.
|
static |
Map certificates to their oraganization.
Definition at line 65 of file qgsauthcertutils.cpp.
|
static |
certsToPemText dump a list of QSslCertificates to PEM text
certs | list of certs |
Definition at line 554 of file qgsauthcertutils.cpp.
|
static |
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert
cert | certificate to be checked |
Definition at line 1271 of file qgsauthcertutils.cpp.
|
static |
Returns data from a local file via a read-only operation.
path | Path to file to read |
Definition at line 104 of file qgsauthcertutils.cpp.
|
static |
Gets the general name for CA source enum type.
source | The enum source type for the CA |
single | Whether to return singular or plural description |
Definition at line 598 of file qgsauthcertutils.cpp.
|
static |
Gets combined distinguished name for certificate.
qcert | Qt SSL cert object |
acert | QCA SSL cert object to add more info to the output |
issuer | Whether to return cert's subject or issuer combined name |
Definition at line 660 of file qgsauthcertutils.cpp.
|
static |
Gets the general name for certificate trust.
Definition at line 710 of file qgsauthcertutils.cpp.
|
static |
Gets string with colon delimiters every 2 characters.
Definition at line 725 of file qgsauthcertutils.cpp.
|
static |
SSL Protocol name strings per enum.
Definition at line 36 of file qgsauthcertutils.cpp.
|
static |
Returns non-encrypted key from a PEM or DER formatted file.
keypath | File path to private key |
keypass | Passphrase for private key |
algtype | QString to set with resolved algorithm type |
Definition at line 188 of file qgsauthcertutils.cpp.
|
static |
Map certificate sha1 to certificate as simple cache.
Definition at line 55 of file qgsauthcertutils.cpp.
|
static |
Map SSL custom configs' certificate sha1 to custom config as simple cache.
Definition at line 79 of file qgsauthcertutils.cpp.
|
static |
Determine if the PEM-encoded text of a key is PKCS#8 format.
keyPemTxt | PEM-encoded text |
true
if PKCS#8, otherwise false
Definition at line 288 of file qgsauthcertutils.cpp.
|
static |
Write a temporary file for a PEM text of cert/key/CAs bundle component.
pemtext | Component content as PEM text |
name | Name of file |
Definition at line 569 of file qgsauthcertutils.cpp.
|
static |
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle.
bundlepath | File path to the PKCS bundle |
bundlepass | Passphrase for bundle |
Definition at line 533 of file qgsauthcertutils.cpp.
|
static |
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle.
bundlepath | File path to the PKCS bundle |
bundlepass | Passphrase for bundle |
reencrypt | Whether to re-encrypt the private key with the passphrase |
Definition at line 438 of file qgsauthcertutils.cpp.
|
static |
PKI key/cert bundle from file path, e.g.
from .p12 or pfx files.
Definition at line 780 of file qgsauthcertutils.cpp.
|
static |
Certificate well-known constraint strings per enum.
Definition at line 856 of file qgsauthcertutils.cpp.
|
static |
Certificate signature algorithm strings per enum.
Definition at line 825 of file qgsauthcertutils.cpp.
|
static |
Certificate validity check messages per enum.
Definition at line 792 of file qgsauthcertutils.cpp.
|
static |
Convert a QList of QSslCertificate to a QCA::CertificateCollection.
Definition at line 763 of file qgsauthcertutils.cpp.
|
static |
Convert a QSslCertificate to a QCA::Certificate.
Definition at line 748 of file qgsauthcertutils.cpp.
|
static |
Gets the general name via RFC 5280 resolution.
Definition at line 615 of file qgsauthcertutils.cpp.
|
static |
Gets the sha1 hash for certificate.
cert | Qt SSL certificate to generate hash from |
formatted | Whether to colon-delimit the hash |
Definition at line 738 of file qgsauthcertutils.cpp.
|
static |
Map SSL custom configs' certificates to their oraganization.
Definition at line 89 of file qgsauthcertutils.cpp.
|
static |
Gets short strings describing an SSL error.
Definition at line 1148 of file qgsauthcertutils.cpp.
|
static |
Gets short strings describing SSL errors.
Definition at line 1209 of file qgsauthcertutils.cpp.
|
static |
validateCertChain validates the given certificateChain
certificateChain | list of certificates to be checked, with leaf first and with optional root CA last |
hostName | (optional) name of the host to be verified |
trustRootCa | if true the CA will be added to the trusted CAs for this validation check |
Definition at line 1300 of file qgsauthcertutils.cpp.
|
static |
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
bundle | |
useIntermediates | if true the intermediate certs are also checked |
trustRootCa | if true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false ) this option is ignored and set to false |
Definition at line 1350 of file qgsauthcertutils.cpp.