api/3.8/qgsauthcertutils_8h_source.html

 /***************************************************************************
     qgsauthcertutils.h
     ---------------------
     begin                : May 1, 2015
     copyright            : (C) 2015 by Boundless Spatial, Inc. USA
     author               : Larry Shaffer
     email                : lshaffer at boundlessgeo dot com
  ***************************************************************************
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
  *   it under the terms of the GNU General Public License as published by  *
  *   the Free Software Foundation; either version 2 of the License, or     *
  *   (at your option) any later version.                                   *
  *                                                                         *
  ***************************************************************************/


 #ifndef QGSAUTHCERTUTILS_H
 #define QGSAUTHCERTUTILS_H

 #include <QFile>
 #include "qgis_sip.h"
 #include <QtCrypto>
 #include <QSslCertificate>
 #include <QSslError>

 #include "qgsauthconfig.h"
 #include "qgis_core.h"

 class QgsAuthConfigSslServer;

 #define SSL_ISSUER_INFO( var, prop ) var.issuerInfo( prop ).value(0)

 #define SSL_SUBJECT_INFO( var, prop ) var.subjectInfo( prop ).value(0)

 class CORE_EXPORT QgsAuthCertUtils
 {
   public:
     enum CaCertSource
     {
       SystemRoot = 0,
       FromFile = 1,
       InDatabase = 2,
       Connection = 3
     };

     enum CertTrustPolicy
     {
       DefaultTrust = 0,
       Trusted = 1,
       Untrusted = 2,
       NoPolicy = 3
     };

     enum CertUsageType
     {
       UndeterminedUsage = 0,
       AnyOrUnspecifiedUsage,
       CertAuthorityUsage,
       CertIssuerUsage,
       TlsServerUsage,
       TlsServerEvUsage,
       TlsClientUsage,
       CodeSigningUsage,
       EmailProtectionUsage,
       TimeStampingUsage,
       CRLSigningUsage
     };

     enum ConstraintGroup
     {
       KeyUsage = 0,
       ExtendedKeyUsage = 1
     };


     static QString getSslProtocolName( QSsl::SslProtocol protocol );

     static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );

     static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( const QList<QSslCertificate> &certs ) SIP_SKIP;

     static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );

     static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( const QList<QgsAuthConfigSslServer> &configs ) SIP_SKIP;

     static QByteArray fileData( const QString &path );

     static QList<QSslCertificate> certsFromFile( const QString &certspath );

     static QList<QSslCertificate> casFromFile( const QString &certspath );

     static QSslCertificate certFromFile( const QString &certpath );

     static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
                                             const QList<QSslCertificate> &bundle2 );

     static QSslKey keyFromFile( const QString &keypath,
                                 const QString &keypass = QString(),
                                 QString *algtype = nullptr );

     static QList<QSslCertificate> certsFromString( const QString &pemtext );


     static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );

     static QStringList certKeyBundleToPem( const QString &certpath,
                                            const QString &keypath,
                                            const QString &keypass = QString(),
                                            bool reencrypt = true );

     static bool pemIsPkcs8( const QString &keyPemTxt );

 #ifdef Q_OS_MAC

     static QByteArray pkcs8PrivateKey( QByteArray &pkcs8Der ) SIP_SKIP;
 #endif

     static QStringList pkcs12BundleToPem( const QString &bundlepath,
                                           const QString &bundlepass = QString(),
                                           bool reencrypt = true );

     static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
         const QString &bundlepass = QString() );


     static QByteArray certsToPemText( const QList<QSslCertificate> &certs );

     static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );

     static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );

     static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );

     static QString getCertDistinguishedName( const QSslCertificate &qcert,
         const QCA::Certificate &acert = QCA::Certificate(),
         bool issuer = false ) SIP_SKIP;

     static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );

     static QString getColonDelimited( const QString &txt );

     static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );

     static QCA::Certificate qtCertToQcaCert( const QSslCertificate &cert ) SIP_SKIP;

     static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate> &certs ) SIP_SKIP;

     static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ) SIP_SKIP;

     static QString qcaValidityMessage( QCA::Validity validity ) SIP_SKIP;

     static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ) SIP_SKIP;

     static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ) SIP_SKIP;

     static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ) SIP_SKIP;

     static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );

     static bool certificateIsAuthority( const QSslCertificate &cert );

     static bool certificateIsIssuer( const QSslCertificate &cert );

     static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );

     static bool certificateIsSslServer( const QSslCertificate &cert );

     static bool certificateIsSslClient( const QSslCertificate &cert );

     static QString sslErrorEnumString( QSslError::SslError errenum );

     static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings() SIP_SKIP;

     static bool certIsCurrent( const QSslCertificate &cert );

     static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );

     static bool certIsViable( const QSslCertificate &cert );

     static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
         const QString &hostName = QString(),
         bool trustRootCa = false ) ;

     static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );

   private:
     static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value );

     static QSsl::EncodingFormat sniffEncoding( const QByteArray &payload );
 };

 #endif // QGSAUTHCERTUTILS_H
QgsAuthCertUtils::CodeSigningUsage
Definition: qgsauthcertutils.h:71

QgsAuthCertUtils::TlsServerUsage
Definition: qgsauthcertutils.h:68

QgsAuthCertUtils::ConstraintGroup
ConstraintGroup
Type of certificate key group.
Definition: qgsauthcertutils.h:78

QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition: qgsauthconfig.h:371

QgsAuthCertUtils::CertUsageType
CertUsageType
Type of certificate usage.
Definition: qgsauthcertutils.h:62

QgsAuthCertUtils
Utilities for working with certificates and keys.
Definition: qgsauthcertutils.h:40

QgsAuthCertUtils::TlsClientUsage
Definition: qgsauthcertutils.h:70

QgsPkiBundle
Storage set for PKI bundle: SSL certificate, key, optional CA cert chain.
Definition: qgsauthconfig.h:189

SIP_SKIP
#define SIP_SKIP
Definition: qgis_sip.h:119

qgis_sip.h

QgsAuthCertUtils::TimeStampingUsage
Definition: qgsauthcertutils.h:73

QgsAuthCertUtils::CertIssuerUsage
Definition: qgsauthcertutils.h:67

QCA
Definition: qgsauthmanager.h:45

algorithm
As part of the API refactoring and improvements which landed in the Processing API was substantially reworked from the x version This was done in order to allow much of the underlying Processing framework to be ported into allowing algorithms to be written in pure substantial changes are required in order to port existing x Processing algorithms for QGIS x The most significant changes are outlined not GeoAlgorithm For algorithms which operate on features one by consider subclassing the QgsProcessingFeatureBasedAlgorithm class This class allows much of the boilerplate code for looping over features from a vector layer to be bypassed and instead requires implementation of a processFeature method Ensure that your algorithm(or algorithm 's parent class) implements the new pure virtual createInstance(self) call

qgsauthconfig.h

QgsAuthCertUtils::EmailProtectionUsage
Definition: qgsauthcertutils.h:72

QgsAuthCertUtils::TlsServerEvUsage
Definition: qgsauthcertutils.h:69

QgsAuthCertUtils::CaCertSource
CaCertSource
Type of CA certificate source.
Definition: qgsauthcertutils.h:44

QgsAuthCertUtils::CertAuthorityUsage
Definition: qgsauthcertutils.h:66

QgsAuthCertUtils::AnyOrUnspecifiedUsage
Definition: qgsauthcertutils.h:65

QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:53