QGIS API Documentation 3.41.0-Master (45a0abf3bec)
|
Utilities for working with certificates and keys. More...
#include <qgsauthcertutils.h>
Public Types | |
enum | CaCertSource { SystemRoot = 0 , FromFile = 1 , InDatabase = 2 , Connection = 3 } |
Type of CA certificate source. More... | |
enum | CertTrustPolicy { DefaultTrust = 0 , Trusted = 1 , Untrusted = 2 , NoPolicy = 3 } |
Type of certificate trust policy. More... | |
enum | CertUsageType { UndeterminedUsage = 0 , AnyOrUnspecifiedUsage , CertAuthorityUsage , CertIssuerUsage , TlsServerUsage , TlsServerEvUsage , TlsClientUsage , CodeSigningUsage , EmailProtectionUsage , TimeStampingUsage , CRLSigningUsage } |
Type of certificate usage. More... | |
enum | ConstraintGroup { KeyUsage = 0 , ExtendedKeyUsage = 1 } |
Type of certificate key group. More... | |
Static Public Member Functions | |
static QList< QSslCertificate > | casFromFile (const QString &certspath) |
Returns a list of concatenated CAs from a PEM or DER formatted file. | |
static QList< QSslCertificate > | casMerge (const QList< QSslCertificate > &bundle1, const QList< QSslCertificate > &bundle2) |
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there | |
static QList< QSslCertificate > | casRemoveSelfSigned (const QList< QSslCertificate > &caList) |
casRemoveSelfSigned remove self-signed CA certificates from caList | |
static QSslCertificate | certFromFile (const QString &certpath) |
Returns the first cert from a PEM or DER formatted file. | |
static bool | certificateIsAuthority (const QSslCertificate &cert) |
Gets whether a certificate is an Authority. | |
static bool | certificateIsAuthorityOrIssuer (const QSslCertificate &cert) |
Gets whether a certificate is an Authority or can at least sign other certificates. | |
static bool | certificateIsIssuer (const QSslCertificate &cert) |
Gets whether a certificate can sign other certificates. | |
static bool | certificateIsSslClient (const QSslCertificate &cert) |
Gets whether a certificate is probably used for a client identity. | |
static bool | certificateIsSslServer (const QSslCertificate &cert) |
Gets whether a certificate is probably used for a SSL server. | |
static QList< QgsAuthCertUtils::CertUsageType > | certificateUsageTypes (const QSslCertificate &cert) |
Try to determine the certificates usage types. | |
static QString | certificateUsageTypeString (QgsAuthCertUtils::CertUsageType usagetype) |
Certificate usage type strings per enum. | |
static bool | certIsCurrent (const QSslCertificate &cert) |
certIsCurrent checks if cert is viable for its not before and not after dates | |
static bool | certIsViable (const QSslCertificate &cert) |
certIsViable checks for viability errors of cert and whether it is NULL | |
static QStringList | certKeyBundleToPem (const QString &certpath, const QString &keypath, const QString &keypass=QString(), bool reencrypt=true) |
Returns list of certificate, private key and algorithm (as PEM text) from file path components. | |
static QList< QSslCertificate > | certsFromFile (const QString &certspath) |
Returns a list of concatenated certs from a PEM or DER formatted file. | |
static QList< QSslCertificate > | certsFromString (const QString &pemtext) |
Returns a list of concatenated certs from a PEM Base64 text block. | |
static QMap< QString, QList< QSslCertificate > > | certsGroupedByOrg (const QList< QSslCertificate > &certs) |
Map certificates to their oraganization. | |
static QByteArray | certsToPemText (const QList< QSslCertificate > &certs) |
certsToPemText dump a list of QSslCertificates to PEM text | |
static QList< QSslError > | certViabilityErrors (const QSslCertificate &cert) |
certViabilityErrors checks basic characteristics (validity dates, blocklisting, etc.) of given cert | |
static QByteArray | fileData (const QString &path) |
Returns data from a local file via a read-only operation. | |
static QString | getCaSourceName (QgsAuthCertUtils::CaCertSource source, bool single=false) |
Gets the general name for CA source enum type. | |
static QString | getCertDistinguishedName (const QSslCertificate &qcert, const QCA::Certificate &acert=QCA::Certificate(), bool issuer=false) |
Gets combined distinguished name for certificate. | |
static QString | getCertTrustName (QgsAuthCertUtils::CertTrustPolicy trust) |
Gets the general name for certificate trust. | |
static QString | getColonDelimited (const QString &txt) |
Gets string with colon delimiters every 2 characters. | |
static QString | getSslProtocolName (QSsl::SslProtocol protocol) |
SSL Protocol name strings per enum. | |
static QSslKey | keyFromFile (const QString &keypath, const QString &keypass=QString(), QString *algtype=nullptr) |
Returns non-encrypted key from a PEM or DER formatted file. | |
static QMap< QString, QSslCertificate > | mapDigestToCerts (const QList< QSslCertificate > &certs) |
Map certificate sha1 to certificate as simple cache. | |
static QMap< QString, QgsAuthConfigSslServer > | mapDigestToSslConfigs (const QList< QgsAuthConfigSslServer > &configs) |
Map SSL custom configs' certificate sha1 to custom config as simple cache. | |
static bool | pemIsPkcs8 (const QString &keyPemTxt) |
Determine if the PEM-encoded text of a key is PKCS#8 format. | |
static QString | pemTextToTempFile (const QString &name, const QByteArray &pemtext) |
Write a temporary file for a PEM text of cert/key/CAs bundle component. | |
static QList< QSslCertificate > | pkcs12BundleCas (const QString &bundlepath, const QString &bundlepass=QString()) |
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle. | |
static QStringList | pkcs12BundleToPem (const QString &bundlepath, const QString &bundlepass=QString(), bool reencrypt=true) |
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle. | |
static QCA::KeyBundle | qcaKeyBundle (const QString &path, const QString &pass) |
PKI key/cert bundle from file path, e.g. | |
static QString | qcaKnownConstraint (QCA::ConstraintTypeKnown constraint) |
Certificate well-known constraint strings per enum. | |
static QString | qcaSignatureAlgorithm (QCA::SignatureAlgorithm algorithm) |
Certificate signature algorithm strings per enum. | |
static QString | qcaValidityMessage (QCA::Validity validity) |
Certificate validity check messages per enum. | |
static QCA::CertificateCollection | qtCertsToQcaCollection (const QList< QSslCertificate > &certs) |
Convert a QList of QSslCertificate to a QCA::CertificateCollection. | |
static QCA::Certificate | qtCertToQcaCert (const QSslCertificate &cert) |
Convert a QSslCertificate to a QCA::Certificate. | |
static QString | resolvedCertName (const QSslCertificate &cert, bool issuer=false) |
Gets the general name via RFC 5280 resolution. | |
static QString | shaHexForCert (const QSslCertificate &cert, bool formatted=false) |
Gets the sha1 hash for certificate. | |
static QMap< QString, QList< QgsAuthConfigSslServer > > | sslConfigsGroupedByOrg (const QList< QgsAuthConfigSslServer > &configs) |
Map SSL custom configs' certificates to their oraganization. | |
static QString | sslErrorEnumString (QSslError::SslError errenum) |
Gets short strings describing an SSL error. | |
static QList< QPair< QSslError::SslError, QString > > | sslErrorEnumStrings () |
Gets short strings describing SSL errors. | |
static QList< QSslError > | validateCertChain (const QList< QSslCertificate > &certificateChain, const QString &hostName=QString(), bool trustRootCa=false) |
validateCertChain validates the given certificateChain | |
static QStringList | validatePKIBundle (QgsPkiBundle &bundle, bool useIntermediates=true, bool trustRootCa=false) |
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA | |
Utilities for working with certificates and keys.
Definition at line 40 of file qgsauthcertutils.h.
Type of CA certificate source.
Enumerator | |
---|---|
SystemRoot | |
FromFile | |
InDatabase | |
Connection |
Definition at line 44 of file qgsauthcertutils.h.
Type of certificate trust policy.
Enumerator | |
---|---|
DefaultTrust | |
Trusted | |
Untrusted | |
NoPolicy |
Definition at line 53 of file qgsauthcertutils.h.
Type of certificate usage.
Definition at line 62 of file qgsauthcertutils.h.
Type of certificate key group.
Enumerator | |
---|---|
KeyUsage | |
ExtendedKeyUsage |
Definition at line 78 of file qgsauthcertutils.h.
|
static |
Returns a list of concatenated CAs from a PEM or DER formatted file.
Definition at line 131 of file qgsauthcertutils.cpp.
|
static |
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there
bundle1 | first bundle |
bundle2 | second bundle |
Definition at line 145 of file qgsauthcertutils.cpp.
|
static |
casRemoveSelfSigned remove self-signed CA certificates from caList
caList | list of CA certificates |
Definition at line 247 of file qgsauthcertutils.cpp.
|
static |
Returns the first cert from a PEM or DER formatted file.
Definition at line 167 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is an Authority.
Definition at line 1003 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is an Authority or can at least sign other certificates.
Definition at line 1013 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate can sign other certificates.
Definition at line 1008 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is probably used for a client identity.
Definition at line 1140 of file qgsauthcertutils.cpp.
|
static |
Gets whether a certificate is probably used for a SSL server.
Definition at line 1019 of file qgsauthcertutils.cpp.
|
static |
Try to determine the certificates usage types.
Definition at line 928 of file qgsauthcertutils.cpp.
|
static |
Certificate usage type strings per enum.
Definition at line 898 of file qgsauthcertutils.cpp.
|
static |
certIsCurrent checks if cert is viable for its not before and not after dates
cert | certificate to be checked |
Definition at line 1260 of file qgsauthcertutils.cpp.
|
static |
certIsViable checks for viability errors of cert and whether it is NULL
cert | certificate to be checked |
false
if cert is NULL or has viability errors Definition at line 1292 of file qgsauthcertutils.cpp.
|
static |
Returns list of certificate, private key and algorithm (as PEM text) from file path components.
certpath | File path to certificate |
keypath | File path to private key |
keypass | Passphrase for private key |
reencrypt | Whether to re-encrypt the private key with the passphrase |
Definition at line 260 of file qgsauthcertutils.cpp.
|
static |
Returns a list of concatenated certs from a PEM or DER formatted file.
Definition at line 119 of file qgsauthcertutils.cpp.
|
static |
Returns a list of concatenated certs from a PEM Base64 text block.
Definition at line 236 of file qgsauthcertutils.cpp.
|
static |
Map certificates to their oraganization.
Definition at line 59 of file qgsauthcertutils.cpp.
|
static |
certsToPemText dump a list of QSslCertificates to PEM text
certs | list of certs |
Definition at line 551 of file qgsauthcertutils.cpp.
|
static |
certViabilityErrors checks basic characteristics (validity dates, blocklisting, etc.) of given cert
cert | certificate to be checked |
Definition at line 1268 of file qgsauthcertutils.cpp.
|
static |
Returns data from a local file via a read-only operation.
path | Path to file to read |
Definition at line 98 of file qgsauthcertutils.cpp.
|
static |
Gets the general name for CA source enum type.
source | The enum source type for the CA |
single | Whether to return singular or plural description |
Definition at line 595 of file qgsauthcertutils.cpp.
|
static |
Gets combined distinguished name for certificate.
qcert | Qt SSL cert object |
acert | QCA SSL cert object to add more info to the output |
issuer | Whether to return cert's subject or issuer combined name |
Definition at line 657 of file qgsauthcertutils.cpp.
|
static |
Gets the general name for certificate trust.
Definition at line 707 of file qgsauthcertutils.cpp.
|
static |
Gets string with colon delimiters every 2 characters.
Definition at line 722 of file qgsauthcertutils.cpp.
|
static |
SSL Protocol name strings per enum.
Definition at line 36 of file qgsauthcertutils.cpp.
|
static |
Returns non-encrypted key from a PEM or DER formatted file.
keypath | File path to private key |
keypass | Passphrase for private key |
algtype | QString to set with resolved algorithm type |
Definition at line 182 of file qgsauthcertutils.cpp.
|
static |
Map certificate sha1 to certificate as simple cache.
Definition at line 49 of file qgsauthcertutils.cpp.
|
static |
Map SSL custom configs' certificate sha1 to custom config as simple cache.
Definition at line 73 of file qgsauthcertutils.cpp.
|
static |
Determine if the PEM-encoded text of a key is PKCS#8 format.
keyPemTxt | PEM-encoded text |
true
if PKCS#8, otherwise false
Definition at line 285 of file qgsauthcertutils.cpp.
|
static |
Write a temporary file for a PEM text of cert/key/CAs bundle component.
pemtext | Component content as PEM text |
name | Name of file |
Definition at line 566 of file qgsauthcertutils.cpp.
|
static |
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle.
bundlepath | File path to the PKCS bundle |
bundlepass | Passphrase for bundle |
Definition at line 530 of file qgsauthcertutils.cpp.
|
static |
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle.
bundlepath | File path to the PKCS bundle |
bundlepass | Passphrase for bundle |
reencrypt | Whether to re-encrypt the private key with the passphrase |
Definition at line 435 of file qgsauthcertutils.cpp.
|
static |
PKI key/cert bundle from file path, e.g.
from .p12 or pfx files.
Definition at line 777 of file qgsauthcertutils.cpp.
|
static |
Certificate well-known constraint strings per enum.
Definition at line 853 of file qgsauthcertutils.cpp.
|
static |
Certificate signature algorithm strings per enum.
Definition at line 822 of file qgsauthcertutils.cpp.
|
static |
Certificate validity check messages per enum.
Definition at line 789 of file qgsauthcertutils.cpp.
|
static |
Convert a QList of QSslCertificate to a QCA::CertificateCollection.
Definition at line 760 of file qgsauthcertutils.cpp.
|
static |
Convert a QSslCertificate to a QCA::Certificate.
Definition at line 745 of file qgsauthcertutils.cpp.
|
static |
Gets the general name via RFC 5280 resolution.
Definition at line 612 of file qgsauthcertutils.cpp.
|
static |
Gets the sha1 hash for certificate.
cert | Qt SSL certificate to generate hash from |
formatted | Whether to colon-delimit the hash |
Definition at line 735 of file qgsauthcertutils.cpp.
|
static |
Map SSL custom configs' certificates to their oraganization.
Definition at line 83 of file qgsauthcertutils.cpp.
|
static |
Gets short strings describing an SSL error.
Definition at line 1145 of file qgsauthcertutils.cpp.
|
static |
Gets short strings describing SSL errors.
Definition at line 1206 of file qgsauthcertutils.cpp.
|
static |
validateCertChain validates the given certificateChain
certificateChain | list of certificates to be checked, with leaf first and with optional root CA last |
hostName | (optional) name of the host to be verified |
trustRootCa | if true the CA will be added to the trusted CAs for this validation check |
Definition at line 1297 of file qgsauthcertutils.cpp.
|
static |
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
bundle | |
useIntermediates | if true the intermediate certs are also checked |
trustRootCa | if true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false ) this option is ignored and set to false |
Definition at line 1347 of file qgsauthcertutils.cpp.