Qt Cryptographic Architecture
qca_cert.h
Go to the documentation of this file.
1 /*
2  * qca_cert.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4  * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
33 #ifndef QCA_CERT_H
34 #define QCA_CERT_H
35 
36 #include "qca_core.h"
37 #include "qca_publickey.h"
38 #include <QDateTime>
39 
40 namespace QCA {
41 
42 class CertContext;
43 class CSRContext;
44 class CRLContext;
45 class Certificate;
46 class CRL;
47 class CertificateCollection;
48 class CertificateChain;
49 
54 {
56  SPKAC
57 };
58 
65 {
77  URI,
78  DNS,
80  XMPP
81 };
82 
119 class QCA_EXPORT CertificateInfoType
120 {
121 public:
125  enum Section
126  {
127  DN,
128  AlternativeName
129  };
130 
135 
145 
154  CertificateInfoType(const QString &id, Section section);
155 
162 
164 
171 
175  Section section() const;
176 
185 
204  QString id() const;
205 
212  bool operator<(const CertificateInfoType &other) const;
213 
220  bool operator==(const CertificateInfoType &other) const;
221 
228  inline bool operator!=(const CertificateInfoType &other) const
229  {
230  return !(*this == other);
231  }
232 
233 private:
234  class Private;
235  QSharedDataPointer<Private> d;
236 };
237 
245 class QCA_EXPORT CertificateInfoPair
246 {
247 public:
252 
259  CertificateInfoPair(const CertificateInfoType &type, const QString &value);
260 
267 
269 
276 
281 
285  QString value() const;
286 
293  bool operator==(const CertificateInfoPair &other) const;
294 
301  inline bool operator!=(const CertificateInfoPair &other) const
302  {
303  return !(*this == other);
304  }
305 
306 private:
307  class Private;
308  QSharedDataPointer<Private> d;
309 };
310 
317 {
318  // KeyUsage
328 
329  // ExtKeyUsage
330  ServerAuth,
332  ClientAuth,
334  CodeSigning,
340  IPSecTunnel,
342  IPSecUser,
344  TimeStamping,
346  OCSPSigning
348 };
349 
363 class QCA_EXPORT ConstraintType
364 {
365 public:
369  enum Section
370  {
372  ExtendedKeyUsage
373  };
374 
379 
389 
398  ConstraintType(const QString &id, Section section);
399 
406 
407  ~ConstraintType();
408 
415 
419  Section section() const;
420 
429 
448  QString id() const;
449 
455  bool operator<(const ConstraintType &other) const;
456 
462  bool operator==(const ConstraintType &other) const;
463 
469  inline bool operator!=(const ConstraintType &other) const
470  {
471  return !(*this == other);
472  }
473 
474 private:
475  class Private;
476  QSharedDataPointer<Private> d;
477 };
478 
483 {
484  UsageAny = 0x00,
485  UsageTLSServer = 0x01,
486  UsageTLSClient = 0x02,
490  UsageCRLSigning = 0x20
491 };
492 
497 {
507  ErrorExpired,
511 };
512 
517 {
518  ValidateAll = 0x00, // Verify all conditions
519  ValidateRevoked = 0x01, // Verify the certificate was not revoked
520  ValidateExpired = 0x02, // Verify the certificate has not expired
521  ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose
522 };
523 
535 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
536 
547 class CertificateInfoOrdered : public QList<CertificateInfoPair>
548 {
549 public:
553  inline QString toString() const;
554 
559  inline CertificateInfoOrdered dnOnly() const;
560 };
561 
567 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
568 
576 
577 inline QString CertificateInfoOrdered::toString() const
578 {
579  return orderedToDNString(*this);
580 }
581 
583 {
584  return orderedDNOnly(*this);
585 }
586 
591 
598 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
599 
609 class QCA_EXPORT CertificateOptions
610 {
611 public:
618 
626 
633 
638 
645 
651  bool isValid() const;
652 
660  QString challenge() const;
661 
668 
676 
681 
685  QStringList policies() const;
686 
694  QStringList crlLocations() const;
695 
703  QStringList issuerLocations() const;
704 
710  QStringList ocspLocations() const;
711 
718  bool isCA() const;
719 
723  int pathLimit() const;
724 
731 
737  QDateTime notValidBefore() const;
738 
744  QDateTime notValidAfter() const;
745 
754  void setChallenge(const QString &s);
755 
764  void setInfo(const CertificateInfo &info);
765 
775 
781  void setConstraints(const Constraints &constraints);
782 
788  void setPolicies(const QStringList &policies);
789 
797  void setCRLLocations(const QStringList &locations);
798 
806  void setIssuerLocations(const QStringList &locations);
807 
813  void setOCSPLocations(const QStringList &locations);
814 
820  void setAsCA(int pathLimit = 8); // value from Botan
821 
825  void setAsUser();
826 
832  void setSerialNumber(const BigInteger &i);
833 
840  void setValidityPeriod(const QDateTime &start, const QDateTime &end);
841 
842 private:
843  class Private;
844  Private *d;
845 };
846 
856 class QCA_EXPORT Certificate : public Algorithm
857 {
858 public:
863 
870  Certificate(const QString &fileName);
871 
881  Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
882 
888  Certificate(const Certificate &from);
889 
890  ~Certificate() override;
891 
898 
903  bool isNull() const;
904 
908  QDateTime notValidBefore() const;
909 
913  QDateTime notValidAfter() const;
914 
933 
954 
961 
975 
980 
986  QStringList policies() const;
987 
993  QStringList crlLocations() const;
994 
1000  QStringList issuerLocations() const;
1001 
1005  QStringList ocspLocations() const;
1006 
1013  QString commonName() const;
1014 
1019 
1024 
1030  bool isCA() const;
1031 
1037  bool isSelfSigned() const;
1038 
1047  bool isIssuerOf(const Certificate &other) const;
1048 
1053  int pathLimit() const;
1054 
1059 
1063  QByteArray subjectKeyId() const;
1064 
1068  QByteArray issuerKeyId() const;
1069 
1082  const CertificateCollection &untrusted,
1083  UsageMode u = UsageAny,
1084  ValidateFlags vf = ValidateAll) const;
1085 
1089  QByteArray toDER() const;
1090 
1094  QString toPEM() const;
1095 
1101  bool toPEMFile(const QString &fileName) const;
1102 
1115  static Certificate
1116  fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1117 
1130  static Certificate fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1131 
1145  static Certificate
1146  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1147 
1160  bool matchesHostName(const QString &host) const;
1161 
1169  bool operator==(const Certificate &a) const;
1170 
1176  inline bool operator!=(const Certificate &other) const
1177  {
1178  return !(*this == other);
1179  }
1180 
1187 
1188 private:
1189  class Private;
1190  friend class Private;
1191  QSharedDataPointer<Private> d;
1192 
1193  friend class CertificateChain;
1194  Validity chain_validate(const CertificateChain &chain,
1195  const CertificateCollection &trusted,
1196  const QList<CRL> &untrusted_crls,
1197  UsageMode u,
1198  ValidateFlags vf) const;
1200  chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
1201 };
1202 
1225 class CertificateChain : public QList<Certificate>
1226 {
1227 public:
1232  {
1233  }
1234 
1242  {
1243  append(primary);
1244  }
1245 
1249  inline const Certificate &primary() const
1250  {
1251  return first();
1252  }
1253 
1267  inline Validity validate(const CertificateCollection &trusted,
1268  const QList<CRL> &untrusted_crls = QList<CRL>(),
1269  UsageMode u = UsageAny,
1270  ValidateFlags vf = ValidateAll) const;
1271 
1296  Validity *result = nullptr) const;
1297 };
1298 
1300  const QList<CRL> &untrusted_crls,
1301  UsageMode u,
1302  ValidateFlags vf) const
1303 {
1304  if (isEmpty())
1305  return ErrorValidityUnknown;
1306  return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
1307 }
1308 
1310 {
1311  if (isEmpty())
1312  return CertificateChain();
1313  return first().chain_complete(*this, issuers, result);
1314 }
1315 
1325 class QCA_EXPORT CertificateRequest : public Algorithm
1326 {
1327 public:
1332 
1339  CertificateRequest(const QString &fileName);
1340 
1350  CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
1351 
1358 
1359  ~CertificateRequest() override;
1360 
1367 
1373  bool isNull() const;
1374 
1385  static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
1386 
1391 
1401 
1413 
1420 
1426  QStringList policies() const;
1427 
1432 
1439  bool isCA() const;
1440 
1446  int pathLimit() const;
1447 
1451  QString challenge() const;
1452 
1458 
1466  bool operator==(const CertificateRequest &csr) const;
1467 
1473  inline bool operator!=(const CertificateRequest &other) const
1474  {
1475  return !(*this == other);
1476  }
1477 
1483  QByteArray toDER() const;
1484 
1490  QString toPEM() const;
1491 
1499  bool toPEMFile(const QString &fileName) const;
1500 
1515  static CertificateRequest
1516  fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1517 
1533  static CertificateRequest
1534  fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1535 
1551  static CertificateRequest
1552  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1553 
1561  QString toString() const;
1562 
1577  static CertificateRequest
1578  fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1579 
1585  void change(CSRContext *c);
1586 
1587 private:
1588  class Private;
1589  friend class Private;
1590  QSharedDataPointer<Private> d;
1591 };
1592 
1600 class QCA_EXPORT CRLEntry
1601 {
1602 public:
1606  enum Reason
1607  {
1611  AffiliationChanged,
1613  CessationOfOperation,
1616  PrivilegeWithdrawn,
1617  AACompromise
1618  };
1619 
1624 
1631  explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
1632 
1641  CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
1642 
1648  CRLEntry(const CRLEntry &from);
1649 
1650  ~CRLEntry();
1651 
1657  CRLEntry &operator=(const CRLEntry &from);
1658 
1663 
1667  QDateTime time() const;
1668 
1672  bool isNull() const;
1673 
1680  Reason reason() const;
1681 
1689  bool operator<(const CRLEntry &a) const;
1690 
1698  bool operator==(const CRLEntry &a) const;
1699 
1705  inline bool operator!=(const CRLEntry &other) const
1706  {
1707  return !(*this == other);
1708  }
1709 
1710 private:
1711  BigInteger _serial;
1712  QDateTime _time;
1713  Reason _reason;
1714 
1715  class Private;
1716  Private *d;
1717 };
1718 
1739 class QCA_EXPORT CRL : public Algorithm
1740 {
1741 public:
1742  CRL();
1743 
1749  CRL(const CRL &from);
1750 
1751  ~CRL() override;
1752 
1758  CRL &operator=(const CRL &from);
1759 
1765  bool isNull() const;
1766 
1774 
1784 
1791  int number() const;
1792 
1796  QDateTime thisUpdate() const;
1797 
1803  QDateTime nextUpdate() const;
1804 
1809 
1814 
1818  QByteArray issuerKeyId() const;
1819 
1827  bool operator==(const CRL &a) const;
1828 
1834  inline bool operator!=(const CRL &other) const
1835  {
1836  return !(*this == other);
1837  }
1838 
1844  QByteArray toDER() const;
1845 
1851  QString toPEM() const;
1852 
1859  bool toPEMFile(const QString &fileName) const;
1860 
1872  static CRL fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1873 
1885  static CRL fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1886 
1899  static CRL
1900  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1901 
1907  void change(CRLContext *c);
1908 
1909 private:
1910  class Private;
1911  friend class Private;
1912  QSharedDataPointer<Private> d;
1913 };
1914 
1928 class QCA_EXPORT CertificateCollection
1929 {
1930 public:
1935 
1942 
1944 
1951 
1957  void addCertificate(const Certificate &cert);
1958 
1965  void addCRL(const CRL &crl);
1966 
1971 
1975  QList<CRL> crls() const;
1976 
1982  void append(const CertificateCollection &other);
1983 
1990 
1997 
2008  static bool canUsePKCS7(const QString &provider = QString());
2009 
2018  bool toFlatTextFile(const QString &fileName);
2019 
2030  bool toPKCS7File(const QString &fileName, const QString &provider = QString());
2031 
2045  static CertificateCollection
2046  fromFlatTextFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2047 
2061  static CertificateCollection
2062  fromPKCS7File(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2063 
2064 private:
2065  class Private;
2066  QSharedDataPointer<Private> d;
2067 };
2068 
2077 class QCA_EXPORT CertificateAuthority : public Algorithm
2078 {
2079 public:
2088  CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
2089 
2096 
2097  ~CertificateAuthority() override;
2098 
2105 
2113 
2121  Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const;
2122 
2130 
2138  CRL createCRL(const QDateTime &nextUpdate) const;
2139 
2149  CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
2150 
2151 private:
2152  class Private;
2153  Private *d;
2154 };
2155 
2175 class QCA_EXPORT KeyBundle
2176 {
2177 public:
2182 
2200  explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
2201 
2207  KeyBundle(const KeyBundle &from);
2208 
2209  ~KeyBundle();
2210 
2217 
2221  bool isNull() const;
2222 
2232  QString name() const;
2233 
2240 
2247 
2253  void setName(const QString &s);
2254 
2265 
2289  QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
2290 
2315  bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
2316 
2347  static KeyBundle fromArray(const QByteArray &a,
2348  const SecureArray &passphrase = SecureArray(),
2349  ConvertResult *result = nullptr,
2350  const QString &provider = QString());
2351 
2382  static KeyBundle fromFile(const QString &fileName,
2383  const SecureArray &passphrase = SecureArray(),
2384  ConvertResult *result = nullptr,
2385  const QString &provider = QString());
2386 
2387 private:
2388  class Private;
2389  QSharedDataPointer<Private> d;
2390 };
2391 
2406 class QCA_EXPORT PGPKey : public Algorithm
2407 {
2408 public:
2413 
2423  PGPKey(const QString &fileName);
2424 
2430  PGPKey(const PGPKey &from);
2431 
2432  ~PGPKey() override;
2433 
2439  PGPKey &operator=(const PGPKey &from);
2440 
2446  bool isNull() const;
2447 
2451  QString keyId() const;
2452 
2456  QString primaryUserId() const;
2457 
2461  QStringList userIds() const;
2462 
2468  bool isSecret() const;
2469 
2473  QDateTime creationDate() const;
2474 
2478  QDateTime expirationDate() const;
2479 
2486  QString fingerprint() const;
2487 
2496  bool inKeyring() const;
2497 
2503  bool isTrusted() const;
2504 
2514  QByteArray toArray() const;
2515 
2524  QString toString() const;
2525 
2531  bool toFile(const QString &fileName) const;
2532 
2542  static PGPKey fromArray(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
2543 
2553  static PGPKey fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
2554 
2565  static PGPKey
2566  fromFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2567 
2568 private:
2569  class Private;
2570  Private *d;
2571 };
2572 
2612 class QCA_EXPORT KeyLoader : public QObject
2613 {
2614  Q_OBJECT
2615 public:
2621  KeyLoader(QObject *parent = nullptr);
2622  ~KeyLoader() override;
2623 
2633  void loadPrivateKeyFromPEMFile(const QString &fileName);
2634 
2643  void loadPrivateKeyFromPEM(const QString &s);
2644 
2654 
2663  void loadKeyBundleFromFile(const QString &fileName);
2664 
2672  void loadKeyBundleFromArray(const QByteArray &a);
2673 
2680 
2691 
2701 
2702 Q_SIGNALS:
2710  void finished();
2711 
2712 private:
2713  Q_DISABLE_COPY(KeyLoader)
2714 
2715  class Private;
2716  friend class Private;
2717  Private *d;
2718 };
2719 
2720 }
2721 
2722 #endif
General superclass for an algorithm.
Definition: qca_core.h:1164
Arbitrary precision integer.
Definition: qca_tools.h:571
X.509 certificate revocation list provider.
Definition: qcaprovider.h:1513
Part of a CRL representing a single certificate.
Definition: qca_cert.h:1601
BigInteger serialNumber() const
The serial number of the certificate that is the subject of this CRL entry.
CRLEntry()
create an empty CRL entry
Reason reason() const
The reason that this CRL entry was created.
bool operator!=(const CRLEntry &other) const
Inequality operator.
Definition: qca_cert.h:1705
Reason
The reason why the certificate has been revoked.
Definition: qca_cert.h:1607
@ CACompromise
certificate authority has been compromised
Definition: qca_cert.h:1610
@ Unspecified
reason is unknown
Definition: qca_cert.h:1608
@ CertificateHold
certificate is on hold
Definition: qca_cert.h:1614
@ KeyCompromise
private key has been compromised
Definition: qca_cert.h:1609
@ Superseded
certificate has been superseded
Definition: qca_cert.h:1612
@ RemoveFromCRL
certificate was previously in a CRL, but is now valid
Definition: qca_cert.h:1615
CRLEntry(const CRLEntry &from)
Copy constructor.
CRLEntry & operator=(const CRLEntry &from)
Standard assignment operator.
bool operator<(const CRLEntry &a) const
Test if one CRL entry is "less than" another.
bool isNull() const
Test if this CRL entry is empty.
bool operator==(const CRLEntry &a) const
Test for equality of two CRL Entries.
CRLEntry(const BigInteger serial, const QDateTime &time, Reason r=Unspecified)
create a CRL entry
CRLEntry(const Certificate &c, Reason r=Unspecified)
create a CRL entry
QDateTime time() const
The time this CRL entry was created.
Certificate Revocation List
Definition: qca_cert.h:1740
static CRL fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import a PEM encoded Certificate Revocation List (CRL) from a file.
void change(CRLContext *c)
QByteArray issuerKeyId() const
The key identification of the CRL issuer.
QList< CRLEntry > revoked() const
a list of the revoked certificates in this CRL
bool isNull() const
Test if the CRL is empty.
static CRL fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import a PEM encoded Certificate Revocation List (CRL)
QDateTime thisUpdate() const
the time that this CRL became (or becomes) valid
QDateTime nextUpdate() const
the time that this CRL will be obsoleted
QString toPEM() const
Export the Certificate Revocation List (CRL) in PEM format.
bool toPEMFile(const QString &fileName) const
Export the Certificate Revocation List (CRL) into PEM format in a file.
SignatureAlgorithm signatureAlgorithm() const
The signature algorithm used for the signature on this CRL.
bool operator==(const CRL &a) const
Test for equality of two Certificate Revocation Lists.
CertificateInfoOrdered issuerInfoOrdered() const
Information on the issuer of the CRL as an ordered list (QList of CertificateInfoPair).
int number() const
The CRL serial number.
CertificateInfo issuerInfo() const
Information on the issuer of the CRL as a QMultiMap.
CRL & operator=(const CRL &from)
Standard assignment operator.
bool operator!=(const CRL &other) const
Inequality operator.
Definition: qca_cert.h:1834
QByteArray toDER() const
Export the Certificate Revocation List (CRL) in DER format.
CRL(const CRL &from)
Standard copy constructor.
static CRL fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import a DER encoded Certificate Revocation List (CRL)
X.509 certificate request provider.
Definition: qcaprovider.h:1429
X.509 certificate provider.
Definition: qcaprovider.h:1325
A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs).
Definition: qca_cert.h:2078
CRL createCRL(const QDateTime &nextUpdate) const
Create a new Certificate Revocation List (CRL)
Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const
Create a new Certificate.
CRL updateCRL(const CRL &crl, const QList< CRLEntry > &entries, const QDateTime &nextUpdate) const
Update the CRL to include new entries.
CertificateAuthority & operator=(const CertificateAuthority &from)
Standard assignment operator.
CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider)
Create a new Certificate Authority.
CertificateAuthority(const CertificateAuthority &from)
Copy constructor.
Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const
Create a new Certificate by signing the provider CertificateRequest.
Certificate certificate() const
The Certificate belonging to the CertificateAuthority.
A chain of related Certificates.
Definition: qca_cert.h:1226
CertificateChain(const Certificate &primary)
Create a certificate chain, starting at the specified certificate.
Definition: qca_cert.h:1241
const Certificate & primary() const
Return the primary (end-user) Certificate.
Definition: qca_cert.h:1249
CertificateChain()
Create an empty certificate chain.
Definition: qca_cert.h:1231
Validity validate(const CertificateCollection &trusted, const QList< CRL > &untrusted_crls=QList< CRL >(), UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate chain.
Definition: qca_cert.h:1299
CertificateChain complete(const QList< Certificate > &issuers=QList< Certificate >(), Validity *result=nullptr) const
Complete a certificate chain for the primary certificate, using the rest of the certificates in the c...
Definition: qca_cert.h:1309
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1929
void addCRL(const CRL &crl)
Append a CRL to this collection.
bool toPKCS7File(const QString &fileName, const QString &provider=QString())
export the CertificateCollection to a PKCS#7 file
CertificateCollection & operator=(const CertificateCollection &from)
Standard assignment operator.
static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
import a CertificateCollection from a text file
CertificateCollection()
Create an empty Certificate / CRL collection.
QList< Certificate > certificates() const
The Certificates in this collection.
void append(const CertificateCollection &other)
Add another CertificateCollection to this collection.
static bool canUsePKCS7(const QString &provider=QString())
test if the CertificateCollection can be imported and exported to PKCS#7 format
CertificateCollection(const CertificateCollection &from)
Standard copy constructor.
CertificateCollection & operator+=(const CertificateCollection &other)
Add another CertificateCollection to this collection.
CertificateCollection operator+(const CertificateCollection &other) const
Add another CertificateCollection to this collection.
QList< CRL > crls() const
The CRLs in this collection.
static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
import a CertificateCollection from a PKCS#7 file
bool toFlatTextFile(const QString &fileName)
export the CertificateCollection to a plain text file
void addCertificate(const Certificate &cert)
Append a Certificate to this collection.
Ordered certificate properties type.
Definition: qca_cert.h:548
QString toString() const
Convert to RFC 1779 string format.
Definition: qca_cert.h:577
CertificateInfoOrdered dnOnly() const
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in thi...
Definition: qca_cert.h:582
One entry in a certificate information list.
Definition: qca_cert.h:246
CertificateInfoPair(const CertificateInfoPair &from)
Standard copy constructor.
bool operator!=(const CertificateInfoPair &other) const
Inequality operator.
Definition: qca_cert.h:301
CertificateInfoPair(const CertificateInfoType &type, const QString &value)
Construct a new pair.
QString value() const
The value of the information stored in the pair.
bool operator==(const CertificateInfoPair &other) const
Comparison operator.
CertificateInfoPair & operator=(const CertificateInfoPair &from)
Standard assignment operator.
CertificateInfoPair()
Standard constructor.
CertificateInfoType type() const
The type of information stored in the pair.
Certificate information type.
Definition: qca_cert.h:120
bool operator<(const CertificateInfoType &other) const
Comparison operator.
CertificateInfoType & operator=(const CertificateInfoType &from)
Standard assignment operator.
bool operator==(const CertificateInfoType &other) const
Comparison operator.
CertificateInfoTypeKnown known() const
The type as part of the CertificateInfoTypeKnown enumerator.
Section section() const
The section the type is part of.
CertificateInfoType(CertificateInfoTypeKnown known)
Construct a new type.
bool operator!=(const CertificateInfoType &other) const
Inequality operator.
Definition: qca_cert.h:228
QString id() const
The type as an identifier string.
CertificateInfoType(const QString &id, Section section)
Construct a new type.
Section
Section of the certificate that the information belongs in.
Definition: qca_cert.h:126
@ DN
Distinguished name (the primary name)
Definition: qca_cert.h:127
CertificateInfoType()
Standard constructor.
CertificateInfoType(const CertificateInfoType &from)
Standard copy constructor.
Certificate options
Definition: qca_cert.h:610
BigInteger serialNumber() const
The serial number for the certificate.
QDateTime notValidBefore() const
the first time the certificate will be valid
void setInfo(const CertificateInfo &info)
Specify information for the subject associated with the certificate.
void setPolicies(const QStringList &policies)
set the policies on the certificate
bool isCA() const
test if the certificate is a CA cert
CertificateInfoOrdered infoOrdered() const
Information on the subject of the certificate, in the exact order the items will be written.
void setCRLLocations(const QStringList &locations)
set the CRL locations of the certificate
QStringList crlLocations() const
list of URI locations for CRL files
void setOCSPLocations(const QStringList &locations)
set the OCSP service locations of the certificate
void setInfoOrdered(const CertificateInfoOrdered &info)
Specify information for the subject associated with the certificate.
void setChallenge(const QString &s)
Specify the challenge associated with this certificate.
CertificateOptions & operator=(const CertificateOptions &from)
Standard assignment operator.
void setIssuerLocations(const QStringList &locations)
set the issuer certificate locations of the certificate
CertificateOptions(const CertificateOptions &from)
Standard copy constructor.
void setValidityPeriod(const QDateTime &start, const QDateTime &end)
Set the validity period for the certificate.
QDateTime notValidAfter() const
the last time the certificate is valid
void setConstraints(const Constraints &constraints)
set the constraints on the certificate
QString challenge() const
The challenge part of the certificate.
void setFormat(CertificateRequestFormat f)
Specify the format for this certificate.
void setAsCA(int pathLimit=8)
set the certificate to be a CA cert
CertificateRequestFormat format() const
test the format type for this certificate
CertificateInfo info() const
Information on the subject of the certificate.
void setSerialNumber(const BigInteger &i)
Set the serial number property on this certificate.
void setAsUser()
set the certificate to be a user cert (this is the default)
QStringList issuerLocations() const
list of URI locations for issuer certificate files
Constraints constraints() const
List the constraints on this certificate.
bool isValid() const
Test if the certificate options object is valid.
QStringList ocspLocations() const
list of URI locations for OCSP services
int pathLimit() const
return the path limit on this certificate
QStringList policies() const
list the policies on this certificate
CertificateOptions(CertificateRequestFormat format=PKCS10)
Create a Certificate options set.
Certificate Request
Definition: qca_cert.h:1326
QString toString() const
Export the CertificateRequest to a string.
static CertificateRequest fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from PEM format.
QStringList policies() const
The policies that apply to this certificate request.
CertificateRequest(const CertificateRequest &from)
Standard copy constructor.
bool isNull() const
test if the certificate request is empty
bool operator==(const CertificateRequest &csr) const
Test for equality of two certificate requests.
QByteArray toDER() const
Export the Certificate Request into a DER format.
static bool canUseFormat(CertificateRequestFormat f, const QString &provider=QString())
Test if the certificate request can use a specified format.
bool toPEMFile(const QString &fileName) const
Export the Certificate into PEM format in a file.
static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from DER.
bool operator!=(const CertificateRequest &other) const
Inequality operator.
Definition: qca_cert.h:1473
CertificateRequest & operator=(const CertificateRequest &from)
Standard assignment operator.
QString challenge() const
The challenge associated with this certificate request.
CertificateInfoOrdered subjectInfoOrdered() const
Information on the subject of the certificate being requested, as an ordered list (QList of Certifica...
CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider=QString())
Create a certificate request based on specified options.
CertificateRequest()
Create an empty certificate request.
QString toPEM() const
Export the Certificate Request into a PEM format.
bool isCA() const
Test if this Certificate Request is for a Certificate Authority certificate.
CertificateRequest(const QString &fileName)
Create a certificate request based on the contents of a file.
SignatureAlgorithm signatureAlgorithm() const
The algorithm used to make the signature on this certificate request.
CertificateInfo subjectInfo() const
Information on the subject of the certificate being requested.
int pathLimit() const
The path limit for the certificate in this Certificate Request.
Constraints constraints() const
The constraints that apply to this certificate request.
CertificateRequestFormat format() const
the format that this Certificate request is in
void change(CSRContext *c)
static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from a file.
PublicKey subjectPublicKey() const
The public key belonging to the issuer.
static CertificateRequest fromString(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the CertificateRequest from a string.
Public Key (X.509) certificate.
Definition: qca_cert.h:857
bool matchesHostName(const QString &host) const
Test if the subject of the certificate matches a specified host name.
SignatureAlgorithm signatureAlgorithm() const
The signature algorithm used for the signature on this certificate.
static Certificate fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from PEM format.
Constraints constraints() const
The constraints that apply to this certificate.
QString commonName() const
The common name of the subject of the certificate.
bool isSelfSigned() const
Test if the Certificate is self-signed.
CertificateInfoOrdered subjectInfoOrdered() const
Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider=QString())
Create a Certificate with specified options and a specified private key.
bool isCA() const
Test if the Certificate is valid as a Certificate Authority.
bool operator!=(const Certificate &other) const
Inequality operator.
Definition: qca_cert.h:1176
Certificate & operator=(const Certificate &from)
Standard assignment operator.
void change(CertContext *c)
static Certificate fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from DER.
int pathLimit() const
The upper bound of the number of links in the certificate chain, if any.
QDateTime notValidBefore() const
The earliest date that the certificate is valid.
CertificateInfoOrdered issuerInfoOrdered() const
Properties of the issuer of the certificate, as an ordered list (QList of CertificateInfoPair).
QStringList policies() const
The policies that apply to this certificate.
PublicKey subjectPublicKey() const
The public key associated with the subject of the certificate.
QString toPEM() const
Export the Certificate into a PEM format.
bool operator==(const Certificate &a) const
Test for equality of two certificates.
QStringList issuerLocations() const
List of URI locations for issuer certificate files.
bool toPEMFile(const QString &fileName) const
Export the Certificate into PEM format in a file.
QByteArray issuerKeyId() const
The key identifier associated with the issuer.
BigInteger serialNumber() const
The serial number of the certificate.
Certificate(const Certificate &from)
Standard copy constructor.
static Certificate fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from a file.
Certificate(const QString &fileName)
Create a Certificate from a PEM encoded file.
QDateTime notValidAfter() const
The latest date that the certificate is valid.
Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate.
QByteArray subjectKeyId() const
The key identifier associated with the subject.
CertificateInfo subjectInfo() const
CertificateInfo issuerInfo() const
Properties of the issuer of the certificate.
QStringList ocspLocations() const
List of URI locations for OCSP services.
QStringList crlLocations() const
List of URI locations for CRL files.
bool isNull() const
Test if the certificate is empty (null)
Certificate()
Create an empty Certificate.
QByteArray toDER() const
Export the Certificate into a DER format.
bool isIssuerOf(const Certificate &other) const
Test if the Certificate has signed another Certificate object and is therefore the issuer.
Certificate constraint.
Definition: qca_cert.h:364
QString id() const
The type as an identifier string.
ConstraintType & operator=(const ConstraintType &from)
Standard assignment operator.
bool operator!=(const ConstraintType &other) const
Inequality operator.
Definition: qca_cert.h:469
Section section() const
The section the constraint is part of.
Section
Section of the certificate that the constraint belongs in.
Definition: qca_cert.h:370
@ KeyUsage
Stored in the key usage section.
Definition: qca_cert.h:371
ConstraintType(const ConstraintType &from)
Standard copy constructor.
bool operator<(const ConstraintType &other) const
Comparison operator.
ConstraintTypeKnown known() const
The type as part of the ConstraintTypeKnown enumerator.
ConstraintType(const QString &id, Section section)
Construct a new constraint.
bool operator==(const ConstraintType &other) const
Comparison operator.
ConstraintType()
Standard constructor.
ConstraintType(ConstraintTypeKnown known)
Construct a new constraint.
Certificate chain and private key pair.
Definition: qca_cert.h:2176
KeyBundle(const KeyBundle &from)
Standard copy constructor.
KeyBundle(const QString &fileName, const SecureArray &passphrase=SecureArray())
Create a KeyBundle from a PKCS12 (.p12) encoded file.
CertificateChain certificateChain() const
The public certificate part of this bundle.
void setName(const QString &s)
Specify the name of this bundle.
void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key)
Set the public certificate and private key.
static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase=SecureArray(), ConvertResult *result=nullptr, const QString &provider=QString())
KeyBundle & operator=(const KeyBundle &from)
Standard assignment operator.
KeyBundle()
Create an empty KeyBundle.
PrivateKey privateKey() const
The private key part of this bundle.
QString name() const
The name associated with this key.
QByteArray toArray(const SecureArray &passphrase, const QString &provider=QString()) const
bool isNull() const
Test if this key is empty (null)
static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase=SecureArray(), ConvertResult *result=nullptr, const QString &provider=QString())
bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider=QString()) const
Asynchronous private key loader.
Definition: qca_cert.h:2613
void loadKeyBundleFromFile(const QString &fileName)
Initiate an asynchronous loading of a KeyBundle from a file.
void loadPrivateKeyFromDER(const SecureArray &a)
Initiate an asynchronous loading of a PrivateKey from a DER format array.
ConvertResult convertResult() const
The result of the loading process.
void loadKeyBundleFromArray(const QByteArray &a)
Initiate an asynchronous loading of a KeyBundle from an array.
void loadPrivateKeyFromPEMFile(const QString &fileName)
Initiate an asynchronous loading of a PrivateKey from a PEM format file.
void loadPrivateKeyFromPEM(const QString &s)
Initiate an asynchronous loading of a PrivateKey from a PEM format string.
KeyBundle keyBundle() const
The key bundle that has been loaded.
PrivateKey privateKey() const
The private key that has been loaded.
void finished()
Signal that is emitted when the load process has completed.
KeyLoader(QObject *parent=nullptr)
Create a KeyLoader object.
Pretty Good Privacy key.
Definition: qca_cert.h:2407
QString keyId() const
The Key identification for the PGP key.
QString primaryUserId() const
The primary user identification for the key.
QDateTime creationDate() const
The creation date for the key.
static PGPKey fromFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from a file.
bool isTrusted() const
Test if the key is trusted.
static PGPKey fromString(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from a string.
bool isNull() const
Test if the PGP key is empty (null)
QString fingerprint() const
The key fingerpint.
bool toFile(const QString &fileName) const
Export the key to a file.
QByteArray toArray() const
Export the key to an array.
static PGPKey fromArray(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from an array.
PGPKey()
Create an empty PGP key.
QString toString() const
Export the key to a string.
PGPKey(const QString &fileName)
Create a PGP key from an encoded file.
PGPKey(const PGPKey &from)
Standard copy constructor.
QStringList userIds() const
The list of all user identifications associated with the key.
QDateTime expirationDate() const
The expiration date for the key.
bool isSecret() const
Test if the PGP key is the secret key.
bool inKeyring() const
Test if this key is in a keyring.
PGPKey & operator=(const PGPKey &from)
Standard assignment operator.
Generic private key.
Definition: qca_publickey.h:833
Generic public key.
Definition: qca_publickey.h:529
Secure array of bytes.
Definition: qca_tools.h:317
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:41
UsageMode
Specify the intended usage of a certificate.
Definition: qca_cert.h:483
@ UsageTimeStamping
time stamping certificate
Definition: qca_cert.h:489
@ UsageEmailProtection
email (S/MIME) certificate
Definition: qca_cert.h:488
@ UsageCRLSigning
certificate revocation list signing certificate
Definition: qca_cert.h:490
@ UsageTLSServer
server side of a TLS or SSL connection
Definition: qca_cert.h:485
@ UsageTLSClient
client side of a TLS or SSL connection
Definition: qca_cert.h:486
@ UsageAny
Any application, or unspecified.
Definition: qca_cert.h:484
@ UsageCodeSigning
code signing certificate
Definition: qca_cert.h:487
CertificateRequestFormat
Certificate Request Format.
Definition: qca_cert.h:54
@ SPKAC
Signed Public Key and Challenge (Netscape) format.
Definition: qca_cert.h:56
@ PKCS10
standard PKCS#10 format
Definition: qca_cert.h:55
QList< ConstraintType > Constraints
Certificate constraints type
Definition: qca_cert.h:590
ConstraintTypeKnown
Known types of certificate constraints.
Definition: qca_cert.h:317
@ DataEncipherment
Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"
Definition: qca_cert.h:322
@ IPSecUser
Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7".
Definition: qca_cert.h:342
@ EmailProtection
Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4".
Definition: qca_cert.h:336
@ CRLSign
Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign"
Definition: qca_cert.h:325
@ KeyAgreement
Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
Definition: qca_cert.h:323
@ ClientAuth
Certificate can be used for client authentication (e.g.
Definition: qca_cert.h:332
@ IPSecEndSystem
Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3....
Definition: qca_cert.h:338
@ IPSecTunnel
Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6".
Definition: qca_cert.h:340
@ ServerAuth
Certificate can be used for server authentication (e.g.
Definition: qca_cert.h:330
@ KeyEncipherment
Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"
Definition: qca_cert.h:321
@ TimeStamping
Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3....
Definition: qca_cert.h:344
@ CodeSigning
Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3".
Definition: qca_cert.h:334
@ EncipherOnly
Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
Definition: qca_cert.h:326
@ OCSPSigning
Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion,...
Definition: qca_cert.h:346
@ NonRepudiation
Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
Definition: qca_cert.h:320
@ DecipherOnly
Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
Definition: qca_cert.h:327
@ DigitalSignature
Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"
Definition: qca_cert.h:319
@ KeyCertificateSign
Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
Definition: qca_cert.h:324
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:497
@ ErrorValidityUnknown
Validity is unknown.
Definition: qca_cert.h:510
@ ErrorRevoked
The certificate has been revoked.
Definition: qca_cert.h:505
@ ErrorUntrusted
The certificate is not trusted.
Definition: qca_cert.h:500
@ ErrorExpired
The certificate has expired, or is not yet valid (e.g.
Definition: qca_cert.h:507
@ ErrorPathLengthExceeded
The path length from the root CA to this certificate is too long.
Definition: qca_cert.h:506
@ ErrorSignatureFailed
The signature does not match.
Definition: qca_cert.h:501
@ ErrorInvalidPurpose
The purpose does not match the intended usage.
Definition: qca_cert.h:503
@ ErrorExpiredCA
The Certificate Authority has expired.
Definition: qca_cert.h:509
@ ErrorSelfSigned
The certificate is self-signed, and is not found in the list of trusted certificates.
Definition: qca_cert.h:504
@ ErrorInvalidCA
The Certificate Authority is invalid.
Definition: qca_cert.h:502
@ ValidityGood
The certificate is valid.
Definition: qca_cert.h:498
@ ErrorRejected
The root CA rejected the certificate purpose.
Definition: qca_cert.h:499
QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in)
Convert to RFC 1779 string format.
ValidateFlags
The conditions to validate for a certificate.
Definition: qca_cert.h:517
QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in)
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the...
CertificateInfoTypeKnown
Known types of information stored in certificates.
Definition: qca_cert.h:65
@ IncorporationCountry
The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".
Definition: qca_cert.h:76
@ CommonName
The common name (eg person), id = "2.5.4.3".
Definition: qca_cert.h:66
@ Country
The country, id = "2.5.4.6".
Definition: qca_cert.h:75
@ XMPP
XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5".
Definition: qca_cert.h:80
@ Locality
The locality (eg city, a shire, or part of a state), id = "2.5.4.7".
Definition: qca_cert.h:71
@ State
The state within the country, id = "2.5.4.8".
Definition: qca_cert.h:73
@ Email
Email address, id = "GeneralName.rfc822Name".
Definition: qca_cert.h:67
@ IPAddress
IP address, id = "GeneralName.iPAddress".
Definition: qca_cert.h:79
@ IncorporationLocality
The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1".
Definition: qca_cert.h:72
@ Organization
An organisation (eg company), id = "2.5.4.10".
Definition: qca_cert.h:69
@ DNS
DNS name, id = "GeneralName.dNSName".
Definition: qca_cert.h:78
@ EmailLegacy
PKCS#9 Email field, id = "1.2.840.113549.1.9.1".
Definition: qca_cert.h:68
@ URI
Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".
Definition: qca_cert.h:77
@ IncorporationState
The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".
Definition: qca_cert.h:74
@ OrganizationalUnit
An part of an organisation (eg a division or branch), id = "2.5.4.11".
Definition: qca_cert.h:70
ConvertResult
Return value from a format conversion.
Definition: qca_publickey.h:119
QCA_EXPORT QStringList makeFriendlyNames(const QList< Certificate > &list)
Create a list of unique friendly names among a list of certificates.
SignatureAlgorithm
Signature algorithm variants.
Definition: qca_publickey.h:74
QMultiMap< CertificateInfoType, QString > CertificateInfo
Certificate properties type.
Definition: qca_cert.h:535
Header file for core QCA infrastructure.
Header file for PublicKey and PrivateKey related classes.