Qt Cryptographic Architecture
qca_cert.h
Go to the documentation of this file.
1 /*
2  * qca_cert.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4  * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
33 #ifndef QCA_CERT_H
34 #define QCA_CERT_H
35 
36 #include <QDateTime>
37 #include "qca_core.h"
38 #include "qca_publickey.h"
39 
40 namespace QCA {
41 
42 class CertContext;
43 class CSRContext;
44 class CRLContext;
45 class Certificate;
46 class CRL;
47 class CertificateCollection;
48 class CertificateChain;
49 
50 
55 {
57  SPKAC
58 };
59 
66 {
78  URI,
79  DNS,
81  XMPP
82 };
83 
120 class QCA_EXPORT CertificateInfoType
121 {
122 public:
126  enum Section
127  {
128  DN,
129  AlternativeName
130  };
131 
136 
146 
155  CertificateInfoType(const QString &id, Section section);
156 
163 
165 
172 
176  Section section() const;
177 
186 
205  QString id() const;
206 
213  bool operator<(const CertificateInfoType &other) const;
214 
221  bool operator==(const CertificateInfoType &other) const;
222 
229  inline bool operator!=(const CertificateInfoType &other) const
230  {
231  return !(*this == other);
232  }
233 
234 private:
235  class Private;
236  QSharedDataPointer<Private> d;
237 };
238 
246 class QCA_EXPORT CertificateInfoPair
247 {
248 public:
253 
260  CertificateInfoPair(const CertificateInfoType &type, const QString &value);
261 
268 
270 
277 
282 
286  QString value() const;
287 
294  bool operator==(const CertificateInfoPair &other) const;
295 
302  inline bool operator!=(const CertificateInfoPair &other) const
303  {
304  return !(*this == other);
305  }
306 
307 private:
308  class Private;
309  QSharedDataPointer<Private> d;
310 };
311 
312 
319 {
320  // KeyUsage
330 
331  // ExtKeyUsage
340  OCSPSigning
341 };
342 
356 class QCA_EXPORT ConstraintType
357 {
358 public:
362  enum Section
363  {
365  ExtendedKeyUsage
366  };
367 
372 
382 
391  ConstraintType(const QString &id, Section section);
392 
399 
400  ~ConstraintType();
401 
408 
412  Section section() const;
413 
422 
441  QString id() const;
442 
448  bool operator<(const ConstraintType &other) const;
449 
455  bool operator==(const ConstraintType &other) const;
456 
462  inline bool operator!=(const ConstraintType &other) const
463  {
464  return !(*this == other);
465  }
466 
467 private:
468  class Private;
469  QSharedDataPointer<Private> d;
470 };
471 
476 {
477  UsageAny = 0x00,
478  UsageTLSServer = 0x01,
479  UsageTLSClient = 0x02,
483  UsageCRLSigning = 0x20
484 };
485 
490 {
503 };
504 
509 {
510  ValidateAll = 0x00, // Verify all conditions
511  ValidateRevoked = 0x01, // Verify the certificate was not revoked
512  ValidateExpired = 0x02, // Verify the certificate has not expired
513  ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose
514 };
515 
527 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
528 
539 class CertificateInfoOrdered : public QList<CertificateInfoPair>
540 {
541 public:
545  inline QString toString() const;
546 
551  inline CertificateInfoOrdered dnOnly() const;
552 };
553 
559 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
560 
568 
569 inline QString CertificateInfoOrdered::toString() const
570 {
571  return orderedToDNString(*this);
572 }
573 
575 {
576  return orderedDNOnly(*this);
577 }
578 
583 
590 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
591 
601 class QCA_EXPORT CertificateOptions
602 {
603 public:
610 
618 
625 
630 
637 
643  bool isValid() const;
644 
652  QString challenge() const;
653 
660 
668 
673 
677  QStringList policies() const;
678 
686  QStringList crlLocations() const;
687 
695  QStringList issuerLocations() const;
696 
702  QStringList ocspLocations() const;
703 
710  bool isCA() const;
711 
715  int pathLimit() const;
716 
723 
729  QDateTime notValidBefore() const;
730 
736  QDateTime notValidAfter() const;
737 
746  void setChallenge(const QString &s);
747 
756  void setInfo(const CertificateInfo &info);
757 
767 
773  void setConstraints(const Constraints &constraints);
774 
780  void setPolicies(const QStringList &policies);
781 
789  void setCRLLocations(const QStringList &locations);
790 
798  void setIssuerLocations(const QStringList &locations);
799 
805  void setOCSPLocations(const QStringList &locations);
806 
812  void setAsCA(int pathLimit = 8); // value from Botan
813 
817  void setAsUser();
818 
824  void setSerialNumber(const BigInteger &i);
825 
832  void setValidityPeriod(const QDateTime &start, const QDateTime &end);
833 
834 private:
835  class Private;
836  Private *d;
837 };
838 
848 class QCA_EXPORT Certificate : public Algorithm
849 {
850 public:
855 
862  Certificate(const QString &fileName);
863 
873  Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
874 
880  Certificate(const Certificate &from);
881 
882  ~Certificate() override;
883 
890 
895  bool isNull() const;
896 
900  QDateTime notValidBefore() const;
901 
905  QDateTime notValidAfter() const;
906 
925 
946 
953 
967 
972 
978  QStringList policies() const;
979 
985  QStringList crlLocations() const;
986 
992  QStringList issuerLocations() const;
993 
997  QStringList ocspLocations() const;
998 
1005  QString commonName() const;
1006 
1011 
1016 
1022  bool isCA() const;
1023 
1029  bool isSelfSigned() const;
1030 
1039  bool isIssuerOf(const Certificate &other) const;
1040 
1045  int pathLimit() const;
1046 
1051 
1055  QByteArray subjectKeyId() const;
1056 
1060  QByteArray issuerKeyId() const;
1061 
1073  Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
1074 
1078  QByteArray toDER() const;
1079 
1083  QString toPEM() const;
1084 
1090  bool toPEMFile(const QString &fileName) const;
1091 
1104  static Certificate fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1105 
1118  static Certificate fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1119 
1133  static Certificate fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1134 
1147  bool matchesHostName(const QString &host) const;
1148 
1156  bool operator==(const Certificate &a) const;
1157 
1163  inline bool operator!=(const Certificate &other) const
1164  {
1165  return !(*this == other);
1166  }
1167 
1174 
1175 private:
1176  class Private;
1177  friend class Private;
1178  QSharedDataPointer<Private> d;
1179 
1180  friend class CertificateChain;
1181  Validity chain_validate(const CertificateChain &chain, const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const;
1182  CertificateChain chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
1183 };
1184 
1207 class CertificateChain : public QList<Certificate>
1208 {
1209 public:
1213  inline CertificateChain() {}
1214 
1221  inline CertificateChain(const Certificate &primary) { append(primary); }
1222 
1226  inline const Certificate & primary() const { return first(); }
1227 
1241  inline Validity validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls = QList<CRL>(), UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
1242 
1266  inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(), Validity *result = nullptr) const;
1267 };
1268 
1269 inline Validity CertificateChain::validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const
1270 {
1271  if(isEmpty())
1272  return ErrorValidityUnknown;
1273  return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
1274 }
1275 
1277 {
1278  if(isEmpty())
1279  return CertificateChain();
1280  return first().chain_complete(*this, issuers, result);
1281 }
1282 
1292 class QCA_EXPORT CertificateRequest : public Algorithm
1293 {
1294 public:
1299 
1306  CertificateRequest(const QString &fileName);
1307 
1317  CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
1318 
1325 
1326  ~CertificateRequest() override;
1327 
1334 
1340  bool isNull() const;
1341 
1352  static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
1353 
1358 
1368 
1380 
1387 
1393  QStringList policies() const;
1394 
1399 
1406  bool isCA() const;
1407 
1413  int pathLimit() const;
1414 
1418  QString challenge() const;
1419 
1425 
1433  bool operator==(const CertificateRequest &csr) const;
1434 
1440  inline bool operator!=(const CertificateRequest &other) const
1441  {
1442  return !(*this == other);
1443  }
1444 
1450  QByteArray toDER() const;
1451 
1457  QString toPEM() const;
1458 
1466  bool toPEMFile(const QString &fileName) const;
1467 
1482  static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1483 
1499  static CertificateRequest fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1500 
1516  static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1517 
1525  QString toString() const;
1526 
1541  static CertificateRequest fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1542 
1548  void change(CSRContext *c);
1549 
1550 private:
1551  class Private;
1552  friend class Private;
1553  QSharedDataPointer<Private> d;
1554 };
1555 
1563 class QCA_EXPORT CRLEntry
1564 {
1565 public:
1569  enum Reason
1570  {
1574  AffiliationChanged,
1576  CessationOfOperation,
1579  PrivilegeWithdrawn,
1580  AACompromise
1581  };
1582 
1587 
1594  explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
1595 
1604  CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
1605 
1611  CRLEntry(const CRLEntry &from);
1612 
1613  ~CRLEntry();
1614 
1620  CRLEntry & operator=(const CRLEntry &from);
1621 
1626 
1630  QDateTime time() const;
1631 
1635  bool isNull() const;
1636 
1643  Reason reason() const;
1644 
1652  bool operator<(const CRLEntry &a) const;
1653 
1661  bool operator==(const CRLEntry &a) const;
1662 
1668  inline bool operator!=(const CRLEntry &other) const
1669  {
1670  return !(*this == other);
1671  }
1672 
1673 private:
1674  BigInteger _serial;
1675  QDateTime _time;
1676  Reason _reason;
1677 
1678  class Private;
1679  Private *d;
1680 };
1681 
1702 class QCA_EXPORT CRL : public Algorithm
1703 {
1704 public:
1705  CRL();
1706 
1712  CRL(const CRL &from);
1713 
1714  ~CRL() override;
1715 
1721  CRL & operator=(const CRL &from);
1722 
1728  bool isNull() const;
1729 
1737 
1747 
1754  int number() const;
1755 
1759  QDateTime thisUpdate() const;
1760 
1766  QDateTime nextUpdate() const;
1767 
1772 
1777 
1781  QByteArray issuerKeyId() const;
1782 
1790  bool operator==(const CRL &a) const;
1791 
1797  inline bool operator!=(const CRL &other) const
1798  {
1799  return !(*this == other);
1800  }
1801 
1807  QByteArray toDER() const;
1808 
1814  QString toPEM() const;
1815 
1822  bool toPEMFile(const QString &fileName) const;
1823 
1835  static CRL fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1836 
1848  static CRL fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1849 
1862  static CRL fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1863 
1869  void change(CRLContext *c);
1870 
1871 private:
1872  class Private;
1873  friend class Private;
1874  QSharedDataPointer<Private> d;
1875 };
1876 
1890 class QCA_EXPORT CertificateCollection
1891 {
1892 public:
1897 
1904 
1906 
1913 
1919  void addCertificate(const Certificate &cert);
1920 
1927  void addCRL(const CRL &crl);
1928 
1933 
1937  QList<CRL> crls() const;
1938 
1944  void append(const CertificateCollection &other);
1945 
1952 
1959 
1970  static bool canUsePKCS7(const QString &provider = QString());
1971 
1980  bool toFlatTextFile(const QString &fileName);
1981 
1992  bool toPKCS7File(const QString &fileName, const QString &provider = QString());
1993 
2007  static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2008 
2022  static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2023 
2024 private:
2025  class Private;
2026  QSharedDataPointer<Private> d;
2027 };
2028 
2037 class QCA_EXPORT CertificateAuthority : public Algorithm
2038 {
2039 public:
2048  CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
2049 
2056 
2057  ~CertificateAuthority() override;
2058 
2065 
2073 
2081  Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const;
2082 
2090 
2098  CRL createCRL(const QDateTime &nextUpdate) const;
2099 
2109  CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
2110 
2111 private:
2112  class Private;
2113  Private *d;
2114 };
2115 
2135 class QCA_EXPORT KeyBundle
2136 {
2137 public:
2142 
2160  explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
2161 
2167  KeyBundle(const KeyBundle &from);
2168 
2169  ~KeyBundle();
2170 
2177 
2181  bool isNull() const;
2182 
2192  QString name() const;
2193 
2200 
2207 
2213  void setName(const QString &s);
2214 
2225 
2249  QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
2250 
2275  bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
2276 
2307  static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase = SecureArray(), ConvertResult *result = nullptr, const QString &provider = QString());
2308 
2339  static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase = SecureArray(), ConvertResult *result = nullptr, const QString &provider = QString());
2340 
2341 private:
2342  class Private;
2343  QSharedDataPointer<Private> d;
2344 };
2345 
2360 class QCA_EXPORT PGPKey : public Algorithm
2361 {
2362 public:
2367 
2377  PGPKey(const QString &fileName);
2378 
2384  PGPKey(const PGPKey &from);
2385 
2386  ~PGPKey() override;
2387 
2393  PGPKey & operator=(const PGPKey &from);
2394 
2400  bool isNull() const;
2401 
2405  QString keyId() const;
2406 
2410  QString primaryUserId() const;
2411 
2415  QStringList userIds() const;
2416 
2422  bool isSecret() const;
2423 
2427  QDateTime creationDate() const;
2428 
2432  QDateTime expirationDate() const;
2433 
2440  QString fingerprint() const;
2441 
2450  bool inKeyring() const;
2451 
2457  bool isTrusted() const;
2458 
2468  QByteArray toArray() const;
2469 
2478  QString toString() const;
2479 
2485  bool toFile(const QString &fileName) const;
2486 
2496  static PGPKey fromArray(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
2497 
2507  static PGPKey fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
2508 
2519  static PGPKey fromFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2520 
2521 private:
2522  class Private;
2523  Private *d;
2524 };
2525 
2565 class QCA_EXPORT KeyLoader : public QObject
2566 {
2567  Q_OBJECT
2568 public:
2574  KeyLoader(QObject *parent = nullptr);
2575  ~KeyLoader() override;
2576 
2586  void loadPrivateKeyFromPEMFile(const QString &fileName);
2587 
2596  void loadPrivateKeyFromPEM(const QString &s);
2597 
2607 
2616  void loadKeyBundleFromFile(const QString &fileName);
2617 
2625  void loadKeyBundleFromArray(const QByteArray &a);
2626 
2633 
2644 
2654 
2655 Q_SIGNALS:
2663  void finished();
2664 
2665 private:
2666  Q_DISABLE_COPY(KeyLoader)
2667 
2668  class Private;
2669  friend class Private;
2670  Private *d;
2671 };
2672 
2673 }
2674 
2675 #endif
General superclass for an algorithm.
Definition: qca_core.h:1152
Arbitrary precision integer.
Definition: qca_tools.h:571
X.509 certificate revocation list provider.
Definition: qcaprovider.h:1449
Part of a CRL representing a single certificate.
Definition: qca_cert.h:1564
BigInteger serialNumber() const
The serial number of the certificate that is the subject of this CRL entry.
CRLEntry()
create an empty CRL entry
Reason reason() const
The reason that this CRL entry was created.
bool operator!=(const CRLEntry &other) const
Inequality operator.
Definition: qca_cert.h:1668
Reason
The reason why the certificate has been revoked.
Definition: qca_cert.h:1570
@ CACompromise
certificate authority has been compromised
Definition: qca_cert.h:1573
@ Unspecified
reason is unknown
Definition: qca_cert.h:1571
@ CertificateHold
certificate is on hold
Definition: qca_cert.h:1577
@ KeyCompromise
private key has been compromised
Definition: qca_cert.h:1572
@ Superseded
certificate has been superseded
Definition: qca_cert.h:1575
@ RemoveFromCRL
certificate was previously in a CRL, but is now valid
Definition: qca_cert.h:1578
CRLEntry(const CRLEntry &from)
Copy constructor.
CRLEntry & operator=(const CRLEntry &from)
Standard assignment operator.
bool operator<(const CRLEntry &a) const
Test if one CRL entry is "less than" another.
bool isNull() const
Test if this CRL entry is empty.
bool operator==(const CRLEntry &a) const
Test for equality of two CRL Entries.
CRLEntry(const BigInteger serial, const QDateTime &time, Reason r=Unspecified)
create a CRL entry
CRLEntry(const Certificate &c, Reason r=Unspecified)
create a CRL entry
QDateTime time() const
The time this CRL entry was created.
Certificate Revocation List
Definition: qca_cert.h:1703
static CRL fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import a PEM encoded Certificate Revocation List (CRL) from a file.
void change(CRLContext *c)
QByteArray issuerKeyId() const
The key identification of the CRL issuer.
QList< CRLEntry > revoked() const
a list of the revoked certificates in this CRL
bool isNull() const
Test if the CRL is empty.
static CRL fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import a PEM encoded Certificate Revocation List (CRL)
QDateTime thisUpdate() const
the time that this CRL became (or becomes) valid
QDateTime nextUpdate() const
the time that this CRL will be obsoleted
QString toPEM() const
Export the Certificate Revocation List (CRL) in PEM format.
bool toPEMFile(const QString &fileName) const
Export the Certificate Revocation List (CRL) into PEM format in a file.
SignatureAlgorithm signatureAlgorithm() const
The signature algorithm used for the signature on this CRL.
bool operator==(const CRL &a) const
Test for equality of two Certificate Revocation Lists.
CertificateInfoOrdered issuerInfoOrdered() const
Information on the issuer of the CRL as an ordered list (QList of CertificateInfoPair).
int number() const
The CRL serial number.
CertificateInfo issuerInfo() const
Information on the issuer of the CRL as a QMultiMap.
CRL & operator=(const CRL &from)
Standard assignment operator.
bool operator!=(const CRL &other) const
Inequality operator.
Definition: qca_cert.h:1797
QByteArray toDER() const
Export the Certificate Revocation List (CRL) in DER format.
CRL(const CRL &from)
Standard copy constructor.
static CRL fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import a DER encoded Certificate Revocation List (CRL)
X.509 certificate request provider.
Definition: qcaprovider.h:1368
X.509 certificate provider.
Definition: qcaprovider.h:1275
A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs).
Definition: qca_cert.h:2038
CRL createCRL(const QDateTime &nextUpdate) const
Create a new Certificate Revocation List (CRL)
Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const
Create a new Certificate.
CRL updateCRL(const CRL &crl, const QList< CRLEntry > &entries, const QDateTime &nextUpdate) const
Update the CRL to include new entries.
CertificateAuthority & operator=(const CertificateAuthority &from)
Standard assignment operator.
CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider)
Create a new Certificate Authority.
CertificateAuthority(const CertificateAuthority &from)
Copy constructor.
Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const
Create a new Certificate by signing the provider CertificateRequest.
Certificate certificate() const
The Certificate belonging to the CertificateAuthority.
A chain of related Certificates.
Definition: qca_cert.h:1208
CertificateChain(const Certificate &primary)
Create a certificate chain, starting at the specified certificate.
Definition: qca_cert.h:1221
const Certificate & primary() const
Return the primary (end-user) Certificate.
Definition: qca_cert.h:1226
CertificateChain()
Create an empty certificate chain.
Definition: qca_cert.h:1213
Validity validate(const CertificateCollection &trusted, const QList< CRL > &untrusted_crls=QList< CRL >(), UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate chain.
Definition: qca_cert.h:1269
CertificateChain complete(const QList< Certificate > &issuers=QList< Certificate >(), Validity *result=nullptr) const
Complete a certificate chain for the primary certificate, using the rest of the certificates in the c...
Definition: qca_cert.h:1276
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1891
void addCRL(const CRL &crl)
Append a CRL to this collection.
bool toPKCS7File(const QString &fileName, const QString &provider=QString())
export the CertificateCollection to a PKCS#7 file
CertificateCollection & operator=(const CertificateCollection &from)
Standard assignment operator.
static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
import a CertificateCollection from a text file
CertificateCollection()
Create an empty Certificate / CRL collection.
QList< Certificate > certificates() const
The Certificates in this collection.
void append(const CertificateCollection &other)
Add another CertificateCollection to this collection.
static bool canUsePKCS7(const QString &provider=QString())
test if the CertificateCollection can be imported and exported to PKCS#7 format
CertificateCollection(const CertificateCollection &from)
Standard copy constructor.
CertificateCollection & operator+=(const CertificateCollection &other)
Add another CertificateCollection to this collection.
CertificateCollection operator+(const CertificateCollection &other) const
Add another CertificateCollection to this collection.
QList< CRL > crls() const
The CRLs in this collection.
static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
import a CertificateCollection from a PKCS#7 file
bool toFlatTextFile(const QString &fileName)
export the CertificateCollection to a plain text file
void addCertificate(const Certificate &cert)
Append a Certificate to this collection.
Ordered certificate properties type.
Definition: qca_cert.h:540
QString toString() const
Convert to RFC 1779 string format.
Definition: qca_cert.h:569
CertificateInfoOrdered dnOnly() const
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in thi...
Definition: qca_cert.h:574
One entry in a certificate information list.
Definition: qca_cert.h:247
CertificateInfoPair(const CertificateInfoPair &from)
Standard copy constructor.
bool operator!=(const CertificateInfoPair &other) const
Inequality operator.
Definition: qca_cert.h:302
CertificateInfoPair(const CertificateInfoType &type, const QString &value)
Construct a new pair.
QString value() const
The value of the information stored in the pair.
bool operator==(const CertificateInfoPair &other) const
Comparison operator.
CertificateInfoPair & operator=(const CertificateInfoPair &from)
Standard assignment operator.
CertificateInfoPair()
Standard constructor.
CertificateInfoType type() const
The type of information stored in the pair.
Certificate information type.
Definition: qca_cert.h:121
bool operator<(const CertificateInfoType &other) const
Comparison operator.
CertificateInfoType & operator=(const CertificateInfoType &from)
Standard assignment operator.
bool operator==(const CertificateInfoType &other) const
Comparison operator.
CertificateInfoTypeKnown known() const
The type as part of the CertificateInfoTypeKnown enumerator.
Section section() const
The section the type is part of.
CertificateInfoType(CertificateInfoTypeKnown known)
Construct a new type.
bool operator!=(const CertificateInfoType &other) const
Inequality operator.
Definition: qca_cert.h:229
QString id() const
The type as an identifier string.
CertificateInfoType(const QString &id, Section section)
Construct a new type.
Section
Section of the certificate that the information belongs in.
Definition: qca_cert.h:127
@ DN
Distinguished name (the primary name)
Definition: qca_cert.h:128
CertificateInfoType()
Standard constructor.
CertificateInfoType(const CertificateInfoType &from)
Standard copy constructor.
Certificate options
Definition: qca_cert.h:602
BigInteger serialNumber() const
The serial number for the certificate.
QDateTime notValidBefore() const
the first time the certificate will be valid
void setInfo(const CertificateInfo &info)
Specify information for the subject associated with the certificate.
void setPolicies(const QStringList &policies)
set the policies on the certificate
bool isCA() const
test if the certificate is a CA cert
CertificateInfoOrdered infoOrdered() const
Information on the subject of the certificate, in the exact order the items will be written.
void setCRLLocations(const QStringList &locations)
set the CRL locations of the certificate
QStringList crlLocations() const
list of URI locations for CRL files
void setOCSPLocations(const QStringList &locations)
set the OCSP service locations of the certificate
void setInfoOrdered(const CertificateInfoOrdered &info)
Specify information for the subject associated with the certificate.
void setChallenge(const QString &s)
Specify the challenge associated with this certificate.
CertificateOptions & operator=(const CertificateOptions &from)
Standard assignment operator.
void setIssuerLocations(const QStringList &locations)
set the issuer certificate locations of the certificate
CertificateOptions(const CertificateOptions &from)
Standard copy constructor.
void setValidityPeriod(const QDateTime &start, const QDateTime &end)
Set the validity period for the certificate.
QDateTime notValidAfter() const
the last time the certificate is valid
void setConstraints(const Constraints &constraints)
set the constraints on the certificate
QString challenge() const
The challenge part of the certificate.
void setFormat(CertificateRequestFormat f)
Specify the format for this certificate.
void setAsCA(int pathLimit=8)
set the certificate to be a CA cert
CertificateRequestFormat format() const
test the format type for this certificate
CertificateInfo info() const
Information on the subject of the certificate.
void setSerialNumber(const BigInteger &i)
Set the serial number property on this certificate.
void setAsUser()
set the certificate to be a user cert (this is the default)
QStringList issuerLocations() const
list of URI locations for issuer certificate files
Constraints constraints() const
List the constraints on this certificate.
bool isValid() const
Test if the certificate options object is valid.
QStringList ocspLocations() const
list of URI locations for OCSP services
int pathLimit() const
return the path limit on this certificate
QStringList policies() const
list the policies on this certificate
CertificateOptions(CertificateRequestFormat format=PKCS10)
Create a Certificate options set.
Certificate Request
Definition: qca_cert.h:1293
QString toString() const
Export the CertificateRequest to a string.
static CertificateRequest fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from PEM format.
QStringList policies() const
The policies that apply to this certificate request.
CertificateRequest(const CertificateRequest &from)
Standard copy constructor.
bool isNull() const
test if the certificate request is empty
bool operator==(const CertificateRequest &csr) const
Test for equality of two certificate requests.
QByteArray toDER() const
Export the Certificate Request into a DER format.
static bool canUseFormat(CertificateRequestFormat f, const QString &provider=QString())
Test if the certificate request can use a specified format.
bool toPEMFile(const QString &fileName) const
Export the Certificate into PEM format in a file.
static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from DER.
bool operator!=(const CertificateRequest &other) const
Inequality operator.
Definition: qca_cert.h:1440
CertificateRequest & operator=(const CertificateRequest &from)
Standard assignment operator.
QString challenge() const
The challenge associated with this certificate request.
CertificateInfoOrdered subjectInfoOrdered() const
Information on the subject of the certificate being requested, as an ordered list (QList of Certifica...
CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider=QString())
Create a certificate request based on specified options.
CertificateRequest()
Create an empty certificate request.
QString toPEM() const
Export the Certificate Request into a PEM format.
bool isCA() const
Test if this Certificate Request is for a Certificate Authority certificate.
CertificateRequest(const QString &fileName)
Create a certificate request based on the contents of a file.
SignatureAlgorithm signatureAlgorithm() const
The algorithm used to make the signature on this certificate request.
CertificateInfo subjectInfo() const
Information on the subject of the certificate being requested.
int pathLimit() const
The path limit for the certificate in this Certificate Request.
Constraints constraints() const
The constraints that apply to this certificate request.
CertificateRequestFormat format() const
the format that this Certificate request is in
void change(CSRContext *c)
static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from a file.
PublicKey subjectPublicKey() const
The public key belonging to the issuer.
static CertificateRequest fromString(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the CertificateRequest from a string.
Public Key (X.509) certificate.
Definition: qca_cert.h:849
bool matchesHostName(const QString &host) const
Test if the subject of the certificate matches a specified host name.
SignatureAlgorithm signatureAlgorithm() const
The signature algorithm used for the signature on this certificate.
static Certificate fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from PEM format.
Constraints constraints() const
The constraints that apply to this certificate.
QString commonName() const
The common name of the subject of the certificate.
bool isSelfSigned() const
Test if the Certificate is self-signed.
CertificateInfoOrdered subjectInfoOrdered() const
Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider=QString())
Create a Certificate with specified options and a specified private key.
bool isCA() const
Test if the Certificate is valid as a Certificate Authority.
bool operator!=(const Certificate &other) const
Inequality operator.
Definition: qca_cert.h:1163
Certificate & operator=(const Certificate &from)
Standard assignment operator.
void change(CertContext *c)
static Certificate fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from DER.
int pathLimit() const
The upper bound of the number of links in the certificate chain, if any.
QDateTime notValidBefore() const
The earliest date that the certificate is valid.
CertificateInfoOrdered issuerInfoOrdered() const
Properties of the issuer of the certificate, as an ordered list (QList of CertificateInfoPair).
QStringList policies() const
The policies that apply to this certificate.
PublicKey subjectPublicKey() const
The public key associated with the subject of the certificate.
QString toPEM() const
Export the Certificate into a PEM format.
bool operator==(const Certificate &a) const
Test for equality of two certificates.
QStringList issuerLocations() const
List of URI locations for issuer certificate files.
bool toPEMFile(const QString &fileName) const
Export the Certificate into PEM format in a file.
QByteArray issuerKeyId() const
The key identifier associated with the issuer.
BigInteger serialNumber() const
The serial number of the certificate.
Certificate(const Certificate &from)
Standard copy constructor.
static Certificate fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from a file.
Certificate(const QString &fileName)
Create a Certificate from a PEM encoded file.
QDateTime notValidAfter() const
The latest date that the certificate is valid.
Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate.
QByteArray subjectKeyId() const
The key identifier associated with the subject.
CertificateInfo subjectInfo() const
CertificateInfo issuerInfo() const
Properties of the issuer of the certificate.
QStringList ocspLocations() const
List of URI locations for OCSP services.
QStringList crlLocations() const
List of URI locations for CRL files.
bool isNull() const
Test if the certificate is empty (null)
Certificate()
Create an empty Certificate.
QByteArray toDER() const
Export the Certificate into a DER format.
bool isIssuerOf(const Certificate &other) const
Test if the Certificate has signed another Certificate object and is therefore the issuer.
Certificate constraint.
Definition: qca_cert.h:357
QString id() const
The type as an identifier string.
ConstraintType & operator=(const ConstraintType &from)
Standard assignment operator.
bool operator!=(const ConstraintType &other) const
Inequality operator.
Definition: qca_cert.h:462
Section section() const
The section the constraint is part of.
Section
Section of the certificate that the constraint belongs in.
Definition: qca_cert.h:363
@ KeyUsage
Stored in the key usage section.
Definition: qca_cert.h:364
ConstraintType(const ConstraintType &from)
Standard copy constructor.
bool operator<(const ConstraintType &other) const
Comparison operator.
ConstraintTypeKnown known() const
The type as part of the ConstraintTypeKnown enumerator.
ConstraintType(const QString &id, Section section)
Construct a new constraint.
bool operator==(const ConstraintType &other) const
Comparison operator.
ConstraintType()
Standard constructor.
ConstraintType(ConstraintTypeKnown known)
Construct a new constraint.
Certificate chain and private key pair.
Definition: qca_cert.h:2136
KeyBundle(const KeyBundle &from)
Standard copy constructor.
KeyBundle(const QString &fileName, const SecureArray &passphrase=SecureArray())
Create a KeyBundle from a PKCS12 (.p12) encoded file.
CertificateChain certificateChain() const
The public certificate part of this bundle.
void setName(const QString &s)
Specify the name of this bundle.
void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key)
Set the public certificate and private key.
static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase=SecureArray(), ConvertResult *result=nullptr, const QString &provider=QString())
KeyBundle & operator=(const KeyBundle &from)
Standard assignment operator.
KeyBundle()
Create an empty KeyBundle.
PrivateKey privateKey() const
The private key part of this bundle.
QString name() const
The name associated with this key.
QByteArray toArray(const SecureArray &passphrase, const QString &provider=QString()) const
bool isNull() const
Test if this key is empty (null)
static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase=SecureArray(), ConvertResult *result=nullptr, const QString &provider=QString())
bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider=QString()) const
Asynchronous private key loader.
Definition: qca_cert.h:2566
void loadKeyBundleFromFile(const QString &fileName)
Initiate an asynchronous loading of a KeyBundle from a file.
void loadPrivateKeyFromDER(const SecureArray &a)
Initiate an asynchronous loading of a PrivateKey from a DER format array.
ConvertResult convertResult() const
The result of the loading process.
void loadKeyBundleFromArray(const QByteArray &a)
Initiate an asynchronous loading of a KeyBundle from an array.
void loadPrivateKeyFromPEMFile(const QString &fileName)
Initiate an asynchronous loading of a PrivateKey from a PEM format file.
void loadPrivateKeyFromPEM(const QString &s)
Initiate an asynchronous loading of a PrivateKey from a PEM format string.
KeyBundle keyBundle() const
The key bundle that has been loaded.
PrivateKey privateKey() const
The private key that has been loaded.
void finished()
Signal that is emitted when the load process has completed.
KeyLoader(QObject *parent=nullptr)
Create a KeyLoader object.
Pretty Good Privacy key.
Definition: qca_cert.h:2361
QString keyId() const
The Key identification for the PGP key.
QString primaryUserId() const
The primary user identification for the key.
QDateTime creationDate() const
The creation date for the key.
static PGPKey fromFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from a file.
bool isTrusted() const
Test if the key is trusted.
static PGPKey fromString(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from a string.
bool isNull() const
Test if the PGP key is empty (null)
QString fingerprint() const
The key fingerpint.
bool toFile(const QString &fileName) const
Export the key to a file.
QByteArray toArray() const
Export the key to an array.
static PGPKey fromArray(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from an array.
PGPKey()
Create an empty PGP key.
QString toString() const
Export the key to a string.
PGPKey(const QString &fileName)
Create a PGP key from an encoded file.
PGPKey(const PGPKey &from)
Standard copy constructor.
QStringList userIds() const
The list of all user identifications associated with the key.
QDateTime expirationDate() const
The expiration date for the key.
bool isSecret() const
Test if the PGP key is the secret key.
bool inKeyring() const
Test if this key is in a keyring.
PGPKey & operator=(const PGPKey &from)
Standard assignment operator.
Generic private key.
Definition: qca_publickey.h:827
Generic public key.
Definition: qca_publickey.h:527
Secure array of bytes.
Definition: qca_tools.h:317
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:41
UsageMode
Specify the intended usage of a certificate.
Definition: qca_cert.h:476
@ UsageTimeStamping
time stamping certificate
Definition: qca_cert.h:482
@ UsageEmailProtection
email (S/MIME) certificate
Definition: qca_cert.h:481
@ UsageCRLSigning
certificate revocation list signing certificate
Definition: qca_cert.h:483
@ UsageTLSServer
server side of a TLS or SSL connection
Definition: qca_cert.h:478
@ UsageTLSClient
client side of a TLS or SSL connection
Definition: qca_cert.h:479
@ UsageAny
Any application, or unspecified.
Definition: qca_cert.h:477
@ UsageCodeSigning
code signing certificate
Definition: qca_cert.h:480
CertificateRequestFormat
Certificate Request Format.
Definition: qca_cert.h:55
@ SPKAC
Signed Public Key and Challenge (Netscape) format.
Definition: qca_cert.h:57
@ PKCS10
standard PKCS#10 format
Definition: qca_cert.h:56
QList< ConstraintType > Constraints
Certificate constraints type
Definition: qca_cert.h:582
ConstraintTypeKnown
Known types of certificate constraints.
Definition: qca_cert.h:319
@ DataEncipherment
Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"
Definition: qca_cert.h:324
@ IPSecUser
Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7"....
Definition: qca_cert.h:338
@ EmailProtection
Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an extended usage ...
Definition: qca_cert.h:335
@ CRLSign
Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign"
Definition: qca_cert.h:327
@ KeyAgreement
Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
Definition: qca_cert.h:325
@ ClientAuth
Certificate can be used for client authentication (e.g. web browser), id = "1.3.6....
Definition: qca_cert.h:333
@ IPSecEndSystem
Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3....
Definition: qca_cert.h:336
@ IPSecTunnel
Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6"....
Definition: qca_cert.h:337
@ ServerAuth
Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1....
Definition: qca_cert.h:332
@ KeyEncipherment
Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"
Definition: qca_cert.h:323
@ TimeStamping
Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3....
Definition: qca_cert.h:339
@ CodeSigning
Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage constraint.
Definition: qca_cert.h:334
@ EncipherOnly
Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
Definition: qca_cert.h:328
@ OCSPSigning
Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion,...
Definition: qca_cert.h:340
@ NonRepudiation
Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
Definition: qca_cert.h:322
@ DecipherOnly
Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
Definition: qca_cert.h:329
@ DigitalSignature
Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"
Definition: qca_cert.h:321
@ KeyCertificateSign
Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
Definition: qca_cert.h:326
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:490
@ ErrorValidityUnknown
Validity is unknown.
Definition: qca_cert.h:502
@ ErrorRevoked
The certificate has been revoked.
Definition: qca_cert.h:498
@ ErrorUntrusted
The certificate is not trusted.
Definition: qca_cert.h:493
@ ErrorExpired
The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore time)
Definition: qca_cert.h:500
@ ErrorPathLengthExceeded
The path length from the root CA to this certificate is too long.
Definition: qca_cert.h:499
@ ErrorSignatureFailed
The signature does not match.
Definition: qca_cert.h:494
@ ErrorInvalidPurpose
The purpose does not match the intended usage.
Definition: qca_cert.h:496
@ ErrorExpiredCA
The Certificate Authority has expired.
Definition: qca_cert.h:501
@ ErrorSelfSigned
The certificate is self-signed, and is not found in the list of trusted certificates.
Definition: qca_cert.h:497
@ ErrorInvalidCA
The Certificate Authority is invalid.
Definition: qca_cert.h:495
@ ValidityGood
The certificate is valid.
Definition: qca_cert.h:491
@ ErrorRejected
The root CA rejected the certificate purpose.
Definition: qca_cert.h:492
QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in)
Convert to RFC 1779 string format.
ValidateFlags
The conditions to validate for a certificate.
Definition: qca_cert.h:509
QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in)
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the...
CertificateInfoTypeKnown
Known types of information stored in certificates.
Definition: qca_cert.h:66
@ IncorporationCountry
The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".
Definition: qca_cert.h:77
@ CommonName
The common name (eg person), id = "2.5.4.3".
Definition: qca_cert.h:67
@ Country
The country, id = "2.5.4.6".
Definition: qca_cert.h:76
@ XMPP
XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5".
Definition: qca_cert.h:81
@ Locality
The locality (eg city, a shire, or part of a state), id = "2.5.4.7".
Definition: qca_cert.h:72
@ State
The state within the country, id = "2.5.4.8".
Definition: qca_cert.h:74
@ Email
Email address, id = "GeneralName.rfc822Name".
Definition: qca_cert.h:68
@ IPAddress
IP address, id = "GeneralName.iPAddress".
Definition: qca_cert.h:80
@ IncorporationLocality
The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1".
Definition: qca_cert.h:73
@ Organization
An organisation (eg company), id = "2.5.4.10".
Definition: qca_cert.h:70
@ DNS
DNS name, id = "GeneralName.dNSName".
Definition: qca_cert.h:79
@ EmailLegacy
PKCS#9 Email field, id = "1.2.840.113549.1.9.1".
Definition: qca_cert.h:69
@ URI
Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".
Definition: qca_cert.h:78
@ IncorporationState
The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".
Definition: qca_cert.h:75
@ OrganizationalUnit
An part of an organisation (eg a division or branch), id = "2.5.4.11".
Definition: qca_cert.h:71
ConvertResult
Return value from a format conversion.
Definition: qca_publickey.h:118
QCA_EXPORT QStringList makeFriendlyNames(const QList< Certificate > &list)
Create a list of unique friendly names among a list of certificates.
SignatureAlgorithm
Signature algorithm variants.
Definition: qca_publickey.h:74
QMultiMap< CertificateInfoType, QString > CertificateInfo
Certificate properties type.
Definition: qca_cert.h:527
Header file for core QCA infrastructure.
Header file for PublicKey and PrivateKey related classes.