File indexing completed on 2024-04-28 04:32:45
0001 /* 0002 SPDX-FileCopyrightText: 2018 Chinmoy Ranjan Pradhan <chinmoyrp65@gmail.com> 0003 0004 SPDX-License-Identifier: GPL-2.0-or-later 0005 */ 0006 0007 #ifndef OKULAR_SIGNATUREUTILS_H 0008 #define OKULAR_SIGNATUREUTILS_H 0009 0010 #include "okularcore_export.h" 0011 0012 #include <QDateTime> 0013 #include <QFlag> 0014 #include <QList> 0015 #include <QSharedPointer> 0016 #include <QString> 0017 0018 namespace Okular 0019 { 0020 0021 /** 0022 * @short A helper class to store information about x509 certificate 0023 */ 0024 class CertificateInfoPrivate; 0025 class OKULARCORE_EXPORT CertificateInfo 0026 { 0027 public: 0028 /** The certificate backend is mostly 0029 important if there is a wish to integrate 0030 third party viewers, where some third party 0031 viewers only interacts with some and not other 0032 backend */ 0033 enum class Backend { 0034 /** The backend is either unknown 0035 or known, but not something there is 0036 currently supported need for*/ 0037 Unknown, 0038 /** The certificates in question originates 0039 in gpg and thus can be queried using e.g. 0040 KDE's certificate manager Kleopatra */ 0041 Gpg 0042 }; 0043 /** 0044 * The algorithm of public key. 0045 */ 0046 enum PublicKeyType { RsaKey, DsaKey, EcKey, OtherKey }; 0047 0048 /** 0049 * Certificate key usage extensions. 0050 */ 0051 enum KeyUsageExtension { KuDigitalSignature = 0x80, KuNonRepudiation = 0x40, KuKeyEncipherment = 0x20, KuDataEncipherment = 0x10, KuKeyAgreement = 0x08, KuKeyCertSign = 0x04, KuClrSign = 0x02, KuEncipherOnly = 0x01, KuNone = 0x00 }; 0052 Q_DECLARE_FLAGS(KeyUsageExtensions, KeyUsageExtension) 0053 0054 /** 0055 * Predefined keys for elements in an entity's distinguished name. 0056 */ 0057 enum EntityInfoKey { 0058 CommonName, 0059 DistinguishedName, 0060 EmailAddress, 0061 Organization, 0062 }; 0063 /** 0064 * How should certain empty strings be treated 0065 * @since 23.08 0066 */ 0067 enum class EmptyString { /** Empty strings should just be empty*/ Empty, TranslatedNotAvailable /** Empty strings should be a localized version of "Not available" */ }; 0068 0069 /** A signing key can be located in different places 0070 * sometimes, for the user, it might be easier to pick 0071 * the key located on a card if it have some visual 0072 * indicator that it is somehow removable. 0073 * 0074 * \note a keylocation for a certificate without a private 0075 *key (cannot be used for signing) will likely be "Unknown" 0076 */ 0077 enum class KeyLocation { 0078 Unknown, /** We don't know the location */ 0079 Other, /** We know the location, but it is somehow not covered by this enum */ 0080 Computer, /** The key is on this computer */ 0081 HardwareToken /** The key is on a dedicated hardware token, either a smartcard or a dedicated usb token (e.g. gnuk, nitrokey or yubikey) */ 0082 }; 0083 0084 /** 0085 * Destructor 0086 */ 0087 ~CertificateInfo(); 0088 0089 /** 0090 * Returns true if the certificate has no contents; otherwise returns false 0091 * @since 23.08 0092 */ 0093 bool isNull() const; 0094 0095 /** 0096 * Sets the null value of the certificate. 0097 * @since 23.08 0098 */ 0099 void setNull(bool null); 0100 0101 /** 0102 * The certificate version string. 0103 * @since 23.08 0104 */ 0105 int version() const; 0106 0107 /** 0108 * Sets the certificate version string. 0109 * @since 23.08 0110 */ 0111 void setVersion(int version); 0112 0113 /** 0114 * The certificate serial number. 0115 * @since 23.08 0116 */ 0117 QByteArray serialNumber() const; 0118 0119 /** 0120 * Sets the certificate serial number. 0121 * @since 23.08 0122 */ 0123 void setSerialNumber(const QByteArray &serial); 0124 0125 /** 0126 * Information about the issuer. 0127 * @since 23.08 0128 */ 0129 QString issuerInfo(EntityInfoKey key, EmptyString empty) const; 0130 0131 /** 0132 * Sets information about the issuer. 0133 * @since 23.08 0134 */ 0135 void setIssuerInfo(EntityInfoKey key, const QString &value); 0136 0137 /** 0138 * Information about the subject 0139 * @since 23.08 0140 */ 0141 QString subjectInfo(EntityInfoKey key, EmptyString empty) const; 0142 0143 /** 0144 * Sets information about the subject 0145 * @since 23.08 0146 */ 0147 void setSubjectInfo(EntityInfoKey key, const QString &value); 0148 0149 /** 0150 * The certificate internal database nickname 0151 * @since 23.08 0152 */ 0153 QString nickName() const; 0154 0155 /** 0156 * Sets the certificate internal database nickname 0157 * @since 23.08 0158 */ 0159 void setNickName(const QString &nickName); 0160 0161 /** 0162 * The date-time when certificate becomes valid. 0163 * @since 23.08 0164 */ 0165 QDateTime validityStart() const; 0166 0167 /** 0168 * Sets the date-time when certificate becomes valid. 0169 * @since 23.08 0170 */ 0171 void setValidityStart(const QDateTime &start); 0172 0173 /** 0174 * The date-time when certificate expires. 0175 * @since 23.08 0176 */ 0177 QDateTime validityEnd() const; 0178 0179 /** 0180 * Sets the date-time when certificate expires. 0181 * @since 23.08 0182 */ 0183 void setValidityEnd(const QDateTime &validityEnd); 0184 0185 /** 0186 * The uses allowed for the certificate. 0187 * @since 23.08 0188 */ 0189 KeyUsageExtensions keyUsageExtensions() const; 0190 0191 /** 0192 * Sets the uses allowed for the certificate. 0193 * @since 23.08 0194 */ 0195 void setKeyUsageExtensions(KeyUsageExtensions ext); 0196 0197 /** 0198 * The public key value. 0199 * @since 23.08 0200 */ 0201 QByteArray publicKey() const; 0202 /** 0203 * Sets the public key value. 0204 * @since 23.08 0205 */ 0206 void setPublicKey(const QByteArray &publicKey); 0207 0208 /** 0209 * The public key type. 0210 * @since 23.08 0211 */ 0212 PublicKeyType publicKeyType() const; 0213 0214 /** 0215 * Sets the public key type. 0216 * @since 23.08 0217 */ 0218 void setPublicKeyType(PublicKeyType type); 0219 0220 /** 0221 * The strength of public key in bits. 0222 * @since 23.08 0223 */ 0224 int publicKeyStrength() const; 0225 0226 /** 0227 * Sets the strength of strength key in bits. 0228 * @since 23.08 0229 */ 0230 void setPublicKeyStrength(int strength); 0231 0232 /** 0233 * Returns true if certificate is self-signed otherwise returns false. 0234 * @since 23.08 0235 */ 0236 bool isSelfSigned() const; 0237 0238 /** 0239 * Sets if certificate is self-signed 0240 * @since 23.08 0241 */ 0242 void setSelfSigned(bool selfSigned); 0243 0244 /** 0245 * The DER encoded certificate. 0246 * @since 23.08 0247 */ 0248 QByteArray certificateData() const; 0249 0250 /** 0251 * Sets the DER encoded certificate. 0252 * @since 23.08 0253 */ 0254 void setCertificateData(const QByteArray &certificateData); 0255 /* 0256 * Sets the location of the certificate 0257 * 0258 * see \ref KeyLocation enum for details 0259 * @since 24.02 0260 */ 0261 void setKeyLocation(KeyLocation location); 0262 0263 /** 0264 * the location of the certificate 0265 * 0266 * see \ref KeyLocation enum for details 0267 * @since 24.02 0268 */ 0269 KeyLocation keyLocation() const; 0270 0271 /** 0272 * The backend where the certificate originates. 0273 * see @ref Backend for details 0274 * @since 23.08 0275 */ 0276 Backend backend() const; 0277 0278 /** 0279 * Sets the backend for this certificate. 0280 * see @ref Backend for details 0281 * @since 23.08 0282 */ 0283 void setBackend(Backend backend); 0284 0285 /** 0286 * Checks if the given password is the correct one for this certificate 0287 * 0288 * @since 23.08 0289 */ 0290 bool checkPassword(const QString &password) const; 0291 0292 /** 0293 * Sets a function to check if the current password is correct. 0294 * 0295 * The default reject all passwords 0296 * 0297 * @since 23.08 0298 */ 0299 void setCheckPasswordFunction(const std::function<bool(const QString &)> &passwordFunction); 0300 0301 CertificateInfo(); 0302 CertificateInfo(const CertificateInfo &other); 0303 CertificateInfo(CertificateInfo &&other) noexcept; 0304 CertificateInfo &operator=(const CertificateInfo &other); 0305 CertificateInfo &operator=(CertificateInfo &&other) noexcept; 0306 0307 private: 0308 QSharedDataPointer<CertificateInfoPrivate> d; 0309 }; 0310 0311 /** 0312 * @short A helper class to store information about digital signature 0313 */ 0314 class SignatureInfoPrivate; 0315 class OKULARCORE_EXPORT SignatureInfo 0316 { 0317 public: 0318 /** 0319 * The verification result of the signature. 0320 */ 0321 enum SignatureStatus { 0322 SignatureStatusUnknown, ///< The signature status is unknown for some reason. 0323 SignatureValid, ///< The signature is cryptographically valid. 0324 SignatureInvalid, ///< The signature is cryptographically invalid. 0325 SignatureDigestMismatch, ///< The document content was changed after the signature was applied. 0326 SignatureDecodingError, ///< The signature CMS/PKCS7 structure is malformed. 0327 SignatureGenericError, ///< The signature could not be verified. 0328 SignatureNotFound, ///< The requested signature is not present in the document. 0329 SignatureNotVerified ///< The signature is not yet verified. 0330 }; 0331 0332 /** 0333 * The verification result of the certificate. 0334 */ 0335 enum CertificateStatus { 0336 CertificateStatusUnknown, ///< The certificate status is unknown for some reason. 0337 CertificateTrusted, ///< The certificate is considered trusted. 0338 CertificateUntrustedIssuer, ///< The issuer of this certificate has been marked as untrusted by the user. 0339 CertificateUnknownIssuer, ///< The certificate trust chain has not finished in a trusted root certificate. 0340 CertificateRevoked, ///< The certificate was revoked by the issuing certificate authority. 0341 CertificateExpired, ///< The signing time is outside the validity bounds of this certificate. 0342 CertificateGenericError, ///< The certificate could not be verified. 0343 CertificateNotVerified ///< The certificate is not yet verified. 0344 }; 0345 0346 /** 0347 * The hash algorithm of the signature 0348 */ 0349 enum HashAlgorithm { HashAlgorithmUnknown, HashAlgorithmMd2, HashAlgorithmMd5, HashAlgorithmSha1, HashAlgorithmSha256, HashAlgorithmSha384, HashAlgorithmSha512, HashAlgorithmSha224 }; 0350 0351 /** 0352 * Destructor. 0353 */ 0354 ~SignatureInfo(); 0355 0356 /** 0357 * The signature status of the signature. 0358 * @since 23.08 0359 */ 0360 SignatureStatus signatureStatus() const; 0361 0362 /** 0363 * Sets the signature status of the signature. 0364 * @since 23.08 0365 */ 0366 void setSignatureStatus(SignatureStatus status); 0367 0368 /** 0369 * The certificate status of the signature. 0370 * @since 23.08 0371 */ 0372 CertificateStatus certificateStatus() const; 0373 0374 /** 0375 * Sets the certificate status of the signature. 0376 * @since 23.08 0377 */ 0378 void setCertificateStatus(CertificateStatus status); 0379 0380 /** 0381 * The signer subject common name associated with the signature. 0382 * @since 23.08 0383 */ 0384 QString signerName() const; 0385 0386 /** 0387 * Sets the signer subject common name associated with the signature. 0388 * @since 23.08 0389 */ 0390 void setSignerName(const QString &signerName); 0391 0392 /** 0393 * The signer subject distinguished name associated with the signature. 0394 * @since 23.08 0395 */ 0396 QString signerSubjectDN() const; 0397 0398 /** 0399 * Sets the signer subject distinguished name associated with the signature. 0400 * @since 23.08 0401 */ 0402 void setSignerSubjectDN(const QString &signerSubjectDN); 0403 0404 /** 0405 * Get signing location. 0406 * @since 23.08 0407 */ 0408 QString location() const; 0409 0410 /** 0411 * Sets the signing location. 0412 * @since 23.08 0413 */ 0414 void setLocation(const QString &location); 0415 0416 /** 0417 * Get signing reason. 0418 * @since 23.08 0419 */ 0420 QString reason() const; 0421 0422 /** 0423 * Sets the signing reason. 0424 * @since 23.08 0425 */ 0426 void setReason(const QString &reason); 0427 0428 /** 0429 * The hash algorithm used for the signature. 0430 * @since 23.08 0431 */ 0432 HashAlgorithm hashAlgorithm() const; 0433 0434 /** 0435 * Sets the hash algorithm used for the signature. 0436 * @since 23.08 0437 */ 0438 void setHashAlgorithm(HashAlgorithm algorithm); 0439 0440 /** 0441 * The signing time associated with the signature. 0442 * @since 23.08 0443 */ 0444 QDateTime signingTime() const; 0445 0446 /** 0447 * Sets the signing time associated with the signature. 0448 * @since 23.08 0449 */ 0450 void setSigningTime(const QDateTime &time); 0451 0452 /** 0453 * Get the signature binary data. 0454 * @since 23.08 0455 */ 0456 QByteArray signature() const; 0457 0458 /** 0459 * Sets the signature binary data. 0460 * @since 23.08 0461 */ 0462 void setSignature(const QByteArray &signature); 0463 0464 /** 0465 * Get the bounds of the ranges of the document which are signed. 0466 * @since 23.08 0467 */ 0468 QList<qint64> signedRangeBounds() const; 0469 0470 /** 0471 * Sets the bounds of the ranges of the document which are signed. 0472 * @since 23.08 0473 */ 0474 void setSignedRangeBounds(const QList<qint64> &range); 0475 0476 /** 0477 * Checks whether the signature authenticates the total document 0478 * except for the signature itself. 0479 * @since 23.08 0480 */ 0481 bool signsTotalDocument() const; 0482 0483 /** 0484 * Checks whether the signature authenticates the total document 0485 * except for the signature itself. 0486 * @since 23.08 0487 */ 0488 void setSignsTotalDocument(bool total); 0489 0490 /** 0491 * Get certificate details. 0492 * @since 23.08 0493 */ 0494 CertificateInfo certificateInfo() const; 0495 0496 /** 0497 * Sets certificate details. 0498 * @since 23.08 0499 */ 0500 void setCertificateInfo(const CertificateInfo &info); 0501 0502 SignatureInfo(); 0503 SignatureInfo(const SignatureInfo &other); 0504 SignatureInfo(SignatureInfo &&other) noexcept; 0505 SignatureInfo &operator=(const SignatureInfo &other); 0506 SignatureInfo &operator=(SignatureInfo &&other) noexcept; 0507 0508 private: 0509 QSharedDataPointer<SignatureInfoPrivate> d; 0510 }; 0511 0512 /** 0513 * @short A helper class to store information about x509 certificate 0514 */ 0515 class OKULARCORE_EXPORT CertificateStore 0516 { 0517 public: 0518 /** 0519 * Destructor 0520 */ 0521 virtual ~CertificateStore(); 0522 0523 /** 0524 * Returns list of valid, usable signing certificates. 0525 * 0526 * This can ask the user for a password, userCancelled will be true if the user decided not to enter it. 0527 * @since 23.08 0528 */ 0529 virtual QList<CertificateInfo> signingCertificates(bool *userCancelled) const; 0530 0531 /** 0532 * Returns list of valid, usable signing certificates for current date and time. 0533 * 0534 * This can ask the user for a password, userCancelled will be true if the user decided not to enter it. 0535 * 0536 * nonDateValidCerts is true if the user has signing certificates but their validity start date is in the future or past their validity end date. 0537 * @since 23.08 0538 */ 0539 QList<CertificateInfo> signingCertificatesForNow(bool *userCancelled, bool *nonDateValidCerts) const; 0540 0541 protected: 0542 CertificateStore(); 0543 0544 private: 0545 Q_DISABLE_COPY(CertificateStore) 0546 }; 0547 0548 } 0549 0550 #endif