File indexing completed on 2024-04-28 04:43:40
0001 /* 0002 * qca_cert.h - Qt Cryptographic Architecture 0003 * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com> 0004 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net> 0005 * 0006 * This library is free software; you can redistribute it and/or 0007 * modify it under the terms of the GNU Lesser General Public 0008 * License as published by the Free Software Foundation; either 0009 * version 2.1 of the License, or (at your option) any later version. 0010 * 0011 * This library is distributed in the hope that it will be useful, 0012 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0013 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 0014 * Lesser General Public License for more details. 0015 * 0016 * You should have received a copy of the GNU Lesser General Public 0017 * License along with this library; if not, write to the Free Software 0018 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 0019 * 02110-1301 USA 0020 * 0021 */ 0022 0023 /** 0024 \file qca_cert.h 0025 0026 Header file for PGP key and X.509 certificate related classes 0027 0028 \note You should not use this header directly from an 0029 application. You should just use <tt> \#include \<QtCrypto> 0030 </tt> instead. 0031 */ 0032 0033 #ifndef QCA_CERT_H 0034 #define QCA_CERT_H 0035 0036 #include "qca_core.h" 0037 #include "qca_publickey.h" 0038 #include <QDateTime> 0039 0040 namespace QCA { 0041 0042 class CertContext; 0043 class CSRContext; 0044 class CRLContext; 0045 class Certificate; 0046 class CRL; 0047 class CertificateCollection; 0048 class CertificateChain; 0049 0050 /** 0051 Certificate Request Format 0052 */ 0053 enum CertificateRequestFormat 0054 { 0055 PKCS10, ///< standard PKCS#10 format 0056 SPKAC ///< Signed Public Key and Challenge (Netscape) format 0057 }; 0058 0059 /** 0060 Known types of information stored in certificates 0061 0062 This enumerator offers a convenient way to work with common types. 0063 */ 0064 enum CertificateInfoTypeKnown 0065 { 0066 CommonName, ///< The common name (eg person), id = "2.5.4.3" 0067 Email, ///< Email address, id = "GeneralName.rfc822Name" 0068 EmailLegacy, ///< PKCS#9 Email field, id = "1.2.840.113549.1.9.1" 0069 Organization, ///< An organisation (eg company), id = "2.5.4.10" 0070 OrganizationalUnit, ///< An part of an organisation (eg a division or branch), id = "2.5.4.11" 0071 Locality, ///< The locality (eg city, a shire, or part of a state), id = "2.5.4.7" 0072 IncorporationLocality, ///< The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1" 0073 State, ///< The state within the country, id = "2.5.4.8" 0074 IncorporationState, ///< The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2" 0075 Country, ///< The country, id = "2.5.4.6" 0076 IncorporationCountry, ///< The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3" 0077 URI, ///< Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier" 0078 DNS, ///< DNS name, id = "GeneralName.dNSName" 0079 IPAddress, ///< IP address, id = "GeneralName.iPAddress" 0080 XMPP ///< XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5" 0081 }; 0082 0083 /** 0084 \class CertificateInfoType qca_cert.h QtCrypto 0085 0086 Certificate information type 0087 0088 This class represents a type of information being stored in 0089 a certificate. It can be created either using a known type 0090 (from the Known enumerator) or an identifier string (usually 0091 an OID). Types created either way are interchangeable. 0092 0093 Types also have the notion of a Section. Some types may 0094 reside in the Distinguished Name field of a certificate, and 0095 some types may reside in the Subject Alternative Name field. 0096 This class is capable of representing a type from either 0097 section. 0098 0099 In the general case, applications will want to use the 0100 CertificateInfoTypeKnown enumerator types. These are from RFC3280 0101 (http://www.ietf.org/rfc/rfc3280.txt) except where shown. 0102 0103 The entries for IncorporationLocality, IncorporationState 0104 and IncorporationCountry are the same as Locality, State 0105 and Country respectively, except that the Extended 0106 Validation (EV) certificate guidelines (published by the 0107 %Certificate Authority / Browser Forum, see 0108 http://www.cabforum.org) distinguish between the place of 0109 where the company does business (which is the Locality / 0110 State / Country combination) and the jurisdiction where the 0111 company is legally incorporated (the IncorporationLocality 0112 / IncorporationState / IncorporationCountry combination). 0113 0114 \sa Certificate::subjectInfo() and Certificate::issuerInfo() 0115 \sa CRL::issuerInfo() 0116 0117 \ingroup UserAPI 0118 */ 0119 class QCA_EXPORT CertificateInfoType 0120 { 0121 public: 0122 /** 0123 Section of the certificate that the information belongs in 0124 */ 0125 enum Section 0126 { 0127 DN, ///< Distinguished name (the primary name) 0128 AlternativeName ///< Alternative name 0129 }; 0130 0131 /** 0132 Standard constructor 0133 */ 0134 CertificateInfoType(); 0135 0136 /** 0137 Construct a new type 0138 0139 The section will be derived by \a known. 0140 0141 \param known the type as part of the CertificateInfoTypeKnown 0142 enumerator 0143 */ 0144 CertificateInfoType(CertificateInfoTypeKnown known); 0145 0146 /** 0147 Construct a new type 0148 0149 \param id the type as an identifier string (OID or internal) 0150 \param section the section this type belongs in 0151 0152 \sa id 0153 */ 0154 CertificateInfoType(const QString &id, Section section); 0155 0156 /** 0157 Standard copy constructor 0158 0159 \param from the certificate information to copy from 0160 */ 0161 CertificateInfoType(const CertificateInfoType &from); 0162 0163 ~CertificateInfoType(); 0164 0165 /** 0166 Standard assignment operator 0167 0168 \param from the certificate information to assign from 0169 */ 0170 CertificateInfoType &operator=(const CertificateInfoType &from); 0171 0172 /** 0173 The section the type is part of 0174 */ 0175 Section section() const; 0176 0177 /** 0178 The type as part of the CertificateInfoTypeKnown enumerator 0179 0180 This function may return a value that does not exist in the 0181 enumerator. In that case, you may use id() to determine the 0182 type. 0183 */ 0184 CertificateInfoTypeKnown known() const; 0185 0186 /** 0187 The type as an identifier string 0188 0189 For types that have OIDs, this function returns an OID in string 0190 form. For types that do not have OIDs, this function returns an 0191 internal identifier string whose first character is not a digit 0192 (this allows you to tell the difference between an OID and an 0193 internal identifier). 0194 0195 It is hereby stated that General Names (of the X.509 Subject 0196 Alternative Name) shall use the internal identifier format 0197 "GeneralName.[rfc field name]". For example, the rfc822Name 0198 field would have the identifier "GeneralName.rfc822Name". 0199 0200 Applications should not store, use, or compare against internal 0201 identifiers unless the identifiers are explicitly documented 0202 (e.g. GeneralName). 0203 */ 0204 QString id() const; 0205 0206 /** 0207 Comparison operator 0208 0209 \param other the certificate information to compare with this 0210 certificate information. 0211 */ 0212 bool operator<(const CertificateInfoType &other) const; 0213 0214 /** 0215 Comparison operator 0216 0217 \param other the certificate information to compare with this 0218 certificate information. 0219 */ 0220 bool operator==(const CertificateInfoType &other) const; 0221 0222 /** 0223 Inequality operator 0224 0225 \param other the certificate information to compare with this 0226 certificate information. 0227 */ 0228 inline bool operator!=(const CertificateInfoType &other) const 0229 { 0230 return !(*this == other); 0231 } 0232 0233 private: 0234 class Private; 0235 QSharedDataPointer<Private> d; 0236 }; 0237 0238 /** 0239 \class CertificateInfoPair qca_cert.h QtCrypto 0240 0241 One entry in a certificate information list 0242 0243 \ingroup UserAPI 0244 */ 0245 class QCA_EXPORT CertificateInfoPair 0246 { 0247 public: 0248 /** 0249 Standard constructor 0250 */ 0251 CertificateInfoPair(); 0252 0253 /** 0254 Construct a new pair 0255 0256 \param type the type of information stored in this pair 0257 \param value the value of the information to be stored 0258 */ 0259 CertificateInfoPair(const CertificateInfoType &type, const QString &value); 0260 0261 /** 0262 Standard copy constructor 0263 0264 \param from the information pair to copy from 0265 */ 0266 CertificateInfoPair(const CertificateInfoPair &from); 0267 0268 ~CertificateInfoPair(); 0269 0270 /** 0271 Standard assignment operator 0272 0273 \param from the information pair to assign from 0274 */ 0275 CertificateInfoPair &operator=(const CertificateInfoPair &from); 0276 0277 /** 0278 The type of information stored in the pair 0279 */ 0280 CertificateInfoType type() const; 0281 0282 /** 0283 The value of the information stored in the pair 0284 */ 0285 QString value() const; 0286 0287 /** 0288 Comparison operator 0289 0290 \param other the certificate information pair to compare with this 0291 certificate information pair. 0292 */ 0293 bool operator==(const CertificateInfoPair &other) const; 0294 0295 /** 0296 Inequality operator 0297 0298 \param other the certificate information pair to compare with this 0299 certificate information pair. 0300 */ 0301 inline bool operator!=(const CertificateInfoPair &other) const 0302 { 0303 return !(*this == other); 0304 } 0305 0306 private: 0307 class Private; 0308 QSharedDataPointer<Private> d; 0309 }; 0310 0311 /** 0312 Known types of certificate constraints 0313 0314 This enumerator offers a convenient way to work with common types. 0315 */ 0316 enum ConstraintTypeKnown 0317 { 0318 // KeyUsage 0319 DigitalSignature, ///< %Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature" 0320 NonRepudiation, ///< %Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation" 0321 KeyEncipherment, ///< %Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment" 0322 DataEncipherment, ///< %Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment" 0323 KeyAgreement, ///< %Certificate can be used for key agreement, id = "KeyUsage.keyAgreement" 0324 KeyCertificateSign, ///< %Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign" 0325 CRLSign, ///< %Certificate can be used to sign %Certificate Revocation Lists, id = "KeyUsage.crlSign" 0326 EncipherOnly, ///< %Certificate can only be used for encryption, id = "KeyUsage.encipherOnly" 0327 DecipherOnly, ///< %Certificate can only be used for decryption, id = "KeyUsage.decipherOnly" 0328 0329 // ExtKeyUsage 0330 ServerAuth, ///< %Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1.5.5.7.3.1". 0331 ///< This is an extended usage constraint. 0332 ClientAuth, ///< %Certificate can be used for client authentication (e.g. web browser), id = "1.3.6.1.5.5.7.3.2". 0333 ///< This is an extended usage constraint. 0334 CodeSigning, ///< %Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage 0335 ///< constraint. 0336 EmailProtection, ///< %Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an 0337 ///< extended usage constraint. 0338 IPSecEndSystem, ///< %Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5". This is 0339 ///< an extended usage constraint. 0340 IPSecTunnel, ///< %Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6". This is an 0341 ///< extended usage constraint. 0342 IPSecUser, ///< %Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7". This is an 0343 ///< extended usage constraint. 0344 TimeStamping, ///< %Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8". This is an 0345 ///< extended usage constraint. 0346 OCSPSigning ///< %Certificate can be used to sign an Online %Certificate Status Protocol (OCSP) assertion, id = 0347 ///< "1.3.6.1.5.5.7.3.9". This is an extended usage constraint. 0348 }; 0349 0350 /** 0351 \class ConstraintType qca_cert.h QtCrypto 0352 0353 Certificate constraint 0354 0355 X.509 certificates can be constrained in their application - that is, some 0356 certificates can only be used for certain purposes. This class is used to 0357 identify an approved purpose for a certificate. 0358 0359 \note It is common for a certificate to have more than one purpose. 0360 0361 \ingroup UserAPI 0362 */ 0363 class QCA_EXPORT ConstraintType 0364 { 0365 public: 0366 /** 0367 Section of the certificate that the constraint belongs in 0368 */ 0369 enum Section 0370 { 0371 KeyUsage, ///< Stored in the key usage section 0372 ExtendedKeyUsage ///< Stored in the extended key usage section 0373 }; 0374 0375 /** 0376 Standard constructor 0377 */ 0378 ConstraintType(); 0379 0380 /** 0381 Construct a new constraint 0382 0383 The section will be derived by \a known. 0384 0385 \param known the type as part of the ConstraintTypeKnown 0386 enumerator 0387 */ 0388 ConstraintType(ConstraintTypeKnown known); 0389 0390 /** 0391 Construct a new constraint 0392 0393 \param id the type as an identifier string (OID or internal) 0394 \param section the section this type belongs in 0395 0396 \sa id 0397 */ 0398 ConstraintType(const QString &id, Section section); 0399 0400 /** 0401 Standard copy constructor 0402 0403 \param from the constraint type to copy from 0404 */ 0405 ConstraintType(const ConstraintType &from); 0406 0407 ~ConstraintType(); 0408 0409 /** 0410 Standard assignment operator 0411 0412 \param from the constraint type to assign from 0413 */ 0414 ConstraintType &operator=(const ConstraintType &from); 0415 0416 /** 0417 The section the constraint is part of 0418 */ 0419 Section section() const; 0420 0421 /** 0422 The type as part of the ConstraintTypeKnown enumerator 0423 0424 This function may return a value that does not exist in the 0425 enumerator. In that case, you may use id() to determine the 0426 type. 0427 */ 0428 ConstraintTypeKnown known() const; 0429 0430 /** 0431 The type as an identifier string 0432 0433 For types that have OIDs, this function returns an OID in string 0434 form. For types that do not have OIDs, this function returns an 0435 internal identifier string whose first character is not a digit 0436 (this allows you to tell the difference between an OID and an 0437 internal identifier). 0438 0439 It is hereby stated that the KeyUsage bit fields shall use the 0440 internal identifier format "KeyUsage.[rfc field name]". For 0441 example, the keyEncipherment field would have the identifier 0442 "KeyUsage.keyEncipherment". 0443 0444 Applications should not store, use, or compare against internal 0445 identifiers unless the identifiers are explicitly documented 0446 (e.g. KeyUsage). 0447 */ 0448 QString id() const; 0449 0450 /** 0451 Comparison operator 0452 0453 \param other the constraint type to compare with this constraint 0454 */ 0455 bool operator<(const ConstraintType &other) const; 0456 0457 /** 0458 Comparison operator 0459 0460 \param other the constraint type to compare with this constraint 0461 */ 0462 bool operator==(const ConstraintType &other) const; 0463 0464 /** 0465 Inequality operator 0466 0467 \param other the constraint type to compare with this constraint 0468 */ 0469 inline bool operator!=(const ConstraintType &other) const 0470 { 0471 return !(*this == other); 0472 } 0473 0474 private: 0475 class Private; 0476 QSharedDataPointer<Private> d; 0477 }; 0478 0479 /** 0480 Specify the intended usage of a certificate 0481 */ 0482 enum UsageMode 0483 { 0484 UsageAny = 0x00, ///< Any application, or unspecified 0485 UsageTLSServer = 0x01, ///< server side of a TLS or SSL connection 0486 UsageTLSClient = 0x02, ///< client side of a TLS or SSL connection 0487 UsageCodeSigning = 0x04, ///< code signing certificate 0488 UsageEmailProtection = 0x08, ///< email (S/MIME) certificate 0489 UsageTimeStamping = 0x10, ///< time stamping certificate 0490 UsageCRLSigning = 0x20 ///< certificate revocation list signing certificate 0491 }; 0492 0493 /** 0494 The validity (or otherwise) of a certificate 0495 */ 0496 enum Validity 0497 { 0498 ValidityGood, ///< The certificate is valid 0499 ErrorRejected, ///< The root CA rejected the certificate purpose 0500 ErrorUntrusted, ///< The certificate is not trusted 0501 ErrorSignatureFailed, ///< The signature does not match 0502 ErrorInvalidCA, ///< The Certificate Authority is invalid 0503 ErrorInvalidPurpose, ///< The purpose does not match the intended usage 0504 ErrorSelfSigned, ///< The certificate is self-signed, and is not found in the list of trusted certificates 0505 ErrorRevoked, ///< The certificate has been revoked 0506 ErrorPathLengthExceeded, ///< The path length from the root CA to this certificate is too long 0507 ErrorExpired, ///< The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore 0508 ///< time) 0509 ErrorExpiredCA, ///< The Certificate Authority has expired 0510 ErrorValidityUnknown = 64 ///< Validity is unknown 0511 }; 0512 0513 /** 0514 The conditions to validate for a certificate 0515 */ 0516 enum ValidateFlags 0517 { 0518 ValidateAll = 0x00, // Verify all conditions 0519 ValidateRevoked = 0x01, // Verify the certificate was not revoked 0520 ValidateExpired = 0x02, // Verify the certificate has not expired 0521 ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose 0522 }; 0523 0524 /** 0525 Certificate properties type 0526 0527 With this container, the information is not necessarily stored 0528 in the same sequence as the certificate format itself. Use this 0529 container if the order the information is/was stored does not 0530 matter for you (this is the case with most applications). 0531 0532 Additionally, the EmailLegacy type should not be used with this 0533 container. Use Email instead. 0534 */ 0535 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo; 0536 0537 /** 0538 \class CertificateInfoOrdered qca_cert.h QtCrypto 0539 0540 Ordered certificate properties type 0541 0542 This container stores the information in the same sequence as 0543 the certificate format itself. 0544 0545 \ingroup UserAPI 0546 */ 0547 class CertificateInfoOrdered : public QList<CertificateInfoPair> 0548 { 0549 public: 0550 /** 0551 Convert to RFC 1779 string format 0552 */ 0553 inline QString toString() const; 0554 0555 /** 0556 Return a new CertificateInfoOrdered that only contains 0557 the Distinguished Name (DN) types found in this object. 0558 */ 0559 inline CertificateInfoOrdered dnOnly() const; 0560 }; 0561 0562 /** 0563 Convert to RFC 1779 string format 0564 0565 \param in the certificate info to convert 0566 */ 0567 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in); 0568 0569 /** 0570 Return a new CertificateInfoOrdered that only contains 0571 the Distinguished Name (DN) types found in the input object. 0572 0573 \param in the certificate info to extract from 0574 */ 0575 QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in); 0576 0577 inline QString CertificateInfoOrdered::toString() const 0578 { 0579 return orderedToDNString(*this); 0580 } 0581 0582 inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const 0583 { 0584 return orderedDNOnly(*this); 0585 } 0586 0587 /** 0588 %Certificate constraints type 0589 */ 0590 typedef QList<ConstraintType> Constraints; 0591 0592 /** 0593 Create a list of unique friendly names among a list of certificates 0594 0595 \param list the list of certificates for which a friendly name is required. 0596 0597 */ 0598 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list); 0599 0600 /** 0601 \class CertificateOptions qca_cert.h QtCrypto 0602 0603 %Certificate options 0604 0605 \note In SPKAC mode, all options are ignored except for challenge 0606 0607 \ingroup UserAPI 0608 */ 0609 class QCA_EXPORT CertificateOptions 0610 { 0611 public: 0612 /** 0613 Create a Certificate options set 0614 0615 \param format the format to create the certificate request in 0616 */ 0617 CertificateOptions(CertificateRequestFormat format = PKCS10); 0618 0619 /** 0620 Standard copy constructor 0621 0622 \param from the Certificate Options to copy into this object 0623 */ 0624 CertificateOptions(const CertificateOptions &from); 0625 ~CertificateOptions(); 0626 0627 /** 0628 Standard assignment operator 0629 0630 \param from the Certificate Options to copy into this object 0631 */ 0632 CertificateOptions &operator=(const CertificateOptions &from); 0633 0634 /** 0635 test the format type for this certificate 0636 */ 0637 CertificateRequestFormat format() const; 0638 0639 /** 0640 Specify the format for this certificate 0641 0642 \param f the format to use 0643 */ 0644 void setFormat(CertificateRequestFormat f); 0645 0646 /** 0647 Test if the certificate options object is valid 0648 0649 \return true if the certificate options object is valid 0650 */ 0651 bool isValid() const; 0652 0653 /** 0654 The challenge part of the certificate 0655 0656 For CertificateRequest only 0657 0658 \sa setChallenge 0659 */ 0660 QString challenge() const; 0661 0662 /** 0663 Information on the subject of the certificate 0664 0665 \sa setInfo 0666 */ 0667 CertificateInfo info() const; 0668 0669 /** 0670 Information on the subject of the certificate, in the 0671 exact order the items will be written 0672 0673 \sa setInfoOrdered 0674 */ 0675 CertificateInfoOrdered infoOrdered() const; 0676 0677 /** 0678 List the constraints on this certificate 0679 */ 0680 Constraints constraints() const; 0681 0682 /** 0683 list the policies on this certificate 0684 */ 0685 QStringList policies() const; 0686 0687 /** 0688 list of URI locations for CRL files 0689 0690 each URI refers to the same CRL file 0691 0692 For Certificate creation only 0693 */ 0694 QStringList crlLocations() const; 0695 0696 /** 0697 list of URI locations for issuer certificate files 0698 0699 each URI refers to the same issuer file 0700 0701 For Certificate creation only 0702 */ 0703 QStringList issuerLocations() const; 0704 0705 /** 0706 list of URI locations for OCSP services 0707 0708 For Certificate creation only 0709 */ 0710 QStringList ocspLocations() const; 0711 0712 /** 0713 test if the certificate is a CA cert 0714 0715 \sa setAsCA 0716 \sa setAsUser 0717 */ 0718 bool isCA() const; 0719 0720 /** 0721 return the path limit on this certificate 0722 */ 0723 int pathLimit() const; 0724 0725 /** 0726 The serial number for the certificate 0727 0728 For Certificate creation only 0729 */ 0730 BigInteger serialNumber() const; 0731 0732 /** 0733 the first time the certificate will be valid 0734 0735 For Certificate creation only 0736 */ 0737 QDateTime notValidBefore() const; 0738 0739 /** 0740 the last time the certificate is valid 0741 0742 For Certificate creation only 0743 */ 0744 QDateTime notValidAfter() const; 0745 0746 /** 0747 Specify the challenge associated with this 0748 certificate 0749 0750 \param s the challenge string 0751 0752 \sa challenge() 0753 */ 0754 void setChallenge(const QString &s); 0755 0756 /** 0757 Specify information for the subject associated with the 0758 certificate 0759 0760 \param info the information for the subject 0761 0762 \sa info() 0763 */ 0764 void setInfo(const CertificateInfo &info); 0765 0766 /** 0767 Specify information for the subject associated with the 0768 certificate 0769 0770 \param info the information for the subject 0771 0772 \sa info() 0773 */ 0774 void setInfoOrdered(const CertificateInfoOrdered &info); 0775 0776 /** 0777 set the constraints on the certificate 0778 0779 \param constraints the constraints to be used for the certificate 0780 */ 0781 void setConstraints(const Constraints &constraints); 0782 0783 /** 0784 set the policies on the certificate 0785 0786 \param policies the policies to be used for the certificate 0787 */ 0788 void setPolicies(const QStringList &policies); 0789 0790 /** 0791 set the CRL locations of the certificate 0792 0793 each location refers to the same CRL. 0794 0795 \param locations a list of URIs to CRL files 0796 */ 0797 void setCRLLocations(const QStringList &locations); 0798 0799 /** 0800 set the issuer certificate locations of the certificate 0801 0802 each location refers to the same issuer file. 0803 0804 \param locations a list of URIs to issuer certificate files 0805 */ 0806 void setIssuerLocations(const QStringList &locations); 0807 0808 /** 0809 set the OCSP service locations of the certificate 0810 0811 \param locations a list of URIs to OCSP services 0812 */ 0813 void setOCSPLocations(const QStringList &locations); 0814 0815 /** 0816 set the certificate to be a CA cert 0817 0818 \param pathLimit the number of intermediate certificates allowable 0819 */ 0820 void setAsCA(int pathLimit = 8); // value from Botan 0821 0822 /** 0823 set the certificate to be a user cert (this is the default) 0824 */ 0825 void setAsUser(); 0826 0827 /** 0828 Set the serial number property on this certificate 0829 0830 \param i the serial number to use 0831 */ 0832 void setSerialNumber(const BigInteger &i); 0833 0834 /** 0835 Set the validity period for the certificate 0836 0837 \param start the first time this certificate becomes valid 0838 \param end the last time this certificate is valid 0839 */ 0840 void setValidityPeriod(const QDateTime &start, const QDateTime &end); 0841 0842 private: 0843 class Private; 0844 Private *d; 0845 }; 0846 0847 /** 0848 \class Certificate qca_cert.h QtCrypto 0849 0850 Public Key (X.509) certificate 0851 0852 This class contains one X.509 certificate 0853 0854 \ingroup UserAPI 0855 */ 0856 class QCA_EXPORT Certificate : public Algorithm 0857 { 0858 public: 0859 /** 0860 Create an empty Certificate 0861 */ 0862 Certificate(); 0863 0864 /** 0865 Create a Certificate from a PEM encoded file 0866 0867 \param fileName the name (and path, if required) 0868 of the file that contains the PEM encoded certificate 0869 */ 0870 Certificate(const QString &fileName); 0871 0872 /** 0873 Create a Certificate with specified options and a specified private 0874 key 0875 0876 \param opts the options to use 0877 \param key the private key for this certificate 0878 \param provider the provider to use to create this key, if a 0879 particular provider is required 0880 */ 0881 Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString()); 0882 0883 /** 0884 Standard copy constructor 0885 0886 \param from the certificate to copy from 0887 */ 0888 Certificate(const Certificate &from); 0889 0890 ~Certificate() override; 0891 0892 /** 0893 Standard assignment operator 0894 0895 \param from the Certificate to assign from 0896 */ 0897 Certificate &operator=(const Certificate &from); 0898 0899 /** 0900 Test if the certificate is empty (null) 0901 \return true if the certificate is null 0902 */ 0903 bool isNull() const; 0904 0905 /** 0906 The earliest date that the certificate is valid 0907 */ 0908 QDateTime notValidBefore() const; 0909 0910 /** 0911 The latest date that the certificate is valid 0912 */ 0913 QDateTime notValidAfter() const; 0914 0915 /** 0916 Properties of the subject of the certificate, as a QMultiMap 0917 0918 This is the method that provides information on the 0919 subject organisation, common name, DNS name, and so 0920 on. The list of information types (i.e. the key to 0921 the multi-map) is a CertificateInfoType. The values 0922 are a list of QString. 0923 0924 An example of how you can iterate over the list is: 0925 \code 0926 foreach( QString dns, info.values(QCA::DNS) ) 0927 { 0928 std::cout << " " << qPrintable(dns) << std::endl; 0929 } 0930 \endcode 0931 */ 0932 CertificateInfo subjectInfo() const; 0933 0934 /** 0935 Properties of the subject of the certificate, as 0936 an ordered list (QList of CertificateInfoPair). 0937 0938 This allows access to the certificate information 0939 in the same order as they appear in a certificate. 0940 Each pair in the list has a type and a value. 0941 0942 For example: 0943 \code 0944 CertificateInfoOrdered info = cert.subjectInfoOrdered(); 0945 // info[0].type == CommonName 0946 // info[0].value == "example.com" 0947 \endcode 0948 0949 \sa subjectInfo for an unordered version 0950 \sa issuerInfoOrdered for the ordered information on the issuer 0951 \sa CertificateInfoPair for the elements in the list 0952 */ 0953 CertificateInfoOrdered subjectInfoOrdered() const; 0954 0955 /** 0956 Properties of the issuer of the certificate 0957 0958 \sa subjectInfo for how the return value works. 0959 */ 0960 CertificateInfo issuerInfo() const; 0961 0962 /** 0963 Properties of the issuer of the certificate, as 0964 an ordered list (QList of CertificateInfoPair). 0965 0966 This allows access to the certificate information 0967 in the same order as they appear in a certificate. 0968 Each pair in the list has a type and a value. 0969 0970 \sa issuerInfo for an unordered version 0971 \sa subjectInfoOrdered for the ordered information on the subject 0972 \sa CertificateInfoPair for the elements in the list 0973 */ 0974 CertificateInfoOrdered issuerInfoOrdered() const; 0975 0976 /** 0977 The constraints that apply to this certificate 0978 */ 0979 Constraints constraints() const; 0980 0981 /** 0982 The policies that apply to this certificate 0983 0984 Policies are specified as strings containing OIDs 0985 */ 0986 QStringList policies() const; 0987 0988 /** 0989 List of URI locations for CRL files 0990 0991 Each URI refers to the same CRL file 0992 */ 0993 QStringList crlLocations() const; 0994 0995 /** 0996 List of URI locations for issuer certificate files 0997 0998 Each URI refers to the same issuer file 0999 */ 1000 QStringList issuerLocations() const; 1001 1002 /** 1003 List of URI locations for OCSP services 1004 */ 1005 QStringList ocspLocations() const; 1006 1007 /** 1008 The common name of the subject of the certificate 1009 1010 Common names are normally the name of a person, company or 1011 organisation 1012 */ 1013 QString commonName() const; 1014 1015 /** 1016 The serial number of the certificate 1017 */ 1018 BigInteger serialNumber() const; 1019 1020 /** 1021 The public key associated with the subject of the certificate 1022 */ 1023 PublicKey subjectPublicKey() const; 1024 1025 /** 1026 Test if the Certificate is valid as a %Certificate Authority 1027 1028 \return true if the Certificate is valid as a %Certificate Authority 1029 */ 1030 bool isCA() const; 1031 1032 /** 1033 Test if the Certificate is self-signed 1034 1035 \return true if the certificate is self-signed 1036 */ 1037 bool isSelfSigned() const; 1038 1039 /** 1040 Test if the Certificate has signed another Certificate 1041 object and is therefore the issuer 1042 1043 \param other the certificate to test 1044 1045 \return true if this certificate is the issuer of the argument 1046 */ 1047 bool isIssuerOf(const Certificate &other) const; 1048 1049 /** 1050 The upper bound of the number of links in the certificate 1051 chain, if any 1052 */ 1053 int pathLimit() const; 1054 1055 /** 1056 The signature algorithm used for the signature on this certificate 1057 */ 1058 SignatureAlgorithm signatureAlgorithm() const; 1059 1060 /** 1061 The key identifier associated with the subject 1062 */ 1063 QByteArray subjectKeyId() const; 1064 1065 /** 1066 The key identifier associated with the issuer 1067 */ 1068 QByteArray issuerKeyId() const; 1069 1070 /** 1071 Check the validity of a certificate 1072 1073 \param trusted a collection of trusted certificates 1074 \param untrusted a collection of additional certificates, not 1075 necessarily trusted 1076 \param u the use required for the certificate 1077 \param vf the conditions to validate 1078 1079 \note This function may block 1080 */ 1081 Validity validate(const CertificateCollection &trusted, 1082 const CertificateCollection &untrusted, 1083 UsageMode u = UsageAny, 1084 ValidateFlags vf = ValidateAll) const; 1085 1086 /** 1087 Export the Certificate into a DER format 1088 */ 1089 QByteArray toDER() const; 1090 1091 /** 1092 Export the Certificate into a PEM format 1093 */ 1094 QString toPEM() const; 1095 1096 /** 1097 Export the Certificate into PEM format in a file 1098 1099 \param fileName the name of the file to use 1100 */ 1101 bool toPEMFile(const QString &fileName) const; 1102 1103 /** 1104 Import the certificate from DER 1105 1106 \param a the array containing the certificate in DER format 1107 \param result a pointer to a ConvertResult, which if not-null will 1108 be set to the conversion status 1109 \param provider the provider to use, if a specific provider is 1110 required 1111 1112 \return the Certificate corresponding to the certificate in the 1113 provided array 1114 */ 1115 static Certificate 1116 fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString()); 1117 1118 /** 1119 Import the certificate from PEM format 1120 1121 \param s the string containing the certificate in PEM format 1122 \param result a pointer to a ConvertResult, which if not-null will 1123 be set to the conversion status 1124 \param provider the provider to use, if a specific provider is 1125 required 1126 1127 \return the Certificate corresponding to the certificate in the 1128 provided string 1129 */ 1130 static Certificate fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString()); 1131 1132 /** 1133 Import the certificate from a file 1134 1135 \param fileName the name (and path, if required) of the file 1136 containing the certificate in PEM format 1137 \param result a pointer to a ConvertResult, which if not-null will 1138 be set to the conversion status 1139 \param provider the provider to use, if a specific provider is 1140 required 1141 1142 \return the Certificate corresponding to the certificate in the 1143 provided string 1144 */ 1145 static Certificate 1146 fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString()); 1147 1148 /** 1149 Test if the subject of the certificate matches a specified host 1150 name 1151 1152 This will return true (indicating a match), if the specified host 1153 name meets the RFC 2818 validation rules with this certificate. 1154 1155 If the host is an internationalized domain name, then it must be 1156 provided in unicode format, not in IDNA ACE/punycode format. 1157 1158 \param host the name of the host to compare to 1159 */ 1160 bool matchesHostName(const QString &host) const; 1161 1162 /** 1163 Test for equality of two certificates 1164 1165 \param a the certificate to compare this certificate with 1166 1167 \return true if the two certificates are the same 1168 */ 1169 bool operator==(const Certificate &a) const; 1170 1171 /** 1172 Inequality operator 1173 1174 \param other the certificate to compare this certificate with 1175 */ 1176 inline bool operator!=(const Certificate &other) const 1177 { 1178 return !(*this == other); 1179 } 1180 1181 /** 1182 \internal 1183 1184 \param c context (internal) 1185 */ 1186 void change(CertContext *c); 1187 1188 private: 1189 class Private; 1190 friend class Private; 1191 QSharedDataPointer<Private> d; 1192 1193 friend class CertificateChain; 1194 Validity chain_validate(const CertificateChain &chain, 1195 const CertificateCollection &trusted, 1196 const QList<CRL> &untrusted_crls, 1197 UsageMode u, 1198 ValidateFlags vf) const; 1199 CertificateChain 1200 chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const; 1201 }; 1202 1203 /** 1204 \class CertificateChain qca_cert.h QtCrypto 1205 1206 A chain of related Certificates 1207 1208 CertificateChain is a list (a QList) of certificates that are related by 1209 the signature from one to another. If Certificate C signs Certificate B, 1210 and Certificate B signs Certificate A, then C, B and A form a chain. 1211 1212 The normal use of a CertificateChain is from a end-user Certificate (called 1213 the primary, equivalent to QList::first()) through some intermediate 1214 Certificates to some other Certificate (QList::last()), which might be a 1215 root %Certificate Authority, but does not need to be. 1216 1217 You can build up the chain using normal QList operations, such as 1218 QList::append(). 1219 1220 \sa QCA::CertificateCollection for an alternative way to represent a group 1221 of Certificates that do not necessarily have a chained relationship. 1222 1223 \ingroup UserAPI 1224 */ 1225 class CertificateChain : public QList<Certificate> 1226 { 1227 public: 1228 /** 1229 Create an empty certificate chain 1230 */ 1231 inline CertificateChain() 1232 { 1233 } 1234 1235 /** 1236 Create a certificate chain, starting at the specified certificate 1237 1238 \param primary the end-user certificate that forms one end of the 1239 chain 1240 */ 1241 inline CertificateChain(const Certificate &primary) 1242 { 1243 append(primary); 1244 } 1245 1246 /** 1247 Return the primary (end-user) Certificate 1248 */ 1249 inline const Certificate &primary() const 1250 { 1251 return first(); 1252 } 1253 1254 /** 1255 Check the validity of a certificate chain 1256 1257 \param trusted a collection of trusted certificates 1258 \param untrusted_crls a list of additional CRLs, not necessarily 1259 trusted 1260 \param u the use required for the primary certificate 1261 \param vf the conditions to validate 1262 1263 \note This function may block 1264 1265 \sa Certificate::validate() 1266 */ 1267 inline Validity validate(const CertificateCollection &trusted, 1268 const QList<CRL> &untrusted_crls = QList<CRL>(), 1269 UsageMode u = UsageAny, 1270 ValidateFlags vf = ValidateAll) const; 1271 1272 /** 1273 Complete a certificate chain for the primary certificate, using the 1274 rest of the certificates in the chain object, as well as those in 1275 \a issuers, as possible issuers in the chain. If there are issuers 1276 missing, then the chain might be incomplete (at the worst case, if 1277 no issuers exist for the primary certificate, then the resulting 1278 chain will consist of just the primary certificate). Use the 1279 \a result argument to find out if there was a problem during 1280 completion. A result of ValidityGood means the chain was completed 1281 successfully. 1282 1283 The newly constructed CertificateChain is returned. 1284 1285 If the certificate chain is empty, then this will return an empty 1286 CertificateChain object. 1287 1288 \param issuers a pool of issuers to draw from as necessary 1289 \param result the result of the completion operation 1290 1291 \note This function may block 1292 1293 \sa validate 1294 */ 1295 inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(), 1296 Validity *result = nullptr) const; 1297 }; 1298 1299 inline Validity CertificateChain::validate(const CertificateCollection &trusted, 1300 const QList<CRL> &untrusted_crls, 1301 UsageMode u, 1302 ValidateFlags vf) const 1303 { 1304 if (isEmpty()) 1305 return ErrorValidityUnknown; 1306 return first().chain_validate(*this, trusted, untrusted_crls, u, vf); 1307 } 1308 1309 inline CertificateChain CertificateChain::complete(const QList<Certificate> &issuers, Validity *result) const 1310 { 1311 if (isEmpty()) 1312 return CertificateChain(); 1313 return first().chain_complete(*this, issuers, result); 1314 } 1315 1316 /** 1317 \class CertificateRequest qca_cert.h QtCrypto 1318 1319 %Certificate Request 1320 1321 A CertificateRequest is a unsigned request for a Certificate 1322 1323 \ingroup UserAPI 1324 */ 1325 class QCA_EXPORT CertificateRequest : public Algorithm 1326 { 1327 public: 1328 /** 1329 Create an empty certificate request 1330 */ 1331 CertificateRequest(); 1332 1333 /** 1334 Create a certificate request based on the contents of a file 1335 1336 \param fileName the file (and path, if necessary) containing a PEM 1337 encoded certificate request 1338 */ 1339 CertificateRequest(const QString &fileName); 1340 1341 /** 1342 Create a certificate request based on specified options 1343 1344 \param opts the options to use in the certificate request 1345 \param key the private key that matches the certificate being 1346 requested 1347 \param provider the provider to use, if a specific provider is 1348 required 1349 */ 1350 CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString()); 1351 1352 /** 1353 Standard copy constructor 1354 1355 \param from the request to copy from 1356 */ 1357 CertificateRequest(const CertificateRequest &from); 1358 1359 ~CertificateRequest() override; 1360 1361 /** 1362 Standard assignment operator 1363 1364 \param from the request to assign from 1365 */ 1366 CertificateRequest &operator=(const CertificateRequest &from); 1367 1368 /** 1369 test if the certificate request is empty 1370 1371 \return true if the certificate request is empty, otherwise false 1372 */ 1373 bool isNull() const; 1374 1375 /** 1376 Test if the certificate request can use a specified format 1377 1378 \param f the format to test for 1379 \param provider the provider to use, if a specific provider is 1380 required 1381 1382 \return true if the certificate request can use the specified 1383 format 1384 */ 1385 static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString()); 1386 1387 /** 1388 the format that this Certificate request is in 1389 */ 1390 CertificateRequestFormat format() const; 1391 1392 /** 1393 Information on the subject of the certificate being requested 1394 1395 \note this only applies to PKCS#10 format certificate requests 1396 1397 \sa subjectInfoOrdered for a version that maintains order 1398 in the subject information. 1399 */ 1400 CertificateInfo subjectInfo() const; 1401 1402 /** 1403 Information on the subject of the certificate being requested, as 1404 an ordered list (QList of CertificateInfoPair). 1405 1406 \note this only applies to PKCS#10 format certificate requests 1407 1408 \sa subjectInfo for a version that does not maintain order, but 1409 allows access based on a multimap. 1410 \sa CertificateInfoPair for the elements in the list 1411 */ 1412 CertificateInfoOrdered subjectInfoOrdered() const; 1413 1414 /** 1415 The constraints that apply to this certificate request 1416 1417 \note this only applies to PKCS#10 format certificate requests 1418 */ 1419 Constraints constraints() const; 1420 1421 /** 1422 The policies that apply to this certificate request 1423 1424 \note this only applies to PKCS#10 format certificate requests 1425 */ 1426 QStringList policies() const; 1427 1428 /** 1429 The public key belonging to the issuer 1430 */ 1431 PublicKey subjectPublicKey() const; 1432 1433 /** 1434 Test if this %Certificate Request is for a %Certificate Authority 1435 certificate 1436 1437 \note this only applies to PKCS#10 format certificate requests 1438 */ 1439 bool isCA() const; 1440 1441 /** 1442 The path limit for the certificate in this %Certificate Request 1443 1444 \note this only applies to PKCS#10 format certificate requests 1445 */ 1446 int pathLimit() const; 1447 1448 /** 1449 The challenge associated with this certificate request 1450 */ 1451 QString challenge() const; 1452 1453 /** 1454 The algorithm used to make the signature on this certificate 1455 request 1456 */ 1457 SignatureAlgorithm signatureAlgorithm() const; 1458 1459 /** 1460 Test for equality of two certificate requests 1461 1462 \param csr the certificate request to be compared to this certificate request 1463 1464 \return true if the two certificate requests are the same 1465 */ 1466 bool operator==(const CertificateRequest &csr) const; 1467 1468 /** 1469 Inequality operator 1470 1471 \param other the certificate request to be compared to this certificate request 1472 */ 1473 inline bool operator!=(const CertificateRequest &other) const 1474 { 1475 return !(*this == other); 1476 } 1477 1478 /** 1479 Export the %Certificate Request into a DER format 1480 1481 \note this only applies to PKCS#10 format certificate requests 1482 */ 1483 QByteArray toDER() const; 1484 1485 /** 1486 Export the %Certificate Request into a PEM format 1487 1488 \note this only applies to PKCS#10 format certificate requests 1489 */ 1490 QString toPEM() const; 1491 1492 /** 1493 Export the Certificate into PEM format in a file 1494 1495 \param fileName the name of the file to use 1496 1497 \note this only applies to PKCS#10 format certificate requests 1498 */ 1499 bool toPEMFile(const QString &fileName) const; 1500 1501 /** 1502 Import the certificate request from DER 1503 1504 \param a the array containing the certificate request in DER format 1505 \param result a pointer to a ConvertResult, which if not-null will 1506 be set to the conversion status 1507 \param provider the provider to use, if a specific provider is 1508 required 1509 1510 \return the CertificateRequest corresponding to the certificate 1511 request in the provided array 1512 1513 \note this only applies to PKCS#10 format certificate requests 1514 */ 1515 static CertificateRequest 1516 fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString()); 1517 1518 /** 1519 Import the certificate request from PEM format 1520 1521 \param s the string containing the certificate request in PEM 1522 format 1523 \param result a pointer to a ConvertResult, which if not-null will 1524 be set to the conversion status 1525 \param provider the provider to use, if a specific provider is 1526 required 1527 1528 \return the CertificateRequest corresponding to the certificate 1529 request in the provided string 1530 1531 \note this only applies to PKCS#10 format certificate requests 1532 */ 1533 static CertificateRequest 1534 fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString()); 1535 1536 /** 1537 Import the certificate request from a file 1538 1539 \param fileName the name (and path, if required) of the file 1540 containing the certificate request in PEM format 1541 \param result a pointer to a ConvertResult, which if not-null will 1542 be set to the conversion status 1543 \param provider the provider to use, if a specific provider is 1544 required 1545 1546 \return the CertificateRequest corresponding to the certificate 1547 request in the provided string 1548 1549 \note this only applies to PKCS#10 format certificate requests 1550 */ 1551 static CertificateRequest 1552 fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString()); 1553 1554 /** 1555 Export the CertificateRequest to a string 1556 1557 \return the string corresponding to the certificate request 1558 1559 \note this only applies to SPKAC format certificate requests 1560 */ 1561 QString toString() const; 1562 1563 /** 1564 Import the CertificateRequest from a string 1565 1566 \param s the string containing to the certificate request 1567 \param result a pointer to a ConvertResult, which if not-null will 1568 be set to the conversion status 1569 \param provider the provider to use, if a specific provider is 1570 required 1571 1572 \return the CertificateRequest corresponding to the certificate 1573 request in the provided string 1574 1575 \note this only applies to SPKAC format certificate requests 1576 */ 1577 static CertificateRequest 1578 fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString()); 1579 1580 /** 1581 \internal 1582 1583 \param c context (internal) 1584 */ 1585 void change(CSRContext *c); 1586 1587 private: 1588 class Private; 1589 friend class Private; 1590 QSharedDataPointer<Private> d; 1591 }; 1592 1593 /** 1594 \class CRLEntry qca_cert.h QtCrypto 1595 1596 Part of a CRL representing a single certificate 1597 1598 \ingroup UserAPI 1599 */ 1600 class QCA_EXPORT CRLEntry 1601 { 1602 public: 1603 /** 1604 The reason why the certificate has been revoked 1605 */ 1606 enum Reason 1607 { 1608 Unspecified, ///< reason is unknown 1609 KeyCompromise, ///< private key has been compromised 1610 CACompromise, ///< certificate authority has been compromised 1611 AffiliationChanged, 1612 Superseded, ///< certificate has been superseded 1613 CessationOfOperation, 1614 CertificateHold, ///< certificate is on hold 1615 RemoveFromCRL, ///< certificate was previously in a CRL, but is now valid 1616 PrivilegeWithdrawn, 1617 AACompromise ///< attribute authority has been compromised 1618 }; 1619 1620 /** 1621 create an empty CRL entry 1622 */ 1623 CRLEntry(); 1624 1625 /** 1626 create a CRL entry 1627 1628 \param c the certificate to revoke 1629 \param r the reason that the certificate is being revoked 1630 */ 1631 explicit CRLEntry(const Certificate &c, Reason r = Unspecified); 1632 1633 /** 1634 create a CRL entry 1635 1636 \param serial the serial number of the Certificate being revoked 1637 \param time the time the Certificate was revoked (or will be 1638 revoked) 1639 \param r the reason that the certificate is being revoked 1640 */ 1641 CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified); 1642 1643 /** 1644 Copy constructor 1645 1646 \param from the CRLEntry to copy from 1647 */ 1648 CRLEntry(const CRLEntry &from); 1649 1650 ~CRLEntry(); 1651 1652 /** 1653 Standard assignment operator 1654 1655 \param from the CRLEntry to copy from 1656 */ 1657 CRLEntry &operator=(const CRLEntry &from); 1658 1659 /** 1660 The serial number of the certificate that is the subject of this CRL entry 1661 */ 1662 BigInteger serialNumber() const; 1663 1664 /** 1665 The time this CRL entry was created 1666 */ 1667 QDateTime time() const; 1668 1669 /** 1670 Test if this CRL entry is empty 1671 */ 1672 bool isNull() const; 1673 1674 /** 1675 The reason that this CRL entry was created 1676 1677 Alternatively, you might like to think of this as the reason that 1678 the subject certificate has been revoked 1679 */ 1680 Reason reason() const; 1681 1682 /** 1683 Test if one CRL entry is "less than" another 1684 1685 CRL entries are compared based on their serial number 1686 1687 \param a the CRL entry to be compared to this CRL entry. 1688 */ 1689 bool operator<(const CRLEntry &a) const; 1690 1691 /** 1692 Test for equality of two CRL Entries 1693 1694 \param a the CRL entry to be compared to this CRL entry. 1695 1696 \return true if the two certificates are the same 1697 */ 1698 bool operator==(const CRLEntry &a) const; 1699 1700 /** 1701 Inequality operator 1702 1703 \param other the CRL entry to be compared to this CRL entry. 1704 */ 1705 inline bool operator!=(const CRLEntry &other) const 1706 { 1707 return !(*this == other); 1708 } 1709 1710 private: 1711 BigInteger _serial; 1712 QDateTime _time; 1713 Reason _reason; 1714 1715 class Private; 1716 Private *d; 1717 }; 1718 1719 /** 1720 \class CRL qca_cert.h QtCrypto 1721 1722 %Certificate Revocation List 1723 1724 A %CRL is a list of certificates that are special in some 1725 way. The normal reason for including a certificate on a %CRL 1726 is that the certificate should no longer be used. For 1727 example, if a key is compromised, then the associated 1728 certificate may no longer provides appropriate 1729 security. There are other reasons why a certificate may be 1730 placed on a %CRL, as shown in the CRLEntry::Reason 1731 enumeration. 1732 1733 \sa CertificateCollection for a way to handle Certificates 1734 and CRLs as a single entity. 1735 \sa CRLEntry for the %CRL segment representing a single Certificate. 1736 1737 \ingroup UserAPI 1738 */ 1739 class QCA_EXPORT CRL : public Algorithm 1740 { 1741 public: 1742 CRL(); 1743 1744 /** 1745 Standard copy constructor 1746 1747 \param from the revocation list to copy from 1748 */ 1749 CRL(const CRL &from); 1750 1751 ~CRL() override; 1752 1753 /** 1754 Standard assignment operator 1755 1756 \param from the revocation list to assign from 1757 */ 1758 CRL &operator=(const CRL &from); 1759 1760 /** 1761 Test if the CRL is empty 1762 1763 \return true if the CRL is empty, otherwise return false 1764 */ 1765 bool isNull() const; 1766 1767 /** 1768 Information on the issuer of the CRL as a QMultiMap. 1769 1770 \sa issuerInfoOrdered for a version that maintains the order 1771 of information fields as per the underlying CRL. 1772 */ 1773 CertificateInfo issuerInfo() const; 1774 1775 /** 1776 Information on the issuer of the CRL as an ordered list 1777 (QList of CertificateInfoPair). 1778 1779 \sa issuerInfo for a version that allows lookup based on 1780 a multimap. 1781 \sa CertificateInfoPair for the elements in the list 1782 */ 1783 CertificateInfoOrdered issuerInfoOrdered() const; 1784 1785 /** 1786 The CRL serial number. Note that serial numbers are a 1787 CRL extension, and not all certificates have one. 1788 1789 \return the CRL serial number, or -1 if there is no serial number 1790 */ 1791 int number() const; 1792 1793 /** 1794 the time that this CRL became (or becomes) valid 1795 */ 1796 QDateTime thisUpdate() const; 1797 1798 /** 1799 the time that this CRL will be obsoleted 1800 1801 you should obtain an updated CRL at this time 1802 */ 1803 QDateTime nextUpdate() const; 1804 1805 /** 1806 a list of the revoked certificates in this CRL 1807 */ 1808 QList<CRLEntry> revoked() const; 1809 1810 /** 1811 The signature algorithm used for the signature on this CRL 1812 */ 1813 SignatureAlgorithm signatureAlgorithm() const; 1814 1815 /** 1816 The key identification of the CRL issuer 1817 */ 1818 QByteArray issuerKeyId() const; 1819 1820 /** 1821 Test for equality of two %Certificate Revocation Lists 1822 1823 \param a the CRL to be compared to this CRL 1824 1825 \return true if the two CRLs are the same 1826 */ 1827 bool operator==(const CRL &a) const; 1828 1829 /** 1830 Inequality operator 1831 1832 \param other the CRL to be compared to this CRL 1833 */ 1834 inline bool operator!=(const CRL &other) const 1835 { 1836 return !(*this == other); 1837 } 1838 1839 /** 1840 Export the %Certificate Revocation List (CRL) in DER format 1841 1842 \return an array containing the CRL in DER format 1843 */ 1844 QByteArray toDER() const; 1845 1846 /** 1847 Export the %Certificate Revocation List (CRL) in PEM format 1848 1849 \return a string containing the CRL in PEM format 1850 */ 1851 QString toPEM() const; 1852 1853 /** 1854 Export the %Certificate Revocation List (CRL) into PEM format in a 1855 file 1856 1857 \param fileName the name of the file to use 1858 */ 1859 bool toPEMFile(const QString &fileName) const; 1860 1861 /** 1862 Import a DER encoded %Certificate Revocation List (CRL) 1863 1864 \param a the array containing the CRL in DER format 1865 \param result a pointer to a ConvertResult, which if not-null will 1866 be set to the conversion status 1867 \param provider the provider to use, if a specific provider is 1868 required 1869 1870 \return the CRL corresponding to the contents of the array 1871 */ 1872 static CRL fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString()); 1873 1874 /** 1875 Import a PEM encoded %Certificate Revocation List (CRL) 1876 1877 \param s the string containing the CRL in PEM format 1878 \param result a pointer to a ConvertResult, which if not-null will 1879 be set to the conversion status 1880 \param provider the provider to use, if a specific provider is 1881 required 1882 1883 \return the CRL corresponding to the contents of the string 1884 */ 1885 static CRL fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString()); 1886 1887 /** 1888 Import a PEM encoded %Certificate Revocation List (CRL) from a file 1889 1890 \param fileName the name (and path, if required) of the file 1891 containing the certificate in PEM format 1892 \param result a pointer to a ConvertResult, which if not-null will 1893 be set to the conversion status 1894 \param provider the provider to use, if a specific provider is 1895 required 1896 1897 \return the CRL in the file 1898 */ 1899 static CRL 1900 fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString()); 1901 1902 /** 1903 \internal 1904 1905 \param c context (internal) 1906 */ 1907 void change(CRLContext *c); 1908 1909 private: 1910 class Private; 1911 friend class Private; 1912 QSharedDataPointer<Private> d; 1913 }; 1914 1915 /** 1916 \class CertificateCollection qca_cert.h QtCrypto 1917 1918 Bundle of Certificates and CRLs 1919 1920 CertificateCollection provides a bundle of Certificates and Certificate 1921 Revocation Lists (CRLs), not necessarily related. 1922 1923 \sa QCA::CertificateChain for a representation of a chain of Certificates 1924 related by signatures. 1925 1926 \ingroup UserAPI 1927 */ 1928 class QCA_EXPORT CertificateCollection 1929 { 1930 public: 1931 /** 1932 Create an empty Certificate / CRL collection 1933 */ 1934 CertificateCollection(); 1935 1936 /** 1937 Standard copy constructor 1938 1939 \param from the CertificateCollection to copy from 1940 */ 1941 CertificateCollection(const CertificateCollection &from); 1942 1943 ~CertificateCollection(); 1944 1945 /** 1946 Standard assignment operator 1947 1948 \param from the CertificateCollection to copy from 1949 */ 1950 CertificateCollection &operator=(const CertificateCollection &from); 1951 1952 /** 1953 Append a Certificate to this collection 1954 1955 \param cert the Certificate to add to this CertificateCollection 1956 */ 1957 void addCertificate(const Certificate &cert); 1958 1959 /** 1960 Append a CRL to this collection 1961 1962 \param crl the certificate revokation list to add to this 1963 CertificateCollection 1964 */ 1965 void addCRL(const CRL &crl); 1966 1967 /** 1968 The Certificates in this collection 1969 */ 1970 QList<Certificate> certificates() const; 1971 1972 /** 1973 The CRLs in this collection 1974 */ 1975 QList<CRL> crls() const; 1976 1977 /** 1978 Add another CertificateCollection to this collection 1979 1980 \param other the CertificateCollection to add to this collection 1981 */ 1982 void append(const CertificateCollection &other); 1983 1984 /** 1985 Add another CertificateCollection to this collection 1986 1987 \param other the CertificateCollection to add to this collection 1988 */ 1989 CertificateCollection operator+(const CertificateCollection &other) const; 1990 1991 /** 1992 Add another CertificateCollection to this collection 1993 1994 \param other the CertificateCollection to add to this collection 1995 */ 1996 CertificateCollection &operator+=(const CertificateCollection &other); 1997 1998 /** 1999 test if the CertificateCollection can be imported and exported to 2000 PKCS#7 format 2001 2002 \param provider the provider to use, if a specific provider is 2003 required 2004 2005 \return true if the CertificateCollection can be imported and 2006 exported to PKCS#7 format 2007 */ 2008 static bool canUsePKCS7(const QString &provider = QString()); 2009 2010 /** 2011 export the CertificateCollection to a plain text file 2012 2013 \param fileName the name (and path, if required) to write the 2014 contents of the CertificateCollection to 2015 2016 \return true if the export succeeded, otherwise false 2017 */ 2018 bool toFlatTextFile(const QString &fileName); 2019 2020 /** 2021 export the CertificateCollection to a PKCS#7 file 2022 2023 \param fileName the name (and path, if required) to write the 2024 contents of the CertificateCollection to 2025 \param provider the provider to use, if a specific provider is 2026 required 2027 2028 \return true if the export succeeded, otherwise false 2029 */ 2030 bool toPKCS7File(const QString &fileName, const QString &provider = QString()); 2031 2032 /** 2033 import a CertificateCollection from a text file 2034 2035 \param fileName the name (and path, if required) to read the 2036 certificate collection from 2037 \param result a pointer to a ConvertResult, which if not-null will 2038 be set to the conversion status 2039 \param provider the provider to use, if a specific provider is 2040 required 2041 2042 \return the CertificateCollection corresponding to the contents of 2043 the file specified in fileName 2044 */ 2045 static CertificateCollection 2046 fromFlatTextFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString()); 2047 2048 /** 2049 import a CertificateCollection from a PKCS#7 file 2050 2051 \param fileName the name (and path, if required) to read the 2052 certificate collection from 2053 \param result a pointer to a ConvertResult, which if not-null will 2054 be set to the conversion status 2055 \param provider the provider to use, if a specific provider is 2056 required 2057 2058 \return the CertificateCollection corresponding to the contents of 2059 the file specified in fileName 2060 */ 2061 static CertificateCollection 2062 fromPKCS7File(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString()); 2063 2064 private: 2065 class Private; 2066 QSharedDataPointer<Private> d; 2067 }; 2068 2069 /** 2070 \class CertificateAuthority qca_cert.h QtCrypto 2071 2072 A %Certificate Authority is used to generate Certificates and 2073 %Certificate Revocation Lists (CRLs). 2074 2075 \ingroup UserAPI 2076 */ 2077 class QCA_EXPORT CertificateAuthority : public Algorithm 2078 { 2079 public: 2080 /** 2081 Create a new %Certificate Authority 2082 2083 \param cert the CA certificate 2084 \param key the private key associated with the CA certificate 2085 \param provider the provider to use, if a specific provider is 2086 required 2087 */ 2088 CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider); 2089 2090 /** 2091 Copy constructor 2092 2093 \param from the CertificateAuthority to copy from 2094 */ 2095 CertificateAuthority(const CertificateAuthority &from); 2096 2097 ~CertificateAuthority() override; 2098 2099 /** 2100 Standard assignment operator 2101 2102 \param from the CertificateAuthority to copy from 2103 */ 2104 CertificateAuthority &operator=(const CertificateAuthority &from); 2105 2106 /** 2107 The Certificate belonging to the %CertificateAuthority 2108 2109 This is the Certificate that was passed as an argument to the 2110 constructor 2111 */ 2112 Certificate certificate() const; 2113 2114 /** 2115 Create a new Certificate by signing the provider CertificateRequest 2116 2117 \param req the CertificateRequest to sign 2118 \param notValidAfter the last date that the Certificate will be 2119 valid 2120 */ 2121 Certificate signRequest(const CertificateRequest &req, const QDateTime ¬ValidAfter) const; 2122 2123 /** 2124 Create a new Certificate 2125 2126 \param key the Public Key to use to create the Certificate 2127 \param opts the options to use for the new Certificate 2128 */ 2129 Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const; 2130 2131 /** 2132 Create a new %Certificate Revocation List (CRL) 2133 2134 \param nextUpdate the date that the CRL will be updated 2135 2136 \return an empty CRL 2137 */ 2138 CRL createCRL(const QDateTime &nextUpdate) const; 2139 2140 /** 2141 Update the CRL to include new entries 2142 2143 \param crl the CRL to update 2144 \param entries the entries to add to the CRL 2145 \param nextUpdate the date that this CRL will be updated 2146 2147 \return the update CRL 2148 */ 2149 CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const; 2150 2151 private: 2152 class Private; 2153 Private *d; 2154 }; 2155 2156 /** 2157 \class KeyBundle qca_cert.h QtCrypto 2158 2159 Certificate chain and private key pair 2160 2161 KeyBundle is essentially a convience class that holds a 2162 certificate chain and an associated private key. This class 2163 has a number of methods that make it particularly suitable 2164 for accessing a PKCS12 (.p12) format file, however it can 2165 be used as just a container for a Certificate, its 2166 associated PrivateKey and optionally additional 2167 X.509 Certificate that form a chain. 2168 2169 For more information on PKCS12 "Personal Information 2170 Exchange Syntax Standard", see <a 2171 href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf">ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf</a>. 2172 2173 \ingroup UserAPI 2174 */ 2175 class QCA_EXPORT KeyBundle 2176 { 2177 public: 2178 /** 2179 Create an empty KeyBundle 2180 */ 2181 KeyBundle(); 2182 2183 /** 2184 Create a KeyBundle from a PKCS12 (.p12) encoded 2185 file 2186 2187 This constructor requires appropriate plugin (provider) 2188 support. You must check for the "pkcs12" feature 2189 before using this constructor. 2190 2191 \param fileName the name of the file to read from 2192 \param passphrase the passphrase that is applicable to the file 2193 2194 \sa fromFile for a more flexible version of the 2195 same capability. 2196 2197 \note This synchronous operation may require event handling, and so 2198 it must not be called from the same thread as an EventHandler. 2199 */ 2200 explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray()); 2201 2202 /** 2203 Standard copy constructor 2204 2205 \param from the KeyBundle to use as source 2206 */ 2207 KeyBundle(const KeyBundle &from); 2208 2209 ~KeyBundle(); 2210 2211 /** 2212 Standard assignment operator 2213 2214 \param from the KeyBundle to use as source 2215 */ 2216 KeyBundle &operator=(const KeyBundle &from); 2217 2218 /** 2219 Test if this key is empty (null) 2220 */ 2221 bool isNull() const; 2222 2223 /** 2224 The name associated with this key. 2225 2226 This is also known as the "friendly name", and if 2227 present, is typically suitable to be displayed to 2228 the user. 2229 2230 \sa setName 2231 */ 2232 QString name() const; 2233 2234 /** 2235 The public certificate part of this bundle 2236 2237 \sa setCertificateChainAndKey 2238 */ 2239 CertificateChain certificateChain() const; 2240 2241 /** 2242 The private key part of this bundle 2243 2244 \sa setCertificateChainAndKey 2245 */ 2246 PrivateKey privateKey() const; 2247 2248 /** 2249 Specify the name of this bundle 2250 2251 \param s the name to use 2252 */ 2253 void setName(const QString &s); 2254 2255 /** 2256 Set the public certificate and private key 2257 2258 \param c the CertificateChain containing the public part of the 2259 Bundle 2260 \param key the private key part of the Bundle 2261 2262 \sa privateKey, certificateChain for getters 2263 */ 2264 void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key); 2265 2266 /** 2267 Export the key bundle to an array in PKCS12 format. 2268 2269 This method requires appropriate plugin (provider) 2270 support - you must check for the "pkcs12" feature, 2271 as shown below. 2272 2273 \code 2274 if( QCA::isSupported("pkcs12") ) 2275 { 2276 // can use I/O 2277 byteArray = bundle.toArray( "pass phrase" ); 2278 } 2279 else 2280 { 2281 // not possible to use I/O 2282 } 2283 \endcode 2284 2285 \param passphrase the passphrase to use to protect the bundle 2286 \param provider the provider to use, if a specific provider is 2287 required 2288 */ 2289 QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const; 2290 2291 /** 2292 Export the key bundle to a file in PKCS12 (.p12) format 2293 2294 This method requires appropriate plugin (provider) 2295 support - you must check for the "pkcs12" feature, 2296 as shown below. 2297 2298 \code 2299 if( QCA::isSupported("pkcs12") ) 2300 { 2301 // can use I/O 2302 bool result = bundle.toFile( filename, "pass phrase" ); 2303 } 2304 else 2305 { 2306 // not possible to use I/O 2307 } 2308 \endcode 2309 2310 \param fileName the name of the file to save to 2311 \param passphrase the passphrase to use to protect the bundle 2312 \param provider the provider to use, if a specific provider is 2313 required 2314 */ 2315 bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const; 2316 2317 /** 2318 Import the key bundle from an array in PKCS12 format 2319 2320 This method requires appropriate plugin (provider) 2321 support - you must check for the "pkcs12" feature, 2322 as shown below. 2323 2324 \code 2325 if( QCA::isSupported("pkcs12") ) 2326 { 2327 // can use I/O 2328 bundle = QCA::KeyBundle::fromArray( array, "pass phrase" ); 2329 } 2330 else 2331 { 2332 // not possible to use I/O 2333 } 2334 \endcode 2335 2336 \param a the array to import from 2337 \param passphrase the passphrase for the encoded bundle 2338 \param result pointer to the result of the import process 2339 \param provider the provider to use, if a specific provider is 2340 required 2341 2342 \sa QCA::KeyLoader for an asynchronous loader approach. 2343 2344 \note This synchronous operation may require event handling, and so 2345 it must not be called from the same thread as an EventHandler. 2346 */ 2347 static KeyBundle fromArray(const QByteArray &a, 2348 const SecureArray &passphrase = SecureArray(), 2349 ConvertResult *result = nullptr, 2350 const QString &provider = QString()); 2351 2352 /** 2353 Import the key bundle from a file in PKCS12 (.p12) format 2354 2355 This method requires appropriate plugin (provider) 2356 support - you must check for the "pkcs12" feature, 2357 as shown below. 2358 2359 \code 2360 if( QCA::isSupported("pkcs12") ) 2361 { 2362 // can use I/O 2363 bundle = QCA::KeyBundle::fromFile( filename, "pass phrase" ); 2364 } 2365 else 2366 { 2367 // not possible to use I/O 2368 } 2369 \endcode 2370 2371 \param fileName the name of the file to read from 2372 \param passphrase the passphrase for the encoded bundle 2373 \param result pointer to the result of the import process 2374 \param provider the provider to use, if a specific provider is 2375 required 2376 2377 \sa QCA::KeyLoader for an asynchronous loader approach. 2378 2379 \note This synchronous operation may require event handling, and so 2380 it must not be called from the same thread as an EventHandler. 2381 */ 2382 static KeyBundle fromFile(const QString &fileName, 2383 const SecureArray &passphrase = SecureArray(), 2384 ConvertResult *result = nullptr, 2385 const QString &provider = QString()); 2386 2387 private: 2388 class Private; 2389 QSharedDataPointer<Private> d; 2390 }; 2391 2392 /** 2393 \class PGPKey qca_cert.h QtCrypto 2394 2395 Pretty Good Privacy key 2396 2397 This holds either a reference to an item in a real PGP keyring, 2398 or a standalone item created using the from*() functions. 2399 2400 Note that with the latter method, the key is of no use besides 2401 being informational. The key must be in a keyring 2402 (that is, inKeyring() == true) to actually do crypto with it. 2403 2404 \ingroup UserAPI 2405 */ 2406 class QCA_EXPORT PGPKey : public Algorithm 2407 { 2408 public: 2409 /** 2410 Create an empty PGP key 2411 */ 2412 PGPKey(); 2413 2414 /** 2415 Create a PGP key from an encoded file 2416 2417 \param fileName the name (and path, if required) of the file 2418 that the PGP key is to be loaded from. 2419 2420 \sa fromFile for a version that allows better error checking / validation 2421 \sa toFile for a method to write out the key. 2422 */ 2423 PGPKey(const QString &fileName); 2424 2425 /** 2426 Standard copy constructor 2427 2428 \param from the PGPKey to use as the source 2429 */ 2430 PGPKey(const PGPKey &from); 2431 2432 ~PGPKey() override; 2433 2434 /** 2435 Standard assignment operator 2436 2437 \param from the PGPKey to use as the source 2438 */ 2439 PGPKey &operator=(const PGPKey &from); 2440 2441 /** 2442 Test if the PGP key is empty (null) 2443 2444 \return true if the PGP key is null 2445 */ 2446 bool isNull() const; 2447 2448 /** 2449 The Key identification for the PGP key 2450 */ 2451 QString keyId() const; 2452 2453 /** 2454 The primary user identification for the key 2455 */ 2456 QString primaryUserId() const; 2457 2458 /** 2459 The list of all user identifications associated with the key 2460 */ 2461 QStringList userIds() const; 2462 2463 /** 2464 Test if the PGP key is the secret key 2465 2466 \return true if the PGP key is the secret key 2467 */ 2468 bool isSecret() const; 2469 2470 /** 2471 The creation date for the key 2472 */ 2473 QDateTime creationDate() const; 2474 2475 /** 2476 The expiration date for the key 2477 */ 2478 QDateTime expirationDate() const; 2479 2480 /** 2481 The key fingerpint 2482 2483 This will return the PGP fingerprint as a string. It comprises 40 2484 hex digits, without spaces. 2485 */ 2486 QString fingerprint() const; 2487 2488 /** 2489 Test if this key is in a keyring 2490 2491 \return true if the key is in a keyring 2492 2493 \note keys that are not in a keyring cannot be used for encryption, 2494 decryption, signing or verification 2495 */ 2496 bool inKeyring() const; 2497 2498 /** 2499 Test if the key is trusted 2500 2501 \return true if the key is trusted 2502 */ 2503 bool isTrusted() const; 2504 2505 /** 2506 Export the key to an array. 2507 2508 This will export the key in a binary format (that is, not in an 2509 "ascii armoured" form). 2510 2511 \sa fromArray for a static import method. 2512 \sa toString for an "ascii armoured" export method. 2513 */ 2514 QByteArray toArray() const; 2515 2516 /** 2517 Export the key to a string 2518 2519 This will export the key in an "ascii armoured" form. 2520 2521 \sa fromString for a static import method. 2522 \sa toArray for a binary format export method. 2523 */ 2524 QString toString() const; 2525 2526 /** 2527 Export the key to a file 2528 2529 \param fileName the name of the file to save the key to 2530 */ 2531 bool toFile(const QString &fileName) const; 2532 2533 /** 2534 Import the key from an array 2535 2536 \param a the array to import from 2537 \param result if not null, this will be set to the result of the 2538 import process 2539 \param provider the provider to use, if a particular provider is 2540 required 2541 */ 2542 static PGPKey fromArray(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString()); 2543 2544 /** 2545 Import the key from a string 2546 2547 \param s the string to import from 2548 \param result if not null, this will be set to the result of the 2549 import process 2550 \param provider the provider to use, if a particular provider is 2551 required 2552 */ 2553 static PGPKey fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString()); 2554 2555 /** 2556 Import the key from a file 2557 2558 \param fileName string containing the name of the file to import 2559 from 2560 \param result if not null, this will be set to the result of the 2561 import process 2562 \param provider the provider to use, if a particular provider is 2563 required 2564 */ 2565 static PGPKey 2566 fromFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString()); 2567 2568 private: 2569 class Private; 2570 Private *d; 2571 }; 2572 2573 /** 2574 \class KeyLoader qca_cert.h QtCrypto 2575 2576 Asynchronous private key loader 2577 2578 GUI applications generally must use KeyLoader to load private keys. This 2579 is because the synchronous private key loading functions, for example 2580 QCA::PrivateKey::fromPEMFile(), cannot be used within the same thread as an 2581 EventHandler, and most GUI applications will use EventHandler from the main 2582 thread. KeyLoader does not have this problem. It can be used from any 2583 thread, including the same thread as EventHandler. 2584 2585 The KeyLoader class allows you to asynchronously load stand-alone private 2586 keys (QCA::PrivateKey) or private keys with a certificate (QCA::KeyBundle) 2587 with a signal that advises of completion. 2588 2589 To use this class to load a PrivateKey, you create a KeyLoader object then 2590 use one of the loadPrivateKeyFrom...() functions, depending on the format 2591 for your key. These functions return immediately. When you get the 2592 finished() signal, you can check that the loading operation succeeded 2593 (using convertResult()) and then obtain the PrivateKey using the 2594 privateKey() function. 2595 2596 The same process applies for loading a KeyBundle, except that you use 2597 either loadKeyBundleFromFile() or loadKeyBundleFromArray() instead of the 2598 loadPrivateKeyFrom...() function, and use keyBundle() instead of 2599 privateKey(). 2600 2601 The loader may need a passphrase to complete the loading of the key or key 2602 bundle. You should use the QCA::EventHandler class to ensure that you deal 2603 with this correctly. 2604 2605 \note %QCA also provides synchronous private key loading using 2606 QCA::PrivateKey::fromPEMFile(), QCA::PrivateKey::fromPEM() and 2607 QCA::PrivateKey::fromDER(). %QCA provides synchronous key bundle loading 2608 using QCA::KeyBundle::fromArray() and QCA::KeyBundle::fromFile(). 2609 2610 \ingroup UserAPI 2611 */ 2612 class QCA_EXPORT KeyLoader : public QObject 2613 { 2614 Q_OBJECT 2615 public: 2616 /** 2617 Create a KeyLoader object. 2618 2619 \param parent the parent object for this object 2620 */ 2621 KeyLoader(QObject *parent = nullptr); 2622 ~KeyLoader() override; 2623 2624 /** 2625 Initiate an asynchronous loading of a PrivateKey from a PEM format 2626 file. 2627 2628 This function will return immediately. 2629 2630 \param fileName the name of the file (and path, if necessary) to 2631 load the key from 2632 */ 2633 void loadPrivateKeyFromPEMFile(const QString &fileName); 2634 2635 /** 2636 Initiate an asynchronous loading of a PrivateKey from a PEM format 2637 string. 2638 2639 This function will return immediately. 2640 2641 \param s the string containing the PEM formatted key 2642 */ 2643 void loadPrivateKeyFromPEM(const QString &s); 2644 2645 /** 2646 Initiate an asynchronous loading of a PrivateKey from a DER format 2647 array. 2648 2649 This function will return immediately. 2650 2651 \param a the array containing the DER formatted key 2652 */ 2653 void loadPrivateKeyFromDER(const SecureArray &a); 2654 2655 /** 2656 Initiate an asynchronous loading of a KeyBundle from a file 2657 2658 This function will return immediately. 2659 2660 \param fileName the name of the file (and path, if necessary) to 2661 load the key bundle from 2662 */ 2663 void loadKeyBundleFromFile(const QString &fileName); 2664 2665 /** 2666 Initiate an asynchronous loading of a KeyBundle from an array 2667 2668 This function will return immediately. 2669 2670 \param a the array containing the key bundle 2671 */ 2672 void loadKeyBundleFromArray(const QByteArray &a); 2673 2674 /** 2675 The result of the loading process. 2676 2677 This is not valid until the finished() signal has been emitted. 2678 */ 2679 ConvertResult convertResult() const; 2680 2681 /** 2682 The private key that has been loaded. 2683 2684 This is only valid if loadPrivateKeyFromPEMFile(), 2685 loadPrivateKeyFromPEM() or loadPrivateKeyFromDER() has been used, 2686 the load has completed (that is, finished() has been emitted), and 2687 the conversion succeeded (that is, convertResult() returned 2688 ConvertGood). 2689 */ 2690 PrivateKey privateKey() const; 2691 2692 /** 2693 The key bundle that has been loaded. 2694 2695 This is only valid if loadKeyBundleFromFile() or 2696 loadKeyBundleFromArray() has been used, the load has completed 2697 (that is, finished() has been emitted), and the conversion 2698 succeeded (that is, convertResult() returned ConvertGood). 2699 */ 2700 KeyBundle keyBundle() const; 2701 2702 Q_SIGNALS: 2703 /** 2704 Signal that is emitted when the load process has completed. 2705 2706 \note The load process may not have completed successfully - check 2707 the result of convertResult() to confirm this before using the 2708 privateKey() or keyBundle() results. 2709 */ 2710 void finished(); 2711 2712 private: 2713 Q_DISABLE_COPY(KeyLoader) 2714 2715 class Private; 2716 friend class Private; 2717 Private *d; 2718 }; 2719 2720 } 2721 2722 #endif