File indexing completed on 2024-04-28 04:43:41
0001 /* 0002 * qca_securemessage.h - Qt Cryptographic Architecture 0003 * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com> 0004 * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net> 0005 * 0006 * This library is free software; you can redistribute it and/or 0007 * modify it under the terms of the GNU Lesser General Public 0008 * License as published by the Free Software Foundation; either 0009 * version 2.1 of the License, or (at your option) any later version. 0010 * 0011 * This library is distributed in the hope that it will be useful, 0012 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0013 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 0014 * Lesser General Public License for more details. 0015 * 0016 * You should have received a copy of the GNU Lesser General Public 0017 * License along with this library; if not, write to the Free Software 0018 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 0019 * 02110-1301 USA 0020 * 0021 */ 0022 0023 /** 0024 \file qca_securemessage.h 0025 0026 Header file for secure message (PGP, CMS) classes 0027 0028 \note You should not use this header directly from an 0029 application. You should just use <tt> \#include \<QtCrypto> 0030 </tt> instead. 0031 */ 0032 0033 #ifndef QCA_SECUREMESSAGE_H 0034 #define QCA_SECUREMESSAGE_H 0035 0036 #include "qca_cert.h" 0037 #include "qca_core.h" 0038 #include "qca_publickey.h" 0039 #include <QObject> 0040 0041 class QDateTime; 0042 0043 namespace QCA { 0044 0045 class SecureMessageSystem; 0046 0047 /** 0048 \class SecureMessageKey qca_securemessage.h QtCrypto 0049 0050 Key for SecureMessage system 0051 0052 \ingroup UserAPI 0053 */ 0054 class QCA_EXPORT SecureMessageKey 0055 { 0056 public: 0057 /** 0058 The key type 0059 */ 0060 enum Type 0061 { 0062 None, ///< no key 0063 PGP, ///< Pretty Good Privacy key 0064 X509 ///< X.509 CMS key 0065 }; 0066 0067 /** 0068 Construct an empty key 0069 */ 0070 SecureMessageKey(); 0071 0072 /** 0073 Standard copy constructor 0074 0075 \param from the source key 0076 */ 0077 SecureMessageKey(const SecureMessageKey &from); 0078 0079 ~SecureMessageKey(); 0080 0081 /** 0082 Standard assignment operator 0083 0084 \param from the source key 0085 */ 0086 SecureMessageKey &operator=(const SecureMessageKey &from); 0087 0088 /** 0089 Returns true for null object 0090 */ 0091 bool isNull() const; 0092 0093 /** 0094 The key type 0095 */ 0096 Type type() const; 0097 0098 /** 0099 Public key part of a PGP key 0100 */ 0101 PGPKey pgpPublicKey() const; 0102 0103 /** 0104 Private key part of a PGP key 0105 */ 0106 PGPKey pgpSecretKey() const; 0107 0108 /** 0109 Set the public key part of a PGP key 0110 0111 \param pub the PGP public key 0112 */ 0113 void setPGPPublicKey(const PGPKey &pub); 0114 0115 /** 0116 Set the private key part of a PGP key 0117 0118 \param sec the PGP secretkey 0119 */ 0120 void setPGPSecretKey(const PGPKey &sec); 0121 0122 /** 0123 The X.509 certificate chain (public part) for this key 0124 */ 0125 CertificateChain x509CertificateChain() const; 0126 0127 /** 0128 The X.509 private key part of this key 0129 */ 0130 PrivateKey x509PrivateKey() const; 0131 0132 /** 0133 Set the public key part of this X.509 key. 0134 0135 \param c the Certificate chain containing the public keys 0136 */ 0137 void setX509CertificateChain(const CertificateChain &c); 0138 0139 /** 0140 Set the private key part of this X.509 key. 0141 0142 \param k the private key 0143 */ 0144 void setX509PrivateKey(const PrivateKey &k); 0145 0146 /** 0147 Set the public and private part of this X.509 key with KeyBundle. 0148 0149 \param kb the public and private key bundle 0150 */ 0151 void setX509KeyBundle(const KeyBundle &kb); 0152 0153 /** 0154 Test if this key contains a private key part 0155 */ 0156 bool havePrivate() const; 0157 0158 /** 0159 The name associated with this key 0160 0161 For a PGP key, this is the primary user ID 0162 0163 For an X.509 key, this is the Common Name 0164 */ 0165 QString name() const; 0166 0167 private: 0168 class Private; 0169 QSharedDataPointer<Private> d; 0170 }; 0171 0172 /** 0173 A list of message keys 0174 */ 0175 typedef QList<SecureMessageKey> SecureMessageKeyList; 0176 0177 /** 0178 \class SecureMessageSignature qca_securemessage.h QtCrypto 0179 0180 SecureMessage signature 0181 0182 \ingroup UserAPI 0183 */ 0184 class QCA_EXPORT SecureMessageSignature 0185 { 0186 public: 0187 /** 0188 The result of identity verification 0189 */ 0190 enum IdentityResult 0191 { 0192 Valid, ///< indentity is verified, matches signature 0193 InvalidSignature, ///< valid key provided, but signature failed 0194 InvalidKey, ///< invalid key provided 0195 NoKey ///< identity unknown 0196 }; 0197 0198 /** 0199 Create an empty signature check object. 0200 0201 User applications don't normally need to create signature checks. You normally 0202 get the object back as a result of a SecureMessage operation. 0203 */ 0204 SecureMessageSignature(); 0205 0206 /** 0207 Create a signature check object 0208 0209 User applications don't normally need to create signature checks. You normally 0210 get the object back as a result of a SecureMessage operation. 0211 0212 \param r the result of the check 0213 \param v the Validity of the key validation check 0214 \param key the key associated with the signature 0215 \param ts the timestamp associated with the signature 0216 */ 0217 SecureMessageSignature(IdentityResult r, Validity v, const SecureMessageKey &key, const QDateTime &ts); 0218 0219 /** 0220 Standard copy constructor 0221 0222 \param from the source signature object 0223 */ 0224 SecureMessageSignature(const SecureMessageSignature &from); 0225 0226 ~SecureMessageSignature(); 0227 0228 /** 0229 Standard assignment operator 0230 0231 \param from the source signature object 0232 */ 0233 SecureMessageSignature &operator=(const SecureMessageSignature &from); 0234 0235 /** 0236 get the results of the identity check on this signature 0237 */ 0238 IdentityResult identityResult() const; 0239 0240 /** 0241 get the results of the key validation check on this signature 0242 */ 0243 Validity keyValidity() const; 0244 0245 /** 0246 get the key associated with this signature 0247 */ 0248 SecureMessageKey key() const; 0249 0250 /** 0251 get the timestamp associated with this signature 0252 */ 0253 QDateTime timestamp() const; 0254 0255 private: 0256 class Private; 0257 QSharedDataPointer<Private> d; 0258 }; 0259 0260 /** 0261 A list of signatures 0262 */ 0263 typedef QList<SecureMessageSignature> SecureMessageSignatureList; 0264 0265 /** 0266 \class SecureMessage qca_securemessage.h QtCrypto 0267 0268 Class representing a secure message 0269 0270 SecureMessage presents a unified interface for working with both 0271 OpenPGP and CMS (S/MIME) messages. Prepare the object by calling 0272 setFormat(), setRecipient(), and setSigner() as necessary, and then 0273 begin the operation by calling an appropriate 'start' function, such 0274 as startSign(). 0275 0276 Here is an example of how to perform a Clearsign operation using PGP: 0277 0278 \code 0279 // first make the SecureMessageKey 0280 PGPKey myPGPKey = getSecretKeyFromSomewhere(); 0281 SecureMessageKey key; 0282 key.setPGPSecretKey(myPGPKey); 0283 0284 // our data to sign 0285 QByteArray plain = "Hello, world"; 0286 0287 // let's do it 0288 OpenPGP pgp; 0289 SecureMessage msg(&pgp); 0290 msg.setSigner(key); 0291 msg.startSign(SecureMessage::Clearsign); 0292 msg.update(plain); 0293 msg.end(); 0294 msg.waitForFinished(-1); 0295 0296 if(msg.success()) 0297 { 0298 QByteArray result = msg.read(); 0299 // result now contains the clearsign text data 0300 } 0301 else 0302 { 0303 // error 0304 ... 0305 } 0306 \endcode 0307 0308 Performing a CMS sign operation is similar. Simply set up the 0309 SecureMessageKey with a Certificate instead of a PGPKey, and operate on a 0310 CMS object instead of an OpenPGP object. 0311 0312 \sa SecureMessageKey 0313 \sa SecureMessageSignature 0314 \sa OpenPGP 0315 \sa CMS 0316 0317 \ingroup UserAPI 0318 */ 0319 class QCA_EXPORT SecureMessage : public QObject, public Algorithm 0320 { 0321 Q_OBJECT 0322 public: 0323 /** 0324 The type of secure message 0325 */ 0326 enum Type 0327 { 0328 OpenPGP, ///< a Pretty Good Privacy message 0329 CMS ///< a Cryptographic Message Syntax message 0330 }; 0331 0332 /** 0333 The type of message signature 0334 */ 0335 enum SignMode 0336 { 0337 Message, ///< the message includes the signature 0338 Clearsign, ///< the message is clear signed 0339 Detached ///< the signature is detached 0340 }; 0341 0342 /** 0343 Formats for secure messages 0344 */ 0345 enum Format 0346 { 0347 Binary, ///< DER/binary 0348 Ascii ///< PEM/ascii-armored 0349 }; 0350 0351 /** 0352 Errors for secure messages 0353 */ 0354 enum Error 0355 { 0356 ErrorPassphrase, ///< passphrase was either wrong or not provided 0357 ErrorFormat, ///< input format was bad 0358 ErrorSignerExpired, ///< signing key is expired 0359 ErrorSignerInvalid, ///< signing key is invalid in some way 0360 ErrorEncryptExpired, ///< encrypting key is expired 0361 ErrorEncryptUntrusted, ///< encrypting key is untrusted 0362 ErrorEncryptInvalid, ///< encrypting key is invalid in some way 0363 ErrorNeedCard, ///< pgp card is missing 0364 ErrorCertKeyMismatch, ///< certificate and private key don't match 0365 ErrorUnknown, ///< other error 0366 ErrorSignerRevoked, ///< signing key is revoked 0367 ErrorSignatureExpired, ///< signature is expired 0368 ErrorEncryptRevoked ///< encrypting key is revoked 0369 }; 0370 0371 /** 0372 Create a new secure message 0373 0374 This constructor uses an existing 0375 SecureMessageSystem object (for example, an OpenPGP 0376 or CMS object) to generate a specific kind of 0377 secure message. 0378 0379 \param system a pre-existing and configured SecureMessageSystem 0380 object 0381 */ 0382 SecureMessage(SecureMessageSystem *system); 0383 ~SecureMessage() override; 0384 0385 /** 0386 The Type of secure message 0387 */ 0388 Type type() const; 0389 0390 /** 0391 Test if the message type supports multiple 0392 (parallel) signatures. 0393 0394 \return true if the secure message support multiple 0395 parallel signatures 0396 0397 \note PGP cannot do this - it is primarily a CMS 0398 feature 0399 */ 0400 bool canSignMultiple() const; 0401 0402 /** 0403 True if the SecureMessageSystem can clearsign 0404 messages. 0405 0406 \note CMS cannot clearsign - this is normally only 0407 available for PGP 0408 */ 0409 bool canClearsign() const; 0410 0411 /** 0412 True if the SecureMessageSystem can both sign and 0413 encrypt (in the same operation). 0414 0415 \note CMS cannot do an integrated sign/encrypt - 0416 this is normally only available for PGP. You can do 0417 separate signing and encrypting operations on the 0418 same message with CMS though. 0419 */ 0420 bool canSignAndEncrypt() const; 0421 0422 /** 0423 Reset the object state to that of original construction. 0424 Now a new operation can be performed immediately. 0425 */ 0426 void reset(); 0427 0428 /** 0429 Returns true if bundling of the signer certificate chain is 0430 enabled 0431 */ 0432 bool bundleSignerEnabled() const; 0433 0434 /** 0435 Returns true if inclusion of S/MIME attributes is enabled 0436 */ 0437 bool smimeAttributesEnabled() const; 0438 0439 /** 0440 Return the format type set for this message 0441 */ 0442 Format format() const; 0443 0444 /** 0445 Return the recipient(s) set for this message with setRecipient() or 0446 setRecipients() 0447 */ 0448 SecureMessageKeyList recipientKeys() const; 0449 0450 /** 0451 Return the signer(s) set for this message with setSigner() or 0452 setSigners() 0453 */ 0454 SecureMessageKeyList signerKeys() const; 0455 0456 /** 0457 For CMS only, this will bundle the signer certificate chain 0458 into the message. This allows a message to be verified 0459 on its own, without the need to have obtained the signer's 0460 certificate in advance. Email clients using S/MIME often 0461 bundle the signer, greatly simplifying key management. 0462 0463 This behavior is enabled by default. 0464 0465 \param b whether to bundle (if true) or not (false) 0466 */ 0467 void setBundleSignerEnabled(bool b); 0468 0469 /** 0470 For CMS only, this will put extra attributes into the 0471 message related to S/MIME, such as the preferred 0472 type of algorithm to use in replies. The attributes 0473 used are decided by the provider. 0474 0475 This behavior is enabled by default. 0476 0477 \param b whether to embed extra attribues (if true) or not (false) 0478 */ 0479 void setSMIMEAttributesEnabled(bool b); 0480 0481 /** 0482 Set the Format used for messages 0483 0484 The default is Binary. 0485 0486 \param f whether to use Binary or Ascii 0487 */ 0488 void setFormat(Format f); 0489 0490 /** 0491 Set the recipient for an encrypted message 0492 0493 \param key the recipient's key 0494 0495 \sa setRecipients 0496 */ 0497 void setRecipient(const SecureMessageKey &key); 0498 0499 /** 0500 Set the list of recipients for an encrypted message. 0501 0502 For a list with one item, this has the same effect as setRecipient. 0503 0504 \param keys the recipients' key 0505 0506 \sa setRecipient 0507 */ 0508 void setRecipients(const SecureMessageKeyList &keys); 0509 0510 /** 0511 Set the signer for a signed message. 0512 0513 This is used for both creating signed messages as well as for 0514 verifying CMS messages that have no signer bundled. 0515 0516 \param key the key associated with the signer 0517 0518 \sa setSigners 0519 */ 0520 void setSigner(const SecureMessageKey &key); 0521 0522 /** 0523 Set the list of signers for a signed message. 0524 0525 This is used for both creating signed messages as well as for 0526 verifying CMS messages that have no signer bundled. 0527 0528 For a list with one item, this has the same effect as setSigner. 0529 0530 \param keys the key associated with the signer 0531 0532 \sa setSigner 0533 */ 0534 void setSigners(const SecureMessageKeyList &keys); 0535 0536 /** 0537 Start an encryption operation 0538 0539 You will normally use this with some code along 0540 these lines: 0541 \code 0542 encryptingObj.startEncrypt(); 0543 encryptingObj.update(message); 0544 // perhaps some more update()s 0545 encryptingObj.end(); 0546 \endcode 0547 0548 Each update() may (or may not) result in some 0549 encrypted data, as indicated by the readyRead() 0550 signal being emitted. Alternatively, you can wait 0551 until the whole message is available (using either 0552 waitForFinished(), or use the finished() 0553 signal. The encrypted message can then be read 0554 using the read() method. 0555 */ 0556 void startEncrypt(); 0557 0558 /** 0559 Start an decryption operation 0560 0561 You will normally use this with some code along 0562 these lines: 0563 \code 0564 decryptingObj.startEncrypt(); 0565 decryptingObj.update(message); 0566 // perhaps some more update()s 0567 decryptingObj.end(); 0568 \endcode 0569 0570 Each update() may (or may not) result in some 0571 decrypted data, as indicated by the readyRead() 0572 signal being emitted. Alternatively, you can wait 0573 until the whole message is available (using either 0574 waitForFinished(), or the finished() 0575 signal). The decrypted message can then be read 0576 using the read() method. 0577 0578 \note If decrypted result is also signed (not for 0579 CMS), then the signature will be verified during 0580 this operation. 0581 */ 0582 void startDecrypt(); 0583 0584 /** 0585 Start a signing operation 0586 0587 You will normally use this with some code along 0588 these lines: 0589 \code 0590 signingObj.startSign(QCA::SecureMessage::Detached) 0591 signingObj.update(message); 0592 // perhaps some more update()s 0593 signingObj.end(); 0594 \endcode 0595 0596 For Detached signatures, you won't get any results 0597 until the whole process is done - you either 0598 waitForFinished(), or use the finished() signal, to 0599 figure out when you can get the signature (using 0600 the signature() method, not using read()). For 0601 other formats, you can use the readyRead() signal 0602 to determine when there may be part of a signed 0603 message to read(). 0604 0605 \param m the mode that will be used to generate the 0606 signature 0607 */ 0608 void startSign(SignMode m = Message); 0609 0610 /** 0611 Start a verification operation 0612 0613 \param detachedSig the detached signature to 0614 verify. Do not pass a signature for other signature 0615 types. 0616 */ 0617 void startVerify(const QByteArray &detachedSig = QByteArray()); 0618 0619 /** 0620 Start a combined signing and encrypting 0621 operation. You use this in the same way as 0622 startEncrypt(). 0623 0624 \note This may not be possible (e.g. CMS 0625 cannot do this) - see canSignAndEncrypt() for a 0626 suitable test. 0627 */ 0628 void startSignAndEncrypt(); 0629 0630 /** 0631 Process a message (or the next part of a message) 0632 in the current operation. You need to have already 0633 set up the message (startEncrypt(), startDecrypt(), 0634 startSign(), startSignAndEncrypt() and 0635 startVerify()) before calling this method. 0636 0637 \param in the data to process 0638 */ 0639 void update(const QByteArray &in); 0640 0641 /** 0642 Read the available data. 0643 0644 \note For detached signatures, you don't get 0645 anything back using this method. Use signature() to 0646 get the detached signature(). 0647 */ 0648 QByteArray read(); 0649 0650 /** 0651 The number of bytes available to be read. 0652 */ 0653 int bytesAvailable() const; 0654 0655 /** 0656 Complete an operation. 0657 0658 You need to call this method after you have 0659 processed the message (which you pass in as the 0660 argument to update(). 0661 0662 \note the results of the operation are not 0663 available as soon as this method returns. You need 0664 to wait for the finished() signal, or use 0665 waitForFinished(). 0666 */ 0667 void end(); 0668 0669 /** 0670 Block until the operation (encryption, decryption, 0671 signing or verifying) completes. 0672 0673 \param msecs the number of milliseconds to wait for 0674 the operation to complete. Pass -1 to wait 0675 indefinitely. 0676 0677 \note You should not use this in GUI 0678 applications where the blocking behaviour looks 0679 like a hung application. Instead, connect the 0680 finished() signal to a slot that handles the 0681 results. 0682 0683 \note This synchronous operation may require event handling, and so 0684 it must not be called from the same thread as an EventHandler. 0685 */ 0686 bool waitForFinished(int msecs = 30000); 0687 0688 /** 0689 Indicates whether or not the operation was successful 0690 or failed. If this function returns false, then 0691 the reason for failure can be obtained with errorCode(). 0692 0693 \sa errorCode 0694 \sa diagnosticText 0695 */ 0696 bool success() const; 0697 0698 /** 0699 Returns the failure code. 0700 0701 \sa success 0702 \sa diagnosticText 0703 */ 0704 Error errorCode() const; 0705 0706 /** 0707 The signature for the message. This is only used 0708 for Detached signatures. For other message types, 0709 you get the message and signature together using 0710 read(). 0711 */ 0712 QByteArray signature() const; 0713 0714 /** 0715 The name of the hash used for the signature process 0716 */ 0717 QString hashName() const; 0718 0719 /** 0720 Test if the message was signed. 0721 0722 This is true for OpenPGP if the decrypted message 0723 was also signed. 0724 0725 \return true if the message was signed. 0726 */ 0727 bool wasSigned() const; 0728 0729 /** 0730 Verify that the message signature is correct. 0731 0732 \return true if the signature is valid for the 0733 message, otherwise return false 0734 */ 0735 bool verifySuccess() const; 0736 0737 /** 0738 Information on the signer for the message 0739 */ 0740 SecureMessageSignature signer() const; 0741 0742 /** 0743 Information on the signers for the message. 0744 0745 This is only meaningful if the message type supports 0746 multiple signatures (see canSignMultiple() for a 0747 suitable test). 0748 */ 0749 SecureMessageSignatureList signers() const; 0750 0751 /** 0752 Returns a log of technical information about the operation, 0753 which may be useful for presenting to the user in an 0754 advanced error dialog. 0755 */ 0756 QString diagnosticText() const; 0757 0758 Q_SIGNALS: 0759 /** 0760 This signal is emitted when there is some data to 0761 read. Typically you connect this signal to a slot 0762 that does a read() of the available data. 0763 0764 \note This signal does not mean that the processing 0765 of a message is necessarily complete - see 0766 finished(). 0767 */ 0768 void readyRead(); 0769 0770 /** 0771 This signal is emitted when data has been accepted 0772 by the message processor. 0773 0774 \param bytes the number of bytes written 0775 */ 0776 void bytesWritten(int bytes); 0777 0778 /** 0779 This signal is emitted when the message is fully 0780 processed. 0781 */ 0782 void finished(); 0783 0784 private: 0785 Q_DISABLE_COPY(SecureMessage) 0786 0787 class Private; 0788 friend class Private; 0789 Private *d; 0790 }; 0791 0792 /** 0793 \class SecureMessageSystem qca_securemessage.h QtCrypto 0794 0795 Abstract superclass for secure messaging systems 0796 0797 \sa SecureMessage 0798 \sa SecureMessageKey 0799 0800 \ingroup UserAPI 0801 */ 0802 class QCA_EXPORT SecureMessageSystem : public QObject, public Algorithm 0803 { 0804 Q_OBJECT 0805 public: 0806 ~SecureMessageSystem() override; 0807 0808 protected: 0809 /** 0810 Protected constructor for SecureMessageSystem 0811 classes. You are meant to be using a subclass (such 0812 as OpenPGP or CMS) - you only need to worry about 0813 this class if you are creating a whole new 0814 SecureMessageSystem type. 0815 0816 \param parent the parent object for this object 0817 \param type the name of the Type of 0818 SecureMessageSystem to create 0819 \param provider the provider to use, if a specific 0820 provider is required. 0821 */ 0822 SecureMessageSystem(QObject *parent, const QString &type, const QString &provider); 0823 0824 private: 0825 Q_DISABLE_COPY(SecureMessageSystem) 0826 }; 0827 0828 /** 0829 \class OpenPGP qca_securemessage.h QtCrypto 0830 0831 Pretty Good Privacy messaging system 0832 0833 \sa SecureMessage 0834 \sa SecureMessageKey 0835 0836 \ingroup UserAPI 0837 0838 */ 0839 class QCA_EXPORT OpenPGP : public SecureMessageSystem 0840 { 0841 Q_OBJECT 0842 public: 0843 /** 0844 Standard constructor 0845 0846 \param parent the parent object for this object 0847 \param provider the provider to use, if a specific 0848 provider is required 0849 */ 0850 explicit OpenPGP(QObject *parent = nullptr, const QString &provider = QString()); 0851 ~OpenPGP() override; 0852 0853 private: 0854 Q_DISABLE_COPY(OpenPGP) 0855 0856 class Private; 0857 Private *d; 0858 }; 0859 0860 /** 0861 \class CMS qca_securemessage.h QtCrypto 0862 0863 Cryptographic Message Syntax messaging system 0864 0865 Cryptographic Message Syntax (%CMS) "is used to digitally 0866 sign, digest, authenticate, or encrypt arbitrary message 0867 content. The %CMS describes an encapsulation syntax for 0868 data protection. It supports digital signatures and 0869 encryption. The syntax allows multiple encapsulations; one 0870 encapsulation envelope can be nested inside another. 0871 Likewise, one party can digitally sign some previously 0872 encapsulated data. It also allows arbitrary attributes, 0873 such as signing time, to be signed along with the message 0874 content, and provides for other attributes such as 0875 countersignatures to be associated with a signature." (from 0876 <a href="http://www.ietf.org/rfc/rfc3852.txt">RFC3852</a> 0877 "Cryptographic Message Syntax") 0878 0879 \sa SecureMessage 0880 \sa SecureMessageKey 0881 0882 \ingroup UserAPI 0883 0884 */ 0885 class QCA_EXPORT CMS : public SecureMessageSystem 0886 { 0887 Q_OBJECT 0888 public: 0889 /** 0890 Standard constructor 0891 0892 \param parent the parent object for this object 0893 \param provider the provider to use, if a specific 0894 provider is required 0895 */ 0896 explicit CMS(QObject *parent = nullptr, const QString &provider = QString()); 0897 ~CMS() override; 0898 0899 /** 0900 Return the trusted certificates set for this object 0901 */ 0902 CertificateCollection trustedCertificates() const; 0903 0904 /** 0905 Return the untrusted certificates set for this object 0906 */ 0907 CertificateCollection untrustedCertificates() const; 0908 0909 /** 0910 Return the private keys set for this object 0911 */ 0912 SecureMessageKeyList privateKeys() const; 0913 0914 /** 0915 Set the trusted certificates to use for the 0916 messages built using this CMS object. 0917 0918 \param trusted the collection of trusted 0919 certificates to use 0920 */ 0921 void setTrustedCertificates(const CertificateCollection &trusted); 0922 0923 /** 0924 Set the untrusted certificates to use for the 0925 messages built using this CMS object. 0926 0927 This function is useful when verifying messages that don't 0928 contain the certificates (or intermediate signers) within 0929 the CMS blob. In order to verify such messages, you'll 0930 have to pass the possible signer certs with this function. 0931 0932 \param untrusted the collection of untrusted 0933 certificates to use 0934 */ 0935 void setUntrustedCertificates(const CertificateCollection &untrusted); 0936 0937 /** 0938 Set the private keys to use for the messages built 0939 using this CMS object. 0940 0941 Keys are required for decrypting and signing (not 0942 for encrypting or verifying). 0943 0944 \param keys the collection of keys to use 0945 */ 0946 void setPrivateKeys(const SecureMessageKeyList &keys); 0947 0948 private: 0949 Q_DISABLE_COPY(CMS) 0950 0951 class Private; 0952 Private *d; 0953 }; 0954 0955 } 0956 0957 #endif