Okular

signatureutils.h
1/*
2 SPDX-FileCopyrightText: 2018 Chinmoy Ranjan Pradhan <chinmoyrp65@gmail.com>
3
4 SPDX-License-Identifier: GPL-2.0-or-later
5*/
6
7#ifndef OKULAR_SIGNATUREUTILS_H
8#define OKULAR_SIGNATUREUTILS_H
9
10#include "okularcore_export.h"
11
12#include <QDateTime>
13#include <QFlag>
14#include <QList>
15#include <QSharedPointer>
16#include <QString>
17
18namespace Okular
19{
20
21/**
22 * @short A helper class to store information about x509 certificate
23 */
24class CertificateInfoPrivate;
25class OKULARCORE_EXPORT CertificateInfo
26{
27public:
28 /** The certificate backend is mostly
29 important if there is a wish to integrate
30 third party viewers, where some third party
31 viewers only interacts with some and not other
32 backend */
33 enum class Backend {
34 /** The backend is either unknown
35 or known, but not something there is
36 currently supported need for*/
37 Unknown,
38 /** The certificates in question originates
39 in gpg and thus can be queried using e.g.
40 KDE's certificate manager Kleopatra */
41 Gpg
42 };
43 /**
44 * The algorithm of public key.
45 */
46 enum PublicKeyType { RsaKey, DsaKey, EcKey, OtherKey };
47
48 /**
49 * Certificate types
50 * @since 25.04
51 */
52 enum CertificateType { X509 /** X509 standardized certificates */, PGP /** PGP keys (Custom extension) */ };
53
54 /**
55 * Certificate key usage extensions.
56 */
57 enum KeyUsageExtension { KuDigitalSignature = 0x80, KuNonRepudiation = 0x40, KuKeyEncipherment = 0x20, KuDataEncipherment = 0x10, KuKeyAgreement = 0x08, KuKeyCertSign = 0x04, KuClrSign = 0x02, KuEncipherOnly = 0x01, KuNone = 0x00 };
58 Q_DECLARE_FLAGS(KeyUsageExtensions, KeyUsageExtension)
59
60 /**
61 * Predefined keys for elements in an entity's distinguished name.
62 */
63 enum EntityInfoKey {
64 CommonName,
65 DistinguishedName,
66 EmailAddress,
67 Organization,
68 };
69 /**
70 * How should certain empty strings be treated
71 * @since 23.08
72 */
73 enum class EmptyString { /** Empty strings should just be empty*/ Empty, TranslatedNotAvailable /** Empty strings should be a localized version of "Not available" */ };
74
75 /** A signing key can be located in different places
76 * sometimes, for the user, it might be easier to pick
77 * the key located on a card if it have some visual
78 * indicator that it is somehow removable.
79 *
80 * \note a keylocation for a certificate without a private
81 *key (cannot be used for signing) will likely be "Unknown"
82 */
83 enum class KeyLocation {
84 Unknown, /** We don't know the location */
85 Other, /** We know the location, but it is somehow not covered by this enum */
86 Computer, /** The key is on this computer */
87 HardwareToken /** The key is on a dedicated hardware token, either a smartcard or a dedicated usb token (e.g. gnuk, nitrokey or yubikey) */
88 };
89
90 /**
91 * Destructor
92 */
93 ~CertificateInfo();
94
95 /**
96 * Returns true if the certificate has no contents; otherwise returns false
97 * @since 23.08
98 */
99 bool isNull() const;
100
101 /**
102 * Sets the null value of the certificate.
103 * @since 23.08
104 */
105 void setNull(bool null);
106
107 /**
108 * The certificate version string.
109 * @since 23.08
110 */
111 int version() const;
112
113 /**
114 * Sets the certificate version string.
115 * @since 23.08
116 */
117 void setVersion(int version);
118
119 /**
120 * The certificate serial number.
121 * @since 23.08
122 */
123 QByteArray serialNumber() const;
124
125 /**
126 * Sets the certificate serial number.
127 * @since 23.08
128 */
129 void setSerialNumber(const QByteArray &serial);
130
131 /**
132 * Information about the issuer.
133 * @since 23.08
134 */
135 QString issuerInfo(EntityInfoKey key, EmptyString empty) const;
136
137 /**
138 * Sets information about the issuer.
139 * @since 23.08
140 */
141 void setIssuerInfo(EntityInfoKey key, const QString &value);
142
143 /**
144 * Information about the subject
145 * @since 23.08
146 */
147 QString subjectInfo(EntityInfoKey key, EmptyString empty) const;
148
149 /**
150 * Sets information about the subject
151 * @since 23.08
152 */
153 void setSubjectInfo(EntityInfoKey key, const QString &value);
154
155 /**
156 * The certificate internal database nickname
157 * @since 23.08
158 */
159 QString nickName() const;
160
161 /**
162 * Sets the certificate internal database nickname
163 * @since 23.08
164 */
165 void setNickName(const QString &nickName);
166
167 /**
168 * The date-time when certificate becomes valid.
169 * @since 23.08
170 */
171 QDateTime validityStart() const;
172
173 /**
174 * Sets the date-time when certificate becomes valid.
175 * @since 23.08
176 */
177 void setValidityStart(const QDateTime &start);
178
179 /**
180 * The date-time when certificate expires.
181 * @since 23.08
182 */
183 QDateTime validityEnd() const;
184
185 /**
186 * Sets the date-time when certificate expires.
187 * @since 23.08
188 */
189 void setValidityEnd(const QDateTime &validityEnd);
190
191 /**
192 * The uses allowed for the certificate.
193 * @since 23.08
194 */
195 KeyUsageExtensions keyUsageExtensions() const;
196
197 /**
198 * Sets the uses allowed for the certificate.
199 * @since 23.08
200 */
201 void setKeyUsageExtensions(KeyUsageExtensions ext);
202
203 /**
204 * The public key value.
205 * @since 23.08
206 */
207 QByteArray publicKey() const;
208 /**
209 * Sets the public key value.
210 * @since 23.08
211 */
212 void setPublicKey(const QByteArray &publicKey);
213
214 /**
215 * The public key type.
216 * @since 23.08
217 */
218 PublicKeyType publicKeyType() const;
219
220 /**
221 * Sets the public key type.
222 * @since 23.08
223 */
224 void setPublicKeyType(PublicKeyType type);
225
226 /**
227 * The strength of public key in bits.
228 * @since 23.08
229 */
230 int publicKeyStrength() const;
231
232 /**
233 * Sets the strength of strength key in bits.
234 * @since 23.08
235 */
236 void setPublicKeyStrength(int strength);
237
238 /**
239 * Returns true if certificate is self-signed otherwise returns false.
240 * @since 23.08
241 */
242 bool isSelfSigned() const;
243
244 /**
245 * Sets if certificate is self-signed
246 * @since 23.08
247 */
248 void setSelfSigned(bool selfSigned);
249
250 /**
251 * The DER encoded certificate.
252 * @since 23.08
253 */
254 QByteArray certificateData() const;
255
256 /**
257 * Sets the DER encoded certificate.
258 * @since 23.08
259 */
260 void setCertificateData(const QByteArray &certificateData);
261 /*
262 * Sets the location of the certificate
263 *
264 * see \ref KeyLocation enum for details
265 * @since 24.02
266 */
267 void setKeyLocation(KeyLocation location);
268
269 /**
270 * the location of the certificate
271 *
272 * see \ref KeyLocation enum for details
273 * @since 24.02
274 */
275 KeyLocation keyLocation() const;
276
277 /**
278 * The backend where the certificate originates.
279 * see @ref Backend for details
280 * @since 23.08
281 */
282 Backend backend() const;
283
284 /**
285 * Sets the backend for this certificate.
286 * see @ref Backend for details
287 * @since 23.08
288 */
289 void setBackend(Backend backend);
290
291 /**
292 * Checks if the given password is the correct one for this certificate
293 *
294 * @since 23.08
295 */
296 bool checkPassword(const QString &password) const;
297
298 /**
299 * Sets a function to check if the current password is correct.
300 *
301 * The default reject all passwords
302 *
303 * @since 23.08
304 */
305 void setCheckPasswordFunction(const std::function<bool(const QString &)> &passwordFunction);
306
307 bool isQualified() const;
308 void setQualified(bool qualified);
309
310 /**
311 * @since 25.04
312 * \see also \ref CertificateType
313 * @return certificateType
314 */
315 CertificateType certificateType() const;
316
317 /**
318 * @since 25.04
319 * sets the certificateType
320 * \see also \ref CertificateType
321 */
322 void setCertificateType(CertificateType type);
323
324 CertificateInfo();
325 CertificateInfo(const CertificateInfo &other);
326 CertificateInfo(CertificateInfo &&other) noexcept;
327 CertificateInfo &operator=(const CertificateInfo &other);
328 CertificateInfo &operator=(CertificateInfo &&other) noexcept;
329
330private:
331 QSharedDataPointer<CertificateInfoPrivate> d;
332};
333
334/**
335 * @short A helper class to store information about digital signature
336 */
337class SignatureInfoPrivate;
338class OKULARCORE_EXPORT SignatureInfo
339{
340public:
341 /**
342 * The verification result of the signature.
343 */
344 enum SignatureStatus {
345 SignatureStatusUnknown, ///< The signature status is unknown for some reason.
346 SignatureValid, ///< The signature is cryptographically valid.
347 SignatureInvalid, ///< The signature is cryptographically invalid.
348 SignatureDigestMismatch, ///< The document content was changed after the signature was applied.
349 SignatureDecodingError, ///< The signature CMS/PKCS7 structure is malformed.
350 SignatureGenericError, ///< The signature could not be verified.
351 SignatureNotFound, ///< The requested signature is not present in the document.
352 SignatureNotVerified ///< The signature is not yet verified.
353 };
354
355 /**
356 * The verification result of the certificate.
357 */
358 enum CertificateStatus {
359 CertificateStatusUnknown, ///< The certificate status is unknown for some reason.
360 CertificateTrusted, ///< The certificate is considered trusted.
361 CertificateUntrustedIssuer, ///< The issuer of this certificate has been marked as untrusted by the user.
362 CertificateUnknownIssuer, ///< The certificate trust chain has not finished in a trusted root certificate.
363 CertificateRevoked, ///< The certificate was revoked by the issuing certificate authority.
364 CertificateExpired, ///< The signing time is outside the validity bounds of this certificate.
365 CertificateGenericError, ///< The certificate could not be verified.
366 CertificateNotVerified, ///< The certificate is not yet verified.
367 CertificateVerificationInProgress, ///< The certification is not yet verified, but in progress \since 24.08
368 };
369
370 /**
371 * The hash algorithm of the signature
372 */
373 enum HashAlgorithm { HashAlgorithmUnknown, HashAlgorithmMd2, HashAlgorithmMd5, HashAlgorithmSha1, HashAlgorithmSha256, HashAlgorithmSha384, HashAlgorithmSha512, HashAlgorithmSha224 };
374
375 /**
376 * Destructor.
377 */
378 ~SignatureInfo();
379
380 /**
381 * The signature status of the signature.
382 * @since 23.08
383 */
384 SignatureStatus signatureStatus() const;
385
386 /**
387 * Sets the signature status of the signature.
388 * @since 23.08
389 */
390 void setSignatureStatus(SignatureStatus status);
391
392 /**
393 * The certificate status of the signature.
394 * @since 23.08
395 */
396 CertificateStatus certificateStatus() const;
397
398 /**
399 * Sets the certificate status of the signature.
400 * @since 23.08
401 */
402 void setCertificateStatus(CertificateStatus status);
403
404 /**
405 * The signer subject common name associated with the signature.
406 * @since 23.08
407 */
408 QString signerName() const;
409
410 /**
411 * Sets the signer subject common name associated with the signature.
412 * @since 23.08
413 */
414 void setSignerName(const QString &signerName);
415
416 /**
417 * The signer subject distinguished name associated with the signature.
418 * @since 23.08
419 */
420 QString signerSubjectDN() const;
421
422 /**
423 * Sets the signer subject distinguished name associated with the signature.
424 * @since 23.08
425 */
426 void setSignerSubjectDN(const QString &signerSubjectDN);
427
428 /**
429 * Get signing location.
430 * @since 23.08
431 */
432 QString location() const;
433
434 /**
435 * Sets the signing location.
436 * @since 23.08
437 */
438 void setLocation(const QString &location);
439
440 /**
441 * Get signing reason.
442 * @since 23.08
443 */
444 QString reason() const;
445
446 /**
447 * Sets the signing reason.
448 * @since 23.08
449 */
450 void setReason(const QString &reason);
451
452 /**
453 * The hash algorithm used for the signature.
454 * @since 23.08
455 */
456 HashAlgorithm hashAlgorithm() const;
457
458 /**
459 * Sets the hash algorithm used for the signature.
460 * @since 23.08
461 */
462 void setHashAlgorithm(HashAlgorithm algorithm);
463
464 /**
465 * The signing time associated with the signature.
466 * @since 23.08
467 */
468 QDateTime signingTime() const;
469
470 /**
471 * Sets the signing time associated with the signature.
472 * @since 23.08
473 */
474 void setSigningTime(const QDateTime &time);
475
476 /**
477 * Get the signature binary data.
478 * @since 23.08
479 */
480 QByteArray signature() const;
481
482 /**
483 * Sets the signature binary data.
484 * @since 23.08
485 */
486 void setSignature(const QByteArray &signature);
487
488 /**
489 * Get the bounds of the ranges of the document which are signed.
490 * @since 23.08
491 */
492 QList<qint64> signedRangeBounds() const;
493
494 /**
495 * Sets the bounds of the ranges of the document which are signed.
496 * @since 23.08
497 */
498 void setSignedRangeBounds(const QList<qint64> &range);
499
500 /**
501 * Checks whether the signature authenticates the total document
502 * except for the signature itself.
503 * @since 23.08
504 */
505 bool signsTotalDocument() const;
506
507 /**
508 * Checks whether the signature authenticates the total document
509 * except for the signature itself.
510 * @since 23.08
511 */
512 void setSignsTotalDocument(bool total);
513
514 /**
515 * Get certificate details.
516 * @since 23.08
517 */
518 CertificateInfo certificateInfo() const;
519
520 /**
521 * Sets certificate details.
522 * @since 23.08
523 */
524 void setCertificateInfo(const CertificateInfo &info);
525
526 SignatureInfo();
527 SignatureInfo(const SignatureInfo &other);
528 SignatureInfo(SignatureInfo &&other) noexcept;
529 SignatureInfo &operator=(const SignatureInfo &other);
530 SignatureInfo &operator=(SignatureInfo &&other) noexcept;
531
532private:
533 QSharedDataPointer<SignatureInfoPrivate> d;
534};
535
536/**
537 * @short A helper class to store information about x509 certificate
538 */
539class OKULARCORE_EXPORT CertificateStore
540{
541public:
542 /**
543 * Destructor
544 */
545 virtual ~CertificateStore();
546
547 /**
548 * Returns list of valid, usable signing certificates.
549 *
550 * This can ask the user for a password, userCancelled will be true if the user decided not to enter it.
551 * @since 23.08
552 */
553 virtual QList<CertificateInfo> signingCertificates(bool *userCancelled) const;
554
555 /**
556 * Returns list of valid, usable signing certificates for current date and time.
557 *
558 * This can ask the user for a password, userCancelled will be true if the user decided not to enter it.
559 *
560 * nonDateValidCerts is true if the user has signing certificates but their validity start date is in the future or past their validity end date.
561 * @since 23.08
562 */
563 QList<CertificateInfo> signingCertificatesForNow(bool *userCancelled, bool *nonDateValidCerts) const;
564
565protected:
566 CertificateStore();
567
568private:
569 Q_DISABLE_COPY(CertificateStore)
570};
571
572/**
573 * \since 24.12
574 */
575enum SigningResult {
576 SigningSuccess, ///< everything ok
577 FieldAlreadySigned, ///< couldn't sign because already signed
578 GenericSigningError, ///< generic (catch-all) error
579 InternalSigningError, ///< Internal signing error. This is likely a application or poppler bug \since 25.04
580 KeyMissing, ///< requested key not found \since 25.04
581 SignatureWriteFailed, ///< writing error \since 25.04
582 UserCancelled, ///< user aborted \since 25.04
583 BadPassphrase, ///< bad passphrase \since 25.04
584};
585
586/**
587 * User strings for signing errors
588 * \param SigningResult
589 * \param possible argument for the signing result
590 * \since 25.04
591 */
592
593OKULARCORE_EXPORT QString errorString(SigningResult result, const QVariant &additionalMessage);
594}
595
596#endif
Okular::CertificateStore::signingCertificatesForNow
QList< CertificateInfo > signingCertificatesForNow(bool *userCancelled, bool *nonDateValidCerts) const
Returns list of valid, usable signing certificates for current date and time.
Definition signatureutils.cpp:471
Okular::CertificateStore::signingCertificates
virtual QList< CertificateInfo > signingCertificates(bool *userCancelled) const
Returns list of valid, usable signing certificates.
Definition signatureutils.cpp:465
status
Q_SCRIPTABLE CaptureState status()
start
Q_SCRIPTABLE Q_NOREPLY void start()
KDb::version
KDB_EXPORT KDbVersionInfo version()
KItinerary::LocationUtil::location
QVariant location(const QVariant &res)
Okular
global.h
Definition action.h:17
Okular::errorString
OKULARCORE_EXPORT QString errorString(SigningResult result, const QVariant &additionalMessage)
User strings for signing errors.
Definition signatureutils.cpp:488
Okular::UserCancelled
@ UserCancelled
user aborted
Definition signatureutils.h:582
Okular::FieldAlreadySigned
@ FieldAlreadySigned
couldn't sign because already signed
Definition signatureutils.h:577
Okular::InternalSigningError
@ InternalSigningError
Internal signing error. This is likely a application or poppler bug.
Definition signatureutils.h:579
Okular::KeyMissing
@ KeyMissing
requested key not found
Definition signatureutils.h:580
Okular::BadPassphrase
@ BadPassphrase
bad passphrase
Definition signatureutils.h:583
Okular::SigningSuccess
@ SigningSuccess
everything ok
Definition signatureutils.h:576
Okular::SignatureWriteFailed
@ SignatureWriteFailed
writing error
Definition signatureutils.h:581
Okular::GenericSigningError
@ GenericSigningError
generic (catch-all) error
Definition signatureutils.h:578
QCA::CommonName
CommonName
QCA::Organization
Organization
QCA::CertificateInfo
QMultiMap< CertificateInfoType, QString > CertificateInfo
QSsl::CertificateRevoked
CertificateRevoked
This file is part of the KDE documentation.
Documentation copyright © 1996-2025 The KDE developers.
Generated on Fri May 2 2025 11:59:13 by doxygen 1.13.2 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.