Okular

signatureutils.h
1 /*
2  SPDX-FileCopyrightText: 2018 Chinmoy Ranjan Pradhan <[email protected]>
3 
4  SPDX-License-Identifier: GPL-2.0-or-later
5 */
6 
7 #ifndef OKULAR_SIGNATUREUTILS_H
8 #define OKULAR_SIGNATUREUTILS_H
9 
10 #include "okularcore_export.h"
11 
12 #include <QDateTime>
13 #include <QFlag>
14 #include <QList>
15 #include <QSharedPointer>
16 #include <QString>
17 
18 namespace Okular
19 {
20 class SignatureInfoPrivate;
21 
22 /**
23  * @short A helper class to store information about x509 certificate
24  */
25 class OKULARCORE_EXPORT CertificateInfo
26 {
27 public:
28  /**
29  * The algorithm of public key.
30  */
31  enum PublicKeyType { RsaKey, DsaKey, EcKey, OtherKey };
32 
33  /**
34  * Certificate key usage extensions.
35  */
36  enum KeyUsageExtension { KuDigitalSignature = 0x80, KuNonRepudiation = 0x40, KuKeyEncipherment = 0x20, KuDataEncipherment = 0x10, KuKeyAgreement = 0x08, KuKeyCertSign = 0x04, KuClrSign = 0x02, KuEncipherOnly = 0x01, KuNone = 0x00 };
37  Q_DECLARE_FLAGS(KeyUsageExtensions, KeyUsageExtension)
38 
39  /**
40  * Predefined keys for elements in an entity's distinguished name.
41  */
43  CommonName,
44  DistinguishedName,
45  EmailAddress,
47  };
48 
49  /**
50  * Destructor
51  */
52  virtual ~CertificateInfo();
53 
54  /**
55  * Returns true if certificate has no contents; otherwise returns false.
56  */
57  virtual bool isNull() const;
58 
59  /**
60  * The certificate version string.
61  */
62  virtual int version() const;
63 
64  /**
65  * The certificate serial number.
66  */
67  virtual QByteArray serialNumber() const;
68 
69  /**
70  * Information about the issuer.
71  */
72  virtual QString issuerInfo(EntityInfoKey key) const;
73 
74  /**
75  * Information about the subject
76  */
77  virtual QString subjectInfo(EntityInfoKey key) const;
78 
79  /**
80  * The certificate internal database nickname
81  */
82  virtual QString nickName() const;
83 
84  /**
85  * The date-time when certificate becomes valid.
86  */
87  virtual QDateTime validityStart() const;
88 
89  /**
90  * The date-time when certificate expires.
91  */
92  virtual QDateTime validityEnd() const;
93 
94  /**
95  * The uses allowed for the certificate.
96  */
97  virtual KeyUsageExtensions keyUsageExtensions() const;
98 
99  /**
100  * The public key value.
101  */
102  virtual QByteArray publicKey() const;
103 
104  /**
105  * The public key type.
106  */
107  virtual PublicKeyType publicKeyType() const;
108 
109  /**
110  * The strength of public key in bits.
111  */
112  virtual int publicKeyStrength() const;
113 
114  /**
115  * Returns true if certificate is self-signed otherwise returns false.
116  */
117  virtual bool isSelfSigned() const;
118 
119  /**
120  * The DER encoded certificate.
121  */
122  virtual QByteArray certificateData() const;
123 
124  /**
125  * Checks if the given password is the correct one for this certificate
126  *
127  * @since 21.04
128  */
129  virtual bool checkPassword(const QString &password) const;
130 
131 protected:
132  friend class SignatureInfo;
133  CertificateInfo();
134 
135 private:
136  Q_DISABLE_COPY(CertificateInfo)
137 };
138 
139 /**
140  * @short A helper class to store information about digital signature
141  */
142 class OKULARCORE_EXPORT SignatureInfo
143 {
144 public:
145  /**
146  * The verification result of the signature.
147  */
149  SignatureStatusUnknown, ///< The signature status is unknown for some reason.
150  SignatureValid, ///< The signature is cryptographically valid.
151  SignatureInvalid, ///< The signature is cryptographically invalid.
152  SignatureDigestMismatch, ///< The document content was changed after the signature was applied.
153  SignatureDecodingError, ///< The signature CMS/PKCS7 structure is malformed.
154  SignatureGenericError, ///< The signature could not be verified.
155  SignatureNotFound, ///< The requested signature is not present in the document.
156  SignatureNotVerified ///< The signature is not yet verified.
157  };
158 
159  /**
160  * The verification result of the certificate.
161  */
163  CertificateStatusUnknown, ///< The certificate status is unknown for some reason.
164  CertificateTrusted, ///< The certificate is considered trusted.
165  CertificateUntrustedIssuer, ///< The issuer of this certificate has been marked as untrusted by the user.
166  CertificateUnknownIssuer, ///< The certificate trust chain has not finished in a trusted root certificate.
167  CertificateRevoked, ///< The certificate was revoked by the issuing certificate authority.
168  CertificateExpired, ///< The signing time is outside the validity bounds of this certificate.
169  CertificateGenericError, ///< The certificate could not be verified.
170  CertificateNotVerified ///< The certificate is not yet verified.
171  };
172 
173  /**
174  * The hash algorithm of the signature
175  */
176  enum HashAlgorithm { HashAlgorithmUnknown, HashAlgorithmMd2, HashAlgorithmMd5, HashAlgorithmSha1, HashAlgorithmSha256, HashAlgorithmSha384, HashAlgorithmSha512, HashAlgorithmSha224 };
177 
178  /**
179  * Destructor.
180  */
181  virtual ~SignatureInfo();
182 
183  /**
184  * The signature status of the signature.
185  */
186  virtual SignatureStatus signatureStatus() const;
187 
188  /**
189  * The certificate status of the signature.
190  */
191  virtual CertificateStatus certificateStatus() const;
192 
193  /**
194  * The signer subject common name associated with the signature.
195  */
196  virtual QString signerName() const;
197 
198  /**
199  * The signer subject distinguished name associated with the signature.
200  */
201  virtual QString signerSubjectDN() const;
202 
203  /**
204  * Get signing location.
205  */
206  virtual QString location() const;
207 
208  /**
209  * Get signing reason.
210  */
211  virtual QString reason() const;
212 
213  /**
214  * The hash algorithm used for the signature.
215  */
216  virtual HashAlgorithm hashAlgorithm() const;
217 
218  /**
219  * The signing time associated with the signature.
220  */
221  virtual QDateTime signingTime() const;
222 
223  /**
224  * Get the signature binary data.
225  */
226  virtual QByteArray signature() const;
227 
228  /**
229  * Get the bounds of the ranges of the document which are signed.
230  */
231  virtual QList<qint64> signedRangeBounds() const;
232 
233  /**
234  * Checks whether the signature authenticates the total document
235  * except for the signature itself.
236  */
237  virtual bool signsTotalDocument() const;
238 
239  /**
240  * Get certificate details.
241  */
242  virtual const CertificateInfo &certificateInfo() const;
243 
244 protected:
245  SignatureInfo();
246 
247 private:
248  Q_DISABLE_COPY(SignatureInfo)
249 };
250 
251 /**
252  * @short A helper class to store information about x509 certificate
253  */
254 class OKULARCORE_EXPORT CertificateStore
255 {
256 public:
257  /**
258  * Destructor
259  */
260  virtual ~CertificateStore();
261 
262  /**
263  * Returns list of valid, usable signing certificates.
264  *
265  * This can ask the user for a password, userCancelled will be true if the user decided not to enter it.
266  */
267  virtual QList<CertificateInfo *> signingCertificates(bool *userCancelled) const;
268 
269  /**
270  * Returns list of valid, usable signing certificates for current date and time.
271  *
272  * This can ask the user for a password, userCancelled will be true if the user decided not to enter it.
273  *
274  * nonDateValidCerts is true if the user has signing certificates but their validity start date is in the future or past their validity end date.
275  */
276  QList<CertificateInfo *> signingCertificatesForNow(bool *userCancelled, bool *nonDateValidCerts) const;
277 
278 protected:
280 
281 private:
282  Q_DISABLE_COPY(CertificateStore)
283 };
284 
285 }
286 
287 #endif
A helper class to store information about x509 certificate.
@ CertificateUntrustedIssuer
The issuer of this certificate has been marked as untrusted by the user.
A helper class to store information about x509 certificate.
The documentation to the global Okular namespace.
Definition: action.h:16
@ SignatureValid
The signature is cryptographically valid.
@ SignatureStatusUnknown
The signature status is unknown for some reason.
@ SignatureInvalid
The signature is cryptographically invalid.
@ CertificateUnknownIssuer
The certificate trust chain has not finished in a trusted root certificate.
PublicKeyType
The algorithm of public key.
@ CertificateExpired
The signing time is outside the validity bounds of this certificate.
CertificateStatus
The verification result of the certificate.
@ SignatureGenericError
The signature could not be verified.
@ CertificateStatusUnknown
The certificate status is unknown for some reason.
CommonName
SignatureStatus
The verification result of the signature.
HashAlgorithm
The hash algorithm of the signature.
EntityInfoKey
Predefined keys for elements in an entity's distinguished name.
@ CertificateGenericError
The certificate could not be verified.
@ SignatureNotFound
The requested signature is not present in the document.
unsigned int version()
@ CertificateRevoked
The certificate was revoked by the issuing certificate authority.
Organization
KeyUsageExtension
Certificate key usage extensions.
@ SignatureDecodingError
The signature CMS/PKCS7 structure is malformed.
A helper class to store information about digital signature.
@ SignatureDigestMismatch
The document content was changed after the signature was applied.
@ CertificateTrusted
The certificate is considered trusted.
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Mar 20 2023 04:10:35 by doxygen 1.8.17 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.