Okular

signatureutils.h
1/*
2 SPDX-FileCopyrightText: 2018 Chinmoy Ranjan Pradhan <chinmoyrp65@gmail.com>
3
4 SPDX-License-Identifier: GPL-2.0-or-later
5*/
6
7#ifndef OKULAR_SIGNATUREUTILS_H
8#define OKULAR_SIGNATUREUTILS_H
9
10#include "okularcore_export.h"
11
12#include <QDateTime>
13#include <QFlag>
14#include <QList>
15#include <QSharedPointer>
16#include <QString>
17
18namespace Okular
19{
20
21/**
22 * @short A helper class to store information about x509 certificate
23 */
24class CertificateInfoPrivate;
25class OKULARCORE_EXPORT CertificateInfo
26{
27public:
28 /** The certificate backend is mostly
29 important if there is a wish to integrate
30 third party viewers, where some third party
31 viewers only interacts with some and not other
32 backend */
33 enum class Backend {
34 /** The backend is either unknown
35 or known, but not something there is
36 currently supported need for*/
37 Unknown,
38 /** The certificates in question originates
39 in gpg and thus can be queried using e.g.
40 KDE's certificate manager Kleopatra */
41 Gpg
42 };
43 /**
44 * The algorithm of public key.
45 */
46 enum PublicKeyType { RsaKey, DsaKey, EcKey, OtherKey };
47
48 /**
49 * Certificate key usage extensions.
50 */
51 enum KeyUsageExtension { KuDigitalSignature = 0x80, KuNonRepudiation = 0x40, KuKeyEncipherment = 0x20, KuDataEncipherment = 0x10, KuKeyAgreement = 0x08, KuKeyCertSign = 0x04, KuClrSign = 0x02, KuEncipherOnly = 0x01, KuNone = 0x00 };
52 Q_DECLARE_FLAGS(KeyUsageExtensions, KeyUsageExtension)
53
54 /**
55 * Predefined keys for elements in an entity's distinguished name.
56 */
57 enum EntityInfoKey {
58 CommonName,
59 DistinguishedName,
60 EmailAddress,
61 Organization,
62 };
63 /**
64 * How should certain empty strings be treated
65 * @since 23.08
66 */
67 enum class EmptyString { /** Empty strings should just be empty*/ Empty, TranslatedNotAvailable /** Empty strings should be a localized version of "Not available" */ };
68
69 /** A signing key can be located in different places
70 * sometimes, for the user, it might be easier to pick
71 * the key located on a card if it have some visual
72 * indicator that it is somehow removable.
73 *
74 * \note a keylocation for a certificate without a private
75 *key (cannot be used for signing) will likely be "Unknown"
76 */
77 enum class KeyLocation {
78 Unknown, /** We don't know the location */
79 Other, /** We know the location, but it is somehow not covered by this enum */
80 Computer, /** The key is on this computer */
81 HardwareToken /** The key is on a dedicated hardware token, either a smartcard or a dedicated usb token (e.g. gnuk, nitrokey or yubikey) */
82 };
83
84 /**
85 * Destructor
86 */
87 ~CertificateInfo();
88
89 /**
90 * Returns true if the certificate has no contents; otherwise returns false
91 * @since 23.08
92 */
93 bool isNull() const;
94
95 /**
96 * Sets the null value of the certificate.
97 * @since 23.08
98 */
99 void setNull(bool null);
100
101 /**
102 * The certificate version string.
103 * @since 23.08
104 */
105 int version() const;
106
107 /**
108 * Sets the certificate version string.
109 * @since 23.08
110 */
111 void setVersion(int version);
112
113 /**
114 * The certificate serial number.
115 * @since 23.08
116 */
117 QByteArray serialNumber() const;
118
119 /**
120 * Sets the certificate serial number.
121 * @since 23.08
122 */
123 void setSerialNumber(const QByteArray &serial);
124
125 /**
126 * Information about the issuer.
127 * @since 23.08
128 */
129 QString issuerInfo(EntityInfoKey key, EmptyString empty) const;
130
131 /**
132 * Sets information about the issuer.
133 * @since 23.08
134 */
135 void setIssuerInfo(EntityInfoKey key, const QString &value);
136
137 /**
138 * Information about the subject
139 * @since 23.08
140 */
141 QString subjectInfo(EntityInfoKey key, EmptyString empty) const;
142
143 /**
144 * Sets information about the subject
145 * @since 23.08
146 */
147 void setSubjectInfo(EntityInfoKey key, const QString &value);
148
149 /**
150 * The certificate internal database nickname
151 * @since 23.08
152 */
153 QString nickName() const;
154
155 /**
156 * Sets the certificate internal database nickname
157 * @since 23.08
158 */
159 void setNickName(const QString &nickName);
160
161 /**
162 * The date-time when certificate becomes valid.
163 * @since 23.08
164 */
165 QDateTime validityStart() const;
166
167 /**
168 * Sets the date-time when certificate becomes valid.
169 * @since 23.08
170 */
171 void setValidityStart(const QDateTime &start);
172
173 /**
174 * The date-time when certificate expires.
175 * @since 23.08
176 */
177 QDateTime validityEnd() const;
178
179 /**
180 * Sets the date-time when certificate expires.
181 * @since 23.08
182 */
183 void setValidityEnd(const QDateTime &validityEnd);
184
185 /**
186 * The uses allowed for the certificate.
187 * @since 23.08
188 */
189 KeyUsageExtensions keyUsageExtensions() const;
190
191 /**
192 * Sets the uses allowed for the certificate.
193 * @since 23.08
194 */
195 void setKeyUsageExtensions(KeyUsageExtensions ext);
196
197 /**
198 * The public key value.
199 * @since 23.08
200 */
201 QByteArray publicKey() const;
202 /**
203 * Sets the public key value.
204 * @since 23.08
205 */
206 void setPublicKey(const QByteArray &publicKey);
207
208 /**
209 * The public key type.
210 * @since 23.08
211 */
212 PublicKeyType publicKeyType() const;
213
214 /**
215 * Sets the public key type.
216 * @since 23.08
217 */
218 void setPublicKeyType(PublicKeyType type);
219
220 /**
221 * The strength of public key in bits.
222 * @since 23.08
223 */
224 int publicKeyStrength() const;
225
226 /**
227 * Sets the strength of strength key in bits.
228 * @since 23.08
229 */
230 void setPublicKeyStrength(int strength);
231
232 /**
233 * Returns true if certificate is self-signed otherwise returns false.
234 * @since 23.08
235 */
236 bool isSelfSigned() const;
237
238 /**
239 * Sets if certificate is self-signed
240 * @since 23.08
241 */
242 void setSelfSigned(bool selfSigned);
243
244 /**
245 * The DER encoded certificate.
246 * @since 23.08
247 */
248 QByteArray certificateData() const;
249
250 /**
251 * Sets the DER encoded certificate.
252 * @since 23.08
253 */
254 void setCertificateData(const QByteArray &certificateData);
255 /*
256 * Sets the location of the certificate
257 *
258 * see \ref KeyLocation enum for details
259 * @since 24.02
260 */
261 void setKeyLocation(KeyLocation location);
262
263 /**
264 * the location of the certificate
265 *
266 * see \ref KeyLocation enum for details
267 * @since 24.02
268 */
269 KeyLocation keyLocation() const;
270
271 /**
272 * The backend where the certificate originates.
273 * see @ref Backend for details
274 * @since 23.08
275 */
276 Backend backend() const;
277
278 /**
279 * Sets the backend for this certificate.
280 * see @ref Backend for details
281 * @since 23.08
282 */
283 void setBackend(Backend backend);
284
285 /**
286 * Checks if the given password is the correct one for this certificate
287 *
288 * @since 23.08
289 */
290 bool checkPassword(const QString &password) const;
291
292 /**
293 * Sets a function to check if the current password is correct.
294 *
295 * The default reject all passwords
296 *
297 * @since 23.08
298 */
299 void setCheckPasswordFunction(const std::function<bool(const QString &)> &passwordFunction);
300
301 bool isQualified() const;
302 void setQualified(bool qualified);
303
304 CertificateInfo();
305 CertificateInfo(const CertificateInfo &other);
306 CertificateInfo(CertificateInfo &&other) noexcept;
307 CertificateInfo &operator=(const CertificateInfo &other);
308 CertificateInfo &operator=(CertificateInfo &&other) noexcept;
309
310private:
311 QSharedDataPointer<CertificateInfoPrivate> d;
312};
313
314/**
315 * @short A helper class to store information about digital signature
316 */
317class SignatureInfoPrivate;
318class OKULARCORE_EXPORT SignatureInfo
319{
320public:
321 /**
322 * The verification result of the signature.
323 */
324 enum SignatureStatus {
325 SignatureStatusUnknown, ///< The signature status is unknown for some reason.
326 SignatureValid, ///< The signature is cryptographically valid.
327 SignatureInvalid, ///< The signature is cryptographically invalid.
328 SignatureDigestMismatch, ///< The document content was changed after the signature was applied.
329 SignatureDecodingError, ///< The signature CMS/PKCS7 structure is malformed.
330 SignatureGenericError, ///< The signature could not be verified.
331 SignatureNotFound, ///< The requested signature is not present in the document.
332 SignatureNotVerified ///< The signature is not yet verified.
333 };
334
335 /**
336 * The verification result of the certificate.
337 */
338 enum CertificateStatus {
339 CertificateStatusUnknown, ///< The certificate status is unknown for some reason.
340 CertificateTrusted, ///< The certificate is considered trusted.
341 CertificateUntrustedIssuer, ///< The issuer of this certificate has been marked as untrusted by the user.
342 CertificateUnknownIssuer, ///< The certificate trust chain has not finished in a trusted root certificate.
343 CertificateRevoked, ///< The certificate was revoked by the issuing certificate authority.
344 CertificateExpired, ///< The signing time is outside the validity bounds of this certificate.
345 CertificateGenericError, ///< The certificate could not be verified.
346 CertificateNotVerified, ///< The certificate is not yet verified.
347 CertificateVerificationInProgress, ///< The certification is not yet verified, but in progress \since 24.08
348 };
349
350 /**
351 * The hash algorithm of the signature
352 */
353 enum HashAlgorithm { HashAlgorithmUnknown, HashAlgorithmMd2, HashAlgorithmMd5, HashAlgorithmSha1, HashAlgorithmSha256, HashAlgorithmSha384, HashAlgorithmSha512, HashAlgorithmSha224 };
354
355 /**
356 * Destructor.
357 */
358 ~SignatureInfo();
359
360 /**
361 * The signature status of the signature.
362 * @since 23.08
363 */
364 SignatureStatus signatureStatus() const;
365
366 /**
367 * Sets the signature status of the signature.
368 * @since 23.08
369 */
370 void setSignatureStatus(SignatureStatus status);
371
372 /**
373 * The certificate status of the signature.
374 * @since 23.08
375 */
376 CertificateStatus certificateStatus() const;
377
378 /**
379 * Sets the certificate status of the signature.
380 * @since 23.08
381 */
382 void setCertificateStatus(CertificateStatus status);
383
384 /**
385 * The signer subject common name associated with the signature.
386 * @since 23.08
387 */
388 QString signerName() const;
389
390 /**
391 * Sets the signer subject common name associated with the signature.
392 * @since 23.08
393 */
394 void setSignerName(const QString &signerName);
395
396 /**
397 * The signer subject distinguished name associated with the signature.
398 * @since 23.08
399 */
400 QString signerSubjectDN() const;
401
402 /**
403 * Sets the signer subject distinguished name associated with the signature.
404 * @since 23.08
405 */
406 void setSignerSubjectDN(const QString &signerSubjectDN);
407
408 /**
409 * Get signing location.
410 * @since 23.08
411 */
412 QString location() const;
413
414 /**
415 * Sets the signing location.
416 * @since 23.08
417 */
418 void setLocation(const QString &location);
419
420 /**
421 * Get signing reason.
422 * @since 23.08
423 */
424 QString reason() const;
425
426 /**
427 * Sets the signing reason.
428 * @since 23.08
429 */
430 void setReason(const QString &reason);
431
432 /**
433 * The hash algorithm used for the signature.
434 * @since 23.08
435 */
436 HashAlgorithm hashAlgorithm() const;
437
438 /**
439 * Sets the hash algorithm used for the signature.
440 * @since 23.08
441 */
442 void setHashAlgorithm(HashAlgorithm algorithm);
443
444 /**
445 * The signing time associated with the signature.
446 * @since 23.08
447 */
448 QDateTime signingTime() const;
449
450 /**
451 * Sets the signing time associated with the signature.
452 * @since 23.08
453 */
454 void setSigningTime(const QDateTime &time);
455
456 /**
457 * Get the signature binary data.
458 * @since 23.08
459 */
460 QByteArray signature() const;
461
462 /**
463 * Sets the signature binary data.
464 * @since 23.08
465 */
466 void setSignature(const QByteArray &signature);
467
468 /**
469 * Get the bounds of the ranges of the document which are signed.
470 * @since 23.08
471 */
472 QList<qint64> signedRangeBounds() const;
473
474 /**
475 * Sets the bounds of the ranges of the document which are signed.
476 * @since 23.08
477 */
478 void setSignedRangeBounds(const QList<qint64> &range);
479
480 /**
481 * Checks whether the signature authenticates the total document
482 * except for the signature itself.
483 * @since 23.08
484 */
485 bool signsTotalDocument() const;
486
487 /**
488 * Checks whether the signature authenticates the total document
489 * except for the signature itself.
490 * @since 23.08
491 */
492 void setSignsTotalDocument(bool total);
493
494 /**
495 * Get certificate details.
496 * @since 23.08
497 */
498 CertificateInfo certificateInfo() const;
499
500 /**
501 * Sets certificate details.
502 * @since 23.08
503 */
504 void setCertificateInfo(const CertificateInfo &info);
505
506 SignatureInfo();
507 SignatureInfo(const SignatureInfo &other);
508 SignatureInfo(SignatureInfo &&other) noexcept;
509 SignatureInfo &operator=(const SignatureInfo &other);
510 SignatureInfo &operator=(SignatureInfo &&other) noexcept;
511
512private:
513 QSharedDataPointer<SignatureInfoPrivate> d;
514};
515
516/**
517 * @short A helper class to store information about x509 certificate
518 */
519class OKULARCORE_EXPORT CertificateStore
520{
521public:
522 /**
523 * Destructor
524 */
525 virtual ~CertificateStore();
526
527 /**
528 * Returns list of valid, usable signing certificates.
529 *
530 * This can ask the user for a password, userCancelled will be true if the user decided not to enter it.
531 * @since 23.08
532 */
533 virtual QList<CertificateInfo> signingCertificates(bool *userCancelled) const;
534
535 /**
536 * Returns list of valid, usable signing certificates for current date and time.
537 *
538 * This can ask the user for a password, userCancelled will be true if the user decided not to enter it.
539 *
540 * nonDateValidCerts is true if the user has signing certificates but their validity start date is in the future or past their validity end date.
541 * @since 23.08
542 */
543 QList<CertificateInfo> signingCertificatesForNow(bool *userCancelled, bool *nonDateValidCerts) const;
544
545protected:
546 CertificateStore();
547
548private:
549 Q_DISABLE_COPY(CertificateStore)
550};
551
552/**
553 * \since 24.12
554 */
555enum SigningResult {
556 SigningSuccess,
557 FieldAlreadySigned,
558 GenericSigningError,
559};
560}
561
562#endif
Okular::CertificateStore
A helper class to store information about x509 certificate.
Definition signatureutils.h:520
status
Q_SCRIPTABLE CaptureState status()
start
Q_SCRIPTABLE Q_NOREPLY void start()
KCoreAddons::version
KCOREADDONS_EXPORT unsigned int version()
KItinerary::LocationUtil::location
QVariant location(const QVariant &res)
Okular
global.h
Definition action.h:17
QCA::CommonName
CommonName
QCA::Organization
Organization
QCA::CertificateInfo
QMultiMap< CertificateInfoType, QString > CertificateInfo
QSsl::CertificateRevoked
CertificateRevoked
This file is part of the KDE documentation.
Documentation copyright © 1996-2024 The KDE developers.
Generated on Sat Dec 21 2024 16:58:33 by doxygen 1.12.0 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.