QCA

qca_cert.h
Go to the documentation of this file.
1 /*
2  * qca_cert.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <[email protected]>
4  * Copyright (C) 2004-2006 Brad Hards <[email protected]>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
23 /**
24  \file qca_cert.h
25 
26  Header file for PGP key and X.509 certificate related classes
27 
28  \note You should not use this header directly from an
29  application. You should just use <tt> \#include <QtCrypto>
30  </tt> instead.
31 */
32 
33 #ifndef QCA_CERT_H
34 #define QCA_CERT_H
35 
36 #include "qca_core.h"
37 #include "qca_publickey.h"
38 #include <QDateTime>
39 
40 namespace QCA {
41 
42 class CertContext;
43 class CSRContext;
44 class CRLContext;
45 class Certificate;
46 class CRL;
47 class CertificateCollection;
48 class CertificateChain;
49 
50 /**
51  Certificate Request Format
52 */
54 {
55  PKCS10, ///< standard PKCS#10 format
56  SPKAC ///< Signed Public Key and Challenge (Netscape) format
57 };
58 
59 /**
60  Known types of information stored in certificates
61 
62  This enumerator offers a convenient way to work with common types.
63 */
65 {
66  CommonName, ///< The common name (eg person), id = "2.5.4.3"
67  Email, ///< Email address, id = "GeneralName.rfc822Name"
68  EmailLegacy, ///< PKCS#9 Email field, id = "1.2.840.113549.1.9.1"
69  Organization, ///< An organisation (eg company), id = "2.5.4.10"
70  OrganizationalUnit, ///< An part of an organisation (eg a division or branch), id = "2.5.4.11"
71  Locality, ///< The locality (eg city, a shire, or part of a state), id = "2.5.4.7"
72  IncorporationLocality, ///< The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1"
73  State, ///< The state within the country, id = "2.5.4.8"
74  IncorporationState, ///< The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2"
75  Country, ///< The country, id = "2.5.4.6"
76  IncorporationCountry, ///< The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3"
77  URI, ///< Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier"
78  DNS, ///< DNS name, id = "GeneralName.dNSName"
79  IPAddress, ///< IP address, id = "GeneralName.iPAddress"
80  XMPP ///< XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5"
81 };
82 
83 /**
84  \class CertificateInfoType qca_cert.h QtCrypto
85 
86  Certificate information type
87 
88  This class represents a type of information being stored in
89  a certificate. It can be created either using a known type
90  (from the Known enumerator) or an identifier string (usually
91  an OID). Types created either way are interchangeable.
92 
93  Types also have the notion of a Section. Some types may
94  reside in the Distinguished Name field of a certificate, and
95  some types may reside in the Subject Alternative Name field.
96  This class is capable of representing a type from either
97  section.
98 
99  In the general case, applications will want to use the
100  CertificateInfoTypeKnown enumerator types. These are from RFC3280
101  (http://www.ietf.org/rfc/rfc3280.txt) except where shown.
102 
103  The entries for IncorporationLocality, IncorporationState
104  and IncorporationCountry are the same as Locality, State
105  and Country respectively, except that the Extended
106  Validation (EV) certificate guidelines (published by the
107  %Certificate Authority / Browser Forum, see
108  http://www.cabforum.org) distinguish between the place of
109  where the company does business (which is the Locality /
110  State / Country combination) and the jurisdiction where the
111  company is legally incorporated (the IncorporationLocality
112  / IncorporationState / IncorporationCountry combination).
113 
114  \sa Certificate::subjectInfo() and Certificate::issuerInfo()
115  \sa CRL::issuerInfo()
116 
117  \ingroup UserAPI
118 */
119 class QCA_EXPORT CertificateInfoType
120 {
121 public:
122  /**
123  Section of the certificate that the information belongs in
124  */
125  enum Section
126  {
127  DN, ///< Distinguished name (the primary name)
128  AlternativeName ///< Alternative name
129  };
130 
131  /**
132  Standard constructor
133  */
135 
136  /**
137  Construct a new type
138 
139  The section will be derived by \a known.
140 
141  \param known the type as part of the CertificateInfoTypeKnown
142  enumerator
143  */
145 
146  /**
147  Construct a new type
148 
149  \param id the type as an identifier string (OID or internal)
150  \param section the section this type belongs in
151 
152  \sa id
153  */
154  CertificateInfoType(const QString &id, Section section);
155 
156  /**
157  Standard copy constructor
158 
159  \param from the certificate information to copy from
160  */
162 
164 
165  /**
166  Standard assignment operator
167 
168  \param from the certificate information to assign from
169  */
170  CertificateInfoType &operator=(const CertificateInfoType &from);
171 
172  /**
173  The section the type is part of
174  */
175  Section section() const;
176 
177  /**
178  The type as part of the CertificateInfoTypeKnown enumerator
179 
180  This function may return a value that does not exist in the
181  enumerator. In that case, you may use id() to determine the
182  type.
183  */
184  CertificateInfoTypeKnown known() const;
185 
186  /**
187  The type as an identifier string
188 
189  For types that have OIDs, this function returns an OID in string
190  form. For types that do not have OIDs, this function returns an
191  internal identifier string whose first character is not a digit
192  (this allows you to tell the difference between an OID and an
193  internal identifier).
194 
195  It is hereby stated that General Names (of the X.509 Subject
196  Alternative Name) shall use the internal identifier format
197  "GeneralName.[rfc field name]". For example, the rfc822Name
198  field would have the identifier "GeneralName.rfc822Name".
199 
200  Applications should not store, use, or compare against internal
201  identifiers unless the identifiers are explicitly documented
202  (e.g. GeneralName).
203  */
204  QString id() const;
205 
206  /**
207  Comparison operator
208 
209  \param other the certificate information to compare with this
210  certificate information.
211  */
212  bool operator<(const CertificateInfoType &other) const;
213 
214  /**
215  Comparison operator
216 
217  \param other the certificate information to compare with this
218  certificate information.
219  */
220  bool operator==(const CertificateInfoType &other) const;
221 
222  /**
223  Inequality operator
224 
225  \param other the certificate information to compare with this
226  certificate information.
227  */
228  inline bool operator!=(const CertificateInfoType &other) const
229  {
230  return !(*this == other);
231  }
232 
233 private:
234  class Private;
236 };
237 
238 /**
239  \class CertificateInfoPair qca_cert.h QtCrypto
240 
241  One entry in a certificate information list
242 
243  \ingroup UserAPI
244 */
245 class QCA_EXPORT CertificateInfoPair
246 {
247 public:
248  /**
249  Standard constructor
250  */
252 
253  /**
254  Construct a new pair
255 
256  \param type the type of information stored in this pair
257  \param value the value of the information to be stored
258  */
259  CertificateInfoPair(const CertificateInfoType &type, const QString &value);
260 
261  /**
262  Standard copy constructor
263 
264  \param from the information pair to copy from
265  */
267 
269 
270  /**
271  Standard assignment operator
272 
273  \param from the information pair to assign from
274  */
275  CertificateInfoPair &operator=(const CertificateInfoPair &from);
276 
277  /**
278  The type of information stored in the pair
279  */
280  CertificateInfoType type() const;
281 
282  /**
283  The value of the information stored in the pair
284  */
285  QString value() const;
286 
287  /**
288  Comparison operator
289 
290  \param other the certificate information pair to compare with this
291  certificate information pair.
292  */
293  bool operator==(const CertificateInfoPair &other) const;
294 
295  /**
296  Inequality operator
297 
298  \param other the certificate information pair to compare with this
299  certificate information pair.
300  */
301  inline bool operator!=(const CertificateInfoPair &other) const
302  {
303  return !(*this == other);
304  }
305 
306 private:
307  class Private;
309 };
310 
311 /**
312  Known types of certificate constraints
313 
314  This enumerator offers a convenient way to work with common types.
315 */
317 {
318  // KeyUsage
319  DigitalSignature, ///< %Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"
320  NonRepudiation, ///< %Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
321  KeyEncipherment, ///< %Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"
322  DataEncipherment, ///< %Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"
323  KeyAgreement, ///< %Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
324  KeyCertificateSign, ///< %Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
325  CRLSign, ///< %Certificate can be used to sign %Certificate Revocation Lists, id = "KeyUsage.crlSign"
326  EncipherOnly, ///< %Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
327  DecipherOnly, ///< %Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
328 
329  // ExtKeyUsage
330  ServerAuth, ///< %Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1.5.5.7.3.1".
331  ///< This is an extended usage constraint.
332  ClientAuth, ///< %Certificate can be used for client authentication (e.g. web browser), id = "1.3.6.1.5.5.7.3.2".
333  ///< This is an extended usage constraint.
334  CodeSigning, ///< %Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage
335  ///< constraint.
336  EmailProtection, ///< %Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an
337  ///< extended usage constraint.
338  IPSecEndSystem, ///< %Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5". This is
339  ///< an extended usage constraint.
340  IPSecTunnel, ///< %Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6". This is an
341  ///< extended usage constraint.
342  IPSecUser, ///< %Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7". This is an
343  ///< extended usage constraint.
344  TimeStamping, ///< %Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8". This is an
345  ///< extended usage constraint.
346  OCSPSigning ///< %Certificate can be used to sign an Online %Certificate Status Protocol (OCSP) assertion, id =
347  ///< "1.3.6.1.5.5.7.3.9". This is an extended usage constraint.
348 };
349 
350 /**
351  \class ConstraintType qca_cert.h QtCrypto
352 
353  Certificate constraint
354 
355  X.509 certificates can be constrained in their application - that is, some
356  certificates can only be used for certain purposes. This class is used to
357  identify an approved purpose for a certificate.
358 
359  \note It is common for a certificate to have more than one purpose.
360 
361  \ingroup UserAPI
362 */
363 class QCA_EXPORT ConstraintType
364 {
365 public:
366  /**
367  Section of the certificate that the constraint belongs in
368  */
369  enum Section
370  {
371  KeyUsage, ///< Stored in the key usage section
372  ExtendedKeyUsage ///< Stored in the extended key usage section
373  };
374 
375  /**
376  Standard constructor
377  */
378  ConstraintType();
379 
380  /**
381  Construct a new constraint
382 
383  The section will be derived by \a known.
384 
385  \param known the type as part of the ConstraintTypeKnown
386  enumerator
387  */
389 
390  /**
391  Construct a new constraint
392 
393  \param id the type as an identifier string (OID or internal)
394  \param section the section this type belongs in
395 
396  \sa id
397  */
398  ConstraintType(const QString &id, Section section);
399 
400  /**
401  Standard copy constructor
402 
403  \param from the constraint type to copy from
404  */
405  ConstraintType(const ConstraintType &from);
406 
407  ~ConstraintType();
408 
409  /**
410  Standard assignment operator
411 
412  \param from the constraint type to assign from
413  */
414  ConstraintType &operator=(const ConstraintType &from);
415 
416  /**
417  The section the constraint is part of
418  */
419  Section section() const;
420 
421  /**
422  The type as part of the ConstraintTypeKnown enumerator
423 
424  This function may return a value that does not exist in the
425  enumerator. In that case, you may use id() to determine the
426  type.
427  */
428  ConstraintTypeKnown known() const;
429 
430  /**
431  The type as an identifier string
432 
433  For types that have OIDs, this function returns an OID in string
434  form. For types that do not have OIDs, this function returns an
435  internal identifier string whose first character is not a digit
436  (this allows you to tell the difference between an OID and an
437  internal identifier).
438 
439  It is hereby stated that the KeyUsage bit fields shall use the
440  internal identifier format "KeyUsage.[rfc field name]". For
441  example, the keyEncipherment field would have the identifier
442  "KeyUsage.keyEncipherment".
443 
444  Applications should not store, use, or compare against internal
445  identifiers unless the identifiers are explicitly documented
446  (e.g. KeyUsage).
447  */
448  QString id() const;
449 
450  /**
451  Comparison operator
452 
453  \param other the constraint type to compare with this constraint
454  */
455  bool operator<(const ConstraintType &other) const;
456 
457  /**
458  Comparison operator
459 
460  \param other the constraint type to compare with this constraint
461  */
462  bool operator==(const ConstraintType &other) const;
463 
464  /**
465  Inequality operator
466 
467  \param other the constraint type to compare with this constraint
468  */
469  inline bool operator!=(const ConstraintType &other) const
470  {
471  return !(*this == other);
472  }
473 
474 private:
475  class Private;
477 };
478 
479 /**
480  Specify the intended usage of a certificate
481 */
483 {
484  UsageAny = 0x00, ///< Any application, or unspecified
485  UsageTLSServer = 0x01, ///< server side of a TLS or SSL connection
486  UsageTLSClient = 0x02, ///< client side of a TLS or SSL connection
487  UsageCodeSigning = 0x04, ///< code signing certificate
488  UsageEmailProtection = 0x08, ///< email (S/MIME) certificate
489  UsageTimeStamping = 0x10, ///< time stamping certificate
490  UsageCRLSigning = 0x20 ///< certificate revocation list signing certificate
491 };
492 
493 /**
494  The validity (or otherwise) of a certificate
495 */
497 {
498  ValidityGood, ///< The certificate is valid
499  ErrorRejected, ///< The root CA rejected the certificate purpose
500  ErrorUntrusted, ///< The certificate is not trusted
501  ErrorSignatureFailed, ///< The signature does not match
502  ErrorInvalidCA, ///< The Certificate Authority is invalid
503  ErrorInvalidPurpose, ///< The purpose does not match the intended usage
504  ErrorSelfSigned, ///< The certificate is self-signed, and is not found in the list of trusted certificates
505  ErrorRevoked, ///< The certificate has been revoked
506  ErrorPathLengthExceeded, ///< The path length from the root CA to this certificate is too long
507  ErrorExpired, ///< The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore
508  ///< time)
509  ErrorExpiredCA, ///< The Certificate Authority has expired
510  ErrorValidityUnknown = 64 ///< Validity is unknown
511 };
512 
513 /**
514  The conditions to validate for a certificate
515 */
517 {
518  ValidateAll = 0x00, // Verify all conditions
519  ValidateRevoked = 0x01, // Verify the certificate was not revoked
520  ValidateExpired = 0x02, // Verify the certificate has not expired
521  ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose
522 };
523 
524 /**
525  Certificate properties type
526 
527  With this container, the information is not necessarily stored
528  in the same sequence as the certificate format itself. Use this
529  container if the order the information is/was stored does not
530  matter for you (this is the case with most applications).
531 
532  Additionally, the EmailLegacy type should not be used with this
533  container. Use Email instead.
534 */
536 
537 /**
538  \class CertificateInfoOrdered qca_cert.h QtCrypto
539 
540  Ordered certificate properties type
541 
542  This container stores the information in the same sequence as
543  the certificate format itself.
544 
545  \ingroup UserAPI
546 */
547 class CertificateInfoOrdered : public QList<CertificateInfoPair>
548 {
549 public:
550  /**
551  Convert to RFC 1779 string format
552  */
553  inline QString toString() const;
554 
555  /**
556  Return a new CertificateInfoOrdered that only contains
557  the Distinguished Name (DN) types found in this object.
558  */
559  inline CertificateInfoOrdered dnOnly() const;
560 };
561 
562 /**
563  Convert to RFC 1779 string format
564 
565  \param in the certificate info to convert
566 */
567 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
568 
569 /**
570  Return a new CertificateInfoOrdered that only contains
571  the Distinguished Name (DN) types found in the input object.
572 
573  \param in the certificate info to extract from
574 */
576 
578 {
579  return orderedToDNString(*this);
580 }
581 
583 {
584  return orderedDNOnly(*this);
585 }
586 
587 /**
588  %Certificate constraints type
589 */
591 
592 /**
593  Create a list of unique friendly names among a list of certificates
594 
595  \param list the list of certificates for which a friendly name is required.
596 
597 */
598 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
599 
600 /**
601  \class CertificateOptions qca_cert.h QtCrypto
602 
603  %Certificate options
604 
605  \note In SPKAC mode, all options are ignored except for challenge
606 
607  \ingroup UserAPI
608 */
609 class QCA_EXPORT CertificateOptions
610 {
611 public:
612  /**
613  Create a Certificate options set
614 
615  \param format the format to create the certificate request in
616  */
618 
619  /**
620  Standard copy constructor
621 
622  \param from the Certificate Options to copy into this object
623  */
626 
627  /**
628  Standard assignment operator
629 
630  \param from the Certificate Options to copy into this object
631  */
632  CertificateOptions &operator=(const CertificateOptions &from);
633 
634  /**
635  test the format type for this certificate
636  */
637  CertificateRequestFormat format() const;
638 
639  /**
640  Specify the format for this certificate
641 
642  \param f the format to use
643  */
644  void setFormat(CertificateRequestFormat f);
645 
646  /**
647  Test if the certificate options object is valid
648 
649  \return true if the certificate options object is valid
650  */
651  bool isValid() const;
652 
653  /**
654  The challenge part of the certificate
655 
656  For CertificateRequest only
657 
658  \sa setChallenge
659  */
660  QString challenge() const;
661 
662  /**
663  Information on the subject of the certificate
664 
665  \sa setInfo
666  */
667  CertificateInfo info() const;
668 
669  /**
670  Information on the subject of the certificate, in the
671  exact order the items will be written
672 
673  \sa setInfoOrdered
674  */
675  CertificateInfoOrdered infoOrdered() const;
676 
677  /**
678  List the constraints on this certificate
679  */
680  Constraints constraints() const;
681 
682  /**
683  list the policies on this certificate
684  */
685  QStringList policies() const;
686 
687  /**
688  list of URI locations for CRL files
689 
690  each URI refers to the same CRL file
691 
692  For Certificate creation only
693  */
694  QStringList crlLocations() const;
695 
696  /**
697  list of URI locations for issuer certificate files
698 
699  each URI refers to the same issuer file
700 
701  For Certificate creation only
702  */
703  QStringList issuerLocations() const;
704 
705  /**
706  list of URI locations for OCSP services
707 
708  For Certificate creation only
709  */
710  QStringList ocspLocations() const;
711 
712  /**
713  test if the certificate is a CA cert
714 
715  \sa setAsCA
716  \sa setAsUser
717  */
718  bool isCA() const;
719 
720  /**
721  return the path limit on this certificate
722  */
723  int pathLimit() const;
724 
725  /**
726  The serial number for the certificate
727 
728  For Certificate creation only
729  */
730  BigInteger serialNumber() const;
731 
732  /**
733  the first time the certificate will be valid
734 
735  For Certificate creation only
736  */
737  QDateTime notValidBefore() const;
738 
739  /**
740  the last time the certificate is valid
741 
742  For Certificate creation only
743  */
744  QDateTime notValidAfter() const;
745 
746  /**
747  Specify the challenge associated with this
748  certificate
749 
750  \param s the challenge string
751 
752  \sa challenge()
753  */
754  void setChallenge(const QString &s);
755 
756  /**
757  Specify information for the subject associated with the
758  certificate
759 
760  \param info the information for the subject
761 
762  \sa info()
763  */
764  void setInfo(const CertificateInfo &info);
765 
766  /**
767  Specify information for the subject associated with the
768  certificate
769 
770  \param info the information for the subject
771 
772  \sa info()
773  */
774  void setInfoOrdered(const CertificateInfoOrdered &info);
775 
776  /**
777  set the constraints on the certificate
778 
779  \param constraints the constraints to be used for the certificate
780  */
781  void setConstraints(const Constraints &constraints);
782 
783  /**
784  set the policies on the certificate
785 
786  \param policies the policies to be used for the certificate
787  */
788  void setPolicies(const QStringList &policies);
789 
790  /**
791  set the CRL locations of the certificate
792 
793  each location refers to the same CRL.
794 
795  \param locations a list of URIs to CRL files
796  */
797  void setCRLLocations(const QStringList &locations);
798 
799  /**
800  set the issuer certificate locations of the certificate
801 
802  each location refers to the same issuer file.
803 
804  \param locations a list of URIs to issuer certificate files
805  */
806  void setIssuerLocations(const QStringList &locations);
807 
808  /**
809  set the OCSP service locations of the certificate
810 
811  \param locations a list of URIs to OCSP services
812  */
813  void setOCSPLocations(const QStringList &locations);
814 
815  /**
816  set the certificate to be a CA cert
817 
818  \param pathLimit the number of intermediate certificates allowable
819  */
820  void setAsCA(int pathLimit = 8); // value from Botan
821 
822  /**
823  set the certificate to be a user cert (this is the default)
824  */
825  void setAsUser();
826 
827  /**
828  Set the serial number property on this certificate
829 
830  \param i the serial number to use
831  */
832  void setSerialNumber(const BigInteger &i);
833 
834  /**
835  Set the validity period for the certificate
836 
837  \param start the first time this certificate becomes valid
838  \param end the last time this certificate is valid
839  */
840  void setValidityPeriod(const QDateTime &start, const QDateTime &end);
841 
842 private:
843  class Private;
844  Private *d;
845 };
846 
847 /**
848  \class Certificate qca_cert.h QtCrypto
849 
850  Public Key (X.509) certificate
851 
852  This class contains one X.509 certificate
853 
854  \ingroup UserAPI
855 */
856 class QCA_EXPORT Certificate : public Algorithm
857 {
858 public:
859  /**
860  Create an empty Certificate
861  */
862  Certificate();
863 
864  /**
865  Create a Certificate from a PEM encoded file
866 
867  \param fileName the name (and path, if required)
868  of the file that contains the PEM encoded certificate
869  */
870  Certificate(const QString &fileName);
871 
872  /**
873  Create a Certificate with specified options and a specified private
874  key
875 
876  \param opts the options to use
877  \param key the private key for this certificate
878  \param provider the provider to use to create this key, if a
879  particular provider is required
880  */
881  Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
882 
883  /**
884  Standard copy constructor
885 
886  \param from the certificate to copy from
887  */
888  Certificate(const Certificate &from);
889 
890  ~Certificate() override;
891 
892  /**
893  Standard assignment operator
894 
895  \param from the Certificate to assign from
896  */
897  Certificate &operator=(const Certificate &from);
898 
899  /**
900  Test if the certificate is empty (null)
901  \return true if the certificate is null
902  */
903  bool isNull() const;
904 
905  /**
906  The earliest date that the certificate is valid
907  */
908  QDateTime notValidBefore() const;
909 
910  /**
911  The latest date that the certificate is valid
912  */
913  QDateTime notValidAfter() const;
914 
915  /**
916  Properties of the subject of the certificate, as a QMultiMap
917 
918  This is the method that provides information on the
919  subject organisation, common name, DNS name, and so
920  on. The list of information types (i.e. the key to
921  the multi-map) is a CertificateInfoType. The values
922  are a list of QString.
923 
924  An example of how you can iterate over the list is:
925  \code
926 foreach( QString dns, info.values(QCA::DNS) )
927 {
928  std::cout << " " << qPrintable(dns) << std::endl;
929 }
930  \endcode
931  */
932  CertificateInfo subjectInfo() const;
933 
934  /**
935  Properties of the subject of the certificate, as
936  an ordered list (QList of CertificateInfoPair).
937 
938  This allows access to the certificate information
939  in the same order as they appear in a certificate.
940  Each pair in the list has a type and a value.
941 
942  For example:
943  \code
944 CertificateInfoOrdered info = cert.subjectInfoOrdered();
945 // info[0].type == CommonName
946 // info[0].value == "example.com"
947  \endcode
948 
949  \sa subjectInfo for an unordered version
950  \sa issuerInfoOrdered for the ordered information on the issuer
951  \sa CertificateInfoPair for the elements in the list
952  */
953  CertificateInfoOrdered subjectInfoOrdered() const;
954 
955  /**
956  Properties of the issuer of the certificate
957 
958  \sa subjectInfo for how the return value works.
959  */
960  CertificateInfo issuerInfo() const;
961 
962  /**
963  Properties of the issuer of the certificate, as
964  an ordered list (QList of CertificateInfoPair).
965 
966  This allows access to the certificate information
967  in the same order as they appear in a certificate.
968  Each pair in the list has a type and a value.
969 
970  \sa issuerInfo for an unordered version
971  \sa subjectInfoOrdered for the ordered information on the subject
972  \sa CertificateInfoPair for the elements in the list
973  */
974  CertificateInfoOrdered issuerInfoOrdered() const;
975 
976  /**
977  The constraints that apply to this certificate
978  */
979  Constraints constraints() const;
980 
981  /**
982  The policies that apply to this certificate
983 
984  Policies are specified as strings containing OIDs
985  */
986  QStringList policies() const;
987 
988  /**
989  List of URI locations for CRL files
990 
991  Each URI refers to the same CRL file
992  */
993  QStringList crlLocations() const;
994 
995  /**
996  List of URI locations for issuer certificate files
997 
998  Each URI refers to the same issuer file
999  */
1000  QStringList issuerLocations() const;
1001 
1002  /**
1003  List of URI locations for OCSP services
1004  */
1005  QStringList ocspLocations() const;
1006 
1007  /**
1008  The common name of the subject of the certificate
1009 
1010  Common names are normally the name of a person, company or
1011  organisation
1012  */
1013  QString commonName() const;
1014 
1015  /**
1016  The serial number of the certificate
1017  */
1018  BigInteger serialNumber() const;
1019 
1020  /**
1021  The public key associated with the subject of the certificate
1022  */
1023  PublicKey subjectPublicKey() const;
1024 
1025  /**
1026  Test if the Certificate is valid as a %Certificate Authority
1027 
1028  \return true if the Certificate is valid as a %Certificate Authority
1029  */
1030  bool isCA() const;
1031 
1032  /**
1033  Test if the Certificate is self-signed
1034 
1035  \return true if the certificate is self-signed
1036  */
1037  bool isSelfSigned() const;
1038 
1039  /**
1040  Test if the Certificate has signed another Certificate
1041  object and is therefore the issuer
1042 
1043  \param other the certificate to test
1044 
1045  \return true if this certificate is the issuer of the argument
1046  */
1047  bool isIssuerOf(const Certificate &other) const;
1048 
1049  /**
1050  The upper bound of the number of links in the certificate
1051  chain, if any
1052  */
1053  int pathLimit() const;
1054 
1055  /**
1056  The signature algorithm used for the signature on this certificate
1057  */
1058  SignatureAlgorithm signatureAlgorithm() const;
1059 
1060  /**
1061  The key identifier associated with the subject
1062  */
1063  QByteArray subjectKeyId() const;
1064 
1065  /**
1066  The key identifier associated with the issuer
1067  */
1068  QByteArray issuerKeyId() const;
1069 
1070  /**
1071  Check the validity of a certificate
1072 
1073  \param trusted a collection of trusted certificates
1074  \param untrusted a collection of additional certificates, not
1075  necessarily trusted
1076  \param u the use required for the certificate
1077  \param vf the conditions to validate
1078 
1079  \note This function may block
1080  */
1081  Validity validate(const CertificateCollection &trusted,
1082  const CertificateCollection &untrusted,
1083  UsageMode u = UsageAny,
1084  ValidateFlags vf = ValidateAll) const;
1085 
1086  /**
1087  Export the Certificate into a DER format
1088  */
1089  QByteArray toDER() const;
1090 
1091  /**
1092  Export the Certificate into a PEM format
1093  */
1094  QString toPEM() const;
1095 
1096  /**
1097  Export the Certificate into PEM format in a file
1098 
1099  \param fileName the name of the file to use
1100  */
1101  bool toPEMFile(const QString &fileName) const;
1102 
1103  /**
1104  Import the certificate from DER
1105 
1106  \param a the array containing the certificate in DER format
1107  \param result a pointer to a ConvertResult, which if not-null will
1108  be set to the conversion status
1109  \param provider the provider to use, if a specific provider is
1110  required
1111 
1112  \return the Certificate corresponding to the certificate in the
1113  provided array
1114  */
1115  static Certificate
1116  fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1117 
1118  /**
1119  Import the certificate from PEM format
1120 
1121  \param s the string containing the certificate in PEM format
1122  \param result a pointer to a ConvertResult, which if not-null will
1123  be set to the conversion status
1124  \param provider the provider to use, if a specific provider is
1125  required
1126 
1127  \return the Certificate corresponding to the certificate in the
1128  provided string
1129  */
1130  static Certificate fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1131 
1132  /**
1133  Import the certificate from a file
1134 
1135  \param fileName the name (and path, if required) of the file
1136  containing the certificate in PEM format
1137  \param result a pointer to a ConvertResult, which if not-null will
1138  be set to the conversion status
1139  \param provider the provider to use, if a specific provider is
1140  required
1141 
1142  \return the Certificate corresponding to the certificate in the
1143  provided string
1144  */
1145  static Certificate
1146  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1147 
1148  /**
1149  Test if the subject of the certificate matches a specified host
1150  name
1151 
1152  This will return true (indicating a match), if the specified host
1153  name meets the RFC 2818 validation rules with this certificate.
1154 
1155  If the host is an internationalized domain name, then it must be
1156  provided in unicode format, not in IDNA ACE/punycode format.
1157 
1158  \param host the name of the host to compare to
1159  */
1160  bool matchesHostName(const QString &host) const;
1161 
1162  /**
1163  Test for equality of two certificates
1164 
1165  \param a the certificate to compare this certificate with
1166 
1167  \return true if the two certificates are the same
1168  */
1169  bool operator==(const Certificate &a) const;
1170 
1171  /**
1172  Inequality operator
1173 
1174  \param other the certificate to compare this certificate with
1175  */
1176  inline bool operator!=(const Certificate &other) const
1177  {
1178  return !(*this == other);
1179  }
1180 
1181  /**
1182  \internal
1183 
1184  \param c context (internal)
1185  */
1186  void change(CertContext *c);
1187 
1188 private:
1189  class Private;
1190  friend class Private;
1192 
1193  friend class CertificateChain;
1194  Validity chain_validate(const CertificateChain & chain,
1195  const CertificateCollection &trusted,
1196  const QList<CRL> & untrusted_crls,
1197  UsageMode u,
1198  ValidateFlags vf) const;
1200  chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
1201 };
1202 
1203 /**
1204  \class CertificateChain qca_cert.h QtCrypto
1205 
1206  A chain of related Certificates
1207 
1208  CertificateChain is a list (a QList) of certificates that are related by
1209  the signature from one to another. If Certificate C signs Certificate B,
1210  and Certificate B signs Certificate A, then C, B and A form a chain.
1211 
1212  The normal use of a CertificateChain is from a end-user Certificate (called
1213  the primary, equivalent to QList::first()) through some intermediate
1214  Certificates to some other Certificate (QList::last()), which might be a
1215  root %Certificate Authority, but does not need to be.
1216 
1217  You can build up the chain using normal QList operations, such as
1218  QList::append().
1219 
1220  \sa QCA::CertificateCollection for an alternative way to represent a group
1221  of Certificates that do not necessarily have a chained relationship.
1222 
1223  \ingroup UserAPI
1224 */
1225 class CertificateChain : public QList<Certificate>
1226 {
1227 public:
1228  /**
1229  Create an empty certificate chain
1230  */
1232  {
1233  }
1234 
1235  /**
1236  Create a certificate chain, starting at the specified certificate
1237 
1238  \param primary the end-user certificate that forms one end of the
1239  chain
1240  */
1241  inline CertificateChain(const Certificate &primary)
1242  {
1243  append(primary);
1244  }
1245 
1246  /**
1247  Return the primary (end-user) Certificate
1248  */
1249  inline const Certificate &primary() const
1250  {
1251  return first();
1252  }
1253 
1254  /**
1255  Check the validity of a certificate chain
1256 
1257  \param trusted a collection of trusted certificates
1258  \param untrusted_crls a list of additional CRLs, not necessarily
1259  trusted
1260  \param u the use required for the primary certificate
1261  \param vf the conditions to validate
1262 
1263  \note This function may block
1264 
1265  \sa Certificate::validate()
1266  */
1267  inline Validity validate(const CertificateCollection &trusted,
1268  const QList<CRL> & untrusted_crls = QList<CRL>(),
1269  UsageMode u = UsageAny,
1270  ValidateFlags vf = ValidateAll) const;
1271 
1272  /**
1273  Complete a certificate chain for the primary certificate, using the
1274  rest of the certificates in the chain object, as well as those in
1275  \a issuers, as possible issuers in the chain. If there are issuers
1276  missing, then the chain might be incomplete (at the worst case, if
1277  no issuers exist for the primary certificate, then the resulting
1278  chain will consist of just the primary certificate). Use the
1279  \a result argument to find out if there was a problem during
1280  completion. A result of ValidityGood means the chain was completed
1281  successfully.
1282 
1283  The newly constructed CertificateChain is returned.
1284 
1285  If the certificate chain is empty, then this will return an empty
1286  CertificateChain object.
1287 
1288  \param issuers a pool of issuers to draw from as necessary
1289  \param result the result of the completion operation
1290 
1291  \note This function may block
1292 
1293  \sa validate
1294  */
1295  inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(),
1296  Validity * result = nullptr) const;
1297 };
1298 
1300  const QList<CRL> & untrusted_crls,
1301  UsageMode u,
1302  ValidateFlags vf) const
1303 {
1304  if (isEmpty())
1305  return ErrorValidityUnknown;
1306  return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
1307 }
1308 
1310 {
1311  if (isEmpty())
1312  return CertificateChain();
1313  return first().chain_complete(*this, issuers, result);
1314 }
1315 
1316 /**
1317  \class CertificateRequest qca_cert.h QtCrypto
1318 
1319  %Certificate Request
1320 
1321  A CertificateRequest is a unsigned request for a Certificate
1322 
1323  \ingroup UserAPI
1324 */
1325 class QCA_EXPORT CertificateRequest : public Algorithm
1326 {
1327 public:
1328  /**
1329  Create an empty certificate request
1330  */
1332 
1333  /**
1334  Create a certificate request based on the contents of a file
1335 
1336  \param fileName the file (and path, if necessary) containing a PEM
1337  encoded certificate request
1338  */
1339  CertificateRequest(const QString &fileName);
1340 
1341  /**
1342  Create a certificate request based on specified options
1343 
1344  \param opts the options to use in the certificate request
1345  \param key the private key that matches the certificate being
1346  requested
1347  \param provider the provider to use, if a specific provider is
1348  required
1349  */
1350  CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
1351 
1352  /**
1353  Standard copy constructor
1354 
1355  \param from the request to copy from
1356  */
1358 
1359  ~CertificateRequest() override;
1360 
1361  /**
1362  Standard assignment operator
1363 
1364  \param from the request to assign from
1365  */
1366  CertificateRequest &operator=(const CertificateRequest &from);
1367 
1368  /**
1369  test if the certificate request is empty
1370 
1371  \return true if the certificate request is empty, otherwise false
1372  */
1373  bool isNull() const;
1374 
1375  /**
1376  Test if the certificate request can use a specified format
1377 
1378  \param f the format to test for
1379  \param provider the provider to use, if a specific provider is
1380  required
1381 
1382  \return true if the certificate request can use the specified
1383  format
1384  */
1385  static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
1386 
1387  /**
1388  the format that this Certificate request is in
1389  */
1390  CertificateRequestFormat format() const;
1391 
1392  /**
1393  Information on the subject of the certificate being requested
1394 
1395  \note this only applies to PKCS#10 format certificate requests
1396 
1397  \sa subjectInfoOrdered for a version that maintains order
1398  in the subject information.
1399  */
1400  CertificateInfo subjectInfo() const;
1401 
1402  /**
1403  Information on the subject of the certificate being requested, as
1404  an ordered list (QList of CertificateInfoPair).
1405 
1406  \note this only applies to PKCS#10 format certificate requests
1407 
1408  \sa subjectInfo for a version that does not maintain order, but
1409  allows access based on a multimap.
1410  \sa CertificateInfoPair for the elements in the list
1411  */
1412  CertificateInfoOrdered subjectInfoOrdered() const;
1413 
1414  /**
1415  The constraints that apply to this certificate request
1416 
1417  \note this only applies to PKCS#10 format certificate requests
1418  */
1419  Constraints constraints() const;
1420 
1421  /**
1422  The policies that apply to this certificate request
1423 
1424  \note this only applies to PKCS#10 format certificate requests
1425  */
1426  QStringList policies() const;
1427 
1428  /**
1429  The public key belonging to the issuer
1430  */
1431  PublicKey subjectPublicKey() const;
1432 
1433  /**
1434  Test if this %Certificate Request is for a %Certificate Authority
1435  certificate
1436 
1437  \note this only applies to PKCS#10 format certificate requests
1438  */
1439  bool isCA() const;
1440 
1441  /**
1442  The path limit for the certificate in this %Certificate Request
1443 
1444  \note this only applies to PKCS#10 format certificate requests
1445  */
1446  int pathLimit() const;
1447 
1448  /**
1449  The challenge associated with this certificate request
1450  */
1451  QString challenge() const;
1452 
1453  /**
1454  The algorithm used to make the signature on this certificate
1455  request
1456  */
1457  SignatureAlgorithm signatureAlgorithm() const;
1458 
1459  /**
1460  Test for equality of two certificate requests
1461 
1462  \param csr the certificate request to be compared to this certificate request
1463 
1464  \return true if the two certificate requests are the same
1465  */
1466  bool operator==(const CertificateRequest &csr) const;
1467 
1468  /**
1469  Inequality operator
1470 
1471  \param other the certificate request to be compared to this certificate request
1472  */
1473  inline bool operator!=(const CertificateRequest &other) const
1474  {
1475  return !(*this == other);
1476  }
1477 
1478  /**
1479  Export the %Certificate Request into a DER format
1480 
1481  \note this only applies to PKCS#10 format certificate requests
1482  */
1483  QByteArray toDER() const;
1484 
1485  /**
1486  Export the %Certificate Request into a PEM format
1487 
1488  \note this only applies to PKCS#10 format certificate requests
1489  */
1490  QString toPEM() const;
1491 
1492  /**
1493  Export the Certificate into PEM format in a file
1494 
1495  \param fileName the name of the file to use
1496 
1497  \note this only applies to PKCS#10 format certificate requests
1498  */
1499  bool toPEMFile(const QString &fileName) const;
1500 
1501  /**
1502  Import the certificate request from DER
1503 
1504  \param a the array containing the certificate request in DER format
1505  \param result a pointer to a ConvertResult, which if not-null will
1506  be set to the conversion status
1507  \param provider the provider to use, if a specific provider is
1508  required
1509 
1510  \return the CertificateRequest corresponding to the certificate
1511  request in the provided array
1512 
1513  \note this only applies to PKCS#10 format certificate requests
1514  */
1515  static CertificateRequest
1516  fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1517 
1518  /**
1519  Import the certificate request from PEM format
1520 
1521  \param s the string containing the certificate request in PEM
1522  format
1523  \param result a pointer to a ConvertResult, which if not-null will
1524  be set to the conversion status
1525  \param provider the provider to use, if a specific provider is
1526  required
1527 
1528  \return the CertificateRequest corresponding to the certificate
1529  request in the provided string
1530 
1531  \note this only applies to PKCS#10 format certificate requests
1532  */
1533  static CertificateRequest
1534  fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1535 
1536  /**
1537  Import the certificate request from a file
1538 
1539  \param fileName the name (and path, if required) of the file
1540  containing the certificate request in PEM format
1541  \param result a pointer to a ConvertResult, which if not-null will
1542  be set to the conversion status
1543  \param provider the provider to use, if a specific provider is
1544  required
1545 
1546  \return the CertificateRequest corresponding to the certificate
1547  request in the provided string
1548 
1549  \note this only applies to PKCS#10 format certificate requests
1550  */
1551  static CertificateRequest
1552  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1553 
1554  /**
1555  Export the CertificateRequest to a string
1556 
1557  \return the string corresponding to the certificate request
1558 
1559  \note this only applies to SPKAC format certificate requests
1560  */
1561  QString toString() const;
1562 
1563  /**
1564  Import the CertificateRequest from a string
1565 
1566  \param s the string containing to the certificate request
1567  \param result a pointer to a ConvertResult, which if not-null will
1568  be set to the conversion status
1569  \param provider the provider to use, if a specific provider is
1570  required
1571 
1572  \return the CertificateRequest corresponding to the certificate
1573  request in the provided string
1574 
1575  \note this only applies to SPKAC format certificate requests
1576  */
1577  static CertificateRequest
1578  fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1579 
1580  /**
1581  \internal
1582 
1583  \param c context (internal)
1584  */
1585  void change(CSRContext *c);
1586 
1587 private:
1588  class Private;
1589  friend class Private;
1591 };
1592 
1593 /**
1594  \class CRLEntry qca_cert.h QtCrypto
1595 
1596  Part of a CRL representing a single certificate
1597 
1598  \ingroup UserAPI
1599 */
1600 class QCA_EXPORT CRLEntry
1601 {
1602 public:
1603  /**
1604  The reason why the certificate has been revoked
1605  */
1606  enum Reason
1607  {
1608  Unspecified, ///< reason is unknown
1609  KeyCompromise, ///< private key has been compromised
1610  CACompromise, ///< certificate authority has been compromised
1611  AffiliationChanged,
1612  Superseded, ///< certificate has been superseded
1613  CessationOfOperation,
1614  CertificateHold, ///< certificate is on hold
1615  RemoveFromCRL, ///< certificate was previously in a CRL, but is now valid
1616  PrivilegeWithdrawn,
1617  AACompromise ///< attribute authority has been compromised
1618  };
1619 
1620  /**
1621  create an empty CRL entry
1622  */
1623  CRLEntry();
1624 
1625  /**
1626  create a CRL entry
1627 
1628  \param c the certificate to revoke
1629  \param r the reason that the certificate is being revoked
1630  */
1631  explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
1632 
1633  /**
1634  create a CRL entry
1635 
1636  \param serial the serial number of the Certificate being revoked
1637  \param time the time the Certificate was revoked (or will be
1638  revoked)
1639  \param r the reason that the certificate is being revoked
1640  */
1641  CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
1642 
1643  /**
1644  Copy constructor
1645 
1646  \param from the CRLEntry to copy from
1647  */
1648  CRLEntry(const CRLEntry &from);
1649 
1650  ~CRLEntry();
1651 
1652  /**
1653  Standard assignment operator
1654 
1655  \param from the CRLEntry to copy from
1656  */
1657  CRLEntry &operator=(const CRLEntry &from);
1658 
1659  /**
1660  The serial number of the certificate that is the subject of this CRL entry
1661  */
1662  BigInteger serialNumber() const;
1663 
1664  /**
1665  The time this CRL entry was created
1666  */
1667  QDateTime time() const;
1668 
1669  /**
1670  Test if this CRL entry is empty
1671  */
1672  bool isNull() const;
1673 
1674  /**
1675  The reason that this CRL entry was created
1676 
1677  Alternatively, you might like to think of this as the reason that
1678  the subject certificate has been revoked
1679  */
1680  Reason reason() const;
1681 
1682  /**
1683  Test if one CRL entry is "less than" another
1684 
1685  CRL entries are compared based on their serial number
1686 
1687  \param a the CRL entry to be compared to this CRL entry.
1688  */
1689  bool operator<(const CRLEntry &a) const;
1690 
1691  /**
1692  Test for equality of two CRL Entries
1693 
1694  \param a the CRL entry to be compared to this CRL entry.
1695 
1696  \return true if the two certificates are the same
1697  */
1698  bool operator==(const CRLEntry &a) const;
1699 
1700  /**
1701  Inequality operator
1702 
1703  \param other the CRL entry to be compared to this CRL entry.
1704  */
1705  inline bool operator!=(const CRLEntry &other) const
1706  {
1707  return !(*this == other);
1708  }
1709 
1710 private:
1711  BigInteger _serial;
1712  QDateTime _time;
1713  Reason _reason;
1714 
1715  class Private;
1716  Private *d;
1717 };
1718 
1719 /**
1720  \class CRL qca_cert.h QtCrypto
1721 
1722  %Certificate Revocation List
1723 
1724  A %CRL is a list of certificates that are special in some
1725  way. The normal reason for including a certificate on a %CRL
1726  is that the certificate should no longer be used. For
1727  example, if a key is compromised, then the associated
1728  certificate may no longer provides appropriate
1729  security. There are other reasons why a certificate may be
1730  placed on a %CRL, as shown in the CRLEntry::Reason
1731  enumeration.
1732 
1733  \sa CertificateCollection for a way to handle Certificates
1734  and CRLs as a single entity.
1735  \sa CRLEntry for the %CRL segment representing a single Certificate.
1736 
1737  \ingroup UserAPI
1738 */
1739 class QCA_EXPORT CRL : public Algorithm
1740 {
1741 public:
1742  CRL();
1743 
1744  /**
1745  Standard copy constructor
1746 
1747  \param from the revocation list to copy from
1748  */
1749  CRL(const CRL &from);
1750 
1751  ~CRL() override;
1752 
1753  /**
1754  Standard assignment operator
1755 
1756  \param from the revocation list to assign from
1757  */
1758  CRL &operator=(const CRL &from);
1759 
1760  /**
1761  Test if the CRL is empty
1762 
1763  \return true if the CRL is empty, otherwise return false
1764  */
1765  bool isNull() const;
1766 
1767  /**
1768  Information on the issuer of the CRL as a QMultiMap.
1769 
1770  \sa issuerInfoOrdered for a version that maintains the order
1771  of information fields as per the underlying CRL.
1772  */
1773  CertificateInfo issuerInfo() const;
1774 
1775  /**
1776  Information on the issuer of the CRL as an ordered list
1777  (QList of CertificateInfoPair).
1778 
1779  \sa issuerInfo for a version that allows lookup based on
1780  a multimap.
1781  \sa CertificateInfoPair for the elements in the list
1782  */
1783  CertificateInfoOrdered issuerInfoOrdered() const;
1784 
1785  /**
1786  The CRL serial number. Note that serial numbers are a
1787  CRL extension, and not all certificates have one.
1788 
1789  \return the CRL serial number, or -1 if there is no serial number
1790  */
1791  int number() const;
1792 
1793  /**
1794  the time that this CRL became (or becomes) valid
1795  */
1796  QDateTime thisUpdate() const;
1797 
1798  /**
1799  the time that this CRL will be obsoleted
1800 
1801  you should obtain an updated CRL at this time
1802  */
1803  QDateTime nextUpdate() const;
1804 
1805  /**
1806  a list of the revoked certificates in this CRL
1807  */
1808  QList<CRLEntry> revoked() const;
1809 
1810  /**
1811  The signature algorithm used for the signature on this CRL
1812  */
1813  SignatureAlgorithm signatureAlgorithm() const;
1814 
1815  /**
1816  The key identification of the CRL issuer
1817  */
1818  QByteArray issuerKeyId() const;
1819 
1820  /**
1821  Test for equality of two %Certificate Revocation Lists
1822 
1823  \param a the CRL to be compared to this CRL
1824 
1825  \return true if the two CRLs are the same
1826  */
1827  bool operator==(const CRL &a) const;
1828 
1829  /**
1830  Inequality operator
1831 
1832  \param other the CRL to be compared to this CRL
1833  */
1834  inline bool operator!=(const CRL &other) const
1835  {
1836  return !(*this == other);
1837  }
1838 
1839  /**
1840  Export the %Certificate Revocation List (CRL) in DER format
1841 
1842  \return an array containing the CRL in DER format
1843  */
1844  QByteArray toDER() const;
1845 
1846  /**
1847  Export the %Certificate Revocation List (CRL) in PEM format
1848 
1849  \return a string containing the CRL in PEM format
1850  */
1851  QString toPEM() const;
1852 
1853  /**
1854  Export the %Certificate Revocation List (CRL) into PEM format in a
1855  file
1856 
1857  \param fileName the name of the file to use
1858  */
1859  bool toPEMFile(const QString &fileName) const;
1860 
1861  /**
1862  Import a DER encoded %Certificate Revocation List (CRL)
1863 
1864  \param a the array containing the CRL in DER format
1865  \param result a pointer to a ConvertResult, which if not-null will
1866  be set to the conversion status
1867  \param provider the provider to use, if a specific provider is
1868  required
1869 
1870  \return the CRL corresponding to the contents of the array
1871  */
1872  static CRL fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1873 
1874  /**
1875  Import a PEM encoded %Certificate Revocation List (CRL)
1876 
1877  \param s the string containing the CRL in PEM format
1878  \param result a pointer to a ConvertResult, which if not-null will
1879  be set to the conversion status
1880  \param provider the provider to use, if a specific provider is
1881  required
1882 
1883  \return the CRL corresponding to the contents of the string
1884  */
1885  static CRL fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1886 
1887  /**
1888  Import a PEM encoded %Certificate Revocation List (CRL) from a file
1889 
1890  \param fileName the name (and path, if required) of the file
1891  containing the certificate in PEM format
1892  \param result a pointer to a ConvertResult, which if not-null will
1893  be set to the conversion status
1894  \param provider the provider to use, if a specific provider is
1895  required
1896 
1897  \return the CRL in the file
1898  */
1899  static CRL
1900  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1901 
1902  /**
1903  \internal
1904 
1905  \param c context (internal)
1906  */
1907  void change(CRLContext *c);
1908 
1909 private:
1910  class Private;
1911  friend class Private;
1913 };
1914 
1915 /**
1916  \class CertificateCollection qca_cert.h QtCrypto
1917 
1918  Bundle of Certificates and CRLs
1919 
1920  CertificateCollection provides a bundle of Certificates and Certificate
1921  Revocation Lists (CRLs), not necessarily related.
1922 
1923  \sa QCA::CertificateChain for a representation of a chain of Certificates
1924  related by signatures.
1925 
1926  \ingroup UserAPI
1927 */
1928 class QCA_EXPORT CertificateCollection
1929 {
1930 public:
1931  /**
1932  Create an empty Certificate / CRL collection
1933  */
1935 
1936  /**
1937  Standard copy constructor
1938 
1939  \param from the CertificateCollection to copy from
1940  */
1942 
1944 
1945  /**
1946  Standard assignment operator
1947 
1948  \param from the CertificateCollection to copy from
1949  */
1950  CertificateCollection &operator=(const CertificateCollection &from);
1951 
1952  /**
1953  Append a Certificate to this collection
1954 
1955  \param cert the Certificate to add to this CertificateCollection
1956  */
1957  void addCertificate(const Certificate &cert);
1958 
1959  /**
1960  Append a CRL to this collection
1961 
1962  \param crl the certificate revokation list to add to this
1963  CertificateCollection
1964  */
1965  void addCRL(const CRL &crl);
1966 
1967  /**
1968  The Certificates in this collection
1969  */
1970  QList<Certificate> certificates() const;
1971 
1972  /**
1973  The CRLs in this collection
1974  */
1975  QList<CRL> crls() const;
1976 
1977  /**
1978  Add another CertificateCollection to this collection
1979 
1980  \param other the CertificateCollection to add to this collection
1981  */
1982  void append(const CertificateCollection &other);
1983 
1984  /**
1985  Add another CertificateCollection to this collection
1986 
1987  \param other the CertificateCollection to add to this collection
1988  */
1990 
1991  /**
1992  Add another CertificateCollection to this collection
1993 
1994  \param other the CertificateCollection to add to this collection
1995  */
1996  CertificateCollection &operator+=(const CertificateCollection &other);
1997 
1998  /**
1999  test if the CertificateCollection can be imported and exported to
2000  PKCS#7 format
2001 
2002  \param provider the provider to use, if a specific provider is
2003  required
2004 
2005  \return true if the CertificateCollection can be imported and
2006  exported to PKCS#7 format
2007  */
2008  static bool canUsePKCS7(const QString &provider = QString());
2009 
2010  /**
2011  export the CertificateCollection to a plain text file
2012 
2013  \param fileName the name (and path, if required) to write the
2014  contents of the CertificateCollection to
2015 
2016  \return true if the export succeeded, otherwise false
2017  */
2018  bool toFlatTextFile(const QString &fileName);
2019 
2020  /**
2021  export the CertificateCollection to a PKCS#7 file
2022 
2023  \param fileName the name (and path, if required) to write the
2024  contents of the CertificateCollection to
2025  \param provider the provider to use, if a specific provider is
2026  required
2027 
2028  \return true if the export succeeded, otherwise false
2029  */
2030  bool toPKCS7File(const QString &fileName, const QString &provider = QString());
2031 
2032  /**
2033  import a CertificateCollection from a text file
2034 
2035  \param fileName the name (and path, if required) to read the
2036  certificate collection from
2037  \param result a pointer to a ConvertResult, which if not-null will
2038  be set to the conversion status
2039  \param provider the provider to use, if a specific provider is
2040  required
2041 
2042  \return the CertificateCollection corresponding to the contents of
2043  the file specified in fileName
2044  */
2045  static CertificateCollection
2046  fromFlatTextFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2047 
2048  /**
2049  import a CertificateCollection from a PKCS#7 file
2050 
2051  \param fileName the name (and path, if required) to read the
2052  certificate collection from
2053  \param result a pointer to a ConvertResult, which if not-null will
2054  be set to the conversion status
2055  \param provider the provider to use, if a specific provider is
2056  required
2057 
2058  \return the CertificateCollection corresponding to the contents of
2059  the file specified in fileName
2060  */
2061  static CertificateCollection
2062  fromPKCS7File(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2063 
2064 private:
2065  class Private;
2067 };
2068 
2069 /**
2070  \class CertificateAuthority qca_cert.h QtCrypto
2071 
2072  A %Certificate Authority is used to generate Certificates and
2073  %Certificate Revocation Lists (CRLs).
2074 
2075  \ingroup UserAPI
2076 */
2077 class QCA_EXPORT CertificateAuthority : public Algorithm
2078 {
2079 public:
2080  /**
2081  Create a new %Certificate Authority
2082 
2083  \param cert the CA certificate
2084  \param key the private key associated with the CA certificate
2085  \param provider the provider to use, if a specific provider is
2086  required
2087  */
2088  CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
2089 
2090  /**
2091  Copy constructor
2092 
2093  \param from the CertificateAuthority to copy from
2094  */
2096 
2097  ~CertificateAuthority() override;
2098 
2099  /**
2100  Standard assignment operator
2101 
2102  \param from the CertificateAuthority to copy from
2103  */
2104  CertificateAuthority &operator=(const CertificateAuthority &from);
2105 
2106  /**
2107  The Certificate belonging to the %CertificateAuthority
2108 
2109  This is the Certificate that was passed as an argument to the
2110  constructor
2111  */
2112  Certificate certificate() const;
2113 
2114  /**
2115  Create a new Certificate by signing the provider CertificateRequest
2116 
2117  \param req the CertificateRequest to sign
2118  \param notValidAfter the last date that the Certificate will be
2119  valid
2120  */
2121  Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const;
2122 
2123  /**
2124  Create a new Certificate
2125 
2126  \param key the Public Key to use to create the Certificate
2127  \param opts the options to use for the new Certificate
2128  */
2129  Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
2130 
2131  /**
2132  Create a new %Certificate Revocation List (CRL)
2133 
2134  \param nextUpdate the date that the CRL will be updated
2135 
2136  \return an empty CRL
2137  */
2138  CRL createCRL(const QDateTime &nextUpdate) const;
2139 
2140  /**
2141  Update the CRL to include new entries
2142 
2143  \param crl the CRL to update
2144  \param entries the entries to add to the CRL
2145  \param nextUpdate the date that this CRL will be updated
2146 
2147  \return the update CRL
2148  */
2149  CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
2150 
2151 private:
2152  class Private;
2153  Private *d;
2154 };
2155 
2156 /**
2157  \class KeyBundle qca_cert.h QtCrypto
2158 
2159  Certificate chain and private key pair
2160 
2161  KeyBundle is essentially a convience class that holds a
2162  certificate chain and an associated private key. This class
2163  has a number of methods that make it particularly suitable
2164  for accessing a PKCS12 (.p12) format file, however it can
2165  be used as just a container for a Certificate, its
2166  associated PrivateKey and optionally additional
2167  X.509 Certificate that form a chain.
2168 
2169  For more information on PKCS12 "Personal Information
2170  Exchange Syntax Standard", see <a
2171  href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf">ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf</a>.
2172 
2173  \ingroup UserAPI
2174 */
2175 class QCA_EXPORT KeyBundle
2176 {
2177 public:
2178  /**
2179  Create an empty KeyBundle
2180  */
2181  KeyBundle();
2182 
2183  /**
2184  Create a KeyBundle from a PKCS12 (.p12) encoded
2185  file
2186 
2187  This constructor requires appropriate plugin (provider)
2188  support. You must check for the "pkcs12" feature
2189  before using this constructor.
2190 
2191  \param fileName the name of the file to read from
2192  \param passphrase the passphrase that is applicable to the file
2193 
2194  \sa fromFile for a more flexible version of the
2195  same capability.
2196 
2197  \note This synchronous operation may require event handling, and so
2198  it must not be called from the same thread as an EventHandler.
2199  */
2200  explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
2201 
2202  /**
2203  Standard copy constructor
2204 
2205  \param from the KeyBundle to use as source
2206  */
2207  KeyBundle(const KeyBundle &from);
2208 
2209  ~KeyBundle();
2210 
2211  /**
2212  Standard assignment operator
2213 
2214  \param from the KeyBundle to use as source
2215  */
2216  KeyBundle &operator=(const KeyBundle &from);
2217 
2218  /**
2219  Test if this key is empty (null)
2220  */
2221  bool isNull() const;
2222 
2223  /**
2224  The name associated with this key.
2225 
2226  This is also known as the "friendly name", and if
2227  present, is typically suitable to be displayed to
2228  the user.
2229 
2230  \sa setName
2231  */
2232  QString name() const;
2233 
2234  /**
2235  The public certificate part of this bundle
2236 
2237  \sa setCertificateChainAndKey
2238  */
2239  CertificateChain certificateChain() const;
2240 
2241  /**
2242  The private key part of this bundle
2243 
2244  \sa setCertificateChainAndKey
2245  */
2246  PrivateKey privateKey() const;
2247 
2248  /**
2249  Specify the name of this bundle
2250 
2251  \param s the name to use
2252  */
2253  void setName(const QString &s);
2254 
2255  /**
2256  Set the public certificate and private key
2257 
2258  \param c the CertificateChain containing the public part of the
2259  Bundle
2260  \param key the private key part of the Bundle
2261 
2262  \sa privateKey, certificateChain for getters
2263  */
2264  void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
2265 
2266  /**
2267  Export the key bundle to an array in PKCS12 format.
2268 
2269  This method requires appropriate plugin (provider)
2270  support - you must check for the "pkcs12" feature,
2271  as shown below.
2272 
2273  \code
2274 if( QCA::isSupported("pkcs12") )
2275 {
2276  // can use I/O
2277  byteArray = bundle.toArray( "pass phrase" );
2278 }
2279 else
2280 {
2281  // not possible to use I/O
2282 }
2283  \endcode
2284 
2285  \param passphrase the passphrase to use to protect the bundle
2286  \param provider the provider to use, if a specific provider is
2287  required
2288  */
2289  QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
2290 
2291  /**
2292  Export the key bundle to a file in PKCS12 (.p12) format
2293 
2294  This method requires appropriate plugin (provider)
2295  support - you must check for the "pkcs12" feature,
2296  as shown below.
2297 
2298  \code
2299 if( QCA::isSupported("pkcs12") )
2300 {
2301  // can use I/O
2302  bool result = bundle.toFile( filename, "pass phrase" );
2303 }
2304 else
2305 {
2306  // not possible to use I/O
2307 }
2308  \endcode
2309 
2310  \param fileName the name of the file to save to
2311  \param passphrase the passphrase to use to protect the bundle
2312  \param provider the provider to use, if a specific provider is
2313  required
2314  */
2315  bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
2316 
2317  /**
2318  Import the key bundle from an array in PKCS12 format
2319 
2320  This method requires appropriate plugin (provider)
2321  support - you must check for the "pkcs12" feature,
2322  as shown below.
2323 
2324  \code
2325 if( QCA::isSupported("pkcs12") )
2326 {
2327  // can use I/O
2328  bundle = QCA::KeyBundle::fromArray( array, "pass phrase" );
2329 }
2330 else
2331 {
2332  // not possible to use I/O
2333 }
2334  \endcode
2335 
2336  \param a the array to import from
2337  \param passphrase the passphrase for the encoded bundle
2338  \param result pointer to the result of the import process
2339  \param provider the provider to use, if a specific provider is
2340  required
2341 
2342  \sa QCA::KeyLoader for an asynchronous loader approach.
2343 
2344  \note This synchronous operation may require event handling, and so
2345  it must not be called from the same thread as an EventHandler.
2346  */
2347  static KeyBundle fromArray(const QByteArray & a,
2348  const SecureArray &passphrase = SecureArray(),
2349  ConvertResult * result = nullptr,
2350  const QString & provider = QString());
2351 
2352  /**
2353  Import the key bundle from a file in PKCS12 (.p12) format
2354 
2355  This method requires appropriate plugin (provider)
2356  support - you must check for the "pkcs12" feature,
2357  as shown below.
2358 
2359  \code
2360 if( QCA::isSupported("pkcs12") )
2361 {
2362  // can use I/O
2363  bundle = QCA::KeyBundle::fromFile( filename, "pass phrase" );
2364 }
2365 else
2366 {
2367  // not possible to use I/O
2368 }
2369  \endcode
2370 
2371  \param fileName the name of the file to read from
2372  \param passphrase the passphrase for the encoded bundle
2373  \param result pointer to the result of the import process
2374  \param provider the provider to use, if a specific provider is
2375  required
2376 
2377  \sa QCA::KeyLoader for an asynchronous loader approach.
2378 
2379  \note This synchronous operation may require event handling, and so
2380  it must not be called from the same thread as an EventHandler.
2381  */
2382  static KeyBundle fromFile(const QString & fileName,
2383  const SecureArray &passphrase = SecureArray(),
2384  ConvertResult * result = nullptr,
2385  const QString & provider = QString());
2386 
2387 private:
2388  class Private;
2390 };
2391 
2392 /**
2393  \class PGPKey qca_cert.h QtCrypto
2394 
2395  Pretty Good Privacy key
2396 
2397  This holds either a reference to an item in a real PGP keyring,
2398  or a standalone item created using the from*() functions.
2399 
2400  Note that with the latter method, the key is of no use besides
2401  being informational. The key must be in a keyring
2402  (that is, inKeyring() == true) to actually do crypto with it.
2403 
2404  \ingroup UserAPI
2405 */
2406 class QCA_EXPORT PGPKey : public Algorithm
2407 {
2408 public:
2409  /**
2410  Create an empty PGP key
2411  */
2412  PGPKey();
2413 
2414  /**
2415  Create a PGP key from an encoded file
2416 
2417  \param fileName the name (and path, if required) of the file
2418  that the PGP key is to be loaded from.
2419 
2420  \sa fromFile for a version that allows better error checking / validation
2421  \sa toFile for a method to write out the key.
2422  */
2423  PGPKey(const QString &fileName);
2424 
2425  /**
2426  Standard copy constructor
2427 
2428  \param from the PGPKey to use as the source
2429  */
2430  PGPKey(const PGPKey &from);
2431 
2432  ~PGPKey() override;
2433 
2434  /**
2435  Standard assignment operator
2436 
2437  \param from the PGPKey to use as the source
2438  */
2439  PGPKey &operator=(const PGPKey &from);
2440 
2441  /**
2442  Test if the PGP key is empty (null)
2443 
2444  \return true if the PGP key is null
2445  */
2446  bool isNull() const;
2447 
2448  /**
2449  The Key identification for the PGP key
2450  */
2451  QString keyId() const;
2452 
2453  /**
2454  The primary user identification for the key
2455  */
2456  QString primaryUserId() const;
2457 
2458  /**
2459  The list of all user identifications associated with the key
2460  */
2461  QStringList userIds() const;
2462 
2463  /**
2464  Test if the PGP key is the secret key
2465 
2466  \return true if the PGP key is the secret key
2467  */
2468  bool isSecret() const;
2469 
2470  /**
2471  The creation date for the key
2472  */
2473  QDateTime creationDate() const;
2474 
2475  /**
2476  The expiration date for the key
2477  */
2478  QDateTime expirationDate() const;
2479 
2480  /**
2481  The key fingerpint
2482 
2483  This will return the PGP fingerprint as a string. It comprises 40
2484  hex digits, without spaces.
2485  */
2486  QString fingerprint() const;
2487 
2488  /**
2489  Test if this key is in a keyring
2490 
2491  \return true if the key is in a keyring
2492 
2493  \note keys that are not in a keyring cannot be used for encryption,
2494  decryption, signing or verification
2495  */
2496  bool inKeyring() const;
2497 
2498  /**
2499  Test if the key is trusted
2500 
2501  \return true if the key is trusted
2502  */
2503  bool isTrusted() const;
2504 
2505  /**
2506  Export the key to an array.
2507 
2508  This will export the key in a binary format (that is, not in an
2509  "ascii armoured" form).
2510 
2511  \sa fromArray for a static import method.
2512  \sa toString for an "ascii armoured" export method.
2513  */
2514  QByteArray toArray() const;
2515 
2516  /**
2517  Export the key to a string
2518 
2519  This will export the key in an "ascii armoured" form.
2520 
2521  \sa fromString for a static import method.
2522  \sa toArray for a binary format export method.
2523  */
2524  QString toString() const;
2525 
2526  /**
2527  Export the key to a file
2528 
2529  \param fileName the name of the file to save the key to
2530  */
2531  bool toFile(const QString &fileName) const;
2532 
2533  /**
2534  Import the key from an array
2535 
2536  \param a the array to import from
2537  \param result if not null, this will be set to the result of the
2538  import process
2539  \param provider the provider to use, if a particular provider is
2540  required
2541  */
2542  static PGPKey fromArray(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
2543 
2544  /**
2545  Import the key from a string
2546 
2547  \param s the string to import from
2548  \param result if not null, this will be set to the result of the
2549  import process
2550  \param provider the provider to use, if a particular provider is
2551  required
2552  */
2553  static PGPKey fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
2554 
2555  /**
2556  Import the key from a file
2557 
2558  \param fileName string containing the name of the file to import
2559  from
2560  \param result if not null, this will be set to the result of the
2561  import process
2562  \param provider the provider to use, if a particular provider is
2563  required
2564  */
2565  static PGPKey
2566  fromFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2567 
2568 private:
2569  class Private;
2570  Private *d;
2571 };
2572 
2573 /**
2574  \class KeyLoader qca_cert.h QtCrypto
2575 
2576  Asynchronous private key loader
2577 
2578  GUI applications generally must use KeyLoader to load private keys. This
2579  is because the synchronous private key loading functions, for example
2580  QCA::PrivateKey::fromPEMFile(), cannot be used within the same thread as an
2581  EventHandler, and most GUI applications will use EventHandler from the main
2582  thread. KeyLoader does not have this problem. It can be used from any
2583  thread, including the same thread as EventHandler.
2584 
2585  The KeyLoader class allows you to asynchronously load stand-alone private
2586  keys (QCA::PrivateKey) or private keys with a certificate (QCA::KeyBundle)
2587  with a signal that advises of completion.
2588 
2589  To use this class to load a PrivateKey, you create a KeyLoader object then
2590  use one of the loadPrivateKeyFrom...() functions, depending on the format
2591  for your key. These functions return immediately. When you get the
2592  finished() signal, you can check that the loading operation succeeded
2593  (using convertResult()) and then obtain the PrivateKey using the
2594  privateKey() function.
2595 
2596  The same process applies for loading a KeyBundle, except that you use
2597  either loadKeyBundleFromFile() or loadKeyBundleFromArray() instead of the
2598  loadPrivateKeyFrom...() function, and use keyBundle() instead of
2599  privateKey().
2600 
2601  The loader may need a passphrase to complete the loading of the key or key
2602  bundle. You should use the QCA::EventHandler class to ensure that you deal
2603  with this correctly.
2604 
2605  \note %QCA also provides synchronous private key loading using
2606  QCA::PrivateKey::fromPEMFile(), QCA::PrivateKey::fromPEM() and
2607  QCA::PrivateKey::fromDER(). %QCA provides synchronous key bundle loading
2608  using QCA::KeyBundle::fromArray() and QCA::KeyBundle::fromFile().
2609 
2610  \ingroup UserAPI
2611 */
2612 class QCA_EXPORT KeyLoader : public QObject
2613 {
2614  Q_OBJECT
2615 public:
2616  /**
2617  Create a KeyLoader object.
2618 
2619  \param parent the parent object for this object
2620  */
2621  KeyLoader(QObject *parent = nullptr);
2622  ~KeyLoader() override;
2623 
2624  /**
2625  Initiate an asynchronous loading of a PrivateKey from a PEM format
2626  file.
2627 
2628  This function will return immediately.
2629 
2630  \param fileName the name of the file (and path, if necessary) to
2631  load the key from
2632  */
2633  void loadPrivateKeyFromPEMFile(const QString &fileName);
2634 
2635  /**
2636  Initiate an asynchronous loading of a PrivateKey from a PEM format
2637  string.
2638 
2639  This function will return immediately.
2640 
2641  \param s the string containing the PEM formatted key
2642  */
2643  void loadPrivateKeyFromPEM(const QString &s);
2644 
2645  /**
2646  Initiate an asynchronous loading of a PrivateKey from a DER format
2647  array.
2648 
2649  This function will return immediately.
2650 
2651  \param a the array containing the DER formatted key
2652  */
2653  void loadPrivateKeyFromDER(const SecureArray &a);
2654 
2655  /**
2656  Initiate an asynchronous loading of a KeyBundle from a file
2657 
2658  This function will return immediately.
2659 
2660  \param fileName the name of the file (and path, if necessary) to
2661  load the key bundle from
2662  */
2663  void loadKeyBundleFromFile(const QString &fileName);
2664 
2665  /**
2666  Initiate an asynchronous loading of a KeyBundle from an array
2667 
2668  This function will return immediately.
2669 
2670  \param a the array containing the key bundle
2671  */
2672  void loadKeyBundleFromArray(const QByteArray &a);
2673 
2674  /**
2675  The result of the loading process.
2676 
2677  This is not valid until the finished() signal has been emitted.
2678  */
2679  ConvertResult convertResult() const;
2680 
2681  /**
2682  The private key that has been loaded.
2683 
2684  This is only valid if loadPrivateKeyFromPEMFile(),
2685  loadPrivateKeyFromPEM() or loadPrivateKeyFromDER() has been used,
2686  the load has completed (that is, finished() has been emitted), and
2687  the conversion succeeded (that is, convertResult() returned
2688  ConvertGood).
2689  */
2690  PrivateKey privateKey() const;
2691 
2692  /**
2693  The key bundle that has been loaded.
2694 
2695  This is only valid if loadKeyBundleFromFile() or
2696  loadKeyBundleFromArray() has been used, the load has completed
2697  (that is, finished() has been emitted), and the conversion
2698  succeeded (that is, convertResult() returned ConvertGood).
2699  */
2700  KeyBundle keyBundle() const;
2701 
2702 Q_SIGNALS:
2703  /**
2704  Signal that is emitted when the load process has completed.
2705 
2706  \note The load process may not have completed successfully - check
2707  the result of convertResult() to confirm this before using the
2708  privateKey() or keyBundle() results.
2709  */
2710  void finished();
2711 
2712 private:
2713  Q_DISABLE_COPY(KeyLoader)
2714 
2715  class Private;
2716  friend class Private;
2717  Private *d;
2718 };
2719 
2720 }
2721 
2722 #endif
ConvertResult
Return value from a format conversion.
bool operator!=(const CertificateInfoType &other) const
Inequality operator.
Definition: qca_cert.h:228
X.509 certificate request provider.
Definition: qcaprovider.h:1428
CertificateChain complete(const QList< Certificate > &issuers=QList< Certificate >(), Validity *result=nullptr) const
Complete a certificate chain for the primary certificate, using the rest of the certificates in the c...
Definition: qca_cert.h:1309
PKCS#9 Email field, id = "1.2.840.113549.1.9.1".
Definition: qca_cert.h:68
ConstraintTypeKnown
Known types of certificate constraints.
Definition: qca_cert.h:316
X.509 certificate provider.
Definition: qcaprovider.h:1324
CertificateInfoOrdered dnOnly() const
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in thi...
Definition: qca_cert.h:582
QMultiMap< CertificateInfoType, QString > CertificateInfo
Certificate properties type.
Definition: qca_cert.h:535
General superclass for an algorithm.
Definition: qca_core.h:1163
Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3".
Definition: qca_cert.h:334
The root CA rejected the certificate purpose.
Definition: qca_cert.h:499
certificate revocation list signing certificate
Definition: qca_cert.h:490
QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in)
Convert to RFC 1779 string format.
Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature" ...
Definition: qca_cert.h:319
Certificate can be used for server authentication (e.g.
Definition: qca_cert.h:330
Section
Section of the certificate that the information belongs in.
Definition: qca_cert.h:125
const Certificate & primary() const
Return the primary (end-user) Certificate.
Definition: qca_cert.h:1249
Generic private key.
Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4".
Definition: qca_cert.h:336
email (S/MIME) certificate
Definition: qca_cert.h:488
bool operator!=(const Certificate &other) const
Inequality operator.
Definition: qca_cert.h:1176
code signing certificate
Definition: qca_cert.h:487
X.509 certificate revocation list provider.
Definition: qcaprovider.h:1512
Certificate chain and private key pair.
Definition: qca_cert.h:2175
The certificate is self-signed, and is not found in the list of trusted certificates.
Definition: qca_cert.h:504
ValidateFlags
The conditions to validate for a certificate.
Definition: qca_cert.h:516
A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs)...
Definition: qca_cert.h:2077
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:496
An organisation (eg company), id = "2.5.4.10".
Definition: qca_cert.h:69
Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8".
Definition: qca_cert.h:344
Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign" ...
Definition: qca_cert.h:325
Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".
Definition: qca_cert.h:77
CertificateInfoTypeKnown
Known types of information stored in certificates.
Definition: qca_cert.h:64
Certificate can be used for client authentication (e.g.
Definition: qca_cert.h:332
Distinguished name (the primary name)
Definition: qca_cert.h:127
Header file for PublicKey and PrivateKey related classes.
bool operator!=(const CRLEntry &other) const
Inequality operator.
Definition: qca_cert.h:1705
Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
Definition: qca_cert.h:320
bool operator!=(const CRL &other) const
Inequality operator.
Definition: qca_cert.h:1834
XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5". ...
Definition: qca_cert.h:80
QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in)
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the...
The certificate has been revoked.
Definition: qca_cert.h:505
Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7".
Definition: qca_cert.h:342
Stored in the key usage section.
Definition: qca_cert.h:371
client side of a TLS or SSL connection
Definition: qca_cert.h:486
Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
Definition: qca_cert.h:326
Validity is unknown.
Definition: qca_cert.h:510
The locality (eg city, a shire, or part of a state), id = "2.5.4.7".
Definition: qca_cert.h:71
The certificate is not trusted.
Definition: qca_cert.h:500
Certificate Revocation List
Definition: qca_cert.h:1739
The signature does not match.
Definition: qca_cert.h:501
Certificate Request
Definition: qca_cert.h:1325
Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
Definition: qca_cert.h:327
Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment" ...
Definition: qca_cert.h:321
Section
Section of the certificate that the constraint belongs in.
Definition: qca_cert.h:369
Signed Public Key and Challenge (Netscape) format.
Definition: qca_cert.h:56
Header file for core QCA infrastructure.
SignatureAlgorithm
Signature algorithm variants.
Definition: qca_publickey.h:73
Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
Definition: qca_cert.h:323
Certificate information type.
Definition: qca_cert.h:119
bool operator!=(const CertificateInfoPair &other) const
Inequality operator.
Definition: qca_cert.h:301
Ordered certificate properties type.
Definition: qca_cert.h:547
QString toString() const
Convert to RFC 1779 string format.
Definition: qca_cert.h:577
standard PKCS#10 format
Definition: qca_cert.h:55
Asynchronous private key loader.
Definition: qca_cert.h:2612
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:41
CertificateChain()
Create an empty certificate chain.
Definition: qca_cert.h:1231
The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1". ...
Definition: qca_cert.h:72
The path length from the root CA to this certificate is too long.
Definition: qca_cert.h:506
The certificate has expired, or is not yet valid (e.g.
Definition: qca_cert.h:507
The Certificate Authority has expired.
Definition: qca_cert.h:509
certificate has been superseded
Definition: qca_cert.h:1612
The purpose does not match the intended usage.
Definition: qca_cert.h:503
Certificate constraint.
Definition: qca_cert.h:363
The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".
Definition: qca_cert.h:76
Email address, id = "GeneralName.rfc822Name".
Definition: qca_cert.h:67
QCA_EXPORT QStringList makeFriendlyNames(const QList< Certificate > &list)
Create a list of unique friendly names among a list of certificates.
Secure array of bytes.
Definition: qca_tools.h:316
Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment" ...
Definition: qca_cert.h:322
certificate was previously in a CRL, but is now valid
Definition: qca_cert.h:1615
CertificateRequestFormat
Certificate Request Format.
Definition: qca_cert.h:53
QList< ConstraintType > Constraints
Certificate constraints type
Definition: qca_cert.h:590
An part of an organisation (eg a division or branch), id = "2.5.4.11".
Definition: qca_cert.h:70
bool operator!=(const ConstraintType &other) const
Inequality operator.
Definition: qca_cert.h:469
Certificate options
Definition: qca_cert.h:609
certificate is on hold
Definition: qca_cert.h:1614
IP address, id = "GeneralName.iPAddress".
Definition: qca_cert.h:79
Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
Definition: qca_cert.h:324
A chain of related Certificates.
Definition: qca_cert.h:1225
private key has been compromised
Definition: qca_cert.h:1609
One entry in a certificate information list.
Definition: qca_cert.h:245
certificate authority has been compromised
Definition: qca_cert.h:1610
The common name (eg person), id = "2.5.4.3".
Definition: qca_cert.h:66
The certificate is valid.
Definition: qca_cert.h:498
QCA_EXPORT const SecureArray operator+(const SecureArray &a, const SecureArray &b)
Returns an array that is the result of concatenating a and b.
Reason
The reason why the certificate has been revoked.
Definition: qca_cert.h:1606
Public Key (X.509) certificate.
Definition: qca_cert.h:856
time stamping certificate
Definition: qca_cert.h:489
The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".
Definition: qca_cert.h:74
Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion, id = "1.3.6.1.5.5.7.3.9".
Definition: qca_cert.h:346
Any application, or unspecified.
Definition: qca_cert.h:484
Part of a CRL representing a single certificate.
Definition: qca_cert.h:1600
UsageMode
Specify the intended usage of a certificate.
Definition: qca_cert.h:482
Arbitrary precision integer.
Definition: qca_tools.h:570
Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6".
Definition: qca_cert.h:340
CertificateChain(const Certificate &primary)
Create a certificate chain, starting at the specified certificate.
Definition: qca_cert.h:1241
Pretty Good Privacy key.
Definition: qca_cert.h:2406
The state within the country, id = "2.5.4.8".
Definition: qca_cert.h:73
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1928
Generic public key.
Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5".
Definition: qca_cert.h:338
server side of a TLS or SSL connection
Definition: qca_cert.h:485
Validity validate(const CertificateCollection &trusted, const QList< CRL > &untrusted_crls=QList< CRL >(), UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate chain.
Definition: qca_cert.h:1299
DNS name, id = "GeneralName.dNSName".
Definition: qca_cert.h:78
The country, id = "2.5.4.6".
Definition: qca_cert.h:75
The Certificate Authority is invalid.
Definition: qca_cert.h:502
bool operator!=(const CertificateRequest &other) const
Inequality operator.
Definition: qca_cert.h:1473
reason is unknown
Definition: qca_cert.h:1608
This file is part of the KDE documentation.
Documentation copyright © 1996-2021 The KDE developers.
Generated on Mon Aug 2 2021 23:04:22 by doxygen 1.8.11 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.