QGIS API Documentation  3.8.0-Zanzibar (11aff65)
Public Types | Static Public Member Functions | List of all members
QgsAuthCertUtils Class Reference

Utilities for working with certificates and keys. More...

#include <qgsauthcertutils.h>

Public Types

enum  CaCertSource { SystemRoot = 0, FromFile = 1, InDatabase = 2, Connection = 3 }
 Type of CA certificate source. More...
 
enum  CertTrustPolicy { DefaultTrust = 0, Trusted = 1, Untrusted = 2, NoPolicy = 3 }
 Type of certificate trust policy. More...
 
enum  CertUsageType {
  UndeterminedUsage = 0, AnyOrUnspecifiedUsage, CertAuthorityUsage, CertIssuerUsage,
  TlsServerUsage, TlsServerEvUsage, TlsClientUsage, CodeSigningUsage,
  EmailProtectionUsage, TimeStampingUsage, CRLSigningUsage
}
 Type of certificate usage. More...
 
enum  ConstraintGroup { KeyUsage = 0, ExtendedKeyUsage = 1 }
 Type of certificate key group. More...
 

Static Public Member Functions

static QList< QSslCertificate > casFromFile (const QString &certspath)
 Returns a list of concatenated CAs from a PEM or DER formatted file. More...
 
static QList< QSslCertificate > casMerge (const QList< QSslCertificate > &bundle1, const QList< QSslCertificate > &bundle2)
 casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there More...
 
static QList< QSslCertificate > casRemoveSelfSigned (const QList< QSslCertificate > &caList)
 casRemoveSelfSigned remove self-signed CA certificates from caList More...
 
static QSslCertificate certFromFile (const QString &certpath)
 Returns the first cert from a PEM or DER formatted file. More...
 
static bool certificateIsAuthority (const QSslCertificate &cert)
 Gets whether a certificate is an Authority. More...
 
static bool certificateIsAuthorityOrIssuer (const QSslCertificate &cert)
 Gets whether a certificate is an Authority or can at least sign other certificates. More...
 
static bool certificateIsIssuer (const QSslCertificate &cert)
 Gets whether a certificate can sign other certificates. More...
 
static bool certificateIsSslClient (const QSslCertificate &cert)
 Gets whether a certificate is probably used for a client identity. More...
 
static bool certificateIsSslServer (const QSslCertificate &cert)
 Gets whether a certificate is probably used for a SSL server. More...
 
static QList< QgsAuthCertUtils::CertUsageTypecertificateUsageTypes (const QSslCertificate &cert)
 Try to determine the certificates usage types. More...
 
static QString certificateUsageTypeString (QgsAuthCertUtils::CertUsageType usagetype)
 Certificate usage type strings per enum. More...
 
static bool certIsCurrent (const QSslCertificate &cert)
 certIsCurrent checks if cert is viable for its not before and not after dates More...
 
static bool certIsViable (const QSslCertificate &cert)
 certIsViable checks for viability errors of cert and whether it is NULL More...
 
static QStringList certKeyBundleToPem (const QString &certpath, const QString &keypath, const QString &keypass=QString(), bool reencrypt=true)
 Returns list of certificate, private key and algorithm (as PEM text) from file path components. More...
 
static QList< QSslCertificate > certsFromFile (const QString &certspath)
 Returns a list of concatenated certs from a PEM or DER formatted file. More...
 
static QList< QSslCertificate > certsFromString (const QString &pemtext)
 Returns a list of concatenated certs from a PEM Base64 text block. More...
 
static QMap< QString, QList< QSslCertificate > > certsGroupedByOrg (const QList< QSslCertificate > &certs)
 Map certificates to their oraganization. More...
 
static QByteArray certsToPemText (const QList< QSslCertificate > &certs)
 certsToPemText dump a list of QSslCertificates to PEM text More...
 
static QList< QSslError > certViabilityErrors (const QSslCertificate &cert)
 certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert More...
 
static QByteArray fileData (const QString &path)
 Returns data from a local file via a read-only operation. More...
 
static QString getCaSourceName (QgsAuthCertUtils::CaCertSource source, bool single=false)
 Gets the general name for CA source enum type. More...
 
static QString getCertDistinguishedName (const QSslCertificate &qcert, const QCA::Certificate &acert=QCA::Certificate(), bool issuer=false)
 Gets combined distinguished name for certificate. More...
 
static QString getCertTrustName (QgsAuthCertUtils::CertTrustPolicy trust)
 Gets the general name for certificate trust. More...
 
static QString getColonDelimited (const QString &txt)
 Gets string with colon delimiters every 2 characters. More...
 
static QString getSslProtocolName (QSsl::SslProtocol protocol)
 SSL Protocol name strings per enum. More...
 
static QSslKey keyFromFile (const QString &keypath, const QString &keypass=QString(), QString *algtype=nullptr)
 Returns non-encrypted key from a PEM or DER formatted file. More...
 
static QMap< QString, QSslCertificate > mapDigestToCerts (const QList< QSslCertificate > &certs)
 Map certificate sha1 to certificate as simple cache. More...
 
static QMap< QString, QgsAuthConfigSslServermapDigestToSslConfigs (const QList< QgsAuthConfigSslServer > &configs)
 Map SSL custom configs' certificate sha1 to custom config as simple cache. More...
 
static bool pemIsPkcs8 (const QString &keyPemTxt)
 Determine if the PEM-encoded text of a key is PKCS#8 format. More...
 
static QString pemTextToTempFile (const QString &name, const QByteArray &pemtext)
 Write a temporary file for a PEM text of cert/key/CAs bundle component. More...
 
static QList< QSslCertificate > pkcs12BundleCas (const QString &bundlepath, const QString &bundlepass=QString())
 Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle. More...
 
static QStringList pkcs12BundleToPem (const QString &bundlepath, const QString &bundlepass=QString(), bool reencrypt=true)
 Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle. More...
 
static QCA::KeyBundle qcaKeyBundle (const QString &path, const QString &pass)
 PKI key/cert bundle from file path, e.g. More...
 
static QString qcaKnownConstraint (QCA::ConstraintTypeKnown constraint)
 Certificate well-known constraint strings per enum. More...
 
static QString qcaSignatureAlgorithm (QCA::SignatureAlgorithm algorithm)
 Certificate signature algorithm strings per enum. More...
 
static QString qcaValidityMessage (QCA::Validity validity)
 Certificate validity check messages per enum. More...
 
static QCA::CertificateCollection qtCertsToQcaCollection (const QList< QSslCertificate > &certs)
 Convert a QList of QSslCertificate to a QCA::CertificateCollection. More...
 
static QCA::Certificate qtCertToQcaCert (const QSslCertificate &cert)
 Convert a QSslCertificate to a QCA::Certificate. More...
 
static QString resolvedCertName (const QSslCertificate &cert, bool issuer=false)
 Gets the general name via RFC 5280 resolution. More...
 
static QString shaHexForCert (const QSslCertificate &cert, bool formatted=false)
 Gets the sha1 hash for certificate. More...
 
static QMap< QString, QList< QgsAuthConfigSslServer > > sslConfigsGroupedByOrg (const QList< QgsAuthConfigSslServer > &configs)
 Map SSL custom configs' certificates to their oraganization. More...
 
static QString sslErrorEnumString (QSslError::SslError errenum)
 Gets short strings describing an SSL error. More...
 
static QList< QPair< QSslError::SslError, QString > > sslErrorEnumStrings ()
 Gets short strings describing SSL errors. More...
 
static QList< QSslError > validateCertChain (const QList< QSslCertificate > &certificateChain, const QString &hostName=QString(), bool trustRootCa=false)
 validateCertChain validates the given certificateChain More...
 
static QStringList validatePKIBundle (QgsPkiBundle &bundle, bool useIntermediates=true, bool trustRootCa=false)
 validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA More...
 

Detailed Description

Utilities for working with certificates and keys.

Definition at line 40 of file qgsauthcertutils.h.

Member Enumeration Documentation

◆ CaCertSource

Type of CA certificate source.

Enumerator
SystemRoot 
FromFile 
InDatabase 
Connection 

Definition at line 44 of file qgsauthcertutils.h.

◆ CertTrustPolicy

Type of certificate trust policy.

Enumerator
DefaultTrust 
Trusted 
Untrusted 
NoPolicy 

Definition at line 53 of file qgsauthcertutils.h.

◆ CertUsageType

Type of certificate usage.

Enumerator
UndeterminedUsage 
AnyOrUnspecifiedUsage 
CertAuthorityUsage 
CertIssuerUsage 
TlsServerUsage 
TlsServerEvUsage 
TlsClientUsage 
CodeSigningUsage 
EmailProtectionUsage 
TimeStampingUsage 
CRLSigningUsage 

Definition at line 62 of file qgsauthcertutils.h.

◆ ConstraintGroup

Type of certificate key group.

Enumerator
KeyUsage 
ExtendedKeyUsage 

Definition at line 78 of file qgsauthcertutils.h.

Member Function Documentation

◆ casFromFile()

QList< QSslCertificate > QgsAuthCertUtils::casFromFile ( const QString &  certspath)
static

Returns a list of concatenated CAs from a PEM or DER formatted file.

Definition at line 137 of file qgsauthcertutils.cpp.

◆ casMerge()

QList< QSslCertificate > QgsAuthCertUtils::casMerge ( const QList< QSslCertificate > &  bundle1,
const QList< QSslCertificate > &  bundle2 
)
static

casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there

Parameters
bundle1first bundle
bundle2second bundle
Returns
a list of unique certificates

Definition at line 151 of file qgsauthcertutils.cpp.

◆ casRemoveSelfSigned()

QList< QSslCertificate > QgsAuthCertUtils::casRemoveSelfSigned ( const QList< QSslCertificate > &  caList)
static

casRemoveSelfSigned remove self-signed CA certificates from caList

Parameters
caListlist of CA certificates
Returns
a list of non self-signed certificates

Definition at line 250 of file qgsauthcertutils.cpp.

◆ certFromFile()

QSslCertificate QgsAuthCertUtils::certFromFile ( const QString &  certpath)
static

Returns the first cert from a PEM or DER formatted file.

Definition at line 173 of file qgsauthcertutils.cpp.

◆ certificateIsAuthority()

bool QgsAuthCertUtils::certificateIsAuthority ( const QSslCertificate &  cert)
static

Gets whether a certificate is an Authority.

Definition at line 1006 of file qgsauthcertutils.cpp.

◆ certificateIsAuthorityOrIssuer()

bool QgsAuthCertUtils::certificateIsAuthorityOrIssuer ( const QSslCertificate &  cert)
static

Gets whether a certificate is an Authority or can at least sign other certificates.

Definition at line 1016 of file qgsauthcertutils.cpp.

◆ certificateIsIssuer()

bool QgsAuthCertUtils::certificateIsIssuer ( const QSslCertificate &  cert)
static

Gets whether a certificate can sign other certificates.

Definition at line 1011 of file qgsauthcertutils.cpp.

◆ certificateIsSslClient()

bool QgsAuthCertUtils::certificateIsSslClient ( const QSslCertificate &  cert)
static

Gets whether a certificate is probably used for a client identity.

Definition at line 1143 of file qgsauthcertutils.cpp.

◆ certificateIsSslServer()

bool QgsAuthCertUtils::certificateIsSslServer ( const QSslCertificate &  cert)
static

Gets whether a certificate is probably used for a SSL server.

Definition at line 1022 of file qgsauthcertutils.cpp.

◆ certificateUsageTypes()

QList< QgsAuthCertUtils::CertUsageType > QgsAuthCertUtils::certificateUsageTypes ( const QSslCertificate &  cert)
static

Try to determine the certificates usage types.

Definition at line 931 of file qgsauthcertutils.cpp.

◆ certificateUsageTypeString()

QString QgsAuthCertUtils::certificateUsageTypeString ( QgsAuthCertUtils::CertUsageType  usagetype)
static

Certificate usage type strings per enum.

Note
not available in Python bindings

Definition at line 901 of file qgsauthcertutils.cpp.

◆ certIsCurrent()

bool QgsAuthCertUtils::certIsCurrent ( const QSslCertificate &  cert)
static

certIsCurrent checks if cert is viable for its not before and not after dates

Parameters
certcertificate to be checked

Definition at line 1263 of file qgsauthcertutils.cpp.

◆ certIsViable()

bool QgsAuthCertUtils::certIsViable ( const QSslCertificate &  cert)
static

certIsViable checks for viability errors of cert and whether it is NULL

Parameters
certcertificate to be checked
Returns
false if cert is NULL or has viability errors

Definition at line 1295 of file qgsauthcertutils.cpp.

◆ certKeyBundleToPem()

QStringList QgsAuthCertUtils::certKeyBundleToPem ( const QString &  certpath,
const QString &  keypath,
const QString &  keypass = QString(),
bool  reencrypt = true 
)
static

Returns list of certificate, private key and algorithm (as PEM text) from file path components.

Parameters
certpathFile path to certificate
keypathFile path to private key
keypassPassphrase for private key
reencryptWhether to re-encrypt the private key with the passphrase
Returns
certificate, private key, key's algorithm type

Definition at line 263 of file qgsauthcertutils.cpp.

◆ certsFromFile()

QList< QSslCertificate > QgsAuthCertUtils::certsFromFile ( const QString &  certspath)
static

Returns a list of concatenated certs from a PEM or DER formatted file.

Definition at line 125 of file qgsauthcertutils.cpp.

◆ certsFromString()

QList< QSslCertificate > QgsAuthCertUtils::certsFromString ( const QString &  pemtext)
static

Returns a list of concatenated certs from a PEM Base64 text block.

Definition at line 239 of file qgsauthcertutils.cpp.

◆ certsGroupedByOrg()

QMap< QString, QList< QSslCertificate > > QgsAuthCertUtils::certsGroupedByOrg ( const QList< QSslCertificate > &  certs)
static

Map certificates to their oraganization.

Note
not available in Python bindings

Definition at line 65 of file qgsauthcertutils.cpp.

◆ certsToPemText()

QByteArray QgsAuthCertUtils::certsToPemText ( const QList< QSslCertificate > &  certs)
static

certsToPemText dump a list of QSslCertificates to PEM text

Parameters
certslist of certs
Returns
a byte array of concatenated certificates as PEM text

Definition at line 554 of file qgsauthcertutils.cpp.

◆ certViabilityErrors()

QList< QSslError > QgsAuthCertUtils::certViabilityErrors ( const QSslCertificate &  cert)
static

certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert

Parameters
certcertificate to be checked
Returns
list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)

Definition at line 1271 of file qgsauthcertutils.cpp.

◆ fileData()

QByteArray QgsAuthCertUtils::fileData ( const QString &  path)
static

Returns data from a local file via a read-only operation.

Parameters
pathPath to file to read
Returns
All data contained in file or empty contents if file does not exist

Definition at line 104 of file qgsauthcertutils.cpp.

◆ getCaSourceName()

QString QgsAuthCertUtils::getCaSourceName ( QgsAuthCertUtils::CaCertSource  source,
bool  single = false 
)
static

Gets the general name for CA source enum type.

Parameters
sourceThe enum source type for the CA
singleWhether to return singular or plural description

Definition at line 598 of file qgsauthcertutils.cpp.

◆ getCertDistinguishedName()

QString QgsAuthCertUtils::getCertDistinguishedName ( const QSslCertificate &  qcert,
const QCA::Certificate &  acert = QCA::Certificate(),
bool  issuer = false 
)
static

Gets combined distinguished name for certificate.

Parameters
qcertQt SSL cert object
acertQCA SSL cert object to add more info to the output
issuerWhether to return cert's subject or issuer combined name
Note
not available in Python bindings

Definition at line 660 of file qgsauthcertutils.cpp.

◆ getCertTrustName()

QString QgsAuthCertUtils::getCertTrustName ( QgsAuthCertUtils::CertTrustPolicy  trust)
static

Gets the general name for certificate trust.

Definition at line 710 of file qgsauthcertutils.cpp.

◆ getColonDelimited()

QString QgsAuthCertUtils::getColonDelimited ( const QString &  txt)
static

Gets string with colon delimiters every 2 characters.

Definition at line 725 of file qgsauthcertutils.cpp.

◆ getSslProtocolName()

QString QgsAuthCertUtils::getSslProtocolName ( QSsl::SslProtocol  protocol)
static

SSL Protocol name strings per enum.

Definition at line 36 of file qgsauthcertutils.cpp.

◆ keyFromFile()

QSslKey QgsAuthCertUtils::keyFromFile ( const QString &  keypath,
const QString &  keypass = QString(),
QString *  algtype = nullptr 
)
static

Returns non-encrypted key from a PEM or DER formatted file.

Parameters
keypathFile path to private key
keypassPassphrase for private key
algtypeQString to set with resolved algorithm type

Definition at line 188 of file qgsauthcertutils.cpp.

◆ mapDigestToCerts()

QMap< QString, QSslCertificate > QgsAuthCertUtils::mapDigestToCerts ( const QList< QSslCertificate > &  certs)
static

Map certificate sha1 to certificate as simple cache.

Definition at line 55 of file qgsauthcertutils.cpp.

◆ mapDigestToSslConfigs()

QMap< QString, QgsAuthConfigSslServer > QgsAuthCertUtils::mapDigestToSslConfigs ( const QList< QgsAuthConfigSslServer > &  configs)
static

Map SSL custom configs' certificate sha1 to custom config as simple cache.

Definition at line 79 of file qgsauthcertutils.cpp.

◆ pemIsPkcs8()

bool QgsAuthCertUtils::pemIsPkcs8 ( const QString &  keyPemTxt)
static

Determine if the PEM-encoded text of a key is PKCS#8 format.

Parameters
keyPemTxtPEM-encoded text
Returns
true if PKCS#8, otherwise false

Definition at line 288 of file qgsauthcertutils.cpp.

◆ pemTextToTempFile()

QString QgsAuthCertUtils::pemTextToTempFile ( const QString &  name,
const QByteArray &  pemtext 
)
static

Write a temporary file for a PEM text of cert/key/CAs bundle component.

Parameters
pemtextComponent content as PEM text
nameName of file
Returns
File path to temporary file

Definition at line 569 of file qgsauthcertutils.cpp.

◆ pkcs12BundleCas()

QList< QSslCertificate > QgsAuthCertUtils::pkcs12BundleCas ( const QString &  bundlepath,
const QString &  bundlepass = QString() 
)
static

Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle.

Parameters
bundlepathFile path to the PKCS bundle
bundlepassPassphrase for bundle
Returns
list of certificate

Definition at line 533 of file qgsauthcertutils.cpp.

◆ pkcs12BundleToPem()

QStringList QgsAuthCertUtils::pkcs12BundleToPem ( const QString &  bundlepath,
const QString &  bundlepass = QString(),
bool  reencrypt = true 
)
static

Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle.

Parameters
bundlepathFile path to the PKCS bundle
bundlepassPassphrase for bundle
reencryptWhether to re-encrypt the private key with the passphrase
Returns
certificate, private key, key's algorithm type

Definition at line 438 of file qgsauthcertutils.cpp.

◆ qcaKeyBundle()

QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle ( const QString &  path,
const QString &  pass 
)
static

PKI key/cert bundle from file path, e.g.

from .p12 or pfx files.

Note
not available in Python bindings

Definition at line 780 of file qgsauthcertutils.cpp.

◆ qcaKnownConstraint()

QString QgsAuthCertUtils::qcaKnownConstraint ( QCA::ConstraintTypeKnown  constraint)
static

Certificate well-known constraint strings per enum.

Note
not available in Python bindings

Definition at line 856 of file qgsauthcertutils.cpp.

◆ qcaSignatureAlgorithm()

QString QgsAuthCertUtils::qcaSignatureAlgorithm ( QCA::SignatureAlgorithm  algorithm)
static

Certificate signature algorithm strings per enum.

Note
not available in Python bindings

Definition at line 825 of file qgsauthcertutils.cpp.

◆ qcaValidityMessage()

QString QgsAuthCertUtils::qcaValidityMessage ( QCA::Validity  validity)
static

Certificate validity check messages per enum.

Note
not available in Python bindings

Definition at line 792 of file qgsauthcertutils.cpp.

◆ qtCertsToQcaCollection()

QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection ( const QList< QSslCertificate > &  certs)
static

Convert a QList of QSslCertificate to a QCA::CertificateCollection.

Note
not available in Python bindings

Definition at line 763 of file qgsauthcertutils.cpp.

◆ qtCertToQcaCert()

QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert ( const QSslCertificate &  cert)
static

Convert a QSslCertificate to a QCA::Certificate.

Note
not available in Python bindings

Definition at line 748 of file qgsauthcertutils.cpp.

◆ resolvedCertName()

QString QgsAuthCertUtils::resolvedCertName ( const QSslCertificate &  cert,
bool  issuer = false 
)
static

Gets the general name via RFC 5280 resolution.

Definition at line 615 of file qgsauthcertutils.cpp.

◆ shaHexForCert()

QString QgsAuthCertUtils::shaHexForCert ( const QSslCertificate &  cert,
bool  formatted = false 
)
static

Gets the sha1 hash for certificate.

Parameters
certQt SSL certificate to generate hash from
formattedWhether to colon-delimit the hash

Definition at line 738 of file qgsauthcertutils.cpp.

◆ sslConfigsGroupedByOrg()

QMap< QString, QList< QgsAuthConfigSslServer > > QgsAuthCertUtils::sslConfigsGroupedByOrg ( const QList< QgsAuthConfigSslServer > &  configs)
static

Map SSL custom configs' certificates to their oraganization.

Note
not available in Python bindings

Definition at line 89 of file qgsauthcertutils.cpp.

◆ sslErrorEnumString()

QString QgsAuthCertUtils::sslErrorEnumString ( QSslError::SslError  errenum)
static

Gets short strings describing an SSL error.

Definition at line 1148 of file qgsauthcertutils.cpp.

◆ sslErrorEnumStrings()

QList< QPair< QSslError::SslError, QString > > QgsAuthCertUtils::sslErrorEnumStrings ( )
static

Gets short strings describing SSL errors.

Note
not available in Python bindings

Definition at line 1209 of file qgsauthcertutils.cpp.

◆ validateCertChain()

QList< QSslError > QgsAuthCertUtils::validateCertChain ( const QList< QSslCertificate > &  certificateChain,
const QString &  hostName = QString(),
bool  trustRootCa = false 
)
static

validateCertChain validates the given certificateChain

Parameters
certificateChainlist of certificates to be checked, with leaf first and with optional root CA last
hostName(optional) name of the host to be verified
trustRootCaif true the CA will be added to the trusted CAs for this validation check
Returns
list of QSslError, if the list is empty then the cert chain is valid

Definition at line 1300 of file qgsauthcertutils.cpp.

◆ validatePKIBundle()

QStringList QgsAuthCertUtils::validatePKIBundle ( QgsPkiBundle bundle,
bool  useIntermediates = true,
bool  trustRootCa = false 
)
static

validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA

Parameters
bundle
useIntermediatesif true the intermediate certs are also checked
trustRootCaif true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false) this option is ignored and set to false
Returns
a list of error strings, if the list is empty then the PKI bundle is valid

Definition at line 1350 of file qgsauthcertutils.cpp.


The documentation for this class was generated from the following files: