QGIS API Documentation 3.37.0-Master (fdefdf9c27f)
qgsauthcertutils.h
Go to the documentation of this file.
1/***************************************************************************
2 qgsauthcertutils.h
3 ---------------------
4 begin : May 1, 2015
5 copyright : (C) 2015 by Boundless Spatial, Inc. USA
6 author : Larry Shaffer
7 email : lshaffer at boundlessgeo dot com
8 ***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16
17
18#ifndef QGSAUTHCERTUTILS_H
19#define QGSAUTHCERTUTILS_H
20
21#include <QFile>
22#include "qgis_sip.h"
23#include <QtCrypto>
24#include <QSslCertificate>
25#include <QSslError>
26
27#include "qgsauthconfig.h"
28#include "qgis_core.h"
29
31
32#define SSL_ISSUER_INFO( var, prop ) var.issuerInfo( prop ).value(0)
33
34#define SSL_SUBJECT_INFO( var, prop ) var.subjectInfo( prop ).value(0)
35
40class CORE_EXPORT QgsAuthCertUtils
41{
42 public:
45 {
46 SystemRoot = 0,
47 FromFile = 1,
48 InDatabase = 2,
49 Connection = 3
50 };
51
54 {
55 DefaultTrust = 0,
56 Trusted = 1,
57 Untrusted = 2,
58 NoPolicy = 3
59 };
60
63 {
64 UndeterminedUsage = 0,
74 CRLSigningUsage
75 };
76
79 {
80 KeyUsage = 0,
81 ExtendedKeyUsage = 1
82 };
83
84
86 static QString getSslProtocolName( QSsl::SslProtocol protocol );
87
89 static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );
90
95 static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( const QList<QSslCertificate> &certs ) SIP_SKIP;
96
100 static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );
101
106 static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( const QList<QgsAuthConfigSslServer> &configs ) SIP_SKIP;
107
113 static QByteArray fileData( const QString &path );
114
116 static QList<QSslCertificate> certsFromFile( const QString &certspath );
117
119 static QList<QSslCertificate> casFromFile( const QString &certspath );
120
122 static QSslCertificate certFromFile( const QString &certpath );
123
131 static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
132 const QList<QSslCertificate> &bundle2 );
133
140 static QSslKey keyFromFile( const QString &keypath,
141 const QString &keypass = QString(),
142 QString *algtype = nullptr );
143
145 static QList<QSslCertificate> certsFromString( const QString &pemtext );
146
147
153 static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );
154
163 static QStringList certKeyBundleToPem( const QString &certpath,
164 const QString &keypath,
165 const QString &keypass = QString(),
166 bool reencrypt = true );
167
173 static bool pemIsPkcs8( const QString &keyPemTxt );
174
175#ifdef Q_OS_MAC
176
190 static QByteArray pkcs8PrivateKey( QByteArray &pkcs8Der ) SIP_SKIP;
191#endif
192
200 static QStringList pkcs12BundleToPem( const QString &bundlepath,
201 const QString &bundlepass = QString(),
202 bool reencrypt = true );
203
210 static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
211 const QString &bundlepass = QString() );
212
213
219 static QByteArray certsToPemText( const QList<QSslCertificate> &certs );
220
227 static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );
228
234 static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );
235
237 static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );
238
246 static QString getCertDistinguishedName( const QSslCertificate &qcert,
247 const QCA::Certificate &acert = QCA::Certificate(),
248 bool issuer = false ) SIP_SKIP;
249
251 static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
252
254 static QString getColonDelimited( const QString &txt );
255
261 static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );
262
267 static QCA::Certificate qtCertToQcaCert( const QSslCertificate &cert ) SIP_SKIP;
268
273 static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate> &certs ) SIP_SKIP;
274
279 static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ) SIP_SKIP;
280
285 static QString qcaValidityMessage( QCA::Validity validity ) SIP_SKIP;
286
291 static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ) SIP_SKIP;
292
297 static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ) SIP_SKIP;
298
303 static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ) SIP_SKIP;
304
306 static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );
307
309 static bool certificateIsAuthority( const QSslCertificate &cert );
310
312 static bool certificateIsIssuer( const QSslCertificate &cert );
313
315 static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );
316
318 static bool certificateIsSslServer( const QSslCertificate &cert );
319
321 static bool certificateIsSslClient( const QSslCertificate &cert );
322
324 static QString sslErrorEnumString( QSslError::SslError errenum );
325
330 static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings() SIP_SKIP;
331
336 static bool certIsCurrent( const QSslCertificate &cert );
337
343 static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );
344
350 static bool certIsViable( const QSslCertificate &cert );
351
359 static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
360 const QString &hostName = QString(),
361 bool trustRootCa = false ) ;
362
372 static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );
373
374 private:
375 static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value );
376
377 static QSsl::EncodingFormat sniffEncoding( const QByteArray &payload );
378};
379
380#endif // QGSAUTHCERTUTILS_H
Utilities for working with certificates and keys.
CertTrustPolicy
Type of certificate trust policy.
ConstraintGroup
Type of certificate key group.
CertUsageType
Type of certificate usage.
CaCertSource
Type of CA certificate source.
Configuration container for SSL server connection exceptions or overrides.
Storage set for PKI bundle: SSL certificate, key, optional CA cert chain.
As part of the API refactoring and improvements which landed in the Processing API was substantially reworked from the x version This was done in order to allow much of the underlying Processing framework to be ported into allowing algorithms to be written in pure substantial changes are required in order to port existing x Processing algorithms for QGIS x The most significant changes are outlined not GeoAlgorithm For algorithms which operate on features one by consider subclassing the QgsProcessingFeatureBasedAlgorithm class This class allows much of the boilerplate code for looping over features from a vector layer to be bypassed and instead requires implementation of a processFeature method Ensure that your algorithm(or algorithm 's parent class) implements the new pure virtual createInstance(self) call
#define SIP_SKIP
Definition: qgis_sip.h:126
QLineF segment(int index, QRectF rect, double radius)