Class: QgsAuthCertUtils¶
- class qgis.core.QgsAuthCertUtils¶
Bases:
sip.wrapper
Utilities for working with certificates and keys
Methods
Returns a list of concatenated CAs from a PEM or DER formatted file
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already therecasRemoveSelfSigned remove self-signed CA certificates from
caList
Returns the first cert from a PEM or DER formatted file
certIsCurrent checks if
cert
is viable for its not before and not after datescertIsViable checks for viability errors of
cert
and whether it is NULLReturns list of certificate, private key and algorithm (as PEM text) from file path components
certViabilityErrors checks basic characteristics (validity dates, blocklisting, etc.) of given
cert
Gets whether a certificate is an Authority
Gets whether a certificate is an Authority or can at least sign other certificates
Gets whether a certificate can sign other certificates
Gets whether a certificate is probably used for a client identity
Gets whether a certificate is probably used for a SSL server
Try to determine the certificates usage types
Returns a list of concatenated certs from a PEM or DER formatted file
Returns a list of concatenated certs from a PEM Base64 text block
certsToPemText dump a list of QSslCertificates to PEM text
Returns data from a local file via a read-only operation
Gets the general name for CA source enum type
Gets the general name for certificate trust
Gets string with colon delimiters every 2 characters
SSL Protocol name strings per enum
Returns non-encrypted key from a PEM or DER formatted file
Map certificate sha1 to certificate as simple cache
Map SSL custom configs' certificate sha1 to custom config as simple cache
Determine if the PEM-encoded text of a key is PKCS#8 format
Write a temporary file for a PEM text of cert/key/CAs bundle component
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
Gets the general name via RFC 5280 resolution
Gets the sha1 hash for certificate
Gets short strings describing an SSL error
validateCertChain validates the given
certificateChain
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
Attributes
- AnyOrUnspecifiedUsage = 1¶
- CRLSigningUsage = 10¶
- class CaCertSource¶
Bases:
int
- CertAuthorityUsage = 2¶
- CertIssuerUsage = 3¶
- class CertTrustPolicy¶
Bases:
int
- class CertUsageType¶
Bases:
int
- CodeSigningUsage = 7¶
- Connection = 3¶
- class ConstraintGroup¶
Bases:
int
- DefaultTrust = 0¶
- EmailProtectionUsage = 8¶
- ExtendedKeyUsage = 1¶
- FromFile = 1¶
- InDatabase = 2¶
- KeyUsage = 0¶
- NoPolicy = 3¶
- SystemRoot = 0¶
- TimeStampingUsage = 9¶
- TlsClientUsage = 6¶
- TlsServerEvUsage = 5¶
- TlsServerUsage = 4¶
- Trusted = 1¶
- UndeterminedUsage = 0¶
- Untrusted = 2¶
- casFromFile(certspath: str) List[QSslCertificate] ¶
Returns a list of concatenated CAs from a PEM or DER formatted file
- Parameters:
certspath (str) –
- Return type:
List[QSslCertificate]
- casMerge(bundle1: Iterable[QSslCertificate], bundle2: Iterable[QSslCertificate]) List[QSslCertificate] ¶
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already there- Parameters:
bundle1 (Iterable[QSslCertificate]) – first bundle
bundle2 (Iterable[QSslCertificate]) – second bundle
- Return type:
List[QSslCertificate]
- Returns:
a list of unique certificates
- casRemoveSelfSigned(caList: Iterable[QSslCertificate]) List[QSslCertificate] ¶
casRemoveSelfSigned remove self-signed CA certificates from
caList
- Parameters:
caList (Iterable[QSslCertificate]) – list of CA certificates
- Return type:
List[QSslCertificate]
- Returns:
a list of non self-signed certificates
- certFromFile(certpath: str) QSslCertificate ¶
Returns the first cert from a PEM or DER formatted file
- Parameters:
certpath (str) –
- Return type:
QSslCertificate
- certIsCurrent(cert: QSslCertificate) bool ¶
certIsCurrent checks if
cert
is viable for its not before and not after dates- Parameters:
cert (QSslCertificate) – certificate to be checked
- Return type:
bool
- certIsViable(cert: QSslCertificate) bool ¶
certIsViable checks for viability errors of
cert
and whether it is NULL- Parameters:
cert (QSslCertificate) – certificate to be checked
- Return type:
bool
- Returns:
False
if cert is NULL or has viability errors
- certKeyBundleToPem(certpath: str, keypath: str, keypass: str = '', reencrypt: bool = True) List[str] ¶
Returns list of certificate, private key and algorithm (as PEM text) from file path components
- Parameters:
certpath (str) – File path to certificate
keypath (str) – File path to private key
keypass (str = '') – Passphrase for private key
reencrypt (bool = True) – Whether to re-encrypt the private key with the passphrase
- Return type:
List[str]
- Returns:
certificate, private key, key’s algorithm type
- certViabilityErrors(cert: QSslCertificate) List[QSslError] ¶
certViabilityErrors checks basic characteristics (validity dates, blocklisting, etc.) of given
cert
- Parameters:
cert (QSslCertificate) – certificate to be checked
- Return type:
List[QSslError]
- Returns:
list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)
- certificateIsAuthority(cert: QSslCertificate) bool ¶
Gets whether a certificate is an Authority
- Parameters:
cert (QSslCertificate) –
- Return type:
bool
- certificateIsAuthorityOrIssuer(cert: QSslCertificate) bool ¶
Gets whether a certificate is an Authority or can at least sign other certificates
- Parameters:
cert (QSslCertificate) –
- Return type:
bool
- certificateIsIssuer(cert: QSslCertificate) bool ¶
Gets whether a certificate can sign other certificates
- Parameters:
cert (QSslCertificate) –
- Return type:
bool
- certificateIsSslClient(cert: QSslCertificate) bool ¶
Gets whether a certificate is probably used for a client identity
- Parameters:
cert (QSslCertificate) –
- Return type:
bool
- certificateIsSslServer(cert: QSslCertificate) bool ¶
Gets whether a certificate is probably used for a SSL server
- Parameters:
cert (QSslCertificate) –
- Return type:
bool
- certificateUsageTypes(cert: QSslCertificate) List[QgsAuthCertUtils.CertUsageType] ¶
Try to determine the certificates usage types
- Parameters:
cert (QSslCertificate) –
- Return type:
- certsFromFile(certspath: str) List[QSslCertificate] ¶
Returns a list of concatenated certs from a PEM or DER formatted file
- Parameters:
certspath (str) –
- Return type:
List[QSslCertificate]
- certsFromString(pemtext: str) List[QSslCertificate] ¶
Returns a list of concatenated certs from a PEM Base64 text block
- Parameters:
pemtext (str) –
- Return type:
List[QSslCertificate]
- certsToPemText(certs: Iterable[QSslCertificate]) QByteArray ¶
certsToPemText dump a list of QSslCertificates to PEM text
- Parameters:
certs (Iterable[QSslCertificate]) – list of certs
- Return type:
QByteArray
- Returns:
a byte array of concatenated certificates as PEM text
- fileData(path: str) QByteArray ¶
Returns data from a local file via a read-only operation
- Parameters:
path (str) – Path to file to read
- Return type:
QByteArray
- Returns:
All data contained in file or empty contents if file does not exist
- getCaSourceName(source: QgsAuthCertUtils.CaCertSource, single: bool = False) str ¶
Gets the general name for CA source enum type
- Parameters:
source (QgsAuthCertUtils.CaCertSource) – The enum source type for the CA
single (bool = False) – Whether to return singular or plural description
- Return type:
str
- getCertTrustName(trust: QgsAuthCertUtils.CertTrustPolicy) str ¶
Gets the general name for certificate trust
- Parameters:
trust (QgsAuthCertUtils.CertTrustPolicy) –
- Return type:
str
- getColonDelimited(txt: str) str ¶
Gets string with colon delimiters every 2 characters
- Parameters:
txt (str) –
- Return type:
str
- getSslProtocolName(protocol: QSsl.SslProtocol) str ¶
SSL Protocol name strings per enum
- Parameters:
protocol (QSsl.SslProtocol) –
- Return type:
str
- keyFromFile(keypath: str, keypass: str = '', algtype: str = '') QSslKey ¶
Returns non-encrypted key from a PEM or DER formatted file
- Parameters:
keypath (str) – File path to private key
keypass (str = '') – Passphrase for private key
algtype (str = '') – QString to set with resolved algorithm type
- Return type:
QSslKey
- mapDigestToCerts(certs: Iterable[QSslCertificate]) Dict[str, QSslCertificate] ¶
Map certificate sha1 to certificate as simple cache
- Parameters:
certs (Iterable[QSslCertificate]) –
- Return type:
Dict[str, QSslCertificate]
- mapDigestToSslConfigs(configs: Iterable[QgsAuthConfigSslServer]) Dict[str, QgsAuthConfigSslServer] ¶
Map SSL custom configs’ certificate sha1 to custom config as simple cache
- Parameters:
configs (Iterable[QgsAuthConfigSslServer]) –
- Return type:
Dict[str, QgsAuthConfigSslServer]
- pemIsPkcs8(keyPemTxt: str) bool ¶
Determine if the PEM-encoded text of a key is PKCS#8 format
- Parameters:
keyPemTxt (str) – PEM-encoded text
- Return type:
bool
- Returns:
True
if PKCS#8, otherwiseFalse
- pemTextToTempFile(name: str, pemtext: QByteArray | bytes | bytearray) str ¶
Write a temporary file for a PEM text of cert/key/CAs bundle component
- Parameters:
pemtext (Union[QByteArray) – Component content as PEM text
name (str) – Name of file
- Return type:
str
- Returns:
File path to temporary file
- pkcs12BundleCas(bundlepath: str, bundlepass: str = '') List[QSslCertificate] ¶
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
- Parameters:
bundlepath (str) – File path to the PKCS bundle
bundlepass (str = '') – Passphrase for bundle
- Return type:
List[QSslCertificate]
- Returns:
list of certificate
- pkcs12BundleToPem(bundlepath: str, bundlepass: str = '', reencrypt: bool = True) List[str] ¶
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
- Parameters:
bundlepath (str) – File path to the PKCS bundle
bundlepass (str = '') – Passphrase for bundle
reencrypt (bool = True) – Whether to re-encrypt the private key with the passphrase
- Return type:
List[str]
- Returns:
certificate, private key, key’s algorithm type
- resolvedCertName(cert: QSslCertificate, issuer: bool = False) str ¶
Gets the general name via RFC 5280 resolution
- Parameters:
cert (QSslCertificate) –
issuer (bool = False) –
- Return type:
str
- shaHexForCert(cert: QSslCertificate, formatted: bool = False) str ¶
Gets the sha1 hash for certificate
- Parameters:
cert (QSslCertificate) – Qt SSL certificate to generate hash from
formatted (bool = False) – Whether to colon-delimit the hash
- Return type:
str
- sslErrorEnumString(errenum: QSslError.SslError) str ¶
Gets short strings describing an SSL error
- Parameters:
errenum (QSslError.SslError) –
- Return type:
str
- validateCertChain(certificateChain: Iterable[QSslCertificate], hostName: str = '', trustRootCa: bool = False) List[QSslError] ¶
validateCertChain validates the given
certificateChain
- Parameters:
certificateChain (Iterable[QSslCertificate]) – list of certificates to be checked, with leaf first and with optional root CA last
hostName (str = '') – (optional) name of the host to be verified
trustRootCa (bool = False) – if
True
the CA will be added to the trusted CAs for this validation check
- Return type:
List[QSslError]
- Returns:
list of QSslError, if the list is empty then the cert chain is valid
- validatePKIBundle(bundle: QgsPkiBundle, useIntermediates: bool = True, trustRootCa: bool = False) List[str] ¶
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
- Parameters:
bundle (QgsPkiBundle) –
useIntermediates (bool = True) – if
True
the intermediate certs are also checkedtrustRootCa (bool = False) – if
True
the CA will be added to the trusted CAs for this validation check (if useIntermediates isFalse
) this option is ignored and set toFalse
- Return type:
List[str]
- Returns:
a list of error strings, if the list is empty then the PKI bundle is valid