Class: QgsAuthCertUtils¶
-
class
qgis.core.
QgsAuthCertUtils
¶ Bases:
sip.wrapper
Utilities for working with certificates and keys
Enums
Methods
Returns a list of concatenated CAs from a PEM or DER formatted file
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already therecasRemoveSelfSigned remove self-signed CA certificates from
caList
Returns the first cert from a PEM or DER formatted file
certIsCurrent checks if
cert
is viable for its not before and not after datescertIsViable checks for viability errors of
cert
and whether it is NULLReturns list of certificate, private key and algorithm (as PEM text) from file path components
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given
cert
Gets whether a certificate is an Authority
Gets whether a certificate is an Authority or can at least sign other certificates
Gets whether a certificate can sign other certificates
Gets whether a certificate is probably used for a client identity
Gets whether a certificate is probably used for a SSL server
Try to determine the certificates usage types
Returns a list of concatenated certs from a PEM or DER formatted file
Returns a list of concatenated certs from a PEM Base64 text block
certsToPemText dump a list of QSslCertificates to PEM text
Returns data from a local file via a read-only operation
Gets the general name for CA source enum type
Gets the general name for certificate trust
Gets string with colon delimiters every 2 characters
SSL Protocol name strings per enum
Returns non-encrypted key from a PEM or DER formatted file
Map certificate sha1 to certificate as simple cache
Map SSL custom configs’ certificate sha1 to custom config as simple cache
Determine if the PEM-encoded text of a key is PKCS#8 format
Write a temporary file for a PEM text of cert/key/CAs bundle component
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
Gets the general name via RFC 5280 resolution
Gets the sha1 hash for certificate
Gets short strings describing an SSL error
validateCertChain validates the given
certificateChain
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
Signals
Attributes
-
AnyOrUnspecifiedUsage
= 1¶
-
CRLSigningUsage
= 10¶
-
class
CaCertSource
¶ Bases:
int
-
CertAuthorityUsage
= 2¶
-
CertIssuerUsage
= 3¶
-
class
CertTrustPolicy
¶ Bases:
int
-
class
CertUsageType
¶ Bases:
int
-
CodeSigningUsage
= 7¶
-
Connection
= 3¶
-
class
ConstraintGroup
¶ Bases:
int
-
DefaultTrust
= 0¶
-
EmailProtectionUsage
= 8¶
-
ExtendedKeyUsage
= 1¶
-
FromFile
= 1¶
-
InDatabase
= 2¶
-
KeyUsage
= 0¶
-
NoPolicy
= 3¶
-
SystemRoot
= 0¶
-
TimeStampingUsage
= 9¶
-
TlsClientUsage
= 6¶
-
TlsServerEvUsage
= 5¶
-
TlsServerUsage
= 4¶
-
Trusted
= 1¶
-
UndeterminedUsage
= 0¶
-
Untrusted
= 2¶
-
casFromFile
(certspath: str) → List[QSslCertificate]¶ Returns a list of concatenated CAs from a PEM or DER formatted file
-
casMerge
(bundle1: Iterable[QSslCertificate], bundle2: Iterable[QSslCertificate]) → List[QSslCertificate]¶ casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already there- Parameters
bundle1 – first bundle
bundle2 – second bundle
- Returns
a list of unique certificates
-
casRemoveSelfSigned
(caList: Iterable[QSslCertificate]) → List[QSslCertificate]¶ casRemoveSelfSigned remove self-signed CA certificates from
caList
- Parameters
caList – list of CA certificates
- Returns
a list of non self-signed certificates
-
certFromFile
(certpath: str) → QSslCertificate¶ Returns the first cert from a PEM or DER formatted file
-
certIsCurrent
(cert: QSslCertificate) → bool¶ certIsCurrent checks if
cert
is viable for its not before and not after dates- Parameters
cert – certificate to be checked
-
certIsViable
(cert: QSslCertificate) → bool¶ certIsViable checks for viability errors of
cert
and whether it is NULL- Parameters
cert – certificate to be checked
- Returns
false if cert is NULL or has viability errors
-
certKeyBundleToPem
(certpath: str, keypath: str, keypass: str = '', reencrypt: bool = True) → List[str]¶ Returns list of certificate, private key and algorithm (as PEM text) from file path components
- Parameters
certpath – File path to certificate
keypath – File path to private key
keypass – Passphrase for private key
reencrypt – Whether to re-encrypt the private key with the passphrase
- Returns
certificate, private key, key’s algorithm type
-
certViabilityErrors
(cert: QSslCertificate) → List[QSslError]¶ certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given
cert
- Parameters
cert – certificate to be checked
- Returns
list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)
-
certificateIsAuthority
(cert: QSslCertificate) → bool¶ Gets whether a certificate is an Authority
-
certificateIsAuthorityOrIssuer
(cert: QSslCertificate) → bool¶ Gets whether a certificate is an Authority or can at least sign other certificates
-
certificateIsIssuer
(cert: QSslCertificate) → bool¶ Gets whether a certificate can sign other certificates
-
certificateIsSslClient
(cert: QSslCertificate) → bool¶ Gets whether a certificate is probably used for a client identity
-
certificateIsSslServer
(cert: QSslCertificate) → bool¶ Gets whether a certificate is probably used for a SSL server
-
certificateUsageTypes
(cert: QSslCertificate) → object¶ Try to determine the certificates usage types
-
certsFromFile
(certspath: str) → List[QSslCertificate]¶ Returns a list of concatenated certs from a PEM or DER formatted file
-
certsFromString
(pemtext: str) → List[QSslCertificate]¶ Returns a list of concatenated certs from a PEM Base64 text block
-
certsToPemText
(certs: Iterable[QSslCertificate]) → QByteArray¶ certsToPemText dump a list of QSslCertificates to PEM text
- Parameters
certs – list of certs
- Returns
a byte array of concatenated certificates as PEM text
-
fileData
(path: str) → QByteArray¶ Returns data from a local file via a read-only operation
- Parameters
path – Path to file to read
- Returns
All data contained in file or empty contents if file does not exist
-
getCaSourceName
(source: QgsAuthCertUtils.CaCertSource, single: bool = False) → str¶ Gets the general name for CA source enum type
- Parameters
source – The enum source type for the CA
single – Whether to return singular or plural description
-
getCertTrustName
(trust: QgsAuthCertUtils.CertTrustPolicy) → str¶ Gets the general name for certificate trust
-
getColonDelimited
(txt: str) → str¶ Gets string with colon delimiters every 2 characters
-
getSslProtocolName
(protocol: QSsl.SslProtocol) → str¶ SSL Protocol name strings per enum
-
keyFromFile
(keypath: str, keypass: str = '', algtype: str = '') → QSslKey¶ Returns non-encrypted key from a PEM or DER formatted file
- Parameters
keypath – File path to private key
keypass – Passphrase for private key
algtype – QString to set with resolved algorithm type
-
mapDigestToCerts
(certs: Iterable[QSslCertificate]) → object¶ Map certificate sha1 to certificate as simple cache
-
mapDigestToSslConfigs
(configs: object) → object¶ Map SSL custom configs’ certificate sha1 to custom config as simple cache
-
pemIsPkcs8
(keyPemTxt: str) → bool¶ Determine if the PEM-encoded text of a key is PKCS#8 format
- Parameters
keyPemTxt – PEM-encoded text
- Returns
True if PKCS#8, otherwise false
-
pemTextToTempFile
(name: str, pemtext: Union[QByteArray, bytes, bytearray]) → str¶ Write a temporary file for a PEM text of cert/key/CAs bundle component
- Parameters
pemtext – Component content as PEM text
name – Name of file
- Returns
File path to temporary file
-
pkcs12BundleCas
(bundlepath: str, bundlepass: str = '') → List[QSslCertificate]¶ Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
- Parameters
bundlepath – File path to the PKCS bundle
bundlepass – Passphrase for bundle
- Returns
list of certificate
-
pkcs12BundleToPem
(bundlepath: str, bundlepass: str = '', reencrypt: bool = True) → List[str]¶ Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
- Parameters
bundlepath – File path to the PKCS bundle
bundlepass – Passphrase for bundle
reencrypt – Whether to re-encrypt the private key with the passphrase
- Returns
certificate, private key, key’s algorithm type
-
resolvedCertName
(cert: QSslCertificate, issuer: bool = False) → str¶ Gets the general name via RFC 5280 resolution
-
shaHexForCert
(cert: QSslCertificate, formatted: bool = False) → str¶ Gets the sha1 hash for certificate
- Parameters
cert – Qt SSL certificate to generate hash from
formatted – Whether to colon-delimit the hash
-
sslErrorEnumString
(errenum: QSslError.SslError) → str¶ Gets short strings describing an SSL error
-
validateCertChain
(certificateChain: Iterable[QSslCertificate], hostName: str = '', trustRootCa: bool = False) → List[QSslError]¶ validateCertChain validates the given
certificateChain
- Parameters
certificateChain – list of certificates to be checked, with leaf first and with optional root CA last
hostName – (optional) name of the host to be verified
trustRootCa – if true the CA will be added to the trusted CAs for this validation check
- Returns
list of QSslError, if the list is empty then the cert chain is valid
-
validatePKIBundle
(bundle: QgsPkiBundle, useIntermediates: bool = True, trustRootCa: bool = False) → List[str]¶ validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
- Parameters
bundle –
useIntermediates – if true the intermediate certs are also checked
trustRootCa – if true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false) this option is ignored and set to false
- Returns
a list of error strings, if the list is empty then the PKI bundle is valid
-