2017-05-23 09:55:36 +02:00
|
|
|
/************************************************************************
|
|
|
|
|
* This file has been generated automatically from *
|
|
|
|
|
* *
|
|
|
|
|
* src/core/auth/qgsauthcertutils.h *
|
|
|
|
|
* *
|
|
|
|
|
* Do not edit manually ! Edit header and run scripts/sipify.pl again *
|
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-09-21 06:17:48 -06:00
|
|
|
class QgsAuthCertUtils
|
|
|
|
|
{
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
Utilities for working with certificates and keys
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-21 06:17:48 -06:00
|
|
|
%TypeHeaderCode
|
2017-05-23 09:55:36 +02:00
|
|
|
#include "qgsauthcertutils.h"
|
2015-09-21 06:17:48 -06:00
|
|
|
%End
|
|
|
|
|
public:
|
|
|
|
|
enum CaCertSource
|
|
|
|
|
{
|
2017-05-23 09:55:36 +02:00
|
|
|
SystemRoot,
|
|
|
|
|
FromFile,
|
|
|
|
|
InDatabase,
|
|
|
|
|
Connection
|
2015-09-21 06:17:48 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum CertTrustPolicy
|
|
|
|
|
{
|
2017-05-23 09:55:36 +02:00
|
|
|
DefaultTrust,
|
|
|
|
|
Trusted,
|
|
|
|
|
Untrusted,
|
|
|
|
|
NoPolicy
|
2015-09-21 06:17:48 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum CertUsageType
|
|
|
|
|
{
|
2017-05-23 09:55:36 +02:00
|
|
|
UndeterminedUsage,
|
2015-09-21 06:17:48 -06:00
|
|
|
AnyOrUnspecifiedUsage,
|
|
|
|
|
CertAuthorityUsage,
|
|
|
|
|
CertIssuerUsage,
|
|
|
|
|
TlsServerUsage,
|
|
|
|
|
TlsServerEvUsage,
|
|
|
|
|
TlsClientUsage,
|
|
|
|
|
CodeSigningUsage,
|
|
|
|
|
EmailProtectionUsage,
|
|
|
|
|
TimeStampingUsage,
|
|
|
|
|
CRLSigningUsage
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum ConstraintGroup
|
|
|
|
|
{
|
2017-05-23 09:55:36 +02:00
|
|
|
KeyUsage,
|
|
|
|
|
ExtendedKeyUsage
|
2015-09-21 06:17:48 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QString getSslProtocolName( QSsl::SslProtocol protocol );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
|
|
|
|
SSL Protocol name strings per enum
|
|
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
|
|
|
|
Map certificate sha1 to certificate as simple cache
|
|
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
|
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2017-12-15 10:36:55 -04:00
|
|
|
Map SSL custom configs' certificate sha1 to custom config as simple cache
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
|
|
|
|
|
2017-11-08 12:16:15 +01:00
|
|
|
static QByteArray fileData( const QString &path );
|
2017-10-18 15:09:18 -06:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns data from a local file via a read-only operation
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param path: Path to file to read
|
|
|
|
|
|
|
|
|
|
:return: All data contained in file or empty contents if file does not exist
|
2017-10-18 15:09:18 -06:00
|
|
|
%End
|
|
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QList<QSslCertificate> certsFromFile( const QString &certspath );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns a list of concatenated certs from a PEM or DER formatted file
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-10-13 12:58:08 +02:00
|
|
|
static QList<QSslCertificate> casFromFile( const QString &certspath );
|
|
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns a list of concatenated CAs from a PEM or DER formatted file
|
2017-10-13 12:58:08 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QSslCertificate certFromFile( const QString &certpath );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns the first cert from a PEM or DER formatted file
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-10-13 12:58:08 +02:00
|
|
|
static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
|
|
|
|
|
const QList<QSslCertificate> &bundle2 );
|
|
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
casMerge merges two certificate bundles in a single one removing duplicates, the certificates
|
2017-12-15 10:36:55 -04:00
|
|
|
from the ``bundle2`` are appended to ``bundle1`` if not already there
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param bundle1: first bundle
|
|
|
|
|
:param bundle2: second bundle
|
|
|
|
|
|
|
|
|
|
:return: a list of unique certificates
|
2017-10-13 12:58:08 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QSslKey keyFromFile( const QString &keypath,
|
|
|
|
|
const QString &keypass = QString(),
|
|
|
|
|
QString *algtype = 0 );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns non-encrypted key from a PEM or DER formatted file
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param keypath: File path to private key
|
|
|
|
|
:param keypass: Passphrase for private key
|
|
|
|
|
:param algtype: QString to set with resolved algorithm type
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QList<QSslCertificate> certsFromString( const QString &pemtext );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns a list of concatenated certs from a PEM Base64 text block
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-10-16 10:52:40 +02:00
|
|
|
|
|
|
|
|
static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );
|
|
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
casRemoveSelfSigned remove self-signed CA certificates from ``caList``
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param caList: list of CA certificates
|
|
|
|
|
|
|
|
|
|
:return: a list of non self-signed certificates
|
2017-10-16 10:52:40 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QStringList certKeyBundleToPem( const QString &certpath,
|
|
|
|
|
const QString &keypath,
|
|
|
|
|
const QString &keypass = QString(),
|
|
|
|
|
bool reencrypt = true );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns list of certificate, private key and algorithm (as PEM text) from file path components
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param certpath: File path to certificate
|
|
|
|
|
:param keypath: File path to private key
|
|
|
|
|
:param keypass: Passphrase for private key
|
|
|
|
|
:param reencrypt: Whether to re-encrypt the private key with the passphrase
|
|
|
|
|
|
|
|
|
|
:return: certificate, private key, key's algorithm type
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-10-18 15:09:18 -06:00
|
|
|
static bool pemIsPkcs8( const QString &keyPemTxt );
|
|
|
|
|
%Docstring
|
2017-12-15 10:36:55 -04:00
|
|
|
Determine if the PEM-encoded text of a key is PKCS#8 format
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param keyPemTxt: PEM-encoded text
|
|
|
|
|
|
|
|
|
|
:return: True if PKCS#8, otherwise false
|
2017-10-18 15:09:18 -06:00
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QStringList pkcs12BundleToPem( const QString &bundlepath,
|
|
|
|
|
const QString &bundlepass = QString(),
|
|
|
|
|
bool reencrypt = true );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param bundlepath: File path to the PKCS bundle
|
|
|
|
|
:param bundlepass: Passphrase for bundle
|
|
|
|
|
:param reencrypt: Whether to re-encrypt the private key with the passphrase
|
|
|
|
|
|
|
|
|
|
:return: certificate, private key, key's algorithm type
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-10-13 12:58:08 +02:00
|
|
|
static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
|
|
|
|
|
const QString &bundlepass = QString() );
|
|
|
|
|
%Docstring
|
2018-05-25 13:54:27 +10:00
|
|
|
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param bundlepath: File path to the PKCS bundle
|
|
|
|
|
:param bundlepass: Passphrase for bundle
|
|
|
|
|
|
|
|
|
|
:return: list of certificate
|
2017-10-13 12:58:08 +02:00
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static QByteArray certsToPemText( const QList<QSslCertificate> &certs );
|
|
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
certsToPemText dump a list of QSslCertificates to PEM text
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param certs: list of certs
|
|
|
|
|
|
|
|
|
|
:return: a byte array of concatenated certificates as PEM text
|
2017-10-13 12:58:08 +02:00
|
|
|
%End
|
|
|
|
|
|
2016-01-13 10:46:06 -07:00
|
|
|
static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2017-12-15 10:36:55 -04:00
|
|
|
Write a temporary file for a PEM text of cert/key/CAs bundle component
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param pemtext: Component content as PEM text
|
|
|
|
|
:param name: Name of file
|
|
|
|
|
|
|
|
|
|
:return: File path to temporary file
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-23 09:55:36 +02:00
|
|
|
static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );
|
|
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets the general name for CA source enum type
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param source: The enum source type for the CA
|
|
|
|
|
:param single: Whether to return singular or plural description
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets the general name via RFC 5280 resolution
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets the general name for certificate trust
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static QString getColonDelimited( const QString &txt );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets string with colon delimiters every 2 characters
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );
|
|
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets the sha1 hash for certificate
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param cert: Qt SSL certificate to generate hash from
|
|
|
|
|
:param formatted: Whether to colon-delimit the hash
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
|
|
|
|
Try to determine the certificates usage types
|
|
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static bool certificateIsAuthority( const QSslCertificate &cert );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets whether a certificate is an Authority
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static bool certificateIsIssuer( const QSslCertificate &cert );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets whether a certificate can sign other certificates
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets whether a certificate is an Authority or can at least sign other certificates
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static bool certificateIsSslServer( const QSslCertificate &cert );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets whether a certificate is probably used for a SSL server
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-05-01 18:13:15 +02:00
|
|
|
static bool certificateIsSslClient( const QSslCertificate &cert );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets whether a certificate is probably used for a client identity
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2015-09-22 07:05:06 -06:00
|
|
|
static QString sslErrorEnumString( QSslError::SslError errenum );
|
2017-05-23 09:55:36 +02:00
|
|
|
%Docstring
|
2018-05-26 18:44:30 +10:00
|
|
|
Gets short strings describing an SSL error
|
2017-05-23 09:55:36 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-21 06:17:48 -06:00
|
|
|
|
2017-10-27 04:47:27 -06:00
|
|
|
static bool certIsCurrent( const QSslCertificate &cert );
|
|
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
certIsCurrent checks if ``cert`` is viable for its not before and not after dates
|
2017-12-15 10:36:55 -04:00
|
|
|
|
2017-12-15 21:36:08 -04:00
|
|
|
:param cert: certificate to be checked
|
2017-10-27 04:47:27 -06:00
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );
|
|
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given ``cert``
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param cert: certificate to be checked
|
|
|
|
|
|
|
|
|
|
:return: list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)
|
2017-10-27 04:47:27 -06:00
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
static bool certIsViable( const QSslCertificate &cert );
|
|
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
certIsViable checks for viability errors of ``cert`` and whether it is NULL
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param cert: certificate to be checked
|
|
|
|
|
|
|
|
|
|
:return: false if cert is NULL or has viability errors
|
2017-10-27 04:47:27 -06:00
|
|
|
%End
|
|
|
|
|
|
2017-10-26 14:28:31 +02:00
|
|
|
static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
|
|
|
|
|
const QString &hostName = QString(),
|
2018-01-16 11:41:23 -04:00
|
|
|
bool trustRootCa = false );
|
2017-10-25 12:45:18 +02:00
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
validateCertChain validates the given ``certificateChain``
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param certificateChain: list of certificates to be checked, with leaf first and with optional root CA last
|
|
|
|
|
:param hostName: (optional) name of the host to be verified
|
|
|
|
|
:param trustRootCa: if true the CA will be added to the trusted CAs for this validation check
|
|
|
|
|
|
|
|
|
|
:return: list of QSslError, if the list is empty then the cert chain is valid
|
2017-10-25 12:45:18 +02:00
|
|
|
%End
|
|
|
|
|
|
2017-10-26 14:28:31 +02:00
|
|
|
static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );
|
2017-10-26 08:46:45 +02:00
|
|
|
%Docstring
|
2018-05-26 14:10:30 +10:00
|
|
|
validatePKIBundle validate the PKI bundle by checking the certificate chain, the
|
2017-12-15 10:36:55 -04:00
|
|
|
expiration and effective dates, optionally trusts the root CA
|
2017-12-15 21:36:08 -04:00
|
|
|
|
2017-12-15 10:36:55 -04:00
|
|
|
:param bundle:
|
|
|
|
|
:param useIntermediates: if true the intermediate certs are also checked
|
|
|
|
|
:param trustRootCa: if true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false)
|
2018-05-24 21:21:14 +10:00
|
|
|
this option is ignored and set to false
|
2017-12-15 10:36:55 -04:00
|
|
|
|
|
|
|
|
:return: a list of error strings, if the list is empty then the PKI bundle is valid
|
2017-10-26 08:46:45 +02:00
|
|
|
%End
|
|
|
|
|
|
2015-09-21 06:17:48 -06:00
|
|
|
};
|
2017-05-23 09:55:36 +02:00
|
|
|
|
|
|
|
|
/************************************************************************
|
|
|
|
|
* This file has been generated automatically from *
|
|
|
|
|
* *
|
|
|
|
|
* src/core/auth/qgsauthcertutils.h *
|
|
|
|
|
* *
|
|
|
|
|
* Do not edit manually ! Edit header and run scripts/sipify.pl again *
|
|
|
|
|
************************************************************************/
|
