/** \ingroup core * \brief Utilities for working with certificates and keys */ class QgsAuthCertUtils { %TypeHeaderCode #include %End public: /** Type of CA certificate source */ enum CaCertSource { SystemRoot = 0, FromFile = 1, InDatabase = 2, Connection = 3 }; /** Type of certificate trust policy */ enum CertTrustPolicy { DefaultTrust = 0, Trusted = 1, Untrusted = 2, NoPolicy = 3 }; /** Type of certificate usage */ enum CertUsageType { UndeterminedUsage = 0, AnyOrUnspecifiedUsage, CertAuthorityUsage, CertIssuerUsage, TlsServerUsage, TlsServerEvUsage, TlsClientUsage, CodeSigningUsage, EmailProtectionUsage, TimeStampingUsage, CRLSigningUsage }; /** Type of certificate key group */ enum ConstraintGroup { KeyUsage = 0, ExtendedKeyUsage = 1 }; /** SSL Protocol name strings per enum */ static QString getSslProtocolName( QSsl::SslProtocol protocol ); /** Map certificate sha1 to certificate as simple cache */ static QMap mapDigestToCerts( const QList &certs ); /** Map certificates to their oraganization. * @note not available in Python bindings */ // static QMap< QString, QList > certsGroupedByOrg( QList certs ); /** Map SSL custom configs' certificate sha1 to custom config as simple cache */ static QMap mapDigestToSslConfigs( const QList &configs ); /** Map SSL custom configs' certificates to their oraganization. * @note not available in Python bindings */ // static QMap< QString, QList > sslConfigsGroupedByOrg( const QList &configs ); /** Return list of concatenated certs from a PEM or DER formatted file */ static QList certsFromFile( const QString &certspath ); /** Return first cert from a PEM or DER formatted file */ static QSslCertificate certFromFile( const QString &certpath ); /** Return non-encrypted key from a PEM or DER formatted file * @param keypath File path to private key * @param keypass Passphrase for private key * @param algtype QString to set with resolved algorithm type */ static QSslKey keyFromFile( const QString &keypath, const QString &keypass = QString(), QString *algtype = 0 ); /** Return list of concatenated certs from a PEM Base64 text block */ static QList certsFromString( const QString &pemtext ); /** Return list of certificate, private key and algorithm (as PEM text) from file path components * @param certpath File path to certificate * @param keypath File path to private key * @param keypass Passphrase for private key * @param reencrypt Whether to re-encrypt the private key with the passphrase * @return certificate, private key, key's algorithm type */ static QStringList certKeyBundleToPem( const QString &certpath, const QString &keypath, const QString &keypass = QString(), bool reencrypt = true ); /** Return list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle * @param bundlepath File path to the PKCS bundle * @param bundlepass Passphrase for bundle * @param reencrypt Whether to re-encrypt the private key with the passphrase * @return certificate, private key, key's algorithm type */ static QStringList pkcs12BundleToPem( const QString &bundlepath, const QString &bundlepass = QString(), bool reencrypt = true ); /** Write a temporary file for a PEM text of cert/key/CAs bundle component * @param pemtext Component content as PEM text * @param name Name of file * @return File path to temporary file */ static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext ); /** Get the general name for CA source enum type * @param source The enum source type for the CA * @param single Whether to return singular or plural description */ static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false ); /** Get the general name via RFC 5280 resolution */ static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false ); /** Get combined distinguished name for certificate * @param qcert Qt SSL cert object * @param acert QCA SSL cert object to add more info to the output * @param issuer Whether to return cert's subject or issuer combined name * @note not available in Python bindings */ // static QString getCertDistinguishedName( const QSslCertificate& qcert, // const QCA::Certificate& acert = QCA::Certificate(), // bool issuer = false ); /** Get the general name for certificate trust */ static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust ); /** Get string with colon delimiters every 2 characters */ static QString getColonDelimited( const QString &txt ); /** Get the sha1 hash for certificate * @param cert Qt SSL certificate to generate hash from * @param formatted Whether to colon-delimit the hash */ static QString shaHexForCert( const QSslCertificate &cert , bool formatted = false ); /** Convert a QSslCertificate to a QCA::Certificate. * @note not available in Python bindings */ // static QCA::Certificate qtCertToQcaCert( const QSslCertificate &cert ); /** Convert a QList of QSslCertificate to a QCA::CertificateCollection. * @note not available in Python bindings */ // static QCA::CertificateCollection qtCertsToQcaCollection( const QList &certs ); /** PKI key/cert bundle from file path, e.g. from .p12 or pfx files. * @note not available in Python bindings */ // static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ); /** Certificate validity check messages per enum. * @note not available in Python bindings */ // static QString qcaValidityMessage( QCA::Validity validity ); /** Certificate signature algorithm strings per enum. * @note not available in Python bindings */ // static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ); /** Certificate well-known constraint strings per enum. * @note not available in Python bindings */ // static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ); /** Certificate usage type strings per enum * @note not available in Python bindings */ static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ); /** Try to determine the certificates usage types */ static QList certificateUsageTypes( const QSslCertificate &cert ); /** Get whether a certificate is an Authority */ static bool certificateIsAuthority( const QSslCertificate &cert ); /** Get whether a certificate can sign other certificates */ static bool certificateIsIssuer( const QSslCertificate &cert ); /** Get whether a certificate is an Authority or can at least sign other certificates */ static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert ); /** Get whether a certificate is probably used for a SSL server */ static bool certificateIsSslServer( const QSslCertificate &cert ); /** Get whether a certificate is probably used for a client identity */ static bool certificateIsSslClient( const QSslCertificate &cert ); /** Get short strings describing an SSL error */ static QString sslErrorEnumString( QSslError::SslError errenum ); /** Get short strings describing SSL errors. * @note not available in Python bindings */ // static QList > sslErrorEnumStrings(); };