/************************************************************************
* This file has been generated automatically from *
* *
* src/core/auth/qgsauthcertutils.h *
* *
* Do not edit manually ! Edit header and run scripts/sipify.pl again *
************************************************************************/
class QgsAuthCertUtils
{
%Docstring
Utilities for working with certificates and keys
%End
%TypeHeaderCode
#include "qgsauthcertutils.h"
%End
public:
enum CaCertSource
{
SystemRoot,
FromFile,
InDatabase,
Connection
};
enum CertTrustPolicy
{
DefaultTrust,
Trusted,
Untrusted,
NoPolicy
};
enum CertUsageType
{
UndeterminedUsage,
AnyOrUnspecifiedUsage,
CertAuthorityUsage,
CertIssuerUsage,
TlsServerUsage,
TlsServerEvUsage,
TlsClientUsage,
CodeSigningUsage,
EmailProtectionUsage,
TimeStampingUsage,
CRLSigningUsage
};
enum ConstraintGroup
{
KeyUsage,
ExtendedKeyUsage
};
static QString getSslProtocolName( QSsl::SslProtocol protocol );
%Docstring
SSL Protocol name strings per enum
%End
static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );
%Docstring
Map certificate sha1 to certificate as simple cache
%End
static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );
%Docstring
Map SSL custom configs' certificate sha1 to custom config as simple cache
%End
static QByteArray fileData( const QString &path );
%Docstring
Returns data from a local file via a read-only operation
:param path: Path to file to read
:return: All data contained in file or empty contents if file does not exist
%End
static QList<QSslCertificate> certsFromFile( const QString &certspath );
%Docstring
Returns a list of concatenated certs from a PEM or DER formatted file
%End
static QList<QSslCertificate> casFromFile( const QString &certspath );
%Docstring
Returns a list of concatenated CAs from a PEM or DER formatted file
%End
static QSslCertificate certFromFile( const QString &certpath );
%Docstring
Returns the first cert from a PEM or DER formatted file
%End
static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
const QList<QSslCertificate> &bundle2 );
%Docstring
casMerge merges two certificate bundles in a single one removing duplicates, the certificates
from the ``bundle2`` are appended to ``bundle1`` if not already there
:param bundle1: first bundle
:param bundle2: second bundle
:return: a list of unique certificates
%End
static QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(),
QString *algtype = 0 );
%Docstring
Returns non-encrypted key from a PEM or DER formatted file
:param keypath: File path to private key
:param keypass: Passphrase for private key
:param algtype: QString to set with resolved algorithm type
%End
static QList<QSslCertificate> certsFromString( const QString &pemtext );
%Docstring
Returns a list of concatenated certs from a PEM Base64 text block
%End
static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );
%Docstring
casRemoveSelfSigned remove self-signed CA certificates from ``caList``
:param caList: list of CA certificates
:return: a list of non self-signed certificates
%End
static QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass = QString(),
bool reencrypt = true );
%Docstring
Returns list of certificate, private key and algorithm (as PEM text) from file path components
:param certpath: File path to certificate
:param keypath: File path to private key
:param keypass: Passphrase for private key
:param reencrypt: Whether to re-encrypt the private key with the passphrase
:return: certificate, private key, key's algorithm type
%End
static bool pemIsPkcs8( const QString &keyPemTxt );
%Docstring
Determine if the PEM-encoded text of a key is PKCS#8 format
:param keyPemTxt: PEM-encoded text
:return: ``True`` if PKCS#8, otherwise ``False``
%End
static QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(),
bool reencrypt = true );
%Docstring
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
:param bundlepath: File path to the PKCS bundle
:param bundlepass: Passphrase for bundle
:param reencrypt: Whether to re-encrypt the private key with the passphrase
:return: certificate, private key, key's algorithm type
%End
static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
const QString &bundlepass = QString() );
%Docstring
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
:param bundlepath: File path to the PKCS bundle
:param bundlepass: Passphrase for bundle
:return: list of certificate
%End
static QByteArray certsToPemText( const QList<QSslCertificate> &certs );
%Docstring
certsToPemText dump a list of QSslCertificates to PEM text
:param certs: list of certs
:return: a byte array of concatenated certificates as PEM text
%End
static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );
%Docstring
Write a temporary file for a PEM text of cert/key/CAs bundle component
:param pemtext: Component content as PEM text
:param name: Name of file
:return: File path to temporary file
%End
static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );
%Docstring
Gets the general name for CA source enum type
:param source: The enum source type for the CA
:param single: Whether to return singular or plural description
%End
static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );
%Docstring
Gets the general name via RFC 5280 resolution
%End
static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
%Docstring
Gets the general name for certificate trust
%End
static QString getColonDelimited( const QString &txt );
%Docstring
Gets string with colon delimiters every 2 characters
%End
static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );
%Docstring
Gets the sha1 hash for certificate
:param cert: Qt SSL certificate to generate hash from
:param formatted: Whether to colon-delimit the hash
%End
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );
%Docstring
Try to determine the certificates usage types
%End
static bool certificateIsAuthority( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is an Authority
%End
static bool certificateIsIssuer( const QSslCertificate &cert );
%Docstring
Gets whether a certificate can sign other certificates
%End
static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is an Authority or can at least sign other certificates
%End
static bool certificateIsSslServer( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is probably used for a SSL server
%End
static bool certificateIsSslClient( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is probably used for a client identity
%End
static QString sslErrorEnumString( QSslError::SslError errenum );
%Docstring
Gets short strings describing an SSL error
%End
static bool certIsCurrent( const QSslCertificate &cert );
%Docstring
certIsCurrent checks if ``cert`` is viable for its not before and not after dates
:param cert: certificate to be checked
%End
static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );
%Docstring
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given ``cert``
:param cert: certificate to be checked
:return: list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)
%End
static bool certIsViable( const QSslCertificate &cert );
%Docstring
certIsViable checks for viability errors of ``cert`` and whether it is NULL
:param cert: certificate to be checked
:return: ``False`` if cert is NULL or has viability errors
%End
static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
const QString &hostName = QString(),
bool trustRootCa = false );
%Docstring
validateCertChain validates the given ``certificateChain``
:param certificateChain: list of certificates to be checked, with leaf first and with optional root CA last
:param hostName: (optional) name of the host to be verified
:param trustRootCa: if ``True`` the CA will be added to the trusted CAs for this validation check
:return: list of QSslError, if the list is empty then the cert chain is valid
%End
static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );
%Docstring
validatePKIBundle validate the PKI bundle by checking the certificate chain, the
expiration and effective dates, optionally trusts the root CA
:param bundle:
:param useIntermediates: if ``True`` the intermediate certs are also checked
:param trustRootCa: if ``True`` the CA will be added to the trusted CAs for this validation check (if useIntermediates is ``False``)
this option is ignored and set to ``False``
:return: a list of error strings, if the list is empty then the PKI bundle is valid
%End
};
/************************************************************************
* This file has been generated automatically from *
* *
* src/core/auth/qgsauthcertutils.h *
* *
* Do not edit manually ! Edit header and run scripts/sipify.pl again *
************************************************************************/