QgsAuthCertUtils class
Utilities for working with certificates and keys.
Contents
- Reference
Public types
- enum CaCertSource { SystemRoot = 0, FromFile = 1, InDatabase = 2, Connection = 3 }
- Type of CA certificate source.
- enum CertTrustPolicy { DefaultTrust = 0, Trusted = 1, Untrusted = 2, NoPolicy = 3 }
- Type of certificate trust policy.
- enum CertUsageType { UndeterminedUsage = 0, AnyOrUnspecifiedUsage, CertAuthorityUsage, CertIssuerUsage, TlsServerUsage, TlsServerEvUsage, TlsClientUsage, CodeSigningUsage, EmailProtectionUsage, TimeStampingUsage, CRLSigningUsage }
- Type of certificate usage.
- enum ConstraintGroup { KeyUsage = 0, ExtendedKeyUsage = 1 }
- Type of certificate key group.
Public static functions
- static auto casFromFile(const QString& certspath) -> QList<QSslCertificate>
- Returns a list of concatenated CAs from a PEM or DER formatted file.
- static auto casMerge(const QList<QSslCertificate>& bundle1, const QList<QSslCertificate>& bundle2) -> QList<QSslCertificate>
- casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there
- static auto casRemoveSelfSigned(const QList<QSslCertificate>& caList) -> QList<QSslCertificate>
- casRemoveSelfSigned remove self-signed CA certificates from caList
- static auto certFromFile(const QString& certpath) -> QSslCertificate
- Returns the first cert from a PEM or DER formatted file.
- static auto certificateIsAuthority(const QSslCertificate& cert) -> bool
- Gets whether a certificate is an Authority.
- static auto certificateIsAuthorityOrIssuer(const QSslCertificate& cert) -> bool
- Gets whether a certificate is an Authority or can at least sign other certificates.
- static auto certificateIsIssuer(const QSslCertificate& cert) -> bool
- Gets whether a certificate can sign other certificates.
- static auto certificateIsSslClient(const QSslCertificate& cert) -> bool
- Gets whether a certificate is probably used for a client identity.
- static auto certificateIsSslServer(const QSslCertificate& cert) -> bool
- Gets whether a certificate is probably used for a SSL server.
-
static auto certificateUsageTypes(const QSslCertificate& cert) -> QList<QgsAuthCertUtils::
CertUsageType> - Try to determine the certificates usage types.
-
static auto certificateUsageTypeString(QgsAuthCertUtils::
CertUsageType usagetype) -> QString - Certificate usage type strings per enum.
- static auto certIsCurrent(const QSslCertificate& cert) -> bool
- certIsCurrent checks if cert is viable for its not before and not after dates
- static auto certIsViable(const QSslCertificate& cert) -> bool
- certIsViable checks for viability errors of cert and whether it is NULL
- static auto certKeyBundleToPem(const QString& certpath, const QString& keypath, const QString& keypass = QString(), bool reencrypt = true) -> QStringList
- Returns list of certificate, private key and algorithm (as PEM text) from file path components.
- static auto certsFromFile(const QString& certspath) -> QList<QSslCertificate>
- Returns a list of concatenated certs from a PEM or DER formatted file.
- static auto certsFromString(const QString& pemtext) -> QList<QSslCertificate>
- Returns a list of concatenated certs from a PEM Base64 text block.
- static auto certsGroupedByOrg(const QList<QSslCertificate>& certs) -> QMap<QString, QList<QSslCertificate>>
- Map certificates to their oraganization.
- static auto certsToPemText(const QList<QSslCertificate>& certs) -> QByteArray
- certsToPemText dump a list of QSslCertificates to PEM text
- static auto certViabilityErrors(const QSslCertificate& cert) -> QList<QSslError>
- certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert
- static auto fileData(const QString& path) -> QByteArray
- Returns data from a local file via a read-only operation.
-
static auto getCaSourceName(QgsAuthCertUtils::
CaCertSource source, bool single = false) -> QString - Gets the general name for CA source enum type.
- static auto getCertDistinguishedName(const QSslCertificate& qcert, const QCA::Certificate& acert = QCA::Certificate(), bool issuer = false) -> QString
- Gets combined distinguished name for certificate.
-
static auto getCertTrustName(QgsAuthCertUtils::
CertTrustPolicy trust) -> QString - Gets the general name for certificate trust.
- static auto getColonDelimited(const QString& txt) -> QString
- Gets string with colon delimiters every 2 characters.
- static auto getSslProtocolName(QSsl::SslProtocol protocol) -> QString
- SSL Protocol name strings per enum.
- static auto keyFromFile(const QString& keypath, const QString& keypass = QString(), QString* algtype = nullptr) -> QSslKey
- Returns non-encrypted key from a PEM or DER formatted file.
- static auto mapDigestToCerts(const QList<QSslCertificate>& certs) -> QMap<QString, QSslCertificate>
- Map certificate sha1 to certificate as simple cache.
- static auto mapDigestToSslConfigs(const QList<QgsAuthConfigSslServer>& configs) -> QMap<QString, QgsAuthConfigSslServer>
- Map SSL custom configs' certificate sha1 to custom config as simple cache.
- static auto pemIsPkcs8(const QString& keyPemTxt) -> bool
- Determine if the PEM-encoded text of a key is PKCS#8 format.
- static auto pemTextToTempFile(const QString& name, const QByteArray& pemtext) -> QString
- Write a temporary file for a PEM text of cert/key/CAs bundle component.
- static auto pkcs12BundleCas(const QString& bundlepath, const QString& bundlepass = QString()) -> QList<QSslCertificate>
- Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle.
- static auto pkcs12BundleToPem(const QString& bundlepath, const QString& bundlepass = QString(), bool reencrypt = true) -> QStringList
- Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle.
- static auto qcaKeyBundle(const QString& path, const QString& pass) -> QCA::KeyBundle
- PKI key/cert bundle from file path, e.g.
- static auto qcaKnownConstraint(QCA::ConstraintTypeKnown constraint) -> QString
- Certificate well-known constraint strings per enum.
- static auto qcaSignatureAlgorithm(QCA::SignatureAlgorithm algorithm) -> QString
- Certificate signature algorithm strings per enum.
- static auto qcaValidityMessage(QCA::Validity validity) -> QString
- Certificate validity check messages per enum.
- static auto qtCertsToQcaCollection(const QList<QSslCertificate>& certs) -> QCA::CertificateCollection
- Convert a QList of QSslCertificate to a QCA::CertificateCollection.
- static auto qtCertToQcaCert(const QSslCertificate& cert) -> QCA::Certificate
- Convert a QSslCertificate to a QCA::Certificate.
- static auto resolvedCertName(const QSslCertificate& cert, bool issuer = false) -> QString
- Gets the general name via RFC 5280 resolution.
- static auto shaHexForCert(const QSslCertificate& cert, bool formatted = false) -> QString
- Gets the sha1 hash for certificate.
- static auto sslConfigsGroupedByOrg(const QList<QgsAuthConfigSslServer>& configs) -> QMap<QString, QList<QgsAuthConfigSslServer>>
- Map SSL custom configs' certificates to their oraganization.
- static auto sslErrorEnumString(QSslError::SslError errenum) -> QString
- Gets short strings describing an SSL error.
- static auto sslErrorEnumStrings() -> QList<QPair<QSslError::SslError, QString>>
- Gets short strings describing SSL errors.
- static auto validateCertChain(const QList<QSslCertificate>& certificateChain, const QString& hostName = QString(), bool trustRootCa = false) -> QList<QSslError>
- validateCertChain validates the given certificateChain
- static auto validatePKIBundle(QgsPkiBundle& bundle, bool useIntermediates = true, bool trustRootCa = false) -> QStringList
- validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
Function documentation
static QList<QSslCertificate> QgsAuthCertUtils::
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the bundle2 are appended to bundle1 if not already there
| Parameters | |
|---|---|
| bundle1 | first bundle |
| bundle2 | second bundle |
| Returns | a list of unique certificates |
static QList<QSslCertificate> QgsAuthCertUtils::
casRemoveSelfSigned remove self-signed CA certificates from caList
| Parameters | |
|---|---|
| caList | list of CA certificates |
| Returns | a list of non self-signed certificates |
static QString QgsAuthCertUtils::
Certificate usage type strings per enum.
static bool QgsAuthCertUtils::
certIsCurrent checks if cert is viable for its not before and not after dates
| Parameters | |
|---|---|
| cert | certificate to be checked |
static bool QgsAuthCertUtils::
certIsViable checks for viability errors of cert and whether it is NULL
| Parameters | |
|---|---|
| cert | certificate to be checked |
| Returns | false if cert is NULL or has viability errors |
static QStringList QgsAuthCertUtils::
Returns list of certificate, private key and algorithm (as PEM text) from file path components.
| Parameters | |
|---|---|
| certpath | File path to certificate |
| keypath | File path to private key |
| keypass | Passphrase for private key |
| reencrypt | Whether to re-encrypt the private key with the passphrase |
| Returns | certificate, private key, key's algorithm type |
static QMap<QString, QList<QSslCertificate>> QgsAuthCertUtils::
Map certificates to their oraganization.
static QByteArray QgsAuthCertUtils::
certsToPemText dump a list of QSslCertificates to PEM text
| Parameters | |
|---|---|
| certs | list of certs |
| Returns | a byte array of concatenated certificates as PEM text |
static QList<QSslError> QgsAuthCertUtils::
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert
| Parameters | |
|---|---|
| cert | certificate to be checked |
| Returns | list of QSslError (will return NO ERRORS if a null QSslCertificate is passed) |
static QByteArray QgsAuthCertUtils::
Returns data from a local file via a read-only operation.
| Parameters | |
|---|---|
| path | Path to file to read |
| Returns | All data contained in file or empty contents if file does not exist |
static QString QgsAuthCertUtils::
Gets the general name for CA source enum type.
| Parameters | |
|---|---|
| source | The enum source type for the CA |
| single | Whether to return singular or plural description |
static QString QgsAuthCertUtils::
Gets combined distinguished name for certificate.
| Parameters | |
|---|---|
| qcert | Qt SSL cert object |
| acert | QCA SSL cert object to add more info to the output |
| issuer | Whether to return cert's subject or issuer combined name |
static QSslKey QgsAuthCertUtils::
Returns non-encrypted key from a PEM or DER formatted file.
| Parameters | |
|---|---|
| keypath | File path to private key |
| keypass | Passphrase for private key |
| algtype | QString to set with resolved algorithm type |
static bool QgsAuthCertUtils::
Determine if the PEM-encoded text of a key is PKCS#8 format.
| Parameters | |
|---|---|
| keyPemTxt | PEM-encoded text |
| Returns | True if PKCS#8, otherwise false |
static QString QgsAuthCertUtils::
Write a temporary file for a PEM text of cert/key/CAs bundle component.
| Parameters | |
|---|---|
| name | Name of file |
| pemtext | Component content as PEM text |
| Returns | File path to temporary file |
static QList<QSslCertificate> QgsAuthCertUtils::
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle.
| Parameters | |
|---|---|
| bundlepath | File path to the PKCS bundle |
| bundlepass | Passphrase for bundle |
| Returns | list of certificate |
static QStringList QgsAuthCertUtils::
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle.
| Parameters | |
|---|---|
| bundlepath | File path to the PKCS bundle |
| bundlepass | Passphrase for bundle |
| reencrypt | Whether to re-encrypt the private key with the passphrase |
| Returns | certificate, private key, key's algorithm type |
static QCA::KeyBundle QgsAuthCertUtils::
PKI key/cert bundle from file path, e.g.
from .p12 or pfx files.
static QString QgsAuthCertUtils::
Certificate well-known constraint strings per enum.
static QString QgsAuthCertUtils::
Certificate signature algorithm strings per enum.
static QString QgsAuthCertUtils::
Certificate validity check messages per enum.
static QCA::CertificateCollection QgsAuthCertUtils::
Convert a QList of QSslCertificate to a QCA::CertificateCollection.
static QCA::Certificate QgsAuthCertUtils::
Convert a QSslCertificate to a QCA::Certificate.
static QString QgsAuthCertUtils::
Gets the sha1 hash for certificate.
| Parameters | |
|---|---|
| cert | Qt SSL certificate to generate hash from |
| formatted | Whether to colon-delimit the hash |
static QMap<QString, QList<QgsAuthConfigSslServer>> QgsAuthCertUtils::
Map SSL custom configs' certificates to their oraganization.
static QList<QPair<QSslError::SslError, QString>> QgsAuthCertUtils::
Gets short strings describing SSL errors.
static QList<QSslError> QgsAuthCertUtils::
validateCertChain validates the given certificateChain
| Parameters | |
|---|---|
| certificateChain | list of certificates to be checked, with leaf first and with optional root CA last |
| hostName | (optional) name of the host to be verified |
| trustRootCa | if true the CA will be added to the trusted CAs for this validation check |
| Returns | list of QSslError, if the list is empty then the cert chain is valid |
static QStringList QgsAuthCertUtils::
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
| Parameters | |
|---|---|
| bundle | |
| useIntermediates | if true the intermediate certs are also checked |
| trustRootCa | if true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false) this option is ignored and set to false |
| Returns | a list of error strings, if the list is empty then the PKI bundle is valid |