Qt Cryptographic Architecture
qca_cert.h
Go to the documentation of this file.
1 /*
2  * qca_cert.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4  * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
33 #ifndef QCA_CERT_H
34 #define QCA_CERT_H
35 
36 #include "qca_core.h"
37 #include "qca_publickey.h"
38 #include <QDateTime>
39 
40 namespace QCA {
41 
42 class CertContext;
43 class CSRContext;
44 class CRLContext;
45 class Certificate;
46 class CRL;
47 class CertificateCollection;
48 class CertificateChain;
49 
53 enum CertificateRequestFormat
54 {
55  PKCS10,
56  SPKAC
57 };
58 
64 enum CertificateInfoTypeKnown
65 {
66  CommonName,
67  Email,
68  EmailLegacy,
69  Organization,
70  OrganizationalUnit,
71  Locality,
72  IncorporationLocality,
73  State,
74  IncorporationState,
75  Country,
76  IncorporationCountry,
77  URI,
78  DNS,
79  IPAddress,
80  XMPP
81 };
82 
119 class QCA_EXPORT CertificateInfoType
120 {
121 public:
125  enum Section
126  {
127  DN,
128  AlternativeName
129  };
130 
134  CertificateInfoType();
135 
144  CertificateInfoType(CertificateInfoTypeKnown known);
145 
154  CertificateInfoType(const QString &id, Section section);
155 
161  CertificateInfoType(const CertificateInfoType &from);
162 
163  ~CertificateInfoType();
164 
170  CertificateInfoType &operator=(const CertificateInfoType &from);
171 
175  Section section() const;
176 
184  CertificateInfoTypeKnown known() const;
185 
204  QString id() const;
205 
212  bool operator<(const CertificateInfoType &other) const;
213 
220  bool operator==(const CertificateInfoType &other) const;
221 
228  inline bool operator!=(const CertificateInfoType &other) const
229  {
230  return !(*this == other);
231  }
232 
233 private:
234  class Private;
235  QSharedDataPointer<Private> d;
236 };
237 
245 class QCA_EXPORT CertificateInfoPair
246 {
247 public:
251  CertificateInfoPair();
252 
259  CertificateInfoPair(const CertificateInfoType &type, const QString &value);
260 
266  CertificateInfoPair(const CertificateInfoPair &from);
267 
268  ~CertificateInfoPair();
269 
275  CertificateInfoPair &operator=(const CertificateInfoPair &from);
276 
280  CertificateInfoType type() const;
281 
285  QString value() const;
286 
293  bool operator==(const CertificateInfoPair &other) const;
294 
301  inline bool operator!=(const CertificateInfoPair &other) const
302  {
303  return !(*this == other);
304  }
305 
306 private:
307  class Private;
308  QSharedDataPointer<Private> d;
309 };
310 
316 enum ConstraintTypeKnown
317 {
318  // KeyUsage
319  DigitalSignature,
320  NonRepudiation,
321  KeyEncipherment,
322  DataEncipherment,
323  KeyAgreement,
324  KeyCertificateSign,
325  CRLSign,
326  EncipherOnly,
327  DecipherOnly,
328 
329  // ExtKeyUsage
330  ServerAuth,
331  ClientAuth,
333  CodeSigning,
335  EmailProtection,
337  IPSecEndSystem,
339  IPSecTunnel,
341  IPSecUser,
343  TimeStamping,
345  OCSPSigning
347 };
349 
363 class QCA_EXPORT ConstraintType
364 {
365 public:
369  enum Section
370  {
371  KeyUsage,
372  ExtendedKeyUsage
373  };
374 
378  ConstraintType();
379 
388  ConstraintType(ConstraintTypeKnown known);
389 
398  ConstraintType(const QString &id, Section section);
399 
405  ConstraintType(const ConstraintType &from);
406 
407  ~ConstraintType();
408 
414  ConstraintType &operator=(const ConstraintType &from);
415 
419  Section section() const;
420 
428  ConstraintTypeKnown known() const;
429 
448  QString id() const;
449 
455  bool operator<(const ConstraintType &other) const;
456 
462  bool operator==(const ConstraintType &other) const;
463 
469  inline bool operator!=(const ConstraintType &other) const
470  {
471  return !(*this == other);
472  }
473 
474 private:
475  class Private;
476  QSharedDataPointer<Private> d;
477 };
478 
482 enum UsageMode
483 {
484  UsageAny = 0x00,
485  UsageTLSServer = 0x01,
486  UsageTLSClient = 0x02,
487  UsageCodeSigning = 0x04,
488  UsageEmailProtection = 0x08,
489  UsageTimeStamping = 0x10,
490  UsageCRLSigning = 0x20
491 };
492 
496 enum Validity
497 {
498  ValidityGood,
499  ErrorRejected,
500  ErrorUntrusted,
501  ErrorSignatureFailed,
502  ErrorInvalidCA,
503  ErrorInvalidPurpose,
504  ErrorSelfSigned,
505  ErrorRevoked,
506  ErrorPathLengthExceeded,
507  ErrorExpired,
508  ErrorExpiredCA,
510  ErrorValidityUnknown = 64
511 };
512 
516 enum ValidateFlags
517 {
518  ValidateAll = 0x00, // Verify all conditions
519  ValidateRevoked = 0x01, // Verify the certificate was not revoked
520  ValidateExpired = 0x02, // Verify the certificate has not expired
521  ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose
522 };
523 
535 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
536 
547 class CertificateInfoOrdered : public QList<CertificateInfoPair>
548 {
549 public:
553  inline QString toString() const;
554 
559  inline CertificateInfoOrdered dnOnly() const;
560 };
561 
567 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
568 
575 QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in);
576 
577 inline QString CertificateInfoOrdered::toString() const
578 {
579  return orderedToDNString(*this);
580 }
581 
582 inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const
583 {
584  return orderedDNOnly(*this);
585 }
586 
590 typedef QList<ConstraintType> Constraints;
591 
598 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
599 
609 class QCA_EXPORT CertificateOptions
610 {
611 public:
617  CertificateOptions(CertificateRequestFormat format = PKCS10);
618 
624  CertificateOptions(const CertificateOptions &from);
625  ~CertificateOptions();
626 
632  CertificateOptions &operator=(const CertificateOptions &from);
633 
637  CertificateRequestFormat format() const;
638 
644  void setFormat(CertificateRequestFormat f);
645 
651  bool isValid() const;
652 
660  QString challenge() const;
661 
667  CertificateInfo info() const;
668 
675  CertificateInfoOrdered infoOrdered() const;
676 
680  Constraints constraints() const;
681 
685  QStringList policies() const;
686 
694  QStringList crlLocations() const;
695 
703  QStringList issuerLocations() const;
704 
710  QStringList ocspLocations() const;
711 
718  bool isCA() const;
719 
723  int pathLimit() const;
724 
730  BigInteger serialNumber() const;
731 
737  QDateTime notValidBefore() const;
738 
744  QDateTime notValidAfter() const;
745 
754  void setChallenge(const QString &s);
755 
764  void setInfo(const CertificateInfo &info);
765 
774  void setInfoOrdered(const CertificateInfoOrdered &info);
775 
781  void setConstraints(const Constraints &constraints);
782 
788  void setPolicies(const QStringList &policies);
789 
797  void setCRLLocations(const QStringList &locations);
798 
806  void setIssuerLocations(const QStringList &locations);
807 
813  void setOCSPLocations(const QStringList &locations);
814 
820  void setAsCA(int pathLimit = 8); // value from Botan
821 
825  void setAsUser();
826 
832  void setSerialNumber(const BigInteger &i);
833 
840  void setValidityPeriod(const QDateTime &start, const QDateTime &end);
841 
842 private:
843  class Private;
844  Private *d;
845 };
846 
856 class QCA_EXPORT Certificate : public Algorithm
857 {
858 public:
862  Certificate();
863 
870  Certificate(const QString &fileName);
871 
881  Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
882 
888  Certificate(const Certificate &from);
889 
890  ~Certificate() override;
891 
897  Certificate &operator=(const Certificate &from);
898 
903  bool isNull() const;
904 
908  QDateTime notValidBefore() const;
909 
913  QDateTime notValidAfter() const;
914 
932  CertificateInfo subjectInfo() const;
933 
953  CertificateInfoOrdered subjectInfoOrdered() const;
954 
960  CertificateInfo issuerInfo() const;
961 
974  CertificateInfoOrdered issuerInfoOrdered() const;
975 
979  Constraints constraints() const;
980 
986  QStringList policies() const;
987 
993  QStringList crlLocations() const;
994 
1000  QStringList issuerLocations() const;
1001 
1005  QStringList ocspLocations() const;
1006 
1013  QString commonName() const;
1014 
1018  BigInteger serialNumber() const;
1019 
1023  PublicKey subjectPublicKey() const;
1024 
1030  bool isCA() const;
1031 
1037  bool isSelfSigned() const;
1038 
1047  bool isIssuerOf(const Certificate &other) const;
1048 
1053  int pathLimit() const;
1054 
1058  SignatureAlgorithm signatureAlgorithm() const;
1059 
1063  QByteArray subjectKeyId() const;
1064 
1068  QByteArray issuerKeyId() const;
1069 
1081  Validity validate(const CertificateCollection &trusted,
1082  const CertificateCollection &untrusted,
1083  UsageMode u = UsageAny,
1084  ValidateFlags vf = ValidateAll) const;
1085 
1089  QByteArray toDER() const;
1090 
1094  QString toPEM() const;
1095 
1101  bool toPEMFile(const QString &fileName) const;
1102 
1115  static Certificate
1116  fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1117 
1130  static Certificate fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1131 
1145  static Certificate
1146  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1147 
1160  bool matchesHostName(const QString &host) const;
1161 
1169  bool operator==(const Certificate &a) const;
1170 
1176  inline bool operator!=(const Certificate &other) const
1177  {
1178  return !(*this == other);
1179  }
1180 
1186  void change(CertContext *c);
1187 
1188 private:
1189  class Private;
1190  friend class Private;
1191  QSharedDataPointer<Private> d;
1192 
1193  friend class CertificateChain;
1194  Validity chain_validate(const CertificateChain & chain,
1195  const CertificateCollection &trusted,
1196  const QList<CRL> & untrusted_crls,
1197  UsageMode u,
1198  ValidateFlags vf) const;
1199  CertificateChain
1200  chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
1201 };
1202 
1225 class CertificateChain : public QList<Certificate>
1226 {
1227 public:
1231  inline CertificateChain()
1232  {
1233  }
1234 
1241  inline CertificateChain(const Certificate &primary)
1242  {
1243  append(primary);
1244  }
1245 
1249  inline const Certificate &primary() const
1250  {
1251  return first();
1252  }
1253 
1267  inline Validity validate(const CertificateCollection &trusted,
1268  const QList<CRL> & untrusted_crls = QList<CRL>(),
1269  UsageMode u = UsageAny,
1270  ValidateFlags vf = ValidateAll) const;
1271 
1295  inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(),
1296  Validity * result = nullptr) const;
1297 };
1298 
1299 inline Validity CertificateChain::validate(const CertificateCollection &trusted,
1300  const QList<CRL> & untrusted_crls,
1301  UsageMode u,
1302  ValidateFlags vf) const
1303 {
1304  if (isEmpty())
1305  return ErrorValidityUnknown;
1306  return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
1307 }
1308 
1309 inline CertificateChain CertificateChain::complete(const QList<Certificate> &issuers, Validity *result) const
1310 {
1311  if (isEmpty())
1312  return CertificateChain();
1313  return first().chain_complete(*this, issuers, result);
1314 }
1315 
1325 class QCA_EXPORT CertificateRequest : public Algorithm
1326 {
1327 public:
1331  CertificateRequest();
1332 
1339  CertificateRequest(const QString &fileName);
1340 
1350  CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
1351 
1357  CertificateRequest(const CertificateRequest &from);
1358 
1359  ~CertificateRequest() override;
1360 
1366  CertificateRequest &operator=(const CertificateRequest &from);
1367 
1373  bool isNull() const;
1374 
1385  static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
1386 
1390  CertificateRequestFormat format() const;
1391 
1400  CertificateInfo subjectInfo() const;
1401 
1412  CertificateInfoOrdered subjectInfoOrdered() const;
1413 
1419  Constraints constraints() const;
1420 
1426  QStringList policies() const;
1427 
1431  PublicKey subjectPublicKey() const;
1432 
1439  bool isCA() const;
1440 
1446  int pathLimit() const;
1447 
1451  QString challenge() const;
1452 
1457  SignatureAlgorithm signatureAlgorithm() const;
1458 
1466  bool operator==(const CertificateRequest &csr) const;
1467 
1473  inline bool operator!=(const CertificateRequest &other) const
1474  {
1475  return !(*this == other);
1476  }
1477 
1483  QByteArray toDER() const;
1484 
1490  QString toPEM() const;
1491 
1499  bool toPEMFile(const QString &fileName) const;
1500 
1515  static CertificateRequest
1516  fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1517 
1533  static CertificateRequest
1534  fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1535 
1551  static CertificateRequest
1552  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1553 
1561  QString toString() const;
1562 
1577  static CertificateRequest
1578  fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1579 
1585  void change(CSRContext *c);
1586 
1587 private:
1588  class Private;
1589  friend class Private;
1590  QSharedDataPointer<Private> d;
1591 };
1592 
1600 class QCA_EXPORT CRLEntry
1601 {
1602 public:
1606  enum Reason
1607  {
1608  Unspecified,
1609  KeyCompromise,
1610  CACompromise,
1611  AffiliationChanged,
1612  Superseded,
1613  CessationOfOperation,
1614  CertificateHold,
1615  RemoveFromCRL,
1616  PrivilegeWithdrawn,
1617  AACompromise
1618  };
1619 
1623  CRLEntry();
1624 
1631  explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
1632 
1641  CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
1642 
1648  CRLEntry(const CRLEntry &from);
1649 
1650  ~CRLEntry();
1651 
1657  CRLEntry &operator=(const CRLEntry &from);
1658 
1662  BigInteger serialNumber() const;
1663 
1667  QDateTime time() const;
1668 
1672  bool isNull() const;
1673 
1680  Reason reason() const;
1681 
1689  bool operator<(const CRLEntry &a) const;
1690 
1698  bool operator==(const CRLEntry &a) const;
1699 
1705  inline bool operator!=(const CRLEntry &other) const
1706  {
1707  return !(*this == other);
1708  }
1709 
1710 private:
1711  BigInteger _serial;
1712  QDateTime _time;
1713  Reason _reason;
1714 
1715  class Private;
1716  Private *d;
1717 };
1718 
1739 class QCA_EXPORT CRL : public Algorithm
1740 {
1741 public:
1742  CRL();
1743 
1749  CRL(const CRL &from);
1750 
1751  ~CRL() override;
1752 
1758  CRL &operator=(const CRL &from);
1759 
1765  bool isNull() const;
1766 
1773  CertificateInfo issuerInfo() const;
1774 
1783  CertificateInfoOrdered issuerInfoOrdered() const;
1784 
1791  int number() const;
1792 
1796  QDateTime thisUpdate() const;
1797 
1803  QDateTime nextUpdate() const;
1804 
1808  QList<CRLEntry> revoked() const;
1809 
1813  SignatureAlgorithm signatureAlgorithm() const;
1814 
1818  QByteArray issuerKeyId() const;
1819 
1827  bool operator==(const CRL &a) const;
1828 
1834  inline bool operator!=(const CRL &other) const
1835  {
1836  return !(*this == other);
1837  }
1838 
1844  QByteArray toDER() const;
1845 
1851  QString toPEM() const;
1852 
1859  bool toPEMFile(const QString &fileName) const;
1860 
1872  static CRL fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1873 
1885  static CRL fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1886 
1899  static CRL
1900  fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1901 
1907  void change(CRLContext *c);
1908 
1909 private:
1910  class Private;
1911  friend class Private;
1912  QSharedDataPointer<Private> d;
1913 };
1914 
1928 class QCA_EXPORT CertificateCollection
1929 {
1930 public:
1934  CertificateCollection();
1935 
1941  CertificateCollection(const CertificateCollection &from);
1942 
1943  ~CertificateCollection();
1944 
1950  CertificateCollection &operator=(const CertificateCollection &from);
1951 
1957  void addCertificate(const Certificate &cert);
1958 
1965  void addCRL(const CRL &crl);
1966 
1970  QList<Certificate> certificates() const;
1971 
1975  QList<CRL> crls() const;
1976 
1982  void append(const CertificateCollection &other);
1983 
1989  CertificateCollection operator+(const CertificateCollection &other) const;
1990 
1996  CertificateCollection &operator+=(const CertificateCollection &other);
1997 
2008  static bool canUsePKCS7(const QString &provider = QString());
2009 
2018  bool toFlatTextFile(const QString &fileName);
2019 
2030  bool toPKCS7File(const QString &fileName, const QString &provider = QString());
2031 
2045  static CertificateCollection
2046  fromFlatTextFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2047 
2061  static CertificateCollection
2062  fromPKCS7File(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2063 
2064 private:
2065  class Private;
2066  QSharedDataPointer<Private> d;
2067 };
2068 
2077 class QCA_EXPORT CertificateAuthority : public Algorithm
2078 {
2079 public:
2088  CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
2089 
2095  CertificateAuthority(const CertificateAuthority &from);
2096 
2097  ~CertificateAuthority() override;
2098 
2104  CertificateAuthority &operator=(const CertificateAuthority &from);
2105 
2112  Certificate certificate() const;
2113 
2121  Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const;
2122 
2129  Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
2130 
2138  CRL createCRL(const QDateTime &nextUpdate) const;
2139 
2149  CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
2150 
2151 private:
2152  class Private;
2153  Private *d;
2154 };
2155 
2175 class QCA_EXPORT KeyBundle
2176 {
2177 public:
2181  KeyBundle();
2182 
2200  explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
2201 
2207  KeyBundle(const KeyBundle &from);
2208 
2209  ~KeyBundle();
2210 
2216  KeyBundle &operator=(const KeyBundle &from);
2217 
2221  bool isNull() const;
2222 
2232  QString name() const;
2233 
2239  CertificateChain certificateChain() const;
2240 
2246  PrivateKey privateKey() const;
2247 
2253  void setName(const QString &s);
2254 
2264  void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
2265 
2289  QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
2290 
2315  bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
2316 
2347  static KeyBundle fromArray(const QByteArray & a,
2348  const SecureArray &passphrase = SecureArray(),
2349  ConvertResult * result = nullptr,
2350  const QString & provider = QString());
2351 
2382  static KeyBundle fromFile(const QString & fileName,
2383  const SecureArray &passphrase = SecureArray(),
2384  ConvertResult * result = nullptr,
2385  const QString & provider = QString());
2386 
2387 private:
2388  class Private;
2389  QSharedDataPointer<Private> d;
2390 };
2391 
2406 class QCA_EXPORT PGPKey : public Algorithm
2407 {
2408 public:
2412  PGPKey();
2413 
2423  PGPKey(const QString &fileName);
2424 
2430  PGPKey(const PGPKey &from);
2431 
2432  ~PGPKey() override;
2433 
2439  PGPKey &operator=(const PGPKey &from);
2440 
2446  bool isNull() const;
2447 
2451  QString keyId() const;
2452 
2456  QString primaryUserId() const;
2457 
2461  QStringList userIds() const;
2462 
2468  bool isSecret() const;
2469 
2473  QDateTime creationDate() const;
2474 
2478  QDateTime expirationDate() const;
2479 
2486  QString fingerprint() const;
2487 
2496  bool inKeyring() const;
2497 
2503  bool isTrusted() const;
2504 
2514  QByteArray toArray() const;
2515 
2524  QString toString() const;
2525 
2531  bool toFile(const QString &fileName) const;
2532 
2542  static PGPKey fromArray(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
2543 
2553  static PGPKey fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
2554 
2565  static PGPKey
2566  fromFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2567 
2568 private:
2569  class Private;
2570  Private *d;
2571 };
2572 
2612 class QCA_EXPORT KeyLoader : public QObject
2613 {
2614  Q_OBJECT
2615 public:
2621  KeyLoader(QObject *parent = nullptr);
2622  ~KeyLoader() override;
2623 
2633  void loadPrivateKeyFromPEMFile(const QString &fileName);
2634 
2643  void loadPrivateKeyFromPEM(const QString &s);
2644 
2653  void loadPrivateKeyFromDER(const SecureArray &a);
2654 
2663  void loadKeyBundleFromFile(const QString &fileName);
2664 
2672  void loadKeyBundleFromArray(const QByteArray &a);
2673 
2679  ConvertResult convertResult() const;
2680 
2690  PrivateKey privateKey() const;
2691 
2700  KeyBundle keyBundle() const;
2701 
2702 Q_SIGNALS:
2710  void finished();
2711 
2712 private:
2713  Q_DISABLE_COPY(KeyLoader)
2714 
2715  class Private;
2716  friend class Private;
2717  Private *d;
2718 };
2719 
2720 }
2721 
2722 #endif
QCA::CertificateInfoType::DN
@ DN
Distinguished name (the primary name)
Definition: qca_cert.h:127
QCA::IncorporationLocality
@ IncorporationLocality
The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1".
Definition: qca_cert.h:72
QCA::CertificateInfoType::operator==
bool operator==(const CertificateInfoType &other) const
Comparison operator.
QCA::Certificate::operator==
bool operator==(const Certificate &a) const
Test for equality of two certificates.
QCA::Certificate::toPEM
QString toPEM() const
Export the Certificate into a PEM format.
QCA::CertificateChain::complete
CertificateChain complete(const QList< Certificate > &issuers=QList< Certificate >(), Validity *result=nullptr) const
Complete a certificate chain for the primary certificate, using the rest of the certificates in the c...
Definition: qca_cert.h:1309
QObject
QCA::KeyAgreement
@ KeyAgreement
Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
Definition: qca_cert.h:323
QCA::KeyLoader::loadPrivateKeyFromPEM
void loadPrivateKeyFromPEM(const QString &s)
Initiate an asynchronous loading of a PrivateKey from a PEM format string.
QCA::CertificateAuthority
A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs).
Definition: qca_cert.h:2078
QCA::ErrorExpiredCA
@ ErrorExpiredCA
The Certificate Authority has expired.
Definition: qca_cert.h:509
QCA::ErrorInvalidPurpose
@ ErrorInvalidPurpose
The purpose does not match the intended usage.
Definition: qca_cert.h:503
QCA::KeyBundle::isNull
bool isNull() const
Test if this key is empty (null)
QCA::CertificateRequest::toPEM
QString toPEM() const
Export the Certificate Request into a PEM format.
QCA::CertificateCollection::fromFlatTextFile
static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
import a CertificateCollection from a text file
QCA::CRL::issuerKeyId
QByteArray issuerKeyId() const
The key identification of the CRL issuer.
QCA::CertificateOptions::notValidBefore
QDateTime notValidBefore() const
the first time the certificate will be valid
QCA::ConstraintType::Section
Section
Section of the certificate that the constraint belongs in.
Definition: qca_cert.h:370
QCA::CertificateOptions::operator=
CertificateOptions & operator=(const CertificateOptions &from)
Standard assignment operator.
QCA::CRL::operator!=
bool operator!=(const CRL &other) const
Inequality operator.
Definition: qca_cert.h:1834
QCA::Certificate::isCA
bool isCA() const
Test if the Certificate is valid as a Certificate Authority.
QCA::CRLEntry::isNull
bool isNull() const
Test if this CRL entry is empty.
QCA::CertificateOptions::format
CertificateRequestFormat format() const
test the format type for this certificate
QCA::CertificateCollection::operator=
CertificateCollection & operator=(const CertificateCollection &from)
Standard assignment operator.
QCA::KeyBundle::fromFile
static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase=SecureArray(), ConvertResult *result=nullptr, const QString &provider=QString())
QCA::CertificateInfoType::operator!=
bool operator!=(const CertificateInfoType &other) const
Inequality operator.
Definition: qca_cert.h:228
QCA::CertificateInfoType
Certificate information type.
Definition: qca_cert.h:120
QCA::KeyLoader::loadPrivateKeyFromDER
void loadPrivateKeyFromDER(const SecureArray &a)
Initiate an asynchronous loading of a PrivateKey from a DER format array.
QCA::KeyLoader::privateKey
PrivateKey privateKey() const
The private key that has been loaded.
QCA::CertificateInfoOrdered::dnOnly
CertificateInfoOrdered dnOnly() const
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in thi...
Definition: qca_cert.h:582
QCA::PGPKey::userIds
QStringList userIds() const
The list of all user identifications associated with the key.
QCA::ErrorExpired
@ ErrorExpired
The certificate has expired, or is not yet valid (e.g.
Definition: qca_cert.h:507
QCA::CertificateRequest::operator==
bool operator==(const CertificateRequest &csr) const
Test for equality of two certificate requests.
QCA::CertificateCollection::canUsePKCS7
static bool canUsePKCS7(const QString &provider=QString())
test if the CertificateCollection can be imported and exported to PKCS#7 format
QCA::ErrorPathLengthExceeded
@ ErrorPathLengthExceeded
The path length from the root CA to this certificate is too long.
Definition: qca_cert.h:506
QCA::CertificateRequest::isNull
bool isNull() const
test if the certificate request is empty
QCA::CertificateOptions::setCRLLocations
void setCRLLocations(const QStringList &locations)
set the CRL locations of the certificate
QCA::makeFriendlyNames
QCA_EXPORT QStringList makeFriendlyNames(const QList< Certificate > &list)
Create a list of unique friendly names among a list of certificates.
QCA::Certificate::matchesHostName
bool matchesHostName(const QString &host) const
Test if the subject of the certificate matches a specified host name.
QCA::PGPKey::PGPKey
PGPKey()
Create an empty PGP key.
QCA::PGPKey::toFile
bool toFile(const QString &fileName) const
Export the key to a file.
QCA::CRLEntry::RemoveFromCRL
@ RemoveFromCRL
certificate was previously in a CRL, but is now valid
Definition: qca_cert.h:1615
QCA::IncorporationCountry
@ IncorporationCountry
The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".
Definition: qca_cert.h:76
QCA::CRL::toDER
QByteArray toDER() const
Export the Certificate Revocation List (CRL) in DER format.
QCA::CertificateRequest::toDER
QByteArray toDER() const
Export the Certificate Request into a DER format.
QCA::CRLEntry::reason
Reason reason() const
The reason that this CRL entry was created.
QCA::Certificate::subjectKeyId
QByteArray subjectKeyId() const
The key identifier associated with the subject.
QCA::IPAddress
@ IPAddress
IP address, id = "GeneralName.iPAddress".
Definition: qca_cert.h:79
QCA::KeyLoader::KeyLoader
KeyLoader(QObject *parent=nullptr)
Create a KeyLoader object.
QCA::CRL::toPEMFile
bool toPEMFile(const QString &fileName) const
Export the Certificate Revocation List (CRL) into PEM format in a file.
QCA::KeyBundle::operator=
KeyBundle & operator=(const KeyBundle &from)
Standard assignment operator.
QCA::Email
@ Email
Email address, id = "GeneralName.rfc822Name".
Definition: qca_cert.h:67
QCA::PrivateKey
Generic private key.
Definition: qca_publickey.h:833
QCA::KeyCertificateSign
@ KeyCertificateSign
Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
Definition: qca_cert.h:324
QCA::CertificateRequest::CertificateRequest
CertificateRequest(const CertificateRequest &from)
Standard copy constructor.
QCA::CertificateCollection::toPKCS7File
bool toPKCS7File(const QString &fileName, const QString &provider=QString())
export the CertificateCollection to a PKCS#7 file
QCA::CertificateCollection::crls
QList< CRL > crls() const
The CRLs in this collection.
QCA::CertificateRequest::toPEMFile
bool toPEMFile(const QString &fileName) const
Export the Certificate into PEM format in a file.
QCA::Certificate::subjectInfoOrdered
CertificateInfoOrdered subjectInfoOrdered() const
QCA::DataEncipherment
@ DataEncipherment
Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"
Definition: qca_cert.h:322
QCA
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:41
QCA::CRLEntry::KeyCompromise
@ KeyCompromise
private key has been compromised
Definition: qca_cert.h:1609
QCA::KeyLoader::loadKeyBundleFromFile
void loadKeyBundleFromFile(const QString &fileName)
Initiate an asynchronous loading of a KeyBundle from a file.
QCA::CertificateCollection::addCRL
void addCRL(const CRL &crl)
Append a CRL to this collection.
QCA::CertificateRequest::toString
QString toString() const
Export the CertificateRequest to a string.
QCA::Certificate::fromPEM
static Certificate fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from PEM format.
QCA::Algorithm
General superclass for an algorithm.
Definition: qca_core.h:1164
QCA::CertificateInfoType::known
CertificateInfoTypeKnown known() const
The type as part of the CertificateInfoTypeKnown enumerator.
QCA::CertificateInfoPair
One entry in a certificate information list.
Definition: qca_cert.h:246
QCA::CertificateRequest::fromPEMFile
static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from a file.
QCA::CertificateAuthority::createCertificate
Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const
Create a new Certificate.
QCA::CertificateRequest::challenge
QString challenge() const
The challenge associated with this certificate request.
QCA::Certificate::fromPEMFile
static Certificate fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from a file.
QCA::PGPKey::operator=
PGPKey & operator=(const PGPKey &from)
Standard assignment operator.
QCA::OrganizationalUnit
@ OrganizationalUnit
An part of an organisation (eg a division or branch), id = "2.5.4.11".
Definition: qca_cert.h:70
QCA::CertificateInfoType::CertificateInfoType
CertificateInfoType(const CertificateInfoType &from)
Standard copy constructor.
QCA::CertificateAuthority::CertificateAuthority
CertificateAuthority(const CertificateAuthority &from)
Copy constructor.
QList
QCA::ConstraintType::ConstraintType
ConstraintType(const QString &id, Section section)
Construct a new constraint.
QCA::UsageTimeStamping
@ UsageTimeStamping
time stamping certificate
Definition: qca_cert.h:489
QCA::CertificateInfoPair::operator=
CertificateInfoPair & operator=(const CertificateInfoPair &from)
Standard assignment operator.
QCA::Certificate::constraints
Constraints constraints() const
The constraints that apply to this certificate.
QCA::CertificateInfoType::operator=
CertificateInfoType & operator=(const CertificateInfoType &from)
Standard assignment operator.
QCA::CRLEntry::operator=
CRLEntry & operator=(const CRLEntry &from)
Standard assignment operator.
QCA::PGPKey::isNull
bool isNull() const
Test if the PGP key is empty (null)
QCA::CertificateCollection::toFlatTextFile
bool toFlatTextFile(const QString &fileName)
export the CertificateCollection to a plain text file
QCA::CertificateRequest::operator=
CertificateRequest & operator=(const CertificateRequest &from)
Standard assignment operator.
QCA::CertificateOptions::info
CertificateInfo info() const
Information on the subject of the certificate.
QCA::CertificateOptions::isValid
bool isValid() const
Test if the certificate options object is valid.
QCA::CertificateOptions::isCA
bool isCA() const
test if the certificate is a CA cert
QCA::Certificate::validate
Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate.
QCA::OCSPSigning
@ OCSPSigning
Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion,...
Definition: qca_cert.h:346
QCA::CertificateRequest::CertificateRequest
CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider=QString())
Create a certificate request based on specified options.
QCA::CertificateRequest::fromString
static CertificateRequest fromString(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the CertificateRequest from a string.
QCA::PGPKey::fingerprint
QString fingerprint() const
The key fingerpint.
QCA::CertificateRequest::policies
QStringList policies() const
The policies that apply to this certificate request.
QCA::CertificateInfoType::CertificateInfoType
CertificateInfoType(CertificateInfoTypeKnown known)
Construct a new type.
QCA::CertContext
X.509 certificate provider.
Definition: qcaprovider.h:1325
QCA::CRLEntry::CRLEntry
CRLEntry(const CRLEntry &from)
Copy constructor.
QCA::CertificateOptions::CertificateOptions
CertificateOptions(CertificateRequestFormat format=PKCS10)
Create a Certificate options set.
QCA::Certificate::commonName
QString commonName() const
The common name of the subject of the certificate.
QCA::PGPKey::fromString
static PGPKey fromString(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from a string.
QCA::SignatureAlgorithm
SignatureAlgorithm
Signature algorithm variants.
Definition: qca_publickey.h:74
QCA::CertificateCollection
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1929
QCA::CertificateAuthority::CertificateAuthority
CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider)
Create a new Certificate Authority.
QCA::CertificateInfoPair::value
QString value() const
The value of the information stored in the pair.
QCA::ConstraintType::ConstraintType
ConstraintType()
Standard constructor.
QCA::CertificateOptions::policies
QStringList policies() const
list the policies on this certificate
QCA::Certificate::toPEMFile
bool toPEMFile(const QString &fileName) const
Export the Certificate into PEM format in a file.
QCA::CertificateInfoType::Section
Section
Section of the certificate that the information belongs in.
Definition: qca_cert.h:126
QCA::orderedToDNString
QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in)
Convert to RFC 1779 string format.
QCA::CertificateChain::validate
Validity validate(const CertificateCollection &trusted, const QList< CRL > &untrusted_crls=QList< CRL >(), UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate chain.
Definition: qca_cert.h:1299
QCA::CommonName
@ CommonName
The common name (eg person), id = "2.5.4.3".
Definition: qca_cert.h:66
QCA::KeyBundle::fromArray
static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase=SecureArray(), ConvertResult *result=nullptr, const QString &provider=QString())
QCA::ValidityGood
@ ValidityGood
The certificate is valid.
Definition: qca_cert.h:498
QCA::CertificateOptions::setValidityPeriod
void setValidityPeriod(const QDateTime &start, const QDateTime &end)
Set the validity period for the certificate.
QCA::Certificate::signatureAlgorithm
SignatureAlgorithm signatureAlgorithm() const
The signature algorithm used for the signature on this certificate.
QCA::IncorporationState
@ IncorporationState
The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".
Definition: qca_cert.h:74
QCA::State
@ State
The state within the country, id = "2.5.4.8".
Definition: qca_cert.h:73
QCA::UsageTLSServer
@ UsageTLSServer
server side of a TLS or SSL connection
Definition: qca_cert.h:485
QCA::IPSecEndSystem
@ IPSecEndSystem
Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3....
Definition: qca_cert.h:338
QCA::Certificate::pathLimit
int pathLimit() const
The upper bound of the number of links in the certificate chain, if any.
QCA::CRLEntry::CRLEntry
CRLEntry(const Certificate &c, Reason r=Unspecified)
create a CRL entry
QCA::CRL::issuerInfoOrdered
CertificateInfoOrdered issuerInfoOrdered() const
Information on the issuer of the CRL as an ordered list (QList of CertificateInfoPair).
QCA::CertificateRequestFormat
CertificateRequestFormat
Certificate Request Format.
Definition: qca_cert.h:54
QCA::Constraints
QList< ConstraintType > Constraints
Certificate constraints type
Definition: qca_cert.h:590
QCA::CertificateRequest::change
void change(CSRContext *c)
QCA::CertificateRequest::subjectPublicKey
PublicKey subjectPublicKey() const
The public key belonging to the issuer.
QCA::UsageAny
@ UsageAny
Any application, or unspecified.
Definition: qca_cert.h:484
QCA::CertificateRequest::CertificateRequest
CertificateRequest(const QString &fileName)
Create a certificate request based on the contents of a file.
QCA::Certificate::issuerInfo
CertificateInfo issuerInfo() const
Properties of the issuer of the certificate.
QCA::CertificateInfoPair::operator!=
bool operator!=(const CertificateInfoPair &other) const
Inequality operator.
Definition: qca_cert.h:301
QCA::KeyLoader::keyBundle
KeyBundle keyBundle() const
The key bundle that has been loaded.
QCA::PGPKey::fromArray
static PGPKey fromArray(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from an array.
QCA::PGPKey::expirationDate
QDateTime expirationDate() const
The expiration date for the key.
QCA::IPSecTunnel
@ IPSecTunnel
Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6".
Definition: qca_cert.h:340
QCA::CRLEntry::serialNumber
BigInteger serialNumber() const
The serial number of the certificate that is the subject of this CRL entry.
QCA::CRLEntry::CRLEntry
CRLEntry()
create an empty CRL entry
QCA::CertificateOptions::setAsCA
void setAsCA(int pathLimit=8)
set the certificate to be a CA cert
QCA::EmailLegacy
@ EmailLegacy
PKCS#9 Email field, id = "1.2.840.113549.1.9.1".
Definition: qca_cert.h:68
QCA::CertificateOptions::issuerLocations
QStringList issuerLocations() const
list of URI locations for issuer certificate files
QCA::CertificateChain
A chain of related Certificates.
Definition: qca_cert.h:1226
QCA::ConstraintType::operator==
bool operator==(const ConstraintType &other) const
Comparison operator.
QCA::ConstraintType::id
QString id() const
The type as an identifier string.
QCA::DNS
@ DNS
DNS name, id = "GeneralName.dNSName".
Definition: qca_cert.h:78
QCA::CertificateInfoType::operator<
bool operator<(const CertificateInfoType &other) const
Comparison operator.
QCA::CRLEntry::CACompromise
@ CACompromise
certificate authority has been compromised
Definition: qca_cert.h:1610
QCA::Certificate::toDER
QByteArray toDER() const
Export the Certificate into a DER format.
QCA::ErrorRejected
@ ErrorRejected
The root CA rejected the certificate purpose.
Definition: qca_cert.h:499
QCA::CertificateAuthority::createCRL
CRL createCRL(const QDateTime &nextUpdate) const
Create a new Certificate Revocation List (CRL)
QCA::CertificateChain::CertificateChain
CertificateChain()
Create an empty certificate chain.
Definition: qca_cert.h:1231
QCA::PGPKey::PGPKey
PGPKey(const PGPKey &from)
Standard copy constructor.
QCA::DigitalSignature
@ DigitalSignature
Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"
Definition: qca_cert.h:319
QCA::KeyBundle::toArray
QByteArray toArray(const SecureArray &passphrase, const QString &provider=QString()) const
QCA::PGPKey::fromFile
static PGPKey fromFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import the key from a file.
QCA::CertificateRequest
Certificate Request
Definition: qca_cert.h:1326
QCA::ConstraintTypeKnown
ConstraintTypeKnown
Known types of certificate constraints.
Definition: qca_cert.h:317
QCA::ServerAuth
@ ServerAuth
Certificate can be used for server authentication (e.g.
Definition: qca_cert.h:330
QCA::Country
@ Country
The country, id = "2.5.4.6".
Definition: qca_cert.h:75
QCA::CertificateOptions::crlLocations
QStringList crlLocations() const
list of URI locations for CRL files
QCA::CertificateRequest::fromDER
static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from DER.
QCA::CertificateCollection::certificates
QList< Certificate > certificates() const
The Certificates in this collection.
QCA::CertificateInfo
QMultiMap< CertificateInfoType, QString > CertificateInfo
Certificate properties type.
Definition: qca_cert.h:535
QCA::CRLEntry::time
QDateTime time() const
The time this CRL entry was created.
QCA::Certificate::change
void change(CertContext *c)
QCA::CertificateInfoPair::operator==
bool operator==(const CertificateInfoPair &other) const
Comparison operator.
QCA::ErrorInvalidCA
@ ErrorInvalidCA
The Certificate Authority is invalid.
Definition: qca_cert.h:502
QCA::CertificateRequest::pathLimit
int pathLimit() const
The path limit for the certificate in this Certificate Request.
QCA::Certificate::policies
QStringList policies() const
The policies that apply to this certificate.
QCA::CertificateOptions::setPolicies
void setPolicies(const QStringList &policies)
set the policies on the certificate
QCA::PGPKey::inKeyring
bool inKeyring() const
Test if this key is in a keyring.
QCA::EmailProtection
@ EmailProtection
Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4".
Definition: qca_cert.h:336
QCA::CertificateCollection::operator+=
CertificateCollection & operator+=(const CertificateCollection &other)
Add another CertificateCollection to this collection.
QCA::UsageEmailProtection
@ UsageEmailProtection
email (S/MIME) certificate
Definition: qca_cert.h:488
QCA::Certificate::fromDER
static Certificate fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate from DER.
QCA::CSRContext
X.509 certificate request provider.
Definition: qcaprovider.h:1429
QCA::SecureArray
Secure array of bytes.
Definition: qca_tools.h:317
QCA::CRL::revoked
QList< CRLEntry > revoked() const
a list of the revoked certificates in this CRL
QCA::CertificateInfoOrdered
Ordered certificate properties type.
Definition: qca_cert.h:548
QCA::Certificate::ocspLocations
QStringList ocspLocations() const
List of URI locations for OCSP services.
QCA::Certificate::isNull
bool isNull() const
Test if the certificate is empty (null)
QCA::CertificateRequest::canUseFormat
static bool canUseFormat(CertificateRequestFormat f, const QString &provider=QString())
Test if the certificate request can use a specified format.
QCA::PGPKey::toString
QString toString() const
Export the key to a string.
QCA::KeyLoader::loadKeyBundleFromArray
void loadKeyBundleFromArray(const QByteArray &a)
Initiate an asynchronous loading of a KeyBundle from an array.
QCA::CertificateInfoType::CertificateInfoType
CertificateInfoType(const QString &id, Section section)
Construct a new type.
QCA::PGPKey::creationDate
QDateTime creationDate() const
The creation date for the key.
QCA::CRLEntry::CRLEntry
CRLEntry(const BigInteger serial, const QDateTime &time, Reason r=Unspecified)
create a CRL entry
QCA::Certificate
Public Key (X.509) certificate.
Definition: qca_cert.h:857
QCA::UsageMode
UsageMode
Specify the intended usage of a certificate.
Definition: qca_cert.h:483
QCA::BigInteger
Arbitrary precision integer.
Definition: qca_tools.h:571
QCA::CertificateOptions::setFormat
void setFormat(CertificateRequestFormat f)
Specify the format for this certificate.
QCA::CRL
Certificate Revocation List
Definition: qca_cert.h:1740
QCA::CodeSigning
@ CodeSigning
Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3".
Definition: qca_cert.h:334
QCA::CertificateInfoPair::CertificateInfoPair
CertificateInfoPair()
Standard constructor.
QCA::ErrorSelfSigned
@ ErrorSelfSigned
The certificate is self-signed, and is not found in the list of trusted certificates.
Definition: qca_cert.h:504
QCA::CertificateOptions::CertificateOptions
CertificateOptions(const CertificateOptions &from)
Standard copy constructor.
QCA::CertificateRequest::subjectInfoOrdered
CertificateInfoOrdered subjectInfoOrdered() const
Information on the subject of the certificate being requested, as an ordered list (QList of Certifica...
QCA::UsageCRLSigning
@ UsageCRLSigning
certificate revocation list signing certificate
Definition: qca_cert.h:490
QCA::KeyBundle
Certificate chain and private key pair.
Definition: qca_cert.h:2176
QCA::CRL::change
void change(CRLContext *c)
QCA::CertificateOptions::pathLimit
int pathLimit() const
return the path limit on this certificate
QCA::CertificateOptions::challenge
QString challenge() const
The challenge part of the certificate.
QCA::PGPKey::primaryUserId
QString primaryUserId() const
The primary user identification for the key.
QCA::orderedDNOnly
QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in)
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the...
QCA::CertificateRequest::fromPEM
static CertificateRequest fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import the certificate request from PEM format.
QCA::CertificateCollection::CertificateCollection
CertificateCollection(const CertificateCollection &from)
Standard copy constructor.
QCA::PGPKey::isTrusted
bool isTrusted() const
Test if the key is trusted.
QCA::CertificateCollection::append
void append(const CertificateCollection &other)
Add another CertificateCollection to this collection.
QCA::CRL::isNull
bool isNull() const
Test if the CRL is empty.
QCA::Certificate::crlLocations
QStringList crlLocations() const
List of URI locations for CRL files.
QCA::KeyBundle::setCertificateChainAndKey
void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key)
Set the public certificate and private key.
QCA::CRLContext
X.509 certificate revocation list provider.
Definition: qcaprovider.h:1513
QCA::CRLEntry::operator!=
bool operator!=(const CRLEntry &other) const
Inequality operator.
Definition: qca_cert.h:1705
QCA::CertificateOptions::ocspLocations
QStringList ocspLocations() const
list of URI locations for OCSP services
QCA::CRLSign
@ CRLSign
Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign"
Definition: qca_cert.h:325
QCA::UsageCodeSigning
@ UsageCodeSigning
code signing certificate
Definition: qca_cert.h:487
QCA::CRL::CRL
CRL(const CRL &from)
Standard copy constructor.
QCA::CRLEntry::CertificateHold
@ CertificateHold
certificate is on hold
Definition: qca_cert.h:1614
QCA::ConstraintType::operator<
bool operator<(const ConstraintType &other) const
Comparison operator.
QCA::Certificate::operator!=
bool operator!=(const Certificate &other) const
Inequality operator.
Definition: qca_cert.h:1176
QCA::CRL::thisUpdate
QDateTime thisUpdate() const
the time that this CRL became (or becomes) valid
QCA::KeyBundle::setName
void setName(const QString &s)
Specify the name of this bundle.
QCA::CertificateChain::primary
const Certificate & primary() const
Return the primary (end-user) Certificate.
Definition: qca_cert.h:1249
QCA::CRL::operator==
bool operator==(const CRL &a) const
Test for equality of two Certificate Revocation Lists.
QCA::CertificateInfoPair::CertificateInfoPair
CertificateInfoPair(const CertificateInfoType &type, const QString &value)
Construct a new pair.
QCA::ConstraintType::known
ConstraintTypeKnown known() const
The type as part of the ConstraintTypeKnown enumerator.
QCA::ValidateFlags
ValidateFlags
The conditions to validate for a certificate.
Definition: qca_cert.h:517
QCA::CertificateInfoPair::type
CertificateInfoType type() const
The type of information stored in the pair.
QCA::ConvertResult
ConvertResult
Return value from a format conversion.
Definition: qca_publickey.h:119
QCA::Certificate::Certificate
Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider=QString())
Create a Certificate with specified options and a specified private key.
QCA::CRLEntry::Unspecified
@ Unspecified
reason is unknown
Definition: qca_cert.h:1608
QCA::CRL::toPEM
QString toPEM() const
Export the Certificate Revocation List (CRL) in PEM format.
QCA::ClientAuth
@ ClientAuth
Certificate can be used for client authentication (e.g.
Definition: qca_cert.h:332
QCA::KeyBundle::KeyBundle
KeyBundle()
Create an empty KeyBundle.
QCA::Certificate::Certificate
Certificate(const QString &fileName)
Create a Certificate from a PEM encoded file.
QCA::CertificateInfoPair::CertificateInfoPair
CertificateInfoPair(const CertificateInfoPair &from)
Standard copy constructor.
QCA::CertificateRequest::subjectInfo
CertificateInfo subjectInfo() const
Information on the subject of the certificate being requested.
qca_core.h
Header file for core QCA infrastructure.
QCA::CertificateOptions::setAsUser
void setAsUser()
set the certificate to be a user cert (this is the default)
QCA::CertificateInfoTypeKnown
CertificateInfoTypeKnown
Known types of information stored in certificates.
Definition: qca_cert.h:65
QCA::KeyBundle::KeyBundle
KeyBundle(const KeyBundle &from)
Standard copy constructor.
QCA::Certificate::issuerLocations
QStringList issuerLocations() const
List of URI locations for issuer certificate files.
QCA::Organization
@ Organization
An organisation (eg company), id = "2.5.4.10".
Definition: qca_cert.h:69
QCA::Certificate::isIssuerOf
bool isIssuerOf(const Certificate &other) const
Test if the Certificate has signed another Certificate object and is therefore the issuer.
QCA::Certificate::issuerKeyId
QByteArray issuerKeyId() const
The key identifier associated with the issuer.
QCA::CRL::issuerInfo
CertificateInfo issuerInfo() const
Information on the issuer of the CRL as a QMultiMap.
QCA::CertificateRequest::operator!=
bool operator!=(const CertificateRequest &other) const
Inequality operator.
Definition: qca_cert.h:1473
QCA::CRL::number
int number() const
The CRL serial number.
QCA::TimeStamping
@ TimeStamping
Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3....
Definition: qca_cert.h:344
QCA::CertificateCollection::operator+
CertificateCollection operator+(const CertificateCollection &other) const
Add another CertificateCollection to this collection.
QCA::CertificateOptions::setOCSPLocations
void setOCSPLocations(const QStringList &locations)
set the OCSP service locations of the certificate
QCA::URI
@ URI
Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".
Definition: qca_cert.h:77
QCA::KeyBundle::privateKey
PrivateKey privateKey() const
The private key part of this bundle.
QCA::Certificate::isSelfSigned
bool isSelfSigned() const
Test if the Certificate is self-signed.
QCA::CertificateRequest::constraints
Constraints constraints() const
The constraints that apply to this certificate request.
QCA::ErrorRevoked
@ ErrorRevoked
The certificate has been revoked.
Definition: qca_cert.h:505
QCA::ConstraintType
Certificate constraint.
Definition: qca_cert.h:364
QCA::CertificateOptions::notValidAfter
QDateTime notValidAfter() const
the last time the certificate is valid
QCA::ConstraintType::operator=
ConstraintType & operator=(const ConstraintType &from)
Standard assignment operator.
QCA::ConstraintType::ConstraintType
ConstraintType(const ConstraintType &from)
Standard copy constructor.
QCA::IPSecUser
@ IPSecUser
Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7".
Definition: qca_cert.h:342
QCA::CRL::fromPEMFile
static CRL fromPEMFile(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
Import a PEM encoded Certificate Revocation List (CRL) from a file.
QCA::CertificateInfoType::id
QString id() const
The type as an identifier string.
QCA::PGPKey::toArray
QByteArray toArray() const
Export the key to an array.
QCA::CertificateOptions
Certificate options
Definition: qca_cert.h:610
QCA::KeyLoader::convertResult
ConvertResult convertResult() const
The result of the loading process.
QCA::ErrorValidityUnknown
@ ErrorValidityUnknown
Validity is unknown.
Definition: qca_cert.h:510
QCA::KeyBundle::toFile
bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider=QString()) const
QCA::CertificateOptions::setConstraints
void setConstraints(const Constraints &constraints)
set the constraints on the certificate
QCA::UsageTLSClient
@ UsageTLSClient
client side of a TLS or SSL connection
Definition: qca_cert.h:486
QCA::ConstraintType::KeyUsage
@ KeyUsage
Stored in the key usage section.
Definition: qca_cert.h:371
QCA::KeyBundle::name
QString name() const
The name associated with this key.
QCA::KeyBundle::certificateChain
CertificateChain certificateChain() const
The public certificate part of this bundle.
QCA::CertificateRequest::isCA
bool isCA() const
Test if this Certificate Request is for a Certificate Authority certificate.
QCA::CRL::nextUpdate
QDateTime nextUpdate() const
the time that this CRL will be obsoleted
QCA::CRLEntry::operator==
bool operator==(const CRLEntry &a) const
Test for equality of two CRL Entries.
QCA::KeyLoader::finished
void finished()
Signal that is emitted when the load process has completed.
QCA::Certificate::issuerInfoOrdered
CertificateInfoOrdered issuerInfoOrdered() const
Properties of the issuer of the certificate, as an ordered list (QList of CertificateInfoPair).
QCA::KeyBundle::KeyBundle
KeyBundle(const QString &fileName, const SecureArray &passphrase=SecureArray())
Create a KeyBundle from a PKCS12 (.p12) encoded file.
QCA::Locality
@ Locality
The locality (eg city, a shire, or part of a state), id = "2.5.4.7".
Definition: qca_cert.h:71
QCA::PGPKey::isSecret
bool isSecret() const
Test if the PGP key is the secret key.
QCA::Certificate::serialNumber
BigInteger serialNumber() const
The serial number of the certificate.
QCA::PGPKey::keyId
QString keyId() const
The Key identification for the PGP key.
QCA::CertificateOptions::constraints
Constraints constraints() const
List the constraints on this certificate.
QCA::CRLEntry
Part of a CRL representing a single certificate.
Definition: qca_cert.h:1601
QCA::CertificateRequest::format
CertificateRequestFormat format() const
the format that this Certificate request is in
QCA::CertificateCollection::fromPKCS7File
static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result=nullptr, const QString &provider=QString())
import a CertificateCollection from a PKCS#7 file
QCA::PGPKey
Pretty Good Privacy key.
Definition: qca_cert.h:2407
QCA::CRL::operator=
CRL & operator=(const CRL &from)
Standard assignment operator.
QCA::CertificateAuthority::certificate
Certificate certificate() const
The Certificate belonging to the CertificateAuthority.
QCA::CertificateAuthority::operator=
CertificateAuthority & operator=(const CertificateAuthority &from)
Standard assignment operator.
QCA::NonRepudiation
@ NonRepudiation
Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
Definition: qca_cert.h:320
QCA::Certificate::operator=
Certificate & operator=(const Certificate &from)
Standard assignment operator.
QCA::ConstraintType::operator!=
bool operator!=(const ConstraintType &other) const
Inequality operator.
Definition: qca_cert.h:469
QCA::CRL::signatureAlgorithm
SignatureAlgorithm signatureAlgorithm() const
The signature algorithm used for the signature on this CRL.
qca_publickey.h
Header file for PublicKey and PrivateKey related classes.
QCA::Certificate::Certificate
Certificate(const Certificate &from)
Standard copy constructor.
QCA::CertificateAuthority::signRequest
Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const
Create a new Certificate by signing the provider CertificateRequest.
QCA::XMPP
@ XMPP
XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5".
Definition: qca_cert.h:80
QCA::CertificateAuthority::updateCRL
CRL updateCRL(const CRL &crl, const QList< CRLEntry > &entries, const QDateTime &nextUpdate) const
Update the CRL to include new entries.
QCA::CertificateOptions::setInfo
void setInfo(const CertificateInfo &info)
Specify information for the subject associated with the certificate.
QCA::KeyLoader
Asynchronous private key loader.
Definition: qca_cert.h:2613
QCA::CertificateOptions::infoOrdered
CertificateInfoOrdered infoOrdered() const
Information on the subject of the certificate, in the exact order the items will be written.
QCA::PublicKey
Generic public key.
Definition: qca_publickey.h:529
QCA::CRLEntry::operator<
bool operator<(const CRLEntry &a) const
Test if one CRL entry is "less than" another.
QCA::Certificate::subjectPublicKey
PublicKey subjectPublicKey() const
The public key associated with the subject of the certificate.
QCA::Validity
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:497
QCA::CertificateRequest::CertificateRequest
CertificateRequest()
Create an empty certificate request.
QCA::KeyLoader::loadPrivateKeyFromPEMFile
void loadPrivateKeyFromPEMFile(const QString &fileName)
Initiate an asynchronous loading of a PrivateKey from a PEM format file.
QCA::EncipherOnly
@ EncipherOnly
Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
Definition: qca_cert.h:326
QCA::PGPKey::PGPKey
PGPKey(const QString &fileName)
Create a PGP key from an encoded file.
QCA::CertificateOptions::setInfoOrdered
void setInfoOrdered(const CertificateInfoOrdered &info)
Specify information for the subject associated with the certificate.
QCA::SPKAC
@ SPKAC
Signed Public Key and Challenge (Netscape) format.
Definition: qca_cert.h:56
QCA::CertificateCollection::CertificateCollection
CertificateCollection()
Create an empty Certificate / CRL collection.
QCA::CertificateCollection::addCertificate
void addCertificate(const Certificate &cert)
Append a Certificate to this collection.
QCA::ErrorUntrusted
@ ErrorUntrusted
The certificate is not trusted.
Definition: qca_cert.h:500
QCA::ErrorSignatureFailed
@ ErrorSignatureFailed
The signature does not match.
Definition: qca_cert.h:501
QCA::CertificateOptions::setChallenge
void setChallenge(const QString &s)
Specify the challenge associated with this certificate.
QCA::CertificateOptions::serialNumber
BigInteger serialNumber() const
The serial number for the certificate.
QCA::CertificateRequest::signatureAlgorithm
SignatureAlgorithm signatureAlgorithm() const
The algorithm used to make the signature on this certificate request.
QCA::ConstraintType::section
Section section() const
The section the constraint is part of.
QCA::CertificateOptions::setSerialNumber
void setSerialNumber(const BigInteger &i)
Set the serial number property on this certificate.
QCA::Certificate::subjectInfo
CertificateInfo subjectInfo() const
QCA::Certificate::notValidBefore
QDateTime notValidBefore() const
The earliest date that the certificate is valid.
QCA::CertificateInfoOrdered::toString
QString toString() const
Convert to RFC 1779 string format.
Definition: qca_cert.h:577
QCA::PKCS10
@ PKCS10
standard PKCS#10 format
Definition: qca_cert.h:55
QCA::CertificateChain::CertificateChain
CertificateChain(const Certificate &primary)
Create a certificate chain, starting at the specified certificate.
Definition: qca_cert.h:1241
QCA::CertificateInfoType::section
Section section() const
The section the type is part of.
QCA::DecipherOnly
@ DecipherOnly
Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
Definition: qca_cert.h:327
QCA::CertificateInfoType::CertificateInfoType
CertificateInfoType()
Standard constructor.
QCA::KeyEncipherment
@ KeyEncipherment
Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"
Definition: qca_cert.h:321
QCA::Certificate::notValidAfter
QDateTime notValidAfter() const
The latest date that the certificate is valid.
QCA::CRL::fromPEM
static CRL fromPEM(const QString &s, ConvertResult *result=nullptr, const QString &provider=QString())
Import a PEM encoded Certificate Revocation List (CRL)
QCA::CRLEntry::Superseded
@ Superseded
certificate has been superseded
Definition: qca_cert.h:1612
QCA::CRL::fromDER
static CRL fromDER(const QByteArray &a, ConvertResult *result=nullptr, const QString &provider=QString())
Import a DER encoded Certificate Revocation List (CRL)
QCA::Certificate::Certificate
Certificate()
Create an empty Certificate.
QCA::ConstraintType::ConstraintType
ConstraintType(ConstraintTypeKnown known)
Construct a new constraint.
QCA::CRLEntry::Reason
Reason
The reason why the certificate has been revoked.
Definition: qca_cert.h:1607
QCA::CertificateOptions::setIssuerLocations
void setIssuerLocations(const QStringList &locations)
set the issuer certificate locations of the certificate
Generated by doxygen 1.8.20