1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
|
/************************************************************************
* This file has been generated automatically from *
* *
* src/core/auth/qgsauthcertutils.h *
* *
* Do not edit manually ! Edit header and run scripts/sipify.py again *
************************************************************************/
class QgsAuthCertUtils
{
%Docstring(signature="appended")
Utilities for working with certificates and keys
%End
%TypeHeaderCode
#include "qgsauthcertutils.h"
%End
public:
enum CaCertSource /BaseType=IntEnum/
{
SystemRoot,
FromFile,
InDatabase,
Connection
};
enum CertTrustPolicy /BaseType=IntEnum/
{
DefaultTrust,
Trusted,
Untrusted,
NoPolicy
};
enum CertUsageType /BaseType=IntEnum/
{
UndeterminedUsage,
AnyOrUnspecifiedUsage,
CertAuthorityUsage,
CertIssuerUsage,
TlsServerUsage,
TlsServerEvUsage,
TlsClientUsage,
CodeSigningUsage,
EmailProtectionUsage,
TimeStampingUsage,
CRLSigningUsage
};
enum ConstraintGroup /BaseType=IntEnum/
{
KeyUsage,
ExtendedKeyUsage
};
static QString getSslProtocolName( QSsl::SslProtocol protocol );
%Docstring
SSL Protocol name strings per enum
%End
static QMap<QString, QSslCertificate> mapDigestToCerts( const QList<QSslCertificate> &certs );
%Docstring
Map certificate sha1 to certificate as simple cache
%End
static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( const QList<QgsAuthConfigSslServer> &configs );
%Docstring
Map SSL custom configs' certificate sha1 to custom config as simple
cache
%End
static QByteArray fileData( const QString &path );
%Docstring
Returns data from a local file via a read-only operation
:param path: Path to file to read
:return: All data contained in file or empty contents if file does not
exist
%End
static QList<QSslCertificate> certsFromFile( const QString &certspath );
%Docstring
Returns a list of concatenated certs from a PEM or DER formatted file
%End
static QList<QSslCertificate> casFromFile( const QString &certspath );
%Docstring
Returns a list of concatenated CAs from a PEM or DER formatted file
%End
static QSslCertificate certFromFile( const QString &certpath );
%Docstring
Returns the first cert from a PEM or DER formatted file
%End
static QList<QSslCertificate> casMerge( const QList<QSslCertificate> &bundle1,
const QList<QSslCertificate> &bundle2 );
%Docstring
casMerge merges two certificate bundles in a single one removing
duplicates, the certificates from the ``bundle2`` are appended to
``bundle1`` if not already there
:param bundle1: first bundle
:param bundle2: second bundle
:return: a list of unique certificates
%End
static QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(),
QString *algtype = 0 );
%Docstring
Returns non-encrypted key from a PEM or DER formatted file
:param keypath: File path to private key
:param keypass: Passphrase for private key
:param algtype: QString to set with resolved algorithm type
%End
static QList<QSslCertificate> certsFromString( const QString &pemtext );
%Docstring
Returns a list of concatenated certs from a PEM Base64 text block
%End
static QList<QSslCertificate> casRemoveSelfSigned( const QList<QSslCertificate> &caList );
%Docstring
casRemoveSelfSigned remove self-signed CA certificates from ``caList``
:param caList: list of CA certificates
:return: a list of non self-signed certificates
%End
static QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass = QString(),
bool reencrypt = true );
%Docstring
Returns list of certificate, private key and algorithm (as PEM text)
from file path components
:param certpath: File path to certificate
:param keypath: File path to private key
:param keypass: Passphrase for private key
:param reencrypt: Whether to re-encrypt the private key with the
passphrase
:return: certificate, private key, key's algorithm type
%End
static bool pemIsPkcs8( const QString &keyPemTxt );
%Docstring
Determine if the PEM-encoded text of a key is PKCS#8 format
:param keyPemTxt: PEM-encoded text
:return: ``True`` if PKCS#8, otherwise ``False``
%End
static QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(),
bool reencrypt = true );
%Docstring
Returns list of certificate, private key and algorithm (as PEM text) for
a PKCS#12 bundle
:param bundlepath: File path to the PKCS bundle
:param bundlepass: Passphrase for bundle
:param reencrypt: Whether to re-encrypt the private key with the
passphrase
:return: certificate, private key, key's algorithm type
%End
static QList<QSslCertificate> pkcs12BundleCas( const QString &bundlepath,
const QString &bundlepass = QString() );
%Docstring
Returns list of CA certificates (as QSslCertificate) for a PKCS#12
bundle
:param bundlepath: File path to the PKCS bundle
:param bundlepass: Passphrase for bundle
:return: list of certificate
%End
static QByteArray certsToPemText( const QList<QSslCertificate> &certs );
%Docstring
certsToPemText dump a list of QSslCertificates to PEM text
:param certs: list of certs
:return: a byte array of concatenated certificates as PEM text
%End
static QString pemTextToTempFile( const QString &name, const QByteArray &pemtext );
%Docstring
Write a temporary file for a PEM text of cert/key/CAs bundle component
:param pemtext: Component content as PEM text
:param name: Name of file
:return: File path to temporary file
%End
static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single = false );
%Docstring
Gets the general name for CA source enum type
:param source: The enum source type for the CA
:param single: Whether to return singular or plural description
%End
static QString resolvedCertName( const QSslCertificate &cert, bool issuer = false );
%Docstring
Gets the general name via RFC 5280 resolution
%End
static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
%Docstring
Gets the general name for certificate trust
%End
static QString getColonDelimited( const QString &txt );
%Docstring
Gets string with colon delimiters every 2 characters
%End
static QString shaHexForCert( const QSslCertificate &cert, bool formatted = false );
%Docstring
Gets the sha1 hash for certificate
:param cert: Qt SSL certificate to generate hash from
:param formatted: Whether to colon-delimit the hash
%End
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate &cert );
%Docstring
Try to determine the certificates usage types
%End
static bool certificateIsAuthority( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is an Authority
%End
static bool certificateIsIssuer( const QSslCertificate &cert );
%Docstring
Gets whether a certificate can sign other certificates
%End
static bool certificateIsAuthorityOrIssuer( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is an Authority or can at least sign other
certificates
%End
static bool certificateIsSslServer( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is probably used for a SSL server
%End
static bool certificateIsSslClient( const QSslCertificate &cert );
%Docstring
Gets whether a certificate is probably used for a client identity
%End
static QString sslErrorEnumString( QSslError::SslError errenum );
%Docstring
Gets short strings describing an SSL error
%End
static bool certIsCurrent( const QSslCertificate &cert );
%Docstring
certIsCurrent checks if ``cert`` is viable for its not before and not
after dates
:param cert: certificate to be checked
%End
static QList<QSslError> certViabilityErrors( const QSslCertificate &cert );
%Docstring
certViabilityErrors checks basic characteristics (validity dates,
blocklisting, etc.) of given ``cert``
:param cert: certificate to be checked
:return: list of QSslError (will return NO ERRORS if a null
QSslCertificate is passed)
%End
static bool certIsViable( const QSslCertificate &cert );
%Docstring
certIsViable checks for viability errors of ``cert`` and whether it is
NULL
:param cert: certificate to be checked
:return: ``False`` if cert is NULL or has viability errors
%End
static QList<QSslError> validateCertChain( const QList<QSslCertificate> &certificateChain,
const QString &hostName = QString(),
bool trustRootCa = false );
%Docstring
validateCertChain validates the given ``certificateChain``
:param certificateChain: list of certificates to be checked, with leaf
first and with optional root CA last
:param hostName: (optional) name of the host to be verified
:param trustRootCa: if ``True`` the CA will be added to the trusted CAs
for this validation check
:return: list of QSslError, if the list is empty then the cert chain is
valid
%End
static QStringList validatePKIBundle( QgsPkiBundle &bundle, bool useIntermediates = true, bool trustRootCa = false );
%Docstring
validatePKIBundle validate the PKI bundle by checking the certificate
chain, the expiration and effective dates, optionally trusts the root CA
:param bundle:
:param useIntermediates: if ``True`` the intermediate certs are also
checked
:param trustRootCa: if ``True`` the CA will be added to the trusted CAs
for this validation check (if useIntermediates is
``False``) this option is ignored and set to
``False``
:return: a list of error strings, if the list is empty then the PKI
bundle is valid
%End
};
/************************************************************************
* This file has been generated automatically from *
* *
* src/core/auth/qgsauthcertutils.h *
* *
* Do not edit manually ! Edit header and run scripts/sipify.py again *
************************************************************************/
|
