00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00033 #ifndef QCA_CERT_H
00034 #define QCA_CERT_H
00035
00036 #include <QMap>
00037 #include <QDateTime>
00038 #include "qca_core.h"
00039 #include "qca_publickey.h"
00040
00041 namespace QCA {
00042
00043 class CertContext;
00044 class CSRContext;
00045 class CRLContext;
00046 class Certificate;
00047 class CRL;
00048 class CertificateCollection;
00049 class CertificateChain;
00050
00051
00055 enum CertificateRequestFormat
00056 {
00057 PKCS10,
00058 SPKAC
00059 };
00060
00066 enum CertificateInfoTypeKnown
00067 {
00068 CommonName,
00069 Email,
00070 EmailLegacy,
00071 Organization,
00072 OrganizationalUnit,
00073 Locality,
00074 IncorporationLocality,
00075 State,
00076 IncorporationState,
00077 Country,
00078 IncorporationCountry,
00079 URI,
00080 DNS,
00081 IPAddress,
00082 XMPP
00083 };
00084
00121 class QCA_EXPORT CertificateInfoType
00122 {
00123 public:
00127 enum Section
00128 {
00129 DN,
00130 AlternativeName
00131 };
00132
00136 CertificateInfoType();
00137
00146 CertificateInfoType(CertificateInfoTypeKnown known);
00147
00156 CertificateInfoType(const QString &id, Section section);
00157
00163 CertificateInfoType(const CertificateInfoType &from);
00164
00165 ~CertificateInfoType();
00166
00172 CertificateInfoType & operator=(const CertificateInfoType &from);
00173
00177 Section section() const;
00178
00186 CertificateInfoTypeKnown known() const;
00187
00206 QString id() const;
00207
00214 bool operator<(const CertificateInfoType &other) const;
00215
00222 bool operator==(const CertificateInfoType &other) const;
00223
00230 inline bool operator!=(const CertificateInfoType &other) const
00231 {
00232 return !(*this == other);
00233 }
00234
00235 private:
00236 class Private;
00237 QSharedDataPointer<Private> d;
00238 };
00239
00247 class QCA_EXPORT CertificateInfoPair
00248 {
00249 public:
00253 CertificateInfoPair();
00254
00261 CertificateInfoPair(const CertificateInfoType &type, const QString &value);
00262
00268 CertificateInfoPair(const CertificateInfoPair &from);
00269
00270 ~CertificateInfoPair();
00271
00277 CertificateInfoPair & operator=(const CertificateInfoPair &from);
00278
00282 CertificateInfoType type() const;
00283
00287 QString value() const;
00288
00295 bool operator==(const CertificateInfoPair &other) const;
00296
00303 inline bool operator!=(const CertificateInfoPair &other) const
00304 {
00305 return !(*this == other);
00306 }
00307
00308 private:
00309 class Private;
00310 QSharedDataPointer<Private> d;
00311 };
00312
00313
00319 enum ConstraintTypeKnown
00320 {
00321
00322 DigitalSignature,
00323 NonRepudiation,
00324 KeyEncipherment,
00325 DataEncipherment,
00326 KeyAgreement,
00327 KeyCertificateSign,
00328 CRLSign,
00329 EncipherOnly,
00330 DecipherOnly,
00331
00332
00333 ServerAuth,
00334 ClientAuth,
00335 CodeSigning,
00336 EmailProtection,
00337 IPSecEndSystem,
00338 IPSecTunnel,
00339 IPSecUser,
00340 TimeStamping,
00341 OCSPSigning
00342 };
00343
00357 class QCA_EXPORT ConstraintType
00358 {
00359 public:
00363 enum Section
00364 {
00365 KeyUsage,
00366 ExtendedKeyUsage
00367 };
00368
00372 ConstraintType();
00373
00382 ConstraintType(ConstraintTypeKnown known);
00383
00392 ConstraintType(const QString &id, Section section);
00393
00399 ConstraintType(const ConstraintType &from);
00400
00401 ~ConstraintType();
00402
00408 ConstraintType & operator=(const ConstraintType &from);
00409
00413 Section section() const;
00414
00422 ConstraintTypeKnown known() const;
00423
00442 QString id() const;
00443
00449 bool operator<(const ConstraintType &other) const;
00450
00456 bool operator==(const ConstraintType &other) const;
00457
00463 inline bool operator!=(const ConstraintType &other) const
00464 {
00465 return !(*this == other);
00466 }
00467
00468 private:
00469 class Private;
00470 QSharedDataPointer<Private> d;
00471 };
00472
00476 enum UsageMode
00477 {
00478 UsageAny = 0x00,
00479 UsageTLSServer = 0x01,
00480 UsageTLSClient = 0x02,
00481 UsageCodeSigning = 0x04,
00482 UsageEmailProtection = 0x08,
00483 UsageTimeStamping = 0x10,
00484 UsageCRLSigning = 0x20
00485 };
00486
00490 enum Validity
00491 {
00492 ValidityGood,
00493 ErrorRejected,
00494 ErrorUntrusted,
00495 ErrorSignatureFailed,
00496 ErrorInvalidCA,
00497 ErrorInvalidPurpose,
00498 ErrorSelfSigned,
00499 ErrorRevoked,
00500 ErrorPathLengthExceeded,
00501 ErrorExpired,
00502 ErrorExpiredCA,
00503 ErrorValidityUnknown = 64
00504 };
00505
00509 enum ValidateFlags
00510 {
00511 ValidateAll = 0x00,
00512 ValidateRevoked = 0x01,
00513 ValidateExpired = 0x02,
00514 ValidatePolicy = 0x04
00515 };
00516
00528 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
00529
00540 class CertificateInfoOrdered : public QList<CertificateInfoPair>
00541 {
00542 public:
00546 inline QString toString() const;
00547
00552 inline CertificateInfoOrdered dnOnly() const;
00553 };
00554
00560 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
00561
00568 QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in);
00569
00570 inline QString CertificateInfoOrdered::toString() const
00571 {
00572 return orderedToDNString(*this);
00573 }
00574
00575 inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const
00576 {
00577 return orderedDNOnly(*this);
00578 }
00579
00583 typedef QList<ConstraintType> Constraints;
00584
00591 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
00592
00602 class QCA_EXPORT CertificateOptions
00603 {
00604 public:
00610 CertificateOptions(CertificateRequestFormat format = PKCS10);
00611
00617 CertificateOptions(const CertificateOptions &from);
00618 ~CertificateOptions();
00619
00625 CertificateOptions & operator=(const CertificateOptions &from);
00626
00630 CertificateRequestFormat format() const;
00631
00637 void setFormat(CertificateRequestFormat f);
00638
00644 bool isValid() const;
00645
00653 QString challenge() const;
00654
00660 CertificateInfo info() const;
00661
00668 CertificateInfoOrdered infoOrdered() const;
00669
00673 Constraints constraints() const;
00674
00678 QStringList policies() const;
00679
00687 QStringList crlLocations() const;
00688
00696 QStringList issuerLocations() const;
00697
00703 QStringList ocspLocations() const;
00704
00711 bool isCA() const;
00712
00716 int pathLimit() const;
00717
00723 BigInteger serialNumber() const;
00724
00730 QDateTime notValidBefore() const;
00731
00737 QDateTime notValidAfter() const;
00738
00747 void setChallenge(const QString &s);
00748
00757 void setInfo(const CertificateInfo &info);
00758
00767 void setInfoOrdered(const CertificateInfoOrdered &info);
00768
00774 void setConstraints(const Constraints &constraints);
00775
00781 void setPolicies(const QStringList &policies);
00782
00790 void setCRLLocations(const QStringList &locations);
00791
00799 void setIssuerLocations(const QStringList &locations);
00800
00806 void setOCSPLocations(const QStringList &locations);
00807
00813 void setAsCA(int pathLimit = 8);
00814
00818 void setAsUser();
00819
00825 void setSerialNumber(const BigInteger &i);
00826
00833 void setValidityPeriod(const QDateTime &start, const QDateTime &end);
00834
00835 private:
00836 class Private;
00837 Private *d;
00838 };
00839
00849 class QCA_EXPORT Certificate : public Algorithm
00850 {
00851 public:
00855 Certificate();
00856
00863 Certificate(const QString &fileName);
00864
00874 Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
00875
00881 Certificate(const Certificate &from);
00882
00883 ~Certificate();
00884
00890 Certificate & operator=(const Certificate &from);
00891
00896 bool isNull() const;
00897
00901 QDateTime notValidBefore() const;
00902
00906 QDateTime notValidAfter() const;
00907
00925 CertificateInfo subjectInfo() const;
00926
00946 CertificateInfoOrdered subjectInfoOrdered() const;
00947
00953 CertificateInfo issuerInfo() const;
00954
00967 CertificateInfoOrdered issuerInfoOrdered() const;
00968
00972 Constraints constraints() const;
00973
00979 QStringList policies() const;
00980
00986 QStringList crlLocations() const;
00987
00993 QStringList issuerLocations() const;
00994
00998 QStringList ocspLocations() const;
00999
01006 QString commonName() const;
01007
01011 BigInteger serialNumber() const;
01012
01016 PublicKey subjectPublicKey() const;
01017
01023 bool isCA() const;
01024
01030 bool isSelfSigned() const;
01031
01040 bool isIssuerOf(const Certificate &other) const;
01041
01046 int pathLimit() const;
01047
01051 SignatureAlgorithm signatureAlgorithm() const;
01052
01056 QByteArray subjectKeyId() const;
01057
01061 QByteArray issuerKeyId() const;
01062
01074 Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
01075
01079 QByteArray toDER() const;
01080
01084 QString toPEM() const;
01085
01091 bool toPEMFile(const QString &fileName) const;
01092
01105 static Certificate fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01106
01119 static Certificate fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01120
01134 static Certificate fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01135
01148 bool matchesHostName(const QString &host) const;
01149
01157 bool operator==(const Certificate &a) const;
01158
01164 inline bool operator!=(const Certificate &other) const
01165 {
01166 return !(*this == other);
01167 }
01168
01174 void change(CertContext *c);
01175
01176 private:
01177 class Private;
01178 friend class Private;
01179 QSharedDataPointer<Private> d;
01180
01181 friend class CertificateChain;
01182 Validity chain_validate(const CertificateChain &chain, const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const;
01183 CertificateChain chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
01184 };
01185
01208 class CertificateChain : public QList<Certificate>
01209 {
01210 public:
01214 inline CertificateChain() {}
01215
01222 inline CertificateChain(const Certificate &primary) { append(primary); }
01223
01227 inline const Certificate & primary() const { return first(); }
01228
01242 inline Validity validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls = QList<CRL>(), UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
01243
01267 inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(), Validity *result = 0) const;
01268 };
01269
01270 inline Validity CertificateChain::validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const
01271 {
01272 if(isEmpty())
01273 return ErrorValidityUnknown;
01274 return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
01275 }
01276
01277 inline CertificateChain CertificateChain::complete(const QList<Certificate> &issuers, Validity *result) const
01278 {
01279 if(isEmpty())
01280 return CertificateChain();
01281 return first().chain_complete(*this, issuers, result);
01282 }
01283
01293 class QCA_EXPORT CertificateRequest : public Algorithm
01294 {
01295 public:
01299 CertificateRequest();
01300
01307 CertificateRequest(const QString &fileName);
01308
01318 CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
01319
01325 CertificateRequest(const CertificateRequest &from);
01326
01327 ~CertificateRequest();
01328
01334 CertificateRequest & operator=(const CertificateRequest &from);
01335
01341 bool isNull() const;
01342
01353 static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
01354
01358 CertificateRequestFormat format() const;
01359
01368 CertificateInfo subjectInfo() const;
01369
01380 CertificateInfoOrdered subjectInfoOrdered() const;
01381
01387 Constraints constraints() const;
01388
01394 QStringList policies() const;
01395
01399 PublicKey subjectPublicKey() const;
01400
01407 bool isCA() const;
01408
01414 int pathLimit() const;
01415
01419 QString challenge() const;
01420
01425 SignatureAlgorithm signatureAlgorithm() const;
01426
01434 bool operator==(const CertificateRequest &csr) const;
01435
01441 inline bool operator!=(const CertificateRequest &other) const
01442 {
01443 return !(*this == other);
01444 }
01445
01451 QByteArray toDER() const;
01452
01458 QString toPEM() const;
01459
01467 bool toPEMFile(const QString &fileName) const;
01468
01483 static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01484
01500 static CertificateRequest fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01501
01517 static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01518
01526 QString toString() const;
01527
01542 static CertificateRequest fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01543
01549 void change(CSRContext *c);
01550
01551 private:
01552 class Private;
01553 friend class Private;
01554 QSharedDataPointer<Private> d;
01555 };
01556
01564 class QCA_EXPORT CRLEntry
01565 {
01566 public:
01570 enum Reason
01571 {
01572 Unspecified,
01573 KeyCompromise,
01574 CACompromise,
01575 AffiliationChanged,
01576 Superseded,
01577 CessationOfOperation,
01578 CertificateHold,
01579 RemoveFromCRL,
01580 PrivilegeWithdrawn,
01581 AACompromise
01582 };
01583
01587 CRLEntry();
01588
01595 explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
01596
01605 CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
01606
01612 CRLEntry(const CRLEntry &from);
01613
01614 ~CRLEntry();
01615
01621 CRLEntry & operator=(const CRLEntry &from);
01622
01626 BigInteger serialNumber() const;
01627
01631 QDateTime time() const;
01632
01636 bool isNull() const;
01637
01644 Reason reason() const;
01645
01653 bool operator<(const CRLEntry &a) const;
01654
01662 bool operator==(const CRLEntry &a) const;
01663
01669 inline bool operator!=(const CRLEntry &other) const
01670 {
01671 return !(*this == other);
01672 }
01673
01674 private:
01675 BigInteger _serial;
01676 QDateTime _time;
01677 Reason _reason;
01678
01679 class Private;
01680 Private *d;
01681 };
01682
01703 class QCA_EXPORT CRL : public Algorithm
01704 {
01705 public:
01706 CRL();
01707
01713 CRL(const CRL &from);
01714
01715 ~CRL();
01716
01722 CRL & operator=(const CRL &from);
01723
01729 bool isNull() const;
01730
01737 CertificateInfo issuerInfo() const;
01738
01747 CertificateInfoOrdered issuerInfoOrdered() const;
01748
01755 int number() const;
01756
01760 QDateTime thisUpdate() const;
01761
01767 QDateTime nextUpdate() const;
01768
01772 QList<CRLEntry> revoked() const;
01773
01777 SignatureAlgorithm signatureAlgorithm() const;
01778
01782 QByteArray issuerKeyId() const;
01783
01791 bool operator==(const CRL &a) const;
01792
01798 inline bool operator!=(const CRL &other) const
01799 {
01800 return !(*this == other);
01801 }
01802
01808 QByteArray toDER() const;
01809
01815 QString toPEM() const;
01816
01823 bool toPEMFile(const QString &fileName) const;
01824
01836 static CRL fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01837
01849 static CRL fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01850
01863 static CRL fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01864
01870 void change(CRLContext *c);
01871
01872 private:
01873 class Private;
01874 friend class Private;
01875 QSharedDataPointer<Private> d;
01876 };
01877
01891 class QCA_EXPORT CertificateCollection
01892 {
01893 public:
01897 CertificateCollection();
01898
01904 CertificateCollection(const CertificateCollection &from);
01905
01906 ~CertificateCollection();
01907
01913 CertificateCollection & operator=(const CertificateCollection &from);
01914
01920 void addCertificate(const Certificate &cert);
01921
01928 void addCRL(const CRL &crl);
01929
01933 QList<Certificate> certificates() const;
01934
01938 QList<CRL> crls() const;
01939
01945 void append(const CertificateCollection &other);
01946
01952 CertificateCollection operator+(const CertificateCollection &other) const;
01953
01959 CertificateCollection & operator+=(const CertificateCollection &other);
01960
01971 static bool canUsePKCS7(const QString &provider = QString());
01972
01981 bool toFlatTextFile(const QString &fileName);
01982
01993 bool toPKCS7File(const QString &fileName, const QString &provider = QString());
01994
02008 static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02009
02023 static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02024
02025 private:
02026 class Private;
02027 QSharedDataPointer<Private> d;
02028 };
02029
02038 class QCA_EXPORT CertificateAuthority : public Algorithm
02039 {
02040 public:
02049 CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
02050
02056 CertificateAuthority(const CertificateAuthority &from);
02057
02058 ~CertificateAuthority();
02059
02065 CertificateAuthority & operator=(const CertificateAuthority &from);
02066
02073 Certificate certificate() const;
02074
02082 Certificate signRequest(const CertificateRequest &req, const QDateTime ¬ValidAfter) const;
02083
02090 Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
02091
02099 CRL createCRL(const QDateTime &nextUpdate) const;
02100
02110 CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
02111
02112 private:
02113 class Private;
02114 Private *d;
02115 };
02116
02136 class QCA_EXPORT KeyBundle
02137 {
02138 public:
02142 KeyBundle();
02143
02161 explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
02162
02168 KeyBundle(const KeyBundle &from);
02169
02170 ~KeyBundle();
02171
02177 KeyBundle & operator=(const KeyBundle &from);
02178
02182 bool isNull() const;
02183
02193 QString name() const;
02194
02200 CertificateChain certificateChain() const;
02201
02207 PrivateKey privateKey() const;
02208
02214 void setName(const QString &s);
02215
02225 void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
02226
02250 QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
02251
02276 bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
02277
02308 static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
02309
02340 static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
02341
02342 private:
02343 class Private;
02344 QSharedDataPointer<Private> d;
02345 };
02346
02361 class QCA_EXPORT PGPKey : public Algorithm
02362 {
02363 public:
02367 PGPKey();
02368
02378 PGPKey(const QString &fileName);
02379
02385 PGPKey(const PGPKey &from);
02386
02387 ~PGPKey();
02388
02394 PGPKey & operator=(const PGPKey &from);
02395
02401 bool isNull() const;
02402
02406 QString keyId() const;
02407
02411 QString primaryUserId() const;
02412
02416 QStringList userIds() const;
02417
02423 bool isSecret() const;
02424
02428 QDateTime creationDate() const;
02429
02433 QDateTime expirationDate() const;
02434
02441 QString fingerprint() const;
02442
02451 bool inKeyring() const;
02452
02458 bool isTrusted() const;
02459
02469 QByteArray toArray() const;
02470
02479 QString toString() const;
02480
02486 bool toFile(const QString &fileName) const;
02487
02497 static PGPKey fromArray(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
02498
02508 static PGPKey fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
02509
02520 static PGPKey fromFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02521
02522 private:
02523 class Private;
02524 Private *d;
02525 };
02526
02566 class QCA_EXPORT KeyLoader : public QObject
02567 {
02568 Q_OBJECT
02569 public:
02575 KeyLoader(QObject *parent = 0);
02576 ~KeyLoader();
02577
02587 void loadPrivateKeyFromPEMFile(const QString &fileName);
02588
02597 void loadPrivateKeyFromPEM(const QString &s);
02598
02607 void loadPrivateKeyFromDER(const SecureArray &a);
02608
02617 void loadKeyBundleFromFile(const QString &fileName);
02618
02626 void loadKeyBundleFromArray(const QByteArray &a);
02627
02633 ConvertResult convertResult() const;
02634
02644 PrivateKey privateKey() const;
02645
02654 KeyBundle keyBundle() const;
02655
02656 Q_SIGNALS:
02664 void finished();
02665
02666 private:
02667 Q_DISABLE_COPY(KeyLoader)
02668
02669 class Private;
02670 friend class Private;
02671 Private *d;
02672 };
02673
02674 }
02675
02676 #endif