00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00032 #ifndef QCA_CERT_H
00033 #define QCA_CERT_H
00034
00035 #include <QMap>
00036 #include <QDateTime>
00037 #include "qca_core.h"
00038 #include "qca_publickey.h"
00039
00040 namespace QCA {
00041
00042 class CertContext;
00043 class CSRContext;
00044 class CRLContext;
00045 class Certificate;
00046 class CRL;
00047 class CertificateCollection;
00048 class CertificateChain;
00049
00050
00054 enum CertificateRequestFormat
00055 {
00056 PKCS10,
00057 SPKAC
00058 };
00059
00065 enum CertificateInfoTypeKnown
00066 {
00067 CommonName,
00068 Email,
00069 EmailLegacy,
00070 Organization,
00071 OrganizationalUnit,
00072 Locality,
00073 IncorporationLocality,
00074 State,
00075 IncorporationState,
00076 Country,
00077 IncorporationCountry,
00078 URI,
00079 DNS,
00080 IPAddress,
00081 XMPP
00082 };
00083
00120 class QCA_EXPORT CertificateInfoType
00121 {
00122 public:
00126 enum Section
00127 {
00128 DN,
00129 AlternativeName
00130 };
00131
00135 CertificateInfoType();
00136
00145 CertificateInfoType(CertificateInfoTypeKnown known);
00146
00155 CertificateInfoType(const QString &id, Section section);
00156
00162 CertificateInfoType(const CertificateInfoType &from);
00163
00164 ~CertificateInfoType();
00165
00171 CertificateInfoType & operator=(const CertificateInfoType &from);
00172
00176 Section section() const;
00177
00185 CertificateInfoTypeKnown known() const;
00186
00205 QString id() const;
00206
00213 bool operator<(const CertificateInfoType &other) const;
00214
00221 bool operator==(const CertificateInfoType &other) const;
00222
00229 inline bool operator!=(const CertificateInfoType &other) const
00230 {
00231 return !(*this == other);
00232 }
00233
00234 private:
00235 class Private;
00236 QSharedDataPointer<Private> d;
00237 };
00238
00246 class QCA_EXPORT CertificateInfoPair
00247 {
00248 public:
00252 CertificateInfoPair();
00253
00260 CertificateInfoPair(const CertificateInfoType &type, const QString &value);
00261
00267 CertificateInfoPair(const CertificateInfoPair &from);
00268
00269 ~CertificateInfoPair();
00270
00276 CertificateInfoPair & operator=(const CertificateInfoPair &from);
00277
00281 CertificateInfoType type() const;
00282
00286 QString value() const;
00287
00294 bool operator==(const CertificateInfoPair &other) const;
00295
00302 inline bool operator!=(const CertificateInfoPair &other) const
00303 {
00304 return !(*this == other);
00305 }
00306
00307 private:
00308 class Private;
00309 QSharedDataPointer<Private> d;
00310 };
00311
00312
00318 enum ConstraintTypeKnown
00319 {
00320
00321 DigitalSignature,
00322 NonRepudiation,
00323 KeyEncipherment,
00324 DataEncipherment,
00325 KeyAgreement,
00326 KeyCertificateSign,
00327 CRLSign,
00328 EncipherOnly,
00329 DecipherOnly,
00330
00331
00332 ServerAuth,
00333 ClientAuth,
00334 CodeSigning,
00335 EmailProtection,
00336 IPSecEndSystem,
00337 IPSecTunnel,
00338 IPSecUser,
00339 TimeStamping,
00340 OCSPSigning
00341 };
00342
00356 class QCA_EXPORT ConstraintType
00357 {
00358 public:
00362 enum Section
00363 {
00364 KeyUsage,
00365 ExtendedKeyUsage
00366 };
00367
00371 ConstraintType();
00372
00381 ConstraintType(ConstraintTypeKnown known);
00382
00391 ConstraintType(const QString &id, Section section);
00392
00398 ConstraintType(const ConstraintType &from);
00399
00400 ~ConstraintType();
00401
00407 ConstraintType & operator=(const ConstraintType &from);
00408
00412 Section section() const;
00413
00421 ConstraintTypeKnown known() const;
00422
00441 QString id() const;
00442
00448 bool operator<(const ConstraintType &other) const;
00449
00455 bool operator==(const ConstraintType &other) const;
00456
00462 inline bool operator!=(const ConstraintType &other) const
00463 {
00464 return !(*this == other);
00465 }
00466
00467 private:
00468 class Private;
00469 QSharedDataPointer<Private> d;
00470 };
00471
00475 enum UsageMode
00476 {
00477 UsageAny = 0x00,
00478 UsageTLSServer = 0x01,
00479 UsageTLSClient = 0x02,
00480 UsageCodeSigning = 0x04,
00481 UsageEmailProtection = 0x08,
00482 UsageTimeStamping = 0x10,
00483 UsageCRLSigning = 0x20
00484 };
00485
00489 enum Validity
00490 {
00491 ValidityGood,
00492 ErrorRejected,
00493 ErrorUntrusted,
00494 ErrorSignatureFailed,
00495 ErrorInvalidCA,
00496 ErrorInvalidPurpose,
00497 ErrorSelfSigned,
00498 ErrorRevoked,
00499 ErrorPathLengthExceeded,
00500 ErrorExpired,
00501 ErrorExpiredCA,
00502 ErrorValidityUnknown = 64
00503 };
00504
00508 enum ValidateFlags
00509 {
00510 ValidateAll = 0x00,
00511 ValidateRevoked = 0x01,
00512 ValidateExpired = 0x02,
00513 ValidatePolicy = 0x04
00514 };
00515
00527 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
00528
00539 class CertificateInfoOrdered : public QList<CertificateInfoPair>
00540 {
00541 public:
00545 inline QString toString() const;
00546
00551 inline CertificateInfoOrdered dnOnly() const;
00552 };
00553
00559 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
00560
00567 QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in);
00568
00569 inline QString CertificateInfoOrdered::toString() const
00570 {
00571 return orderedToDNString(*this);
00572 }
00573
00574 inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const
00575 {
00576 return orderedDNOnly(*this);
00577 }
00578
00582 typedef QList<ConstraintType> Constraints;
00583
00590 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
00591
00601 class QCA_EXPORT CertificateOptions
00602 {
00603 public:
00609 CertificateOptions(CertificateRequestFormat format = PKCS10);
00610
00616 CertificateOptions(const CertificateOptions &from);
00617 ~CertificateOptions();
00618
00624 CertificateOptions & operator=(const CertificateOptions &from);
00625
00629 CertificateRequestFormat format() const;
00630
00636 void setFormat(CertificateRequestFormat f);
00637
00643 bool isValid() const;
00644
00652 QString challenge() const;
00653
00659 CertificateInfo info() const;
00660
00667 CertificateInfoOrdered infoOrdered() const;
00668
00672 Constraints constraints() const;
00673
00677 QStringList policies() const;
00678
00686 QStringList crlLocations() const;
00687
00695 QStringList issuerLocations() const;
00696
00702 QStringList ocspLocations() const;
00703
00710 bool isCA() const;
00711
00715 int pathLimit() const;
00716
00722 BigInteger serialNumber() const;
00723
00729 QDateTime notValidBefore() const;
00730
00736 QDateTime notValidAfter() const;
00737
00746 void setChallenge(const QString &s);
00747
00756 void setInfo(const CertificateInfo &info);
00757
00766 void setInfoOrdered(const CertificateInfoOrdered &info);
00767
00773 void setConstraints(const Constraints &constraints);
00774
00780 void setPolicies(const QStringList &policies);
00781
00789 void setCRLLocations(const QStringList &locations);
00790
00798 void setIssuerLocations(const QStringList &locations);
00799
00805 void setOCSPLocations(const QStringList &locations);
00806
00812 void setAsCA(int pathLimit = 8);
00813
00817 void setAsUser();
00818
00824 void setSerialNumber(const BigInteger &i);
00825
00832 void setValidityPeriod(const QDateTime &start, const QDateTime &end);
00833
00834 private:
00835 class Private;
00836 Private *d;
00837 };
00838
00848 class QCA_EXPORT Certificate : public Algorithm
00849 {
00850 public:
00854 Certificate();
00855
00862 Certificate(const QString &fileName);
00863
00873 Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
00874
00880 Certificate(const Certificate &from);
00881
00882 ~Certificate();
00883
00889 Certificate & operator=(const Certificate &from);
00890
00895 bool isNull() const;
00896
00900 QDateTime notValidBefore() const;
00901
00905 QDateTime notValidAfter() const;
00906
00924 CertificateInfo subjectInfo() const;
00925
00945 CertificateInfoOrdered subjectInfoOrdered() const;
00946
00952 CertificateInfo issuerInfo() const;
00953
00966 CertificateInfoOrdered issuerInfoOrdered() const;
00967
00971 Constraints constraints() const;
00972
00978 QStringList policies() const;
00979
00985 QStringList crlLocations() const;
00986
00992 QStringList issuerLocations() const;
00993
00997 QStringList ocspLocations() const;
00998
01005 QString commonName() const;
01006
01010 BigInteger serialNumber() const;
01011
01015 PublicKey subjectPublicKey() const;
01016
01022 bool isCA() const;
01023
01029 bool isSelfSigned() const;
01030
01039 bool isIssuerOf(const Certificate &other) const;
01040
01045 int pathLimit() const;
01046
01050 SignatureAlgorithm signatureAlgorithm() const;
01051
01055 QByteArray subjectKeyId() const;
01056
01060 QByteArray issuerKeyId() const;
01061
01073 Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
01074
01078 QByteArray toDER() const;
01079
01083 QString toPEM() const;
01084
01090 bool toPEMFile(const QString &fileName) const;
01091
01104 static Certificate fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01105
01118 static Certificate fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01119
01133 static Certificate fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01134
01147 bool matchesHostName(const QString &host) const;
01148
01156 bool operator==(const Certificate &a) const;
01157
01163 inline bool operator!=(const Certificate &other) const
01164 {
01165 return !(*this == other);
01166 }
01167
01173 void change(CertContext *c);
01174
01175 private:
01176 class Private;
01177 friend class Private;
01178 QSharedDataPointer<Private> d;
01179
01180 friend class CertificateChain;
01181 Validity chain_validate(const CertificateChain &chain, const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const;
01182 CertificateChain chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
01183 };
01184
01207 class CertificateChain : public QList<Certificate>
01208 {
01209 public:
01213 inline CertificateChain() {}
01214
01221 inline CertificateChain(const Certificate &primary) { append(primary); }
01222
01226 inline const Certificate & primary() const { return first(); }
01227
01241 inline Validity validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls = QList<CRL>(), UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
01242
01266 inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(), Validity *result = 0) const;
01267 };
01268
01269 inline Validity CertificateChain::validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const
01270 {
01271 if(isEmpty())
01272 return ErrorValidityUnknown;
01273 return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
01274 }
01275
01276 inline CertificateChain CertificateChain::complete(const QList<Certificate> &issuers, Validity *result) const
01277 {
01278 if(isEmpty())
01279 return CertificateChain();
01280 return first().chain_complete(*this, issuers, result);
01281 }
01282
01292 class QCA_EXPORT CertificateRequest : public Algorithm
01293 {
01294 public:
01298 CertificateRequest();
01299
01306 CertificateRequest(const QString &fileName);
01307
01317 CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
01318
01324 CertificateRequest(const CertificateRequest &from);
01325
01326 ~CertificateRequest();
01327
01333 CertificateRequest & operator=(const CertificateRequest &from);
01334
01340 bool isNull() const;
01341
01352 static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
01353
01357 CertificateRequestFormat format() const;
01358
01367 CertificateInfo subjectInfo() const;
01368
01379 CertificateInfoOrdered subjectInfoOrdered() const;
01380
01386 Constraints constraints() const;
01387
01393 QStringList policies() const;
01394
01398 PublicKey subjectPublicKey() const;
01399
01406 bool isCA() const;
01407
01413 int pathLimit() const;
01414
01418 QString challenge() const;
01419
01424 SignatureAlgorithm signatureAlgorithm() const;
01425
01433 bool operator==(const CertificateRequest &csr) const;
01434
01440 inline bool operator!=(const CertificateRequest &other) const
01441 {
01442 return !(*this == other);
01443 }
01444
01450 QByteArray toDER() const;
01451
01457 QString toPEM() const;
01458
01466 bool toPEMFile(const QString &fileName) const;
01467
01482 static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01483
01499 static CertificateRequest fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01500
01516 static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01517
01525 QString toString() const;
01526
01541 static CertificateRequest fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01542
01548 void change(CSRContext *c);
01549
01550 private:
01551 class Private;
01552 friend class Private;
01553 QSharedDataPointer<Private> d;
01554 };
01555
01563 class QCA_EXPORT CRLEntry
01564 {
01565 public:
01569 enum Reason
01570 {
01571 Unspecified,
01572 KeyCompromise,
01573 CACompromise,
01574 AffiliationChanged,
01575 Superseded,
01576 CessationOfOperation,
01577 CertificateHold,
01578 RemoveFromCRL,
01579 PrivilegeWithdrawn,
01580 AACompromise
01581 };
01582
01586 CRLEntry();
01587
01594 explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
01595
01604 CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
01605
01611 CRLEntry(const CRLEntry &from);
01612
01613 ~CRLEntry();
01614
01620 CRLEntry & operator=(const CRLEntry &from);
01621
01625 BigInteger serialNumber() const;
01626
01630 QDateTime time() const;
01631
01635 bool isNull() const;
01636
01643 Reason reason() const;
01644
01652 bool operator<(const CRLEntry &a) const;
01653
01661 bool operator==(const CRLEntry &a) const;
01662
01668 inline bool operator!=(const CRLEntry &other) const
01669 {
01670 return !(*this == other);
01671 }
01672
01673 private:
01674 BigInteger _serial;
01675 QDateTime _time;
01676 Reason _reason;
01677
01678 class Private;
01679 Private *d;
01680 };
01681
01702 class QCA_EXPORT CRL : public Algorithm
01703 {
01704 public:
01705 CRL();
01706
01712 CRL(const CRL &from);
01713
01714 ~CRL();
01715
01721 CRL & operator=(const CRL &from);
01722
01728 bool isNull() const;
01729
01736 CertificateInfo issuerInfo() const;
01737
01746 CertificateInfoOrdered issuerInfoOrdered() const;
01747
01754 int number() const;
01755
01759 QDateTime thisUpdate() const;
01760
01766 QDateTime nextUpdate() const;
01767
01771 QList<CRLEntry> revoked() const;
01772
01776 SignatureAlgorithm signatureAlgorithm() const;
01777
01781 QByteArray issuerKeyId() const;
01782
01790 bool operator==(const CRL &a) const;
01791
01797 inline bool operator!=(const CRL &other) const
01798 {
01799 return !(*this == other);
01800 }
01801
01807 QByteArray toDER() const;
01808
01814 QString toPEM() const;
01815
01822 bool toPEMFile(const QString &fileName) const;
01823
01835 static CRL fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01836
01848 static CRL fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01849
01862 static CRL fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01863
01869 void change(CRLContext *c);
01870
01871 private:
01872 class Private;
01873 friend class Private;
01874 QSharedDataPointer<Private> d;
01875 };
01876
01890 class QCA_EXPORT CertificateCollection
01891 {
01892 public:
01896 CertificateCollection();
01897
01903 CertificateCollection(const CertificateCollection &from);
01904
01905 ~CertificateCollection();
01906
01912 CertificateCollection & operator=(const CertificateCollection &from);
01913
01919 void addCertificate(const Certificate &cert);
01920
01927 void addCRL(const CRL &crl);
01928
01932 QList<Certificate> certificates() const;
01933
01937 QList<CRL> crls() const;
01938
01944 void append(const CertificateCollection &other);
01945
01951 CertificateCollection operator+(const CertificateCollection &other) const;
01952
01958 CertificateCollection & operator+=(const CertificateCollection &other);
01959
01970 static bool canUsePKCS7(const QString &provider = QString());
01971
01980 bool toFlatTextFile(const QString &fileName);
01981
01992 bool toPKCS7File(const QString &fileName, const QString &provider = QString());
01993
02007 static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02008
02022 static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02023
02024 private:
02025 class Private;
02026 QSharedDataPointer<Private> d;
02027 };
02028
02037 class QCA_EXPORT CertificateAuthority : public Algorithm
02038 {
02039 public:
02048 CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
02049
02055 CertificateAuthority(const CertificateAuthority &from);
02056
02057 ~CertificateAuthority();
02058
02064 CertificateAuthority & operator=(const CertificateAuthority &from);
02065
02072 Certificate certificate() const;
02073
02081 Certificate signRequest(const CertificateRequest &req, const QDateTime ¬ValidAfter) const;
02082
02089 Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
02090
02098 CRL createCRL(const QDateTime &nextUpdate) const;
02099
02109 CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
02110
02111 private:
02112 class Private;
02113 Private *d;
02114 };
02115
02135 class QCA_EXPORT KeyBundle
02136 {
02137 public:
02141 KeyBundle();
02142
02160 explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
02161
02167 KeyBundle(const KeyBundle &from);
02168
02169 ~KeyBundle();
02170
02176 KeyBundle & operator=(const KeyBundle &from);
02177
02181 bool isNull() const;
02182
02192 QString name() const;
02193
02199 CertificateChain certificateChain() const;
02200
02206 PrivateKey privateKey() const;
02207
02213 void setName(const QString &s);
02214
02224 void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
02225
02249 QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
02250
02275 bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
02276
02307 static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
02308
02339 static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
02340
02341 private:
02342 class Private;
02343 QSharedDataPointer<Private> d;
02344 };
02345
02360 class QCA_EXPORT PGPKey : public Algorithm
02361 {
02362 public:
02366 PGPKey();
02367
02377 PGPKey(const QString &fileName);
02378
02384 PGPKey(const PGPKey &from);
02385
02386 ~PGPKey();
02387
02393 PGPKey & operator=(const PGPKey &from);
02394
02400 bool isNull() const;
02401
02405 QString keyId() const;
02406
02410 QString primaryUserId() const;
02411
02415 QStringList userIds() const;
02416
02422 bool isSecret() const;
02423
02427 QDateTime creationDate() const;
02428
02432 QDateTime expirationDate() const;
02433
02440 QString fingerprint() const;
02441
02450 bool inKeyring() const;
02451
02457 bool isTrusted() const;
02458
02468 QByteArray toArray() const;
02469
02478 QString toString() const;
02479
02485 bool toFile(const QString &fileName) const;
02486
02496 static PGPKey fromArray(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
02497
02507 static PGPKey fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
02508
02519 static PGPKey fromFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02520
02521 private:
02522 class Private;
02523 Private *d;
02524 };
02525
02565 class QCA_EXPORT KeyLoader : public QObject
02566 {
02567 Q_OBJECT
02568 public:
02574 KeyLoader(QObject *parent = 0);
02575 ~KeyLoader();
02576
02586 void loadPrivateKeyFromPEMFile(const QString &fileName);
02587
02596 void loadPrivateKeyFromPEM(const QString &s);
02597
02606 void loadPrivateKeyFromDER(const SecureArray &a);
02607
02616 void loadKeyBundleFromFile(const QString &fileName);
02617
02625 void loadKeyBundleFromArray(const QByteArray &a);
02626
02632 ConvertResult convertResult() const;
02633
02643 PrivateKey privateKey() const;
02644
02653 KeyBundle keyBundle() const;
02654
02655 Q_SIGNALS:
02663 void finished();
02664
02665 private:
02666 Q_DISABLE_COPY(KeyLoader)
02667
02668 class Private;
02669 friend class Private;
02670 Private *d;
02671 };
02672
02673 }
02674
02675 #endif