Qt Cryptographic Architecture
qca_cert.h
Go to the documentation of this file.
1 /*
2  * qca_cert.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4  * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
33 #ifndef QCA_CERT_H
34 #define QCA_CERT_H
35 
36 #include <QDateTime>
37 #include "qca_core.h"
38 #include "qca_publickey.h"
39 
40 namespace QCA {
41 
42 class CertContext;
43 class CSRContext;
44 class CRLContext;
45 class Certificate;
46 class CRL;
47 class CertificateCollection;
48 class CertificateChain;
49 
50 
55 {
58 };
59 
66 {
78  URI,
79  DNS,
82 };
83 
120 class QCA_EXPORT CertificateInfoType
121 {
122 public:
126  enum Section
127  {
128  DN,
129  AlternativeName
130  };
131 
136 
146 
155  CertificateInfoType(const QString &id, Section section);
156 
163 
165 
171  CertificateInfoType & operator=(const CertificateInfoType &from);
172 
176  Section section() const;
177 
185  CertificateInfoTypeKnown known() const;
186 
205  QString id() const;
206 
213  bool operator<(const CertificateInfoType &other) const;
214 
221  bool operator==(const CertificateInfoType &other) const;
222 
229  inline bool operator!=(const CertificateInfoType &other) const
230  {
231  return !(*this == other);
232  }
233 
234 private:
235  class Private;
236  QSharedDataPointer<Private> d;
237 };
238 
246 class QCA_EXPORT CertificateInfoPair
247 {
248 public:
253 
260  CertificateInfoPair(const CertificateInfoType &type, const QString &value);
261 
268 
270 
276  CertificateInfoPair & operator=(const CertificateInfoPair &from);
277 
281  CertificateInfoType type() const;
282 
286  QString value() const;
287 
294  bool operator==(const CertificateInfoPair &other) const;
295 
302  inline bool operator!=(const CertificateInfoPair &other) const
303  {
304  return !(*this == other);
305  }
306 
307 private:
308  class Private;
309  QSharedDataPointer<Private> d;
310 };
311 
312 
319 {
320  // KeyUsage
330 
331  // ExtKeyUsage
341 };
342 
356 class QCA_EXPORT ConstraintType
357 {
358 public:
362  enum Section
363  {
365  ExtendedKeyUsage
366  };
367 
371  ConstraintType();
372 
382 
391  ConstraintType(const QString &id, Section section);
392 
398  ConstraintType(const ConstraintType &from);
399 
400  ~ConstraintType();
401 
407  ConstraintType & operator=(const ConstraintType &from);
408 
412  Section section() const;
413 
421  ConstraintTypeKnown known() const;
422 
441  QString id() const;
442 
448  bool operator<(const ConstraintType &other) const;
449 
455  bool operator==(const ConstraintType &other) const;
456 
462  inline bool operator!=(const ConstraintType &other) const
463  {
464  return !(*this == other);
465  }
466 
467 private:
468  class Private;
469  QSharedDataPointer<Private> d;
470 };
471 
476 {
477  UsageAny = 0x00,
478  UsageTLSServer = 0x01,
479  UsageTLSClient = 0x02,
484 };
485 
490 {
503 };
504 
509 {
510  ValidateAll = 0x00, // Verify all conditions
511  ValidateRevoked = 0x01, // Verify the certificate was not revoked
512  ValidateExpired = 0x02, // Verify the certificate has not expired
513  ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose
514 };
515 
527 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
528 
539 class CertificateInfoOrdered : public QList<CertificateInfoPair>
540 {
541 public:
545  inline QString toString() const;
546 
551  inline CertificateInfoOrdered dnOnly() const;
552 };
553 
559 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
560 
568 
569 inline QString CertificateInfoOrdered::toString() const
570 {
571  return orderedToDNString(*this);
572 }
573 
575 {
576  return orderedDNOnly(*this);
577 }
578 
583 
590 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
591 
601 class QCA_EXPORT CertificateOptions
602 {
603 public:
610 
618 
624  CertificateOptions & operator=(const CertificateOptions &from);
625 
629  CertificateRequestFormat format() const;
630 
636  void setFormat(CertificateRequestFormat f);
637 
643  bool isValid() const;
644 
652  QString challenge() const;
653 
659  CertificateInfo info() const;
660 
667  CertificateInfoOrdered infoOrdered() const;
668 
672  Constraints constraints() const;
673 
677  QStringList policies() const;
678 
686  QStringList crlLocations() const;
687 
695  QStringList issuerLocations() const;
696 
702  QStringList ocspLocations() const;
703 
710  bool isCA() const;
711 
715  int pathLimit() const;
716 
722  BigInteger serialNumber() const;
723 
729  QDateTime notValidBefore() const;
730 
736  QDateTime notValidAfter() const;
737 
746  void setChallenge(const QString &s);
747 
756  void setInfo(const CertificateInfo &info);
757 
766  void setInfoOrdered(const CertificateInfoOrdered &info);
767 
773  void setConstraints(const Constraints &constraints);
774 
780  void setPolicies(const QStringList &policies);
781 
789  void setCRLLocations(const QStringList &locations);
790 
798  void setIssuerLocations(const QStringList &locations);
799 
805  void setOCSPLocations(const QStringList &locations);
806 
812  void setAsCA(int pathLimit = 8); // value from Botan
813 
817  void setAsUser();
818 
824  void setSerialNumber(const BigInteger &i);
825 
832  void setValidityPeriod(const QDateTime &start, const QDateTime &end);
833 
834 private:
835  class Private;
836  Private *d;
837 };
838 
848 class QCA_EXPORT Certificate : public Algorithm
849 {
850 public:
854  Certificate();
855 
862  Certificate(const QString &fileName);
863 
873  Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
874 
880  Certificate(const Certificate &from);
881 
882  ~Certificate();
883 
889  Certificate & operator=(const Certificate &from);
890 
895  bool isNull() const;
896 
900  QDateTime notValidBefore() const;
901 
905  QDateTime notValidAfter() const;
906 
924  CertificateInfo subjectInfo() const;
925 
945  CertificateInfoOrdered subjectInfoOrdered() const;
946 
952  CertificateInfo issuerInfo() const;
953 
966  CertificateInfoOrdered issuerInfoOrdered() const;
967 
971  Constraints constraints() const;
972 
978  QStringList policies() const;
979 
985  QStringList crlLocations() const;
986 
992  QStringList issuerLocations() const;
993 
997  QStringList ocspLocations() const;
998 
1005  QString commonName() const;
1006 
1010  BigInteger serialNumber() const;
1011 
1015  PublicKey subjectPublicKey() const;
1016 
1022  bool isCA() const;
1023 
1029  bool isSelfSigned() const;
1030 
1039  bool isIssuerOf(const Certificate &other) const;
1040 
1045  int pathLimit() const;
1046 
1050  SignatureAlgorithm signatureAlgorithm() const;
1051 
1055  QByteArray subjectKeyId() const;
1056 
1060  QByteArray issuerKeyId() const;
1061 
1073  Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
1074 
1078  QByteArray toDER() const;
1079 
1083  QString toPEM() const;
1084 
1090  bool toPEMFile(const QString &fileName) const;
1091 
1104  static Certificate fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
1105 
1118  static Certificate fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
1119 
1133  static Certificate fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
1134 
1147  bool matchesHostName(const QString &host) const;
1148 
1156  bool operator==(const Certificate &a) const;
1157 
1163  inline bool operator!=(const Certificate &other) const
1164  {
1165  return !(*this == other);
1166  }
1167 
1173  void change(CertContext *c);
1174 
1175 private:
1176  class Private;
1177  friend class Private;
1178  QSharedDataPointer<Private> d;
1179 
1180  friend class CertificateChain;
1181  Validity chain_validate(const CertificateChain &chain, const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const;
1182  CertificateChain chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
1183 };
1184 
1207 class CertificateChain : public QList<Certificate>
1208 {
1209 public:
1213  inline CertificateChain() {}
1214 
1221  inline CertificateChain(const Certificate &primary) { append(primary); }
1222 
1226  inline const Certificate & primary() const { return first(); }
1227 
1241  inline Validity validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls = QList<CRL>(), UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
1242 
1266  inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(), Validity *result = 0) const;
1267 };
1268 
1269 inline Validity CertificateChain::validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const
1270 {
1271  if(isEmpty())
1272  return ErrorValidityUnknown;
1273  return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
1274 }
1275 
1277 {
1278  if(isEmpty())
1279  return CertificateChain();
1280  return first().chain_complete(*this, issuers, result);
1281 }
1282 
1292 class QCA_EXPORT CertificateRequest : public Algorithm
1293 {
1294 public:
1299 
1306  CertificateRequest(const QString &fileName);
1307 
1317  CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
1318 
1325 
1326  ~CertificateRequest();
1327 
1333  CertificateRequest & operator=(const CertificateRequest &from);
1334 
1340  bool isNull() const;
1341 
1352  static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
1353 
1357  CertificateRequestFormat format() const;
1358 
1367  CertificateInfo subjectInfo() const;
1368 
1379  CertificateInfoOrdered subjectInfoOrdered() const;
1380 
1386  Constraints constraints() const;
1387 
1393  QStringList policies() const;
1394 
1398  PublicKey subjectPublicKey() const;
1399 
1406  bool isCA() const;
1407 
1413  int pathLimit() const;
1414 
1418  QString challenge() const;
1419 
1424  SignatureAlgorithm signatureAlgorithm() const;
1425 
1433  bool operator==(const CertificateRequest &csr) const;
1434 
1440  inline bool operator!=(const CertificateRequest &other) const
1441  {
1442  return !(*this == other);
1443  }
1444 
1450  QByteArray toDER() const;
1451 
1457  QString toPEM() const;
1458 
1466  bool toPEMFile(const QString &fileName) const;
1467 
1482  static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
1483 
1499  static CertificateRequest fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
1500 
1516  static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
1517 
1525  QString toString() const;
1526 
1541  static CertificateRequest fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
1542 
1548  void change(CSRContext *c);
1549 
1550 private:
1551  class Private;
1552  friend class Private;
1553  QSharedDataPointer<Private> d;
1554 };
1555 
1563 class QCA_EXPORT CRLEntry
1564 {
1565 public:
1569  enum Reason
1570  {
1574  AffiliationChanged,
1576  CessationOfOperation,
1579  PrivilegeWithdrawn,
1580  AACompromise
1581  };
1582 
1586  CRLEntry();
1587 
1594  explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
1595 
1604  CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
1605 
1611  CRLEntry(const CRLEntry &from);
1612 
1613  ~CRLEntry();
1614 
1620  CRLEntry & operator=(const CRLEntry &from);
1621 
1625  BigInteger serialNumber() const;
1626 
1630  QDateTime time() const;
1631 
1635  bool isNull() const;
1636 
1643  Reason reason() const;
1644 
1652  bool operator<(const CRLEntry &a) const;
1653 
1661  bool operator==(const CRLEntry &a) const;
1662 
1668  inline bool operator!=(const CRLEntry &other) const
1669  {
1670  return !(*this == other);
1671  }
1672 
1673 private:
1674  BigInteger _serial;
1675  QDateTime _time;
1676  Reason _reason;
1677 
1678  class Private;
1679  Private *d;
1680 };
1681 
1702 class QCA_EXPORT CRL : public Algorithm
1703 {
1704 public:
1705  CRL();
1706 
1712  CRL(const CRL &from);
1713 
1714  ~CRL();
1715 
1721  CRL & operator=(const CRL &from);
1722 
1728  bool isNull() const;
1729 
1736  CertificateInfo issuerInfo() const;
1737 
1746  CertificateInfoOrdered issuerInfoOrdered() const;
1747 
1754  int number() const;
1755 
1759  QDateTime thisUpdate() const;
1760 
1766  QDateTime nextUpdate() const;
1767 
1771  QList<CRLEntry> revoked() const;
1772 
1776  SignatureAlgorithm signatureAlgorithm() const;
1777 
1781  QByteArray issuerKeyId() const;
1782 
1790  bool operator==(const CRL &a) const;
1791 
1797  inline bool operator!=(const CRL &other) const
1798  {
1799  return !(*this == other);
1800  }
1801 
1807  QByteArray toDER() const;
1808 
1814  QString toPEM() const;
1815 
1822  bool toPEMFile(const QString &fileName) const;
1823 
1835  static CRL fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
1836 
1848  static CRL fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
1849 
1862  static CRL fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
1863 
1869  void change(CRLContext *c);
1870 
1871 private:
1872  class Private;
1873  friend class Private;
1874  QSharedDataPointer<Private> d;
1875 };
1876 
1890 class QCA_EXPORT CertificateCollection
1891 {
1892 public:
1897 
1904 
1906 
1912  CertificateCollection & operator=(const CertificateCollection &from);
1913 
1919  void addCertificate(const Certificate &cert);
1920 
1927  void addCRL(const CRL &crl);
1928 
1932  QList<Certificate> certificates() const;
1933 
1937  QList<CRL> crls() const;
1938 
1944  void append(const CertificateCollection &other);
1945 
1952 
1958  CertificateCollection & operator+=(const CertificateCollection &other);
1959 
1970  static bool canUsePKCS7(const QString &provider = QString());
1971 
1980  bool toFlatTextFile(const QString &fileName);
1981 
1992  bool toPKCS7File(const QString &fileName, const QString &provider = QString());
1993 
2007  static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
2008 
2022  static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
2023 
2024 private:
2025  class Private;
2026  QSharedDataPointer<Private> d;
2027 };
2028 
2037 class QCA_EXPORT CertificateAuthority : public Algorithm
2038 {
2039 public:
2048  CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
2049 
2056 
2058 
2064  CertificateAuthority & operator=(const CertificateAuthority &from);
2065 
2072  Certificate certificate() const;
2073 
2081  Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const;
2082 
2089  Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
2090 
2098  CRL createCRL(const QDateTime &nextUpdate) const;
2099 
2109  CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
2110 
2111 private:
2112  class Private;
2113  Private *d;
2114 };
2115 
2135 class QCA_EXPORT KeyBundle
2136 {
2137 public:
2141  KeyBundle();
2142 
2160  explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
2161 
2167  KeyBundle(const KeyBundle &from);
2168 
2169  ~KeyBundle();
2170 
2176  KeyBundle & operator=(const KeyBundle &from);
2177 
2181  bool isNull() const;
2182 
2192  QString name() const;
2193 
2199  CertificateChain certificateChain() const;
2200 
2206  PrivateKey privateKey() const;
2207 
2213  void setName(const QString &s);
2214 
2224  void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
2225 
2249  QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
2250 
2275  bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
2276 
2307  static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
2308 
2339  static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
2340 
2341 private:
2342  class Private;
2343  QSharedDataPointer<Private> d;
2344 };
2345 
2360 class QCA_EXPORT PGPKey : public Algorithm
2361 {
2362 public:
2366  PGPKey();
2367 
2377  PGPKey(const QString &fileName);
2378 
2384  PGPKey(const PGPKey &from);
2385 
2386  ~PGPKey();
2387 
2393  PGPKey & operator=(const PGPKey &from);
2394 
2400  bool isNull() const;
2401 
2405  QString keyId() const;
2406 
2410  QString primaryUserId() const;
2411 
2415  QStringList userIds() const;
2416 
2422  bool isSecret() const;
2423 
2427  QDateTime creationDate() const;
2428 
2432  QDateTime expirationDate() const;
2433 
2440  QString fingerprint() const;
2441 
2450  bool inKeyring() const;
2451 
2457  bool isTrusted() const;
2458 
2468  QByteArray toArray() const;
2469 
2478  QString toString() const;
2479 
2485  bool toFile(const QString &fileName) const;
2486 
2496  static PGPKey fromArray(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
2497 
2507  static PGPKey fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
2508 
2519  static PGPKey fromFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
2520 
2521 private:
2522  class Private;
2523  Private *d;
2524 };
2525 
2565 class QCA_EXPORT KeyLoader : public QObject
2566 {
2567  Q_OBJECT
2568 public:
2574  KeyLoader(QObject *parent = 0);
2575  ~KeyLoader();
2576 
2586  void loadPrivateKeyFromPEMFile(const QString &fileName);
2587 
2596  void loadPrivateKeyFromPEM(const QString &s);
2597 
2606  void loadPrivateKeyFromDER(const SecureArray &a);
2607 
2616  void loadKeyBundleFromFile(const QString &fileName);
2617 
2625  void loadKeyBundleFromArray(const QByteArray &a);
2626 
2632  ConvertResult convertResult() const;
2633 
2643  PrivateKey privateKey() const;
2644 
2653  KeyBundle keyBundle() const;
2654 
2655 Q_SIGNALS:
2663  void finished();
2664 
2665 private:
2666  Q_DISABLE_COPY(KeyLoader)
2667 
2668  class Private;
2669  friend class Private;
2670  Private *d;
2671 };
2672 
2673 }
2674 
2675 #endif
ConvertResult
Return value from a format conversion.
Definition: qca_publickey.h:117
bool operator!=(const CertificateInfoType &other) const
Inequality operator.
Definition: qca_cert.h:229
X.509 certificate request provider.
Definition: qcaprovider.h:1327
PKCS#9 Email field, id = "1.2.840.113549.1.9.1".
Definition: qca_cert.h:69
ConstraintTypeKnown
Known types of certificate constraints.
Definition: qca_cert.h:318
X.509 certificate provider.
Definition: qcaprovider.h:1234
CertificateInfoOrdered dnOnly() const
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in thi...
Definition: qca_cert.h:574
QMultiMap< CertificateInfoType, QString > CertificateInfo
Certificate properties type.
Definition: qca_cert.h:527
General superclass for an algorithm.
Definition: qca_core.h:1121
Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage constraint...
Definition: qca_cert.h:334
The root CA rejected the certificate purpose.
Definition: qca_cert.h:492
certificate revocation list signing certificate
Definition: qca_cert.h:483
QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in)
Convert to RFC 1779 string format.
Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature" ...
Definition: qca_cert.h:321
Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1.5.5.7.3.1". This is an extended usage constraint.
Definition: qca_cert.h:332
Section
Section of the certificate that the information belongs in.
Definition: qca_cert.h:126
const Certificate & primary() const
Return the primary (end-user) Certificate.
Definition: qca_cert.h:1226
Generic private key.
Definition: qca_publickey.h:826
Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an extended usage ...
Definition: qca_cert.h:335
email (S/MIME) certificate
Definition: qca_cert.h:481
bool operator!=(const Certificate &other) const
Inequality operator.
Definition: qca_cert.h:1163
code signing certificate
Definition: qca_cert.h:480
X.509 certificate revocation list provider.
Definition: qcaprovider.h:1408
Certificate chain and private key pair.
Definition: qca_cert.h:2135
The certificate is self-signed, and is not found in the list of trusted certificates.
Definition: qca_cert.h:497
ValidateFlags
The conditions to validate for a certificate.
Definition: qca_cert.h:508
A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs)...
Definition: qca_cert.h:2037
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:489
An organisation (eg company), id = "2.5.4.10".
Definition: qca_cert.h:70
Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8". This is an extended usage constraint.
Definition: qca_cert.h:339
Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign" ...
Definition: qca_cert.h:327
Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".
Definition: qca_cert.h:78
CertificateInfoTypeKnown
Known types of information stored in certificates.
Definition: qca_cert.h:65
Certificate can be used for client authentication (e.g. web browser), id = "1.3.6.1.5.5.7.3.2". This is an extended usage constraint.
Definition: qca_cert.h:333
Distinguished name (the primary name)
Definition: qca_cert.h:128
Header file for PublicKey and PrivateKey related classes.
bool operator!=(const CRLEntry &other) const
Inequality operator.
Definition: qca_cert.h:1668
Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
Definition: qca_cert.h:322
bool operator!=(const CRL &other) const
Inequality operator.
Definition: qca_cert.h:1797
XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5". ...
Definition: qca_cert.h:81
QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in)
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the...
The certificate has been revoked.
Definition: qca_cert.h:498
Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7". This is an extended usage constraint.
Definition: qca_cert.h:338
Stored in the key usage section.
Definition: qca_cert.h:364
client side of a TLS or SSL connection
Definition: qca_cert.h:479
Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
Definition: qca_cert.h:328
Validity is unknown.
Definition: qca_cert.h:502
The locality (eg city, a shire, or part of a state), id = "2.5.4.7".
Definition: qca_cert.h:72
The certificate is not trusted.
Definition: qca_cert.h:493
Certificate Revocation List
Definition: qca_cert.h:1702
The signature does not match.
Definition: qca_cert.h:494
Certificate Request
Definition: qca_cert.h:1292
Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
Definition: qca_cert.h:329
Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment" ...
Definition: qca_cert.h:323
Section
Section of the certificate that the constraint belongs in.
Definition: qca_cert.h:362
Signed Public Key and Challenge (Netscape) format.
Definition: qca_cert.h:57
Header file for core QCA infrastructure.
SignatureAlgorithm
Signature algorithm variants.
Definition: qca_publickey.h:73
Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
Definition: qca_cert.h:325
Certificate information type.
Definition: qca_cert.h:120
bool operator!=(const CertificateInfoPair &other) const
Inequality operator.
Definition: qca_cert.h:302
Ordered certificate properties type.
Definition: qca_cert.h:539
QString toString() const
Convert to RFC 1779 string format.
Definition: qca_cert.h:569
standard PKCS#10 format
Definition: qca_cert.h:56
Asynchronous private key loader.
Definition: qca_cert.h:2565
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:47
CertificateChain()
Create an empty certificate chain.
Definition: qca_cert.h:1213
The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1". ...
Definition: qca_cert.h:73
The path length from the root CA to this certificate is too long.
Definition: qca_cert.h:499
The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore time) ...
Definition: qca_cert.h:500
The Certificate Authority has expired.
Definition: qca_cert.h:501
certificate has been superseded
Definition: qca_cert.h:1575
The purpose does not match the intended usage.
Definition: qca_cert.h:496
Certificate constraint.
Definition: qca_cert.h:356
The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".
Definition: qca_cert.h:77
Email address, id = "GeneralName.rfc822Name".
Definition: qca_cert.h:68
QCA_EXPORT QStringList makeFriendlyNames(const QList< Certificate > &list)
Create a list of unique friendly names among a list of certificates.
Secure array of bytes.
Definition: qca_tools.h:316
Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment" ...
Definition: qca_cert.h:324
certificate was previously in a CRL, but is now valid
Definition: qca_cert.h:1578
CertificateChain complete(const QList< Certificate > &issuers=QList< Certificate >(), Validity *result=0) const
Complete a certificate chain for the primary certificate, using the rest of the certificates in the c...
Definition: qca_cert.h:1276
CertificateRequestFormat
Certificate Request Format.
Definition: qca_cert.h:54
QList< ConstraintType > Constraints
Certificate constraints type
Definition: qca_cert.h:582
An part of an organisation (eg a division or branch), id = "2.5.4.11".
Definition: qca_cert.h:71
bool operator!=(const ConstraintType &other) const
Inequality operator.
Definition: qca_cert.h:462
Certificate options
Definition: qca_cert.h:601
certificate is on hold
Definition: qca_cert.h:1577
IP address, id = "GeneralName.iPAddress".
Definition: qca_cert.h:80
Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
Definition: qca_cert.h:326
A chain of related Certificates.
Definition: qca_cert.h:1207
private key has been compromised
Definition: qca_cert.h:1572
One entry in a certificate information list.
Definition: qca_cert.h:246
certificate authority has been compromised
Definition: qca_cert.h:1573
The common name (eg person), id = "2.5.4.3".
Definition: qca_cert.h:67
The certificate is valid.
Definition: qca_cert.h:491
QCA_EXPORT const SecureArray operator+(const SecureArray &a, const SecureArray &b)
Returns an array that is the result of concatenating a and b.
Reason
The reason why the certificate has been revoked.
Definition: qca_cert.h:1569
Public Key (X.509) certificate.
Definition: qca_cert.h:848
time stamping certificate
Definition: qca_cert.h:482
The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".
Definition: qca_cert.h:75
Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion, id = "1.3.6.1.5.5.7.3.9". This is an extended usage constraint.
Definition: qca_cert.h:340
Any application, or unspecified.
Definition: qca_cert.h:477
Part of a CRL representing a single certificate.
Definition: qca_cert.h:1563
UsageMode
Specify the intended usage of a certificate.
Definition: qca_cert.h:475
Arbitrary precision integer.
Definition: qca_tools.h:570
Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6". This is an extended usage constraint.
Definition: qca_cert.h:337
CertificateChain(const Certificate &primary)
Create a certificate chain, starting at the specified certificate.
Definition: qca_cert.h:1221
Pretty Good Privacy key.
Definition: qca_cert.h:2360
The state within the country, id = "2.5.4.8".
Definition: qca_cert.h:74
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1890
Generic public key.
Definition: qca_publickey.h:526
Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5". This is an extended usage constraint.
Definition: qca_cert.h:336
server side of a TLS or SSL connection
Definition: qca_cert.h:478
Validity validate(const CertificateCollection &trusted, const QList< CRL > &untrusted_crls=QList< CRL >(), UsageMode u=UsageAny, ValidateFlags vf=ValidateAll) const
Check the validity of a certificate chain.
Definition: qca_cert.h:1269
DNS name, id = "GeneralName.dNSName".
Definition: qca_cert.h:79
The country, id = "2.5.4.6".
Definition: qca_cert.h:76
The Certificate Authority is invalid.
Definition: qca_cert.h:495
bool operator!=(const CertificateRequest &other) const
Inequality operator.
Definition: qca_cert.h:1440
reason is unknown
Definition: qca_cert.h:1571