00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00032 #ifndef QCA_CERT_H
00033 #define QCA_CERT_H
00034
00035 #include <QMap>
00036 #include <QDateTime>
00037 #include "qca_core.h"
00038 #include "qca_publickey.h"
00039
00040 namespace QCA {
00041
00042 class CertContext;
00043 class CSRContext;
00044 class CRLContext;
00045 class Certificate;
00046 class CRL;
00047 class CertificateCollection;
00048 class CertificateChain;
00049
00053 enum CertificateRequestFormat
00054 {
00055 PKCS10,
00056 SPKAC
00057 };
00058
00064 enum CertificateInfoTypeKnown
00065 {
00066 CommonName,
00067 Email,
00068 EmailLegacy,
00069 Organization,
00070 OrganizationalUnit,
00071 Locality,
00072 IncorporationLocality,
00073 State,
00074 IncorporationState,
00075 Country,
00076 IncorporationCountry,
00077 URI,
00078 DNS,
00079 IPAddress,
00080 XMPP
00081 };
00082
00115 class QCA_EXPORT CertificateInfoType
00116 {
00117 public:
00121 enum Section
00122 {
00123 DN,
00124 AlternativeName
00125 };
00126
00130 CertificateInfoType();
00131
00140 CertificateInfoType(CertificateInfoTypeKnown known);
00141
00150 CertificateInfoType(const QString &id, Section section);
00151
00155 CertificateInfoType(const CertificateInfoType &from);
00156
00157 ~CertificateInfoType();
00158
00162 CertificateInfoType & operator=(const CertificateInfoType &from);
00163
00167 Section section() const;
00168
00176 CertificateInfoTypeKnown known() const;
00177
00196 QString id() const;
00197
00201 bool operator<(const CertificateInfoType &other) const;
00202
00206 bool operator==(const CertificateInfoType &other) const;
00207
00211 inline bool operator!=(const CertificateInfoType &other) const
00212 {
00213 return !(*this == other);
00214 }
00215
00216 private:
00217 class Private;
00218 QSharedDataPointer<Private> d;
00219 };
00220
00224 class QCA_EXPORT CertificateInfoPair
00225 {
00226 public:
00230 CertificateInfoPair();
00231
00238 CertificateInfoPair(const CertificateInfoType &type, const QString &value);
00239
00243 CertificateInfoPair(const CertificateInfoPair &from);
00244
00245 ~CertificateInfoPair();
00246
00250 CertificateInfoPair & operator=(const CertificateInfoPair &from);
00251
00255 CertificateInfoType type() const;
00256
00260 QString value() const;
00261
00265 bool operator==(const CertificateInfoPair &other) const;
00266
00270 inline bool operator!=(const CertificateInfoPair &other) const
00271 {
00272 return !(*this == other);
00273 }
00274
00275 private:
00276 class Private;
00277 QSharedDataPointer<Private> d;
00278 };
00279
00285 enum ConstraintTypeKnown
00286 {
00287
00288 DigitalSignature,
00289 NonRepudiation,
00290 KeyEncipherment,
00291 DataEncipherment,
00292 KeyAgreement,
00293 KeyCertificateSign,
00294 CRLSign,
00295 EncipherOnly,
00296 DecipherOnly,
00297
00298
00299 ServerAuth,
00300 ClientAuth,
00301 CodeSigning,
00302 EmailProtection,
00303 IPSecEndSystem,
00304 IPSecTunnel,
00305 IPSecUser,
00306 TimeStamping,
00307 OCSPSigning
00308 };
00309
00319 class QCA_EXPORT ConstraintType
00320 {
00321 public:
00325 enum Section
00326 {
00327 KeyUsage,
00328 ExtendedKeyUsage
00329 };
00330
00334 ConstraintType();
00335
00344 ConstraintType(ConstraintTypeKnown known);
00345
00354 ConstraintType(const QString &id, Section section);
00355
00359 ConstraintType(const ConstraintType &from);
00360
00361 ~ConstraintType();
00362
00366 ConstraintType & operator=(const ConstraintType &from);
00367
00371 Section section() const;
00372
00380 ConstraintTypeKnown known() const;
00381
00400 QString id() const;
00401
00405 bool operator<(const ConstraintType &other) const;
00406
00410 bool operator==(const ConstraintType &other) const;
00411
00415 inline bool operator!=(const ConstraintType &other) const
00416 {
00417 return !(*this == other);
00418 }
00419
00420 private:
00421 class Private;
00422 QSharedDataPointer<Private> d;
00423 };
00424
00428 enum UsageMode
00429 {
00430 UsageAny = 0x00,
00431 UsageTLSServer = 0x01,
00432 UsageTLSClient = 0x02,
00433 UsageCodeSigning = 0x04,
00434 UsageEmailProtection = 0x08,
00435 UsageTimeStamping = 0x10,
00436 UsageCRLSigning = 0x20
00437 };
00438
00442 enum Validity
00443 {
00444 ValidityGood,
00445 ErrorRejected,
00446 ErrorUntrusted,
00447 ErrorSignatureFailed,
00448 ErrorInvalidCA,
00449 ErrorInvalidPurpose,
00450 ErrorSelfSigned,
00451 ErrorRevoked,
00452 ErrorPathLengthExceeded,
00453 ErrorExpired,
00454 ErrorExpiredCA,
00455 ErrorValidityUnknown = 64
00456 };
00457
00461 enum ValidateFlags
00462 {
00463 ValidateAll = 0x00,
00464 ValidateRevoked = 0x01,
00465 ValidateExpired = 0x02,
00466 ValidatePolicy = 0x04
00467 };
00468
00480 typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
00481
00488 class CertificateInfoOrdered : public QList<CertificateInfoPair>
00489 {
00490 public:
00494 inline QString toString() const;
00495
00500 inline CertificateInfoOrdered dnOnly() const;
00501 };
00502
00506 QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
00507
00512 QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in);
00513
00514 inline QString CertificateInfoOrdered::toString() const
00515 {
00516 return orderedToDNString(*this);
00517 }
00518
00519 inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const
00520 {
00521 return orderedDNOnly(*this);
00522 }
00523
00527 typedef QList<ConstraintType> Constraints;
00528
00532 QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
00533
00541 class QCA_EXPORT CertificateOptions
00542 {
00543 public:
00549 CertificateOptions(CertificateRequestFormat format = PKCS10);
00550
00556 CertificateOptions(const CertificateOptions &from);
00557 ~CertificateOptions();
00558
00564 CertificateOptions & operator=(const CertificateOptions &from);
00565
00569 CertificateRequestFormat format() const;
00570
00576 void setFormat(CertificateRequestFormat f);
00577
00583 bool isValid() const;
00584
00592 QString challenge() const;
00593
00599 CertificateInfo info() const;
00600
00607 CertificateInfoOrdered infoOrdered() const;
00608
00612 Constraints constraints() const;
00613
00617 QStringList policies() const;
00618
00626 QStringList crlLocations() const;
00627
00635 QStringList issuerLocations() const;
00636
00642 QStringList ocspLocations() const;
00643
00650 bool isCA() const;
00651
00655 int pathLimit() const;
00656
00662 BigInteger serialNumber() const;
00663
00669 QDateTime notValidBefore() const;
00670
00676 QDateTime notValidAfter() const;
00677
00686 void setChallenge(const QString &s);
00687
00696 void setInfo(const CertificateInfo &info);
00697
00706 void setInfoOrdered(const CertificateInfoOrdered &info);
00707
00713 void setConstraints(const Constraints &constraints);
00714
00720 void setPolicies(const QStringList &policies);
00721
00729 void setCRLLocations(const QStringList &locations);
00730
00738 void setIssuerLocations(const QStringList &locations);
00739
00745 void setOCSPLocations(const QStringList &locations);
00746
00752 void setAsCA(int pathLimit = 8);
00753
00757 void setAsUser();
00758
00764 void setSerialNumber(const BigInteger &i);
00765
00772 void setValidityPeriod(const QDateTime &start, const QDateTime &end);
00773
00774 private:
00775 class Private;
00776 Private *d;
00777 };
00778
00786 class QCA_EXPORT Certificate : public Algorithm
00787 {
00788 public:
00792 Certificate();
00793
00800 Certificate(const QString &fileName);
00801
00811 Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
00812
00816 Certificate(const Certificate &from);
00817
00818 ~Certificate();
00819
00823 Certificate & operator=(const Certificate &from);
00824
00829 bool isNull() const;
00830
00834 QDateTime notValidBefore() const;
00835
00839 QDateTime notValidAfter() const;
00840
00858 CertificateInfo subjectInfo() const;
00859
00879 CertificateInfoOrdered subjectInfoOrdered() const;
00880
00886 CertificateInfo issuerInfo() const;
00887
00900 CertificateInfoOrdered issuerInfoOrdered() const;
00901
00905 Constraints constraints() const;
00906
00912 QStringList policies() const;
00913
00919 QStringList crlLocations() const;
00920
00926 QStringList issuerLocations() const;
00927
00931 QStringList ocspLocations() const;
00932
00939 QString commonName() const;
00940
00944 BigInteger serialNumber() const;
00945
00949 PublicKey subjectPublicKey() const;
00950
00956 bool isCA() const;
00957
00963 bool isSelfSigned() const;
00964
00971 bool isIssuerOf(const Certificate &other) const;
00972
00977 int pathLimit() const;
00978
00982 SignatureAlgorithm signatureAlgorithm() const;
00983
00987 QByteArray subjectKeyId() const;
00988
00992 QByteArray issuerKeyId() const;
00993
01005 Validity validate(const CertificateCollection &trusted, const CertificateCollection &untrusted, UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
01006
01010 QByteArray toDER() const;
01011
01015 QString toPEM() const;
01016
01022 bool toPEMFile(const QString &fileName) const;
01023
01036 static Certificate fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01037
01050 static Certificate fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01051
01065 static Certificate fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01066
01079 bool matchesHostName(const QString &host) const;
01080
01086 bool operator==(const Certificate &a) const;
01087
01091 inline bool operator!=(const Certificate &other) const
01092 {
01093 return !(*this == other);
01094 }
01095
01099 void change(CertContext *c);
01100
01101 private:
01102 class Private;
01103 friend class Private;
01104 QSharedDataPointer<Private> d;
01105
01106 friend class CertificateChain;
01107 Validity chain_validate(const CertificateChain &chain, const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const;
01108 CertificateChain chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
01109 };
01110
01131 class CertificateChain : public QList<Certificate>
01132 {
01133 public:
01137 inline CertificateChain() {}
01138
01145 inline CertificateChain(const Certificate &primary) { append(primary); }
01146
01150 inline const Certificate & primary() const { return first(); }
01151
01165 inline Validity validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls = QList<CRL>(), UsageMode u = UsageAny, ValidateFlags vf = ValidateAll) const;
01166
01190 inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(), Validity *result = 0) const;
01191 };
01192
01193 inline Validity CertificateChain::validate(const CertificateCollection &trusted, const QList<CRL> &untrusted_crls, UsageMode u, ValidateFlags vf) const
01194 {
01195 if(isEmpty())
01196 return ErrorValidityUnknown;
01197 return first().chain_validate(*this, trusted, untrusted_crls, u, vf);
01198 }
01199
01200 inline CertificateChain CertificateChain::complete(const QList<Certificate> &issuers, Validity *result) const
01201 {
01202 if(isEmpty())
01203 return CertificateChain();
01204 return first().chain_complete(*this, issuers, result);
01205 }
01206
01214 class QCA_EXPORT CertificateRequest : public Algorithm
01215 {
01216 public:
01220 CertificateRequest();
01221
01228 CertificateRequest(const QString &fileName);
01229
01239 CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
01240
01244 CertificateRequest(const CertificateRequest &from);
01245
01246 ~CertificateRequest();
01247
01251 CertificateRequest & operator=(const CertificateRequest &from);
01252
01258 bool isNull() const;
01259
01270 static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
01271
01275 CertificateRequestFormat format() const;
01276
01285 CertificateInfo subjectInfo() const;
01286
01297 CertificateInfoOrdered subjectInfoOrdered() const;
01298
01304 Constraints constraints() const;
01305
01311 QStringList policies() const;
01312
01316 PublicKey subjectPublicKey() const;
01317
01324 bool isCA() const;
01325
01331 int pathLimit() const;
01332
01336 QString challenge() const;
01337
01342 SignatureAlgorithm signatureAlgorithm() const;
01343
01349 bool operator==(const CertificateRequest &csr) const;
01350
01354 inline bool operator!=(const CertificateRequest &other) const
01355 {
01356 return !(*this == other);
01357 }
01358
01364 QByteArray toDER() const;
01365
01371 QString toPEM() const;
01372
01380 bool toPEMFile(const QString &fileName) const;
01381
01396 static CertificateRequest fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01397
01413 static CertificateRequest fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01414
01430 static CertificateRequest fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01431
01439 QString toString() const;
01440
01455 static CertificateRequest fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01456
01460 void change(CSRContext *c);
01461
01462 private:
01463 class Private;
01464 friend class Private;
01465 QSharedDataPointer<Private> d;
01466 };
01467
01473 class QCA_EXPORT CRLEntry
01474 {
01475 public:
01479 enum Reason
01480 {
01481 Unspecified,
01482 KeyCompromise,
01483 CACompromise,
01484 AffiliationChanged,
01485 Superseded,
01486 CessationOfOperation,
01487 CertificateHold,
01488 RemoveFromCRL,
01489 PrivilegeWithdrawn,
01490 AACompromise
01491 };
01492
01496 CRLEntry();
01497
01504 explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
01505
01514 CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
01515
01521 CRLEntry(const CRLEntry &from);
01522
01523 ~CRLEntry();
01524
01530 CRLEntry & operator=(const CRLEntry &from);
01531
01535 BigInteger serialNumber() const;
01536
01540 QDateTime time() const;
01541
01545 bool isNull() const;
01546
01553 Reason reason() const;
01554
01560 bool operator<(const CRLEntry &a) const;
01561
01567 bool operator==(const CRLEntry &a) const;
01568
01572 inline bool operator!=(const CRLEntry &other) const
01573 {
01574 return !(*this == other);
01575 }
01576
01577 private:
01578 BigInteger _serial;
01579 QDateTime _time;
01580 Reason _reason;
01581
01582 class Private;
01583 Private *d;
01584 };
01585
01604 class QCA_EXPORT CRL : public Algorithm
01605 {
01606 public:
01607 CRL();
01608
01612 CRL(const CRL &from);
01613
01614 ~CRL();
01615
01619 CRL & operator=(const CRL &from);
01620
01626 bool isNull() const;
01627
01634 CertificateInfo issuerInfo() const;
01635
01644 CertificateInfoOrdered issuerInfoOrdered() const;
01645
01652 int number() const;
01653
01657 QDateTime thisUpdate() const;
01658
01664 QDateTime nextUpdate() const;
01665
01669 QList<CRLEntry> revoked() const;
01670
01674 SignatureAlgorithm signatureAlgorithm() const;
01675
01679 QByteArray issuerKeyId() const;
01680
01686 bool operator==(const CRL &a) const;
01687
01691 inline bool operator!=(const CRL &other) const
01692 {
01693 return !(*this == other);
01694 }
01695
01701 QByteArray toDER() const;
01702
01708 QString toPEM() const;
01709
01716 bool toPEMFile(const QString &fileName) const;
01717
01729 static CRL fromDER(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
01730
01742 static CRL fromPEM(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
01743
01756 static CRL fromPEMFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01757
01761 void change(CRLContext *c);
01762
01763 private:
01764 class Private;
01765 friend class Private;
01766 QSharedDataPointer<Private> d;
01767 };
01768
01780 class QCA_EXPORT CertificateCollection
01781 {
01782 public:
01786 CertificateCollection();
01787
01793 CertificateCollection(const CertificateCollection &from);
01794
01795 ~CertificateCollection();
01796
01802 CertificateCollection & operator=(const CertificateCollection &from);
01803
01809 void addCertificate(const Certificate &cert);
01810
01817 void addCRL(const CRL &crl);
01818
01822 QList<Certificate> certificates() const;
01823
01827 QList<CRL> crls() const;
01828
01834 void append(const CertificateCollection &other);
01835
01841 CertificateCollection operator+(const CertificateCollection &other) const;
01842
01848 CertificateCollection & operator+=(const CertificateCollection &other);
01849
01860 static bool canUsePKCS7(const QString &provider = QString());
01861
01870 bool toFlatTextFile(const QString &fileName);
01871
01882 bool toPKCS7File(const QString &fileName, const QString &provider = QString());
01883
01897 static CertificateCollection fromFlatTextFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01898
01912 static CertificateCollection fromPKCS7File(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
01913
01914 private:
01915 class Private;
01916 QSharedDataPointer<Private> d;
01917 };
01918
01925 class QCA_EXPORT CertificateAuthority : public Algorithm
01926 {
01927 public:
01936 CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
01937
01943 CertificateAuthority(const CertificateAuthority &from);
01944
01945 ~CertificateAuthority();
01946
01952 CertificateAuthority & operator=(const CertificateAuthority &from);
01953
01960 Certificate certificate() const;
01961
01969 Certificate signRequest(const CertificateRequest &req, const QDateTime ¬ValidAfter) const;
01970
01977 Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
01978
01986 CRL createCRL(const QDateTime &nextUpdate) const;
01987
01997 CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
01998
01999 private:
02000 class Private;
02001 Private *d;
02002 };
02003
02021 class QCA_EXPORT KeyBundle
02022 {
02023 public:
02027 KeyBundle();
02028
02046 explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
02047
02053 KeyBundle(const KeyBundle &from);
02054
02055 ~KeyBundle();
02056
02062 KeyBundle & operator=(const KeyBundle &from);
02063
02067 bool isNull() const;
02068
02078 QString name() const;
02079
02085 CertificateChain certificateChain() const;
02086
02092 PrivateKey privateKey() const;
02093
02099 void setName(const QString &s);
02100
02110 void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
02111
02135 QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
02136
02161 bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
02162
02193 static KeyBundle fromArray(const QByteArray &a, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
02194
02225 static KeyBundle fromFile(const QString &fileName, const SecureArray &passphrase = SecureArray(), ConvertResult *result = 0, const QString &provider = QString());
02226
02227 private:
02228 class Private;
02229 QSharedDataPointer<Private> d;
02230 };
02231
02244 class QCA_EXPORT PGPKey : public Algorithm
02245 {
02246 public:
02250 PGPKey();
02251
02258 PGPKey(const QString &fileName);
02259
02265 PGPKey(const PGPKey &from);
02266
02267 ~PGPKey();
02268
02274 PGPKey & operator=(const PGPKey &from);
02275
02281 bool isNull() const;
02282
02286 QString keyId() const;
02287
02291 QString primaryUserId() const;
02292
02296 QStringList userIds() const;
02297
02303 bool isSecret() const;
02304
02308 QDateTime creationDate() const;
02309
02313 QDateTime expirationDate() const;
02314
02321 QString fingerprint() const;
02322
02331 bool inKeyring() const;
02332
02338 bool isTrusted() const;
02339
02349 QByteArray toArray() const;
02350
02359 QString toString() const;
02360
02366 bool toFile(const QString &fileName) const;
02367
02377 static PGPKey fromArray(const QByteArray &a, ConvertResult *result = 0, const QString &provider = QString());
02378
02388 static PGPKey fromString(const QString &s, ConvertResult *result = 0, const QString &provider = QString());
02389
02400 static PGPKey fromFile(const QString &fileName, ConvertResult *result = 0, const QString &provider = QString());
02401
02402 private:
02403 class Private;
02404 Private *d;
02405 };
02406
02442 class QCA_EXPORT KeyLoader : public QObject
02443 {
02444 Q_OBJECT
02445 public:
02451 KeyLoader(QObject *parent = 0);
02452 ~KeyLoader();
02453
02463 void loadPrivateKeyFromPEMFile(const QString &fileName);
02464
02473 void loadPrivateKeyFromPEM(const QString &s);
02474
02483 void loadPrivateKeyFromDER(const SecureArray &a);
02484
02493 void loadKeyBundleFromFile(const QString &fileName);
02494
02502 void loadKeyBundleFromArray(const QByteArray &a);
02503
02509 ConvertResult convertResult() const;
02510
02520 PrivateKey privateKey() const;
02521
02530 KeyBundle keyBundle() const;
02531
02532 Q_SIGNALS:
02540 void finished();
02541
02542 private:
02543 Q_DISABLE_COPY(KeyLoader)
02544
02545 class Private;
02546 friend class Private;
02547 Private *d;
02548 };
02549
02550 }
02551
02552 #endif