1/****************************************************************************
2**
3** Copyright (C) 2016 The Qt Company Ltd.
4** Contact: https://www.qt.io/licensing/
5**
6** This file is part of the QtNetwork module of the Qt Toolkit.
7**
8** $QT_BEGIN_LICENSE:LGPL$
9** Commercial License Usage
10** Licensees holding valid commercial Qt licenses may use this file in
11** accordance with the commercial license agreement provided with the
12** Software or, alternatively, in accordance with the terms contained in
13** a written agreement between you and The Qt Company. For licensing terms
14** and conditions see https://www.qt.io/terms-conditions. For further
15** information use the contact form at https://www.qt.io/contact-us.
16**
17** GNU Lesser General Public License Usage
18** Alternatively, this file may be used under the terms of the GNU Lesser
19** General Public License version 3 as published by the Free Software
20** Foundation and appearing in the file LICENSE.LGPL3 included in the
21** packaging of this file. Please review the following information to
22** ensure the GNU Lesser General Public License version 3 requirements
23** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
24**
25** GNU General Public License Usage
26** Alternatively, this file may be used under the terms of the GNU
27** General Public License version 2.0 or (at your option) the GNU General
28** Public license version 3 or any later version approved by the KDE Free
29** Qt Foundation. The licenses are as published by the Free Software
30** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
31** included in the packaging of this file. Please review the following
32** information to ensure the GNU General Public License requirements will
33** be met: https://www.gnu.org/licenses/gpl-2.0.html and
34** https://www.gnu.org/licenses/gpl-3.0.html.
35**
36** $QT_END_LICENSE$
37**
38****************************************************************************/
39
40
41#ifndef QSSLCERTIFICATE_H
42#define QSSLCERTIFICATE_H
43
44#ifdef verify
45#undef verify
46#endif
47
48#include <QtNetwork/qtnetworkglobal.h>
49#include <QtCore/qnamespace.h>
50#include <QtCore/qbytearray.h>
51#include <QtCore/qcryptographichash.h>
52#include <QtCore/qdatetime.h>
53#include <QtCore/qregexp.h>
54#include <QtCore/qsharedpointer.h>
55#include <QtCore/qmap.h>
56#include <QtNetwork/qssl.h>
57
58QT_BEGIN_NAMESPACE
59
60class QDateTime;
61class QIODevice;
62class QSslError;
63class QSslKey;
64class QSslCertificateExtension;
65class QStringList;
66
67class QSslCertificate;
68// qHash is a friend, but we can't use default arguments for friends (ยง8.3.6.4)
69Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed = 0) noexcept;
70
71class QSslCertificatePrivate;
72class Q_NETWORK_EXPORT QSslCertificate
73{
74public:
75 enum SubjectInfo {
76 Organization,
77 CommonName,
78 LocalityName,
79 OrganizationalUnitName,
80 CountryName,
81 StateOrProvinceName,
82 DistinguishedNameQualifier,
83 SerialNumber,
84 EmailAddress
85 };
86
87 enum class PatternSyntax {
88 RegularExpression,
89 Wildcard,
90 FixedString
91 };
92
93
94 explicit QSslCertificate(QIODevice *device, QSsl::EncodingFormat format = QSsl::Pem);
95 explicit QSslCertificate(const QByteArray &data = QByteArray(), QSsl::EncodingFormat format = QSsl::Pem);
96 QSslCertificate(const QSslCertificate &other);
97 ~QSslCertificate();
98 QSslCertificate &operator=(QSslCertificate &&other) noexcept { swap(other); return *this; }
99 QSslCertificate &operator=(const QSslCertificate &other);
100
101 void swap(QSslCertificate &other) noexcept
102 { qSwap(d, other.d); }
103
104 bool operator==(const QSslCertificate &other) const;
105 inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); }
106
107 bool isNull() const;
108#if QT_DEPRECATED_SINCE(5,0)
109 QT_DEPRECATED inline bool isValid() const {
110 const QDateTime currentTime = QDateTime::currentDateTimeUtc();
111 return currentTime >= effectiveDate() &&
112 currentTime <= expiryDate() &&
113 !isBlacklisted();
114 }
115#endif
116 bool isBlacklisted() const;
117 bool isSelfSigned() const;
118 void clear();
119
120 // Certificate info
121 QByteArray version() const;
122 QByteArray serialNumber() const;
123 QByteArray digest(QCryptographicHash::Algorithm algorithm = QCryptographicHash::Md5) const;
124 QStringList issuerInfo(SubjectInfo info) const;
125 QStringList issuerInfo(const QByteArray &attribute) const;
126 QStringList subjectInfo(SubjectInfo info) const;
127 QStringList subjectInfo(const QByteArray &attribute) const;
128 QString issuerDisplayName() const;
129 QString subjectDisplayName() const;
130
131 QList<QByteArray> subjectInfoAttributes() const;
132 QList<QByteArray> issuerInfoAttributes() const;
133#if QT_DEPRECATED_SINCE(5,0)
134 QT_DEPRECATED inline QMultiMap<QSsl::AlternateNameEntryType, QString>
135 alternateSubjectNames() const { return subjectAlternativeNames(); }
136#endif
137 QMultiMap<QSsl::AlternativeNameEntryType, QString> subjectAlternativeNames() const;
138 QDateTime effectiveDate() const;
139 QDateTime expiryDate() const;
140#ifndef QT_NO_SSL
141 QSslKey publicKey() const;
142#endif
143 QList<QSslCertificateExtension> extensions() const;
144
145 QByteArray toPem() const;
146 QByteArray toDer() const;
147 QString toText() const;
148
149#if QT_DEPRECATED_SINCE(5,15)
150 QT_DEPRECATED_X("Use the overload not using QRegExp")
151 static QList<QSslCertificate> fromPath(const QString &path, QSsl::EncodingFormat format,
152 QRegExp::PatternSyntax syntax);
153#endif
154 static QList<QSslCertificate> fromPath(const QString &path,
155 QSsl::EncodingFormat format = QSsl::Pem,
156 PatternSyntax syntax = PatternSyntax::FixedString);
157
158 static QList<QSslCertificate> fromDevice(
159 QIODevice *device, QSsl::EncodingFormat format = QSsl::Pem);
160 static QList<QSslCertificate> fromData(
161 const QByteArray &data, QSsl::EncodingFormat format = QSsl::Pem);
162
163#ifndef QT_NO_SSL
164#if QT_VERSION >= QT_VERSION_CHECK(6,0,0)
165 static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName = QString());
166#else
167 static QList<QSslError> verify(QList<QSslCertificate> certificateChain, const QString &hostName = QString());
168#endif
169
170 static bool importPkcs12(QIODevice *device,
171 QSslKey *key, QSslCertificate *cert,
172 QList<QSslCertificate> *caCertificates = nullptr,
173 const QByteArray &passPhrase=QByteArray());
174#endif
175
176 Qt::HANDLE handle() const;
177
178private:
179 QExplicitlySharedDataPointer<QSslCertificatePrivate> d;
180 friend class QSslCertificatePrivate;
181 friend class QSslSocketBackendPrivate;
182
183 friend Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed) noexcept;
184};
185Q_DECLARE_SHARED(QSslCertificate)
186
187#ifndef QT_NO_DEBUG_STREAM
188class QDebug;
189Q_NETWORK_EXPORT QDebug operator<<(QDebug debug, const QSslCertificate &certificate);
190Q_NETWORK_EXPORT QDebug operator<<(QDebug debug, QSslCertificate::SubjectInfo info);
191#endif
192
193QT_END_NAMESPACE
194
195Q_DECLARE_METATYPE(QSslCertificate)
196
197#endif
198