1 /****************************************************************************
2 **
3 ** Copyright (C) 2016 The Qt Company Ltd.
4 ** Contact: https://www.qt.io/licensing/
5 **
6 ** This file is part of the QtNetwork module of the Qt Toolkit.
7 **
8 ** $QT_BEGIN_LICENSE:LGPL$
9 ** Commercial License Usage
10 ** Licensees holding valid commercial Qt licenses may use this file in
11 ** accordance with the commercial license agreement provided with the
12 ** Software or, alternatively, in accordance with the terms contained in
13 ** a written agreement between you and The Qt Company. For licensing terms
14 ** and conditions see https://www.qt.io/terms-conditions. For further
15 ** information use the contact form at https://www.qt.io/contact-us.
16 **
17 ** GNU Lesser General Public License Usage
18 ** Alternatively, this file may be used under the terms of the GNU Lesser
19 ** General Public License version 3 as published by the Free Software
20 ** Foundation and appearing in the file LICENSE.LGPL3 included in the
21 ** packaging of this file. Please review the following information to
22 ** ensure the GNU Lesser General Public License version 3 requirements
23 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
24 **
25 ** GNU General Public License Usage
26 ** Alternatively, this file may be used under the terms of the GNU
27 ** General Public License version 2.0 or (at your option) the GNU General
28 ** Public license version 3 or any later version approved by the KDE Free
29 ** Qt Foundation. The licenses are as published by the Free Software
30 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
31 ** included in the packaging of this file. Please review the following
32 ** information to ensure the GNU General Public License requirements will
33 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and
34 ** https://www.gnu.org/licenses/gpl-3.0.html.
35 **
36 ** $QT_END_LICENSE$
37 **
38 ****************************************************************************/
39 
40 
41 #ifndef QSSLCERTIFICATE_H
42 #define QSSLCERTIFICATE_H
43 
44 #ifdef verify
45 #undef verify
46 #endif
47 
48 #include <QtNetwork/qtnetworkglobal.h>
49 #include <QtCore/qnamespace.h>
50 #include <QtCore/qbytearray.h>
51 #include <QtCore/qcryptographichash.h>
52 #include <QtCore/qdatetime.h>
53 #include <QtCore/qregexp.h>
54 #include <QtCore/qsharedpointer.h>
55 #include <QtCore/qmap.h>
56 #include <QtNetwork/qssl.h>
57 
58 QT_BEGIN_NAMESPACE
59 
60 class QDateTime;
61 class QIODevice;
62 class QSslError;
63 class QSslKey;
64 class QSslCertificateExtension;
65 class QStringList;
66 
67 class QSslCertificate;
68 // qHash is a friend, but we can't use default arguments for friends (§8.3.6.4)
69 Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed = 0) noexcept;
70 
71 class QSslCertificatePrivate;
72 class Q_NETWORK_EXPORT QSslCertificate
73 {
74 public:
75     enum SubjectInfo {
76         Organization,
77         CommonName,
78         LocalityName,
79         OrganizationalUnitName,
80         CountryName,
81         StateOrProvinceName,
82         DistinguishedNameQualifier,
83         SerialNumber,
84         EmailAddress
85     };
86 
87     enum class PatternSyntax {
88         RegularExpression,
89         Wildcard,
90         FixedString
91     };
92 
93 
94     explicit QSslCertificate(QIODevice *device, QSsl::EncodingFormat format = QSsl::Pem);
95     explicit QSslCertificate(const QByteArray &data = QByteArray(), QSsl::EncodingFormat format = QSsl::Pem);
96     QSslCertificate(const QSslCertificate &other);
97     ~QSslCertificate();
98     QSslCertificate &operator=(QSslCertificate &&other) noexcept { swap(other); return *this; }
99     QSslCertificate &operator=(const QSslCertificate &other);
100 
swap(QSslCertificate & other)101     void swap(QSslCertificate &other) noexcept
102     { qSwap(d, other.d); }
103 
104     bool operator==(const QSslCertificate &other) const;
105     inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); }
106 
107     bool isNull() const;
108 #if QT_DEPRECATED_SINCE(5,0)
isValid()109     QT_DEPRECATED inline bool isValid() const {
110         const QDateTime currentTime = QDateTime::currentDateTimeUtc();
111         return currentTime >= effectiveDate() &&
112                currentTime <= expiryDate() &&
113                !isBlacklisted();
114     }
115 #endif
116     bool isBlacklisted() const;
117     bool isSelfSigned() const;
118     void clear();
119 
120     // Certificate info
121     QByteArray version() const;
122     QByteArray serialNumber() const;
123     QByteArray digest(QCryptographicHash::Algorithm algorithm = QCryptographicHash::Md5) const;
124     QStringList issuerInfo(SubjectInfo info) const;
125     QStringList issuerInfo(const QByteArray &attribute) const;
126     QStringList subjectInfo(SubjectInfo info) const;
127     QStringList subjectInfo(const QByteArray &attribute) const;
128     QString issuerDisplayName() const;
129     QString subjectDisplayName() const;
130 
131     QList<QByteArray> subjectInfoAttributes() const;
132     QList<QByteArray> issuerInfoAttributes() const;
133 #if QT_DEPRECATED_SINCE(5,0)
134     QT_DEPRECATED inline QMultiMap<QSsl::AlternateNameEntryType, QString>
alternateSubjectNames()135                   alternateSubjectNames() const { return subjectAlternativeNames(); }
136 #endif
137     QMultiMap<QSsl::AlternativeNameEntryType, QString> subjectAlternativeNames() const;
138     QDateTime effectiveDate() const;
139     QDateTime expiryDate() const;
140 #ifndef QT_NO_SSL
141     QSslKey publicKey() const;
142 #endif
143     QList<QSslCertificateExtension> extensions() const;
144 
145     QByteArray toPem() const;
146     QByteArray toDer() const;
147     QString toText() const;
148 
149 #if QT_DEPRECATED_SINCE(5,15)
150     QT_DEPRECATED_X("Use the overload not using QRegExp")
151     static QList<QSslCertificate> fromPath(const QString &path, QSsl::EncodingFormat format,
152                                            QRegExp::PatternSyntax syntax);
153 #endif
154     static QList<QSslCertificate> fromPath(const QString &path,
155                                            QSsl::EncodingFormat format = QSsl::Pem,
156                                            PatternSyntax syntax = PatternSyntax::FixedString);
157 
158     static QList<QSslCertificate> fromDevice(
159         QIODevice *device, QSsl::EncodingFormat format = QSsl::Pem);
160     static QList<QSslCertificate> fromData(
161         const QByteArray &data, QSsl::EncodingFormat format = QSsl::Pem);
162 
163 #ifndef QT_NO_SSL
164 #if QT_VERSION >= QT_VERSION_CHECK(6,0,0)
165     static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName = QString());
166 #else
167     static QList<QSslError> verify(QList<QSslCertificate> certificateChain, const QString &hostName = QString());
168 #endif
169 
170     static bool importPkcs12(QIODevice *device,
171                              QSslKey *key, QSslCertificate *cert,
172                              QList<QSslCertificate> *caCertificates = nullptr,
173                              const QByteArray &passPhrase=QByteArray());
174 #endif
175 
176     Qt::HANDLE handle() const;
177 
178 private:
179     QExplicitlySharedDataPointer<QSslCertificatePrivate> d;
180     friend class QSslCertificatePrivate;
181     friend class QSslSocketBackendPrivate;
182 
183     friend Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed) noexcept;
184 };
185 Q_DECLARE_SHARED(QSslCertificate)
186 
187 #ifndef QT_NO_DEBUG_STREAM
188 class QDebug;
189 Q_NETWORK_EXPORT QDebug operator<<(QDebug debug, const QSslCertificate &certificate);
190 Q_NETWORK_EXPORT QDebug operator<<(QDebug debug, QSslCertificate::SubjectInfo info);
191 #endif
192 
193 QT_END_NAMESPACE
194 
195 Q_DECLARE_METATYPE(QSslCertificate)
196 
197 #endif
198