Qt 4.8
qsslcertificate.cpp
Go to the documentation of this file.
1 /****************************************************************************
2 **
3 ** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
4 ** Contact: http://www.qt-project.org/legal
5 **
6 ** This file is part of the QtNetwork module of the Qt Toolkit.
7 **
8 ** $QT_BEGIN_LICENSE:LGPL$
9 ** Commercial License Usage
10 ** Licensees holding valid commercial Qt licenses may use this file in
11 ** accordance with the commercial license agreement provided with the
12 ** Software or, alternatively, in accordance with the terms contained in
13 ** a written agreement between you and Digia. For licensing terms and
14 ** conditions see http://qt.digia.com/licensing. For further information
15 ** use the contact form at http://qt.digia.com/contact-us.
16 **
17 ** GNU Lesser General Public License Usage
18 ** Alternatively, this file may be used under the terms of the GNU Lesser
19 ** General Public License version 2.1 as published by the Free Software
20 ** Foundation and appearing in the file LICENSE.LGPL included in the
21 ** packaging of this file. Please review the following information to
22 ** ensure the GNU Lesser General Public License version 2.1 requirements
23 ** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
24 **
25 ** In addition, as a special exception, Digia gives you certain additional
26 ** rights. These rights are described in the Digia Qt LGPL Exception
27 ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
28 **
29 ** GNU General Public License Usage
30 ** Alternatively, this file may be used under the terms of the GNU
31 ** General Public License version 3.0 as published by the Free Software
32 ** Foundation and appearing in the file LICENSE.GPL included in the
33 ** packaging of this file. Please review the following information to
34 ** ensure the GNU General Public License version 3.0 requirements will be
35 ** met: http://www.gnu.org/copyleft/gpl.html.
36 **
37 **
38 ** $QT_END_LICENSE$
39 **
40 ****************************************************************************/
41 
42 
117 #include "qsslcertificate.h"
118 #include "qsslcertificate_p.h"
119 #include "qsslkey.h"
120 #include "qsslkey_p.h"
121 
122 #include <QtCore/qatomic.h>
123 #include <QtCore/qdatetime.h>
124 #include <QtCore/qdebug.h>
125 #include <QtCore/qdir.h>
126 #include <QtCore/qdiriterator.h>
127 #include <QtCore/qfile.h>
128 #include <QtCore/qfileinfo.h>
129 #include <QtCore/qmap.h>
130 #include <QtCore/qmutex.h>
131 #include <QtCore/private/qmutexpool_p.h>
132 #include <QtCore/qstring.h>
133 #include <QtCore/qstringlist.h>
134 
136 
137 // forward declaration
139 
148 {
150  if (device)
151  d->init(device->readAll(), format);
152 }
153 
162 {
164  d->init(data, format);
165 }
166 
171 {
172 }
173 
178 {
179 }
180 
186 {
187  d = other.d;
188  return *this;
189 }
190 
196 {
197  if (d == other.d)
198  return true;
199  if (d->null && other.d->null)
200  return true;
201  if (d->x509 && other.d->x509)
202  return q_X509_cmp(d->x509, other.d->x509) == 0;
203  return false;
204 }
205 
225 {
226  return d->null;
227 }
228 
241 {
242  const QDateTime currentTime = QDateTime::currentDateTime();
243  return currentTime >= d->notValidBefore &&
244  currentTime <= d->notValidAfter &&
246 }
247 
255 {
256  if (isNull())
257  return;
259 }
260 
265 {
267  if (d->versionString.isEmpty() && d->x509)
268  d->versionString =
269  QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
270 
271  return d->versionString;
272 }
273 
281 {
283  if (d->serialNumberString.isEmpty() && d->x509) {
284  ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
285  // if we cannot convert to a long, just output the hexadecimal number
286  if (serialNumber->length > 4) {
287  QByteArray hexString;
288  hexString.reserve(serialNumber->length * 3);
289  for (int a = 0; a < serialNumber->length; ++a) {
290  hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');
291  hexString += ':';
292  }
293  hexString.chop(1);
294  d->serialNumberString = hexString;
295  } else {
297  }
298  }
299  return d->serialNumberString;
300 }
301 
308 {
309  return QCryptographicHash::hash(toDer(), algorithm);
310 }
311 
313 {
314  QString str;
315  switch (info) {
316  case QSslCertificate::Organization: str = QLatin1String("O"); break;
317  case QSslCertificate::CommonName: str = QLatin1String("CN"); break;
318  case QSslCertificate::LocalityName: str = QLatin1String("L"); break;
320  case QSslCertificate::CountryName: str = QLatin1String("C"); break;
321  case QSslCertificate::StateOrProvinceName: str = QLatin1String("ST"); break;
322  }
323  return str;
324 }
325 
339 {
341  // lazy init
342  if (d->issuerInfo.isEmpty() && d->x509)
343  d->issuerInfo =
345 
346  return d->issuerInfo.value(_q_SubjectInfoToString(info));
347 }
348 
357 {
359  // lazy init
360  if (d->issuerInfo.isEmpty() && d->x509)
361  d->issuerInfo =
363 
364  return d->issuerInfo.value(QString::fromLatin1(tag));
365 }
366 
380 {
382  // lazy init
383  if (d->subjectInfo.isEmpty() && d->x509)
384  d->subjectInfo =
386 
387  return d->subjectInfo.value(_q_SubjectInfoToString(info));
388 }
389 
397 {
399  // lazy init
400  if (d->subjectInfo.isEmpty() && d->x509)
401  d->subjectInfo =
403 
404  return d->subjectInfo.value(QString::fromLatin1(tag));
405 }
406 
421 {
423 
424  if (!d->x509)
425  return result;
426 
427  STACK_OF(GENERAL_NAME) *altNames = (STACK_OF(GENERAL_NAME)*)q_X509_get_ext_d2i(d->x509, NID_subject_alt_name, 0, 0);
428 
429  if (altNames) {
430  for (int i = 0; i < q_sk_GENERAL_NAME_num(altNames); ++i) {
431  const GENERAL_NAME *genName = q_sk_GENERAL_NAME_value(altNames, i);
432  if (genName->type != GEN_DNS && genName->type != GEN_EMAIL)
433  continue;
434 
435  int len = q_ASN1_STRING_length(genName->d.ia5);
436  if (len < 0 || len >= 8192) {
437  // broken name
438  continue;
439  }
440 
441  const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
442  const QString altName = QString::fromLatin1(altNameStr, len);
443  if (genName->type == GEN_DNS)
444  result.insert(QSsl::DnsEntry, altName);
445  else if (genName->type == GEN_EMAIL)
446  result.insert(QSsl::EmailEntry, altName);
447  }
448  q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free));
449  }
450 
451  return result;
452 }
453 
461 {
462  return d->notValidBefore;
463 }
464 
472 {
473  return d->notValidAfter;
474 }
475 
488 {
489  return Qt::HANDLE(d->x509);
490 }
491 
496 {
497  if (!d->x509)
498  return QSslKey();
499 
500  QSslKey key;
501 
502  key.d->type = QSsl::PublicKey;
503  X509_PUBKEY *xkey = d->x509->cert_info->key;
504  EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
505  Q_ASSERT(pkey);
506 
507  if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
508  key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
509  key.d->algorithm = QSsl::Rsa;
510  key.d->isNull = false;
511  } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
512  key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
513  key.d->algorithm = QSsl::Dsa;
514  key.d->isNull = false;
515  } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
516  // DH unsupported
517  } else {
518  // error?
519  }
520 
521  q_EVP_PKEY_free(pkey);
522  return key;
523 }
524 
530 {
531  if (!d->x509)
532  return QByteArray();
534 }
535 
541 {
542  if (!d->x509)
543  return QByteArray();
545 }
546 
560  QRegExp::PatternSyntax syntax)
561 {
562  // $, (,), *, +, ., ?, [, ,], ^, {, | and }.
563  int pos = -1;
564  if (syntax == QRegExp::Wildcard)
565  pos = path.indexOf(QRegExp(QLatin1String("[^\\][\\*\\?\\[\\]]")));
566  else if (syntax != QRegExp::FixedString)
567  pos = path.indexOf(QRegExp(QLatin1String("[^\\][\\$\\(\\)\\*\\+\\.\\?\\[\\]\\^\\{\\}\\|]")));
568  QString pathPrefix = path.left(pos); // == path if pos < 0
569  if (pos != -1)
570  pathPrefix = pathPrefix.left(pathPrefix.lastIndexOf(QLatin1Char('/')));
571 
572  // Special case - if the prefix ends up being nothing, use "." instead and
573  // chop off the first two characters from the glob'ed paths.
574  int startIndex = 0;
575  if (pathPrefix.trimmed().isEmpty()) {
576  if(path.startsWith(QLatin1Char('/'))) {
577  pathPrefix = path.left(path.indexOf(QRegExp(QLatin1String("[\\*\\?\\[]"))));
578  pathPrefix = path.left(path.lastIndexOf(QLatin1Char('/')));
579  } else {
580  startIndex = 2;
581  pathPrefix = QLatin1String(".");
582  }
583  }
584 
585  // The path is a file.
586  if (pos == -1 && QFileInfo(pathPrefix).isFile()) {
587  QFile file(pathPrefix);
590  return QList<QSslCertificate>();
591  }
592 
593  // The path can be a file or directory.
595  QRegExp pattern(path, Qt::CaseSensitive, syntax);
597  while (it.hasNext()) {
598  QString filePath = startIndex == 0 ? it.next() : it.next().mid(startIndex);
599  if (!pattern.exactMatch(filePath))
600  continue;
601 
602  QFile file(filePath);
604  certs += QSslCertificate::fromData(file.readAll(),format);
605  }
606  return certs;
607 }
608 
617 {
618  if (!device) {
619  qWarning("QSslCertificate::fromDevice: cannot read from a null device");
620  return QList<QSslCertificate>();
621  }
622  return fromData(device->readAll(), format);
623 }
624 
633 {
634  return (format == QSsl::Pem)
637 }
638 
640 {
641  if (!data.isEmpty()) {
642  QList<QSslCertificate> certs = (format == QSsl::Pem)
643  ? certificatesFromPem(data, 1)
644  : certificatesFromDer(data, 1);
645  if (!certs.isEmpty()) {
646  *this = *certs.first().d;
647  if (x509)
648  x509 = q_X509_dup(x509);
649  }
650  }
651 }
652 
653 #define BEGINCERTSTRING "-----BEGIN CERTIFICATE-----"
654 #define ENDCERTSTRING "-----END CERTIFICATE-----"
655 
656 // ### refactor against QSsl::pemFromDer() etc. (to avoid redundant implementations)
658 {
659  if (!x509) {
660  qWarning("QSslSocketBackendPrivate::X509_to_QByteArray: null X509");
661  return QByteArray();
662  }
663 
664  // Use i2d_X509 to convert the X509 to an array.
665  int length = q_i2d_X509(x509, 0);
666  QByteArray array;
667  array.resize(length);
668  char *data = array.data();
669  char **dataP = &data;
670  unsigned char **dataPu = (unsigned char **)dataP;
671  if (q_i2d_X509(x509, dataPu) < 0)
672  return QByteArray();
673 
674  if (format == QSsl::Der)
675  return array;
676 
677  // Convert to Base64 - wrap at 64 characters.
678  array = array.toBase64();
679  QByteArray tmp;
680  for (int i = 0; i <= array.size() - 64; i += 64) {
681  tmp += QByteArray::fromRawData(array.data() + i, 64);
682  tmp += '\n';
683  }
684  if (int remainder = array.size() % 64) {
685  tmp += QByteArray::fromRawData(array.data() + array.size() - remainder, remainder);
686  tmp += '\n';
687  }
688 
689  return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";
690 }
691 
693 {
695  for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {
696  X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);
698  unsigned char *data = 0;
700  info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
701  q_CRYPTO_free(data);
702  }
703  return info;
704 }
705 
707 {
708  QSslCertificate certificate;
709  if (!x509 || !QSslSocket::supportsSsl())
710  return certificate;
711 
712  ASN1_TIME *nbef = q_X509_get_notBefore(x509);
713  ASN1_TIME *naft = q_X509_get_notAfter(x509);
714  certificate.d->notValidBefore = q_getTimeFromASN1(nbef);
715  certificate.d->notValidAfter = q_getTimeFromASN1(naft);
716  certificate.d->null = false;
717  certificate.d->x509 = q_X509_dup(x509);
718 
719  return certificate;
720 }
721 
722 static bool matchLineFeed(const QByteArray &pem, int *offset)
723 {
724  char ch = 0;
725 
726  // ignore extra whitespace at the end of the line
727  while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ')
728  ++*offset;
729 
730  if (ch == '\n') {
731  *offset += 1;
732  return true;
733  }
734  if (ch == '\r' && pem.size() > (*offset + 1) && pem.at(*offset + 1) == '\n') {
735  *offset += 2;
736  return true;
737  }
738  return false;
739 }
740 
742 {
743  QList<QSslCertificate> certificates;
745 
746  int offset = 0;
747  while (count == -1 || certificates.size() < count) {
748  int startPos = pem.indexOf(BEGINCERTSTRING, offset);
749  if (startPos == -1)
750  break;
751  startPos += sizeof(BEGINCERTSTRING) - 1;
752  if (!matchLineFeed(pem, &startPos))
753  break;
754 
755  int endPos = pem.indexOf(ENDCERTSTRING, startPos);
756  if (endPos == -1)
757  break;
758 
759  offset = endPos + sizeof(ENDCERTSTRING) - 1;
760  if (offset < pem.size() && !matchLineFeed(pem, &offset))
761  break;
762 
764  QByteArray::fromRawData(pem.data() + startPos, endPos - startPos));
765 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
766  const unsigned char *data = (const unsigned char *)decoded.data();
767 #else
768  unsigned char *data = (unsigned char *)decoded.data();
769 #endif
770 
771  if (X509 *x509 = q_d2i_X509(0, &data, decoded.size())) {
772  certificates << QSslCertificate_from_X509(x509);
773  q_X509_free(x509);
774  }
775  }
776 
777  return certificates;
778 }
779 
781 {
782  QList<QSslCertificate> certificates;
784 
785 
786 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
787  const unsigned char *data = (const unsigned char *)der.data();
788 #else
789  unsigned char *data = (unsigned char *)der.data();
790 #endif
791  int size = der.size();
792 
793  while (count == -1 || certificates.size() < count) {
794  if (X509 *x509 = q_d2i_X509(0, &data, size)) {
795  certificates << QSslCertificate_from_X509(x509);
796  q_X509_free(x509);
797  } else {
798  break;
799  }
800  size -= ((char *)data - der.data());
801  }
802 
803  return certificates;
804 }
805 
806 // These certificates are known to be fraudulent and were created during the comodo
807 // compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
808 static const char *certificate_blacklist[] = {
809  "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", "mail.google.com", // Comodo
810  "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", "www.google.com", // Comodo
811  "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", "login.yahoo.com", // Comodo
812  "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", "login.yahoo.com", // Comodo
813  "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", "login.yahoo.com", // Comodo
814  "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", "login.skype.com", // Comodo
815  "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", "addons.mozilla.org", // Comodo
816  "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", "login.live.com", // Comodo
817  "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", "global trustee", // Comodo
818 
819  "05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56", "*.google.com", // leaf certificate issued by DigiNotar
820  "0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c", "DigiNotar Root CA", // DigiNotar root
821  "f1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49", "DigiNotar Services CA", // DigiNotar intermediate signed by DigiNotar Root
822  "36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38", "DigiNotar Services 1024 CA", // DigiNotar intermediate signed by DigiNotar Root
823  "0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e", "DigiNotar Root CA G2", // other DigiNotar Root CA
824  "a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21", "CertiID Enterprise Certificate Authority", // DigiNotar intermediate signed by "DigiNotar Root CA G2"
825  "5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41", "DigiNotar Qualified CA", // DigiNotar intermediate signed by DigiNotar Root
826 
827  "1184640176", "DigiNotar Services 1024 CA", // DigiNotar intermediate cross-signed by Entrust
828  "120000525", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust
829  "120000505", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust
830  "120000515", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust
831  "20015536", "DigiNotar PKIoverheid CA Overheid en Bedrijven", // DigiNotar intermediate cross-signed by the Dutch government
832  "20001983", "DigiNotar PKIoverheid CA Organisatie - G2", // DigiNotar intermediate cross-signed by the Dutch government
833  "d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4", "DigiNotar Extended Validation CA", // DigiNotar intermediate signed by DigiNotar EV Root
834  "1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04", "DigiNotar Public CA 2025", // DigiNotar intermediate
835 // "(has not been seen in the wild so far)", "DigiNotar Public CA - G2", // DigiNotar intermediate
836 // "(has not been seen in the wild so far)", "Koninklijke Notariele Beroepsorganisatie CA", // compromised during DigiNotar breach
837 // "(has not been seen in the wild so far)", "Stichting TTP Infos CA," // compromised during DigiNotar breach
838  "1184640175", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
839  "1184644297", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
840 
841  "120001705", "Digisign Server ID (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Verizon CyberTrust
842  "1276011370", "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
843  "72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0", "UTN-USERFirst-Hardware", // comodogate test certificate
844  "41", "MD5 Collisions Inc. (http://www.phreedom.org/md5)", // http://www.phreedom.org/research/rogue-ca/
845 
846  "2087", "*.EGO.GOV.TR", // Turktrust mis-issued intermediate certificate
847  "2148", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
848 
849  "204199", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency
850  0
851 };
852 
854 {
855  for (int a = 0; certificate_blacklist[a] != 0; a++) {
856  QString blacklistedCommonName = QString::fromUtf8(certificate_blacklist[(a+1)]);
857  if (certificate.serialNumber() == certificate_blacklist[a++] &&
858  (certificate.subjectInfo(QSslCertificate::CommonName) == blacklistedCommonName ||
859  certificate.issuerInfo(QSslCertificate::CommonName) == blacklistedCommonName))
860  return true;
861  }
862  return false;
863 }
864 
865 #ifndef QT_NO_DEBUG_STREAM
866 QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
867 {
868  debug << "QSslCertificate("
869  << certificate.version()
870  << ',' << certificate.serialNumber()
871  << ',' << certificate.digest().toBase64()
872  << ',' << certificate.issuerInfo(QSslCertificate::Organization)
873  << ',' << certificate.subjectInfo(QSslCertificate::Organization)
874  << ',' << certificate.alternateSubjectNames()
875 #ifndef QT_NO_TEXTSTREAM
876  << ',' << certificate.effectiveDate()
877  << ',' << certificate.expiryDate()
878 #endif
879  << ')';
880  return debug;
881 }
883 {
884  switch (info) {
885  case QSslCertificate::Organization: debug << "Organization"; break;
886  case QSslCertificate::CommonName: debug << "CommonName"; break;
887  case QSslCertificate::CountryName: debug << "CountryName"; break;
888  case QSslCertificate::LocalityName: debug << "LocalityName"; break;
889  case QSslCertificate::OrganizationalUnitName: debug << "OrganizationalUnitName"; break;
890  case QSslCertificate::StateOrProvinceName: debug << "StateOrProvinceName"; break;
891  }
892  return debug;
893 }
894 #endif
895 
The QMultiMap class is a convenience QMap subclass that provides multi-valued maps.
Definition: qcontainerfwd.h:59
The QDebug class provides an output stream for debugging information.
Definition: qdebug.h:62
double d
Definition: qnumeric_p.h:62
#define BEGINCERTSTRING
void chop(int n)
Removes n bytes from the end of the byte array.
Definition: qssl.h:68
long q_ASN1_INTEGER_get(ASN1_INTEGER *a)
The QSslKey class provides an interface for private and public keys.
Definition: qsslkey.h:64
const char * q_OBJ_nid2sn(int a)
QExplicitlySharedDataPointer< QSslKeyPrivate > d
Definition: qsslkey.h:96
EVP_PKEY * q_X509_PUBKEY_get(X509_PUBKEY *a)
X509 * q_X509_dup(X509 *a)
QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
static QList< QSslCertificate > fromDevice(QIODevice *device, QSsl::EncodingFormat format=QSsl::Pem)
Searches for and parses all certificates in device that are encoded in the specified format and retur...
static mach_timebase_info_data_t info
static QList< QSslCertificate > certificatesFromDer(const QByteArray &der, int count=-1)
#define QT_END_NAMESPACE
This macro expands to.
Definition: qglobal.h:90
#define ENDCERTSTRING
QByteArray serialNumber() const
Returns the certificate&#39;s serial number string in decimal format.
bool hasNext() const
Returns true if there is at least one more entry in the directory; otherwise, false is returned...
char * data()
Returns a pointer to the data stored in the byte array.
Definition: qbytearray.h:429
QSsl::KeyType type
Definition: qsslkey_p.h:87
The QRegExp class provides pattern matching using regular expressions.
Definition: qregexp.h:61
#define it(className, varName)
bool open(OpenMode flags)
Opens the file using OpenMode mode, returning true if successful; otherwise false.
Definition: qfile.cpp:1064
QMap< Key, T >::iterator insert(const Key &key, const T &value)
Inserts a new item with the key key and a value of value.
Definition: qmap.h:982
QByteArray rightJustified(int width, char fill=' ', bool truncate=false) const
Returns a byte array of size width that contains the fill character followed by this byte array...
The QByteArray class provides an array of bytes.
Definition: qbytearray.h:135
QMap< QString, QString > subjectInfo
~QSslCertificate()
Destroys the QSslCertificate.
#define q_X509_get_notBefore(x)
bool operator==(const QSslCertificate &other) const
Returns true if this certificate is the same as other; otherwise returns false.
bool startsWith(const QString &s, Qt::CaseSensitivity cs=Qt::CaseSensitive) const
Returns true if the string starts with s; otherwise returns false.
Definition: qstring.cpp:3734
Definition: qssl.h:67
QLatin1String(DBUS_INTERFACE_DBUS))) Q_GLOBAL_STATIC_WITH_ARGS(QString
long ASN1_INTEGER_get ASN1_INTEGER * a
static bool isBlacklisted(const QSslCertificate &certificate)
The QDirIterator class provides an iterator for directory entrylists.
Definition: qdiriterator.h:54
The QString class provides a Unicode character string.
Definition: qstring.h:83
#define Q_ASSERT(cond)
Definition: qglobal.h:1823
#define q_sk_GENERAL_NAME_num(st)
QSsl::KeyAlgorithm algorithm
Definition: qsslkey_p.h:88
static bool supportsSsl()
Returns true if this platform supports SSL; otherwise, returns false.
bool isEmpty() const
Returns true if the list contains no items; otherwise returns false.
Definition: qlist.h:152
void init(const QByteArray &data, QSsl::EncodingFormat format)
bool isNull() const
Returns true if this is a null certificate (i.e., a certificate with no contents); otherwise returns ...
QSslCertificate(QIODevice *device, QSsl::EncodingFormat format=QSsl::Pem)
Constructs a QSslCertificate by reading format encoded data from device and using the first certifica...
T * data() const
Returns a pointer to the shared data object.
Definition: qshareddata.h:145
#define QT_BEGIN_NAMESPACE
This macro expands to.
Definition: qglobal.h:89
static QMap< QString, QString > _q_mapFromX509Name(X509_NAME *name)
QByteArray toPem() const
Returns this certificate converted to a PEM (Base64) encoded representation.
bool isValid() const
Returns true if this certificate is valid; otherwise returns false.
struct x509_st X509
QString left(int n) const Q_REQUIRED_RESULT
Returns a substring that contains the n leftmost characters of the string.
Definition: qstring.cpp:3664
QString trimmed() const Q_REQUIRED_RESULT
Returns a string that has whitespace removed from the start and the end.
Definition: qstring.cpp:4506
bool isEmpty() const
Returns true if the string has no characters; otherwise returns false.
Definition: qstring.h:704
Qt::HANDLE handle() const
Returns a pointer to the native certificate handle, if there is one, or a null pointer otherwise...
static bool matchLineFeed(const QByteArray &pem, int *offset)
const char * name
const T value(const Key &key) const
Returns the value associated with the key key.
Definition: qmap.h:499
static QByteArray fromRawData(const char *, int size)
Constructs a QByteArray that uses the first size bytes of the data array.
static QString fromUtf8(const char *, int size=-1)
Returns a QString initialized with the first size bytes of the UTF-8 string str.
Definition: qstring.cpp:4302
Q_CORE_EXPORT void qWarning(const char *,...)
unsigned char * q_ASN1_STRING_data(ASN1_STRING *a)
static QSslCertificate QSslCertificate_from_X509(X509 *x509)
static const char * certificate_blacklist[]
static const char * data(const QByteArray &arr)
int indexOf(QChar c, int from=0, Qt::CaseSensitivity cs=Qt::CaseSensitive) const
Definition: qstring.cpp:2838
QString subjectInfo(SubjectInfo info) const
Returns the information for the subject, or an empty string if there is no information for subject in...
QString issuerInfo(SubjectInfo info) const
Returns the issuer information for the subject from the certificate, or an empty string if there is n...
QExplicitlySharedDataPointer< QSslCertificatePrivate > d
X509_NAME * q_X509_get_issuer_name(X509 *a)
void q_sk_pop_free(STACK *a, void(*b)(void *))
void q_X509_free(X509 *a)
void * HANDLE
Definition: qnamespace.h:1671
SubjectInfo
Describes keys that you can pass to QSslCertificate::issuerInfo() or QSslCertificate::subjectInfo() t...
Definition: qssl.h:62
int indexOf(char c, int from=0) const
Returns the index position of the first occurrence of the character ch in the byte array...
int q_EVP_PKEY_type(int a)
DSA * q_EVP_PKEY_get1_DSA(EVP_PKEY *a)
QDateTime effectiveDate() const
Returns the date-time that the certificate becomes valid, or an empty QDateTime if this is a null cer...
T & first()
Returns a reference to the first item in the list.
Definition: qlist.h:282
QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
ASN1_OBJECT * q_X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *a)
static QList< QSslCertificate > certificatesFromPem(const QByteArray &pem, int count=-1)
QString mid(int position, int n=-1) const Q_REQUIRED_RESULT
Returns a string that contains n characters of this string, starting at the specified position index...
Definition: qstring.cpp:3706
static QByteArray fromBase64(const QByteArray &base64)
Returns a decoded copy of the Base64 array base64.
void * q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d)
int q_OBJ_obj2nid(const ASN1_OBJECT *a)
int q_X509_NAME_entry_count(X509_NAME *a)
The QMutexLocker class is a convenience class that simplifies locking and unlocking mutexes...
Definition: qmutex.h:101
int q_i2d_X509(X509 *a, unsigned char **b)
QMultiMap< QSsl::AlternateNameEntryType, QString > alternateSubjectNames() const
Returns the list of alternative subject names for this certificate.
PatternSyntax
The syntax used to interpret the meaning of the pattern.
Definition: qregexp.h:64
QString next()
Advances the iterator to the next entry, and returns the file path of this new entry.
QSslKey publicKey() const
Returns the certificate subject&#39;s public key.
The QDateTime class provides date and time functions.
Definition: qdatetime.h:216
The QFile class provides an interface for reading from and writing to files.
Definition: qfile.h:65
EncodingFormat
Describes supported encoding formats for certificates and keys.
Definition: qssl.h:61
RSA * q_EVP_PKEY_get1_RSA(EVP_PKEY *a)
void q_sk_free(STACK *a)
int lastIndexOf(QChar c, int from=-1, Qt::CaseSensitivity cs=Qt::CaseSensitive) const
Definition: qstring.cpp:3000
static QString fromLatin1(const char *, int size=-1)
Returns a QString initialized with the first size characters of the Latin-1 string str...
Definition: qstring.cpp:4188
X509_NAME * q_X509_get_subject_name(X509 *a)
QSslCertificate & operator=(const QSslCertificate &other)
Copies the contents of other into this certificate, making the two certificates identical.
QByteArray version() const
Returns the certificate&#39;s version string.
QDateTime expiryDate() const
Returns the date-time that the certificate expires, or an empty QDateTime if this is a null certifica...
int key
void resize(int size)
Sets the size of the byte array to size bytes.
int size() const
Returns the number of items in the list.
Definition: qlist.h:137
bool isEmpty() const
Returns true if the map contains no items; otherwise returns false.
Definition: qmap.h:203
static QReadWriteLock lock
Definition: proxyconf.cpp:399
QByteArray digest(QCryptographicHash::Algorithm algorithm=QCryptographicHash::Md5) const
Returns a cryptographic digest of this certificate.
static QDateTime currentDateTime()
Returns the current datetime, as reported by the system clock, in the local time zone.
Definition: qdatetime.cpp:3138
QByteArray toBase64() const
Returns a copy of the byte array, encoded as Base64.
QByteArray readAll()
Reads all available data from the device, and returns it as a QByteArray.
Definition: qiodevice.cpp:1025
Definition: qssl.h:63
static QList< QSslCertificate > fromPath(const QString &path, QSsl::EncodingFormat format=QSsl::Pem, QRegExp::PatternSyntax syntax=QRegExp::FixedString)
Searches all files in the path for certificates encoded in the specified format and returns them in a...
int size() const
Returns the number of bytes in this byte array.
Definition: qbytearray.h:402
friend class QSslCertificatePrivate
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b)
bool exactMatch(const QString &str) const
Returns true if str is matched exactly by this regular expression; otherwise returns false...
Definition: qregexp.cpp:4094
static void ensureInitialized()
Declared static in QSslSocketPrivate, makes sure the SSL libraries have been initialized.
ASN1_STRING * q_X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *a)
The QSslCertificate class provides a convenient API for an X509 certificate.
bool isEmpty() const
Returns true if the byte array has size 0; otherwise returns false.
Definition: qbytearray.h:421
void q_EVP_PKEY_free(EVP_PKEY *a)
#define q_sk_GENERAL_NAME_value(st, i)
void clear()
Clears the contents of this certificate, making it a null certificate.
QMap< QString, QString > issuerInfo
QByteArray toDer() const
Returns this certificate converted to a DER (binary) encoded representation.
char at(int i) const
Returns the character at index position i in the byte array.
Definition: qbytearray.h:413
static QByteArray QByteArray_from_X509(X509 *x509, QSsl::EncodingFormat format)
void q_CRYPTO_free(void *a)
The QFileInfo class provides system-independent file information.
Definition: qfileinfo.h:60
void reserve(int size)
Attempts to allocate memory for at least size bytes.
Definition: qbytearray.h:449
X509_NAME_ENTRY * q_X509_NAME_get_entry(X509_NAME *a, int b)
The QIODevice class is the base interface class of all I/O devices in Qt.
Definition: qiodevice.h:66
STACK_OF(SSL_CIPHER) *SSL_get_ciphers SSL *a
qint64 qlonglong
Definition: qglobal.h:951
int q_ASN1_STRING_length(ASN1_STRING *a)
static QByteArray number(int, int base=10)
Returns a byte array containing the string equivalent of the number n to base base (10 by default)...
static QMutex * globalInstanceGet(const void *address)
Returns a QMutex from the global mutex pool.
Definition: qmutexpool.cpp:150
static QList< QSslCertificate > fromData(const QByteArray &data, QSsl::EncodingFormat format=QSsl::Pem)
Searches for and parses all certificates in data that are encoded in the specified format and returns...
The QLatin1Char class provides an 8-bit ASCII/Latin-1 character.
Definition: qchar.h:55
static QByteArray hash(const QByteArray &data, Algorithm method)
Returns the hash of data using method.
#define q_X509_get_notAfter(x)
X509 * q_d2i_X509(X509 **a, unsigned char **b, long c)
int q_X509_cmp(X509 *a, X509 *b)
static QString _q_SubjectInfoToString(QSslCertificate::SubjectInfo info)