1	/*
2	* qca_cert.h - Qt Cryptographic Architecture
3	* Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4	* Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5	*
6	* This library is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU Lesser General Public
8	* License as published by the Free Software Foundation; either
9	* version 2.1 of the License, or (at your option) any later version.
10	*
11	* This library is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14	* Lesser General Public License for more details.
15	*
16	* You should have received a copy of the GNU Lesser General Public
17	* License along with this library; if not, write to the Free Software
18	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19	* 02110-1301 USA
20	*
21	*/
22
23	/**
24	\file qca_cert.h
25
26	Header file for PGP key and X.509 certificate related classes
27
28	\note You should not use this header directly from an
29	application. You should just use <tt> \#include \<QtCrypto>
30	</tt> instead.
31	*/
32
33	#ifndef QCA_CERT_H
34	#define QCA_CERT_H
35
36	#include "qca_core.h"
37	#include "qca_publickey.h"
38	#include <QDateTime>
39
40	namespace QCA {
41
42	class CertContext;
43	class CSRContext;
44	class CRLContext;
45	class Certificate;
46	class CRL;
47	class CertificateCollection;
48	class CertificateChain;
49
50	/**
51	Certificate Request Format
52	*/
53	enum CertificateRequestFormat
54	{
55	PKCS10, ///< standard PKCS#10 format
56	SPKAC ///< Signed Public Key and Challenge (Netscape) format
57	};
58
59	/**
60	Known types of information stored in certificates
61
62	This enumerator offers a convenient way to work with common types.
63	*/
64	enum CertificateInfoTypeKnown
65	{
66	CommonName, ///< The common name (eg person), id = "2.5.4.3"
67	Email, ///< Email address, id = "GeneralName.rfc822Name"
68	EmailLegacy, ///< PKCS#9 Email field, id = "1.2.840.113549.1.9.1"
69	Organization, ///< An organisation (eg company), id = "2.5.4.10"
70	OrganizationalUnit, ///< An part of an organisation (eg a division or branch), id = "2.5.4.11"
71	Locality, ///< The locality (eg city, a shire, or part of a state), id = "2.5.4.7"
72	IncorporationLocality, ///< The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1"
73	State, ///< The state within the country, id = "2.5.4.8"
74	IncorporationState, ///< The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2"
75	Country, ///< The country, id = "2.5.4.6"
76	IncorporationCountry, ///< The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3"
77	URI, ///< Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier"
78	DNS, ///< DNS name, id = "GeneralName.dNSName"
79	IPAddress, ///< IP address, id = "GeneralName.iPAddress"
80	XMPP ///< XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5"
81	};
82
83	/**
84	\class CertificateInfoType qca_cert.h QtCrypto
85
86	Certificate information type
87
88	This class represents a type of information being stored in
89	a certificate. It can be created either using a known type
90	(from the Known enumerator) or an identifier string (usually
91	an OID). Types created either way are interchangeable.
92
93	Types also have the notion of a Section. Some types may
94	reside in the Distinguished Name field of a certificate, and
95	some types may reside in the Subject Alternative Name field.
96	This class is capable of representing a type from either
97	section.
98
99	In the general case, applications will want to use the
100	CertificateInfoTypeKnown enumerator types. These are from RFC3280
101	(http://www.ietf.org/rfc/rfc3280.txt) except where shown.
102
103	The entries for IncorporationLocality, IncorporationState
104	and IncorporationCountry are the same as Locality, State
105	and Country respectively, except that the Extended
106	Validation (EV) certificate guidelines (published by the
107	%Certificate Authority / Browser Forum, see
108	http://www.cabforum.org) distinguish between the place of
109	where the company does business (which is the Locality /
110	State / Country combination) and the jurisdiction where the
111	company is legally incorporated (the IncorporationLocality
112	/ IncorporationState / IncorporationCountry combination).
113
114	\sa Certificate::subjectInfo() and Certificate::issuerInfo()
115	\sa CRL::issuerInfo()
116
117	\ingroup UserAPI
118	*/
119	class QCA_EXPORT CertificateInfoType
120	{
121	public:
122	/**
123	Section of the certificate that the information belongs in
124	*/
125	enum Section
126	{
127	DN, ///< Distinguished name (the primary name)
128	AlternativeName ///< Alternative name
129	};
130
131	/**
132	Standard constructor
133	*/
134	CertificateInfoType();
135
136	/**
137	Construct a new type
138
139	The section will be derived by \a known.
140
141	\param known the type as part of the CertificateInfoTypeKnown
142	enumerator
143	*/
144	CertificateInfoType(CertificateInfoTypeKnown known);
145
146	/**
147	Construct a new type
148
149	\param id the type as an identifier string (OID or internal)
150	\param section the section this type belongs in
151
152	\sa id
153	*/
154	CertificateInfoType(const QString &id, Section section);
155
156	/**
157	Standard copy constructor
158
159	\param from the certificate information to copy from
160	*/
161	CertificateInfoType(const CertificateInfoType &from);
162
163	~CertificateInfoType();
164
165	/**
166	Standard assignment operator
167
168	\param from the certificate information to assign from
169	*/
170	CertificateInfoType &operator=(const CertificateInfoType &from);
171
172	/**
173	The section the type is part of
174	*/
175	Section section() const;
176
177	/**
178	The type as part of the CertificateInfoTypeKnown enumerator
179
180	This function may return a value that does not exist in the
181	enumerator. In that case, you may use id() to determine the
182	type.
183	*/
184	CertificateInfoTypeKnown known() const;
185
186	/**
187	The type as an identifier string
188
189	For types that have OIDs, this function returns an OID in string
190	form. For types that do not have OIDs, this function returns an
191	internal identifier string whose first character is not a digit
192	(this allows you to tell the difference between an OID and an
193	internal identifier).
194
195	It is hereby stated that General Names (of the X.509 Subject
196	Alternative Name) shall use the internal identifier format
197	"GeneralName.[rfc field name]". For example, the rfc822Name
198	field would have the identifier "GeneralName.rfc822Name".
199
200	Applications should not store, use, or compare against internal
201	identifiers unless the identifiers are explicitly documented
202	(e.g. GeneralName).
203	*/
204	QString id() const;
205
206	/**
207	Comparison operator
208
209	\param other the certificate information to compare with this
210	certificate information.
211	*/
212	bool operator<(const CertificateInfoType &other) const;
213
214	/**
215	Comparison operator
216
217	\param other the certificate information to compare with this
218	certificate information.
219	*/
220	bool operator==(const CertificateInfoType &other) const;
221
222	/**
223	Inequality operator
224
225	\param other the certificate information to compare with this
226	certificate information.
227	*/
228	inline bool operator!=(const CertificateInfoType &other) const
229	{
230	return !(*this == other);
231	}
232
233	private:
234	class Private;
235	QSharedDataPointer<Private> d;
236	};
237
238	/**
239	\class CertificateInfoPair qca_cert.h QtCrypto
240
241	One entry in a certificate information list
242
243	\ingroup UserAPI
244	*/
245	class QCA_EXPORT CertificateInfoPair
246	{
247	public:
248	/**
249	Standard constructor
250	*/
251	CertificateInfoPair();
252
253	/**
254	Construct a new pair
255
256	\param type the type of information stored in this pair
257	\param value the value of the information to be stored
258	*/
259	CertificateInfoPair(const CertificateInfoType &type, const QString &value);
260
261	/**
262	Standard copy constructor
263
264	\param from the information pair to copy from
265	*/
266	CertificateInfoPair(const CertificateInfoPair &from);
267
268	~CertificateInfoPair();
269
270	/**
271	Standard assignment operator
272
273	\param from the information pair to assign from
274	*/
275	CertificateInfoPair &operator=(const CertificateInfoPair &from);
276
277	/**
278	The type of information stored in the pair
279	*/
280	CertificateInfoType type() const;
281
282	/**
283	The value of the information stored in the pair
284	*/
285	QString value() const;
286
287	/**
288	Comparison operator
289
290	\param other the certificate information pair to compare with this
291	certificate information pair.
292	*/
293	bool operator==(const CertificateInfoPair &other) const;
294
295	/**
296	Inequality operator
297
298	\param other the certificate information pair to compare with this
299	certificate information pair.
300	*/
301	inline bool operator!=(const CertificateInfoPair &other) const
302	{
303	return !(*this == other);
304	}
305
306	private:
307	class Private;
308	QSharedDataPointer<Private> d;
309	};
310
311	/**
312	Known types of certificate constraints
313
314	This enumerator offers a convenient way to work with common types.
315	*/
316	enum ConstraintTypeKnown
317	{
318	// KeyUsage
319	DigitalSignature, ///< %Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"
320	NonRepudiation, ///< %Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
321	KeyEncipherment, ///< %Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"
322	DataEncipherment, ///< %Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"
323	KeyAgreement, ///< %Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
324	KeyCertificateSign, ///< %Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
325	CRLSign, ///< %Certificate can be used to sign %Certificate Revocation Lists, id = "KeyUsage.crlSign"
326	EncipherOnly, ///< %Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
327	DecipherOnly, ///< %Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
328
329	// ExtKeyUsage
330	ServerAuth, ///< %Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1.5.5.7.3.1".
331	///< This is an extended usage constraint.
332	ClientAuth, ///< %Certificate can be used for client authentication (e.g. web browser), id = "1.3.6.1.5.5.7.3.2".
333	///< This is an extended usage constraint.
334	CodeSigning, ///< %Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage
335	///< constraint.
336	EmailProtection, ///< %Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an
337	///< extended usage constraint.
338	IPSecEndSystem, ///< %Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5". This is
339	///< an extended usage constraint.
340	IPSecTunnel, ///< %Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6". This is an
341	///< extended usage constraint.
342	IPSecUser, ///< %Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7". This is an
343	///< extended usage constraint.
344	TimeStamping, ///< %Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8". This is an
345	///< extended usage constraint.
346	OCSPSigning ///< %Certificate can be used to sign an Online %Certificate Status Protocol (OCSP) assertion, id =
347	///< "1.3.6.1.5.5.7.3.9". This is an extended usage constraint.
348	};
349
350	/**
351	\class ConstraintType qca_cert.h QtCrypto
352
353	Certificate constraint
354
355	X.509 certificates can be constrained in their application - that is, some
356	certificates can only be used for certain purposes. This class is used to
357	identify an approved purpose for a certificate.
358
359	\note It is common for a certificate to have more than one purpose.
360
361	\ingroup UserAPI
362	*/
363	class QCA_EXPORT ConstraintType
364	{
365	public:
366	/**
367	Section of the certificate that the constraint belongs in
368	*/
369	enum Section
370	{
371	KeyUsage, ///< Stored in the key usage section
372	ExtendedKeyUsage ///< Stored in the extended key usage section
373	};
374
375	/**
376	Standard constructor
377	*/
378	ConstraintType();
379
380	/**
381	Construct a new constraint
382
383	The section will be derived by \a known.
384
385	\param known the type as part of the ConstraintTypeKnown
386	enumerator
387	*/
388	ConstraintType(ConstraintTypeKnown known);
389
390	/**
391	Construct a new constraint
392
393	\param id the type as an identifier string (OID or internal)
394	\param section the section this type belongs in
395
396	\sa id
397	*/
398	ConstraintType(const QString &id, Section section);
399
400	/**
401	Standard copy constructor
402
403	\param from the constraint type to copy from
404	*/
405	ConstraintType(const ConstraintType &from);
406
407	~ConstraintType();
408
409	/**
410	Standard assignment operator
411
412	\param from the constraint type to assign from
413	*/
414	ConstraintType &operator=(const ConstraintType &from);
415
416	/**
417	The section the constraint is part of
418	*/
419	Section section() const;
420
421	/**
422	The type as part of the ConstraintTypeKnown enumerator
423
424	This function may return a value that does not exist in the
425	enumerator. In that case, you may use id() to determine the
426	type.
427	*/
428	ConstraintTypeKnown known() const;
429
430	/**
431	The type as an identifier string
432
433	For types that have OIDs, this function returns an OID in string
434	form. For types that do not have OIDs, this function returns an
435	internal identifier string whose first character is not a digit
436	(this allows you to tell the difference between an OID and an
437	internal identifier).
438
439	It is hereby stated that the KeyUsage bit fields shall use the
440	internal identifier format "KeyUsage.[rfc field name]". For
441	example, the keyEncipherment field would have the identifier
442	"KeyUsage.keyEncipherment".
443
444	Applications should not store, use, or compare against internal
445	identifiers unless the identifiers are explicitly documented
446	(e.g. KeyUsage).
447	*/
448	QString id() const;
449
450	/**
451	Comparison operator
452
453	\param other the constraint type to compare with this constraint
454	*/
455	bool operator<(const ConstraintType &other) const;
456
457	/**
458	Comparison operator
459
460	\param other the constraint type to compare with this constraint
461	*/
462	bool operator==(const ConstraintType &other) const;
463
464	/**
465	Inequality operator
466
467	\param other the constraint type to compare with this constraint
468	*/
469	inline bool operator!=(const ConstraintType &other) const
470	{
471	return !(*this == other);
472	}
473
474	private:
475	class Private;
476	QSharedDataPointer<Private> d;
477	};
478
479	/**
480	Specify the intended usage of a certificate
481	*/
482	enum UsageMode
483	{
484	UsageAny = 0x00, ///< Any application, or unspecified
485	UsageTLSServer = 0x01, ///< server side of a TLS or SSL connection
486	UsageTLSClient = 0x02, ///< client side of a TLS or SSL connection
487	UsageCodeSigning = 0x04, ///< code signing certificate
488	UsageEmailProtection = 0x08, ///< email (S/MIME) certificate
489	UsageTimeStamping = 0x10, ///< time stamping certificate
490	UsageCRLSigning = 0x20 ///< certificate revocation list signing certificate
491	};
492
493	/**
494	The validity (or otherwise) of a certificate
495	*/
496	enum Validity
497	{
498	ValidityGood, ///< The certificate is valid
499	ErrorRejected, ///< The root CA rejected the certificate purpose
500	ErrorUntrusted, ///< The certificate is not trusted
501	ErrorSignatureFailed, ///< The signature does not match
502	ErrorInvalidCA, ///< The Certificate Authority is invalid
503	ErrorInvalidPurpose, ///< The purpose does not match the intended usage
504	ErrorSelfSigned, ///< The certificate is self-signed, and is not found in the list of trusted certificates
505	ErrorRevoked, ///< The certificate has been revoked
506	ErrorPathLengthExceeded, ///< The path length from the root CA to this certificate is too long
507	ErrorExpired, ///< The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore
508	///< time)
509	ErrorExpiredCA, ///< The Certificate Authority has expired
510	ErrorValidityUnknown = 64 ///< Validity is unknown
511	};
512
513	/**
514	The conditions to validate for a certificate
515	*/
516	enum ValidateFlags
517	{
518	ValidateAll = 0x00, // Verify all conditions
519	ValidateRevoked = 0x01, // Verify the certificate was not revoked
520	ValidateExpired = 0x02, // Verify the certificate has not expired
521	ValidatePolicy = 0x04 // Verify the certificate can be used for a specified purpose
522	};
523
524	/**
525	Certificate properties type
526
527	With this container, the information is not necessarily stored
528	in the same sequence as the certificate format itself. Use this
529	container if the order the information is/was stored does not
530	matter for you (this is the case with most applications).
531
532	Additionally, the EmailLegacy type should not be used with this
533	container. Use Email instead.
534	*/
535	typedef QMultiMap<CertificateInfoType, QString> CertificateInfo;
536
537	/**
538	\class CertificateInfoOrdered qca_cert.h QtCrypto
539
540	Ordered certificate properties type
541
542	This container stores the information in the same sequence as
543	the certificate format itself.
544
545	\ingroup UserAPI
546	*/
547	class CertificateInfoOrdered : public QList<CertificateInfoPair>
548	{
549	public:
550	/**
551	Convert to RFC 1779 string format
552	*/
553	inline QString toString() const;
554
555	/**
556	Return a new CertificateInfoOrdered that only contains
557	the Distinguished Name (DN) types found in this object.
558	*/
559	inline CertificateInfoOrdered dnOnly() const;
560	};
561
562	/**
563	Convert to RFC 1779 string format
564
565	\param in the certificate info to convert
566	*/
567	QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
568
569	/**
570	Return a new CertificateInfoOrdered that only contains
571	the Distinguished Name (DN) types found in the input object.
572
573	\param in the certificate info to extract from
574	*/
575	QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in);
576
577	inline QString CertificateInfoOrdered::toString() const
578	{
579	return orderedToDNString(in: *this);
580	}
581
582	inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const
583	{
584	return orderedDNOnly(in: *this);
585	}
586
587	/**
588	%Certificate constraints type
589	*/
590	typedef QList<ConstraintType> Constraints;
591
592	/**
593	Create a list of unique friendly names among a list of certificates
594
595	\param list the list of certificates for which a friendly name is required.
596
597	*/
598	QCA_EXPORT QStringList makeFriendlyNames(const QList<Certificate> &list);
599
600	/**
601	\class CertificateOptions qca_cert.h QtCrypto
602
603	%Certificate options
604
605	\note In SPKAC mode, all options are ignored except for challenge
606
607	\ingroup UserAPI
608	*/
609	class QCA_EXPORT CertificateOptions
610	{
611	public:
612	/**
613	Create a Certificate options set
614
615	\param format the format to create the certificate request in
616	*/
617	CertificateOptions(CertificateRequestFormat format = PKCS10);
618
619	/**
620	Standard copy constructor
621
622	\param from the Certificate Options to copy into this object
623	*/
624	CertificateOptions(const CertificateOptions &from);
625	~CertificateOptions();
626
627	/**
628	Standard assignment operator
629
630	\param from the Certificate Options to copy into this object
631	*/
632	CertificateOptions &operator=(const CertificateOptions &from);
633
634	/**
635	test the format type for this certificate
636	*/
637	CertificateRequestFormat format() const;
638
639	/**
640	Specify the format for this certificate
641
642	\param f the format to use
643	*/
644	void setFormat(CertificateRequestFormat f);
645
646	/**
647	Test if the certificate options object is valid
648
649	\return true if the certificate options object is valid
650	*/
651	bool isValid() const;
652
653	/**
654	The challenge part of the certificate
655
656	For CertificateRequest only
657
658	\sa setChallenge
659	*/
660	QString challenge() const;
661
662	/**
663	Information on the subject of the certificate
664
665	\sa setInfo
666	*/
667	CertificateInfo info() const;
668
669	/**
670	Information on the subject of the certificate, in the
671	exact order the items will be written
672
673	\sa setInfoOrdered
674	*/
675	CertificateInfoOrdered infoOrdered() const;
676
677	/**
678	List the constraints on this certificate
679	*/
680	Constraints constraints() const;
681
682	/**
683	list the policies on this certificate
684	*/
685	QStringList policies() const;
686
687	/**
688	list of URI locations for CRL files
689
690	each URI refers to the same CRL file
691
692	For Certificate creation only
693	*/
694	QStringList crlLocations() const;
695
696	/**
697	list of URI locations for issuer certificate files
698
699	each URI refers to the same issuer file
700
701	For Certificate creation only
702	*/
703	QStringList issuerLocations() const;
704
705	/**
706	list of URI locations for OCSP services
707
708	For Certificate creation only
709	*/
710	QStringList ocspLocations() const;
711
712	/**
713	test if the certificate is a CA cert
714
715	\sa setAsCA
716	\sa setAsUser
717	*/
718	bool isCA() const;
719
720	/**
721	return the path limit on this certificate
722	*/
723	int pathLimit() const;
724
725	/**
726	The serial number for the certificate
727
728	For Certificate creation only
729	*/
730	BigInteger serialNumber() const;
731
732	/**
733	the first time the certificate will be valid
734
735	For Certificate creation only
736	*/
737	QDateTime notValidBefore() const;
738
739	/**
740	the last time the certificate is valid
741
742	For Certificate creation only
743	*/
744	QDateTime notValidAfter() const;
745
746	/**
747	Specify the challenge associated with this
748	certificate
749
750	\param s the challenge string
751
752	\sa challenge()
753	*/
754	void setChallenge(const QString &s);
755
756	/**
757	Specify information for the subject associated with the
758	certificate
759
760	\param info the information for the subject
761
762	\sa info()
763	*/
764	void setInfo(const CertificateInfo &info);
765
766	/**
767	Specify information for the subject associated with the
768	certificate
769
770	\param info the information for the subject
771
772	\sa info()
773	*/
774	void setInfoOrdered(const CertificateInfoOrdered &info);
775
776	/**
777	set the constraints on the certificate
778
779	\param constraints the constraints to be used for the certificate
780	*/
781	void setConstraints(const Constraints &constraints);
782
783	/**
784	set the policies on the certificate
785
786	\param policies the policies to be used for the certificate
787	*/
788	void setPolicies(const QStringList &policies);
789
790	/**
791	set the CRL locations of the certificate
792
793	each location refers to the same CRL.
794
795	\param locations a list of URIs to CRL files
796	*/
797	void setCRLLocations(const QStringList &locations);
798
799	/**
800	set the issuer certificate locations of the certificate
801
802	each location refers to the same issuer file.
803
804	\param locations a list of URIs to issuer certificate files
805	*/
806	void setIssuerLocations(const QStringList &locations);
807
808	/**
809	set the OCSP service locations of the certificate
810
811	\param locations a list of URIs to OCSP services
812	*/
813	void setOCSPLocations(const QStringList &locations);
814
815	/**
816	set the certificate to be a CA cert
817
818	\param pathLimit the number of intermediate certificates allowable
819	*/
820	void setAsCA(int pathLimit = 8); // value from Botan
821
822	/**
823	set the certificate to be a user cert (this is the default)
824	*/
825	void setAsUser();
826
827	/**
828	Set the serial number property on this certificate
829
830	\param i the serial number to use
831	*/
832	void setSerialNumber(const BigInteger &i);
833
834	/**
835	Set the validity period for the certificate
836
837	\param start the first time this certificate becomes valid
838	\param end the last time this certificate is valid
839	*/
840	void setValidityPeriod(const QDateTime &start, const QDateTime &end);
841
842	private:
843	class Private;
844	Private *d;
845	};
846
847	/**
848	\class Certificate qca_cert.h QtCrypto
849
850	Public Key (X.509) certificate
851
852	This class contains one X.509 certificate
853
854	\ingroup UserAPI
855	*/
856	class QCA_EXPORT Certificate : public Algorithm
857	{
858	public:
859	/**
860	Create an empty Certificate
861	*/
862	Certificate();
863
864	/**
865	Create a Certificate from a PEM encoded file
866
867	\param fileName the name (and path, if required)
868	of the file that contains the PEM encoded certificate
869	*/
870	Certificate(const QString &fileName);
871
872	/**
873	Create a Certificate with specified options and a specified private
874	key
875
876	\param opts the options to use
877	\param key the private key for this certificate
878	\param provider the provider to use to create this key, if a
879	particular provider is required
880	*/
881	Certificate(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
882
883	/**
884	Standard copy constructor
885
886	\param from the certificate to copy from
887	*/
888	Certificate(const Certificate &from);
889
890	~Certificate() override;
891
892	/**
893	Standard assignment operator
894
895	\param from the Certificate to assign from
896	*/
897	Certificate &operator=(const Certificate &from);
898
899	/**
900	Test if the certificate is empty (null)
901	\return true if the certificate is null
902	*/
903	bool isNull() const;
904
905	/**
906	The earliest date that the certificate is valid
907	*/
908	QDateTime notValidBefore() const;
909
910	/**
911	The latest date that the certificate is valid
912	*/
913	QDateTime notValidAfter() const;
914
915	/**
916	Properties of the subject of the certificate, as a QMultiMap
917
918	This is the method that provides information on the
919	subject organisation, common name, DNS name, and so
920	on. The list of information types (i.e. the key to
921	the multi-map) is a CertificateInfoType. The values
922	are a list of QString.
923
924	An example of how you can iterate over the list is:
925	\code
926	foreach( QString dns, info.values(QCA::DNS) )
927	{
928	std::cout << " " << qPrintable(dns) << std::endl;
929	}
930	\endcode
931	*/
932	CertificateInfo subjectInfo() const;
933
934	/**
935	Properties of the subject of the certificate, as
936	an ordered list (QList of CertificateInfoPair).
937
938	This allows access to the certificate information
939	in the same order as they appear in a certificate.
940	Each pair in the list has a type and a value.
941
942	For example:
943	\code
944	CertificateInfoOrdered info = cert.subjectInfoOrdered();
945	// info[0].type == CommonName
946	// info[0].value == "example.com"
947	\endcode
948
949	\sa subjectInfo for an unordered version
950	\sa issuerInfoOrdered for the ordered information on the issuer
951	\sa CertificateInfoPair for the elements in the list
952	*/
953	CertificateInfoOrdered subjectInfoOrdered() const;
954
955	/**
956	Properties of the issuer of the certificate
957
958	\sa subjectInfo for how the return value works.
959	*/
960	CertificateInfo issuerInfo() const;
961
962	/**
963	Properties of the issuer of the certificate, as
964	an ordered list (QList of CertificateInfoPair).
965
966	This allows access to the certificate information
967	in the same order as they appear in a certificate.
968	Each pair in the list has a type and a value.
969
970	\sa issuerInfo for an unordered version
971	\sa subjectInfoOrdered for the ordered information on the subject
972	\sa CertificateInfoPair for the elements in the list
973	*/
974	CertificateInfoOrdered issuerInfoOrdered() const;
975
976	/**
977	The constraints that apply to this certificate
978	*/
979	Constraints constraints() const;
980
981	/**
982	The policies that apply to this certificate
983
984	Policies are specified as strings containing OIDs
985	*/
986	QStringList policies() const;
987
988	/**
989	List of URI locations for CRL files
990
991	Each URI refers to the same CRL file
992	*/
993	QStringList crlLocations() const;
994
995	/**
996	List of URI locations for issuer certificate files
997
998	Each URI refers to the same issuer file
999	*/
1000	QStringList issuerLocations() const;
1001
1002	/**
1003	List of URI locations for OCSP services
1004	*/
1005	QStringList ocspLocations() const;
1006
1007	/**
1008	The common name of the subject of the certificate
1009
1010	Common names are normally the name of a person, company or
1011	organisation
1012	*/
1013	QString commonName() const;
1014
1015	/**
1016	The serial number of the certificate
1017	*/
1018	BigInteger serialNumber() const;
1019
1020	/**
1021	The public key associated with the subject of the certificate
1022	*/
1023	PublicKey subjectPublicKey() const;
1024
1025	/**
1026	Test if the Certificate is valid as a %Certificate Authority
1027
1028	\return true if the Certificate is valid as a %Certificate Authority
1029	*/
1030	bool isCA() const;
1031
1032	/**
1033	Test if the Certificate is self-signed
1034
1035	\return true if the certificate is self-signed
1036	*/
1037	bool isSelfSigned() const;
1038
1039	/**
1040	Test if the Certificate has signed another Certificate
1041	object and is therefore the issuer
1042
1043	\param other the certificate to test
1044
1045	\return true if this certificate is the issuer of the argument
1046	*/
1047	bool isIssuerOf(const Certificate &other) const;
1048
1049	/**
1050	The upper bound of the number of links in the certificate
1051	chain, if any
1052	*/
1053	int pathLimit() const;
1054
1055	/**
1056	The signature algorithm used for the signature on this certificate
1057	*/
1058	SignatureAlgorithm signatureAlgorithm() const;
1059
1060	/**
1061	The key identifier associated with the subject
1062	*/
1063	QByteArray subjectKeyId() const;
1064
1065	/**
1066	The key identifier associated with the issuer
1067	*/
1068	QByteArray issuerKeyId() const;
1069
1070	/**
1071	Check the validity of a certificate
1072
1073	\param trusted a collection of trusted certificates
1074	\param untrusted a collection of additional certificates, not
1075	necessarily trusted
1076	\param u the use required for the certificate
1077	\param vf the conditions to validate
1078
1079	\note This function may block
1080	*/
1081	Validity validate(const CertificateCollection &trusted,
1082	const CertificateCollection &untrusted,
1083	UsageMode u = UsageAny,
1084	ValidateFlags vf = ValidateAll) const;
1085
1086	/**
1087	Export the Certificate into a DER format
1088	*/
1089	QByteArray toDER() const;
1090
1091	/**
1092	Export the Certificate into a PEM format
1093	*/
1094	QString toPEM() const;
1095
1096	/**
1097	Export the Certificate into PEM format in a file
1098
1099	\param fileName the name of the file to use
1100	*/
1101	bool toPEMFile(const QString &fileName) const;
1102
1103	/**
1104	Import the certificate from DER
1105
1106	\param a the array containing the certificate in DER format
1107	\param result a pointer to a ConvertResult, which if not-null will
1108	be set to the conversion status
1109	\param provider the provider to use, if a specific provider is
1110	required
1111
1112	\return the Certificate corresponding to the certificate in the
1113	provided array
1114	*/
1115	static Certificate
1116	fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1117
1118	/**
1119	Import the certificate from PEM format
1120
1121	\param s the string containing the certificate in PEM format
1122	\param result a pointer to a ConvertResult, which if not-null will
1123	be set to the conversion status
1124	\param provider the provider to use, if a specific provider is
1125	required
1126
1127	\return the Certificate corresponding to the certificate in the
1128	provided string
1129	*/
1130	static Certificate fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1131
1132	/**
1133	Import the certificate from a file
1134
1135	\param fileName the name (and path, if required) of the file
1136	containing the certificate in PEM format
1137	\param result a pointer to a ConvertResult, which if not-null will
1138	be set to the conversion status
1139	\param provider the provider to use, if a specific provider is
1140	required
1141
1142	\return the Certificate corresponding to the certificate in the
1143	provided string
1144	*/
1145	static Certificate
1146	fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1147
1148	/**
1149	Test if the subject of the certificate matches a specified host
1150	name
1151
1152	This will return true (indicating a match), if the specified host
1153	name meets the RFC 2818 validation rules with this certificate.
1154
1155	If the host is an internationalized domain name, then it must be
1156	provided in unicode format, not in IDNA ACE/punycode format.
1157
1158	\param host the name of the host to compare to
1159	*/
1160	bool matchesHostName(const QString &host) const;
1161
1162	/**
1163	Test for equality of two certificates
1164
1165	\param a the certificate to compare this certificate with
1166
1167	\return true if the two certificates are the same
1168	*/
1169	bool operator==(const Certificate &a) const;
1170
1171	/**
1172	Inequality operator
1173
1174	\param other the certificate to compare this certificate with
1175	*/
1176	inline bool operator!=(const Certificate &other) const
1177	{
1178	return !(*this == other);
1179	}
1180
1181	/**
1182	\internal
1183
1184	\param c context (internal)
1185	*/
1186	void change(CertContext *c);
1187
1188	private:
1189	class Private;
1190	friend class Private;
1191	QSharedDataPointer<Private> d;
1192
1193	friend class CertificateChain;
1194	Validity chain_validate(const CertificateChain &chain,
1195	const CertificateCollection &trusted,
1196	const QList<CRL> &untrusted_crls,
1197	UsageMode u,
1198	ValidateFlags vf) const;
1199	CertificateChain
1200	chain_complete(const CertificateChain &chain, const QList<Certificate> &issuers, Validity *result) const;
1201	};
1202
1203	/**
1204	\class CertificateChain qca_cert.h QtCrypto
1205
1206	A chain of related Certificates
1207
1208	CertificateChain is a list (a QList) of certificates that are related by
1209	the signature from one to another. If Certificate C signs Certificate B,
1210	and Certificate B signs Certificate A, then C, B and A form a chain.
1211
1212	The normal use of a CertificateChain is from a end-user Certificate (called
1213	the primary, equivalent to QList::first()) through some intermediate
1214	Certificates to some other Certificate (QList::last()), which might be a
1215	root %Certificate Authority, but does not need to be.
1216
1217	You can build up the chain using normal QList operations, such as
1218	QList::append().
1219
1220	\sa QCA::CertificateCollection for an alternative way to represent a group
1221	of Certificates that do not necessarily have a chained relationship.
1222
1223	\ingroup UserAPI
1224	*/
1225	class CertificateChain : public QList<Certificate>
1226	{
1227	public:
1228	/**
1229	Create an empty certificate chain
1230	*/
1231	inline CertificateChain()
1232	{
1233	}
1234
1235	/**
1236	Create a certificate chain, starting at the specified certificate
1237
1238	\param primary the end-user certificate that forms one end of the
1239	chain
1240	*/
1241	inline CertificateChain(const Certificate &primary)
1242	{
1243	append(t: primary);
1244	}
1245
1246	/**
1247	Return the primary (end-user) Certificate
1248	*/
1249	inline const Certificate &primary() const
1250	{
1251	return first();
1252	}
1253
1254	/**
1255	Check the validity of a certificate chain
1256
1257	\param trusted a collection of trusted certificates
1258	\param untrusted_crls a list of additional CRLs, not necessarily
1259	trusted
1260	\param u the use required for the primary certificate
1261	\param vf the conditions to validate
1262
1263	\note This function may block
1264
1265	\sa Certificate::validate()
1266	*/
1267	inline Validity validate(const CertificateCollection &trusted,
1268	const QList<CRL> &untrusted_crls = QList<CRL>(),
1269	UsageMode u = UsageAny,
1270	ValidateFlags vf = ValidateAll) const;
1271
1272	/**
1273	Complete a certificate chain for the primary certificate, using the
1274	rest of the certificates in the chain object, as well as those in
1275	\a issuers, as possible issuers in the chain. If there are issuers
1276	missing, then the chain might be incomplete (at the worst case, if
1277	no issuers exist for the primary certificate, then the resulting
1278	chain will consist of just the primary certificate). Use the
1279	\a result argument to find out if there was a problem during
1280	completion. A result of ValidityGood means the chain was completed
1281	successfully.
1282
1283	The newly constructed CertificateChain is returned.
1284
1285	If the certificate chain is empty, then this will return an empty
1286	CertificateChain object.
1287
1288	\param issuers a pool of issuers to draw from as necessary
1289	\param result the result of the completion operation
1290
1291	\note This function may block
1292
1293	\sa validate
1294	*/
1295	inline CertificateChain complete(const QList<Certificate> &issuers = QList<Certificate>(),
1296	Validity *result = nullptr) const;
1297	};
1298
1299	inline Validity CertificateChain::validate(const CertificateCollection &trusted,
1300	const QList<CRL> &untrusted_crls,
1301	UsageMode u,
1302	ValidateFlags vf) const
1303	{
1304	if (isEmpty())
1305	return ErrorValidityUnknown;
1306	return first().chain_validate(chain: *this, trusted, untrusted_crls, u, vf);
1307	}
1308
1309	inline CertificateChain CertificateChain::complete(const QList<Certificate> &issuers, Validity *result) const
1310	{
1311	if (isEmpty())
1312	return CertificateChain();
1313	return first().chain_complete(chain: *this, issuers, result);
1314	}
1315
1316	/**
1317	\class CertificateRequest qca_cert.h QtCrypto
1318
1319	%Certificate Request
1320
1321	A CertificateRequest is a unsigned request for a Certificate
1322
1323	\ingroup UserAPI
1324	*/
1325	class QCA_EXPORT CertificateRequest : public Algorithm
1326	{
1327	public:
1328	/**
1329	Create an empty certificate request
1330	*/
1331	CertificateRequest();
1332
1333	/**
1334	Create a certificate request based on the contents of a file
1335
1336	\param fileName the file (and path, if necessary) containing a PEM
1337	encoded certificate request
1338	*/
1339	CertificateRequest(const QString &fileName);
1340
1341	/**
1342	Create a certificate request based on specified options
1343
1344	\param opts the options to use in the certificate request
1345	\param key the private key that matches the certificate being
1346	requested
1347	\param provider the provider to use, if a specific provider is
1348	required
1349	*/
1350	CertificateRequest(const CertificateOptions &opts, const PrivateKey &key, const QString &provider = QString());
1351
1352	/**
1353	Standard copy constructor
1354
1355	\param from the request to copy from
1356	*/
1357	CertificateRequest(const CertificateRequest &from);
1358
1359	~CertificateRequest() override;
1360
1361	/**
1362	Standard assignment operator
1363
1364	\param from the request to assign from
1365	*/
1366	CertificateRequest &operator=(const CertificateRequest &from);
1367
1368	/**
1369	test if the certificate request is empty
1370
1371	\return true if the certificate request is empty, otherwise false
1372	*/
1373	bool isNull() const;
1374
1375	/**
1376	Test if the certificate request can use a specified format
1377
1378	\param f the format to test for
1379	\param provider the provider to use, if a specific provider is
1380	required
1381
1382	\return true if the certificate request can use the specified
1383	format
1384	*/
1385	static bool canUseFormat(CertificateRequestFormat f, const QString &provider = QString());
1386
1387	/**
1388	the format that this Certificate request is in
1389	*/
1390	CertificateRequestFormat format() const;
1391
1392	/**
1393	Information on the subject of the certificate being requested
1394
1395	\note this only applies to PKCS#10 format certificate requests
1396
1397	\sa subjectInfoOrdered for a version that maintains order
1398	in the subject information.
1399	*/
1400	CertificateInfo subjectInfo() const;
1401
1402	/**
1403	Information on the subject of the certificate being requested, as
1404	an ordered list (QList of CertificateInfoPair).
1405
1406	\note this only applies to PKCS#10 format certificate requests
1407
1408	\sa subjectInfo for a version that does not maintain order, but
1409	allows access based on a multimap.
1410	\sa CertificateInfoPair for the elements in the list
1411	*/
1412	CertificateInfoOrdered subjectInfoOrdered() const;
1413
1414	/**
1415	The constraints that apply to this certificate request
1416
1417	\note this only applies to PKCS#10 format certificate requests
1418	*/
1419	Constraints constraints() const;
1420
1421	/**
1422	The policies that apply to this certificate request
1423
1424	\note this only applies to PKCS#10 format certificate requests
1425	*/
1426	QStringList policies() const;
1427
1428	/**
1429	The public key belonging to the issuer
1430	*/
1431	PublicKey subjectPublicKey() const;
1432
1433	/**
1434	Test if this %Certificate Request is for a %Certificate Authority
1435	certificate
1436
1437	\note this only applies to PKCS#10 format certificate requests
1438	*/
1439	bool isCA() const;
1440
1441	/**
1442	The path limit for the certificate in this %Certificate Request
1443
1444	\note this only applies to PKCS#10 format certificate requests
1445	*/
1446	int pathLimit() const;
1447
1448	/**
1449	The challenge associated with this certificate request
1450	*/
1451	QString challenge() const;
1452
1453	/**
1454	The algorithm used to make the signature on this certificate
1455	request
1456	*/
1457	SignatureAlgorithm signatureAlgorithm() const;
1458
1459	/**
1460	Test for equality of two certificate requests
1461
1462	\param csr the certificate request to be compared to this certificate request
1463
1464	\return true if the two certificate requests are the same
1465	*/
1466	bool operator==(const CertificateRequest &csr) const;
1467
1468	/**
1469	Inequality operator
1470
1471	\param other the certificate request to be compared to this certificate request
1472	*/
1473	inline bool operator!=(const CertificateRequest &other) const
1474	{
1475	return !(*this == other);
1476	}
1477
1478	/**
1479	Export the %Certificate Request into a DER format
1480
1481	\note this only applies to PKCS#10 format certificate requests
1482	*/
1483	QByteArray toDER() const;
1484
1485	/**
1486	Export the %Certificate Request into a PEM format
1487
1488	\note this only applies to PKCS#10 format certificate requests
1489	*/
1490	QString toPEM() const;
1491
1492	/**
1493	Export the Certificate into PEM format in a file
1494
1495	\param fileName the name of the file to use
1496
1497	\note this only applies to PKCS#10 format certificate requests
1498	*/
1499	bool toPEMFile(const QString &fileName) const;
1500
1501	/**
1502	Import the certificate request from DER
1503
1504	\param a the array containing the certificate request in DER format
1505	\param result a pointer to a ConvertResult, which if not-null will
1506	be set to the conversion status
1507	\param provider the provider to use, if a specific provider is
1508	required
1509
1510	\return the CertificateRequest corresponding to the certificate
1511	request in the provided array
1512
1513	\note this only applies to PKCS#10 format certificate requests
1514	*/
1515	static CertificateRequest
1516	fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1517
1518	/**
1519	Import the certificate request from PEM format
1520
1521	\param s the string containing the certificate request in PEM
1522	format
1523	\param result a pointer to a ConvertResult, which if not-null will
1524	be set to the conversion status
1525	\param provider the provider to use, if a specific provider is
1526	required
1527
1528	\return the CertificateRequest corresponding to the certificate
1529	request in the provided string
1530
1531	\note this only applies to PKCS#10 format certificate requests
1532	*/
1533	static CertificateRequest
1534	fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1535
1536	/**
1537	Import the certificate request from a file
1538
1539	\param fileName the name (and path, if required) of the file
1540	containing the certificate request in PEM format
1541	\param result a pointer to a ConvertResult, which if not-null will
1542	be set to the conversion status
1543	\param provider the provider to use, if a specific provider is
1544	required
1545
1546	\return the CertificateRequest corresponding to the certificate
1547	request in the provided string
1548
1549	\note this only applies to PKCS#10 format certificate requests
1550	*/
1551	static CertificateRequest
1552	fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1553
1554	/**
1555	Export the CertificateRequest to a string
1556
1557	\return the string corresponding to the certificate request
1558
1559	\note this only applies to SPKAC format certificate requests
1560	*/
1561	QString toString() const;
1562
1563	/**
1564	Import the CertificateRequest from a string
1565
1566	\param s the string containing to the certificate request
1567	\param result a pointer to a ConvertResult, which if not-null will
1568	be set to the conversion status
1569	\param provider the provider to use, if a specific provider is
1570	required
1571
1572	\return the CertificateRequest corresponding to the certificate
1573	request in the provided string
1574
1575	\note this only applies to SPKAC format certificate requests
1576	*/
1577	static CertificateRequest
1578	fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1579
1580	/**
1581	\internal
1582
1583	\param c context (internal)
1584	*/
1585	void change(CSRContext *c);
1586
1587	private:
1588	class Private;
1589	friend class Private;
1590	QSharedDataPointer<Private> d;
1591	};
1592
1593	/**
1594	\class CRLEntry qca_cert.h QtCrypto
1595
1596	Part of a CRL representing a single certificate
1597
1598	\ingroup UserAPI
1599	*/
1600	class QCA_EXPORT CRLEntry
1601	{
1602	public:
1603	/**
1604	The reason why the certificate has been revoked
1605	*/
1606	enum Reason
1607	{
1608	Unspecified, ///< reason is unknown
1609	KeyCompromise, ///< private key has been compromised
1610	CACompromise, ///< certificate authority has been compromised
1611	AffiliationChanged,
1612	Superseded, ///< certificate has been superseded
1613	CessationOfOperation,
1614	CertificateHold, ///< certificate is on hold
1615	RemoveFromCRL, ///< certificate was previously in a CRL, but is now valid
1616	PrivilegeWithdrawn,
1617	AACompromise ///< attribute authority has been compromised
1618	};
1619
1620	/**
1621	create an empty CRL entry
1622	*/
1623	CRLEntry();
1624
1625	/**
1626	create a CRL entry
1627
1628	\param c the certificate to revoke
1629	\param r the reason that the certificate is being revoked
1630	*/
1631	explicit CRLEntry(const Certificate &c, Reason r = Unspecified);
1632
1633	/**
1634	create a CRL entry
1635
1636	\param serial the serial number of the Certificate being revoked
1637	\param time the time the Certificate was revoked (or will be
1638	revoked)
1639	\param r the reason that the certificate is being revoked
1640	*/
1641	CRLEntry(const BigInteger serial, const QDateTime &time, Reason r = Unspecified);
1642
1643	/**
1644	Copy constructor
1645
1646	\param from the CRLEntry to copy from
1647	*/
1648	CRLEntry(const CRLEntry &from);
1649
1650	~CRLEntry();
1651
1652	/**
1653	Standard assignment operator
1654
1655	\param from the CRLEntry to copy from
1656	*/
1657	CRLEntry &operator=(const CRLEntry &from);
1658
1659	/**
1660	The serial number of the certificate that is the subject of this CRL entry
1661	*/
1662	BigInteger serialNumber() const;
1663
1664	/**
1665	The time this CRL entry was created
1666	*/
1667	QDateTime time() const;
1668
1669	/**
1670	Test if this CRL entry is empty
1671	*/
1672	bool isNull() const;
1673
1674	/**
1675	The reason that this CRL entry was created
1676
1677	Alternatively, you might like to think of this as the reason that
1678	the subject certificate has been revoked
1679	*/
1680	Reason reason() const;
1681
1682	/**
1683	Test if one CRL entry is "less than" another
1684
1685	CRL entries are compared based on their serial number
1686
1687	\param a the CRL entry to be compared to this CRL entry.
1688	*/
1689	bool operator<(const CRLEntry &a) const;
1690
1691	/**
1692	Test for equality of two CRL Entries
1693
1694	\param a the CRL entry to be compared to this CRL entry.
1695
1696	\return true if the two certificates are the same
1697	*/
1698	bool operator==(const CRLEntry &a) const;
1699
1700	/**
1701	Inequality operator
1702
1703	\param other the CRL entry to be compared to this CRL entry.
1704	*/
1705	inline bool operator!=(const CRLEntry &other) const
1706	{
1707	return !(*this == other);
1708	}
1709
1710	private:
1711	BigInteger _serial;
1712	QDateTime _time;
1713	Reason _reason;
1714
1715	class Private;
1716	Private *d;
1717	};
1718
1719	/**
1720	\class CRL qca_cert.h QtCrypto
1721
1722	%Certificate Revocation List
1723
1724	A %CRL is a list of certificates that are special in some
1725	way. The normal reason for including a certificate on a %CRL
1726	is that the certificate should no longer be used. For
1727	example, if a key is compromised, then the associated
1728	certificate may no longer provides appropriate
1729	security. There are other reasons why a certificate may be
1730	placed on a %CRL, as shown in the CRLEntry::Reason
1731	enumeration.
1732
1733	\sa CertificateCollection for a way to handle Certificates
1734	and CRLs as a single entity.
1735	\sa CRLEntry for the %CRL segment representing a single Certificate.
1736
1737	\ingroup UserAPI
1738	*/
1739	class QCA_EXPORT CRL : public Algorithm
1740	{
1741	public:
1742	CRL();
1743
1744	/**
1745	Standard copy constructor
1746
1747	\param from the revocation list to copy from
1748	*/
1749	CRL(const CRL &from);
1750
1751	~CRL() override;
1752
1753	/**
1754	Standard assignment operator
1755
1756	\param from the revocation list to assign from
1757	*/
1758	CRL &operator=(const CRL &from);
1759
1760	/**
1761	Test if the CRL is empty
1762
1763	\return true if the CRL is empty, otherwise return false
1764	*/
1765	bool isNull() const;
1766
1767	/**
1768	Information on the issuer of the CRL as a QMultiMap.
1769
1770	\sa issuerInfoOrdered for a version that maintains the order
1771	of information fields as per the underlying CRL.
1772	*/
1773	CertificateInfo issuerInfo() const;
1774
1775	/**
1776	Information on the issuer of the CRL as an ordered list
1777	(QList of CertificateInfoPair).
1778
1779	\sa issuerInfo for a version that allows lookup based on
1780	a multimap.
1781	\sa CertificateInfoPair for the elements in the list
1782	*/
1783	CertificateInfoOrdered issuerInfoOrdered() const;
1784
1785	/**
1786	The CRL serial number. Note that serial numbers are a
1787	CRL extension, and not all certificates have one.
1788
1789	\return the CRL serial number, or -1 if there is no serial number
1790	*/
1791	int number() const;
1792
1793	/**
1794	the time that this CRL became (or becomes) valid
1795	*/
1796	QDateTime thisUpdate() const;
1797
1798	/**
1799	the time that this CRL will be obsoleted
1800
1801	you should obtain an updated CRL at this time
1802	*/
1803	QDateTime nextUpdate() const;
1804
1805	/**
1806	a list of the revoked certificates in this CRL
1807	*/
1808	QList<CRLEntry> revoked() const;
1809
1810	/**
1811	The signature algorithm used for the signature on this CRL
1812	*/
1813	SignatureAlgorithm signatureAlgorithm() const;
1814
1815	/**
1816	The key identification of the CRL issuer
1817	*/
1818	QByteArray issuerKeyId() const;
1819
1820	/**
1821	Test for equality of two %Certificate Revocation Lists
1822
1823	\param a the CRL to be compared to this CRL
1824
1825	\return true if the two CRLs are the same
1826	*/
1827	bool operator==(const CRL &a) const;
1828
1829	/**
1830	Inequality operator
1831
1832	\param other the CRL to be compared to this CRL
1833	*/
1834	inline bool operator!=(const CRL &other) const
1835	{
1836	return !(*this == other);
1837	}
1838
1839	/**
1840	Export the %Certificate Revocation List (CRL) in DER format
1841
1842	\return an array containing the CRL in DER format
1843	*/
1844	QByteArray toDER() const;
1845
1846	/**
1847	Export the %Certificate Revocation List (CRL) in PEM format
1848
1849	\return a string containing the CRL in PEM format
1850	*/
1851	QString toPEM() const;
1852
1853	/**
1854	Export the %Certificate Revocation List (CRL) into PEM format in a
1855	file
1856
1857	\param fileName the name of the file to use
1858	*/
1859	bool toPEMFile(const QString &fileName) const;
1860
1861	/**
1862	Import a DER encoded %Certificate Revocation List (CRL)
1863
1864	\param a the array containing the CRL in DER format
1865	\param result a pointer to a ConvertResult, which if not-null will
1866	be set to the conversion status
1867	\param provider the provider to use, if a specific provider is
1868	required
1869
1870	\return the CRL corresponding to the contents of the array
1871	*/
1872	static CRL fromDER(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
1873
1874	/**
1875	Import a PEM encoded %Certificate Revocation List (CRL)
1876
1877	\param s the string containing the CRL in PEM format
1878	\param result a pointer to a ConvertResult, which if not-null will
1879	be set to the conversion status
1880	\param provider the provider to use, if a specific provider is
1881	required
1882
1883	\return the CRL corresponding to the contents of the string
1884	*/
1885	static CRL fromPEM(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
1886
1887	/**
1888	Import a PEM encoded %Certificate Revocation List (CRL) from a file
1889
1890	\param fileName the name (and path, if required) of the file
1891	containing the certificate in PEM format
1892	\param result a pointer to a ConvertResult, which if not-null will
1893	be set to the conversion status
1894	\param provider the provider to use, if a specific provider is
1895	required
1896
1897	\return the CRL in the file
1898	*/
1899	static CRL
1900	fromPEMFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
1901
1902	/**
1903	\internal
1904
1905	\param c context (internal)
1906	*/
1907	void change(CRLContext *c);
1908
1909	private:
1910	class Private;
1911	friend class Private;
1912	QSharedDataPointer<Private> d;
1913	};
1914
1915	/**
1916	\class CertificateCollection qca_cert.h QtCrypto
1917
1918	Bundle of Certificates and CRLs
1919
1920	CertificateCollection provides a bundle of Certificates and Certificate
1921	Revocation Lists (CRLs), not necessarily related.
1922
1923	\sa QCA::CertificateChain for a representation of a chain of Certificates
1924	related by signatures.
1925
1926	\ingroup UserAPI
1927	*/
1928	class QCA_EXPORT CertificateCollection
1929	{
1930	public:
1931	/**
1932	Create an empty Certificate / CRL collection
1933	*/
1934	CertificateCollection();
1935
1936	/**
1937	Standard copy constructor
1938
1939	\param from the CertificateCollection to copy from
1940	*/
1941	CertificateCollection(const CertificateCollection &from);
1942
1943	~CertificateCollection();
1944
1945	/**
1946	Standard assignment operator
1947
1948	\param from the CertificateCollection to copy from
1949	*/
1950	CertificateCollection &operator=(const CertificateCollection &from);
1951
1952	/**
1953	Append a Certificate to this collection
1954
1955	\param cert the Certificate to add to this CertificateCollection
1956	*/
1957	void addCertificate(const Certificate &cert);
1958
1959	/**
1960	Append a CRL to this collection
1961
1962	\param crl the certificate revokation list to add to this
1963	CertificateCollection
1964	*/
1965	void addCRL(const CRL &crl);
1966
1967	/**
1968	The Certificates in this collection
1969	*/
1970	QList<Certificate> certificates() const;
1971
1972	/**
1973	The CRLs in this collection
1974	*/
1975	QList<CRL> crls() const;
1976
1977	/**
1978	Add another CertificateCollection to this collection
1979
1980	\param other the CertificateCollection to add to this collection
1981	*/
1982	void append(const CertificateCollection &other);
1983
1984	/**
1985	Add another CertificateCollection to this collection
1986
1987	\param other the CertificateCollection to add to this collection
1988	*/
1989	CertificateCollection operator+(const CertificateCollection &other) const;
1990
1991	/**
1992	Add another CertificateCollection to this collection
1993
1994	\param other the CertificateCollection to add to this collection
1995	*/
1996	CertificateCollection &operator+=(const CertificateCollection &other);
1997
1998	/**
1999	test if the CertificateCollection can be imported and exported to
2000	PKCS#7 format
2001
2002	\param provider the provider to use, if a specific provider is
2003	required
2004
2005	\return true if the CertificateCollection can be imported and
2006	exported to PKCS#7 format
2007	*/
2008	static bool canUsePKCS7(const QString &provider = QString());
2009
2010	/**
2011	export the CertificateCollection to a plain text file
2012
2013	\param fileName the name (and path, if required) to write the
2014	contents of the CertificateCollection to
2015
2016	\return true if the export succeeded, otherwise false
2017	*/
2018	bool toFlatTextFile(const QString &fileName);
2019
2020	/**
2021	export the CertificateCollection to a PKCS#7 file
2022
2023	\param fileName the name (and path, if required) to write the
2024	contents of the CertificateCollection to
2025	\param provider the provider to use, if a specific provider is
2026	required
2027
2028	\return true if the export succeeded, otherwise false
2029	*/
2030	bool toPKCS7File(const QString &fileName, const QString &provider = QString());
2031
2032	/**
2033	import a CertificateCollection from a text file
2034
2035	\param fileName the name (and path, if required) to read the
2036	certificate collection from
2037	\param result a pointer to a ConvertResult, which if not-null will
2038	be set to the conversion status
2039	\param provider the provider to use, if a specific provider is
2040	required
2041
2042	\return the CertificateCollection corresponding to the contents of
2043	the file specified in fileName
2044	*/
2045	static CertificateCollection
2046	fromFlatTextFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2047
2048	/**
2049	import a CertificateCollection from a PKCS#7 file
2050
2051	\param fileName the name (and path, if required) to read the
2052	certificate collection from
2053	\param result a pointer to a ConvertResult, which if not-null will
2054	be set to the conversion status
2055	\param provider the provider to use, if a specific provider is
2056	required
2057
2058	\return the CertificateCollection corresponding to the contents of
2059	the file specified in fileName
2060	*/
2061	static CertificateCollection
2062	fromPKCS7File(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2063
2064	private:
2065	class Private;
2066	QSharedDataPointer<Private> d;
2067	};
2068
2069	/**
2070	\class CertificateAuthority qca_cert.h QtCrypto
2071
2072	A %Certificate Authority is used to generate Certificates and
2073	%Certificate Revocation Lists (CRLs).
2074
2075	\ingroup UserAPI
2076	*/
2077	class QCA_EXPORT CertificateAuthority : public Algorithm
2078	{
2079	public:
2080	/**
2081	Create a new %Certificate Authority
2082
2083	\param cert the CA certificate
2084	\param key the private key associated with the CA certificate
2085	\param provider the provider to use, if a specific provider is
2086	required
2087	*/
2088	CertificateAuthority(const Certificate &cert, const PrivateKey &key, const QString &provider);
2089
2090	/**
2091	Copy constructor
2092
2093	\param from the CertificateAuthority to copy from
2094	*/
2095	CertificateAuthority(const CertificateAuthority &from);
2096
2097	~CertificateAuthority() override;
2098
2099	/**
2100	Standard assignment operator
2101
2102	\param from the CertificateAuthority to copy from
2103	*/
2104	CertificateAuthority &operator=(const CertificateAuthority &from);
2105
2106	/**
2107	The Certificate belonging to the %CertificateAuthority
2108
2109	This is the Certificate that was passed as an argument to the
2110	constructor
2111	*/
2112	Certificate certificate() const;
2113
2114	/**
2115	Create a new Certificate by signing the provider CertificateRequest
2116
2117	\param req the CertificateRequest to sign
2118	\param notValidAfter the last date that the Certificate will be
2119	valid
2120	*/
2121	Certificate signRequest(const CertificateRequest &req, const QDateTime &notValidAfter) const;
2122
2123	/**
2124	Create a new Certificate
2125
2126	\param key the Public Key to use to create the Certificate
2127	\param opts the options to use for the new Certificate
2128	*/
2129	Certificate createCertificate(const PublicKey &key, const CertificateOptions &opts) const;
2130
2131	/**
2132	Create a new %Certificate Revocation List (CRL)
2133
2134	\param nextUpdate the date that the CRL will be updated
2135
2136	\return an empty CRL
2137	*/
2138	CRL createCRL(const QDateTime &nextUpdate) const;
2139
2140	/**
2141	Update the CRL to include new entries
2142
2143	\param crl the CRL to update
2144	\param entries the entries to add to the CRL
2145	\param nextUpdate the date that this CRL will be updated
2146
2147	\return the update CRL
2148	*/
2149	CRL updateCRL(const CRL &crl, const QList<CRLEntry> &entries, const QDateTime &nextUpdate) const;
2150
2151	private:
2152	class Private;
2153	Private *d;
2154	};
2155
2156	/**
2157	\class KeyBundle qca_cert.h QtCrypto
2158
2159	Certificate chain and private key pair
2160
2161	KeyBundle is essentially a convience class that holds a
2162	certificate chain and an associated private key. This class
2163	has a number of methods that make it particularly suitable
2164	for accessing a PKCS12 (.p12) format file, however it can
2165	be used as just a container for a Certificate, its
2166	associated PrivateKey and optionally additional
2167	X.509 Certificate that form a chain.
2168
2169	For more information on PKCS12 "Personal Information
2170	Exchange Syntax Standard", see <a
2171	href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf">ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf</a>.
2172
2173	\ingroup UserAPI
2174	*/
2175	class QCA_EXPORT KeyBundle
2176	{
2177	public:
2178	/**
2179	Create an empty KeyBundle
2180	*/
2181	KeyBundle();
2182
2183	/**
2184	Create a KeyBundle from a PKCS12 (.p12) encoded
2185	file
2186
2187	This constructor requires appropriate plugin (provider)
2188	support. You must check for the "pkcs12" feature
2189	before using this constructor.
2190
2191	\param fileName the name of the file to read from
2192	\param passphrase the passphrase that is applicable to the file
2193
2194	\sa fromFile for a more flexible version of the
2195	same capability.
2196
2197	\note This synchronous operation may require event handling, and so
2198	it must not be called from the same thread as an EventHandler.
2199	*/
2200	explicit KeyBundle(const QString &fileName, const SecureArray &passphrase = SecureArray());
2201
2202	/**
2203	Standard copy constructor
2204
2205	\param from the KeyBundle to use as source
2206	*/
2207	KeyBundle(const KeyBundle &from);
2208
2209	~KeyBundle();
2210
2211	/**
2212	Standard assignment operator
2213
2214	\param from the KeyBundle to use as source
2215	*/
2216	KeyBundle &operator=(const KeyBundle &from);
2217
2218	/**
2219	Test if this key is empty (null)
2220	*/
2221	bool isNull() const;
2222
2223	/**
2224	The name associated with this key.
2225
2226	This is also known as the "friendly name", and if
2227	present, is typically suitable to be displayed to
2228	the user.
2229
2230	\sa setName
2231	*/
2232	QString name() const;
2233
2234	/**
2235	The public certificate part of this bundle
2236
2237	\sa setCertificateChainAndKey
2238	*/
2239	CertificateChain certificateChain() const;
2240
2241	/**
2242	The private key part of this bundle
2243
2244	\sa setCertificateChainAndKey
2245	*/
2246	PrivateKey privateKey() const;
2247
2248	/**
2249	Specify the name of this bundle
2250
2251	\param s the name to use
2252	*/
2253	void setName(const QString &s);
2254
2255	/**
2256	Set the public certificate and private key
2257
2258	\param c the CertificateChain containing the public part of the
2259	Bundle
2260	\param key the private key part of the Bundle
2261
2262	\sa privateKey, certificateChain for getters
2263	*/
2264	void setCertificateChainAndKey(const CertificateChain &c, const PrivateKey &key);
2265
2266	/**
2267	Export the key bundle to an array in PKCS12 format.
2268
2269	This method requires appropriate plugin (provider)
2270	support - you must check for the "pkcs12" feature,
2271	as shown below.
2272
2273	\code
2274	if( QCA::isSupported("pkcs12") )
2275	{
2276	// can use I/O
2277	byteArray = bundle.toArray( "pass phrase" );
2278	}
2279	else
2280	{
2281	// not possible to use I/O
2282	}
2283	\endcode
2284
2285	\param passphrase the passphrase to use to protect the bundle
2286	\param provider the provider to use, if a specific provider is
2287	required
2288	*/
2289	QByteArray toArray(const SecureArray &passphrase, const QString &provider = QString()) const;
2290
2291	/**
2292	Export the key bundle to a file in PKCS12 (.p12) format
2293
2294	This method requires appropriate plugin (provider)
2295	support - you must check for the "pkcs12" feature,
2296	as shown below.
2297
2298	\code
2299	if( QCA::isSupported("pkcs12") )
2300	{
2301	// can use I/O
2302	bool result = bundle.toFile( filename, "pass phrase" );
2303	}
2304	else
2305	{
2306	// not possible to use I/O
2307	}
2308	\endcode
2309
2310	\param fileName the name of the file to save to
2311	\param passphrase the passphrase to use to protect the bundle
2312	\param provider the provider to use, if a specific provider is
2313	required
2314	*/
2315	bool toFile(const QString &fileName, const SecureArray &passphrase, const QString &provider = QString()) const;
2316
2317	/**
2318	Import the key bundle from an array in PKCS12 format
2319
2320	This method requires appropriate plugin (provider)
2321	support - you must check for the "pkcs12" feature,
2322	as shown below.
2323
2324	\code
2325	if( QCA::isSupported("pkcs12") )
2326	{
2327	// can use I/O
2328	bundle = QCA::KeyBundle::fromArray( array, "pass phrase" );
2329	}
2330	else
2331	{
2332	// not possible to use I/O
2333	}
2334	\endcode
2335
2336	\param a the array to import from
2337	\param passphrase the passphrase for the encoded bundle
2338	\param result pointer to the result of the import process
2339	\param provider the provider to use, if a specific provider is
2340	required
2341
2342	\sa QCA::KeyLoader for an asynchronous loader approach.
2343
2344	\note This synchronous operation may require event handling, and so
2345	it must not be called from the same thread as an EventHandler.
2346	*/
2347	static KeyBundle fromArray(const QByteArray &a,
2348	const SecureArray &passphrase = SecureArray(),
2349	ConvertResult *result = nullptr,
2350	const QString &provider = QString());
2351
2352	/**
2353	Import the key bundle from a file in PKCS12 (.p12) format
2354
2355	This method requires appropriate plugin (provider)
2356	support - you must check for the "pkcs12" feature,
2357	as shown below.
2358
2359	\code
2360	if( QCA::isSupported("pkcs12") )
2361	{
2362	// can use I/O
2363	bundle = QCA::KeyBundle::fromFile( filename, "pass phrase" );
2364	}
2365	else
2366	{
2367	// not possible to use I/O
2368	}
2369	\endcode
2370
2371	\param fileName the name of the file to read from
2372	\param passphrase the passphrase for the encoded bundle
2373	\param result pointer to the result of the import process
2374	\param provider the provider to use, if a specific provider is
2375	required
2376
2377	\sa QCA::KeyLoader for an asynchronous loader approach.
2378
2379	\note This synchronous operation may require event handling, and so
2380	it must not be called from the same thread as an EventHandler.
2381	*/
2382	static KeyBundle fromFile(const QString &fileName,
2383	const SecureArray &passphrase = SecureArray(),
2384	ConvertResult *result = nullptr,
2385	const QString &provider = QString());
2386
2387	private:
2388	class Private;
2389	QSharedDataPointer<Private> d;
2390	};
2391
2392	/**
2393	\class PGPKey qca_cert.h QtCrypto
2394
2395	Pretty Good Privacy key
2396
2397	This holds either a reference to an item in a real PGP keyring,
2398	or a standalone item created using the from*() functions.
2399
2400	Note that with the latter method, the key is of no use besides
2401	being informational. The key must be in a keyring
2402	(that is, inKeyring() == true) to actually do crypto with it.
2403
2404	\ingroup UserAPI
2405	*/
2406	class QCA_EXPORT PGPKey : public Algorithm
2407	{
2408	public:
2409	/**
2410	Create an empty PGP key
2411	*/
2412	PGPKey();
2413
2414	/**
2415	Create a PGP key from an encoded file
2416
2417	\param fileName the name (and path, if required) of the file
2418	that the PGP key is to be loaded from.
2419
2420	\sa fromFile for a version that allows better error checking / validation
2421	\sa toFile for a method to write out the key.
2422	*/
2423	PGPKey(const QString &fileName);
2424
2425	/**
2426	Standard copy constructor
2427
2428	\param from the PGPKey to use as the source
2429	*/
2430	PGPKey(const PGPKey &from);
2431
2432	~PGPKey() override;
2433
2434	/**
2435	Standard assignment operator
2436
2437	\param from the PGPKey to use as the source
2438	*/
2439	PGPKey &operator=(const PGPKey &from);
2440
2441	/**
2442	Test if the PGP key is empty (null)
2443
2444	\return true if the PGP key is null
2445	*/
2446	bool isNull() const;
2447
2448	/**
2449	The Key identification for the PGP key
2450	*/
2451	QString keyId() const;
2452
2453	/**
2454	The primary user identification for the key
2455	*/
2456	QString primaryUserId() const;
2457
2458	/**
2459	The list of all user identifications associated with the key
2460	*/
2461	QStringList userIds() const;
2462
2463	/**
2464	Test if the PGP key is the secret key
2465
2466	\return true if the PGP key is the secret key
2467	*/
2468	bool isSecret() const;
2469
2470	/**
2471	The creation date for the key
2472	*/
2473	QDateTime creationDate() const;
2474
2475	/**
2476	The expiration date for the key
2477	*/
2478	QDateTime expirationDate() const;
2479
2480	/**
2481	The key fingerpint
2482
2483	This will return the PGP fingerprint as a string. It comprises 40
2484	hex digits, without spaces.
2485	*/
2486	QString fingerprint() const;
2487
2488	/**
2489	Test if this key is in a keyring
2490
2491	\return true if the key is in a keyring
2492
2493	\note keys that are not in a keyring cannot be used for encryption,
2494	decryption, signing or verification
2495	*/
2496	bool inKeyring() const;
2497
2498	/**
2499	Test if the key is trusted
2500
2501	\return true if the key is trusted
2502	*/
2503	bool isTrusted() const;
2504
2505	/**
2506	Export the key to an array.
2507
2508	This will export the key in a binary format (that is, not in an
2509	"ascii armoured" form).
2510
2511	\sa fromArray for a static import method.
2512	\sa toString for an "ascii armoured" export method.
2513	*/
2514	QByteArray toArray() const;
2515
2516	/**
2517	Export the key to a string
2518
2519	This will export the key in an "ascii armoured" form.
2520
2521	\sa fromString for a static import method.
2522	\sa toArray for a binary format export method.
2523	*/
2524	QString toString() const;
2525
2526	/**
2527	Export the key to a file
2528
2529	\param fileName the name of the file to save the key to
2530	*/
2531	bool toFile(const QString &fileName) const;
2532
2533	/**
2534	Import the key from an array
2535
2536	\param a the array to import from
2537	\param result if not null, this will be set to the result of the
2538	import process
2539	\param provider the provider to use, if a particular provider is
2540	required
2541	*/
2542	static PGPKey fromArray(const QByteArray &a, ConvertResult *result = nullptr, const QString &provider = QString());
2543
2544	/**
2545	Import the key from a string
2546
2547	\param s the string to import from
2548	\param result if not null, this will be set to the result of the
2549	import process
2550	\param provider the provider to use, if a particular provider is
2551	required
2552	*/
2553	static PGPKey fromString(const QString &s, ConvertResult *result = nullptr, const QString &provider = QString());
2554
2555	/**
2556	Import the key from a file
2557
2558	\param fileName string containing the name of the file to import
2559	from
2560	\param result if not null, this will be set to the result of the
2561	import process
2562	\param provider the provider to use, if a particular provider is
2563	required
2564	*/
2565	static PGPKey
2566	fromFile(const QString &fileName, ConvertResult *result = nullptr, const QString &provider = QString());
2567
2568	private:
2569	class Private;
2570	Private *d;
2571	};
2572
2573	/**
2574	\class KeyLoader qca_cert.h QtCrypto
2575
2576	Asynchronous private key loader
2577
2578	GUI applications generally must use KeyLoader to load private keys. This
2579	is because the synchronous private key loading functions, for example
2580	QCA::PrivateKey::fromPEMFile(), cannot be used within the same thread as an
2581	EventHandler, and most GUI applications will use EventHandler from the main
2582	thread. KeyLoader does not have this problem. It can be used from any
2583	thread, including the same thread as EventHandler.
2584
2585	The KeyLoader class allows you to asynchronously load stand-alone private
2586	keys (QCA::PrivateKey) or private keys with a certificate (QCA::KeyBundle)
2587	with a signal that advises of completion.
2588
2589	To use this class to load a PrivateKey, you create a KeyLoader object then
2590	use one of the loadPrivateKeyFrom...() functions, depending on the format
2591	for your key. These functions return immediately. When you get the
2592	finished() signal, you can check that the loading operation succeeded
2593	(using convertResult()) and then obtain the PrivateKey using the
2594	privateKey() function.
2595
2596	The same process applies for loading a KeyBundle, except that you use
2597	either loadKeyBundleFromFile() or loadKeyBundleFromArray() instead of the
2598	loadPrivateKeyFrom...() function, and use keyBundle() instead of
2599	privateKey().
2600
2601	The loader may need a passphrase to complete the loading of the key or key
2602	bundle. You should use the QCA::EventHandler class to ensure that you deal
2603	with this correctly.
2604
2605	\note %QCA also provides synchronous private key loading using
2606	QCA::PrivateKey::fromPEMFile(), QCA::PrivateKey::fromPEM() and
2607	QCA::PrivateKey::fromDER(). %QCA provides synchronous key bundle loading
2608	using QCA::KeyBundle::fromArray() and QCA::KeyBundle::fromFile().
2609
2610	\ingroup UserAPI
2611	*/
2612	class QCA_EXPORT KeyLoader : public QObject
2613	{
2614	Q_OBJECT
2615	public:
2616	/**
2617	Create a KeyLoader object.
2618
2619	\param parent the parent object for this object
2620	*/
2621	KeyLoader(QObject *parent = nullptr);
2622	~KeyLoader() override;
2623
2624	/**
2625	Initiate an asynchronous loading of a PrivateKey from a PEM format
2626	file.
2627
2628	This function will return immediately.
2629
2630	\param fileName the name of the file (and path, if necessary) to
2631	load the key from
2632	*/
2633	void loadPrivateKeyFromPEMFile(const QString &fileName);
2634
2635	/**
2636	Initiate an asynchronous loading of a PrivateKey from a PEM format
2637	string.
2638
2639	This function will return immediately.
2640
2641	\param s the string containing the PEM formatted key
2642	*/
2643	void loadPrivateKeyFromPEM(const QString &s);
2644
2645	/**
2646	Initiate an asynchronous loading of a PrivateKey from a DER format
2647	array.
2648
2649	This function will return immediately.
2650
2651	\param a the array containing the DER formatted key
2652	*/
2653	void loadPrivateKeyFromDER(const SecureArray &a);
2654
2655	/**
2656	Initiate an asynchronous loading of a KeyBundle from a file
2657
2658	This function will return immediately.
2659
2660	\param fileName the name of the file (and path, if necessary) to
2661	load the key bundle from
2662	*/
2663	void loadKeyBundleFromFile(const QString &fileName);
2664
2665	/**
2666	Initiate an asynchronous loading of a KeyBundle from an array
2667
2668	This function will return immediately.
2669
2670	\param a the array containing the key bundle
2671	*/
2672	void loadKeyBundleFromArray(const QByteArray &a);
2673
2674	/**
2675	The result of the loading process.
2676
2677	This is not valid until the finished() signal has been emitted.
2678	*/
2679	ConvertResult convertResult() const;
2680
2681	/**
2682	The private key that has been loaded.
2683
2684	This is only valid if loadPrivateKeyFromPEMFile(),
2685	loadPrivateKeyFromPEM() or loadPrivateKeyFromDER() has been used,
2686	the load has completed (that is, finished() has been emitted), and
2687	the conversion succeeded (that is, convertResult() returned
2688	ConvertGood).
2689	*/
2690	PrivateKey privateKey() const;
2691
2692	/**
2693	The key bundle that has been loaded.
2694
2695	This is only valid if loadKeyBundleFromFile() or
2696	loadKeyBundleFromArray() has been used, the load has completed
2697	(that is, finished() has been emitted), and the conversion
2698	succeeded (that is, convertResult() returned ConvertGood).
2699	*/
2700	KeyBundle keyBundle() const;
2701
2702	Q_SIGNALS:
2703	/**
2704	Signal that is emitted when the load process has completed.
2705
2706	\note The load process may not have completed successfully - check
2707	the result of convertResult() to confirm this before using the
2708	privateKey() or keyBundle() results.
2709	*/
2710	void finished();
2711
2712	private:
2713	Q_DISABLE_COPY(KeyLoader)
2714
2715	class Private;
2716	friend class Private;
2717	Private *d;
2718	};
2719
2720	}
2721
2722	#endif
2723