1 | // Copyright (C) 2011 Richard J. Moore <rich@kde.org> |
2 | // Copyright (C) 2019 The Qt Company Ltd. |
3 | // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only |
4 | |
5 | #include "qocspresponse_p.h" |
6 | #include "qocspresponse.h" |
7 | |
8 | #include "qhashfunctions.h" |
9 | |
10 | QT_BEGIN_NAMESPACE |
11 | |
12 | QT_IMPL_METATYPE_EXTERN(QOcspResponse) |
13 | |
14 | /*! |
15 | \class QOcspResponse |
16 | \brief This class represents Online Certificate Status Protocol response. |
17 | \since 5.13 |
18 | |
19 | \ingroup network |
20 | \ingroup ssl |
21 | \inmodule QtNetwork |
22 | |
23 | The QOcspResponse class represents the revocation status of a server's certificate, |
24 | received by the client-side socket during the TLS handshake. QSslSocket must be |
25 | configured with OCSP stapling enabled. |
26 | |
27 | \sa QSslSocket, QSslSocket::ocspResponses(), certificateStatus(), |
28 | revocationReason(), responder(), subject(), QOcspCertificateStatus, QOcspRevocationReason, |
29 | QSslConfiguration::setOcspStaplingEnabled(), QSslConfiguration::ocspStaplingEnabled(), |
30 | QSslConfiguration::peerCertificate() |
31 | */ |
32 | |
33 | /*! |
34 | \enum QOcspCertificateStatus |
35 | \brief Describes the Online Certificate Status |
36 | \relates QOcspResponse |
37 | \since 5.13 |
38 | |
39 | \ingroup network |
40 | \ingroup ssl |
41 | \inmodule QtNetwork |
42 | |
43 | \value Good The certificate is not revoked, but this does not necessarily |
44 | mean that the certificate was ever issued or that the time at which |
45 | the response was produced is within the certificate's validity interval. |
46 | \value Revoked This state indicates that the certificate has been revoked |
47 | (either permanently or temporarily - on hold). |
48 | \value Unknown This state indicates that the responder doesn't know about |
49 | the certificate being requested. |
50 | |
51 | \sa QOcspRevocationReason |
52 | */ |
53 | |
54 | /*! |
55 | \enum QOcspRevocationReason |
56 | \brief Describes the reason for revocation |
57 | \relates QOcspResponse |
58 | \since 5.13 |
59 | |
60 | \ingroup network |
61 | \ingroup ssl |
62 | \inmodule QtNetwork |
63 | |
64 | |
65 | This enumeration describes revocation reasons, defined in \l{RFC 5280, section 5.3.1} |
66 | |
67 | \value None |
68 | \value Unspecified |
69 | \value KeyCompromise |
70 | \value CACompromise |
71 | \value AffiliationChanged |
72 | \value Superseded |
73 | \value CessationOfOperation |
74 | \value CertificateHold |
75 | \value RemoveFromCRL |
76 | */ |
77 | |
78 | /*! |
79 | \since 5.13 |
80 | |
81 | Creates a new response with status QOcspCertificateStatus::Unknown |
82 | and revocation reason QOcspRevocationReason::None. |
83 | |
84 | \sa QOcspCertificateStatus |
85 | */ |
86 | QOcspResponse::QOcspResponse() |
87 | : d(new QOcspResponsePrivate) |
88 | { |
89 | } |
90 | |
91 | /*! |
92 | \since 5.13 |
93 | |
94 | Copy-constructs a QOcspResponse instance. |
95 | */ |
96 | QOcspResponse::QOcspResponse(const QOcspResponse &) = default; |
97 | |
98 | /*! |
99 | \since 5.13 |
100 | |
101 | Move-constructs a QOcspResponse instance. |
102 | */ |
103 | QOcspResponse::QOcspResponse(QOcspResponse &&) noexcept = default; |
104 | |
105 | /*! |
106 | \since 5.13 |
107 | |
108 | Destroys the response. |
109 | */ |
110 | QOcspResponse::~QOcspResponse() = default; |
111 | |
112 | /*! |
113 | \since 5.13 |
114 | |
115 | Copy-assigns \a other and returns a reference to this response. |
116 | */ |
117 | QOcspResponse &QOcspResponse::operator=(const QOcspResponse &) = default; |
118 | |
119 | /*! |
120 | \since 5.13 |
121 | |
122 | Move-assigns \a other to this QOcspResponse instance. |
123 | */ |
124 | QOcspResponse &QOcspResponse::operator=(QOcspResponse &&) noexcept = default; |
125 | |
126 | /*! |
127 | \fn void QOcspResponse::swap(QOcspResponse &other) |
128 | \since 5.13 |
129 | \memberswap{response} |
130 | */ |
131 | |
132 | /*! |
133 | \since 5.13 |
134 | |
135 | Returns the certificate status. |
136 | |
137 | \sa QOcspCertificateStatus |
138 | */ |
139 | QOcspCertificateStatus QOcspResponse::certificateStatus() const |
140 | { |
141 | return d->certificateStatus; |
142 | } |
143 | |
144 | /*! |
145 | \since 5.13 |
146 | |
147 | Returns the reason for revocation. |
148 | */ |
149 | QOcspRevocationReason QOcspResponse::revocationReason() const |
150 | { |
151 | return d->revocationReason; |
152 | } |
153 | |
154 | /*! |
155 | \since 5.13 |
156 | |
157 | This function returns a certificate used to sign OCSP response. |
158 | */ |
159 | QSslCertificate QOcspResponse::responder() const |
160 | { |
161 | return d->signerCert; |
162 | } |
163 | |
164 | /*! |
165 | \since 5.13 |
166 | |
167 | This function returns a certificate, for which this response was issued. |
168 | */ |
169 | QSslCertificate QOcspResponse::subject() const |
170 | { |
171 | return d->subjectCert; |
172 | } |
173 | |
174 | /*! |
175 | \fn bool QOcspResponse::operator==(const QOcspResponse &lhs, const QOcspResponse &rhs) |
176 | |
177 | Returns \c true if \a lhs and \a rhs are the responses for the same |
178 | certificate, signed by the same responder, have the same |
179 | revocation reason and the same certificate status. |
180 | |
181 | \since 5.13 |
182 | */ |
183 | |
184 | /*! |
185 | \fn bool QOcspResponse::operator!=(const QOcspResponse &lhs, const QOcspResponse &rhs) |
186 | |
187 | Returns \c true if \a lhs and \a rhs are responses for different certificates, |
188 | or signed by different responders, or have different revocation reasons, or different |
189 | certificate statuses. |
190 | |
191 | \since 5.13 |
192 | */ |
193 | |
194 | /*! |
195 | \internal |
196 | */ |
197 | bool QOcspResponse::isEqual(const QOcspResponse &other) const |
198 | { |
199 | return d == other.d || *d == *other.d; |
200 | } |
201 | |
202 | /*! |
203 | \fn size_t qHash(const QOcspResponse &key, size_t seed) |
204 | \since 5.13 |
205 | \qhashold{QHash} |
206 | */ |
207 | size_t qHash(const QOcspResponse &response, size_t seed) noexcept |
208 | { |
209 | const QOcspResponsePrivate *d = response.d.data(); |
210 | Q_ASSERT(d); |
211 | |
212 | QtPrivate::QHashCombine hasher; |
213 | size_t hash = hasher(seed, int(d->certificateStatus)); |
214 | hash = hasher(hash, int(d->revocationReason)); |
215 | if (!d->signerCert.isNull()) |
216 | hash = hasher(hash, d->signerCert); |
217 | if (!d->subjectCert.isNull()) |
218 | hash = hasher(hash, d->subjectCert); |
219 | |
220 | return hash; |
221 | } |
222 | |
223 | QT_END_NAMESPACE |
224 | |