qocspresponse.cpp source code [qtbase/src/network/ssl/qocspresponse.cpp]

1	// Copyright (C) 2011 Richard J. Moore <rich@kde.org>
2	// Copyright (C) 2019 The Qt Company Ltd.
3	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
4
5	#include "qocspresponse_p.h"
6	#include "qocspresponse.h"
7
8	#include "qhashfunctions.h"
9
10	QT_BEGIN_NAMESPACE
11
12	QT_IMPL_METATYPE_EXTERN(QOcspResponse)
13
14	/!*
15	\class QOcspResponse
16	\brief This class represents Online Certificate Status Protocol response.
17	\since 5.13
18
19	\ingroup network
20	\ingroup ssl
21	\inmodule QtNetwork
22
23	The QOcspResponse class represents the revocation status of a server's certificate,
24	received by the client-side socket during the TLS handshake. QSslSocket must be
25	configured with OCSP stapling enabled.
26
27	\sa QSslSocket, QSslSocket::ocspResponses(), certificateStatus(),
28	revocationReason(), responder(), subject(), QOcspCertificateStatus, QOcspRevocationReason,
29	QSslConfiguration::setOcspStaplingEnabled(), QSslConfiguration::ocspStaplingEnabled(),
30	QSslConfiguration::peerCertificate()
31	*/
32
33	/!*
34	\enum QOcspCertificateStatus
35	\brief Describes the Online Certificate Status
36	\relates QOcspResponse
37	\since 5.13
38
39	\ingroup network
40	\ingroup ssl
41	\inmodule QtNetwork
42
43	\value Good The certificate is not revoked, but this does not necessarily
44	mean that the certificate was ever issued or that the time at which
45	the response was produced is within the certificate's validity interval.
46	\value Revoked This state indicates that the certificate has been revoked
47	(either permanently or temporarily - on hold).
48	\value Unknown This state indicates that the responder doesn't know about
49	the certificate being requested.
50
51	\sa QOcspRevocationReason
52	*/
53
54	/!*
55	\enum QOcspRevocationReason
56	\brief Describes the reason for revocation
57	\relates QOcspResponse
58	\since 5.13
59
60	\ingroup network
61	\ingroup ssl
62	\inmodule QtNetwork
63
64
65	This enumeration describes revocation reasons, defined in \l{RFC 5280, section 5.3.1}
66
67	\value None
68	\value Unspecified
69	\value KeyCompromise
70	\value CACompromise
71	\value AffiliationChanged
72	\value Superseded
73	\value CessationOfOperation
74	\value CertificateHold
75	\value RemoveFromCRL
76	*/
77
78	/!*
79	\since 5.13
80
81	Creates a new response with status QOcspCertificateStatus::Unknown
82	and revocation reason QOcspRevocationReason::None.
83
84	\sa QOcspCertificateStatus
85	*/
86	QOcspResponse::QOcspResponse()
87	: d (new QOcspResponsePrivate)
88	{
89	}
90
91	/!*
92	\since 5.13
93
94	Copy-constructs a QOcspResponse instance.
95	*/
96	QOcspResponse::QOcspResponse(const QOcspResponse &) = default;
97
98	/!*
99	\since 5.13
100
101	Move-constructs a QOcspResponse instance.
102	*/
103	QOcspResponse::QOcspResponse(QOcspResponse &&) noexcept = default;
104
105	/!*
106	\since 5.13
107
108	Destroys the response.
109	*/
110	QOcspResponse::~QOcspResponse() = default;
111
112	/!*
113	\since 5.13
114
115	Copy-assigns \a other and returns a reference to this response.
116	*/
117	QOcspResponse &QOcspResponse::operator=(const QOcspResponse &) = default;
118
119	/!*
120	\since 5.13
121
122	Move-assigns \a other to this QOcspResponse instance.
123	*/
124	QOcspResponse &QOcspResponse::operator=(QOcspResponse &&) noexcept = default;
125
126	/!*
127	\fn void QOcspResponse::swap(QOcspResponse &other)
128	\since 5.13
129	\memberswap{response}
130	*/
131
132	/!*
133	\since 5.13
134
135	Returns the certificate status.
136
137	\sa QOcspCertificateStatus
138	*/
139	QOcspCertificateStatus QOcspResponse::certificateStatus() const
140	{
141	return d ->certificateStatus;
142	}
143
144	/!*
145	\since 5.13
146
147	Returns the reason for revocation.
148	*/
149	QOcspRevocationReason QOcspResponse::revocationReason() const
150	{
151	return d ->revocationReason;
152	}
153
154	/!*
155	\since 5.13
156
157	This function returns a certificate used to sign OCSP response.
158	*/
159	QSslCertificate QOcspResponse::responder() const
160	{
161	return d ->signerCert;
162	}
163
164	/!*
165	\since 5.13
166
167	This function returns a certificate, for which this response was issued.
168	*/
169	QSslCertificate QOcspResponse::subject() const
170	{
171	return d ->subjectCert;
172	}
173
174	/!*
175	\fn bool QOcspResponse::operator==(const QOcspResponse &lhs, const QOcspResponse &rhs)
176
177	Returns \c true if \a lhs and \a rhs are the responses for the same
178	certificate, signed by the same responder, have the same
179	revocation reason and the same certificate status.
180
181	\since 5.13
182	*/
183
184	/!*
185	\fn bool QOcspResponse::operator!=(const QOcspResponse &lhs, const QOcspResponse &rhs)
186
187	Returns \c true if \a lhs and \a rhs are responses for different certificates,
188	or signed by different responders, or have different revocation reasons, or different
189	certificate statuses.
190
191	\since 5.13
192	*/
193
194	/!*
195	\internal
196	*/
197	bool QOcspResponse::isEqual(const QOcspResponse &other) const
198	{
199	return d == other.d \|\| d == other.d;
200	}
201
202	/!*
203	\fn size_t qHash(const QOcspResponse &key, size_t seed)
204	\since 5.13
205	\qhashold{QHash}
206	*/
207	size_t qHash(const QOcspResponse &response, size_t seed) noexcept
208	{
209	const QOcspResponsePrivate *d = response.d.data();
210	Q_ASSERT(d);
211
212	QtPrivate::QHashCombine hasher;
213	size_t hash = hasher (seed, int(d->certificateStatus));
214	hash = hasher (hash, int(d->revocationReason));
215	if (!d->signerCert.isNull())
216	hash = hasher (hash, d->signerCert);
217	if (!d->subjectCert.isNull())
218	hash = hasher (hash, d->subjectCert);
219
220	return hash;
221	}
222
223	QT_END_NAMESPACE
224

source code of qtbase/src/network/ssl/qocspresponse.cpp