| 1 | // Copyright (C) 2011 Richard J. Moore <rich@kde.org> |
|---|
| 2 | // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only |
|---|
| 3 | |
|---|
| 4 | /*! |
|---|
| 5 | \class QSslCertificateExtension |
|---|
| 6 | \brief The QSslCertificateExtension class provides an API for accessing the |
|---|
| 7 | extensions of an X509 certificate. |
|---|
| 8 | \since 5.0 |
|---|
| 9 | |
|---|
| 10 | \reentrant |
|---|
| 11 | \ingroup network |
|---|
| 12 | \ingroup ssl |
|---|
| 13 | \ingroup shared |
|---|
| 14 | \inmodule QtNetwork |
|---|
| 15 | |
|---|
| 16 | QSslCertificateExtension provides access to an extension stored in |
|---|
| 17 | an X509 certificate. The information available depends on the type |
|---|
| 18 | of extension being accessed. |
|---|
| 19 | |
|---|
| 20 | All X509 certificate extensions have the following properties: |
|---|
| 21 | |
|---|
| 22 | \table |
|---|
| 23 | \header |
|---|
| 24 | \li Property |
|---|
| 25 | \li Description |
|---|
| 26 | \row |
|---|
| 27 | \li name |
|---|
| 28 | \li The human readable name of the extension, eg. 'basicConstraints'. |
|---|
| 29 | \row |
|---|
| 30 | \li criticality |
|---|
| 31 | \li This is a boolean value indicating if the extension is critical |
|---|
| 32 | to correctly interpreting the certificate. |
|---|
| 33 | \row |
|---|
| 34 | \li oid |
|---|
| 35 | \li The ASN.1 object identifier that specifies which extension this |
|---|
| 36 | is. |
|---|
| 37 | \row |
|---|
| 38 | \li supported |
|---|
| 39 | \li If this is true the structure of the extension's value will not |
|---|
| 40 | change between Qt versions. |
|---|
| 41 | \row |
|---|
| 42 | \li value |
|---|
| 43 | \li A QVariant with a structure dependent on the type of extension. |
|---|
| 44 | \endtable |
|---|
| 45 | |
|---|
| 46 | Whilst this class provides access to any type of extension, only |
|---|
| 47 | some are guaranteed to be returned in a format that will remain |
|---|
| 48 | unchanged between releases. The isSupported() method returns \c true |
|---|
| 49 | for extensions where this is the case. |
|---|
| 50 | |
|---|
| 51 | The extensions currently supported, and the structure of the value |
|---|
| 52 | returned are as follows: |
|---|
| 53 | |
|---|
| 54 | \table |
|---|
| 55 | \header |
|---|
| 56 | \li Name |
|---|
| 57 | \li OID |
|---|
| 58 | \li Details |
|---|
| 59 | \row |
|---|
| 60 | \li basicConstraints |
|---|
| 61 | \li 2.5.29.19 |
|---|
| 62 | \li Returned as a QVariantMap. The key 'ca' contains a boolean value, |
|---|
| 63 | the optional key 'pathLenConstraint' contains an integer. |
|---|
| 64 | \row |
|---|
| 65 | \li authorityInfoAccess |
|---|
| 66 | \li 1.3.6.1.5.5.7.1.1 |
|---|
| 67 | \li Returned as a QVariantMap. There is a key for each access method, |
|---|
| 68 | with the value being a URI. |
|---|
| 69 | \row |
|---|
| 70 | \li subjectKeyIdentifier |
|---|
| 71 | \li 2.5.29.14 |
|---|
| 72 | \li Returned as a QVariant containing a QString. The string is the key |
|---|
| 73 | identifier. |
|---|
| 74 | \row |
|---|
| 75 | \li authorityKeyIdentifier |
|---|
| 76 | \li 2.5.29.35 |
|---|
| 77 | \li Returned as a QVariantMap. The optional key 'keyid' contains the key |
|---|
| 78 | identifier as a hex string stored in a QByteArray. The optional key |
|---|
| 79 | 'serial' contains the authority key serial number as a qlonglong. |
|---|
| 80 | Currently there is no support for the general names field of this |
|---|
| 81 | extension. |
|---|
| 82 | \endtable |
|---|
| 83 | |
|---|
| 84 | In addition to the supported extensions above, many other common extensions |
|---|
| 85 | will be returned in a reasonably structured way. Extensions that the SSL |
|---|
| 86 | backend has no support for at all will be returned as a QByteArray. |
|---|
| 87 | |
|---|
| 88 | Further information about the types of extensions certificates can |
|---|
| 89 | contain can be found in RFC 5280. |
|---|
| 90 | |
|---|
| 91 | \sa QSslCertificate::extensions() |
|---|
| 92 | */ |
|---|
| 93 | |
|---|
| 94 | #include "qsslcertificateextension.h" |
|---|
| 95 | #include "qsslcertificateextension_p.h" |
|---|
| 96 | |
|---|
| 97 | QT_BEGIN_NAMESPACE |
|---|
| 98 | |
|---|
| 99 | /*! |
|---|
| 100 | Constructs a QSslCertificateExtension. |
|---|
| 101 | */ |
|---|
| 102 | QSslCertificateExtension::QSslCertificateExtension() |
|---|
| 103 | : d(new QSslCertificateExtensionPrivate) |
|---|
| 104 | { |
|---|
| 105 | } |
|---|
| 106 | |
|---|
| 107 | /*! |
|---|
| 108 | Constructs a copy of \a other. |
|---|
| 109 | */ |
|---|
| 110 | QSslCertificateExtension::QSslCertificateExtension(const QSslCertificateExtension &other) |
|---|
| 111 | : d(other.d) |
|---|
| 112 | { |
|---|
| 113 | } |
|---|
| 114 | |
|---|
| 115 | /*! |
|---|
| 116 | Destroys the extension. |
|---|
| 117 | */ |
|---|
| 118 | QSslCertificateExtension::~QSslCertificateExtension() |
|---|
| 119 | { |
|---|
| 120 | } |
|---|
| 121 | |
|---|
| 122 | /*! |
|---|
| 123 | Assigns \a other to this extension and returns a reference to this extension. |
|---|
| 124 | */ |
|---|
| 125 | QSslCertificateExtension &QSslCertificateExtension::operator=(const QSslCertificateExtension &other) |
|---|
| 126 | { |
|---|
| 127 | d = other.d; |
|---|
| 128 | return *this; |
|---|
| 129 | } |
|---|
| 130 | |
|---|
| 131 | /*! |
|---|
| 132 | \fn void QSslCertificateExtension::swap(QSslCertificateExtension &other) |
|---|
| 133 | |
|---|
| 134 | Swaps this certificate extension instance with \a other. This |
|---|
| 135 | function is very fast and never fails. |
|---|
| 136 | */ |
|---|
| 137 | |
|---|
| 138 | /*! |
|---|
| 139 | Returns the ASN.1 OID of this extension. |
|---|
| 140 | */ |
|---|
| 141 | QString QSslCertificateExtension::oid() const |
|---|
| 142 | { |
|---|
| 143 | return d->oid; |
|---|
| 144 | } |
|---|
| 145 | |
|---|
| 146 | /*! |
|---|
| 147 | Returns the name of the extension. If no name is known for the |
|---|
| 148 | extension then the OID will be returned. |
|---|
| 149 | */ |
|---|
| 150 | QString QSslCertificateExtension::name() const |
|---|
| 151 | { |
|---|
| 152 | return d->name; |
|---|
| 153 | } |
|---|
| 154 | |
|---|
| 155 | /*! |
|---|
| 156 | Returns the value of the extension. The structure of the value |
|---|
| 157 | returned depends on the extension type. |
|---|
| 158 | */ |
|---|
| 159 | QVariant QSslCertificateExtension::value() const |
|---|
| 160 | { |
|---|
| 161 | return d->value; |
|---|
| 162 | } |
|---|
| 163 | |
|---|
| 164 | /*! |
|---|
| 165 | Returns the criticality of the extension. |
|---|
| 166 | */ |
|---|
| 167 | bool QSslCertificateExtension::isCritical() const |
|---|
| 168 | { |
|---|
| 169 | return d->critical; |
|---|
| 170 | } |
|---|
| 171 | |
|---|
| 172 | /*! |
|---|
| 173 | Returns the true if this extension is supported. In this case, |
|---|
| 174 | supported simply means that the structure of the QVariant returned |
|---|
| 175 | by the value() accessor will remain unchanged between versions. |
|---|
| 176 | Unsupported extensions can be freely used, however there is no |
|---|
| 177 | guarantee that the returned data will have the same structure |
|---|
| 178 | between versions. |
|---|
| 179 | */ |
|---|
| 180 | bool QSslCertificateExtension::isSupported() const |
|---|
| 181 | { |
|---|
| 182 | return d->supported; |
|---|
| 183 | } |
|---|
| 184 | |
|---|
| 185 | QT_END_NAMESPACE |
|---|
| 186 | |
|---|
