aheinecke@404: /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik aheinecke@404: * Software engineering by Intevation GmbH aheinecke@404: * aheinecke@404: * This file is Free Software under the GNU GPL (v>=2) aheinecke@404: * and comes with ABSOLUTELY NO WARRANTY! aheinecke@404: * See LICENSE.txt for details. aheinecke@404: */ aheinecke@21: #ifndef CERTIFICATE_H aheinecke@21: #define CERTIFICATE_H aheinecke@21: /** aheinecke@21: * @file certificate.h aheinecke@21: * @brief Class around native certificates. aheinecke@21: * aheinecke@21: */ aheinecke@21: aheinecke@21: #include aheinecke@338: #include andre@186: #include aheinecke@21: #include aheinecke@21: aheinecke@21: #ifdef Q_OS_WIN aheinecke@21: #include aheinecke@21: #include aheinecke@21: #endif aheinecke@21: andre@1255: /** @brief Object representation of a single certificate andre@1255: * andre@1255: * This parses a PEM (base64 encoded der certificate) and andre@1255: * provides accessors to the parsed certificate information andre@1255: * together with meta information about the certificate as andre@1255: * it is used by the Application. andre@1255: */ aheinecke@21: class Certificate aheinecke@21: { aheinecke@21: public: aheinecke@94: andre@1255: /** andre@1255: * @enum Status andre@1255: * @brief the Status compared to the last installed list. */ rrenkert@265: enum Status { andre@1255: /*! Never seen this before */ InstallNew = 1, andre@1255: /*! Already contained in last list */ InstallOld, andre@1255: /*! Was an Install certificate in the last list */ RemoveNew, andre@1255: /*! Already removed in the last list */ RemoveOld rrenkert@265: }; rrenkert@265: aheinecke@83: /** @brief construct a certificate from a line of a certificate list. aheinecke@83: * aheinecke@83: * The first two characters of the string are expected to be aheinecke@83: * the command. I: or R: aheinecke@83: * aheinecke@83: * @param[in] b64Line The line from the certificate list. aheinecke@21: **/ aheinecke@94: Certificate(const QString& b64Line = QString()); aheinecke@21: andre@349: /** @brief construct a certificate from a byte array of DER data andre@349: * andre@349: * @param[in] derData a der encoded certificate. andre@349: **/ andre@349: Certificate(const QByteArray& derData); andre@349: aheinecke@21: /** @brief check if this certificate could be parsed */ aheinecke@78: bool isValid() const {return mValid;} aheinecke@21: aheinecke@21: /** @brief get a short description of the certificate aheinecke@21: * aheinecke@21: * This description should be used as a short overview aheinecke@21: * for this certificate aheinecke@21: * aheinecke@21: **/ andre@186: QString shortDescription() const; aheinecke@83: aheinecke@83: /** @brief get details for the certificate aheinecke@83: * aheinecke@338: * Get a formatted details string usable for user visible aheinecke@338: * certificate details. aheinecke@83: * aheinecke@83: **/ aheinecke@83: const QString& details() const {return mDetails;} aheinecke@83: aheinecke@83: /** @brief get the line from which this certificate was constructed aheinecke@83: * aheinecke@83: * The resulting line includes the instruction e.g. aheinecke@83: * aheinecke@83: * I:BASE64ENCODEDATA... aheinecke@83: * aheinecke@83: **/ aheinecke@83: const QString& base64Line() const {return mBaseLine;} aheinecke@21: aheinecke@248: /** @brief Check if this certificate has the install instruction. aheinecke@248: * aheinecke@248: * This is shorthand for baseLine.startsWith("I:"); aheinecke@248: **/ aheinecke@248: bool isInstallCert() const {return mBaseLine.startsWith("I:");} aheinecke@248: rrenkert@352: /** @brief Set the install instruction for this certificate. rrenkert@352: * rrenkert@352: * Set the base 64 line prefix to "I:" or "R:". rrenkert@352: **/ rrenkert@352: void setInstallCert(bool install); rrenkert@352: andre@1255: /** @brief wether or not the certificate is editable. andre@1255: * andre@1255: * Editable means that the installation status can be changed. andre@1255: * E.g. You can not change the state of a removal certificate andre@1255: * that has been removed. andre@1255: * andre@1255: * @returns true if the certificate is editable */ rrenkert@357: bool isEditable() const {return mEditable;} rrenkert@357: andre@1255: /** @brief setter for the editable property. */ rrenkert@357: void setEditable(bool edit) {mEditable = edit;} rrenkert@357: rrenkert@341: /** @brief get the subject OU from the certificate */ rrenkert@341: QString subjectOU() const {return mSubjectOU;} rrenkert@341: rrenkert@341: /** @brief get the subject CN from the certificate */ rrenkert@341: QString subjectCN() const {return mSubjectCN;} rrenkert@341: rrenkert@341: /** @brief get the subject O from the certificate */ rrenkert@341: QString subjectO() const {return mSubjectO;} rrenkert@341: rrenkert@341: /** @brief get the subject SN from the certificate */ rrenkert@341: QString subjectSN() const {return mSubjectSN;} rrenkert@341: rrenkert@341: /** @brief get the date the certificate was issued */ rrenkert@341: QDateTime validFrom() const {return mValidFrom;} rrenkert@341: rrenkert@341: /** @brief get the date the certificate expires */ rrenkert@341: QDateTime validTo() const {return mValidTo;} rrenkert@341: andre@380: /** @brief get the issuer CN from the certificate */ andre@380: QString issuerCN() const {return mIssuerCN;} andre@380: andre@380: /** @brief get the issuer Organization from the certificate */ andre@380: QString issuerO() const {return mIssuerO;} andre@380: andre@378: /** @brief get sha1 sum of the certificate */ andre@378: QString fingerprint() const {return mFingerprint;} andre@378: andre@349: /** @brief construct certificate objects from a file andre@349: * andre@349: * Constructs a new Certificate Object from a file containing either andre@349: * one DER encoded certificate or one or many PEM certificates. andre@349: * If no certificate could be parsed from that file an empty list is andre@349: * returned. andre@349: * andre@349: * The size restrictions for the certificate list file also apply andre@349: * for this file. andre@349: **/ andre@349: static QList fromFileName (const QString& file_name); andre@349: andre@1255: /** @brief comparator of two certificates. andre@1255: * andre@1255: * Two certificates are equal if their base64 raw data is a match andre@1255: * regardless of other meta information like state or wether or not andre@1255: * it is editable. andre@1255: * andre@1255: * @returns true if the base64 line of two certificates is equal. andre@1255: **/ andre@386: friend inline bool operator==(const Certificate& lhs, const Certificate& rhs) { andre@386: return lhs.base64Line() == rhs.base64Line(); andre@386: } aheinecke@21: private: aheinecke@338: /** @brief Helper function to parse the details of a certificate **/ aheinecke@338: void parseDetails(const QByteArray& cert); aheinecke@338: aheinecke@21: bool mValid; bernhard@545: /* bool mInstCert; */ rrenkert@357: bool mEditable; aheinecke@83: aheinecke@338: QString mSubjectOU, aheinecke@338: mSubjectCN, aheinecke@338: mSubjectO, aheinecke@338: mSubjectSN, aheinecke@338: mDetails, andre@378: mBaseLine, andre@380: mFingerprint, andre@380: mIssuerO, andre@380: mIssuerCN; aheinecke@338: aheinecke@338: QDateTime mValidFrom, aheinecke@338: mValidTo; aheinecke@21: }; aheinecke@21: #endif