Class: QgsAuthCertUtils¶
-
class
qgis.core.
QgsAuthCertUtils
¶ Bases:
sip.wrapper
Utilities for working with certificates and keys
Methods
Returns a list of concatenated CAs from a PEM or DER formatted file
casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already therecasRemoveSelfSigned remove self-signed CA certificates from
caList
Returns the first cert from a PEM or DER formatted file
certIsCurrent checks if
cert
is viable for its not before and not after datescertIsViable checks for viability errors of
cert
and whether it is NULLReturns list of certificate, private key and algorithm (as PEM text) from file path components
certViabilityErrors checks basic characteristics (validity dates, blocklisting, etc.) of given
cert
Gets whether a certificate is an Authority
Gets whether a certificate is an Authority or can at least sign other certificates
Gets whether a certificate can sign other certificates
Gets whether a certificate is probably used for a client identity
Gets whether a certificate is probably used for a SSL server
Try to determine the certificates usage types
Returns a list of concatenated certs from a PEM or DER formatted file
Returns a list of concatenated certs from a PEM Base64 text block
certsToPemText dump a list of QSslCertificates to PEM text
Returns data from a local file via a read-only operation
Gets the general name for CA source enum type
Gets the general name for certificate trust
Gets string with colon delimiters every 2 characters
SSL Protocol name strings per enum
Returns non-encrypted key from a PEM or DER formatted file
Map certificate sha1 to certificate as simple cache
Map SSL custom configs’ certificate sha1 to custom config as simple cache
Determine if the PEM-encoded text of a key is PKCS#8 format
Write a temporary file for a PEM text of cert/key/CAs bundle component
Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
Gets the general name via RFC 5280 resolution
Gets the sha1 hash for certificate
Gets short strings describing an SSL error
validateCertChain validates the given
certificateChain
validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
Attributes
-
AnyOrUnspecifiedUsage
= 1¶
-
CRLSigningUsage
= 10¶
-
class
CaCertSource
¶ Bases:
int
-
CertAuthorityUsage
= 2¶
-
CertIssuerUsage
= 3¶
-
class
CertTrustPolicy
¶ Bases:
int
-
class
CertUsageType
¶ Bases:
int
-
CodeSigningUsage
= 7¶
-
Connection
= 3¶
-
class
ConstraintGroup
¶ Bases:
int
-
DefaultTrust
= 0¶
-
EmailProtectionUsage
= 8¶
-
ExtendedKeyUsage
= 1¶
-
FromFile
= 1¶
-
InDatabase
= 2¶
-
KeyUsage
= 0¶
-
NoPolicy
= 3¶
-
SystemRoot
= 0¶
-
TimeStampingUsage
= 9¶
-
TlsClientUsage
= 6¶
-
TlsServerEvUsage
= 5¶
-
TlsServerUsage
= 4¶
-
Trusted
= 1¶
-
UndeterminedUsage
= 0¶
-
Untrusted
= 2¶
-
casFromFile
(certspath: str) → List[QSslCertificate]¶ Returns a list of concatenated CAs from a PEM or DER formatted file
- Parameters
certspath (str) –
- Return type
List[QSslCertificate]
-
casMerge
(bundle1: Iterable[QSslCertificate], bundle2: Iterable[QSslCertificate]) → List[QSslCertificate]¶ casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already there- Parameters
bundle1 (Iterable[QSslCertificate]) – first bundle
bundle2 (Iterable[QSslCertificate]) – second bundle
- Return type
List[QSslCertificate]
- Returns
a list of unique certificates
-
casRemoveSelfSigned
(caList: Iterable[QSslCertificate]) → List[QSslCertificate]¶ casRemoveSelfSigned remove self-signed CA certificates from
caList
- Parameters
caList (Iterable[QSslCertificate]) – list of CA certificates
- Return type
List[QSslCertificate]
- Returns
a list of non self-signed certificates
-
certFromFile
(certpath: str) → QSslCertificate¶ Returns the first cert from a PEM or DER formatted file
- Parameters
certpath (str) –
- Return type
QSslCertificate
-
certIsCurrent
(cert: QSslCertificate) → bool¶ certIsCurrent checks if
cert
is viable for its not before and not after dates- Parameters
cert (QSslCertificate) – certificate to be checked
- Return type
bool
-
certIsViable
(cert: QSslCertificate) → bool¶ certIsViable checks for viability errors of
cert
and whether it is NULL- Parameters
cert (QSslCertificate) – certificate to be checked
- Return type
bool
- Returns
False
if cert is NULL or has viability errors
-
certKeyBundleToPem
(certpath: str, keypath: str, keypass: str = '', reencrypt: bool = True) → List[str]¶ Returns list of certificate, private key and algorithm (as PEM text) from file path components
- Parameters
certpath (str) – File path to certificate
keypath (str) – File path to private key
keypass (str = '') – Passphrase for private key
reencrypt (bool = True) – Whether to re-encrypt the private key with the passphrase
- Return type
List[str]
- Returns
certificate, private key, key’s algorithm type
-
certViabilityErrors
(cert: QSslCertificate) → List[QSslError]¶ certViabilityErrors checks basic characteristics (validity dates, blocklisting, etc.) of given
cert
- Parameters
cert (QSslCertificate) – certificate to be checked
- Return type
List[QSslError]
- Returns
list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)
-
certificateIsAuthority
(cert: QSslCertificate) → bool¶ Gets whether a certificate is an Authority
- Parameters
cert (QSslCertificate) –
- Return type
bool
-
certificateIsAuthorityOrIssuer
(cert: QSslCertificate) → bool¶ Gets whether a certificate is an Authority or can at least sign other certificates
- Parameters
cert (QSslCertificate) –
- Return type
bool
-
certificateIsIssuer
(cert: QSslCertificate) → bool¶ Gets whether a certificate can sign other certificates
- Parameters
cert (QSslCertificate) –
- Return type
bool
-
certificateIsSslClient
(cert: QSslCertificate) → bool¶ Gets whether a certificate is probably used for a client identity
- Parameters
cert (QSslCertificate) –
- Return type
bool
-
certificateIsSslServer
(cert: QSslCertificate) → bool¶ Gets whether a certificate is probably used for a SSL server
- Parameters
cert (QSslCertificate) –
- Return type
bool
-
certificateUsageTypes
(cert: QSslCertificate) → List[QgsAuthCertUtils.CertUsageType]¶ Try to determine the certificates usage types
- Parameters
cert (QSslCertificate) –
- Return type
-
certsFromFile
(certspath: str) → List[QSslCertificate]¶ Returns a list of concatenated certs from a PEM or DER formatted file
- Parameters
certspath (str) –
- Return type
List[QSslCertificate]
-
certsFromString
(pemtext: str) → List[QSslCertificate]¶ Returns a list of concatenated certs from a PEM Base64 text block
- Parameters
pemtext (str) –
- Return type
List[QSslCertificate]
-
certsToPemText
(certs: Iterable[QSslCertificate]) → QByteArray¶ certsToPemText dump a list of QSslCertificates to PEM text
- Parameters
certs (Iterable[QSslCertificate]) – list of certs
- Return type
QByteArray
- Returns
a byte array of concatenated certificates as PEM text
-
fileData
(path: str) → QByteArray¶ Returns data from a local file via a read-only operation
- Parameters
path (str) – Path to file to read
- Return type
QByteArray
- Returns
All data contained in file or empty contents if file does not exist
-
getCaSourceName
(source: QgsAuthCertUtils.CaCertSource, single: bool = False) → str¶ Gets the general name for CA source enum type
- Parameters
source (QgsAuthCertUtils.CaCertSource) – The enum source type for the CA
single (bool = False) – Whether to return singular or plural description
- Return type
str
-
getCertTrustName
(trust: QgsAuthCertUtils.CertTrustPolicy) → str¶ Gets the general name for certificate trust
- Parameters
trust (QgsAuthCertUtils.CertTrustPolicy) –
- Return type
str
-
getColonDelimited
(txt: str) → str¶ Gets string with colon delimiters every 2 characters
- Parameters
txt (str) –
- Return type
str
-
getSslProtocolName
(protocol: QSsl.SslProtocol) → str¶ SSL Protocol name strings per enum
- Parameters
protocol (QSsl.SslProtocol) –
- Return type
str
-
keyFromFile
(keypath: str, keypass: str = '', algtype: str = '') → QSslKey¶ Returns non-encrypted key from a PEM or DER formatted file
- Parameters
keypath (str) – File path to private key
keypass (str = '') – Passphrase for private key
algtype (str = '') – QString to set with resolved algorithm type
- Return type
QSslKey
-
mapDigestToCerts
(certs: Iterable[QSslCertificate]) → Dict[str, QSslCertificate]¶ Map certificate sha1 to certificate as simple cache
- Parameters
certs (Iterable[QSslCertificate]) –
- Return type
Dict[str, QSslCertificate]
-
mapDigestToSslConfigs
(configs: Iterable[QgsAuthConfigSslServer]) → Dict[str, QgsAuthConfigSslServer]¶ Map SSL custom configs’ certificate sha1 to custom config as simple cache
- Parameters
configs (Iterable[QgsAuthConfigSslServer]) –
- Return type
Dict[str, QgsAuthConfigSslServer]
-
pemIsPkcs8
(keyPemTxt: str) → bool¶ Determine if the PEM-encoded text of a key is PKCS#8 format
- Parameters
keyPemTxt (str) – PEM-encoded text
- Return type
bool
- Returns
True
if PKCS#8, otherwiseFalse
-
pemTextToTempFile
(name: str, pemtext: Union[QByteArray, bytes, bytearray]) → str¶ Write a temporary file for a PEM text of cert/key/CAs bundle component
- Parameters
pemtext (Union[QByteArray) – Component content as PEM text
name (str) – Name of file
- Return type
str
- Returns
File path to temporary file
-
pkcs12BundleCas
(bundlepath: str, bundlepass: str = '') → List[QSslCertificate]¶ Returns list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
- Parameters
bundlepath (str) – File path to the PKCS bundle
bundlepass (str = '') – Passphrase for bundle
- Return type
List[QSslCertificate]
- Returns
list of certificate
-
pkcs12BundleToPem
(bundlepath: str, bundlepass: str = '', reencrypt: bool = True) → List[str]¶ Returns list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
- Parameters
bundlepath (str) – File path to the PKCS bundle
bundlepass (str = '') – Passphrase for bundle
reencrypt (bool = True) – Whether to re-encrypt the private key with the passphrase
- Return type
List[str]
- Returns
certificate, private key, key’s algorithm type
-
resolvedCertName
(cert: QSslCertificate, issuer: bool = False) → str¶ Gets the general name via RFC 5280 resolution
- Parameters
cert (QSslCertificate) –
issuer (bool = False) –
- Return type
str
-
shaHexForCert
(cert: QSslCertificate, formatted: bool = False) → str¶ Gets the sha1 hash for certificate
- Parameters
cert (QSslCertificate) – Qt SSL certificate to generate hash from
formatted (bool = False) – Whether to colon-delimit the hash
- Return type
str
-
sslErrorEnumString
(errenum: QSslError.SslError) → str¶ Gets short strings describing an SSL error
- Parameters
errenum (QSslError.SslError) –
- Return type
str
-
validateCertChain
(certificateChain: Iterable[QSslCertificate], hostName: str = '', trustRootCa: bool = False) → List[QSslError]¶ validateCertChain validates the given
certificateChain
- Parameters
certificateChain (Iterable[QSslCertificate]) – list of certificates to be checked, with leaf first and with optional root CA last
hostName (str = '') – (optional) name of the host to be verified
trustRootCa (bool = False) – if
True
the CA will be added to the trusted CAs for this validation check
- Return type
List[QSslError]
- Returns
list of QSslError, if the list is empty then the cert chain is valid
-
validatePKIBundle
(bundle: QgsPkiBundle, useIntermediates: bool = True, trustRootCa: bool = False) → List[str]¶ validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
- Parameters
bundle (QgsPkiBundle) –
useIntermediates (bool = True) – if
True
the intermediate certs are also checkedtrustRootCa (bool = False) – if
True
the CA will be added to the trusted CAs for this validation check (if useIntermediates isFalse
) this option is ignored and set toFalse
- Return type
List[str]
- Returns
a list of error strings, if the list is empty then the PKI bundle is valid
-