Subgroup: Auth
Class: QgsAuthCertUtils¶
-
class
qgis.core.
QgsAuthCertUtils
¶ Bases:
sip.wrapper
Utilities for working with certificates and keys
Methods
casFromFile
Return list of concatenated CAs from a PEM or DER formatted file casMerge
casMerge merges two certificate bundles in a single one removing duplicates, the certificates casRemoveSelfSigned
casRemoveSelfSigned remove self-signed CA certificates from caList
certFromFile
Return first cert from a PEM or DER formatted file certIsCurrent
certIsCurrent checks if cert
is viable for its not before and not after datescertIsViable
certIsViable checks for viability errors of cert
and whether it is NULLcertKeyBundleToPem
Return list of certificate, private key and algorithm (as PEM text) from file path components certViabilityErrors
certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given cert
certificateIsAuthority
Get whether a certificate is an Authority certificateIsAuthorityOrIssuer
Get whether a certificate is an Authority or can at least sign other certificates certificateIsIssuer
Get whether a certificate can sign other certificates certificateIsSslClient
Get whether a certificate is probably used for a client identity certificateIsSslServer
Get whether a certificate is probably used for a SSL server certificateUsageTypes
Try to determine the certificates usage types certsFromFile
Return list of concatenated certs from a PEM or DER formatted file certsFromString
Return list of concatenated certs from a PEM Base64 text block certsToPemText
certsToPemText dump a list of QSslCertificates to PEM text fileData
Return data from a local file via a read-only operation getCaSourceName
Get the general name for CA source enum type getCertTrustName
Get the general name for certificate trust getColonDelimited
Get string with colon delimiters every 2 characters getSslProtocolName
SSL Protocol name strings per enum keyFromFile
Return non-encrypted key from a PEM or DER formatted file mapDigestToCerts
Map certificate sha1 to certificate as simple cache mapDigestToSslConfigs
Map SSL custom configs’ certificate sha1 to custom config as simple cache pemIsPkcs8
Determine if the PEM-encoded text of a key is PKCS#8 format pemTextToTempFile
Write a temporary file for a PEM text of cert/key/CAs bundle component pkcs12BundleCas
Return list of CA certificates (as QSslCertificate) for a PKCS#12 bundle pkcs12BundleToPem
Return list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle resolvedCertName
Get the general name via RFC 5280 resolution shaHexForCert
Get the sha1 hash for certificate sslErrorEnumString
Get short strings describing an SSL error validateCertChain
validateCertChain validates the given certificateChain
validatePKIBundle
validatePKIBundle validate the PKI bundle by checking the certificate chain, the Attributes
-
AnyOrUnspecifiedUsage
= 1¶
-
CRLSigningUsage
= 10¶
-
class
CaCertSource
¶ Bases:
int
-
CertAuthorityUsage
= 2¶
-
CertIssuerUsage
= 3¶
-
class
CertTrustPolicy
¶ Bases:
int
-
class
CertUsageType
¶ Bases:
int
-
CodeSigningUsage
= 7¶
-
Connection
= 3¶
-
class
ConstraintGroup
¶ Bases:
int
-
DefaultTrust
= 0¶
-
EmailProtectionUsage
= 8¶
-
ExtendedKeyUsage
= 1¶
-
FromFile
= 1¶
-
InDatabase
= 2¶
-
KeyUsage
= 0¶
-
NoPolicy
= 3¶
-
SystemRoot
= 0¶
-
TimeStampingUsage
= 9¶
-
TlsClientUsage
= 6¶
-
TlsServerEvUsage
= 5¶
-
TlsServerUsage
= 4¶
-
Trusted
= 1¶
-
UndeterminedUsage
= 0¶
-
Untrusted
= 2¶
-
casFromFile
(certspath: str) → List[QSslCertificate]¶ Return list of concatenated CAs from a PEM or DER formatted file
-
casMerge
(bundle1: Iterable[QSslCertificate], bundle2: Iterable[QSslCertificate]) → List[QSslCertificate]¶ casMerge merges two certificate bundles in a single one removing duplicates, the certificates from the
bundle2
are appended tobundle1
if not already thereParameters: - bundle1 – first bundle
- bundle2 – second bundle
Returns: a list of unique certificates
-
casRemoveSelfSigned
(caList: Iterable[QSslCertificate]) → List[QSslCertificate]¶ casRemoveSelfSigned remove self-signed CA certificates from
caList
Parameters: caList – list of CA certificates Returns: a list of non self-signed certificates
-
certFromFile
(certpath: str) → QSslCertificate¶ Return first cert from a PEM or DER formatted file
-
certIsCurrent
(cert: QSslCertificate) → bool¶ certIsCurrent checks if
cert
is viable for its not before and not after datesParameters: cert – certificate to be checked
-
certIsViable
(cert: QSslCertificate) → bool¶ certIsViable checks for viability errors of
cert
and whether it is NULLParameters: cert – certificate to be checked Returns: false if cert is NULL or has viability errors
-
certKeyBundleToPem
(certpath: str, keypath: str, keypass: str = '', reencrypt: bool = True) → List[str]¶ Return list of certificate, private key and algorithm (as PEM text) from file path components
Parameters: - certpath – File path to certificate
- keypath – File path to private key
- keypass – Passphrase for private key
- reencrypt – Whether to re-encrypt the private key with the passphrase
Returns: certificate, private key, key’s algorithm type
-
certViabilityErrors
(cert: QSslCertificate) → List[QSslError]¶ certViabilityErrors checks basic characteristics (validity dates, blacklisting, etc.) of given
cert
Parameters: cert – certificate to be checked Returns: list of QSslError (will return NO ERRORS if a null QSslCertificate is passed)
-
certificateIsAuthority
(cert: QSslCertificate) → bool¶ Get whether a certificate is an Authority
-
certificateIsAuthorityOrIssuer
(cert: QSslCertificate) → bool¶ Get whether a certificate is an Authority or can at least sign other certificates
-
certificateIsIssuer
(cert: QSslCertificate) → bool¶ Get whether a certificate can sign other certificates
-
certificateIsSslClient
(cert: QSslCertificate) → bool¶ Get whether a certificate is probably used for a client identity
-
certificateIsSslServer
(cert: QSslCertificate) → bool¶ Get whether a certificate is probably used for a SSL server
-
certificateUsageTypes
(cert: QSslCertificate) → object¶ Try to determine the certificates usage types
-
certsFromFile
(certspath: str) → List[QSslCertificate]¶ Return list of concatenated certs from a PEM or DER formatted file
-
certsFromString
(pemtext: str) → List[QSslCertificate]¶ Return list of concatenated certs from a PEM Base64 text block
-
certsToPemText
(certs: Iterable[QSslCertificate]) → QByteArray¶ certsToPemText dump a list of QSslCertificates to PEM text
Parameters: certs – list of certs Returns: a byte array of concatenated certificates as PEM text
-
fileData
(path: str) → QByteArray¶ Return data from a local file via a read-only operation
Parameters: path – Path to file to read Returns: All data contained in file or empty contents if file does not exist
-
getCaSourceName
(source: QgsAuthCertUtils.CaCertSource, single: bool = False) → str¶ Get the general name for CA source enum type
Parameters: - source – The enum source type for the CA
- single – Whether to return singular or plural description
-
getCertTrustName
(trust: QgsAuthCertUtils.CertTrustPolicy) → str¶ Get the general name for certificate trust
-
getColonDelimited
(txt: str) → str¶ Get string with colon delimiters every 2 characters
-
getSslProtocolName
(protocol: QSsl.SslProtocol) → str¶ SSL Protocol name strings per enum
-
keyFromFile
(keypath: str, keypass: str = '', algtype: str = '') → QSslKey¶ Return non-encrypted key from a PEM or DER formatted file
Parameters: - keypath – File path to private key
- keypass – Passphrase for private key
- algtype – QString to set with resolved algorithm type
-
mapDigestToCerts
(certs: Iterable[QSslCertificate]) → object¶ Map certificate sha1 to certificate as simple cache
-
mapDigestToSslConfigs
(configs: object) → object¶ Map SSL custom configs’ certificate sha1 to custom config as simple cache
-
pemIsPkcs8
(keyPemTxt: str) → bool¶ Determine if the PEM-encoded text of a key is PKCS#8 format
Parameters: keyPemTxt – PEM-encoded text Returns: True if PKCS#8, otherwise false
-
pemTextToTempFile
(name: str, pemtext: Union[QByteArray, bytes, bytearray]) → str¶ Write a temporary file for a PEM text of cert/key/CAs bundle component
Parameters: - pemtext – Component content as PEM text
- name – Name of file
Returns: File path to temporary file
-
pkcs12BundleCas
(bundlepath: str, bundlepass: str = '') → List[QSslCertificate]¶ Return list of CA certificates (as QSslCertificate) for a PKCS#12 bundle
Parameters: - bundlepath – File path to the PKCS bundle
- bundlepass – Passphrase for bundle
Returns: list of certificate
-
pkcs12BundleToPem
(bundlepath: str, bundlepass: str = '', reencrypt: bool = True) → List[str]¶ Return list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
Parameters: - bundlepath – File path to the PKCS bundle
- bundlepass – Passphrase for bundle
- reencrypt – Whether to re-encrypt the private key with the passphrase
Returns: certificate, private key, key’s algorithm type
-
resolvedCertName
(cert: QSslCertificate, issuer: bool = False) → str¶ Get the general name via RFC 5280 resolution
-
shaHexForCert
(cert: QSslCertificate, formatted: bool = False) → str¶ Get the sha1 hash for certificate
Parameters: - cert – Qt SSL certificate to generate hash from
- formatted – Whether to colon-delimit the hash
-
sslErrorEnumString
(errenum: QSslError.SslError) → str¶ Get short strings describing an SSL error
-
validateCertChain
(certificateChain: Iterable[QSslCertificate], hostName: str = '', trustRootCa: bool = False) → List[QSslError]¶ validateCertChain validates the given
certificateChain
Parameters: - certificateChain – list of certificates to be checked, with leaf first and with optional root CA last
- hostName – (optional) name of the host to be verified
- trustRootCa – if true the CA will be added to the trusted CAs for this validation check
Returns: list of QSslError, if the list is empty then the cert chain is valid
-
validatePKIBundle
(bundle: QgsPkiBundle, useIntermediates: bool = True, trustRootCa: bool = False) → List[str]¶ validatePKIBundle validate the PKI bundle by checking the certificate chain, the expiration and effective dates, optionally trusts the root CA
Parameters: - bundle –
- useIntermediates – if true the intermediate certs are also checked
- trustRootCa – if true the CA will be added to the trusted CAs for this validation check (if useIntermediates is false)
this option is ignored and set to false
Returns: a list of error strings, if the list is empty then the PKI bundle is valid
-