The QSslCertificate class provides a convenient API for an X509 certificate. More...

#include <qsslcertificate.h>

Collaboration diagram for QSslCertificate:

Public Types
enum	SubjectInfo { Organization , CommonName , LocalityName , OrganizationalUnitName , CountryName , StateOrProvinceName , DistinguishedNameQualifier , SerialNumber , EmailAddress }
	Describes keys that you can pass to QSslCertificate::issuerInfo() or QSslCertificate::subjectInfo() to get information about the certificate issuer or subject. More...

enum class	PatternSyntax { RegularExpression , Wildcard , FixedString }

Public Member Functions
	QSslCertificate (QIODevice *device, QSsl::EncodingFormat format=QSsl::Pem)
	Constructs a QSslCertificate by reading format encoded data from device and using the first certificate found.

	QSslCertificate (const QByteArray &data=QByteArray(), QSsl::EncodingFormat format=QSsl::Pem)
	Constructs a QSslCertificate by parsing the format encoded data and using the first available certificate found.

	QSslCertificate (const QSslCertificate &other)
	Constructs an identical copy of other.

	QSslCertificate (QSslCertificate &&other) noexcept=default

	~QSslCertificate ()
	Destroys the QSslCertificate.

QSslCertificate &	operator= (QSslCertificate &&other) noexcept

QSslCertificate &	operator= (const QSslCertificate &other)
	Copies the contents of other into this certificate, making the two certificates identical.

void	swap (QSslCertificate &other) noexcept

bool	operator== (const QSslCertificate &other) const
	Returns `true` if this certificate is the same as other; otherwise returns `false`.

bool	operator!= (const QSslCertificate &other) const
	Returns `true` if this certificate is not the same as other; otherwise returns `false`.

bool	isNull () const
	Returns `true` if this is a null certificate (i.e., a certificate with no contents); otherwise returns `false`.

bool	isBlacklisted () const
	Returns `true` if this certificate is blacklisted; otherwise returns `false`.

bool	isSelfSigned () const

void	clear ()
	Clears the contents of this certificate, making it a null certificate.

QByteArray	version () const
	Returns the certificate's version string.

QByteArray	serialNumber () const
	Returns the certificate's serial number string in hexadecimal format.

QByteArray	digest (QCryptographicHash::Algorithm algorithm=QCryptographicHash::Md5) const
	Returns a cryptographic digest of this certificate.

QStringList	issuerInfo (SubjectInfo info) const
	Returns the issuer information for the subject from the certificate, or an empty list if there is no information for subject in the certificate.

QStringList	issuerInfo (const QByteArray &attribute) const
	Returns the issuer information for attribute from the certificate, or an empty list if there is no information for attribute in the certificate.

QStringList	subjectInfo (SubjectInfo info) const
	Returns the information for the subject, or an empty list if there is no information for subject in the certificate.

QStringList	subjectInfo (const QByteArray &attribute) const
	Returns the subject information for attribute, or an empty list if there is no information for attribute in the certificate.

QString	issuerDisplayName () const

QString	subjectDisplayName () const

QList< QByteArray >	subjectInfoAttributes () const

QList< QByteArray >	issuerInfoAttributes () const

QMultiMap< QSsl::AlternativeNameEntryType, QString >	subjectAlternativeNames () const
	Returns the list of alternative subject names for this certificate.

QDateTime	effectiveDate () const
	Returns the date-time that the certificate becomes valid, or an empty QDateTime if this is a null certificate.

QDateTime	expiryDate () const
	Returns the date-time that the certificate expires, or an empty QDateTime if this is a null certificate.

QSslKey	publicKey () const
	Returns the certificate subject's public key.

QList< QSslCertificateExtension >	extensions () const
	Returns a list containing the X509 extensions of this certificate.

QByteArray	toPem () const
	Returns this certificate converted to a PEM (Base64) encoded representation.

QByteArray	toDer () const
	Returns this certificate converted to a DER (binary) encoded representation.

QString	toText () const
	Returns this certificate converted to a human-readable text representation.

Qt::HANDLE	handle () const
	Returns a pointer to the native certificate handle, if there is one, else \nullptr.

Static Public Member Functions
static QList< QSslCertificate >	fromPath (const QString &path, QSsl::EncodingFormat format=QSsl::Pem, PatternSyntax syntax=PatternSyntax::FixedString)

static QList< QSslCertificate >	fromDevice (QIODevice *device, QSsl::EncodingFormat format=QSsl::Pem)
	Searches for and parses all certificates in device that are encoded in the specified format and returns them in a list of certificates.

static QList< QSslCertificate >	fromData (const QByteArray &data, QSsl::EncodingFormat format=QSsl::Pem)
	Searches for and parses all certificates in data that are encoded in the specified format and returns them in a list of certificates.

static QList< QSslError >	verify (const QList< QSslCertificate > &certificateChain, const QString &hostName=QString())
	Verifies a certificate chain.

static bool	importPkcs12 (QIODevice device, QSslKey key, QSslCertificate cert, QList< QSslCertificate > caCertificates=nullptr, const QByteArray &passPhrase=QByteArray())

Friends
class	QTlsBackend

Q_NETWORK_EXPORT size_t	qHash (const QSslCertificate &key, size_t seed=0)

Detailed Description

The QSslCertificate class provides a convenient API for an X509 certificate.

Since: 4.3

\reentrant

\inmodule QtNetwork

QSslCertificate stores an X509 certificate, and is commonly used to verify the identity and store information about the local host, a remotely connected peer, or a trusted third party Certificate Authority.

There are many ways to construct a QSslCertificate. The most common way is to call QSslSocket::peerCertificate(), which returns a QSslCertificate object, or QSslSocket::peerCertificateChain(), which returns a list of them. You can also load certificates from a DER (binary) or PEM (Base64) encoded bundle, typically stored as one or more local files, or in a Qt Resource.

You can call isNull() to check if your certificate is null. By default, QSslCertificate constructs a null certificate. A null certificate is invalid, but an invalid certificate is not necessarily null. If you want to reset all contents in a certificate, call clear().

After loading a certificate, you can find information about the certificate, its subject, and its issuer, by calling one of the many accessor functions, including version(), serialNumber(), issuerInfo() and subjectInfo(). You can call effectiveDate() and expiryDate() to check when the certificate starts being effective and when it expires. The publicKey() function returns the certificate subject's public key as a QSslKey. You can call issuerInfo() or subjectInfo() to get detailed information about the certificate issuer and its subject.

Internally, QSslCertificate is stored as an X509 structure. You can access this handle by calling handle(), but the results are likely to not be portable.

See also: QSslSocket, QSslKey, QSslCipher, QSslError

Definition at line 36 of file qsslcertificate.h.

Member Enumeration Documentation

◆ PatternSyntax

enum class QSslCertificate::PatternSyntax

strong

Since: 5.15

The syntax used to interpret the meaning of the pattern.

\value RegularExpression A rich Perl-like pattern matching syntax.

\value Wildcard This provides a simple pattern matching syntax similar to that used by shells (command interpreters) for "file globbing". See \l {QRegularExpression::fromWildcard()}.

\value FixedString The pattern is a fixed string. This is equivalent to using the RegularExpression pattern on a string in which all metacharacters are escaped using escape(). This is the default.

Enumerator
RegularExpression
Wildcard
FixedString

Definition at line 51 of file qsslcertificate.h.

◆ SubjectInfo

enum QSslCertificate::SubjectInfo

Describes keys that you can pass to QSslCertificate::issuerInfo() or QSslCertificate::subjectInfo() to get information about the certificate issuer or subject.

\value Organization "O" The name of the organization.

\value CommonName "CN" The common name; most often this is used to store the host name.

\value LocalityName "L" The locality.

\value OrganizationalUnitName "OU" The organizational unit name.

\value CountryName "C" The country.

\value StateOrProvinceName "ST" The state or province.

\value DistinguishedNameQualifier The distinguished name qualifier

\value SerialNumber The certificate's serial number

\value EmailAddress The email address associated with the certificate

Enumerator
Organization
CommonName
LocalityName
OrganizationalUnitName
CountryName
StateOrProvinceName
DistinguishedNameQualifier
SerialNumber
EmailAddress

Definition at line 39 of file qsslcertificate.h.

Constructor & Destructor Documentation

◆ QSslCertificate() [1/4]

QSslCertificate::QSslCertificate	(	QIODevice *	device,
		QSsl::EncodingFormat	format = QSsl::Pem )

explicit

Constructs a QSslCertificate by reading format encoded data from device and using the first certificate found.

You can later call isNull() to see if device contained a certificate, and if this certificate was loaded successfully.

Definition at line 145 of file qsslcertificate.cpp.

◆ QSslCertificate() [2/4]

QSslCertificate::QSslCertificate	(	const QByteArray &	data = QByteArray(),
		QSsl::EncodingFormat	format = QSsl::Pem )

explicit

Constructs a QSslCertificate by parsing the format encoded data and using the first available certificate found.

You can later call isNull() to see if data contained a certificate, and if this certificate was loaded successfully.

Definition at line 175 of file qsslcertificate.cpp.

◆ QSslCertificate() [3/4]

QSslCertificate::QSslCertificate ( const QSslCertificate & other )

Constructs an identical copy of other.

Definition at line 199 of file qsslcertificate.cpp.

◆ QSslCertificate() [4/4]

QSslCertificate::QSslCertificate ( QSslCertificate && other )

defaultnoexcept

Since: 6.8

Move-constructs a new QSslCertificate from other.

Note: The moved-from object other is placed in a partially-formed state, in which the only valid operations are destructions and assignment of a new value.

◆ ~QSslCertificate()

QSslCertificate::~QSslCertificate ( )

Destroys the QSslCertificate.

Definition at line 218 of file qsslcertificate.cpp.

Member Function Documentation

◆ clear()

void QSslCertificate::clear ( )

Clears the contents of this certificate, making it a null certificate.

See also: isNull()

Definition at line 319 of file qsslcertificate.cpp.

◆ digest()

QByteArray QSslCertificate::digest ( QCryptographicHash::Algorithm algorithm = QCryptographicHash::Md5 ) const

Returns a cryptographic digest of this certificate.

By default, an MD5 digest will be generated, but you can also specify a custom algorithm.

Definition at line 356 of file qsslcertificate.cpp.

◆ effectiveDate()

QDateTime QSslCertificate::effectiveDate ( ) const

Returns the date-time that the certificate becomes valid, or an empty QDateTime if this is a null certificate.

See also: expiryDate()

Definition at line 501 of file qsslcertificate.cpp.

◆ expiryDate()

QDateTime QSslCertificate::expiryDate ( ) const

Returns the date-time that the certificate expires, or an empty QDateTime if this is a null certificate.

See also: effectiveDate()

Definition at line 517 of file qsslcertificate.cpp.

◆ extensions()

QList< QSslCertificateExtension > QSslCertificate::extensions ( ) const

Returns a list containing the X509 extensions of this certificate.

Since: 5.0

Definition at line 567 of file qsslcertificate.cpp.

◆ fromData()

QList< QSslCertificate > QSslCertificate::fromData	(	const QByteArray &	data,
		QSsl::EncodingFormat	format = QSsl::Pem )

static

Searches for and parses all certificates in data that are encoded in the specified format and returns them in a list of certificates.

See also: fromDevice()

Definition at line 743 of file qsslcertificate.cpp.

◆ fromDevice()

QList< QSslCertificate > QSslCertificate::fromDevice	(	QIODevice *	device,
		QSsl::EncodingFormat	format = QSsl::Pem )

static

Searches for and parses all certificates in device that are encoded in the specified format and returns them in a list of certificates.

See also: fromData()

Definition at line 727 of file qsslcertificate.cpp.

◆ fromPath()

QList< QSslCertificate > QSslCertificate::fromPath	(	const QString &	path,
		QSsl::EncodingFormat	format = QSsl::Pem,
		PatternSyntax	syntax = PatternSyntax::FixedString )

static

Since: 5.15

Searches all files in the path for certificates encoded in the specified format and returns them in a list. path must be a file or a pattern matching one or more files, as specified by syntax.

Example:

const auto certs = QSslCertificate::fromPath("C:/ssl/certificate.*.pem",
                                             QSsl::Pem, QSslCertificate::Wildcard);
for (const QSslCertificate &cert : certs) {
    qDebug() << cert.issuerInfo(QSslCertificate::Organization);
}

See also: fromData()

Definition at line 629 of file qsslcertificate.cpp.

◆ handle()

Qt::HANDLE QSslCertificate::handle ( ) const

Returns a pointer to the native certificate handle, if there is one, else \nullptr.

You can use this handle, together with the native API, to access extended information about the certificate.

Warning: Use of this function has a high probability of being non-portable, and its return value may vary from platform to platform or change from minor release to minor release.

Definition at line 537 of file qsslcertificate.cpp.

◆ importPkcs12()

bool QSslCertificate::importPkcs12	(	QIODevice *	device,
		QSslKey *	key,
		QSslCertificate *	certificate,
		QList< QSslCertificate > *	caCertificates = nullptr,
		const QByteArray &	passPhrase = QByteArray() )

static

Since: 5.4

Imports a PKCS#12 (pfx) file from the specified device. A PKCS#12 file is a bundle that can contain a number of certificates and keys. This method reads a single key, its certificate and any associated caCertificates from the bundle. If a passPhrase is specified then this will be used to decrypt the bundle. Returns true if the PKCS#12 file was successfully loaded.

Note: The device must be open and ready to be read from.

Definition at line 802 of file qsslcertificate.cpp.

◆ isBlacklisted()

bool QSslCertificate::isBlacklisted ( ) const

Returns true if this certificate is blacklisted; otherwise returns false.

See also: isNull()

Definition at line 290 of file qsslcertificate.cpp.

◆ isNull()

bool QSslCertificate::isNull ( ) const

Returns true if this is a null certificate (i.e., a certificate with no contents); otherwise returns false.

By default, QSslCertificate constructs a null certificate.

See also: clear()

Definition at line 276 of file qsslcertificate.cpp.

◆ isSelfSigned()

bool QSslCertificate::isSelfSigned ( ) const

Since: 5.4

Returns true if this certificate is self signed; otherwise returns false.

A certificate is considered self-signed its issuer and subject are identical.

Definition at line 305 of file qsslcertificate.cpp.

◆ issuerDisplayName()

QString QSslCertificate::issuerDisplayName ( ) const

Since: 5.12

Returns a name that describes the issuer. It returns the QSslCertificate::CommonName if available, otherwise falls back to the first QSslCertificate::Organization or the first QSslCertificate::OrganizationalUnitName.

See also: issuerInfo()

Definition at line 932 of file qsslcertificate.cpp.

◆ issuerInfo() [1/2]

QStringList QSslCertificate::issuerInfo ( const QByteArray & attribute ) const

Returns the issuer information for attribute from the certificate, or an empty list if there is no information for attribute in the certificate.

There can be more than one entry for an attribute.

See also: subjectInfo()

Definition at line 388 of file qsslcertificate.cpp.

◆ issuerInfo() [2/2]

QStringList QSslCertificate::issuerInfo ( SubjectInfo subject ) const

Returns the issuer information for the subject from the certificate, or an empty list if there is no information for subject in the certificate.

There can be more than one entry of each type.

See also: subjectInfo()

Definition at line 371 of file qsslcertificate.cpp.

◆ issuerInfoAttributes()

QList< QByteArray > QSslCertificate::issuerInfoAttributes ( ) const

Since: 5.0 Returns a list of the attributes that have values in the issuer information of this certificate. The information associated with a given attribute can be accessed using the issuerInfo() method. Note that this list may include the OIDs for any elements that are not known by the SSL backend.

See also: subjectInfo()

Definition at line 462 of file qsslcertificate.cpp.

◆ operator!=()

bool QSslCertificate::operator!= ( const QSslCertificate & other ) const

inline

Returns true if this certificate is not the same as other; otherwise returns false.

Definition at line 70 of file qsslcertificate.h.

◆ operator=() [1/2]

QSslCertificate & QSslCertificate::operator= ( const QSslCertificate & other )

Copies the contents of other into this certificate, making the two certificates identical.

Definition at line 226 of file qsslcertificate.cpp.

◆ operator=() [2/2]

QSslCertificate & QSslCertificate::operator= ( QSslCertificate && other )

inlinenoexcept

Definition at line 63 of file qsslcertificate.h.

◆ operator==()

bool QSslCertificate::operator== ( const QSslCertificate & other ) const

Returns true if this certificate is the same as other; otherwise returns false.

Definition at line 245 of file qsslcertificate.cpp.

◆ publicKey()

QSslKey QSslCertificate::publicKey ( ) const

Returns the certificate subject's public key.

Definition at line 550 of file qsslcertificate.cpp.

◆ serialNumber()

QByteArray QSslCertificate::serialNumber ( ) const

Returns the certificate's serial number string in hexadecimal format.

Definition at line 343 of file qsslcertificate.cpp.

◆ subjectAlternativeNames()

QMultiMap< QSsl::AlternativeNameEntryType, QString > QSslCertificate::subjectAlternativeNames ( ) const

Returns the list of alternative subject names for this certificate.

The alternative names typically contain host names, optionally with wildcards, that are valid for this certificate.

These names are tested against the connected peer's host name, if either the subject information for \l CommonName doesn't define a valid host name, or the subject info name doesn't match the peer's host name.

See also: subjectInfo()

Definition at line 485 of file qsslcertificate.cpp.

◆ subjectDisplayName()

QString QSslCertificate::subjectDisplayName ( ) const

Since: 5.12

Returns a name that describes the subject. It returns the QSslCertificate::CommonName if available, otherwise falls back to the first QSslCertificate::Organization or the first QSslCertificate::OrganizationalUnitName.

See also: subjectInfo()

Definition at line 957 of file qsslcertificate.cpp.

◆ subjectInfo() [1/2]

QStringList QSslCertificate::subjectInfo ( const QByteArray & attribute ) const

Returns the subject information for attribute, or an empty list if there is no information for attribute in the certificate.

There can be more than one entry for an attribute.

See also: issuerInfo()

Definition at line 422 of file qsslcertificate.cpp.

◆ subjectInfo() [2/2]

QStringList QSslCertificate::subjectInfo ( SubjectInfo subject ) const

Returns the information for the subject, or an empty list if there is no information for subject in the certificate.

There can be more than one entry of each type.

See also: issuerInfo()

Definition at line 405 of file qsslcertificate.cpp.

◆ subjectInfoAttributes()

QList< QByteArray > QSslCertificate::subjectInfoAttributes ( ) const

Since: 5.0 Returns a list of the attributes that have values in the subject information of this certificate. The information associated with a given attribute can be accessed using the subjectInfo() method. Note that this list may include the OIDs for any elements that are not known by the SSL backend.

See also: subjectInfo()

Definition at line 442 of file qsslcertificate.cpp.

◆ swap()

void QSslCertificate::swap ( QSslCertificate & other )

inlinenoexcept

Since: 5.0 \memberswap{certificate instance}

Definition at line 66 of file qsslcertificate.h.

◆ toDer()

QByteArray QSslCertificate::toDer ( ) const

Returns this certificate converted to a DER (binary) encoded representation.

Definition at line 592 of file qsslcertificate.cpp.

◆ toPem()

QByteArray QSslCertificate::toPem ( ) const

Returns this certificate converted to a PEM (Base64) encoded representation.

Definition at line 578 of file qsslcertificate.cpp.

◆ toText()

QString QSslCertificate::toText ( ) const

Returns this certificate converted to a human-readable text representation.

Since: 5.0

Definition at line 608 of file qsslcertificate.cpp.

◆ verify()

QList< QSslError > QSslCertificate::verify	(	const QList< QSslCertificate > &	certificateChain,
		const QString &	hostName = QString() )

static

Verifies a certificate chain.

The chain to be verified is passed in the certificateChain parameter. The first certificate in the list should be the leaf certificate of the chain to be verified. If hostName is specified then the certificate is also checked to see if it is valid for the specified host name.

Note that the root (CA) certificate should not be included in the list to be verified, this will be looked up automatically using the CA list specified in the default QSslConfiguration, and, in addition, if possible, CA certificates loaded on demand on Unix and Windows.

Since: 5.0

Definition at line 775 of file qsslcertificate.cpp.

◆ version()

QByteArray QSslCertificate::version ( ) const

Returns the certificate's version string.

Definition at line 330 of file qsslcertificate.cpp.

Friends And Related Symbol Documentation

◆ qHash

Q_NETWORK_EXPORT size_t qHash	(	const QSslCertificate &	key,
		size_t	seed = 0 )

friend

◆ QTlsBackend

friend class QTlsBackend

friend

Definition at line 123 of file qsslcertificate.h.

The documentation for this class was generated from the following files:

qtbase/src/network/ssl/qsslcertificate.h (488362257d668760eb7bb60eb860570bd8b70d4d)
qtbase/src/network/ssl/qsslcertificate.cpp (5627e113793df3df24742d7af502a075c2c9e95d)

Public Types

Public Member Functions

Static Public Member Functions

Friends

Detailed Description

Member Enumeration Documentation

◆ PatternSyntax

◆ SubjectInfo

Constructor & Destructor Documentation

◆ QSslCertificate() [1/4]

◆ QSslCertificate() [2/4]

◆ QSslCertificate() [3/4]

◆ QSslCertificate() [4/4]

◆ ~QSslCertificate()

Member Function Documentation

◆ clear()

◆ digest()

◆ effectiveDate()

◆ expiryDate()

◆ extensions()

◆ fromData()

◆ fromDevice()

◆ fromPath()

◆ handle()

◆ importPkcs12()

◆ isBlacklisted()

◆ isNull()

◆ isSelfSigned()

◆ issuerDisplayName()

◆ issuerInfo() [1/2]

◆ issuerInfo() [2/2]

◆ issuerInfoAttributes()

◆ operator!=()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ operator==()

◆ publicKey()

◆ serialNumber()

◆ subjectAlternativeNames()

◆ subjectDisplayName()

◆ subjectInfo() [1/2]

◆ subjectInfo() [2/2]

◆ subjectInfoAttributes()

◆ swap()

◆ toDer()

◆ toPem()

◆ toText()

◆ verify()

◆ version()

Friends And Related Symbol Documentation

◆ qHash

◆ QTlsBackend