The CertificateBuilder class is a tool for creating X.509 certificates. More...
#include <CertificateBuilder>
| enum | KeyPurpose { PurposeWebServer, PurposeWebClient, PurposeCodeSigning, PurposeEmailProtection, ..., PurposeAny } |
| enum | KeyUsageFlag { UsageEncipherOnly, UsageCrlSign, UsageKeyCertSign, UsageKeyAgreement, ..., UsageDecipherOnly } |
| flags | KeyUsageFlags |
| CertificateBuilder () | |
| ~CertificateBuilder () | |
| bool | addAuthorityKeyIdentifier ( const QSslCertificate & qcacert ) |
| bool | addKeyPurpose ( KeyPurpose purpose, bool critical = false ) |
| bool | addKeyPurpose ( const QByteArray & oid, bool critical = false ) |
| bool | addSubjectKeyIdentifier () |
| bool | copyRequestExtensions ( const CertificateRequest & crq ) |
| int | error () const |
| QString | errorString () const |
| bool | setActivationTime ( const QDateTime & date ) |
| bool | setBasicConstraints ( bool ca = false, int pathLength = -1 ) |
| bool | setExpirationTime ( const QDateTime & date ) |
| bool | setKeyUsage ( KeyUsageFlags usages ) |
| bool | setRequest ( const CertificateRequest & crq ) |
| bool | setSerial ( const QByteArray & serial ) |
| bool | setVersion ( int version = 3 ) |
| QSslCertificate | signedCertificate ( const QSslKey & qkey ) |
| QSslCertificate | signedCertificate ( const QSslCertificate & qcacert, const QSslKey & qcakey ) |
The CertificateBuilder class is a tool for creating X.509 certificates.
The KeyUsageFlags type is a typedef for QFlags<KeyUsageFlag>. It stores an OR combination of KeyUsageFlag values.
Adds the authority key identifier extension to the certificate. The key is extracted the specified certificate which must be the one later used to sign the certificate.
Adds the specified purpose to the list of those this certificate may be used for. This method may be called multiple times to add a series of different purposes.
Adds the specified purpose to the list of those this certificate may be used for. This method may be called multiple times to add a series of different purposes. This method differs from the one above by allowing arbitrary OIDs to be used, not just those for which there is built in support.
Adds the subject key identifier extension to the certificate. The key is extracted automatically from the certificate being created.
Copies the extensions from the request to the certificate being created. This should only be done after checking that the request is safe, since otherwise you could potentially copy extensions that grant the generated certificate facilities you did not intend.
Returns the last error that occurred when using this object. The values used are those of gnutls. If there has not been an error then it is guaranteed to be 0.
Returns a string describing the last error that occurred when using this object.
Set the time at which the certificate will become valid.
Add the basic constraints extension. This allows you to specify if the certificate being created is a CA (ie. may sign certificates), and the maximum length of the chain that is allowed if you grant it that permission. By default the pathLength is unlimited.
Set the time after which the certificate is no longer valid.
Sets the key usage flags for the certificate. If you call this method more than once then only the last value will be used by the created certificate.
Set the request that the certificate will be generated from.
Set the serial number of the certificate. This should be a random value containing a large amount of entropy.
Set the version of the X.509 certificate. In general the version will be 3.
Creates a self-signed certificate by signing the certificate with the specified key.
Creates a certificate signed by the specified CA certificate using the CA key.