qocspresponse.cpp source code [qtbase/src/network/ssl/qocspresponse.cpp]

1	// Copyright (C) 2011 Richard J. Moore <rich@kde.org>
2	// Copyright (C) 2019 The Qt Company Ltd.
3	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
4
5	#include "qocspresponse_p.h"
6	#include "qocspresponse.h"
7
8	#include "qhashfunctions.h"
9
10	QT_BEGIN_NAMESPACE
11
12	QT_IMPL_METATYPE_EXTERN(QOcspResponse)
13
14	/!*
15	\class QOcspResponse
16	\brief This class represents Online Certificate Status Protocol response.
17	\since 5.13
18
19	\ingroup network
20	\ingroup ssl
21	\inmodule QtNetwork
22
23	The QOcspResponse class represents the revocation status of a server's certificate,
24	received by the client-side socket during the TLS handshake. QSslSocket must be
25	configured with OCSP stapling enabled.
26
27	\sa QSslSocket, QSslSocket::ocspResponses(), certificateStatus(),
28	revocationReason(), responder(), subject(), QOcspCertificateStatus, QOcspRevocationReason,
29	QSslConfiguration::setOcspStaplingEnabled(), QSslConfiguration::ocspStaplingEnabled(),
30	QSslConfiguration::peerCertificate()
31	*/
32
33	/!*
34	\enum QOcspCertificateStatus
35	\brief Describes the Online Certificate Status
36	\relates QOcspResponse
37	\since 5.13
38
39	\ingroup network
40	\ingroup ssl
41	\inmodule QtNetwork
42
43	\value Good The certificate is not revoked, but this does not necessarily
44	mean that the certificate was ever issued or that the time at which
45	the response was produced is within the certificate's validity interval.
46	\value Revoked This state indicates that the certificate has been revoked
47	(either permanently or temporarily - on hold).
48	\value Unknown This state indicates that the responder doesn't know about
49	the certificate being requested.
50
51	\sa QOcspRevocationReason
52	*/
53
54	/!*
55	\enum QOcspRevocationReason
56	\brief Describes the reason for revocation
57	\relates QOcspResponse
58	\since 5.13
59
60	\ingroup network
61	\ingroup ssl
62	\inmodule QtNetwork
63
64
65	This enumeration describes revocation reasons, defined in \l{RFC 5280, section 5.3.1}
66
67	\value None
68	\value Unspecified
69	\value KeyCompromise
70	\value CACompromise
71	\value AffiliationChanged
72	\value Superseded
73	\value CessationOfOperation
74	\value CertificateHold
75	\value RemoveFromCRL
76	*/
77
78	/!*
79	\since 5.13
80
81	Creates a new response with status QOcspCertificateStatus::Unknown
82	and revocation reason QOcspRevocationReason::None.
83
84	\sa QOcspCertificateStatus
85	*/
86	QOcspResponse::QOcspResponse()
87	: d (new QOcspResponsePrivate)
88	{
89	}
90
91	/!*
92	\since 5.13
93
94	Copy-constructs a QOcspResponse instance.
95	*/
96	QOcspResponse::QOcspResponse(const QOcspResponse &) = default;
97
98	/!*
99	\since 5.13
100
101	Move-constructs a QOcspResponse instance.
102	*/
103	QOcspResponse::QOcspResponse(QOcspResponse &&) noexcept = default;
104
105	/!*
106	\since 5.13
107
108	Destroys the response.
109	*/
110	QOcspResponse::~QOcspResponse() = default;
111
112	/!*
113	\since 5.13
114
115	Copy-assigns \a other and returns a reference to this response.
116	*/
117	QOcspResponse &QOcspResponse::operator=(const QOcspResponse &) = default;
118
119	/!*
120	\since 5.13
121
122	Move-assigns \a other to this QOcspResponse instance.
123	*/
124	QOcspResponse &QOcspResponse::operator=(QOcspResponse &&) noexcept = default;
125
126	/!*
127	\fn void QOcspResponse::swap(QOcspResponse &other)
128	\since 5.13
129
130	Swaps this response with \a other.
131	*/
132
133	/!*
134	\since 5.13
135
136	Returns the certificate status.
137
138	\sa QOcspCertificateStatus
139	*/
140	QOcspCertificateStatus QOcspResponse::certificateStatus() const
141	{
142	return d ->certificateStatus;
143	}
144
145	/!*
146	\since 5.13
147
148	Returns the reason for revocation.
149	*/
150	QOcspRevocationReason QOcspResponse::revocationReason() const
151	{
152	return d ->revocationReason;
153	}
154
155	/!*
156	\since 5.13
157
158	This function returns a certificate used to sign OCSP response.
159	*/
160	QSslCertificate QOcspResponse::responder() const
161	{
162	return d ->signerCert;
163	}
164
165	/!*
166	\since 5.13
167
168	This function returns a certificate, for which this response was issued.
169	*/
170	QSslCertificate QOcspResponse::subject() const
171	{
172	return d ->subjectCert;
173	}
174
175	/!*
176	\fn bool QOcspResponse::operator==(const QOcspResponse &lhs, const QOcspResponse &rhs)
177
178	Returns \c true if \a lhs and \a rhs are the responses for the same
179	certificate, signed by the same responder, have the same
180	revocation reason and the same certificate status.
181
182	\since 5.13
183	*/
184
185	/!*
186	\fn bool QOcspResponse::operator!=(const QOcspResponse &lhs, const QOcspResponse &rhs)
187
188	Returns \c true if \a lhs and \a rhs are responses for different certificates,
189	or signed by different responders, or have different revocation reasons, or different
190	certificate statuses.
191
192	\since 5.13
193	*/
194
195	/!*
196	\internal
197	*/
198	bool QOcspResponse::isEqual(const QOcspResponse &other) const
199	{
200	return d == other.d \|\| d == other.d;
201	}
202
203	/!*
204	Returns the hash value for the \a response, using \a seed to seed the calculation.
205
206	\since 5.13
207	\relates QHash
208	*/
209	size_t qHash(const QOcspResponse &response, size_t seed) noexcept
210	{
211	const QOcspResponsePrivate *d = response.d.data();
212	Q_ASSERT(d);
213
214	QtPrivate::QHashCombine hasher;
215	size_t hash = hasher (seed, int(d->certificateStatus));
216	hash = hasher (hash, int(d->revocationReason));
217	if (!d->signerCert.isNull())
218	hash = hasher (hash, d->signerCert);
219	if (!d->subjectCert.isNull())
220	hash = hasher (hash, d->subjectCert);
221
222	return hash;
223	}
224
225	QT_END_NAMESPACE
226

source code of qtbase/src/network/ssl/qocspresponse.cpp