QOpcUaX509CertificateSigningRequest Class

QOpcUaX509CertificateSigningRequest create a certificate signing request. More...

Header: #include <QOpcUaX509CertificateSigningRequest>
qmake: QT += opcua
Since: Qt 5.14

This class was introduced in Qt 5.14.

Public Types

enum class Encoding { PEM, DER }
enum class MessageDigest { SHA256 }

Public Functions

QOpcUaX509CertificateSigningRequest()
~QOpcUaX509CertificateSigningRequest()
void addExtension(QOpcUaX509Extension *extension)
QByteArray createRequest(const QOpcUaKeyPair &privateKey)
QByteArray createSelfSignedCertificate(const QOpcUaKeyPair &privateKey, int validityInDays = 365)
QOpcUaX509CertificateSigningRequest::Encoding encoding() const
QOpcUaX509CertificateSigningRequest::MessageDigest messageDigest() const
void setEncoding(QOpcUaX509CertificateSigningRequest::Encoding encoding)
void setMessageDigest(QOpcUaX509CertificateSigningRequest::MessageDigest digest)
void setSubject(const QOpcUaX509DistinguishedName &subject)
const QOpcUaX509DistinguishedName &subject() const

Detailed Description

This class is currently available as a Technology Preview, and therefore the API and functionality provided by the class may be subject to change at any time without prior notice.

Before actually creating the singing request data, any extension needed for that specific request has to be added. Current supported extensions are SubjectAlternativeName, BasicConstrains, KeyUsage and ExtendedKeyUsage.

// Generate key
QOpcUaKeyPair key;
key.generateRsaKey(QOpcUaKeyPair::RsaKeyStrength::Bits1024);

QOpcUaX509CertificateSigningRequest csr;

QOpcUaX509DistinguishedName dn;
dn.setEntry(QOpcUaX509DistinguishedName::Type::CommonName, "QtOpcUaViewer");
dn.setEntry(QOpcUaX509DistinguishedName::Type::CountryName, "DE");
dn.setEntry(QOpcUaX509DistinguishedName::Type::LocalityName, "Berlin");
dn.setEntry(QOpcUaX509DistinguishedName::Type::StateOrProvinceName, "Berlin");
dn.setEntry(QOpcUaX509DistinguishedName::Type::OrganizationName, "The Qt Company");
csr.setSubject(dn);

QOpcUaX509ExtensionSubjectAlternativeName *san = new QOpcUaX509ExtensionSubjectAlternativeName;
san->addData(QOpcUaX509ExtensionSubjectAlternativeName::Type::DNS, "foo.com");
san->addData(QOpcUaX509ExtensionSubjectAlternativeName::Type::DNS, "foo.com");
san->addData(QOpcUaX509ExtensionSubjectAlternativeName::Type::URI, "urn:foo.com:The%20Qt%20Company:QtOpcUaViewer");
san->setCritical(true);
csr.addExtension(san);

QOpcUaX509ExtensionBasicConstraints *bc = new QOpcUaX509ExtensionBasicConstraints;
bc->setCa(false);
bc->setCritical(true);
csr.addExtension(bc);

QOpcUaX509ExtensionKeyUsage *ku = new QOpcUaX509ExtensionKeyUsage;
ku->setCritical(true);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DigitalSignature);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::NonRepudiation);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyEncipherment);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DataEncipherment);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CertificateSigning);
csr.addExtension(ku);

QOpcUaX509ExtensionExtendedKeyUsage *eku = new QOpcUaX509ExtensionExtendedKeyUsage;
eku->setCritical(true);
eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::EmailProtection);
csr.addExtension(eku);

QByteArray csrData = csr.createRequest(key);

See also QOpcUaX509ExtensionSubjectAlternativeName, QOpcUaX509ExtensionBasicConstraints, QOpcUaX509ExtensionKeyUsage, and QOpcUaX509ExtensionKeyUsage.

Member Type Documentation

enum class QOpcUaX509CertificateSigningRequest::Encoding

This enum type specifies the encoding of the generated certificate siging request.

ConstantValueDescription
QOpcUaX509CertificateSigningRequest::Encoding::PEM0Using PEM encoding
QOpcUaX509CertificateSigningRequest::Encoding::DER1Using DER encoding

enum class QOpcUaX509CertificateSigningRequest::MessageDigest

This enum type specifies the message digest to be used.

ConstantValueDescription
QOpcUaX509CertificateSigningRequest::MessageDigest::SHA2560Using the SHA256 message digest

Member Function Documentation

QOpcUaX509CertificateSigningRequest::QOpcUaX509CertificateSigningRequest()

Creates an empty certificate signing request.

QOpcUaX509CertificateSigningRequest::~QOpcUaX509CertificateSigningRequest()

Destroys the request and frees all extensions.

void QOpcUaX509CertificateSigningRequest::addExtension(QOpcUaX509Extension *extension)

Adds a certificate extension to the request.

The ownership of the extension object will be transferred to this class.

See also QOpcUaX509ExtensionSubjectAlternativeName, QOpcUaX509ExtensionBasicConstraints, QOpcUaX509ExtensionKeyUsage, and QOpcUaX509ExtensionKeyUsage.

QByteArray QOpcUaX509CertificateSigningRequest::createRequest(const QOpcUaKeyPair &privateKey)

Creates a certificate signing request to be the to a CA for signing. The private key in privateKey is used to sign the request. The request data is returned as a byte array in the encoding set by setEncoding().

QByteArray QOpcUaX509CertificateSigningRequest::createSelfSignedCertificate(const QOpcUaKeyPair &privateKey, int validityInDays = 365)

Creates a self-signed certificate from this request for immediate use. The private key in privateKey is used to sign the request. A validity in days can be specified in validityInDays. The request data is returned as a byte array in the encoding set by setEncoding().

QOpcUaX509CertificateSigningRequest::Encoding QOpcUaX509CertificateSigningRequest::encoding() const

Returns the used request encoding.

See also setEncoding().

QOpcUaX509CertificateSigningRequest::MessageDigest QOpcUaX509CertificateSigningRequest::messageDigest() const

Returns the used message digest.

See also setMessageDigest().

void QOpcUaX509CertificateSigningRequest::setEncoding(QOpcUaX509CertificateSigningRequest::Encoding encoding)

Sets the used request encoding to encoding. The default request encoding is PEM.

See also encoding().

void QOpcUaX509CertificateSigningRequest::setMessageDigest(QOpcUaX509CertificateSigningRequest::MessageDigest digest)

Sets the used message digest to digest. The default message digest is SHA256.

See also messageDigest().

void QOpcUaX509CertificateSigningRequest::setSubject(const QOpcUaX509DistinguishedName &subject)

Sets the subject for this request. Without a subject it is not possible to generate the request.

See also subject().

const QOpcUaX509DistinguishedName &QOpcUaX509CertificateSigningRequest::subject() const

Returns the subject of this request.

See also setSubject().

© 2023 The Qt Company Ltd. Documentation contributions included herein are the copyrights of their respective owners. The documentation provided herein is licensed under the terms of the GNU Free Documentation License version 1.3 as published by the Free Software Foundation. Qt and respective logos are trademarks of The Qt Company Ltd. in Finland and/or other countries worldwide. All other trademarks are property of their respective owners.