class QOpcUaX509CertificateSigningRequest

QOpcUaX509CertificateSigningRequest create a certificate signing request. More…

Synopsis

Methods

• def __init__()

• def addExtension()

• def createRequest()

• def createSelfSignedCertificate()

• def encoding()

• def messageDigest()

• def setEncoding()

• def setMessageDigest()

• def setSubject()

• def subject()

Note

This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE

Detailed Description

This class is currently available as a Technology Preview, and therefore the API and functionality provided by the class may be subject to change at any time without prior notice.

Before actually creating the singing request data, any extension needed for that specific request has to be added. Current supported extensions are SubjectAlternativeName, BasicConstrains, KeyUsage and ExtendedKeyUsage.

// Generate key
QOpcUaKeyPair key;
key.generateRsaKey(QOpcUaKeyPair::RsaKeyStrength::Bits1024);

QOpcUaX509CertificateSigningRequest csr;

QOpcUaX509DistinguishedName dn;
dn.setEntry(QOpcUaX509DistinguishedName::Type::CommonName, "QtOpcUaViewer");
dn.setEntry(QOpcUaX509DistinguishedName::Type::CountryName, "DE");
dn.setEntry(QOpcUaX509DistinguishedName::Type::LocalityName, "Berlin");
dn.setEntry(QOpcUaX509DistinguishedName::Type::StateOrProvinceName, "Berlin");
dn.setEntry(QOpcUaX509DistinguishedName::Type::OrganizationName, "The Qt Company");
csr.setSubject(dn);

QOpcUaX509ExtensionSubjectAlternativeName *san = new QOpcUaX509ExtensionSubjectAlternativeName;
san->addData(QOpcUaX509ExtensionSubjectAlternativeName::Type::DNS, "foo.com");
san->addData(QOpcUaX509ExtensionSubjectAlternativeName::Type::DNS, "foo.com");
san->addData(QOpcUaX509ExtensionSubjectAlternativeName::Type::URI, "urn:foo.com:The%20Qt%20Company:QtOpcUaViewer");
san->setCritical(true);
csr.addExtension(san);

QOpcUaX509ExtensionBasicConstraints *bc = new QOpcUaX509ExtensionBasicConstraints;
bc->setCa(false);
bc->setCritical(true);
csr.addExtension(bc);

QOpcUaX509ExtensionKeyUsage *ku = new QOpcUaX509ExtensionKeyUsage;
ku->setCritical(true);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DigitalSignature);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::NonRepudiation);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyEncipherment);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DataEncipherment);
ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CertificateSigning);
csr.addExtension(ku);

QOpcUaX509ExtensionExtendedKeyUsage *eku = new QOpcUaX509ExtensionExtendedKeyUsage;
eku->setCritical(true);
eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::EmailProtection);
csr.addExtension(eku);

QByteArray csrData = csr.createRequest(key);

See also

QOpcUaX509ExtensionSubjectAlternativeName QOpcUaX509ExtensionBasicConstraints QOpcUaX509ExtensionKeyUsage QOpcUaX509ExtensionKeyUsage

class MessageDigest

This enum type specifies the message digest to be used.

Constant	Description
QOpcUaX509CertificateSigningRequest.MessageDigest.SHA256	Using the SHA256 message digest

class Encoding

This enum type specifies the encoding of the generated certificate siging request.

Constant	Description
QOpcUaX509CertificateSigningRequest.Encoding.PEM	Using PEM encoding
QOpcUaX509CertificateSigningRequest.Encoding.DER	Using DER encoding

__init__()

Creates an empty certificate signing request.

addExtension(extension)

Parameters:

extension – QOpcUaX509Extension

Adds a certificate extension to the request.

The ownership of the extension object will be transferred to this class.

See also

QOpcUaX509ExtensionSubjectAlternativeName QOpcUaX509ExtensionBasicConstraints QOpcUaX509ExtensionKeyUsage QOpcUaX509ExtensionKeyUsage

createRequest(privateKey)

Parameters:

privateKey – QOpcUaKeyPair

Return type:

QByteArray

Creates a certificate signing request to be the to a CA for signing. The private key in privateKey is used to sign the request. The request data is returned as a byte array in the encoding set by setEncoding() .

createSelfSignedCertificate(privateKey[, validityInDays=365])

Parameters:

• privateKey – QOpcUaKeyPair

• validityInDays – int

Return type:

QByteArray

Creates a self-signed certificate from this request for immediate use. The private key in privateKey is used to sign the request. A validity in days can be specified in validityInDays. The request data is returned as a byte array in the encoding set by setEncoding() .

encoding()

Return type:

Encoding

Returns the used request encoding.

See also

setEncoding()

messageDigest()

Return type:

MessageDigest

Returns the used message digest.

See also

setMessageDigest()

setEncoding(encoding)

Parameters:

encoding – Encoding

Sets the used request encoding to encoding. The default request encoding is PEM.

See also

encoding()

setMessageDigest(digest)

Parameters:

digest – MessageDigest

Sets the used message digest to digest. The default message digest is SHA256.

See also

messageDigest()

setSubject(subject)

Parameters:

subject – QOpcUaX509DistinguishedName

Sets the subject for this request. Without a subject it is not possible to generate the request.

See also

subject()

subject()

Return type:

QOpcUaX509DistinguishedName

Returns the subject of this request.

See also

setSubject()