QGIS/python/core/auth/qgsauthconfig.sip

/** \ingroup core
 * \brief Configuration storage class for authentication method configurations
 */
class QgsAuthMethodConfig
{
%TypeHeaderCode
#include <qgsauthconfig.h>
%End
  public:

    /**
     * Construct a configuration for an authentication method
     * @param method Textual key of the authentication method
     * @param version Version of the configuration (for updating previously saved configs later on)
     */
    QgsAuthMethodConfig( const QString& method = QString(), int version = 0 );

    /** Operator used to compare configs' equality */
    bool operator==( const QgsAuthMethodConfig& other ) const;

    /** Operator used to compare configs' inequality */
    bool operator!=( const QgsAuthMethodConfig& other ) const;

    /**
     * Get 'authcfg' 7-character alphanumeric ID of the config
     * @note This is set by QgsAuthManager when the config is initially stored
     */
    const QString id() const;
    /** Set auth config ID */
    void setId( const QString& id );

    /** Get name of configuration */
    const QString name() const;
    /** Set name of configuration */
    void setName( const QString& name );

    /** A URI to auto-select a config when connecting to a resource */
    const QString uri() const;
    void setUri( const QString& uri );

    /** Textual key of the associated authentication method */
    QString method() const;
    void setMethod( const QString& method );

    /** Get version of the configuration */
    int version() const;
    /** Set version of the configuration */
    void setVersion( int version );

    /**
     * Whether the configuration is valid
     * @param validateid Additionally verify the auth config ID is not empty
     */
    bool isValid( bool validateid = false ) const;

    /**
     * The extended configuration, as stored and retrieved from the authentication database
     * @note This is an internal construct used by QgsAuthManager that should generally not be set by client code
     */
    const QString configString() const;
    /**
     * Load existing extended configuration
     * @param configstr Configuration string to load
     */
    void loadConfigString( const QString& configstr );

    /** Get extended configuration, mapped to key/value pairs of QStrings */
    QgsStringMap configMap() const;
    /**
     * Set extended configuration map
     * @param map Map to set
     */
    void setConfigMap( const QgsStringMap& map );

    /**
     * Set a single config value per key in the map
     * @note if key exists, it is replaced
     * @param key Config key
     * @param value Config value
     */
    void setConfig( const QString &key, const QString &value );
    /**
     * Set a multiple config values per key in the map
     * @note if key exists, it is replaced
     * @param key Config key
     * @param value Config value
     */
    void setConfigList( const QString &key, const QStringList &value );

    /**
     * Remove a config from map
     * @param key Config to remove
     * @return Number of keys removed (should always be 1 or 0)
     */
    int removeConfig( const QString &key );

    /**
     * Return a config's value
     * @param key Config key
     * @param defaultvalue Default value, if key not found
     */
    QString config( const QString &key, const QString& defaultvalue = QString() ) const;

    /**
     * Return a config's list of values
     * @param key
     */
    QStringList configList( const QString &key ) const;

    /**
     * Whether a config key exists in config map
     * @param key
     */
    bool hasConfig( const QString &key ) const;

    /** Clear all configs */
    void clearConfigMap();

    /**
     * A utility function for generating a resource from a URL to be compared
     * against the config's uri() for auto-selecting authentication configs to use
     * @note Essentially strips the URL query variables, and by default, strips the path as well
     * @param accessurl A URL to process
     * @param resource Ouput variable for result
     * @param withpath Whether to include the URI's path in output
     */
    static bool uriToResource( const QString &accessurl, QString *resource, bool withpath = false );
};

typedef QHash<QString, QgsAuthMethodConfig> QgsAuthMethodConfigsMap;


/** \ingroup core
 * \brief Storage set for PKI bundle: SSL certificate, key, optional CA cert chain
 * \note Useful for caching the bundle during application run sessions
 */
class QgsPkiBundle
{
%TypeHeaderCode
#include <qgsauthconfig.h>
%End
  public:
    /**
     * Construct a bundle from existing PKI components
     * @param clientCert Certificate to store in bundle
     * @param clientKey Private key to store in bundle
     * @param caChain Chain of Certificate Authorities for client certificate
     */
    QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
                  const QSslKey &clientKey = QSslKey(),
                  const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );

    /**
     * Construct a bundle of PKI components from PEM-formatted file paths
     * @param certPath Certificate file path
     * @param keyPath Private key path
     * @param keyPass Private key passphrase
     * @param caChain Chain of Certificate Authorities for client certificate
     */
    static const QgsPkiBundle fromPemPaths( const QString &certPath,
                                            const QString &keyPath,
                                            const QString &keyPass = QString::null,
                                            const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );

    /**
     * Construct a bundle of PKI components from a PKCS#12 file path
     * @param bundlepath Bundle file path
     * @param bundlepass Optional bundle passphrase
     */
    static const QgsPkiBundle fromPkcs12Paths( const QString &bundlepath,
        const QString &bundlepass = QString::null );

    /** Whether the bundle, either its certificate or private key, is null */
    bool isNull() const;

    /** Whether the bundle is valid */
    bool isValid() const;

    /** The sha hash of the client certificate */
    const QString certId() const;

    /** Client certificate object */
    const QSslCertificate clientCert() const;
    /** Set client certificate object */
    void setClientCert( const QSslCertificate &cert );

    /** Private key object */
    const QSslKey clientKey() const;
    /** Set private key object */
    void setClientKey( const QSslKey &certkey );

    /** Chain of Certificate Authorities for client certificate */
    const QList<QSslCertificate> caChain() const;
    /** Set chain of Certificate Authorities for client certificate */
    void setCaChain( const QList<QSslCertificate> &cachain );
};


/** \ingroup core
 * \brief Storage set for constructed SSL certificate, key, associated with an authentication config
 */
class QgsPkiConfigBundle
{
%TypeHeaderCode
#include <qgsauthconfig.h>
%End

  public:
    /**
     * Construct a bundle from existing PKI components and authentication method configuration
     * @param config Authentication method configuration
     * @param cert Certificate to store in bundle
     * @param certkey Private key to store in bundle
     */
    QgsPkiConfigBundle( const QgsAuthMethodConfig& config,
                        const QSslCertificate& cert,
                        const QSslKey& certkey );

    /** Whether the bundle is valid */
    bool isValid();

    /** Authentication method configuration */
    const QgsAuthMethodConfig config() const;
    /** Set authentication method configuration */
    void setConfig( const QgsAuthMethodConfig& config );

    /** Client certificate object */
    const QSslCertificate clientCert() const;
    /** Set client certificate object */
    void setClientCert( const QSslCertificate& cert );

    /** Private key object */
    const QSslKey clientCertKey() const;
    /** Set private key object */
    void setClientCertKey( const QSslKey& certkey );
};


%MappedType QList<QSslError::SslError>
{
%TypeHeaderCode
#include <QList>
%End

%ConvertFromTypeCode
  // Create the list.
  PyObject *l;

  if ((l = PyList_New(sipCpp->size())) == NULL)
    return NULL;

  // Set the list elements.
  QList<QSslError::SslError>::iterator it = sipCpp->begin();
  for (int i = 0; it != sipCpp->end(); ++it, ++i)
  {
    PyObject *tobj;

    if ((tobj = sipConvertFromEnum(*it, sipType_QSslError_SslError)) == NULL)
    {
      Py_DECREF(l);
      return NULL;
    }
    PyList_SET_ITEM(l, i, tobj);
  }

  return l;
%End

%ConvertToTypeCode
  // Check the type if that is all that is required.
  if (sipIsErr == NULL)
    return PyList_Check(sipPy);

  QList<QSslError::SslError> *qlist = new QList<QSslError::SslError>;

  for (int i = 0; i < PyList_GET_SIZE(sipPy); ++i)
  {
    *qlist << (QSslError::SslError)SIPLong_AsLong(PyList_GET_ITEM(sipPy, i));
  }

  *sipCppPtr = qlist;
  return sipGetState(sipTransferObj);
%End
};


/** \ingroup core
 * \brief Configuration container for SSL server connection exceptions or overrides
 */
class QgsAuthConfigSslServer
{
%TypeHeaderCode
#include <qgsauthconfig.h>
%End
  public:
    QgsAuthConfigSslServer();

    ~QgsAuthConfigSslServer();

    /** Server certificate object */
    const QSslCertificate sslCertificate() const;
    /** Set server certificate object */
    void setSslCertificate( const QSslCertificate& cert );

    /** Server host:port string */
    const QString sslHostPort() const;
    /** Set server host:port string */
    void setSslHostPort( const QString& hostport );

    /** SSL server protocol to use in connections */
    QSsl::SslProtocol sslProtocol() const;
    /** Set SSL server protocol to use in connections */
    void setSslProtocol( QSsl::SslProtocol protocol );

    /** SSL server errors to ignore in connections */
    const QList<QSslError> sslIgnoredErrors() const;
    /** SSL server errors (as enum list) to ignore in connections */
    const QList<QSslError::SslError> sslIgnoredErrorEnums() const;
    /** Set SSL server errors (as enum list) to ignore in connections */
    void setSslIgnoredErrorEnums( const QList<QSslError::SslError>& errors );

    /** SSL client's peer verify mode to use in connections */
    QSslSocket::PeerVerifyMode sslPeerVerifyMode() const;
    /** Set SSL client's peer verify mode to use in connections */
    void setSslPeerVerifyMode( QSslSocket::PeerVerifyMode mode );

    /** Number or SSL client's peer to verify in connections
     * @note When set to 0 = unlimited depth
     */
    int sslPeerVerifyDepth() const;
    /** Set number or SSL client's peer to verify in connections
     * @note When set to 0 = unlimited depth
     */
    void setSslPeerVerifyDepth( int depth );

    /** Version of the configuration (used for future upgrading) */
    int version() const;
    /** Set version of the configuration (used for future upgrading) */
    void setVersion( int version );

    /** Qt version when the configuration was made (SSL protocols may differ) */
    int qtVersion() const;
    /** Set Qt version when the configuration was made (SSL protocols may differ) */
    void setQtVersion( int version );

    /** Configuration as a concatenated string */
    const QString configString() const;
    /** Load concatenated string into configuration, e.g. from auth database */
    void loadConfigString( const QString& config = QString() );

    /** Whether configuration is null (missing components) */
    bool isNull() const;
};