sharpetronics/QGIS
1
0
Fork 0
mirror of https://github.com/qgis/QGIS.git synced 2025-04-15 00:04:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

[auth system] Fix doc string warnings and comments in PR 2330

Browse Source
This commit is contained in:
Larry Shaffer 2015-09-22 07:05:06 -06:00
parent 16ac248c36
commit 1ff02debdc
34 changed files with 437 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
python/core/auth/qgsauthcertutils.sip
View File

@ -43,85 +43,85 @@ class QgsAuthCertUtils
static const QString getSslProtocolName( QSsl::SslProtocol protocol );
static QString getSslProtocolName( QSsl::SslProtocol protocol );
static const QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
static QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
// static const QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
// static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
static const QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
static QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
// static const QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
// static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
static const QList<QSslCertificate> certsFromFile( const QString &certspath );
static QList<QSslCertificate> certsFromFile( const QString &certspath );
static const QSslCertificate certFromFile( const QString &certpath );
static QSslCertificate certFromFile( const QString &certpath );
static const QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(),
QString *algtype = 0 );
static QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(),
QString *algtype = 0 );
static const QList<QSslCertificate> certsFromString( const QString &pemtext );
static QList<QSslCertificate> certsFromString( const QString &pemtext );
static const QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass = QString(),
bool reencrypt = true );
static QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass = QString(),
bool reencrypt = true );
static const QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(),
bool reencrypt = true );
static QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(),
bool reencrypt = true );
static const QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
static const QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
static QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
// static const QString getCertDistinguishedName( const QSslCertificate& qcert,
// static QString getCertDistinguishedName( const QSslCertificate& qcert,
// const QCA::Certificate& acert = QCA::Certificate(),
// bool issuer = false );
static const QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
static const QString getColonDelimited( const QString& txt );
static QString getColonDelimited( const QString& txt );
static const QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
static QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
// static const QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
// static QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
// static const QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
// static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
// static const QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
// static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
// static const QString qcaValidityMessage( QCA::Validity validity );
// static QString qcaValidityMessage( QCA::Validity validity );
// static const QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
// static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
// static const QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
// static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
static const QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert );
@ -141,7 +141,7 @@ class QgsAuthCertUtils
static bool certificateIsSslClient( const QSslCertificate& cert );
static const QString sslErrorEnumString( QSslError::SslError errenum );
static QString sslErrorEnumString( QSslError::SslError errenum );
// static const QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
// static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
};

56
src/core/auth/qgsauthcertutils.cpp
View File

@ -25,7 +25,7 @@
#include "qgslogger.h"
const QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
{
switch ( protocol )
{
@ -46,7 +46,7 @@ const QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
}
}
const QMap<QString, QSslCertificate> QgsAuthCertUtils::mapDigestToCerts( QList<QSslCertificate> certs )
QMap<QString, QSslCertificate> QgsAuthCertUtils::mapDigestToCerts( QList<QSslCertificate> certs )
{
QMap<QString, QSslCertificate> digestmap;
Q_FOREACH ( QSslCertificate cert, certs )
@ -56,7 +56,7 @@ const QMap<QString, QSslCertificate> QgsAuthCertUtils::mapDigestToCerts( QList<Q
return digestmap;
}
const QMap<QString, QList<QSslCertificate> > QgsAuthCertUtils::certsGroupedByOrg( QList<QSslCertificate> certs )
QMap<QString, QList<QSslCertificate> > QgsAuthCertUtils::certsGroupedByOrg( QList<QSslCertificate> certs )
{
QMap< QString, QList<QSslCertificate> > orgcerts;
Q_FOREACH ( QSslCertificate cert, certs )
@ -70,7 +70,7 @@ const QMap<QString, QList<QSslCertificate> > QgsAuthCertUtils::certsGroupedByOrg
return orgcerts;
}
const QMap<QString, QgsAuthConfigSslServer> QgsAuthCertUtils::mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs )
QMap<QString, QgsAuthConfigSslServer> QgsAuthCertUtils::mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs )
{
QMap<QString, QgsAuthConfigSslServer> digestmap;
Q_FOREACH ( QgsAuthConfigSslServer config, configs )
@ -80,7 +80,7 @@ const QMap<QString, QgsAuthConfigSslServer> QgsAuthCertUtils::mapDigestToSslConf
return digestmap;
}
const QMap<QString, QList<QgsAuthConfigSslServer> > QgsAuthCertUtils::sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs )
QMap<QString, QList<QgsAuthConfigSslServer> > QgsAuthCertUtils::sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs )
{
QMap< QString, QList<QgsAuthConfigSslServer> > orgconfigs;
Q_FOREACH ( QgsAuthConfigSslServer config, configs )
@ -113,7 +113,7 @@ static QByteArray fileData_( const QString& path, bool astext = false )
return data;
}
const QList<QSslCertificate> QgsAuthCertUtils::certsFromFile( const QString &certspath )
QList<QSslCertificate> QgsAuthCertUtils::certsFromFile( const QString &certspath )
{
QList<QSslCertificate> certs;
bool pem = certspath.endsWith( ".pem", Qt::CaseInsensitive );
@ -125,7 +125,7 @@ const QList<QSslCertificate> QgsAuthCertUtils::certsFromFile( const QString &cer
return certs;
}
const QSslCertificate QgsAuthCertUtils::certFromFile( const QString &certpath )
QSslCertificate QgsAuthCertUtils::certFromFile( const QString &certpath )
{
QSslCertificate cert;
QList<QSslCertificate> certs( QgsAuthCertUtils::certsFromFile( certpath ) );
@ -140,9 +140,9 @@ const QSslCertificate QgsAuthCertUtils::certFromFile( const QString &certpath )
return cert;
}
const QSslKey QgsAuthCertUtils::keyFromFile( const QString &keypath,
const QString &keypass,
QString *algtype )
QSslKey QgsAuthCertUtils::keyFromFile( const QString &keypath,
const QString &keypass,
QString *algtype )
{
bool pem = keypath.endsWith( ".pem", Qt::CaseInsensitive );
QByteArray keydata( fileData_( keypath, pem ) );
@ -177,7 +177,7 @@ const QSslKey QgsAuthCertUtils::keyFromFile( const QString &keypath,
return clientkey;
}
const QList<QSslCertificate> QgsAuthCertUtils::certsFromString( const QString &pemtext )
QList<QSslCertificate> QgsAuthCertUtils::certsFromString( const QString &pemtext )
{
QList<QSslCertificate> certs;
certs = QSslCertificate::fromData( pemtext.toAscii(), QSsl::Pem );
@ -188,7 +188,7 @@ const QList<QSslCertificate> QgsAuthCertUtils::certsFromString( const QString &p
return certs;
}
const QStringList QgsAuthCertUtils::certKeyBundleToPem( const QString &certpath,
QStringList QgsAuthCertUtils::certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass,
bool reencrypt )
@ -213,7 +213,7 @@ const QStringList QgsAuthCertUtils::certKeyBundleToPem( const QString &certpath,
return QStringList() << certpem << keypem << algtype;
}
const QStringList QgsAuthCertUtils::pkcs12BundleToPem( const QString &bundlepath,
QStringList QgsAuthCertUtils::pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass,
bool reencrypt )
{
@ -246,7 +246,7 @@ const QStringList QgsAuthCertUtils::pkcs12BundleToPem( const QString &bundlepath
return QStringList() << bundle.certificateChain().primary().toPEM() << bundle.privateKey().toPEM( passarray ) << algtype;
}
const QString QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single )
QString QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single )
{
switch ( source )
{
@ -263,7 +263,7 @@ const QString QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::CaCertSource
}
}
const QString QgsAuthCertUtils::resolvedCertName( const QSslCertificate &cert, bool issuer )
QString QgsAuthCertUtils::resolvedCertName( const QSslCertificate &cert, bool issuer )
{
QString name( issuer ? cert.issuerInfo( QSslCertificate::CommonName )
: cert.subjectInfo( QSslCertificate::CommonName ) );
@ -301,7 +301,7 @@ void QgsAuthCertUtils::appendDirSegment_( QStringList &dirname,
}
}
const QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate &qcert ,
QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate &qcert ,
const QCA::Certificate &acert ,
bool issuer )
{
@ -351,7 +351,7 @@ const QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate
return dirname.join( "," );
}
const QString QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust )
QString QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust )
{
switch ( trust )
{
@ -366,7 +366,7 @@ const QString QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::CertTrustPol
}
}
const QString QgsAuthCertUtils::getColonDelimited( const QString &txt )
QString QgsAuthCertUtils::getColonDelimited( const QString &txt )
{
// 64321c05b0ebab8e2b67ec0d7d9e2b6d4bc3c303
// -> 64:32:1c:05:b0:eb:ab:8e:2b:67:ec:0d:7d:9e:2b:6d:4b:c3:c3:03
@ -378,7 +378,7 @@ const QString QgsAuthCertUtils::getColonDelimited( const QString &txt )
return sl.join( ":" );
}
const QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate& cert, bool formatted )
QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate& cert, bool formatted )
{
QString sha( cert.digest( QCryptographicHash::Sha1 ).toHex() );
if ( formatted )
@ -388,7 +388,7 @@ const QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate& cert, bool
return sha;
}
const QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert )
QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert )
{
if ( QgsAuthManager::instance()->isDisabled() )
return QCA::Certificate();
@ -403,7 +403,7 @@ const QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate
return qcacert;
}
const QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const QList<QSslCertificate> &certs )
QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const QList<QSslCertificate> &certs )
{
QCA::CertificateCollection qcacoll;
if ( QgsAuthManager::instance()->isDisabled() )
@ -420,7 +420,7 @@ const QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const
return qcacoll;
}
const QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle( const QString &path, const QString &pass )
QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle( const QString &path, const QString &pass )
{
QCA::SecureArray passarray;
if ( !pass.isEmpty() )
@ -432,7 +432,7 @@ const QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle( const QString &path, const
return ( res == QCA::ConvertGood ? bundle : QCA::KeyBundle() );
}
const QString QgsAuthCertUtils::qcaValidityMessage( QCA::Validity validity )
QString QgsAuthCertUtils::qcaValidityMessage( QCA::Validity validity )
{
switch ( validity )
{
@ -465,7 +465,7 @@ const QString QgsAuthCertUtils::qcaValidityMessage( QCA::Validity validity )
}
}
const QString QgsAuthCertUtils::qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm )
QString QgsAuthCertUtils::qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm )
{
switch ( algorithm )
{
@ -496,7 +496,7 @@ const QString QgsAuthCertUtils::qcaSignatureAlgorithm( QCA::SignatureAlgorithm a
}
}
const QString QgsAuthCertUtils::qcaKnownConstraint( QCA::ConstraintTypeKnown constraint )
QString QgsAuthCertUtils::qcaKnownConstraint( QCA::ConstraintTypeKnown constraint )
{
switch ( constraint )
{
@ -541,7 +541,7 @@ const QString QgsAuthCertUtils::qcaKnownConstraint( QCA::ConstraintTypeKnown con
}
}
const QString QgsAuthCertUtils::certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype )
QString QgsAuthCertUtils::certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype )
{
switch ( usagetype )
{
@ -788,7 +788,7 @@ bool QgsAuthCertUtils::certificateIsSslClient( const QSslCertificate &cert )
return QgsAuthCertUtils::certificateUsageTypes( cert ).contains( QgsAuthCertUtils::TlsClientUsage );
}
const QString QgsAuthCertUtils::sslErrorEnumString( QSslError::SslError errenum )
QString QgsAuthCertUtils::sslErrorEnumString( QSslError::SslError errenum )
{
switch ( errenum )
{
@ -849,7 +849,7 @@ const QString QgsAuthCertUtils::sslErrorEnumString( QSslError::SslError errenum
}
}
const QList<QPair<QSslError::SslError, QString> > QgsAuthCertUtils::sslErrorEnumStrings()
QList<QPair<QSslError::SslError, QString> > QgsAuthCertUtils::sslErrorEnumStrings()
{
QList<QPair<QSslError::SslError, QString> > errenums;
errenums << qMakePair( QSslError::UnableToGetIssuerCertificate,

70
src/core/auth/qgsauthcertutils.h
View File

@ -30,6 +30,7 @@
class CORE_EXPORT QgsAuthCertUtils
{
public:
/** Type of CA certificate source */
enum CaCertSource
{
SystemRoot = 0,
@ -38,6 +39,7 @@ class CORE_EXPORT QgsAuthCertUtils
Connection = 3
};
/** Type of certificate trust policy */
enum CertTrustPolicy
{
DefaultTrust = 0,
@ -46,6 +48,7 @@ class CORE_EXPORT QgsAuthCertUtils
NoPolicy = 3
};
/** Type of certificate usage */
enum CertUsageType
{
UndeterminedUsage = 0,
@ -61,6 +64,7 @@ class CORE_EXPORT QgsAuthCertUtils
CRLSigningUsage
};
/** Type of certificate key group */
enum ConstraintGroup
{
KeyUsage = 0,
@ -69,37 +73,37 @@ class CORE_EXPORT QgsAuthCertUtils
/** SSL Protocol name strings per enum */
static const QString getSslProtocolName( QSsl::SslProtocol protocol );
static QString getSslProtocolName( QSsl::SslProtocol protocol );
/** Map certificate sha1 to certificate as simple cache */
static const QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
static QMap<QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
/** Map certificates to their oraganization */
static const QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
/** Map SSL custom configs' certificate sha1 to custom config as simple cache */
static const QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
/** Map SSL custom configs' certificates to their oraganization */
static const QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
/** Return list of concatenated certs from a PEM or DER formatted file */
static const QList<QSslCertificate> certsFromFile( const QString &certspath );
static QList<QSslCertificate> certsFromFile( const QString &certspath );
/** Return first cert from a PEM or DER formatted file */
static const QSslCertificate certFromFile( const QString &certpath );
static QSslCertificate certFromFile( const QString &certpath );
/** Return non-encrypted key from a PEM or DER formatted file
* @param keypath File path to private key
* @param keypass Passphrase for private key
* @param algtype QString to set with resolved algorithm type
*/
static const QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(),
QString *algtype = 0 );
static QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(),
QString *algtype = 0 );
/** Return list of concatenated certs from a PEM Base64 text block */
static const QList<QSslCertificate> certsFromString( const QString &pemtext );
static QList<QSslCertificate> certsFromString( const QString &pemtext );
/** Return list of certificate, private key and algorithm (as PEM text) from file path components
* @param certpath File path to certificate
@ -108,10 +112,10 @@ class CORE_EXPORT QgsAuthCertUtils
* @param reencrypt Whether to re-encrypt the private key with the passphrase
* @return certificate, private key, key's algorithm type
*/
static const QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass = QString(),
bool reencrypt = true );
static QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath,
const QString &keypass = QString(),
bool reencrypt = true );
/** Return list of certificate, private key and algorithm (as PEM text) for a PKCS#12 bundle
* @param bundlepath File path to the PKCS bundle
@ -119,60 +123,60 @@ class CORE_EXPORT QgsAuthCertUtils
* @param reencrypt Whether to re-encrypt the private key with the passphrase
* @return certificate, private key, key's algorithm type
*/
static const QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(),
bool reencrypt = true );
static QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(),
bool reencrypt = true );
/** Get the general name for CA source enum type
* @param source The enum source type for the CA
* @param single Whether to return singular or plural description
*/
static const QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
/** Get the general name via RFC 5280 resolution */
static const QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
static QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
/** Get combined distinguished name for certificate
* @param qcert Qt SSL cert object
* @param acert QCA SSL cert object to add more info to the output
* @param issuer Whether to return cert's subject or issuer combined name
*/
static const QString getCertDistinguishedName( const QSslCertificate& qcert,
static QString getCertDistinguishedName( const QSslCertificate& qcert,
const QCA::Certificate& acert = QCA::Certificate(),
bool issuer = false );
/** Get the general name for certificate trust */
static const QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
/** Get string with colon delimeters every 2 characters */
static const QString getColonDelimited( const QString& txt );
static QString getColonDelimited( const QString& txt );
/** Get the sha1 hash for certificate
* @param cert Qt SSL certificate to generate hash from
* @param formatted Whether to colon-delimit the hash
*/
static const QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
static QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
/** Convert a QSslCertificate to a QCA::Certificate */
static const QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
static QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
/** Convert a QList of QSslCertificate to a QCA::CertificateCollection */
static const QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
/** PKI key/cert bundle from file path, e.g. from .p12 or pfx files */
static const QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
/** Certificate validity check messages per enum */
static const QString qcaValidityMessage( QCA::Validity validity );
static QString qcaValidityMessage( QCA::Validity validity );
/** Certificate signature algorithm strings per enum */
static const QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
/** Certificate well-known constraint strings per enum */
static const QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
/** Certificate usage type strings per enum */
static const QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
/** Try to determine the certificates usage types */
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert );
@ -193,10 +197,10 @@ class CORE_EXPORT QgsAuthCertUtils
static bool certificateIsSslClient( const QSslCertificate& cert );
/** Get short strings describing an SSL error */
static const QString sslErrorEnumString( QSslError::SslError errenum );
static QString sslErrorEnumString( QSslError::SslError errenum );
/** Get short strings describing SSL errors */
static const QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
private:
static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value );

141
src/core/auth/qgsauthconfig.h
View File

@ -38,8 +38,8 @@ class CORE_EXPORT QgsAuthMethodConfig
public:
/**
* Constructor
* @param method The textual key of the authentication method
* Construct a configuration for an authentication method
* @param method Textual key of the authentication method
* @param version Version of the configuration (for updating previously saved configs later on)
*/
QgsAuthMethodConfig( QString method = QString(), int version = 0 );
@ -50,33 +50,35 @@ class CORE_EXPORT QgsAuthMethodConfig
~QgsAuthMethodConfig() {}
/**
* The 'authcfg' 7-character alphanumeric ID of the config
* Get 'authcfg' 7-character alphanumeric ID of the config
* @note This is set by QgsAuthManager when the config is initially stored
*/
const QString id() const { return mId; }
/** Set auth config ID */
void setId( const QString& id ) { mId = id; }
/** Get name of configuration */
const QString name() const { return mName; }
/** Set name of configuration */
void setName( const QString& name ) { mName = name; }
/**
* A URI to auto-select a config when connecting to a resource
*/
/** A URI to auto-select a config when connecting to a resource */
const QString uri() const { return mUri; }
void setUri( const QString& uri ) { mUri = uri; }
/**
* The textual key of the associated authentication method
*/
/** Textual key of the associated authentication method */
QString method() const { return mMethod; }
void setMethod( QString method ) { mMethod = method; }
/**
* Version of the configuration
*/
/** Get version of the configuration */
int version() const { return mVersion; }
/** Set version of the configuration */
void setVersion( int version ) { mVersion = version; }
/**
* Whether the configuration is valid
* @param validateid Additionally verify the auth config ID is not empty
*/
bool isValid( bool validateid = false ) const;
/**
@ -84,26 +86,62 @@ class CORE_EXPORT QgsAuthMethodConfig
* @note This is an internal construct used by QgsAuthManager that should generally not be set by client code
*/
const QString configString() const;
/**
* Load existing extended configuration
* @param configstr Configuration string to load
*/
void loadConfigString( const QString& configstr );
/**
* The extended configuration, mapped to key/value pairs of QStrings
*/
/** Get extended configuration, mapped to key/value pairs of QStrings */
QgsStringMap configMap() const { return mConfigMap; }
/**
* Set extended configuration map
* @param map Map to set
*/
void setConfigMap( QgsStringMap map ) { mConfigMap = map; }
/** @note if key exists, it is replaced */
/**
* Set a single config value per key in the map
* @note if key exists, it is replaced
* @param key Config key
* @param value Config value
*/
void setConfig( const QString &key, const QString &value );
/**
* Set a multiple config values per key in the map
* @note if key exists, it is replaced
* @param key Config key
* @param value Config value
*/
void setConfigList( const QString &key, const QStringList &value );
/**
* Remove a config from map
* @param key Config to remove
* @return Number of keys removed (should always be 1 or 0)
*/
int removeConfig( const QString &key );
/**
* Return a config's value
* @param key Confgi key
* @param defaultvalue Default value, if key not found
*/
QString config( const QString &key , const QString defaultvalue = QString() ) const;
/**
* Return a config's list of values
* @param key
*/
QStringList configList( const QString &key ) const;
/**
* Whether a config key exists in config map
* @param key
*/
bool hasConfig( const QString &key ) const;
/** Clear all configs */
void clearConfigMap() { mConfigMap.clear(); }
/**
@ -112,7 +150,7 @@ class CORE_EXPORT QgsAuthMethodConfig
* @note Essentially strips the URL query variables, and by default, strips the path as well
* @param accessurl A URL to process
* @param resource Ouput variable for result
* @param withpath Whether to include the
* @param withpath Whether to include the URI's path in output
*/
static bool uriToResource( const QString &accessurl, QString *resource, bool withpath = false );
@ -144,35 +182,66 @@ typedef QHash<QString, QgsAuthMethodConfig> QgsAuthMethodConfigsMap;
class CORE_EXPORT QgsPkiBundle
{
public:
/**
* Construct a bundle from existing PKI components
* @param clientCert Certificate to store in bundle
* @param clientKey Private key to store in bundle
* @param keyPassphrase Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle();
/**
* Construct a bundle of PKI components from PEM-formatted file paths
* @param certPath Certificate file path
* @param keyPath Private key path
* @param keyPass Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
static const QgsPkiBundle fromPemPaths( const QString &certPath,
const QString &keyPath,
const QString &keyPass = QString::null,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
/**
* Construct a bundle of PKI components from a PKCS#12 file path
* @param bundlepath Bundle file path
* @param bundlepass Optional bundle passphrase
*/
static const QgsPkiBundle fromPkcs12Paths( const QString &bundlepath,
const QString &bundlepass = QString::null );
/** Whether the bundle, either its certificate or private key, is null */
bool isNull() const;
/** Whether the bundle is valid */
bool isValid() const;
/** The sha hash of the client certificate */
const QString certId() const;
/** Client certificate object */
const QSslCertificate clientCert() const { return mCert; }
/** Set client certificate object */
void setClientCert( const QSslCertificate &cert );
/** Private key object */
const QSslKey clientKey( bool reencrypt = true ) const;
/** Set private key object */
void setClientKey( const QSslKey &certkey );
/** Private key passphrase */
const QString keyPassphrase() const { return mKeyPassphrase; }
/** Set private key passphrase */
void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; }
/** Chain of Certificate Authorities for client certificate */
const QList<QSslCertificate> caChain() const { return mCaChain; }
/** Set chain of Certificate Authorities for client certificate */
void setCaChain( const QList<QSslCertificate> &cachain ) { mCaChain = cachain; }
private:
@ -189,20 +258,33 @@ class CORE_EXPORT QgsPkiBundle
class CORE_EXPORT QgsPkiConfigBundle
{
public:
/**
* Construct a bundle from existing PKI components and authentication method configuration
* @param config Authentication method configuration
* @param cert Certificate to store in bundle
* @param certkey Private key to store in bundle
*/
QgsPkiConfigBundle( const QgsAuthMethodConfig& config,
const QSslCertificate& cert,
const QSslKey& certkey );
~QgsPkiConfigBundle();
/** Whether the bundle is valid */
bool isValid();
/** Authentication method configuration */
const QgsAuthMethodConfig config() const { return mConfig; }
/** Set authentication method configuration */
void setConfig( const QgsAuthMethodConfig& config ) { mConfig = config; }
/** Client certificate object */
const QSslCertificate clientCert() const { return mCert; }
/** Set client certificate object */
void setClientCert( const QSslCertificate& cert ) { mCert = cert; }
/** Private key object */
const QSslKey clientCertKey() const { return mCertKey; }
/** Set private key object */
void setClientCertKey( const QSslKey& certkey ) { mCertKey = certkey; }
private:
@ -218,38 +300,63 @@ class CORE_EXPORT QgsPkiConfigBundle
class CORE_EXPORT QgsAuthConfigSslServer
{
public:
/** Construct a default SSL server configuration */
QgsAuthConfigSslServer();
~QgsAuthConfigSslServer() {}
/** Server certificate object */
const QSslCertificate sslCertificate() const { return mSslCert; }
/** Set server certificate object */
void setSslCertificate( const QSslCertificate& cert ) { mSslCert = cert; }
/** Server host:port string */
const QString sslHostPort() const { return mSslHostPort; }
/** Set server host:port string */
void setSslHostPort( const QString& hostport ) { mSslHostPort = hostport; }
/** SSL server protocol to use in connections */
QSsl::SslProtocol sslProtocol() const { return mSslProtocol; }
/** Set SSL server protocol to use in connections */
void setSslProtocol( QSsl::SslProtocol protocol ) { mSslProtocol = protocol; }
/** SSL server errors to ignore in connections */
const QList<QSslError> sslIgnoredErrors() const;
/** SSL server errors (as enum list) to ignore in connections */
const QList<QSslError::SslError> sslIgnoredErrorEnums() const { return mSslIgnoredErrors; }
/** Set SSL server errors (as enum list) to ignore in connections */
void setSslIgnoredErrorEnums( const QList<QSslError::SslError>& errors ) { mSslIgnoredErrors = errors; }
/** SSL client's peer verify mode to use in connections */
QSslSocket::PeerVerifyMode sslPeerVerifyMode() const { return mSslPeerVerifyMode; }
/** Set SSL client's peer verify mode to use in connections */
void setSslPeerVerifyMode( QSslSocket::PeerVerifyMode mode ) { mSslPeerVerifyMode = mode; }
/** Number or SSL client's peer to verify in connections
* @note When set to 0 = unlimited depth
*/
int sslPeerVerifyDepth() const { return mSslPeerVerifyDepth; }
/** Set number or SSL client's peer to verify in connections
* @note When set to 0 = unlimited depth
*/
void setSslPeerVerifyDepth( int depth ) { mSslPeerVerifyDepth = depth; }
/** Version of the configuration (used for future upgrading) */
int version() const { return mVersion; }
/** Set version of the configuration (used for future upgrading) */
void setVersion( int version ) { mVersion = version; }
/** Qt version when the configuration was made (SSL protocols may differ) */
int qtVersion() const { return mQtVersion; }
/** Set Qt version when the configuration was made (SSL protocols may differ) */
void setQtVersion( int version ) { mQtVersion = version; }
/** Configuration as a concatenated string */
const QString configString() const;
/** Load concatenated string into configuration, e.g. from auth database */
void loadConfigString( const QString& config = QString() );
/** Whether configuration is null (missing components) */
bool isNull() const;
private:

2
src/core/auth/qgsauthmanager.h
View File

@ -58,6 +58,7 @@ class CORE_EXPORT QgsAuthManager : public QObject
public:
/** Message log level (mirrors that of QgsMessageLog, so it can also output there) */
enum MessageLevel
{
INFO = 0,
@ -380,6 +381,7 @@ class CORE_EXPORT QgsAuthManager : public QObject
/** Get ignored SSL error cache, keyed with cert/connection's sha:host:port */
QHash<QString, QSet<QSslError::SslError> > getIgnoredSslErrorCache() { return mIgnoredSslErrorsCache; }
/** Utility function to dump the cache for debug purposes */
void dumpIgnoredSslErrorsCache_();
/** Update ignored SSL error cache with possible ignored SSL errors, using server config */

9
src/core/auth/qgsauthmethod.h
View File

@ -79,7 +79,7 @@ class CORE_EXPORT QgsAuthMethod : public QObject
/** The data providers that the method supports, allowing for filtering out authcfgs that are not
* applicable to a given provider, or where the updating code is not currently implemented.
*/
*/
QStringList supportedDataProviders() const { return mDataProviders; }
/** Update a network request with authentication components
@ -144,7 +144,8 @@ class CORE_EXPORT QgsAuthMethod : public QObject
protected:
/**
*
* Construct a default authentication method
* @note Non-public since this is an abstract base class
*/
explicit QgsAuthMethod()
: mExpansions( QgsAuthMethod::Expansions( 0 ) )
@ -152,11 +153,15 @@ class CORE_EXPORT QgsAuthMethod : public QObject
, mVersion( 0 )
{}
/** Tag signifying that this is an authentcation method (e.g. for use as title in message log panel output) */
static QString authMethodTag() { return QObject::tr( "Authentication method" ); }
/** Set the version of the auth method (useful for future upgrading) */
void setVersion( int version ) { mVersion = version; }
/** Set the support expansions (points in providers where the authentication is injected) of the auth method */
void setExpansions( QgsAuthMethod::Expansions expansions ) { mExpansions = expansions; }
/** Set list of data providers this auth method supports */
void setDataProviders( QStringList dataproviders ) { mDataProviders = dataproviders; }
QgsAuthMethod::Expansions mExpansions;

6
src/core/auth/qgsauthmethodmetadata.h
View File

@ -34,6 +34,12 @@
class CORE_EXPORT QgsAuthMethodMetadata
{
public:
/**
* Construct an authentication method metadata container
* @param _key Textual key of the library plugin
* @param _description Description of the library plugin
* @param _library File name of library plugin
*/
QgsAuthMethodMetadata( const QString & _key, const QString & _description, const QString & _library );
/** This returns the unique key associated with the method

2
src/core/auth/qgsauthmethodregistry.cpp
View File

@ -160,6 +160,8 @@ QgsAuthMethodRegistry::~QgsAuthMethodRegistry()
if ( cleanupFunc )
cleanupFunc();
}
// clear cached QgsAuthMethodMetadata *
delete it->second;
++it;
}
}

1
src/core/auth/qgsauthmethodregistry.h
View File

@ -95,6 +95,7 @@ class CORE_EXPORT QgsAuthMethodRegistry
const QString & functionName );
#endif
/** Return the library object associated with an auth method key */
QLibrary *authMethodLibrary( const QString & authMethodKey ) const;
/** Return list of available auth methods by their keys */

2
src/core/qgsdataprovider.h
View File

@ -100,7 +100,7 @@ class CORE_EXPORT QgsDataProvider : public QObject
*/
virtual QString dataSourceUri( bool expandAuthConfig = false ) const
{
if ( expandAuthConfig )
if ( expandAuthConfig && mDataSourceURI.contains( "authcfg" ) )
{
QgsDataSourceURI uri( mDataSourceURI );
return uri.uri( expandAuthConfig );

3
src/core/qgsdatasourceuri.h
View File

@ -110,7 +110,7 @@ class CORE_EXPORT QgsDataSourceURI
const QString& aSql = QString(),
const QString& aKeyColumn = QString() );
//! set authentication configuration ID
//! Set authentication configuration ID
void setAuthConfigId( const QString& authcfg );
//! set username
@ -122,6 +122,7 @@ class CORE_EXPORT QgsDataSourceURI
//! Removes password element from uris
static QString removePassword( const QString& aUri );
//! Any associated authentication configuration ID
QString authConfigId() const;
QString username() const;
QString schema() const;

2
src/gui/auth/qgsauthauthoritieseditor.cpp
View File

@ -705,13 +705,13 @@ void QgsAuthAuthoritiesEditor::on_btnCaFile_clicked()
QgsAuthManager::instance()->rebuildCertTrustCache();
updateCertTrustPolicyCache();
}
dlg->deleteLater();
QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
populateFileCaCerts();
mFileCaSecItem->setExpanded( true );
}
dlg->deleteLater();
}
void QgsAuthAuthoritiesEditor::on_btnCaFileClear_clicked()

4
src/gui/auth/qgsauthauthoritieseditor.h
View File

@ -37,6 +37,7 @@ class GUI_EXPORT QgsAuthAuthoritiesEditor : public QWidget, private Ui::QgsAuthA
public:
/**
* Widget for viewing and editing certificate authorities directly in database
* @param parent Parent widget
*/
explicit QgsAuthAuthoritiesEditor( QWidget *parent = 0 );
~QgsAuthAuthoritiesEditor();
@ -78,7 +79,8 @@ class GUI_EXPORT QgsAuthAuthoritiesEditor : public QWidget, private Ui::QgsAuthA
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected:
void showEvent( QShowEvent *e );
/** Overridden show event of base widget */
void showEvent( QShowEvent *e ) override;
private:
enum CaType

11
src/gui/auth/qgsauthcertificateinfo.h
View File

@ -138,14 +138,25 @@ class GUI_EXPORT QgsAuthCertInfoDialog : public QDialog
Q_OBJECT
public:
/**
* Construct a dialog displaying detailed info on a certificate and its hierarchical trust chain
* @param cert Certificate object
* @param manageCertTrust Whether to show widgets to manage the trust policy of certs in hierarchy
* @param parent Parent widget
* @param connectionCAs List of hierarchical certificates in a connection
*/
explicit QgsAuthCertInfoDialog( const QSslCertificate& cert,
bool manageCertTrust,
QWidget *parent = 0,
QList<QSslCertificate> connectionCAs = QList<QSslCertificate>() );
~QgsAuthCertInfoDialog();
/** Get access to embedded info widget */
QgsAuthCertInfo *certInfoWidget() { return mCertInfoWdgt; }
/** Whether the trust cache has been rebuilt
* @note This happens when a trust policy has been adjusted for any cert in the hierarchy
*/
bool trustCacheRebuilt() { return mCertInfoWdgt->trustCacheRebuilt(); }
private:

11
src/gui/auth/qgsauthcerttrustpolicycombobox.h
View File

@ -28,18 +28,29 @@ class GUI_EXPORT QgsAuthCertTrustPolicyComboBox : public QComboBox
Q_OBJECT
public:
/**
* Construct a combo box for defining certificate trust policy
* @param parent Parent widget
* @param policy Defined trust policy
* @param defaultpolicy Default trust policy
*/
explicit QgsAuthCertTrustPolicyComboBox(
QWidget *parent = 0,
QgsAuthCertUtils::CertTrustPolicy policy = QgsAuthCertUtils::DefaultTrust,
QgsAuthCertUtils::CertTrustPolicy defaultpolicy = QgsAuthCertUtils::DefaultTrust );
~QgsAuthCertTrustPolicyComboBox();
/** Get currently set trust policy */
QgsAuthCertUtils::CertTrustPolicy trustPolicy();
/** Get trust policy for a given index of combobox */
QgsAuthCertUtils::CertTrustPolicy trustPolicyForIndex( int indx );
public slots:
/** Set current trust policy */
void setTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy );
/** Set default trust policy */
void setDefaultTrustPolicy( QgsAuthCertUtils::CertTrustPolicy defaultpolicy );
private slots:

1
src/gui/auth/qgsauthconfigedit.h
View File

@ -34,6 +34,7 @@ class GUI_EXPORT QgsAuthConfigEdit : public QDialog, private Ui::QgsAuthConfigEd
Q_OBJECT
public:
/** Type of configuration validity */
enum Validity
{
Valid,

2
src/gui/auth/qgsauthconfigeditor.cpp
View File

@ -195,6 +195,7 @@ void QgsAuthConfigEditor::on_btnAddConfig_clicked()
{
mConfigModel->select();
}
ace->deleteLater();
}
void QgsAuthConfigEditor::on_btnEditConfig_clicked()
@ -213,6 +214,7 @@ void QgsAuthConfigEditor::on_btnEditConfig_clicked()
{
mConfigModel->select();
}
ace->deleteLater();
}
void QgsAuthConfigEditor::on_btnRemoveConfig_clicked()

2
src/gui/auth/qgsauthconfigselect.cpp
View File

@ -161,6 +161,7 @@ void QgsAuthConfigSelect::on_btnConfigAdd_clicked()
{
setConfigId( ace->configId() );
}
ace->deleteLater();
}
void QgsAuthConfigSelect::on_btnConfigEdit_clicked()
@ -174,6 +175,7 @@ void QgsAuthConfigSelect::on_btnConfigEdit_clicked()
{
setConfigId( mAuthCfg );
}
ace->deleteLater();
}
void QgsAuthConfigSelect::on_btnConfigRemove_clicked()

5
src/gui/auth/qgsautheditorwidgets.h
View File

@ -30,6 +30,10 @@ class GUI_EXPORT QgsAuthEditorWidgets : public QWidget, private Ui::QgsAuthEdito
Q_OBJECT
public:
/**
* Construct a widget to contain various authentication editors
* @param parent Parent widget
*/
explicit QgsAuthEditorWidgets( QWidget *parent = 0 ) :
QWidget( parent )
{
@ -38,6 +42,7 @@ class GUI_EXPORT QgsAuthEditorWidgets : public QWidget, private Ui::QgsAuthEdito
~QgsAuthEditorWidgets() {}
/** Get access to embedded tabbed widget */
QTabWidget * tabbedWidget() { return tabWidget; }
};

12
src/gui/auth/qgsauthguiutils.cpp
View File

@ -27,32 +27,32 @@
#include "qgsmessagebar.h"
const QColor QgsAuthGuiUtils::greenColor()
QColor QgsAuthGuiUtils::greenColor()
{
return QColor( 0, 170, 0 );
}
const QColor QgsAuthGuiUtils::orangeColor()
QColor QgsAuthGuiUtils::orangeColor()
{
return QColor( 255, 128, 0 );
}
const QColor QgsAuthGuiUtils::redColor()
QColor QgsAuthGuiUtils::redColor()
{
return QColor( 200, 0, 0 );
}
const QString QgsAuthGuiUtils::greenTextStyleSheet( const QString &selector )
QString QgsAuthGuiUtils::greenTextStyleSheet( const QString &selector )
{
return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::greenColor().name() );
}
const QString QgsAuthGuiUtils::orangeTextStyleSheet( const QString &selector )
QString QgsAuthGuiUtils::orangeTextStyleSheet( const QString &selector )
{
return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::orangeColor().name() );
}
const QString QgsAuthGuiUtils::redTextStyleSheet( const QString &selector )
QString QgsAuthGuiUtils::redTextStyleSheet( const QString &selector )
{
return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::redColor().name() );
}

12
src/gui/auth/qgsauthguiutils.h
View File

@ -31,22 +31,22 @@ class GUI_EXPORT QgsAuthGuiUtils
public:
/** Green color representing valid, trusted, etc. certificate */
static const QColor greenColor();
static QColor greenColor();
/** Orange color representing loaded component, but not stored in database */
static const QColor orangeColor();
static QColor orangeColor();
/** Red color representing invalid, untrusted, etc. certificate */
static const QColor redColor();
static QColor redColor();
/** Green text stylesheet representing valid, trusted, etc. certificate */
static const QString greenTextStyleSheet( const QString& selector = "*" );
static QString greenTextStyleSheet( const QString& selector = "*" );
/** Orange text stylesheet representing loaded component, but not stored in database */
static const QString orangeTextStyleSheet( const QString& selector = "*" );
static QString orangeTextStyleSheet( const QString& selector = "*" );
/** Red text stylesheet representing invalid, untrusted, etc. certificate */
static const QString redTextStyleSheet( const QString& selector = "*" );
static QString redTextStyleSheet( const QString& selector = "*" );
/** Verify the authentication system is active, else notify user */

4
src/gui/auth/qgsauthidentitieseditor.h
View File

@ -35,6 +35,7 @@ class GUI_EXPORT QgsAuthIdentitiesEditor : public QWidget, private Ui::QgsAuthId
public:
/**
* Widget for editing authentication configurations directly in database
* @param parent Parent widget
*/
explicit QgsAuthIdentitiesEditor( QWidget *parent = 0 );
~QgsAuthIdentitiesEditor();
@ -66,7 +67,8 @@ class GUI_EXPORT QgsAuthIdentitiesEditor : public QWidget, private Ui::QgsAuthId
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected:
void showEvent( QShowEvent *e );
/** Overridden show event of base widget */
void showEvent( QShowEvent *e ) override;
private:
enum IdentityType

4
src/gui/auth/qgsauthimportcertdialog.cpp
View File

@ -133,7 +133,7 @@ void QgsAuthImportCertDialog::validateCertificates()
int certssize = certs.size();
Q_FOREACH ( QSslCertificate cert, certs )
Q_FOREACH ( const QSslCertificate &cert, certs )
{
if ( cert.isValid() )
++validcerts;
@ -157,7 +157,7 @@ void QgsAuthImportCertDialog::validateCertificates()
if ( nixcerts.size() > 0 )
{
Q_FOREACH ( QSslCertificate nixcert, nixcerts )
Q_FOREACH ( const QSslCertificate &nixcert, nixcerts )
{
certs.removeOne( nixcert );
}

13
src/gui/auth/qgsauthimportcertdialog.h
View File

@ -33,12 +33,14 @@ class GUI_EXPORT QgsAuthImportCertDialog : public QDialog, private Ui::QgsAuthIm
Q_OBJECT
public:
/** Type of filter to apply to dialog */
enum CertFilter
{
NoFilter = 1,
CaFilter = 2,
};
/** Type of inputs for certificates */
enum CertInput
{
AllInputs = 1,
@ -46,19 +48,30 @@ class GUI_EXPORT QgsAuthImportCertDialog : public QDialog, private Ui::QgsAuthIm
TextInput = 3,
};
/**
* Construct a dialog for importing certificates
* @param parent Parent widget
* @param filter Certificate type filter to apply to dialog
* @param input Type of input(s) for certificates
*/
explicit QgsAuthImportCertDialog( QWidget *parent = 0,
QgsAuthImportCertDialog::CertFilter filter = NoFilter,
QgsAuthImportCertDialog::CertInput input = AllInputs );
~QgsAuthImportCertDialog();
/** Get list of certificate objects to import */
const QList<QSslCertificate> certificatesToImport() { return mCerts; }
/** Get the file path to a certificate to import */
const QString certFileToImport();
/** Get certificate text to import */
const QString certTextToImport();
/** Whether to allow importation of invalid certificates (so trust policy can be overridden) */
bool allowInvalidCerts();
/** Defined trust policy for imported certificates */
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy();
private slots:

11
src/gui/auth/qgsauthimportidentitydialog.h
View File

@ -33,17 +33,20 @@ class GUI_EXPORT QgsAuthImportIdentityDialog : public QDialog, private Ui::QgsAu
Q_OBJECT
public:
/** Type of identity being imported */
enum IdentityType
{
CertIdentity = 0,
};
/** Type of bundles supported */
enum BundleTypes
{
PkiPaths = 0,
PkiPkcs12 = 1,
};
/** Type of certificate/bundle validity output */
enum Validity
{
Valid,
@ -51,14 +54,22 @@ class GUI_EXPORT QgsAuthImportIdentityDialog : public QDialog, private Ui::QgsAu
Unknown
};
/**
* Construct a dialog for importing identities
* @param identitytype Type of the identity to import
* @param parent Parent widget
*/
explicit QgsAuthImportIdentityDialog( QgsAuthImportIdentityDialog::IdentityType identitytype,
QWidget *parent = 0 );
~QgsAuthImportIdentityDialog();
/** Get identity type */
QgsAuthImportIdentityDialog::IdentityType identityType() { return mIdentityType; }
/** Get certificate/key bundle to be imported */
const QPair<QSslCertificate, QSslKey> certBundleToImport() { return mCertBundle; }
/** Get certificate/key bundle to be imported as a PKI bundle object */
const QgsPkiBundle pkiBundleToImport() { return mPkiBundle; }
private slots:

14
src/gui/auth/qgsauthmethodedit.h
View File

@ -30,21 +30,35 @@ class GUI_EXPORT QgsAuthMethodEdit : public QWidget
Q_OBJECT
public:
/** Validate the configuration of subclasses */
virtual bool validateConfig() = 0;
/** The configuration key-vale map of subclasses */
virtual QgsStringMap configMap() const = 0;
signals:
/** Emitted when the configuration validatity changes */
void validityChanged( bool valid );
public slots:
/**
* Load an existing config map into subclassed widget
* @param configmap
*/
virtual void loadConfig( const QgsStringMap &configmap ) = 0;
/** Clear GUI controls in subclassed widget, optionally reloading any previously loaded config map */
virtual void resetConfig() = 0;
/** Clear GUI controls in subclassed widget */
virtual void clearConfig() = 0;
protected:
/**
* Construct widget to edit an authentication method configuration
* @note Non-public since this is an abstract base class
* @param parent Parent widget
*/
explicit QgsAuthMethodEdit( QWidget *parent = 0 )
: QWidget( parent )
{}

4
src/gui/auth/qgsauthserverseditor.h
View File

@ -34,6 +34,7 @@ class GUI_EXPORT QgsAuthServersEditor : public QWidget, private Ui::QgsAuthServe
public:
/**
* Widget for editing authentication configurations directly in database
* @param parent Parent Widget
*/
explicit QgsAuthServersEditor( QWidget *parent = 0 );
~QgsAuthServersEditor();
@ -63,7 +64,8 @@ class GUI_EXPORT QgsAuthServersEditor : public QWidget, private Ui::QgsAuthServe
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected:
void showEvent( QShowEvent *e );
/** Overridden show event of base widget */
void showEvent( QShowEvent *e ) override;
private:
enum ConfigType

52
src/gui/auth/qgsauthsslconfigwidget.h
View File

@ -38,69 +38,111 @@ class GUI_EXPORT QgsAuthSslConfigWidget : public QWidget, private Ui::QgsAuthSsl
Q_OBJECT
public:
/**
* Construct a widget for editing an SSL server certificate configuration
* @param parent Parent widget
* @param cert SSL server certificate object
* @param hostport Unique host:port to associate with the server certificate
* @param connectionCAs List of trusted Certificate Authorities objects
*/
explicit QgsAuthSslConfigWidget( QWidget *parent = 0,
const QSslCertificate &cert = QSslCertificate(),
const QString &hostport = QString(),
const QList<QSslCertificate>& connectionCAs = QList<QSslCertificate>() );
~QgsAuthSslConfigWidget();
/** Access to the certificate's group box widget */
QGroupBox *certificateGroupBox() { return grpbxCert; }
/** Access to the SSL configuration's group box widget */
QGroupBox *sslConfigGroupBox() { return grpbxSslConfig; }
/** Get the SSL configuration */
const QgsAuthConfigSslServer sslCustomConfig();
/** Get the SSL server certificate */
const QSslCertificate sslCertificate() { return mCert; }
/** Get the host:port to associate with the server certificate */
const QString sslHost() { return leHost->text(); }
/** Get the SSL protocl used for connections */
QSsl::SslProtocol sslProtocol();
/** Get list of the SSL errors (as enums) to be ignored for connections */
const QList<QSslError::SslError> sslIgnoreErrorEnums();
/** Get the client's peer verify mode for connections */
QSslSocket::PeerVerifyMode sslPeerVerifyMode();
/** Get the client's peer verify depth for connections
* @note Value of 0 = unlimited
*/
int sslPeerVerifyDepth();
public slots:
/** Enable or disable the custom options widget */
void enableSslCustomOptions( bool enable );
// may also load existing config, if found
/** Set SSl certificate and any associated host:port */
void setSslCertificate( const QSslCertificate& cert, const QString &hostport = QString() );
/** Load an existing SSL server configuration */
void loadSslCustomConfig( const QgsAuthConfigSslServer& config = QgsAuthConfigSslServer() );
/** Save the current SSL server configuration to the authentication database */
void saveSslCertConfig();
/** Clear the current SSL server configuration and disabled it */
void resetSslCertConfig();
/** Set the SSL protocol to use in connections */
void setSslProtocol( QSsl::SslProtocol protocol );
/** Reset the SSL protocol to use in connections to the default */
void resetSslProtocol();
/** Add to SSL errors to ignore for the connection */
void appendSslIgnoreErrors( const QList<QSslError>& errors );
/** Set the SSL errors (as enums) to ignore for the connection */
void setSslIgnoreErrorEnums( const QList<QSslError::SslError>& errorenums );
/** Set the SSL errors to ignore for the connection */
void setSslIgnoreErrors( const QList<QSslError>& errors );
/** Clear the SSL errors to ignore for the connection */
void resetSslIgnoreErrors();
/** Set the client's peer verify mode for connections */
void setSslPeerVerify( QSslSocket::PeerVerifyMode mode, int modedepth );
/** Reset the client's peer verify mode for connections to default */
void resetSslPeerVerify();
/** Set the host of the server */
void setSslHost( const QString& host );
/** Set whether the config group box is checkable */
void setConfigCheckable( bool checkable );
/** Parse string for host:port */
void validateHostPortText( const QString &txt );
/** Verify if the configuration if ready to save */
bool readyToSave();
signals:
/** Emitted when the enabled state of the configuration changes */
void configEnabledChanged( bool enabled );
/** Emitted when an certificate of same SHA hash is found in authentication database */
void certFoundInAuthDatabase( bool found );
/** Emitted when the validity of the host:port changes */
void hostPortValidityChanged( bool valid );
/** Emitted when the configuration can be saved changes */
void readyToSaveChanged( bool cansave );
private slots:
@ -143,15 +185,23 @@ class GUI_EXPORT QgsAuthSslConfigDialog : public QDialog
Q_OBJECT
public:
/**
* Construct wrapper dialog for the SSL config widget
* @param parent Parent widget
* @param cert SSL server certificate object
* @param hostport Unique host:port to associate with the server certificate
*/
explicit QgsAuthSslConfigDialog( QWidget *parent = 0,
const QSslCertificate& cert = QSslCertificate(),
const QString &hostport = QString() );
~QgsAuthSslConfigDialog();
/** Access the embedded SSL server configuration widget */
QgsAuthSslConfigWidget *sslCustomConfigWidget() { return mSslConfigWdgt; }
public slots:
void accept();
/** Overridden base dialog accept slot */
void accept() override;
private slots:
void checkCanSave( bool cansave );

8
src/gui/auth/qgsauthsslerrorsdialog.h
View File

@ -32,6 +32,14 @@ class GUI_EXPORT QgsAuthSslErrorsDialog : public QDialog, private Ui::QgsAuthSsl
{
Q_OBJECT
public:
/**
* Construct a dialog to handle SSL errors and saving SSL server certificate exceptions
* @param reply Network reply that hand error(s)
* @param sslErrors SSL errors that occurred
* @param parent Parent widget
* @param digest SHA digest of server certificate
* @param hostport Unique host:port to associate with the server certificate
*/
QgsAuthSslErrorsDialog( QNetworkReply *reply,
const QList<QSslError>& sslErrors,
QWidget *parent = 0 ,

7
src/gui/auth/qgsauthsslimportdialog.h
View File

@ -80,11 +80,16 @@ class GUI_EXPORT QgsAuthSslImportDialog : public QDialog, private Ui::QgsAuthSsl
{
Q_OBJECT
public:
/**
* Construct dialog for importing certificates
* @param parent
*/
QgsAuthSslImportDialog( QWidget *parent = 0 );
~QgsAuthSslImportDialog();
public slots:
void accept();
/** Overridden slot of base dialog */
void accept() override;
private slots:
void updateEnabledState();

8
src/gui/auth/qgsauthtrustedcasdialog.h
View File

@ -34,6 +34,11 @@ class GUI_EXPORT QgsAuthTrustedCAsDialog : public QDialog, private Ui::QgsAuthTr
Q_OBJECT
public:
/**
* Construct a dialog that will list the trusted Certificate Authorities
* @param parent Parent widget
* @param trustedCAs List of trusted Certificate Authorities objects
*/
explicit QgsAuthTrustedCAsDialog( QWidget *parent = 0,
QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );
~QgsAuthTrustedCAsDialog();
@ -59,7 +64,8 @@ class GUI_EXPORT QgsAuthTrustedCAsDialog : public QDialog, private Ui::QgsAuthTr
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected:
void showEvent( QShowEvent *e );
/** Overridden widget show event */
void showEvent( QShowEvent *e ) override;
private:
enum CaType

15
src/gui/qgscredentialdialog.cpp
View File

@ -122,7 +122,7 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
QString titletxt( stored ? tr( "Enter CURRENT master authentication password" ) : tr( "Set NEW master authentication password" ) );
lblPasswordTitle->setText( titletxt );
frameMasterPassVerify->setVisible( !stored );
leMasterPassVerify->setVisible( !stored );
lblDontForget->setVisible( !stored );
QApplication::setOverrideCursor( Qt::ArrowCursor );
@ -180,7 +180,7 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
++passfailed;
leMasterPass->setStyleSheet( invalidStyle_() );
if ( frameMasterPassVerify->isVisible() )
if ( leMasterPassVerify->isVisible() )
{
leMasterPassVerify->setStyleSheet( invalidStyle_() );
}
@ -196,7 +196,6 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
leMasterPass->clear();
chkMasterPassShow->setChecked( false );
leMasterPassVerify->clear();
chkMasterPassVerifyShow->setChecked( false );
chkbxEraseAuthDb->setChecked( false );
lblSavedForSession->setVisible( true );
@ -211,10 +210,6 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
void QgsCredentialDialog::on_chkMasterPassShow_stateChanged( int state )
{
leMasterPass->setEchoMode(( state > 0 ) ? QLineEdit::Normal : QLineEdit::Password );
}
void QgsCredentialDialog::on_chkMasterPassVerifyShow_stateChanged( int state )
{
leMasterPassVerify->setEchoMode(( state > 0 ) ? QLineEdit::Normal : QLineEdit::Password );
}
@ -222,14 +217,14 @@ void QgsCredentialDialog::on_leMasterPass_textChanged( const QString &pass )
{
leMasterPass->setStyleSheet( "" );
bool passok = !pass.isEmpty(); // regardless of new or comparing existing, empty password disallowed
if ( frameMasterPassVerify->isVisible() )
if ( leMasterPassVerify->isVisible() )
{
leMasterPassVerify->setStyleSheet( "" );
passok = passok && ( leMasterPass->text() == leMasterPassVerify->text() );
}
mOkButton->setEnabled( passok );
if ( frameMasterPassVerify->isVisible() && !passok )
if ( leMasterPassVerify->isVisible() && !passok )
{
leMasterPass->setStyleSheet( invalidStyle_() );
leMasterPassVerify->setStyleSheet( invalidStyle_() );
@ -238,7 +233,7 @@ void QgsCredentialDialog::on_leMasterPass_textChanged( const QString &pass )
void QgsCredentialDialog::on_leMasterPassVerify_textChanged( const QString &pass )
{
if ( frameMasterPassVerify->isVisible() )
if ( leMasterPassVerify->isVisible() )
{
leMasterPass->setStyleSheet( "" );
leMasterPassVerify->setStyleSheet( "" );

1
src/gui/qgscredentialdialog.h
View File

@ -46,7 +46,6 @@ class GUI_EXPORT QgsCredentialDialog : public QDialog, public QgsCredentials, pr
void requestCredentialsMasterPassword( QString *password, bool stored, bool *ok );
void on_chkMasterPassShow_stateChanged( int state );
void on_chkMasterPassVerifyShow_stateChanged( int state );
void on_leMasterPass_textChanged( const QString& pass );
void on_leMasterPassVerify_textChanged( const QString& pass );
void on_chkbxEraseAuthDb_toggled( bool checked );

89
src/ui/qgscredentialdialog.ui
View File

@ -17,6 +17,16 @@
<property name="fieldGrowthPolicy">
<enum>QFormLayout::ExpandingFieldsGrow</enum>
</property>
<item row="3" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
<item row="1" column="0" colspan="2">
<widget class="QStackedWidget" name="stackedWidget">
<property name="currentIndex">
@ -111,18 +121,15 @@
</widget>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout">
<property name="spacing">
<number>6</number>
</property>
<item>
<layout class="QGridLayout" name="gridLayout">
<item row="0" column="0">
<widget class="QLineEdit" name="leMasterPass">
<property name="echoMode">
<enum>QLineEdit::Password</enum>
</property>
</widget>
</item>
<item>
<item row="0" column="1">
<widget class="QCheckBox" name="chkMasterPassShow">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed">
@ -135,58 +142,18 @@
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLineEdit" name="leMasterPassVerify">
<property name="echoMode">
<enum>QLineEdit::Password</enum>
</property>
<property name="placeholderText">
<string>Verify password</string>
</property>
</widget>
</item>
</layout>
</item>
<item>
<widget class="QFrame" name="frameMasterPassVerify">
<property name="frameShape">
<enum>QFrame::NoFrame</enum>
</property>
<property name="frameShadow">
<enum>QFrame::Raised</enum>
</property>
<layout class="QHBoxLayout" name="horizontalLayout_2">
<property name="spacing">
<number>6</number>
</property>
<property name="leftMargin">
<number>0</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<property name="rightMargin">
<number>0</number>
</property>
<property name="bottomMargin">
<number>0</number>
</property>
<item>
<widget class="QLineEdit" name="leMasterPassVerify">
<property name="echoMode">
<enum>QLineEdit::Password</enum>
</property>
<property name="placeholderText">
<string>Verify password</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="chkMasterPassVerifyShow">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Show</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QLabel" name="lblDontForget">
<property name="styleSheet">
@ -251,16 +218,6 @@ font-style: italic;
</widget>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
</layout>
</widget>
<resources/>