sharpetronics/QGIS
1
0
Fork 0
mirror of https://github.com/qgis/QGIS.git synced 2025-04-30 00:04:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

[auth system] Fix doc string warnings and comments in PR 2330

Browse Source
This commit is contained in:
Larry Shaffer 2015-09-22 07:05:06 -06:00
parent 16ac248c36
commit 1ff02debdc
34 changed files with 437 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
python/core/auth/qgsauthcertutils.sip
View File

@ -43,85 +43,85 @@ class QgsAuthCertUtils
static const QString getSslProtocolName( QSsl::SslProtocol protocol ); static QString getSslProtocolName( QSsl::SslProtocol protocol );
static const QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs ); static QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
// static const QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs ); // static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
static const QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs ); static QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
// static const QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs ); // static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
static const QList<QSslCertificate> certsFromFile( const QString &certspath ); static QList<QSslCertificate> certsFromFile( const QString &certspath );
static const QSslCertificate certFromFile( const QString &certpath ); static QSslCertificate certFromFile( const QString &certpath );
static const QSslKey keyFromFile( const QString &keypath, static QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(), const QString &keypass = QString(),
QString *algtype = 0 ); QString *algtype = 0 );
static const QList<QSslCertificate> certsFromString( const QString &pemtext ); static QList<QSslCertificate> certsFromString( const QString &pemtext );
static const QStringList certKeyBundleToPem( const QString &certpath, static QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath, const QString &keypath,
const QString &keypass = QString(), const QString &keypass = QString(),
bool reencrypt = true ); bool reencrypt = true );
static const QStringList pkcs12BundleToPem( const QString &bundlepath, static QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(), const QString &bundlepass = QString(),
bool reencrypt = true ); bool reencrypt = true );
static const QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false ); static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
static const QString resolvedCertName( const QSslCertificate& cert, bool issuer = false ); static QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
// static const QString getCertDistinguishedName( const QSslCertificate& qcert, // static QString getCertDistinguishedName( const QSslCertificate& qcert,
// const QCA::Certificate& acert = QCA::Certificate(), // const QCA::Certificate& acert = QCA::Certificate(),
// bool issuer = false ); // bool issuer = false );
static const QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust ); static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
static const QString getColonDelimited( const QString& txt ); static QString getColonDelimited( const QString& txt );
static const QString shaHexForCert( const QSslCertificate &cert , bool formatted = false ); static QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
// static const QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert ); // static QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
// static const QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs ); // static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
// static const QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ); // static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
// static const QString qcaValidityMessage( QCA::Validity validity ); // static QString qcaValidityMessage( QCA::Validity validity );
// static const QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ); // static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
// static const QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ); // static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
static const QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ); static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert ); static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert );
@ -141,7 +141,7 @@ class QgsAuthCertUtils
static bool certificateIsSslClient( const QSslCertificate& cert ); static bool certificateIsSslClient( const QSslCertificate& cert );
static const QString sslErrorEnumString( QSslError::SslError errenum ); static QString sslErrorEnumString( QSslError::SslError errenum );
// static const QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings(); // static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
}; };

52
src/core/auth/qgsauthcertutils.cpp
View File

@ -25,7 +25,7 @@
#include "qgslogger.h" #include "qgslogger.h"
const QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol ) QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
{ {
switch ( protocol ) switch ( protocol )
{ {
@ -46,7 +46,7 @@ const QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
} }
} }
const QMap<QString, QSslCertificate> QgsAuthCertUtils::mapDigestToCerts( QList<QSslCertificate> certs ) QMap<QString, QSslCertificate> QgsAuthCertUtils::mapDigestToCerts( QList<QSslCertificate> certs )
{ {
QMap<QString, QSslCertificate> digestmap; QMap<QString, QSslCertificate> digestmap;
Q_FOREACH ( QSslCertificate cert, certs ) Q_FOREACH ( QSslCertificate cert, certs )
@ -56,7 +56,7 @@ const QMap<QString, QSslCertificate> QgsAuthCertUtils::mapDigestToCerts( QList<Q
return digestmap; return digestmap;
} }
const QMap<QString, QList<QSslCertificate> > QgsAuthCertUtils::certsGroupedByOrg( QList<QSslCertificate> certs ) QMap<QString, QList<QSslCertificate> > QgsAuthCertUtils::certsGroupedByOrg( QList<QSslCertificate> certs )
{ {
QMap< QString, QList<QSslCertificate> > orgcerts; QMap< QString, QList<QSslCertificate> > orgcerts;
Q_FOREACH ( QSslCertificate cert, certs ) Q_FOREACH ( QSslCertificate cert, certs )
@ -70,7 +70,7 @@ const QMap<QString, QList<QSslCertificate> > QgsAuthCertUtils::certsGroupedByOrg
return orgcerts; return orgcerts;
} }
const QMap<QString, QgsAuthConfigSslServer> QgsAuthCertUtils::mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs ) QMap<QString, QgsAuthConfigSslServer> QgsAuthCertUtils::mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs )
{ {
QMap<QString, QgsAuthConfigSslServer> digestmap; QMap<QString, QgsAuthConfigSslServer> digestmap;
Q_FOREACH ( QgsAuthConfigSslServer config, configs ) Q_FOREACH ( QgsAuthConfigSslServer config, configs )
@ -80,7 +80,7 @@ const QMap<QString, QgsAuthConfigSslServer> QgsAuthCertUtils::mapDigestToSslConf
return digestmap; return digestmap;
} }
const QMap<QString, QList<QgsAuthConfigSslServer> > QgsAuthCertUtils::sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs ) QMap<QString, QList<QgsAuthConfigSslServer> > QgsAuthCertUtils::sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs )
{ {
QMap< QString, QList<QgsAuthConfigSslServer> > orgconfigs; QMap< QString, QList<QgsAuthConfigSslServer> > orgconfigs;
Q_FOREACH ( QgsAuthConfigSslServer config, configs ) Q_FOREACH ( QgsAuthConfigSslServer config, configs )
@ -113,7 +113,7 @@ static QByteArray fileData_( const QString& path, bool astext = false )
return data; return data;
} }
const QList<QSslCertificate> QgsAuthCertUtils::certsFromFile( const QString &certspath ) QList<QSslCertificate> QgsAuthCertUtils::certsFromFile( const QString &certspath )
{ {
QList<QSslCertificate> certs; QList<QSslCertificate> certs;
bool pem = certspath.endsWith( ".pem", Qt::CaseInsensitive ); bool pem = certspath.endsWith( ".pem", Qt::CaseInsensitive );
@ -125,7 +125,7 @@ const QList<QSslCertificate> QgsAuthCertUtils::certsFromFile( const QString &cer
return certs; return certs;
} }
const QSslCertificate QgsAuthCertUtils::certFromFile( const QString &certpath ) QSslCertificate QgsAuthCertUtils::certFromFile( const QString &certpath )
{ {
QSslCertificate cert; QSslCertificate cert;
QList<QSslCertificate> certs( QgsAuthCertUtils::certsFromFile( certpath ) ); QList<QSslCertificate> certs( QgsAuthCertUtils::certsFromFile( certpath ) );
@ -140,7 +140,7 @@ const QSslCertificate QgsAuthCertUtils::certFromFile( const QString &certpath )
return cert; return cert;
} }
const QSslKey QgsAuthCertUtils::keyFromFile( const QString &keypath, QSslKey QgsAuthCertUtils::keyFromFile( const QString &keypath,
const QString &keypass, const QString &keypass,
QString *algtype ) QString *algtype )
{ {
@ -177,7 +177,7 @@ const QSslKey QgsAuthCertUtils::keyFromFile( const QString &keypath,
return clientkey; return clientkey;
} }
const QList<QSslCertificate> QgsAuthCertUtils::certsFromString( const QString &pemtext ) QList<QSslCertificate> QgsAuthCertUtils::certsFromString( const QString &pemtext )
{ {
QList<QSslCertificate> certs; QList<QSslCertificate> certs;
certs = QSslCertificate::fromData( pemtext.toAscii(), QSsl::Pem ); certs = QSslCertificate::fromData( pemtext.toAscii(), QSsl::Pem );
@ -188,7 +188,7 @@ const QList<QSslCertificate> QgsAuthCertUtils::certsFromString( const QString &p
return certs; return certs;
} }
const QStringList QgsAuthCertUtils::certKeyBundleToPem( const QString &certpath, QStringList QgsAuthCertUtils::certKeyBundleToPem( const QString &certpath,
const QString &keypath, const QString &keypath,
const QString &keypass, const QString &keypass,
bool reencrypt ) bool reencrypt )
@ -213,7 +213,7 @@ const QStringList QgsAuthCertUtils::certKeyBundleToPem( const QString &certpath,
return QStringList() << certpem << keypem << algtype; return QStringList() << certpem << keypem << algtype;
} }
const QStringList QgsAuthCertUtils::pkcs12BundleToPem( const QString &bundlepath, QStringList QgsAuthCertUtils::pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass, const QString &bundlepass,
bool reencrypt ) bool reencrypt )
{ {
@ -246,7 +246,7 @@ const QStringList QgsAuthCertUtils::pkcs12BundleToPem( const QString &bundlepath
return QStringList() << bundle.certificateChain().primary().toPEM() << bundle.privateKey().toPEM( passarray ) << algtype; return QStringList() << bundle.certificateChain().primary().toPEM() << bundle.privateKey().toPEM( passarray ) << algtype;
} }
const QString QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single ) QString QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::CaCertSource source, bool single )
{ {
switch ( source ) switch ( source )
{ {
@ -263,7 +263,7 @@ const QString QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::CaCertSource
} }
} }
const QString QgsAuthCertUtils::resolvedCertName( const QSslCertificate &cert, bool issuer ) QString QgsAuthCertUtils::resolvedCertName( const QSslCertificate &cert, bool issuer )
{ {
QString name( issuer ? cert.issuerInfo( QSslCertificate::CommonName ) QString name( issuer ? cert.issuerInfo( QSslCertificate::CommonName )
: cert.subjectInfo( QSslCertificate::CommonName ) ); : cert.subjectInfo( QSslCertificate::CommonName ) );
@ -301,7 +301,7 @@ void QgsAuthCertUtils::appendDirSegment_( QStringList &dirname,
} }
} }
const QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate &qcert , QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate &qcert ,
const QCA::Certificate &acert , const QCA::Certificate &acert ,
bool issuer ) bool issuer )
{ {
@ -351,7 +351,7 @@ const QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate
return dirname.join( "," ); return dirname.join( "," );
} }
const QString QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust ) QString QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust )
{ {
switch ( trust ) switch ( trust )
{ {
@ -366,7 +366,7 @@ const QString QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::CertTrustPol
} }
} }
const QString QgsAuthCertUtils::getColonDelimited( const QString &txt ) QString QgsAuthCertUtils::getColonDelimited( const QString &txt )
{ {
// 64321c05b0ebab8e2b67ec0d7d9e2b6d4bc3c303 // 64321c05b0ebab8e2b67ec0d7d9e2b6d4bc3c303
// -> 64:32:1c:05:b0:eb:ab:8e:2b:67:ec:0d:7d:9e:2b:6d:4b:c3:c3:03 // -> 64:32:1c:05:b0:eb:ab:8e:2b:67:ec:0d:7d:9e:2b:6d:4b:c3:c3:03
@ -378,7 +378,7 @@ const QString QgsAuthCertUtils::getColonDelimited( const QString &txt )
return sl.join( ":" ); return sl.join( ":" );
} }
const QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate& cert, bool formatted ) QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate& cert, bool formatted )
{ {
QString sha( cert.digest( QCryptographicHash::Sha1 ).toHex() ); QString sha( cert.digest( QCryptographicHash::Sha1 ).toHex() );
if ( formatted ) if ( formatted )
@ -388,7 +388,7 @@ const QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate& cert, bool
return sha; return sha;
} }
const QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert ) QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert )
{ {
if ( QgsAuthManager::instance()->isDisabled() ) if ( QgsAuthManager::instance()->isDisabled() )
return QCA::Certificate(); return QCA::Certificate();
@ -403,7 +403,7 @@ const QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate
return qcacert; return qcacert;
} }
const QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const QList<QSslCertificate> &certs ) QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const QList<QSslCertificate> &certs )
{ {
QCA::CertificateCollection qcacoll; QCA::CertificateCollection qcacoll;
if ( QgsAuthManager::instance()->isDisabled() ) if ( QgsAuthManager::instance()->isDisabled() )
@ -420,7 +420,7 @@ const QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const
return qcacoll; return qcacoll;
} }
const QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle( const QString &path, const QString &pass ) QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle( const QString &path, const QString &pass )
{ {
QCA::SecureArray passarray; QCA::SecureArray passarray;
if ( !pass.isEmpty() ) if ( !pass.isEmpty() )
@ -432,7 +432,7 @@ const QCA::KeyBundle QgsAuthCertUtils::qcaKeyBundle( const QString &path, const
return ( res == QCA::ConvertGood ? bundle : QCA::KeyBundle() ); return ( res == QCA::ConvertGood ? bundle : QCA::KeyBundle() );
} }
const QString QgsAuthCertUtils::qcaValidityMessage( QCA::Validity validity ) QString QgsAuthCertUtils::qcaValidityMessage( QCA::Validity validity )
{ {
switch ( validity ) switch ( validity )
{ {
@ -465,7 +465,7 @@ const QString QgsAuthCertUtils::qcaValidityMessage( QCA::Validity validity )
} }
} }
const QString QgsAuthCertUtils::qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ) QString QgsAuthCertUtils::qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm )
{ {
switch ( algorithm ) switch ( algorithm )
{ {
@ -496,7 +496,7 @@ const QString QgsAuthCertUtils::qcaSignatureAlgorithm( QCA::SignatureAlgorithm a
} }
} }
const QString QgsAuthCertUtils::qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ) QString QgsAuthCertUtils::qcaKnownConstraint( QCA::ConstraintTypeKnown constraint )
{ {
switch ( constraint ) switch ( constraint )
{ {
@ -541,7 +541,7 @@ const QString QgsAuthCertUtils::qcaKnownConstraint( QCA::ConstraintTypeKnown con
} }
} }
const QString QgsAuthCertUtils::certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ) QString QgsAuthCertUtils::certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype )
{ {
switch ( usagetype ) switch ( usagetype )
{ {
@ -788,7 +788,7 @@ bool QgsAuthCertUtils::certificateIsSslClient( const QSslCertificate &cert )
return QgsAuthCertUtils::certificateUsageTypes( cert ).contains( QgsAuthCertUtils::TlsClientUsage ); return QgsAuthCertUtils::certificateUsageTypes( cert ).contains( QgsAuthCertUtils::TlsClientUsage );
} }
const QString QgsAuthCertUtils::sslErrorEnumString( QSslError::SslError errenum ) QString QgsAuthCertUtils::sslErrorEnumString( QSslError::SslError errenum )
{ {
switch ( errenum ) switch ( errenum )
{ {
@ -849,7 +849,7 @@ const QString QgsAuthCertUtils::sslErrorEnumString( QSslError::SslError errenum
} }
} }
const QList<QPair<QSslError::SslError, QString> > QgsAuthCertUtils::sslErrorEnumStrings() QList<QPair<QSslError::SslError, QString> > QgsAuthCertUtils::sslErrorEnumStrings()
{ {
QList<QPair<QSslError::SslError, QString> > errenums; QList<QPair<QSslError::SslError, QString> > errenums;
errenums << qMakePair( QSslError::UnableToGetIssuerCertificate, errenums << qMakePair( QSslError::UnableToGetIssuerCertificate,

56
src/core/auth/qgsauthcertutils.h
View File

@ -30,6 +30,7 @@
class CORE_EXPORT QgsAuthCertUtils class CORE_EXPORT QgsAuthCertUtils
{ {
public: public:
/** Type of CA certificate source */
enum CaCertSource enum CaCertSource
{ {
SystemRoot = 0, SystemRoot = 0,
@ -38,6 +39,7 @@ class CORE_EXPORT QgsAuthCertUtils
Connection = 3 Connection = 3
}; };
/** Type of certificate trust policy */
enum CertTrustPolicy enum CertTrustPolicy
{ {
DefaultTrust = 0, DefaultTrust = 0,
@ -46,6 +48,7 @@ class CORE_EXPORT QgsAuthCertUtils
NoPolicy = 3 NoPolicy = 3
}; };
/** Type of certificate usage */
enum CertUsageType enum CertUsageType
{ {
UndeterminedUsage = 0, UndeterminedUsage = 0,
@ -61,6 +64,7 @@ class CORE_EXPORT QgsAuthCertUtils
CRLSigningUsage CRLSigningUsage
}; };
/** Type of certificate key group */
enum ConstraintGroup enum ConstraintGroup
{ {
KeyUsage = 0, KeyUsage = 0,
@ -69,37 +73,37 @@ class CORE_EXPORT QgsAuthCertUtils
/** SSL Protocol name strings per enum */ /** SSL Protocol name strings per enum */
static const QString getSslProtocolName( QSsl::SslProtocol protocol ); static QString getSslProtocolName( QSsl::SslProtocol protocol );
/** Map certificate sha1 to certificate as simple cache */ /** Map certificate sha1 to certificate as simple cache */
static const QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs ); static QMap<QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
/** Map certificates to their oraganization */ /** Map certificates to their oraganization */
static const QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs ); static QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
/** Map SSL custom configs' certificate sha1 to custom config as simple cache */ /** Map SSL custom configs' certificate sha1 to custom config as simple cache */
static const QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs ); static QMap<QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
/** Map SSL custom configs' certificates to their oraganization */ /** Map SSL custom configs' certificates to their oraganization */
static const QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs ); static QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
/** Return list of concatenated certs from a PEM or DER formatted file */ /** Return list of concatenated certs from a PEM or DER formatted file */
static const QList<QSslCertificate> certsFromFile( const QString &certspath ); static QList<QSslCertificate> certsFromFile( const QString &certspath );
/** Return first cert from a PEM or DER formatted file */ /** Return first cert from a PEM or DER formatted file */
static const QSslCertificate certFromFile( const QString &certpath ); static QSslCertificate certFromFile( const QString &certpath );
/** Return non-encrypted key from a PEM or DER formatted file /** Return non-encrypted key from a PEM or DER formatted file
* @param keypath File path to private key * @param keypath File path to private key
* @param keypass Passphrase for private key * @param keypass Passphrase for private key
* @param algtype QString to set with resolved algorithm type * @param algtype QString to set with resolved algorithm type
*/ */
static const QSslKey keyFromFile( const QString &keypath, static QSslKey keyFromFile( const QString &keypath,
const QString &keypass = QString(), const QString &keypass = QString(),
QString *algtype = 0 ); QString *algtype = 0 );
/** Return list of concatenated certs from a PEM Base64 text block */ /** Return list of concatenated certs from a PEM Base64 text block */
static const QList<QSslCertificate> certsFromString( const QString &pemtext ); static QList<QSslCertificate> certsFromString( const QString &pemtext );
/** Return list of certificate, private key and algorithm (as PEM text) from file path components /** Return list of certificate, private key and algorithm (as PEM text) from file path components
* @param certpath File path to certificate * @param certpath File path to certificate
@ -108,7 +112,7 @@ class CORE_EXPORT QgsAuthCertUtils
* @param reencrypt Whether to re-encrypt the private key with the passphrase * @param reencrypt Whether to re-encrypt the private key with the passphrase
* @return certificate, private key, key's algorithm type * @return certificate, private key, key's algorithm type
*/ */
static const QStringList certKeyBundleToPem( const QString &certpath, static QStringList certKeyBundleToPem( const QString &certpath,
const QString &keypath, const QString &keypath,
const QString &keypass = QString(), const QString &keypass = QString(),
bool reencrypt = true ); bool reencrypt = true );
@ -119,7 +123,7 @@ class CORE_EXPORT QgsAuthCertUtils
* @param reencrypt Whether to re-encrypt the private key with the passphrase * @param reencrypt Whether to re-encrypt the private key with the passphrase
* @return certificate, private key, key's algorithm type * @return certificate, private key, key's algorithm type
*/ */
static const QStringList pkcs12BundleToPem( const QString &bundlepath, static QStringList pkcs12BundleToPem( const QString &bundlepath,
const QString &bundlepass = QString(), const QString &bundlepass = QString(),
bool reencrypt = true ); bool reencrypt = true );
@ -127,52 +131,52 @@ class CORE_EXPORT QgsAuthCertUtils
* @param source The enum source type for the CA * @param source The enum source type for the CA
* @param single Whether to return singular or plural description * @param single Whether to return singular or plural description
*/ */
static const QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false ); static QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
/** Get the general name via RFC 5280 resolution */ /** Get the general name via RFC 5280 resolution */
static const QString resolvedCertName( const QSslCertificate& cert, bool issuer = false ); static QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
/** Get combined distinguished name for certificate /** Get combined distinguished name for certificate
* @param qcert Qt SSL cert object * @param qcert Qt SSL cert object
* @param acert QCA SSL cert object to add more info to the output * @param acert QCA SSL cert object to add more info to the output
* @param issuer Whether to return cert's subject or issuer combined name * @param issuer Whether to return cert's subject or issuer combined name
*/ */
static const QString getCertDistinguishedName( const QSslCertificate& qcert, static QString getCertDistinguishedName( const QSslCertificate& qcert,
const QCA::Certificate& acert = QCA::Certificate(), const QCA::Certificate& acert = QCA::Certificate(),
bool issuer = false ); bool issuer = false );
/** Get the general name for certificate trust */ /** Get the general name for certificate trust */
static const QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust ); static QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
/** Get string with colon delimeters every 2 characters */ /** Get string with colon delimeters every 2 characters */
static const QString getColonDelimited( const QString& txt ); static QString getColonDelimited( const QString& txt );
/** Get the sha1 hash for certificate /** Get the sha1 hash for certificate
* @param cert Qt SSL certificate to generate hash from * @param cert Qt SSL certificate to generate hash from
* @param formatted Whether to colon-delimit the hash * @param formatted Whether to colon-delimit the hash
*/ */
static const QString shaHexForCert( const QSslCertificate &cert , bool formatted = false ); static QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
/** Convert a QSslCertificate to a QCA::Certificate */ /** Convert a QSslCertificate to a QCA::Certificate */
static const QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert ); static QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
/** Convert a QList of QSslCertificate to a QCA::CertificateCollection */ /** Convert a QList of QSslCertificate to a QCA::CertificateCollection */
static const QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs ); static QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
/** PKI key/cert bundle from file path, e.g. from .p12 or pfx files */ /** PKI key/cert bundle from file path, e.g. from .p12 or pfx files */
static const QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass ); static QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
/** Certificate validity check messages per enum */ /** Certificate validity check messages per enum */
static const QString qcaValidityMessage( QCA::Validity validity ); static QString qcaValidityMessage( QCA::Validity validity );
/** Certificate signature algorithm strings per enum */ /** Certificate signature algorithm strings per enum */
static const QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm ); static QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
/** Certificate well-known constraint strings per enum */ /** Certificate well-known constraint strings per enum */
static const QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint ); static QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
/** Certificate usage type strings per enum */ /** Certificate usage type strings per enum */
static const QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype ); static QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
/** Try to determine the certificates usage types */ /** Try to determine the certificates usage types */
static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert ); static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert );
@ -193,10 +197,10 @@ class CORE_EXPORT QgsAuthCertUtils
static bool certificateIsSslClient( const QSslCertificate& cert ); static bool certificateIsSslClient( const QSslCertificate& cert );
/** Get short strings describing an SSL error */ /** Get short strings describing an SSL error */
static const QString sslErrorEnumString( QSslError::SslError errenum ); static QString sslErrorEnumString( QSslError::SslError errenum );
/** Get short strings describing SSL errors */ /** Get short strings describing SSL errors */
static const QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings(); static QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
private: private:
static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value ); static void appendDirSegment_( QStringList &dirname, const QString &segment, QString value );

141
src/core/auth/qgsauthconfig.h
View File

@ -38,8 +38,8 @@ class CORE_EXPORT QgsAuthMethodConfig
public: public:
/** /**
* Constructor * Construct a configuration for an authentication method
* @param method The textual key of the authentication method * @param method Textual key of the authentication method
* @param version Version of the configuration (for updating previously saved configs later on) * @param version Version of the configuration (for updating previously saved configs later on)
*/ */
QgsAuthMethodConfig( QString method = QString(), int version = 0 ); QgsAuthMethodConfig( QString method = QString(), int version = 0 );
@ -50,33 +50,35 @@ class CORE_EXPORT QgsAuthMethodConfig
~QgsAuthMethodConfig() {} ~QgsAuthMethodConfig() {}
/** /**
* The 'authcfg' 7-character alphanumeric ID of the config * Get 'authcfg' 7-character alphanumeric ID of the config
* @note This is set by QgsAuthManager when the config is initially stored * @note This is set by QgsAuthManager when the config is initially stored
*/ */
const QString id() const { return mId; } const QString id() const { return mId; }
/** Set auth config ID */
void setId( const QString& id ) { mId = id; } void setId( const QString& id ) { mId = id; }
/** Get name of configuration */
const QString name() const { return mName; } const QString name() const { return mName; }
/** Set name of configuration */
void setName( const QString& name ) { mName = name; } void setName( const QString& name ) { mName = name; }
/** /** A URI to auto-select a config when connecting to a resource */
* A URI to auto-select a config when connecting to a resource
*/
const QString uri() const { return mUri; } const QString uri() const { return mUri; }
void setUri( const QString& uri ) { mUri = uri; } void setUri( const QString& uri ) { mUri = uri; }
/** /** Textual key of the associated authentication method */
* The textual key of the associated authentication method
*/
QString method() const { return mMethod; } QString method() const { return mMethod; }
void setMethod( QString method ) { mMethod = method; } void setMethod( QString method ) { mMethod = method; }
/** /** Get version of the configuration */
* Version of the configuration
*/
int version() const { return mVersion; } int version() const { return mVersion; }
/** Set version of the configuration */
void setVersion( int version ) { mVersion = version; } void setVersion( int version ) { mVersion = version; }
/**
* Whether the configuration is valid
* @param validateid Additionally verify the auth config ID is not empty
*/
bool isValid( bool validateid = false ) const; bool isValid( bool validateid = false ) const;
/** /**
@ -84,26 +86,62 @@ class CORE_EXPORT QgsAuthMethodConfig
* @note This is an internal construct used by QgsAuthManager that should generally not be set by client code * @note This is an internal construct used by QgsAuthManager that should generally not be set by client code
*/ */
const QString configString() const; const QString configString() const;
/**
* Load existing extended configuration
* @param configstr Configuration string to load
*/
void loadConfigString( const QString& configstr ); void loadConfigString( const QString& configstr );
/** /** Get extended configuration, mapped to key/value pairs of QStrings */
* The extended configuration, mapped to key/value pairs of QStrings
*/
QgsStringMap configMap() const { return mConfigMap; } QgsStringMap configMap() const { return mConfigMap; }
/**
* Set extended configuration map
* @param map Map to set
*/
void setConfigMap( QgsStringMap map ) { mConfigMap = map; } void setConfigMap( QgsStringMap map ) { mConfigMap = map; }
/** @note if key exists, it is replaced */ /**
* Set a single config value per key in the map
* @note if key exists, it is replaced
* @param key Config key
* @param value Config value
*/
void setConfig( const QString &key, const QString &value ); void setConfig( const QString &key, const QString &value );
/**
* Set a multiple config values per key in the map
* @note if key exists, it is replaced
* @param key Config key
* @param value Config value
*/
void setConfigList( const QString &key, const QStringList &value ); void setConfigList( const QString &key, const QStringList &value );
/**
* Remove a config from map
* @param key Config to remove
* @return Number of keys removed (should always be 1 or 0)
*/
int removeConfig( const QString &key ); int removeConfig( const QString &key );
/**
* Return a config's value
* @param key Confgi key
* @param defaultvalue Default value, if key not found
*/
QString config( const QString &key , const QString defaultvalue = QString() ) const; QString config( const QString &key , const QString defaultvalue = QString() ) const;
/**
* Return a config's list of values
* @param key
*/
QStringList configList( const QString &key ) const; QStringList configList( const QString &key ) const;
/**
* Whether a config key exists in config map
* @param key
*/
bool hasConfig( const QString &key ) const; bool hasConfig( const QString &key ) const;
/** Clear all configs */
void clearConfigMap() { mConfigMap.clear(); } void clearConfigMap() { mConfigMap.clear(); }
/** /**
@ -112,7 +150,7 @@ class CORE_EXPORT QgsAuthMethodConfig
* @note Essentially strips the URL query variables, and by default, strips the path as well * @note Essentially strips the URL query variables, and by default, strips the path as well
* @param accessurl A URL to process * @param accessurl A URL to process
* @param resource Ouput variable for result * @param resource Ouput variable for result
* @param withpath Whether to include the * @param withpath Whether to include the URI's path in output
*/ */
static bool uriToResource( const QString &accessurl, QString *resource, bool withpath = false ); static bool uriToResource( const QString &accessurl, QString *resource, bool withpath = false );
@ -144,35 +182,66 @@ typedef QHash<QString, QgsAuthMethodConfig> QgsAuthMethodConfigsMap;
class CORE_EXPORT QgsPkiBundle class CORE_EXPORT QgsPkiBundle
{ {
public: public:
/**
* Construct a bundle from existing PKI components
* @param clientCert Certificate to store in bundle
* @param clientKey Private key to store in bundle
* @param keyPassphrase Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(), QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(), const QSslKey &clientKey = QSslKey(),
const QString &keyPassphrase = QString::null , const QString &keyPassphrase = QString::null ,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() ); const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
~QgsPkiBundle(); ~QgsPkiBundle();
/**
* Construct a bundle of PKI components from PEM-formatted file paths
* @param certPath Certificate file path
* @param keyPath Private key path
* @param keyPass Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
static const QgsPkiBundle fromPemPaths( const QString &certPath, static const QgsPkiBundle fromPemPaths( const QString &certPath,
const QString &keyPath, const QString &keyPath,
const QString &keyPass = QString::null, const QString &keyPass = QString::null,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() ); const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
/**
* Construct a bundle of PKI components from a PKCS#12 file path
* @param bundlepath Bundle file path
* @param bundlepass Optional bundle passphrase
*/
static const QgsPkiBundle fromPkcs12Paths( const QString &bundlepath, static const QgsPkiBundle fromPkcs12Paths( const QString &bundlepath,
const QString &bundlepass = QString::null ); const QString &bundlepass = QString::null );
/** Whether the bundle, either its certificate or private key, is null */
bool isNull() const; bool isNull() const;
/** Whether the bundle is valid */
bool isValid() const; bool isValid() const;
/** The sha hash of the client certificate */
const QString certId() const; const QString certId() const;
/** Client certificate object */
const QSslCertificate clientCert() const { return mCert; } const QSslCertificate clientCert() const { return mCert; }
/** Set client certificate object */
void setClientCert( const QSslCertificate &cert ); void setClientCert( const QSslCertificate &cert );
/** Private key object */
const QSslKey clientKey( bool reencrypt = true ) const; const QSslKey clientKey( bool reencrypt = true ) const;
/** Set private key object */
void setClientKey( const QSslKey &certkey ); void setClientKey( const QSslKey &certkey );
/** Private key passphrase */
const QString keyPassphrase() const { return mKeyPassphrase; } const QString keyPassphrase() const { return mKeyPassphrase; }
/** Set private key passphrase */
void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; } void setKeyPassphrase( const QString &pass ) { mKeyPassphrase = pass; }
/** Chain of Certificate Authorities for client certificate */
const QList<QSslCertificate> caChain() const { return mCaChain; } const QList<QSslCertificate> caChain() const { return mCaChain; }
/** Set chain of Certificate Authorities for client certificate */
void setCaChain( const QList<QSslCertificate> &cachain ) { mCaChain = cachain; } void setCaChain( const QList<QSslCertificate> &cachain ) { mCaChain = cachain; }
private: private:
@ -189,20 +258,33 @@ class CORE_EXPORT QgsPkiBundle
class CORE_EXPORT QgsPkiConfigBundle class CORE_EXPORT QgsPkiConfigBundle
{ {
public: public:
/**
* Construct a bundle from existing PKI components and authentication method configuration
* @param config Authentication method configuration
* @param cert Certificate to store in bundle
* @param certkey Private key to store in bundle
*/
QgsPkiConfigBundle( const QgsAuthMethodConfig& config, QgsPkiConfigBundle( const QgsAuthMethodConfig& config,
const QSslCertificate& cert, const QSslCertificate& cert,
const QSslKey& certkey ); const QSslKey& certkey );
~QgsPkiConfigBundle(); ~QgsPkiConfigBundle();
/** Whether the bundle is valid */
bool isValid(); bool isValid();
/** Authentication method configuration */
const QgsAuthMethodConfig config() const { return mConfig; } const QgsAuthMethodConfig config() const { return mConfig; }
/** Set authentication method configuration */
void setConfig( const QgsAuthMethodConfig& config ) { mConfig = config; } void setConfig( const QgsAuthMethodConfig& config ) { mConfig = config; }
/** Client certificate object */
const QSslCertificate clientCert() const { return mCert; } const QSslCertificate clientCert() const { return mCert; }
/** Set client certificate object */
void setClientCert( const QSslCertificate& cert ) { mCert = cert; } void setClientCert( const QSslCertificate& cert ) { mCert = cert; }
/** Private key object */
const QSslKey clientCertKey() const { return mCertKey; } const QSslKey clientCertKey() const { return mCertKey; }
/** Set private key object */
void setClientCertKey( const QSslKey& certkey ) { mCertKey = certkey; } void setClientCertKey( const QSslKey& certkey ) { mCertKey = certkey; }
private: private:
@ -218,38 +300,63 @@ class CORE_EXPORT QgsPkiConfigBundle
class CORE_EXPORT QgsAuthConfigSslServer class CORE_EXPORT QgsAuthConfigSslServer
{ {
public: public:
/** Construct a default SSL server configuration */
QgsAuthConfigSslServer(); QgsAuthConfigSslServer();
~QgsAuthConfigSslServer() {} ~QgsAuthConfigSslServer() {}
/** Server certificate object */
const QSslCertificate sslCertificate() const { return mSslCert; } const QSslCertificate sslCertificate() const { return mSslCert; }
/** Set server certificate object */
void setSslCertificate( const QSslCertificate& cert ) { mSslCert = cert; } void setSslCertificate( const QSslCertificate& cert ) { mSslCert = cert; }
/** Server host:port string */
const QString sslHostPort() const { return mSslHostPort; } const QString sslHostPort() const { return mSslHostPort; }
/** Set server host:port string */
void setSslHostPort( const QString& hostport ) { mSslHostPort = hostport; } void setSslHostPort( const QString& hostport ) { mSslHostPort = hostport; }
/** SSL server protocol to use in connections */
QSsl::SslProtocol sslProtocol() const { return mSslProtocol; } QSsl::SslProtocol sslProtocol() const { return mSslProtocol; }
/** Set SSL server protocol to use in connections */
void setSslProtocol( QSsl::SslProtocol protocol ) { mSslProtocol = protocol; } void setSslProtocol( QSsl::SslProtocol protocol ) { mSslProtocol = protocol; }
/** SSL server errors to ignore in connections */
const QList<QSslError> sslIgnoredErrors() const; const QList<QSslError> sslIgnoredErrors() const;
/** SSL server errors (as enum list) to ignore in connections */
const QList<QSslError::SslError> sslIgnoredErrorEnums() const { return mSslIgnoredErrors; } const QList<QSslError::SslError> sslIgnoredErrorEnums() const { return mSslIgnoredErrors; }
/** Set SSL server errors (as enum list) to ignore in connections */
void setSslIgnoredErrorEnums( const QList<QSslError::SslError>& errors ) { mSslIgnoredErrors = errors; } void setSslIgnoredErrorEnums( const QList<QSslError::SslError>& errors ) { mSslIgnoredErrors = errors; }
/** SSL client's peer verify mode to use in connections */
QSslSocket::PeerVerifyMode sslPeerVerifyMode() const { return mSslPeerVerifyMode; } QSslSocket::PeerVerifyMode sslPeerVerifyMode() const { return mSslPeerVerifyMode; }
/** Set SSL client's peer verify mode to use in connections */
void setSslPeerVerifyMode( QSslSocket::PeerVerifyMode mode ) { mSslPeerVerifyMode = mode; } void setSslPeerVerifyMode( QSslSocket::PeerVerifyMode mode ) { mSslPeerVerifyMode = mode; }
/** Number or SSL client's peer to verify in connections
* @note When set to 0 = unlimited depth
*/
int sslPeerVerifyDepth() const { return mSslPeerVerifyDepth; } int sslPeerVerifyDepth() const { return mSslPeerVerifyDepth; }
/** Set number or SSL client's peer to verify in connections
* @note When set to 0 = unlimited depth
*/
void setSslPeerVerifyDepth( int depth ) { mSslPeerVerifyDepth = depth; } void setSslPeerVerifyDepth( int depth ) { mSslPeerVerifyDepth = depth; }
/** Version of the configuration (used for future upgrading) */
int version() const { return mVersion; } int version() const { return mVersion; }
/** Set version of the configuration (used for future upgrading) */
void setVersion( int version ) { mVersion = version; } void setVersion( int version ) { mVersion = version; }
/** Qt version when the configuration was made (SSL protocols may differ) */
int qtVersion() const { return mQtVersion; } int qtVersion() const { return mQtVersion; }
/** Set Qt version when the configuration was made (SSL protocols may differ) */
void setQtVersion( int version ) { mQtVersion = version; } void setQtVersion( int version ) { mQtVersion = version; }
/** Configuration as a concatenated string */
const QString configString() const; const QString configString() const;
/** Load concatenated string into configuration, e.g. from auth database */
void loadConfigString( const QString& config = QString() ); void loadConfigString( const QString& config = QString() );
/** Whether configuration is null (missing components) */
bool isNull() const; bool isNull() const;
private: private:

2
src/core/auth/qgsauthmanager.h
View File

@ -58,6 +58,7 @@ class CORE_EXPORT QgsAuthManager : public QObject
public: public:
/** Message log level (mirrors that of QgsMessageLog, so it can also output there) */
enum MessageLevel enum MessageLevel
{ {
INFO = 0, INFO = 0,
@ -380,6 +381,7 @@ class CORE_EXPORT QgsAuthManager : public QObject
/** Get ignored SSL error cache, keyed with cert/connection's sha:host:port */ /** Get ignored SSL error cache, keyed with cert/connection's sha:host:port */
QHash<QString, QSet<QSslError::SslError> > getIgnoredSslErrorCache() { return mIgnoredSslErrorsCache; } QHash<QString, QSet<QSslError::SslError> > getIgnoredSslErrorCache() { return mIgnoredSslErrorsCache; }
/** Utility function to dump the cache for debug purposes */
void dumpIgnoredSslErrorsCache_(); void dumpIgnoredSslErrorsCache_();
/** Update ignored SSL error cache with possible ignored SSL errors, using server config */ /** Update ignored SSL error cache with possible ignored SSL errors, using server config */

7
src/core/auth/qgsauthmethod.h
View File

@ -144,7 +144,8 @@ class CORE_EXPORT QgsAuthMethod : public QObject
protected: protected:
/** /**
* * Construct a default authentication method
* @note Non-public since this is an abstract base class
*/ */
explicit QgsAuthMethod() explicit QgsAuthMethod()
: mExpansions( QgsAuthMethod::Expansions( 0 ) ) : mExpansions( QgsAuthMethod::Expansions( 0 ) )
@ -152,11 +153,15 @@ class CORE_EXPORT QgsAuthMethod : public QObject
, mVersion( 0 ) , mVersion( 0 )
{} {}
/** Tag signifying that this is an authentcation method (e.g. for use as title in message log panel output) */
static QString authMethodTag() { return QObject::tr( "Authentication method" ); } static QString authMethodTag() { return QObject::tr( "Authentication method" ); }
/** Set the version of the auth method (useful for future upgrading) */
void setVersion( int version ) { mVersion = version; } void setVersion( int version ) { mVersion = version; }
/** Set the support expansions (points in providers where the authentication is injected) of the auth method */
void setExpansions( QgsAuthMethod::Expansions expansions ) { mExpansions = expansions; } void setExpansions( QgsAuthMethod::Expansions expansions ) { mExpansions = expansions; }
/** Set list of data providers this auth method supports */
void setDataProviders( QStringList dataproviders ) { mDataProviders = dataproviders; } void setDataProviders( QStringList dataproviders ) { mDataProviders = dataproviders; }
QgsAuthMethod::Expansions mExpansions; QgsAuthMethod::Expansions mExpansions;

6
src/core/auth/qgsauthmethodmetadata.h
View File

@ -34,6 +34,12 @@
class CORE_EXPORT QgsAuthMethodMetadata class CORE_EXPORT QgsAuthMethodMetadata
{ {
public: public:
/**
* Construct an authentication method metadata container
* @param _key Textual key of the library plugin
* @param _description Description of the library plugin
* @param _library File name of library plugin
*/
QgsAuthMethodMetadata( const QString & _key, const QString & _description, const QString & _library ); QgsAuthMethodMetadata( const QString & _key, const QString & _description, const QString & _library );
/** This returns the unique key associated with the method /** This returns the unique key associated with the method

2
src/core/auth/qgsauthmethodregistry.cpp
View File

@ -160,6 +160,8 @@ QgsAuthMethodRegistry::~QgsAuthMethodRegistry()
if ( cleanupFunc ) if ( cleanupFunc )
cleanupFunc(); cleanupFunc();
} }
// clear cached QgsAuthMethodMetadata *
delete it->second;
++it; ++it;
} }
} }

1
src/core/auth/qgsauthmethodregistry.h
View File

@ -95,6 +95,7 @@ class CORE_EXPORT QgsAuthMethodRegistry
const QString & functionName ); const QString & functionName );
#endif #endif
/** Return the library object associated with an auth method key */
QLibrary *authMethodLibrary( const QString & authMethodKey ) const; QLibrary *authMethodLibrary( const QString & authMethodKey ) const;
/** Return list of available auth methods by their keys */ /** Return list of available auth methods by their keys */

2
src/core/qgsdataprovider.h
View File

@ -100,7 +100,7 @@ class CORE_EXPORT QgsDataProvider : public QObject
*/ */
virtual QString dataSourceUri( bool expandAuthConfig = false ) const virtual QString dataSourceUri( bool expandAuthConfig = false ) const
{ {
if ( expandAuthConfig ) if ( expandAuthConfig && mDataSourceURI.contains( "authcfg" ) )
{ {
QgsDataSourceURI uri( mDataSourceURI ); QgsDataSourceURI uri( mDataSourceURI );
return uri.uri( expandAuthConfig ); return uri.uri( expandAuthConfig );

3
src/core/qgsdatasourceuri.h
View File

@ -110,7 +110,7 @@ class CORE_EXPORT QgsDataSourceURI
const QString& aSql = QString(), const QString& aSql = QString(),
const QString& aKeyColumn = QString() ); const QString& aKeyColumn = QString() );
//! set authentication configuration ID //! Set authentication configuration ID
void setAuthConfigId( const QString& authcfg ); void setAuthConfigId( const QString& authcfg );
//! set username //! set username
@ -122,6 +122,7 @@ class CORE_EXPORT QgsDataSourceURI
//! Removes password element from uris //! Removes password element from uris
static QString removePassword( const QString& aUri ); static QString removePassword( const QString& aUri );
//! Any associated authentication configuration ID
QString authConfigId() const; QString authConfigId() const;
QString username() const; QString username() const;
QString schema() const; QString schema() const;

2
src/gui/auth/qgsauthauthoritieseditor.cpp
View File

@ -705,13 +705,13 @@ void QgsAuthAuthoritiesEditor::on_btnCaFile_clicked()
QgsAuthManager::instance()->rebuildCertTrustCache(); QgsAuthManager::instance()->rebuildCertTrustCache();
updateCertTrustPolicyCache(); updateCertTrustPolicyCache();
} }
dlg->deleteLater();
QgsAuthManager::instance()->rebuildTrustedCaCertsCache(); QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
populateFileCaCerts(); populateFileCaCerts();
mFileCaSecItem->setExpanded( true ); mFileCaSecItem->setExpanded( true );
} }
dlg->deleteLater();
} }
void QgsAuthAuthoritiesEditor::on_btnCaFileClear_clicked() void QgsAuthAuthoritiesEditor::on_btnCaFileClear_clicked()

4
src/gui/auth/qgsauthauthoritieseditor.h
View File

@ -37,6 +37,7 @@ class GUI_EXPORT QgsAuthAuthoritiesEditor : public QWidget, private Ui::QgsAuthA
public: public:
/** /**
* Widget for viewing and editing certificate authorities directly in database * Widget for viewing and editing certificate authorities directly in database
* @param parent Parent widget
*/ */
explicit QgsAuthAuthoritiesEditor( QWidget *parent = 0 ); explicit QgsAuthAuthoritiesEditor( QWidget *parent = 0 );
~QgsAuthAuthoritiesEditor(); ~QgsAuthAuthoritiesEditor();
@ -78,7 +79,8 @@ class GUI_EXPORT QgsAuthAuthoritiesEditor : public QWidget, private Ui::QgsAuthA
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level ); void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected: protected:
void showEvent( QShowEvent *e ); /** Overridden show event of base widget */
void showEvent( QShowEvent *e ) override;
private: private:
enum CaType enum CaType

11
src/gui/auth/qgsauthcertificateinfo.h
View File

@ -138,14 +138,25 @@ class GUI_EXPORT QgsAuthCertInfoDialog : public QDialog
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct a dialog displaying detailed info on a certificate and its hierarchical trust chain
* @param cert Certificate object
* @param manageCertTrust Whether to show widgets to manage the trust policy of certs in hierarchy
* @param parent Parent widget
* @param connectionCAs List of hierarchical certificates in a connection
*/
explicit QgsAuthCertInfoDialog( const QSslCertificate& cert, explicit QgsAuthCertInfoDialog( const QSslCertificate& cert,
bool manageCertTrust, bool manageCertTrust,
QWidget *parent = 0, QWidget *parent = 0,
QList<QSslCertificate> connectionCAs = QList<QSslCertificate>() ); QList<QSslCertificate> connectionCAs = QList<QSslCertificate>() );
~QgsAuthCertInfoDialog(); ~QgsAuthCertInfoDialog();
/** Get access to embedded info widget */
QgsAuthCertInfo *certInfoWidget() { return mCertInfoWdgt; } QgsAuthCertInfo *certInfoWidget() { return mCertInfoWdgt; }
/** Whether the trust cache has been rebuilt
* @note This happens when a trust policy has been adjusted for any cert in the hierarchy
*/
bool trustCacheRebuilt() { return mCertInfoWdgt->trustCacheRebuilt(); } bool trustCacheRebuilt() { return mCertInfoWdgt->trustCacheRebuilt(); }
private: private:

11
src/gui/auth/qgsauthcerttrustpolicycombobox.h
View File

@ -28,18 +28,29 @@ class GUI_EXPORT QgsAuthCertTrustPolicyComboBox : public QComboBox
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct a combo box for defining certificate trust policy
* @param parent Parent widget
* @param policy Defined trust policy
* @param defaultpolicy Default trust policy
*/
explicit QgsAuthCertTrustPolicyComboBox( explicit QgsAuthCertTrustPolicyComboBox(
QWidget *parent = 0, QWidget *parent = 0,
QgsAuthCertUtils::CertTrustPolicy policy = QgsAuthCertUtils::DefaultTrust, QgsAuthCertUtils::CertTrustPolicy policy = QgsAuthCertUtils::DefaultTrust,
QgsAuthCertUtils::CertTrustPolicy defaultpolicy = QgsAuthCertUtils::DefaultTrust ); QgsAuthCertUtils::CertTrustPolicy defaultpolicy = QgsAuthCertUtils::DefaultTrust );
~QgsAuthCertTrustPolicyComboBox(); ~QgsAuthCertTrustPolicyComboBox();
/** Get currently set trust policy */
QgsAuthCertUtils::CertTrustPolicy trustPolicy(); QgsAuthCertUtils::CertTrustPolicy trustPolicy();
/** Get trust policy for a given index of combobox */
QgsAuthCertUtils::CertTrustPolicy trustPolicyForIndex( int indx ); QgsAuthCertUtils::CertTrustPolicy trustPolicyForIndex( int indx );
public slots: public slots:
/** Set current trust policy */
void setTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy ); void setTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy );
/** Set default trust policy */
void setDefaultTrustPolicy( QgsAuthCertUtils::CertTrustPolicy defaultpolicy ); void setDefaultTrustPolicy( QgsAuthCertUtils::CertTrustPolicy defaultpolicy );
private slots: private slots:

1
src/gui/auth/qgsauthconfigedit.h
View File

@ -34,6 +34,7 @@ class GUI_EXPORT QgsAuthConfigEdit : public QDialog, private Ui::QgsAuthConfigEd
Q_OBJECT Q_OBJECT
public: public:
/** Type of configuration validity */
enum Validity enum Validity
{ {
Valid, Valid,

2
src/gui/auth/qgsauthconfigeditor.cpp
View File

@ -195,6 +195,7 @@ void QgsAuthConfigEditor::on_btnAddConfig_clicked()
{ {
mConfigModel->select(); mConfigModel->select();
} }
ace->deleteLater();
} }
void QgsAuthConfigEditor::on_btnEditConfig_clicked() void QgsAuthConfigEditor::on_btnEditConfig_clicked()
@ -213,6 +214,7 @@ void QgsAuthConfigEditor::on_btnEditConfig_clicked()
{ {
mConfigModel->select(); mConfigModel->select();
} }
ace->deleteLater();
} }
void QgsAuthConfigEditor::on_btnRemoveConfig_clicked() void QgsAuthConfigEditor::on_btnRemoveConfig_clicked()

2
src/gui/auth/qgsauthconfigselect.cpp
View File

@ -161,6 +161,7 @@ void QgsAuthConfigSelect::on_btnConfigAdd_clicked()
{ {
setConfigId( ace->configId() ); setConfigId( ace->configId() );
} }
ace->deleteLater();
} }
void QgsAuthConfigSelect::on_btnConfigEdit_clicked() void QgsAuthConfigSelect::on_btnConfigEdit_clicked()
@ -174,6 +175,7 @@ void QgsAuthConfigSelect::on_btnConfigEdit_clicked()
{ {
setConfigId( mAuthCfg ); setConfigId( mAuthCfg );
} }
ace->deleteLater();
} }
void QgsAuthConfigSelect::on_btnConfigRemove_clicked() void QgsAuthConfigSelect::on_btnConfigRemove_clicked()

5
src/gui/auth/qgsautheditorwidgets.h
View File

@ -30,6 +30,10 @@ class GUI_EXPORT QgsAuthEditorWidgets : public QWidget, private Ui::QgsAuthEdito
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct a widget to contain various authentication editors
* @param parent Parent widget
*/
explicit QgsAuthEditorWidgets( QWidget *parent = 0 ) : explicit QgsAuthEditorWidgets( QWidget *parent = 0 ) :
QWidget( parent ) QWidget( parent )
{ {
@ -38,6 +42,7 @@ class GUI_EXPORT QgsAuthEditorWidgets : public QWidget, private Ui::QgsAuthEdito
~QgsAuthEditorWidgets() {} ~QgsAuthEditorWidgets() {}
/** Get access to embedded tabbed widget */
QTabWidget * tabbedWidget() { return tabWidget; } QTabWidget * tabbedWidget() { return tabWidget; }
}; };

12
src/gui/auth/qgsauthguiutils.cpp
View File

@ -27,32 +27,32 @@
#include "qgsmessagebar.h" #include "qgsmessagebar.h"
const QColor QgsAuthGuiUtils::greenColor() QColor QgsAuthGuiUtils::greenColor()
{ {
return QColor( 0, 170, 0 ); return QColor( 0, 170, 0 );
} }
const QColor QgsAuthGuiUtils::orangeColor() QColor QgsAuthGuiUtils::orangeColor()
{ {
return QColor( 255, 128, 0 ); return QColor( 255, 128, 0 );
} }
const QColor QgsAuthGuiUtils::redColor() QColor QgsAuthGuiUtils::redColor()
{ {
return QColor( 200, 0, 0 ); return QColor( 200, 0, 0 );
} }
const QString QgsAuthGuiUtils::greenTextStyleSheet( const QString &selector ) QString QgsAuthGuiUtils::greenTextStyleSheet( const QString &selector )
{ {
return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::greenColor().name() ); return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::greenColor().name() );
} }
const QString QgsAuthGuiUtils::orangeTextStyleSheet( const QString &selector ) QString QgsAuthGuiUtils::orangeTextStyleSheet( const QString &selector )
{ {
return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::orangeColor().name() ); return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::orangeColor().name() );
} }
const QString QgsAuthGuiUtils::redTextStyleSheet( const QString &selector ) QString QgsAuthGuiUtils::redTextStyleSheet( const QString &selector )
{ {
return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::redColor().name() ); return QString( "%1{color: %2;}" ).arg( selector ).arg( QgsAuthGuiUtils::redColor().name() );
} }

12
src/gui/auth/qgsauthguiutils.h
View File

@ -31,22 +31,22 @@ class GUI_EXPORT QgsAuthGuiUtils
public: public:
/** Green color representing valid, trusted, etc. certificate */ /** Green color representing valid, trusted, etc. certificate */
static const QColor greenColor(); static QColor greenColor();
/** Orange color representing loaded component, but not stored in database */ /** Orange color representing loaded component, but not stored in database */
static const QColor orangeColor(); static QColor orangeColor();
/** Red color representing invalid, untrusted, etc. certificate */ /** Red color representing invalid, untrusted, etc. certificate */
static const QColor redColor(); static QColor redColor();
/** Green text stylesheet representing valid, trusted, etc. certificate */ /** Green text stylesheet representing valid, trusted, etc. certificate */
static const QString greenTextStyleSheet( const QString& selector = "*" ); static QString greenTextStyleSheet( const QString& selector = "*" );
/** Orange text stylesheet representing loaded component, but not stored in database */ /** Orange text stylesheet representing loaded component, but not stored in database */
static const QString orangeTextStyleSheet( const QString& selector = "*" ); static QString orangeTextStyleSheet( const QString& selector = "*" );
/** Red text stylesheet representing invalid, untrusted, etc. certificate */ /** Red text stylesheet representing invalid, untrusted, etc. certificate */
static const QString redTextStyleSheet( const QString& selector = "*" ); static QString redTextStyleSheet( const QString& selector = "*" );
/** Verify the authentication system is active, else notify user */ /** Verify the authentication system is active, else notify user */

4
src/gui/auth/qgsauthidentitieseditor.h
View File

@ -35,6 +35,7 @@ class GUI_EXPORT QgsAuthIdentitiesEditor : public QWidget, private Ui::QgsAuthId
public: public:
/** /**
* Widget for editing authentication configurations directly in database * Widget for editing authentication configurations directly in database
* @param parent Parent widget
*/ */
explicit QgsAuthIdentitiesEditor( QWidget *parent = 0 ); explicit QgsAuthIdentitiesEditor( QWidget *parent = 0 );
~QgsAuthIdentitiesEditor(); ~QgsAuthIdentitiesEditor();
@ -66,7 +67,8 @@ class GUI_EXPORT QgsAuthIdentitiesEditor : public QWidget, private Ui::QgsAuthId
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level ); void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected: protected:
void showEvent( QShowEvent *e ); /** Overridden show event of base widget */
void showEvent( QShowEvent *e ) override;
private: private:
enum IdentityType enum IdentityType

4
src/gui/auth/qgsauthimportcertdialog.cpp
View File

@ -133,7 +133,7 @@ void QgsAuthImportCertDialog::validateCertificates()
int certssize = certs.size(); int certssize = certs.size();
Q_FOREACH ( QSslCertificate cert, certs ) Q_FOREACH ( const QSslCertificate &cert, certs )
{ {
if ( cert.isValid() ) if ( cert.isValid() )
++validcerts; ++validcerts;
@ -157,7 +157,7 @@ void QgsAuthImportCertDialog::validateCertificates()
if ( nixcerts.size() > 0 ) if ( nixcerts.size() > 0 )
{ {
Q_FOREACH ( QSslCertificate nixcert, nixcerts ) Q_FOREACH ( const QSslCertificate &nixcert, nixcerts )
{ {
certs.removeOne( nixcert ); certs.removeOne( nixcert );
} }

13
src/gui/auth/qgsauthimportcertdialog.h
View File

@ -33,12 +33,14 @@ class GUI_EXPORT QgsAuthImportCertDialog : public QDialog, private Ui::QgsAuthIm
Q_OBJECT Q_OBJECT
public: public:
/** Type of filter to apply to dialog */
enum CertFilter enum CertFilter
{ {
NoFilter = 1, NoFilter = 1,
CaFilter = 2, CaFilter = 2,
}; };
/** Type of inputs for certificates */
enum CertInput enum CertInput
{ {
AllInputs = 1, AllInputs = 1,
@ -46,19 +48,30 @@ class GUI_EXPORT QgsAuthImportCertDialog : public QDialog, private Ui::QgsAuthIm
TextInput = 3, TextInput = 3,
}; };
/**
* Construct a dialog for importing certificates
* @param parent Parent widget
* @param filter Certificate type filter to apply to dialog
* @param input Type of input(s) for certificates
*/
explicit QgsAuthImportCertDialog( QWidget *parent = 0, explicit QgsAuthImportCertDialog( QWidget *parent = 0,
QgsAuthImportCertDialog::CertFilter filter = NoFilter, QgsAuthImportCertDialog::CertFilter filter = NoFilter,
QgsAuthImportCertDialog::CertInput input = AllInputs ); QgsAuthImportCertDialog::CertInput input = AllInputs );
~QgsAuthImportCertDialog(); ~QgsAuthImportCertDialog();
/** Get list of certificate objects to import */
const QList<QSslCertificate> certificatesToImport() { return mCerts; } const QList<QSslCertificate> certificatesToImport() { return mCerts; }
/** Get the file path to a certificate to import */
const QString certFileToImport(); const QString certFileToImport();
/** Get certificate text to import */
const QString certTextToImport(); const QString certTextToImport();
/** Whether to allow importation of invalid certificates (so trust policy can be overridden) */
bool allowInvalidCerts(); bool allowInvalidCerts();
/** Defined trust policy for imported certificates */
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy(); QgsAuthCertUtils::CertTrustPolicy certTrustPolicy();
private slots: private slots:

11
src/gui/auth/qgsauthimportidentitydialog.h
View File

@ -33,17 +33,20 @@ class GUI_EXPORT QgsAuthImportIdentityDialog : public QDialog, private Ui::QgsAu
Q_OBJECT Q_OBJECT
public: public:
/** Type of identity being imported */
enum IdentityType enum IdentityType
{ {
CertIdentity = 0, CertIdentity = 0,
}; };
/** Type of bundles supported */
enum BundleTypes enum BundleTypes
{ {
PkiPaths = 0, PkiPaths = 0,
PkiPkcs12 = 1, PkiPkcs12 = 1,
}; };
/** Type of certificate/bundle validity output */
enum Validity enum Validity
{ {
Valid, Valid,
@ -51,14 +54,22 @@ class GUI_EXPORT QgsAuthImportIdentityDialog : public QDialog, private Ui::QgsAu
Unknown Unknown
}; };
/**
* Construct a dialog for importing identities
* @param identitytype Type of the identity to import
* @param parent Parent widget
*/
explicit QgsAuthImportIdentityDialog( QgsAuthImportIdentityDialog::IdentityType identitytype, explicit QgsAuthImportIdentityDialog( QgsAuthImportIdentityDialog::IdentityType identitytype,
QWidget *parent = 0 ); QWidget *parent = 0 );
~QgsAuthImportIdentityDialog(); ~QgsAuthImportIdentityDialog();
/** Get identity type */
QgsAuthImportIdentityDialog::IdentityType identityType() { return mIdentityType; } QgsAuthImportIdentityDialog::IdentityType identityType() { return mIdentityType; }
/** Get certificate/key bundle to be imported */
const QPair<QSslCertificate, QSslKey> certBundleToImport() { return mCertBundle; } const QPair<QSslCertificate, QSslKey> certBundleToImport() { return mCertBundle; }
/** Get certificate/key bundle to be imported as a PKI bundle object */
const QgsPkiBundle pkiBundleToImport() { return mPkiBundle; } const QgsPkiBundle pkiBundleToImport() { return mPkiBundle; }
private slots: private slots:

14
src/gui/auth/qgsauthmethodedit.h
View File

@ -30,21 +30,35 @@ class GUI_EXPORT QgsAuthMethodEdit : public QWidget
Q_OBJECT Q_OBJECT
public: public:
/** Validate the configuration of subclasses */
virtual bool validateConfig() = 0; virtual bool validateConfig() = 0;
/** The configuration key-vale map of subclasses */
virtual QgsStringMap configMap() const = 0; virtual QgsStringMap configMap() const = 0;
signals: signals:
/** Emitted when the configuration validatity changes */
void validityChanged( bool valid ); void validityChanged( bool valid );
public slots: public slots:
/**
* Load an existing config map into subclassed widget
* @param configmap
*/
virtual void loadConfig( const QgsStringMap &configmap ) = 0; virtual void loadConfig( const QgsStringMap &configmap ) = 0;
/** Clear GUI controls in subclassed widget, optionally reloading any previously loaded config map */
virtual void resetConfig() = 0; virtual void resetConfig() = 0;
/** Clear GUI controls in subclassed widget */
virtual void clearConfig() = 0; virtual void clearConfig() = 0;
protected: protected:
/**
* Construct widget to edit an authentication method configuration
* @note Non-public since this is an abstract base class
* @param parent Parent widget
*/
explicit QgsAuthMethodEdit( QWidget *parent = 0 ) explicit QgsAuthMethodEdit( QWidget *parent = 0 )
: QWidget( parent ) : QWidget( parent )
{} {}

4
src/gui/auth/qgsauthserverseditor.h
View File

@ -34,6 +34,7 @@ class GUI_EXPORT QgsAuthServersEditor : public QWidget, private Ui::QgsAuthServe
public: public:
/** /**
* Widget for editing authentication configurations directly in database * Widget for editing authentication configurations directly in database
* @param parent Parent Widget
*/ */
explicit QgsAuthServersEditor( QWidget *parent = 0 ); explicit QgsAuthServersEditor( QWidget *parent = 0 );
~QgsAuthServersEditor(); ~QgsAuthServersEditor();
@ -63,7 +64,8 @@ class GUI_EXPORT QgsAuthServersEditor : public QWidget, private Ui::QgsAuthServe
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level ); void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected: protected:
void showEvent( QShowEvent *e ); /** Overridden show event of base widget */
void showEvent( QShowEvent *e ) override;
private: private:
enum ConfigType enum ConfigType

52
src/gui/auth/qgsauthsslconfigwidget.h
View File

@ -38,69 +38,111 @@ class GUI_EXPORT QgsAuthSslConfigWidget : public QWidget, private Ui::QgsAuthSsl
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct a widget for editing an SSL server certificate configuration
* @param parent Parent widget
* @param cert SSL server certificate object
* @param hostport Unique host:port to associate with the server certificate
* @param connectionCAs List of trusted Certificate Authorities objects
*/
explicit QgsAuthSslConfigWidget( QWidget *parent = 0, explicit QgsAuthSslConfigWidget( QWidget *parent = 0,
const QSslCertificate &cert = QSslCertificate(), const QSslCertificate &cert = QSslCertificate(),
const QString &hostport = QString(), const QString &hostport = QString(),
const QList<QSslCertificate>& connectionCAs = QList<QSslCertificate>() ); const QList<QSslCertificate>& connectionCAs = QList<QSslCertificate>() );
~QgsAuthSslConfigWidget(); ~QgsAuthSslConfigWidget();
/** Access to the certificate's group box widget */
QGroupBox *certificateGroupBox() { return grpbxCert; } QGroupBox *certificateGroupBox() { return grpbxCert; }
/** Access to the SSL configuration's group box widget */
QGroupBox *sslConfigGroupBox() { return grpbxSslConfig; } QGroupBox *sslConfigGroupBox() { return grpbxSslConfig; }
/** Get the SSL configuration */
const QgsAuthConfigSslServer sslCustomConfig(); const QgsAuthConfigSslServer sslCustomConfig();
/** Get the SSL server certificate */
const QSslCertificate sslCertificate() { return mCert; } const QSslCertificate sslCertificate() { return mCert; }
/** Get the host:port to associate with the server certificate */
const QString sslHost() { return leHost->text(); } const QString sslHost() { return leHost->text(); }
/** Get the SSL protocl used for connections */
QSsl::SslProtocol sslProtocol(); QSsl::SslProtocol sslProtocol();
/** Get list of the SSL errors (as enums) to be ignored for connections */
const QList<QSslError::SslError> sslIgnoreErrorEnums(); const QList<QSslError::SslError> sslIgnoreErrorEnums();
/** Get the client's peer verify mode for connections */
QSslSocket::PeerVerifyMode sslPeerVerifyMode(); QSslSocket::PeerVerifyMode sslPeerVerifyMode();
/** Get the client's peer verify depth for connections
* @note Value of 0 = unlimited
*/
int sslPeerVerifyDepth(); int sslPeerVerifyDepth();
public slots: public slots:
/** Enable or disable the custom options widget */
void enableSslCustomOptions( bool enable ); void enableSslCustomOptions( bool enable );
// may also load existing config, if found // may also load existing config, if found
/** Set SSl certificate and any associated host:port */
void setSslCertificate( const QSslCertificate& cert, const QString &hostport = QString() ); void setSslCertificate( const QSslCertificate& cert, const QString &hostport = QString() );
/** Load an existing SSL server configuration */
void loadSslCustomConfig( const QgsAuthConfigSslServer& config = QgsAuthConfigSslServer() ); void loadSslCustomConfig( const QgsAuthConfigSslServer& config = QgsAuthConfigSslServer() );
/** Save the current SSL server configuration to the authentication database */
void saveSslCertConfig(); void saveSslCertConfig();
/** Clear the current SSL server configuration and disabled it */
void resetSslCertConfig(); void resetSslCertConfig();
/** Set the SSL protocol to use in connections */
void setSslProtocol( QSsl::SslProtocol protocol ); void setSslProtocol( QSsl::SslProtocol protocol );
/** Reset the SSL protocol to use in connections to the default */
void resetSslProtocol(); void resetSslProtocol();
/** Add to SSL errors to ignore for the connection */
void appendSslIgnoreErrors( const QList<QSslError>& errors ); void appendSslIgnoreErrors( const QList<QSslError>& errors );
/** Set the SSL errors (as enums) to ignore for the connection */
void setSslIgnoreErrorEnums( const QList<QSslError::SslError>& errorenums ); void setSslIgnoreErrorEnums( const QList<QSslError::SslError>& errorenums );
/** Set the SSL errors to ignore for the connection */
void setSslIgnoreErrors( const QList<QSslError>& errors ); void setSslIgnoreErrors( const QList<QSslError>& errors );
/** Clear the SSL errors to ignore for the connection */
void resetSslIgnoreErrors(); void resetSslIgnoreErrors();
/** Set the client's peer verify mode for connections */
void setSslPeerVerify( QSslSocket::PeerVerifyMode mode, int modedepth ); void setSslPeerVerify( QSslSocket::PeerVerifyMode mode, int modedepth );
/** Reset the client's peer verify mode for connections to default */
void resetSslPeerVerify(); void resetSslPeerVerify();
/** Set the host of the server */
void setSslHost( const QString& host ); void setSslHost( const QString& host );
/** Set whether the config group box is checkable */
void setConfigCheckable( bool checkable ); void setConfigCheckable( bool checkable );
/** Parse string for host:port */
void validateHostPortText( const QString &txt ); void validateHostPortText( const QString &txt );
/** Verify if the configuration if ready to save */
bool readyToSave(); bool readyToSave();
signals: signals:
/** Emitted when the enabled state of the configuration changes */
void configEnabledChanged( bool enabled ); void configEnabledChanged( bool enabled );
/** Emitted when an certificate of same SHA hash is found in authentication database */
void certFoundInAuthDatabase( bool found ); void certFoundInAuthDatabase( bool found );
/** Emitted when the validity of the host:port changes */
void hostPortValidityChanged( bool valid ); void hostPortValidityChanged( bool valid );
/** Emitted when the configuration can be saved changes */
void readyToSaveChanged( bool cansave ); void readyToSaveChanged( bool cansave );
private slots: private slots:
@ -143,15 +185,23 @@ class GUI_EXPORT QgsAuthSslConfigDialog : public QDialog
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct wrapper dialog for the SSL config widget
* @param parent Parent widget
* @param cert SSL server certificate object
* @param hostport Unique host:port to associate with the server certificate
*/
explicit QgsAuthSslConfigDialog( QWidget *parent = 0, explicit QgsAuthSslConfigDialog( QWidget *parent = 0,
const QSslCertificate& cert = QSslCertificate(), const QSslCertificate& cert = QSslCertificate(),
const QString &hostport = QString() ); const QString &hostport = QString() );
~QgsAuthSslConfigDialog(); ~QgsAuthSslConfigDialog();
/** Access the embedded SSL server configuration widget */
QgsAuthSslConfigWidget *sslCustomConfigWidget() { return mSslConfigWdgt; } QgsAuthSslConfigWidget *sslCustomConfigWidget() { return mSslConfigWdgt; }
public slots: public slots:
void accept(); /** Overridden base dialog accept slot */
void accept() override;
private slots: private slots:
void checkCanSave( bool cansave ); void checkCanSave( bool cansave );

8
src/gui/auth/qgsauthsslerrorsdialog.h
View File

@ -32,6 +32,14 @@ class GUI_EXPORT QgsAuthSslErrorsDialog : public QDialog, private Ui::QgsAuthSsl
{ {
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct a dialog to handle SSL errors and saving SSL server certificate exceptions
* @param reply Network reply that hand error(s)
* @param sslErrors SSL errors that occurred
* @param parent Parent widget
* @param digest SHA digest of server certificate
* @param hostport Unique host:port to associate with the server certificate
*/
QgsAuthSslErrorsDialog( QNetworkReply *reply, QgsAuthSslErrorsDialog( QNetworkReply *reply,
const QList<QSslError>& sslErrors, const QList<QSslError>& sslErrors,
QWidget *parent = 0 , QWidget *parent = 0 ,

7
src/gui/auth/qgsauthsslimportdialog.h
View File

@ -80,11 +80,16 @@ class GUI_EXPORT QgsAuthSslImportDialog : public QDialog, private Ui::QgsAuthSsl
{ {
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct dialog for importing certificates
* @param parent
*/
QgsAuthSslImportDialog( QWidget *parent = 0 ); QgsAuthSslImportDialog( QWidget *parent = 0 );
~QgsAuthSslImportDialog(); ~QgsAuthSslImportDialog();
public slots: public slots:
void accept(); /** Overridden slot of base dialog */
void accept() override;
private slots: private slots:
void updateEnabledState(); void updateEnabledState();

8
src/gui/auth/qgsauthtrustedcasdialog.h
View File

@ -34,6 +34,11 @@ class GUI_EXPORT QgsAuthTrustedCAsDialog : public QDialog, private Ui::QgsAuthTr
Q_OBJECT Q_OBJECT
public: public:
/**
* Construct a dialog that will list the trusted Certificate Authorities
* @param parent Parent widget
* @param trustedCAs List of trusted Certificate Authorities objects
*/
explicit QgsAuthTrustedCAsDialog( QWidget *parent = 0, explicit QgsAuthTrustedCAsDialog( QWidget *parent = 0,
QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() ); QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );
~QgsAuthTrustedCAsDialog(); ~QgsAuthTrustedCAsDialog();
@ -59,7 +64,8 @@ class GUI_EXPORT QgsAuthTrustedCAsDialog : public QDialog, private Ui::QgsAuthTr
void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level ); void authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level );
protected: protected:
void showEvent( QShowEvent *e ); /** Overridden widget show event */
void showEvent( QShowEvent *e ) override;
private: private:
enum CaType enum CaType

15
src/gui/qgscredentialdialog.cpp
View File

@ -122,7 +122,7 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
QString titletxt( stored ? tr( "Enter CURRENT master authentication password" ) : tr( "Set NEW master authentication password" ) ); QString titletxt( stored ? tr( "Enter CURRENT master authentication password" ) : tr( "Set NEW master authentication password" ) );
lblPasswordTitle->setText( titletxt ); lblPasswordTitle->setText( titletxt );
frameMasterPassVerify->setVisible( !stored ); leMasterPassVerify->setVisible( !stored );
lblDontForget->setVisible( !stored ); lblDontForget->setVisible( !stored );
QApplication::setOverrideCursor( Qt::ArrowCursor ); QApplication::setOverrideCursor( Qt::ArrowCursor );
@ -180,7 +180,7 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
++passfailed; ++passfailed;
leMasterPass->setStyleSheet( invalidStyle_() ); leMasterPass->setStyleSheet( invalidStyle_() );
if ( frameMasterPassVerify->isVisible() ) if ( leMasterPassVerify->isVisible() )
{ {
leMasterPassVerify->setStyleSheet( invalidStyle_() ); leMasterPassVerify->setStyleSheet( invalidStyle_() );
} }
@ -196,7 +196,6 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
leMasterPass->clear(); leMasterPass->clear();
chkMasterPassShow->setChecked( false ); chkMasterPassShow->setChecked( false );
leMasterPassVerify->clear(); leMasterPassVerify->clear();
chkMasterPassVerifyShow->setChecked( false );
chkbxEraseAuthDb->setChecked( false ); chkbxEraseAuthDb->setChecked( false );
lblSavedForSession->setVisible( true ); lblSavedForSession->setVisible( true );
@ -211,10 +210,6 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
void QgsCredentialDialog::on_chkMasterPassShow_stateChanged( int state ) void QgsCredentialDialog::on_chkMasterPassShow_stateChanged( int state )
{ {
leMasterPass->setEchoMode(( state > 0 ) ? QLineEdit::Normal : QLineEdit::Password ); leMasterPass->setEchoMode(( state > 0 ) ? QLineEdit::Normal : QLineEdit::Password );
}
void QgsCredentialDialog::on_chkMasterPassVerifyShow_stateChanged( int state )
{
leMasterPassVerify->setEchoMode(( state > 0 ) ? QLineEdit::Normal : QLineEdit::Password ); leMasterPassVerify->setEchoMode(( state > 0 ) ? QLineEdit::Normal : QLineEdit::Password );
} }
@ -222,14 +217,14 @@ void QgsCredentialDialog::on_leMasterPass_textChanged( const QString &pass )
{ {
leMasterPass->setStyleSheet( "" ); leMasterPass->setStyleSheet( "" );
bool passok = !pass.isEmpty(); // regardless of new or comparing existing, empty password disallowed bool passok = !pass.isEmpty(); // regardless of new or comparing existing, empty password disallowed
if ( frameMasterPassVerify->isVisible() ) if ( leMasterPassVerify->isVisible() )
{ {
leMasterPassVerify->setStyleSheet( "" ); leMasterPassVerify->setStyleSheet( "" );
passok = passok && ( leMasterPass->text() == leMasterPassVerify->text() ); passok = passok && ( leMasterPass->text() == leMasterPassVerify->text() );
} }
mOkButton->setEnabled( passok ); mOkButton->setEnabled( passok );
if ( frameMasterPassVerify->isVisible() && !passok ) if ( leMasterPassVerify->isVisible() && !passok )
{ {
leMasterPass->setStyleSheet( invalidStyle_() ); leMasterPass->setStyleSheet( invalidStyle_() );
leMasterPassVerify->setStyleSheet( invalidStyle_() ); leMasterPassVerify->setStyleSheet( invalidStyle_() );
@ -238,7 +233,7 @@ void QgsCredentialDialog::on_leMasterPass_textChanged( const QString &pass )
void QgsCredentialDialog::on_leMasterPassVerify_textChanged( const QString &pass ) void QgsCredentialDialog::on_leMasterPassVerify_textChanged( const QString &pass )
{ {
if ( frameMasterPassVerify->isVisible() ) if ( leMasterPassVerify->isVisible() )
{ {
leMasterPass->setStyleSheet( "" ); leMasterPass->setStyleSheet( "" );
leMasterPassVerify->setStyleSheet( "" ); leMasterPassVerify->setStyleSheet( "" );

1
src/gui/qgscredentialdialog.h
View File

@ -46,7 +46,6 @@ class GUI_EXPORT QgsCredentialDialog : public QDialog, public QgsCredentials, pr
void requestCredentialsMasterPassword( QString *password, bool stored, bool *ok ); void requestCredentialsMasterPassword( QString *password, bool stored, bool *ok );
void on_chkMasterPassShow_stateChanged( int state ); void on_chkMasterPassShow_stateChanged( int state );
void on_chkMasterPassVerifyShow_stateChanged( int state );
void on_leMasterPass_textChanged( const QString& pass ); void on_leMasterPass_textChanged( const QString& pass );
void on_leMasterPassVerify_textChanged( const QString& pass ); void on_leMasterPassVerify_textChanged( const QString& pass );
void on_chkbxEraseAuthDb_toggled( bool checked ); void on_chkbxEraseAuthDb_toggled( bool checked );

71
src/ui/qgscredentialdialog.ui
View File

@ -17,6 +17,16 @@
<property name="fieldGrowthPolicy"> <property name="fieldGrowthPolicy">
<enum>QFormLayout::ExpandingFieldsGrow</enum> <enum>QFormLayout::ExpandingFieldsGrow</enum>
</property> </property>
<item row="3" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
<item row="1" column="0" colspan="2"> <item row="1" column="0" colspan="2">
<widget class="QStackedWidget" name="stackedWidget"> <widget class="QStackedWidget" name="stackedWidget">
<property name="currentIndex"> <property name="currentIndex">
@ -111,18 +121,15 @@
</widget> </widget>
</item> </item>
<item> <item>
<layout class="QHBoxLayout" name="horizontalLayout"> <layout class="QGridLayout" name="gridLayout">
<property name="spacing"> <item row="0" column="0">
<number>6</number>
</property>
<item>
<widget class="QLineEdit" name="leMasterPass"> <widget class="QLineEdit" name="leMasterPass">
<property name="echoMode"> <property name="echoMode">
<enum>QLineEdit::Password</enum> <enum>QLineEdit::Password</enum>
</property> </property>
</widget> </widget>
</item> </item>
<item> <item row="0" column="1">
<widget class="QCheckBox" name="chkMasterPassShow"> <widget class="QCheckBox" name="chkMasterPassShow">
<property name="sizePolicy"> <property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed"> <sizepolicy hsizetype="Maximum" vsizetype="Fixed">
@ -135,33 +142,7 @@
</property> </property>
</widget> </widget>
</item> </item>
</layout> <item row="1" column="0">
</item>
<item>
<widget class="QFrame" name="frameMasterPassVerify">
<property name="frameShape">
<enum>QFrame::NoFrame</enum>
</property>
<property name="frameShadow">
<enum>QFrame::Raised</enum>
</property>
<layout class="QHBoxLayout" name="horizontalLayout_2">
<property name="spacing">
<number>6</number>
</property>
<property name="leftMargin">
<number>0</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<property name="rightMargin">
<number>0</number>
</property>
<property name="bottomMargin">
<number>0</number>
</property>
<item>
<widget class="QLineEdit" name="leMasterPassVerify"> <widget class="QLineEdit" name="leMasterPassVerify">
<property name="echoMode"> <property name="echoMode">
<enum>QLineEdit::Password</enum> <enum>QLineEdit::Password</enum>
@ -171,21 +152,7 @@
</property> </property>
</widget> </widget>
</item> </item>
<item>
<widget class="QCheckBox" name="chkMasterPassVerifyShow">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Show</string>
</property>
</widget>
</item>
</layout> </layout>
</widget>
</item> </item>
<item> <item>
<widget class="QLabel" name="lblDontForget"> <widget class="QLabel" name="lblDontForget">
@ -251,16 +218,6 @@ font-style: italic;
</widget> </widget>
</widget> </widget>
</item> </item>
<item row="3" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
</layout> </layout>
</widget> </widget>
<resources/> <resources/>