sharpetronics/QGIS
1
0
Fork 0
mirror of https://github.com/qgis/QGIS.git synced 2025-04-18 00:03:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

[auth] Integrate cert viable functions into auth system

Browse Source
This commit is contained in:
Larry Shaffer 2017-10-27 04:48:15 -06:00
parent 8032de8d06
commit 671ce6359f
12 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/auth/identcert/qgsauthidentcertmethod.cpp
View File

@ -251,9 +251,9 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( cibundle.first );
if ( !clientcert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}

9
src/auth/pkipaths/qgsauthpkipathsedit.cpp
View File

@ -24,6 +24,7 @@
#include <QSslKey>
#include "qgsapplication.h"
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgsauthguiutils.h"
#include "qgslogger.h"
@ -97,21 +98,21 @@ bool QgsAuthPkiPathsEdit::validateConfig()
return validityChange( false );
}
bool certvalid = cert.isValid();
QDateTime startdate( cert.effectiveDate() );
QDateTime enddate( cert.expiryDate() );
writePkiMessage( lePkiPathsMsg,
tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
( certvalid ? Valid : Invalid ) );
( QgsAuthCertUtils::certIsCurrent( cert ) ? Valid : Invalid ) );
bool showCas( certvalid && populateCas() );
bool certviable = QgsAuthCertUtils::certIsViable( cert );
bool showCas( certviable && populateCas() );
lblCas->setVisible( showCas );
twCas->setVisible( showCas );
cbAddCas->setVisible( showCas );
cbAddRootCa->setVisible( showCas );
return validityChange( certvalid );
return validityChange( certviable );
}
QgsStringMap QgsAuthPkiPathsEdit::configMap() const

4
src/auth/pkipaths/qgsauthpkipathsmethod.cpp
View File

@ -284,9 +284,9 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( QgsAuthCertUtils::certFromFile( mconfig.config( QStringLiteral( "certpath" ) ) ) );
if ( !clientcert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}

4
src/auth/pkipkcs12/qgsauthpkcs12method.cpp
View File

@ -292,9 +292,9 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( bundlelist.at( 0 ).toLatin1() );
if ( !clientcert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}

2
src/core/auth/qgsauthconfig.cpp
View File

@ -275,7 +275,7 @@ bool QgsPkiBundle::isNull() const
bool QgsPkiBundle::isValid() const
{
return ( !isNull() && mCert.isValid() );
return ( !isNull() && QgsAuthCertUtils::certIsViable( mCert ) );
}
const QString QgsPkiBundle::certId() const

4
src/core/auth/qgsauthmanager.cpp
View File

@ -1784,7 +1784,7 @@ const QPair<QSslCertificate, QSslKey> QgsAuthManager::certIdentityBundle( const
const QStringList QgsAuthManager::certIdentityBundleToPem( const QString &id )
{
QPair<QSslCertificate, QSslKey> bundle( certIdentityBundle( id ) );
if ( bundle.first.isValid() && !bundle.second.isNull() )
if ( QgsAuthCertUtils::certIsViable( bundle.first ) && !bundle.second.isNull() )
{
return QStringList() << QString( bundle.first.toPem() ) << QString( bundle.second.toPem() );
}
@ -2719,7 +2719,7 @@ const QList<QSslCertificate> QgsAuthManager::trustedCaCerts( bool includeinvalid
}
else if ( defaultpolicy == QgsAuthCertUtils::Trusted && !untrustedids.contains( certid ) )
{
if ( !includeinvalid && !cert.isValid() )
if ( !includeinvalid && !QgsAuthCertUtils::certIsViable( cert ) )
continue;
trustedcerts.append( cert );
}

4
src/gui/auth/qgsauthcertificateinfo.cpp
View File

@ -295,7 +295,7 @@ void QgsAuthCertInfo::updateCurrentCertInfo( int chainindx )
mCurrentTrustPolicy = trustpolicy;
cmbbxTrust->setTrustPolicy( trustpolicy );
if ( !mCurrentQCert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( mCurrentQCert ) )
{
cmbbxTrust->setDefaultTrustPolicy( QgsAuthCertUtils::Untrusted );
}
@ -880,7 +880,7 @@ void QgsAuthCertInfo::decorateCertTreeItem( const QSslCertificate &cert,
return;
}
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
return;

2
src/gui/auth/qgsauthidentitieseditor.cpp
View File

@ -205,7 +205,7 @@ void QgsAuthIdentitiesEditor::appendIdentitiesToItem( const QList<QSslCertificat
QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )identype ) );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setForeground( 2, redb );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );

2
src/gui/auth/qgsauthimportcertdialog.cpp
View File

@ -170,7 +170,7 @@ void QgsAuthImportCertDialog::validateCertificates()
Q_FOREACH ( const QSslCertificate &cert, certs )
{
if ( cert.isValid() )
if ( QgsAuthCertUtils::certIsViable( cert ) )
++validcerts;
if ( filterCAs )

5
src/gui/auth/qgsauthimportidentitydialog.cpp
View File

@ -277,12 +277,13 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
ca_certs = certs;
}
isvalid = clientcert.isValid();
isvalid = QgsAuthCertUtils::certIsViable( clientcert );
QDateTime startdate( clientcert.effectiveDate() );
QDateTime enddate( clientcert.expiryDate() );
writeValidation( tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
( isvalid ? Valid : Invalid ) );
( QgsAuthCertUtils::certIsCurrent( clientcert ) ? Valid : Invalid ) );
//TODO: set enabled on cert info button, relative to cert validity
// check for valid private key and that any supplied password works

3
src/gui/auth/qgsauthserverseditor.cpp
View File

@ -24,6 +24,7 @@
#include "qgssettings.h"
#include "qgsapplication.h"
#include "qgsauthcertificateinfo.h"
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgsauthguiutils.h"
#include "qgslogger.h"
@ -206,7 +207,7 @@ void QgsAuthServersEditor::appendSslConfigsToItem( const QList<QgsAuthConfigSslS
QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )conftype ) );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setForeground( 2, redb );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );

3
src/gui/auth/qgsauthtrustedcasdialog.cpp
View File

@ -22,6 +22,7 @@
#include "qgssettings.h"
#include "qgsapplication.h"
#include "qgsauthcertificateinfo.h"
#include "qgsauthcertutils.h"
#include "qgsauthguiutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
@ -196,7 +197,7 @@ void QgsAuthTrustedCAsDialog::appendCertsToItem( const QList<QSslCertificate> &c
QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )catype ) );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setForeground( 2, redb );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );