QGIS API Documentation  2.14.0-Essen
qgsauthauthoritieseditor.cpp
Go to the documentation of this file.
1 /***************************************************************************
2  qgsauthauthoritieseditor.cpp
3  ---------------------
4  begin : April 26, 2015
5  copyright : (C) 2015 by Boundless Spatial, Inc. USA
6  author : Larry Shaffer
7  email : lshaffer at boundlessgeo dot com
8  ***************************************************************************
9  * *
10  * This program is free software; you can redistribute it and/or modify *
11  * it under the terms of the GNU General Public License as published by *
12  * the Free Software Foundation; either version 2 of the License, or *
13  * (at your option) any later version. *
14  * *
15  ***************************************************************************/
16 
18 #include "ui_qgsauthauthoritieseditor.h"
19 
20 #include <QAction>
21 #include <QComboBox>
22 #include <QDateTime>
23 #include <QDir>
24 #include <QFileDialog>
25 #include <QFileInfo>
26 #include <QMenu>
27 #include <QMessageBox>
28 #include <QPair>
29 #include <QPushButton>
30 #include <QSettings>
31 #include <QSslConfiguration>
32 
33 #include "qgsapplication.h"
34 #include "qgsauthcertificateinfo.h"
35 #include "qgsauthcertutils.h"
36 #include "qgsauthguiutils.h"
38 #include "qgsauthmanager.h"
40 #include "qgslogger.h"
41 
43  : QWidget( parent )
44  , mAuthNotifyLayout( nullptr )
45  , mAuthNotify( nullptr )
46  , mRootCaSecItem( nullptr )
47  , mFileCaSecItem( nullptr )
48  , mDbCaSecItem( nullptr )
49  , mDefaultTrustPolicy( QgsAuthCertUtils::DefaultTrust )
50  , mUtilitiesMenu( nullptr )
51  , mDisabled( false )
52  , mActionDefaultTrustPolicy( nullptr )
53  , mActionShowTrustedCAs( nullptr )
54 {
55  if ( QgsAuthManager::instance()->isDisabled() )
56  {
57  mDisabled = true;
58  mAuthNotifyLayout = new QVBoxLayout;
59  this->setLayout( mAuthNotifyLayout );
60  mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
61  mAuthNotifyLayout->addWidget( mAuthNotify );
62  }
63  else
64  {
65  setupUi( this );
66 
67  connect( QgsAuthManager::instance(), SIGNAL( messageOut( const QString&, const QString&, QgsAuthManager::MessageLevel ) ),
68  this, SLOT( authMessageOut( const QString&, const QString&, QgsAuthManager::MessageLevel ) ) );
69 
70  connect( QgsAuthManager::instance(), SIGNAL( authDatabaseChanged() ),
71  this, SLOT( refreshCaCertsView() ) );
72 
73  setupCaCertsTree();
74 
75  connect( treeWidgetCAs->selectionModel(), SIGNAL( selectionChanged( const QItemSelection&, const QItemSelection& ) ),
76  this, SLOT( selectionChanged( const QItemSelection&, const QItemSelection& ) ) );
77 
78  connect( treeWidgetCAs, SIGNAL( itemDoubleClicked( QTreeWidgetItem *, int ) ),
79  this, SLOT( handleDoubleClick( QTreeWidgetItem *, int ) ) );
80 
81  connect( btnViewRefresh, SIGNAL( clicked() ), this, SLOT( refreshCaCertsView() ) );
82 
83  QVariant cafileval = QgsAuthManager::instance()->getAuthSetting( QString( "cafile" ) );
84  if ( !cafileval.isNull() )
85  {
86  leCaFile->setText( cafileval.toString() );
87  }
88 
89  btnGroupByOrg->setChecked( false );
90  QVariant sortbyval = QgsAuthManager::instance()->getAuthSetting( QString( "casortby" ), QVariant( false ) );
91  if ( !sortbyval.isNull() )
92  btnGroupByOrg->setChecked( sortbyval.toBool() );
93 
94  mDefaultTrustPolicy = QgsAuthManager::instance()->defaultCertTrustPolicy();
95  populateCaCertsView();
96  checkSelection();
97 
98  populateUtilitiesMenu();
99  }
100 }
101 
103 {
104 }
105 
106 static void setItemBold_( QTreeWidgetItem* item )
107 {
108  item->setFirstColumnSpanned( true );
109  QFont secf( item->font( 0 ) );
110  secf.setBold( true );
111  item->setFont( 0, secf );
112 }
113 
114 void QgsAuthAuthoritiesEditor::setupCaCertsTree()
115 {
116  treeWidgetCAs->setColumnCount( 4 );
117  treeWidgetCAs->setHeaderLabels(
118  QStringList() << tr( "Common Name" )
119  << tr( "Serial #" )
120  << tr( "Expiry Date" )
121  << tr( "Trust Policy" ) );
122  treeWidgetCAs->setColumnWidth( 0, 300 );
123  treeWidgetCAs->setColumnWidth( 1, 75 );
124  treeWidgetCAs->setColumnWidth( 2, 200 );
125 
126  // add root sections
127  mDbCaSecItem = new QTreeWidgetItem(
128  treeWidgetCAs,
130  ( int )QgsAuthAuthoritiesEditor::Section );
131  setItemBold_( mDbCaSecItem );
132  mDbCaSecItem->setFlags( Qt::ItemIsEnabled );
133  mDbCaSecItem->setExpanded( true );
134  treeWidgetCAs->insertTopLevelItem( 0, mDbCaSecItem );
135 
136  mFileCaSecItem = new QTreeWidgetItem(
137  treeWidgetCAs,
139  ( int )QgsAuthAuthoritiesEditor::Section );
140  setItemBold_( mFileCaSecItem );
141  mFileCaSecItem->setFlags( Qt::ItemIsEnabled );
142  mFileCaSecItem->setExpanded( true );
143  treeWidgetCAs->insertTopLevelItem( 0, mFileCaSecItem );
144 
145  mRootCaSecItem = new QTreeWidgetItem(
146  treeWidgetCAs,
148  ( int )QgsAuthAuthoritiesEditor::Section );
149  setItemBold_( mRootCaSecItem );
150  mRootCaSecItem->setFlags( Qt::ItemIsEnabled );
151  mRootCaSecItem->setExpanded( false );
152  treeWidgetCAs->insertTopLevelItem( 0, mRootCaSecItem );
153 }
154 
155 void QgsAuthAuthoritiesEditor::populateCaCertsView()
156 {
157  updateCertTrustPolicyCache();
158  populateDatabaseCaCerts();
159  populateFileCaCerts();
160  populateRootCaCerts();
161 }
162 
163 void QgsAuthAuthoritiesEditor::refreshCaCertsView()
164 {
165 // QgsAuthManager::instance()->rebuildCaCertsCache();
166  populateCaCertsView();
167 }
168 
169 static void removeChildren_( QTreeWidgetItem* item )
170 {
171  Q_FOREACH ( QTreeWidgetItem* child, item->takeChildren() )
172  {
173  delete child;
174  }
175 }
176 
177 void QgsAuthAuthoritiesEditor::populateDatabaseCaCerts()
178 {
179  removeChildren_( mDbCaSecItem );
180 
181  bool expanded = mDbCaSecItem->isExpanded();
182  populateCaCertsSection( mDbCaSecItem,
183  QgsAuthManager::instance()->getDatabaseCAs(),
184  QgsAuthAuthoritiesEditor::DbCaCert );
185  mDbCaSecItem->setExpanded( expanded );
186 }
187 
188 void QgsAuthAuthoritiesEditor::populateFileCaCerts()
189 {
190  removeChildren_( mFileCaSecItem );
191 
192  bool expanded = mFileCaSecItem->isExpanded();
193  populateCaCertsSection( mFileCaSecItem,
194  QgsAuthManager::instance()->getExtraFileCAs(),
195  QgsAuthAuthoritiesEditor::FileCaCert );
196  mFileCaSecItem->setExpanded( expanded );
197 }
198 
199 void QgsAuthAuthoritiesEditor::populateRootCaCerts()
200 {
201  removeChildren_( mRootCaSecItem );
202 
203  bool expanded = mRootCaSecItem->isExpanded();
204  populateCaCertsSection( mRootCaSecItem,
205  QgsAuthManager::instance()->getSystemRootCAs(),
206  QgsAuthAuthoritiesEditor::RootCaCert );
207  mRootCaSecItem->setExpanded( expanded );
208 }
209 
210 void QgsAuthAuthoritiesEditor::populateCaCertsSection( QTreeWidgetItem* item, const QList<QSslCertificate>& certs,
211  QgsAuthAuthoritiesEditor::CaType catype )
212 {
213  if ( btnGroupByOrg->isChecked() )
214  {
215  appendCertsToGroup( certs, catype, item );
216  }
217  else
218  {
219  appendCertsToItem( certs, catype, item );
220  }
221 }
222 
223 void QgsAuthAuthoritiesEditor::appendCertsToGroup( const QList<QSslCertificate>& certs,
224  QgsAuthAuthoritiesEditor::CaType catype,
226 {
227  if ( certs.size() < 1 )
228  return;
229 
230  if ( !parent )
231  {
232  parent = treeWidgetCAs->currentItem();
233  }
234 
235  // TODO: find all organizational name, sort and make subsections
238 
239  QMap< QString, QList<QSslCertificate> >::const_iterator it = orgcerts.constBegin();
240  for ( ; it != orgcerts.constEnd(); ++it )
241  {
242  QTreeWidgetItem * grpitem( new QTreeWidgetItem( parent,
243  QStringList() << it.key(),
244  ( int )QgsAuthAuthoritiesEditor::OrgName ) );
245  grpitem->setFirstColumnSpanned( true );
246  grpitem->setFlags( Qt::ItemIsEnabled );
247  grpitem->setExpanded( true );
248 
249  QBrush orgb( grpitem->foreground( 0 ) );
250  orgb.setColor( QColor::fromRgb( 90, 90, 90 ) );
251  grpitem->setForeground( 0, orgb );
252  QFont grpf( grpitem->font( 0 ) );
253  grpf.setItalic( true );
254  grpitem->setFont( 0, grpf );
255 
256  appendCertsToItem( it.value(), catype, grpitem );
257  }
258 
259  parent->sortChildren( 0, Qt::AscendingOrder );
260 }
261 
262 void QgsAuthAuthoritiesEditor::appendCertsToItem( const QList<QSslCertificate>& certs,
263  QgsAuthAuthoritiesEditor::CaType catype,
264  QTreeWidgetItem *parent )
265 {
266  if ( certs.size() < 1 )
267  return;
268 
269  if ( !parent )
270  {
271  parent = treeWidgetCAs->currentItem();
272  }
273 
276 
277  QStringList trustedids = mCertTrustCache.value( QgsAuthCertUtils::Trusted );
278  QStringList untrustedids = mCertTrustCache.value( QgsAuthCertUtils::Untrusted );
279 
280  // Columns: Common Name, Serial #, Expiry Date
281  Q_FOREACH ( const QSslCertificate& cert, certs )
282  {
284 
285  QStringList coltxts;
286  coltxts << QgsAuthCertUtils::resolvedCertName( cert );
287  coltxts << QString( cert.serialNumber() );
288  coltxts << cert.expiryDate().toString();
289 
290  // trust policy
291  QString policy( QgsAuthCertUtils::getCertTrustName( mDefaultTrustPolicy ) );
292  if ( trustedids.contains( id ) )
293  {
295  }
296  else if ( untrustedids.contains( id ) || !cert.isValid() )
297  {
299  }
300  coltxts << policy;
301 
302  QTreeWidgetItem * item( new QTreeWidgetItem( parent, coltxts, ( int )catype ) );
303 
304  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificate.svg" ) );
305  if ( !cert.isValid() )
306  {
307  item->setForeground( 2, redb );
308  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateUntrusted.svg" ) );
309  }
310 
311  if ( trustedids.contains( id ) )
312  {
313  item->setForeground( 3, greenb );
314  if ( cert.isValid() )
315  {
316  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateTrusted.svg" ) );
317  }
318  }
319  else if ( untrustedids.contains( id ) )
320  {
321  item->setForeground( 3, redb );
322  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateUntrusted.svg" ) );
323  }
324  else if ( mDefaultTrustPolicy == QgsAuthCertUtils::Untrusted )
325  {
326  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateUntrusted.svg" ) );
327  }
328 
329  item->setData( 0, Qt::UserRole, id );
330  }
331 
332  parent->sortChildren( 0, Qt::AscendingOrder );
333 }
334 
335 void QgsAuthAuthoritiesEditor::updateCertTrustPolicyCache()
336 {
337  mCertTrustCache = QgsAuthManager::instance()->getCertTrustCache();
338 }
339 
340 void QgsAuthAuthoritiesEditor::populateUtilitiesMenu()
341 {
342  mActionDefaultTrustPolicy = new QAction( "Change default trust policy", this );
343  connect( mActionDefaultTrustPolicy, SIGNAL( triggered() ), this, SLOT( editDefaultTrustPolicy() ) );
344 
345  mActionShowTrustedCAs = new QAction( "Show trusted authorities/issuers", this );
346  connect( mActionShowTrustedCAs, SIGNAL( triggered() ), this, SLOT( showTrustedCertificateAuthorities() ) );
347 
348  mUtilitiesMenu = new QMenu( this );
349  mUtilitiesMenu->addAction( mActionDefaultTrustPolicy );
350  mUtilitiesMenu->addSeparator();
351  mUtilitiesMenu->addAction( mActionShowTrustedCAs );
352 
353  btnUtilities->setMenu( mUtilitiesMenu );
354 }
355 
356 void QgsAuthAuthoritiesEditor::showCertInfo( QTreeWidgetItem *item )
357 {
358  if ( !item )
359  return;
360 
361  QString digest( item->data( 0, Qt::UserRole ).toString() );
362 
364  QgsAuthManager::instance()->getCaCertsCache() );
365 
366  if ( !cacertscache.contains( digest ) )
367  {
368  QgsDebugMsg( "Certificate Authority not in CA certs cache" );
369  return;
370  }
371 
372  QSslCertificate cert( cacertscache.value( digest ).second );
373 
374  QgsAuthCertInfoDialog * dlg = new QgsAuthCertInfoDialog( cert, true, this );
375  dlg->setWindowModality( Qt::WindowModal );
376  dlg->resize( 675, 500 );
377  dlg->exec();
378  if ( dlg->trustCacheRebuilt() )
379  {
380  // QgsAuthManager::instance()->rebuildTrustedCaCertsCache() already called in dlg
381  populateCaCertsView();
382  }
383  dlg->deleteLater();
384 }
385 
386 void QgsAuthAuthoritiesEditor::selectionChanged( const QItemSelection& selected , const QItemSelection& deselected )
387 {
388  Q_UNUSED( selected );
389  Q_UNUSED( deselected );
390  checkSelection();
391 }
392 
393 void QgsAuthAuthoritiesEditor::checkSelection()
394 {
395  bool iscert = false;
396  bool isdbcert = false;
397  if ( treeWidgetCAs->selectionModel()->selection().length() > 0 )
398  {
399  QTreeWidgetItem* item( treeWidgetCAs->currentItem() );
400 
401  switch (( QgsAuthAuthoritiesEditor::CaType )item->type() )
402  {
403  case QgsAuthAuthoritiesEditor::RootCaCert:
404  iscert = true;
405  break;
406  case QgsAuthAuthoritiesEditor::FileCaCert:
407  iscert = true;
408  break;
409  case QgsAuthAuthoritiesEditor::DbCaCert:
410  iscert = true;
411  isdbcert = true;
412  break;
413  default:
414  break;
415  }
416  }
417 
418  btnRemoveCa->setEnabled( isdbcert );
419  btnInfoCa->setEnabled( iscert );
420 }
421 
422 void QgsAuthAuthoritiesEditor::handleDoubleClick( QTreeWidgetItem *item, int col )
423 {
424  Q_UNUSED( col );
425  bool iscert = true;
426 
427  switch (( QgsAuthAuthoritiesEditor::CaType )item->type() )
428  {
429  case QgsAuthAuthoritiesEditor::Section:
430  iscert = false;
431  break;
432  case QgsAuthAuthoritiesEditor::OrgName:
433  iscert = false;
434  break;
435  default:
436  break;
437  }
438 
439  if ( iscert )
440  {
441  showCertInfo( item );
442  }
443 }
444 
445 void QgsAuthAuthoritiesEditor::on_btnAddCa_clicked()
446 {
448  dlg->setWindowModality( Qt::WindowModal );
449  dlg->resize( 400, 450 );
450  if ( dlg->exec() )
451  {
452  const QList<QSslCertificate>& certs( dlg->certificatesToImport() );
454  {
455  messageBar()->pushMessage( tr( "ERROR storing CA(s) in authentication database" ),
457  }
458 
460 
462  {
463  Q_FOREACH ( const QSslCertificate& cert, certs )
464  {
465  if ( !QgsAuthManager::instance()->storeCertTrustPolicy( cert, dlg->certTrustPolicy() ) )
466  {
467  authMessageOut( QObject::tr( "Could not set trust policy for imported certificates" ),
468  QObject::tr( "Authorities Manager" ),
470  }
471  }
473  updateCertTrustPolicyCache();
474  }
475 
477  populateDatabaseCaCerts();
478  mDbCaSecItem->setExpanded( true );
479  }
480  dlg->deleteLater();
481 }
482 
483 void QgsAuthAuthoritiesEditor::on_btnRemoveCa_clicked()
484 {
485  QTreeWidgetItem* item( treeWidgetCAs->currentItem() );
486 
487  if ( !item )
488  {
489  QgsDebugMsg( "Current tree widget item not set" );
490  return;
491  }
492 
493  QString digest( item->data( 0, Qt::UserRole ).toString() );
494 
495  if ( digest.isEmpty() )
496  {
497  messageBar()->pushMessage( tr( "Certificate id missing" ),
499  return;
500  }
501 
502  QMap<QString, QSslCertificate> mappedcerts(
503  QgsAuthManager::instance()->getMappedDatabaseCAs() );
504 
505  if ( !mappedcerts.contains( digest ) )
506  {
507  QgsDebugMsg( "Certificate Authority not in mapped database CAs" );
508  return;
509  }
510 
512  this, tr( "Remove Certificate Authority" ),
513  tr( "Are you sure you want to remove the selected "
514  "Certificate Authority from the database?\n\n"
515  "Operation can NOT be undone!" ),
516  QMessageBox::Ok | QMessageBox::Cancel,
517  QMessageBox::Cancel ) == QMessageBox::Cancel )
518  {
519  return;
520  }
521 
522  QSslCertificate cert( mappedcerts.value( digest ) );
523 
524  if ( cert.isNull() )
525  {
526  messageBar()->pushMessage( tr( "Certificate could not found in database for id %1:" ).arg( digest ),
528  return;
529  }
530 
531  if ( !QgsAuthManager::instance()->removeCertAuthority( cert ) )
532  {
533  messageBar()->pushMessage( tr( "ERROR removing CA from authentication database for id %1:" ).arg( digest ),
535  return;
536  }
537 
538  if ( !QgsAuthManager::instance()->removeCertTrustPolicy( cert ) )
539  {
540  messageBar()->pushMessage( tr( "ERROR removing cert trust policy from authentication database for id %1:" ).arg( digest ),
542  return;
543  }
544 
547  updateCertTrustPolicyCache();
548 
549  item->parent()->removeChild( item );
550  delete item;
551 
552 // populateDatabaseCaCerts();
553  mDbCaSecItem->setExpanded( true );
554 }
555 
556 void QgsAuthAuthoritiesEditor::on_btnInfoCa_clicked()
557 {
558  if ( treeWidgetCAs->selectionModel()->selection().length() > 0 )
559  {
560  QTreeWidgetItem* item( treeWidgetCAs->currentItem() );
561  handleDoubleClick( item, 0 );
562  }
563 }
564 
565 void QgsAuthAuthoritiesEditor::on_btnGroupByOrg_toggled( bool checked )
566 {
567  if ( !QgsAuthManager::instance()->storeAuthSetting( QString( "casortby" ), QVariant( checked ) ) )
568  {
569  authMessageOut( QObject::tr( "Could not store sort by preference" ),
570  QObject::tr( "Authorities Manager" ),
572  }
573  populateCaCertsView();
574 }
575 
576 void QgsAuthAuthoritiesEditor::editDefaultTrustPolicy()
577 {
578  QDialog * dlg = new QDialog( this );
579  dlg->setWindowTitle( tr( "Default Trust Policy" ) );
580  QVBoxLayout *layout = new QVBoxLayout( dlg );
581 
582  QHBoxLayout *hlayout = new QHBoxLayout();
583 
584  QLabel * lblwarn = new QLabel( dlg );
586  lblwarn->setPixmap( style->standardIcon( QStyle::SP_MessageBoxWarning ).pixmap( 48, 48 ) );
587  lblwarn->setSizePolicy( QSizePolicy::Fixed, QSizePolicy::Fixed );
588  hlayout->addWidget( lblwarn );
589 
590  QLabel *lbltxt = new QLabel( dlg );
591  lbltxt->setText( tr( "Changing the default certificate authority trust policy to 'Untrusted' "
592  "can cause unexpected SSL network connection results." ) );
593  lbltxt->setWordWrap( true );
594  hlayout->addWidget( lbltxt );
595 
596  layout->addLayout( hlayout );
597 
598  QHBoxLayout *hlayout2 = new QHBoxLayout();
599 
600  QLabel *lblpolicy = new QLabel( tr( "Default policy" ), dlg );
601  lblpolicy->setSizePolicy( QSizePolicy::Maximum, QSizePolicy::Preferred );
602  hlayout2->addWidget( lblpolicy );
603 
604  QComboBox *cmbpolicy = new QComboBox( dlg );
606  policies << qMakePair( QgsAuthCertUtils::Trusted,
608  << qMakePair( QgsAuthCertUtils::Untrusted,
610 
611  for ( int i = 0; i < policies.size(); i++ )
612  {
613  cmbpolicy->addItem( policies.at( i ).second, QVariant(( int )policies.at( i ).first ) );
614  }
615 
616  int idx = cmbpolicy->findData( QVariant(( int )mDefaultTrustPolicy ) );
617  cmbpolicy->setCurrentIndex( idx == -1 ? 0 : idx );
618  hlayout2->addWidget( cmbpolicy );
619 
620  layout->addLayout( hlayout2 );
621 
622  QDialogButtonBox *buttonBox = new QDialogButtonBox( QDialogButtonBox::Close | QDialogButtonBox::Ok,
623  Qt::Horizontal, dlg );
624  buttonBox->button( QDialogButtonBox::Close )->setDefault( true );
625 
626  layout->addWidget( buttonBox );
627 
628  connect( buttonBox, SIGNAL( accepted() ), dlg, SLOT( accept() ) );
629  connect( buttonBox, SIGNAL( rejected() ), dlg, SLOT( close() ) );
630 
631  dlg->setLayout( layout );
632  dlg->setWindowModality( Qt::WindowModal );
633  dlg->resize( 400, 200 );
634  dlg->setMinimumSize( 400, 200 );
635  dlg->setMaximumSize( 500, 300 );
636  if ( dlg->exec() )
637  {
639  ( QgsAuthCertUtils::CertTrustPolicy )cmbpolicy->itemData( cmbpolicy->currentIndex() ).toInt() );
640  if ( mDefaultTrustPolicy != trustpolicy )
641  {
642  defaultTrustPolicyChanged( trustpolicy );
643  }
644  }
645  dlg->deleteLater();
646 }
647 
648 void QgsAuthAuthoritiesEditor::defaultTrustPolicyChanged( QgsAuthCertUtils::CertTrustPolicy trustpolicy )
649 {
650  if ( !QgsAuthManager::instance()->setDefaultCertTrustPolicy( trustpolicy ) )
651  {
652  authMessageOut( QObject::tr( "Could not store default trust policy" ),
653  QObject::tr( "Authorities Manager" ),
655  }
656  mDefaultTrustPolicy = trustpolicy;
659  populateCaCertsView();
660 }
661 
662 void QgsAuthAuthoritiesEditor::on_btnCaFile_clicked()
663 {
667  dlg->setWindowModality( Qt::WindowModal );
668  dlg->resize( 400, 250 );
669  if ( dlg->exec() )
670  {
671  // clear out any currently defined file certs and their trust settings
672  if ( !leCaFile->text().isEmpty() )
673  {
674  on_btnCaFileClear_clicked();
675  }
676 
677  const QString& fn = dlg->certFileToImport();
678  leCaFile->setText( fn );
679 
680  if ( !QgsAuthManager::instance()->storeAuthSetting( QString( "cafile" ), QVariant( fn ) ) )
681  {
682  authMessageOut( QObject::tr( "Could not store 'CA file path' in authentication database" ),
683  QObject::tr( "Authorities Manager" ),
685  }
686  if ( !QgsAuthManager::instance()->storeAuthSetting( QString( "cafileallowinvalid" ),
687  QVariant( dlg->allowInvalidCerts() ) ) )
688  {
689  authMessageOut( QObject::tr( "Could not store 'CA file allow invalids' setting in authentication database" ),
690  QObject::tr( "Authorities Manager" ),
692  }
693 
695 
697  {
698  QList<QSslCertificate> certs( QgsAuthManager::instance()->getExtraFileCAs() );
699  Q_FOREACH ( const QSslCertificate& cert, certs )
700  {
701  if ( !QgsAuthManager::instance()->storeCertTrustPolicy( cert, dlg->certTrustPolicy() ) )
702  {
703  authMessageOut( QObject::tr( "Could not set trust policy for imported certificates" ),
704  QObject::tr( "Authorities Manager" ),
706  }
707  }
709  updateCertTrustPolicyCache();
710  }
711 
713 
714  populateFileCaCerts();
715  mFileCaSecItem->setExpanded( true );
716  }
717  dlg->deleteLater();
718 }
719 
720 void QgsAuthAuthoritiesEditor::on_btnCaFileClear_clicked()
721 {
722  if ( !QgsAuthManager::instance()->removeAuthSetting( QString( "cafile" ) ) )
723  {
724  authMessageOut( QObject::tr( "Could not remove 'CA file path' from authentication database" ),
725  QObject::tr( "Authorities Manager" ),
727  return;
728  }
729  if ( !QgsAuthManager::instance()->removeAuthSetting( QString( "cafileallowinvalid" ) ) )
730  {
731  authMessageOut( QObject::tr( "Could not remove 'CA file allow invalids' setting from authentication database" ),
732  QObject::tr( "Authorities Manager" ),
734  return;
735  }
736 
738 
739  QString fn( leCaFile->text() );
740  if ( QFile::exists( fn ) )
741  {
743 
744  if ( !certs.isEmpty() )
745  {
747  {
748  messageBar()->pushMessage( tr( "ERROR removing cert(s) trust policy from authentication database" ),
750  return;
751  }
753  updateCertTrustPolicyCache();
754  }
755  }
756 
758 
759  leCaFile->clear();
760  populateFileCaCerts();
761 }
762 
763 void QgsAuthAuthoritiesEditor::showTrustedCertificateAuthorities()
764 {
766  dlg->setWindowModality( Qt::WindowModal );
767  dlg->resize( 675, 500 );
768  dlg->exec();
769  dlg->deleteLater();
770 }
771 
772 void QgsAuthAuthoritiesEditor::authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level )
773 {
774  int levelint = ( int )level;
775  messageBar()->pushMessage( authtag, message, ( QgsMessageBar::MessageLevel )levelint, 7 );
776 }
777 
779 {
780  if ( !mDisabled )
781  {
782  treeWidgetCAs->setFocus();
783  }
784  QWidget::showEvent( e );
785 }
786 
787 QgsMessageBar * QgsAuthAuthoritiesEditor::messageBar()
788 {
789  return msgBar;
790 }
791 
792 int QgsAuthAuthoritiesEditor::messageTimeout()
793 {
794  QSettings settings;
795  return settings.value( "/qgis/messageTimeout", 5 ).toInt();
796 }
QLayout * layout() const
QObject * child(const char *objName, const char *inheritsClass, bool recursiveSearch) const
bool rebuildTrustedCaCertsCache()
Rebuild trusted certificate authorities cache.
void pushMessage(const QString &text, MessageLevel level=INFO, int duration=0)
convenience method for pushing a message to the bar
Definition: qgsmessagebar.h:90
QString toString(Qt::DateFormat format) const
bool close()
void setupUi(QWidget *widget)
bool contains(const Key &key) const
static QgsAuthManager * instance()
Enforce singleton pattern.
bool isValid() const
void setWindowModality(Qt::WindowModality windowModality)
#define QgsDebugMsg(str)
Definition: qgslogger.h:33
void setFont(int column, const QFont &font)
QStyle * style() const
static QIcon getThemeIcon(const QString &theName)
Helper to get a theme icon.
void setPixmap(const QPixmap &)
const_iterator constBegin() const
static void setItemBold_(QTreeWidgetItem *item)
const T & at(int i) const
static QList< QSslCertificate > certsFromFile(const QString &certspath)
Return list of concatenated certs from a PEM or DER formatted file.
void addAction(QAction *action)
bool contains(const QString &str, Qt::CaseSensitivity cs) const
void setIcon(int column, const QIcon &icon)
A bar for displaying non-blocking messages to the user.
Definition: qgsmessagebar.h:42
int exec()
void setFirstColumnSpanned(bool span)
virtual void setData(int column, int role, const QVariant &value)
bool exists() const
bool allowInvalidCerts()
Whether to allow importation of invalid certificates (so trust policy can be overridden) ...
const QString certFileToImport()
Get the file path to a certificate to import.
virtual QVariant data(int column, int role) const
bool isExpanded() const
QString tr(const char *sourceText, const char *disambiguation, int n)
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
bool rebuildCaCertsCache()
Rebuild certificate authority cache.
Utilities for working with certificates and keys.
void showEvent(QShowEvent *e) override
Overridden show event of base widget.
QPixmap pixmap(const QSize &size, Mode mode, State state) const
int size() const
QVariant getAuthSetting(const QString &key, const QVariant &defaultValue=QVariant(), bool decrypt=false)
Get an authentication setting (retrieved as string and returned as QVariant( QString )) ...
void addItem(const QString &text, const QVariant &userData)
void sortChildren(int column, Qt::SortOrder order)
void setBold(bool enable)
void resize(int w, int h)
void setMinimumSize(const QSize &)
void setFlags(QFlags< Qt::ItemFlag > flags)
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy()
Defined trust policy for imported certificates.
QColor fromRgb(QRgb rgb)
void addWidget(QWidget *widget, int stretch, QFlags< Qt::AlignmentFlag > alignment)
virtual void showEvent(QShowEvent *event)
static QColor redColor()
Red color representing invalid, untrusted, etc.
Dialog wrapper for widget displaying detailed info on a certificate and its hierarchical trust chain...
void setLayout(QLayout *layout)
void removeChild(QTreeWidgetItem *child)
static QColor greenColor()
Green color representing valid, trusted, etc.
int toInt(bool *ok) const
bool isNull() const
QList< QTreeWidgetItem * > takeChildren()
bool isEmpty() const
const_iterator constEnd() const
QFont font(int column) const
bool removeCertTrustPolicies(const QList< QSslCertificate > &certs)
Remove a group certificate authorities.
void deleteLater()
void setText(const QString &)
QAction * addSeparator()
QgsAuthAuthoritiesEditor(QWidget *parent=nullptr)
Widget for viewing and editing certificate authorities directly in database.
void setSizePolicy(QSizePolicy)
Widget for importing a certificate into the authentication database.
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > getCertTrustCache()
Get cache of certificate sha1s, per trust policy.
QVariant itemData(int index, int role) const
QIcon standardIcon(StandardPixmap standardIcon, const QStyleOption *option, const QWidget *widget) const
QTreeWidgetItem * parent() const
bool storeCertAuthorities(const QList< QSslCertificate > &certs)
Store multiple certificate authorities.
const QList< QSslCertificate > certificatesToImport()
Get list of certificate objects to import.
void setItalic(bool enable)
void setMaximumSize(const QSize &)
const Key key(const T &value) const
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Get the sha1 hash for certificate.
QVariant value(const QString &key, const QVariant &defaultValue) const
QByteArray serialNumber() const
void setExpanded(bool expand)
QDateTime expiryDate() const
int findData(const QVariant &data, int role, QFlags< Qt::MatchFlag > flags) const
QStyle * style()
void setWindowTitle(const QString &)
static void removeChildren_(QTreeWidgetItem *item)
void setCurrentIndex(int index)
bool toBool() const
QPushButton * button(StandardButton which) const
StandardButton warning(QWidget *parent, const QString &title, const QString &text, QFlags< QMessageBox::StandardButton > buttons, StandardButton defaultButton)
static QMap< QString, QList< QSslCertificate > > certsGroupedByOrg(const QList< QSslCertificate > &certs)
Map certificates to their oraganization.
int type() const
Widget for listing trusted Certificate (Intermediate) Authorities used in secure connections.
CertTrustPolicy
Type of certificate trust policy.
QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy()
Get the default certificate trust policy perferred by user.
bool connect(const QObject *sender, const char *signal, const QObject *receiver, const char *method, Qt::ConnectionType type)
QObject * parent() const
static QString getCertTrustName(QgsAuthCertUtils::CertTrustPolicy trust)
Get the general name for certificate trust.
void setColor(const QColor &color)
void setDefault(bool)
QString toString() const
static QString getCaSourceName(QgsAuthCertUtils::CaCertSource source, bool single=false)
Get the general name for CA source enum type.
static QString resolvedCertName(const QSslCertificate &cert, bool issuer=false)
Get the general name via RFC 5280 resolution.
void setForeground(int column, const QBrush &brush)
void setWordWrap(bool on)
void addLayout(QLayout *layout, int stretch)
const T value(const Key &key) const
bool rebuildCertTrustCache()
Rebuild certificate authority cache.