23 #include <QMutexLocker> 26 #include <QSqlDatabase> 29 #include <QTextStream> 37 #include <QSslConfiguration> 51 const QString QgsAuthManager::smAuthConfigTable =
"auth_configs";
52 const QString QgsAuthManager::smAuthPassTable =
"auth_pass";
53 const QString QgsAuthManager::smAuthSettingsTable =
"auth_settings";
54 const QString QgsAuthManager::smAuthIdentitiesTable =
"auth_identities";
55 const QString QgsAuthManager::smAuthServersTable =
"auth_servers";
56 const QString QgsAuthManager::smAuthAuthoritiesTable =
"auth_authorities";
57 const QString QgsAuthManager::smAuthTrustTable =
"auth_trust";
59 const QString QgsAuthManager::smAuthCfgRegex =
"authcfg=([a-z]|[A-Z]|[0-9]){7}";
77 QString connectionname =
"authentication.configs";
91 const char* err = QT_TR_NOOP(
"Opening of authentication db FAILED" );
107 mQcaInitializer =
new QCA::Initializer( QCA::Practical, 256 );
110 QCA::scanForPlugins();
112 QgsDebugMsg(
QString(
"QCA Plugin Diagnostics Context: %1" ).arg( QCA::pluginDiagnosticText() ) );
115 capabilities = QCA::supportedFeatures();
119 if ( !QCA::isSupported(
"cert",
"qca-ossl" ) )
121 mAuthDisabled =
true;
122 mAuthDisabledMessage =
tr(
"QCA's OpenSSL plugin (qca-ossl) is missing" );
126 QgsDebugMsg(
"Prioritizing qca-ossl over all other QCA providers..." );
127 QCA::ProviderList provds = QCA::providers();
129 Q_FOREACH ( QCA::Provider* p, provds )
135 pr = QCA::providerPriority( pn ) + 1;
137 QCA::setProviderPriority( pn, pr );
138 prlist <<
QString(
"%1:%2" ).
arg( pn ).
arg( QCA::providerPriority( pn ) );
151 mAuthDisabled =
true;
152 mAuthDisabledMessage =
tr(
"No authentication method plugins found" );
158 mAuthDisabled =
true;
159 mAuthDisabledMessage =
tr(
"No authentication method plugins could be loaded" );
170 if ( !dbdirinfo.exists() )
172 QgsDebugMsg(
QString(
"Auth db directory path does not exist, making path: %1" ).arg( dbdirinfo.filePath() ) );
173 if ( !
QDir().mkpath( dbdirinfo.filePath() ) )
175 const char* err = QT_TR_NOOP(
"Auth db directory path could not be created" );
184 if ( !dbinfo.
permission( QFile::ReadOwner | QFile::WriteOwner ) )
186 const char* err = QT_TR_NOOP(
"Auth db is not readable or writable by user" );
191 if ( dbinfo.
size() > 0 )
195 if ( !createCertTables() )
200 #ifndef QT_NO_OPENSSL 205 const char* passenv =
"QGIS_AUTH_PASSWORD_FILE";
208 QString passpath( getenv( passenv ) );
217 QFile passfile( passpath );
218 if ( passfile.
exists() && passfile.
open( QIODevice::ReadOnly | QIODevice::Text ) )
221 while ( !passin.
atEnd() )
232 QgsDebugMsg(
"Authentication master password set from QGIS_AUTH_PASSWORD_FILE" );
236 QgsDebugMsg(
"QGIS_AUTH_PASSWORD_FILE set, but FAILED to set password using: " + passpath );
242 QgsDebugMsg(
"QGIS_AUTH_PASSWORD_FILE set, but FAILED to read password from: " + passpath );
252 QgsDebugMsg(
"Auth db does not exist: creating through QSqlDatabase initial connection" );
254 if ( !createConfigTables() )
257 if ( !createCertTables() )
261 #ifndef QT_NO_OPENSSL 268 bool QgsAuthManager::createConfigTables()
273 const char* err = QT_TR_NOOP(
"Auth db could not be created and opened" );
284 qstr =
QString(
"CREATE TABLE %1 (\n" 285 " 'salt' TEXT NOT NULL,\n" 286 " 'civ' TEXT NOT NULL\n" 287 ", 'hash' TEXT NOT NULL);" ).
arg( authDbPassTable() );
289 if ( !authDbQuery( &query ) )
293 qstr =
QString(
"CREATE TABLE %1 (\n" 294 " 'id' TEXT NOT NULL,\n" 295 " 'name' TEXT NOT NULL,\n" 297 " 'type' TEXT NOT NULL,\n" 298 " 'version' INTEGER NOT NULL\n" 301 if ( !authDbQuery( &query ) )
307 if ( !authDbQuery( &query ) )
313 if ( !authDbQuery( &query ) )
320 bool QgsAuthManager::createCertTables()
330 qstr =
QString(
"CREATE TABLE IF NOT EXISTS %1 (\n" 331 " 'setting' TEXT NOT NULL\n" 332 ", 'value' TEXT);" ).
arg( authDbSettingsTable() );
334 if ( !authDbQuery( &query ) )
339 qstr =
QString(
"CREATE TABLE IF NOT EXISTS %1 (\n" 340 " 'id' TEXT NOT NULL,\n" 341 " 'key' TEXT NOT NULL\n" 342 ", 'cert' TEXT NOT NULL);" ).
arg( authDbIdentitiesTable() );
344 if ( !authDbQuery( &query ) )
348 qstr =
QString(
"CREATE UNIQUE INDEX IF NOT EXISTS 'id_index' on %1 (id ASC);" ).
arg( authDbIdentitiesTable() );
350 if ( !authDbQuery( &query ) )
355 qstr =
QString(
"CREATE TABLE IF NOT EXISTS %1 (\n" 356 " 'id' TEXT NOT NULL,\n" 357 " 'host' TEXT NOT NULL,\n" 361 if ( !authDbQuery( &query ) )
367 if ( !authDbQuery( &query ) )
372 qstr =
QString(
"CREATE TABLE IF NOT EXISTS %1 (\n" 373 " 'id' TEXT NOT NULL\n" 374 ", 'cert' TEXT NOT NULL);" ).
arg( authDbAuthoritiesTable() );
376 if ( !authDbQuery( &query ) )
380 qstr =
QString(
"CREATE UNIQUE INDEX IF NOT EXISTS 'id_index' on %1 (id ASC);" ).
arg( authDbAuthoritiesTable() );
382 if ( !authDbQuery( &query ) )
386 qstr =
QString(
"CREATE TABLE IF NOT EXISTS %1 (\n" 387 " 'id' TEXT NOT NULL\n" 388 ", 'policy' TEXT NOT NULL);" ).
arg( authDbTrustTable() );
390 if ( !authDbQuery( &query ) )
394 qstr =
QString(
"CREATE UNIQUE INDEX IF NOT EXISTS 'id_index' on %1 (id ASC);" ).
arg( authDbTrustTable() );
396 if ( !authDbQuery( &query ) )
407 QgsDebugMsg(
"Authentication system DISABLED: QCA's qca-ossl (OpenSSL) plugin is missing" );
409 return mAuthDisabled;
414 return tr(
"Authentication system is DISABLED:\n%1" ).
arg( mAuthDisabledMessage );
423 if ( mScheduledDbErase )
428 QgsDebugMsg(
"Master password is not yet set by user" );
429 if ( !masterPasswordInput() )
431 QgsDebugMsg(
"Master password input canceled by user" );
445 QgsDebugMsg(
"Master password is set and verified" );
455 if ( mScheduledDbErase )
463 mMasterPass = prevpass;
464 const char* err = QT_TR_NOOP(
"Master password set: FAILED to verify, reset to previous" );
470 QgsDebugMsg(
QString(
"Master password set: SUCCESS%1" ).arg( verify ?
" and verified" :
"" ) );
480 if ( !masterPasswordRowsInDb( &rows ) )
482 const char* err = QT_TR_NOOP(
"Master password: FAILED to access database" );
494 const char* err = QT_TR_NOOP(
"Master password: FAILED to find just one master password record in database" );
501 else if ( rows == 1 )
503 if ( !masterPasswordCheckAgainstDb( compare ) )
507 const char* err = QT_TR_NOOP(
"Master password: FAILED to verify against hash in database" );
516 if ( mPassTries >= 5 )
518 mAuthDisabled =
true;
519 const char* err = QT_TR_NOOP(
"Master password: failed 5 times authentication system DISABLED" );
527 QgsDebugMsg(
"Master password: verified against hash in database" );
532 else if ( compare.
isNull() )
534 if ( !masterPasswordStoreInDb() )
536 const char* err = QT_TR_NOOP(
"Master password: hash FAILED to be stored in database" );
545 QgsDebugMsg(
"Master password: hash stored in database" );
548 if ( !masterPasswordCheckAgainstDb() )
550 const char* err = QT_TR_NOOP(
"Master password: FAILED to verify against hash in database" );
560 QgsDebugMsg(
"Master password: verified against hash in database" );
575 return mMasterPass == pass;
579 bool keepbackup,
QString *backuppath )
593 QgsDebugMsg(
"Master password reset: backed up current database" );
606 if ( ok && !masterPasswordClearDb() )
609 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not clear current password from database" );
615 QgsDebugMsg(
"Master password reset: cleared current password from database" );
622 if ( ok && !masterPasswordStoreInDb() )
625 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not store new password in database" );
631 QgsDebugMsg(
"Master password reset: stored new password in database" );
638 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not verify new password in database" );
644 if ( ok && !reencryptAllAuthenticationConfigs( prevpass, prevciv ) )
647 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not re-encrypt configs in database" );
653 QgsDebugMsg(
"Master password reset: re-encrypted configs in database" );
657 if ( ok && !verifyPasswordCanDecryptConfigs() )
660 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not verify password can decrypt re-encrypted configs" );
665 if ( ok && !reencryptAllAuthenticationSettings( prevpass, prevciv ) )
668 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not re-encrypt settings in database" );
673 if ( ok && !reencryptAllAuthenticationIdentities( prevpass, prevciv ) )
676 const char* err = QT_TR_NOOP(
"Master password reset FAILED: could not re-encrypt identities in database" );
686 QString errdbbackup( dbbackup );
689 QgsDebugMsg(
QString(
"Master password reset FAILED: backed up failed db at %1" ).arg( errdbbackup ) );
693 mMasterPass = prevpass;
695 QgsDebugMsg(
"Master password reset FAILED: reinstated previous password and database" );
699 *backuppath = errdbbackup;
707 const char* err = QT_TR_NOOP(
"Master password reset: could not remove old database backup" );
715 QgsDebugMsg(
QString(
"Master password reset: backed up previous db at %1" ).arg( dbbackup ) );
717 *backuppath = dbbackup;
727 mScheduledDbErase = scheduleErase;
729 mScheduledDbEraseRequestEmitted =
false;
730 mScheduledDbEraseRequestCount = 0;
734 if ( !mScheduledDbEraseTimer )
736 mScheduledDbEraseTimer =
new QTimer(
this );
737 connect( mScheduledDbEraseTimer, SIGNAL( timeout() ),
this, SLOT( tryToStartDbErase() ) );
738 mScheduledDbEraseTimer->
start( mScheduledDbEraseRequestWait * 1000 );
740 else if ( !mScheduledDbEraseTimer->
isActive() )
742 mScheduledDbEraseTimer->
start();
747 if ( mScheduledDbEraseTimer && mScheduledDbEraseTimer->
isActive() )
748 mScheduledDbEraseTimer->
stop();
757 qDeleteAll( mAuthMethods );
758 mAuthMethods.
clear();
764 return !mAuthMethods.
isEmpty();
783 for (
int i = 0; i < len; i++ )
785 switch ( qrand() % 2 )
788 id += (
'0' + qrand() % 10 );
791 id += (
'a' + qrand() % 26 );
811 const char* err = QT_TR_NOOP(
"Config ID is empty" );
823 return rx.
indexIn( txt ) != -1;
842 if ( !authDbQuery( &query ) )
849 while ( query.
next() )
853 config.
setId( authcfg );
864 baseConfigs.insert( authcfg, config );
878 if ( !authDbQuery( &query ) )
885 QgsDebugMsg(
"Synching existing auth config and their auth methods" );
886 mConfigAuthMethods.
clear();
888 while ( query.
next() )
903 if ( !mConfigAuthMethods.
contains( authcfg ) )
905 QgsDebugMsg(
QString(
"No config auth method found in database for authcfg: %1" ).arg( authcfg ) );
909 QString authMethodKey = mConfigAuthMethods.
value( authcfg );
930 if ( !mAuthMethods.
contains( authMethodKey ) )
932 QgsDebugMsg(
QString(
"No auth method registered for auth method key: %1" ).arg( authMethodKey ) );
936 return mAuthMethods.
value( authMethodKey );
948 while ( i != mAuthMethods.
constEnd() )
951 && ( i.
value()->supportedDataProviders().contains(
"all" )
952 || i.
value()->supportedDataProviders().contains( dataprovider ) ) )
969 return QgsAuthMethod::Expansions(
nullptr );
976 return QgsAuthMethod::Expansions(
nullptr );
987 const char* err = QT_TR_NOOP(
"Store config: FAILED because config is invalid" );
994 bool passedinID = !uid.
isEmpty();
1001 const char* err = QT_TR_NOOP(
"Store config: FAILED because pre-defined config ID is not unique" );
1010 const char* err = QT_TR_NOOP(
"Store config: FAILED because config string is empty" );
1025 query.
prepare(
QString(
"INSERT INTO %1 (id, name, uri, type, version, config) " 1026 "VALUES (:id, :name, :uri, :type, :version, :config)" ).arg(
authDbConfigTable() ) );
1035 if ( !authDbStartTransaction() )
1038 if ( !authDbQuery( &query ) )
1041 if ( !authDbCommit() )
1046 mconfig.
setId( uid );
1061 if ( !config.
isValid(
true ) )
1063 const char* err = QT_TR_NOOP(
"Update config: FAILED because config is invalid" );
1072 const char* err = QT_TR_NOOP(
"Update config: FAILED because config is empty" );
1090 "SET name = :name, uri = :uri, type = :type, version = :version, config = :config " 1093 const char* err = QT_TR_NOOP(
"Update config: FAILED to prepare query" );
1106 if ( !authDbStartTransaction() )
1109 if ( !authDbQuery( &query ) )
1112 if ( !authDbCommit() )
1136 query.
prepare(
QString(
"SELECT id, name, uri, type, version, config FROM %1 " 1141 query.
prepare(
QString(
"SELECT id, name, uri, type, version FROM %1 " 1147 if ( !authDbQuery( &query ) )
1154 if ( query.
first() )
1175 QgsDebugMsg(
QString(
"Update of authcfg %1 FAILED for auth method %2" ).arg( authcfg, authMethodKey ) );
1178 QgsDebugMsg(
QString(
"Load %1 config SUCCESS for authcfg: %2" ).arg( full ?
"full" :
"base", authcfg ) );
1183 QgsDebugMsg(
QString(
"Select contains more than one for authcfg: %1" ).arg( authcfg ) );
1205 if ( !authDbStartTransaction() )
1208 if ( !authDbQuery( &query ) )
1211 if ( !authDbCommit() )
1230 bool res = authDbTransactionQuery( &query );
1238 QgsDebugMsg(
QString(
"Remove configs from database: %1" ).arg( res ?
"SUCCEEDED" :
"FAILED" ) );
1247 const char* err = QT_TR_NOOP(
"No authentication database found" );
1265 const char* err = QT_TR_NOOP(
"Could not back up authentication database" );
1272 *backuppath = dbbackup;
1289 if ( backuppath && !dbbackup.
isEmpty() )
1290 *backuppath = dbbackup;
1295 if ( !dbinfo.
permission( QFile::ReadOwner | QFile::WriteOwner ) )
1297 const char* err = QT_TR_NOOP(
"Auth db is not readable or writable by user" );
1305 const char* err = QT_TR_NOOP(
"No authentication database found" );
1313 const char* err = QT_TR_NOOP(
"Authentication database could not be deleted" );
1321 QgsDebugMsg(
"Creating Auth db through QSqlDatabase initial connection" );
1326 const char* err = QT_TR_NOOP(
"Authentication database could not be initialized" );
1332 if ( !createConfigTables() )
1334 const char* err = QT_TR_NOOP(
"FAILED to create auth database config tables" );
1340 if ( !createCertTables() )
1342 const char* err = QT_TR_NOOP(
"FAILED to create auth database cert tables" );
1368 QgsDebugMsg(
QString(
"Data source URI updating not supported by authcfg: %1" ).arg( authcfg ) );
1394 QgsDebugMsg(
QString(
"Network reply updating not supported by authcfg: %1" ).arg( authcfg ) );
1420 QgsDebugMsg(
QString(
"Data source URI updating not supported by authcfg: %1" ).arg( authcfg ) );
1457 "VALUES (:setting, :value)" ).arg( authDbSettingsTable() ) );
1462 if ( !authDbStartTransaction() )
1465 if ( !authDbQuery( &query ) )
1468 if ( !authDbCommit() )
1486 "WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
1490 if ( !authDbQuery( &query ) )
1495 if ( query.
first() )
1503 value = query.
value( 0 );
1509 QgsDebugMsg(
QString(
"Select contains more than one for setting key: %1" ).arg( key ) );
1524 "WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
1528 if ( !authDbQuery( &query ) )
1534 if ( query.
first() )
1541 QgsDebugMsg(
QString(
"Select contains more than one for setting key: %1" ).arg( key ) );
1556 query.
prepare(
QString(
"DELETE FROM %1 WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
1560 if ( !authDbStartTransaction() )
1563 if ( !authDbQuery( &query ) )
1566 if ( !authDbCommit() )
1575 #ifndef QT_NO_OPENSSL 1587 QgsDebugMsg(
QString(
"Init of SSL caches %1" ).arg( res ?
"SUCCEEDED" :
"FAILED" ) );
1615 "VALUES (:id, :key, :cert)" ).arg( authDbIdentitiesTable() ) );
1621 if ( !authDbStartTransaction() )
1624 if ( !authDbQuery( &query ) )
1627 if ( !authDbCommit() )
1643 "WHERE id = :id" ).arg( authDbIdentitiesTable() ) );
1647 if ( !authDbQuery( &query ) )
1652 if ( query.
first() )
1659 QgsDebugMsg(
QString(
"Select contains more than one certificate identity for id: %1" ).arg(
id ) );
1678 "WHERE id = :id" ).arg( authDbIdentitiesTable() ) );
1682 if ( !authDbQuery( &query ) )
1689 if ( query.
first() )
1692 QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey );
1695 const char* err = QT_TR_NOOP(
"Retrieve certificate identity bundle: FAILED to create private key" );
1703 const char* err = QT_TR_NOOP(
"Retrieve certificate identity bundle: FAILED to create certificate" );
1708 QgsDebugMsg(
QString(
"Certificate identity bundle retrieved for id: %1" ).arg(
id ) );
1712 QgsDebugMsg(
QString(
"Select contains more than one certificate identity for id: %1" ).arg(
id ) );
1716 bundle = qMakePair( cert, key );
1724 if ( bundle.first.isValid() && !bundle.second.isNull() )
1736 query.
prepare(
QString(
"SELECT id, cert FROM %1" ).arg( authDbIdentitiesTable() ) );
1738 if ( !authDbQuery( &query ) )
1743 while ( query.
next() )
1760 query.
prepare(
QString(
"SELECT id FROM %1" ).arg( authDbIdentitiesTable() ) );
1762 if ( !authDbQuery( &query ) )
1769 while ( query.
next() )
1784 "WHERE id = :id" ).arg( authDbIdentitiesTable() ) );
1788 if ( !authDbQuery( &query ) )
1794 if ( query.
first() )
1801 QgsDebugMsg(
QString(
"Select contains more than one certificate bundle for id: %1" ).arg(
id ) );
1819 query.
prepare(
QString(
"DELETE FROM %1 WHERE id = :id" ).arg( authDbIdentitiesTable() ) );
1823 if ( !authDbStartTransaction() )
1826 if ( !authDbQuery( &query ) )
1829 if ( !authDbCommit() )
1849 QString certpem( cert.toPem() );
1852 query.prepare(
QString(
"INSERT INTO %1 (id, host, cert, config) " 1855 query.bindValue(
":id",
id );
1857 query.bindValue(
":cert", certpem );
1860 if ( !authDbStartTransaction() )
1863 if ( !authDbQuery( &query ) )
1866 if ( !authDbCommit() )
1869 QgsDebugMsg(
QString(
"Store SSL cert custom config SUCCESS for host:port, id: %1, %2" )
1881 if (
id.isEmpty() || hostport.
isEmpty() )
1883 QgsDebugMsg(
"Passed config ID or host:port is empty" );
1894 if ( !authDbQuery( &query ) )
1899 if ( query.
first() )
1904 QgsDebugMsg(
QString(
"SSL cert custom config retrieved for host:port, id: %1, %2" ).arg( hostport,
id ) );
1908 QgsDebugMsg(
QString(
"Select contains more than one SSL cert custom config for host:port, id: %1, %2" ).arg( hostport,
id ) );
1909 emit
messageOut(
tr(
"Authentication database contains duplicate SSL cert custom configs for host:port, id: %1, %2" )
1934 if ( !authDbQuery( &query ) )
1939 if ( query.
first() )
1944 QgsDebugMsg(
QString(
"SSL cert custom config retrieved for host:port: %1" ).arg( hostport ) );
1948 QgsDebugMsg(
QString(
"Select contains more than one SSL cert custom config for host:port: %1" ).arg( hostport ) );
1949 emit
messageOut(
tr(
"Authentication database contains duplicate SSL cert custom configs for host:port: %1" )
1965 if ( !authDbQuery( &query ) )
1970 while ( query.
next() )
1977 configs.
append( config );
1986 if (
id.isEmpty() || hostport.
isEmpty() )
1988 QgsDebugMsg(
"Passed config ID or host:port is empty" );
1999 if ( !authDbQuery( &query ) )
2005 if ( query.
first() )
2007 QgsDebugMsg(
QString(
"SSL cert custom config exists for host:port, id: %1, %2" ).arg( hostport,
id ) );
2012 QgsDebugMsg(
QString(
"Select contains more than one SSL cert custom config for host:port, id: %1, %2" ).arg( hostport,
id ) );
2013 emit
messageOut(
tr(
"Authentication database contains duplicate SSL cert custom configs for host:port, id: %1, %2" )
2023 if (
id.isEmpty() || hostport.
isEmpty() )
2025 QgsDebugMsg(
"Passed config ID or host:port is empty" );
2036 if ( !authDbStartTransaction() )
2039 if ( !authDbQuery( &query ) )
2042 if ( !authDbCommit() )
2046 if ( mIgnoredSslErrorsCache.
contains( shahostport ) )
2048 mIgnoredSslErrorsCache.
remove( shahostport );
2051 QgsDebugMsg(
QString(
"REMOVED SSL cert custom config for host:port, id: %1, %2" ).arg( hostport,
id ) );
2058 if ( !mIgnoredSslErrorsCache.
isEmpty() )
2062 while ( i != mIgnoredSslErrorsCache.
constEnd() )
2065 Q_FOREACH ( QSslError::SslError err, i.
value() )
2090 if ( mIgnoredSslErrorsCache.
contains( shahostport ) )
2092 mIgnoredSslErrorsCache.
remove( shahostport );
2095 if ( !errenums.isEmpty() )
2098 QgsDebugMsg(
QString(
"Update of ignored SSL errors cache SUCCEEDED for sha:host:port = %1" ).arg( shahostport ) );
2103 QgsDebugMsg(
QString(
"No ignored SSL errors to cache for sha:host:port = %1" ).arg( shahostport ) );
2109 QRegExp rx(
"\\S+:\\S+:\\d+" );
2112 QgsDebugMsg(
"Passed shahostport does not match \\S+:\\S+:\\d+, " 2113 "e.g. 74a4ef5ea94512a43769b744cda0ca5049a72491:www.example.com:443" );
2117 if ( mIgnoredSslErrorsCache.
contains( shahostport ) )
2119 mIgnoredSslErrorsCache.
remove( shahostport );
2129 Q_FOREACH (
const QSslError &error, errors )
2131 if ( error.
error() == QSslError::NoError )
2139 QgsDebugMsg(
"Passed errors list does not contain errors" );
2143 mIgnoredSslErrorsCache.
insert( shahostport, errs );
2145 QgsDebugMsg(
QString(
"Update of ignored SSL errors cache SUCCEEDED for sha:host:port = %1" ).arg( shahostport ) );
2158 if ( !authDbQuery( &query ) )
2160 QgsDebugMsg(
"Rebuild of ignored SSL errors cache FAILED" );
2166 while ( query.
next() )
2174 if ( !errenums.isEmpty() )
2178 if ( prevcache.
contains( shahostport ) )
2180 prevcache.
remove( shahostport );
2189 while ( i != prevcache.
constEnd() )
2196 if ( nextcache != mIgnoredSslErrorsCache )
2198 mIgnoredSslErrorsCache.
clear();
2199 mIgnoredSslErrorsCache = nextcache;
2200 QgsDebugMsg(
"Rebuild of ignored SSL errors cache SUCCEEDED" );
2205 QgsDebugMsg(
"Rebuild of ignored SSL errors cache SAME AS BEFORE" );
2213 if ( certs.
size() < 1 )
2215 QgsDebugMsg(
"Passed certificate list has no certs" );
2243 query.prepare(
QString(
"INSERT INTO %1 (id, cert) " 2244 "VALUES (:id, :cert)" ).arg( authDbAuthoritiesTable() ) );
2246 query.bindValue(
":id",
id );
2247 query.bindValue(
":cert", pem );
2249 if ( !authDbStartTransaction() )
2252 if ( !authDbQuery( &query ) )
2255 if ( !authDbCommit() )
2258 QgsDebugMsg(
QString(
"Store certificate authority SUCCESS for id: %1" ).arg(
id ) );
2271 "WHERE id = :id" ).arg( authDbAuthoritiesTable() ) );
2275 if ( !authDbQuery( &query ) )
2280 if ( query.
first() )
2287 QgsDebugMsg(
QString(
"Select contains more than one certificate authority for id: %1" ).arg(
id ) );
2307 "WHERE id = :id" ).arg( authDbAuthoritiesTable() ) );
2311 if ( !authDbQuery( &query ) )
2317 if ( query.
first() )
2324 QgsDebugMsg(
QString(
"Select contains more than one certificate authority for id: %1" ).arg(
id ) );
2344 query.
prepare(
QString(
"DELETE FROM %1 WHERE id = :id" ).arg( authDbAuthoritiesTable() ) );
2348 if ( !authDbStartTransaction() )
2351 if ( !authDbQuery( &query ) )
2354 if ( !authDbCommit() )
2376 if ( cafileval.
isNull() )
2380 if ( allowinvalid.
isNull() )
2409 query.
prepare(
QString(
"SELECT id, cert FROM %1" ).arg( authDbAuthoritiesTable() ) );
2411 if ( !authDbQuery( &query ) )
2416 while ( query.
next() )
2432 mCaCertsCache.
clear();
2438 bool res = !mCaCertsCache.
isEmpty();
2439 QgsDebugMsg(
QString(
"Rebuild of CA certs cache %1" ).arg( res ?
"SUCCEEDED" :
"FAILED" ) );
2457 QgsDebugMsg(
QString(
"Passed policy was default, all cert records in database were removed for id: %1" ).arg(
id ) );
2463 "VALUES (:id, :policy)" ).arg( authDbTrustTable() ) );
2466 query.
bindValue(
":policy", static_cast< int >( policy ) );
2468 if ( !authDbStartTransaction() )
2471 if ( !authDbQuery( &query ) )
2474 if ( !authDbCommit() )
2477 QgsDebugMsg(
QString(
"Store certificate trust policy SUCCESS for id: %1" ).arg(
id ) );
2493 "WHERE id = :id" ).arg( authDbTrustTable() ) );
2497 if ( !authDbQuery( &query ) )
2503 if ( query.
first() )
2506 QgsDebugMsg(
QString(
"Authentication cert trust policy retrieved for id: %1" ).arg(
id ) );
2510 QgsDebugMsg(
QString(
"Select contains more than one cert trust policy for id: %1" ).arg(
id ) );
2520 if ( certs.
size() < 1 )
2522 QgsDebugMsg(
"Passed certificate list has no certs" );
2546 query.
prepare(
QString(
"DELETE FROM %1 WHERE id = :id" ).arg( authDbTrustTable() ) );
2550 if ( !authDbStartTransaction() )
2553 if ( !authDbQuery( &query ) )
2556 if ( !authDbCommit() )
2580 else if ( untrustedids.
contains(
id ) )
2594 return storeAuthSetting(
"certdefaulttrust", static_cast< int >( policy ) );
2609 mCertTrustCache.
clear();
2612 query.
prepare(
QString(
"SELECT id, policy FROM %1" ).arg( authDbTrustTable() ) );
2614 if ( !authDbQuery( &query ) )
2616 QgsDebugMsg(
"Rebuild of cert trust policy cache FAILED" );
2622 while ( query.
next() )
2628 if ( mCertTrustCache.
contains( policy ) )
2630 ids = mCertTrustCache.
value( policy );
2632 mCertTrustCache.
insert( policy, ids <<
id );
2636 QgsDebugMsg(
"Rebuild of cert trust policy cache SUCCEEDED" );
2648 for (
int i = 0; i < certpairs.size(); ++i )
2652 if ( trustedids.
contains( certid ) )
2655 trustedcerts.
append( cert );
2659 if ( !includeinvalid && !cert.isValid() )
2661 trustedcerts.
append( cert );
2670 return trustedcerts;
2677 if ( mTrustedCaCertsCache.
isEmpty() )
2687 for (
int i = 0; i < certpairs.size(); ++i )
2690 if ( !trustedCAs.
contains( cert ) )
2692 untrustedCAs.
append( cert );
2695 return untrustedCAs;
2701 QgsDebugMsg(
"Rebuilt trusted cert authorities cache" );
2715 certslist << cert.
toPem();
2750 void QgsAuthManager::writeToConsole(
const QString &message,
2778 void QgsAuthManager::tryToStartDbErase()
2780 ++mScheduledDbEraseRequestCount;
2782 int trycutoff = 90 / ( mScheduledDbEraseRequestWait ? mScheduledDbEraseRequestWait : 3 );
2783 if ( mScheduledDbEraseRequestCount >= trycutoff )
2786 QgsDebugMsg(
"authDatabaseEraseRequest emitting/scheduling cancelled" );
2792 .arg( mScheduledDbEraseRequestCount ).arg( trycutoff ) );
2798 mScheduledDbEraseRequestEmitted =
true;
2803 QgsDebugMsg(
"authDatabaseEraseRequest emitted" );
2806 QgsDebugMsg(
"authDatabaseEraseRequest emit skipped" );
2811 , mAuthInit( false )
2813 , mQcaInitializer( nullptr )
2816 , mAuthDisabled( false )
2817 , mScheduledDbEraseTimer( nullptr )
2818 , mScheduledDbErase( false )
2819 , mScheduledDbEraseRequestWait( 3 )
2820 , mScheduledDbEraseRequestEmitted( false )
2821 , mScheduledDbEraseRequestCount( 0 )
2825 mMutex =
new QMutex( QMutex::Recursive );
2835 qDeleteAll( mAuthMethods );
2843 delete mScheduledDbEraseTimer;
2844 mScheduledDbEraseTimer =
nullptr;
2845 delete mQcaInitializer;
2846 mQcaInitializer =
nullptr;
2850 bool QgsAuthManager::masterPasswordInput()
2869 bool QgsAuthManager::masterPasswordRowsInDb(
int *rows )
const 2875 query.
prepare(
QString(
"SELECT Count(*) FROM %1" ).arg( authDbPassTable() ) );
2877 bool ok = authDbQuery( &query );
2878 if ( query.
first() )
2892 if ( !masterPasswordRowsInDb( &rows ) )
2894 const char* err = QT_TR_NOOP(
"Master password: FAILED to access database" );
2900 return ( rows == 1 );
2903 bool QgsAuthManager::masterPasswordCheckAgainstDb(
const QString &compare )
const 2911 query.
prepare(
QString(
"SELECT salt, hash FROM %1" ).arg( authDbPassTable() ) );
2912 if ( !authDbQuery( &query ) )
2915 if ( !query.
first() )
2924 bool QgsAuthManager::masterPasswordStoreInDb()
const 2933 query.
prepare(
QString(
"INSERT INTO %1 (salt, hash, civ) VALUES (:salt, :hash, :civ)" ).arg( authDbPassTable() ) );
2939 if ( !authDbStartTransaction() )
2942 if ( !authDbQuery( &query ) )
2945 if ( !authDbCommit() )
2951 bool QgsAuthManager::masterPasswordClearDb()
2957 query.
prepare(
QString(
"DELETE FROM %1" ).arg( authDbPassTable() ) );
2958 bool res = authDbTransactionQuery( &query );
2964 const QString QgsAuthManager::masterPasswordCiv()
const 2970 query.
prepare(
QString(
"SELECT civ FROM %1" ).arg( authDbPassTable() ) );
2971 if ( !authDbQuery( &query ) )
2974 if ( !query.
first() )
2990 if ( !authDbQuery( &query ) )
2997 while ( query.
next() )
3005 bool QgsAuthManager::verifyPasswordCanDecryptConfigs()
const 3016 if ( !authDbQuery( &query ) )
3021 QgsDebugMsg(
QString(
"Verify password can decrypt configs FAILED, query not active or a select operation" ) );
3026 while ( query.
next() )
3032 QgsDebugMsg(
QString(
"Verify password can decrypt configs FAILED, could not decrypt a config (id: %1)" )
3038 QgsDebugMsg(
QString(
"Verify password can decrypt configs SUCCESS (checked %1 configs)" ).arg( checked ) );
3042 bool QgsAuthManager::reencryptAllAuthenticationConfigs(
const QString &prevpass,
const QString &prevciv )
3050 res = res && reencryptAuthenticationConfig( configid, prevpass, prevciv );
3055 bool QgsAuthManager::reencryptAuthenticationConfig(
const QString &authcfg,
const QString &prevpass,
const QString &prevciv )
3069 if ( !authDbQuery( &query ) )
3074 QgsDebugMsg(
QString(
"Reencrypt FAILED, query not active or a select operation for authcfg: %2" ).arg( authcfg ) );
3078 if ( query.
first() )
3084 QgsDebugMsg(
QString(
"Select contains more than one for authcfg: %1" ).arg( authcfg ) );
3092 "SET config = :config " 3098 if ( !authDbStartTransaction() )
3101 if ( !authDbQuery( &query ) )
3104 if ( !authDbCommit() )
3112 QgsDebugMsg(
QString(
"Reencrypt FAILED, could not find in db authcfg: %2" ).arg( authcfg ) );
3117 bool QgsAuthManager::reencryptAllAuthenticationSettings(
const QString &prevpass,
const QString &prevciv )
3120 Q_UNUSED( prevpass );
3121 Q_UNUSED( prevciv );
3134 encryptedsettings <<
"";
3136 Q_FOREACH (
const QString &sett, encryptedsettings )
3146 "WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
3150 if ( !authDbQuery( &query ) )
3155 QgsDebugMsg(
QString(
"Reencrypt FAILED, query not active or a select operation for setting: %2" ).arg( sett ) );
3159 if ( query.
first() )
3166 "SET value = :value " 3167 "WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
3172 if ( !authDbStartTransaction() )
3175 if ( !authDbQuery( &query ) )
3178 if ( !authDbCommit() )
3186 QgsDebugMsg(
QString(
"Reencrypt FAILED, could not find in db setting: %2" ).arg( sett ) );
3192 QgsDebugMsg(
QString(
"Select contains more than one for setting: %1" ).arg( sett ) );
3203 bool QgsAuthManager::reencryptAllAuthenticationIdentities(
const QString &prevpass,
const QString &prevciv )
3211 res = res && reencryptAuthenticationIdentity( identid, prevpass, prevciv );
3216 bool QgsAuthManager::reencryptAuthenticationIdentity(
3229 "WHERE id = :id" ).arg( authDbIdentitiesTable() ) );
3233 if ( !authDbQuery( &query ) )
3238 QgsDebugMsg(
QString(
"Reencrypt FAILED, query not active or a select operation for identity id: %2" ).arg( identid ) );
3242 if ( query.
first() )
3248 QgsDebugMsg(
QString(
"Select contains more than one for identity id: %1" ).arg( identid ) );
3257 "WHERE id = :id" ).arg( authDbIdentitiesTable() ) );
3262 if ( !authDbStartTransaction() )
3265 if ( !authDbQuery( &query ) )
3268 if ( !authDbCommit() )
3276 QgsDebugMsg(
QString(
"Reencrypt FAILED, could not find in db identity id: %2" ).arg( identid ) );
3281 bool QgsAuthManager::authDbOpen()
const 3289 if ( !authdb.
open() )
3291 QgsDebugMsg(
QString(
"Unable to establish database connection\nDatabase: %1\nDriver error: %2\nDatabase error: %3" )
3302 bool QgsAuthManager::authDbQuery(
QSqlQuery *query )
const 3308 if ( !query->
exec() )
3310 const char* err = QT_TR_NOOP(
"Auth db query exec() FAILED" );
3328 bool QgsAuthManager::authDbStartTransaction()
const 3335 const char* err = QT_TR_NOOP(
"Auth db FAILED to start transaction" );
3344 bool QgsAuthManager::authDbCommit()
const 3351 const char* err = QT_TR_NOOP(
"Auth db FAILED to rollback changes" );
3361 bool QgsAuthManager::authDbTransactionQuery(
QSqlQuery *query )
const 3368 const char* err = QT_TR_NOOP(
"Auth db FAILED to start transaction" );
3374 bool ok = authDbQuery( query );
3378 const char* err = QT_TR_NOOP(
"Auth db FAILED to rollback changes" );
Singleton offering an interface to manage the authentication configuration database and to utilize co...
QStringList getCertIdentityIds() const
Get list of certificate identity ids from database.
bool rebuildTrustedCaCertsCache()
Rebuild trusted certificate authorities cache.
bool getMasterPassword(QString &password, bool stored=false)
void setUri(const QString &uri)
QByteArray toByteArray() const
const QString authDbServersTable() const
Name of the authentication database table that stores server exceptions/configs.
const QList< QSslCertificate > getExtraFileCAs()
Get extra file-based certificate authorities.
QSqlError lastError() const
static bool verifyPasswordKeyHash(const QString &pass, const QString &salt, const QString &hash, QString *hashderived=nullptr)
Verify existing master password hash to a re-generated one.
iterator insert(const Key &key, const T &value)
QStringList authMethodList() const
Return list of available auth methods by their keys.
QString databaseText() const
void setId(const QString &id)
Set auth config ID.
bool contains(const Key &key) const
const QPair< QSslCertificate, QSslKey > getCertIdentityBundle(const QString &id)
Get a certificate identity bundle by id (sha hash).
const Key key(const T &value) const
static QgsAuthManager * instance()
Enforce singleton pattern.
QgsAuthMethod::Expansions supportedAuthMethodExpansions(const QString &authcfg)
Get supported authentication method expansion(s), e.g.
Interface for requesting credentials in QGIS in GUI independent way.
bool storeSslCertCustomConfig(const QgsAuthConfigSslServer &config)
Store an SSL certificate custom config.
const QString configString() const
The extended configuration, as stored and retrieved from the authentication database.
QList< T > values() const
QString readLine(qint64 maxlen)
QgsAuthCertUtils::CertTrustPolicy getCertificateTrustPolicy(const QSslCertificate &cert)
Get trust policy for a particular certificate.
bool hasConfigId(const QString &txt) const
Return whether a string includes an authcfg ID token.
bool existsAuthSetting(const QString &key)
Check if an authentication setting exists.
bool scheduledAuthDbErase()
Whether there is a scheduled opitonal erase of authentication database.
static QString qgisAuthDbFilePath()
Returns the path to the user authentication database file: qgis-auth.db.
bool storeAuthSetting(const QString &key, const QVariant &value, bool encrypt=false)
Store an authentication setting (stored as string via QVariant( value ).toString() ) ...
void masterPasswordVerified(bool verified) const
Emitted when a password has been verify (or not)
bool removeCertAuthority(const QSslCertificate &cert)
Remove a certificate authority.
QSslConfiguration sslConfiguration() const
void authDatabaseEraseRequested() const
Emitted when a user has indicated they may want to erase the authentication db.
const QList< QSslCertificate > getUntrustedCaCerts(QList< QSslCertificate > trustedCAs=QList< QSslCertificate >())
Get list of all untrusted CA certificates.
bool exec(const QString &query)
static QString sslErrorEnumString(QSslError::SslError errenum)
Get short strings describing an SSL error.
bool rename(const QString &newName)
bool initSslCaches()
Initialize various SSL authentication caches.
QSqlDatabase database(const QString &connectionName, bool open)
static QList< QSslCertificate > certsFromFile(const QString &certspath)
Return list of concatenated certs from a PEM or DER formatted file.
bool contains(const QString &str, Qt::CaseSensitivity cs) const
bool isNull() const
Whether configuration is null (missing components)
static QMap< QString, QSslCertificate > mapDigestToCerts(const QList< QSslCertificate > &certs)
Map certificate sha1 to certificate as simple cache.
Configuration container for SSL server connection exceptions or overrides.
virtual bool updateDataSourceUriItems(QStringList &connectionItems, const QString &authcfg, const QString &dataprovider=QString())
Update data source connection items with authentication components.
bool permission(QFlags< QFile::Permission > permissions) const
QSqlDatabase addDatabase(const QString &type, const QString &connectionName)
static QgsCredentials * instance()
retrieves instance
static bool certificateIsAuthorityOrIssuer(const QSslCertificate &cert)
Get whether a certificate is an Authority or can at least sign other certificates.
QString authManTag() const
Simple text tag describing authentication system for message logs.
bool masterPasswordHashInDb() const
Verify a password hash existing in authentication database.
bool removeCertTrustPolicy(const QSslCertificate &cert)
Remove a certificate authority.
void authDatabaseChanged() const
Emitted when the authentication db is significantly changed, e.g.
QString join(const QString &separator) const
const QMap< QString, QSslCertificate > getMappedDatabaseCAs()
Get sha1-mapped database-stored certificate authorities.
QStringList authMethodsKeys(const QString &dataprovider=QString())
Get keys of supported authentication methods.
const_iterator insert(const T &value)
QgsAuthMethod * authMethod(const QString &authMethodKey)
Get authentication method from the config/provider cache via its key.
const QString authenticationDbPath() const
The standard authentication database file in ~/.qgis2/ or defined location.
bool storeCertAuthority(const QSslCertificate &cert)
Store a certificate authority.
QString tr(const char *sourceText, const char *disambiguation, int n)
static void passwordKeyHash(const QString &pass, QString *salt, QString *hash, QString *cipheriv=nullptr)
Generate SHA256 hash for master password, with iterations and salt.
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
bool rebuildCaCertsCache()
Rebuild certificate authority cache.
A registry / canonical manager of authentication methods.
bool configIdUnique(const QString &id) const
Verify if provided authentication id is unique.
bool copy(const QString &newName)
bool updateAuthenticationConfig(const QgsAuthMethodConfig &config)
Update an authentication config in the database.
void lock()
Lock the instance against access from multiple threads.
bool eraseAuthenticationDatabase(bool backup, QString *backuppath=nullptr)
Erase all rows from all tables in authentication database.
const QByteArray getTrustedCaCertsPemText()
Get concatenated string of all trusted CA certificates.
virtual bool updateNetworkRequest(QNetworkRequest &request, const QString &authcfg, const QString &dataprovider=QString())
Update a network request with authentication components.
void clearCachedConfig(const QString &authcfg)
Clear an authentication config from its associated authentication method cache.
QVariant getAuthSetting(const QString &key, const QVariant &defaultValue=QVariant(), bool decrypt=false)
Get an authentication setting (retrieved as string and returned as QVariant( QString )) ...
const QString name() const
Get name of configuration.
const QgsAuthConfigSslServer getSslCertCustomConfig(const QString &id, const QString &hostport)
Get an SSL certificate custom config by id (sha hash) and host:port.
bool contains(const QString &connectionName)
int indexIn(const QString &str, int offset, CaretMode caretMode) const
bool setDefaultCertTrustPolicy(QgsAuthCertUtils::CertTrustPolicy policy)
Set the default certificate trust policy perferred by user.
bool prepare(const QString &query)
const QList< QSslCertificate > getCertIdentities()
Get certificate identities.
bool removeAllAuthenticationConfigs()
Clear all authentication configs from table in database and from provider caches. ...
void setCaCertificates(const QList< QSslCertificate > &certificates)
const QString uri() const
A URI to auto-select a config when connecting to a resource.
void append(const T &value)
void removeDatabase(const QString &connectionName)
QWidget * editWidget(const QString &authMethodKey, QWidget *parent=nullptr)
Return the auth method capabilities.
const QString configString() const
Configuration as a concatenated string.
const_iterator constEnd() const
int toInt(bool *ok) const
QgsAuthMethodConfigsMap availableAuthMethodConfigs(const QString &dataprovider=QString())
Get mapping of authentication config ids and their base configs (not decrypted data) ...
int exec(QFlags< QEventLoop::ProcessEventsFlag > flags)
QVariant value(int index) const
bool init(const QString &pluginPath=QString::null)
Initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database...
void setMethod(const QString &method)
void bindValue(const QString &placeholder, const QVariant &val, QFlags< QSql::ParamTypeFlag > paramType)
Configuration storage class for authentication method configurations.
void seed(uint32_t value)
const QList< QSslCertificate > getTrustedCaCertsCache()
Get cache of trusted certificate authorities, ready for network connections.
bool storeCertIdentity(const QSslCertificate &cert, const QSslKey &key)
Store a certificate identity.
bool updateDataSourceUriItems(QStringList &connectionItems, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QgsDataSourceURI with an authentication config.
bool removeCertTrustPolicies(const QList< QSslCertificate > &certs)
Remove a group certificate authorities.
bool removeSslCertCustomConfig(const QString &id, const QString &hostport)
Remove an SSL certificate custom config.
void loadConfigString(const QString &configstr)
Load existing extended configuration.
QString executedQuery() const
const QList< QSslCertificate > getDatabaseCAs()
Get database-stored certificate authorities.
const QString id() const
Get 'authcfg' 7-character alphanumeric ID of the config.
const QSslCertificate sslCertificate() const
Server certificate object.
int remove(const Key &key)
QWidget * authMethodEditWidget(const QString &authMethodKey, QWidget *parent)
Get authentication method edit widget via its key.
void messageOut(const QString &message, const QString &tag=smAuthManTag, QgsAuthManager::MessageLevel level=INFO) const
Custom logging signal to relay to console output and QgsMessageLog.
void setForwardOnly(bool forward)
virtual bool open(QFlags< QIODevice::OpenModeFlag > mode)
QString driverText() const
const QList< QSslCertificate > getTrustedCaCerts(bool includeinvalid=false)
Get list of all trusted CA certificates.
bool masterPasswordIsSet() const
Whether master password has be input and verified, i.e.
void setSslHostPort(const QString &hostport)
Set server host:port string.
QString configAuthMethodKey(const QString &authcfg) const
Get key of authentication method associated with config ID.
const T value(const Key &key) const
void updateConfigAuthMethods()
Sync the confg/authentication method cache with what is in database.
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy)
Store user trust value for a certificate.
virtual void clearCachedConfig(const QString &authcfg)=0
Clear any cached configuration.
bool contains(const T &value) const
bool storeCertAuthorities(const QList< QSslCertificate > &certs)
Store multiple certificate authorities.
const QString disabledMessage() const
Standard message for when QCA's qca-ossl plugin is missing and system is disabled.
bool existsCertAuthority(const QSslCertificate &cert)
Check if a certificate authority exists.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Get the sha1 hash for certificate.
QString & replace(int position, int n, QChar after)
const QSslCertificate getCertAuthority(const QString &id)
Get a certificate authority by id (sha hash)
QSslConfiguration defaultConfiguration()
QString cleanPath(const QString &path)
const_iterator constBegin() const
QgsAuthMethod::Expansions supportedExpansions() const
Flags that represent the update points (where authentication configurations are expanded) supported b...
const QSslCertificate getCertIdentity(const QString &id)
Get a certificate identity by id (sha hash)
void setDefaultConfiguration(const QSslConfiguration &configuration)
bool updateIgnoredSslErrorsCacheFromConfig(const QgsAuthConfigSslServer &config)
Update ignored SSL error cache with possible ignored SSL errors, using server config.
const QStringList getCertIdentityBundleToPem(const QString &id)
Get a certificate identity bundle by id (sha hash) returned as PEM text.
QDateTime currentDateTime()
QgsAuthMethod * configAuthMethod(const QString &authcfg)
Get authentication method from the config/provider cache.
Abstract base class for authentication method plugins.
static const QString encrypt(const QString &pass, const QString &cipheriv, const QString &text)
Encrypt data using master password.
CaCertSource
Type of CA certificate source.
bool updateNetworkRequest(QNetworkRequest &request, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QNetworkRequest with an authentication config.
bool removeCertIdentity(const QString &id)
Remove a certificate identity.
const QString authDbConfigTable() const
Name of the authentication database table that stores configs.
void clearMasterPassword()
Clear supplied master password.
bool updateIgnoredSslErrorsCache(const QString &shahostport, const QList< QSslError > &errors)
Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key...
QStringList configIds() const
Get list of authentication ids from database.
bool setMasterPassword(bool verify=false)
Main call to initially set or continually check master password is set.
bool resetMasterPassword(const QString &newpass, const QString &oldpass, bool keepbackup, QString *backuppath=nullptr)
Reset the master password to a new one, then re-encrypt all previous configs in a new database file...
void setScheduledAuthDbErase(bool scheduleErase)
Schedule an optional erase of authentication database, starting when mutex is lockable.
const QList< QSslCertificate > getSystemRootCAs()
Get root system certificate authorities.
bool storeAuthenticationConfig(QgsAuthMethodConfig &mconfig)
Store an authentication config in the database.
bool verifyMasterPassword(const QString &compare=QString::null)
Verify the supplied master password against any existing hash in authentication database.
void setVersion(int version)
Set version of the configuration.
bool loadAuthenticationConfig(const QString &authcfg, QgsAuthMethodConfig &mconfig, bool full=false)
Load an authentication config from the database into subclass.
bool existsSslCertCustomConfig(const QString &id, const QString &hostport)
Check if SSL certificate custom config exists.
static const QString decrypt(const QString &pass, const QString &cipheriv, const QString &text)
Decrypt data using master password.
QList< QSslCertificate > systemCaCertificates()
const QString uniqueConfigId() const
Get a unique generated 7-character string to assign to as config id.
virtual bool updateNetworkReply(QNetworkReply *reply, const QString &authcfg, const QString &dataprovider=QString())
Update a network reply with authentication components.
const QgsAuthConfigSslServer getSslCertCustomConfigByHost(const QString &hostport)
Get an SSL certificate custom config by host:port.
QSqlError lastError() const
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g.
QSqlDatabase authDbConnection() const
Set up the application instance of the authentication database connection.
QByteArray toPem(const QByteArray &passPhrase) const
iterator insert(const Key &key, const T &value)
bool contains(const Key &key) const
QgsAuthCertUtils::CertTrustPolicy getCertTrustPolicy(const QSslCertificate &cert)
Get a whether certificate is trusted by user.
bool existsCertIdentity(const QString &id)
Check if a certificate identity exists.
CertTrustPolicy
Type of certificate trust policy.
void setDatabaseName(const QString &name)
QgsAuthMethodsMap authMethodsMap(const QString &dataprovider=QString())
Get available authentication methods mapped to their key.
bool updateNetworkReply(QNetworkReply *reply, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors...
void unlock()
Unlock the instance after being locked.
bool masterPasswordSame(const QString &pass) const
Check whether supplied password is the same as the one already set.
bool isValid(bool validateid=false) const
Whether the configuration is valid.
bool removeAuthenticationConfig(const QString &authcfg)
Remove an authentication config in the database.
QList< QSslCertificate > caCertificates() const
void dumpIgnoredSslErrorsCache_()
Utility function to dump the cache for debug purposes.
bool isDisabled() const
Whether QCA has the qca-ossl plugin, which a base run-time requirement.
QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy()
Get the default certificate trust policy perferred by user.
bool removeAuthSetting(const QString &key)
Remove an authentication setting.
bool connect(const QObject *sender, const char *signal, const QObject *receiver, const char *method, Qt::ConnectionType type)
const QString sslHostPort() const
Server host:port string.
static QgsAuthMethodRegistry * instance(const QString &pluginPath=QString::null)
Means of accessing canonical single instance.
int version() const
Get version of the configuration.
void setName(const QString &name)
Set name of configuration.
bool rebuildIgnoredSslErrorCache()
Rebuild ignoredSSL error cache.
void setSslCertificate(const QSslCertificate &cert)
Set server certificate object.
bool backupAuthenticationDatabase(QString *backuppath=nullptr)
Close connection to current authentication database and back it up.
bool exactMatch(const QString &str) const
QString arg(qlonglong a, int fieldWidth, int base, const QChar &fillChar) const
const QList< QgsAuthConfigSslServer > getSslCertCustomConfigs()
Get SSL certificate custom configs.
virtual void updateMethodConfig(QgsAuthMethodConfig &mconfig)=0
Update an authentication configuration in place.
QString method() const
Textual key of the associated authentication method.
bool registerCoreAuthMethods()
Instantiate and register existing C++ core authentication methods from plugins.
QByteArray toAscii() const
void clearAllCachedConfigs()
Clear all authentication configs from authentication method caches.
const T value(const Key &key) const
bool rebuildCertTrustCache()
Rebuild certificate authority cache.
const QList< QSslError::SslError > sslIgnoredErrorEnums() const
SSL server errors (as enum list) to ignore in connections.