32 const QString QgsAuthMethodConfig::mConfigSep =
"|||";
33 const QString QgsAuthMethodConfig::mConfigKeySep =
":::";
34 const QString QgsAuthMethodConfig::mConfigListSep =
"```";
36 const int QgsAuthMethodConfig::mConfigVersion = 1;
50 : mId( methodconfig.id() )
51 , mName( methodconfig.name() )
52 , mUri( methodconfig.uri() )
53 , mMethod( methodconfig.method() )
54 , mVersion( methodconfig.version() )
55 , mConfigMap( methodconfig.configMap() )
61 return ( other.
id() ==
id()
71 return !( *
this == other );
76 bool idvalid = validateid ? !mId.
isEmpty() :
true;
91 confstrs << i.
key() + mConfigKeySep + i.
value();
94 return confstrs.
join( mConfigSep );
107 Q_FOREACH (
const QString& conf, confs )
109 if ( conf.
contains( mConfigKeySep ) )
112 setConfig( keyval.at( 0 ), keyval.at( 1 ) );
118 setConfig(
"oldconfigstyle", configstr );
124 mConfigMap.
insert( key, value );
134 return mConfigMap.
remove( key );
139 return mConfigMap.
value( key, defaultvalue );
157 QUrl url( accessurl );
161 .arg( url.
port() ).arg( withpath ? url.
path() :
"" );
169 #ifndef QT_NO_OPENSSL
180 , mCaChain( caChain )
198 openflags |= QIODevice::Text;
199 bool ret = file.
open( openflags );
216 && ( certPath.
endsWith(
".pem", Qt::CaseInsensitive )
217 || certPath.
endsWith(
".der", Qt::CaseInsensitive ) )
218 && ( keyPath.
endsWith(
".pem", Qt::CaseInsensitive )
219 || keyPath.
endsWith(
".der", Qt::CaseInsensitive ) )
224 bool pem = certPath.
endsWith(
".pem", Qt::CaseInsensitive );
229 bool pem_key = keyPath.
endsWith(
".pem", Qt::CaseInsensitive );
235 pem_key ? QSsl::Pem : QSsl::Der,
243 pem_key ? QSsl::Pem : QSsl::Der,
260 if ( QCA::isSupported(
"pkcs12" )
262 && ( bundlepath.
endsWith(
".p12", Qt::CaseInsensitive )
263 || bundlepath.
endsWith(
".pfx", Qt::CaseInsensitive ) )
266 QCA::SecureArray passarray;
267 if ( !bundlepass.
isNull() )
268 passarray = QCA::SecureArray( bundlepass.
toUtf8() );
269 QCA::ConvertResult res;
270 QCA::KeyBundle bundle( QCA::KeyBundle::fromFile( bundlepath, passarray, &res,
QString(
"qca-ossl" ) ) );
271 if ( res == QCA::ConvertGood && !bundle.isNull() )
273 QCA::CertificateChain cert_chain( bundle.certificateChain() );
275 if ( !cert.isNull() )
279 QSslKey cert_key( bundle.privateKey().toPEM().toAscii(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey,
QByteArray() );
280 if ( !cert_key.isNull() )
285 if ( cert_chain.size() > 1 )
288 Q_FOREACH (
const QCA::Certificate& ca_cert, cert_chain )
290 if ( ca_cert != cert_chain.primary() )
317 return QString::null;
334 if ( !certkey.
isNull() && certkey.
type() == QSsl::PrivateKey )
350 , mCertKey( certkey )
368 const QString QgsAuthConfigSslServer::mConfSep =
"|||";
374 , mSslPeerVerifyMode(
QSslSocket::VerifyPeer )
375 , mSslPeerVerifyDepth( 0 )
379 #if QT_VERSION >= 0x040800
383 mSslProtocol = QSsl::SecureProtocols;
389 mSslProtocol = QSsl::TlsV1;
411 Q_FOREACH (
const QSslError::SslError& err, mSslIgnoredErrors )
415 configlist << errs.
join(
"~~" );
417 configlist <<
QString(
"%1~~%2" ).
arg((
int )mSslPeerVerifyMode ).
arg( mSslPeerVerifyDepth );
419 return configlist.
join( mConfSep );
430 mVersion = configlist.at( 0 ).toInt();
431 mQtVersion = configlist.at( 1 ).toInt();
435 mSslProtocol = ( QSsl::SslProtocol )configlist.at( 2 ).toInt();
437 mSslIgnoredErrors.
clear();
438 QStringList errs( configlist.at( 3 ).split(
"~~" ) );
439 Q_FOREACH (
const QString& err, errs )
441 mSslIgnoredErrors.
append(( QSslError::SslError )err.
toInt() );
444 QStringList peerverify( configlist.at( 4 ).split(
"~~" ) );
445 mSslPeerVerifyMode = ( QSslSocket::PeerVerifyMode )peerverify.at( 0 ).toInt();
446 mSslPeerVerifyDepth = peerverify.at( 1 ).toInt();
QSsl::KeyType type() const
void setConfig(const QString &key, const QString &value)
Set a single config value per key in the map.
bool contains(const Key &key) const
const QString configString() const
The extended configuration, as stored and retrieved from the authentication database.
void setCaChain(const QList< QSslCertificate > &cachain)
Set chain of Certificate Authorities for client certificate.
static const QgsPkiBundle fromPkcs12Paths(const QString &bundlepath, const QString &bundlepass=QString::null)
Construct a bundle of PKI components from a PKCS#12 file path.
QStringList split(const QString &sep, SplitBehavior behavior, Qt::CaseSensitivity cs) const
const_iterator constBegin() const
bool isNull() const
Whether configuration is null (missing components)
bool isNull() const
Whether the bundle, either its certificate or private key, is null.
QString join(const QString &separator) const
void setConfigList(const QString &key, const QStringList &value)
Set a multiple config values per key in the map.
const QString name() const
Get name of configuration.
Storage set for PKI bundle: SSL certificate, key, optional CA cert chain.
static QByteArray fileData_(const QString &path, bool astext=false)
QString number(int n, int base)
const QString uri() const
A URI to auto-select a config when connecting to a resource.
void setClientCert(const QSslCertificate &cert)
Set client certificate object.
void append(const T &value)
const QString configString() const
Configuration as a concatenated string.
QgsStringMap configMap() const
Get extended configuration, mapped to key/value pairs of QStrings.
const QString certId() const
The sha hash of the client certificate.
bool operator!=(const QgsAuthMethodConfig &other) const
Operator used to compare configs' inequality.
Configuration storage class for authentication method configurations.
int toInt(bool *ok, int base) const
const_iterator constEnd() const
QgsAuthConfigSslServer()
Construct a default SSL server configuration.
void loadConfigString(const QString &configstr)
Load existing extended configuration.
bool endsWith(const QString &s, Qt::CaseSensitivity cs) const
bool isValid()
Whether the bundle is valid.
const QString id() const
Get 'authcfg' 7-character alphanumeric ID of the config.
virtual bool open(QFlags< QIODevice::OpenModeFlag > mode)
QStringList configList(const QString &key) const
Return a config's list of values.
QString config(const QString &key, const QString &defaultvalue=QString()) const
Return a config's value.
bool contains(QChar ch, Qt::CaseSensitivity cs) const
void setClientKey(const QSslKey &certkey)
Set private key object.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Get the sha1 hash for certificate.
QgsAuthMethodConfig(const QString &method=QString(), int version=0)
Construct a configuration for an authentication method.
bool isValid() const
Whether the bundle is valid.
static bool uriToResource(const QString &accessurl, QString *resource, bool withpath=false)
A utility function for generating a resource from a URL to be compared against the config's uri() for...
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g.
int removeConfig(const QString &key)
Remove a config from map.
QgsPkiConfigBundle(const QgsAuthMethodConfig &config, const QSslCertificate &cert, const QSslKey &certkey)
Construct a bundle from existing PKI components and authentication method configuration.
iterator insert(const Key &key, const T &value)
bool hasConfig(const QString &key) const
Whether a config key exists in config map.
bool isValid(bool validateid=false) const
Whether the configuration is valid.
void clearConfigMap()
Clear all configs.
bool operator==(const QgsAuthMethodConfig &other) const
Operator used to compare configs' equality.
int version() const
Get version of the configuration.
static const QgsPkiBundle fromPemPaths(const QString &certPath, const QString &keyPath, const QString &keyPass=QString::null, const QList< QSslCertificate > &caChain=QList< QSslCertificate >())
Construct a bundle of PKI components from PEM-formatted file paths.
QString arg(qlonglong a, int fieldWidth, int base, const QChar &fillChar) const
QString method() const
Textual key of the associated authentication method.
QgsPkiBundle(const QSslCertificate &clientCert=QSslCertificate(), const QSslKey &clientKey=QSslKey(), const QList< QSslCertificate > &caChain=QList< QSslCertificate >())
Construct a bundle from existing PKI components.
const T value(const Key &key) const
int remove(const Key &key)
const QList< QSslError::SslError > sslIgnoredErrorEnums() const
SSL server errors (as enum list) to ignore in connections.
const QList< QSslError > sslIgnoredErrors() const
SSL server errors to ignore in connections.
QByteArray toUtf8() const