17#ifndef QGSAUTHMANAGER_H
18#define QGSAUTHMANAGER_H
23#include <QRecursiveMutex>
24#include <QNetworkReply>
25#include <QNetworkRequest>
26#include <QSqlDatabase>
32#include <QSslCertificate>
41#if QT_VERSION >= QT_VERSION_CHECK(6, 0, 0)
42#include <qt6keychain/keychain.h>
44#include <qt5keychain/keychain.h>
81 Q_ENUM( MessageLevel )
92 Q_DECL_DEPRECATED
bool init(
const QString &pluginPath = QString(),
const QString &authDatabasePath = QString() )
SIP_DEPRECATED;
103 void setup( const QString &pluginPath = QString(), const QString &authDatabasePath = QString() );
108 QSqlDatabase authDatabaseConnection() const;
111 const QString authDatabaseConfigTable()
const {
return AUTH_CONFIG_TABLE; }
118 bool isDisabled()
const;
121 const QString disabledMessage()
const;
134 bool setMasterPassword(
bool verify =
false );
142 bool setMasterPassword(
const QString &pass,
bool verify =
false );
149 bool verifyMasterPassword(
const QString &compare = QString() );
152 bool masterPasswordIsSet()
const;
155 bool masterPasswordHashInDatabase()
const;
167 bool masterPasswordSame(
const QString &pass )
const;
177 bool resetMasterPassword(
const QString &newpass,
const QString &oldpass,
bool keepbackup, QString *backuppath
SIP_INOUT =
nullptr );
197 void setScheduledAuthDatabaseErase(
bool scheduleErase )
SIP_SKIP;
213 bool registerCoreAuthMethods();
219 void updateConfigAuthMethods();
231 QString configAuthMethodKey(
const QString &authcfg )
const;
236 QStringList authMethodsKeys(
const QString &dataprovider = QString() );
266 QWidget *authMethodEditWidget(
const QString &authMethodKey, QWidget *parent );
277 const QString uniqueConfigId()
const;
283 bool configIdUnique(
const QString &
id )
const;
289 static bool hasConfigId(
const QString &txt );
295 QStringList configIds()
const;
326 bool removeAuthenticationConfig(
const QString &authcfg );
335 bool exportAuthenticationConfigsToXml(
const QString &filename,
const QStringList &authcfgs,
const QString &password = QString() );
344 bool importAuthenticationConfigsFromXml(
const QString &filename,
const QString &password = QString(),
bool overwrite =
false );
350 bool removeAllAuthenticationConfigs();
356 bool backupAuthenticationDatabase( QString *backuppath
SIP_INOUT =
nullptr );
364 bool eraseAuthenticationDatabase(
bool backup, QString *backuppath
SIP_INOUT =
nullptr );
376 bool updateNetworkRequest( QNetworkRequest &request
SIP_INOUT,
const QString &authcfg,
377 const QString &dataprovider = QString() );
386 bool updateNetworkReply( QNetworkReply *reply,
const QString &authcfg,
387 const QString &dataprovider = QString() );
396 bool updateDataSourceUriItems( QStringList &connectionItems
SIP_INOUT,
const QString &authcfg,
397 const QString &dataprovider = QString() );
406 bool updateNetworkProxy( QNetworkProxy &proxy
SIP_INOUT,
const QString &authcfg,
407 const QString &dataprovider = QString() );
412 bool storeAuthSetting(
const QString &key,
const QVariant &value,
bool encrypt =
false );
421 QVariant authSetting(
const QString &key,
const QVariant &defaultValue = QVariant(),
bool decrypt =
false );
424 bool existsAuthSetting(
const QString &key );
427 bool removeAuthSetting(
const QString &key );
433 bool initSslCaches();
436 bool storeCertIdentity(
const QSslCertificate &cert,
const QSslKey &key );
443 const QSslCertificate certIdentity(
const QString &
id );
451 const QPair<QSslCertificate, QSslKey> certIdentityBundle(
const QString &
id )
SIP_SKIP;
458 const QStringList certIdentityBundleToPem(
const QString &
id );
464 const QList<QSslCertificate> certIdentities();
472 QStringList certIdentityIds()
const;
475 bool existsCertIdentity(
const QString &
id );
478 bool removeCertIdentity(
const QString &
id );
503 const QList<QgsAuthConfigSslServer> sslCertCustomConfigs();
506 bool existsSslCertCustomConfig(
const QString &
id,
const QString &hostport );
509 bool removeSslCertCustomConfig(
const QString &
id,
const QString &hostport );
519 void dumpIgnoredSslErrorsCache_();
525 bool updateIgnoredSslErrorsCache(
const QString &shahostport,
const QList<QSslError> &errors );
528 bool rebuildIgnoredSslErrorCache();
532 bool storeCertAuthorities(
const QList<QSslCertificate> &certs );
535 bool storeCertAuthority(
const QSslCertificate &cert );
544 const QSslCertificate certAuthority(
const QString &
id );
547 bool existsCertAuthority(
const QSslCertificate &cert );
550 bool removeCertAuthority(
const QSslCertificate &cert );
556 static const QList<QSslCertificate> systemRootCAs();
562 const QList<QSslCertificate> extraFileCAs();
568 const QList<QSslCertificate> databaseCAs();
574 const QMap<QString, QSslCertificate> mappedDatabaseCAs();
583 return mCaCertsCache;
587 bool rebuildCaCertsCache();
600 bool removeCertTrustPolicies(
const QList<QSslCertificate> &certs );
603 bool removeCertTrustPolicy(
const QSslCertificate &cert );
622 const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList >
certTrustCache() {
return mCertTrustCache; }
625 bool rebuildCertTrustCache();
632 const QList<QSslCertificate> trustedCaCerts(
bool includeinvalid =
false );
638 const QList<QSslCertificate> untrustedCaCerts( QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );
641 bool rebuildTrustedCaCertsCache();
653 const QByteArray trustedCaCertsPemText();
667 bool passwordHelperDelete()
SIP_SKIP;
673 static
bool passwordHelperEnabled();
679 void setPasswordHelperEnabled(
bool enabled );
685 static
bool passwordHelperLoggingEnabled()
SIP_SKIP;
691 static
void setPasswordHelperLoggingEnabled(
bool enabled )
SIP_SKIP;
697 bool passwordHelperSync();
700 static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME;
703 static const QString AUTH_MAN_TAG;
711 void passwordHelperFailure();
717 void passwordHelperSuccess();
742 void masterPasswordVerified(
bool verified );
745 void authDatabaseEraseRequested();
748 void authDatabaseChanged();
752 void clearAllCachedConfigs();
755 void clearCachedConfig( const QString &authcfg );
769 void tryToStartDbErase();
794 bool ensureInitialized()
const;
796 bool initPrivate(
const QString &pluginPath,
const QString &authDatabasePath );
802 QString passwordHelperName()
const;
805 void passwordHelperLog(
const QString &msg )
const;
808 QString passwordHelperRead();
811 bool passwordHelperWrite(
const QString &password );
814 void passwordHelperSetErrorMessage(
const QString &errorMessage ) { mPasswordHelperErrorMessage = errorMessage; }
817 void passwordHelperClearErrors();
823 void passwordHelperProcessError();
825 bool createConfigTables();
827 bool createCertTables();
829 bool masterPasswordInput();
831 bool masterPasswordRowsInDb(
int *rows )
const;
833 bool masterPasswordCheckAgainstDb(
const QString &compare = QString() )
const;
835 bool masterPasswordStoreInDb()
const;
837 bool masterPasswordClearDb();
839 const QString masterPasswordCiv()
const;
841 bool verifyPasswordCanDecryptConfigs()
const;
843 bool reencryptAllAuthenticationConfigs(
const QString &prevpass,
const QString &prevciv );
845 bool reencryptAuthenticationConfig(
const QString &authcfg,
const QString &prevpass,
const QString &prevciv );
847 bool reencryptAllAuthenticationSettings(
const QString &prevpass,
const QString &prevciv );
849 bool reencryptAllAuthenticationIdentities(
const QString &prevpass,
const QString &prevciv );
851 bool reencryptAuthenticationIdentity(
const QString &identid,
const QString &prevpass,
const QString &prevciv );
853 bool authDbOpen()
const;
855 bool authDbQuery( QSqlQuery *query )
const;
857 bool authDbStartTransaction()
const;
859 bool authDbCommit()
const;
861 bool authDbTransactionQuery( QSqlQuery *query )
const;
867 const QString authDbPassTable()
const {
return AUTH_PASS_TABLE; }
869 const QString authDbSettingsTable()
const {
return AUTH_SETTINGS_TABLE; }
871 const QString authDbIdentitiesTable()
const {
return AUTH_IDENTITIES_TABLE; }
873 const QString authDbAuthoritiesTable()
const {
return AUTH_AUTHORITIES_TABLE; }
875 const QString authDbTrustTable()
const {
return AUTH_TRUST_TABLE; }
877 QString authPasswordHelperKeyName()
const;
880 static const QString AUTH_CONFIG_TABLE;
881 static const QString AUTH_PASS_TABLE;
882 static const QString AUTH_SETTINGS_TABLE;
883 static const QString AUTH_IDENTITIES_TABLE;
884 static const QString AUTH_SERVERS_TABLE;
885 static const QString AUTH_AUTHORITIES_TABLE;
886 static const QString AUTH_TRUST_TABLE;
887 static const QString AUTH_CFG_REGEX;
890 QString mAuthDatabasePath;
891 mutable bool mLazyInitResult =
false;
893 bool mAuthInit =
false;
896 std::unique_ptr<QCA::Initializer> mQcaInitializer;
898 QHash<QString, QString> mConfigAuthMethods;
899 QHash<QString, QgsAuthMethod *> mAuthMethods;
903 bool mAuthDisabled =
false;
904 QString mAuthDisabledMessage;
905 QTimer *mScheduledDbEraseTimer =
nullptr;
906 bool mScheduledDbErase =
false;
907 int mScheduledDbEraseRequestWait = 3 ;
908 bool mScheduledDbEraseRequestEmitted =
false;
909 int mScheduledDbEraseRequestCount = 0;
911 std::unique_ptr<QRecursiveMutex> mMutex;
912 std::unique_ptr<QRecursiveMutex> mMasterPasswordMutex;
916 QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > mCaCertsCache;
918 QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;
920 QList<QSslCertificate> mTrustedCaCertsCache;
922 QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;
924 bool mHasCustomConfigByHost =
false;
925 bool mHasCheckedIfCustomConfigByHostExists =
false;
926 QMap< QString, QgsAuthConfigSslServer > mCustomConfigByHostCache;
933 bool mPasswordHelperVerificationError =
false;
936 QString mPasswordHelperErrorMessage;
939 QKeychain::Error mPasswordHelperErrorCode = QKeychain::NoError;
942 bool mPasswordHelperLoggingEnabled =
false;
945 bool mPasswordHelperFailedInit =
false;
948 static const QLatin1String AUTH_PASSWORD_HELPER_KEY_NAME_BASE;
951 static const QLatin1String AUTH_PASSWORD_HELPER_FOLDER_NAME;
953 mutable QMap<QThread *, QMetaObject::Connection> mConnectedThreads;
Extends QApplication to provide access to QGIS specific resources such as theme paths,...
CertTrustPolicy
Type of certificate trust policy.
CaCertSource
Type of CA certificate source.
Configuration container for SSL server connection exceptions or overrides.
Singleton offering an interface to manage the authentication configuration database and to utilize co...
const QString authDatabaseServersTable() const
Name of the authentication database table that stores server exceptions/configs.
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
const QList< QSslCertificate > trustedCaCertsCache()
trustedCaCertsCache cache of trusted certificate authorities, ready for network connections
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache()
certTrustCache get cache of certificate sha1s, per trust policy
bool scheduledAuthDatabaseErase()
Whether there is a scheduled opitonal erase of authentication database.
const QString authenticationDatabasePath() const
The standard authentication database file in ~/.qgis3/ or defined location.
QString authManTag() const
Simple text tag describing authentication system for message logs.
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > caCertsCache()
caCertsCache get all CA certs mapped to their sha1 from cache.
QString configIdRegex() const
Returns the regular expression for authcfg=.{7} key/value token for authentication ids.
void setScheduledAuthDatabaseEraseRequestEmitted(bool emitted)
Re-emit a signal to schedule an optional erase of authentication database.
void clearMasterPassword()
Clear supplied master password.
const QString passwordHelperErrorMessage()
Error message getter.
QHash< QString, QSet< QSslError::SslError > > ignoredSslErrorCache()
ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port.
Configuration storage class for authentication method configurations.
Abstract base class for the edit widget of authentication method plugins.
Abstract base class for authentication method plugins.
QFlags< Expansion > Expansions
#define SIP_IF_FEATURE(feature)
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
QHash< QString, QgsAuthMethod * > QgsAuthMethodsMap