QGIS API Documentation  2.12.0-Lyon
qgsauthmanager.h
Go to the documentation of this file.
1 /***************************************************************************
2  qgsauthmanager.h
3  ---------------------
4  begin : October 5, 2014
5  copyright : (C) 2014 by Boundless Spatial, Inc. USA
6  author : Larry Shaffer
7  email : lshaffer at boundlessgeo dot com
8  ***************************************************************************
9  * *
10  * This program is free software; you can redistribute it and/or modify *
11  * it under the terms of the GNU General Public License as published by *
12  * the Free Software Foundation; either version 2 of the License, or *
13  * (at your option) any later version. *
14  * *
15  ***************************************************************************/
16 
17 #ifndef QGSAUTHMANAGER_H
18 #define QGSAUTHMANAGER_H
19 
20 #include <QObject>
21 #include <QMutex>
22 #include <QNetworkReply>
23 #include <QNetworkRequest>
24 #include <QSqlDatabase>
25 #include <QSqlError>
26 #include <QSqlQuery>
27 #include <QStringList>
28 
29 #ifndef QT_NO_OPENSSL
30 #include <QSslCertificate>
31 #include <QSslKey>
32 #include <QtCrypto>
33 #include "qgsauthcertutils.h"
34 #endif
35 
36 #include "qgsauthconfig.h"
37 #include "qgsauthmethod.h"
38 #include "qgsdatasourceuri.h"
39 
40 namespace QCA
41 {
42  class Initializer;
43 }
44 class QgsAuthMethod;
45 class QgsAuthMethodEdit;
46 class QgsAuthProvider;
47 class QTimer;
48 
49 
54 class CORE_EXPORT QgsAuthManager : public QObject
55 {
56  Q_OBJECT
57  Q_ENUMS( MessageLevel )
58 
59  public:
60 
62  enum MessageLevel
63  {
64  INFO = 0,
65  WARNING = 1,
66  CRITICAL = 2
67  };
68 
72  static QgsAuthManager *instance();
73 
74  ~QgsAuthManager();
75 
77  QSqlDatabase authDbConnection() const;
78 
80  const QString authDbConfigTable() const { return smAuthConfigTable; }
81 
83  const QString authDbServersTable() const { return smAuthServersTable; }
84 
86  bool init( const QString& pluginPath = QString::null );
87 
89  bool isDisabled() const;
90 
92  const QString disabledMessage() const;
93 
97  const QString authenticationDbPath() const { return mAuthDbPath; }
98 
103  bool setMasterPassword( bool verify = false );
104 
110  bool setMasterPassword( const QString& pass, bool verify = false );
111 
116  bool verifyMasterPassword( const QString &compare = QString::null );
117 
119  bool masterPasswordIsSet() const;
120 
122  bool masterPasswordHashInDb() const;
123 
127  void clearMasterPassword() { mMasterPass = QString(); }
128 
132  bool masterPasswordSame( const QString& pass ) const;
133 
141  bool resetMasterPassword( const QString& newpass, const QString& oldpass, bool keepbackup, QString *backuppath = 0 );
142 
144  bool scheduledAuthDbErase() { return mScheduledDbErase; }
145 
156  void setScheduledAuthDbErase( bool scheduleErase );
157 
165  void setScheduledAuthDbEraseRequestEmitted( bool emitted ) { mScheduledDbEraseRequestEmitted = emitted; }
166 
168  const QString authManTag() const { return smAuthManTag; }
169 
171  bool registerCoreAuthMethods();
172 
174  QgsAuthMethodConfigsMap availableAuthMethodConfigs( const QString &dataprovider = QString() );
175 
177  void updateConfigAuthMethods();
178 
183  QgsAuthMethod *configAuthMethod( const QString& authcfg );
184 
189  QString configAuthMethodKey( const QString& authcfg ) const;
190 
194  QStringList authMethodsKeys( const QString &dataprovider = QString() );
195 
200  QgsAuthMethod *authMethod( const QString &authMethodKey );
201 
206  QgsAuthMethodsMap authMethodsMap( const QString &dataprovider = QString() );
207 
213  QWidget *authMethodEditWidget( const QString &authMethodKey , QWidget *parent );
214 
219  QgsAuthMethod::Expansions supportedAuthMethodExpansions( const QString &authcfg );
220 
222  const QString uniqueConfigId() const;
223 
228  bool configIdUnique( const QString &id ) const;
229 
234  bool hasConfigId( const QString &txt ) const;
235 
237  QString configIdRegex() const { return smAuthCfgRegex;}
238 
240  QStringList configIds() const;
241 
247  bool storeAuthenticationConfig( QgsAuthMethodConfig &mconfig );
248 
254  bool updateAuthenticationConfig( const QgsAuthMethodConfig& config );
255 
263  bool loadAuthenticationConfig( const QString& authcfg, QgsAuthMethodConfig &mconfig, bool full = false );
264 
270  bool removeAuthenticationConfig( const QString& authcfg );
271 
276  bool removeAllAuthenticationConfigs();
277 
282  bool backupAuthenticationDatabase( QString *backuppath = 0 );
283 
290  bool eraseAuthenticationDatabase( bool backup, QString *backuppath = 0 );
291 
292 
294 
302  bool updateNetworkRequest( QNetworkRequest &request, const QString& authcfg,
303  const QString &dataprovider = QString() );
304 
312  bool updateNetworkReply( QNetworkReply *reply, const QString& authcfg,
313  const QString &dataprovider = QString() );
314 
322  bool updateDataSourceUriItems( QStringList &connectionItems, const QString& authcfg,
323  const QString &dataprovider = QString() );
324 
326 
328  bool storeAuthSetting( const QString& key, const QVariant& value, bool encrypt = false );
329 
331  QVariant getAuthSetting( const QString& key, const QVariant& defaultValue = QVariant(), bool decrypt = false );
332 
334  bool existsAuthSetting( const QString& key );
335 
337  bool removeAuthSetting( const QString& key );
338 
339 #ifndef QT_NO_OPENSSL
340 
343  bool initSslCaches();
344 
345 
347  bool storeCertIdentity( const QSslCertificate& cert, const QSslKey& key );
348 
350  const QSslCertificate getCertIdentity( const QString& id );
351 
353  const QPair<QSslCertificate, QSslKey> getCertIdentityBundle( const QString& id );
354 
356  const QStringList getCertIdentityBundleToPem( const QString& id );
357 
359  const QList<QSslCertificate> getCertIdentities();
360 
362  QStringList getCertIdentityIds() const;
363 
365  bool existsCertIdentity( const QString& id );
366 
368  bool removeCertIdentity( const QString& id );
369 
370 
372  bool storeSslCertCustomConfig( const QgsAuthConfigSslServer& config );
373 
375  const QgsAuthConfigSslServer getSslCertCustomConfig( const QString& id, const QString &hostport );
376 
378  const QgsAuthConfigSslServer getSslCertCustomConfigByHost( const QString& hostport );
379 
381  const QList<QgsAuthConfigSslServer> getSslCertCustomConfigs();
382 
384  bool existsSslCertCustomConfig( const QString& id, const QString &hostport );
385 
387  bool removeSslCertCustomConfig( const QString& id, const QString &hostport );
388 
389 
391  QHash<QString, QSet<QSslError::SslError> > getIgnoredSslErrorCache() { return mIgnoredSslErrorsCache; }
392 
394  void dumpIgnoredSslErrorsCache_();
395 
397  bool updateIgnoredSslErrorsCacheFromConfig( const QgsAuthConfigSslServer &config );
398 
400  bool updateIgnoredSslErrorsCache( const QString &shahostport, const QList<QSslError> &errors );
401 
403  bool rebuildIgnoredSslErrorCache();
404 
405 
407  bool storeCertAuthorities( const QList<QSslCertificate>& certs );
408 
410  bool storeCertAuthority( const QSslCertificate& cert );
411 
413  const QSslCertificate getCertAuthority( const QString& id );
414 
416  bool existsCertAuthority( const QSslCertificate& cert );
417 
419  bool removeCertAuthority( const QSslCertificate& cert );
420 
422  const QList<QSslCertificate> getSystemRootCAs();
423 
425  const QList<QSslCertificate> getExtraFileCAs();
426 
428  const QList<QSslCertificate> getDatabaseCAs();
429 
431  const QMap<QString, QSslCertificate> getMappedDatabaseCAs();
432 
434  const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource , QSslCertificate> > getCaCertsCache()
435  {
436  return mCaCertsCache;
437  }
438 
440  bool rebuildCaCertsCache();
441 
443  bool storeCertTrustPolicy( const QSslCertificate& cert, QgsAuthCertUtils::CertTrustPolicy policy );
444 
448  QgsAuthCertUtils::CertTrustPolicy getCertTrustPolicy( const QSslCertificate& cert );
449 
451  bool removeCertTrustPolicies( const QList<QSslCertificate>& certs );
452 
454  bool removeCertTrustPolicy( const QSslCertificate& cert );
455 
457  QgsAuthCertUtils::CertTrustPolicy getCertificateTrustPolicy( const QSslCertificate& cert );
458 
460  bool setDefaultCertTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy );
461 
463  QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy();
464 
466  const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > getCertTrustCache() { return mCertTrustCache; }
467 
469  bool rebuildCertTrustCache();
470 
472  const QList<QSslCertificate> getTrustedCaCerts( bool includeinvalid = false );
473 
475  const QList<QSslCertificate> getUntrustedCaCerts( QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );
476 
478  bool rebuildTrustedCaCertsCache();
479 
481  const QList<QSslCertificate> getTrustedCaCertsCache() { return mTrustedCaCertsCache; }
482 
484  const QByteArray getTrustedCaCertsPemText();
485 
486 #endif
487 
489  QMutex *mutex() { return mMutex; }
490 
491  signals:
499  void messageOut( const QString& message, const QString& tag = smAuthManTag, QgsAuthManager::MessageLevel level = INFO ) const;
500 
505  void masterPasswordVerified( bool verified ) const;
506 
508  void authDatabaseEraseRequested() const;
509 
511  void authDatabaseChanged() const;
512 
513  public slots:
515  void clearAllCachedConfigs();
516 
518  void clearCachedConfig( const QString& authcfg );
519 
520  private slots:
521  void writeToConsole( const QString& message, const QString& tag = QString(), QgsAuthManager::MessageLevel level = INFO );
522 
531  void tryToStartDbErase();
532 
533  protected:
534  explicit QgsAuthManager();
535 
536  private:
537 
538  bool createConfigTables();
539 
540  bool createCertTables();
541 
542  bool masterPasswordInput();
543 
544  bool masterPasswordRowsInDb( int *rows ) const;
545 
546  bool masterPasswordCheckAgainstDb( const QString &compare = QString::null ) const;
547 
548  bool masterPasswordStoreInDb() const;
549 
550  bool masterPasswordClearDb();
551 
552  const QString masterPasswordCiv() const;
553 
554  bool verifyPasswordCanDecryptConfigs() const;
555 
556  bool reencryptAllAuthenticationConfigs( const QString& prevpass, const QString& prevciv );
557 
558  bool reencryptAuthenticationConfig( const QString& authcfg, const QString& prevpass, const QString& prevciv );
559 
560  bool reencryptAllAuthenticationSettings( const QString& prevpass, const QString& prevciv );
561 
562  bool reencryptAllAuthenticationIdentities( const QString& prevpass, const QString& prevciv );
563 
564  bool reencryptAuthenticationIdentity( const QString& identid, const QString& prevpass, const QString& prevciv );
565 
566  bool authDbOpen() const;
567 
568  bool authDbQuery( QSqlQuery *query ) const;
569 
570  bool authDbStartTransaction() const;
571 
572  bool authDbCommit() const;
573 
574  bool authDbTransactionQuery( QSqlQuery *query ) const;
575 
576 #ifndef QT_NO_OPENSSL
577  void insertCaCertInCache( QgsAuthCertUtils::CaCertSource source, const QList<QSslCertificate> &certs );
578 #endif
579 
580  const QString authDbPassTable() const { return smAuthPassTable; }
581 
582  const QString authDbSettingsTable() const { return smAuthSettingsTable; }
583 
584  const QString authDbIdentitiesTable() const { return smAuthIdentitiesTable; }
585 
586  const QString authDbAuthoritiesTable() const { return smAuthAuthoritiesTable; }
587 
588  const QString authDbTrustTable() const { return smAuthTrustTable; }
589 
590  static QgsAuthManager* smInstance;
591  static const QString smAuthConfigTable;
592  static const QString smAuthPassTable;
593  static const QString smAuthSettingsTable;
594  static const QString smAuthIdentitiesTable;
595  static const QString smAuthServersTable;
596  static const QString smAuthAuthoritiesTable;
597  static const QString smAuthTrustTable;
598  static const QString smAuthManTag;
599  static const QString smAuthCfgRegex;
600 
601  bool mAuthInit;
602  QString mAuthDbPath;
603 
604  QCA::Initializer * mQcaInitializer;
605 
606  QHash<QString, QString> mConfigAuthMethods;
607  QHash<QString, QgsAuthMethod*> mAuthMethods;
608 
609  QString mMasterPass;
610  int mPassTries;
611  bool mAuthDisabled;
612  QString mAuthDisabledMessage;
613  QTimer *mScheduledDbEraseTimer;
614  bool mScheduledDbErase;
615  int mScheduledDbEraseRequestWait; // in seconds
616  bool mScheduledDbEraseRequestEmitted;
617  int mScheduledDbEraseRequestCount;
618  QMutex *mMutex;
619 
620 #ifndef QT_NO_OPENSSL
621  // mapping of sha1 digest and cert source and cert
622  // appending removes duplicates
623  QMap<QString, QPair<QgsAuthCertUtils::CaCertSource , QSslCertificate> > mCaCertsCache;
624  // list of sha1 digests per policy
625  QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;
626  // cache of certs ready to be utilized in network connections
627  QList<QSslCertificate> mTrustedCaCertsCache;
628  // cache of SSL errors to be ignored in network connections, per sha-hostport
629  QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;
630 #endif
631 };
632 
633 #endif // QGSAUTHMANAGER_H
QgsAuthManager
Singleton offering an interface to manage the authentication configuration database and to utilize co...
Definition: qgsauthmanager.h:54
QgsAuthManager::authDbServersTable
const QString authDbServersTable() const
Name of the authentication database table that stores server exceptions/configs.
Definition: qgsauthmanager.h:83
QgsAuthManager::scheduledAuthDbErase
bool scheduledAuthDbErase()
Whether there is a scheduled opitonal erase of authentication database.
Definition: qgsauthmanager.h:144
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:55
QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition: qgsauthconfig.h:298
QgsAuthMethodEdit
Abstract base class for the edit widget of authentication method plugins.
Definition: qgsauthmethodedit.h:28
QgsAuthManager::authenticationDbPath
const QString authenticationDbPath() const
The standard authentication database file in ~/.qgis2/ or defined location.
Definition: qgsauthmanager.h:97
QgsAuthManager::authManTag
const QString authManTag() const
Simple text tag describing authentication system for message logs.
Definition: qgsauthmanager.h:168
QgsAuthManager::configIdRegex
QString configIdRegex() const
Return regular expression for authcfg=.
Definition: qgsauthmanager.h:237
QgsAuthMethodConfig
Configuration storage class for authentication method configurations.
Definition: qgsauthconfig.h:36
QgsAuthCertUtils::CaCertSource
CaCertSource
Type of CA certificate source.
Definition: qgsauthcertutils.h:46
QgsAuthManager::getTrustedCaCertsCache
const QList< QSslCertificate > getTrustedCaCertsCache()
Get cache of trusted certificate authorities, ready for network connections.
Definition: qgsauthmanager.h:481
QgsAuthManager::MessageLevel
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
Definition: qgsauthmanager.h:62
QgsAuthManager::getCertTrustCache
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > getCertTrustCache()
Get cache of certificate sha1s, per trust policy.
Definition: qgsauthmanager.h:466
QgsAuthManager::setScheduledAuthDbEraseRequestEmitted
void setScheduledAuthDbEraseRequestEmitted(bool emitted)
Re-emit a signal to schedule an optional erase of authentication database.
Definition: qgsauthmanager.h:165
QgsAuthMethod
Abstract base class for authentication method plugins.
Definition: qgsauthmethod.h:33
QgsAuthManager::getCaCertsCache
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > getCaCertsCache()
Get all CA certs mapped to their sha1 from cache.
Definition: qgsauthmanager.h:434
QgsAuthManager::authDbConfigTable
const QString authDbConfigTable() const
Name of the authentication database table that stores configs.
Definition: qgsauthmanager.h:80
QgsAuthManager::clearMasterPassword
void clearMasterPassword()
Clear supplied master password.
Definition: qgsauthmanager.h:127
QgsAuthManager::getIgnoredSslErrorCache
QHash< QString, QSet< QSslError::SslError > > getIgnoredSslErrorCache()
Get ignored SSL error cache, keyed with cert/connection's sha:host:port.
Definition: qgsauthmanager.h:391
QgsAuthManager::mutex
QMutex * mutex()
Return pointer to mutex.
Definition: qgsauthmanager.h:489
Generated on Sat Oct 24 2015 04:11:21 for QGIS API Documentation by   doxygen 1.8.9.1