QGIS API Documentation  2.18.21-Las Palmas (9fba24a)
qgsauthauthoritieseditor.cpp
Go to the documentation of this file.
1 /***************************************************************************
2  qgsauthauthoritieseditor.cpp
3  ---------------------
4  begin : April 26, 2015
5  copyright : (C) 2015 by Boundless Spatial, Inc. USA
6  author : Larry Shaffer
7  email : lshaffer at boundlessgeo dot com
8  ***************************************************************************
9  * *
10  * This program is free software; you can redistribute it and/or modify *
11  * it under the terms of the GNU General Public License as published by *
12  * the Free Software Foundation; either version 2 of the License, or *
13  * (at your option) any later version. *
14  * *
15  ***************************************************************************/
16 
17 #include "qgsauthauthoritieseditor.h"
18 #include "ui_qgsauthauthoritieseditor.h"
19 
20 #include <QAction>
21 #include <QComboBox>
22 #include <QDateTime>
23 #include <QDir>
24 #include <QFileDialog>
25 #include <QFileInfo>
26 #include <QMenu>
27 #include <QMessageBox>
28 #include <QPair>
29 #include <QPushButton>
30 #include <QSettings>
31 #include <QSslConfiguration>
32 
33 #include "qgsapplication.h"
34 #include "qgsauthcertificateinfo.h"
35 #include "qgsauthcertutils.h"
36 #include "qgsauthguiutils.h"
37 #include "qgsauthimportcertdialog.h"
38 #include "qgsauthmanager.h"
39 #include "qgsauthtrustedcasdialog.h"
40 #include "qgslogger.h"
41 
42 QgsAuthAuthoritiesEditor::QgsAuthAuthoritiesEditor( QWidget *parent )
43  : QWidget( parent )
44  , mAuthNotifyLayout( nullptr )
45  , mAuthNotify( nullptr )
46  , mRootCaSecItem( nullptr )
47  , mFileCaSecItem( nullptr )
48  , mDbCaSecItem( nullptr )
49  , mDefaultTrustPolicy( QgsAuthCertUtils::DefaultTrust )
50  , mUtilitiesMenu( nullptr )
51  , mDisabled( false )
52  , mActionDefaultTrustPolicy( nullptr )
53  , mActionShowTrustedCAs( nullptr )
54 {
55  if ( QgsAuthManager::instance()->isDisabled() )
56  {
57  mDisabled = true;
58  mAuthNotifyLayout = new QVBoxLayout;
59  this->setLayout( mAuthNotifyLayout );
60  mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
61  mAuthNotifyLayout->addWidget( mAuthNotify );
62  }
63  else
64  {
65  setupUi( this );
66 
67  connect( QgsAuthManager::instance(), SIGNAL( messageOut( const QString&, const QString&, QgsAuthManager::MessageLevel ) ),
68  this, SLOT( authMessageOut( const QString&, const QString&, QgsAuthManager::MessageLevel ) ) );
69 
70  connect( QgsAuthManager::instance(), SIGNAL( authDatabaseChanged() ),
71  this, SLOT( refreshCaCertsView() ) );
72 
73  setupCaCertsTree();
74 
75  connect( treeWidgetCAs->selectionModel(), SIGNAL( selectionChanged( const QItemSelection&, const QItemSelection& ) ),
76  this, SLOT( selectionChanged( const QItemSelection&, const QItemSelection& ) ) );
77 
78  connect( treeWidgetCAs, SIGNAL( itemDoubleClicked( QTreeWidgetItem *, int ) ),
79  this, SLOT( handleDoubleClick( QTreeWidgetItem *, int ) ) );
80 
81  connect( btnViewRefresh, SIGNAL( clicked() ), this, SLOT( refreshCaCertsView() ) );
82 
83  QVariant cafileval = QgsAuthManager::instance()->getAuthSetting( QString( "cafile" ) );
84  if ( !cafileval.isNull() )
85  {
86  leCaFile->setText( cafileval.toString() );
87  }
88 
89  btnGroupByOrg->setChecked( false );
90  QVariant sortbyval = QgsAuthManager::instance()->getAuthSetting( QString( "casortby" ), QVariant( false ) );
91  if ( !sortbyval.isNull() )
92  btnGroupByOrg->setChecked( sortbyval.toBool() );
93 
94  mDefaultTrustPolicy = QgsAuthManager::instance()->defaultCertTrustPolicy();
95  populateCaCertsView();
96  checkSelection();
97 
98  populateUtilitiesMenu();
99  }
100 }
101 
102 QgsAuthAuthoritiesEditor::~QgsAuthAuthoritiesEditor()
103 {
104 }
105 
106 static void setItemBold_( QTreeWidgetItem* item )
107 {
108  item->setFirstColumnSpanned( true );
109  QFont secf( item->font( 0 ) );
110  secf.setBold( true );
111  item->setFont( 0, secf );
112 }
113 
114 void QgsAuthAuthoritiesEditor::setupCaCertsTree()
115 {
116  treeWidgetCAs->setColumnCount( 4 );
117  treeWidgetCAs->setHeaderLabels(
118  QStringList() << tr( "Common Name" )
119  << tr( "Serial #" )
120  << tr( "Expiry Date" )
121  << tr( "Trust Policy" ) );
122  treeWidgetCAs->setColumnWidth( 0, 300 );
123  treeWidgetCAs->setColumnWidth( 1, 75 );
124  treeWidgetCAs->setColumnWidth( 2, 200 );
125 
126  // add root sections
127  mDbCaSecItem = new QTreeWidgetItem(
128  treeWidgetCAs,
129  QStringList( QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::InDatabase ) ),
130  ( int )QgsAuthAuthoritiesEditor::Section );
131  setItemBold_( mDbCaSecItem );
132  mDbCaSecItem->setFlags( Qt::ItemIsEnabled );
133  mDbCaSecItem->setExpanded( true );
134  treeWidgetCAs->insertTopLevelItem( 0, mDbCaSecItem );
135 
136  mFileCaSecItem = new QTreeWidgetItem(
137  treeWidgetCAs,
138  QStringList( QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::FromFile ) ),
139  ( int )QgsAuthAuthoritiesEditor::Section );
140  setItemBold_( mFileCaSecItem );
141  mFileCaSecItem->setFlags( Qt::ItemIsEnabled );
142  mFileCaSecItem->setExpanded( true );
143  treeWidgetCAs->insertTopLevelItem( 0, mFileCaSecItem );
144 
145  mRootCaSecItem = new QTreeWidgetItem(
146  treeWidgetCAs,
147  QStringList( QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::SystemRoot ) ),
148  ( int )QgsAuthAuthoritiesEditor::Section );
149  setItemBold_( mRootCaSecItem );
150  mRootCaSecItem->setFlags( Qt::ItemIsEnabled );
151  mRootCaSecItem->setExpanded( false );
152  treeWidgetCAs->insertTopLevelItem( 0, mRootCaSecItem );
153 }
154 
155 void QgsAuthAuthoritiesEditor::populateCaCertsView()
156 {
157  updateCertTrustPolicyCache();
158  populateDatabaseCaCerts();
159  populateFileCaCerts();
160  populateRootCaCerts();
161 }
162 
163 void QgsAuthAuthoritiesEditor::refreshCaCertsView()
164 {
165 // QgsAuthManager::instance()->rebuildCaCertsCache();
166  populateCaCertsView();
167 }
168 
169 static void removeChildren_( QTreeWidgetItem* item )
170 {
171  Q_FOREACH ( QTreeWidgetItem* child, item->takeChildren() )
172  {
173  delete child;
174  }
175 }
176 
177 void QgsAuthAuthoritiesEditor::populateDatabaseCaCerts()
178 {
179  removeChildren_( mDbCaSecItem );
180 
181  bool expanded = mDbCaSecItem->isExpanded();
182  populateCaCertsSection( mDbCaSecItem,
183  QgsAuthManager::instance()->getDatabaseCAs(),
184  QgsAuthAuthoritiesEditor::DbCaCert );
185  mDbCaSecItem->setExpanded( expanded );
186 }
187 
188 void QgsAuthAuthoritiesEditor::populateFileCaCerts()
189 {
190  removeChildren_( mFileCaSecItem );
191 
192  bool expanded = mFileCaSecItem->isExpanded();
193  populateCaCertsSection( mFileCaSecItem,
194  QgsAuthManager::instance()->getExtraFileCAs(),
195  QgsAuthAuthoritiesEditor::FileCaCert );
196  mFileCaSecItem->setExpanded( expanded );
197 }
198 
199 void QgsAuthAuthoritiesEditor::populateRootCaCerts()
200 {
201  removeChildren_( mRootCaSecItem );
202 
203  bool expanded = mRootCaSecItem->isExpanded();
204  populateCaCertsSection( mRootCaSecItem,
205  QgsAuthManager::instance()->getSystemRootCAs(),
206  QgsAuthAuthoritiesEditor::RootCaCert );
207  mRootCaSecItem->setExpanded( expanded );
208 }
209 
210 void QgsAuthAuthoritiesEditor::populateCaCertsSection( QTreeWidgetItem* item, const QList<QSslCertificate>& certs,
211  QgsAuthAuthoritiesEditor::CaType catype )
212 {
213  if ( btnGroupByOrg->isChecked() )
214  {
215  appendCertsToGroup( certs, catype, item );
216  }
217  else
218  {
219  appendCertsToItem( certs, catype, item );
220  }
221 }
222 
223 void QgsAuthAuthoritiesEditor::appendCertsToGroup( const QList<QSslCertificate>& certs,
224  QgsAuthAuthoritiesEditor::CaType catype,
225  QTreeWidgetItem *parent )
226 {
227  if ( certs.size() < 1 )
228  return;
229 
230  if ( !parent )
231  {
232  parent = treeWidgetCAs->currentItem();
233  }
234 
235  // TODO: find all organizational name, sort and make subsections
236  QMap< QString, QList<QSslCertificate> > orgcerts(
237  QgsAuthCertUtils::certsGroupedByOrg( certs ) );
238 
239  QMap< QString, QList<QSslCertificate> >::const_iterator it = orgcerts.constBegin();
240  for ( ; it != orgcerts.constEnd(); ++it )
241  {
242  QTreeWidgetItem * grpitem( new QTreeWidgetItem( parent,
243  QStringList() << it.key(),
244  ( int )QgsAuthAuthoritiesEditor::OrgName ) );
245  grpitem->setFirstColumnSpanned( true );
246  grpitem->setFlags( Qt::ItemIsEnabled );
247  grpitem->setExpanded( true );
248 
249  QBrush orgb( grpitem->foreground( 0 ) );
250  orgb.setColor( QColor::fromRgb( 90, 90, 90 ) );
251  grpitem->setForeground( 0, orgb );
252  QFont grpf( grpitem->font( 0 ) );
253  grpf.setItalic( true );
254  grpitem->setFont( 0, grpf );
255 
256  appendCertsToItem( it.value(), catype, grpitem );
257  }
258 
259  parent->sortChildren( 0, Qt::AscendingOrder );
260 }
261 
262 void QgsAuthAuthoritiesEditor::appendCertsToItem( const QList<QSslCertificate>& certs,
263  QgsAuthAuthoritiesEditor::CaType catype,
264  QTreeWidgetItem *parent )
265 {
266  if ( certs.size() < 1 )
267  return;
268 
269  if ( !parent )
270  {
271  parent = treeWidgetCAs->currentItem();
272  }
273 
274  QBrush greenb( QgsAuthGuiUtils::greenColor() );
275  QBrush redb( QgsAuthGuiUtils::redColor() );
276 
277  QStringList trustedids = mCertTrustCache.value( QgsAuthCertUtils::Trusted );
278  QStringList untrustedids = mCertTrustCache.value( QgsAuthCertUtils::Untrusted );
279 
280  // Columns: Common Name, Serial #, Expiry Date
281  Q_FOREACH ( const QSslCertificate& cert, certs )
282  {
283  QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
284 
285  QStringList coltxts;
286  coltxts << QgsAuthCertUtils::resolvedCertName( cert );
287  coltxts << QString( cert.serialNumber() );
288  coltxts << cert.expiryDate().toString();
289 
290  // trust policy
291  QString policy( QgsAuthCertUtils::getCertTrustName( mDefaultTrustPolicy ) );
292  if ( trustedids.contains( id ) )
293  {
294  policy = QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Trusted );
295  }
296  else if ( untrustedids.contains( id ) || !cert.isValid() )
297  {
298  policy = QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Untrusted );
299  }
300  coltxts << policy;
301 
302  QTreeWidgetItem * item( new QTreeWidgetItem( parent, coltxts, ( int )catype ) );
303 
304  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificate.svg" ) );
305  if ( !cert.isValid() )
306  {
307  item->setForeground( 2, redb );
308  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateUntrusted.svg" ) );
309  }
310 
311  if ( trustedids.contains( id ) )
312  {
313  item->setForeground( 3, greenb );
314  if ( cert.isValid() )
315  {
316  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateTrusted.svg" ) );
317  }
318  }
319  else if ( untrustedids.contains( id ) )
320  {
321  item->setForeground( 3, redb );
322  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateUntrusted.svg" ) );
323  }
324  else if ( mDefaultTrustPolicy == QgsAuthCertUtils::Untrusted )
325  {
326  item->setIcon( 0, QgsApplication::getThemeIcon( "/mIconCertificateUntrusted.svg" ) );
327  }
328 
329  item->setData( 0, Qt::UserRole, id );
330  }
331 
332  parent->sortChildren( 0, Qt::AscendingOrder );
333 }
334 
335 void QgsAuthAuthoritiesEditor::updateCertTrustPolicyCache()
336 {
337  mCertTrustCache = QgsAuthManager::instance()->getCertTrustCache();
338 }
339 
340 void QgsAuthAuthoritiesEditor::populateUtilitiesMenu()
341 {
342  mActionDefaultTrustPolicy = new QAction( "Change default trust policy", this );
343  connect( mActionDefaultTrustPolicy, SIGNAL( triggered() ), this, SLOT( editDefaultTrustPolicy() ) );
344 
345  mActionShowTrustedCAs = new QAction( "Show trusted authorities/issuers", this );
346  connect( mActionShowTrustedCAs, SIGNAL( triggered() ), this, SLOT( showTrustedCertificateAuthorities() ) );
347 
348  mUtilitiesMenu = new QMenu( this );
349  mUtilitiesMenu->addAction( mActionDefaultTrustPolicy );
350  mUtilitiesMenu->addSeparator();
351  mUtilitiesMenu->addAction( mActionShowTrustedCAs );
352 
353  btnUtilities->setMenu( mUtilitiesMenu );
354 }
355 
356 void QgsAuthAuthoritiesEditor::showCertInfo( QTreeWidgetItem *item )
357 {
358  if ( !item )
359  return;
360 
361  QString digest( item->data( 0, Qt::UserRole ).toString() );
362 
363  QMap<QString, QPair<QgsAuthCertUtils::CaCertSource , QSslCertificate> > cacertscache(
364  QgsAuthManager::instance()->getCaCertsCache() );
365 
366  if ( !cacertscache.contains( digest ) )
367  {
368  QgsDebugMsg( "Certificate Authority not in CA certs cache" );
369  return;
370  }
371 
372  QSslCertificate cert( cacertscache.value( digest ).second );
373 
374  QgsAuthCertInfoDialog * dlg = new QgsAuthCertInfoDialog( cert, true, this );
375  dlg->setWindowModality( Qt::WindowModal );
376  dlg->resize( 675, 500 );
377  dlg->exec();
378  if ( dlg->trustCacheRebuilt() )
379  {
380  // QgsAuthManager::instance()->rebuildTrustedCaCertsCache() already called in dlg
381  populateCaCertsView();
382  }
383  dlg->deleteLater();
384 }
385 
386 void QgsAuthAuthoritiesEditor::selectionChanged( const QItemSelection& selected , const QItemSelection& deselected )
387 {
388  Q_UNUSED( selected );
389  Q_UNUSED( deselected );
390  checkSelection();
391 }
392 
393 void QgsAuthAuthoritiesEditor::checkSelection()
394 {
395  bool iscert = false;
396  bool isdbcert = false;
397  if ( treeWidgetCAs->selectionModel()->selection().length() > 0 )
398  {
399  QTreeWidgetItem* item( treeWidgetCAs->currentItem() );
400 
401  switch (( QgsAuthAuthoritiesEditor::CaType )item->type() )
402  {
403  case QgsAuthAuthoritiesEditor::RootCaCert:
404  iscert = true;
405  break;
406  case QgsAuthAuthoritiesEditor::FileCaCert:
407  iscert = true;
408  break;
409  case QgsAuthAuthoritiesEditor::DbCaCert:
410  iscert = true;
411  isdbcert = true;
412  break;
413  default:
414  break;
415  }
416  }
417 
418  btnRemoveCa->setEnabled( isdbcert );
419  btnInfoCa->setEnabled( iscert );
420 }
421 
422 void QgsAuthAuthoritiesEditor::handleDoubleClick( QTreeWidgetItem *item, int col )
423 {
424  Q_UNUSED( col );
425  bool iscert = true;
426 
427  switch (( QgsAuthAuthoritiesEditor::CaType )item->type() )
428  {
429  case QgsAuthAuthoritiesEditor::Section:
430  iscert = false;
431  break;
432  case QgsAuthAuthoritiesEditor::OrgName:
433  iscert = false;
434  break;
435  default:
436  break;
437  }
438 
439  if ( iscert )
440  {
441  showCertInfo( item );
442  }
443 }
444 
445 void QgsAuthAuthoritiesEditor::on_btnAddCa_clicked()
446 {
447  QgsAuthImportCertDialog *dlg = new QgsAuthImportCertDialog( this, QgsAuthImportCertDialog::CaFilter );
448  dlg->setWindowModality( Qt::WindowModal );
449  dlg->resize( 400, 450 );
450  if ( dlg->exec() )
451  {
452  const QList<QSslCertificate>& certs( dlg->certificatesToImport() );
453  if ( !QgsAuthManager::instance()->storeCertAuthorities( certs ) )
454  {
455  messageBar()->pushMessage( tr( "ERROR storing CA(s) in authentication database" ),
456  QgsMessageBar::CRITICAL );
457  }
458 
459  QgsAuthManager::instance()->rebuildCaCertsCache();
460 
461  if ( dlg->certTrustPolicy() != QgsAuthCertUtils::DefaultTrust )
462  {
463  Q_FOREACH ( const QSslCertificate& cert, certs )
464  {
465  if ( !QgsAuthManager::instance()->storeCertTrustPolicy( cert, dlg->certTrustPolicy() ) )
466  {
467  authMessageOut( QObject::tr( "Could not set trust policy for imported certificates" ),
468  QObject::tr( "Authorities Manager" ),
469  QgsAuthManager::WARNING );
470  }
471  }
472  QgsAuthManager::instance()->rebuildCertTrustCache();
473  updateCertTrustPolicyCache();
474  }
475 
476  QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
477  populateDatabaseCaCerts();
478  mDbCaSecItem->setExpanded( true );
479  }
480  dlg->deleteLater();
481 }
482 
483 void QgsAuthAuthoritiesEditor::on_btnRemoveCa_clicked()
484 {
485  QTreeWidgetItem* item( treeWidgetCAs->currentItem() );
486 
487  if ( !item )
488  {
489  QgsDebugMsg( "Current tree widget item not set" );
490  return;
491  }
492 
493  QString digest( item->data( 0, Qt::UserRole ).toString() );
494 
495  if ( digest.isEmpty() )
496  {
497  messageBar()->pushMessage( tr( "Certificate id missing" ),
498  QgsMessageBar::WARNING );
499  return;
500  }
501 
502  QMap<QString, QSslCertificate> mappedcerts(
503  QgsAuthManager::instance()->getMappedDatabaseCAs() );
504 
505  if ( !mappedcerts.contains( digest ) )
506  {
507  QgsDebugMsg( "Certificate Authority not in mapped database CAs" );
508  return;
509  }
510 
511  if ( QMessageBox::warning(
512  this, tr( "Remove Certificate Authority" ),
513  tr( "Are you sure you want to remove the selected "
514  "Certificate Authority from the database?\n\n"
515  "Operation can NOT be undone!" ),
516  QMessageBox::Ok | QMessageBox::Cancel,
517  QMessageBox::Cancel ) == QMessageBox::Cancel )
518  {
519  return;
520  }
521 
522  QSslCertificate cert( mappedcerts.value( digest ) );
523 
524  if ( cert.isNull() )
525  {
526  messageBar()->pushMessage( tr( "Certificate could not found in database for id %1:" ).arg( digest ),
527  QgsMessageBar::WARNING );
528  return;
529  }
530 
531  if ( !QgsAuthManager::instance()->removeCertAuthority( cert ) )
532  {
533  messageBar()->pushMessage( tr( "ERROR removing CA from authentication database for id %1:" ).arg( digest ),
534  QgsMessageBar::CRITICAL );
535  return;
536  }
537 
538  if ( !QgsAuthManager::instance()->removeCertTrustPolicy( cert ) )
539  {
540  messageBar()->pushMessage( tr( "ERROR removing cert trust policy from authentication database for id %1:" ).arg( digest ),
541  QgsMessageBar::CRITICAL );
542  return;
543  }
544 
545  QgsAuthManager::instance()->rebuildCaCertsCache();
546  QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
547  updateCertTrustPolicyCache();
548 
549  item->parent()->removeChild( item );
550  delete item;
551 
552 // populateDatabaseCaCerts();
553  mDbCaSecItem->setExpanded( true );
554 }
555 
556 void QgsAuthAuthoritiesEditor::on_btnInfoCa_clicked()
557 {
558  if ( treeWidgetCAs->selectionModel()->selection().length() > 0 )
559  {
560  QTreeWidgetItem* item( treeWidgetCAs->currentItem() );
561  handleDoubleClick( item, 0 );
562  }
563 }
564 
565 void QgsAuthAuthoritiesEditor::on_btnGroupByOrg_toggled( bool checked )
566 {
567  if ( !QgsAuthManager::instance()->storeAuthSetting( QString( "casortby" ), QVariant( checked ) ) )
568  {
569  authMessageOut( QObject::tr( "Could not store sort by preference" ),
570  QObject::tr( "Authorities Manager" ),
571  QgsAuthManager::WARNING );
572  }
573  populateCaCertsView();
574 }
575 
576 void QgsAuthAuthoritiesEditor::editDefaultTrustPolicy()
577 {
578  QDialog * dlg = new QDialog( this );
579  dlg->setWindowTitle( tr( "Default Trust Policy" ) );
580  QVBoxLayout *layout = new QVBoxLayout( dlg );
581 
582  QHBoxLayout *hlayout = new QHBoxLayout();
583 
584  QLabel * lblwarn = new QLabel( dlg );
585  QStyle *style = QApplication::style();
586  lblwarn->setPixmap( style->standardIcon( QStyle::SP_MessageBoxWarning ).pixmap( 48, 48 ) );
587  lblwarn->setSizePolicy( QSizePolicy::Fixed, QSizePolicy::Fixed );
588  hlayout->addWidget( lblwarn );
589 
590  QLabel *lbltxt = new QLabel( dlg );
591  lbltxt->setText( tr( "Changing the default certificate authority trust policy to 'Untrusted' "
592  "can cause unexpected SSL network connection results." ) );
593  lbltxt->setWordWrap( true );
594  hlayout->addWidget( lbltxt );
595 
596  layout->addLayout( hlayout );
597 
598  QHBoxLayout *hlayout2 = new QHBoxLayout();
599 
600  QLabel *lblpolicy = new QLabel( tr( "Default policy" ), dlg );
601  lblpolicy->setSizePolicy( QSizePolicy::Maximum, QSizePolicy::Preferred );
602  hlayout2->addWidget( lblpolicy );
603 
604  QComboBox *cmbpolicy = new QComboBox( dlg );
605  QList < QPair<QgsAuthCertUtils::CertTrustPolicy, QString> > policies;
606  policies << qMakePair( QgsAuthCertUtils::Trusted,
607  QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Trusted ) )
608  << qMakePair( QgsAuthCertUtils::Untrusted,
609  QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Untrusted ) );
610 
611  for ( int i = 0; i < policies.size(); i++ )
612  {
613  cmbpolicy->addItem( policies.at( i ).second, QVariant(( int )policies.at( i ).first ) );
614  }
615 
616  int idx = cmbpolicy->findData( QVariant(( int )mDefaultTrustPolicy ) );
617  cmbpolicy->setCurrentIndex( idx == -1 ? 0 : idx );
618  hlayout2->addWidget( cmbpolicy );
619 
620  layout->addLayout( hlayout2 );
621 
622  QDialogButtonBox *buttonBox = new QDialogButtonBox( QDialogButtonBox::Close | QDialogButtonBox::Ok,
623  Qt::Horizontal, dlg );
624  buttonBox->button( QDialogButtonBox::Close )->setDefault( true );
625 
626  layout->addWidget( buttonBox );
627 
628  connect( buttonBox, SIGNAL( accepted() ), dlg, SLOT( accept() ) );
629  connect( buttonBox, SIGNAL( rejected() ), dlg, SLOT( close() ) );
630 
631  dlg->setLayout( layout );
632  dlg->setWindowModality( Qt::WindowModal );
633  dlg->resize( 400, 200 );
634  dlg->setMinimumSize( 400, 200 );
635  dlg->setMaximumSize( 500, 300 );
636  if ( dlg->exec() )
637  {
638  QgsAuthCertUtils::CertTrustPolicy trustpolicy(
639  ( QgsAuthCertUtils::CertTrustPolicy )cmbpolicy->itemData( cmbpolicy->currentIndex() ).toInt() );
640  if ( mDefaultTrustPolicy != trustpolicy )
641  {
642  defaultTrustPolicyChanged( trustpolicy );
643  }
644  }
645  dlg->deleteLater();
646 }
647 
648 void QgsAuthAuthoritiesEditor::defaultTrustPolicyChanged( QgsAuthCertUtils::CertTrustPolicy trustpolicy )
649 {
650  if ( !QgsAuthManager::instance()->setDefaultCertTrustPolicy( trustpolicy ) )
651  {
652  authMessageOut( QObject::tr( "Could not store default trust policy" ),
653  QObject::tr( "Authorities Manager" ),
654  QgsAuthManager::CRITICAL );
655  }
656  mDefaultTrustPolicy = trustpolicy;
657  QgsAuthManager::instance()->rebuildCertTrustCache();
658  QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
659  populateCaCertsView();
660 }
661 
662 void QgsAuthAuthoritiesEditor::on_btnCaFile_clicked()
663 {
664  QgsAuthImportCertDialog *dlg = new QgsAuthImportCertDialog( this,
665  QgsAuthImportCertDialog::CaFilter,
666  QgsAuthImportCertDialog::FileInput );
667  dlg->setWindowModality( Qt::WindowModal );
668  dlg->resize( 400, 250 );
669  if ( dlg->exec() )
670  {
671  // clear out any currently defined file certs and their trust settings
672  if ( !leCaFile->text().isEmpty() )
673  {
674  on_btnCaFileClear_clicked();
675  }
676 
677  const QString& fn = dlg->certFileToImport();
678  leCaFile->setText( fn );
679 
680  if ( !QgsAuthManager::instance()->storeAuthSetting( QString( "cafile" ), QVariant( fn ) ) )
681  {
682  authMessageOut( QObject::tr( "Could not store 'CA file path' in authentication database" ),
683  QObject::tr( "Authorities Manager" ),
684  QgsAuthManager::WARNING );
685  }
686  if ( !QgsAuthManager::instance()->storeAuthSetting( QString( "cafileallowinvalid" ),
687  QVariant( dlg->allowInvalidCerts() ) ) )
688  {
689  authMessageOut( QObject::tr( "Could not store 'CA file allow invalids' setting in authentication database" ),
690  QObject::tr( "Authorities Manager" ),
691  QgsAuthManager::WARNING );
692  }
693 
694  QgsAuthManager::instance()->rebuildCaCertsCache();
695 
696  if ( dlg->certTrustPolicy() != QgsAuthCertUtils::DefaultTrust )
697  {
698  QList<QSslCertificate> certs( QgsAuthManager::instance()->getExtraFileCAs() );
699  Q_FOREACH ( const QSslCertificate& cert, certs )
700  {
701  if ( !QgsAuthManager::instance()->storeCertTrustPolicy( cert, dlg->certTrustPolicy() ) )
702  {
703  authMessageOut( QObject::tr( "Could not set trust policy for imported certificates" ),
704  QObject::tr( "Authorities Manager" ),
705  QgsAuthManager::WARNING );
706  }
707  }
708  QgsAuthManager::instance()->rebuildCertTrustCache();
709  updateCertTrustPolicyCache();
710  }
711 
712  QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
713 
714  populateFileCaCerts();
715  mFileCaSecItem->setExpanded( true );
716  }
717  dlg->deleteLater();
718 }
719 
720 void QgsAuthAuthoritiesEditor::on_btnCaFileClear_clicked()
721 {
722  if ( !QgsAuthManager::instance()->removeAuthSetting( QString( "cafile" ) ) )
723  {
724  authMessageOut( QObject::tr( "Could not remove 'CA file path' from authentication database" ),
725  QObject::tr( "Authorities Manager" ),
726  QgsAuthManager::WARNING );
727  return;
728  }
729  if ( !QgsAuthManager::instance()->removeAuthSetting( QString( "cafileallowinvalid" ) ) )
730  {
731  authMessageOut( QObject::tr( "Could not remove 'CA file allow invalids' setting from authentication database" ),
732  QObject::tr( "Authorities Manager" ),
733  QgsAuthManager::WARNING );
734  return;
735  }
736 
737  QgsAuthManager::instance()->rebuildCaCertsCache();
738 
739  QString fn( leCaFile->text() );
740  if ( QFile::exists( fn ) )
741  {
742  QList<QSslCertificate> certs( QgsAuthCertUtils::certsFromFile( fn ) );
743 
744  if ( !certs.isEmpty() )
745  {
746  if ( !QgsAuthManager::instance()->removeCertTrustPolicies( certs ) )
747  {
748  messageBar()->pushMessage( tr( "ERROR removing cert(s) trust policy from authentication database" ),
749  QgsMessageBar::CRITICAL );
750  return;
751  }
752  QgsAuthManager::instance()->rebuildCertTrustCache();
753  updateCertTrustPolicyCache();
754  }
755  }
756 
757  QgsAuthManager::instance()->rebuildTrustedCaCertsCache();
758 
759  leCaFile->clear();
760  populateFileCaCerts();
761 }
762 
763 void QgsAuthAuthoritiesEditor::showTrustedCertificateAuthorities()
764 {
765  QgsAuthTrustedCAsDialog *dlg = new QgsAuthTrustedCAsDialog( this );
766  dlg->setWindowModality( Qt::WindowModal );
767  dlg->resize( 675, 500 );
768  dlg->exec();
769  dlg->deleteLater();
770 }
771 
772 void QgsAuthAuthoritiesEditor::authMessageOut( const QString& message, const QString& authtag, QgsAuthManager::MessageLevel level )
773 {
774  int levelint = ( int )level;
775  messageBar()->pushMessage( authtag, message, ( QgsMessageBar::MessageLevel )levelint, 7 );
776 }
777 
778 void QgsAuthAuthoritiesEditor::showEvent( QShowEvent * e )
779 {
780  if ( !mDisabled )
781  {
782  treeWidgetCAs->setFocus();
783  }
784  QWidget::showEvent( e );
785 }
786 
787 QgsMessageBar * QgsAuthAuthoritiesEditor::messageBar()
788 {
789  return msgBar;
790 }
791 
792 int QgsAuthAuthoritiesEditor::messageTimeout()
793 {
794  QSettings settings;
795  return settings.value( "/qgis/messageTimeout", 5 ).toInt();
796 }
QWidget::layout
QLayout * layout() const
QObject::child
QObject * child(const char *objName, const char *inheritsClass, bool recursiveSearch) const
QgsAuthManager::rebuildTrustedCaCertsCache
bool rebuildTrustedCaCertsCache()
Rebuild trusted certificate authorities cache.
Definition: qgsauthmanager.cpp:2748
QDateTime::toString
QString toString(Qt::DateFormat format) const
QWidget::close
bool close()
QWidget::setupUi
void setupUi(QWidget *widget)
QMap::contains
bool contains(const Key &key) const
QgsAuthManager::instance
static QgsAuthManager * instance()
Enforce singleton pattern.
Definition: qgsauthmanager.cpp:62
QSslCertificate::isValid
bool isValid() const
QWidget::setWindowModality
void setWindowModality(Qt::WindowModality windowModality)
QgsDebugMsg
#define QgsDebugMsg(str)
Definition: qgslogger.h:33
QTreeWidgetItem::setFont
void setFont(int column, const QFont &font)
QWidget::style
QStyle * style() const
QgsApplication::getThemeIcon
static QIcon getThemeIcon(const QString &theName)
Helper to get a theme icon.
Definition: qgsapplication.cpp:413
QLabel::setPixmap
void setPixmap(const QPixmap &)
QMap::constBegin
const_iterator constBegin() const
setItemBold_
static void setItemBold_(QTreeWidgetItem *item)
Definition: qgsauthauthoritieseditor.cpp:106
QList::at
const T & at(int i) const
QgsAuthCertUtils::certsFromFile
static QList< QSslCertificate > certsFromFile(const QString &certspath)
Return list of concatenated certs from a PEM or DER formatted file.
Definition: qgsauthcertutils.cpp:118
QMenu::addAction
void addAction(QAction *action)
QStringList::contains
bool contains(const QString &str, Qt::CaseSensitivity cs) const
QTreeWidgetItem::setIcon
void setIcon(int column, const QIcon &icon)
QgsMessageBar
A bar for displaying non-blocking messages to the user.
Definition: qgsmessagebar.h:42
QDialog::exec
int exec()
QTreeWidgetItem::setFirstColumnSpanned
void setFirstColumnSpanned(bool span)
QTreeWidgetItem::setData
virtual void setData(int column, int role, const QVariant &value)
QFile::exists
bool exists() const
QgsAuthImportCertDialog::allowInvalidCerts
bool allowInvalidCerts()
Whether to allow importation of invalid certificates (so trust policy can be overridden) ...
Definition: qgsauthimportcertdialog.cpp:125
QgsAuthImportCertDialog::certFileToImport
const QString certFileToImport()
Get the file path to a certificate to import.
Definition: qgsauthimportcertdialog.cpp:101
QTreeWidgetItem::data
virtual QVariant data(int column, int role) const
QTreeWidgetItem::isExpanded
bool isExpanded() const
QObject::tr
QString tr(const char *sourceText, const char *disambiguation, int n)
QgsAuthManager::MessageLevel
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
Definition: qgsauthmanager.h:62
QgsAuthManager::rebuildCaCertsCache
bool rebuildCaCertsCache()
Rebuild certificate authority cache.
Definition: qgsauthmanager.cpp:2470
QgsAuthCertUtils
Utilities for working with certificates and keys.
Definition: qgsauthcertutils.h:43
QgsAuthAuthoritiesEditor::showEvent
void showEvent(QShowEvent *e) override
Overridden show event of base widget.
Definition: qgsauthauthoritieseditor.cpp:778
QIcon::pixmap
QPixmap pixmap(const QSize &size, Mode mode, State state) const
QList::size
int size() const
QgsAuthManager::getAuthSetting
QVariant getAuthSetting(const QString &key, const QVariant &defaultValue=QVariant(), bool decrypt=false)
Get an authentication setting (retrieved as string and returned as QVariant( QString )) ...
Definition: qgsauthmanager.cpp:1485
QComboBox::addItem
void addItem(const QString &text, const QVariant &userData)
QTreeWidgetItem::sortChildren
void sortChildren(int column, Qt::SortOrder order)
QFont::setBold
void setBold(bool enable)
QWidget::resize
void resize(int w, int h)
QWidget::setMinimumSize
void setMinimumSize(const QSize &)
QTreeWidgetItem::setFlags
void setFlags(QFlags< Qt::ItemFlag > flags)
QgsAuthImportCertDialog::certTrustPolicy
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy()
Defined trust policy for imported certificates.
Definition: qgsauthimportcertdialog.cpp:134
QColor::fromRgb
QColor fromRgb(QRgb rgb)
QgsMessageBar::pushMessage
void pushMessage(const QString &text, MessageLevel level=INFO, int duration=5)
convenience method for pushing a message to the bar
Definition: qgsmessagebar.h:90
QBoxLayout::addWidget
void addWidget(QWidget *widget, int stretch, QFlags< Qt::AlignmentFlag > alignment)
QWidget::showEvent
virtual void showEvent(QShowEvent *event)
QgsAuthGuiUtils::redColor
static QColor redColor()
Red color representing invalid, untrusted, etc.
Definition: qgsauthguiutils.cpp:40
QgsAuthCertInfoDialog
Dialog wrapper for widget displaying detailed info on a certificate and its hierarchical trust chain...
Definition: qgsauthcertificateinfo.h:140
QWidget::setLayout
void setLayout(QLayout *layout)
QTreeWidgetItem::removeChild
void removeChild(QTreeWidgetItem *child)
QgsAuthGuiUtils::greenColor
static QColor greenColor()
Green color representing valid, trusted, etc.
Definition: qgsauthguiutils.cpp:30
QVariant::toInt
int toInt(bool *ok) const
QVariant::isNull
bool isNull() const
QTreeWidgetItem::takeChildren
QList< QTreeWidgetItem * > takeChildren()
QList::isEmpty
bool isEmpty() const
QMap::constEnd
const_iterator constEnd() const
QTreeWidgetItem::font
QFont font(int column) const
QgsAuthManager::removeCertTrustPolicies
bool removeCertTrustPolicies(const QList< QSslCertificate > &certs)
Remove a group certificate authorities.
Definition: qgsauthmanager.cpp:2561
QObject::deleteLater
void deleteLater()
QLabel::setText
void setText(const QString &)
QMenu::addSeparator
QAction * addSeparator()
QgsAuthAuthoritiesEditor::QgsAuthAuthoritiesEditor
QgsAuthAuthoritiesEditor(QWidget *parent=nullptr)
Widget for viewing and editing certificate authorities directly in database.
Definition: qgsauthauthoritieseditor.cpp:42
QWidget::setSizePolicy
void setSizePolicy(QSizePolicy)
QgsAuthImportCertDialog
Widget for importing a certificate into the authentication database.
Definition: qgsauthimportcertdialog.h:31
QgsAuthManager::getCertTrustCache
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > getCertTrustCache()
Get cache of certificate sha1s, per trust policy.
Definition: qgsauthmanager.h:474
QComboBox::itemData
QVariant itemData(int index, int role) const
QStyle::standardIcon
QIcon standardIcon(StandardPixmap standardIcon, const QStyleOption *option, const QWidget *widget) const
QTreeWidgetItem::parent
QTreeWidgetItem * parent() const
QgsAuthManager::storeCertAuthorities
bool storeCertAuthorities(const QList< QSslCertificate > &certs)
Store multiple certificate authorities.
Definition: qgsauthmanager.cpp:2243
QgsAuthImportCertDialog::certificatesToImport
const QList< QSslCertificate > certificatesToImport()
Get list of certificate objects to import.
Definition: qgsauthimportcertdialog.cpp:92
QFont::setItalic
void setItalic(bool enable)
QWidget::setMaximumSize
void setMaximumSize(const QSize &)
QMap::key
const Key key(const T &value) const
QgsAuthCertUtils::shaHexForCert
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Get the sha1 hash for certificate.
Definition: qgsauthcertutils.cpp:413
QSettings::value
QVariant value(const QString &key, const QVariant &defaultValue) const
QSslCertificate::serialNumber
QByteArray serialNumber() const
QTreeWidgetItem::setExpanded
void setExpanded(bool expand)
QSslCertificate::expiryDate
QDateTime expiryDate() const
QComboBox::findData
int findData(const QVariant &data, int role, QFlags< Qt::MatchFlag > flags) const
QApplication::style
QStyle * style()
QWidget::setWindowTitle
void setWindowTitle(const QString &)
removeChildren_
static void removeChildren_(QTreeWidgetItem *item)
Definition: qgsauthauthoritieseditor.cpp:169
QComboBox::setCurrentIndex
void setCurrentIndex(int index)
QVariant::toBool
bool toBool() const
QDialogButtonBox::button
QPushButton * button(StandardButton which) const
QMessageBox::warning
StandardButton warning(QWidget *parent, const QString &title, const QString &text, QFlags< QMessageBox::StandardButton > buttons, StandardButton defaultButton)
QgsAuthCertUtils::certsGroupedByOrg
static QMap< QString, QList< QSslCertificate > > certsGroupedByOrg(const QList< QSslCertificate > &certs)
Map certificates to their oraganization.
Definition: qgsauthcertutils.cpp:60
QTreeWidgetItem::type
int type() const
QgsAuthTrustedCAsDialog
Widget for listing trusted Certificate (Intermediate) Authorities used in secure connections.
Definition: qgsauthtrustedcasdialog.h:32
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:56
QgsAuthManager::defaultCertTrustPolicy
QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy()
Get the default certificate trust policy perferred by user.
Definition: qgsauthmanager.cpp:2643
QObject::connect
bool connect(const QObject *sender, const char *signal, const QObject *receiver, const char *method, Qt::ConnectionType type)
QObject::parent
QObject * parent() const
QgsAuthCertUtils::getCertTrustName
static QString getCertTrustName(QgsAuthCertUtils::CertTrustPolicy trust)
Get the general name for certificate trust.
Definition: qgsauthcertutils.cpp:385
QBrush::setColor
void setColor(const QColor &color)
QPushButton::setDefault
void setDefault(bool)
QVariant::toString
QString toString() const
QgsAuthCertUtils::getCaSourceName
static QString getCaSourceName(QgsAuthCertUtils::CaCertSource source, bool single=false)
Get the general name for CA source enum type.
Definition: qgsauthcertutils.cpp:280
QgsAuthCertUtils::resolvedCertName
static QString resolvedCertName(const QSslCertificate &cert, bool issuer=false)
Get the general name via RFC 5280 resolution.
Definition: qgsauthcertutils.cpp:297
QTreeWidgetItem::setForeground
void setForeground(int column, const QBrush &brush)
QLabel::setWordWrap
void setWordWrap(bool on)
QBoxLayout::addLayout
void addLayout(QLayout *layout, int stretch)
QMap::value
const T value(const Key &key) const
QgsAuthManager::rebuildCertTrustCache
bool rebuildCertTrustCache()
Rebuild certificate authority cache.
Definition: qgsauthmanager.cpp:2654
Generated on Sun Jun 24 2018 11:42:48 for QGIS API Documentation by   doxygen 1.8.13