api/2.18/qgsauthmanager_8h_source.html

 /***************************************************************************
     qgsauthmanager.h
     ---------------------
     begin                : October 5, 2014
     copyright            : (C) 2014 by Boundless Spatial, Inc. USA
     author               : Larry Shaffer
     email                : lshaffer at boundlessgeo dot com
  ***************************************************************************
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
  *   it under the terms of the GNU General Public License as published by  *
  *   the Free Software Foundation; either version 2 of the License, or     *
  *   (at your option) any later version.                                   *
  *                                                                         *
  ***************************************************************************/

 #ifndef QGSAUTHMANAGER_H
 #define QGSAUTHMANAGER_H

 #include <QObject>
 #include <QMutex>
 #include <QNetworkReply>
 #include <QNetworkRequest>
 #include <QSqlDatabase>
 #include <QSqlError>
 #include <QSqlQuery>
 #include <QStringList>

 #ifndef QT_NO_OPENSSL
 #include <QSslCertificate>
 #include <QSslKey>
 #include <QtCrypto>
 #include "qgsauthcertutils.h"
 #endif

 #include "qgsauthconfig.h"
 #include "qgsauthmethod.h"
 #include "qgsdatasourceuri.h"

 namespace QCA
 {
   class Initializer;
 }
 class QgsAuthMethod;
 class QgsAuthMethodEdit;
 class QgsAuthProvider;
 class QTimer;


 class CORE_EXPORT QgsAuthManager : public QObject
 {
     Q_OBJECT
     Q_ENUMS( MessageLevel )

   public:

     enum MessageLevel
     {
       INFO = 0,
       WARNING = 1,
       CRITICAL = 2
     };

     static QgsAuthManager *instance();

     ~QgsAuthManager();

     QSqlDatabase authDbConnection() const;

     const QString authDbConfigTable() const { return smAuthConfigTable; }

     const QString authDbServersTable() const { return smAuthServersTable; }

     bool init( const QString& pluginPath = QString::null );

     bool isDisabled() const;

     const QString disabledMessage() const;

     const QString authenticationDbPath() const { return mAuthDbPath; }

     bool setMasterPassword( bool verify = false );

     bool setMasterPassword( const QString& pass, bool verify = false );

     bool verifyMasterPassword( const QString &compare = QString::null );

     bool masterPasswordIsSet() const;

     bool masterPasswordHashInDb() const;

     void clearMasterPassword() { mMasterPass = QString(); }

     bool masterPasswordSame( const QString& pass ) const;

     bool resetMasterPassword( const QString& newpass, const QString& oldpass, bool keepbackup, QString *backuppath = nullptr );

     bool scheduledAuthDbErase() { return mScheduledDbErase; }

     void setScheduledAuthDbErase( bool scheduleErase );

     void setScheduledAuthDbEraseRequestEmitted( bool emitted ) { mScheduledDbEraseRequestEmitted = emitted; }

     QString authManTag() const { return smAuthManTag; }

     bool registerCoreAuthMethods();

     QgsAuthMethodConfigsMap availableAuthMethodConfigs( const QString &dataprovider = QString() );

     void updateConfigAuthMethods();

     QgsAuthMethod *configAuthMethod( const QString& authcfg );

     QString configAuthMethodKey( const QString& authcfg ) const;

     QStringList authMethodsKeys( const QString &dataprovider = QString() );

     QgsAuthMethod *authMethod( const QString &authMethodKey );

     QgsAuthMethodsMap authMethodsMap( const QString &dataprovider = QString() );

     QWidget *authMethodEditWidget( const QString &authMethodKey, QWidget *parent );

     QgsAuthMethod::Expansions supportedAuthMethodExpansions( const QString &authcfg );

     const QString uniqueConfigId() const;

     bool configIdUnique( const QString &id ) const;

     bool hasConfigId( const QString &txt ) const;

     QString configIdRegex() const { return smAuthCfgRegex;}

     QStringList configIds() const;

     bool storeAuthenticationConfig( QgsAuthMethodConfig &mconfig );

     bool updateAuthenticationConfig( const QgsAuthMethodConfig& config );

     bool loadAuthenticationConfig( const QString& authcfg, QgsAuthMethodConfig &mconfig, bool full = false );

     bool removeAuthenticationConfig( const QString& authcfg );

     bool removeAllAuthenticationConfigs();

     bool backupAuthenticationDatabase( QString *backuppath = nullptr );

     bool eraseAuthenticationDatabase( bool backup, QString *backuppath = nullptr );


     bool updateNetworkRequest( QNetworkRequest &request, const QString& authcfg,
                                const QString &dataprovider = QString() );

     bool updateNetworkReply( QNetworkReply *reply, const QString& authcfg,
                              const QString &dataprovider = QString() );

     bool updateDataSourceUriItems( QStringList &connectionItems, const QString& authcfg,
                                    const QString &dataprovider = QString() );


     bool storeAuthSetting( const QString& key, const QVariant& value, bool encrypt = false );

     QVariant getAuthSetting( const QString& key, const QVariant& defaultValue = QVariant(), bool decrypt = false );

     bool existsAuthSetting( const QString& key );

     bool removeAuthSetting( const QString& key );

 #ifndef QT_NO_OPENSSL

     bool initSslCaches();

     bool storeCertIdentity( const QSslCertificate& cert, const QSslKey& key );

     const QSslCertificate getCertIdentity( const QString& id );

     const QPair<QSslCertificate, QSslKey> getCertIdentityBundle( const QString& id );

     const QStringList getCertIdentityBundleToPem( const QString& id );

     const QList<QSslCertificate> getCertIdentities();

     QStringList getCertIdentityIds() const;

     bool existsCertIdentity( const QString& id );

     bool removeCertIdentity( const QString& id );


     bool storeSslCertCustomConfig( const QgsAuthConfigSslServer& config );

     const QgsAuthConfigSslServer getSslCertCustomConfig( const QString& id, const QString &hostport );

     const QgsAuthConfigSslServer getSslCertCustomConfigByHost( const QString& hostport );

     const QList<QgsAuthConfigSslServer> getSslCertCustomConfigs();

     bool existsSslCertCustomConfig( const QString& id, const QString &hostport );

     bool removeSslCertCustomConfig( const QString& id, const QString &hostport );

     QHash<QString, QSet<QSslError::SslError> > getIgnoredSslErrorCache() { return mIgnoredSslErrorsCache; }

     void dumpIgnoredSslErrorsCache_();

     bool updateIgnoredSslErrorsCacheFromConfig( const QgsAuthConfigSslServer &config );

     bool updateIgnoredSslErrorsCache( const QString &shahostport, const QList<QSslError> &errors );

     bool rebuildIgnoredSslErrorCache();


     bool storeCertAuthorities( const QList<QSslCertificate>& certs );

     bool storeCertAuthority( const QSslCertificate& cert );

     const QSslCertificate getCertAuthority( const QString& id );

     bool existsCertAuthority( const QSslCertificate& cert );

     bool removeCertAuthority( const QSslCertificate& cert );

     const QList<QSslCertificate> getSystemRootCAs();

     const QList<QSslCertificate> getExtraFileCAs();

     const QList<QSslCertificate> getDatabaseCAs();

     const QMap<QString, QSslCertificate> getMappedDatabaseCAs();

     const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource , QSslCertificate> > getCaCertsCache()
     {
       return mCaCertsCache;
     }

     bool rebuildCaCertsCache();

     bool storeCertTrustPolicy( const QSslCertificate& cert, QgsAuthCertUtils::CertTrustPolicy policy );

     QgsAuthCertUtils::CertTrustPolicy getCertTrustPolicy( const QSslCertificate& cert );

     bool removeCertTrustPolicies( const QList<QSslCertificate>& certs );

     bool removeCertTrustPolicy( const QSslCertificate& cert );

     QgsAuthCertUtils::CertTrustPolicy getCertificateTrustPolicy( const QSslCertificate& cert );

     bool setDefaultCertTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy );

     QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy();

     const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > getCertTrustCache() { return mCertTrustCache; }

     bool rebuildCertTrustCache();

     const QList<QSslCertificate> getTrustedCaCerts( bool includeinvalid = false );

     const QList<QSslCertificate> getUntrustedCaCerts( QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );

     bool rebuildTrustedCaCertsCache();

     const QList<QSslCertificate> getTrustedCaCertsCache() { return mTrustedCaCertsCache; }

     const QByteArray getTrustedCaCertsPemText();

 #endif

     QMutex *mutex() { return mMutex; }

   signals:
     void messageOut( const QString& message, const QString& tag = smAuthManTag, QgsAuthManager::MessageLevel level = INFO ) const;

     void masterPasswordVerified( bool verified ) const;

     void authDatabaseEraseRequested() const;

     void authDatabaseChanged() const;

   public slots:
     void clearAllCachedConfigs();

     void clearCachedConfig( const QString& authcfg );

   private slots:
     void writeToConsole( const QString& message, const QString& tag = QString(), QgsAuthManager::MessageLevel level = INFO );

     void tryToStartDbErase();

   protected:
     explicit QgsAuthManager();

   private:

     bool createConfigTables();

     bool createCertTables();

     bool masterPasswordInput();

     bool masterPasswordRowsInDb( int *rows ) const;

     bool masterPasswordCheckAgainstDb( const QString &compare = QString::null ) const;

     bool masterPasswordStoreInDb() const;

     bool masterPasswordClearDb();

     const QString masterPasswordCiv() const;

     bool verifyPasswordCanDecryptConfigs() const;

     bool reencryptAllAuthenticationConfigs( const QString& prevpass, const QString& prevciv );

     bool reencryptAuthenticationConfig( const QString& authcfg, const QString& prevpass, const QString& prevciv );

     bool reencryptAllAuthenticationSettings( const QString& prevpass, const QString& prevciv );

     bool reencryptAllAuthenticationIdentities( const QString& prevpass, const QString& prevciv );

     bool reencryptAuthenticationIdentity( const QString& identid, const QString& prevpass, const QString& prevciv );

     bool authDbOpen() const;

     bool authDbQuery( QSqlQuery *query ) const;

     bool authDbStartTransaction() const;

     bool authDbCommit() const;

     bool authDbTransactionQuery( QSqlQuery *query ) const;

 #ifndef QT_NO_OPENSSL
     void insertCaCertInCache( QgsAuthCertUtils::CaCertSource source, const QList<QSslCertificate> &certs );
 #endif

     const QString authDbPassTable() const { return smAuthPassTable; }

     const QString authDbSettingsTable() const { return smAuthSettingsTable; }

     const QString authDbIdentitiesTable() const { return smAuthIdentitiesTable; }

     const QString authDbAuthoritiesTable() const { return smAuthAuthoritiesTable; }

     const QString authDbTrustTable() const { return smAuthTrustTable; }

     static QgsAuthManager* smInstance;
     static const QString smAuthConfigTable;
     static const QString smAuthPassTable;
     static const QString smAuthSettingsTable;
     static const QString smAuthIdentitiesTable;
     static const QString smAuthServersTable;
     static const QString smAuthAuthoritiesTable;
     static const QString smAuthTrustTable;
     static const QString smAuthManTag;
     static const QString smAuthCfgRegex;

     bool mAuthInit;
     QString mAuthDbPath;

     QCA::Initializer * mQcaInitializer;

     QHash<QString, QString> mConfigAuthMethods;
     QHash<QString, QgsAuthMethod*> mAuthMethods;

     QString mMasterPass;
     int mPassTries;
     bool mAuthDisabled;
     QString mAuthDisabledMessage;
     QTimer *mScheduledDbEraseTimer;
     bool mScheduledDbErase;
     int mScheduledDbEraseRequestWait; // in seconds
     bool mScheduledDbEraseRequestEmitted;
     int mScheduledDbEraseRequestCount;
     QMutex *mMutex;

 #ifndef QT_NO_OPENSSL
     // mapping of sha1 digest and cert source and cert
     // appending removes duplicates
     QMap<QString, QPair<QgsAuthCertUtils::CaCertSource , QSslCertificate> > mCaCertsCache;
     // list of sha1 digests per policy
     QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;
     // cache of certs ready to be utilized in network connections
     QList<QSslCertificate> mTrustedCaCertsCache;
     // cache of SSL errors to be ignored in network connections, per sha-hostport
     QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;
 #endif
 };

 #endif // QGSAUTHMANAGER_H
QgsAuthManager
Singleton offering an interface to manage the authentication configuration database and to utilize co...
Definition: qgsauthmanager.h:54

QMutex

QWidget

QSslKey

QByteArray

QgsAuthManager::scheduledAuthDbErase
bool scheduledAuthDbErase()
Whether there is a scheduled opitonal erase of authentication database.
Definition: qgsauthmanager.h:146

qgsauthmethod.h

QNetworkReply

qgsdatasourceuri.h

QMap

QgsAuthManager::authDbConfigTable
const QString authDbConfigTable() const
Name of the authentication database table that stores configs.
Definition: qgsauthmanager.h:80

QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition: qgsauthconfig.h:291

QgsAuthMethodEdit
Abstract base class for the edit widget of authentication method plugins.
Definition: qgsauthmethodedit.h:28

qgsauthcertutils.h

QgsAuthManager::MessageLevel
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
Definition: qgsauthmanager.h:62

QSqlDatabase

QNetworkRequest

QTimer

QHash

QgsAuthManager::authManTag
QString authManTag() const
Simple text tag describing authentication system for message logs.
Definition: qgsauthmanager.h:171

QObject

QgsAuthMethodConfig
Configuration storage class for authentication method configurations.
Definition: qgsauthconfig.h:36

QgsAuthManager::getTrustedCaCertsCache
const QList< QSslCertificate > getTrustedCaCertsCache()
Get cache of trusted certificate authorities, ready for network connections.
Definition: qgsauthmanager.h:489

QSqlQuery

QgsAuthManager::authenticationDbPath
const QString authenticationDbPath() const
The standard authentication database file in ~/.qgis2/ or defined location.
Definition: qgsauthmanager.h:97

QCA
Definition: qgsauthmanager.h:40

QString

QList< QSslCertificate >

QgsAuthManager::authDbServersTable
const QString authDbServersTable() const
Name of the authentication database table that stores server exceptions/configs.
Definition: qgsauthmanager.h:83

QStringList

QPair< QSslCertificate, QSslKey >

QgsAuthManager::getCertTrustCache
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > getCertTrustCache()
Get cache of certificate sha1s, per trust policy.
Definition: qgsauthmanager.h:474

qgsauthconfig.h

QgsAuthManager::setScheduledAuthDbEraseRequestEmitted
void setScheduledAuthDbEraseRequestEmitted(bool emitted)
Re-emit a signal to schedule an optional erase of authentication database.
Definition: qgsauthmanager.h:168

QgsAuthMethod
Abstract base class for authentication method plugins.
Definition: qgsauthmethod.h:33

QgsAuthCertUtils::CaCertSource
CaCertSource
Type of CA certificate source.
Definition: qgsauthcertutils.h:47

QgsAuthManager::getCaCertsCache
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > getCaCertsCache()
Get all CA certs mapped to their sha1 from cache.
Definition: qgsauthmanager.h:442

QgsAuthManager::clearMasterPassword
void clearMasterPassword()
Clear supplied master password.
Definition: qgsauthmanager.h:127

QgsAuthManager::getIgnoredSslErrorCache
QHash< QString, QSet< QSslError::SslError > > getIgnoredSslErrorCache()
Get ignored SSL error cache, keyed with cert/connection&#39;s sha:host:port.
Definition: qgsauthmanager.h:397

QgsAuthManager::configIdRegex
QString configIdRegex() const
Return regular expression for authcfg=.
Definition: qgsauthmanager.h:241

QgsAuthManager::mutex
QMutex * mutex()
Return pointer to mutex.
Definition: qgsauthmanager.h:497

QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:56

QVariant

QSslCertificate