17 #ifndef QGSAUTHMANAGER_H 18 #define QGSAUTHMANAGER_H 20 #include "qgis_core.h" 24 #include <QNetworkReply> 25 #include <QNetworkRequest> 26 #include <QSqlDatabase> 29 #include <QStringList> 32 #include <QSslCertificate> 52 class QgsAuthProvider;
84 bool init(
const QString &pluginPath = QString(),
const QString &authDatabasePath = QString() );
89 QSqlDatabase authDatabaseConnection()
const;
99 bool isDisabled()
const;
102 const QString disabledMessage()
const;
115 bool setMasterPassword(
bool verify =
false );
123 bool setMasterPassword(
const QString &pass,
bool verify =
false );
130 bool verifyMasterPassword(
const QString &compare = QString() );
133 bool masterPasswordIsSet()
const;
136 bool masterPasswordHashInDatabase()
const;
148 bool masterPasswordSame(
const QString &pass )
const;
158 bool resetMasterPassword(
const QString &newpass,
const QString &oldpass,
bool keepbackup, QString *backuppath
SIP_INOUT =
nullptr );
178 void setScheduledAuthDatabaseErase(
bool scheduleErase )
SIP_SKIP;
194 bool registerCoreAuthMethods();
200 void updateConfigAuthMethods();
212 QString configAuthMethodKey(
const QString &authcfg )
const;
217 QStringList authMethodsKeys(
const QString &dataprovider = QString() );
237 QWidget *authMethodEditWidget(
const QString &authMethodKey, QWidget *parent );
243 QgsAuthMethod::Expansions supportedAuthMethodExpansions(
const QString &authcfg );
246 const QString uniqueConfigId()
const;
252 bool configIdUnique(
const QString &
id )
const;
258 bool hasConfigId(
const QString &txt )
const;
264 QStringList configIds()
const;
287 bool loadAuthenticationConfig(
const QString &authcfg,
QgsAuthMethodConfig &mconfig SIP_INOUT,
bool full =
false );
294 bool removeAuthenticationConfig(
const QString &authcfg );
300 bool removeAllAuthenticationConfigs();
306 bool backupAuthenticationDatabase( QString *backuppath SIP_INOUT =
nullptr );
314 bool eraseAuthenticationDatabase(
bool backup, QString *backuppath SIP_INOUT =
nullptr );
326 bool updateNetworkRequest( QNetworkRequest &request SIP_INOUT,
const QString &authcfg,
327 const QString &dataprovider = QString() );
336 bool updateNetworkReply( QNetworkReply *reply,
const QString &authcfg,
337 const QString &dataprovider = QString() );
346 bool updateDataSourceUriItems( QStringList &connectionItems SIP_INOUT,
const QString &authcfg,
347 const QString &dataprovider = QString() );
356 bool updateNetworkProxy( QNetworkProxy &proxy SIP_INOUT,
const QString &authcfg,
357 const QString &dataprovider = QString() );
362 bool storeAuthSetting(
const QString &key,
const QVariant &value,
bool encrypt =
false );
372 QVariant authSetting(
const QString &key,
const QVariant &defaultValue = QVariant(),
bool decrypt =
false );
375 bool existsAuthSetting(
const QString &key );
378 bool removeAuthSetting(
const QString &key );
384 bool initSslCaches();
387 bool storeCertIdentity(
const QSslCertificate &cert,
const QSslKey &key );
395 const QSslCertificate certIdentity(
const QString &
id );
404 const QPair<QSslCertificate, QSslKey> certIdentityBundle(
const QString &
id )
SIP_SKIP;
412 const QStringList certIdentityBundleToPem(
const QString &
id );
419 const QList<QSslCertificate> certIdentities();
428 QStringList certIdentityIds()
const;
431 bool existsCertIdentity(
const QString &
id );
434 bool removeCertIdentity(
const QString &
id );
462 const QList<QgsAuthConfigSslServer> sslCertCustomConfigs();
465 bool existsSslCertCustomConfig(
const QString &
id,
const QString &hostport );
468 bool removeSslCertCustomConfig(
const QString &
id,
const QString &hostport );
479 void dumpIgnoredSslErrorsCache_();
485 bool updateIgnoredSslErrorsCache(
const QString &shahostport,
const QList<QSslError> &errors );
488 bool rebuildIgnoredSslErrorCache();
492 bool storeCertAuthorities(
const QList<QSslCertificate> &certs );
495 bool storeCertAuthority(
const QSslCertificate &cert );
505 const QSslCertificate certAuthority(
const QString &
id );
508 bool existsCertAuthority(
const QSslCertificate &cert );
511 bool removeCertAuthority(
const QSslCertificate &cert );
518 const QList<QSslCertificate> systemRootCAs();
525 const QList<QSslCertificate> extraFileCAs();
532 const QList<QSslCertificate> databaseCAs();
539 const QMap<QString, QSslCertificate> mappedDatabaseCAs();
547 const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> >
caCertsCache() SIP_SKIP
549 return mCaCertsCache;
553 bool rebuildCaCertsCache();
567 bool removeCertTrustPolicies(
const QList<QSslCertificate> &certs );
570 bool removeCertTrustPolicy(
const QSslCertificate &cert );
591 const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList >
certTrustCache() {
return mCertTrustCache; }
594 bool rebuildCertTrustCache();
602 const QList<QSslCertificate> trustedCaCerts(
bool includeinvalid =
false );
609 const QList<QSslCertificate> untrustedCaCerts( QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );
612 bool rebuildTrustedCaCertsCache();
626 const QByteArray trustedCaCertsPemText();
640 bool passwordHelperDelete()
SIP_SKIP;
646 bool passwordHelperEnabled()
const SIP_SKIP;
652 void setPasswordHelperEnabled(
const bool enabled )
SIP_SKIP;
658 bool passwordHelperLoggingEnabled()
const SIP_SKIP;
664 void setPasswordHelperLoggingEnabled(
const bool enabled )
SIP_SKIP;
684 void passwordHelperFailure();
690 void passwordHelperSuccess();
715 void masterPasswordVerified(
bool verified );
718 void authDatabaseEraseRequested();
721 void authDatabaseChanged();
725 void clearAllCachedConfigs();
728 void clearCachedConfig(
const QString &authcfg );
742 void tryToStartDbErase();
760 QString passwordHelperName() const;
763 void passwordHelperLog( const QString &msg ) const;
766 QString passwordHelperRead();
769 bool passwordHelperWrite( const QString &password );
772 void passwordHelperSetErrorMessage( const QString &errorMessage ) { mPasswordHelperErrorMessage = errorMessage; }
775 void passwordHelperClearErrors();
781 void passwordHelperProcessError();
783 bool createConfigTables();
785 bool createCertTables();
787 bool masterPasswordInput();
789 bool masterPasswordRowsInDb(
int *rows )
const;
791 bool masterPasswordCheckAgainstDb(
const QString &compare = QString() )
const;
793 bool masterPasswordStoreInDb()
const;
795 bool masterPasswordClearDb();
797 const QString masterPasswordCiv()
const;
799 bool verifyPasswordCanDecryptConfigs()
const;
801 bool reencryptAllAuthenticationConfigs(
const QString &prevpass,
const QString &prevciv );
803 bool reencryptAuthenticationConfig(
const QString &authcfg,
const QString &prevpass,
const QString &prevciv );
805 bool reencryptAllAuthenticationSettings(
const QString &prevpass,
const QString &prevciv );
807 bool reencryptAllAuthenticationIdentities(
const QString &prevpass,
const QString &prevciv );
809 bool reencryptAuthenticationIdentity(
const QString &identid,
const QString &prevpass,
const QString &prevciv );
811 bool authDbOpen()
const;
813 bool authDbQuery( QSqlQuery *query )
const;
815 bool authDbStartTransaction()
const;
817 bool authDbCommit()
const;
819 bool authDbTransactionQuery( QSqlQuery *query )
const;
825 const QString authDbPassTable()
const {
return AUTH_PASS_TABLE; }
827 const QString authDbSettingsTable()
const {
return AUTH_SETTINGS_TABLE; }
829 const QString authDbIdentitiesTable()
const {
return AUTH_IDENTITIES_TABLE; }
831 const QString authDbAuthoritiesTable()
const {
return AUTH_AUTHORITIES_TABLE; }
833 const QString authDbTrustTable()
const {
return AUTH_TRUST_TABLE; }
836 static const QString AUTH_CONFIG_TABLE;
837 static const QString AUTH_PASS_TABLE;
838 static const QString AUTH_SETTINGS_TABLE;
839 static const QString AUTH_IDENTITIES_TABLE;
840 static const QString AUTH_SERVERS_TABLE;
841 static const QString AUTH_AUTHORITIES_TABLE;
842 static const QString AUTH_TRUST_TABLE;
843 static const QString AUTH_CFG_REGEX;
845 bool mAuthInit =
false;
848 QCA::Initializer *mQcaInitializer =
nullptr;
850 QHash<QString, QString> mConfigAuthMethods;
851 QHash<QString, QgsAuthMethod *> mAuthMethods;
855 bool mAuthDisabled =
false;
856 QString mAuthDisabledMessage;
857 QTimer *mScheduledDbEraseTimer =
nullptr;
858 bool mScheduledDbErase =
false;
859 int mScheduledDbEraseRequestWait = 3 ;
860 bool mScheduledDbEraseRequestEmitted =
false;
861 int mScheduledDbEraseRequestCount = 0;
862 QMutex *mMutex =
nullptr;
867 QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > mCaCertsCache;
869 QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;
871 QList<QSslCertificate> mTrustedCaCertsCache;
873 QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;
880 bool mPasswordHelperVerificationError =
false;
883 QString mPasswordHelperErrorMessage;
886 QKeychain::Error mPasswordHelperErrorCode = QKeychain::NoError;
889 bool mPasswordHelperLoggingEnabled =
false;
892 bool mPasswordHelperFailedInit =
false;
895 static const QLatin1String AUTH_PASSWORD_HELPER_KEY_NAME;
898 static const QLatin1String AUTH_PASSWORD_HELPER_FOLDER_NAME;
904 #endif // QGSAUTHMANAGER_H Singleton offering an interface to manage the authentication configuration database and to utilize co...
const QString authDatabaseConfigTable() const
Name of the authentication database table that stores configs.
Extends QApplication to provide access to QGIS specific resources such as theme paths, database paths etc.
Configuration container for SSL server connection exceptions or overrides.
Abstract base class for the edit widget of authentication method plugins.
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME
The display name of the password helper (platform dependent)
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > caCertsCache()
caCertsCache get all CA certs mapped to their sha1 from cache.
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
QString authManTag() const
Simple text tag describing authentication system for message logs.
Configuration storage class for authentication method configurations.
const QString authenticationDatabasePath() const
The standard authentication database file in ~/.qgis3/ or defined location.
Abstract base class for authentication method plugins.
CaCertSource
Type of CA certificate source.
void clearMasterPassword()
Clear supplied master password.
const QList< QSslCertificate > trustedCaCertsCache()
trustedCaCertsCache cache of trusted certificate authorities, ready for network connections ...
QString configIdRegex() const
Return regular expression for authcfg=.{7} key/value token for authentication ids.
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache()
certTrustCache get cache of certificate sha1s, per trust policy
static const QString AUTH_MAN_TAG
The display name of the Authentication Manager.
CertTrustPolicy
Type of certificate trust policy.
bool scheduledAuthDatabaseErase()
Whether there is a scheduled opitonal erase of authentication database.
const QString passwordHelperErrorMessage()
Error message getter.
const QString authDatabaseServersTable() const
Name of the authentication database table that stores server exceptions/configs.
QHash< QString, QSet< QSslError::SslError > > ignoredSslErrorCache()
ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port.
void setScheduledAuthDatabaseEraseRequestEmitted(bool emitted)
Re-emit a signal to schedule an optional erase of authentication database.
QHash< QString, QgsAuthMethod * > QgsAuthMethodsMap