20 #include <QDialogButtonBox> 21 #include <QPushButton> 31 static void setItemBold_( QTreeWidgetItem *item )
33 item->setFirstColumnSpanned(
true );
34 QFont secf( item->font( 0 ) );
36 item->setFont( 0, secf );
39 static const QString configFoundText_() {
return QObject::tr(
"Configuration loaded from database" ); }
40 static const QString configNotFoundText_() {
return QObject::tr(
"Configuration not found in database" ); }
43 const QSslCertificate &cert,
44 const QString &hostport,
45 const QList<QSslCertificate> &connectionCAs )
48 , mConnectionCAs( connectionCAs )
53 mAuthNotifyLayout =
new QVBoxLayout;
54 this->setLayout( mAuthNotifyLayout );
56 mAuthNotifyLayout->addWidget( mAuthNotify );
61 connect( btnCertInfo, &QToolButton::clicked,
this, &QgsAuthSslConfigWidget::btnCertInfo_clicked );
69 lblLoadedConfig->setVisible(
false );
70 lblLoadedConfig->clear();
72 connect( leHost, &QLineEdit::textChanged,
97 return grpbxSslConfig;
101 QTreeWidgetItem *QgsAuthSslConfigWidget::addRootItem(
const QString &label )
103 QTreeWidgetItem *item =
new QTreeWidgetItem(
104 QStringList() << label,
105 (
int )ConfigParent );
106 setItemBold_( item );
107 item->setTextAlignment( 0, Qt::AlignVCenter );
108 item->setFlags( item->flags() & ~Qt::ItemIsSelectable );
109 treeSslConfig->insertTopLevelItem( treeSslConfig->topLevelItemCount(), item );
114 void QgsAuthSslConfigWidget::setUpSslConfigTree()
116 treeSslConfig->setColumnCount( 1 );
119 mProtocolItem = addRootItem( tr(
"Protocol" ) );
120 mProtocolCmbBx =
new QComboBox( treeSslConfig );
122 (
int )QSsl::SecureProtocols );
124 (
int )QSsl::TlsV1SslV3 );
126 (
int )QSsl::TlsV1 );
128 (
int )QSsl::SslV3 );
130 (
int )QSsl::SslV2 );
131 mProtocolCmbBx->setMaximumWidth( 300 );
132 mProtocolCmbBx->setCurrentIndex( 0 );
133 QTreeWidgetItem *protocolitem =
new QTreeWidgetItem(
135 QStringList() << QLatin1String(
"" ),
137 protocolitem->setFlags( protocolitem->flags() & ~Qt::ItemIsSelectable );
138 treeSslConfig->setItemWidget( protocolitem, 0, mProtocolCmbBx );
139 mProtocolItem->setExpanded(
true );
141 mVerifyModeItem = addRootItem( tr(
"Peer verification" ) );
142 mVerifyPeerCmbBx =
new QComboBox( treeSslConfig );
143 mVerifyPeerCmbBx->addItem( tr(
"Verify peer certs" ),
144 (
int )QSslSocket::VerifyPeer );
145 mVerifyPeerCmbBx->addItem( tr(
"Do not verify peer certs" ),
146 (
int )QSslSocket::VerifyNone );
147 mVerifyPeerCmbBx->setMaximumWidth( 300 );
148 mVerifyPeerCmbBx->setCurrentIndex( 0 );
149 QTreeWidgetItem *peerverifycmbxitem =
new QTreeWidgetItem(
151 QStringList() << QLatin1String(
"" ),
153 peerverifycmbxitem->setFlags( peerverifycmbxitem->flags() & ~Qt::ItemIsSelectable );
154 treeSslConfig->setItemWidget( peerverifycmbxitem, 0, mVerifyPeerCmbBx );
155 mVerifyModeItem->setExpanded(
true );
157 mVerifyDepthItem = addRootItem( tr(
"Peer verification depth (0 = complete cert chain)" ) );
158 mVerifyDepthSpnBx =
new QSpinBox( treeSslConfig );
159 mVerifyDepthSpnBx->setMinimum( 0 );
160 mVerifyDepthSpnBx->setMaximum( 10 );
161 mVerifyDepthSpnBx->setMaximumWidth( 200 );
162 mVerifyDepthSpnBx->setAlignment( Qt::AlignHCenter );
163 QTreeWidgetItem *peerverifyspnbxitem =
new QTreeWidgetItem(
165 QStringList() << QLatin1String(
"" ),
167 peerverifyspnbxitem->setFlags( peerverifyspnbxitem->flags() & ~Qt::ItemIsSelectable );
168 treeSslConfig->setItemWidget( peerverifyspnbxitem, 0, mVerifyDepthSpnBx );
169 mVerifyDepthItem->setExpanded(
true );
171 mIgnoreErrorsItem = addRootItem( tr(
"Ignore errors" ) );
174 for (
int i = 0; i < errenums.size(); i++ )
176 QTreeWidgetItem *item =
new QTreeWidgetItem(
178 QStringList() << errenums.at( i ).second,
180 item->setCheckState( 0, Qt::Unchecked );
181 item->setTextAlignment( 0, Qt::AlignVCenter );
182 item->setFlags( item->flags() & ~Qt::ItemIsSelectable );
183 item->setData( 0, Qt::UserRole, errenums.at( i ).first );
185 mIgnoreErrorsItem->setExpanded(
true );
208 return QSslCertificate();
219 return leHost->text();
228 if ( grpbxSslConfig->isCheckable() )
230 grpbxSslConfig->setChecked( enable );
246 if ( !hostport.isEmpty() )
257 lblLoadedConfig->setVisible(
true );
265 lblLoadedConfig->setText( configNotFoundText_() );
281 QgsDebugMsg(
"Passed-in SSL custom config is null" );
300 lblLoadedConfig->setVisible(
true );
301 lblLoadedConfig->setText( configFoundText_() );
312 QgsDebugMsg(
"SSL custom config FAILED to store in authentication database" );
323 mConnectionCAs.clear();
324 leCommonName->clear();
325 leCommonName->setStyleSheet( QLatin1String(
"" ) );
328 lblLoadedConfig->setVisible(
false );
329 lblLoadedConfig->clear();
340 return QSsl::UnknownProtocol;
342 return ( QSsl::SslProtocol )mProtocolCmbBx->currentData().toInt();
351 int indx( mProtocolCmbBx->findData( (
int )protocol ) );
352 mProtocolCmbBx->setCurrentIndex( indx );
361 mProtocolCmbBx->setCurrentIndex( 0 );
372 QList<QSslError::SslError> errenums;
373 Q_FOREACH (
const QSslError &err, errors )
375 errenums << err.error();
378 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
380 QTreeWidgetItem *item( mIgnoreErrorsItem->child( i ) );
381 if ( errenums.contains( ( QSslError::SslError )item->data( 0, Qt::UserRole ).toInt() ) )
383 item->setCheckState( 0, Qt::Checked );
394 QList<QSslError> errors;
395 Q_FOREACH ( QSslError::SslError errorenum, errorenums )
397 errors << QSslError( errorenum );
408 if ( errors.isEmpty() )
415 QList<QSslError::SslError> errenums;
416 Q_FOREACH (
const QSslError &err, errors )
418 errenums << err.error();
421 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
423 QTreeWidgetItem *item( mIgnoreErrorsItem->child( i ) );
424 bool enable( errenums.contains( ( QSslError::SslError )item->data( 0, Qt::UserRole ).toInt() ) );
425 item->setCheckState( 0, enable ? Qt::Checked : Qt::Unchecked );
435 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
437 mIgnoreErrorsItem->child( i )->setCheckState( 0, Qt::Unchecked );
443 QList<QSslError::SslError> errs;
448 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
450 QTreeWidgetItem *item( mIgnoreErrorsItem->child( i ) );
451 if ( item->checkState( 0 ) == Qt::Checked )
453 errs.append( ( QSslError::SslError )item->data( 0, Qt::UserRole ).toInt() );
463 return QSslSocket::AutoVerifyPeer;
465 return ( QSslSocket::PeerVerifyMode )mVerifyPeerCmbBx->currentData().toInt();
474 return mVerifyDepthSpnBx->value();
485 int indx( mVerifyPeerCmbBx->findData( (
int )mode ) );
486 mVerifyPeerCmbBx->setCurrentIndex( indx );
488 mVerifyDepthSpnBx->setValue( modedepth );
497 mVerifyPeerCmbBx->setCurrentIndex( 0 );
498 mVerifyDepthSpnBx->setValue( 0 );
507 bool cansave = ( isEnabled()
508 && ( grpbxSslConfig->isCheckable() ? grpbxSslConfig->isChecked() : true )
509 && validateHostPort( leHost->text() ) );
510 if ( mCanSave != cansave )
524 leHost->setText( host );
527 bool QgsAuthSslConfigWidget::validateHostPort(
const QString &txt )
529 QString hostport( txt );
530 if ( hostport.isEmpty() )
537 QString urlbase( QStringLiteral(
"https://%1" ).arg( hostport ) );
539 return ( !url.host().isEmpty() && QString::number( url.port() ).size() > 0
540 && QStringLiteral(
"https://%1:%2" ).arg( url.host() ).arg( url.port() ) == urlbase );
549 bool valid = validateHostPort( txt );
561 grpbxSslConfig->setCheckable( checkable );
564 grpbxSslConfig->setEnabled(
true );
568 void QgsAuthSslConfigWidget::btnCertInfo_clicked()
570 if ( mCert.isNull() )
576 dlg->setWindowModality( Qt::WindowModal );
577 dlg->resize( 675, 500 );
589 setWindowTitle( tr(
"Custom Certificate Configuration" ) );
590 QVBoxLayout *layout =
new QVBoxLayout(
this );
591 layout->setMargin( 6 );
595 this, &QgsAuthSslConfigDialog::checkCanSave );
596 layout->addWidget( mSslConfigWdgt );
598 QDialogButtonBox *buttonBox =
new QDialogButtonBox(
599 QDialogButtonBox::Close | QDialogButtonBox::Save, Qt::Horizontal,
this );
601 buttonBox->button( QDialogButtonBox::Close )->setDefault(
true );
602 mSaveButton = buttonBox->button( QDialogButtonBox::Save );
603 connect( buttonBox, &QDialogButtonBox::rejected,
this, &QWidget::close );
605 layout->addWidget( buttonBox );
608 mSaveButton->setEnabled( mSslConfigWdgt->
readyToSave() );
617 void QgsAuthSslConfigDialog::checkCanSave(
bool cansave )
619 mSaveButton->setEnabled( cansave );
bool isNull() const
Whether configuration is null (missing components)
int sslPeerVerifyDepth() const
Number or SSL client's peer to verify in connections.
Configuration container for SSL server connection exceptions or overrides.
QSsl::SslProtocol sslProtocol() const
SSL server protocol to use in connections.
QSslSocket::PeerVerifyMode sslPeerVerifyMode() const
SSL client's peer verify mode to use in connections.
void setSslPeerVerifyMode(QSslSocket::PeerVerifyMode mode)
Set SSL client's peer verify mode to use in connections.
Dialog wrapper for widget displaying detailed info on a certificate and its hierarchical trust chain...
static QString greenTextStyleSheet(const QString &selector="*")
Green text stylesheet representing valid, trusted, etc. certificate.
QgsAuthSslConfigDialog(QWidget *parent=nullptr, const QSslCertificate &cert=QSslCertificate(), const QString &hostport=QString())
Construct wrapper dialog for the SSL config widget.
const QString sslHostPort() const
Server host:port string.
const QList< QSslError::SslError > sslIgnoredErrorEnums() const
SSL server errors (as enum list) to ignore in connections.
void setSslHostPort(const QString &hostport)
Set server host:port string.
static QString getSslProtocolName(QSsl::SslProtocol protocol)
SSL Protocol name strings per enum.
void setSslProtocol(QSsl::SslProtocol protocol)
Set SSL server protocol to use in connections.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Get the sha1 hash for certificate.
static QgsAuthManager * authManager()
Returns the application's authentication manager instance.
static QString redTextStyleSheet(const QString &selector="*")
Red text stylesheet representing invalid, untrusted, etc. certificate.
const QSslCertificate sslCertificate() const
Server certificate object.
void setSslIgnoredErrorEnums(const QList< QSslError::SslError > &errors)
Set SSL server errors (as enum list) to ignore in connections.
void setSslPeerVerifyDepth(int depth)
Set number or SSL client's peer to verify in connections.
static QList< QPair< QSslError::SslError, QString > > sslErrorEnumStrings()
Get short strings describing SSL errors.
void setSslCertificate(const QSslCertificate &cert)
Set server certificate object.
static QString resolvedCertName(const QSslCertificate &cert, bool issuer=false)
Get the general name via RFC 5280 resolution.
static QString orangeTextStyleSheet(const QString &selector="*")
Orange text stylesheet representing loaded component, but not stored in database. ...