17 #ifndef QGSAUTHMANAGER_H 18 #define QGSAUTHMANAGER_H 20 #include "qgis_core.h" 24 #include <QNetworkReply> 25 #include <QNetworkRequest> 26 #include <QSqlDatabase> 29 #include <QStringList> 32 #include <QSslCertificate> 52 class QgsAuthProvider;
87 bool init(
const QString &pluginPath = QString(),
const QString &authDatabasePath = QString() );
92 QSqlDatabase authDatabaseConnection()
const;
102 bool isDisabled()
const;
105 const QString disabledMessage()
const;
118 bool setMasterPassword(
bool verify =
false );
126 bool setMasterPassword(
const QString &pass,
bool verify =
false );
133 bool verifyMasterPassword(
const QString &compare = QString() );
136 bool masterPasswordIsSet()
const;
139 bool masterPasswordHashInDatabase()
const;
151 bool masterPasswordSame(
const QString &pass )
const;
161 bool resetMasterPassword(
const QString &newpass,
const QString &oldpass,
bool keepbackup, QString *backuppath
SIP_INOUT =
nullptr );
181 void setScheduledAuthDatabaseErase(
bool scheduleErase )
SIP_SKIP;
197 bool registerCoreAuthMethods();
203 void updateConfigAuthMethods();
215 QString configAuthMethodKey(
const QString &authcfg )
const;
220 QStringList authMethodsKeys(
const QString &dataprovider = QString() );
240 QWidget *authMethodEditWidget(
const QString &authMethodKey, QWidget *parent );
246 QgsAuthMethod::Expansions supportedAuthMethodExpansions(
const QString &authcfg );
249 const QString uniqueConfigId()
const;
255 bool configIdUnique(
const QString &
id )
const;
261 bool hasConfigId(
const QString &txt )
const;
267 QStringList configIds()
const;
290 bool loadAuthenticationConfig(
const QString &authcfg,
QgsAuthMethodConfig &mconfig SIP_INOUT,
bool full =
false );
297 bool removeAuthenticationConfig(
const QString &authcfg );
303 bool removeAllAuthenticationConfigs();
309 bool backupAuthenticationDatabase( QString *backuppath SIP_INOUT =
nullptr );
317 bool eraseAuthenticationDatabase(
bool backup, QString *backuppath SIP_INOUT =
nullptr );
329 bool updateNetworkRequest( QNetworkRequest &request SIP_INOUT,
const QString &authcfg,
330 const QString &dataprovider = QString() );
339 bool updateNetworkReply( QNetworkReply *reply,
const QString &authcfg,
340 const QString &dataprovider = QString() );
349 bool updateDataSourceUriItems( QStringList &connectionItems SIP_INOUT,
const QString &authcfg,
350 const QString &dataprovider = QString() );
359 bool updateNetworkProxy( QNetworkProxy &proxy SIP_INOUT,
const QString &authcfg,
360 const QString &dataprovider = QString() );
365 bool storeAuthSetting(
const QString &key,
const QVariant &value,
bool encrypt =
false );
375 QVariant authSetting(
const QString &key,
const QVariant &defaultValue = QVariant(),
bool decrypt =
false );
378 bool existsAuthSetting(
const QString &key );
381 bool removeAuthSetting(
const QString &key );
387 bool initSslCaches();
390 bool storeCertIdentity(
const QSslCertificate &cert,
const QSslKey &key );
398 const QSslCertificate certIdentity(
const QString &
id );
407 const QPair<QSslCertificate, QSslKey> certIdentityBundle(
const QString &
id )
SIP_SKIP;
415 const QStringList certIdentityBundleToPem(
const QString &
id );
422 const QList<QSslCertificate> certIdentities();
431 QStringList certIdentityIds()
const;
434 bool existsCertIdentity(
const QString &
id );
437 bool removeCertIdentity(
const QString &
id );
465 const QList<QgsAuthConfigSslServer> sslCertCustomConfigs();
468 bool existsSslCertCustomConfig(
const QString &
id,
const QString &hostport );
471 bool removeSslCertCustomConfig(
const QString &
id,
const QString &hostport );
482 void dumpIgnoredSslErrorsCache_();
488 bool updateIgnoredSslErrorsCache(
const QString &shahostport,
const QList<QSslError> &errors );
491 bool rebuildIgnoredSslErrorCache();
495 bool storeCertAuthorities(
const QList<QSslCertificate> &certs );
498 bool storeCertAuthority(
const QSslCertificate &cert );
508 const QSslCertificate certAuthority(
const QString &
id );
511 bool existsCertAuthority(
const QSslCertificate &cert );
514 bool removeCertAuthority(
const QSslCertificate &cert );
521 const QList<QSslCertificate> systemRootCAs();
528 const QList<QSslCertificate> extraFileCAs();
535 const QList<QSslCertificate> databaseCAs();
542 const QMap<QString, QSslCertificate> mappedDatabaseCAs();
550 const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> >
caCertsCache() SIP_SKIP
552 return mCaCertsCache;
556 bool rebuildCaCertsCache();
570 bool removeCertTrustPolicies(
const QList<QSslCertificate> &certs );
573 bool removeCertTrustPolicy(
const QSslCertificate &cert );
594 const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList >
certTrustCache() {
return mCertTrustCache; }
597 bool rebuildCertTrustCache();
605 const QList<QSslCertificate> trustedCaCerts(
bool includeinvalid =
false );
612 const QList<QSslCertificate> untrustedCaCerts( QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );
615 bool rebuildTrustedCaCertsCache();
629 const QByteArray trustedCaCertsPemText();
643 bool passwordHelperDelete()
SIP_SKIP;
649 bool passwordHelperEnabled()
const SIP_SKIP;
655 void setPasswordHelperEnabled(
bool enabled )
SIP_SKIP;
661 bool passwordHelperLoggingEnabled()
const SIP_SKIP;
667 void setPasswordHelperLoggingEnabled(
bool enabled )
SIP_SKIP;
687 void passwordHelperFailure();
693 void passwordHelperSuccess();
718 void masterPasswordVerified(
bool verified );
721 void authDatabaseEraseRequested();
724 void authDatabaseChanged();
728 void clearAllCachedConfigs();
731 void clearCachedConfig(
const QString &authcfg );
745 void tryToStartDbErase();
763 QString passwordHelperName() const;
766 void passwordHelperLog( const QString &msg ) const;
769 QString passwordHelperRead();
772 bool passwordHelperWrite( const QString &password );
775 void passwordHelperSetErrorMessage( const QString &errorMessage ) { mPasswordHelperErrorMessage = errorMessage; }
778 void passwordHelperClearErrors();
784 void passwordHelperProcessError();
786 bool createConfigTables();
788 bool createCertTables();
790 bool masterPasswordInput();
792 bool masterPasswordRowsInDb(
int *rows )
const;
794 bool masterPasswordCheckAgainstDb(
const QString &compare = QString() )
const;
796 bool masterPasswordStoreInDb()
const;
798 bool masterPasswordClearDb();
800 const QString masterPasswordCiv()
const;
802 bool verifyPasswordCanDecryptConfigs()
const;
804 bool reencryptAllAuthenticationConfigs(
const QString &prevpass,
const QString &prevciv );
806 bool reencryptAuthenticationConfig(
const QString &authcfg,
const QString &prevpass,
const QString &prevciv );
808 bool reencryptAllAuthenticationSettings(
const QString &prevpass,
const QString &prevciv );
810 bool reencryptAllAuthenticationIdentities(
const QString &prevpass,
const QString &prevciv );
812 bool reencryptAuthenticationIdentity(
const QString &identid,
const QString &prevpass,
const QString &prevciv );
814 bool authDbOpen()
const;
816 bool authDbQuery( QSqlQuery *query )
const;
818 bool authDbStartTransaction()
const;
820 bool authDbCommit()
const;
822 bool authDbTransactionQuery( QSqlQuery *query )
const;
828 const QString authDbPassTable()
const {
return AUTH_PASS_TABLE; }
830 const QString authDbSettingsTable()
const {
return AUTH_SETTINGS_TABLE; }
832 const QString authDbIdentitiesTable()
const {
return AUTH_IDENTITIES_TABLE; }
834 const QString authDbAuthoritiesTable()
const {
return AUTH_AUTHORITIES_TABLE; }
836 const QString authDbTrustTable()
const {
return AUTH_TRUST_TABLE; }
839 static const QString AUTH_CONFIG_TABLE;
840 static const QString AUTH_PASS_TABLE;
841 static const QString AUTH_SETTINGS_TABLE;
842 static const QString AUTH_IDENTITIES_TABLE;
843 static const QString AUTH_SERVERS_TABLE;
844 static const QString AUTH_AUTHORITIES_TABLE;
845 static const QString AUTH_TRUST_TABLE;
846 static const QString AUTH_CFG_REGEX;
848 bool mAuthInit =
false;
851 QCA::Initializer *mQcaInitializer =
nullptr;
853 QHash<QString, QString> mConfigAuthMethods;
854 QHash<QString, QgsAuthMethod *> mAuthMethods;
858 bool mAuthDisabled =
false;
859 QString mAuthDisabledMessage;
860 QTimer *mScheduledDbEraseTimer =
nullptr;
861 bool mScheduledDbErase =
false;
862 int mScheduledDbEraseRequestWait = 3 ;
863 bool mScheduledDbEraseRequestEmitted =
false;
864 int mScheduledDbEraseRequestCount = 0;
865 QMutex *mMutex =
nullptr;
870 QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > mCaCertsCache;
872 QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;
874 QList<QSslCertificate> mTrustedCaCertsCache;
876 QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;
883 bool mPasswordHelperVerificationError =
false;
886 QString mPasswordHelperErrorMessage;
889 QKeychain::Error mPasswordHelperErrorCode = QKeychain::NoError;
892 bool mPasswordHelperLoggingEnabled =
false;
895 bool mPasswordHelperFailedInit =
false;
898 static const QLatin1String AUTH_PASSWORD_HELPER_KEY_NAME;
901 static const QLatin1String AUTH_PASSWORD_HELPER_FOLDER_NAME;
907 #endif // QGSAUTHMANAGER_H Singleton offering an interface to manage the authentication configuration database and to utilize co...
const QString authDatabaseConfigTable() const
Name of the authentication database table that stores configs.
Extends QApplication to provide access to QGIS specific resources such as theme paths, database paths etc.
Configuration container for SSL server connection exceptions or overrides.
Abstract base class for the edit widget of authentication method plugins.
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME
The display name of the password helper (platform dependent)
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > caCertsCache()
caCertsCache get all CA certs mapped to their sha1 from cache.
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
QString authManTag() const
Simple text tag describing authentication system for message logs.
Configuration storage class for authentication method configurations.
const QString authenticationDatabasePath() const
The standard authentication database file in ~/.qgis3/ or defined location.
Abstract base class for authentication method plugins.
CaCertSource
Type of CA certificate source.
void clearMasterPassword()
Clear supplied master password.
const QList< QSslCertificate > trustedCaCertsCache()
trustedCaCertsCache cache of trusted certificate authorities, ready for network connections ...
QString configIdRegex() const
Returns the regular expression for authcfg=.{7} key/value token for authentication ids...
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache()
certTrustCache get cache of certificate sha1s, per trust policy
static const QString AUTH_MAN_TAG
The display name of the Authentication Manager.
CertTrustPolicy
Type of certificate trust policy.
bool scheduledAuthDatabaseErase()
Whether there is a scheduled opitonal erase of authentication database.
const QString passwordHelperErrorMessage()
Error message getter.
const QString authDatabaseServersTable() const
Name of the authentication database table that stores server exceptions/configs.
QHash< QString, QSet< QSslError::SslError > > ignoredSslErrorCache()
ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port.
void setScheduledAuthDatabaseEraseRequestEmitted(bool emitted)
Re-emit a signal to schedule an optional erase of authentication database.
QHash< QString, QgsAuthMethod * > QgsAuthMethodsMap