api/3.24/qgsauthmanager_8h_source.html

 /***************************************************************************

     qgsauthmanager.h

     ---------------------

     begin                : October 5, 2014

     copyright            : (C) 2014 by Boundless Spatial, Inc. USA

     author               : Larry Shaffer

     email                : lshaffer at boundlessgeo dot com

  ***************************************************************************

  *                                                                         *

  *   This program is free software; you can redistribute it and/or modify  *

  *   it under the terms of the GNU General Public License as published by  *

  *   the Free Software Foundation; either version 2 of the License, or     *

  *   (at your option) any later version.                                   *

  *                                                                         *

  ***************************************************************************/


 #ifndef QGSAUTHMANAGER_H

 #define QGSAUTHMANAGER_H


 #include "qgis_core.h"

 #include "qgis_sip.h"

 #include <QObject>

 #if QT_VERSION < QT_VERSION_CHECK(5, 14, 0)

 #include <QMutex>

 #else

 #include <QRecursiveMutex>

 #endif

 #include <QNetworkReply>

 #include <QNetworkRequest>

 #include <QSqlDatabase>

 #include <QSqlError>

 #include <QSqlQuery>

 #include <QStringList>


 #ifndef QT_NO_SSL

 #include <QSslCertificate>

 #include <QSslKey>

 #include <QtCrypto>

 #include "qgsauthcertutils.h"

 #endif


 #include "qgsauthconfig.h"

 #include "qgsauthmethod.h"


 // Qt5KeyChain library

 #include "keychain.h"


 #ifndef SIP_RUN

 namespace QCA

 {

   class Initializer;

 }

 #endif

 class QgsAuthMethod;

 class QgsAuthMethodEdit;

 class QgsAuthProvider;

 class QgsAuthMethodMetadata;

 class QTimer;


 class CORE_EXPORT QgsAuthManager : public QObject

 {

     Q_OBJECT


   public:


     enum MessageLevel

     {

       INFO = 0,

       WARNING = 1,

       CRITICAL = 2

     };

     Q_ENUM( MessageLevel )


     bool init( const QString &pluginPath = QString(),  const QString &authDatabasePath = QString() );


     ~QgsAuthManager() override;


     QSqlDatabase authDatabaseConnection() const;


     const QString authDatabaseConfigTable() const { return AUTH_CONFIG_TABLE; }


     const QString authDatabaseServersTable() const { return AUTH_SERVERS_TABLE; }


     bool isDisabled() const;


     const QString disabledMessage() const;


     const QString authenticationDatabasePath() const { return mAuthDbPath; }


     bool setMasterPassword( bool verify = false );


     bool setMasterPassword( const QString &pass, bool verify = false );


     bool verifyMasterPassword( const QString &compare = QString() );


     bool masterPasswordIsSet() const;


     bool masterPasswordHashInDatabase() const;


     void clearMasterPassword() { mMasterPass = QString(); }


     bool masterPasswordSame( const QString &pass ) const;


     bool resetMasterPassword( const QString &newpass, const QString &oldpass, bool keepbackup, QString *backuppath SIP_INOUT = nullptr );


     bool scheduledAuthDatabaseErase() { return mScheduledDbErase; } SIP_SKIP


     void setScheduledAuthDatabaseErase( bool scheduleErase ) SIP_SKIP;


     void setScheduledAuthDatabaseEraseRequestEmitted( bool emitted ) { mScheduledDbEraseRequestEmitted = emitted; }


     QString authManTag() const { return AUTH_MAN_TAG; }


     bool registerCoreAuthMethods();


     QgsAuthMethodConfigsMap availableAuthMethodConfigs( const QString &dataprovider = QString() );


     void updateConfigAuthMethods();


     QgsAuthMethod *configAuthMethod( const QString &authcfg );


     QString configAuthMethodKey( const QString &authcfg ) const;


     QStringList authMethodsKeys( const QString &dataprovider = QString() );


     QgsAuthMethod *authMethod( const QString &authMethodKey );


     const QgsAuthMethodMetadata *authMethodMetadata( const QString &authMethodKey ) SIP_SKIP;


     QgsAuthMethodsMap authMethodsMap( const QString &dataprovider = QString() ) SIP_SKIP;


 #ifdef HAVE_GUI

     SIP_IF_FEATURE( HAVE_GUI )


     QWidget *authMethodEditWidget( const QString &authMethodKey, QWidget *parent );

     SIP_END

 #endif


     QgsAuthMethod::Expansions supportedAuthMethodExpansions( const QString &authcfg );


     const QString uniqueConfigId() const;


     bool configIdUnique( const QString &id ) const;


     bool hasConfigId( const QString &txt ) const;


     QString configIdRegex() const { return AUTH_CFG_REGEX;}


     QStringList configIds() const;


     bool storeAuthenticationConfig( QgsAuthMethodConfig &mconfig SIP_INOUT, bool overwrite = false );


     bool updateAuthenticationConfig( const QgsAuthMethodConfig &config );


     bool loadAuthenticationConfig( const QString &authcfg, QgsAuthMethodConfig &mconfig SIP_INOUT, bool full = false );


     bool removeAuthenticationConfig( const QString &authcfg );


     bool exportAuthenticationConfigsToXml( const QString &filename, const QStringList &authcfgs, const QString &password = QString() );


     bool importAuthenticationConfigsFromXml( const QString &filename, const QString &password = QString(), bool overwrite = false );


     bool removeAllAuthenticationConfigs();


     bool backupAuthenticationDatabase( QString *backuppath SIP_INOUT = nullptr );


     bool eraseAuthenticationDatabase( bool backup, QString *backuppath SIP_INOUT = nullptr );


     bool updateNetworkRequest( QNetworkRequest &request SIP_INOUT, const QString &authcfg,

                                const QString &dataprovider = QString() );


     bool updateNetworkReply( QNetworkReply *reply, const QString &authcfg,

                              const QString &dataprovider = QString() );


     bool updateDataSourceUriItems( QStringList &connectionItems SIP_INOUT, const QString &authcfg,

                                    const QString &dataprovider = QString() );


     bool updateNetworkProxy( QNetworkProxy &proxy SIP_INOUT, const QString &authcfg,

                              const QString &dataprovider = QString() );


     bool storeAuthSetting( const QString &key, const QVariant &value, bool encrypt = false );


     QVariant authSetting( const QString &key, const QVariant &defaultValue = QVariant(), bool decrypt = false );


     bool existsAuthSetting( const QString &key );


     bool removeAuthSetting( const QString &key );


 #ifndef QT_NO_SSL


     bool initSslCaches();


     bool storeCertIdentity( const QSslCertificate &cert, const QSslKey &key );


     const QSslCertificate certIdentity( const QString &id );


     const QPair<QSslCertificate, QSslKey> certIdentityBundle( const QString &id ) SIP_SKIP;


     const QStringList certIdentityBundleToPem( const QString &id );


     const QList<QSslCertificate> certIdentities();


     QStringList certIdentityIds() const;


     bool existsCertIdentity( const QString &id );


     bool removeCertIdentity( const QString &id );


     bool storeSslCertCustomConfig( const QgsAuthConfigSslServer &config );


     const QgsAuthConfigSslServer sslCertCustomConfig( const QString &id, const QString &hostport );


     const QgsAuthConfigSslServer sslCertCustomConfigByHost( const QString &hostport );


     const QList<QgsAuthConfigSslServer> sslCertCustomConfigs();


     bool existsSslCertCustomConfig( const QString &id, const QString &hostport );


     bool removeSslCertCustomConfig( const QString &id, const QString &hostport );


     QHash<QString, QSet<QSslError::SslError> > ignoredSslErrorCache() { return mIgnoredSslErrorsCache; } SIP_SKIP


     void dumpIgnoredSslErrorsCache_();


     bool updateIgnoredSslErrorsCacheFromConfig( const QgsAuthConfigSslServer &config );


     bool updateIgnoredSslErrorsCache( const QString &shahostport, const QList<QSslError> &errors );


     bool rebuildIgnoredSslErrorCache();


     bool storeCertAuthorities( const QList<QSslCertificate> &certs );


     bool storeCertAuthority( const QSslCertificate &cert );


     const QSslCertificate certAuthority( const QString &id );


     bool existsCertAuthority( const QSslCertificate &cert );


     bool removeCertAuthority( const QSslCertificate &cert );


     const QList<QSslCertificate> systemRootCAs();


     const QList<QSslCertificate> extraFileCAs();


     const QList<QSslCertificate> databaseCAs();


     const QMap<QString, QSslCertificate> mappedDatabaseCAs();


     const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > caCertsCache() SIP_SKIP

     {

       return mCaCertsCache;

     }


     bool rebuildCaCertsCache();


     bool storeCertTrustPolicy( const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy );


     QgsAuthCertUtils::CertTrustPolicy certTrustPolicy( const QSslCertificate &cert );


     bool removeCertTrustPolicies( const QList<QSslCertificate> &certs );


     bool removeCertTrustPolicy( const QSslCertificate &cert );


     QgsAuthCertUtils::CertTrustPolicy certificateTrustPolicy( const QSslCertificate &cert );


     bool setDefaultCertTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy );


     QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy();


     const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache() { return mCertTrustCache; }


     bool rebuildCertTrustCache();


     const QList<QSslCertificate> trustedCaCerts( bool includeinvalid = false );


     const QList<QSslCertificate> untrustedCaCerts( QList<QSslCertificate> trustedCAs = QList<QSslCertificate>() );


     bool rebuildTrustedCaCertsCache();


     const QList<QSslCertificate> trustedCaCertsCache() { return mTrustedCaCertsCache; }


     const QByteArray trustedCaCertsPemText();


 #endif


     const QString passwordHelperErrorMessage() { return mPasswordHelperErrorMessage; } SIP_SKIP


     bool passwordHelperDelete() SIP_SKIP;


     bool passwordHelperEnabled() const;


     void setPasswordHelperEnabled( bool enabled );


     bool passwordHelperLoggingEnabled() const SIP_SKIP;


     void setPasswordHelperLoggingEnabled( bool enabled ) SIP_SKIP;


     bool passwordHelperSync();


     static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME;


     static const QString AUTH_MAN_TAG;


   signals:


     void passwordHelperFailure();


     void passwordHelperSuccess();


     void messageOut( const QString &message, const QString &tag = QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level = QgsAuthManager::INFO ) const;


     void passwordHelperMessageOut( const QString &message, const QString &tag = QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level = QgsAuthManager::INFO );


     void masterPasswordVerified( bool verified );


     void authDatabaseEraseRequested();


     void authDatabaseChanged();


   public slots:

     void clearAllCachedConfigs();


     void clearCachedConfig( const QString &authcfg );


   private slots:

     void writeToConsole( const QString &message, const QString &tag = QString(), QgsAuthManager::MessageLevel level = INFO );


     void tryToStartDbErase();


   protected:


     static QgsAuthManager *instance() SIP_SKIP;


 #ifdef Q_OS_WIN

   public:

     explicit QgsAuthManager() SIP_SKIP;

 #else

   protected:

     explicit QgsAuthManager() SIP_SKIP;

 #endif


   private:


     // Password Helper methods


     QString passwordHelperName() const;


     void passwordHelperLog( const QString &msg ) const;


     QString passwordHelperRead();


     bool passwordHelperWrite( const QString &password );


     void passwordHelperSetErrorMessage( const QString &errorMessage ) { mPasswordHelperErrorMessage = errorMessage; }


     void passwordHelperClearErrors();


     void passwordHelperProcessError();


     bool createConfigTables();


     bool createCertTables();


     bool masterPasswordInput();


     bool masterPasswordRowsInDb( int *rows ) const;


     bool masterPasswordCheckAgainstDb( const QString &compare = QString() ) const;


     bool masterPasswordStoreInDb() const;


     bool masterPasswordClearDb();


     const QString masterPasswordCiv() const;


     bool verifyPasswordCanDecryptConfigs() const;


     bool reencryptAllAuthenticationConfigs( const QString &prevpass, const QString &prevciv );


     bool reencryptAuthenticationConfig( const QString &authcfg, const QString &prevpass, const QString &prevciv );


     bool reencryptAllAuthenticationSettings( const QString &prevpass, const QString &prevciv );


     bool reencryptAllAuthenticationIdentities( const QString &prevpass, const QString &prevciv );


     bool reencryptAuthenticationIdentity( const QString &identid, const QString &prevpass, const QString &prevciv );


     bool authDbOpen() const;


     bool authDbQuery( QSqlQuery *query ) const;


     bool authDbStartTransaction() const;


     bool authDbCommit() const;


     bool authDbTransactionQuery( QSqlQuery *query ) const;


 #ifndef QT_NO_SSL

     void insertCaCertInCache( QgsAuthCertUtils::CaCertSource source, const QList<QSslCertificate> &certs );

 #endif


     const QString authDbPassTable() const { return AUTH_PASS_TABLE; }


     const QString authDbSettingsTable() const { return AUTH_SETTINGS_TABLE; }


     const QString authDbIdentitiesTable() const { return AUTH_IDENTITIES_TABLE; }


     const QString authDbAuthoritiesTable() const { return AUTH_AUTHORITIES_TABLE; }


     const QString authDbTrustTable() const { return AUTH_TRUST_TABLE; }


     static QgsAuthManager *sInstance;

     static const QString AUTH_CONFIG_TABLE;

     static const QString AUTH_PASS_TABLE;

     static const QString AUTH_SETTINGS_TABLE;

     static const QString AUTH_IDENTITIES_TABLE;

     static const QString AUTH_SERVERS_TABLE;

     static const QString AUTH_AUTHORITIES_TABLE;

     static const QString AUTH_TRUST_TABLE;

     static const QString AUTH_CFG_REGEX;


     bool mAuthInit = false;

     QString mAuthDbPath;


     std::unique_ptr<QCA::Initializer> mQcaInitializer;


     QHash<QString, QString> mConfigAuthMethods;

     QHash<QString, QgsAuthMethod *> mAuthMethods;


     QString mMasterPass;

     int mPassTries = 0;

     bool mAuthDisabled = false;

     QString mAuthDisabledMessage;

     QTimer *mScheduledDbEraseTimer = nullptr;

     bool mScheduledDbErase = false;

     int mScheduledDbEraseRequestWait = 3 ; // in seconds

     bool mScheduledDbEraseRequestEmitted = false;

     int mScheduledDbEraseRequestCount = 0;


 #if QT_VERSION < QT_VERSION_CHECK(5, 14, 0)

     std::unique_ptr<QMutex> mMutex;

     std::unique_ptr<QMutex> mMasterPasswordMutex;

 #else

     std::unique_ptr<QRecursiveMutex> mMutex;

     std::unique_ptr<QRecursiveMutex> mMasterPasswordMutex;

 #endif

 #ifndef QT_NO_SSL

     // mapping of sha1 digest and cert source and cert

     // appending removes duplicates

     QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > mCaCertsCache;

     // list of sha1 digests per policy

     QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;

     // cache of certs ready to be utilized in network connections

     QList<QSslCertificate> mTrustedCaCertsCache;

     // cache of SSL errors to be ignored in network connections, per sha-hostport

     QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;


     bool mHasCustomConfigByHost = false;

     bool mHasCheckedIfCustomConfigByHostExists = false;

     QMap< QString, QgsAuthConfigSslServer > mCustomConfigByHostCache;

 #endif


     // Password Helper Variables


     bool mPasswordHelperVerificationError = false;


     QString mPasswordHelperErrorMessage;


     QKeychain::Error mPasswordHelperErrorCode = QKeychain::NoError;


     bool mPasswordHelperLoggingEnabled = false;


     bool mPasswordHelperFailedInit = false;


     static const QLatin1String AUTH_PASSWORD_HELPER_KEY_NAME;


     static const QLatin1String AUTH_PASSWORD_HELPER_FOLDER_NAME;


     mutable QMap<QThread *, QMetaObject::Connection> mConnectedThreads;


     friend class QgsApplication;


 };


 #endif // QGSAUTHMANAGER_H

QgsApplication
Extends QApplication to provide access to QGIS specific resources such as theme paths,...
Definition: qgsapplication.h:91

QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:54

QgsAuthCertUtils::CaCertSource
CaCertSource
Type of CA certificate source.
Definition: qgsauthcertutils.h:45

QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition: qgsauthconfig.h:393

QgsAuthManager
Singleton offering an interface to manage the authentication configuration database and to utilize co...
Definition: qgsauthmanager.h:70

QgsAuthManager::authDatabaseServersTable
const QString authDatabaseServersTable() const
Name of the authentication database table that stores server exceptions/configs.
Definition: qgsauthmanager.h:103

QgsAuthManager::certTrustCache
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache()
certTrustCache get cache of certificate sha1s, per trust policy
Definition: qgsauthmanager.h:630

QgsAuthManager::MessageLevel
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
Definition: qgsauthmanager.h:77

QgsAuthManager::scheduledAuthDatabaseErase
bool scheduledAuthDatabaseErase()
Whether there is a scheduled opitonal erase of authentication database.
Definition: qgsauthmanager.h:172

QgsAuthManager::ignoredSslErrorCache
QHash< QString, QSet< QSslError::SslError > > ignoredSslErrorCache()
ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port.
Definition: qgsauthmanager.h:515

QgsAuthManager::authenticationDatabasePath
const QString authenticationDatabasePath() const
The standard authentication database file in ~/.qgis3/ or defined location.
Definition: qgsauthmanager.h:116

QgsAuthManager::authManTag
QString authManTag() const
Simple text tag describing authentication system for message logs.
Definition: qgsauthmanager.h:199

QgsAuthManager::configIdRegex
QString configIdRegex() const
Returns the regular expression for authcfg=.{7} key/value token for authentication ids.
Definition: qgsauthmanager.h:281

QgsAuthManager::setScheduledAuthDatabaseEraseRequestEmitted
void setScheduledAuthDatabaseEraseRequestEmitted(bool emitted)
Re-emit a signal to schedule an optional erase of authentication database.
Definition: qgsauthmanager.h:196

QgsAuthManager::clearMasterPassword
void clearMasterPassword()
Clear supplied master password.
Definition: qgsauthmanager.h:150

QgsAuthManager::passwordHelperErrorMessage
const QString passwordHelperErrorMessage()
Error message getter.
Definition: qgsauthmanager.h:673

QgsAuthManager::authDatabaseConfigTable
const QString authDatabaseConfigTable() const
Name of the authentication database table that stores configs.
Definition: qgsauthmanager.h:100

QgsAuthManager::caCertsCache
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > caCertsCache()
caCertsCache get all CA certs mapped to their sha1 from cache.
Definition: qgsauthmanager.h:586

QgsAuthManager::trustedCaCertsCache
const QList< QSslCertificate > trustedCaCertsCache()
trustedCaCertsCache cache of trusted certificate authorities, ready for network connections
Definition: qgsauthmanager.h:658

QgsAuthMethodConfig
Configuration storage class for authentication method configurations.
Definition: qgsauthconfig.h:42

QgsAuthMethodEdit
Abstract base class for the edit widget of authentication method plugins.
Definition: qgsauthmethodedit.h:30

QgsAuthMethodMetadata
Holds data auth method key, description, and associated shared library file information.
Definition: qgsauthmethodmetadata.h:44

QgsAuthMethod
Abstract base class for authentication method plugins.
Definition: qgsauthmethod.h:43

QCA
Definition: qgsauthmanager.h:50

qgis_sip.h

SIP_SKIP
#define SIP_SKIP
Definition: qgis_sip.h:126

SIP_IF_FEATURE
#define SIP_IF_FEATURE(feature)
Definition: qgis_sip.h:167

SIP_INOUT
#define SIP_INOUT
Definition: qgis_sip.h:71

SIP_END
#define SIP_END
Definition: qgis_sip.h:194

qgsauthcertutils.h

qgsauthconfig.h

QgsAuthMethodConfigsMap
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
Definition: qgsauthconfig.h:200

qgsauthmethod.h

QgsAuthMethodsMap
QHash< QString, QgsAuthMethod * > QgsAuthMethodsMap
Definition: qgsauthmethod.h:217