26#include <QCoreApplication>
42 QgsDebugMsgLevel( QStringLiteral(
"Auth db connection settings: driver=%1, database='%2', host=%3, port=%4, user='%5', schema=%6, options=%7" )
54 QMutexLocker locker( &
mMutex );
56 QMapIterator<QThread *, QMetaObject::Connection> iterator( mConnectedThreads );
57 while ( iterator.hasNext() )
60 QThread::disconnect( iterator.value() );
68 QMutexLocker locker( &
mMutex );
70 const QString connectionName = QStringLiteral(
"authentication.configs:0x%1" ).arg(
reinterpret_cast<quintptr
>( QThread::currentThread() ), 2 * QT_POINTER_SIZE, 16, QLatin1Char(
'0' ) );
71 QgsDebugMsgLevel( QStringLiteral(
"Using auth db connection name: %1 " ).arg( connectionName ), 3 );
72 if ( !QSqlDatabase::contains( connectionName ) )
74 QgsDebugMsgLevel( QStringLiteral(
"No existing connection, creating a new one" ), 3 );
75 authdb = QSqlDatabase::addDatabase(
mDriver, connectionName );
79 if ( !QSqlDatabase::isDriverAvailable(
mDriver ) )
86 authdb.setHostName(
mHost );
87 authdb.setPort(
mPort );
88 authdb.setUserName(
mUser );
93 if ( !authdb.isValid() )
100 if ( QCoreApplication::instance() && QThread::currentThread() != QCoreApplication::instance()->thread() )
102 QgsDebugMsgLevel( QStringLiteral(
"Scheduled auth db remove on thread close" ), 4 );
113 QMetaObject::Connection connection = connect( QThread::currentThread(), &QThread::finished, QThread::currentThread(), [connectionName,
this ]
115 QMutexLocker locker( &
mMutex );
116 QSqlDatabase::removeDatabase( connectionName );
117 mConnectedThreads.remove( QThread::currentThread() );
118 }, Qt::DirectConnection );
120 mConnectedThreads.insert( QThread::currentThread(), connection );
126 authdb = QSqlDatabase::database( connectionName,
false );
131 if ( !authdb.isOpen() )
133 if ( !authdb.open() )
144 QMutexLocker locker( &
mMutex );
147 if ( !authdb.isOpen() )
149 if ( !authdb.open() )
151 const QString err = tr(
"Unable to establish database connection\nDatabase: %1\nDriver error: %2\nDatabase error: %3" )
153 authdb.lastError().driverText(),
154 authdb.lastError().databaseText() );
166 QMutexLocker locker( &
mMutex );
167 query->setForwardOnly(
true );
168 const bool result { sql.isEmpty() ? query->exec() : query->exec( sql ) };
170 auto boundQuery = [](
const QSqlQuery * query ) -> QString
172 QString
str = query->lastQuery();
173#if QT_VERSION < QT_VERSION_CHECK( 6, 0, 0 )
174 QMapIterator<QString, QVariant> it( query->boundValues() );
176 const QStringList keys = query->boundValueNames();
177 const QVariantList values = query->boundValues();
178 QMap<QString, QVariant> boundValues;
179 for (
int i = 0; i < keys.count(); i++ )
181 boundValues.insert( keys.at( i ), values.at( i ).toString() );
183 QMapIterator<QString, QVariant> it = QMapIterator<QString, QVariant>( boundValues );
185 while ( it.hasNext() )
188 str.replace( it.key(), it.value().toString() );
195 if ( query->lastError().isValid() )
198 .arg( sql.isEmpty() ? boundQuery( query ) : sql,
200 QgsDebugMsgLevel( QStringLiteral(
"Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
206 QgsDebugMsgLevel( QStringLiteral(
"Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
216 QMutexLocker locker( &
mMutex );
237 QMutexLocker locker( &
mMutex );
239 if ( !authdb.isValid() || !authdb.isOpen() )
241 setError( tr(
"Auth db could not be opened" ) );
270 { QStringLiteral(
"driver" ), tr(
"SQL Driver (see https://doc.qt.io/qt/sql-driver.html)" ), QVariant::String },
271 { QStringLiteral(
"database" ), tr(
"Database" ), QVariant::String },
272 { QStringLiteral(
"schema" ), tr(
"Schema for all tables" ), QVariant::String },
273 { QStringLiteral(
"host" ), tr(
"Host" ), QVariant::String },
274 { QStringLiteral(
"port" ), tr(
"Port" ), QVariant::Int },
275 { QStringLiteral(
"user" ), tr(
"User" ), QVariant::String },
276 { QStringLiteral(
"password" ), tr(
"Password" ), QVariant::String },
277 { QStringLiteral(
"options" ), tr(
"Connection options" ), QVariant::String },
285 QMutexLocker locker( &
mMutex );
301 setError( tr(
"Auth db could not be opened" ) );
307 setError( tr(
"Certificate is NULL" ) );
312 const QString certPem{ cert.toPem() };
315 query.bindValue( QStringLiteral(
":id" ),
id );
316 query.bindValue( QStringLiteral(
":key" ), keyPem );
317 query.bindValue( QStringLiteral(
":cert" ), certPem );
329 QMutexLocker locker( &
mMutex );
335 setError( tr(
"Auth db could not be opened" ) );
342 query.bindValue( QStringLiteral(
":id" ), cert.digest().toHex() );
357 QMutexLocker locker( &
mMutex );
361 QSslCertificate emptycert;
375 query.bindValue( QStringLiteral(
":id" ),
id );
380 QSslCertificate cert;
382 if ( query.isActive() && query.isSelect() )
386 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
387 QgsDebugMsgLevel( QStringLiteral(
"Certificate identity retrieved for id: %1" ).arg(
id ), 2 );
405 QMutexLocker locker( &
mMutex );
409 QPair<QSslCertificate, QString> bundle;
424 query.bindValue( QStringLiteral(
":id" ),
id );
429 if ( query.isActive() && query.isSelect() )
431 QSslCertificate cert;
435 key = query.value( 0 ).toString();
441 cert = QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem );
447 QgsDebugMsgLevel( QStringLiteral(
"Certificate identity bundle retrieved for id: %1" ).arg(
id ), 2 );
454 bundle = qMakePair( cert, key );
461 QMutexLocker locker( &
mMutex );
465 QList<QSslCertificate> certs;
480 if ( query.isActive() && query.isSelect() )
482 while ( query.next() )
484 QSslCertificate cert( query.value( 0 ).toByteArray(), QSsl::Pem );
485 if ( !cert.isNull() )
487 certs.append( cert );
496 QMutexLocker locker( &
mMutex );
514 if ( query.isActive() && query.isSelect() )
516 while ( query.next() )
518 ids.append( query.value( 0 ).toString() );
526 QMutexLocker locker( &
mMutex );
542 query.bindValue( QStringLiteral(
":id" ),
id );
549 if ( query.isActive() && query.isSelect() )
566 QMutexLocker locker( &
mMutex );
572 setError( tr(
"Auth db could not be opened" ) );
579 query.bindValue( QStringLiteral(
":id" ),
id );
587 if ( query.numRowsAffected() == 0 )
600 QMutexLocker locker( &
mMutex );
623 setError( tr(
"Auth db could not be opened" ) );
627 QString certpem( cert.toPem() );
632 query.bindValue( QStringLiteral(
":id" ),
id );
633 query.bindValue( QStringLiteral(
":host" ), config.
sslHostPort().trimmed() );
634 query.bindValue( QStringLiteral(
":cert" ), certpem );
635 query.bindValue( QStringLiteral(
":config" ), config.
configString() );
640 QgsDebugMsgLevel( QStringLiteral(
"Store SSL cert custom config SUCCESS for host:port, id: %1, %2" )
650 QMutexLocker locker( &
mMutex );
668 if ( query.isActive() && query.isSelect() )
670 while ( query.next() )
672 ids.append( query.value( 0 ).toString() );
681 QMutexLocker locker( &
mMutex );
687 if (
id.isEmpty() || hostport.isEmpty() )
689 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
701 query.bindValue( QStringLiteral(
":id" ),
id );
702 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
707 if ( query.isActive() && query.isSelect() )
711 config.
setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
714 QgsDebugMsgLevel( QStringLiteral(
"SSL cert custom config retrieved for host:port, id: %1, %2" ).arg( hostport,
id ), 2 );
729 QMutexLocker locker( &
mMutex );
745 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
750 if ( query.isActive() && query.isSelect() )
754 config.
setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
757 QgsDebugMsgLevel( QStringLiteral(
"SSL cert custom config retrieved for host:port %1" ).arg( hostport ), 2 );
771 QMutexLocker locker( &
mMutex );
775 QList<QgsAuthConfigSslServer> configs;
790 if ( query.isActive() && query.isSelect() )
792 while ( query.next() )
795 config.
setSslCertificate( QSslCertificate( query.value( 2 ).toByteArray(), QSsl::Pem ) );
798 configs.append( config );
806 QMutexLocker locker( &
mMutex );
810 if (
id.isEmpty() || hostport.isEmpty() )
812 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
818 setError( tr(
"Auth db could not be opened" ) );
825 query.bindValue( QStringLiteral(
":id" ),
id );
826 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
832 if ( query.isActive() && query.isSelect() )
836 QgsDebugMsgLevel( QStringLiteral(
"SSL cert custom config exists for host:port, id: %1, %2" ).arg( hostport,
id ), 2 );
841 QgsDebugError( QStringLiteral(
"Retrieved more than one SSL cert custom config for host:port, id: %1, %2" ).arg( hostport,
id ) );
842 emit
messageLog( tr(
"Authentication database contains more than one SSL cert custom configs for host:port, id: %1, %2" )
852 QMutexLocker locker( &
mMutex );
856 if (
id.isEmpty() || hostport.isEmpty() )
858 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
873 query.bindValue( QStringLiteral(
":id" ),
id );
874 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
882 if ( query.numRowsAffected() == 0 )
895 QMutexLocker locker( &
mMutex );
913 if ( query.isActive() && query.isSelect() )
915 while ( query.next() )
917 ids.append( query.value( 0 ).toString() );
925 QMutexLocker locker( &
mMutex );
941 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
952 const QString pem( cert.toPem() );
958 query.bindValue( QStringLiteral(
":id" ),
id );
959 query.bindValue( QStringLiteral(
":cert" ), pem );
964 QgsDebugMsgLevel( QStringLiteral(
"Store certificate authority SUCCESS for id: %1" ).arg(
id ), 2 );
972 QMutexLocker locker( &
mMutex );
976 QSslCertificate emptycert;
990 query.bindValue( QStringLiteral(
":id" ),
id );
995 QSslCertificate cert;
997 if ( query.isActive() && query.isSelect() )
1001 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
1002 QgsDebugMsgLevel( QStringLiteral(
"Certificate authority retrieved for id: %1" ).arg(
id ), 2 );
1015 QMutexLocker locker( &
mMutex );
1019 if ( cert.isNull() )
1021 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1036 query.bindValue( QStringLiteral(
":id" ),
id );
1042 if ( query.isActive() && query.isSelect() )
1044 if ( query.first() )
1046 QgsDebugMsgLevel( QStringLiteral(
"Certificate authority exists for id: %1" ).arg(
id ), 2 );
1061 QMutexLocker locker( &
mMutex );
1065 if ( cert.isNull() )
1067 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1073 setError( tr(
"Auth db could not be opened" ) );
1083 query.bindValue( QStringLiteral(
":id" ),
id );
1091 if ( query.numRowsAffected() == 0 )
1104 QMutexLocker locker( &
mMutex );
1108 QMap<QString, QgsAuthCertUtils::CertTrustPolicy> trustedCerts;
1113 return trustedCerts;
1121 return trustedCerts;
1123 if ( query.isActive() && query.isSelect() )
1125 while ( query.next() )
1127 QString
id( query.value( 0 ).toString() );
1128 int policy = query.value( 1 ).toInt();
1130 trustedCerts[
id ] = trustPolicy;
1134 return trustedCerts;
1139 QMutexLocker locker( &
mMutex );
1143 QList<QSslCertificate> authorities;
1158 if ( query.isActive() && query.isSelect() )
1160 while ( query.next() )
1162 const QSslCertificate cert( query.value( 1 ).toByteArray(), QSsl::Pem );
1163 if ( !cert.isNull() )
1165 authorities.append( cert );
1169 const QString
id { query.value( 0 ).toString() };
1179 QMutexLocker locker( &
mMutex );
1183 if ( policyExisted )
1192 if ( cert.isNull() )
1194 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1200 setError( tr(
"Auth db could not be opened" ) );
1209 if ( !policyExisted )
1211 QgsDebugMsgLevel( QStringLiteral(
"Passed policy was default, no cert records in database for id: %1" ).arg(
id ), 2 );
1217 setError( tr(
"Failed to remove certificate trust policy for id: %1" ).arg(
id ) );
1221 QgsDebugMsgLevel( QStringLiteral(
"Passed policy was default, all cert records in database were removed for id: %1" ).arg(
id ), 2 );
1231 setError( tr(
"Failed to remove certificate trust policy for id: %1" ).arg(
id ) );
1239 query.bindValue( QStringLiteral(
":id" ),
id );
1240 query.bindValue( QStringLiteral(
":policy" ),
static_cast< int >( policy ) );
1245 QgsDebugMsgLevel( QStringLiteral(
"Store certificate trust policy SUCCESS for id: %1" ).arg(
id ), 2 );
1253 QMutexLocker locker( &
mMutex );
1257 if ( cert.isNull() )
1259 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1274 query.bindValue( QStringLiteral(
":id" ),
id );
1279 if ( query.isActive() && query.isSelect() )
1281 if ( query.first() )
1283 int policy = query.value( 0 ).toInt();
1284 QgsDebugMsgLevel( QStringLiteral(
"Certificate trust policy retrieved for id: %1" ).arg(
id ), 2 );
1298 QMutexLocker locker( &
mMutex );
1302 if ( cert.isNull() )
1304 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1312 setError( tr(
"Auth db could not be opened" ) );
1319 query.bindValue( QStringLiteral(
":id" ),
id );
1323 setError( tr(
"Failed to remove certificate trust policy '%1'" ).arg(
id ) );
1327 if ( query.numRowsAffected() == 0 )
1329 setError( tr(
"No certificate trust policy found for id: %1" ).arg(
id ) );
1340 QMutexLocker locker( &
mMutex );
1344 if ( cert.isNull() )
1346 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1361 query.bindValue( QStringLiteral(
":id" ),
id );
1366 if ( query.isActive() && query.isSelect() )
1368 if ( query.first() )
1370 return query.value( 0 ).toInt() > 0;
1380 QMutexLocker locker( &
mMutex );
1384 QList<QgsAuthConfigurationStorage::MasterPasswordConfig> passwords;
1398 if ( query.isActive() && query.isSelect() )
1400 while ( query.next() )
1402 const QString salt = query.value( 0 ).toString();
1403 const QString civ = query.value( 1 ).toString();
1404 const QString hash = query.value( 2 ).toString();
1405 passwords.append( { salt, civ, hash } );
1413 QMutexLocker locker( &
mMutex );
1419 setError( tr(
"Auth db could not be opened" ) );
1426 query.bindValue( QStringLiteral(
":salt" ), config.
salt );
1427 query.bindValue( QStringLiteral(
":civ" ), config.
civ );
1428 query.bindValue( QStringLiteral(
":hash" ), config.
hash );
1440 QMutexLocker locker( &
mMutex );
1456 return QStringLiteral(
"auth_configs" );
1461 return QStringLiteral(
"auth_settings" );
1466 return QStringLiteral(
"auth_identities" );
1471 return QStringLiteral(
"auth_servers" );
1476 return QStringLiteral(
"auth_authorities" );
1481 return QStringLiteral(
"auth_trust" );
1486 return QStringLiteral(
"auth_pass" );
1491 const QString schema {
mConfiguration.value( QStringLiteral(
"schema" ) ).toString() };
1492 if ( schema.isEmpty() )
1516 return QStringLiteral(
"DB-%2" ).arg(
mDriver );
1521 return tr(
"Store credentials in a %1 database" ).arg(
name() );
1526 QMutexLocker locker( &
mMutex );
1528 if (
mId.isEmpty() )
1531 QCryptographicHash hash( QCryptographicHash::Sha256 );
1532 hash.addData(
mDriver.toUtf8() );
1534 hash.addData( QString::number(
mPort ).toUtf8() );
1535 hash.addData(
mHost.toUtf8() );
1536 hash.addData(
mUser.toUtf8() );
1537 mId = QString( hash.result().toHex() );
1544 QMutexLocker locker( &
mMutex );
1548 setError( tr(
"Auth db could not be opened" ) );
1557 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1558 " salt TEXT NOT NULL,\n"
1559 " civ TEXT NOT NULL\n"
1567 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1568 " id TEXT NOT NULL,\n"
1569 " name TEXT NOT NULL,\n"
1571 " type TEXT NOT NULL,\n"
1572 " version INTEGER NOT NULL\n"
1586 qstr = QStringLiteral(
"CREATE INDEX IF NOT EXISTS %1 ON %2 (uri ASC);" )
1598 QMutexLocker locker( &
mMutex );
1602 setError( tr(
"Auth db could not be opened" ) );
1606 QgsDebugMsgLevel( QStringLiteral(
"Creating cert tables in auth db" ), 2 );
1613 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1614 " setting TEXT NOT NULL\n"
1622 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1623 " id TEXT NOT NULL,\n"
1624 " key TEXT NOT NULL\n"
1633 qstr = QStringLiteral(
"CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1642 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1643 " id TEXT NOT NULL,\n"
1644 " host TEXT NOT NULL,\n"
1662 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1663 " id TEXT NOT NULL\n"
1672 qstr = QStringLiteral(
"CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1681 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1682 " id TEXT NOT NULL\n"
1690 qstr = QStringLiteral(
"CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1705 QMutexLocker locker( &
mMutex );
1728 if ( query.isActive() && query.isSelect() )
1730 while ( query.next() )
1732 QString authcfg = query.value( 0 ).toString();
1734 config.
setId( authcfg );
1735 config.
setName( query.value( 1 ).toString() );
1736 config.
setUri( query.value( 2 ).toString() );
1737 config.
setMethod( query.value( 3 ).toString() );
1738 config.
setVersion( query.value( 4 ).toInt() );
1740 if ( !allowedMethods.isEmpty() && !allowedMethods.contains( config.
method() ) )
1745 baseConfigs.insert( authcfg, config );
1755 QMutexLocker locker( &
mMutex );
1778 if ( query.isActive() && query.isSelect() )
1780 while ( query.next() )
1782 QString authcfg = query.value( 0 ).toString();
1784 config.
setId( authcfg );
1785 config.
setName( query.value( 1 ).toString() );
1786 config.
setUri( query.value( 2 ).toString() );
1787 config.
setMethod( query.value( 3 ).toString() );
1788 config.
setVersion( query.value( 4 ).toInt() );
1789 config.
setConfig( QStringLiteral(
"encrypted_payload" ), query.value( 5 ).toString() );
1790 baseConfigs.insert( authcfg, config );
1798 QMutexLocker locker( &
mMutex );
1807 setError( tr(
"Auth db could not be opened" ) );
1814 QString schema {
mConfiguration.value( QStringLiteral(
"schema" ) ).toString() };
1815 if ( ! schema.isEmpty() )
1913 QMutexLocker locker( &
mMutex );
1936 query.bindValue( QStringLiteral(
":id" ),
id );
1943 if ( query.isActive() && query.isSelect() )
1945 if ( query.first() )
1948 config.
setName( query.value( 0 ).toString() );
1949 config.
setUri( query.value( 1 ).toString() );
1950 config.
setMethod( query.value( 2 ).toString() );
1951 config.
setVersion( query.value( 3 ).toInt() );
1954 payload = query.value( 4 ).toString();
1968 QMutexLocker locker( &
mMutex );
1981 setError( tr(
"Auth db could not be opened" ) );
1985 if ( payload.isEmpty() )
1991 if ( ! config.
isValid(
true ) )
2003 query.prepare( QStringLiteral(
"INSERT INTO %1 (id, name, uri, type, version, config) VALUES (:id, :name, :uri, :type, :version, :config)" ).arg(
quotedQualifiedIdentifier(
methodConfigTableName() ) ) );
2004 query.bindValue( QStringLiteral(
":id" ), config.
id() );
2005 query.bindValue( QStringLiteral(
":name" ), config.
name() );
2006 query.bindValue( QStringLiteral(
":uri" ), config.
uri() );
2007 query.bindValue( QStringLiteral(
":type" ), config.
method() );
2008 query.bindValue( QStringLiteral(
":version" ), config.
version() );
2009 query.bindValue( QStringLiteral(
":config" ), payload );
2024 QMutexLocker locker( &
mMutex );
2030 setError( tr(
"Auth db could not be opened" ) );
2037 query.bindValue( QStringLiteral(
":id" ),
id );
2045 if ( query.numRowsAffected() == 0 )
2058 QMutexLocker locker( &
mMutex );
2071 query.bindValue( QStringLiteral(
":id" ),
id );
2081 return query.value( 0 ).toInt() > 0;
2089 QMutexLocker locker( &
mMutex );
2103 setError( tr(
"Auth db could not be opened" ) );
2109 query.prepare( QStringLiteral(
"INSERT INTO %1 (setting, value) VALUES (:setting, :value)" )
2111 query.bindValue( QStringLiteral(
":setting" ), key );
2112 query.bindValue( QStringLiteral(
":value" ), value );
2128 QMutexLocker locker( &
mMutex );
2141 query.bindValue( QStringLiteral(
":setting" ), key );
2151 return query.value( 0 ).toString();
2156 QgsDebugMsgLevel( QStringLiteral(
"Setting '%1' does not exist" ).arg( key ), 2 );
2164 QMutexLocker locker( &
mMutex );
2177 query.bindValue( QStringLiteral(
":setting" ), key );
2185 if ( query.numRowsAffected() == 0 )
2198 QMutexLocker locker( &
mMutex );
2211 query.bindValue( QStringLiteral(
":setting" ), key );
2221 return query.value( 0 ).toInt() > 0;
2229bool QgsAuthConfigurationStorageDb::clearTables(
const QStringList &tables )
2231 QMutexLocker locker( &
mMutex );
2235 setError( tr(
"Auth db could not be opened" ) );
2241 for (
const auto &table : std::as_const( tables ) )
2299 QString schema {
mConfiguration.value( QStringLiteral(
"schema" ) ).toString() };
2300 if ( ! schema.isEmpty() )
2307const QMap<QString, QVariant> QgsAuthConfigurationStorageDb::uriToSettings(
const QString &uri )
2312 if ( url.isValid() )
2314 settings.insert( QStringLiteral(
"driver" ), url.scheme().toUpper() );
2315 settings.insert( QStringLiteral(
"host" ), url.host() );
2316 settings.insert( QStringLiteral(
"port" ), QString::number( url.port() ) );
2317 QString path { url.path() };
2319 if ( path.startsWith( QLatin1Char(
'/' ) ) &&
2320 !(
settings.value( QStringLiteral(
"driver" ) ) == QLatin1String(
"QSQLITE" ) ||
2321 settings.value( QStringLiteral(
"driver" ) ) == QLatin1String(
"QSPATIALITE" ) ) )
2323 path = path.mid( 1 );
2325 settings.insert( QStringLiteral(
"database" ), path );
2326 settings.insert( QStringLiteral(
"user" ), url.userName() );
2327 settings.insert( QStringLiteral(
"password" ), url.password() );
2328 QUrlQuery query{ url };
2331 QString schemaName { query.queryItemValue( QStringLiteral(
"schema" ) ) };
2332 if ( schemaName.isEmpty() )
2334 schemaName = query.queryItemValue( QStringLiteral(
"SCHEMA" ) );
2337 if ( ! schemaName.isEmpty() )
2339 settings.insert( QStringLiteral(
"schema" ), schemaName );
2340 query.removeAllQueryItems( QStringLiteral(
"schema" ) );
2341 query.removeAllQueryItems( QStringLiteral(
"SCHEMA" ) );
2344 settings.insert( QStringLiteral(
"options" ), query.toString() );
2367 if ( clearTables( {{
2388 QMutexLocker locker( &
mMutex );
QFlags< AuthConfigurationStorageCapability > AuthConfigurationStorageCapabilities
Authentication configuration storage capabilities.
@ Warning
Warning message.
@ Critical
Critical/error message.
@ CreateSetting
Can create a new authentication setting.
@ UpdateSetting
Can update the authentication setting.
@ CreateConfiguration
Can create a new authentication configuration.
@ ClearStorage
Can clear all configurations from storage.
@ DeleteCertificateAuthority
Can delete a certificate authority.
@ DeleteSslCertificateCustomConfig
Can delete a SSL certificate custom config.
@ DeleteSetting
Can delete the authentication setting.
@ ReadSslCertificateCustomConfig
Can read a SSL certificate custom config.
@ DeleteMasterPassword
Can delete the master password.
@ CreateSslCertificateCustomConfig
Can create a new SSL certificate custom config.
@ ReadCertificateTrustPolicy
Can read a certificate trust policy.
@ ReadConfiguration
Can read an authentication configuration.
@ UpdateConfiguration
Can update an authentication configuration.
@ UpdateCertificateTrustPolicy
Can update a certificate trust policy.
@ ReadCertificateAuthority
Can read a certificate authority.
@ CreateCertificateAuthority
Can create a new certificate authority.
@ DeleteConfiguration
Can deleet an authentication configuration.
@ ReadSetting
Can read the authentication settings.
@ UpdateMasterPassword
Can update the master password.
@ UpdateCertificateAuthority
Can update a certificate authority.
@ CreateCertificateIdentity
Can create a new certificate identity.
@ ReadCertificateIdentity
Can read a certificate identity.
@ CreateCertificateTrustPolicy
Can create a new certificate trust policy.
@ ReadMasterPassword
Can read the master password.
@ CreateMasterPassword
Can create a new master password.
@ UpdateCertificateIdentity
Can update a certificate identity.
@ DeleteCertificateTrustPolicy
Can delete a certificate trust policy.
@ DeleteCertificateIdentity
Can delete a certificate identity.
@ UpdateSslCertificateCustomConfig
Can update a SSL certificate custom config.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
CertTrustPolicy
Type of certificate trust policy.
Configuration container for SSL server connection exceptions or overrides.
void setSslCertificate(const QSslCertificate &cert)
Sets server certificate object.
void setSslHostPort(const QString &hostport)
Sets server host:port string.
const QSslCertificate sslCertificate() const
Server certificate object.
const QString sslHostPort() const
Server host:port string.
const QString configString() const
Configuration as a concatenated string.
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g. from auth database.
QSqlDatabase based implementation of QgsAuthConfigurationStorage.
QgsAuthConfigurationStorageDb(const QMap< QString, QVariant > &settings)
Creates a new QgsAuthConfigurationStorageDb instance from the specified settings.
bool removeCertTrustPolicy(const QSslCertificate &cert) override
Remove certificate trust policy.
bool authDbTransactionQuery(QSqlQuery *query)
Executes the specified query on the database using a transaction.
virtual bool tableExists(const QString &table) const
Returns true if the specified table exists in the database, false otherwise.
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy) override
Store certificate trust policy.
QStringList certAuthorityIds() const override
Returns the list of certificate authority IDs in the storage.
const QgsAuthConfigSslServer loadSslCertCustomConfigByHost(const QString &hostport) const override
Loads an SSL certificate custom config by hostport (host:port)
QString loadAuthSetting(const QString &key) const override
Load an authentication setting from the storage.
bool removeAuthSetting(const QString &key) override
Remove an authentication setting from the storage.
const QMap< QString, QgsAuthCertUtils::CertTrustPolicy > caCertsPolicy() const override
Returns the map of CA certificates hashes in the storages and their trust policy.
QgsAuthCertUtils::CertTrustPolicy loadCertTrustPolicy(const QSslCertificate &cert) const override
Load certificate trust policy.
bool sslCertCustomConfigExists(const QString &id, const QString &hostport) override
Check if SSL certificate custom config exists.
virtual void checkCapabilities()
Checks the capabilities of the storage.
bool authDbQuery(QSqlQuery *query, const QString &sql=QString()) const
Runs the specified query on the database.
bool storeAuthSetting(const QString &key, const QString &value) override
Store an authentication setting in the storage.
bool removeCertIdentity(const QSslCertificate &cert) override
Remove a certificate identity from the storage.
const QPair< QSslCertificate, QString > loadCertIdentityBundle(const QString &id) const override
Returns a certificate identity bundle by id (sha hash).
const QList< QgsAuthConfigurationStorage::MasterPasswordConfig > masterPasswords() const override
Returns the list of (encrypted) master passwords stored in the database.
bool clearMethodConfigs() override
Remove all authentications configurations from the storage.
bool createCertTables()
Creates the certificate tables in the database.
~QgsAuthConfigurationStorageDb() override
bool storeSslCertCustomConfig(const QgsAuthConfigSslServer &config) override
Store an SSL certificate custom config.
virtual QString certIdentityTableName() const
Returns the name of the table used to store the certificate identities.
bool authDbOpen() const
Opens the connction to the database.
virtual QString quotedQualifiedIdentifier(const QString &identifier, bool isIndex=false) const
Returns the quoted identifier, prefixed with the schema (if not null), ready for the insertion into a...
bool methodConfigExists(const QString &id) const override
Check if an authentication configuration exists in the storage.
virtual QString methodConfigTableName() const
Returns the name of the table used to store the method configurations.
QSqlDatabase authDatabaseConnection() const
Returns the database connection used by this storage.
QList< QgsAuthConfigurationStorage::SettingParameter > settingsParameters() const override
Returns a list of the settings accepted by the storage.
QStringList certIdentityIds() const override
certIdentityIds get list of certificate identity ids from database
bool storeMasterPassword(const QgsAuthConfigurationStorage::MasterPasswordConfig &config) override
Store a master password in the database.
bool isReady() const override
Returns true is the storage is ready to be used.
bool initialize() override
Initializes the storage.
bool storeMethodConfig(const QgsAuthMethodConfig &mconfig, const QString &payload) override
Store an authentication config in the database.
bool removeCertAuthority(const QSslCertificate &cert) override
Remove a certificate authority.
const QSslCertificate loadCertIdentity(const QString &id) const override
certIdentity get a certificate identity by id (sha hash)
const QList< QgsAuthConfigSslServer > sslCertCustomConfigs() const override
sslCertCustomConfigs get SSL certificate custom configs
QgsAuthMethodConfigsMap authMethodConfigs(const QStringList &allowedMethods=QStringList()) const override
Returns a mapping of authentication configurations available from this storage.
const QList< QSslCertificate > caCerts() const override
Returns the list of CA certificates in the storage.
bool certTrustPolicyExists(const QSslCertificate &cert) const override
Check if certificate trust policy exists.
bool createConfigTables()
Creates the configuration tables in the database.
virtual QString authSettingsTableName() const
Returns the name of the table used to store the auth settings.
const QSslCertificate loadCertAuthority(const QString &id) const override
certAuthority get a certificate authority by id (sha hash)
virtual QString certTrustPolicyTableName() const
Returns the name of the table used to store the certificate trust policies.
bool removeMethodConfig(const QString &id) override
Removes the authentication configuration with the specified id.
QgsAuthMethodConfigsMap authMethodConfigsWithPayload() const override
Returns a mapping of authentication configurations available from this storage.
virtual QString sslCertCustomConfigTableName() const
Returns the name of the table used to store the SSL custom configurations.
QString id() const override
Returns the unique identifier of the storage object.
bool certIdentityExists(const QString &id) const override
Check if the certificate identity exists.
QString type() const override
Returns the type of the storage implementation.
bool certAuthorityExists(const QSslCertificate &cert) const override
Check if a certificate authority exists.
QgsAuthMethodConfig loadMethodConfig(const QString &id, QString &payload, bool full=false) const override
Load an authentication configuration from the database.
bool storeCertIdentity(const QSslCertificate &cert, const QString &keyPem) override
Store a certificate identity in the storage.
bool erase() override
Completely erase the storage removing all configurations/certs/settings etc.
virtual QString certAuthorityTableName() const
Returns the name of the table used to store the certificate authorities.
bool removeSslCertCustomConfig(const QString &id, const QString &hostport) override
Remove an SSL certificate custom config.
const QList< QSslCertificate > certIdentities() const override
certIdentities get certificate identities
bool clearMasterPasswords() override
Remove all master passwords from the database.
QString description() const override
Returns a human readable localized description of the storage implementation (e.g.
QString name() const override
Returns a human readable localized short name of the storage implementation (e.g "SQLite").
virtual QString masterPasswordTableName() const
Returns the name of the table used to store the master passwords.
bool authSettingExists(const QString &key) const override
Check if an authentication setting exists in the storage.
bool storeCertAuthority(const QSslCertificate &cert) override
Store a certificate authority.
const QgsAuthConfigSslServer loadSslCertCustomConfig(const QString &id, const QString &hostport) const override
Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)
QStringList sslCertCustomConfigIds() const override
Returns the list of SSL certificate custom config ids.
Abstract class that defines the interface for all authentication configuration storage implementation...
QMap< QString, QVariant > mConfiguration
Store the implementation-specific configuration.
void readOnlyChanged(bool readOnly)
Emitted when the storage read-only status was changed.
void certIdentityChanged()
Emitted when the storage cert identity table was changed.
void methodConfigChanged()
Emitted when the storage method config table was changed.
void setError(const QString &error, Qgis::MessageLevel level=Qgis::MessageLevel::Critical)
Set the last error message to error with message level level.
Qgis::AuthConfigurationStorageCapabilities capabilities() const
Returns the capabilities of the storage.
virtual QString loggerTag() const
Returns the logger tag for the storage.
bool isEnabled() const
Returns true if the storage is enabled.
void sslCertTrustPolicyChanged()
Emitted when the storage ssl cert trust policy table was changed.
void masterPasswordChanged()
Emitted when the storage master password table was changed.
void certAuthorityChanged()
Emitted when the storage cert authority table was changed.
void messageLog(const QString &message, const QString &tag=QStringLiteral("Authentication"), Qgis::MessageLevel level=Qgis::MessageLevel::Info)
Custom logging signal to relay to console output and QgsMessageLog.
void sslCertCustomConfigChanged()
Emitted when the storage ssl cert custom config table was changed.
void authSettingsChanged()
Emitted when the storage auth settings table was changed.
void storageChanged(const QString &id)
Emitted when the storage was updated.
virtual QString lastError() const
Returns the last error message.
void checkCapability(Qgis::AuthConfigurationStorageCapability capability) const
Utility to check capability and throw QgsNotSupportedException if not supported.
virtual bool isReadOnly() const
Returns true if the storage is read-only, false otherwise.
QMap< QString, QVariant > settings() const
Returns the settings of the storage.
Qgis::AuthConfigurationStorageCapabilities mCapabilities
Store the capabilities of the storage.
Configuration storage class for authentication method configurations.
bool isValid(bool validateid=false) const
Whether the configuration is valid.
QString method() const
Textual key of the associated authentication method.
const QString uri() const
A URI to auto-select a config when connecting to a resource.
void setName(const QString &name)
Sets name of configuration.
void setVersion(int version)
Sets version of the configuration.
const QString name() const
Gets name of configuration.
const QString id() const
Gets 'authcfg' 7-character alphanumeric ID of the config.
void setConfig(const QString &key, const QString &value)
Set a single config value per key in the map.
int version() const
Gets version of the configuration.
void setMethod(const QString &method)
void setUri(const QString &uri)
void setId(const QString &id)
Sets auth config ID.
Custom exception class which is raised when an operation is not supported.
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
#define QgsDebugMsgLevel(str, level)
#define QgsDebugError(str)
Structure that holds the (encrypted) master password elements.