QGIS API Documentation  3.8.0-Zanzibar (11aff65)
qgsauthauthoritieseditor.cpp
Go to the documentation of this file.
1 /***************************************************************************
2  qgsauthauthoritieseditor.cpp
3  ---------------------
4  begin : April 26, 2015
5  copyright : (C) 2015 by Boundless Spatial, Inc. USA
6  author : Larry Shaffer
7  email : lshaffer at boundlessgeo dot com
8  ***************************************************************************
9  * *
10  * This program is free software; you can redistribute it and/or modify *
11  * it under the terms of the GNU General Public License as published by *
12  * the Free Software Foundation; either version 2 of the License, or *
13  * (at your option) any later version. *
14  * *
15  ***************************************************************************/
16 
17 #include "qgsauthauthoritieseditor.h"
18 #include "ui_qgsauthauthoritieseditor.h"
19 
20 #include <QAction>
21 #include <QComboBox>
22 #include <QDateTime>
23 #include <QDir>
24 #include <QFileDialog>
25 #include <QFileInfo>
26 #include <QMenu>
27 #include <QMessageBox>
28 #include <QPair>
29 #include <QPushButton>
30 #include <QSslConfiguration>
31 
32 #include "qgssettings.h"
33 #include "qgsapplication.h"
34 #include "qgsauthcertificateinfo.h"
35 #include "qgsauthcertutils.h"
36 #include "qgsauthguiutils.h"
37 #include "qgsauthimportcertdialog.h"
38 #include "qgsauthmanager.h"
39 #include "qgsauthtrustedcasdialog.h"
40 #include "qgslogger.h"
41 
42 QgsAuthAuthoritiesEditor::QgsAuthAuthoritiesEditor( QWidget *parent )
43  : QWidget( parent )
44 {
45  if ( QgsApplication::authManager()->isDisabled() )
46  {
47  mDisabled = true;
48  mAuthNotifyLayout = new QVBoxLayout;
49  this->setLayout( mAuthNotifyLayout );
50  mAuthNotify = new QLabel( QgsApplication::authManager()->disabledMessage(), this );
51  mAuthNotifyLayout->addWidget( mAuthNotify );
52  }
53  else
54  {
55  setupUi( this );
56  connect( btnAddCa, &QToolButton::clicked, this, &QgsAuthAuthoritiesEditor::btnAddCa_clicked );
57  connect( btnRemoveCa, &QToolButton::clicked, this, &QgsAuthAuthoritiesEditor::btnRemoveCa_clicked );
58  connect( btnInfoCa, &QToolButton::clicked, this, &QgsAuthAuthoritiesEditor::btnInfoCa_clicked );
59  connect( btnGroupByOrg, &QToolButton::toggled, this, &QgsAuthAuthoritiesEditor::btnGroupByOrg_toggled );
60  connect( btnCaFile, &QToolButton::clicked, this, &QgsAuthAuthoritiesEditor::btnCaFile_clicked );
61  connect( btnCaFileClear, &QToolButton::clicked, this, &QgsAuthAuthoritiesEditor::btnCaFileClear_clicked );
62 
63  connect( QgsApplication::authManager(), &QgsAuthManager::messageOut,
64  this, &QgsAuthAuthoritiesEditor::authMessageOut );
65 
66  connect( QgsApplication::authManager(), &QgsAuthManager::authDatabaseChanged,
67  this, &QgsAuthAuthoritiesEditor::refreshCaCertsView );
68 
69  setupCaCertsTree();
70 
71  connect( treeWidgetCAs->selectionModel(), &QItemSelectionModel::selectionChanged,
72  this, &QgsAuthAuthoritiesEditor::selectionChanged );
73 
74  connect( treeWidgetCAs, &QTreeWidget::itemDoubleClicked,
75  this, &QgsAuthAuthoritiesEditor::handleDoubleClick );
76 
77  connect( btnViewRefresh, &QAbstractButton::clicked, this, &QgsAuthAuthoritiesEditor::refreshCaCertsView );
78 
79  QVariant cafileval = QgsApplication::authManager()->authSetting( QStringLiteral( "cafile" ) );
80  if ( !cafileval.isNull() )
81  {
82  leCaFile->setText( cafileval.toString() );
83  }
84 
85  btnGroupByOrg->setChecked( false );
86  QVariant sortbyval = QgsApplication::authManager()->authSetting( QStringLiteral( "casortby" ), QVariant( false ) );
87  if ( !sortbyval.isNull() )
88  btnGroupByOrg->setChecked( sortbyval.toBool() );
89 
90  mDefaultTrustPolicy = QgsApplication::authManager()->defaultCertTrustPolicy();
91  populateCaCertsView();
92  checkSelection();
93 
94  populateUtilitiesMenu();
95  }
96 }
97 
98 static void setItemBold_( QTreeWidgetItem *item )
99 {
100  item->setFirstColumnSpanned( true );
101  QFont secf( item->font( 0 ) );
102  secf.setBold( true );
103  item->setFont( 0, secf );
104 }
105 
106 void QgsAuthAuthoritiesEditor::setupCaCertsTree()
107 {
108  treeWidgetCAs->setColumnCount( 4 );
109  treeWidgetCAs->setHeaderLabels(
110  QStringList() << tr( "Common Name" )
111  << tr( "Serial #" )
112  << tr( "Expiry Date" )
113  << tr( "Trust Policy" ) );
114  treeWidgetCAs->setColumnWidth( 0, 300 );
115  treeWidgetCAs->setColumnWidth( 1, 75 );
116  treeWidgetCAs->setColumnWidth( 2, 200 );
117 
118  // add root sections
119  mDbCaSecItem = new QTreeWidgetItem(
120  treeWidgetCAs,
121  QStringList( QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::InDatabase ) ),
122  static_cast<int>( QgsAuthAuthoritiesEditor::Section ) );
123  setItemBold_( mDbCaSecItem );
124  mDbCaSecItem->setFlags( Qt::ItemIsEnabled );
125  mDbCaSecItem->setExpanded( true );
126  treeWidgetCAs->insertTopLevelItem( 0, mDbCaSecItem );
127 
128  mFileCaSecItem = new QTreeWidgetItem(
129  treeWidgetCAs,
130  QStringList( QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::FromFile ) ),
131  static_cast<int>( QgsAuthAuthoritiesEditor::Section ) );
132  setItemBold_( mFileCaSecItem );
133  mFileCaSecItem->setFlags( Qt::ItemIsEnabled );
134  mFileCaSecItem->setExpanded( true );
135  treeWidgetCAs->insertTopLevelItem( 0, mFileCaSecItem );
136 
137  mRootCaSecItem = new QTreeWidgetItem(
138  treeWidgetCAs,
139  QStringList( QgsAuthCertUtils::getCaSourceName( QgsAuthCertUtils::SystemRoot ) ),
140  static_cast<int>( QgsAuthAuthoritiesEditor::Section ) );
141  setItemBold_( mRootCaSecItem );
142  mRootCaSecItem->setFlags( Qt::ItemIsEnabled );
143  mRootCaSecItem->setExpanded( false );
144  treeWidgetCAs->insertTopLevelItem( 0, mRootCaSecItem );
145 }
146 
147 void QgsAuthAuthoritiesEditor::populateCaCertsView()
148 {
149  updateCertTrustPolicyCache();
150  populateDatabaseCaCerts();
151  populateFileCaCerts();
152  populateRootCaCerts();
153 }
154 
155 void QgsAuthAuthoritiesEditor::refreshCaCertsView()
156 {
157 // QgsApplication::authManager()->rebuildCaCertsCache();
158  populateCaCertsView();
159 }
160 
161 static void removeChildren_( QTreeWidgetItem *item )
162 {
163  const auto constTakeChildren = item->takeChildren();
164  for ( QTreeWidgetItem *child : constTakeChildren )
165  {
166  delete child;
167  }
168 }
169 
170 void QgsAuthAuthoritiesEditor::populateDatabaseCaCerts()
171 {
172  removeChildren_( mDbCaSecItem );
173 
174  bool expanded = mDbCaSecItem->isExpanded();
175  populateCaCertsSection( mDbCaSecItem,
176  QgsApplication::authManager()->databaseCAs(),
177  QgsAuthAuthoritiesEditor::DbCaCert );
178  mDbCaSecItem->setExpanded( expanded );
179 }
180 
181 void QgsAuthAuthoritiesEditor::populateFileCaCerts()
182 {
183  removeChildren_( mFileCaSecItem );
184 
185  bool expanded = mFileCaSecItem->isExpanded();
186  populateCaCertsSection( mFileCaSecItem,
187  QgsApplication::authManager()->extraFileCAs(),
188  QgsAuthAuthoritiesEditor::FileCaCert );
189  mFileCaSecItem->setExpanded( expanded );
190 }
191 
192 void QgsAuthAuthoritiesEditor::populateRootCaCerts()
193 {
194  removeChildren_( mRootCaSecItem );
195 
196  bool expanded = mRootCaSecItem->isExpanded();
197  populateCaCertsSection( mRootCaSecItem,
198  QgsApplication::authManager()->systemRootCAs(),
199  QgsAuthAuthoritiesEditor::RootCaCert );
200  mRootCaSecItem->setExpanded( expanded );
201 }
202 
203 void QgsAuthAuthoritiesEditor::populateCaCertsSection( QTreeWidgetItem *item, const QList<QSslCertificate> &certs,
204  QgsAuthAuthoritiesEditor::CaType catype )
205 {
206  if ( btnGroupByOrg->isChecked() )
207  {
208  appendCertsToGroup( certs, catype, item );
209  }
210  else
211  {
212  appendCertsToItem( certs, catype, item );
213  }
214 }
215 
216 void QgsAuthAuthoritiesEditor::appendCertsToGroup( const QList<QSslCertificate> &certs,
217  QgsAuthAuthoritiesEditor::CaType catype,
218  QTreeWidgetItem *parent )
219 {
220  if ( certs.empty() )
221  return;
222 
223  if ( !parent )
224  {
225  parent = treeWidgetCAs->currentItem();
226  }
227 
228  // TODO: find all organizational name, sort and make subsections
229  QMap< QString, QList<QSslCertificate> > orgcerts(
230  QgsAuthCertUtils::certsGroupedByOrg( certs ) );
231 
232  QMap< QString, QList<QSslCertificate> >::const_iterator it = orgcerts.constBegin();
233  for ( ; it != orgcerts.constEnd(); ++it )
234  {
235  QTreeWidgetItem *grpitem( new QTreeWidgetItem( parent,
236  QStringList() << it.key(),
237  static_cast<int>( QgsAuthAuthoritiesEditor::OrgName ) ) );
238  grpitem->setFirstColumnSpanned( true );
239  grpitem->setFlags( Qt::ItemIsEnabled );
240  grpitem->setExpanded( true );
241 
242  QBrush orgb( grpitem->foreground( 0 ) );
243  orgb.setColor( QColor::fromRgb( 90, 90, 90 ) );
244  grpitem->setForeground( 0, orgb );
245  QFont grpf( grpitem->font( 0 ) );
246  grpf.setItalic( true );
247  grpitem->setFont( 0, grpf );
248 
249  appendCertsToItem( it.value(), catype, grpitem );
250  }
251 
252  parent->sortChildren( 0, Qt::AscendingOrder );
253 }
254 
255 void QgsAuthAuthoritiesEditor::appendCertsToItem( const QList<QSslCertificate> &certs,
256  QgsAuthAuthoritiesEditor::CaType catype,
257  QTreeWidgetItem *parent )
258 {
259  if ( certs.empty() )
260  return;
261 
262  if ( !parent )
263  {
264  parent = treeWidgetCAs->currentItem();
265  }
266 
267  QBrush greenb( QgsAuthGuiUtils::greenColor() );
268  QBrush redb( QgsAuthGuiUtils::redColor() );
269 
270  QStringList trustedids = mCertTrustCache.value( QgsAuthCertUtils::Trusted );
271  QStringList untrustedids = mCertTrustCache.value( QgsAuthCertUtils::Untrusted );
272 
273  // Columns: Common Name, Serial #, Expiry Date
274  const auto constCerts = certs;
275  for ( const QSslCertificate &cert : constCerts )
276  {
277  QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
278 
279  QStringList coltxts;
280  coltxts << QgsAuthCertUtils::resolvedCertName( cert );
281  coltxts << QString( cert.serialNumber() );
282  coltxts << cert.expiryDate().toString();
283 
284  // trust policy
285  QString policy( QgsAuthCertUtils::getCertTrustName( mDefaultTrustPolicy ) );
286  if ( trustedids.contains( id ) )
287  {
288  policy = QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Trusted );
289  }
290  else if ( untrustedids.contains( id ) || !cert.isValid() )
291  {
292  policy = QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Untrusted );
293  }
294  coltxts << policy;
295 
296  QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, static_cast<int>( catype ) ) );
297 
298  item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
299  if ( !cert.isValid() )
300  {
301  item->setForeground( 2, redb );
302  item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
303  }
304 
305  if ( trustedids.contains( id ) )
306  {
307  item->setForeground( 3, greenb );
308  if ( cert.isValid() )
309  {
310  item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateTrusted.svg" ) ) );
311  }
312  }
313  else if ( untrustedids.contains( id ) )
314  {
315  item->setForeground( 3, redb );
316  item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
317  }
318  else if ( mDefaultTrustPolicy == QgsAuthCertUtils::Untrusted )
319  {
320  item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
321  }
322 
323  item->setData( 0, Qt::UserRole, id );
324  }
325 
326  parent->sortChildren( 0, Qt::AscendingOrder );
327 }
328 
329 void QgsAuthAuthoritiesEditor::updateCertTrustPolicyCache()
330 {
331  mCertTrustCache = QgsApplication::authManager()->certTrustCache();
332 }
333 
334 void QgsAuthAuthoritiesEditor::populateUtilitiesMenu()
335 {
336  mActionDefaultTrustPolicy = new QAction( QStringLiteral( "Change default trust policy" ), this );
337  connect( mActionDefaultTrustPolicy, &QAction::triggered, this, &QgsAuthAuthoritiesEditor::editDefaultTrustPolicy );
338 
339  mActionShowTrustedCAs = new QAction( QStringLiteral( "Show trusted authorities/issuers" ), this );
340  connect( mActionShowTrustedCAs, &QAction::triggered, this, &QgsAuthAuthoritiesEditor::showTrustedCertificateAuthorities );
341 
342  mUtilitiesMenu = new QMenu( this );
343  mUtilitiesMenu->addAction( mActionDefaultTrustPolicy );
344  mUtilitiesMenu->addSeparator();
345  mUtilitiesMenu->addAction( mActionShowTrustedCAs );
346 
347  btnUtilities->setMenu( mUtilitiesMenu );
348 }
349 
350 void QgsAuthAuthoritiesEditor::showCertInfo( QTreeWidgetItem *item )
351 {
352  if ( !item )
353  return;
354 
355  QString digest( item->data( 0, Qt::UserRole ).toString() );
356 
357  QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > cacertscache(
358  QgsApplication::authManager()->caCertsCache() );
359 
360  if ( !cacertscache.contains( digest ) )
361  {
362  QgsDebugMsg( QStringLiteral( "Certificate Authority not in CA certs cache" ) );
363  return;
364  }
365 
366  QSslCertificate cert( cacertscache.value( digest ).second );
367 
368  QgsAuthCertInfoDialog *dlg = new QgsAuthCertInfoDialog( cert, true, this );
369  dlg->setWindowModality( Qt::WindowModal );
370  dlg->resize( 675, 500 );
371  dlg->exec();
372  if ( dlg->trustCacheRebuilt() )
373  {
374  // QgsApplication::authManager()->rebuildTrustedCaCertsCache() already called in dlg
375  populateCaCertsView();
376  }
377  dlg->deleteLater();
378 }
379 
380 void QgsAuthAuthoritiesEditor::selectionChanged( const QItemSelection &selected, const QItemSelection &deselected )
381 {
382  Q_UNUSED( selected )
383  Q_UNUSED( deselected )
384  checkSelection();
385 }
386 
387 void QgsAuthAuthoritiesEditor::checkSelection()
388 {
389  bool iscert = false;
390  bool isdbcert = false;
391  if ( treeWidgetCAs->selectionModel()->selection().length() > 0 )
392  {
393  QTreeWidgetItem *item( treeWidgetCAs->currentItem() );
394 
395  switch ( ( QgsAuthAuthoritiesEditor::CaType )item->type() )
396  {
397  case QgsAuthAuthoritiesEditor::RootCaCert:
398  iscert = true;
399  break;
400  case QgsAuthAuthoritiesEditor::FileCaCert:
401  iscert = true;
402  break;
403  case QgsAuthAuthoritiesEditor::DbCaCert:
404  iscert = true;
405  isdbcert = true;
406  break;
407  default:
408  break;
409  }
410  }
411 
412  btnRemoveCa->setEnabled( isdbcert );
413  btnInfoCa->setEnabled( iscert );
414 }
415 
416 void QgsAuthAuthoritiesEditor::handleDoubleClick( QTreeWidgetItem *item, int col )
417 {
418  Q_UNUSED( col )
419  bool iscert = true;
420 
421  switch ( ( QgsAuthAuthoritiesEditor::CaType )item->type() )
422  {
423  case QgsAuthAuthoritiesEditor::Section:
424  iscert = false;
425  break;
426  case QgsAuthAuthoritiesEditor::OrgName:
427  iscert = false;
428  break;
429  default:
430  break;
431  }
432 
433  if ( iscert )
434  {
435  showCertInfo( item );
436  }
437 }
438 
439 void QgsAuthAuthoritiesEditor::btnAddCa_clicked()
440 {
441  QgsAuthImportCertDialog *dlg = new QgsAuthImportCertDialog( this, QgsAuthImportCertDialog::CaFilter );
442  dlg->setWindowModality( Qt::WindowModal );
443  dlg->resize( 400, 450 );
444  if ( dlg->exec() )
445  {
446  const QList<QSslCertificate> &certs( dlg->certificatesToImport() );
447  if ( !QgsApplication::authManager()->storeCertAuthorities( certs ) )
448  {
449  messageBar()->pushMessage( tr( "ERROR storing CA(s) in authentication database" ),
450  Qgis::Critical );
451  }
452 
453  QgsApplication::authManager()->rebuildCaCertsCache();
454 
455  if ( dlg->certTrustPolicy() != QgsAuthCertUtils::DefaultTrust )
456  {
457  const auto constCerts = certs;
458  for ( const QSslCertificate &cert : constCerts )
459  {
460  if ( !QgsApplication::authManager()->storeCertTrustPolicy( cert, dlg->certTrustPolicy() ) )
461  {
462  authMessageOut( QObject::tr( "Could not set trust policy for imported certificates" ),
463  QObject::tr( "Authorities Manager" ),
464  QgsAuthManager::WARNING );
465  }
466  }
467  QgsApplication::authManager()->rebuildCertTrustCache();
468  updateCertTrustPolicyCache();
469  }
470 
471  QgsApplication::authManager()->rebuildTrustedCaCertsCache();
472  populateDatabaseCaCerts();
473  mDbCaSecItem->setExpanded( true );
474  }
475  dlg->deleteLater();
476 }
477 
478 void QgsAuthAuthoritiesEditor::btnRemoveCa_clicked()
479 {
480  QTreeWidgetItem *item( treeWidgetCAs->currentItem() );
481 
482  if ( !item )
483  {
484  QgsDebugMsg( QStringLiteral( "Current tree widget item not set" ) );
485  return;
486  }
487 
488  QString digest( item->data( 0, Qt::UserRole ).toString() );
489 
490  if ( digest.isEmpty() )
491  {
492  messageBar()->pushMessage( tr( "Certificate id missing" ),
493  Qgis::Warning );
494  return;
495  }
496 
497  QMap<QString, QSslCertificate> mappedcerts(
498  QgsApplication::authManager()->mappedDatabaseCAs() );
499 
500  if ( !mappedcerts.contains( digest ) )
501  {
502  QgsDebugMsg( QStringLiteral( "Certificate Authority not in mapped database CAs" ) );
503  return;
504  }
505 
506  if ( QMessageBox::warning(
507  this, tr( "Remove Certificate Authority" ),
508  tr( "Are you sure you want to remove the selected "
509  "Certificate Authority from the database?\n\n"
510  "Operation can NOT be undone!" ),
511  QMessageBox::Ok | QMessageBox::Cancel,
512  QMessageBox::Cancel ) == QMessageBox::Cancel )
513  {
514  return;
515  }
516 
517  QSslCertificate cert( mappedcerts.value( digest ) );
518 
519  if ( cert.isNull() )
520  {
521  messageBar()->pushMessage( tr( "Certificate could not be found in database for id %1:" ).arg( digest ),
522  Qgis::Warning );
523  return;
524  }
525 
526  if ( !QgsApplication::authManager()->removeCertAuthority( cert ) )
527  {
528  messageBar()->pushMessage( tr( "ERROR removing CA from authentication database for id %1:" ).arg( digest ),
529  Qgis::Critical );
530  return;
531  }
532 
533  if ( !QgsApplication::authManager()->removeCertTrustPolicy( cert ) )
534  {
535  messageBar()->pushMessage( tr( "ERROR removing cert trust policy from authentication database for id %1:" ).arg( digest ),
536  Qgis::Critical );
537  return;
538  }
539 
540  QgsApplication::authManager()->rebuildCaCertsCache();
541  QgsApplication::authManager()->rebuildTrustedCaCertsCache();
542  updateCertTrustPolicyCache();
543 
544  item->parent()->removeChild( item );
545  delete item;
546 
547 // populateDatabaseCaCerts();
548  mDbCaSecItem->setExpanded( true );
549 }
550 
551 void QgsAuthAuthoritiesEditor::btnInfoCa_clicked()
552 {
553  if ( treeWidgetCAs->selectionModel()->selection().length() > 0 )
554  {
555  QTreeWidgetItem *item( treeWidgetCAs->currentItem() );
556  handleDoubleClick( item, 0 );
557  }
558 }
559 
560 void QgsAuthAuthoritiesEditor::btnGroupByOrg_toggled( bool checked )
561 {
562  if ( !QgsApplication::authManager()->storeAuthSetting( QStringLiteral( "casortby" ), QVariant( checked ) ) )
563  {
564  authMessageOut( QObject::tr( "Could not store sort by preference" ),
565  QObject::tr( "Authorities Manager" ),
566  QgsAuthManager::WARNING );
567  }
568  populateCaCertsView();
569 }
570 
571 void QgsAuthAuthoritiesEditor::editDefaultTrustPolicy()
572 {
573  QDialog *dlg = new QDialog( this );
574  dlg->setWindowTitle( tr( "Default Trust Policy" ) );
575  QVBoxLayout *layout = new QVBoxLayout( dlg );
576 
577  QHBoxLayout *hlayout = new QHBoxLayout();
578 
579  QLabel *lblwarn = new QLabel( dlg );
580  QStyle *style = QApplication::style();
581  lblwarn->setPixmap( style->standardIcon( QStyle::SP_MessageBoxWarning ).pixmap( 48, 48 ) );
582  lblwarn->setSizePolicy( QSizePolicy::Fixed, QSizePolicy::Fixed );
583  hlayout->addWidget( lblwarn );
584 
585  QLabel *lbltxt = new QLabel( dlg );
586  lbltxt->setText( tr( "Changing the default certificate authority trust policy to 'Untrusted' "
587  "can cause unexpected SSL network connection results." ) );
588  lbltxt->setWordWrap( true );
589  hlayout->addWidget( lbltxt );
590 
591  layout->addLayout( hlayout );
592 
593  QHBoxLayout *hlayout2 = new QHBoxLayout();
594 
595  QLabel *lblpolicy = new QLabel( tr( "Default policy" ), dlg );
596  lblpolicy->setSizePolicy( QSizePolicy::Maximum, QSizePolicy::Preferred );
597  hlayout2->addWidget( lblpolicy );
598 
599  QComboBox *cmbpolicy = new QComboBox( dlg );
600  QList < QPair<QgsAuthCertUtils::CertTrustPolicy, QString> > policies;
601  policies << qMakePair( QgsAuthCertUtils::Trusted,
602  QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Trusted ) )
603  << qMakePair( QgsAuthCertUtils::Untrusted,
604  QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::Untrusted ) );
605 
606  for ( int i = 0; i < policies.size(); i++ )
607  {
608  cmbpolicy->addItem( policies.at( i ).second, QVariant( static_cast<int>( policies.at( i ).first ) ) );
609  }
610 
611  int idx = cmbpolicy->findData( QVariant( static_cast<int>( mDefaultTrustPolicy ) ) );
612  cmbpolicy->setCurrentIndex( idx == -1 ? 0 : idx );
613  hlayout2->addWidget( cmbpolicy );
614 
615  layout->addLayout( hlayout2 );
616 
617  QDialogButtonBox *buttonBox = new QDialogButtonBox( QDialogButtonBox::Close | QDialogButtonBox::Ok,
618  Qt::Horizontal, dlg );
619  buttonBox->button( QDialogButtonBox::Close )->setDefault( true );
620 
621  layout->addWidget( buttonBox );
622 
623  connect( buttonBox, &QDialogButtonBox::accepted, dlg, &QDialog::accept );
624  connect( buttonBox, &QDialogButtonBox::rejected, dlg, &QWidget::close );
625 
626  dlg->setLayout( layout );
627  dlg->setWindowModality( Qt::WindowModal );
628  dlg->resize( 400, 200 );
629  dlg->setMinimumSize( 400, 200 );
630  dlg->setMaximumSize( 500, 300 );
631  if ( dlg->exec() )
632  {
633  QgsAuthCertUtils::CertTrustPolicy trustpolicy(
634  ( QgsAuthCertUtils::CertTrustPolicy )cmbpolicy->currentData().toInt() );
635  if ( mDefaultTrustPolicy != trustpolicy )
636  {
637  defaultTrustPolicyChanged( trustpolicy );
638  }
639  }
640  dlg->deleteLater();
641 }
642 
643 void QgsAuthAuthoritiesEditor::defaultTrustPolicyChanged( QgsAuthCertUtils::CertTrustPolicy trustpolicy )
644 {
645  if ( !QgsApplication::authManager()->setDefaultCertTrustPolicy( trustpolicy ) )
646  {
647  authMessageOut( QObject::tr( "Could not store default trust policy." ),
648  QObject::tr( "Authorities Manager" ),
649  QgsAuthManager::CRITICAL );
650  }
651  mDefaultTrustPolicy = trustpolicy;
652  QgsApplication::authManager()->rebuildCertTrustCache();
653  QgsApplication::authManager()->rebuildTrustedCaCertsCache();
654  populateCaCertsView();
655 }
656 
657 void QgsAuthAuthoritiesEditor::btnCaFile_clicked()
658 {
659  QgsAuthImportCertDialog *dlg = new QgsAuthImportCertDialog( this,
660  QgsAuthImportCertDialog::CaFilter,
661  QgsAuthImportCertDialog::FileInput );
662  dlg->setWindowModality( Qt::WindowModal );
663  dlg->resize( 400, 250 );
664  if ( dlg->exec() )
665  {
666  // clear out any currently defined file certs and their trust settings
667  if ( !leCaFile->text().isEmpty() )
668  {
669  btnCaFileClear_clicked();
670  }
671 
672  const QString &fn = dlg->certFileToImport();
673  leCaFile->setText( fn );
674 
675  if ( !QgsApplication::authManager()->storeAuthSetting( QStringLiteral( "cafile" ), QVariant( fn ) ) )
676  {
677  authMessageOut( QObject::tr( "Could not store 'CA file path' in authentication database." ),
678  QObject::tr( "Authorities Manager" ),
679  QgsAuthManager::WARNING );
680  }
681  if ( !QgsApplication::authManager()->storeAuthSetting( QStringLiteral( "cafileallowinvalid" ),
682  QVariant( dlg->allowInvalidCerts() ) ) )
683  {
684  authMessageOut( QObject::tr( "Could not store 'CA file allow invalids' setting in authentication database." ),
685  QObject::tr( "Authorities Manager" ),
686  QgsAuthManager::WARNING );
687  }
688 
689  QgsApplication::authManager()->rebuildCaCertsCache();
690 
691  if ( dlg->certTrustPolicy() != QgsAuthCertUtils::DefaultTrust )
692  {
693  QList<QSslCertificate> certs( QgsApplication::authManager()->extraFileCAs() );
694  const auto constCerts = certs;
695  for ( const QSslCertificate &cert : constCerts )
696  {
697  if ( !QgsApplication::authManager()->storeCertTrustPolicy( cert, dlg->certTrustPolicy() ) )
698  {
699  authMessageOut( QObject::tr( "Could not set trust policy for imported certificates." ),
700  QObject::tr( "Authorities Manager" ),
701  QgsAuthManager::WARNING );
702  }
703  }
704  QgsApplication::authManager()->rebuildCertTrustCache();
705  updateCertTrustPolicyCache();
706  }
707 
708  QgsApplication::authManager()->rebuildTrustedCaCertsCache();
709 
710  populateFileCaCerts();
711  mFileCaSecItem->setExpanded( true );
712  }
713  dlg->deleteLater();
714 }
715 
716 void QgsAuthAuthoritiesEditor::btnCaFileClear_clicked()
717 {
718  if ( !QgsApplication::authManager()->removeAuthSetting( QStringLiteral( "cafile" ) ) )
719  {
720  authMessageOut( QObject::tr( "Could not remove 'CA file path' from authentication database." ),
721  QObject::tr( "Authorities Manager" ),
722  QgsAuthManager::WARNING );
723  return;
724  }
725  if ( !QgsApplication::authManager()->removeAuthSetting( QStringLiteral( "cafileallowinvalid" ) ) )
726  {
727  authMessageOut( QObject::tr( "Could not remove 'CA file allow invalids' setting from authentication database." ),
728  QObject::tr( "Authorities Manager" ),
729  QgsAuthManager::WARNING );
730  return;
731  }
732 
733  QgsApplication::authManager()->rebuildCaCertsCache();
734 
735  QString fn( leCaFile->text() );
736  if ( QFile::exists( fn ) )
737  {
738  QList<QSslCertificate> certs( QgsAuthCertUtils::certsFromFile( fn ) );
739 
740  if ( !certs.isEmpty() )
741  {
742  if ( !QgsApplication::authManager()->removeCertTrustPolicies( certs ) )
743  {
744  messageBar()->pushMessage( tr( "ERROR removing cert(s) trust policy from authentication database." ),
745  Qgis::Critical );
746  return;
747  }
748  QgsApplication::authManager()->rebuildCertTrustCache();
749  updateCertTrustPolicyCache();
750  }
751  }
752 
753  QgsApplication::authManager()->rebuildTrustedCaCertsCache();
754 
755  leCaFile->clear();
756  populateFileCaCerts();
757 }
758 
759 void QgsAuthAuthoritiesEditor::showTrustedCertificateAuthorities()
760 {
761  QgsAuthTrustedCAsDialog *dlg = new QgsAuthTrustedCAsDialog( this );
762  dlg->setWindowModality( Qt::WindowModal );
763  dlg->resize( 675, 500 );
764  dlg->exec();
765  dlg->deleteLater();
766 }
767 
768 void QgsAuthAuthoritiesEditor::authMessageOut( const QString &message, const QString &authtag, QgsAuthManager::MessageLevel level )
769 {
770  int levelint = static_cast<int>( level );
771  messageBar()->pushMessage( authtag, message, ( Qgis::MessageLevel )levelint, 7 );
772 }
773 
774 void QgsAuthAuthoritiesEditor::showEvent( QShowEvent *e )
775 {
776  if ( !mDisabled )
777  {
778  treeWidgetCAs->setFocus();
779  }
780  QWidget::showEvent( e );
781 }
782 
783 QgsMessageBar *QgsAuthAuthoritiesEditor::messageBar()
784 {
785  return msgBar;
786 }
787 
788 int QgsAuthAuthoritiesEditor::messageTimeout()
789 {
790  QgsSettings settings;
791  return settings.value( QStringLiteral( "qgis/messageTimeout" ), 5 ).toInt();
792 }
QgsAuthManager::rebuildTrustedCaCertsCache
bool rebuildTrustedCaCertsCache()
Rebuild trusted certificate authorities cache.
Definition: qgsauthmanager.cpp:2890
QgsAuthManager::messageOut
void messageOut(const QString &message, const QString &tag=QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level=QgsAuthManager::INFO) const
Custom logging signal to relay to console output and QgsMessageLog.
QgsSettings
This class is a composition of two QSettings instances:
Definition: qgssettings.h:58
QgsSettings::value
QVariant value(const QString &key, const QVariant &defaultValue=QVariant(), Section section=NoSection) const
Returns the value for setting key.
Definition: qgssettings.cpp:169
QgsDebugMsg
#define QgsDebugMsg(str)
Definition: qgslogger.h:38
QgsAuthCertUtils::certsFromFile
static QList< QSslCertificate > certsFromFile(const QString &certspath)
Returns a list of concatenated certs from a PEM or DER formatted file.
Definition: qgsauthcertutils.cpp:125
QgsMessageBar
A bar for displaying non-blocking messages to the user.
Definition: qgsmessagebar.h:45
QgsApplication::getThemeIcon
static QIcon getThemeIcon(const QString &name)
Helper to get a theme icon.
Definition: qgsapplication.cpp:556
QgsAuthImportCertDialog::allowInvalidCerts
bool allowInvalidCerts()
Whether to allow importation of invalid certificates (so trust policy can be overridden) ...
Definition: qgsauthimportcertdialog.cpp:121
Qgis::MessageLevel
MessageLevel
Level for messages This will be used both for message log and message bar in application.
Definition: qgis.h:66
QgsAuthImportCertDialog::certFileToImport
const QString certFileToImport()
Gets the file path to a certificate to import.
Definition: qgsauthimportcertdialog.cpp:97
QgsAuthManager::MessageLevel
MessageLevel
Message log level (mirrors that of QgsMessageLog, so it can also output there)
Definition: qgsauthmanager.h:71
QgsAuthManager::rebuildCaCertsCache
bool rebuildCaCertsCache()
Rebuild certificate authority cache.
Definition: qgsauthmanager.cpp:2611
QgsAuthAuthoritiesEditor::showEvent
void showEvent(QShowEvent *e) override
Overridden show event of base widget.
Definition: qgsauthauthoritieseditor.cpp:774
QgsAuthImportCertDialog::certTrustPolicy
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy()
Defined trust policy for imported certificates.
Definition: qgsauthimportcertdialog.cpp:130
QgsAuthGuiUtils::redColor
static QColor redColor()
Red color representing invalid, untrusted, etc. certificate.
Definition: qgsauthguiutils.cpp:41
QgsAuthCertInfoDialog
Dialog wrapper for widget displaying detailed info on a certificate and its hierarchical trust chain...
Definition: qgsauthcertificateinfo.h:145
QgsAuthGuiUtils::greenColor
static QColor greenColor()
Green color representing valid, trusted, etc. certificate.
Definition: qgsauthguiutils.cpp:31
QgsAuthManager::removeCertTrustPolicies
bool removeCertTrustPolicies(const QList< QSslCertificate > &certs)
Remove a group certificate authorities.
Definition: qgsauthmanager.cpp:2702
QgsAuthManager::authDatabaseChanged
void authDatabaseChanged()
Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.
QgsMessageBar::pushMessage
void pushMessage(const QString &text, Qgis::MessageLevel level=Qgis::Info, int duration=5)
convenience method for pushing a message to the bar
Definition: qgsmessagebar.h:88
QgsAuthAuthoritiesEditor::QgsAuthAuthoritiesEditor
QgsAuthAuthoritiesEditor(QWidget *parent=nullptr)
Widget for viewing and editing certificate authorities directly in database.
Definition: qgsauthauthoritieseditor.cpp:42
QgsAuthImportCertDialog
Widget for importing a certificate into the authentication database.
Definition: qgsauthimportcertdialog.h:33
QgsAuthManager::storeCertTrustPolicy
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy)
Store user trust value for a certificate.
Definition: qgsauthmanager.cpp:2625
QgsAuthManager::storeCertAuthorities
bool storeCertAuthorities(const QList< QSslCertificate > &certs)
Store multiple certificate authorities.
Definition: qgsauthmanager.cpp:2384
QgsAuthImportCertDialog::certificatesToImport
const QList< QSslCertificate > certificatesToImport()
Gets list of certificate objects to import.
Definition: qgsauthimportcertdialog.cpp:88
QgsAuthCertUtils::shaHexForCert
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
Definition: qgsauthcertutils.cpp:738
QgsApplication::authManager
static QgsAuthManager * authManager()
Returns the application&#39;s authentication manager instance.
Definition: qgsapplication.cpp:1194
QgsAuthManager::authSetting
QVariant authSetting(const QString &key, const QVariant &defaultValue=QVariant(), bool decrypt=false)
authSetting get an authentication setting (retrieved as string and returned as QVariant( QString )) ...
Definition: qgsauthmanager.cpp:1586
QgsAuthManager::certTrustCache
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache()
certTrustCache get cache of certificate sha1s, per trust policy
Definition: qgsauthmanager.h:594
QgsAuthCertUtils::certsGroupedByOrg
static QMap< QString, QList< QSslCertificate > > certsGroupedByOrg(const QList< QSslCertificate > &certs)
Map certificates to their oraganization.
Definition: qgsauthcertutils.cpp:65
QgsAuthTrustedCAsDialog
Widget for listing trusted Certificate (Intermediate) Authorities used in secure connections.
Definition: qgsauthtrustedcasdialog.h:35
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition: qgsauthcertutils.h:53
QgsAuthManager::defaultCertTrustPolicy
QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy()
Gets the default certificate trust policy preferred by user.
Definition: qgsauthmanager.cpp:2785
QgsAuthCertUtils::getCertTrustName
static QString getCertTrustName(QgsAuthCertUtils::CertTrustPolicy trust)
Gets the general name for certificate trust.
Definition: qgsauthcertutils.cpp:710
QgsAuthCertUtils::getCaSourceName
static QString getCaSourceName(QgsAuthCertUtils::CaCertSource source, bool single=false)
Gets the general name for CA source enum type.
Definition: qgsauthcertutils.cpp:598
QgsAuthCertUtils::resolvedCertName
static QString resolvedCertName(const QSslCertificate &cert, bool issuer=false)
Gets the general name via RFC 5280 resolution.
Definition: qgsauthcertutils.cpp:615
QgsAuthManager::rebuildCertTrustCache
bool rebuildCertTrustCache()
Rebuild certificate authority cache.
Definition: qgsauthmanager.cpp:2796
Generated on Sat Jun 22 2019 09:24:07 for QGIS API Documentation by   doxygen 1.8.13