QGIS API Documentation 3.41.0-Master (fda2aa46e9a)
Loading...
Searching...
No Matches
qgsauthconfig.cpp
Go to the documentation of this file.
1/***************************************************************************
2 qgsauthconfig.cpp
3 ---------------------
4 begin : October 5, 2014
5 copyright : (C) 2014 by Boundless Spatial, Inc. USA
6 author : Larry Shaffer
7 email : lshaffer at boundlessgeo dot com
8 ***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16
17#include "qgsauthconfig.h"
18#include "qgsauthcertutils.h"
19#include "qgsxmlutils.h"
20#include "qgslogger.h"
21
22#include <QtCrypto>
23
24#include <QFile>
25#include <QObject>
26#include <QCryptographicHash>
27#include <QUrl>
28
29
31// QgsAuthMethodConfig
33
34const QString QgsAuthMethodConfig::CONFIG_SEP = QStringLiteral( "|||" );
35const QString QgsAuthMethodConfig::CONFIG_KEY_SEP = QStringLiteral( ":::" );
36const QString QgsAuthMethodConfig::CONFIG_LIST_SEP = QStringLiteral( "```" );
37
38const int QgsAuthMethodConfig::CONFIG_VERSION = 1;
39
40// get uniqueConfigId only on save
41QgsAuthMethodConfig::QgsAuthMethodConfig( const QString &method, int version )
42 : mId( QString() )
43 , mName( QString() )
44 , mUri( QString() )
45 , mMethod( method )
46 , mVersion( version )
47 , mConfigMap( QgsStringMap() )
48{
49}
50
52{
53 return ( other.id() == id()
54 && other.name() == name()
55 && other.uri() == uri()
56 && other.method() == method()
57 && other.version() == version()
58 && other.configMap() == configMap() );
59}
60
62{
63 return !( *this == other );
64}
65
66bool QgsAuthMethodConfig::isValid( bool validateid ) const
67{
68 const bool idvalid = validateid ? !mId.isEmpty() : true;
69
70 return (
71 idvalid
72 && !mName.isEmpty()
73 && !mMethod.isEmpty()
74 );
75}
76
78{
79 QStringList confstrs;
80 QgsStringMap::const_iterator i = mConfigMap.constBegin();
81 while ( i != mConfigMap.constEnd() )
82 {
83 confstrs << i.key() + CONFIG_KEY_SEP + i.value();
84 ++i;
85 }
86 return confstrs.join( CONFIG_SEP );
87}
88
89void QgsAuthMethodConfig::loadConfigString( const QString &configstr )
90{
92 if ( configstr.isEmpty() )
93 {
94 return;
95 }
96
97 const QStringList confs( configstr.split( CONFIG_SEP ) );
98
99 for ( const auto &conf : confs )
100 {
101 if ( conf.contains( CONFIG_KEY_SEP ) )
102 {
103 const QStringList keyval( conf.split( CONFIG_KEY_SEP ) );
104 setConfig( keyval.at( 0 ), keyval.at( 1 ) );
105 }
106 }
107
108 if ( configMap().empty() )
109 {
110 setConfig( QStringLiteral( "oldconfigstyle" ), configstr );
111 }
112}
113
114void QgsAuthMethodConfig::setConfig( const QString &key, const QString &value )
115{
116 mConfigMap.insert( key, value );
117}
118
119void QgsAuthMethodConfig::setConfigList( const QString &key, const QStringList &value )
120{
121 setConfig( key, value.join( CONFIG_LIST_SEP ) );
122}
123
124int QgsAuthMethodConfig::removeConfig( const QString &key )
125{
126 return mConfigMap.remove( key );
127}
128
129QString QgsAuthMethodConfig::config( const QString &key, const QString &defaultvalue ) const
130{
131 return mConfigMap.value( key, defaultvalue );
132}
133
134QStringList QgsAuthMethodConfig::configList( const QString &key ) const
135{
136 return config( key ).split( CONFIG_LIST_SEP );
137}
138
139bool QgsAuthMethodConfig::hasConfig( const QString &key ) const
140{
141 return mConfigMap.contains( key );
142}
143
144bool QgsAuthMethodConfig::uriToResource( const QString &accessurl, QString *resource, bool withpath )
145{
146 QString res = QString();
147 if ( !accessurl.isEmpty() )
148 {
149 const QUrl url( accessurl );
150 if ( url.isValid() )
151 {
152 res = QStringLiteral( "%1://%2:%3%4" ).arg( url.scheme(), url.host() )
153 .arg( url.port() ).arg( withpath ? url.path() : QString() );
154 }
155 }
156 *resource = res;
157 return ( !res.isEmpty() );
158}
159
160
161bool QgsAuthMethodConfig::writeXml( QDomElement &parentElement, QDomDocument &document )
162{
163 QDomElement element = document.createElement( QStringLiteral( "AuthMethodConfig" ) );
164 element.setAttribute( QStringLiteral( "method" ), mMethod );
165 element.setAttribute( QStringLiteral( "id" ), mId );
166 element.setAttribute( QStringLiteral( "name" ), mName );
167 element.setAttribute( QStringLiteral( "version" ), QString::number( mVersion ) );
168 element.setAttribute( QStringLiteral( "uri" ), mUri );
169
170 QDomElement configElements = document.createElement( QStringLiteral( "Config" ) );
171 QgsStringMap::const_iterator i = mConfigMap.constBegin();
172 while ( i != mConfigMap.constEnd() )
173 {
174 configElements.setAttribute( i.key(), i.value() );
175 ++i;
176 }
177 element.appendChild( configElements );
178
179 parentElement.appendChild( element );
180 return true;
181}
182
183bool QgsAuthMethodConfig::readXml( const QDomElement &element )
184{
185 if ( element.nodeName() != QLatin1String( "AuthMethodConfig" ) )
186 return false;
187
188 mMethod = element.attribute( QStringLiteral( "method" ) );
189 mId = element.attribute( QStringLiteral( "id" ) );
190 mName = element.attribute( QStringLiteral( "name" ) );
191 mVersion = element.attribute( QStringLiteral( "version" ) ).toInt();
192 mUri = element.attribute( QStringLiteral( "uri" ) );
193
195 const QDomNamedNodeMap configAttributes = element.firstChildElement().attributes();
196 for ( int i = 0; i < configAttributes.length(); i++ )
197 {
198 const QDomAttr configAttribute = configAttributes.item( i ).toAttr();
199 setConfig( configAttribute.name(), configAttribute.value() );
200 }
201
202 return true;
203}
204
205#ifndef QT_NO_SSL
206
208// QgsPkiBundle
210
211QgsPkiBundle::QgsPkiBundle( const QSslCertificate &clientCert,
212 const QSslKey &clientKey,
213 const QList<QSslCertificate> &caChain )
214 : mCert( QSslCertificate() )
215 , mCertKey( QSslKey() )
216 , mCaChain( caChain )
217{
220}
221
222const QgsPkiBundle QgsPkiBundle::fromPemPaths( const QString &certPath,
223 const QString &keyPath,
224 const QString &keyPass,
225 const QList<QSslCertificate> &caChain )
226{
227 QgsPkiBundle pkibundle;
228 if ( !certPath.isEmpty() && !keyPath.isEmpty()
229 && ( certPath.endsWith( QLatin1String( ".pem" ), Qt::CaseInsensitive )
230 || certPath.endsWith( QLatin1String( ".der" ), Qt::CaseInsensitive ) )
231 && QFile::exists( certPath ) && QFile::exists( keyPath )
232 )
233 {
234 // client cert
235 const bool pem = certPath.endsWith( QLatin1String( ".pem" ), Qt::CaseInsensitive );
236 const QSslCertificate clientcert( QgsAuthCertUtils::fileData( certPath ), pem ? QSsl::Pem : QSsl::Der );
237 pkibundle.setClientCert( clientcert );
238
239 QSslKey clientkey;
240 clientkey = QgsAuthCertUtils::keyFromFile( keyPath, keyPass );
241 pkibundle.setClientKey( clientkey );
242 if ( !caChain.isEmpty() )
243 {
244 pkibundle.setCaChain( caChain );
245 }
246 }
247 return pkibundle;
248}
249
250const QgsPkiBundle QgsPkiBundle::fromPkcs12Paths( const QString &bundlepath,
251 const QString &bundlepass )
252{
253 QgsPkiBundle pkibundle;
254 if ( QCA::isSupported( "pkcs12" )
255 && !bundlepath.isEmpty()
256 && ( bundlepath.endsWith( QLatin1String( ".p12" ), Qt::CaseInsensitive )
257 || bundlepath.endsWith( QLatin1String( ".pfx" ), Qt::CaseInsensitive ) )
258 && QFile::exists( bundlepath ) )
259 {
260 QCA::SecureArray passarray;
261 if ( !bundlepass.isNull() )
262 passarray = QCA::SecureArray( bundlepass.toUtf8() );
263 QCA::ConvertResult res;
264 const QCA::KeyBundle bundle( QCA::KeyBundle::fromFile( bundlepath, passarray, &res, QStringLiteral( "qca-ossl" ) ) );
265 if ( res == QCA::ConvertGood && !bundle.isNull() )
266 {
267 const QCA::CertificateChain cert_chain( bundle.certificateChain() );
268 const QSslCertificate cert( cert_chain.primary().toPEM().toLatin1() );
269 if ( !cert.isNull() )
270 {
271 pkibundle.setClientCert( cert );
272 }
273 const QSslKey cert_key( bundle.privateKey().toPEM().toLatin1(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray() );
274 if ( !cert_key.isNull() )
275 {
276 pkibundle.setClientKey( cert_key );
277 }
278
279 if ( cert_chain.size() > 1 )
280 {
281 QList<QSslCertificate> ca_chain;
282 for ( const auto &ca_cert : cert_chain )
283 {
284 if ( ca_cert != cert_chain.primary() )
285 {
286 ca_chain << QSslCertificate( ca_cert.toPEM().toLatin1() );
287 }
288 }
289 pkibundle.setCaChain( ca_chain );
290 }
291
292 }
293 }
294 return pkibundle;
295}
296
298{
299 return ( mCert.isNull() || mCertKey.isNull() );
300}
301
303{
304 return ( !isNull() && QgsAuthCertUtils::certIsViable( mCert ) );
305}
306
307const QString QgsPkiBundle::certId() const
308{
309 if ( mCert.isNull() )
310 {
311 return QString();
312 }
313 return QString( mCert.digest( QCryptographicHash::Sha1 ).toHex() );
314}
315
316void QgsPkiBundle::setClientCert( const QSslCertificate &cert )
317{
318 mCert.clear();
319 if ( !cert.isNull() )
320 {
321 mCert = cert;
322 }
323}
324
325void QgsPkiBundle::setClientKey( const QSslKey &certkey )
326{
327 mCertKey.clear();
328 if ( !certkey.isNull() && certkey.type() == QSsl::PrivateKey )
329 {
330 mCertKey = certkey;
331 }
332}
333
334
336// QgsPkiConfigBundle
338
340 const QSslCertificate &cert,
341 const QSslKey &certkey,
342 const QList<QSslCertificate> &cachain )
343 : mConfig( config )
344 , mCert( cert )
345 , mCertKey( certkey )
346 , mCaChain( cachain )
347{
348}
349
351{
352 return ( !mCert.isNull() && !mCertKey.isNull() );
353}
354
355
357// QgsAuthConfigSslServer
359
360const QString QgsAuthConfigSslServer::CONF_SEP = QStringLiteral( "|||" );
361
363 : mSslHostPort( QString() )
364 , mSslCert( QSslCertificate() )
365 , mSslIgnoredErrors( QList<QSslError::SslError>() )
366{
367 // TODO: figure out if Qt 5 has changed yet again, e.g. TLS-only
368 mQtVersion = 480;
369 // Qt 4.8 defaults to SecureProtocols, i.e. TlsV1SslV3
370 // http://qt-project.org/doc/qt-4.8/qssl.html#SslProtocol-enum
371 mSslProtocol = QSsl::SecureProtocols;
372}
373
374const QList<QSslError> QgsAuthConfigSslServer::sslIgnoredErrors() const
375{
376 QList<QSslError> errors;
377 const QList<QSslError::SslError> ignoredErrors = sslIgnoredErrorEnums();
378 for ( const QSslError::SslError errenum : ignoredErrors )
379 {
380 errors << QSslError( errenum );
381 }
382 return errors;
383}
384
386{
387 QStringList configlist
388 {
389 QString::number( mVersion ),
390 QString::number( mQtVersion ),
391 encodeSslProtocol( mSslProtocol )
392 };
393
394 QStringList errs;
395 for ( const auto err : mSslIgnoredErrors )
396 {
397 errs << QString::number( static_cast< int >( err ) );
398 }
399 configlist << errs.join( QLatin1String( "~~" ) );
400
401 configlist << QStringLiteral( "%1~~%2" ).arg( static_cast< int >( mSslPeerVerifyMode ) ).arg( mSslPeerVerifyDepth );
402
403 return configlist.join( CONF_SEP );
404}
405
406void QgsAuthConfigSslServer::loadConfigString( const QString &config )
407{
408 if ( config.isEmpty() )
409 {
410 return;
411 }
412 const QStringList configlist( config.split( CONF_SEP ) );
413
414 mVersion = configlist.at( 0 ).toInt();
415 mQtVersion = configlist.at( 1 ).toInt();
416 mSslProtocol = decodeSslProtocol( configlist.at( 2 ) );
417
418 mSslIgnoredErrors.clear();
419 const QStringList errs( configlist.at( 3 ).split( QStringLiteral( "~~" ) ) );
420 for ( const auto &err : errs )
421 {
422 mSslIgnoredErrors.append( static_cast< QSslError::SslError >( err.toInt() ) );
423 }
424
425 const QStringList peerverify( configlist.at( 4 ).split( QStringLiteral( "~~" ) ) );
426 mSslPeerVerifyMode = static_cast< QSslSocket::PeerVerifyMode >( peerverify.at( 0 ).toInt() );
427 mSslPeerVerifyDepth = peerverify.at( 1 ).toInt();
428}
429
431{
432 return mSslCert.isNull() && mSslHostPort.isEmpty();
433}
434
435QSsl::SslProtocol QgsAuthConfigSslServer::decodeSslProtocol( const QString &protocol )
436{
437 bool ok = false;
438 const int qt5EnumInt = protocol.toInt( &ok );
439 if ( ok )
440 {
441 // old qt5 enum value. We can't directly cast this to QSsl::SslProtocol, as those values
442 // have changed in qt6!
443 switch ( qt5EnumInt )
444 {
445 case 0: // SslV3
446#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
447 return QSsl::SslProtocol::SslV3;
448#else
449 return QSsl::SslProtocol::UnknownProtocol;
450#endif
451
452 case 1: // SslV2
453#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
454 return QSsl::SslProtocol::SslV2;
455#else
456
457#endif
458 case 2:
459 return QSsl::SslProtocol::TlsV1_0;
460 case 3:
461 return QSsl::SslProtocol::TlsV1_1;
462 case 4:
463 return QSsl::SslProtocol::TlsV1_2;
464 case 5:
465 return QSsl::SslProtocol::AnyProtocol;
466 case 6:
467#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
468 return QSsl::SslProtocol::TlsV1SslV3;
469#else
470 return QSsl::SslProtocol::TlsV1_3;
471#endif
472 case 7:
473 return QSsl::SslProtocol::SecureProtocols;
474 case 8:
475 return QSsl::SslProtocol::TlsV1_0OrLater;
476 case 9:
477 return QSsl::SslProtocol::TlsV1_1OrLater;
478 case 10:
479 return QSsl::SslProtocol::TlsV1_2OrLater;
480 case 11:
481 return QSsl::SslProtocol::DtlsV1_0;
482 case 12:
483 return QSsl::SslProtocol::DtlsV1_0OrLater;
484 case 13:
485 return QSsl::SslProtocol::DtlsV1_2;
486 case 14:
487 return QSsl::SslProtocol::DtlsV1_2OrLater;
488 case 15:
489 return QSsl::SslProtocol::TlsV1_3;
490 case 16:
491 return QSsl::SslProtocol::TlsV1_3OrLater;
492 default:
493 return QSsl::SslProtocol::UnknownProtocol;
494 }
495 }
496
497#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
498 if ( protocol == QLatin1String( "SslV3" ) )
499 return QSsl::SslProtocol::SslV3;
500 else if ( protocol == QLatin1String( "SslV2" ) )
501 return QSsl::SslProtocol::SslV2;
502#endif
503 if ( protocol == QLatin1String( "TlsV1_0" ) )
504 return QSsl::SslProtocol::TlsV1_0;
505 else if ( protocol == QLatin1String( "TlsV1_1" ) )
506 return QSsl::SslProtocol::TlsV1_1;
507 else if ( protocol == QLatin1String( "TlsV1_2" ) )
508 return QSsl::SslProtocol::TlsV1_2;
509 else if ( protocol == QLatin1String( "AnyProtocol" ) )
510 return QSsl::SslProtocol::AnyProtocol;
511#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
512 else if ( protocol == QLatin1String( "TlsV1SslV3" ) )
513 return QSsl::SslProtocol::TlsV1SslV3;
514#endif
515 else if ( protocol == QLatin1String( "SecureProtocols" ) )
516 return QSsl::SslProtocol::SecureProtocols;
517 else if ( protocol == QLatin1String( "TlsV1_0OrLater" ) )
518 return QSsl::SslProtocol::TlsV1_0OrLater;
519 else if ( protocol == QLatin1String( "TlsV1_1OrLater" ) )
520 return QSsl::SslProtocol::TlsV1_1OrLater;
521 else if ( protocol == QLatin1String( "TlsV1_2OrLater" ) )
522 return QSsl::SslProtocol::TlsV1_2OrLater;
523 else if ( protocol == QLatin1String( "DtlsV1_0" ) )
524 return QSsl::SslProtocol::DtlsV1_0;
525 else if ( protocol == QLatin1String( "DtlsV1_0OrLater" ) )
526 return QSsl::SslProtocol::DtlsV1_0OrLater;
527 else if ( protocol == QLatin1String( "DtlsV1_2" ) )
528 return QSsl::SslProtocol::DtlsV1_2;
529 else if ( protocol == QLatin1String( "DtlsV1_2OrLater" ) )
530 return QSsl::SslProtocol::DtlsV1_2OrLater;
531 else if ( protocol == QLatin1String( "TlsV1_3" ) )
532 return QSsl::SslProtocol::TlsV1_3;
533 else if ( protocol == QLatin1String( "TlsV1_3OrLater" ) )
534 return QSsl::SslProtocol::TlsV1_3OrLater;
535
536 QgsDebugError( QStringLiteral( "Can't decode protocol \"%1\"" ).arg( protocol ) );
537
538 return QSsl::SslProtocol::UnknownProtocol;
539}
540
541QString QgsAuthConfigSslServer::encodeSslProtocol( QSsl::SslProtocol protocol )
542{
543 switch ( protocol )
544 {
545#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
546 case QSsl::SslV3:
547 return QStringLiteral( "SslV3" );
548 case QSsl::SslV2:
549 return QStringLiteral( "SslV2" );
550#endif
551 case QSsl::TlsV1_0:
552 return QStringLiteral( "TlsV1_0" );
553 case QSsl::TlsV1_1:
554 return QStringLiteral( "TlsV1_1" );
555 case QSsl::TlsV1_2:
556 return QStringLiteral( "TlsV1_2" );
557 case QSsl::AnyProtocol:
558 return QStringLiteral( "AnyProtocol" );
559#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
560 case QSsl::TlsV1SslV3:
561 return QStringLiteral( "TlsV1SslV3" );
562#endif
563 case QSsl::SecureProtocols:
564 return QStringLiteral( "SecureProtocols" );
565 case QSsl::TlsV1_0OrLater:
566 return QStringLiteral( "TlsV1_0OrLater" );
567 case QSsl::TlsV1_1OrLater:
568 return QStringLiteral( "TlsV1_1OrLater" );
569 case QSsl::TlsV1_2OrLater:
570 return QStringLiteral( "TlsV1_2OrLater" );
571 case QSsl::DtlsV1_0:
572 return QStringLiteral( "DtlsV1_0" );
573 case QSsl::DtlsV1_0OrLater:
574 return QStringLiteral( "DtlsV1_0OrLater" );
575 case QSsl::DtlsV1_2:
576 return QStringLiteral( "DtlsV1_2" );
577 case QSsl::DtlsV1_2OrLater:
578 return QStringLiteral( "DtlsV1_2OrLater" );
579 case QSsl::TlsV1_3:
580 return QStringLiteral( "TlsV1_3" );
581 case QSsl::TlsV1_3OrLater:
582 return QStringLiteral( "TlsV1_3OrLater" );
583 case QSsl::UnknownProtocol:
584 return QStringLiteral( "UnknownProtocol" );
585 }
586
587 QgsDebugError( QStringLiteral( "Can't encode protocol: %1" ).arg( protocol ) );
588
589 return QStringLiteral( "UnknownProtocol" );
590}
591
592#endif
static QByteArray fileData(const QString &path)
Returns data from a local file via a read-only operation.
static bool certIsViable(const QSslCertificate &cert)
certIsViable checks for viability errors of cert and whether it is NULL
static QSslKey keyFromFile(const QString &keypath, const QString &keypass=QString(), QString *algtype=nullptr)
Returns non-encrypted key from a PEM or DER formatted file.
const QList< QSslError > sslIgnoredErrors() const
SSL server errors to ignore in connections.
bool isNull() const
Whether configuration is null (missing components)
const QList< QSslError::SslError > sslIgnoredErrorEnums() const
SSL server errors (as enum list) to ignore in connections.
const QString configString() const
Configuration as a concatenated string.
QgsAuthConfigSslServer()
Construct a default SSL server configuration.
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g. from auth database.
Configuration storage class for authentication method configurations.
QString config(const QString &key, const QString &defaultvalue=QString()) const
Returns a config's value.
bool isValid(bool validateid=false) const
Whether the configuration is valid.
QString method() const
Textual key of the associated authentication method.
const QString uri() const
A URI to auto-select a config when connecting to a resource.
int removeConfig(const QString &key)
Remove a config from map.
bool readXml(const QDomElement &element)
from a DOM element.
const QString configString() const
The extended configuration, as stored and retrieved from the authentication database.
const QString name() const
Gets name of configuration.
bool operator==(const QgsAuthMethodConfig &other) const
const QString id() const
Gets 'authcfg' 7-character alphanumeric ID of the config.
void loadConfigString(const QString &configstr)
Load existing extended configuration.
void clearConfigMap()
Clear all configs.
bool writeXml(QDomElement &parentElement, QDomDocument &document)
Stores the configuration in a DOM.
void setConfig(const QString &key, const QString &value)
Set a single config value per key in the map.
QStringList configList(const QString &key) const
Returns a config's list of values.
int version() const
Gets version of the configuration.
QgsStringMap configMap() const
Gets extended configuration, mapped to key/value pairs of QStrings.
bool operator!=(const QgsAuthMethodConfig &other) const
bool hasConfig(const QString &key) const
Whether a config key exists in config map.
QgsAuthMethodConfig(const QString &method=QString(), int version=0)
Construct a configuration for an authentication method.
void setConfigList(const QString &key, const QStringList &value)
Set a multiple config values per key in the map.
static bool uriToResource(const QString &accessurl, QString *resource, bool withpath=false)
A utility function for generating a resource from a URL to be compared against the config's uri() for...
Storage set for PKI bundle: SSL certificate, key, optional CA cert chain.
const QString certId() const
The sha hash of the client certificate.
bool isNull() const
Whether the bundle, either its certificate or private key, is null.
QgsPkiBundle(const QSslCertificate &clientCert=QSslCertificate(), const QSslKey &clientKey=QSslKey(), const QList< QSslCertificate > &caChain=QList< QSslCertificate >())
Construct a bundle from existing PKI components.
void setClientKey(const QSslKey &certkey)
Sets private key object.
void setClientCert(const QSslCertificate &cert)
Sets client certificate object.
static const QgsPkiBundle fromPkcs12Paths(const QString &bundlepath, const QString &bundlepass=QString())
Construct a bundle of PKI components from a PKCS#12 file path.
const QSslKey clientKey() const
Private key object.
void setCaChain(const QList< QSslCertificate > &cachain)
Sets chain of Certificate Authorities for client certificate.
const QList< QSslCertificate > caChain() const
Chain of Certificate Authorities for client certificate.
static const QgsPkiBundle fromPemPaths(const QString &certPath, const QString &keyPath, const QString &keyPass=QString(), const QList< QSslCertificate > &caChain=QList< QSslCertificate >())
Construct a bundle of PKI components from PEM-formatted file paths.
const QSslCertificate clientCert() const
Client certificate object.
bool isValid() const
Whether the bundle is valid.
QgsPkiConfigBundle(const QgsAuthMethodConfig &config, const QSslCertificate &cert, const QSslKey &certkey, const QList< QSslCertificate > &cachain=QList< QSslCertificate >())
Construct a bundle from existing PKI components and authentication method configuration.
bool isValid()
Whether the bundle is valid.
QMap< QString, QString > QgsStringMap
Definition qgis.h:6455
#define QgsDebugError(str)
Definition qgslogger.h:38