QGIS API Documentation 3.39.0-Master (d85f3c2a281)
Loading...
Searching...
No Matches
qgsauthconfigurationstoragedb.cpp
Go to the documentation of this file.
1/***************************************************************************
2 qgsauthconfigurationstoragedb.cpp - QgsAuthConfigurationStorageDb
3
4 ---------------------
5 begin : 20.6.2024
6 copyright : (C) 2024 by ale
7 email : [your-email-here]
8 ***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16#include "qgsauthconfigurationstoragedb.h"
17
18#include "qgslogger.h"
19#include "qgsauthcertutils.h"
20#include "qurl.h"
21
22#include <QSqlError>
23#include <QSqlDriver>
24#include <QSqlQuery>
25#include <QThread>
26#include <QCoreApplication>
27#include <QUrlQuery>
28
29
30QgsAuthConfigurationStorageDb::QgsAuthConfigurationStorageDb( const QMap<QString, QVariant> &settings )
31 : QgsAuthConfigurationStorage( settings )
32{
33 // Parse settings
34 mDriver = mConfiguration.value( QStringLiteral( "driver" ), QStringLiteral( "QSQLITE" ) ).toString();
35 mDatabase = mConfiguration.value( QStringLiteral( "database" ) ).toString();
36 mHost = mConfiguration.value( QStringLiteral( "host" ) ).toString();
37 mPort = mConfiguration.value( QStringLiteral( "port" ) ).toInt();
38 mUser = mConfiguration.value( QStringLiteral( "user" ) ).toString();
39 mPassword = mConfiguration.value( QStringLiteral( "password" ) ).toString();
40 mConnectOptions = mConfiguration.value( QStringLiteral( "options" ) ).toString();
41 // Debug print all connection settings
42 QgsDebugMsgLevel( QStringLiteral( "Auth db connection settings: driver=%1, database='%2', host=%3, port=%4, user='%5', schema=%6, options=%7" )
43 .arg( mDriver, mDatabase, mHost, QString::number( mPort ), mUser, mConnectOptions, mConfiguration.value( QStringLiteral( "schema" ) ).toString() ), 2 );
44
45}
46
51
52QgsAuthConfigurationStorageDb::~QgsAuthConfigurationStorageDb()
53{
54 QMutexLocker locker( &mMutex );
55
56 QMapIterator<QThread *, QMetaObject::Connection> iterator( mConnectedThreads );
57 while ( iterator.hasNext() )
58 {
59 iterator.next();
60 QThread::disconnect( iterator.value() );
61 }
62}
63
64QSqlDatabase QgsAuthConfigurationStorageDb::authDatabaseConnection() const
65{
66 QSqlDatabase authdb;
67
68 QMutexLocker locker( &mMutex );
69
70 const QString connectionName = QStringLiteral( "authentication.configs:0x%1" ).arg( reinterpret_cast<quintptr>( QThread::currentThread() ), 2 * QT_POINTER_SIZE, 16, QLatin1Char( '0' ) );
71 QgsDebugMsgLevel( QStringLiteral( "Using auth db connection name: %1 " ).arg( connectionName ), 3 );
72 if ( !QSqlDatabase::contains( connectionName ) )
73 {
74 QgsDebugMsgLevel( QStringLiteral( "No existing connection, creating a new one" ), 3 );
75 authdb = QSqlDatabase::addDatabase( mDriver, connectionName );
76
77
78 // Check that the driver is available
79 if ( !QSqlDatabase::isDriverAvailable( mDriver ) )
80 {
81 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Driver '%1' is not available" ).arg( mDriver ) );
82 return authdb;
83 }
84
85 authdb.setDatabaseName( mDatabase );
86 authdb.setHostName( mHost );
87 authdb.setPort( mPort );
88 authdb.setUserName( mUser );
89 authdb.setPassword( mPassword );
90 authdb.setConnectOptions( mConnectOptions );
91
92 // Return if not valid
93 if ( !authdb.isValid() )
94 {
95 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db connection is not valid" ) );
96 return authdb;
97 }
98
99 // for background threads, remove database when current thread finishes
100 if ( QCoreApplication::instance() && QThread::currentThread() != QCoreApplication::instance()->thread() )
101 {
102 QgsDebugMsgLevel( QStringLiteral( "Scheduled auth db remove on thread close" ), 4 );
103
104 // IMPORTANT - we use a direct connection here, because the database removal must happen immediately
105 // when the thread finishes, and we cannot let this get queued on the main thread's event loop (where
106 // QgsAuthManager lives).
107 // Otherwise, the QSqlDatabase's private data's thread gets reset immediately the QThread::finished,
108 // and a subsequent call to QSqlDatabase::database with the same thread address (yep it happens, actually a lot)
109 // triggers a condition in QSqlDatabase which detects the nullptr private thread data and returns an invalid database instead.
110 // QSqlDatabase::removeDatabase is thread safe, so this is ok to do.
111 // Right about now is a good time to re-evaluate your selected career ;)
112 // I've done that and I decided to become a musician. I'll probably be a better musician than a software developer.
113 QMetaObject::Connection connection = connect( QThread::currentThread(), &QThread::finished, QThread::currentThread(), [connectionName, this ]
114 {
115 QMutexLocker locker( &mMutex );
116 QSqlDatabase::removeDatabase( connectionName );
117 mConnectedThreads.remove( QThread::currentThread() ); // NOLINT(clang-analyzer-core.CallAndMessage)
118 }, Qt::DirectConnection );
119
120 mConnectedThreads.insert( QThread::currentThread(), connection );
121 }
122 }
123 else
124 {
125 QgsDebugMsgLevel( QStringLiteral( "Reusing existing connection" ), 4 );
126 authdb = QSqlDatabase::database( connectionName, false );
127 }
128
129 locker.unlock();
130
131 if ( !authdb.isOpen() )
132 {
133 if ( !authdb.open() )
134 {
135 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Opening of authentication db FAILED : %1" ).arg( authdb.lastError().text() ) );
136 }
137 }
138
139 return authdb;
140}
141
142bool QgsAuthConfigurationStorageDb::authDbOpen() const
143{
144 QMutexLocker locker( &mMutex );
145 QSqlDatabase authdb = authDatabaseConnection();
146
147 if ( !authdb.isOpen() )
148 {
149 if ( !authdb.open() )
150 {
151 const QString err = tr( "Unable to establish database connection\nDatabase: %1\nDriver error: %2\nDatabase error: %3" )
152 .arg( mDatabase,
153 authdb.lastError().driverText(),
154 authdb.lastError().databaseText() );
155
156 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( err );
157 return false;
158 }
159 }
160 return true;
161}
162
163
164bool QgsAuthConfigurationStorageDb::authDbQuery( QSqlQuery *query, const QString &sql ) const
165{
166 QMutexLocker locker( &mMutex );
167 query->setForwardOnly( true );
168 const bool result { sql.isEmpty() ? query->exec() : query->exec( sql ) };
169
170 auto boundQuery = []( const QSqlQuery * query ) -> QString
171 {
172 QString str = query->lastQuery();
173#if QT_VERSION < QT_VERSION_CHECK( 6, 0, 0 )
174 QMapIterator<QString, QVariant> it( query->boundValues() );
175#else
176 const QStringList keys = query->boundValueNames();
177 const QVariantList values = query->boundValues();
178 QMap<QString, QVariant> boundValues;
179 for ( int i=0; i<keys.count(); i++)
180 {
181 boundValues.insert( keys.at( i ), values.at( i ).toString() );
182 }
183 QMapIterator<QString, QVariant> it = QMapIterator<QString, QVariant>( boundValues );
184#endif
185 while ( it.hasNext() )
186 {
187 it.next();
188 str.replace( it.key(), it.value().toString() );
189 }
190 return str;
191 };
192
193 if ( !result )
194 {
195 if ( query->lastError().isValid() )
196 {
197 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db query FAILED: %1\nError: %2" )
198 .arg( sql.isEmpty() ? boundQuery( query ) : sql,
199 query->lastError().text() ), Qgis::MessageLevel::Warning );
200 QgsDebugMsgLevel( QStringLiteral( "Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
201 return false;
202 }
203 else
204 {
205 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db query exec() FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), Qgis::MessageLevel::Warning );
206 QgsDebugMsgLevel( QStringLiteral( "Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
207 return false;
208 }
209 }
210 return true;
211}
212
213
214bool QgsAuthConfigurationStorageDb::authDbTransactionQuery( QSqlQuery *query )
215{
216 QMutexLocker locker( &mMutex );
217 if ( !authDatabaseConnection().transaction() )
218 {
219 setError( tr( "Auth db FAILED to start transaction" ), Qgis::MessageLevel::Warning );
220 return false;
221 }
222
223 bool ok = authDbQuery( query );
224
225 if ( ok && !authDatabaseConnection().commit() )
226 {
227 setError( tr( "Auth db FAILED to rollback changes" ), Qgis::MessageLevel::Warning );
228 ( void )authDatabaseConnection().rollback();
229 return false;
230 }
231
232 return ok;
233}
234
235bool QgsAuthConfigurationStorageDb::initialize()
236{
237 QMutexLocker locker( &mMutex );
238 QSqlDatabase authdb = authDatabaseConnection();
239 if ( !authdb.isValid() || !authdb.isOpen() )
240 {
241 setError( tr( "Auth db could not be opened" ) );
242 return false;
243 }
244 else
245 {
246 if ( !isReadOnly() && ( !createCertTables() || !createConfigTables() ) )
247 {
248 setError( tr( "Auth db initialization FAILED: %1" ).arg( lastError() ), Qgis::MessageLevel::Critical );
249 mIsReady = false;
250 return false;
251 }
252
253 mIsReady = true;
254 checkCapabilities();
255
256 // Recompute capabilities if needed
257 connect( this, &QgsAuthConfigurationStorageDb::readOnlyChanged, this, [this]( bool )
258 {
259 checkCapabilities();
260 } );
261
262 return true;
263 }
264}
265
266QList<QgsAuthConfigurationStorage::SettingParameter> QgsAuthConfigurationStorageDb::settingsParameters() const
267{
268 return
269 {
270 { QStringLiteral( "driver" ), tr( "SQL Driver (see https://doc.qt.io/qt-6/sql-driver.html)" ), QVariant::String },
271 { QStringLiteral( "database" ), tr( "Database" ), QVariant::String },
272 { QStringLiteral( "schema" ), tr( "Schema for all tables" ), QVariant::String },
273 { QStringLiteral( "host" ), tr( "Host" ), QVariant::String },
274 { QStringLiteral( "port" ), tr( "Port" ), QVariant::Int },
275 { QStringLiteral( "user" ), tr( "User" ), QVariant::String },
276 { QStringLiteral( "password" ), tr( "Password" ), QVariant::String },
277 { QStringLiteral( "options" ), tr( "Connection options" ), QVariant::String },
278 };
279}
280
281#ifndef QT_NO_SSL
282
283bool QgsAuthConfigurationStorageDb::storeCertIdentity( const QSslCertificate &cert, const QString &keyPem )
284{
285 QMutexLocker locker( &mMutex );
286
287 const QString id{ QgsAuthCertUtils::shaHexForCert( cert ) };
288
289 if ( certIdentityExists( id ) )
290 {
291 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateCertificateIdentity );
292 removeCertIdentity( id );
293 }
294 else
295 {
296 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateCertificateIdentity );
297 }
298
299 if ( !authDbOpen() )
300 {
301 setError( tr( "Auth db could not be opened" ) );
302 return false;
303 }
304
305 if ( cert.isNull() )
306 {
307 setError( tr( "Certificate is NULL" ) );
308 return false;
309 }
310
311 QSqlQuery query( authDatabaseConnection() );
312 const QString certPem{ cert.toPem() };
313
314 query.prepare( QStringLiteral( "INSERT INTO %1 (id, key, cert) VALUES (:id, :key, :cert)" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
315 query.bindValue( QStringLiteral( ":id" ), id );
316 query.bindValue( QStringLiteral( ":key" ), keyPem );
317 query.bindValue( QStringLiteral( ":cert" ), certPem );
318
319 if ( !authDbQuery( &query ) )
320 return false;
321
322 emit certIdentityChanged();
323
324 return true;
325}
326
327bool QgsAuthConfigurationStorageDb::removeCertIdentity( const QSslCertificate &cert )
328{
329 QMutexLocker locker( &mMutex );
330
331 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity );
332
333 if ( !authDbOpen() )
334 {
335 setError( tr( "Auth db could not be opened" ) );
336 return false;
337 }
338
339 QSqlQuery query( authDatabaseConnection() );
340
341 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
342 query.bindValue( QStringLiteral( ":id" ), cert.digest().toHex() );
343
344 if ( !authDbQuery( &query ) )
345 {
346 setError( tr( "Failed to remove cert identity '%1'" ).arg( QString( cert.digest().toHex() ) ), Qgis::MessageLevel::Critical );
347 return false;
348 }
349
350 emit certIdentityChanged();
351
352 return true;
353}
354
355const QSslCertificate QgsAuthConfigurationStorageDb::loadCertIdentity( const QString &id ) const
356{
357 QMutexLocker locker( &mMutex );
358
359 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
360
361 QSslCertificate emptycert;
362
363 if ( id.isEmpty() )
364 return emptycert;
365
366 if ( !authDbOpen() )
367 {
368 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
369 return emptycert;
370 }
371
372 QSqlQuery query( authDatabaseConnection() );
373
374 query.prepare( QStringLiteral( "SELECT cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
375 query.bindValue( QStringLiteral( ":id" ), id );
376
377 if ( !authDbQuery( &query ) )
378 return emptycert;
379
380 QSslCertificate cert;
381
382 if ( query.isActive() && query.isSelect() )
383 {
384 if ( query.first() )
385 {
386 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
387 QgsDebugMsgLevel( QStringLiteral( "Certificate identity retrieved for id: %1" ).arg( id ), 2 );
388 if ( cert.isNull() )
389 {
390 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to retrieve certificate identity for id: %1: certificate is NULL" ).arg( id ), Qgis::MessageLevel::Warning );
391 return emptycert;
392 }
393 }
394 if ( query.next() )
395 {
396 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one certificate identity for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
397 return emptycert;
398 }
399 }
400 return cert;
401}
402
403const QPair<QSslCertificate, QString> QgsAuthConfigurationStorageDb::loadCertIdentityBundle( const QString &id ) const
404{
405 QMutexLocker locker( &mMutex );
406
407 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
408
409 QPair<QSslCertificate, QString> bundle;
410
411 if ( id.isEmpty() )
412 return bundle;
413
414 if ( !authDbOpen() )
415 {
416 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
417 return bundle;
418 }
419
420 QSqlQuery query( authDatabaseConnection() );
421
422 query.prepare( QStringLiteral( "SELECT key, cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
423
424 query.bindValue( QStringLiteral( ":id" ), id );
425
426 if ( !authDbQuery( &query ) )
427 return bundle;
428
429 if ( query.isActive() && query.isSelect() )
430 {
431 QSslCertificate cert;
432 QString key;
433 if ( query.first() )
434 {
435 key = query.value( 0 ).toString();
436 if ( key.isEmpty() )
437 {
438 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieve certificate identity bundle: FAILED to create private key" ), Qgis::MessageLevel::Warning );
439 return bundle;
440 }
441 cert = QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem );
442 if ( cert.isNull() )
443 {
444 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieve certificate identity bundle: FAILED to create certificate" ), Qgis::MessageLevel::Warning );
445 return bundle;
446 }
447 QgsDebugMsgLevel( QStringLiteral( "Certificate identity bundle retrieved for id: %1" ).arg( id ), 2 );
448 }
449 if ( query.next() )
450 {
451 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Select contains more than one certificate identity for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
452 return bundle;
453 }
454 bundle = qMakePair( cert, key );
455 }
456 return bundle;
457}
458
459const QList<QSslCertificate> QgsAuthConfigurationStorageDb::certIdentities() const
460{
461 QMutexLocker locker( &mMutex );
462
463 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
464
465 QList<QSslCertificate> certs;
466
467 if ( !authDbOpen() )
468 {
469 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
470 return certs;
471 }
472
473 QSqlQuery query( authDatabaseConnection() );
474
475 query.prepare( QStringLiteral( "SELECT cert FROM %1" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
476
477 if ( !authDbQuery( &query ) )
478 return certs;
479
480 if ( query.isActive() && query.isSelect() )
481 {
482 while ( query.next() )
483 {
484 QSslCertificate cert( query.value( 0 ).toByteArray(), QSsl::Pem );
485 if ( !cert.isNull() )
486 {
487 certs.append( cert );
488 }
489 }
490 }
491 return certs;
492}
493
494QStringList QgsAuthConfigurationStorageDb::certIdentityIds() const
495{
496 QMutexLocker locker( &mMutex );
497
498 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
499
500 if ( !authDbOpen() )
501 {
502 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
503 return {};
504 }
505
506 QSqlQuery query( authDatabaseConnection() );
507
508 query.prepare( QStringLiteral( "SELECT id FROM %1" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
509
510 if ( !authDbQuery( &query ) )
511 return {};
512
513 QStringList ids;
514 if ( query.isActive() && query.isSelect() )
515 {
516 while ( query.next() )
517 {
518 ids.append( query.value( 0 ).toString() );
519 }
520 }
521 return ids;
522}
523
524bool QgsAuthConfigurationStorageDb::certIdentityExists( const QString &id ) const
525{
526 QMutexLocker locker( &mMutex );
527
528 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
529
530 if ( id.isEmpty() )
531 return false;
532
533 if ( !authDbOpen() )
534 {
535 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
536 return {};
537 }
538
539 QSqlQuery query( authDatabaseConnection() );
540
541 query.prepare( QStringLiteral( "SELECT cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
542 query.bindValue( QStringLiteral( ":id" ), id );
543
544 bool ret { false };
545
546 if ( !authDbQuery( &query ) )
547 return false;
548
549 if ( query.isActive() && query.isSelect() )
550 {
551 if ( query.first() )
552 {
553 ret = true;
554 }
555 if ( query.next() )
556 {
557 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one certificate bundles for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
558 return false;
559 }
560 }
561 return ret;
562}
563
564bool QgsAuthConfigurationStorageDb::removeCertIdentity( const QString &id )
565{
566 QMutexLocker locker( &mMutex );
567
568 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity );
569
570 if ( !authDbOpen() )
571 {
572 setError( tr( "Auth db could not be opened" ) );
573 return {};
574 }
575
576 QSqlQuery query( authDatabaseConnection() );
577
578 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
579 query.bindValue( QStringLiteral( ":id" ), id );
580
581 if ( !authDbQuery( &query ) )
582 {
583 setError( tr( "Failed to remove certificate identity '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
584 return false;
585 }
586
587 if ( query.numRowsAffected() == 0 )
588 {
589 setError( tr( "No certificate identity found for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
590 return false;
591 }
592
593 emit certIdentityChanged();
594
595 return true;
596}
597
598bool QgsAuthConfigurationStorageDb::storeSslCertCustomConfig( const QgsAuthConfigSslServer &config )
599{
600 QMutexLocker locker( &mMutex );
601
602 QSslCertificate cert( config.sslCertificate() );
603 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
604
605 if ( sslCertCustomConfigExists( id, config.sslHostPort() ) )
606 {
607 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateSslCertificateCustomConfig );
608 removeSslCertCustomConfig( id, config.sslHostPort().trimmed() );
609 }
610 else
611 {
612 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig );
613 }
614
615 if ( ! capabilities().testFlag( Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig ) )
616 {
617 setError( tr( "Storage does not support creating SSL certificate custom configs" ), Qgis::MessageLevel::Critical );
618 return false;
619 }
620
621 if ( !authDbOpen() )
622 {
623 setError( tr( "Auth db could not be opened" ) );
624 return false;
625 }
626
627 QString certpem( cert.toPem() );
628 QSqlQuery query( authDatabaseConnection() );
629
630 query.prepare( QStringLiteral( "INSERT INTO %1 (id, host, cert, config) VALUES (:id, :host, :cert, :config)" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
631
632 query.bindValue( QStringLiteral( ":id" ), id );
633 query.bindValue( QStringLiteral( ":host" ), config.sslHostPort().trimmed() );
634 query.bindValue( QStringLiteral( ":cert" ), certpem );
635 query.bindValue( QStringLiteral( ":config" ), config.configString() );
636
637 if ( !authDbQuery( &query ) )
638 return false;
639
640 QgsDebugMsgLevel( QStringLiteral( "Store SSL cert custom config SUCCESS for host:port, id: %1, %2" )
641 .arg( config.sslHostPort().trimmed(), id ), 2 );
642
643 emit sslCertCustomConfigChanged();
644
645 return true;
646}
647
648QStringList QgsAuthConfigurationStorageDb::sslCertCustomConfigIds() const
649{
650 QMutexLocker locker( &mMutex );
651
652 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
653
654 if ( !authDbOpen() )
655 {
656 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
657 return {};
658 }
659
660 QSqlQuery query( authDatabaseConnection() );
661
662 query.prepare( QStringLiteral( "SELECT id FROM %1" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
663
664 if ( !authDbQuery( &query ) )
665 return {};
666
667 QStringList ids;
668 if ( query.isActive() && query.isSelect() )
669 {
670 while ( query.next() )
671 {
672 ids.append( query.value( 0 ).toString() );
673 }
674 }
675 return ids;
676
677}
678
679const QgsAuthConfigSslServer QgsAuthConfigurationStorageDb::loadSslCertCustomConfig( const QString &id, const QString &hostport ) const
680{
681 QMutexLocker locker( &mMutex );
682
683 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
684
685 QgsAuthConfigSslServer config;
686
687 if ( id.isEmpty() || hostport.isEmpty() )
688 {
689 QgsDebugError( QStringLiteral( "Passed config ID or host:port is empty" ) );
690 return config;
691 }
692
693 if ( !authDbOpen() )
694 {
695 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
696 return config;
697 }
698
699 QSqlQuery query( authDatabaseConnection() );
700 query.prepare( QStringLiteral( "SELECT host, cert, config FROM %1 WHERE id = :id AND host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
701 query.bindValue( QStringLiteral( ":id" ), id );
702 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
703
704 if ( !authDbQuery( &query ) )
705 return config;
706
707 if ( query.isActive() && query.isSelect() )
708 {
709 if ( query.first() )
710 {
711 config.setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
712 config.setSslHostPort( query.value( 0 ).toString().trimmed() );
713 config.loadConfigString( query.value( 2 ).toString() );
714 QgsDebugMsgLevel( QStringLiteral( "SSL cert custom config retrieved for host:port, id: %1, %2" ).arg( hostport, id ), 2 );
715 }
716 if ( query.next() )
717 {
718 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Select contains more than one SSL cert custom config for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
719 return QgsAuthConfigSslServer();
720 }
721 }
722 return config;
723}
724
725const QgsAuthConfigSslServer QgsAuthConfigurationStorageDb::loadSslCertCustomConfigByHost( const QString &hostport ) const
726{
727 // TODO: implement a flag to skip the query in case there are no custom
728 // certs in the storage, to avoid the overhead of checking the db
729 QMutexLocker locker( &mMutex );
730
731 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
732
733 QgsAuthConfigSslServer config;
734
735 if ( !authDbOpen() )
736 {
737 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
738 return config;
739 }
740
741 QSqlQuery query( authDatabaseConnection() );
742
743 query.prepare( QStringLiteral( "SELECT id, cert, config FROM %1 WHERE host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
744
745 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
746
747 if ( !authDbQuery( &query ) )
748 return config;
749
750 if ( query.isActive() && query.isSelect() )
751 {
752 if ( query.first() )
753 {
754 config.setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
755 config.setSslHostPort( hostport );
756 config.loadConfigString( query.value( 2 ).toString() );
757 QgsDebugMsgLevel( QStringLiteral( "SSL cert custom config retrieved for host:port %1" ).arg( hostport ), 2 );
758 }
759 if ( query.next() )
760 {
761 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one SSL cert custom config" ), Qgis::MessageLevel::Warning );
762 return QgsAuthConfigSslServer();
763 }
764 }
765
766 return config;
767}
768
769const QList<QgsAuthConfigSslServer> QgsAuthConfigurationStorageDb::sslCertCustomConfigs() const
770{
771 QMutexLocker locker( &mMutex );
772
773 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
774
775 QList<QgsAuthConfigSslServer> configs;
776
777 if ( !authDbOpen() )
778 {
779 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
780 return configs;
781 }
782
783 QSqlQuery query( authDatabaseConnection() );
784
785 query.prepare( QStringLiteral( "SELECT id, host, cert, config FROM %1" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
786
787 if ( !authDbQuery( &query ) )
788 return configs;
789
790 if ( query.isActive() && query.isSelect() )
791 {
792 while ( query.next() )
793 {
794 QgsAuthConfigSslServer config;
795 config.setSslCertificate( QSslCertificate( query.value( 2 ).toByteArray(), QSsl::Pem ) );
796 config.setSslHostPort( query.value( 1 ).toString().trimmed() );
797 config.loadConfigString( query.value( 3 ).toString() );
798 configs.append( config );
799 }
800 }
801 return configs;
802}
803
804bool QgsAuthConfigurationStorageDb::sslCertCustomConfigExists( const QString &id, const QString &hostport )
805{
806 QMutexLocker locker( &mMutex );
807
808 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
809
810 if ( id.isEmpty() || hostport.isEmpty() )
811 {
812 QgsDebugError( QStringLiteral( "Passed config ID or host:port is empty" ) );
813 return false;
814 }
815
816 if ( !authDbOpen() )
817 {
818 setError( tr( "Auth db could not be opened" ) );
819 return false;
820 }
821
822 QSqlQuery query( authDatabaseConnection() );
823
824 query.prepare( QStringLiteral( "SELECT id FROM %1 WHERE id = :id AND host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
825 query.bindValue( QStringLiteral( ":id" ), id );
826 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
827
828 if ( !authDbQuery( &query ) )
829 return false;
830
831 bool res = false;
832 if ( query.isActive() && query.isSelect() )
833 {
834 if ( query.first() )
835 {
836 QgsDebugMsgLevel( QStringLiteral( "SSL cert custom config exists for host:port, id: %1, %2" ).arg( hostport, id ), 2 );
837 res = true;
838 }
839 if ( query.next() )
840 {
841 QgsDebugError( QStringLiteral( "Select contains more than one SSL cert custom config for host:port, id: %1, %2" ).arg( hostport, id ) );
842 emit messageLog( tr( "Authentication database contains more than one SSL cert custom configs for host:port, id: %1, %2" )
843 .arg( hostport, id ), loggerTag(), Qgis::MessageLevel::Warning );
844 return false;
845 }
846 }
847 return res;
848}
849
850bool QgsAuthConfigurationStorageDb::removeSslCertCustomConfig( const QString &id, const QString &hostport )
851{
852 QMutexLocker locker( &mMutex );
853
854 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig );
855
856 if ( id.isEmpty() || hostport.isEmpty() )
857 {
858 QgsDebugError( QStringLiteral( "Passed config ID or host:port is empty" ) );
859 return false;
860 }
861
862 // TODO: check the flag to skip the query in case there are no custom certs config by host in the storage
863
864 if ( !authDbOpen() )
865 {
866 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
867 return false;
868 }
869
870 QSqlQuery query( authDatabaseConnection() );
871
872 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id AND host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
873 query.bindValue( QStringLiteral( ":id" ), id );
874 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
875
876 if ( !authDbQuery( &query ) )
877 {
878 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to remove SSL certificate custom config for host:port, id: %1, %2" ).arg( hostport, id ), Qgis::MessageLevel::Critical );
879 return false;
880 }
881
882 if ( query.numRowsAffected() == 0 )
883 {
884 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "No SSL certificate custom config found for host:port, id: %1, %2" ).arg( hostport, id ), Qgis::MessageLevel::Warning );
885 return false;
886 }
887
888 emit sslCertCustomConfigChanged();
889
890 return true;
891}
892
893QStringList QgsAuthConfigurationStorageDb::certAuthorityIds() const
894{
895 QMutexLocker locker( &mMutex );
896
897 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
898
899 if ( !authDbOpen() )
900 {
901 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
902 return {};
903 }
904
905 QSqlQuery query( authDatabaseConnection() );
906
907 query.prepare( QStringLiteral( "SELECT id FROM %1" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
908
909 if ( !authDbQuery( &query ) )
910 return {};
911
912 QStringList ids;
913 if ( query.isActive() && query.isSelect() )
914 {
915 while ( query.next() )
916 {
917 ids.append( query.value( 0 ).toString() );
918 }
919 }
920 return ids;
921}
922
923bool QgsAuthConfigurationStorageDb::storeCertAuthority( const QSslCertificate &cert )
924{
925 QMutexLocker locker( &mMutex );
926
927 if ( certAuthorityExists( cert ) )
928 {
929 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateCertificateAuthority );
930 removeCertAuthority( cert );
931 }
932 else
933 {
934 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateCertificateAuthority );
935 }
936
937 // don't refuse !cert.isValid() (actually just expired) CAs,
938 // as user may want to ignore that SSL connection error
939 if ( cert.isNull() )
940 {
941 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
942 return false;
943 }
944
945 if ( !authDbOpen() )
946 {
947 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
948 return false;
949 }
950
951 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
952 const QString pem( cert.toPem() );
953
954 QSqlQuery query( authDatabaseConnection() );
955
956 query.prepare( QStringLiteral( "INSERT INTO %1 (id, cert) VALUES (:id, :cert)" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
957
958 query.bindValue( QStringLiteral( ":id" ), id );
959 query.bindValue( QStringLiteral( ":cert" ), pem );
960
961 if ( !authDbQuery( &query ) )
962 return false;
963
964 QgsDebugMsgLevel( QStringLiteral( "Store certificate authority SUCCESS for id: %1" ).arg( id ), 2 );
965 emit certAuthorityChanged();
966
967 return true;
968}
969
970const QSslCertificate QgsAuthConfigurationStorageDb::loadCertAuthority( const QString &id ) const
971{
972 QMutexLocker locker( &mMutex );
973
974 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
975
976 QSslCertificate emptycert;
977
978 if ( id.isEmpty() )
979 return emptycert;
980
981 if ( !authDbOpen() )
982 {
983 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
984 return emptycert;
985 }
986
987 QSqlQuery query( authDatabaseConnection() );
988
989 query.prepare( QStringLiteral( "SELECT cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
990 query.bindValue( QStringLiteral( ":id" ), id );
991
992 if ( !authDbQuery( &query ) )
993 return emptycert;
994
995 QSslCertificate cert;
996
997 if ( query.isActive() && query.isSelect() )
998 {
999 if ( query.first() )
1000 {
1001 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
1002 QgsDebugMsgLevel( QStringLiteral( "Certificate authority retrieved for id: %1" ).arg( id ), 2 );
1003 }
1004 if ( query.next() )
1005 {
1006 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Select contains more than one certificate authority for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1007 return emptycert;
1008 }
1009 }
1010 return cert;
1011}
1012
1013bool QgsAuthConfigurationStorageDb::certAuthorityExists( const QSslCertificate &cert ) const
1014{
1015 QMutexLocker locker( &mMutex );
1016
1017 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
1018
1019 if ( cert.isNull() )
1020 {
1021 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1022 return false;
1023 }
1024
1025 if ( !authDbOpen() )
1026 {
1027 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1028 return false;
1029 }
1030
1031 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1032
1033 QSqlQuery query( authDatabaseConnection() );
1034
1035 query.prepare( QStringLiteral( "SELECT id FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
1036 query.bindValue( QStringLiteral( ":id" ), id );
1037
1038 if ( !authDbQuery( &query ) )
1039 return false;
1040
1041 bool res = false;
1042 if ( query.isActive() && query.isSelect() )
1043 {
1044 if ( query.first() )
1045 {
1046 QgsDebugMsgLevel( QStringLiteral( "Certificate authority exists for id: %1" ).arg( id ), 2 );
1047 res = true;
1048 }
1049 if ( query.next() )
1050 {
1051 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Select contains more than one certificate authority for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1052 // TODO: check whether it makes sense to return false here (and in other similar cases)
1053 return false;
1054 }
1055 }
1056 return res;
1057}
1058
1059bool QgsAuthConfigurationStorageDb::removeCertAuthority( const QSslCertificate &cert )
1060{
1061 QMutexLocker locker( &mMutex );
1062
1063 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority );
1064
1065 if ( cert.isNull() )
1066 {
1067 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1068 return false;
1069 }
1070
1071 if ( !authDbOpen() )
1072 {
1073 setError( tr( "Auth db could not be opened" ) );
1074 return false;
1075 }
1076
1077 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1078
1079 QSqlQuery query( authDatabaseConnection() );
1080
1081 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
1082
1083 query.bindValue( QStringLiteral( ":id" ), id );
1084
1085 if ( !authDbQuery( &query ) )
1086 {
1087 setError( tr( "Failed to remove certificate authority '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
1088 return false;
1089 }
1090
1091 if ( query.numRowsAffected() == 0 )
1092 {
1093 setError( tr( "No certificate authority found for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1094 return false;
1095 }
1096
1097 emit certAuthorityChanged();
1098
1099 return true;
1100}
1101
1102const QMap<QString, QgsAuthCertUtils::CertTrustPolicy> QgsAuthConfigurationStorageDb::caCertsPolicy() const
1103{
1104 QMutexLocker locker( &mMutex );
1105
1106 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy );
1107
1108 QMap<QString, QgsAuthCertUtils::CertTrustPolicy> trustedCerts;
1109
1110 if ( !authDbOpen() )
1111 {
1112 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1113 return trustedCerts;
1114 }
1115
1116 QSqlQuery query( authDatabaseConnection() );
1117
1118 query.prepare( QStringLiteral( "SELECT id, policy FROM %1" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1119
1120 if ( !authDbQuery( &query ) )
1121 return trustedCerts;
1122
1123 if ( query.isActive() && query.isSelect() )
1124 {
1125 while ( query.next() )
1126 {
1127 QString id( query.value( 0 ).toString() );
1128 int policy = query.value( 1 ).toInt();
1129 QgsAuthCertUtils::CertTrustPolicy trustPolicy = static_cast< QgsAuthCertUtils::CertTrustPolicy >( policy );
1130 trustedCerts[ id ] = trustPolicy;
1131 }
1132 }
1133
1134 return trustedCerts;
1135}
1136
1137const QList<QSslCertificate> QgsAuthConfigurationStorageDb::caCerts() const
1138{
1139 QMutexLocker locker( &mMutex );
1140
1141 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
1142
1143 QList<QSslCertificate> authorities;
1144
1145 if ( !authDbOpen() )
1146 {
1147 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1148 return authorities;
1149 }
1150
1151 QSqlQuery query( authDatabaseConnection() );
1152
1153 query.prepare( QStringLiteral( "SELECT id, cert FROM %1" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
1154
1155 if ( !authDbQuery( &query ) )
1156 return authorities;
1157
1158 if ( query.isActive() && query.isSelect() )
1159 {
1160 while ( query.next() )
1161 {
1162 const QSslCertificate cert( query.value( 1 ).toByteArray(), QSsl::Pem );
1163 if ( !cert.isNull() )
1164 {
1165 authorities.append( cert );
1166 }
1167 else
1168 {
1169 const QString id { query.value( 0 ).toString() };
1170 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Invalid CA found: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1171 }
1172 }
1173 }
1174 return authorities;
1175}
1176
1177bool QgsAuthConfigurationStorageDb::storeCertTrustPolicy( const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy )
1178{
1179 QMutexLocker locker( &mMutex );
1180
1181 const bool policyExisted = certTrustPolicyExists( cert );
1182
1183 if ( policyExisted )
1184 {
1185 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateCertificateTrustPolicy );
1186 }
1187 else
1188 {
1189 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateCertificateTrustPolicy );
1190 }
1191
1192 if ( cert.isNull() )
1193 {
1194 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1195 return false;
1196 }
1197
1198 if ( !authDbOpen() )
1199 {
1200 setError( tr( "Auth db could not be opened" ) );
1201 return false;
1202 }
1203
1204 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1205
1206 // Handle default trust case
1207 if ( policy == QgsAuthCertUtils::DefaultTrust )
1208 {
1209 if ( !policyExisted )
1210 {
1211 QgsDebugMsgLevel( QStringLiteral( "Passed policy was default, no cert records in database for id: %1" ).arg( id ), 2 );
1212 return true;
1213 }
1214
1215 if ( !removeCertTrustPolicy( cert ) )
1216 {
1217 setError( tr( "Failed to remove certificate trust policy for id: %1" ).arg( id ) );
1218 return false;
1219 }
1220
1221 QgsDebugMsgLevel( QStringLiteral( "Passed policy was default, all cert records in database were removed for id: %1" ).arg( id ), 2 );
1222
1223 emit certAuthorityChanged();
1224
1225 return true;
1226 }
1227
1228 // Handle other policies
1229 if ( policyExisted && !removeCertTrustPolicy( cert ) )
1230 {
1231 setError( tr( "Failed to remove certificate trust policy for id: %1" ).arg( id ) );
1232 return false;
1233 }
1234
1235 // Insert new policy
1236 QSqlQuery query( authDatabaseConnection() );
1237 query.prepare( QStringLiteral( "INSERT INTO %1 (id, policy) VALUES (:id, :policy)" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1238
1239 query.bindValue( QStringLiteral( ":id" ), id );
1240 query.bindValue( QStringLiteral( ":policy" ), static_cast< int >( policy ) );
1241
1242 if ( !authDbQuery( &query ) )
1243 return false;
1244
1245 QgsDebugMsgLevel( QStringLiteral( "Store certificate trust policy SUCCESS for id: %1" ).arg( id ), 2 );
1246 emit certAuthorityChanged();
1247
1248 return true;
1249}
1250
1251QgsAuthCertUtils::CertTrustPolicy QgsAuthConfigurationStorageDb::loadCertTrustPolicy( const QSslCertificate &cert ) const
1252{
1253 QMutexLocker locker( &mMutex );
1254
1255 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy );
1256
1257 if ( cert.isNull() )
1258 {
1259 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1260 return QgsAuthCertUtils::DefaultTrust;
1261 }
1262
1263 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1264
1265 if ( !authDbOpen() )
1266 {
1267 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1268 return QgsAuthCertUtils::DefaultTrust;
1269 }
1270
1271 QSqlQuery query( authDatabaseConnection() );
1272
1273 query.prepare( QStringLiteral( "SELECT policy FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1274 query.bindValue( QStringLiteral( ":id" ), id );
1275
1276 if ( !authDbQuery( &query ) )
1277 return QgsAuthCertUtils::DefaultTrust;
1278
1279 if ( query.isActive() && query.isSelect() )
1280 {
1281 if ( query.first() )
1282 {
1283 int policy = query.value( 0 ).toInt();
1284 QgsDebugMsgLevel( QStringLiteral( "Certificate trust policy retrieved for id: %1" ).arg( id ), 2 );
1285 return static_cast< QgsAuthCertUtils::CertTrustPolicy >( policy );
1286 }
1287 if ( query.next() )
1288 {
1289 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Select contains more than one certificate trust policy for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1290 return QgsAuthCertUtils::DefaultTrust;
1291 }
1292 }
1293 return QgsAuthCertUtils::DefaultTrust;
1294}
1295
1296bool QgsAuthConfigurationStorageDb::removeCertTrustPolicy( const QSslCertificate &cert )
1297{
1298 QMutexLocker locker( &mMutex );
1299
1300 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy );
1301
1302 if ( cert.isNull() )
1303 {
1304 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1305 return QgsAuthCertUtils::DefaultTrust;
1306 }
1307
1308 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1309
1310 if ( !authDbOpen() )
1311 {
1312 setError( tr( "Auth db could not be opened" ) );
1313 return QgsAuthCertUtils::DefaultTrust;
1314 }
1315
1316 QSqlQuery query( authDatabaseConnection() );
1317
1318 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1319 query.bindValue( QStringLiteral( ":id" ), id );
1320
1321 if ( !authDbQuery( &query ) )
1322 {
1323 setError( tr( "Failed to remove certificate trust policy '%1'" ).arg( id ) );
1324 return false;
1325 }
1326
1327 if ( query.numRowsAffected() == 0 )
1328 {
1329 setError( tr( "No certificate trust policy found for id: %1" ).arg( id ) );
1330 return false;
1331 }
1332
1333 emit sslCertTrustPolicyChanged();
1334
1335 return true;
1336}
1337
1338bool QgsAuthConfigurationStorageDb::certTrustPolicyExists( const QSslCertificate &cert ) const
1339{
1340 QMutexLocker locker( &mMutex );
1341
1342 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy );
1343
1344 if ( cert.isNull() )
1345 {
1346 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1347 return QgsAuthCertUtils::DefaultTrust;
1348 }
1349
1350 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1351
1352 if ( !authDbOpen() )
1353 {
1354 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1355 return QgsAuthCertUtils::DefaultTrust;
1356 }
1357
1358 QSqlQuery query( authDatabaseConnection() );
1359
1360 query.prepare( QStringLiteral( "SELECT COUNT(id) FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1361 query.bindValue( QStringLiteral( ":id" ), id );
1362
1363 if ( !authDbQuery( &query ) )
1364 return false;
1365
1366 if ( query.isActive() && query.isSelect() )
1367 {
1368 if ( query.first() )
1369 {
1370 return query.value( 0 ).toInt() > 0;
1371 }
1372 }
1373 return false;
1374}
1375
1376#endif
1377
1378const QList<QgsAuthConfigurationStorage::MasterPasswordConfig> QgsAuthConfigurationStorageDb::masterPasswords() const
1379{
1380 QMutexLocker locker( &mMutex );
1381
1382 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadMasterPassword );
1383
1384 QList<QgsAuthConfigurationStorage::MasterPasswordConfig> passwords;
1385
1386 if ( !authDbOpen() )
1387 {
1388 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1389 return passwords;
1390 }
1391
1392 QSqlQuery query( authDatabaseConnection() );
1393 query.prepare( QStringLiteral( "SELECT salt, civ, hash FROM %1" ).arg( quotedQualifiedIdentifier( masterPasswordTableName() ) ) );
1394
1395 if ( !authDbQuery( &query ) )
1396 return passwords;
1397
1398 if ( query.isActive() && query.isSelect() )
1399 {
1400 while ( query.next() )
1401 {
1402 const QString salt = query.value( 0 ).toString();
1403 const QString civ = query.value( 1 ).toString();
1404 const QString hash = query.value( 2 ).toString();
1405 passwords.append( { salt, civ, hash } );
1406 }
1407 }
1408 return passwords;
1409}
1410
1411bool QgsAuthConfigurationStorageDb::storeMasterPassword( const QgsAuthConfigurationStorage::MasterPasswordConfig &config )
1412{
1413 QMutexLocker locker( &mMutex );
1414
1415 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateMasterPassword );
1416
1417 if ( !authDbOpen() )
1418 {
1419 setError( tr( "Auth db could not be opened" ) );
1420 return false;
1421 }
1422
1423 QSqlQuery query( authDatabaseConnection() );
1424 query.prepare( QStringLiteral( "INSERT INTO %1 (salt, civ, hash) VALUES (:salt, :civ, :hash)" ).arg( quotedQualifiedIdentifier( masterPasswordTableName() ) ) );
1425
1426 query.bindValue( QStringLiteral( ":salt" ), config.salt );
1427 query.bindValue( QStringLiteral( ":civ" ), config.civ );
1428 query.bindValue( QStringLiteral( ":hash" ), config.hash );
1429
1430 if ( !authDbQuery( &query ) )
1431 return false;
1432
1433 emit masterPasswordChanged();
1434
1435 return true;
1436}
1437
1438bool QgsAuthConfigurationStorageDb::clearMasterPasswords()
1439{
1440 QMutexLocker locker( &mMutex );
1441
1442 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword );
1443
1444 const bool ret { clearTables( { masterPasswordTableName() } ) };
1445
1446 if ( ret )
1447 {
1448 emit masterPasswordChanged();
1449 }
1450
1451 return ret;
1452}
1453
1454QString QgsAuthConfigurationStorageDb::methodConfigTableName() const
1455{
1456 return QStringLiteral( "auth_configs" );
1457}
1458
1459QString QgsAuthConfigurationStorageDb::authSettingsTableName() const
1460{
1461 return QStringLiteral( "auth_settings" );
1462}
1463
1464QString QgsAuthConfigurationStorageDb::certIdentityTableName() const
1465{
1466 return QStringLiteral( "auth_identities" );
1467}
1468
1469QString QgsAuthConfigurationStorageDb::sslCertCustomConfigTableName() const
1470{
1471 return QStringLiteral( "auth_servers" );
1472}
1473
1474QString QgsAuthConfigurationStorageDb::certAuthorityTableName() const
1475{
1476 return QStringLiteral( "auth_authorities" );
1477}
1478
1479QString QgsAuthConfigurationStorageDb::certTrustPolicyTableName() const
1480{
1481 return QStringLiteral( "auth_trust" );
1482}
1483
1484QString QgsAuthConfigurationStorageDb::masterPasswordTableName() const
1485{
1486 return QStringLiteral( "auth_pass" );
1487}
1488
1489QString QgsAuthConfigurationStorageDb::quotedQualifiedIdentifier( const QString &name, bool isIndex ) const
1490{
1491 const QString schema { mConfiguration.value( QStringLiteral( "schema" ) ).toString() };
1492 if ( schema.isEmpty() )
1493 {
1494 return authDatabaseConnection().driver()->escapeIdentifier( name, QSqlDriver::TableName );
1495 }
1496 else
1497 {
1498 if ( isIndex )
1499 {
1500 return authDatabaseConnection().driver()->escapeIdentifier( schema + QStringLiteral( "_" ) + name, QSqlDriver::TableName );
1501 }
1502 else
1503 {
1504 return authDatabaseConnection().driver()->escapeIdentifier( schema, QSqlDriver::TableName ) + QStringLiteral( "." ) + authDatabaseConnection().driver()->escapeIdentifier( name, QSqlDriver::TableName );
1505 }
1506 }
1507}
1508
1509QString QgsAuthConfigurationStorageDb::name() const
1510{
1511 return QStringLiteral( "%1:%2" ).arg( mDriver, mDatabase );
1512}
1513
1514QString QgsAuthConfigurationStorageDb::type() const
1515{
1516 return QStringLiteral( "DB-%2" ).arg( mDriver );
1517}
1518
1519QString QgsAuthConfigurationStorageDb::description() const
1520{
1521 return tr( "Store credentials in a %1 database" ).arg( name() );
1522}
1523
1524QString QgsAuthConfigurationStorageDb::id() const
1525{
1526 QMutexLocker locker( &mMutex );
1527
1528 if ( mId.isEmpty() )
1529 {
1530 // Create a hash from the driver name, database name, port, hostname and username
1531 QCryptographicHash hash( QCryptographicHash::Sha256 );
1532 hash.addData( mDriver.toUtf8() );
1533 hash.addData( mDatabase.toUtf8() );
1534 hash.addData( QString::number( mPort ).toUtf8() );
1535 hash.addData( mHost.toUtf8() );
1536 hash.addData( mUser.toUtf8() );
1537 mId = QString( hash.result().toHex() );
1538 }
1539 return mId;
1540}
1541
1542bool QgsAuthConfigurationStorageDb::createConfigTables()
1543{
1544 QMutexLocker locker( &mMutex );
1545
1546 if ( !authDbOpen() )
1547 {
1548 setError( tr( "Auth db could not be opened" ) );
1549 return false;
1550 }
1551
1552 QSqlQuery query( authDatabaseConnection() );
1553
1554 // create the tables
1555 QString qstr;
1556
1557 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1558 " salt TEXT NOT NULL,\n"
1559 " civ TEXT NOT NULL\n"
1560 ", hash TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( masterPasswordTableName() ) );
1561
1562 if ( !authDbQuery( &query, qstr ) )
1563 return false;
1564
1565 query.clear();
1566
1567 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1568 " id TEXT NOT NULL,\n"
1569 " name TEXT NOT NULL,\n"
1570 " uri TEXT,\n"
1571 " type TEXT NOT NULL,\n"
1572 " version INTEGER NOT NULL\n"
1573 ", config TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) );
1574 if ( !authDbQuery( &query, qstr ) )
1575 return false;
1576
1577 query.clear();
1578
1579 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" ).arg( quotedQualifiedIdentifier( QStringLiteral( "config_id_index" ), true ), quotedQualifiedIdentifier( methodConfigTableName() ) );
1580
1581 if ( !authDbQuery( &query, qstr ) )
1582 return false;
1583
1584 query.clear();
1585
1586 qstr = QStringLiteral( "CREATE INDEX IF NOT EXISTS %1 ON %2 (uri ASC);" )
1587 .arg( quotedQualifiedIdentifier( QStringLiteral( "uri_index" ), true ),
1588 quotedQualifiedIdentifier( methodConfigTableName() ) );
1589
1590 if ( !authDbQuery( &query, qstr ) )
1591 return false;
1592
1593 return true;
1594}
1595
1596bool QgsAuthConfigurationStorageDb::createCertTables()
1597{
1598 QMutexLocker locker( &mMutex );
1599
1600 if ( !authDbOpen() )
1601 {
1602 setError( tr( "Auth db could not be opened" ) );
1603 return false;
1604 }
1605
1606 QgsDebugMsgLevel( QStringLiteral( "Creating cert tables in auth db" ), 2 );
1607
1608 QSqlQuery query( authDatabaseConnection() );
1609
1610 // create the tables
1611 QString qstr;
1612
1613 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1614 " setting TEXT NOT NULL\n"
1615 ", value TEXT);" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) );
1616
1617 if ( !authDbQuery( &query, qstr ) )
1618 return false;
1619
1620 query.clear();
1621
1622 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1623 " id TEXT NOT NULL,\n"
1624 " key TEXT NOT NULL\n"
1625 ", cert TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) );
1626
1627
1628 if ( !authDbQuery( &query, qstr ) )
1629 return false;
1630
1631 query.clear();
1632
1633 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1634 .arg( quotedQualifiedIdentifier( QStringLiteral( "cert_ident_id_index" ), true ), quotedQualifiedIdentifier( certIdentityTableName() ) );
1635
1636 if ( !authDbQuery( &query, qstr ) )
1637 return false;
1638
1639 query.clear();
1640
1641
1642 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1643 " id TEXT NOT NULL,\n"
1644 " host TEXT NOT NULL,\n"
1645 " cert TEXT\n"
1646 ", config TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) );
1647
1648 if ( !authDbQuery( &query, qstr ) )
1649 return false;
1650
1651 query.clear();
1652
1653 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (host ASC);" ).arg( quotedQualifiedIdentifier( QStringLiteral( "host_index" ), true ), quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) );
1654
1655
1656 if ( !authDbQuery( &query, qstr ) )
1657 return false;
1658
1659 query.clear();
1660
1661
1662 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1663 " id TEXT NOT NULL\n"
1664 ", cert TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) );
1665
1666
1667 if ( !authDbQuery( &query, qstr ) )
1668 return false;
1669
1670 query.clear();
1671
1672 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1673 .arg( quotedQualifiedIdentifier( QStringLiteral( "ca_id_index" ), true ), quotedQualifiedIdentifier( certAuthorityTableName() ) );
1674
1675
1676 if ( !authDbQuery( &query, qstr ) )
1677 return false;
1678
1679 query.clear();
1680
1681 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1682 " id TEXT NOT NULL\n"
1683 ", policy TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) );
1684
1685 if ( !authDbQuery( &query, qstr ) )
1686 return false;
1687
1688 query.clear();
1689
1690 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1691 .arg( quotedQualifiedIdentifier( QStringLiteral( "trust_id_index" ), true ), quotedQualifiedIdentifier( certTrustPolicyTableName() ) );
1692
1693
1694 if ( !authDbQuery( &query, qstr ) )
1695 return false;
1696
1697 query.clear();
1698
1699 return true;
1700}
1701
1702QgsAuthMethodConfigsMap QgsAuthConfigurationStorageDb::authMethodConfigs( const QStringList &allowedMethods ) const
1703{
1704
1705 QMutexLocker locker( &mMutex );
1706
1707 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
1708
1709 QgsAuthMethodConfigsMap baseConfigs;
1710
1711 if ( ! isEnabled() || !isReady() )
1712 return baseConfigs;
1713
1714 if ( !authDbOpen() )
1715 {
1716 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1717 return baseConfigs;
1718 }
1719
1720 QSqlQuery query( authDatabaseConnection() );
1721 query.prepare( QStringLiteral( "SELECT id, name, uri, type, version FROM %1" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1722
1723 if ( !authDbQuery( &query ) )
1724 {
1725 return baseConfigs;
1726 }
1727
1728 if ( query.isActive() && query.isSelect() )
1729 {
1730 while ( query.next() )
1731 {
1732 QString authcfg = query.value( 0 ).toString();
1733 QgsAuthMethodConfig config;
1734 config.setId( authcfg );
1735 config.setName( query.value( 1 ).toString() );
1736 config.setUri( query.value( 2 ).toString() );
1737 config.setMethod( query.value( 3 ).toString() );
1738 config.setVersion( query.value( 4 ).toInt() );
1739
1740 if ( !allowedMethods.isEmpty() && !allowedMethods.contains( config.method() ) )
1741 {
1742 continue;
1743 }
1744
1745 baseConfigs.insert( authcfg, config );
1746 }
1747 }
1748 return baseConfigs;
1749
1750}
1751
1752QgsAuthMethodConfigsMap QgsAuthConfigurationStorageDb::authMethodConfigsWithPayload( ) const
1753{
1754
1755 QMutexLocker locker( &mMutex );
1756
1757 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
1758
1759 QgsAuthMethodConfigsMap baseConfigs;
1760
1761 if ( ! isEnabled() || !isReady() )
1762 return baseConfigs;
1763
1764 if ( !authDbOpen() )
1765 {
1766 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1767 return baseConfigs;
1768 }
1769
1770 QSqlQuery query( authDatabaseConnection() );
1771 query.prepare( QStringLiteral( "SELECT id, name, uri, type, version, config FROM %1" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1772
1773 if ( !authDbQuery( &query ) )
1774 {
1775 return baseConfigs;
1776 }
1777
1778 if ( query.isActive() && query.isSelect() )
1779 {
1780 while ( query.next() )
1781 {
1782 QString authcfg = query.value( 0 ).toString();
1783 QgsAuthMethodConfig config;
1784 config.setId( authcfg );
1785 config.setName( query.value( 1 ).toString() );
1786 config.setUri( query.value( 2 ).toString() );
1787 config.setMethod( query.value( 3 ).toString() );
1788 config.setVersion( query.value( 4 ).toInt() );
1789 config.setConfig( QStringLiteral( "encrypted_payload" ), query.value( 5 ).toString() );
1790 baseConfigs.insert( authcfg, config );
1791 }
1792 }
1793 return baseConfigs;
1794}
1795
1796void QgsAuthConfigurationStorageDb::checkCapabilities()
1797{
1798 QMutexLocker locker( &mMutex );
1799
1800 mCapabilities = Qgis::AuthConfigurationStorageCapabilities();
1801
1802 if ( ! isEnabled() || !isReady() )
1803 return;
1804
1805 if ( !authDbOpen() )
1806 {
1807 setError( tr( "Auth db could not be opened" ) );
1808 return;
1809 }
1810
1811 // Check if each table exist and set capabilities
1812
1813 static const QStringList existingTables = authDatabaseConnection().tables();
1814 QString schema { mConfiguration.value( QStringLiteral( "schema" ) ).toString() };
1815 if ( ! schema.isEmpty() )
1816 {
1817 schema += '.';
1818 }
1819
1820 if ( existingTables.contains( schema.isEmpty() ? masterPasswordTableName( ) : schema + masterPasswordTableName( ) ) )
1821 {
1822 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadMasterPassword;
1823 if ( !isReadOnly() )
1824 {
1825 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateMasterPassword;
1826 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateMasterPassword;
1827 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword;
1828 }
1829 }
1830
1831 if ( existingTables.contains( schema.isEmpty() ? methodConfigTableName( ) : schema + methodConfigTableName( ) ) )
1832 {
1833 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadConfiguration;
1834 if ( !isReadOnly() )
1835 {
1836 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateConfiguration;
1837 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateConfiguration;
1838 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteConfiguration;
1839 }
1840 }
1841
1842 if ( existingTables.contains( schema.isEmpty() ? authSettingsTableName( ) : schema + authSettingsTableName( ) ) )
1843 {
1844 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadSetting;
1845 if ( !isReadOnly() )
1846 {
1847 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateSetting;
1848 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateSetting;
1849 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteSetting;
1850 }
1851 }
1852
1853 if ( existingTables.contains( schema.isEmpty() ? certIdentityTableName( ) : schema + certIdentityTableName( ) ) )
1854 {
1855 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity;
1856 if ( !isReadOnly() )
1857 {
1858 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateCertificateIdentity;
1859 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateCertificateIdentity;
1860 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity;
1861 }
1862 }
1863
1864 if ( existingTables.contains( schema.isEmpty() ? sslCertCustomConfigTableName( ) : schema + sslCertCustomConfigTableName( ) ) )
1865 {
1866 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig;
1867 if ( !isReadOnly() )
1868 {
1869 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig;
1870 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateSslCertificateCustomConfig;
1871 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig;
1872 }
1873 }
1874
1875 if ( existingTables.contains( schema.isEmpty() ? certAuthorityTableName( ) : schema + certAuthorityTableName( ) ) )
1876 {
1877 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority;
1878 if ( !isReadOnly() )
1879 {
1880 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateCertificateAuthority;
1881 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateCertificateAuthority;
1882 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority;
1883 }
1884 }
1885
1886 if ( existingTables.contains( schema.isEmpty() ? certTrustPolicyTableName( ) : schema + certTrustPolicyTableName( ) ) )
1887 {
1888 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy;
1889 if ( !isReadOnly() )
1890 {
1891 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateCertificateTrustPolicy;
1892 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateCertificateTrustPolicy;
1893 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy;
1894 }
1895 }
1896
1897 // Any delete capability will set ClearStorage
1898 if ( ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword ) ||
1899 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteConfiguration ) ||
1900 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteSetting ) ||
1901 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity ) ||
1902 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig ) ||
1903 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority ) ||
1904 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy ) )
1905 {
1906 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ClearStorage;
1907 }
1908
1909}
1910
1911QgsAuthMethodConfig QgsAuthConfigurationStorageDb::loadMethodConfig( const QString &id, QString &payload, bool full ) const
1912{
1913 QMutexLocker locker( &mMutex );
1914
1915 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
1916
1917 QgsAuthMethodConfig config;
1918
1919 if ( !authDbOpen() )
1920 {
1921 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ), Qgis::MessageLevel::Critical );
1922 return config;
1923 }
1924
1925 QSqlQuery query( authDatabaseConnection() );
1926
1927 if ( full )
1928 {
1929 query.prepare( QStringLiteral( "SELECT name, uri, type, version, config FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1930 }
1931 else
1932 {
1933 query.prepare( QStringLiteral( "SELECT name, uri, type, version FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1934 }
1935
1936 query.bindValue( QStringLiteral( ":id" ), id );
1937
1938 if ( !authDbQuery( &query ) )
1939 {
1940 return config;
1941 }
1942
1943 if ( query.isActive() && query.isSelect() )
1944 {
1945 if ( query.first() )
1946 {
1947 config.setId( id );
1948 config.setName( query.value( 0 ).toString() );
1949 config.setUri( query.value( 1 ).toString() );
1950 config.setMethod( query.value( 2 ).toString() );
1951 config.setVersion( query.value( 3 ).toInt() );
1952 if ( full )
1953 {
1954 payload = query.value( 4 ).toString();
1955 }
1956 }
1957 if ( query.next() )
1958 {
1959 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one configuration IDs for '%1'" ).arg( id ), Qgis::MessageLevel::Warning );
1960 }
1961 }
1962
1963 return config;
1964}
1965
1966bool QgsAuthConfigurationStorageDb::storeMethodConfig( const QgsAuthMethodConfig &config, const QString &payload )
1967{
1968 QMutexLocker locker( &mMutex );
1969
1970 if ( methodConfigExists( config.id() ) )
1971 {
1972 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateConfiguration );
1973 }
1974 else
1975 {
1976 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateConfiguration );
1977 }
1978
1979 if ( !authDbOpen() )
1980 {
1981 setError( tr( "Auth db could not be opened" ) );
1982 return false;
1983 }
1984
1985 if ( payload.isEmpty() )
1986 {
1987 setError( tr( "Store config: FAILED because config string is empty" ), Qgis::MessageLevel::Warning );
1988 return false;
1989 }
1990
1991 if ( ! config.isValid( true ) )
1992 {
1993 setError( tr( "Store config: FAILED because config is invalid" ), Qgis::MessageLevel::Warning );
1994 return false;
1995 }
1996
1997 if ( methodConfigExists( config.id() ) )
1998 {
1999 removeMethodConfig( config.id() );
2000 }
2001
2002 QSqlQuery query( authDatabaseConnection() );
2003 query.prepare( QStringLiteral( "INSERT INTO %1 (id, name, uri, type, version, config) VALUES (:id, :name, :uri, :type, :version, :config)" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
2004 query.bindValue( QStringLiteral( ":id" ), config.id() );
2005 query.bindValue( QStringLiteral( ":name" ), config.name() );
2006 query.bindValue( QStringLiteral( ":uri" ), config.uri() );
2007 query.bindValue( QStringLiteral( ":type" ), config.method() );
2008 query.bindValue( QStringLiteral( ":version" ), config.version() );
2009 query.bindValue( QStringLiteral( ":config" ), payload );
2010
2011 if ( !authDbQuery( &query ) )
2012 {
2013 setError( tr( "Failed to store config '%1'" ).arg( config.id() ), Qgis::MessageLevel::Critical );
2014 return false;
2015 }
2016
2017 emit methodConfigChanged();
2018
2019 return true;
2020}
2021
2022bool QgsAuthConfigurationStorageDb::removeMethodConfig( const QString &id )
2023{
2024 QMutexLocker locker( &mMutex );
2025
2026 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteConfiguration );
2027
2028 if ( !authDbOpen() )
2029 {
2030 setError( tr( "Auth db could not be opened" ) );
2031 return false;
2032 }
2033
2034 QSqlQuery query( authDatabaseConnection() );
2035
2036 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
2037 query.bindValue( QStringLiteral( ":id" ), id );
2038
2039 if ( !authDbQuery( &query ) )
2040 {
2041 setError( tr( "Failed to remove config '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
2042 return false;
2043 }
2044
2045 if ( query.numRowsAffected() == 0 )
2046 {
2047 setError( tr( "Config '%1' does not exist" ).arg( id ), Qgis::MessageLevel::Warning );
2048 return false;
2049 }
2050
2051 emit methodConfigChanged();
2052
2053 return true;
2054}
2055
2056bool QgsAuthConfigurationStorageDb::methodConfigExists( const QString &id ) const
2057{
2058 QMutexLocker locker( &mMutex );
2059
2060 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
2061
2062 if ( !authDbOpen() )
2063 {
2064 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2065 return false;
2066 }
2067
2068 QSqlQuery query( authDatabaseConnection() );
2069
2070 query.prepare( QStringLiteral( "SELECT COUNT( id ) FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
2071 query.bindValue( QStringLiteral( ":id" ), id );
2072
2073 if ( !authDbQuery( &query ) )
2074 {
2075 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to query for config '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
2076 return false;
2077 }
2078
2079 if ( query.next() )
2080 {
2081 return query.value( 0 ).toInt() > 0;
2082 }
2083
2084 return false;
2085}
2086
2087bool QgsAuthConfigurationStorageDb::storeAuthSetting( const QString &key, const QString &value )
2088{
2089 QMutexLocker locker( &mMutex );
2090
2091 if ( authSettingExists( key ) )
2092 {
2093 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateSetting );
2094 removeAuthSetting( key );
2095 }
2096 else
2097 {
2098 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateSetting );
2099 }
2100
2101 if ( !authDbOpen() )
2102 {
2103 setError( tr( "Auth db could not be opened" ) );
2104 return false;
2105 }
2106
2107 QSqlQuery query( authDatabaseConnection() );
2108
2109 query.prepare( QStringLiteral( "INSERT INTO %1 (setting, value) VALUES (:setting, :value)" )
2110 .arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2111 query.bindValue( QStringLiteral( ":setting" ), key );
2112 query.bindValue( QStringLiteral( ":value" ), value );
2113
2114 if ( !authDbQuery( &query ) )
2115 {
2116 setError( tr( "Failed to set setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2117 return false;
2118 }
2119 else
2120 {
2121 emit authSettingsChanged();
2122 return true;
2123 }
2124}
2125
2126QString QgsAuthConfigurationStorageDb::loadAuthSetting( const QString &key ) const
2127{
2128 QMutexLocker locker( &mMutex );
2129
2130 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSetting );
2131
2132 if ( !authDbOpen() )
2133 {
2134 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2135 return QString();
2136 }
2137
2138 QSqlQuery query( authDatabaseConnection() );
2139
2140 query.prepare( QStringLiteral( "SELECT value FROM %1 WHERE setting = :setting" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2141 query.bindValue( QStringLiteral( ":setting" ), key );
2142
2143 if ( !authDbQuery( &query ) )
2144 {
2145 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to query for setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2146 return QString();
2147 }
2148
2149 if ( query.next() )
2150 {
2151 return query.value( 0 ).toString();
2152 }
2153
2154 // Not sure we need this warning, as it's not necessarily an error if the setting doesn't exist
2155 // const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Setting '%1' does not exist" ).arg( key ), Qgis::MessageLevel::Warning );
2156 QgsDebugMsgLevel( QStringLiteral( "Setting '%1' does not exist" ).arg( key ), 2 );
2157
2158 return QString();
2159}
2160
2161
2162bool QgsAuthConfigurationStorageDb::removeAuthSetting( const QString &key )
2163{
2164 QMutexLocker locker( &mMutex );
2165
2166 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSetting );
2167
2168 if ( !authDbOpen() )
2169 {
2170 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2171 return false;
2172 }
2173
2174 QSqlQuery query( authDatabaseConnection() );
2175
2176 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE setting = :setting" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2177 query.bindValue( QStringLiteral( ":setting" ), key );
2178
2179 if ( !authDbQuery( &query ) )
2180 {
2181 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to remove setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2182 return false;
2183 }
2184
2185 if ( query.numRowsAffected() == 0 )
2186 {
2187 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Setting '%1' does not exist" ).arg( key ), Qgis::MessageLevel::Warning );
2188 return false;
2189 }
2190
2191 emit authSettingsChanged();
2192
2193 return true;
2194}
2195
2196bool QgsAuthConfigurationStorageDb::authSettingExists( const QString &key ) const
2197{
2198 QMutexLocker locker( &mMutex );
2199
2200 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSetting );
2201
2202 if ( !authDbOpen() )
2203 {
2204 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2205 return false;
2206 }
2207
2208 QSqlQuery query( authDatabaseConnection() );
2209
2210 query.prepare( QStringLiteral( "SELECT COUNT(value) FROM %1 WHERE setting = :setting" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2211 query.bindValue( QStringLiteral( ":setting" ), key );
2212
2213 if ( !authDbQuery( &query ) )
2214 {
2215 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to query for setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2216 return false;
2217 }
2218
2219 if ( query.next() )
2220 {
2221 return query.value( 0 ).toInt() > 0;
2222 }
2223
2224 return false;
2225}
2226
2227
2228
2229bool QgsAuthConfigurationStorageDb::clearTables( const QStringList &tables )
2230{
2231 QMutexLocker locker( &mMutex );
2232
2233 if ( !authDbOpen() )
2234 {
2235 setError( tr( "Auth db could not be opened" ) );
2236 return false;
2237 }
2238
2239 QSqlQuery query( authDatabaseConnection() );
2240
2241 for ( const auto &table : std::as_const( tables ) )
2242 {
2243
2244 // Check if the table exists
2245 if ( ! tableExists( table ) )
2246 {
2247 setError( tr( "Failed to empty table '%1': table does not exist" ).arg( table ), Qgis::MessageLevel::Warning );
2248 continue;
2249 }
2250
2251 // Check whether the table supports deletion
2252 if ( table.compare( methodConfigTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2253 {
2254 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteConfiguration );
2255 }
2256 else if ( table.compare( authSettingsTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2257 {
2258 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSetting );
2259 }
2260 else if ( table.compare( certIdentityTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2261 {
2262 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity );
2263 }
2264 else if ( table.compare( sslCertCustomConfigTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2265 {
2266 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig );
2267 }
2268 else if ( table.compare( certAuthorityTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2269 {
2270 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority );
2271 }
2272 else if ( table.compare( certTrustPolicyTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2273 {
2274 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy );
2275 }
2276 else if ( table.compare( masterPasswordTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2277 {
2278 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword );
2279 }
2280 else
2281 {
2282 // Unsupported table: it should not happen!
2283 throw QgsNotSupportedException( tr( "Failed to empty table '%1': unsupported table" ).arg( table ) );
2284 }
2285
2286 query.prepare( QStringLiteral( "DELETE FROM %1" ).arg( quotedQualifiedIdentifier( table ) ) );
2287
2288 if ( !authDbQuery( &query ) )
2289 {
2290 setError( tr( "Failed to empty table '%1'" ).arg( quotedQualifiedIdentifier( table ) ) );
2291 return false;
2292 }
2293 }
2294 return true;
2295}
2296
2297bool QgsAuthConfigurationStorageDb::tableExists( const QString &table ) const
2298{
2299 QString schema { mConfiguration.value( QStringLiteral( "schema" ) ).toString() };
2300 if ( ! schema.isEmpty() )
2301 {
2302 schema += '.';
2303 }
2304 return authDatabaseConnection().tables().contains( schema + table );
2305}
2306
2307const QMap<QString, QVariant> QgsAuthConfigurationStorageDb::uriToSettings( const QString &uri )
2308{
2309 QUrl url( uri );
2310 QMap<QString, QVariant> settings;
2311
2312 if ( url.isValid() )
2313 {
2314 settings.insert( QStringLiteral( "driver" ), url.scheme().toUpper() );
2315 settings.insert( QStringLiteral( "host" ), url.host() );
2316 settings.insert( QStringLiteral( "port" ), QString::number( url.port() ) );
2317 QString path { url.path() };
2318 // Remove leading slash from the path unless the driver is QSQLITE or QSPATIALITE
2319 if ( path.startsWith( QLatin1Char( '/' ) ) &&
2320 !( settings.value( QStringLiteral( "driver" ) ) == QLatin1String( "QSQLITE" ) ||
2321 settings.value( QStringLiteral( "driver" ) ) == QLatin1String( "QSPATIALITE" ) ) )
2322 {
2323 path = path.mid( 1 );
2324 }
2325 settings.insert( QStringLiteral( "database" ), path );
2326 settings.insert( QStringLiteral( "user" ), url.userName() );
2327 settings.insert( QStringLiteral( "password" ), url.password() );
2328 QUrlQuery query{ url };
2329
2330 // Extract the schema from the query string
2331 QString schemaName { query.queryItemValue( QStringLiteral( "schema" ) ) };
2332 if ( schemaName.isEmpty() )
2333 {
2334 schemaName = query.queryItemValue( QStringLiteral( "SCHEMA" ) );
2335 }
2336
2337 if ( ! schemaName.isEmpty() )
2338 {
2339 settings.insert( QStringLiteral( "schema" ), schemaName );
2340 query.removeAllQueryItems( QStringLiteral( "schema" ) );
2341 query.removeAllQueryItems( QStringLiteral( "SCHEMA" ) );
2342 }
2343
2344 settings.insert( QStringLiteral( "options" ), query.toString() );
2345 }
2346 return settings;
2347}
2348
2349bool QgsAuthConfigurationStorageDb::clearMethodConfigs()
2350{
2351 if ( clearTables( {{ methodConfigTableName( ) }} ) )
2352 {
2353 emit methodConfigChanged();
2354 return true;
2355 }
2356 else
2357 {
2358 return false;
2359 }
2360}
2361
2362bool QgsAuthConfigurationStorageDb::erase()
2363{
2364
2365 checkCapability( Qgis::AuthConfigurationStorageCapability::ClearStorage );
2366
2367 if ( clearTables( {{
2368 methodConfigTableName(),
2369 authSettingsTableName(),
2370 certIdentityTableName(),
2371 sslCertCustomConfigTableName(),
2372 certAuthorityTableName(),
2373 certTrustPolicyTableName(),
2374 masterPasswordTableName()
2375 }} ) )
2376 {
2377 emit storageChanged( id( ) );
2378 return true;
2379 }
2380 else
2381 {
2382 return false;
2383 }
2384}
2385
2386bool QgsAuthConfigurationStorageDb::isReady() const
2387{
2388 QMutexLocker locker( &mMutex );
2389 return mIsReady;
2390}
Qgis::AuthConfigurationStorageCapabilities
QFlags< AuthConfigurationStorageCapability > AuthConfigurationStorageCapabilities
Authentication configuration storage capabilities.
Definition qgis.h:145
Qgis::Warning
@ Warning
Warning message.
Definition qgis.h:156
Qgis::Critical
@ Critical
Critical/error message.
Definition qgis.h:157
Qgis::AuthConfigurationStorageCapability::CreateSetting
@ CreateSetting
Can create a new authentication setting.
Qgis::AuthConfigurationStorageCapability::UpdateSetting
@ UpdateSetting
Can update the authentication setting.
Qgis::AuthConfigurationStorageCapability::CreateConfiguration
@ CreateConfiguration
Can create a new authentication configuration.
Qgis::AuthConfigurationStorageCapability::ClearStorage
@ ClearStorage
Can clear all configurations from storage.
Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority
@ DeleteCertificateAuthority
Can delete a certificate authority.
Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig
@ DeleteSslCertificateCustomConfig
Can delete a SSL certificate custom config.
Qgis::AuthConfigurationStorageCapability::DeleteSetting
@ DeleteSetting
Can delete the authentication setting.
Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig
@ ReadSslCertificateCustomConfig
Can read a SSL certificate custom config.
Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword
@ DeleteMasterPassword
Can delete the master password.
Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig
@ CreateSslCertificateCustomConfig
Can create a new SSL certificate custom config.
Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy
@ ReadCertificateTrustPolicy
Can read a certificate trust policy.
Qgis::AuthConfigurationStorageCapability::ReadConfiguration
@ ReadConfiguration
Can read an authentication configuration.
Qgis::AuthConfigurationStorageCapability::UpdateConfiguration
@ UpdateConfiguration
Can update an authentication configuration.
Qgis::AuthConfigurationStorageCapability::UpdateCertificateTrustPolicy
@ UpdateCertificateTrustPolicy
Can update a certificate trust policy.
Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority
@ ReadCertificateAuthority
Can read a certificate authority.
Qgis::AuthConfigurationStorageCapability::CreateCertificateAuthority
@ CreateCertificateAuthority
Can create a new certificate authority.
Qgis::AuthConfigurationStorageCapability::DeleteConfiguration
@ DeleteConfiguration
Can deleet an authentication configuration.
Qgis::AuthConfigurationStorageCapability::ReadSetting
@ ReadSetting
Can read the authentication settings.
Qgis::AuthConfigurationStorageCapability::UpdateMasterPassword
@ UpdateMasterPassword
Can update the master password.
Qgis::AuthConfigurationStorageCapability::UpdateCertificateAuthority
@ UpdateCertificateAuthority
Can update a certificate authority.
Qgis::AuthConfigurationStorageCapability::CreateCertificateIdentity
@ CreateCertificateIdentity
Can create a new certificate identity.
Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity
@ ReadCertificateIdentity
Can read a certificate identity.
Qgis::AuthConfigurationStorageCapability::CreateCertificateTrustPolicy
@ CreateCertificateTrustPolicy
Can create a new certificate trust policy.
Qgis::AuthConfigurationStorageCapability::ReadMasterPassword
@ ReadMasterPassword
Can read the master password.
Qgis::AuthConfigurationStorageCapability::CreateMasterPassword
@ CreateMasterPassword
Can create a new master password.
Qgis::AuthConfigurationStorageCapability::UpdateCertificateIdentity
@ UpdateCertificateIdentity
Can update a certificate identity.
Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy
@ DeleteCertificateTrustPolicy
Can delete a certificate trust policy.
Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity
@ DeleteCertificateIdentity
Can delete a certificate identity.
Qgis::AuthConfigurationStorageCapability::UpdateSslCertificateCustomConfig
@ UpdateSslCertificateCustomConfig
Can update a SSL certificate custom config.
QgsAuthCertUtils::shaHexForCert
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
Definition qgsauthcertutils.cpp:735
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition qgsauthcertutils.h:54
QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition qgsauthconfig.h:390
QgsAuthConfigSslServer::setSslCertificate
void setSslCertificate(const QSslCertificate &cert)
Sets server certificate object.
Definition qgsauthconfig.h:398
QgsAuthConfigSslServer::setSslHostPort
void setSslHostPort(const QString &hostport)
Sets server host:port string.
Definition qgsauthconfig.h:403
QgsAuthConfigSslServer::sslCertificate
const QSslCertificate sslCertificate() const
Server certificate object.
Definition qgsauthconfig.h:396
QgsAuthConfigSslServer::sslHostPort
const QString sslHostPort() const
Server host:port string.
Definition qgsauthconfig.h:401
QgsAuthConfigSslServer::configString
const QString configString() const
Configuration as a concatenated string.
Definition qgsauthconfig.cpp:385
QgsAuthConfigSslServer::loadConfigString
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g. from auth database.
Definition qgsauthconfig.cpp:406
QgsAuthConfigurationStorageDb
QSqlDatabase based implementation of QgsAuthConfigurationStorage.
Definition qgsauthconfigurationstoragedb.h:33
QgsAuthConfigurationStorageDb::QgsAuthConfigurationStorageDb
QgsAuthConfigurationStorageDb(const QMap< QString, QVariant > &settings)
Creates a new QgsAuthConfigurationStorageDb instance from the specified settings.
Definition qgsauthconfigurationstoragedb.cpp:30
QgsAuthConfigurationStorageDb::removeCertTrustPolicy
bool removeCertTrustPolicy(const QSslCertificate &cert) override
Remove certificate trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1296
QgsAuthConfigurationStorageDb::authDbTransactionQuery
bool authDbTransactionQuery(QSqlQuery *query)
Executes the specified query on the database using a transaction.
Definition qgsauthconfigurationstoragedb.cpp:214
QgsAuthConfigurationStorageDb::tableExists
virtual bool tableExists(const QString &table) const
Returns true if the specified table exists in the database, false otherwise.
Definition qgsauthconfigurationstoragedb.cpp:2297
QgsAuthConfigurationStorageDb::storeCertTrustPolicy
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy) override
Store certificate trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1177
QgsAuthConfigurationStorageDb::certAuthorityIds
QStringList certAuthorityIds() const override
Returns the list of certificate authority IDs in the storage.
Definition qgsauthconfigurationstoragedb.cpp:893
QgsAuthConfigurationStorageDb::loadSslCertCustomConfigByHost
const QgsAuthConfigSslServer loadSslCertCustomConfigByHost(const QString &hostport) const override
Loads an SSL certificate custom config by hostport (host:port)
Definition qgsauthconfigurationstoragedb.cpp:725
QgsAuthConfigurationStorageDb::loadAuthSetting
QString loadAuthSetting(const QString &key) const override
Load an authentication setting from the storage.
Definition qgsauthconfigurationstoragedb.cpp:2126
QgsAuthConfigurationStorageDb::removeAuthSetting
bool removeAuthSetting(const QString &key) override
Remove an authentication setting from the storage.
Definition qgsauthconfigurationstoragedb.cpp:2162
QgsAuthConfigurationStorageDb::caCertsPolicy
const QMap< QString, QgsAuthCertUtils::CertTrustPolicy > caCertsPolicy() const override
Returns the map of CA certificates hashes in the storages and their trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1102
QgsAuthConfigurationStorageDb::loadCertTrustPolicy
QgsAuthCertUtils::CertTrustPolicy loadCertTrustPolicy(const QSslCertificate &cert) const override
Load certificate trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1251
QgsAuthConfigurationStorageDb::sslCertCustomConfigExists
bool sslCertCustomConfigExists(const QString &id, const QString &hostport) override
Check if SSL certificate custom config exists.
Definition qgsauthconfigurationstoragedb.cpp:804
QgsAuthConfigurationStorageDb::checkCapabilities
virtual void checkCapabilities()
Checks the capabilities of the storage.
Definition qgsauthconfigurationstoragedb.cpp:1796
QgsAuthConfigurationStorageDb::authDbQuery
bool authDbQuery(QSqlQuery *query, const QString &sql=QString()) const
Runs the specified query on the database.
Definition qgsauthconfigurationstoragedb.cpp:164
QgsAuthConfigurationStorageDb::storeAuthSetting
bool storeAuthSetting(const QString &key, const QString &value) override
Store an authentication setting in the storage.
Definition qgsauthconfigurationstoragedb.cpp:2087
QgsAuthConfigurationStorageDb::removeCertIdentity
bool removeCertIdentity(const QSslCertificate &cert) override
Remove a certificate identity from the storage.
Definition qgsauthconfigurationstoragedb.cpp:327
QgsAuthConfigurationStorageDb::loadCertIdentityBundle
const QPair< QSslCertificate, QString > loadCertIdentityBundle(const QString &id) const override
Returns a certificate identity bundle by id (sha hash).
Definition qgsauthconfigurationstoragedb.cpp:403
QgsAuthConfigurationStorageDb::masterPasswords
const QList< QgsAuthConfigurationStorage::MasterPasswordConfig > masterPasswords() const override
Returns the list of (encrypted) master passwords stored in the database.
Definition qgsauthconfigurationstoragedb.cpp:1378
QgsAuthConfigurationStorageDb::clearMethodConfigs
bool clearMethodConfigs() override
Remove all authentications configurations from the storage.
Definition qgsauthconfigurationstoragedb.cpp:2349
QgsAuthConfigurationStorageDb::createCertTables
bool createCertTables()
Creates the certificate tables in the database.
Definition qgsauthconfigurationstoragedb.cpp:1596
QgsAuthConfigurationStorageDb::storeSslCertCustomConfig
bool storeSslCertCustomConfig(const QgsAuthConfigSslServer &config) override
Store an SSL certificate custom config.
Definition qgsauthconfigurationstoragedb.cpp:598
QgsAuthConfigurationStorageDb::certIdentityTableName
virtual QString certIdentityTableName() const
Returns the name of the table used to store the certificate identities.
Definition qgsauthconfigurationstoragedb.cpp:1464
QgsAuthConfigurationStorageDb::authDbOpen
bool authDbOpen() const
Opens the connction to the database.
Definition qgsauthconfigurationstoragedb.cpp:142
QgsAuthConfigurationStorageDb::quotedQualifiedIdentifier
virtual QString quotedQualifiedIdentifier(const QString &identifier, bool isIndex=false) const
Returns the quoted identifier, prefixed with the schema (if not null), ready for the insertion into a...
Definition qgsauthconfigurationstoragedb.cpp:1489
QgsAuthConfigurationStorageDb::methodConfigExists
bool methodConfigExists(const QString &id) const override
Check if an authentication configuration exists in the storage.
Definition qgsauthconfigurationstoragedb.cpp:2056
QgsAuthConfigurationStorageDb::methodConfigTableName
virtual QString methodConfigTableName() const
Returns the name of the table used to store the method configurations.
Definition qgsauthconfigurationstoragedb.cpp:1454
QgsAuthConfigurationStorageDb::authDatabaseConnection
QSqlDatabase authDatabaseConnection() const
Returns the database connection used by this storage.
Definition qgsauthconfigurationstoragedb.cpp:64
QgsAuthConfigurationStorageDb::settingsParameters
QList< QgsAuthConfigurationStorage::SettingParameter > settingsParameters() const override
Returns a list of the settings accepted by the storage.
Definition qgsauthconfigurationstoragedb.cpp:266
QgsAuthConfigurationStorageDb::certIdentityIds
QStringList certIdentityIds() const override
certIdentityIds get list of certificate identity ids from database
Definition qgsauthconfigurationstoragedb.cpp:494
QgsAuthConfigurationStorageDb::storeMasterPassword
bool storeMasterPassword(const QgsAuthConfigurationStorage::MasterPasswordConfig &config) override
Store a master password in the database.
Definition qgsauthconfigurationstoragedb.cpp:1411
QgsAuthConfigurationStorageDb::isReady
bool isReady() const override
Returns true is the storage is ready to be used.
Definition qgsauthconfigurationstoragedb.cpp:2386
QgsAuthConfigurationStorageDb::initialize
bool initialize() override
Initializes the storage.
Definition qgsauthconfigurationstoragedb.cpp:235
QgsAuthConfigurationStorageDb::storeMethodConfig
bool storeMethodConfig(const QgsAuthMethodConfig &mconfig, const QString &payload) override
Store an authentication config in the database.
Definition qgsauthconfigurationstoragedb.cpp:1966
QgsAuthConfigurationStorageDb::removeCertAuthority
bool removeCertAuthority(const QSslCertificate &cert) override
Remove a certificate authority.
Definition qgsauthconfigurationstoragedb.cpp:1059
QgsAuthConfigurationStorageDb::loadCertIdentity
const QSslCertificate loadCertIdentity(const QString &id) const override
certIdentity get a certificate identity by id (sha hash)
Definition qgsauthconfigurationstoragedb.cpp:355
QgsAuthConfigurationStorageDb::sslCertCustomConfigs
const QList< QgsAuthConfigSslServer > sslCertCustomConfigs() const override
sslCertCustomConfigs get SSL certificate custom configs
Definition qgsauthconfigurationstoragedb.cpp:769
QgsAuthConfigurationStorageDb::authMethodConfigs
QgsAuthMethodConfigsMap authMethodConfigs(const QStringList &allowedMethods=QStringList()) const override
Returns a mapping of authentication configurations available from this storage.
Definition qgsauthconfigurationstoragedb.cpp:1702
QgsAuthConfigurationStorageDb::caCerts
const QList< QSslCertificate > caCerts() const override
Returns the list of CA certificates in the storage.
Definition qgsauthconfigurationstoragedb.cpp:1137
QgsAuthConfigurationStorageDb::certTrustPolicyExists
bool certTrustPolicyExists(const QSslCertificate &cert) const override
Check if certificate trust policy exists.
Definition qgsauthconfigurationstoragedb.cpp:1338
QgsAuthConfigurationStorageDb::createConfigTables
bool createConfigTables()
Creates the configuration tables in the database.
Definition qgsauthconfigurationstoragedb.cpp:1542
QgsAuthConfigurationStorageDb::authSettingsTableName
virtual QString authSettingsTableName() const
Returns the name of the table used to store the auth settings.
Definition qgsauthconfigurationstoragedb.cpp:1459
QgsAuthConfigurationStorageDb::loadCertAuthority
const QSslCertificate loadCertAuthority(const QString &id) const override
certAuthority get a certificate authority by id (sha hash)
Definition qgsauthconfigurationstoragedb.cpp:970
QgsAuthConfigurationStorageDb::certTrustPolicyTableName
virtual QString certTrustPolicyTableName() const
Returns the name of the table used to store the certificate trust policies.
Definition qgsauthconfigurationstoragedb.cpp:1479
QgsAuthConfigurationStorageDb::removeMethodConfig
bool removeMethodConfig(const QString &id) override
Removes the authentication configuration with the specified id.
Definition qgsauthconfigurationstoragedb.cpp:2022
QgsAuthConfigurationStorageDb::authMethodConfigsWithPayload
QgsAuthMethodConfigsMap authMethodConfigsWithPayload() const override
Returns a mapping of authentication configurations available from this storage.
Definition qgsauthconfigurationstoragedb.cpp:1752
QgsAuthConfigurationStorageDb::sslCertCustomConfigTableName
virtual QString sslCertCustomConfigTableName() const
Returns the name of the table used to store the SSL custom configurations.
Definition qgsauthconfigurationstoragedb.cpp:1469
QgsAuthConfigurationStorageDb::id
QString id() const override
Returns the unique identifier of the storage object.
Definition qgsauthconfigurationstoragedb.cpp:1524
QgsAuthConfigurationStorageDb::certIdentityExists
bool certIdentityExists(const QString &id) const override
Check if the certificate identity exists.
Definition qgsauthconfigurationstoragedb.cpp:524
QgsAuthConfigurationStorageDb::type
QString type() const override
Returns the type of the storage implementation.
Definition qgsauthconfigurationstoragedb.cpp:1514
QgsAuthConfigurationStorageDb::certAuthorityExists
bool certAuthorityExists(const QSslCertificate &cert) const override
Check if a certificate authority exists.
Definition qgsauthconfigurationstoragedb.cpp:1013
QgsAuthConfigurationStorageDb::loadMethodConfig
QgsAuthMethodConfig loadMethodConfig(const QString &id, QString &payload, bool full=false) const override
Load an authentication configuration from the database.
Definition qgsauthconfigurationstoragedb.cpp:1911
QgsAuthConfigurationStorageDb::storeCertIdentity
bool storeCertIdentity(const QSslCertificate &cert, const QString &keyPem) override
Store a certificate identity in the storage.
Definition qgsauthconfigurationstoragedb.cpp:283
QgsAuthConfigurationStorageDb::erase
bool erase() override
Completely erase the storage removing all configurations/certs/settings etc.
Definition qgsauthconfigurationstoragedb.cpp:2362
QgsAuthConfigurationStorageDb::certAuthorityTableName
virtual QString certAuthorityTableName() const
Returns the name of the table used to store the certificate authorities.
Definition qgsauthconfigurationstoragedb.cpp:1474
QgsAuthConfigurationStorageDb::removeSslCertCustomConfig
bool removeSslCertCustomConfig(const QString &id, const QString &hostport) override
Remove an SSL certificate custom config.
Definition qgsauthconfigurationstoragedb.cpp:850
QgsAuthConfigurationStorageDb::certIdentities
const QList< QSslCertificate > certIdentities() const override
certIdentities get certificate identities
Definition qgsauthconfigurationstoragedb.cpp:459
QgsAuthConfigurationStorageDb::clearMasterPasswords
bool clearMasterPasswords() override
Remove all master passwords from the database.
Definition qgsauthconfigurationstoragedb.cpp:1438
QgsAuthConfigurationStorageDb::description
QString description() const override
Returns a human readable localized description of the storage implementation (e.g.
Definition qgsauthconfigurationstoragedb.cpp:1519
QgsAuthConfigurationStorageDb::name
QString name() const override
Returns a human readable localized short name of the storage implementation (e.g "SQLite").
Definition qgsauthconfigurationstoragedb.cpp:1509
QgsAuthConfigurationStorageDb::masterPasswordTableName
virtual QString masterPasswordTableName() const
Returns the name of the table used to store the master passwords.
Definition qgsauthconfigurationstoragedb.cpp:1484
QgsAuthConfigurationStorageDb::authSettingExists
bool authSettingExists(const QString &key) const override
Check if an authentication setting exists in the storage.
Definition qgsauthconfigurationstoragedb.cpp:2196
QgsAuthConfigurationStorageDb::storeCertAuthority
bool storeCertAuthority(const QSslCertificate &cert) override
Store a certificate authority.
Definition qgsauthconfigurationstoragedb.cpp:923
QgsAuthConfigurationStorageDb::loadSslCertCustomConfig
const QgsAuthConfigSslServer loadSslCertCustomConfig(const QString &id, const QString &hostport) const override
Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)
Definition qgsauthconfigurationstoragedb.cpp:679
QgsAuthConfigurationStorageDb::sslCertCustomConfigIds
QStringList sslCertCustomConfigIds() const override
Returns the list of SSL certificate custom config ids.
Definition qgsauthconfigurationstoragedb.cpp:648
QgsAuthConfigurationStorage
Abstract class that defines the interface for all authentication configuration storage implementation...
Definition qgsauthconfigurationstorage.h:37
QgsAuthConfigurationStorage::mConfiguration
QMap< QString, QVariant > mConfiguration
Store the implementation-specific configuration.
Definition qgsauthconfigurationstorage.h:583
QgsAuthConfigurationStorage::readOnlyChanged
void readOnlyChanged(bool readOnly)
Emitted when the storage read-only status was changed.
QgsAuthConfigurationStorage::certIdentityChanged
void certIdentityChanged()
Emitted when the storage cert identity table was changed.
QgsAuthConfigurationStorage::methodConfigChanged
void methodConfigChanged()
Emitted when the storage method config table was changed.
QgsAuthConfigurationStorage::setError
void setError(const QString &error, Qgis::MessageLevel level=Qgis::MessageLevel::Critical)
Set the last error message to error with message level level.
Definition qgsauthconfigurationstorage.cpp:85
QgsAuthConfigurationStorage::capabilities
Qgis::AuthConfigurationStorageCapabilities capabilities() const
Returns the capabilities of the storage.
Definition qgsauthconfigurationstorage.cpp:75
QgsAuthConfigurationStorage::loggerTag
virtual QString loggerTag() const
Returns the logger tag for the storage.
Definition qgsauthconfigurationstorage.cpp:112
QgsAuthConfigurationStorage::isEnabled
bool isEnabled() const
Returns true if the storage is enabled.
Definition qgsauthconfigurationstorage.cpp:91
QgsAuthConfigurationStorage::sslCertTrustPolicyChanged
void sslCertTrustPolicyChanged()
Emitted when the storage ssl cert trust policy table was changed.
QgsAuthConfigurationStorage::masterPasswordChanged
void masterPasswordChanged()
Emitted when the storage master password table was changed.
QgsAuthConfigurationStorage::certAuthorityChanged
void certAuthorityChanged()
Emitted when the storage cert authority table was changed.
QgsAuthConfigurationStorage::messageLog
void messageLog(const QString &message, const QString &tag=QStringLiteral("Authentication"), Qgis::MessageLevel level=Qgis::MessageLevel::Info)
Custom logging signal to relay to console output and QgsMessageLog.
QgsAuthConfigurationStorage::sslCertCustomConfigChanged
void sslCertCustomConfigChanged()
Emitted when the storage ssl cert custom config table was changed.
QgsAuthConfigurationStorage::authSettingsChanged
void authSettingsChanged()
Emitted when the storage auth settings table was changed.
QgsAuthConfigurationStorage::storageChanged
void storageChanged(const QString &id)
Emitted when the storage was updated.
QgsAuthConfigurationStorage::lastError
virtual QString lastError() const
Returns the last error message.
Definition qgsauthconfigurationstorage.cpp:70
QgsAuthConfigurationStorage::checkCapability
void checkCapability(Qgis::AuthConfigurationStorageCapability capability) const
Utility to check capability and throw QgsNotSupportedException if not supported.
Definition qgsauthconfigurationstorage.cpp:117
QgsAuthConfigurationStorage::isReadOnly
virtual bool isReadOnly() const
Returns true if the storage is read-only, false otherwise.
Definition qgsauthconfigurationstorage.cpp:64
QgsAuthConfigurationStorage::settings
QMap< QString, QVariant > settings() const
Returns the settings of the storage.
Definition qgsauthconfigurationstorage.cpp:106
QgsAuthConfigurationStorage::mCapabilities
Qgis::AuthConfigurationStorageCapabilities mCapabilities
Store the capabilities of the storage.
Definition qgsauthconfigurationstorage.h:588
QgsAuthMethodConfig
Configuration storage class for authentication method configurations.
Definition qgsauthconfig.h:42
QgsAuthMethodConfig::isValid
bool isValid(bool validateid=false) const
Whether the configuration is valid.
Definition qgsauthconfig.cpp:66
QgsAuthMethodConfig::method
QString method() const
Textual key of the associated authentication method.
Definition qgsauthconfig.h:75
QgsAuthMethodConfig::uri
const QString uri() const
A URI to auto-select a config when connecting to a resource.
Definition qgsauthconfig.h:71
QgsAuthMethodConfig::setName
void setName(const QString &name)
Sets name of configuration.
Definition qgsauthconfig.h:68
QgsAuthMethodConfig::setVersion
void setVersion(int version)
Sets version of the configuration.
Definition qgsauthconfig.h:81
QgsAuthMethodConfig::name
const QString name() const
Gets name of configuration.
Definition qgsauthconfig.h:66
QgsAuthMethodConfig::id
const QString id() const
Gets 'authcfg' 7-character alphanumeric ID of the config.
Definition qgsauthconfig.h:61
QgsAuthMethodConfig::setConfig
void setConfig(const QString &key, const QString &value)
Set a single config value per key in the map.
Definition qgsauthconfig.cpp:114
QgsAuthMethodConfig::version
int version() const
Gets version of the configuration.
Definition qgsauthconfig.h:79
QgsAuthMethodConfig::setMethod
void setMethod(const QString &method)
Definition qgsauthconfig.h:76
QgsAuthMethodConfig::setUri
void setUri(const QString &uri)
Definition qgsauthconfig.h:72
QgsAuthMethodConfig::setId
void setId(const QString &id)
Sets auth config ID.
Definition qgsauthconfig.h:63
QgsNotSupportedException
Custom exception class which is raised when an operation is not supported.
Definition qgsexception.h:118
str
#define str(x)
Definition qgis.cpp:38
QgsAuthMethodConfigsMap
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
Definition qgsauthconfig.h:197
QgsDebugMsgLevel
#define QgsDebugMsgLevel(str, level)
Definition qgslogger.h:39
QgsDebugError
#define QgsDebugError(str)
Definition qgslogger.h:38
QgsAuthConfigurationStorage::MasterPasswordConfig
Structure that holds the (encrypted) master password elements.
Definition qgsauthconfigurationstorage.h:46
Generated on Fri Sep 20 2024 20:39:08 for QGIS API Documentation by doxygen 1.9.8