18#include "moc_qgsauthsslconfigwidget.cpp"
21#include <QDialogButtonBox>
32static void setItemBold_( QTreeWidgetItem *item )
34 item->setFirstColumnSpanned(
true );
35 QFont secf( item->font( 0 ) );
37 item->setFont( 0, secf );
40static const QString configFoundText_() {
return QObject::tr(
"Configuration loaded from database" ); }
41static const QString configNotFoundText_() {
return QObject::tr(
"Configuration not found in database" ); }
44 const QSslCertificate &cert,
45 const QString &hostport,
46 const QList<QSslCertificate> &connectionCAs )
49 , mConnectionCAs( connectionCAs )
54 mAuthNotifyLayout =
new QVBoxLayout;
55 this->setLayout( mAuthNotifyLayout );
57 mAuthNotifyLayout->addWidget( mAuthNotify );
62 connect( btnCertInfo, &QToolButton::clicked,
this, &QgsAuthSslConfigWidget::btnCertInfo_clicked );
70 lblLoadedConfig->setVisible(
false );
71 lblLoadedConfig->clear();
73 connect( leHost, &QLineEdit::textChanged,
98 return grpbxSslConfig;
102QTreeWidgetItem *QgsAuthSslConfigWidget::addRootItem(
const QString &label )
104 QTreeWidgetItem *item =
new QTreeWidgetItem(
105 QStringList() << label,
106 static_cast<int>( ConfigParent ) );
107 setItemBold_( item );
108 item->setTextAlignment( 0, Qt::AlignVCenter );
109 item->setFlags( item->flags() & ~Qt::ItemIsSelectable );
110 treeSslConfig->insertTopLevelItem( treeSslConfig->topLevelItemCount(), item );
115void QgsAuthSslConfigWidget::setUpSslConfigTree()
117 treeSslConfig->setColumnCount( 1 );
120 mProtocolItem = addRootItem( tr(
"Protocol" ) );
121 mProtocolCmbBx =
new QComboBox( treeSslConfig );
123 static_cast<int>( QSsl::SecureProtocols ) );
125 static_cast<int>( QSsl::TlsV1_0 ) );
126 mProtocolCmbBx->setMaximumWidth( 300 );
127 mProtocolCmbBx->setCurrentIndex( 0 );
128 QTreeWidgetItem *protocolitem =
new QTreeWidgetItem(
130 QStringList() << QString(),
131 static_cast<int>( ConfigItem ) );
132 protocolitem->setFlags( protocolitem->flags() & ~Qt::ItemIsSelectable );
133 treeSslConfig->setItemWidget( protocolitem, 0, mProtocolCmbBx );
134 mProtocolItem->setExpanded(
true );
136 mVerifyModeItem = addRootItem( tr(
"Peer verification" ) );
137 mVerifyPeerCmbBx =
new QComboBox( treeSslConfig );
138 mVerifyPeerCmbBx->addItem( tr(
"Verify Peer Certs" ),
139 static_cast<int>( QSslSocket::VerifyPeer ) );
140 mVerifyPeerCmbBx->addItem( tr(
"Do Not Verify Peer Certs" ),
141 static_cast<int>( QSslSocket::VerifyNone ) );
142 mVerifyPeerCmbBx->setMaximumWidth( 300 );
143 mVerifyPeerCmbBx->setCurrentIndex( 0 );
144 QTreeWidgetItem *peerverifycmbxitem =
new QTreeWidgetItem(
146 QStringList() << QString(),
147 static_cast<int>( ConfigItem ) );
148 peerverifycmbxitem->setFlags( peerverifycmbxitem->flags() & ~Qt::ItemIsSelectable );
149 treeSslConfig->setItemWidget( peerverifycmbxitem, 0, mVerifyPeerCmbBx );
150 mVerifyModeItem->setExpanded(
true );
152 mVerifyDepthItem = addRootItem( tr(
"Peer verification depth (0 = complete cert chain)" ) );
153 mVerifyDepthSpnBx =
new QSpinBox( treeSslConfig );
154 mVerifyDepthSpnBx->setMinimum( 0 );
155 mVerifyDepthSpnBx->setMaximum( 10 );
156 mVerifyDepthSpnBx->setMaximumWidth( 200 );
157 mVerifyDepthSpnBx->setAlignment( Qt::AlignHCenter );
158 QTreeWidgetItem *peerverifyspnbxitem =
new QTreeWidgetItem(
160 QStringList() << QString(),
161 static_cast<int>( ConfigItem ) );
162 peerverifyspnbxitem->setFlags( peerverifyspnbxitem->flags() & ~Qt::ItemIsSelectable );
163 treeSslConfig->setItemWidget( peerverifyspnbxitem, 0, mVerifyDepthSpnBx );
164 mVerifyDepthItem->setExpanded(
true );
166 mIgnoreErrorsItem = addRootItem( tr(
"Ignore errors" ) );
169 for (
int i = 0; i < errenums.size(); i++ )
171 QTreeWidgetItem *item =
new QTreeWidgetItem(
173 QStringList() << errenums.at( i ).second,
174 static_cast<int>( ConfigItem ) );
175 item->setCheckState( 0, Qt::Unchecked );
176 item->setTextAlignment( 0, Qt::AlignVCenter );
177 item->setFlags( item->flags() & ~Qt::ItemIsSelectable );
178 item->setData( 0, Qt::UserRole, errenums.at( i ).first );
180 mIgnoreErrorsItem->setExpanded(
true );
203 return QSslCertificate();
214 return leHost->text();
223 if ( grpbxSslConfig->isCheckable() )
225 grpbxSslConfig->setChecked( enable );
241 if ( !hostport.isEmpty() )
252 lblLoadedConfig->setVisible(
true );
260 lblLoadedConfig->setText( configNotFoundText_() );
276 QgsDebugError( QStringLiteral(
"Passed-in SSL custom config is null" ) );
283 QgsDebugError( QStringLiteral(
"SSL custom config's cert is null" ) );
295 lblLoadedConfig->setVisible(
true );
296 lblLoadedConfig->setText( configFoundText_() );
307 QgsDebugError( QStringLiteral(
"SSL custom config FAILED to store in authentication database" ) );
318 mConnectionCAs.clear();
319 leCommonName->clear();
320 leCommonName->setStyleSheet( QString() );
323 lblLoadedConfig->setVisible(
false );
324 lblLoadedConfig->clear();
335 return QSsl::UnknownProtocol;
337 return ( QSsl::SslProtocol )mProtocolCmbBx->currentData().toInt();
346 const int indx( mProtocolCmbBx->findData(
static_cast<int>( protocol ) ) );
347 mProtocolCmbBx->setCurrentIndex( indx );
356 mProtocolCmbBx->setCurrentIndex( 0 );
367 QList<QSslError::SslError> errenums;
368 const auto constErrors = errors;
369 for (
const QSslError &err : constErrors )
371 errenums << err.error();
374 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
376 QTreeWidgetItem *item( mIgnoreErrorsItem->child( i ) );
377 if ( errenums.contains( ( QSslError::SslError )item->data( 0, Qt::UserRole ).toInt() ) )
379 item->setCheckState( 0, Qt::Checked );
390 QList<QSslError> errors;
391 const auto constErrorenums = errorenums;
392 for (
const QSslError::SslError errorenum : constErrorenums )
394 errors << QSslError( errorenum );
405 if ( errors.isEmpty() )
412 QList<QSslError::SslError> errenums;
413 const auto constErrors = errors;
414 for (
const QSslError &err : constErrors )
416 errenums << err.error();
419 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
421 QTreeWidgetItem *item( mIgnoreErrorsItem->child( i ) );
422 const bool enable( errenums.contains( ( QSslError::SslError )item->data( 0, Qt::UserRole ).toInt() ) );
423 item->setCheckState( 0, enable ? Qt::Checked : Qt::Unchecked );
433 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
435 mIgnoreErrorsItem->child( i )->setCheckState( 0, Qt::Unchecked );
441 QList<QSslError::SslError> errs;
446 for (
int i = 0; i < mIgnoreErrorsItem->childCount(); i++ )
448 QTreeWidgetItem *item( mIgnoreErrorsItem->child( i ) );
449 if ( item->checkState( 0 ) == Qt::Checked )
451 errs.append( ( QSslError::SslError )item->data( 0, Qt::UserRole ).toInt() );
461 return QSslSocket::AutoVerifyPeer;
463 return ( QSslSocket::PeerVerifyMode )mVerifyPeerCmbBx->currentData().toInt();
472 return mVerifyDepthSpnBx->value();
483 const int indx( mVerifyPeerCmbBx->findData(
static_cast<int>( mode ) ) );
484 mVerifyPeerCmbBx->setCurrentIndex( indx );
486 mVerifyDepthSpnBx->setValue( modedepth );
495 mVerifyPeerCmbBx->setCurrentIndex( 0 );
496 mVerifyDepthSpnBx->setValue( 0 );
505 const bool cansave = ( isEnabled()
506 && ( grpbxSslConfig->isCheckable() ? grpbxSslConfig->isChecked() : true )
507 && validateHostPort( leHost->text() ) );
508 if ( mCanSave != cansave )
522 leHost->setText( host );
525bool QgsAuthSslConfigWidget::validateHostPort(
const QString &txt )
527 const QString hostport( txt );
528 if ( hostport.isEmpty() )
535 const QString urlbase( QStringLiteral(
"https://%1" ).arg( hostport ) );
536 const QUrl url( urlbase );
537 return ( !url.host().isEmpty() && QString::number( url.port() ).size() > 0
538 && QStringLiteral(
"https://%1:%2" ).arg( url.host() ).arg( url.port() ) == urlbase );
547 const bool valid = validateHostPort( txt );
559 grpbxSslConfig->setCheckable( checkable );
562 grpbxSslConfig->setEnabled(
true );
566void QgsAuthSslConfigWidget::btnCertInfo_clicked()
568 if ( mCert.isNull() )
574 dlg->setWindowModality( Qt::WindowModal );
575 dlg->resize( 675, 500 );
587 setWindowTitle( tr(
"Custom Certificate Configuration" ) );
588 QVBoxLayout *layout =
new QVBoxLayout(
this );
589 layout->setContentsMargins( 6, 6, 6, 6 );
593 this, &QgsAuthSslConfigDialog::checkCanSave );
594 layout->addWidget( mSslConfigWdgt );
596 QDialogButtonBox *buttonBox =
new QDialogButtonBox(
597 QDialogButtonBox::Close | QDialogButtonBox::Save, Qt::Horizontal,
this );
599 buttonBox->button( QDialogButtonBox::Close )->setDefault(
true );
600 mSaveButton = buttonBox->button( QDialogButtonBox::Save );
601 connect( buttonBox, &QDialogButtonBox::rejected,
this, &QWidget::close );
603 layout->addWidget( buttonBox );
606 mSaveButton->setEnabled( mSslConfigWdgt->
readyToSave() );
615void QgsAuthSslConfigDialog::checkCanSave(
bool cansave )
617 mSaveButton->setEnabled( cansave );
static QgsAuthManager * authManager()
Returns the application's authentication manager instance.
Dialog wrapper for widget displaying detailed info on a certificate and its hierarchical trust chain.
static QString resolvedCertName(const QSslCertificate &cert, bool issuer=false)
Gets the general name via RFC 5280 resolution.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
static QString getSslProtocolName(QSsl::SslProtocol protocol)
SSL Protocol name strings per enum.
static QList< QPair< QSslError::SslError, QString > > sslErrorEnumStrings()
Gets short strings describing SSL errors.
Configuration container for SSL server connection exceptions or overrides.
void setSslProtocol(QSsl::SslProtocol protocol)
Sets SSL server protocol to use in connections.
void setSslCertificate(const QSslCertificate &cert)
Sets server certificate object.
void setSslHostPort(const QString &hostport)
Sets server host:port string.
QSsl::SslProtocol sslProtocol() const
SSL server protocol to use in connections.
void setSslPeerVerifyMode(QSslSocket::PeerVerifyMode mode)
Sets SSL client's peer verify mode to use in connections.
void setSslPeerVerifyDepth(int depth)
Set number or SSL client's peer to verify in connections.
int sslPeerVerifyDepth() const
Number or SSL client's peer to verify in connections.
bool isNull() const
Whether configuration is null (missing components)
void setSslIgnoredErrorEnums(const QList< QSslError::SslError > &errors)
Sets SSL server errors (as enum list) to ignore in connections.
const QList< QSslError::SslError > sslIgnoredErrorEnums() const
SSL server errors (as enum list) to ignore in connections.
QSslSocket::PeerVerifyMode sslPeerVerifyMode() const
SSL client's peer verify mode to use in connections.
const QSslCertificate sslCertificate() const
Server certificate object.
const QString sslHostPort() const
Server host:port string.
static QString greenTextStyleSheet(const QString &selector="*")
Green text stylesheet representing valid, trusted, etc. certificate.
static QString redTextStyleSheet(const QString &selector="*")
Red text stylesheet representing invalid, untrusted, etc. certificate.
static QString orangeTextStyleSheet(const QString &selector="*")
Orange text stylesheet representing loaded component, but not stored in database.
QgsAuthSslConfigDialog(QWidget *parent=nullptr, const QSslCertificate &cert=QSslCertificate(), const QString &hostport=QString())
Construct wrapper dialog for the SSL config widget.
#define QgsDebugError(str)