QGIS API Documentation 3.41.0-Master (57ec4277f5e)
Loading...
Searching...
No Matches
qgsauthsslerrorsdialog.cpp
Go to the documentation of this file.
1/***************************************************************************
2 qgsauthsslerrorsdialog.cpp
3 ---------------------
4 begin : May 22, 2015
5 copyright : (C) 2015 by Boundless Spatial, Inc. USA
6 author : Larry Shaffer
7 email : lshaffer at boundlessgeo dot com
8 ***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16
19#include "moc_qgsauthsslerrorsdialog.cpp"
21
22#include <QDialogButtonBox>
23#include <QFont>
24#include <QPushButton>
25#include <QStyle>
26#include <QToolButton>
27
28#include "qgsauthmanager.h"
30#include "qgsauthcertutils.h"
33#include "qgslogger.h"
34#include "qgsapplication.h"
35
36
37QgsAuthSslErrorsDialog::QgsAuthSslErrorsDialog( QNetworkReply *reply, const QList<QSslError> &sslErrors, QWidget *parent, const QString &digest, const QString &hostport )
38 : QDialog( parent )
39 , mSslConfiguration( reply->sslConfiguration() )
40 , mSslErrors( sslErrors )
41 , mDigest( digest )
42 , mHostPort( hostport )
43{
44 if ( mDigest.isEmpty() )
45 {
46 mDigest = QgsAuthCertUtils::shaHexForCert( mSslConfiguration.peerCertificate() );
47 }
48 if ( mHostPort.isEmpty() )
49 {
50 mHostPort = QStringLiteral( "%1:%2" )
51 .arg( reply->url().host() )
52 .arg( reply->url().port() != -1 ? reply->url().port() : 443 )
53 .trimmed();
54 }
55
56 setupUi( this );
57 connect( buttonBox, &QDialogButtonBox::clicked, this, &QgsAuthSslErrorsDialog::buttonBox_clicked );
58 connect( btnChainInfo, &QToolButton::clicked, this, &QgsAuthSslErrorsDialog::btnChainInfo_clicked );
59 connect( btnChainCAs, &QToolButton::clicked, this, &QgsAuthSslErrorsDialog::btnChainCAs_clicked );
60 connect( grpbxSslErrors, &QgsCollapsibleGroupBoxBasic::collapsedStateChanged, this, &QgsAuthSslErrorsDialog::grpbxSslErrors_collapsedStateChanged );
61 QStyle *style = QApplication::style();
62 lblWarningIcon->setPixmap( style->standardIcon( QStyle::SP_MessageBoxWarning ).pixmap( 48, 48 ) );
63 lblWarningIcon->setSizePolicy( QSizePolicy::Fixed, QSizePolicy::Fixed );
64
65 lblErrorsText->setStyleSheet( QStringLiteral( "QLabel{ font-weight: bold; }" ) );
66 leUrl->setText( reply->request().url().toString() );
67
68 ignoreButton()->setDefault( false );
69 abortButton()->setDefault( true );
70
71 if ( !QgsApplication::authManager()->isDisabled() )
72 {
73 saveButton()->setEnabled( false );
74
75 saveButton()->setText( QStringLiteral( "%1 && %2" ).arg( saveButton()->text(), ignoreButton()->text() ) );
76
77 grpbxSslConfig->setChecked( false );
78 grpbxSslConfig->setCollapsed( true );
79 connect( grpbxSslConfig, &QGroupBox::toggled, this, &QgsAuthSslErrorsDialog::loadUnloadCertificate );
80
81 connect( wdgtSslConfig, &QgsAuthSslConfigWidget::readyToSaveChanged, this, &QgsAuthSslErrorsDialog::widgetReadyToSaveChanged );
82 wdgtSslConfig->setConfigCheckable( false );
83 wdgtSslConfig->certificateGroupBox()->setFlat( true );
84 }
85 else
86 {
87 btnChainInfo->setVisible( false );
88 btnChainCAs->setVisible( false );
89 grpbxSslConfig->setVisible( false );
90 saveButton()->setVisible( false );
91 }
92
93 populateErrorsList();
94}
95
96void QgsAuthSslErrorsDialog::loadUnloadCertificate( bool load )
97{
98 grpbxSslErrors->setCollapsed( load );
99 if ( !load )
100 {
101 QgsDebugMsgLevel( QStringLiteral( "Unloading certificate and host:port" ), 2 );
102 clearCertificateConfig();
103 return;
104 }
105 wdgtSslConfig->setEnabled( true );
106 QgsDebugMsgLevel( QStringLiteral( "Loading certificate for host:port = %1" ).arg( mHostPort ), 2 );
107 wdgtSslConfig->setSslCertificate( mSslConfiguration.peerCertificate(), mHostPort );
108 if ( !mSslErrors.isEmpty() )
109 {
110 wdgtSslConfig->appendSslIgnoreErrors( mSslErrors );
111 }
112}
113
114void QgsAuthSslErrorsDialog::showCertificateChainInfo()
115{
116 QList<QSslCertificate> peerchain( mSslConfiguration.peerCertificateChain() );
117
118 if ( !peerchain.isEmpty() )
119 {
120 const QSslCertificate cert = peerchain.takeFirst();
121 if ( !cert.isNull() )
122 {
123 QgsAuthCertInfoDialog *dlg = new QgsAuthCertInfoDialog( cert, false, this, peerchain );
124 dlg->setWindowModality( Qt::WindowModal );
125 dlg->resize( 675, 500 );
126 dlg->exec();
127 dlg->deleteLater();
128 }
129 }
130}
131
132void QgsAuthSslErrorsDialog::showCertificateChainCAsInfo()
133{
134 const QList<QSslCertificate> certificates = mSslConfiguration.caCertificates();
135 for ( const auto &cert : certificates )
136 {
137 qDebug() << cert.subjectInfo( QSslCertificate::SubjectInfo::CommonName );
138 }
139
140 QgsAuthTrustedCAsDialog *dlg = new QgsAuthTrustedCAsDialog( this, mSslConfiguration.caCertificates() );
141 dlg->setWindowModality( Qt::WindowModal );
142 dlg->resize( 675, 500 );
143 dlg->exec();
144 dlg->deleteLater();
145}
146
147void QgsAuthSslErrorsDialog::widgetReadyToSaveChanged( bool cansave )
148{
149 ignoreButton()->setDefault( false );
150 abortButton()->setDefault( !cansave );
151 saveButton()->setEnabled( cansave );
152 saveButton()->setDefault( cansave );
153}
154
155void QgsAuthSslErrorsDialog::checkCanSave()
156{
157 widgetReadyToSaveChanged( wdgtSslConfig->readyToSave() );
158}
159
160void QgsAuthSslErrorsDialog::clearCertificateConfig()
161{
162 wdgtSslConfig->resetSslCertConfig();
163 wdgtSslConfig->setEnabled( false );
164 checkCanSave();
165}
166
167void QgsAuthSslErrorsDialog::buttonBox_clicked( QAbstractButton *button )
168{
169 const QDialogButtonBox::StandardButton btnenum( buttonBox->standardButton( button ) );
170 switch ( btnenum )
171 {
172 case QDialogButtonBox::Ignore:
174 QStringLiteral( "%1:%2" ).arg( mDigest, mHostPort ),
175 mSslErrors
176 );
177 accept();
178 break;
179 case QDialogButtonBox::Save:
180 // save config and ignore errors
181 wdgtSslConfig->saveSslCertConfig();
182 accept();
183 break;
184 case QDialogButtonBox::Abort:
185 default:
186 reject();
187 break;
188 }
189 // Clear access cache if the user choose abort and the
190 // setting allows it
191 if ( btnenum == QDialogButtonBox::Abort && QgsSettings().value( QStringLiteral( "clear_auth_cache_on_errors" ), true, QgsSettings::Section::Auth ).toBool() )
192 {
193 QgsNetworkAccessManager::instance()->clearAccessCache();
194 }
195}
196
197void QgsAuthSslErrorsDialog::populateErrorsList()
198{
199 QStringList errs;
200 errs.reserve( mSslErrors.size() );
201 const auto constMSslErrors = mSslErrors;
202 for ( const QSslError &err : constMSslErrors )
203 {
204 errs << QStringLiteral( "* %1: %2" )
205 .arg( QgsAuthCertUtils::sslErrorEnumString( err.error() ), err.errorString() );
206 }
207 teSslErrors->setPlainText( errs.join( QLatin1Char( '\n' ) ) );
208}
209
210QPushButton *QgsAuthSslErrorsDialog::ignoreButton()
211{
212 return buttonBox->button( QDialogButtonBox::Ignore );
213}
214
215QPushButton *QgsAuthSslErrorsDialog::saveButton()
216{
217 return buttonBox->button( QDialogButtonBox::Save );
218}
219
220QPushButton *QgsAuthSslErrorsDialog::abortButton()
221{
222 return buttonBox->button( QDialogButtonBox::Abort );
223}
224
225void QgsAuthSslErrorsDialog::btnChainInfo_clicked()
226{
227 showCertificateChainInfo();
228}
229
230void QgsAuthSslErrorsDialog::btnChainCAs_clicked()
231{
232 showCertificateChainCAsInfo();
233}
234
235void QgsAuthSslErrorsDialog::grpbxSslErrors_collapsedStateChanged( bool collapsed )
236{
237 if ( !collapsed && QgsApplication::authManager()->isDisabled() )
238 {
239 btnChainInfo->setVisible( false );
240 btnChainCAs->setVisible( false );
241 }
242}
static QgsAuthManager * authManager()
Returns the application's authentication manager instance.
Dialog wrapper for widget displaying detailed info on a certificate and its hierarchical trust chain.
static QString sslErrorEnumString(QSslError::SslError errenum)
Gets short strings describing an SSL error.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
bool updateIgnoredSslErrorsCache(const QString &shahostport, const QList< QSslError > &errors)
Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key.
void readyToSaveChanged(bool cansave)
Emitted when the configuration can be saved changes.
QgsAuthSslErrorsDialog(QNetworkReply *reply, const QList< QSslError > &sslErrors, QWidget *parent=nullptr, const QString &digest=QString(), const QString &hostport=QString())
Construct a dialog to handle SSL errors and saving SSL server certificate exceptions.
Widget for listing trusted Certificate (Intermediate) Authorities used in secure connections.
void collapsedStateChanged(bool collapsed)
Signal emitted when groupbox collapsed/expanded state is changed, and when first shown.
static QgsNetworkAccessManager * instance(Qt::ConnectionType connectionType=Qt::BlockingQueuedConnection)
Returns a pointer to the active QgsNetworkAccessManager for the current thread.
This class is a composition of two QSettings instances:
Definition qgssettings.h:64
#define QgsDebugMsgLevel(str, level)
Definition qgslogger.h:39