17#include "moc_qgsauthconfigurationstoragedb.cpp"
27#include <QCoreApplication>
43 QgsDebugMsgLevel( QStringLiteral(
"Auth db connection settings: driver=%1, database='%2', host=%3, port=%4, user='%5', schema=%6, options=%7" )
55 QMutexLocker locker( &
mMutex );
57 QMapIterator<QThread *, QMetaObject::Connection> iterator( mConnectedThreads );
58 while ( iterator.hasNext() )
61 QThread::disconnect( iterator.value() );
69 QMutexLocker locker( &
mMutex );
71 const QString connectionName = QStringLiteral(
"authentication.configs:0x%1" ).arg(
reinterpret_cast<quintptr
>( QThread::currentThread() ), 2 * QT_POINTER_SIZE, 16, QLatin1Char(
'0' ) );
72 QgsDebugMsgLevel( QStringLiteral(
"Using auth db connection name: %1 " ).arg( connectionName ), 3 );
73 if ( !QSqlDatabase::contains( connectionName ) )
75 QgsDebugMsgLevel( QStringLiteral(
"No existing connection, creating a new one" ), 3 );
76 authdb = QSqlDatabase::addDatabase(
mDriver, connectionName );
80 if ( !QSqlDatabase::isDriverAvailable(
mDriver ) )
87 authdb.setHostName(
mHost );
88 authdb.setPort(
mPort );
89 authdb.setUserName(
mUser );
94 if ( !authdb.isValid() )
101 if ( QCoreApplication::instance() && QThread::currentThread() != QCoreApplication::instance()->thread() )
103 QgsDebugMsgLevel( QStringLiteral(
"Scheduled auth db remove on thread close" ), 4 );
114 QMetaObject::Connection connection = connect( QThread::currentThread(), &QThread::finished, QThread::currentThread(), [connectionName,
this ]
116 QMutexLocker locker( &
mMutex );
117 QSqlDatabase::removeDatabase( connectionName );
118 mConnectedThreads.remove( QThread::currentThread() );
119 }, Qt::DirectConnection );
121 mConnectedThreads.insert( QThread::currentThread(), connection );
127 authdb = QSqlDatabase::database( connectionName,
false );
132 if ( !authdb.isOpen() )
134 if ( !authdb.open() )
145 QMutexLocker locker( &
mMutex );
148 if ( !authdb.isOpen() )
150 if ( !authdb.open() )
152 const QString err = tr(
"Unable to establish database connection\nDatabase: %1\nDriver error: %2\nDatabase error: %3" )
154 authdb.lastError().driverText(),
155 authdb.lastError().databaseText() );
167 QMutexLocker locker( &
mMutex );
168 query->setForwardOnly(
true );
169 const bool result { sql.isEmpty() ? query->exec() : query->exec( sql ) };
171 auto boundQuery = [](
const QSqlQuery * query ) -> QString
173 QString str = query->lastQuery();
174#if QT_VERSION < QT_VERSION_CHECK( 6, 0, 0 )
175 QMapIterator<QString, QVariant> it( query->boundValues() );
177 const QStringList keys = query->boundValueNames();
178 const QVariantList values = query->boundValues();
179 QMap<QString, QVariant> boundValues;
180 for (
int i = 0; i < keys.count(); i++ )
182 boundValues.insert( keys.at( i ), values.at( i ).toString() );
184 QMapIterator<QString, QVariant> it = QMapIterator<QString, QVariant>( boundValues );
186 while ( it.hasNext() )
189 str.replace( it.key(), it.value().toString() );
196 if ( query->lastError().isValid() )
199 .arg( sql.isEmpty() ? boundQuery( query ) : sql,
201 QgsDebugMsgLevel( QStringLiteral(
"Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
207 QgsDebugMsgLevel( QStringLiteral(
"Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
217 QMutexLocker locker( &
mMutex );
238 QMutexLocker locker( &
mMutex );
240 if ( !authdb.isValid() || !authdb.isOpen() )
242 setError( tr(
"Auth db could not be opened" ) );
271 { QStringLiteral(
"driver" ), tr(
"SQL Driver (see https://doc.qt.io/qt/sql-driver.html)" ), QVariant::String },
272 { QStringLiteral(
"database" ), tr(
"Database" ), QVariant::String },
273 { QStringLiteral(
"schema" ), tr(
"Schema for all tables" ), QVariant::String },
274 { QStringLiteral(
"host" ), tr(
"Host" ), QVariant::String },
275 { QStringLiteral(
"port" ), tr(
"Port" ), QVariant::Int },
276 { QStringLiteral(
"user" ), tr(
"User" ), QVariant::String },
277 { QStringLiteral(
"password" ), tr(
"Password" ), QVariant::String },
278 { QStringLiteral(
"options" ), tr(
"Connection options" ), QVariant::String },
286 QMutexLocker locker( &
mMutex );
302 setError( tr(
"Auth db could not be opened" ) );
308 setError( tr(
"Certificate is NULL" ) );
313 const QString certPem{ cert.toPem() };
316 query.bindValue( QStringLiteral(
":id" ),
id );
317 query.bindValue( QStringLiteral(
":key" ), keyPem );
318 query.bindValue( QStringLiteral(
":cert" ), certPem );
330 QMutexLocker locker( &
mMutex );
336 setError( tr(
"Auth db could not be opened" ) );
343 query.bindValue( QStringLiteral(
":id" ), cert.digest().toHex() );
358 QMutexLocker locker( &
mMutex );
362 QSslCertificate emptycert;
376 query.bindValue( QStringLiteral(
":id" ),
id );
381 QSslCertificate cert;
383 if ( query.isActive() && query.isSelect() )
387 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
388 QgsDebugMsgLevel( QStringLiteral(
"Certificate identity retrieved for id: %1" ).arg(
id ), 2 );
406 QMutexLocker locker( &
mMutex );
410 QPair<QSslCertificate, QString> bundle;
425 query.bindValue( QStringLiteral(
":id" ),
id );
430 if ( query.isActive() && query.isSelect() )
432 QSslCertificate cert;
436 key = query.value( 0 ).toString();
442 cert = QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem );
448 QgsDebugMsgLevel( QStringLiteral(
"Certificate identity bundle retrieved for id: %1" ).arg(
id ), 2 );
455 bundle = qMakePair( cert, key );
462 QMutexLocker locker( &
mMutex );
466 QList<QSslCertificate> certs;
481 if ( query.isActive() && query.isSelect() )
483 while ( query.next() )
485 QSslCertificate cert( query.value( 0 ).toByteArray(), QSsl::Pem );
486 if ( !cert.isNull() )
488 certs.append( cert );
497 QMutexLocker locker( &
mMutex );
515 if ( query.isActive() && query.isSelect() )
517 while ( query.next() )
519 ids.append( query.value( 0 ).toString() );
527 QMutexLocker locker( &
mMutex );
543 query.bindValue( QStringLiteral(
":id" ),
id );
550 if ( query.isActive() && query.isSelect() )
567 QMutexLocker locker( &
mMutex );
573 setError( tr(
"Auth db could not be opened" ) );
580 query.bindValue( QStringLiteral(
":id" ),
id );
588 if ( query.numRowsAffected() == 0 )
601 QMutexLocker locker( &
mMutex );
624 setError( tr(
"Auth db could not be opened" ) );
628 QString certpem( cert.toPem() );
633 query.bindValue( QStringLiteral(
":id" ),
id );
634 query.bindValue( QStringLiteral(
":host" ), config.
sslHostPort().trimmed() );
635 query.bindValue( QStringLiteral(
":cert" ), certpem );
636 query.bindValue( QStringLiteral(
":config" ), config.
configString() );
641 QgsDebugMsgLevel( QStringLiteral(
"Store SSL cert custom config SUCCESS for host:port, id: %1, %2" )
651 QMutexLocker locker( &
mMutex );
669 if ( query.isActive() && query.isSelect() )
671 while ( query.next() )
673 ids.append( query.value( 0 ).toString() );
682 QMutexLocker locker( &
mMutex );
688 if (
id.isEmpty() || hostport.isEmpty() )
690 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
702 query.bindValue( QStringLiteral(
":id" ),
id );
703 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
708 if ( query.isActive() && query.isSelect() )
712 config.
setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
715 QgsDebugMsgLevel( QStringLiteral(
"SSL cert custom config retrieved for host:port, id: %1, %2" ).arg( hostport,
id ), 2 );
730 QMutexLocker locker( &
mMutex );
746 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
751 if ( query.isActive() && query.isSelect() )
755 config.
setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
758 QgsDebugMsgLevel( QStringLiteral(
"SSL cert custom config retrieved for host:port %1" ).arg( hostport ), 2 );
772 QMutexLocker locker( &
mMutex );
776 QList<QgsAuthConfigSslServer> configs;
791 if ( query.isActive() && query.isSelect() )
793 while ( query.next() )
796 config.
setSslCertificate( QSslCertificate( query.value( 2 ).toByteArray(), QSsl::Pem ) );
799 configs.append( config );
807 QMutexLocker locker( &
mMutex );
811 if (
id.isEmpty() || hostport.isEmpty() )
813 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
819 setError( tr(
"Auth db could not be opened" ) );
826 query.bindValue( QStringLiteral(
":id" ),
id );
827 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
833 if ( query.isActive() && query.isSelect() )
837 QgsDebugMsgLevel( QStringLiteral(
"SSL cert custom config exists for host:port, id: %1, %2" ).arg( hostport,
id ), 2 );
842 QgsDebugError( QStringLiteral(
"Retrieved more than one SSL cert custom config for host:port, id: %1, %2" ).arg( hostport,
id ) );
843 emit
messageLog( tr(
"Authentication database contains more than one SSL cert custom configs for host:port, id: %1, %2" )
853 QMutexLocker locker( &
mMutex );
857 if (
id.isEmpty() || hostport.isEmpty() )
859 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
874 query.bindValue( QStringLiteral(
":id" ),
id );
875 query.bindValue( QStringLiteral(
":host" ), hostport.trimmed() );
883 if ( query.numRowsAffected() == 0 )
896 QMutexLocker locker( &
mMutex );
914 if ( query.isActive() && query.isSelect() )
916 while ( query.next() )
918 ids.append( query.value( 0 ).toString() );
926 QMutexLocker locker( &
mMutex );
942 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
953 const QString pem( cert.toPem() );
959 query.bindValue( QStringLiteral(
":id" ),
id );
960 query.bindValue( QStringLiteral(
":cert" ), pem );
965 QgsDebugMsgLevel( QStringLiteral(
"Store certificate authority SUCCESS for id: %1" ).arg(
id ), 2 );
973 QMutexLocker locker( &
mMutex );
977 QSslCertificate emptycert;
991 query.bindValue( QStringLiteral(
":id" ),
id );
996 QSslCertificate cert;
998 if ( query.isActive() && query.isSelect() )
1000 if ( query.first() )
1002 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
1003 QgsDebugMsgLevel( QStringLiteral(
"Certificate authority retrieved for id: %1" ).arg(
id ), 2 );
1016 QMutexLocker locker( &
mMutex );
1020 if ( cert.isNull() )
1022 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1037 query.bindValue( QStringLiteral(
":id" ),
id );
1043 if ( query.isActive() && query.isSelect() )
1045 if ( query.first() )
1047 QgsDebugMsgLevel( QStringLiteral(
"Certificate authority exists for id: %1" ).arg(
id ), 2 );
1062 QMutexLocker locker( &
mMutex );
1066 if ( cert.isNull() )
1068 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1074 setError( tr(
"Auth db could not be opened" ) );
1084 query.bindValue( QStringLiteral(
":id" ),
id );
1092 if ( query.numRowsAffected() == 0 )
1105 QMutexLocker locker( &
mMutex );
1109 QMap<QString, QgsAuthCertUtils::CertTrustPolicy> trustedCerts;
1114 return trustedCerts;
1122 return trustedCerts;
1124 if ( query.isActive() && query.isSelect() )
1126 while ( query.next() )
1128 QString
id( query.value( 0 ).toString() );
1129 int policy = query.value( 1 ).toInt();
1131 trustedCerts[
id ] = trustPolicy;
1135 return trustedCerts;
1140 QMutexLocker locker( &
mMutex );
1144 QList<QSslCertificate> authorities;
1159 if ( query.isActive() && query.isSelect() )
1161 while ( query.next() )
1163 const QSslCertificate cert( query.value( 1 ).toByteArray(), QSsl::Pem );
1164 if ( !cert.isNull() )
1166 authorities.append( cert );
1170 const QString
id { query.value( 0 ).toString() };
1180 QMutexLocker locker( &
mMutex );
1184 if ( policyExisted )
1193 if ( cert.isNull() )
1195 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1201 setError( tr(
"Auth db could not be opened" ) );
1210 if ( !policyExisted )
1212 QgsDebugMsgLevel( QStringLiteral(
"Passed policy was default, no cert records in database for id: %1" ).arg(
id ), 2 );
1218 setError( tr(
"Failed to remove certificate trust policy for id: %1" ).arg(
id ) );
1222 QgsDebugMsgLevel( QStringLiteral(
"Passed policy was default, all cert records in database were removed for id: %1" ).arg(
id ), 2 );
1232 setError( tr(
"Failed to remove certificate trust policy for id: %1" ).arg(
id ) );
1240 query.bindValue( QStringLiteral(
":id" ),
id );
1241 query.bindValue( QStringLiteral(
":policy" ),
static_cast< int >( policy ) );
1246 QgsDebugMsgLevel( QStringLiteral(
"Store certificate trust policy SUCCESS for id: %1" ).arg(
id ), 2 );
1254 QMutexLocker locker( &
mMutex );
1258 if ( cert.isNull() )
1260 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1275 query.bindValue( QStringLiteral(
":id" ),
id );
1280 if ( query.isActive() && query.isSelect() )
1282 if ( query.first() )
1284 int policy = query.value( 0 ).toInt();
1285 QgsDebugMsgLevel( QStringLiteral(
"Certificate trust policy retrieved for id: %1" ).arg(
id ), 2 );
1299 QMutexLocker locker( &
mMutex );
1303 if ( cert.isNull() )
1305 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1313 setError( tr(
"Auth db could not be opened" ) );
1320 query.bindValue( QStringLiteral(
":id" ),
id );
1324 setError( tr(
"Failed to remove certificate trust policy '%1'" ).arg(
id ) );
1328 if ( query.numRowsAffected() == 0 )
1330 setError( tr(
"No certificate trust policy found for id: %1" ).arg(
id ) );
1341 QMutexLocker locker( &
mMutex );
1345 if ( cert.isNull() )
1347 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1362 query.bindValue( QStringLiteral(
":id" ),
id );
1367 if ( query.isActive() && query.isSelect() )
1369 if ( query.first() )
1371 return query.value( 0 ).toInt() > 0;
1381 QMutexLocker locker( &
mMutex );
1385 QList<QgsAuthConfigurationStorage::MasterPasswordConfig> passwords;
1399 if ( query.isActive() && query.isSelect() )
1401 while ( query.next() )
1403 const QString salt = query.value( 0 ).toString();
1404 const QString civ = query.value( 1 ).toString();
1405 const QString hash = query.value( 2 ).toString();
1406 passwords.append( { salt, civ, hash } );
1414 QMutexLocker locker( &
mMutex );
1420 setError( tr(
"Auth db could not be opened" ) );
1427 query.bindValue( QStringLiteral(
":salt" ), config.
salt );
1428 query.bindValue( QStringLiteral(
":civ" ), config.
civ );
1429 query.bindValue( QStringLiteral(
":hash" ), config.
hash );
1441 QMutexLocker locker( &
mMutex );
1457 return QStringLiteral(
"auth_configs" );
1462 return QStringLiteral(
"auth_settings" );
1467 return QStringLiteral(
"auth_identities" );
1472 return QStringLiteral(
"auth_servers" );
1477 return QStringLiteral(
"auth_authorities" );
1482 return QStringLiteral(
"auth_trust" );
1487 return QStringLiteral(
"auth_pass" );
1492 const QString schema {
mConfiguration.value( QStringLiteral(
"schema" ) ).toString() };
1493 if ( schema.isEmpty() )
1517 return QStringLiteral(
"DB-%2" ).arg(
mDriver );
1522 return tr(
"Store credentials in a %1 database" ).arg(
name() );
1527 QMutexLocker locker( &
mMutex );
1529 if (
mId.isEmpty() )
1532 QCryptographicHash hash( QCryptographicHash::Sha256 );
1533 hash.addData(
mDriver.toUtf8() );
1535 hash.addData( QString::number(
mPort ).toUtf8() );
1536 hash.addData(
mHost.toUtf8() );
1537 hash.addData(
mUser.toUtf8() );
1538 mId = QString( hash.result().toHex() );
1545 QMutexLocker locker( &
mMutex );
1549 setError( tr(
"Auth db could not be opened" ) );
1558 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1559 " salt TEXT NOT NULL,\n"
1560 " civ TEXT NOT NULL\n"
1568 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1569 " id TEXT NOT NULL,\n"
1570 " name TEXT NOT NULL,\n"
1572 " type TEXT NOT NULL,\n"
1573 " version INTEGER NOT NULL\n"
1587 qstr = QStringLiteral(
"CREATE INDEX IF NOT EXISTS %1 ON %2 (uri ASC);" )
1599 QMutexLocker locker( &
mMutex );
1603 setError( tr(
"Auth db could not be opened" ) );
1607 QgsDebugMsgLevel( QStringLiteral(
"Creating cert tables in auth db" ), 2 );
1614 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1615 " setting TEXT NOT NULL\n"
1623 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1624 " id TEXT NOT NULL,\n"
1625 " key TEXT NOT NULL\n"
1634 qstr = QStringLiteral(
"CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1643 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1644 " id TEXT NOT NULL,\n"
1645 " host TEXT NOT NULL,\n"
1663 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1664 " id TEXT NOT NULL\n"
1673 qstr = QStringLiteral(
"CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1682 qstr = QStringLiteral(
"CREATE TABLE IF NOT EXISTS %1 (\n"
1683 " id TEXT NOT NULL\n"
1691 qstr = QStringLiteral(
"CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1706 QMutexLocker locker( &
mMutex );
1729 if ( query.isActive() && query.isSelect() )
1731 while ( query.next() )
1733 QString authcfg = query.value( 0 ).toString();
1735 config.
setId( authcfg );
1736 config.
setName( query.value( 1 ).toString() );
1737 config.
setUri( query.value( 2 ).toString() );
1738 config.
setMethod( query.value( 3 ).toString() );
1739 config.
setVersion( query.value( 4 ).toInt() );
1741 if ( !allowedMethods.isEmpty() && !allowedMethods.contains( config.
method() ) )
1746 baseConfigs.insert( authcfg, config );
1756 QMutexLocker locker( &
mMutex );
1779 if ( query.isActive() && query.isSelect() )
1781 while ( query.next() )
1783 QString authcfg = query.value( 0 ).toString();
1785 config.
setId( authcfg );
1786 config.
setName( query.value( 1 ).toString() );
1787 config.
setUri( query.value( 2 ).toString() );
1788 config.
setMethod( query.value( 3 ).toString() );
1789 config.
setVersion( query.value( 4 ).toInt() );
1790 config.
setConfig( QStringLiteral(
"encrypted_payload" ), query.value( 5 ).toString() );
1791 baseConfigs.insert( authcfg, config );
1799 QMutexLocker locker( &
mMutex );
1808 setError( tr(
"Auth db could not be opened" ) );
1815 QString schema {
mConfiguration.value( QStringLiteral(
"schema" ) ).toString() };
1816 if ( ! schema.isEmpty() )
1914 QMutexLocker locker( &
mMutex );
1937 query.bindValue( QStringLiteral(
":id" ),
id );
1944 if ( query.isActive() && query.isSelect() )
1946 if ( query.first() )
1949 config.
setName( query.value( 0 ).toString() );
1950 config.
setUri( query.value( 1 ).toString() );
1951 config.
setMethod( query.value( 2 ).toString() );
1952 config.
setVersion( query.value( 3 ).toInt() );
1955 payload = query.value( 4 ).toString();
1969 QMutexLocker locker( &
mMutex );
1982 setError( tr(
"Auth db could not be opened" ) );
1986 if ( payload.isEmpty() )
1992 if ( ! config.
isValid(
true ) )
2004 query.prepare( QStringLiteral(
"INSERT INTO %1 (id, name, uri, type, version, config) VALUES (:id, :name, :uri, :type, :version, :config)" ).arg(
quotedQualifiedIdentifier(
methodConfigTableName() ) ) );
2005 query.bindValue( QStringLiteral(
":id" ), config.
id() );
2006 query.bindValue( QStringLiteral(
":name" ), config.
name() );
2007 query.bindValue( QStringLiteral(
":uri" ), config.
uri() );
2008 query.bindValue( QStringLiteral(
":type" ), config.
method() );
2009 query.bindValue( QStringLiteral(
":version" ), config.
version() );
2010 query.bindValue( QStringLiteral(
":config" ), payload );
2025 QMutexLocker locker( &
mMutex );
2031 setError( tr(
"Auth db could not be opened" ) );
2038 query.bindValue( QStringLiteral(
":id" ),
id );
2046 if ( query.numRowsAffected() == 0 )
2059 QMutexLocker locker( &
mMutex );
2072 query.bindValue( QStringLiteral(
":id" ),
id );
2082 return query.value( 0 ).toInt() > 0;
2090 QMutexLocker locker( &
mMutex );
2104 setError( tr(
"Auth db could not be opened" ) );
2110 query.prepare( QStringLiteral(
"INSERT INTO %1 (setting, value) VALUES (:setting, :value)" )
2112 query.bindValue( QStringLiteral(
":setting" ), key );
2113 query.bindValue( QStringLiteral(
":value" ), value );
2129 QMutexLocker locker( &
mMutex );
2142 query.bindValue( QStringLiteral(
":setting" ), key );
2152 return query.value( 0 ).toString();
2157 QgsDebugMsgLevel( QStringLiteral(
"Setting '%1' does not exist" ).arg( key ), 2 );
2165 QMutexLocker locker( &
mMutex );
2178 query.bindValue( QStringLiteral(
":setting" ), key );
2186 if ( query.numRowsAffected() == 0 )
2199 QMutexLocker locker( &
mMutex );
2212 query.bindValue( QStringLiteral(
":setting" ), key );
2222 return query.value( 0 ).toInt() > 0;
2230bool QgsAuthConfigurationStorageDb::clearTables(
const QStringList &tables )
2232 QMutexLocker locker( &
mMutex );
2236 setError( tr(
"Auth db could not be opened" ) );
2242 for (
const auto &table : std::as_const( tables ) )
2300 QString schema {
mConfiguration.value( QStringLiteral(
"schema" ) ).toString() };
2301 if ( ! schema.isEmpty() )
2308const QMap<QString, QVariant> QgsAuthConfigurationStorageDb::uriToSettings(
const QString &uri )
2313 if ( url.isValid() )
2315 settings.insert( QStringLiteral(
"driver" ), url.scheme().toUpper() );
2316 settings.insert( QStringLiteral(
"host" ), url.host() );
2317 settings.insert( QStringLiteral(
"port" ), QString::number( url.port() ) );
2318 QString path { url.path() };
2320 if ( path.startsWith( QLatin1Char(
'/' ) ) &&
2321 !(
settings.value( QStringLiteral(
"driver" ) ) == QLatin1String(
"QSQLITE" ) ||
2322 settings.value( QStringLiteral(
"driver" ) ) == QLatin1String(
"QSPATIALITE" ) ) )
2324 path = path.mid( 1 );
2326 settings.insert( QStringLiteral(
"database" ), path );
2327 settings.insert( QStringLiteral(
"user" ), url.userName() );
2328 settings.insert( QStringLiteral(
"password" ), url.password() );
2329 QUrlQuery query{ url };
2332 QString schemaName { query.queryItemValue( QStringLiteral(
"schema" ) ) };
2333 if ( schemaName.isEmpty() )
2335 schemaName = query.queryItemValue( QStringLiteral(
"SCHEMA" ) );
2338 if ( ! schemaName.isEmpty() )
2340 settings.insert( QStringLiteral(
"schema" ), schemaName );
2341 query.removeAllQueryItems( QStringLiteral(
"schema" ) );
2342 query.removeAllQueryItems( QStringLiteral(
"SCHEMA" ) );
2345 settings.insert( QStringLiteral(
"options" ), query.toString() );
2368 if ( clearTables( {{
2389 QMutexLocker locker( &
mMutex );
QFlags< AuthConfigurationStorageCapability > AuthConfigurationStorageCapabilities
Authentication configuration storage capabilities.
@ Warning
Warning message.
@ Critical
Critical/error message.
@ CreateSetting
Can create a new authentication setting.
@ UpdateSetting
Can update the authentication setting.
@ CreateConfiguration
Can create a new authentication configuration.
@ ClearStorage
Can clear all configurations from storage.
@ DeleteCertificateAuthority
Can delete a certificate authority.
@ DeleteSslCertificateCustomConfig
Can delete a SSL certificate custom config.
@ DeleteSetting
Can delete the authentication setting.
@ ReadSslCertificateCustomConfig
Can read a SSL certificate custom config.
@ DeleteMasterPassword
Can delete the master password.
@ CreateSslCertificateCustomConfig
Can create a new SSL certificate custom config.
@ ReadCertificateTrustPolicy
Can read a certificate trust policy.
@ ReadConfiguration
Can read an authentication configuration.
@ UpdateConfiguration
Can update an authentication configuration.
@ UpdateCertificateTrustPolicy
Can update a certificate trust policy.
@ ReadCertificateAuthority
Can read a certificate authority.
@ CreateCertificateAuthority
Can create a new certificate authority.
@ DeleteConfiguration
Can deleet an authentication configuration.
@ ReadSetting
Can read the authentication settings.
@ UpdateMasterPassword
Can update the master password.
@ UpdateCertificateAuthority
Can update a certificate authority.
@ CreateCertificateIdentity
Can create a new certificate identity.
@ ReadCertificateIdentity
Can read a certificate identity.
@ CreateCertificateTrustPolicy
Can create a new certificate trust policy.
@ ReadMasterPassword
Can read the master password.
@ CreateMasterPassword
Can create a new master password.
@ UpdateCertificateIdentity
Can update a certificate identity.
@ DeleteCertificateTrustPolicy
Can delete a certificate trust policy.
@ DeleteCertificateIdentity
Can delete a certificate identity.
@ UpdateSslCertificateCustomConfig
Can update a SSL certificate custom config.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
CertTrustPolicy
Type of certificate trust policy.
Configuration container for SSL server connection exceptions or overrides.
void setSslCertificate(const QSslCertificate &cert)
Sets server certificate object.
void setSslHostPort(const QString &hostport)
Sets server host:port string.
const QSslCertificate sslCertificate() const
Server certificate object.
const QString sslHostPort() const
Server host:port string.
const QString configString() const
Configuration as a concatenated string.
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g. from auth database.
QSqlDatabase based implementation of QgsAuthConfigurationStorage.
QgsAuthConfigurationStorageDb(const QMap< QString, QVariant > &settings)
Creates a new QgsAuthConfigurationStorageDb instance from the specified settings.
bool removeCertTrustPolicy(const QSslCertificate &cert) override
Remove certificate trust policy.
bool authDbTransactionQuery(QSqlQuery *query)
Executes the specified query on the database using a transaction.
virtual bool tableExists(const QString &table) const
Returns true if the specified table exists in the database, false otherwise.
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy) override
Store certificate trust policy.
QStringList certAuthorityIds() const override
Returns the list of certificate authority IDs in the storage.
const QgsAuthConfigSslServer loadSslCertCustomConfigByHost(const QString &hostport) const override
Loads an SSL certificate custom config by hostport (host:port)
QString loadAuthSetting(const QString &key) const override
Load an authentication setting from the storage.
bool removeAuthSetting(const QString &key) override
Remove an authentication setting from the storage.
const QMap< QString, QgsAuthCertUtils::CertTrustPolicy > caCertsPolicy() const override
Returns the map of CA certificates hashes in the storages and their trust policy.
QgsAuthCertUtils::CertTrustPolicy loadCertTrustPolicy(const QSslCertificate &cert) const override
Load certificate trust policy.
bool sslCertCustomConfigExists(const QString &id, const QString &hostport) override
Check if SSL certificate custom config exists.
virtual void checkCapabilities()
Checks the capabilities of the storage.
bool authDbQuery(QSqlQuery *query, const QString &sql=QString()) const
Runs the specified query on the database.
bool storeAuthSetting(const QString &key, const QString &value) override
Store an authentication setting in the storage.
bool removeCertIdentity(const QSslCertificate &cert) override
Remove a certificate identity from the storage.
const QPair< QSslCertificate, QString > loadCertIdentityBundle(const QString &id) const override
Returns a certificate identity bundle by id (sha hash).
const QList< QgsAuthConfigurationStorage::MasterPasswordConfig > masterPasswords() const override
Returns the list of (encrypted) master passwords stored in the database.
bool clearMethodConfigs() override
Remove all authentications configurations from the storage.
bool createCertTables()
Creates the certificate tables in the database.
~QgsAuthConfigurationStorageDb() override
bool storeSslCertCustomConfig(const QgsAuthConfigSslServer &config) override
Store an SSL certificate custom config.
virtual QString certIdentityTableName() const
Returns the name of the table used to store the certificate identities.
bool authDbOpen() const
Opens the connction to the database.
virtual QString quotedQualifiedIdentifier(const QString &identifier, bool isIndex=false) const
Returns the quoted identifier, prefixed with the schema (if not null), ready for the insertion into a...
bool methodConfigExists(const QString &id) const override
Check if an authentication configuration exists in the storage.
virtual QString methodConfigTableName() const
Returns the name of the table used to store the method configurations.
QSqlDatabase authDatabaseConnection() const
Returns the database connection used by this storage.
QList< QgsAuthConfigurationStorage::SettingParameter > settingsParameters() const override
Returns a list of the settings accepted by the storage.
QStringList certIdentityIds() const override
certIdentityIds get list of certificate identity ids from database
bool storeMasterPassword(const QgsAuthConfigurationStorage::MasterPasswordConfig &config) override
Store a master password in the database.
bool isReady() const override
Returns true is the storage is ready to be used.
bool initialize() override
Initializes the storage.
bool storeMethodConfig(const QgsAuthMethodConfig &mconfig, const QString &payload) override
Store an authentication config in the database.
bool removeCertAuthority(const QSslCertificate &cert) override
Remove a certificate authority.
const QSslCertificate loadCertIdentity(const QString &id) const override
certIdentity get a certificate identity by id (sha hash)
const QList< QgsAuthConfigSslServer > sslCertCustomConfigs() const override
sslCertCustomConfigs get SSL certificate custom configs
QgsAuthMethodConfigsMap authMethodConfigs(const QStringList &allowedMethods=QStringList()) const override
Returns a mapping of authentication configurations available from this storage.
const QList< QSslCertificate > caCerts() const override
Returns the list of CA certificates in the storage.
bool certTrustPolicyExists(const QSslCertificate &cert) const override
Check if certificate trust policy exists.
bool createConfigTables()
Creates the configuration tables in the database.
virtual QString authSettingsTableName() const
Returns the name of the table used to store the auth settings.
const QSslCertificate loadCertAuthority(const QString &id) const override
certAuthority get a certificate authority by id (sha hash)
virtual QString certTrustPolicyTableName() const
Returns the name of the table used to store the certificate trust policies.
bool removeMethodConfig(const QString &id) override
Removes the authentication configuration with the specified id.
QgsAuthMethodConfigsMap authMethodConfigsWithPayload() const override
Returns a mapping of authentication configurations available from this storage.
virtual QString sslCertCustomConfigTableName() const
Returns the name of the table used to store the SSL custom configurations.
QString id() const override
Returns the unique identifier of the storage object.
bool certIdentityExists(const QString &id) const override
Check if the certificate identity exists.
QString type() const override
Returns the type of the storage implementation.
bool certAuthorityExists(const QSslCertificate &cert) const override
Check if a certificate authority exists.
QgsAuthMethodConfig loadMethodConfig(const QString &id, QString &payload, bool full=false) const override
Load an authentication configuration from the database.
bool storeCertIdentity(const QSslCertificate &cert, const QString &keyPem) override
Store a certificate identity in the storage.
bool erase() override
Completely erase the storage removing all configurations/certs/settings etc.
virtual QString certAuthorityTableName() const
Returns the name of the table used to store the certificate authorities.
bool removeSslCertCustomConfig(const QString &id, const QString &hostport) override
Remove an SSL certificate custom config.
const QList< QSslCertificate > certIdentities() const override
certIdentities get certificate identities
bool clearMasterPasswords() override
Remove all master passwords from the database.
QString description() const override
Returns a human readable localized description of the storage implementation (e.g.
QString name() const override
Returns a human readable localized short name of the storage implementation (e.g "SQLite").
virtual QString masterPasswordTableName() const
Returns the name of the table used to store the master passwords.
bool authSettingExists(const QString &key) const override
Check if an authentication setting exists in the storage.
bool storeCertAuthority(const QSslCertificate &cert) override
Store a certificate authority.
const QgsAuthConfigSslServer loadSslCertCustomConfig(const QString &id, const QString &hostport) const override
Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)
QStringList sslCertCustomConfigIds() const override
Returns the list of SSL certificate custom config ids.
Abstract class that defines the interface for all authentication configuration storage implementation...
QMap< QString, QVariant > mConfiguration
Store the implementation-specific configuration.
void readOnlyChanged(bool readOnly)
Emitted when the storage read-only status was changed.
void certIdentityChanged()
Emitted when the storage cert identity table was changed.
void methodConfigChanged()
Emitted when the storage method config table was changed.
void setError(const QString &error, Qgis::MessageLevel level=Qgis::MessageLevel::Critical)
Set the last error message to error with message level level.
Qgis::AuthConfigurationStorageCapabilities capabilities() const
Returns the capabilities of the storage.
virtual QString loggerTag() const
Returns the logger tag for the storage.
bool isEnabled() const
Returns true if the storage is enabled.
void sslCertTrustPolicyChanged()
Emitted when the storage ssl cert trust policy table was changed.
void masterPasswordChanged()
Emitted when the storage master password table was changed.
void certAuthorityChanged()
Emitted when the storage cert authority table was changed.
void messageLog(const QString &message, const QString &tag=QStringLiteral("Authentication"), Qgis::MessageLevel level=Qgis::MessageLevel::Info)
Custom logging signal to relay to console output and QgsMessageLog.
void sslCertCustomConfigChanged()
Emitted when the storage ssl cert custom config table was changed.
void authSettingsChanged()
Emitted when the storage auth settings table was changed.
void storageChanged(const QString &id)
Emitted when the storage was updated.
virtual QString lastError() const
Returns the last error message.
void checkCapability(Qgis::AuthConfigurationStorageCapability capability) const
Utility to check capability and throw QgsNotSupportedException if not supported.
virtual bool isReadOnly() const
Returns true if the storage is read-only, false otherwise.
QMap< QString, QVariant > settings() const
Returns the settings of the storage.
Qgis::AuthConfigurationStorageCapabilities mCapabilities
Store the capabilities of the storage.
Configuration storage class for authentication method configurations.
bool isValid(bool validateid=false) const
Whether the configuration is valid.
QString method() const
Textual key of the associated authentication method.
const QString uri() const
A URI to auto-select a config when connecting to a resource.
void setName(const QString &name)
Sets name of configuration.
void setVersion(int version)
Sets version of the configuration.
const QString name() const
Gets name of configuration.
const QString id() const
Gets 'authcfg' 7-character alphanumeric ID of the config.
void setConfig(const QString &key, const QString &value)
Set a single config value per key in the map.
int version() const
Gets version of the configuration.
void setMethod(const QString &method)
void setUri(const QString &uri)
void setId(const QString &id)
Sets auth config ID.
Custom exception class which is raised when an operation is not supported.
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
#define QgsDebugMsgLevel(str, level)
#define QgsDebugError(str)
Structure that holds the (encrypted) master password elements.