api/qgsauthsslerrorsdialog_8cpp_source.html

/***************************************************************************

    qgsauthsslerrorsdialog.cpp

    ---------------------

    begin                : May 22, 2015

    copyright            : (C) 2015 by Boundless Spatial, Inc. USA

    author               : Larry Shaffer

    email                : lshaffer at boundlessgeo dot com

 ***************************************************************************

 *                                                                         *

 *   This program is free software; you can redistribute it and/or modify  *

 *   it under the terms of the GNU General Public License as published by  *

 *   the Free Software Foundation; either version 2 of the License, or     *

 *   (at your option) any later version.                                   *

 *                                                                         *

 ***************************************************************************/


#include "qgsauthsslerrorsdialog.h"


#include "qgsapplication.h"

#include "qgsauthcertificateinfo.h"

#include "qgsauthcertutils.h"

#include "qgsauthmanager.h"

#include "qgsauthsslconfigwidget.h"

#include "qgsauthtrustedcasdialog.h"

#include "qgscollapsiblegroupbox.h"

#include "qgslogger.h"

#include "qgsnetworkaccessmanager.h"


#include <QDialogButtonBox>

#include <QFont>

#include <QPushButton>

#include <QString>

#include <QStyle>

#include <QToolButton>


#include "moc_qgsauthsslerrorsdialog.cpp"


using namespace Qt::StringLiterals;


QgsAuthSslErrorsDialog::QgsAuthSslErrorsDialog( QNetworkReply *reply, const QList<QSslError> &sslErrors, QWidget *parent, const QString &digest, const QString &hostport )

  : QDialog( parent )

  , mSslConfiguration( reply->sslConfiguration() )

  , mSslErrors( sslErrors )

  , mDigest( digest )

  , mHostPort( hostport )

{

  if ( mDigest.isEmpty() )

  {

    mDigest = QgsAuthCertUtils::shaHexForCert( mSslConfiguration.peerCertificate() );

  }

  if ( mHostPort.isEmpty() )

  {

    mHostPort = u"%1:%2"_s.arg( reply->url().host() ).arg( reply->url().port() != -1 ? reply->url().port() : 443 ).trimmed();

  }


  setupUi( this );

  connect( buttonBox, &QDialogButtonBox::clicked, this, &QgsAuthSslErrorsDialog::buttonBox_clicked );

  connect( btnChainInfo, &QToolButton::clicked, this, &QgsAuthSslErrorsDialog::btnChainInfo_clicked );

  connect( btnChainCAs, &QToolButton::clicked, this, &QgsAuthSslErrorsDialog::btnChainCAs_clicked );

  connect( grpbxSslErrors, &QgsCollapsibleGroupBoxBasic::collapsedStateChanged, this, &QgsAuthSslErrorsDialog::grpbxSslErrors_collapsedStateChanged );

  QStyle *style = QApplication::style();

  lblWarningIcon->setPixmap( style->standardIcon( QStyle::SP_MessageBoxWarning ).pixmap( 48, 48 ) );

  lblWarningIcon->setSizePolicy( QSizePolicy::Fixed, QSizePolicy::Fixed );


  lblErrorsText->setStyleSheet( u"QLabel{ font-weight: bold; }"_s );

  leUrl->setText( reply->request().url().toString() );


  ignoreButton()->setDefault( false );

  abortButton()->setDefault( true );


  if ( !QgsApplication::authManager()->isDisabled() )

  {

    saveButton()->setEnabled( false );


    saveButton()->setText( u"%1 && %2"_s.arg( saveButton()->text(), ignoreButton()->text() ) );


    grpbxSslConfig->setChecked( false );

    grpbxSslConfig->setCollapsed( true );

    connect( grpbxSslConfig, &QGroupBox::toggled, this, &QgsAuthSslErrorsDialog::loadUnloadCertificate );


    connect( wdgtSslConfig, &QgsAuthSslConfigWidget::readyToSaveChanged, this, &QgsAuthSslErrorsDialog::widgetReadyToSaveChanged );

    wdgtSslConfig->setConfigCheckable( false );

    wdgtSslConfig->certificateGroupBox()->setFlat( true );

  }

  else

  {

    btnChainInfo->setVisible( false );

    btnChainCAs->setVisible( false );

    grpbxSslConfig->setVisible( false );

    saveButton()->setVisible( false );

  }


  populateErrorsList();

}


void QgsAuthSslErrorsDialog::loadUnloadCertificate( bool load )

{

  grpbxSslErrors->setCollapsed( load );

  if ( !load )

  {

    QgsDebugMsgLevel( u"Unloading certificate and host:port"_s, 2 );

    clearCertificateConfig();

    return;

  }

  wdgtSslConfig->setEnabled( true );

  QgsDebugMsgLevel( u"Loading certificate for host:port = %1"_s.arg( mHostPort ), 2 );

  wdgtSslConfig->setSslCertificate( mSslConfiguration.peerCertificate(), mHostPort );

  if ( !mSslErrors.isEmpty() )

  {

    wdgtSslConfig->appendSslIgnoreErrors( mSslErrors );

  }

}


void QgsAuthSslErrorsDialog::showCertificateChainInfo()

{

  QList<QSslCertificate> peerchain( mSslConfiguration.peerCertificateChain() );


  if ( !peerchain.isEmpty() )

  {

    const QSslCertificate cert = peerchain.takeFirst();

    if ( !cert.isNull() )

    {

      QgsAuthCertInfoDialog *dlg = new QgsAuthCertInfoDialog( cert, false, this, peerchain );

      dlg->setWindowModality( Qt::WindowModal );

      dlg->resize( 675, 500 );

      dlg->exec();

      dlg->deleteLater();

    }

  }

}


void QgsAuthSslErrorsDialog::showCertificateChainCAsInfo()

{

  const QList<QSslCertificate> certificates = mSslConfiguration.caCertificates();

  for ( const auto &cert : certificates )

  {

    qDebug() << cert.subjectInfo( QSslCertificate::SubjectInfo::CommonName );

  }


  QgsAuthTrustedCAsDialog *dlg = new QgsAuthTrustedCAsDialog( this, mSslConfiguration.caCertificates() );

  dlg->setWindowModality( Qt::WindowModal );

  dlg->resize( 675, 500 );

  dlg->exec();

  dlg->deleteLater();

}


void QgsAuthSslErrorsDialog::widgetReadyToSaveChanged( bool cansave )

{

  ignoreButton()->setDefault( false );

  abortButton()->setDefault( !cansave );

  saveButton()->setEnabled( cansave );

  saveButton()->setDefault( cansave );

}


void QgsAuthSslErrorsDialog::checkCanSave()

{

  widgetReadyToSaveChanged( wdgtSslConfig->readyToSave() );

}


void QgsAuthSslErrorsDialog::clearCertificateConfig()

{

  wdgtSslConfig->resetSslCertConfig();

  wdgtSslConfig->setEnabled( false );

  checkCanSave();

}


void QgsAuthSslErrorsDialog::buttonBox_clicked( QAbstractButton *button )

{

  const QDialogButtonBox::StandardButton btnenum( buttonBox->standardButton( button ) );

  switch ( btnenum )

  {

    case QDialogButtonBox::Ignore:

      QgsApplication::authManager()->updateIgnoredSslErrorsCache( u"%1:%2"_s.arg( mDigest, mHostPort ), mSslErrors );

      accept();

      break;

    case QDialogButtonBox::Save:

      // save config and ignore errors

      wdgtSslConfig->saveSslCertConfig();

      accept();

      break;

    case QDialogButtonBox::Abort:

    default:

      reject();

      break;

  }

  // Clear access cache if the user choose abort and the

  // setting allows it

  if ( btnenum == QDialogButtonBox::Abort && QgsSettings().value( u"clear_auth_cache_on_errors"_s, true, QgsSettings::Section::Auth ).toBool() )

  {

    QgsNetworkAccessManager::instance()->clearAccessCache();

  }

}


void QgsAuthSslErrorsDialog::populateErrorsList()

{

  QStringList errs;

  errs.reserve( mSslErrors.size() );

  const auto constMSslErrors = mSslErrors;

  for ( const QSslError &err : constMSslErrors )

  {

    errs << u"* %1: %2"_s.arg( QgsAuthCertUtils::sslErrorEnumString( err.error() ), err.errorString() );

  }

  teSslErrors->setPlainText( errs.join( QLatin1Char( '\n' ) ) );

}


QPushButton *QgsAuthSslErrorsDialog::ignoreButton()

{

  return buttonBox->button( QDialogButtonBox::Ignore );

}


QPushButton *QgsAuthSslErrorsDialog::saveButton()

{

  return buttonBox->button( QDialogButtonBox::Save );

}


QPushButton *QgsAuthSslErrorsDialog::abortButton()

{

  return buttonBox->button( QDialogButtonBox::Abort );

}


void QgsAuthSslErrorsDialog::btnChainInfo_clicked()

{

  showCertificateChainInfo();

}


void QgsAuthSslErrorsDialog::btnChainCAs_clicked()

{

  showCertificateChainCAsInfo();

}


void QgsAuthSslErrorsDialog::grpbxSslErrors_collapsedStateChanged( bool collapsed )

{

  if ( !collapsed && QgsApplication::authManager()->isDisabled() )

  {

    btnChainInfo->setVisible( false );

    btnChainCAs->setVisible( false );

  }

}

QgsApplication::authManager
static QgsAuthManager * authManager()
Returns the application's authentication manager instance.
Definition qgsapplication.cpp:1592

QgsAuthManager::updateIgnoredSslErrorsCache
bool updateIgnoredSslErrorsCache(const QString &shahostport, const QList< QSslError > &errors)
Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key.
Definition qgsauthmanager.cpp:2822

QgsAuthSslConfigWidget::readyToSaveChanged
void readyToSaveChanged(bool cansave)
Emitted when the configuration can be saved changes.

QgsAuthSslErrorsDialog::QgsAuthSslErrorsDialog
QgsAuthSslErrorsDialog(QNetworkReply *reply, const QList< QSslError > &sslErrors, QWidget *parent=nullptr, const QString &digest=QString(), const QString &hostport=QString())
Construct a dialog to handle SSL errors and saving SSL server certificate exceptions.
Definition qgsauthsslerrorsdialog.cpp:40

QgsCollapsibleGroupBoxBasic::collapsedStateChanged
void collapsedStateChanged(bool collapsed)
Signal emitted when groupbox collapsed/expanded state is changed, and when first shown.

QgsNetworkAccessManager::instance
static QgsNetworkAccessManager * instance(Qt::ConnectionType connectionType=Qt::BlockingQueuedConnection)
Returns a pointer to the active QgsNetworkAccessManager for the current thread.
Definition qgsnetworkaccessmanager.cpp:201

QgsSettings::Auth
@ Auth
Definition qgssettings.h:79

qgsapplication.h

qgsauthcertificateinfo.h

qgsauthcertutils.h

qgsauthmanager.h

qgsauthsslconfigwidget.h

qgsauthsslerrorsdialog.h

qgsauthtrustedcasdialog.h

qgscollapsiblegroupbox.h

qgslogger.h

QgsDebugMsgLevel
#define QgsDebugMsgLevel(str, level)
Definition qgslogger.h:63

qgsnetworkaccessmanager.h