QGIS API Documentation 3.99.0-Master (f78f5286a64)
Loading...
Searching...
No Matches
qgsauthconfigurationstoragedb.cpp
Go to the documentation of this file.
1/***************************************************************************
2 qgsauthconfigurationstoragedb.cpp - QgsAuthConfigurationStorageDb
3
4 ---------------------
5 begin : 20.6.2024
6 copyright : (C) 2024 by ale
7 email : [your-email-here]
8 ***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16#include "qgsauthconfigurationstoragedb.h"
17#include "moc_qgsauthconfigurationstoragedb.cpp"
18
19#include "qgslogger.h"
20#include "qgsauthcertutils.h"
21#include "qurl.h"
22
23#include <QSqlError>
24#include <QSqlDriver>
25#include <QSqlQuery>
26#include <QThread>
27#include <QCoreApplication>
28#include <QUrlQuery>
29
30
31QgsAuthConfigurationStorageDb::QgsAuthConfigurationStorageDb( const QMap<QString, QVariant> &settings )
32 : QgsAuthConfigurationStorage( settings )
33{
34 // Parse settings
35 mDriver = mConfiguration.value( QStringLiteral( "driver" ), QStringLiteral( "QSQLITE" ) ).toString();
36 mDatabase = mConfiguration.value( QStringLiteral( "database" ) ).toString();
37 mHost = mConfiguration.value( QStringLiteral( "host" ) ).toString();
38 mPort = mConfiguration.value( QStringLiteral( "port" ) ).toInt();
39 mUser = mConfiguration.value( QStringLiteral( "user" ) ).toString();
40 mPassword = mConfiguration.value( QStringLiteral( "password" ) ).toString();
41 mConnectOptions = mConfiguration.value( QStringLiteral( "options" ) ).toString();
42 // Debug print all connection settings
43 QgsDebugMsgLevel( QStringLiteral( "Auth db connection settings: driver=%1, database='%2', host=%3, port=%4, user='%5', schema=%6, options=%7" )
44 .arg( mDriver, mDatabase, mHost, QString::number( mPort ), mUser, mConnectOptions, mConfiguration.value( QStringLiteral( "schema" ) ).toString() ), 2 );
45
46}
47
52
53QgsAuthConfigurationStorageDb::~QgsAuthConfigurationStorageDb()
54{
55 QMutexLocker locker( &mMutex );
56
57 QMapIterator<QThread *, QMetaObject::Connection> iterator( mConnectedThreads );
58 while ( iterator.hasNext() )
59 {
60 iterator.next();
61 QThread::disconnect( iterator.value() );
62 }
63}
64
65QSqlDatabase QgsAuthConfigurationStorageDb::authDatabaseConnection() const
66{
67 QSqlDatabase authdb;
68
69 QMutexLocker locker( &mMutex );
70
71 const QString connectionName = QStringLiteral( "authentication.configs:0x%1" ).arg( reinterpret_cast<quintptr>( QThread::currentThread() ), 2 * QT_POINTER_SIZE, 16, QLatin1Char( '0' ) );
72 QgsDebugMsgLevel( QStringLiteral( "Using auth db connection name: %1 " ).arg( connectionName ), 3 );
73 if ( !QSqlDatabase::contains( connectionName ) )
74 {
75 QgsDebugMsgLevel( QStringLiteral( "No existing connection, creating a new one" ), 3 );
76 authdb = QSqlDatabase::addDatabase( mDriver, connectionName );
77
78
79 // Check that the driver is available
80 if ( !QSqlDatabase::isDriverAvailable( mDriver ) )
81 {
82 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Driver '%1' is not available" ).arg( mDriver ) );
83 return authdb;
84 }
85
86 authdb.setDatabaseName( mDatabase );
87 authdb.setHostName( mHost );
88 authdb.setPort( mPort );
89 authdb.setUserName( mUser );
90 authdb.setPassword( mPassword );
91 authdb.setConnectOptions( mConnectOptions );
92
93 // Return if not valid
94 if ( !authdb.isValid() )
95 {
96 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db connection is not valid" ) );
97 return authdb;
98 }
99
100 // for background threads, remove database when current thread finishes
101 if ( QCoreApplication::instance() && QThread::currentThread() != QCoreApplication::instance()->thread() )
102 {
103 QgsDebugMsgLevel( QStringLiteral( "Scheduled auth db remove on thread close" ), 4 );
104
105 // IMPORTANT - we use a direct connection here, because the database removal must happen immediately
106 // when the thread finishes, and we cannot let this get queued on the main thread's event loop (where
107 // QgsAuthManager lives).
108 // Otherwise, the QSqlDatabase's private data's thread gets reset immediately the QThread::finished,
109 // and a subsequent call to QSqlDatabase::database with the same thread address (yep it happens, actually a lot)
110 // triggers a condition in QSqlDatabase which detects the nullptr private thread data and returns an invalid database instead.
111 // QSqlDatabase::removeDatabase is thread safe, so this is ok to do.
112 // Right about now is a good time to re-evaluate your selected career ;)
113 // I've done that and I decided to become a musician. I'll probably be a better musician than a software developer.
114 QMetaObject::Connection connection = connect( QThread::currentThread(), &QThread::finished, this, [connectionName, this ]
115 {
116 QMutexLocker locker( &mMutex );
117 QSqlDatabase::removeDatabase( connectionName );
118 mConnectedThreads.remove( QThread::currentThread() ); // NOLINT(clang-analyzer-core.CallAndMessage)
119 }, Qt::DirectConnection );
120
121 mConnectedThreads.insert( QThread::currentThread(), connection );
122 }
123 }
124 else
125 {
126 QgsDebugMsgLevel( QStringLiteral( "Reusing existing connection" ), 4 );
127 authdb = QSqlDatabase::database( connectionName, false );
128 }
129
130 locker.unlock();
131
132 if ( !authdb.isOpen() )
133 {
134 if ( !authdb.open() )
135 {
136 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Opening of authentication db FAILED : %1" ).arg( authdb.lastError().text() ) );
137 }
138 }
139
140 return authdb;
141}
142
143bool QgsAuthConfigurationStorageDb::authDbOpen() const
144{
145 QMutexLocker locker( &mMutex );
146 QSqlDatabase authdb = authDatabaseConnection();
147
148 if ( !authdb.isOpen() )
149 {
150 if ( !authdb.open() )
151 {
152 const QString err = tr( "Unable to establish database connection\nDatabase: %1\nDriver error: %2\nDatabase error: %3" )
153 .arg( mDatabase,
154 authdb.lastError().driverText(),
155 authdb.lastError().databaseText() );
156
157 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( err );
158 return false;
159 }
160 }
161 return true;
162}
163
164
165bool QgsAuthConfigurationStorageDb::authDbQuery( QSqlQuery *query, const QString &sql ) const
166{
167 QMutexLocker locker( &mMutex );
168 query->setForwardOnly( true );
169 const bool result { sql.isEmpty() ? query->exec() : query->exec( sql ) };
170
171 auto boundQuery = []( const QSqlQuery * query ) -> QString
172 {
173 QString str = query->lastQuery();
174#if QT_VERSION < QT_VERSION_CHECK( 6, 0, 0 )
175 QMapIterator<QString, QVariant> it( query->boundValues() );
176#else
177 const QStringList keys = query->boundValueNames();
178 const QVariantList values = query->boundValues();
179 QMap<QString, QVariant> boundValues;
180 for ( int i = 0; i < keys.count(); i++ )
181 {
182 boundValues.insert( keys.at( i ), values.at( i ).toString() );
183 }
184 QMapIterator<QString, QVariant> it = QMapIterator<QString, QVariant>( boundValues );
185#endif
186 while ( it.hasNext() )
187 {
188 it.next();
189 str.replace( it.key(), it.value().toString() );
190 }
191 return str;
192 };
193
194 if ( !result )
195 {
196 if ( query->lastError().isValid() )
197 {
198 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db query FAILED: %1\nError: %2" )
199 .arg( sql.isEmpty() ? boundQuery( query ) : sql,
200 query->lastError().text() ), Qgis::MessageLevel::Warning );
201 QgsDebugMsgLevel( QStringLiteral( "Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
202 return false;
203 }
204 else
205 {
206 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db query exec() FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), Qgis::MessageLevel::Warning );
207 QgsDebugMsgLevel( QStringLiteral( "Auth db query FAILED: %1" ).arg( sql.isEmpty() ? boundQuery( query ) : sql ), 2 );
208 return false;
209 }
210 }
211 return true;
212}
213
214
215bool QgsAuthConfigurationStorageDb::authDbTransactionQuery( QSqlQuery *query )
216{
217 QMutexLocker locker( &mMutex );
218 if ( !authDatabaseConnection().transaction() )
219 {
220 setError( tr( "Auth db FAILED to start transaction" ), Qgis::MessageLevel::Warning );
221 return false;
222 }
223
224 bool ok = authDbQuery( query );
225
226 if ( ok && !authDatabaseConnection().commit() )
227 {
228 setError( tr( "Auth db FAILED to rollback changes" ), Qgis::MessageLevel::Warning );
229 ( void )authDatabaseConnection().rollback();
230 return false;
231 }
232
233 return ok;
234}
235
236bool QgsAuthConfigurationStorageDb::initialize()
237{
238 QMutexLocker locker( &mMutex );
239 QSqlDatabase authdb = authDatabaseConnection();
240 if ( !authdb.isValid() || !authdb.isOpen() )
241 {
242 setError( tr( "Auth db could not be opened" ) );
243 return false;
244 }
245 else
246 {
247 if ( !isReadOnly() && ( !createCertTables() || !createConfigTables() ) )
248 {
249 setError( tr( "Auth db initialization FAILED: %1" ).arg( lastError() ), Qgis::MessageLevel::Critical );
250 mIsReady = false;
251 return false;
252 }
253
254 mIsReady = true;
255 checkCapabilities();
256
257 // Recompute capabilities if needed
258 connect( this, &QgsAuthConfigurationStorageDb::readOnlyChanged, this, [this]( bool )
259 {
260 checkCapabilities();
261 } );
262
263 return true;
264 }
265}
266
267QList<QgsAuthConfigurationStorage::SettingParameter> QgsAuthConfigurationStorageDb::settingsParameters() const
268{
269 return
270 {
271 { QStringLiteral( "driver" ), tr( "SQL Driver (see https://doc.qt.io/qt/sql-driver.html)" ), QVariant::String },
272 { QStringLiteral( "database" ), tr( "Database" ), QVariant::String },
273 { QStringLiteral( "schema" ), tr( "Schema for all tables" ), QVariant::String },
274 { QStringLiteral( "host" ), tr( "Host" ), QVariant::String },
275 { QStringLiteral( "port" ), tr( "Port" ), QVariant::Int },
276 { QStringLiteral( "user" ), tr( "User" ), QVariant::String },
277 { QStringLiteral( "password" ), tr( "Password" ), QVariant::String },
278 { QStringLiteral( "options" ), tr( "Connection options" ), QVariant::String },
279 };
280}
281
282#ifndef QT_NO_SSL
283
284bool QgsAuthConfigurationStorageDb::storeCertIdentity( const QSslCertificate &cert, const QString &keyPem )
285{
286 QMutexLocker locker( &mMutex );
287
288 const QString id{ QgsAuthCertUtils::shaHexForCert( cert ) };
289
290 if ( certIdentityExists( id ) )
291 {
292 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateCertificateIdentity );
293 removeCertIdentity( id );
294 }
295 else
296 {
297 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateCertificateIdentity );
298 }
299
300 if ( !authDbOpen() )
301 {
302 setError( tr( "Auth db could not be opened" ) );
303 return false;
304 }
305
306 if ( cert.isNull() )
307 {
308 setError( tr( "Certificate is NULL" ) );
309 return false;
310 }
311
312 QSqlQuery query( authDatabaseConnection() );
313 const QString certPem{ cert.toPem() };
314
315 query.prepare( QStringLiteral( "INSERT INTO %1 (id, key, cert) VALUES (:id, :key, :cert)" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
316 query.bindValue( QStringLiteral( ":id" ), id );
317 query.bindValue( QStringLiteral( ":key" ), keyPem );
318 query.bindValue( QStringLiteral( ":cert" ), certPem );
319
320 if ( !authDbQuery( &query ) )
321 return false;
322
323 emit certIdentityChanged();
324
325 return true;
326}
327
328bool QgsAuthConfigurationStorageDb::removeCertIdentity( const QSslCertificate &cert )
329{
330 QMutexLocker locker( &mMutex );
331
332 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity );
333
334 if ( !authDbOpen() )
335 {
336 setError( tr( "Auth db could not be opened" ) );
337 return false;
338 }
339
340 QSqlQuery query( authDatabaseConnection() );
341
342 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
343 query.bindValue( QStringLiteral( ":id" ), cert.digest().toHex() );
344
345 if ( !authDbQuery( &query ) )
346 {
347 setError( tr( "Failed to remove cert identity '%1'" ).arg( QString( cert.digest().toHex() ) ), Qgis::MessageLevel::Critical );
348 return false;
349 }
350
351 emit certIdentityChanged();
352
353 return true;
354}
355
356const QSslCertificate QgsAuthConfigurationStorageDb::loadCertIdentity( const QString &id ) const
357{
358 QMutexLocker locker( &mMutex );
359
360 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
361
362 QSslCertificate emptycert;
363
364 if ( id.isEmpty() )
365 return emptycert;
366
367 if ( !authDbOpen() )
368 {
369 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
370 return emptycert;
371 }
372
373 QSqlQuery query( authDatabaseConnection() );
374
375 query.prepare( QStringLiteral( "SELECT cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
376 query.bindValue( QStringLiteral( ":id" ), id );
377
378 if ( !authDbQuery( &query ) )
379 return emptycert;
380
381 QSslCertificate cert;
382
383 if ( query.isActive() && query.isSelect() )
384 {
385 if ( query.first() )
386 {
387 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
388 QgsDebugMsgLevel( QStringLiteral( "Certificate identity retrieved for id: %1" ).arg( id ), 2 );
389 if ( cert.isNull() )
390 {
391 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to retrieve certificate identity for id: %1: certificate is NULL" ).arg( id ), Qgis::MessageLevel::Warning );
392 return emptycert;
393 }
394 }
395 if ( query.next() )
396 {
397 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one certificate identity for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
398 return emptycert;
399 }
400 }
401 return cert;
402}
403
404const QPair<QSslCertificate, QString> QgsAuthConfigurationStorageDb::loadCertIdentityBundle( const QString &id ) const
405{
406 QMutexLocker locker( &mMutex );
407
408 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
409
410 QPair<QSslCertificate, QString> bundle;
411
412 if ( id.isEmpty() )
413 return bundle;
414
415 if ( !authDbOpen() )
416 {
417 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
418 return bundle;
419 }
420
421 QSqlQuery query( authDatabaseConnection() );
422
423 query.prepare( QStringLiteral( "SELECT key, cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
424
425 query.bindValue( QStringLiteral( ":id" ), id );
426
427 if ( !authDbQuery( &query ) )
428 return bundle;
429
430 if ( query.isActive() && query.isSelect() )
431 {
432 QSslCertificate cert;
433 QString key;
434 if ( query.first() )
435 {
436 key = query.value( 0 ).toString();
437 if ( key.isEmpty() )
438 {
439 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieve certificate identity bundle: FAILED to create private key" ), Qgis::MessageLevel::Warning );
440 return bundle;
441 }
442 cert = QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem );
443 if ( cert.isNull() )
444 {
445 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieve certificate identity bundle: FAILED to create certificate" ), Qgis::MessageLevel::Warning );
446 return bundle;
447 }
448 QgsDebugMsgLevel( QStringLiteral( "Certificate identity bundle retrieved for id: %1" ).arg( id ), 2 );
449 }
450 if ( query.next() )
451 {
452 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieved more than one certificate identity for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
453 return bundle;
454 }
455 bundle = qMakePair( cert, key );
456 }
457 return bundle;
458}
459
460const QList<QSslCertificate> QgsAuthConfigurationStorageDb::certIdentities() const
461{
462 QMutexLocker locker( &mMutex );
463
464 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
465
466 QList<QSslCertificate> certs;
467
468 if ( !authDbOpen() )
469 {
470 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
471 return certs;
472 }
473
474 QSqlQuery query( authDatabaseConnection() );
475
476 query.prepare( QStringLiteral( "SELECT cert FROM %1" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
477
478 if ( !authDbQuery( &query ) )
479 return certs;
480
481 if ( query.isActive() && query.isSelect() )
482 {
483 while ( query.next() )
484 {
485 QSslCertificate cert( query.value( 0 ).toByteArray(), QSsl::Pem );
486 if ( !cert.isNull() )
487 {
488 certs.append( cert );
489 }
490 }
491 }
492 return certs;
493}
494
495QStringList QgsAuthConfigurationStorageDb::certIdentityIds() const
496{
497 QMutexLocker locker( &mMutex );
498
499 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
500
501 if ( !authDbOpen() )
502 {
503 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
504 return {};
505 }
506
507 QSqlQuery query( authDatabaseConnection() );
508
509 query.prepare( QStringLiteral( "SELECT id FROM %1" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
510
511 if ( !authDbQuery( &query ) )
512 return {};
513
514 QStringList ids;
515 if ( query.isActive() && query.isSelect() )
516 {
517 while ( query.next() )
518 {
519 ids.append( query.value( 0 ).toString() );
520 }
521 }
522 return ids;
523}
524
525bool QgsAuthConfigurationStorageDb::certIdentityExists( const QString &id ) const
526{
527 QMutexLocker locker( &mMutex );
528
529 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity );
530
531 if ( id.isEmpty() )
532 return false;
533
534 if ( !authDbOpen() )
535 {
536 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
537 return {};
538 }
539
540 QSqlQuery query( authDatabaseConnection() );
541
542 query.prepare( QStringLiteral( "SELECT cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
543 query.bindValue( QStringLiteral( ":id" ), id );
544
545 bool ret { false };
546
547 if ( !authDbQuery( &query ) )
548 return false;
549
550 if ( query.isActive() && query.isSelect() )
551 {
552 if ( query.first() )
553 {
554 ret = true;
555 }
556 if ( query.next() )
557 {
558 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one certificate bundles for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
559 return false;
560 }
561 }
562 return ret;
563}
564
565bool QgsAuthConfigurationStorageDb::removeCertIdentity( const QString &id )
566{
567 QMutexLocker locker( &mMutex );
568
569 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity );
570
571 if ( !authDbOpen() )
572 {
573 setError( tr( "Auth db could not be opened" ) );
574 return {};
575 }
576
577 QSqlQuery query( authDatabaseConnection() );
578
579 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) ) );
580 query.bindValue( QStringLiteral( ":id" ), id );
581
582 if ( !authDbQuery( &query ) )
583 {
584 setError( tr( "Failed to remove certificate identity '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
585 return false;
586 }
587
588 if ( query.numRowsAffected() == 0 )
589 {
590 setError( tr( "No certificate identity found for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
591 return false;
592 }
593
594 emit certIdentityChanged();
595
596 return true;
597}
598
599bool QgsAuthConfigurationStorageDb::storeSslCertCustomConfig( const QgsAuthConfigSslServer &config )
600{
601 QMutexLocker locker( &mMutex );
602
603 QSslCertificate cert( config.sslCertificate() );
604 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
605
606 if ( sslCertCustomConfigExists( id, config.sslHostPort() ) )
607 {
608 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateSslCertificateCustomConfig );
609 removeSslCertCustomConfig( id, config.sslHostPort().trimmed() );
610 }
611 else
612 {
613 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig );
614 }
615
616 if ( ! capabilities().testFlag( Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig ) )
617 {
618 setError( tr( "Storage does not support creating SSL certificate custom configs" ), Qgis::MessageLevel::Critical );
619 return false;
620 }
621
622 if ( !authDbOpen() )
623 {
624 setError( tr( "Auth db could not be opened" ) );
625 return false;
626 }
627
628 QString certpem( cert.toPem() );
629 QSqlQuery query( authDatabaseConnection() );
630
631 query.prepare( QStringLiteral( "INSERT INTO %1 (id, host, cert, config) VALUES (:id, :host, :cert, :config)" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
632
633 query.bindValue( QStringLiteral( ":id" ), id );
634 query.bindValue( QStringLiteral( ":host" ), config.sslHostPort().trimmed() );
635 query.bindValue( QStringLiteral( ":cert" ), certpem );
636 query.bindValue( QStringLiteral( ":config" ), config.configString() );
637
638 if ( !authDbQuery( &query ) )
639 return false;
640
641 QgsDebugMsgLevel( QStringLiteral( "Store SSL cert custom config SUCCESS for host:port, id: %1, %2" )
642 .arg( config.sslHostPort().trimmed(), id ), 2 );
643
644 emit sslCertCustomConfigChanged();
645
646 return true;
647}
648
649QStringList QgsAuthConfigurationStorageDb::sslCertCustomConfigIds() const
650{
651 QMutexLocker locker( &mMutex );
652
653 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
654
655 if ( !authDbOpen() )
656 {
657 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
658 return {};
659 }
660
661 QSqlQuery query( authDatabaseConnection() );
662
663 query.prepare( QStringLiteral( "SELECT id FROM %1" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
664
665 if ( !authDbQuery( &query ) )
666 return {};
667
668 QStringList ids;
669 if ( query.isActive() && query.isSelect() )
670 {
671 while ( query.next() )
672 {
673 ids.append( query.value( 0 ).toString() );
674 }
675 }
676 return ids;
677
678}
679
680const QgsAuthConfigSslServer QgsAuthConfigurationStorageDb::loadSslCertCustomConfig( const QString &id, const QString &hostport ) const
681{
682 QMutexLocker locker( &mMutex );
683
684 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
685
686 QgsAuthConfigSslServer config;
687
688 if ( id.isEmpty() || hostport.isEmpty() )
689 {
690 QgsDebugError( QStringLiteral( "Passed config ID or host:port is empty" ) );
691 return config;
692 }
693
694 if ( !authDbOpen() )
695 {
696 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
697 return config;
698 }
699
700 QSqlQuery query( authDatabaseConnection() );
701 query.prepare( QStringLiteral( "SELECT host, cert, config FROM %1 WHERE id = :id AND host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
702 query.bindValue( QStringLiteral( ":id" ), id );
703 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
704
705 if ( !authDbQuery( &query ) )
706 return config;
707
708 if ( query.isActive() && query.isSelect() )
709 {
710 if ( query.first() )
711 {
712 config.setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
713 config.setSslHostPort( query.value( 0 ).toString().trimmed() );
714 config.loadConfigString( query.value( 2 ).toString() );
715 QgsDebugMsgLevel( QStringLiteral( "SSL cert custom config retrieved for host:port, id: %1, %2" ).arg( hostport, id ), 2 );
716 }
717 if ( query.next() )
718 {
719 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieved more than one SSL cert custom config for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
720 return QgsAuthConfigSslServer();
721 }
722 }
723 return config;
724}
725
726const QgsAuthConfigSslServer QgsAuthConfigurationStorageDb::loadSslCertCustomConfigByHost( const QString &hostport ) const
727{
728 // TODO: implement a flag to skip the query in case there are no custom
729 // certs in the storage, to avoid the overhead of checking the db
730 QMutexLocker locker( &mMutex );
731
732 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
733
734 QgsAuthConfigSslServer config;
735
736 if ( !authDbOpen() )
737 {
738 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
739 return config;
740 }
741
742 QSqlQuery query( authDatabaseConnection() );
743
744 query.prepare( QStringLiteral( "SELECT id, cert, config FROM %1 WHERE host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
745
746 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
747
748 if ( !authDbQuery( &query ) )
749 return config;
750
751 if ( query.isActive() && query.isSelect() )
752 {
753 if ( query.first() )
754 {
755 config.setSslCertificate( QSslCertificate( query.value( 1 ).toByteArray(), QSsl::Pem ) );
756 config.setSslHostPort( hostport );
757 config.loadConfigString( query.value( 2 ).toString() );
758 QgsDebugMsgLevel( QStringLiteral( "SSL cert custom config retrieved for host:port %1" ).arg( hostport ), 2 );
759 }
760 if ( query.next() )
761 {
762 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one SSL cert custom config" ), Qgis::MessageLevel::Warning );
763 return QgsAuthConfigSslServer();
764 }
765 }
766
767 return config;
768}
769
770const QList<QgsAuthConfigSslServer> QgsAuthConfigurationStorageDb::sslCertCustomConfigs() const
771{
772 QMutexLocker locker( &mMutex );
773
774 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
775
776 QList<QgsAuthConfigSslServer> configs;
777
778 if ( !authDbOpen() )
779 {
780 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
781 return configs;
782 }
783
784 QSqlQuery query( authDatabaseConnection() );
785
786 query.prepare( QStringLiteral( "SELECT id, host, cert, config FROM %1" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
787
788 if ( !authDbQuery( &query ) )
789 return configs;
790
791 if ( query.isActive() && query.isSelect() )
792 {
793 while ( query.next() )
794 {
795 QgsAuthConfigSslServer config;
796 config.setSslCertificate( QSslCertificate( query.value( 2 ).toByteArray(), QSsl::Pem ) );
797 config.setSslHostPort( query.value( 1 ).toString().trimmed() );
798 config.loadConfigString( query.value( 3 ).toString() );
799 configs.append( config );
800 }
801 }
802 return configs;
803}
804
805bool QgsAuthConfigurationStorageDb::sslCertCustomConfigExists( const QString &id, const QString &hostport )
806{
807 QMutexLocker locker( &mMutex );
808
809 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig );
810
811 if ( id.isEmpty() || hostport.isEmpty() )
812 {
813 QgsDebugError( QStringLiteral( "Passed config ID or host:port is empty" ) );
814 return false;
815 }
816
817 if ( !authDbOpen() )
818 {
819 setError( tr( "Auth db could not be opened" ) );
820 return false;
821 }
822
823 QSqlQuery query( authDatabaseConnection() );
824
825 query.prepare( QStringLiteral( "SELECT id FROM %1 WHERE id = :id AND host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
826 query.bindValue( QStringLiteral( ":id" ), id );
827 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
828
829 if ( !authDbQuery( &query ) )
830 return false;
831
832 bool res = false;
833 if ( query.isActive() && query.isSelect() )
834 {
835 if ( query.first() )
836 {
837 QgsDebugMsgLevel( QStringLiteral( "SSL cert custom config exists for host:port, id: %1, %2" ).arg( hostport, id ), 2 );
838 res = true;
839 }
840 if ( query.next() )
841 {
842 QgsDebugError( QStringLiteral( "Retrieved more than one SSL cert custom config for host:port, id: %1, %2" ).arg( hostport, id ) );
843 emit messageLog( tr( "Authentication database contains more than one SSL cert custom configs for host:port, id: %1, %2" )
844 .arg( hostport, id ), loggerTag(), Qgis::MessageLevel::Warning );
845 return false;
846 }
847 }
848 return res;
849}
850
851bool QgsAuthConfigurationStorageDb::removeSslCertCustomConfig( const QString &id, const QString &hostport )
852{
853 QMutexLocker locker( &mMutex );
854
855 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig );
856
857 if ( id.isEmpty() || hostport.isEmpty() )
858 {
859 QgsDebugError( QStringLiteral( "Passed config ID or host:port is empty" ) );
860 return false;
861 }
862
863 // TODO: check the flag to skip the query in case there are no custom certs config by host in the storage
864
865 if ( !authDbOpen() )
866 {
867 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
868 return false;
869 }
870
871 QSqlQuery query( authDatabaseConnection() );
872
873 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id AND host = :host" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) ) );
874 query.bindValue( QStringLiteral( ":id" ), id );
875 query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
876
877 if ( !authDbQuery( &query ) )
878 {
879 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to remove SSL certificate custom config for host:port, id: %1, %2" ).arg( hostport, id ), Qgis::MessageLevel::Critical );
880 return false;
881 }
882
883 if ( query.numRowsAffected() == 0 )
884 {
885 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "No SSL certificate custom config found for host:port, id: %1, %2" ).arg( hostport, id ), Qgis::MessageLevel::Warning );
886 return false;
887 }
888
889 emit sslCertCustomConfigChanged();
890
891 return true;
892}
893
894QStringList QgsAuthConfigurationStorageDb::certAuthorityIds() const
895{
896 QMutexLocker locker( &mMutex );
897
898 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
899
900 if ( !authDbOpen() )
901 {
902 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
903 return {};
904 }
905
906 QSqlQuery query( authDatabaseConnection() );
907
908 query.prepare( QStringLiteral( "SELECT id FROM %1" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
909
910 if ( !authDbQuery( &query ) )
911 return {};
912
913 QStringList ids;
914 if ( query.isActive() && query.isSelect() )
915 {
916 while ( query.next() )
917 {
918 ids.append( query.value( 0 ).toString() );
919 }
920 }
921 return ids;
922}
923
924bool QgsAuthConfigurationStorageDb::storeCertAuthority( const QSslCertificate &cert )
925{
926 QMutexLocker locker( &mMutex );
927
928 if ( certAuthorityExists( cert ) )
929 {
930 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateCertificateAuthority );
931 removeCertAuthority( cert );
932 }
933 else
934 {
935 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateCertificateAuthority );
936 }
937
938 // don't refuse !cert.isValid() (actually just expired) CAs,
939 // as user may want to ignore that SSL connection error
940 if ( cert.isNull() )
941 {
942 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
943 return false;
944 }
945
946 if ( !authDbOpen() )
947 {
948 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
949 return false;
950 }
951
952 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
953 const QString pem( cert.toPem() );
954
955 QSqlQuery query( authDatabaseConnection() );
956
957 query.prepare( QStringLiteral( "INSERT INTO %1 (id, cert) VALUES (:id, :cert)" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
958
959 query.bindValue( QStringLiteral( ":id" ), id );
960 query.bindValue( QStringLiteral( ":cert" ), pem );
961
962 if ( !authDbQuery( &query ) )
963 return false;
964
965 QgsDebugMsgLevel( QStringLiteral( "Store certificate authority SUCCESS for id: %1" ).arg( id ), 2 );
966 emit certAuthorityChanged();
967
968 return true;
969}
970
971const QSslCertificate QgsAuthConfigurationStorageDb::loadCertAuthority( const QString &id ) const
972{
973 QMutexLocker locker( &mMutex );
974
975 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
976
977 QSslCertificate emptycert;
978
979 if ( id.isEmpty() )
980 return emptycert;
981
982 if ( !authDbOpen() )
983 {
984 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
985 return emptycert;
986 }
987
988 QSqlQuery query( authDatabaseConnection() );
989
990 query.prepare( QStringLiteral( "SELECT cert FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
991 query.bindValue( QStringLiteral( ":id" ), id );
992
993 if ( !authDbQuery( &query ) )
994 return emptycert;
995
996 QSslCertificate cert;
997
998 if ( query.isActive() && query.isSelect() )
999 {
1000 if ( query.first() )
1001 {
1002 cert = QSslCertificate( query.value( 0 ).toByteArray(), QSsl::Pem );
1003 QgsDebugMsgLevel( QStringLiteral( "Certificate authority retrieved for id: %1" ).arg( id ), 2 );
1004 }
1005 if ( query.next() )
1006 {
1007 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieved more than one certificate authority for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1008 return emptycert;
1009 }
1010 }
1011 return cert;
1012}
1013
1014bool QgsAuthConfigurationStorageDb::certAuthorityExists( const QSslCertificate &cert ) const
1015{
1016 QMutexLocker locker( &mMutex );
1017
1018 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
1019
1020 if ( cert.isNull() )
1021 {
1022 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1023 return false;
1024 }
1025
1026 if ( !authDbOpen() )
1027 {
1028 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1029 return false;
1030 }
1031
1032 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1033
1034 QSqlQuery query( authDatabaseConnection() );
1035
1036 query.prepare( QStringLiteral( "SELECT id FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
1037 query.bindValue( QStringLiteral( ":id" ), id );
1038
1039 if ( !authDbQuery( &query ) )
1040 return false;
1041
1042 bool res = false;
1043 if ( query.isActive() && query.isSelect() )
1044 {
1045 if ( query.first() )
1046 {
1047 QgsDebugMsgLevel( QStringLiteral( "Certificate authority exists for id: %1" ).arg( id ), 2 );
1048 res = true;
1049 }
1050 if ( query.next() )
1051 {
1052 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieved more than one certificate authority for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1053 // TODO: check whether it makes sense to return false here (and in other similar cases)
1054 return false;
1055 }
1056 }
1057 return res;
1058}
1059
1060bool QgsAuthConfigurationStorageDb::removeCertAuthority( const QSslCertificate &cert )
1061{
1062 QMutexLocker locker( &mMutex );
1063
1064 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority );
1065
1066 if ( cert.isNull() )
1067 {
1068 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1069 return false;
1070 }
1071
1072 if ( !authDbOpen() )
1073 {
1074 setError( tr( "Auth db could not be opened" ) );
1075 return false;
1076 }
1077
1078 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1079
1080 QSqlQuery query( authDatabaseConnection() );
1081
1082 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
1083
1084 query.bindValue( QStringLiteral( ":id" ), id );
1085
1086 if ( !authDbQuery( &query ) )
1087 {
1088 setError( tr( "Failed to remove certificate authority '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
1089 return false;
1090 }
1091
1092 if ( query.numRowsAffected() == 0 )
1093 {
1094 setError( tr( "No certificate authority found for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1095 return false;
1096 }
1097
1098 emit certAuthorityChanged();
1099
1100 return true;
1101}
1102
1103const QMap<QString, QgsAuthCertUtils::CertTrustPolicy> QgsAuthConfigurationStorageDb::caCertsPolicy() const
1104{
1105 QMutexLocker locker( &mMutex );
1106
1107 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy );
1108
1109 QMap<QString, QgsAuthCertUtils::CertTrustPolicy> trustedCerts;
1110
1111 if ( !authDbOpen() )
1112 {
1113 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1114 return trustedCerts;
1115 }
1116
1117 QSqlQuery query( authDatabaseConnection() );
1118
1119 query.prepare( QStringLiteral( "SELECT id, policy FROM %1" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1120
1121 if ( !authDbQuery( &query ) )
1122 return trustedCerts;
1123
1124 if ( query.isActive() && query.isSelect() )
1125 {
1126 while ( query.next() )
1127 {
1128 QString id( query.value( 0 ).toString() );
1129 int policy = query.value( 1 ).toInt();
1130 QgsAuthCertUtils::CertTrustPolicy trustPolicy = static_cast< QgsAuthCertUtils::CertTrustPolicy >( policy );
1131 trustedCerts[ id ] = trustPolicy;
1132 }
1133 }
1134
1135 return trustedCerts;
1136}
1137
1138const QList<QSslCertificate> QgsAuthConfigurationStorageDb::caCerts() const
1139{
1140 QMutexLocker locker( &mMutex );
1141
1142 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority );
1143
1144 QList<QSslCertificate> authorities;
1145
1146 if ( !authDbOpen() )
1147 {
1148 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1149 return authorities;
1150 }
1151
1152 QSqlQuery query( authDatabaseConnection() );
1153
1154 query.prepare( QStringLiteral( "SELECT id, cert FROM %1" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) ) );
1155
1156 if ( !authDbQuery( &query ) )
1157 return authorities;
1158
1159 if ( query.isActive() && query.isSelect() )
1160 {
1161 while ( query.next() )
1162 {
1163 const QSslCertificate cert( query.value( 1 ).toByteArray(), QSsl::Pem );
1164 if ( !cert.isNull() )
1165 {
1166 authorities.append( cert );
1167 }
1168 else
1169 {
1170 const QString id { query.value( 0 ).toString() };
1171 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Invalid CA found: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1172 }
1173 }
1174 }
1175 return authorities;
1176}
1177
1178bool QgsAuthConfigurationStorageDb::storeCertTrustPolicy( const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy )
1179{
1180 QMutexLocker locker( &mMutex );
1181
1182 const bool policyExisted = certTrustPolicyExists( cert );
1183
1184 if ( policyExisted )
1185 {
1186 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateCertificateTrustPolicy );
1187 }
1188 else
1189 {
1190 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateCertificateTrustPolicy );
1191 }
1192
1193 if ( cert.isNull() )
1194 {
1195 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1196 return false;
1197 }
1198
1199 if ( !authDbOpen() )
1200 {
1201 setError( tr( "Auth db could not be opened" ) );
1202 return false;
1203 }
1204
1205 const QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1206
1207 // Handle default trust case
1208 if ( policy == QgsAuthCertUtils::DefaultTrust )
1209 {
1210 if ( !policyExisted )
1211 {
1212 QgsDebugMsgLevel( QStringLiteral( "Passed policy was default, no cert records in database for id: %1" ).arg( id ), 2 );
1213 return true;
1214 }
1215
1216 if ( !removeCertTrustPolicy( cert ) )
1217 {
1218 setError( tr( "Failed to remove certificate trust policy for id: %1" ).arg( id ) );
1219 return false;
1220 }
1221
1222 QgsDebugMsgLevel( QStringLiteral( "Passed policy was default, all cert records in database were removed for id: %1" ).arg( id ), 2 );
1223
1224 emit certAuthorityChanged();
1225
1226 return true;
1227 }
1228
1229 // Handle other policies
1230 if ( policyExisted && !removeCertTrustPolicy( cert ) )
1231 {
1232 setError( tr( "Failed to remove certificate trust policy for id: %1" ).arg( id ) );
1233 return false;
1234 }
1235
1236 // Insert new policy
1237 QSqlQuery query( authDatabaseConnection() );
1238 query.prepare( QStringLiteral( "INSERT INTO %1 (id, policy) VALUES (:id, :policy)" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1239
1240 query.bindValue( QStringLiteral( ":id" ), id );
1241 query.bindValue( QStringLiteral( ":policy" ), static_cast< int >( policy ) );
1242
1243 if ( !authDbQuery( &query ) )
1244 return false;
1245
1246 QgsDebugMsgLevel( QStringLiteral( "Store certificate trust policy SUCCESS for id: %1" ).arg( id ), 2 );
1247 emit certAuthorityChanged();
1248
1249 return true;
1250}
1251
1252QgsAuthCertUtils::CertTrustPolicy QgsAuthConfigurationStorageDb::loadCertTrustPolicy( const QSslCertificate &cert ) const
1253{
1254 QMutexLocker locker( &mMutex );
1255
1256 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy );
1257
1258 if ( cert.isNull() )
1259 {
1260 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1261 return QgsAuthCertUtils::DefaultTrust;
1262 }
1263
1264 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1265
1266 if ( !authDbOpen() )
1267 {
1268 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1269 return QgsAuthCertUtils::DefaultTrust;
1270 }
1271
1272 QSqlQuery query( authDatabaseConnection() );
1273
1274 query.prepare( QStringLiteral( "SELECT policy FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1275 query.bindValue( QStringLiteral( ":id" ), id );
1276
1277 if ( !authDbQuery( &query ) )
1278 return QgsAuthCertUtils::DefaultTrust;
1279
1280 if ( query.isActive() && query.isSelect() )
1281 {
1282 if ( query.first() )
1283 {
1284 int policy = query.value( 0 ).toInt();
1285 QgsDebugMsgLevel( QStringLiteral( "Certificate trust policy retrieved for id: %1" ).arg( id ), 2 );
1286 return static_cast< QgsAuthCertUtils::CertTrustPolicy >( policy );
1287 }
1288 if ( query.next() )
1289 {
1290 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Retrieved more than one certificate trust policy for id: %1" ).arg( id ), Qgis::MessageLevel::Warning );
1291 return QgsAuthCertUtils::DefaultTrust;
1292 }
1293 }
1294 return QgsAuthCertUtils::DefaultTrust;
1295}
1296
1297bool QgsAuthConfigurationStorageDb::removeCertTrustPolicy( const QSslCertificate &cert )
1298{
1299 QMutexLocker locker( &mMutex );
1300
1301 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy );
1302
1303 if ( cert.isNull() )
1304 {
1305 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1306 return QgsAuthCertUtils::DefaultTrust;
1307 }
1308
1309 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1310
1311 if ( !authDbOpen() )
1312 {
1313 setError( tr( "Auth db could not be opened" ) );
1314 return QgsAuthCertUtils::DefaultTrust;
1315 }
1316
1317 QSqlQuery query( authDatabaseConnection() );
1318
1319 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1320 query.bindValue( QStringLiteral( ":id" ), id );
1321
1322 if ( !authDbQuery( &query ) )
1323 {
1324 setError( tr( "Failed to remove certificate trust policy '%1'" ).arg( id ) );
1325 return false;
1326 }
1327
1328 if ( query.numRowsAffected() == 0 )
1329 {
1330 setError( tr( "No certificate trust policy found for id: %1" ).arg( id ) );
1331 return false;
1332 }
1333
1334 emit sslCertTrustPolicyChanged();
1335
1336 return true;
1337}
1338
1339bool QgsAuthConfigurationStorageDb::certTrustPolicyExists( const QSslCertificate &cert ) const
1340{
1341 QMutexLocker locker( &mMutex );
1342
1343 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy );
1344
1345 if ( cert.isNull() )
1346 {
1347 QgsDebugError( QStringLiteral( "Passed certificate is null" ) );
1348 return QgsAuthCertUtils::DefaultTrust;
1349 }
1350
1351 QString id( QgsAuthCertUtils::shaHexForCert( cert ) );
1352
1353 if ( !authDbOpen() )
1354 {
1355 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1356 return QgsAuthCertUtils::DefaultTrust;
1357 }
1358
1359 QSqlQuery query( authDatabaseConnection() );
1360
1361 query.prepare( QStringLiteral( "SELECT COUNT(id) FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) ) );
1362 query.bindValue( QStringLiteral( ":id" ), id );
1363
1364 if ( !authDbQuery( &query ) )
1365 return false;
1366
1367 if ( query.isActive() && query.isSelect() )
1368 {
1369 if ( query.first() )
1370 {
1371 return query.value( 0 ).toInt() > 0;
1372 }
1373 }
1374 return false;
1375}
1376
1377#endif
1378
1379const QList<QgsAuthConfigurationStorage::MasterPasswordConfig> QgsAuthConfigurationStorageDb::masterPasswords() const
1380{
1381 QMutexLocker locker( &mMutex );
1382
1383 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadMasterPassword );
1384
1385 QList<QgsAuthConfigurationStorage::MasterPasswordConfig> passwords;
1386
1387 if ( !authDbOpen() )
1388 {
1389 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1390 return passwords;
1391 }
1392
1393 QSqlQuery query( authDatabaseConnection() );
1394 query.prepare( QStringLiteral( "SELECT salt, civ, hash FROM %1" ).arg( quotedQualifiedIdentifier( masterPasswordTableName() ) ) );
1395
1396 if ( !authDbQuery( &query ) )
1397 return passwords;
1398
1399 if ( query.isActive() && query.isSelect() )
1400 {
1401 while ( query.next() )
1402 {
1403 const QString salt = query.value( 0 ).toString();
1404 const QString civ = query.value( 1 ).toString();
1405 const QString hash = query.value( 2 ).toString();
1406 passwords.append( { salt, civ, hash } );
1407 }
1408 }
1409 return passwords;
1410}
1411
1412bool QgsAuthConfigurationStorageDb::storeMasterPassword( const QgsAuthConfigurationStorage::MasterPasswordConfig &config )
1413{
1414 QMutexLocker locker( &mMutex );
1415
1416 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateMasterPassword );
1417
1418 if ( !authDbOpen() )
1419 {
1420 setError( tr( "Auth db could not be opened" ) );
1421 return false;
1422 }
1423
1424 QSqlQuery query( authDatabaseConnection() );
1425 query.prepare( QStringLiteral( "INSERT INTO %1 (salt, civ, hash) VALUES (:salt, :civ, :hash)" ).arg( quotedQualifiedIdentifier( masterPasswordTableName() ) ) );
1426
1427 query.bindValue( QStringLiteral( ":salt" ), config.salt );
1428 query.bindValue( QStringLiteral( ":civ" ), config.civ );
1429 query.bindValue( QStringLiteral( ":hash" ), config.hash );
1430
1431 if ( !authDbQuery( &query ) )
1432 return false;
1433
1434 emit masterPasswordChanged();
1435
1436 return true;
1437}
1438
1439bool QgsAuthConfigurationStorageDb::clearMasterPasswords()
1440{
1441 QMutexLocker locker( &mMutex );
1442
1443 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword );
1444
1445 const bool ret { clearTables( { masterPasswordTableName() } ) };
1446
1447 if ( ret )
1448 {
1449 emit masterPasswordChanged();
1450 }
1451
1452 return ret;
1453}
1454
1455QString QgsAuthConfigurationStorageDb::methodConfigTableName() const
1456{
1457 return QStringLiteral( "auth_configs" );
1458}
1459
1460QString QgsAuthConfigurationStorageDb::authSettingsTableName() const
1461{
1462 return QStringLiteral( "auth_settings" );
1463}
1464
1465QString QgsAuthConfigurationStorageDb::certIdentityTableName() const
1466{
1467 return QStringLiteral( "auth_identities" );
1468}
1469
1470QString QgsAuthConfigurationStorageDb::sslCertCustomConfigTableName() const
1471{
1472 return QStringLiteral( "auth_servers" );
1473}
1474
1475QString QgsAuthConfigurationStorageDb::certAuthorityTableName() const
1476{
1477 return QStringLiteral( "auth_authorities" );
1478}
1479
1480QString QgsAuthConfigurationStorageDb::certTrustPolicyTableName() const
1481{
1482 return QStringLiteral( "auth_trust" );
1483}
1484
1485QString QgsAuthConfigurationStorageDb::masterPasswordTableName() const
1486{
1487 return QStringLiteral( "auth_pass" );
1488}
1489
1490QString QgsAuthConfigurationStorageDb::quotedQualifiedIdentifier( const QString &name, bool isIndex ) const
1491{
1492 const QString schema { mConfiguration.value( QStringLiteral( "schema" ) ).toString() };
1493 if ( schema.isEmpty() )
1494 {
1495 return authDatabaseConnection().driver()->escapeIdentifier( name, QSqlDriver::TableName );
1496 }
1497 else
1498 {
1499 if ( isIndex )
1500 {
1501 return authDatabaseConnection().driver()->escapeIdentifier( schema + QStringLiteral( "_" ) + name, QSqlDriver::TableName );
1502 }
1503 else
1504 {
1505 return authDatabaseConnection().driver()->escapeIdentifier( schema, QSqlDriver::TableName ) + QStringLiteral( "." ) + authDatabaseConnection().driver()->escapeIdentifier( name, QSqlDriver::TableName );
1506 }
1507 }
1508}
1509
1510QString QgsAuthConfigurationStorageDb::name() const
1511{
1512 return QStringLiteral( "%1:%2" ).arg( mDriver, mDatabase );
1513}
1514
1515QString QgsAuthConfigurationStorageDb::type() const
1516{
1517 return QStringLiteral( "DB-%2" ).arg( mDriver );
1518}
1519
1520QString QgsAuthConfigurationStorageDb::description() const
1521{
1522 return tr( "Store credentials in a %1 database" ).arg( name() );
1523}
1524
1525QString QgsAuthConfigurationStorageDb::id() const
1526{
1527 QMutexLocker locker( &mMutex );
1528
1529 if ( mId.isEmpty() )
1530 {
1531 // Create a hash from the driver name, database name, port, hostname and username
1532 QCryptographicHash hash( QCryptographicHash::Sha256 );
1533 hash.addData( mDriver.toUtf8() );
1534 hash.addData( mDatabase.toUtf8() );
1535 hash.addData( QString::number( mPort ).toUtf8() );
1536 hash.addData( mHost.toUtf8() );
1537 hash.addData( mUser.toUtf8() );
1538 mId = QString( hash.result().toHex() );
1539 }
1540 return mId;
1541}
1542
1543bool QgsAuthConfigurationStorageDb::createConfigTables()
1544{
1545 QMutexLocker locker( &mMutex );
1546
1547 if ( !authDbOpen() )
1548 {
1549 setError( tr( "Auth db could not be opened" ) );
1550 return false;
1551 }
1552
1553 QSqlQuery query( authDatabaseConnection() );
1554
1555 // create the tables
1556 QString qstr;
1557
1558 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1559 " salt TEXT NOT NULL,\n"
1560 " civ TEXT NOT NULL\n"
1561 ", hash TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( masterPasswordTableName() ) );
1562
1563 if ( !authDbQuery( &query, qstr ) )
1564 return false;
1565
1566 query.clear();
1567
1568 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1569 " id TEXT NOT NULL,\n"
1570 " name TEXT NOT NULL,\n"
1571 " uri TEXT,\n"
1572 " type TEXT NOT NULL,\n"
1573 " version INTEGER NOT NULL\n"
1574 ", config TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) );
1575 if ( !authDbQuery( &query, qstr ) )
1576 return false;
1577
1578 query.clear();
1579
1580 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" ).arg( quotedQualifiedIdentifier( QStringLiteral( "config_id_index" ), true ), quotedQualifiedIdentifier( methodConfigTableName() ) );
1581
1582 if ( !authDbQuery( &query, qstr ) )
1583 return false;
1584
1585 query.clear();
1586
1587 qstr = QStringLiteral( "CREATE INDEX IF NOT EXISTS %1 ON %2 (uri ASC);" )
1588 .arg( quotedQualifiedIdentifier( QStringLiteral( "uri_index" ), true ),
1589 quotedQualifiedIdentifier( methodConfigTableName() ) );
1590
1591 if ( !authDbQuery( &query, qstr ) )
1592 return false;
1593
1594 return true;
1595}
1596
1597bool QgsAuthConfigurationStorageDb::createCertTables()
1598{
1599 QMutexLocker locker( &mMutex );
1600
1601 if ( !authDbOpen() )
1602 {
1603 setError( tr( "Auth db could not be opened" ) );
1604 return false;
1605 }
1606
1607 QgsDebugMsgLevel( QStringLiteral( "Creating cert tables in auth db" ), 2 );
1608
1609 QSqlQuery query( authDatabaseConnection() );
1610
1611 // create the tables
1612 QString qstr;
1613
1614 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1615 " setting TEXT NOT NULL\n"
1616 ", value TEXT);" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) );
1617
1618 if ( !authDbQuery( &query, qstr ) )
1619 return false;
1620
1621 query.clear();
1622
1623 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1624 " id TEXT NOT NULL,\n"
1625 " key TEXT NOT NULL\n"
1626 ", cert TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( certIdentityTableName() ) );
1627
1628
1629 if ( !authDbQuery( &query, qstr ) )
1630 return false;
1631
1632 query.clear();
1633
1634 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1635 .arg( quotedQualifiedIdentifier( QStringLiteral( "cert_ident_id_index" ), true ), quotedQualifiedIdentifier( certIdentityTableName() ) );
1636
1637 if ( !authDbQuery( &query, qstr ) )
1638 return false;
1639
1640 query.clear();
1641
1642
1643 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1644 " id TEXT NOT NULL,\n"
1645 " host TEXT NOT NULL,\n"
1646 " cert TEXT\n"
1647 ", config TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) );
1648
1649 if ( !authDbQuery( &query, qstr ) )
1650 return false;
1651
1652 query.clear();
1653
1654 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (host ASC);" ).arg( quotedQualifiedIdentifier( QStringLiteral( "host_index" ), true ), quotedQualifiedIdentifier( sslCertCustomConfigTableName() ) );
1655
1656
1657 if ( !authDbQuery( &query, qstr ) )
1658 return false;
1659
1660 query.clear();
1661
1662
1663 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1664 " id TEXT NOT NULL\n"
1665 ", cert TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( certAuthorityTableName() ) );
1666
1667
1668 if ( !authDbQuery( &query, qstr ) )
1669 return false;
1670
1671 query.clear();
1672
1673 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1674 .arg( quotedQualifiedIdentifier( QStringLiteral( "ca_id_index" ), true ), quotedQualifiedIdentifier( certAuthorityTableName() ) );
1675
1676
1677 if ( !authDbQuery( &query, qstr ) )
1678 return false;
1679
1680 query.clear();
1681
1682 qstr = QStringLiteral( "CREATE TABLE IF NOT EXISTS %1 (\n"
1683 " id TEXT NOT NULL\n"
1684 ", policy TEXT NOT NULL);" ).arg( quotedQualifiedIdentifier( certTrustPolicyTableName() ) );
1685
1686 if ( !authDbQuery( &query, qstr ) )
1687 return false;
1688
1689 query.clear();
1690
1691 qstr = QStringLiteral( "CREATE UNIQUE INDEX IF NOT EXISTS %1 ON %2 (id ASC);" )
1692 .arg( quotedQualifiedIdentifier( QStringLiteral( "trust_id_index" ), true ), quotedQualifiedIdentifier( certTrustPolicyTableName() ) );
1693
1694
1695 if ( !authDbQuery( &query, qstr ) )
1696 return false;
1697
1698 query.clear();
1699
1700 return true;
1701}
1702
1703QgsAuthMethodConfigsMap QgsAuthConfigurationStorageDb::authMethodConfigs( const QStringList &allowedMethods ) const
1704{
1705
1706 QMutexLocker locker( &mMutex );
1707
1708 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
1709
1710 QgsAuthMethodConfigsMap baseConfigs;
1711
1712 if ( ! isEnabled() || !isReady() )
1713 return baseConfigs;
1714
1715 if ( !authDbOpen() )
1716 {
1717 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1718 return baseConfigs;
1719 }
1720
1721 QSqlQuery query( authDatabaseConnection() );
1722 query.prepare( QStringLiteral( "SELECT id, name, uri, type, version FROM %1" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1723
1724 if ( !authDbQuery( &query ) )
1725 {
1726 return baseConfigs;
1727 }
1728
1729 if ( query.isActive() && query.isSelect() )
1730 {
1731 while ( query.next() )
1732 {
1733 QString authcfg = query.value( 0 ).toString();
1734 QgsAuthMethodConfig config;
1735 config.setId( authcfg );
1736 config.setName( query.value( 1 ).toString() );
1737 config.setUri( query.value( 2 ).toString() );
1738 config.setMethod( query.value( 3 ).toString() );
1739 config.setVersion( query.value( 4 ).toInt() );
1740
1741 if ( !allowedMethods.isEmpty() && !allowedMethods.contains( config.method() ) )
1742 {
1743 continue;
1744 }
1745
1746 baseConfigs.insert( authcfg, config );
1747 }
1748 }
1749 return baseConfigs;
1750
1751}
1752
1753QgsAuthMethodConfigsMap QgsAuthConfigurationStorageDb::authMethodConfigsWithPayload( ) const
1754{
1755
1756 QMutexLocker locker( &mMutex );
1757
1758 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
1759
1760 QgsAuthMethodConfigsMap baseConfigs;
1761
1762 if ( ! isEnabled() || !isReady() )
1763 return baseConfigs;
1764
1765 if ( !authDbOpen() )
1766 {
1767 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
1768 return baseConfigs;
1769 }
1770
1771 QSqlQuery query( authDatabaseConnection() );
1772 query.prepare( QStringLiteral( "SELECT id, name, uri, type, version, config FROM %1" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1773
1774 if ( !authDbQuery( &query ) )
1775 {
1776 return baseConfigs;
1777 }
1778
1779 if ( query.isActive() && query.isSelect() )
1780 {
1781 while ( query.next() )
1782 {
1783 QString authcfg = query.value( 0 ).toString();
1784 QgsAuthMethodConfig config;
1785 config.setId( authcfg );
1786 config.setName( query.value( 1 ).toString() );
1787 config.setUri( query.value( 2 ).toString() );
1788 config.setMethod( query.value( 3 ).toString() );
1789 config.setVersion( query.value( 4 ).toInt() );
1790 config.setConfig( QStringLiteral( "encrypted_payload" ), query.value( 5 ).toString() );
1791 baseConfigs.insert( authcfg, config );
1792 }
1793 }
1794 return baseConfigs;
1795}
1796
1797void QgsAuthConfigurationStorageDb::checkCapabilities()
1798{
1799 QMutexLocker locker( &mMutex );
1800
1801 mCapabilities = Qgis::AuthConfigurationStorageCapabilities();
1802
1803 if ( ! isEnabled() || !isReady() )
1804 return;
1805
1806 if ( !authDbOpen() )
1807 {
1808 setError( tr( "Auth db could not be opened" ) );
1809 return;
1810 }
1811
1812 // Check if each table exist and set capabilities
1813
1814 static const QStringList existingTables = authDatabaseConnection().tables();
1815 QString schema { mConfiguration.value( QStringLiteral( "schema" ) ).toString() };
1816 if ( ! schema.isEmpty() )
1817 {
1818 schema += '.';
1819 }
1820
1821 if ( existingTables.contains( schema.isEmpty() ? masterPasswordTableName( ) : schema + masterPasswordTableName( ) ) )
1822 {
1823 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadMasterPassword;
1824 if ( !isReadOnly() )
1825 {
1826 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateMasterPassword;
1827 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateMasterPassword;
1828 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword;
1829 }
1830 }
1831
1832 if ( existingTables.contains( schema.isEmpty() ? methodConfigTableName( ) : schema + methodConfigTableName( ) ) )
1833 {
1834 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadConfiguration;
1835 if ( !isReadOnly() )
1836 {
1837 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateConfiguration;
1838 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateConfiguration;
1839 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteConfiguration;
1840 }
1841 }
1842
1843 if ( existingTables.contains( schema.isEmpty() ? authSettingsTableName( ) : schema + authSettingsTableName( ) ) )
1844 {
1845 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadSetting;
1846 if ( !isReadOnly() )
1847 {
1848 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateSetting;
1849 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateSetting;
1850 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteSetting;
1851 }
1852 }
1853
1854 if ( existingTables.contains( schema.isEmpty() ? certIdentityTableName( ) : schema + certIdentityTableName( ) ) )
1855 {
1856 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity;
1857 if ( !isReadOnly() )
1858 {
1859 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateCertificateIdentity;
1860 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateCertificateIdentity;
1861 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity;
1862 }
1863 }
1864
1865 if ( existingTables.contains( schema.isEmpty() ? sslCertCustomConfigTableName( ) : schema + sslCertCustomConfigTableName( ) ) )
1866 {
1867 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig;
1868 if ( !isReadOnly() )
1869 {
1870 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig;
1871 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateSslCertificateCustomConfig;
1872 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig;
1873 }
1874 }
1875
1876 if ( existingTables.contains( schema.isEmpty() ? certAuthorityTableName( ) : schema + certAuthorityTableName( ) ) )
1877 {
1878 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority;
1879 if ( !isReadOnly() )
1880 {
1881 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateCertificateAuthority;
1882 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateCertificateAuthority;
1883 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority;
1884 }
1885 }
1886
1887 if ( existingTables.contains( schema.isEmpty() ? certTrustPolicyTableName( ) : schema + certTrustPolicyTableName( ) ) )
1888 {
1889 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy;
1890 if ( !isReadOnly() )
1891 {
1892 mCapabilities |= Qgis::AuthConfigurationStorageCapability::CreateCertificateTrustPolicy;
1893 mCapabilities |= Qgis::AuthConfigurationStorageCapability::UpdateCertificateTrustPolicy;
1894 mCapabilities |= Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy;
1895 }
1896 }
1897
1898 // Any delete capability will set ClearStorage
1899 if ( ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword ) ||
1900 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteConfiguration ) ||
1901 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteSetting ) ||
1902 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity ) ||
1903 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig ) ||
1904 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority ) ||
1905 ( mCapabilities & Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy ) )
1906 {
1907 mCapabilities |= Qgis::AuthConfigurationStorageCapability::ClearStorage;
1908 }
1909
1910}
1911
1912QgsAuthMethodConfig QgsAuthConfigurationStorageDb::loadMethodConfig( const QString &id, QString &payload, bool full ) const
1913{
1914 QMutexLocker locker( &mMutex );
1915
1916 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
1917
1918 QgsAuthMethodConfig config;
1919
1920 if ( !authDbOpen() )
1921 {
1922 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ), Qgis::MessageLevel::Critical );
1923 return config;
1924 }
1925
1926 QSqlQuery query( authDatabaseConnection() );
1927
1928 if ( full )
1929 {
1930 query.prepare( QStringLiteral( "SELECT name, uri, type, version, config FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1931 }
1932 else
1933 {
1934 query.prepare( QStringLiteral( "SELECT name, uri, type, version FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
1935 }
1936
1937 query.bindValue( QStringLiteral( ":id" ), id );
1938
1939 if ( !authDbQuery( &query ) )
1940 {
1941 return config;
1942 }
1943
1944 if ( query.isActive() && query.isSelect() )
1945 {
1946 if ( query.first() )
1947 {
1948 config.setId( id );
1949 config.setName( query.value( 0 ).toString() );
1950 config.setUri( query.value( 1 ).toString() );
1951 config.setMethod( query.value( 2 ).toString() );
1952 config.setVersion( query.value( 3 ).toInt() );
1953 if ( full )
1954 {
1955 payload = query.value( 4 ).toString();
1956 }
1957 }
1958 if ( query.next() )
1959 {
1960 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Authentication database contains more than one configuration IDs for '%1'" ).arg( id ), Qgis::MessageLevel::Warning );
1961 }
1962 }
1963
1964 return config;
1965}
1966
1967bool QgsAuthConfigurationStorageDb::storeMethodConfig( const QgsAuthMethodConfig &config, const QString &payload )
1968{
1969 QMutexLocker locker( &mMutex );
1970
1971 if ( methodConfigExists( config.id() ) )
1972 {
1973 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateConfiguration );
1974 }
1975 else
1976 {
1977 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateConfiguration );
1978 }
1979
1980 if ( !authDbOpen() )
1981 {
1982 setError( tr( "Auth db could not be opened" ) );
1983 return false;
1984 }
1985
1986 if ( payload.isEmpty() )
1987 {
1988 setError( tr( "Store config: FAILED because config string is empty" ), Qgis::MessageLevel::Warning );
1989 return false;
1990 }
1991
1992 if ( ! config.isValid( true ) )
1993 {
1994 setError( tr( "Store config: FAILED because config is invalid" ), Qgis::MessageLevel::Warning );
1995 return false;
1996 }
1997
1998 if ( methodConfigExists( config.id() ) )
1999 {
2000 removeMethodConfig( config.id() );
2001 }
2002
2003 QSqlQuery query( authDatabaseConnection() );
2004 query.prepare( QStringLiteral( "INSERT INTO %1 (id, name, uri, type, version, config) VALUES (:id, :name, :uri, :type, :version, :config)" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
2005 query.bindValue( QStringLiteral( ":id" ), config.id() );
2006 query.bindValue( QStringLiteral( ":name" ), config.name() );
2007 query.bindValue( QStringLiteral( ":uri" ), config.uri() );
2008 query.bindValue( QStringLiteral( ":type" ), config.method() );
2009 query.bindValue( QStringLiteral( ":version" ), config.version() );
2010 query.bindValue( QStringLiteral( ":config" ), payload );
2011
2012 if ( !authDbQuery( &query ) )
2013 {
2014 setError( tr( "Failed to store config '%1'" ).arg( config.id() ), Qgis::MessageLevel::Critical );
2015 return false;
2016 }
2017
2018 emit methodConfigChanged();
2019
2020 return true;
2021}
2022
2023bool QgsAuthConfigurationStorageDb::removeMethodConfig( const QString &id )
2024{
2025 QMutexLocker locker( &mMutex );
2026
2027 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteConfiguration );
2028
2029 if ( !authDbOpen() )
2030 {
2031 setError( tr( "Auth db could not be opened" ) );
2032 return false;
2033 }
2034
2035 QSqlQuery query( authDatabaseConnection() );
2036
2037 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
2038 query.bindValue( QStringLiteral( ":id" ), id );
2039
2040 if ( !authDbQuery( &query ) )
2041 {
2042 setError( tr( "Failed to remove config '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
2043 return false;
2044 }
2045
2046 if ( query.numRowsAffected() == 0 )
2047 {
2048 setError( tr( "Config '%1' does not exist" ).arg( id ), Qgis::MessageLevel::Warning );
2049 return false;
2050 }
2051
2052 emit methodConfigChanged();
2053
2054 return true;
2055}
2056
2057bool QgsAuthConfigurationStorageDb::methodConfigExists( const QString &id ) const
2058{
2059 QMutexLocker locker( &mMutex );
2060
2061 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadConfiguration );
2062
2063 if ( !authDbOpen() )
2064 {
2065 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2066 return false;
2067 }
2068
2069 QSqlQuery query( authDatabaseConnection() );
2070
2071 query.prepare( QStringLiteral( "SELECT COUNT( id ) FROM %1 WHERE id = :id" ).arg( quotedQualifiedIdentifier( methodConfigTableName() ) ) );
2072 query.bindValue( QStringLiteral( ":id" ), id );
2073
2074 if ( !authDbQuery( &query ) )
2075 {
2076 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to query for config '%1'" ).arg( id ), Qgis::MessageLevel::Critical );
2077 return false;
2078 }
2079
2080 if ( query.next() )
2081 {
2082 return query.value( 0 ).toInt() > 0;
2083 }
2084
2085 return false;
2086}
2087
2088bool QgsAuthConfigurationStorageDb::storeAuthSetting( const QString &key, const QString &value )
2089{
2090 QMutexLocker locker( &mMutex );
2091
2092 if ( authSettingExists( key ) )
2093 {
2094 checkCapability( Qgis::AuthConfigurationStorageCapability::UpdateSetting );
2095 removeAuthSetting( key );
2096 }
2097 else
2098 {
2099 checkCapability( Qgis::AuthConfigurationStorageCapability::CreateSetting );
2100 }
2101
2102 if ( !authDbOpen() )
2103 {
2104 setError( tr( "Auth db could not be opened" ) );
2105 return false;
2106 }
2107
2108 QSqlQuery query( authDatabaseConnection() );
2109
2110 query.prepare( QStringLiteral( "INSERT INTO %1 (setting, value) VALUES (:setting, :value)" )
2111 .arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2112 query.bindValue( QStringLiteral( ":setting" ), key );
2113 query.bindValue( QStringLiteral( ":value" ), value );
2114
2115 if ( !authDbQuery( &query ) )
2116 {
2117 setError( tr( "Failed to set setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2118 return false;
2119 }
2120 else
2121 {
2122 emit authSettingsChanged();
2123 return true;
2124 }
2125}
2126
2127QString QgsAuthConfigurationStorageDb::loadAuthSetting( const QString &key ) const
2128{
2129 QMutexLocker locker( &mMutex );
2130
2131 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSetting );
2132
2133 if ( !authDbOpen() )
2134 {
2135 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2136 return QString();
2137 }
2138
2139 QSqlQuery query( authDatabaseConnection() );
2140
2141 query.prepare( QStringLiteral( "SELECT value FROM %1 WHERE setting = :setting" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2142 query.bindValue( QStringLiteral( ":setting" ), key );
2143
2144 if ( !authDbQuery( &query ) )
2145 {
2146 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to query for setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2147 return QString();
2148 }
2149
2150 if ( query.next() )
2151 {
2152 return query.value( 0 ).toString();
2153 }
2154
2155 // Not sure we need this warning, as it's not necessarily an error if the setting doesn't exist
2156 // const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Setting '%1' does not exist" ).arg( key ), Qgis::MessageLevel::Warning );
2157 QgsDebugMsgLevel( QStringLiteral( "Setting '%1' does not exist" ).arg( key ), 2 );
2158
2159 return QString();
2160}
2161
2162
2163bool QgsAuthConfigurationStorageDb::removeAuthSetting( const QString &key )
2164{
2165 QMutexLocker locker( &mMutex );
2166
2167 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSetting );
2168
2169 if ( !authDbOpen() )
2170 {
2171 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2172 return false;
2173 }
2174
2175 QSqlQuery query( authDatabaseConnection() );
2176
2177 query.prepare( QStringLiteral( "DELETE FROM %1 WHERE setting = :setting" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2178 query.bindValue( QStringLiteral( ":setting" ), key );
2179
2180 if ( !authDbQuery( &query ) )
2181 {
2182 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to remove setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2183 return false;
2184 }
2185
2186 if ( query.numRowsAffected() == 0 )
2187 {
2188 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Setting '%1' does not exist" ).arg( key ), Qgis::MessageLevel::Warning );
2189 return false;
2190 }
2191
2192 emit authSettingsChanged();
2193
2194 return true;
2195}
2196
2197bool QgsAuthConfigurationStorageDb::authSettingExists( const QString &key ) const
2198{
2199 QMutexLocker locker( &mMutex );
2200
2201 checkCapability( Qgis::AuthConfigurationStorageCapability::ReadSetting );
2202
2203 if ( !authDbOpen() )
2204 {
2205 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Auth db could not be opened" ) );
2206 return false;
2207 }
2208
2209 QSqlQuery query( authDatabaseConnection() );
2210
2211 query.prepare( QStringLiteral( "SELECT COUNT(value) FROM %1 WHERE setting = :setting" ).arg( quotedQualifiedIdentifier( authSettingsTableName() ) ) );
2212 query.bindValue( QStringLiteral( ":setting" ), key );
2213
2214 if ( !authDbQuery( &query ) )
2215 {
2216 const_cast< QgsAuthConfigurationStorageDb * >( this )->setError( tr( "Failed to query for setting '%1'" ).arg( key ), Qgis::MessageLevel::Critical );
2217 return false;
2218 }
2219
2220 if ( query.next() )
2221 {
2222 return query.value( 0 ).toInt() > 0;
2223 }
2224
2225 return false;
2226}
2227
2228
2229
2230bool QgsAuthConfigurationStorageDb::clearTables( const QStringList &tables )
2231{
2232 QMutexLocker locker( &mMutex );
2233
2234 if ( !authDbOpen() )
2235 {
2236 setError( tr( "Auth db could not be opened" ) );
2237 return false;
2238 }
2239
2240 QSqlQuery query( authDatabaseConnection() );
2241
2242 for ( const auto &table : std::as_const( tables ) )
2243 {
2244
2245 // Check if the table exists
2246 if ( ! tableExists( table ) )
2247 {
2248 setError( tr( "Failed to empty table '%1': table does not exist" ).arg( table ), Qgis::MessageLevel::Warning );
2249 continue;
2250 }
2251
2252 // Check whether the table supports deletion
2253 if ( table.compare( methodConfigTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2254 {
2255 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteConfiguration );
2256 }
2257 else if ( table.compare( authSettingsTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2258 {
2259 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSetting );
2260 }
2261 else if ( table.compare( certIdentityTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2262 {
2263 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity );
2264 }
2265 else if ( table.compare( sslCertCustomConfigTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2266 {
2267 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig );
2268 }
2269 else if ( table.compare( certAuthorityTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2270 {
2271 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority );
2272 }
2273 else if ( table.compare( certTrustPolicyTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2274 {
2275 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy );
2276 }
2277 else if ( table.compare( masterPasswordTableName(), Qt::CaseSensitivity::CaseInsensitive ) )
2278 {
2279 checkCapability( Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword );
2280 }
2281 else
2282 {
2283 // Unsupported table: it should not happen!
2284 throw QgsNotSupportedException( tr( "Failed to empty table '%1': unsupported table" ).arg( table ) );
2285 }
2286
2287 query.prepare( QStringLiteral( "DELETE FROM %1" ).arg( quotedQualifiedIdentifier( table ) ) );
2288
2289 if ( !authDbQuery( &query ) )
2290 {
2291 setError( tr( "Failed to empty table '%1'" ).arg( quotedQualifiedIdentifier( table ) ) );
2292 return false;
2293 }
2294 }
2295 return true;
2296}
2297
2298bool QgsAuthConfigurationStorageDb::tableExists( const QString &table ) const
2299{
2300 QString schema { mConfiguration.value( QStringLiteral( "schema" ) ).toString() };
2301 if ( ! schema.isEmpty() )
2302 {
2303 schema += '.';
2304 }
2305 return authDatabaseConnection().tables().contains( schema + table );
2306}
2307
2308const QMap<QString, QVariant> QgsAuthConfigurationStorageDb::uriToSettings( const QString &uri )
2309{
2310 QUrl url( uri );
2311 QMap<QString, QVariant> settings;
2312
2313 if ( url.isValid() )
2314 {
2315 settings.insert( QStringLiteral( "driver" ), url.scheme().toUpper() );
2316 settings.insert( QStringLiteral( "host" ), url.host() );
2317 settings.insert( QStringLiteral( "port" ), QString::number( url.port() ) );
2318 QString path { url.path() };
2319 // Remove leading slash from the path unless the driver is QSQLITE or QSPATIALITE
2320 if ( path.startsWith( QLatin1Char( '/' ) ) &&
2321 !( settings.value( QStringLiteral( "driver" ) ) == QLatin1String( "QSQLITE" ) ||
2322 settings.value( QStringLiteral( "driver" ) ) == QLatin1String( "QSPATIALITE" ) ) )
2323 {
2324 path = path.mid( 1 );
2325 }
2326 settings.insert( QStringLiteral( "database" ), path );
2327 settings.insert( QStringLiteral( "user" ), url.userName() );
2328 settings.insert( QStringLiteral( "password" ), url.password() );
2329 QUrlQuery query{ url };
2330
2331 // Extract the schema from the query string
2332 QString schemaName { query.queryItemValue( QStringLiteral( "schema" ) ) };
2333 if ( schemaName.isEmpty() )
2334 {
2335 schemaName = query.queryItemValue( QStringLiteral( "SCHEMA" ) );
2336 }
2337
2338 if ( ! schemaName.isEmpty() )
2339 {
2340 settings.insert( QStringLiteral( "schema" ), schemaName );
2341 query.removeAllQueryItems( QStringLiteral( "schema" ) );
2342 query.removeAllQueryItems( QStringLiteral( "SCHEMA" ) );
2343 }
2344
2345 settings.insert( QStringLiteral( "options" ), query.toString() );
2346 }
2347 return settings;
2348}
2349
2350bool QgsAuthConfigurationStorageDb::clearMethodConfigs()
2351{
2352 if ( clearTables( {{ methodConfigTableName( ) }} ) )
2353 {
2354 emit methodConfigChanged();
2355 return true;
2356 }
2357 else
2358 {
2359 return false;
2360 }
2361}
2362
2363bool QgsAuthConfigurationStorageDb::erase()
2364{
2365
2366 checkCapability( Qgis::AuthConfigurationStorageCapability::ClearStorage );
2367
2368 if ( clearTables( {{
2369 methodConfigTableName(),
2370 authSettingsTableName(),
2371 certIdentityTableName(),
2372 sslCertCustomConfigTableName(),
2373 certAuthorityTableName(),
2374 certTrustPolicyTableName(),
2375 masterPasswordTableName()
2376 }} ) )
2377 {
2378 emit storageChanged( id( ) );
2379 return true;
2380 }
2381 else
2382 {
2383 return false;
2384 }
2385}
2386
2387bool QgsAuthConfigurationStorageDb::isReady() const
2388{
2389 QMutexLocker locker( &mMutex );
2390 return mIsReady;
2391}
Qgis::AuthConfigurationStorageCapabilities
QFlags< AuthConfigurationStorageCapability > AuthConfigurationStorageCapabilities
Authentication configuration storage capabilities.
Definition qgis.h:145
Qgis::Warning
@ Warning
Warning message.
Definition qgis.h:156
Qgis::Critical
@ Critical
Critical/error message.
Definition qgis.h:157
Qgis::AuthConfigurationStorageCapability::CreateSetting
@ CreateSetting
Can create a new authentication setting.
Qgis::AuthConfigurationStorageCapability::UpdateSetting
@ UpdateSetting
Can update the authentication setting.
Qgis::AuthConfigurationStorageCapability::CreateConfiguration
@ CreateConfiguration
Can create a new authentication configuration.
Qgis::AuthConfigurationStorageCapability::ClearStorage
@ ClearStorage
Can clear all configurations from storage.
Qgis::AuthConfigurationStorageCapability::DeleteCertificateAuthority
@ DeleteCertificateAuthority
Can delete a certificate authority.
Qgis::AuthConfigurationStorageCapability::DeleteSslCertificateCustomConfig
@ DeleteSslCertificateCustomConfig
Can delete a SSL certificate custom config.
Qgis::AuthConfigurationStorageCapability::DeleteSetting
@ DeleteSetting
Can delete the authentication setting.
Qgis::AuthConfigurationStorageCapability::ReadSslCertificateCustomConfig
@ ReadSslCertificateCustomConfig
Can read a SSL certificate custom config.
Qgis::AuthConfigurationStorageCapability::DeleteMasterPassword
@ DeleteMasterPassword
Can delete the master password.
Qgis::AuthConfigurationStorageCapability::CreateSslCertificateCustomConfig
@ CreateSslCertificateCustomConfig
Can create a new SSL certificate custom config.
Qgis::AuthConfigurationStorageCapability::ReadCertificateTrustPolicy
@ ReadCertificateTrustPolicy
Can read a certificate trust policy.
Qgis::AuthConfigurationStorageCapability::ReadConfiguration
@ ReadConfiguration
Can read an authentication configuration.
Qgis::AuthConfigurationStorageCapability::UpdateConfiguration
@ UpdateConfiguration
Can update an authentication configuration.
Qgis::AuthConfigurationStorageCapability::UpdateCertificateTrustPolicy
@ UpdateCertificateTrustPolicy
Can update a certificate trust policy.
Qgis::AuthConfigurationStorageCapability::ReadCertificateAuthority
@ ReadCertificateAuthority
Can read a certificate authority.
Qgis::AuthConfigurationStorageCapability::CreateCertificateAuthority
@ CreateCertificateAuthority
Can create a new certificate authority.
Qgis::AuthConfigurationStorageCapability::DeleteConfiguration
@ DeleteConfiguration
Can deleet an authentication configuration.
Qgis::AuthConfigurationStorageCapability::ReadSetting
@ ReadSetting
Can read the authentication settings.
Qgis::AuthConfigurationStorageCapability::UpdateMasterPassword
@ UpdateMasterPassword
Can update the master password.
Qgis::AuthConfigurationStorageCapability::UpdateCertificateAuthority
@ UpdateCertificateAuthority
Can update a certificate authority.
Qgis::AuthConfigurationStorageCapability::CreateCertificateIdentity
@ CreateCertificateIdentity
Can create a new certificate identity.
Qgis::AuthConfigurationStorageCapability::ReadCertificateIdentity
@ ReadCertificateIdentity
Can read a certificate identity.
Qgis::AuthConfigurationStorageCapability::CreateCertificateTrustPolicy
@ CreateCertificateTrustPolicy
Can create a new certificate trust policy.
Qgis::AuthConfigurationStorageCapability::ReadMasterPassword
@ ReadMasterPassword
Can read the master password.
Qgis::AuthConfigurationStorageCapability::CreateMasterPassword
@ CreateMasterPassword
Can create a new master password.
Qgis::AuthConfigurationStorageCapability::UpdateCertificateIdentity
@ UpdateCertificateIdentity
Can update a certificate identity.
Qgis::AuthConfigurationStorageCapability::DeleteCertificateTrustPolicy
@ DeleteCertificateTrustPolicy
Can delete a certificate trust policy.
Qgis::AuthConfigurationStorageCapability::DeleteCertificateIdentity
@ DeleteCertificateIdentity
Can delete a certificate identity.
Qgis::AuthConfigurationStorageCapability::UpdateSslCertificateCustomConfig
@ UpdateSslCertificateCustomConfig
Can update a SSL certificate custom config.
QgsAuthCertUtils::shaHexForCert
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
Definition qgsauthcertutils.cpp:735
QgsAuthCertUtils::CertTrustPolicy
CertTrustPolicy
Type of certificate trust policy.
Definition qgsauthcertutils.h:54
QgsAuthConfigSslServer
Configuration container for SSL server connection exceptions or overrides.
Definition qgsauthconfig.h:390
QgsAuthConfigSslServer::setSslCertificate
void setSslCertificate(const QSslCertificate &cert)
Sets server certificate object.
Definition qgsauthconfig.h:398
QgsAuthConfigSslServer::setSslHostPort
void setSslHostPort(const QString &hostport)
Sets server host:port string.
Definition qgsauthconfig.h:403
QgsAuthConfigSslServer::sslCertificate
const QSslCertificate sslCertificate() const
Server certificate object.
Definition qgsauthconfig.h:396
QgsAuthConfigSslServer::sslHostPort
const QString sslHostPort() const
Server host:port string.
Definition qgsauthconfig.h:401
QgsAuthConfigSslServer::configString
const QString configString() const
Configuration as a concatenated string.
Definition qgsauthconfig.cpp:385
QgsAuthConfigSslServer::loadConfigString
void loadConfigString(const QString &config=QString())
Load concatenated string into configuration, e.g. from auth database.
Definition qgsauthconfig.cpp:406
QgsAuthConfigurationStorageDb
QSqlDatabase based implementation of QgsAuthConfigurationStorage.
Definition qgsauthconfigurationstoragedb.h:33
QgsAuthConfigurationStorageDb::QgsAuthConfigurationStorageDb
QgsAuthConfigurationStorageDb(const QMap< QString, QVariant > &settings)
Creates a new QgsAuthConfigurationStorageDb instance from the specified settings.
Definition qgsauthconfigurationstoragedb.cpp:31
QgsAuthConfigurationStorageDb::removeCertTrustPolicy
bool removeCertTrustPolicy(const QSslCertificate &cert) override
Remove certificate trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1297
QgsAuthConfigurationStorageDb::authDbTransactionQuery
bool authDbTransactionQuery(QSqlQuery *query)
Executes the specified query on the database using a transaction.
Definition qgsauthconfigurationstoragedb.cpp:215
QgsAuthConfigurationStorageDb::tableExists
virtual bool tableExists(const QString &table) const
Returns true if the specified table exists in the database, false otherwise.
Definition qgsauthconfigurationstoragedb.cpp:2298
QgsAuthConfigurationStorageDb::storeCertTrustPolicy
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy) override
Store certificate trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1178
QgsAuthConfigurationStorageDb::certAuthorityIds
QStringList certAuthorityIds() const override
Returns the list of certificate authority IDs in the storage.
Definition qgsauthconfigurationstoragedb.cpp:894
QgsAuthConfigurationStorageDb::loadSslCertCustomConfigByHost
const QgsAuthConfigSslServer loadSslCertCustomConfigByHost(const QString &hostport) const override
Loads an SSL certificate custom config by hostport (host:port)
Definition qgsauthconfigurationstoragedb.cpp:726
QgsAuthConfigurationStorageDb::loadAuthSetting
QString loadAuthSetting(const QString &key) const override
Load an authentication setting from the storage.
Definition qgsauthconfigurationstoragedb.cpp:2127
QgsAuthConfigurationStorageDb::removeAuthSetting
bool removeAuthSetting(const QString &key) override
Remove an authentication setting from the storage.
Definition qgsauthconfigurationstoragedb.cpp:2163
QgsAuthConfigurationStorageDb::caCertsPolicy
const QMap< QString, QgsAuthCertUtils::CertTrustPolicy > caCertsPolicy() const override
Returns the map of CA certificates hashes in the storages and their trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1103
QgsAuthConfigurationStorageDb::loadCertTrustPolicy
QgsAuthCertUtils::CertTrustPolicy loadCertTrustPolicy(const QSslCertificate &cert) const override
Load certificate trust policy.
Definition qgsauthconfigurationstoragedb.cpp:1252
QgsAuthConfigurationStorageDb::sslCertCustomConfigExists
bool sslCertCustomConfigExists(const QString &id, const QString &hostport) override
Check if SSL certificate custom config exists.
Definition qgsauthconfigurationstoragedb.cpp:805
QgsAuthConfigurationStorageDb::checkCapabilities
virtual void checkCapabilities()
Checks the capabilities of the storage.
Definition qgsauthconfigurationstoragedb.cpp:1797
QgsAuthConfigurationStorageDb::authDbQuery
bool authDbQuery(QSqlQuery *query, const QString &sql=QString()) const
Runs the specified query on the database.
Definition qgsauthconfigurationstoragedb.cpp:165
QgsAuthConfigurationStorageDb::storeAuthSetting
bool storeAuthSetting(const QString &key, const QString &value) override
Store an authentication setting in the storage.
Definition qgsauthconfigurationstoragedb.cpp:2088
QgsAuthConfigurationStorageDb::removeCertIdentity
bool removeCertIdentity(const QSslCertificate &cert) override
Remove a certificate identity from the storage.
Definition qgsauthconfigurationstoragedb.cpp:328
QgsAuthConfigurationStorageDb::loadCertIdentityBundle
const QPair< QSslCertificate, QString > loadCertIdentityBundle(const QString &id) const override
Returns a certificate identity bundle by id (sha hash).
Definition qgsauthconfigurationstoragedb.cpp:404
QgsAuthConfigurationStorageDb::masterPasswords
const QList< QgsAuthConfigurationStorage::MasterPasswordConfig > masterPasswords() const override
Returns the list of (encrypted) master passwords stored in the database.
Definition qgsauthconfigurationstoragedb.cpp:1379
QgsAuthConfigurationStorageDb::clearMethodConfigs
bool clearMethodConfigs() override
Remove all authentications configurations from the storage.
Definition qgsauthconfigurationstoragedb.cpp:2350
QgsAuthConfigurationStorageDb::createCertTables
bool createCertTables()
Creates the certificate tables in the database.
Definition qgsauthconfigurationstoragedb.cpp:1597
QgsAuthConfigurationStorageDb::storeSslCertCustomConfig
bool storeSslCertCustomConfig(const QgsAuthConfigSslServer &config) override
Store an SSL certificate custom config.
Definition qgsauthconfigurationstoragedb.cpp:599
QgsAuthConfigurationStorageDb::certIdentityTableName
virtual QString certIdentityTableName() const
Returns the name of the table used to store the certificate identities.
Definition qgsauthconfigurationstoragedb.cpp:1465
QgsAuthConfigurationStorageDb::authDbOpen
bool authDbOpen() const
Opens the connection to the database.
Definition qgsauthconfigurationstoragedb.cpp:143
QgsAuthConfigurationStorageDb::quotedQualifiedIdentifier
virtual QString quotedQualifiedIdentifier(const QString &identifier, bool isIndex=false) const
Returns the quoted identifier, prefixed with the schema (if not null), ready for the insertion into a...
Definition qgsauthconfigurationstoragedb.cpp:1490
QgsAuthConfigurationStorageDb::methodConfigExists
bool methodConfigExists(const QString &id) const override
Check if an authentication configuration exists in the storage.
Definition qgsauthconfigurationstoragedb.cpp:2057
QgsAuthConfigurationStorageDb::methodConfigTableName
virtual QString methodConfigTableName() const
Returns the name of the table used to store the method configurations.
Definition qgsauthconfigurationstoragedb.cpp:1455
QgsAuthConfigurationStorageDb::authDatabaseConnection
QSqlDatabase authDatabaseConnection() const
Returns the database connection used by this storage.
Definition qgsauthconfigurationstoragedb.cpp:65
QgsAuthConfigurationStorageDb::settingsParameters
QList< QgsAuthConfigurationStorage::SettingParameter > settingsParameters() const override
Returns a list of the settings accepted by the storage.
Definition qgsauthconfigurationstoragedb.cpp:267
QgsAuthConfigurationStorageDb::certIdentityIds
QStringList certIdentityIds() const override
certIdentityIds get list of certificate identity ids from database
Definition qgsauthconfigurationstoragedb.cpp:495
QgsAuthConfigurationStorageDb::storeMasterPassword
bool storeMasterPassword(const QgsAuthConfigurationStorage::MasterPasswordConfig &config) override
Store a master password in the database.
Definition qgsauthconfigurationstoragedb.cpp:1412
QgsAuthConfigurationStorageDb::isReady
bool isReady() const override
Returns true is the storage is ready to be used.
Definition qgsauthconfigurationstoragedb.cpp:2387
QgsAuthConfigurationStorageDb::initialize
bool initialize() override
Initializes the storage.
Definition qgsauthconfigurationstoragedb.cpp:236
QgsAuthConfigurationStorageDb::storeMethodConfig
bool storeMethodConfig(const QgsAuthMethodConfig &mconfig, const QString &payload) override
Store an authentication config in the database.
Definition qgsauthconfigurationstoragedb.cpp:1967
QgsAuthConfigurationStorageDb::removeCertAuthority
bool removeCertAuthority(const QSslCertificate &cert) override
Remove a certificate authority.
Definition qgsauthconfigurationstoragedb.cpp:1060
QgsAuthConfigurationStorageDb::loadCertIdentity
const QSslCertificate loadCertIdentity(const QString &id) const override
certIdentity get a certificate identity by id (sha hash)
Definition qgsauthconfigurationstoragedb.cpp:356
QgsAuthConfigurationStorageDb::sslCertCustomConfigs
const QList< QgsAuthConfigSslServer > sslCertCustomConfigs() const override
sslCertCustomConfigs get SSL certificate custom configs
Definition qgsauthconfigurationstoragedb.cpp:770
QgsAuthConfigurationStorageDb::authMethodConfigs
QgsAuthMethodConfigsMap authMethodConfigs(const QStringList &allowedMethods=QStringList()) const override
Returns a mapping of authentication configurations available from this storage.
Definition qgsauthconfigurationstoragedb.cpp:1703
QgsAuthConfigurationStorageDb::caCerts
const QList< QSslCertificate > caCerts() const override
Returns the list of CA certificates in the storage.
Definition qgsauthconfigurationstoragedb.cpp:1138
QgsAuthConfigurationStorageDb::certTrustPolicyExists
bool certTrustPolicyExists(const QSslCertificate &cert) const override
Check if certificate trust policy exists.
Definition qgsauthconfigurationstoragedb.cpp:1339
QgsAuthConfigurationStorageDb::createConfigTables
bool createConfigTables()
Creates the configuration tables in the database.
Definition qgsauthconfigurationstoragedb.cpp:1543
QgsAuthConfigurationStorageDb::authSettingsTableName
virtual QString authSettingsTableName() const
Returns the name of the table used to store the auth settings.
Definition qgsauthconfigurationstoragedb.cpp:1460
QgsAuthConfigurationStorageDb::loadCertAuthority
const QSslCertificate loadCertAuthority(const QString &id) const override
certAuthority get a certificate authority by id (sha hash)
Definition qgsauthconfigurationstoragedb.cpp:971
QgsAuthConfigurationStorageDb::certTrustPolicyTableName
virtual QString certTrustPolicyTableName() const
Returns the name of the table used to store the certificate trust policies.
Definition qgsauthconfigurationstoragedb.cpp:1480
QgsAuthConfigurationStorageDb::removeMethodConfig
bool removeMethodConfig(const QString &id) override
Removes the authentication configuration with the specified id.
Definition qgsauthconfigurationstoragedb.cpp:2023
QgsAuthConfigurationStorageDb::authMethodConfigsWithPayload
QgsAuthMethodConfigsMap authMethodConfigsWithPayload() const override
Returns a mapping of authentication configurations available from this storage.
Definition qgsauthconfigurationstoragedb.cpp:1753
QgsAuthConfigurationStorageDb::sslCertCustomConfigTableName
virtual QString sslCertCustomConfigTableName() const
Returns the name of the table used to store the SSL custom configurations.
Definition qgsauthconfigurationstoragedb.cpp:1470
QgsAuthConfigurationStorageDb::id
QString id() const override
Returns the unique identifier of the storage object.
Definition qgsauthconfigurationstoragedb.cpp:1525
QgsAuthConfigurationStorageDb::certIdentityExists
bool certIdentityExists(const QString &id) const override
Check if the certificate identity exists.
Definition qgsauthconfigurationstoragedb.cpp:525
QgsAuthConfigurationStorageDb::type
QString type() const override
Returns the type of the storage implementation.
Definition qgsauthconfigurationstoragedb.cpp:1515
QgsAuthConfigurationStorageDb::certAuthorityExists
bool certAuthorityExists(const QSslCertificate &cert) const override
Check if a certificate authority exists.
Definition qgsauthconfigurationstoragedb.cpp:1014
QgsAuthConfigurationStorageDb::loadMethodConfig
QgsAuthMethodConfig loadMethodConfig(const QString &id, QString &payload, bool full=false) const override
Load an authentication configuration from the database.
Definition qgsauthconfigurationstoragedb.cpp:1912
QgsAuthConfigurationStorageDb::storeCertIdentity
bool storeCertIdentity(const QSslCertificate &cert, const QString &keyPem) override
Store a certificate identity in the storage.
Definition qgsauthconfigurationstoragedb.cpp:284
QgsAuthConfigurationStorageDb::erase
bool erase() override
Completely erase the storage removing all configurations/certs/settings etc.
Definition qgsauthconfigurationstoragedb.cpp:2363
QgsAuthConfigurationStorageDb::certAuthorityTableName
virtual QString certAuthorityTableName() const
Returns the name of the table used to store the certificate authorities.
Definition qgsauthconfigurationstoragedb.cpp:1475
QgsAuthConfigurationStorageDb::removeSslCertCustomConfig
bool removeSslCertCustomConfig(const QString &id, const QString &hostport) override
Remove an SSL certificate custom config.
Definition qgsauthconfigurationstoragedb.cpp:851
QgsAuthConfigurationStorageDb::certIdentities
const QList< QSslCertificate > certIdentities() const override
certIdentities get certificate identities
Definition qgsauthconfigurationstoragedb.cpp:460
QgsAuthConfigurationStorageDb::clearMasterPasswords
bool clearMasterPasswords() override
Remove all master passwords from the database.
Definition qgsauthconfigurationstoragedb.cpp:1439
QgsAuthConfigurationStorageDb::description
QString description() const override
Returns a human readable localized description of the storage implementation (e.g.
Definition qgsauthconfigurationstoragedb.cpp:1520
QgsAuthConfigurationStorageDb::name
QString name() const override
Returns a human readable localized short name of the storage implementation (e.g "SQLite").
Definition qgsauthconfigurationstoragedb.cpp:1510
QgsAuthConfigurationStorageDb::masterPasswordTableName
virtual QString masterPasswordTableName() const
Returns the name of the table used to store the master passwords.
Definition qgsauthconfigurationstoragedb.cpp:1485
QgsAuthConfigurationStorageDb::authSettingExists
bool authSettingExists(const QString &key) const override
Check if an authentication setting exists in the storage.
Definition qgsauthconfigurationstoragedb.cpp:2197
QgsAuthConfigurationStorageDb::storeCertAuthority
bool storeCertAuthority(const QSslCertificate &cert) override
Store a certificate authority.
Definition qgsauthconfigurationstoragedb.cpp:924
QgsAuthConfigurationStorageDb::loadSslCertCustomConfig
const QgsAuthConfigSslServer loadSslCertCustomConfig(const QString &id, const QString &hostport) const override
Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)
Definition qgsauthconfigurationstoragedb.cpp:680
QgsAuthConfigurationStorageDb::sslCertCustomConfigIds
QStringList sslCertCustomConfigIds() const override
Returns the list of SSL certificate custom config ids.
Definition qgsauthconfigurationstoragedb.cpp:649
QgsAuthConfigurationStorage
Abstract class that defines the interface for all authentication configuration storage implementation...
Definition qgsauthconfigurationstorage.h:37
QgsAuthConfigurationStorage::mConfiguration
QMap< QString, QVariant > mConfiguration
Store the implementation-specific configuration.
Definition qgsauthconfigurationstorage.h:584
QgsAuthConfigurationStorage::readOnlyChanged
void readOnlyChanged(bool readOnly)
Emitted when the storage read-only status was changed.
QgsAuthConfigurationStorage::certIdentityChanged
void certIdentityChanged()
Emitted when the storage cert identity table was changed.
QgsAuthConfigurationStorage::methodConfigChanged
void methodConfigChanged()
Emitted when the storage method config table was changed.
QgsAuthConfigurationStorage::setError
void setError(const QString &error, Qgis::MessageLevel level=Qgis::MessageLevel::Critical)
Set the last error message to error with message level level.
Definition qgsauthconfigurationstorage.cpp:86
QgsAuthConfigurationStorage::capabilities
Qgis::AuthConfigurationStorageCapabilities capabilities() const
Returns the capabilities of the storage.
Definition qgsauthconfigurationstorage.cpp:76
QgsAuthConfigurationStorage::loggerTag
virtual QString loggerTag() const
Returns the logger tag for the storage.
Definition qgsauthconfigurationstorage.cpp:113
QgsAuthConfigurationStorage::isEnabled
bool isEnabled() const
Returns true if the storage is enabled.
Definition qgsauthconfigurationstorage.cpp:92
QgsAuthConfigurationStorage::sslCertTrustPolicyChanged
void sslCertTrustPolicyChanged()
Emitted when the storage ssl cert trust policy table was changed.
QgsAuthConfigurationStorage::masterPasswordChanged
void masterPasswordChanged()
Emitted when the storage master password table was changed.
QgsAuthConfigurationStorage::certAuthorityChanged
void certAuthorityChanged()
Emitted when the storage cert authority table was changed.
QgsAuthConfigurationStorage::messageLog
void messageLog(const QString &message, const QString &tag=QStringLiteral("Authentication"), Qgis::MessageLevel level=Qgis::MessageLevel::Info)
Custom logging signal to relay to console output and QgsMessageLog.
QgsAuthConfigurationStorage::sslCertCustomConfigChanged
void sslCertCustomConfigChanged()
Emitted when the storage ssl cert custom config table was changed.
QgsAuthConfigurationStorage::authSettingsChanged
void authSettingsChanged()
Emitted when the storage auth settings table was changed.
QgsAuthConfigurationStorage::storageChanged
void storageChanged(const QString &id)
Emitted when the storage was updated.
QgsAuthConfigurationStorage::lastError
virtual QString lastError() const
Returns the last error message.
Definition qgsauthconfigurationstorage.cpp:71
QgsAuthConfigurationStorage::checkCapability
void checkCapability(Qgis::AuthConfigurationStorageCapability capability) const
Utility to check capability and throw QgsNotSupportedException if not supported.
Definition qgsauthconfigurationstorage.cpp:118
QgsAuthConfigurationStorage::isReadOnly
virtual bool isReadOnly() const
Returns true if the storage is read-only, false otherwise.
Definition qgsauthconfigurationstorage.cpp:65
QgsAuthConfigurationStorage::settings
QMap< QString, QVariant > settings() const
Returns the settings of the storage.
Definition qgsauthconfigurationstorage.cpp:107
QgsAuthConfigurationStorage::mCapabilities
Qgis::AuthConfigurationStorageCapabilities mCapabilities
Store the capabilities of the storage.
Definition qgsauthconfigurationstorage.h:589
QgsAuthMethodConfig
Configuration storage class for authentication method configurations.
Definition qgsauthconfig.h:42
QgsAuthMethodConfig::isValid
bool isValid(bool validateid=false) const
Whether the configuration is valid.
Definition qgsauthconfig.cpp:66
QgsAuthMethodConfig::method
QString method() const
Textual key of the associated authentication method.
Definition qgsauthconfig.h:75
QgsAuthMethodConfig::uri
const QString uri() const
A URI to auto-select a config when connecting to a resource.
Definition qgsauthconfig.h:71
QgsAuthMethodConfig::setName
void setName(const QString &name)
Sets name of configuration.
Definition qgsauthconfig.h:68
QgsAuthMethodConfig::setVersion
void setVersion(int version)
Sets version of the configuration.
Definition qgsauthconfig.h:81
QgsAuthMethodConfig::name
const QString name() const
Gets name of configuration.
Definition qgsauthconfig.h:66
QgsAuthMethodConfig::id
const QString id() const
Gets 'authcfg' 7-character alphanumeric ID of the config.
Definition qgsauthconfig.h:61
QgsAuthMethodConfig::setConfig
void setConfig(const QString &key, const QString &value)
Set a single config value per key in the map.
Definition qgsauthconfig.cpp:114
QgsAuthMethodConfig::version
int version() const
Gets version of the configuration.
Definition qgsauthconfig.h:79
QgsAuthMethodConfig::setMethod
void setMethod(const QString &method)
Definition qgsauthconfig.h:76
QgsAuthMethodConfig::setUri
void setUri(const QString &uri)
Definition qgsauthconfig.h:72
QgsAuthMethodConfig::setId
void setId(const QString &id)
Sets auth config ID.
Definition qgsauthconfig.h:63
QgsNotSupportedException
Custom exception class which is raised when an operation is not supported.
Definition qgsexception.h:118
QgsAuthMethodConfigsMap
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
Definition qgsauthconfig.h:197
QgsDebugMsgLevel
#define QgsDebugMsgLevel(str, level)
Definition qgslogger.h:41
QgsDebugError
#define QgsDebugError(str)
Definition qgslogger.h:40
QgsAuthConfigurationStorage::MasterPasswordConfig
Structure that holds the (encrypted) master password elements.
Definition qgsauthconfigurationstorage.h:46
Generated on Fri Jul 18 2025 14:01:06 for QGIS API Documentation by doxygen 1.9.8