QgsPkiBundle *QgsAuthProviderPkiPkcs12::getPkiBundle( const QString &authcfg )
{
QgsPkiBundle * bundle = 0;
// check if it is cached
if ( mPkiBundleCache.contains( authcfg ) )
{
bundle = mPkiBundleCache.value( authcfg );
if ( bundle )
{
QgsDebugMsg( QString( "Retrieved PKI bundle for authcfg %1" ).arg( authcfg ) );
return bundle;
}
}
// else build PKI bundle
QgsAuthConfigPkiPkcs12 config;
if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, config, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
}
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( QgsAuthProviderPkiPkcs12::certAsPem( config.bundlePath(), config.bundlePassphrase() ).toAscii() );
if ( !clientcert.isValid() )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
return bundle;
}
// init key
QByteArray keydata( QgsAuthProviderPkiPkcs12::keyAsPem( config.bundlePath(), config.bundlePassphrase() ).toAscii() );
if ( keydata.isNull() )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, no key data read" ).arg( authcfg ) );
return bundle;
}
QSslKey clientkey( keydata,
QSsl::Rsa,
QSsl::Pem,
QSsl::PrivateKey,
!config.bundlePassphrase().isNull() ? config.bundlePassphrase().toUtf8() : QByteArray() );
bundle = new QgsPkiBundle( config, clientcert, clientkey );
// cache bundle
putPkiBundle( authcfg, bundle );
return bundle;
}
QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &authcfg )
{
QMutexLocker locker( &mMutex );
QgsPkiConfigBundle *bundle = nullptr;
// check if it is cached
if ( sPkiConfigBundleCache.contains( authcfg ) )
{
bundle = sPkiConfigBundleCache.value( authcfg );
if ( bundle )
{
QgsDebugMsg( QStringLiteral( "Retrieved PKI bundle for authcfg %1" ).arg( authcfg ) );
return bundle;
}
}
// else build PKI bundle
QgsAuthMethodConfig mconfig;
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
}
// get identity from database
QPair<QSslCertificate, QSslKey> cibundle( QgsApplication::authManager()->certIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) );
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( cibundle.first );
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}
// init key
QSslKey clientkey( cibundle.second );
if ( clientkey.isNull() )
{
QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: insert FAILED, PEM cert key could not be created" ).arg( authcfg ) );
return bundle;
}
bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey );
// cache bundle
putPkiConfigBundle( authcfg, bundle );
return bundle;
}
QgsPkiBundle *QgsAuthProviderIdentityCert::getPkiBundle( const QString& authcfg )
{
QgsPkiBundle * bundle = 0;
// check if it is cached
if ( mPkiBundleCache.contains( authcfg ) )
{
bundle = mPkiBundleCache.value( authcfg );
if ( bundle )
{
QgsDebugMsg( QString( "Retrieved PKI bundle for authcfg %1" ).arg( authcfg ) );
return bundle;
}
}
// else build PKI bundle
QgsAuthConfigIdentityCert config;
if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, config, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
}
// get identity from database
QPair<QSslCertificate, QSslKey> cibundle( QgsAuthManager::instance()->getCertIdentityBundle( config.certId() ) );
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( cibundle.first );
if ( !clientcert.isValid() )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
return bundle;
}
// init key
QSslKey clientkey( cibundle.second );
if ( clientkey.isNull() )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, PEM cert key could not be created" ).arg( authcfg ) );
return bundle;
}
bundle = new QgsPkiBundle( config, clientcert, clientkey );
// cache bundle
putPkiBundle( authcfg, bundle );
return bundle;
}