// static const QByteArray QgsAuthProviderIdentityCert::certAsPem( const QString &certid ) { // get identity from database QPair<QSslCertificate, QSslKey> cibundle( QgsAuthManager::instance()->getCertIdentityBundle( certid ) ); return ( !cibundle.first.isNull() ? cibundle.first.toPem() : QByteArray() ); }
QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &authcfg ) { QMutexLocker locker( &mMutex ); QgsPkiConfigBundle *bundle = nullptr; // check if it is cached if ( sPkiConfigBundleCache.contains( authcfg ) ) { bundle = sPkiConfigBundleCache.value( authcfg ); if ( bundle ) { QgsDebugMsg( QStringLiteral( "Retrieved PKI bundle for authcfg %1" ).arg( authcfg ) ); return bundle; } } // else build PKI bundle QgsAuthMethodConfig mconfig; if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) ) { QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) ); return bundle; } // get identity from database QPair<QSslCertificate, QSslKey> cibundle( QgsApplication::authManager()->certIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) ); // init client cert // Note: if this is not valid, no sense continuing QSslCertificate clientcert( cibundle.first ); if ( !QgsAuthCertUtils::certIsViable( clientcert ) ) { QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) ); return bundle; } // init key QSslKey clientkey( cibundle.second ); if ( clientkey.isNull() ) { QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: insert FAILED, PEM cert key could not be created" ).arg( authcfg ) ); return bundle; } bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey ); // cache bundle putPkiConfigBundle( authcfg, bundle ); return bundle; }
QgsPkiBundle *QgsAuthProviderIdentityCert::getPkiBundle( const QString& authcfg ) { QgsPkiBundle * bundle = 0; // check if it is cached if ( mPkiBundleCache.contains( authcfg ) ) { bundle = mPkiBundleCache.value( authcfg ); if ( bundle ) { QgsDebugMsg( QString( "Retrieved PKI bundle for authcfg %1" ).arg( authcfg ) ); return bundle; } } // else build PKI bundle QgsAuthConfigIdentityCert config; if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, config, true ) ) { QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) ); return bundle; } // get identity from database QPair<QSslCertificate, QSslKey> cibundle( QgsAuthManager::instance()->getCertIdentityBundle( config.certId() ) ); // init client cert // Note: if this is not valid, no sense continuing QSslCertificate clientcert( cibundle.first ); if ( !clientcert.isValid() ) { QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) ); return bundle; } // init key QSslKey clientkey( cibundle.second ); if ( clientkey.isNull() ) { QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, PEM cert key could not be created" ).arg( authcfg ) ); return bundle; } bundle = new QgsPkiBundle( config, clientcert, clientkey ); // cache bundle putPkiBundle( authcfg, bundle ); return bundle; }
// static const QByteArray QgsAuthProviderIdentityCert::keyAsPem( const QString &certid, const QString &keypass, bool reencrypt ) { // get identity from database QPair<QSslCertificate, QSslKey> cibundle( QgsAuthManager::instance()->getCertIdentityBundle( certid ) ); if ( cibundle.second.isNull() ) { return QByteArray(); } // reapply passphrase if protection is requested and passphrase exists return ( cibundle.second.toPem( reencrypt && !keypass.isEmpty() ? keypass.toUtf8() : QByteArray() ) ); }