void QgsAuthIdentCertMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
{
QMutexLocker locker( &mMutex );
if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )
{
QgsDebugMsg( QStringLiteral( "Updating old style auth method config" ) );
QStringList conflist = mconfig.config( QStringLiteral( "oldconfigstyle" ) ).split( QStringLiteral( "|||" ) );
mconfig.setConfig( QStringLiteral( "certid" ), conflist.at( 0 ) );
mconfig.removeConfig( QStringLiteral( "oldconfigstyle" ) );
}
// TODO: add updates as method version() increases due to config storage changes
}
void QgsAuthBasicMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
{
if ( mconfig.hasConfig( "oldconfigstyle" ) )
{
QgsDebugMsg( "Updating old style auth method config" );
QStringList conflist = mconfig.config( "oldconfigstyle" ).split( "|||" );
mconfig.setConfig( "realm", conflist.at( 0 ) );
mconfig.setConfig( "username", conflist.at( 1 ) );
mconfig.setConfig( "password", conflist.at( 2 ) );
mconfig.removeConfig( "oldconfigstyle" );
}
// TODO: add updates as method version() increases due to config storage changes
}
bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems, const QString &authcfg,
const QString &dataprovider )
{
Q_UNUSED( dataprovider )
QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );
if ( !mconfig.isValid() )
{
QgsDebugMsg( QString( "Update URI items FAILED for authcfg: %1: basic config invalid" ).arg( authcfg ) );
return false;
}
QString username = mconfig.config( "username" );
QString password = mconfig.config( "password" );
if ( username.isEmpty() )
{
QgsDebugMsg( QString( "Update URI items FAILED for authcfg: %1: username empty" ).arg( authcfg ) );
return false;
}
QString userparam = "user='******'\'';
int userindx = connectionItems.indexOf( QRegExp( "^user='******'******'\'';
int passindx = connectionItems.indexOf( QRegExp( "^password='.*" ) );
if ( passindx != -1 )
{
connectionItems.replace( passindx, passparam );
}
else
{
connectionItems.append( passparam );
}
return true;
}
bool QgsAuthEsriTokenMethod::updateNetworkRequest( QNetworkRequest &request, const QString &authcfg,
const QString &dataprovider )
{
Q_UNUSED( dataprovider );
QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );
if ( !mconfig.isValid() )
{
QgsDebugMsg( QStringLiteral( "Update request config FAILED for authcfg: %1: config invalid" ).arg( authcfg ) );
return false;
}
const QString token = mconfig.config( QStringLiteral( "token" ) );
if ( !token.isEmpty() )
{
request.setRawHeader( "X-Esri-Authorization", QStringLiteral( "Bearer %1 " ).arg( token ).toLocal8Bit() );
}
return true;
}
bool QgsAuthBasicMethod::updateNetworkRequest( QNetworkRequest &request, const QString &authcfg,
const QString &dataprovider )
{
Q_UNUSED( dataprovider )
QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );
if ( !mconfig.isValid() )
{
QgsDebugMsg( QString( "Update request config FAILED for authcfg: %1: config invalid" ).arg( authcfg ) );
return false;
}
QString username = mconfig.config( "username" );
QString password = mconfig.config( "password" );
if ( !username.isEmpty() )
{
request.setRawHeader( "Authorization", "Basic " + QString( "%1:%2" ).arg( username, password ).toLatin1().toBase64() );
}
return true;
}
QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &authcfg )
{
QMutexLocker locker( &mMutex );
QgsPkiConfigBundle *bundle = nullptr;
// check if it is cached
if ( sPkiConfigBundleCache.contains( authcfg ) )
{
bundle = sPkiConfigBundleCache.value( authcfg );
if ( bundle )
{
QgsDebugMsg( QStringLiteral( "Retrieved PKI bundle for authcfg %1" ).arg( authcfg ) );
return bundle;
}
}
// else build PKI bundle
QgsAuthMethodConfig mconfig;
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
}
// get identity from database
QPair<QSslCertificate, QSslKey> cibundle( QgsApplication::authManager()->certIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) );
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( cibundle.first );
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}
// init key
QSslKey clientkey( cibundle.second );
if ( clientkey.isNull() )
{
QgsDebugMsg( QStringLiteral( "PKI bundle for authcfg %1: insert FAILED, PEM cert key could not be created" ).arg( authcfg ) );
return bundle;
}
bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey );
// cache bundle
putPkiConfigBundle( authcfg, bundle );
return bundle;
}
