QgsAuthManager class

Public types

enum MessageLevel { INFO = 0, WARNING = 1, CRITICAL = 2 }

Message log level (mirrors that of QgsMessageLog, so it can also output there)

Public static variables

static const QString AUTH_MAN_TAG

The display name of the Authentication Manager.

static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME

The display name of the password helper (platform dependent)

Public functions

auto authDatabaseConfigTable() const -> const QString

Name of the authentication database table that stores configs.

auto authDatabaseConnection() const -> QSqlDatabase

Sets up the application instance of the authentication database connection.

auto authDatabaseServersTable() const -> const QString

Name of the authentication database table that stores server exceptions/configs.

auto authenticationDatabasePath() const -> const QString

The standard authentication database file in ~/.qgis3/ or defined location.

auto authManTag() const -> QString

Simple text tag describing authentication system for message logs.

auto authMethod(const QString& authMethodKey) -> QgsAuthMethod*

Gets authentication method from the config/provider cache via its key.

auto authMethodEditWidget(const QString& authMethodKey, QWidget* parent) -> QWidget*

Gets authentication method edit widget via its key.

auto authMethodsKeys(const QString& dataprovider = QString()) -> QStringList

Gets keys of supported authentication methods.

auto authMethodsMap(const QString& dataprovider = QString()) -> QgsAuthMethodsMap

Gets available authentication methods mapped to their key.

auto authSetting(const QString& key, const QVariant& defaultValue = QVariant(), bool decrypt = false) -> QVariant

authSetting get an authentication setting (retrieved as string and returned as QVariant( QString ))

auto availableAuthMethodConfigs(const QString& dataprovider = QString()) -> QgsAuthMethodConfigsMap

Gets mapping of authentication config ids and their base configs (not decrypted data)

auto backupAuthenticationDatabase(QString* backuppath = nullptr) -> bool

Close connection to current authentication database and back it up.

auto caCertsCache() -> const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate>>

caCertsCache get all CA certs mapped to their sha1 from cache.

auto certAuthority(const QString& id) -> const QSslCertificate

Gets a certificate authority by id (sha hash)

auto certIdentities() -> const QList<QSslCertificate>

certIdentities get certificate identities

auto certIdentity(const QString& id) -> const QSslCertificate

certIdentity get a certificate identity by id (sha hash)

auto certIdentityBundle(const QString& id) -> const QPair<QSslCertificate, QSslKey>

Gets a certificate identity bundle by id (sha hash).

auto certIdentityBundleToPem(const QString& id) -> const QStringList

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

auto certIdentityIds() const -> QStringList

certIdentityIds get list of certificate identity ids from database

auto certificateTrustPolicy(const QSslCertificate& cert) -> QgsAuthCertUtils::CertTrustPolicy

certificateTrustPolicy get trust policy for a particular certificate cert

auto certTrustCache() -> const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList>

certTrustCache get cache of certificate sha1s, per trust policy

auto certTrustPolicy(const QSslCertificate& cert) -> QgsAuthCertUtils::CertTrustPolicy

certTrustPolicy get whether certificate cert is trusted by user

void clearMasterPassword()

Clear supplied master password.

auto configAuthMethod(const QString& authcfg) -> QgsAuthMethod*

Gets authentication method from the config/provider cache.

auto configAuthMethodKey(const QString& authcfg) const -> QString

Gets key of authentication method associated with config ID.

auto configIdRegex() const -> QString

Returns the regular expression for authcfg=.{7} key/value token for authentication ids.

auto configIds() const -> QStringList

Gets list of authentication ids from database.

auto configIdUnique(const QString& id) const -> bool

Verify if provided authentication id is unique.

auto databaseCAs() -> const QList<QSslCertificate>

databaseCAs get database-stored certificate authorities

auto defaultCertTrustPolicy() -> QgsAuthCertUtils::CertTrustPolicy

Gets the default certificate trust policy preferred by user.

auto disabledMessage() const -> const QString

Standard message for when QCA's qca-ossl plugin is missing and system is disabled.

void dumpIgnoredSslErrorsCache_()

Utility function to dump the cache for debug purposes.

auto eraseAuthenticationDatabase(bool backup, QString* backuppath = nullptr) -> bool

Erase all rows from all tables in authentication database.

auto existsAuthSetting(const QString& key) -> bool

Check if an authentication setting exists.

auto existsCertAuthority(const QSslCertificate& cert) -> bool

Check if a certificate authority exists.

auto existsCertIdentity(const QString& id) -> bool

Check if a certificate identity exists.

auto existsSslCertCustomConfig(const QString& id, const QString& hostport) -> bool

Check if SSL certificate custom config exists.

auto extraFileCAs() -> const QList<QSslCertificate>

extraFileCAs extra file-based certificate authorities

auto hasConfigId(const QString& txt) const -> bool

Returns whether a string includes an authcfg ID token.

auto ignoredSslErrorCache() -> QHash<QString, QSet<QSslError::SslError>>

ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port.

auto init(const QString& pluginPath = QString(), const QString& authDatabasePath = QString()) -> bool

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

auto initSslCaches() -> bool

Initialize various SSL authentication caches.

auto isDisabled() const -> bool

Whether QCA has the qca-ossl plugin, which a base run-time requirement.

auto loadAuthenticationConfig(const QString& authcfg, QgsAuthMethodConfig& mconfig, bool full = false) -> bool

Load an authentication config from the database into subclass.

auto mappedDatabaseCAs() -> const QMap<QString, QSslCertificate>

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

auto masterPasswordHashInDatabase() const -> bool

Verify a password hash existing in authentication database.

auto masterPasswordIsSet() const -> bool

Whether master password has be input and verified, i.e. authentication database is accessible.

auto masterPasswordSame(const QString& pass) const -> bool

Check whether supplied password is the same as the one already set.

auto passwordHelperDelete() -> bool

Delete master password from wallet.

auto passwordHelperEnabled() const -> bool

Password helper enabled getter.

auto passwordHelperErrorMessage() -> const QString

Error message getter.

auto passwordHelperLoggingEnabled() const -> bool

Password helper logging enabled getter.

auto passwordHelperSync() -> bool

Store the password manager into the wallet.

auto rebuildCaCertsCache() -> bool

Rebuild certificate authority cache.

auto rebuildCertTrustCache() -> bool

Rebuild certificate authority cache.

auto rebuildIgnoredSslErrorCache() -> bool

Rebuild ignoredSSL error cache.

auto rebuildTrustedCaCertsCache() -> bool

Rebuild trusted certificate authorities cache.

auto registerCoreAuthMethods() -> bool

Instantiate and register existing C++ core authentication methods from plugins.

auto removeAllAuthenticationConfigs() -> bool

Clear all authentication configs from table in database and from provider caches.

auto removeAuthenticationConfig(const QString& authcfg) -> bool

Remove an authentication config in the database.

auto removeAuthSetting(const QString& key) -> bool

Remove an authentication setting.

auto removeCertAuthority(const QSslCertificate& cert) -> bool

Remove a certificate authority.

auto removeCertIdentity(const QString& id) -> bool

Remove a certificate identity.

auto removeCertTrustPolicies(const QList<QSslCertificate>& certs) -> bool

Remove a group certificate authorities.

auto removeCertTrustPolicy(const QSslCertificate& cert) -> bool

Remove a certificate authority.

auto removeSslCertCustomConfig(const QString& id, const QString& hostport) -> bool

Remove an SSL certificate custom config.

auto resetMasterPassword(const QString& newpass, const QString& oldpass, bool keepbackup, QString* backuppath = nullptr) -> bool

Reset the master password to a new one, then re-encrypt all previous configs in a new database file, optionally backup curren database.

auto scheduledAuthDatabaseErase() -> bool

Whether there is a scheduled opitonal erase of authentication database.

auto setDefaultCertTrustPolicy(QgsAuthCertUtils::CertTrustPolicy policy) -> bool

Sets the default certificate trust policy preferred by user.

auto setMasterPassword(bool verify = false) -> bool

Main call to initially set or continually check master password is set.

auto setMasterPassword(const QString& pass, bool verify = false) -> bool

Overloaded call to reset master password or set it initially without user interaction.

void setPasswordHelperEnabled(bool enabled)

Password helper enabled setter.

void setPasswordHelperLoggingEnabled(bool enabled)

Password helper logging enabled setter.

void setScheduledAuthDatabaseErase(bool scheduleErase)

Schedule an optional erase of authentication database, starting when mutex is lockable.

void setScheduledAuthDatabaseEraseRequestEmitted(bool emitted)

Re-emit a signal to schedule an optional erase of authentication database.

auto sslCertCustomConfig(const QString& id, const QString& hostport) -> const QgsAuthConfigSslServer

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

auto sslCertCustomConfigByHost(const QString& hostport) -> const QgsAuthConfigSslServer

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

auto sslCertCustomConfigs() -> const QList<QgsAuthConfigSslServer>

sslCertCustomConfigs get SSL certificate custom configs

auto storeAuthenticationConfig(QgsAuthMethodConfig& mconfig) -> bool

Store an authentication config in the database.

auto storeAuthSetting(const QString& key, const QVariant& value, bool encrypt = false) -> bool

Store an authentication setting (stored as string via QVariant( value ).toString() )

auto storeCertAuthorities(const QList<QSslCertificate>& certs) -> bool

Store multiple certificate authorities.

auto storeCertAuthority(const QSslCertificate& cert) -> bool

Store a certificate authority.

auto storeCertIdentity(const QSslCertificate& cert, const QSslKey& key) -> bool

Store a certificate identity.

auto storeCertTrustPolicy(const QSslCertificate& cert, QgsAuthCertUtils::CertTrustPolicy policy) -> bool

Store user trust value for a certificate.

auto storeSslCertCustomConfig(const QgsAuthConfigSslServer& config) -> bool

Store an SSL certificate custom config.

auto supportedAuthMethodExpansions(const QString& authcfg) -> QgsAuthMethod::Expansions

Gets supported authentication method expansion(s), e.g.

auto systemRootCAs() -> const QList<QSslCertificate>

systemRootCAs get root system certificate authorities

auto trustedCaCerts(bool includeinvalid = false) -> const QList<QSslCertificate>

trustedCaCerts get list of all trusted CA certificates

auto trustedCaCertsCache() -> const QList<QSslCertificate>

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

auto trustedCaCertsPemText() -> const QByteArray

trustedCaCertsPemText get concatenated string of all trusted CA certificates

auto uniqueConfigId() const -> const QString

Gets a unique generated 7-character string to assign to as config id.

auto untrustedCaCerts(QList<QSslCertificate> trustedCAs = QList<QSslCertificate>()) -> const QList<QSslCertificate>

untrustedCaCerts get list of untrusted certificate authorities

auto updateAuthenticationConfig(const QgsAuthMethodConfig& config) -> bool

Update an authentication config in the database.

void updateConfigAuthMethods()

Sync the confg/authentication method cache with what is in database.

auto updateDataSourceUriItems(QStringList& connectionItems, const QString& authcfg, const QString& dataprovider = QString()) -> bool

Provider call to update a QgsDataSourceUri with an authentication config.

auto updateIgnoredSslErrorsCache(const QString& shahostport, const QList<QSslError>& errors) -> bool

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key.

auto updateIgnoredSslErrorsCacheFromConfig(const QgsAuthConfigSslServer& config) -> bool

Update ignored SSL error cache with possible ignored SSL errors, using server config.

auto updateNetworkProxy(QNetworkProxy& proxy, const QString& authcfg, const QString& dataprovider = QString()) -> bool

Provider call to update a QNetworkProxy with an authentication config.

auto updateNetworkReply(QNetworkReply* reply, const QString& authcfg, const QString& dataprovider = QString()) -> bool

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

auto updateNetworkRequest(QNetworkRequest& request, const QString& authcfg, const QString& dataprovider = QString()) -> bool

Provider call to update a QNetworkRequest with an authentication config.

auto verifyMasterPassword(const QString& compare = QString()) -> bool

Verify the supplied master password against any existing hash in authentication database.

Signals

void authDatabaseChanged()

Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.

void authDatabaseEraseRequested()

Emitted when a user has indicated they may want to erase the authentication db.

void masterPasswordVerified(bool verified)

Emitted when a password has been verify (or not)

void messageOut(const QString& message, const QString& tag = QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level = QgsAuthManager::INFO) const

Custom logging signal to relay to console output and QgsMessageLog.

void passwordHelperFailure()

Signals emitted on password helper failure, mainly used in the tests to exit main application loop.

void passwordHelperMessageOut(const QString& message, const QString& tag = QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level = QgsAuthManager::INFO)

Custom logging signal to inform the user about master password <-> password manager interactions.

void passwordHelperSuccess()

Signals emitted on password helper success, mainly used in the tests to exit main application loop.

Public slots

void clearAllCachedConfigs()

Clear all authentication configs from authentication method caches.

void clearCachedConfig(const QString& authcfg)

Clear an authentication config from its associated authentication method cache.

Protected static functions

static auto instance() -> QgsAuthManager*

Enforce singleton pattern.

Function documentation