Skip to content
Permalink
Browse files

[auth] Add trusted root CAs to OGR PG connnections

  • Loading branch information
elpaso committed Nov 14, 2017
1 parent 2c63671 commit 276bd1bfe1864eaa31da273707aab59fd93488ca
Showing with 35 additions and 2 deletions.
  1. +34 −1 src/auth/basic/qgsauthbasicmethod.cpp
  2. +1 −1 tests/src/python/CMakeLists.txt
@@ -102,6 +102,20 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
return false;
}

// SSL Extra CAs
QString caparam;
QList<QSslCertificate> cas;
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
{
QString caparam = "sslrootcert='" + caFilePath + "'";
}

// Branch for OGR
if ( dataprovider == QStringLiteral( "ogr" ) )
{
@@ -127,6 +141,11 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
if ( !password.isEmpty() )
uri += QStringLiteral( " password='%1'" ).arg( password );
}
// add extra CAs
if ( ! caparam.isEmpty() )
{
uri += ' ' + caparam;
}
}
else if ( uri.startsWith( QStringLiteral( "SDE:" ) ) )
{
@@ -226,9 +245,23 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
{
connectionItems.append( passparam );
}
// add extra CAs
if ( ! caparam.isEmpty() )
{
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
if ( sslcaindx != -1 )
{
connectionItems.replace( sslcaindx, caparam );
}
else
{
connectionItems.append( caparam );
}
}
}

return true;

return true;
}

bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider )
@@ -215,7 +215,7 @@ IF (ENABLE_PGTEST)
ADD_PYTHON_TEST(PyQgsVectorLayerTools test_qgsvectorlayertools.py)
ADD_PYTHON_TEST(PyQgsAuthManagerPKIPostgresTest test_authmanager_pki_postgres.py)
ADD_PYTHON_TEST(PyQgsAuthManagerPasswordPostgresTest test_authmanager_password_postgres.py)
ENDIF (ENABLE_PGTEST)
ENDIF (ENABLE_PGTEST)

IF (ENABLE_MSSQLTEST)
ADD_PYTHON_TEST(PyQgsMssqlProvider test_provider_mssql.py)

0 comments on commit 276bd1b

Please sign in to comment.
You can’t perform that action at this time.