@@ -112,75 +112,60 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
112
112
113
113
QgsDebugMsg ( QString ( " Update URI items for authcfg: %1" ).arg ( authcfg ) );
114
114
115
- QString pkiTempFilePrefix = " tmppki_" ;
116
-
117
- QgsAuthMethodConfig amConfig;
118
- if ( !QgsAuthManager::instance ()->loadAuthenticationConfig ( authcfg, amConfig, true ) )
119
- {
120
- QgsDebugMsg ( QString ( " Update URI items: FAILED to retrieve config for authcfg: %1" ).arg ( authcfg ) );
121
- return false ;
122
- }
123
-
124
- if ( !amConfig.isValid () )
115
+ QgsPkiConfigBundle * pkibundle = getPkiConfigBundle ( authcfg );
116
+ if ( !pkibundle || !pkibundle->isValid () )
125
117
{
126
- QgsDebugMsg ( QString ( " Update URI items: FAILED retrieved invalid Auth method for authcfg: %1 " ). arg ( authcfg ) );
118
+ QgsDebugMsg ( " Update URI items FAILED: PKI bundle invalid " );
127
119
return false ;
128
120
}
121
+ QgsDebugMsg ( " Update URI items: PKI bundle valid" );
129
122
130
- // get client cent and key
131
- QSslCertificate clientCert = QgsAuthManager::instance ()->getCertIdentityBundle ( amConfig.config ( " certid" ) ).first ;
132
- QSslKey clientKey = QgsAuthManager::instance ()->getCertIdentityBundle ( amConfig.config ( " certid" ) ).second ;
133
-
134
- // get common name of the client certificate
135
- QString commonName = QgsAuthCertUtils::resolvedCertName ( clientCert, false );
136
-
137
- // get CA
138
- QByteArray caCert = QgsAuthManager::instance ()->getTrustedCaCertsPemText ();
123
+ QString pkiTempFileBase = " tmppki_%1.pem" ;
139
124
140
125
// save client cert to temp file
141
- QFile certFile ( QDir::tempPath () + QDir::separator () + pkiTempFilePrefix + QUuid::createUuid () + " .pem" );
142
- if ( certFile.open ( QIODevice::WriteOnly ) )
126
+ QString certFilePath = QgsAuthCertUtils::pemTextToTempFile (
127
+ pkiTempFileBase.arg ( QUuid::createUuid ().toString () ),
128
+ pkibundle->clientCert ().toPem () );
129
+ if ( certFilePath.isEmpty () )
143
130
{
144
- certFile.write ( clientCert.toPem () );
145
- }
146
- else
147
- {
148
- QgsDebugMsg ( QString ( " Update URI items: FAILED to save client cert temporary file" ) );
149
131
return false ;
150
132
}
151
133
152
- certFile. setPermissions ( QFile::ReadUser | QFile::WriteUser );
153
-
154
- // save key cert to temp file setting it's permission only read to the current user
155
- QFile keyFile ( QDir::tempPath () + QDir::separator () + pkiTempFilePrefix + QUuid::createUuid () + " .pem " );
156
- if ( keyFile. open ( QIODevice::WriteOnly ) )
134
+ // save client cert key to temp file
135
+ QString keyFilePath = QgsAuthCertUtils::pemTextToTempFile (
136
+ pkiTempFileBase. arg ( QUuid::createUuid (). toString () ),
137
+ pkibundle-> clientCertKey (). toPem () );
138
+ if ( keyFilePath. isEmpty ( ) )
157
139
{
158
- keyFile. write ( clientKey. toPem () ) ;
140
+ return false ;
159
141
}
160
- else
142
+
143
+ // save CAs to temp file
144
+ QString caFilePath = QgsAuthCertUtils::pemTextToTempFile (
145
+ pkiTempFileBase.arg ( QUuid::createUuid ().toString () ),
146
+ QgsAuthManager::instance ()->getTrustedCaCertsPemText () );
147
+ if ( caFilePath.isEmpty () )
161
148
{
162
- QgsDebugMsg ( QString ( " Update URI items: FAILED to save client key temporary file" ) );
163
149
return false ;
164
150
}
165
151
166
- keyFile.setPermissions ( QFile::ReadUser );
152
+ // get common name of the client certificate
153
+ QString commonName = QgsAuthCertUtils::resolvedCertName ( pkibundle->clientCert (), false );
167
154
168
- // save CA to tempo file
169
- QFile caFile ( QDir::tempPath () + QDir::separator () + pkiTempFilePrefix + QUuid::createUuid () + " .pem" );
170
- if ( caFile.open ( QIODevice::WriteOnly ) )
155
+ // add uri parameters
156
+ QString userparam = " user='" + commonName + " '" ;
157
+ int userindx = connectionItems.indexOf ( QRegExp ( " ^user='.*" ) );
158
+ if ( userindx != -1 )
171
159
{
172
- caFile. write ( caCert );
160
+ connectionItems. replace ( userindx, userparam );
173
161
}
174
162
else
175
163
{
176
- QgsDebugMsg ( QString ( " Update URI items: FAILED to save CAs to temporary file" ) );
177
- return false ;
164
+ connectionItems.append ( userparam );
178
165
}
179
166
180
- caFile.setPermissions ( QFile::ReadUser | QFile::WriteUser );
181
-
182
167
// add uri parameters
183
- QString certparam = " sslcert='" + certFile. fileName () + " '" ;
168
+ QString certparam = " sslcert='" + certFilePath + " '" ;
184
169
int sslcertindx = connectionItems.indexOf ( QRegExp ( " ^sslcert='.*" ) );
185
170
if ( sslcertindx != -1 )
186
171
{
@@ -191,7 +176,7 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
191
176
connectionItems.append ( certparam );
192
177
}
193
178
194
- QString keyparam = " sslkey='" + keyFile. fileName () + " '" ;
179
+ QString keyparam = " sslkey='" + keyFilePath + " '" ;
195
180
int sslkeyindx = connectionItems.indexOf ( QRegExp ( " ^sslkey='.*" ) );
196
181
if ( sslkeyindx != -1 )
197
182
{
@@ -202,7 +187,7 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
202
187
connectionItems.append ( keyparam );
203
188
}
204
189
205
- QString caparam = " sslrootcert='" + caFile. fileName () + " '" ;
190
+ QString caparam = " sslrootcert='" + caFilePath + " '" ;
206
191
int sslcaindx = connectionItems.indexOf ( QRegExp ( " ^sslrootcert='.*" ) );
207
192
if ( sslcaindx != -1 )
208
193
{
0 commit comments