Skip to content
Permalink
Browse files

[auth] Integrate cert viable functions into auth system

  • Loading branch information
dakcarto committed Oct 27, 2017
1 parent 8032de8 commit 671ce6359f5cc85e93b33040f82cfe2cfecb7ec3
@@ -251,9 +251,9 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( cibundle.first );
if ( !clientcert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}

@@ -24,6 +24,7 @@
#include <QSslKey>

#include "qgsapplication.h"
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgsauthguiutils.h"
#include "qgslogger.h"
@@ -97,21 +98,21 @@ bool QgsAuthPkiPathsEdit::validateConfig()
return validityChange( false );
}

bool certvalid = cert.isValid();
QDateTime startdate( cert.effectiveDate() );
QDateTime enddate( cert.expiryDate() );

writePkiMessage( lePkiPathsMsg,
tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
( certvalid ? Valid : Invalid ) );
( QgsAuthCertUtils::certIsCurrent( cert ) ? Valid : Invalid ) );

bool showCas( certvalid && populateCas() );
bool certviable = QgsAuthCertUtils::certIsViable( cert );
bool showCas( certviable && populateCas() );
lblCas->setVisible( showCas );
twCas->setVisible( showCas );
cbAddCas->setVisible( showCas );
cbAddRootCa->setVisible( showCas );

return validityChange( certvalid );
return validityChange( certviable );
}

QgsStringMap QgsAuthPkiPathsEdit::configMap() const
@@ -284,9 +284,9 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( QgsAuthCertUtils::certFromFile( mconfig.config( QStringLiteral( "certpath" ) ) ) );
if ( !clientcert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}

@@ -292,9 +292,9 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth
// init client cert
// Note: if this is not valid, no sense continuing
QSslCertificate clientcert( bundlelist.at( 0 ).toLatin1() );
if ( !clientcert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( clientcert ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not valid" ).arg( authcfg ) );
QgsDebugMsg( QString( "PKI bundle for authcfg %1: insert FAILED, client cert is not viable" ).arg( authcfg ) );
return bundle;
}

@@ -275,7 +275,7 @@ bool QgsPkiBundle::isNull() const

bool QgsPkiBundle::isValid() const
{
return ( !isNull() && mCert.isValid() );
return ( !isNull() && QgsAuthCertUtils::certIsViable( mCert ) );
}

const QString QgsPkiBundle::certId() const
@@ -1784,7 +1784,7 @@ const QPair<QSslCertificate, QSslKey> QgsAuthManager::certIdentityBundle( const
const QStringList QgsAuthManager::certIdentityBundleToPem( const QString &id )
{
QPair<QSslCertificate, QSslKey> bundle( certIdentityBundle( id ) );
if ( bundle.first.isValid() && !bundle.second.isNull() )
if ( QgsAuthCertUtils::certIsViable( bundle.first ) && !bundle.second.isNull() )
{
return QStringList() << QString( bundle.first.toPem() ) << QString( bundle.second.toPem() );
}
@@ -2719,7 +2719,7 @@ const QList<QSslCertificate> QgsAuthManager::trustedCaCerts( bool includeinvalid
}
else if ( defaultpolicy == QgsAuthCertUtils::Trusted && !untrustedids.contains( certid ) )
{
if ( !includeinvalid && !cert.isValid() )
if ( !includeinvalid && !QgsAuthCertUtils::certIsViable( cert ) )
continue;
trustedcerts.append( cert );
}
@@ -295,7 +295,7 @@ void QgsAuthCertInfo::updateCurrentCertInfo( int chainindx )
mCurrentTrustPolicy = trustpolicy;

cmbbxTrust->setTrustPolicy( trustpolicy );
if ( !mCurrentQCert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( mCurrentQCert ) )
{
cmbbxTrust->setDefaultTrustPolicy( QgsAuthCertUtils::Untrusted );
}
@@ -880,7 +880,7 @@ void QgsAuthCertInfo::decorateCertTreeItem( const QSslCertificate &cert,
return;
}

if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
return;
@@ -205,7 +205,7 @@ void QgsAuthIdentitiesEditor::appendIdentitiesToItem( const QList<QSslCertificat
QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )identype ) );

item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setForeground( 2, redb );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
@@ -170,7 +170,7 @@ void QgsAuthImportCertDialog::validateCertificates()

Q_FOREACH ( const QSslCertificate &cert, certs )
{
if ( cert.isValid() )
if ( QgsAuthCertUtils::certIsViable( cert ) )
++validcerts;

if ( filterCAs )
@@ -277,12 +277,13 @@ bool QgsAuthImportIdentityDialog::validatePkiPaths()
ca_certs = certs;
}

isvalid = clientcert.isValid();
isvalid = QgsAuthCertUtils::certIsViable( clientcert );

QDateTime startdate( clientcert.effectiveDate() );
QDateTime enddate( clientcert.expiryDate() );

writeValidation( tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
( isvalid ? Valid : Invalid ) );
( QgsAuthCertUtils::certIsCurrent( clientcert ) ? Valid : Invalid ) );
//TODO: set enabled on cert info button, relative to cert validity

// check for valid private key and that any supplied password works
@@ -24,6 +24,7 @@
#include "qgssettings.h"
#include "qgsapplication.h"
#include "qgsauthcertificateinfo.h"
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgsauthguiutils.h"
#include "qgslogger.h"
@@ -206,7 +207,7 @@ void QgsAuthServersEditor::appendSslConfigsToItem( const QList<QgsAuthConfigSslS
QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )conftype ) );

item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setForeground( 2, redb );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );
@@ -22,6 +22,7 @@
#include "qgssettings.h"
#include "qgsapplication.h"
#include "qgsauthcertificateinfo.h"
#include "qgsauthcertutils.h"
#include "qgsauthguiutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
@@ -196,7 +197,7 @@ void QgsAuthTrustedCAsDialog::appendCertsToItem( const QList<QSslCertificate> &c
QTreeWidgetItem *item( new QTreeWidgetItem( parent, coltxts, ( int )catype ) );

item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificate.svg" ) ) );
if ( !cert.isValid() )
if ( !QgsAuthCertUtils::certIsViable( cert ) )
{
item->setForeground( 2, redb );
item->setIcon( 0, QgsApplication::getThemeIcon( QStringLiteral( "/mIconCertificateUntrusted.svg" ) ) );

0 comments on commit 671ce63

Please sign in to comment.
You can’t perform that action at this time.