Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[bugfix][auth] Basic method uses trusted CAs when connecting to DB
- Loading branch information
Showing
with
23 additions
and
0 deletions.
-
+23
−0
src/auth/basic/qgsauthbasicmethod.cpp
|
@@ -23,6 +23,7 @@ |
|
|
|
|
|
#include <QNetworkProxy> |
|
|
#include <QMutexLocker> |
|
|
#include <QUuid> |
|
|
|
|
|
static const QString AUTH_METHOD_KEY = QStringLiteral( "Basic" ); |
|
|
static const QString AUTH_METHOD_DESCRIPTION = QStringLiteral( "Basic authentication" ); |
|
@@ -123,6 +124,28 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems, |
|
|
connectionItems.append( passparam ); |
|
|
} |
|
|
|
|
|
// add extra CAs |
|
|
QList<QSslCertificate> cas; |
|
|
cas = QgsApplication::authManager()->trustedCaCerts(); |
|
|
// save CAs to temp file |
|
|
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" ); |
|
|
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile( |
|
|
tempFileBase.arg( QUuid::createUuid().toString() ), |
|
|
QgsAuthCertUtils::certsToPemText( cas ) ); |
|
|
if ( ! caFilePath.isEmpty() ) |
|
|
{ |
|
|
QString caparam = "sslrootcert='" + caFilePath + "'"; |
|
|
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) ); |
|
|
if ( sslcaindx != -1 ) |
|
|
{ |
|
|
connectionItems.replace( sslcaindx, caparam ); |
|
|
} |
|
|
else |
|
|
{ |
|
|
connectionItems.append( caparam ); |
|
|
} |
|
|
} |
|
|
|
|
|
return true; |
|
|
} |
|
|
|
|
|
would be possibile to maintain a uniform tempFileBase. In all other auth method is tmppki_{uuid}.pem
e.g. https://github.com/qgis/QGIS/blob/master/src/auth/pkipkcs12/qgsauthpkcs12method.cpp#L138