/usr/include/qgis/qgsauthconfig.h is in libqgis-dev 2.14.11+dfsg-3+deb9u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 | /***************************************************************************
qgsauthconfig.h
---------------------
begin : October 5, 2014
copyright : (C) 2014 by Boundless Spatial, Inc. USA
author : Larry Shaffer
email : lshaffer at boundlessgeo dot com
***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
***************************************************************************/
#ifndef QGSAUTHCONFIG_H
#define QGSAUTHCONFIG_H
#include <QHash>
#include <QString>
#ifndef QT_NO_OPENSSL
#include <QSslCertificate>
#include <QSslKey>
#include <QSslError>
#include <QSslSocket>
#endif
#include "qgis.h"
/** \ingroup core
* \brief Configuration storage class for authentication method configurations
*/
class CORE_EXPORT QgsAuthMethodConfig
{
public:
/**
* Construct a configuration for an authentication method
* @param method Textual key of the authentication method
* @param version Version of the configuration (for updating previously saved configs later on)
*/
QgsAuthMethodConfig( const QString& method = QString(), int version = 0 );
/** Operator used to compare configs' equality */
bool operator==( const QgsAuthMethodConfig& other ) const;
/** Operator used to compare configs' inequality */
bool operator!=( const QgsAuthMethodConfig& other ) const;
/**
* Get 'authcfg' 7-character alphanumeric ID of the config
* @note This is set by QgsAuthManager when the config is initially stored
*/
const QString id() const { return mId; }
/** Set auth config ID */
void setId( const QString& id ) { mId = id; }
/** Get name of configuration */
const QString name() const { return mName; }
/** Set name of configuration */
void setName( const QString& name ) { mName = name; }
/** A URI to auto-select a config when connecting to a resource */
const QString uri() const { return mUri; }
void setUri( const QString& uri ) { mUri = uri; }
/** Textual key of the associated authentication method */
QString method() const { return mMethod; }
void setMethod( const QString& method ) { mMethod = method; }
/** Get version of the configuration */
int version() const { return mVersion; }
/** Set version of the configuration */
void setVersion( int version ) { mVersion = version; }
/**
* Whether the configuration is valid
* @param validateid Additionally verify the auth config ID is not empty
*/
bool isValid( bool validateid = false ) const;
/**
* The extended configuration, as stored and retrieved from the authentication database
* @note This is an internal construct used by QgsAuthManager that should generally not be set by client code
*/
const QString configString() const;
/**
* Load existing extended configuration
* @param configstr Configuration string to load
*/
void loadConfigString( const QString& configstr );
/** Get extended configuration, mapped to key/value pairs of QStrings */
QgsStringMap configMap() const { return mConfigMap; }
/**
* Set extended configuration map
* @param map Map to set
*/
void setConfigMap( const QgsStringMap& map ) { mConfigMap = map; }
/**
* Set a single config value per key in the map
* @note if key exists, it is replaced
* @param key Config key
* @param value Config value
*/
void setConfig( const QString &key, const QString &value );
/**
* Set a multiple config values per key in the map
* @note if key exists, it is replaced
* @param key Config key
* @param value Config value
*/
void setConfigList( const QString &key, const QStringList &value );
/**
* Remove a config from map
* @param key Config to remove
* @return Number of keys removed (should always be 1 or 0)
*/
int removeConfig( const QString &key );
/**
* Return a config's value
* @param key Config key
* @param defaultvalue Default value, if key not found
*/
QString config( const QString &key, const QString& defaultvalue = QString() ) const;
/**
* Return a config's list of values
* @param key
*/
QStringList configList( const QString &key ) const;
/**
* Whether a config key exists in config map
* @param key
*/
bool hasConfig( const QString &key ) const;
/** Clear all configs */
void clearConfigMap() { mConfigMap.clear(); }
/**
* A utility function for generating a resource from a URL to be compared
* against the config's uri() for auto-selecting authentication configs to use
* @note Essentially strips the URL query variables, and by default, strips the path as well
* @param accessurl A URL to process
* @param resource Ouput variable for result
* @param withpath Whether to include the URI's path in output
*/
static bool uriToResource( const QString &accessurl, QString *resource, bool withpath = false );
private:
QString mId;
QString mName;
QString mUri;
QString mMethod;
int mVersion;
QgsStringMap mConfigMap;
static const QString mConfigSep;
static const QString mConfigKeySep;
static const QString mConfigListSep;
static const int mConfigVersion;
};
typedef QHash<QString, QgsAuthMethodConfig> QgsAuthMethodConfigsMap;
#ifndef QT_NO_OPENSSL
/** \ingroup core
* \brief Storage set for PKI bundle: SSL certificate, key, optional CA cert chain
* \note Useful for caching the bundle during application run sessions
*/
class CORE_EXPORT QgsPkiBundle
{
public:
/**
* Construct a bundle from existing PKI components
* @param clientCert Certificate to store in bundle
* @param clientKey Private key to store in bundle
* @param caChain Chain of Certificate Authorities for client certificate
*/
QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
const QSslKey &clientKey = QSslKey(),
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
/**
* Construct a bundle of PKI components from PEM-formatted file paths
* @param certPath Certificate file path
* @param keyPath Private key path
* @param keyPass Private key passphrase
* @param caChain Chain of Certificate Authorities for client certificate
*/
static const QgsPkiBundle fromPemPaths( const QString &certPath,
const QString &keyPath,
const QString &keyPass = QString::null,
const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
/**
* Construct a bundle of PKI components from a PKCS#12 file path
* @param bundlepath Bundle file path
* @param bundlepass Optional bundle passphrase
*/
static const QgsPkiBundle fromPkcs12Paths( const QString &bundlepath,
const QString &bundlepass = QString::null );
/** Whether the bundle, either its certificate or private key, is null */
bool isNull() const;
/** Whether the bundle is valid */
bool isValid() const;
/** The sha hash of the client certificate */
const QString certId() const;
/** Client certificate object */
const QSslCertificate clientCert() const { return mCert; }
/** Set client certificate object */
void setClientCert( const QSslCertificate &cert );
/** Private key object */
const QSslKey clientKey() const { return mCertKey; }
/** Set private key object */
void setClientKey( const QSslKey &certkey );
/** Chain of Certificate Authorities for client certificate */
const QList<QSslCertificate> caChain() const { return mCaChain; }
/** Set chain of Certificate Authorities for client certificate */
void setCaChain( const QList<QSslCertificate> &cachain ) { mCaChain = cachain; }
private:
QSslCertificate mCert;
QSslKey mCertKey;
QList<QSslCertificate> mCaChain;
};
/** \ingroup core
* \brief Storage set for constructed SSL certificate, key, associated with an authentication config
*/
class CORE_EXPORT QgsPkiConfigBundle
{
public:
/**
* Construct a bundle from existing PKI components and authentication method configuration
* @param config Authentication method configuration
* @param cert Certificate to store in bundle
* @param certkey Private key to store in bundle
*/
QgsPkiConfigBundle( const QgsAuthMethodConfig& config,
const QSslCertificate& cert,
const QSslKey& certkey );
/** Whether the bundle is valid */
bool isValid();
/** Authentication method configuration */
const QgsAuthMethodConfig config() const { return mConfig; }
/** Set authentication method configuration */
void setConfig( const QgsAuthMethodConfig& config ) { mConfig = config; }
/** Client certificate object */
const QSslCertificate clientCert() const { return mCert; }
/** Set client certificate object */
void setClientCert( const QSslCertificate& cert ) { mCert = cert; }
/** Private key object */
const QSslKey clientCertKey() const { return mCertKey; }
/** Set private key object */
void setClientCertKey( const QSslKey& certkey ) { mCertKey = certkey; }
private:
QgsAuthMethodConfig mConfig;
QSslCertificate mCert;
QSslKey mCertKey;
};
/** \ingroup core
* \brief Configuration container for SSL server connection exceptions or overrides
*/
class CORE_EXPORT QgsAuthConfigSslServer
{
public:
/** Construct a default SSL server configuration */
QgsAuthConfigSslServer();
~QgsAuthConfigSslServer() {}
/** Server certificate object */
const QSslCertificate sslCertificate() const { return mSslCert; }
/** Set server certificate object */
void setSslCertificate( const QSslCertificate& cert ) { mSslCert = cert; }
/** Server host:port string */
const QString sslHostPort() const { return mSslHostPort; }
/** Set server host:port string */
void setSslHostPort( const QString& hostport ) { mSslHostPort = hostport; }
/** SSL server protocol to use in connections */
QSsl::SslProtocol sslProtocol() const { return mSslProtocol; }
/** Set SSL server protocol to use in connections */
void setSslProtocol( QSsl::SslProtocol protocol ) { mSslProtocol = protocol; }
/** SSL server errors to ignore in connections */
const QList<QSslError> sslIgnoredErrors() const;
/** SSL server errors (as enum list) to ignore in connections */
const QList<QSslError::SslError> sslIgnoredErrorEnums() const { return mSslIgnoredErrors; }
/** Set SSL server errors (as enum list) to ignore in connections */
void setSslIgnoredErrorEnums( const QList<QSslError::SslError>& errors ) { mSslIgnoredErrors = errors; }
/** SSL client's peer verify mode to use in connections */
QSslSocket::PeerVerifyMode sslPeerVerifyMode() const { return mSslPeerVerifyMode; }
/** Set SSL client's peer verify mode to use in connections */
void setSslPeerVerifyMode( QSslSocket::PeerVerifyMode mode ) { mSslPeerVerifyMode = mode; }
/** Number or SSL client's peer to verify in connections
* @note When set to 0 = unlimited depth
*/
int sslPeerVerifyDepth() const { return mSslPeerVerifyDepth; }
/** Set number or SSL client's peer to verify in connections
* @note When set to 0 = unlimited depth
*/
void setSslPeerVerifyDepth( int depth ) { mSslPeerVerifyDepth = depth; }
/** Version of the configuration (used for future upgrading) */
int version() const { return mVersion; }
/** Set version of the configuration (used for future upgrading) */
void setVersion( int version ) { mVersion = version; }
/** Qt version when the configuration was made (SSL protocols may differ) */
int qtVersion() const { return mQtVersion; }
/** Set Qt version when the configuration was made (SSL protocols may differ) */
void setQtVersion( int version ) { mQtVersion = version; }
/** Configuration as a concatenated string */
const QString configString() const;
/** Load concatenated string into configuration, e.g. from auth database */
void loadConfigString( const QString& config = QString() );
/** Whether configuration is null (missing components) */
bool isNull() const;
private:
QString mSslHostPort;
QSslCertificate mSslCert;
QSsl::SslProtocol mSslProtocol;
int mQtVersion;
QList<QSslError::SslError> mSslIgnoredErrors;
QSslSocket::PeerVerifyMode mSslPeerVerifyMode;
int mSslPeerVerifyDepth;
int mVersion;
static const QString mConfSep;
};
#endif
#endif // QGSAUTHCONFIG_H
|