Skip to content

Commit

Permalink
[auth] Add trusted root CAs to OGR PG connnections
Browse files Browse the repository at this point in the history
  • Loading branch information
@elpaso
elpaso committed Nov 14, 2017
1 parent 2c63671 commit 276bd1b
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 2 deletions.
35 changes: 34 additions & 1 deletion src/auth/basic/qgsauthbasicmethod.cpp
View file
Expand Up @@ -102,6 +102,20 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
return false;
}

// SSL Extra CAs
QString caparam;
QList<QSslCertificate> cas;
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
{
QString caparam = "sslrootcert='" + caFilePath + "'";
}

// Branch for OGR
if ( dataprovider == QStringLiteral( "ogr" ) )
{
Expand All @@ -127,6 +141,11 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
if ( !password.isEmpty() )
uri += QStringLiteral( " password='%1'" ).arg( password );
}
// add extra CAs
if ( ! caparam.isEmpty() )
{
uri += ' ' + caparam;
}
}
else if ( uri.startsWith( QStringLiteral( "SDE:" ) ) )
{
Expand Down Expand Up @@ -226,9 +245,23 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
{
connectionItems.append( passparam );
}
// add extra CAs
if ( ! caparam.isEmpty() )
{
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
if ( sslcaindx != -1 )
{
connectionItems.replace( sslcaindx, caparam );
}
else
{
connectionItems.append( caparam );
}
}
}

return true;

return true;
}

bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider )
Expand Down
2 changes: 1 addition & 1 deletion tests/src/python/CMakeLists.txt
View file
Expand Up @@ -215,7 +215,7 @@ IF (ENABLE_PGTEST)
ADD_PYTHON_TEST(PyQgsVectorLayerTools test_qgsvectorlayertools.py)
ADD_PYTHON_TEST(PyQgsAuthManagerPKIPostgresTest test_authmanager_pki_postgres.py)
ADD_PYTHON_TEST(PyQgsAuthManagerPasswordPostgresTest test_authmanager_password_postgres.py)
ENDIF (ENABLE_PGTEST)
ENDIF (ENABLE_PGTEST)

IF (ENABLE_MSSQLTEST)
ADD_PYTHON_TEST(PyQgsMssqlProvider test_provider_mssql.py)
Expand Down

0 comments on commit 276bd1b

Please sign in to comment.