Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 2e0d67a

Browse files
nyalldawsonnyalldawson
committedJun 9, 2019
Avoid sqlite database lookup on EVERY https network request
Whenever a https network request is created, QgsAuthManager::sslCertCustomConfigByHost is used to alter the ssl configuration according to config stored within the sqlite authentication database. This results in a database query being created for EVERY request, regardless of whether a user actually has any ssl configuration set. Instead, use a cache to avoid firing off this db query for every request
1 parent d106406 commit 2e0d67a

File tree

2 files changed

+47
-3
lines changed

2 files changed

+47
-3
lines changed
 

‎src/core/auth/qgsauthmanager.cpp

Lines changed: 43 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1698,6 +1698,8 @@ bool QgsAuthManager::initSslCaches()
16981698
res = res && rebuildCertTrustCache();
16991699
res = res && rebuildTrustedCaCertsCache();
17001700
res = res && rebuildIgnoredSslErrorCache();
1701+
mCustomConfigByHostCache.clear();
1702+
mHasCheckedIfCustomConfigByHostExists = false;
17011703

17021704
QgsDebugMsg( QStringLiteral( "Init of SSL caches %1" ).arg( res ? "SUCCEEDED" : "FAILED" ) );
17031705
return res;
@@ -1994,6 +1996,8 @@ bool QgsAuthManager::storeSslCertCustomConfig( const QgsAuthConfigSslServer &con
19941996
.arg( config.sslHostPort().trimmed(), id ) );
19951997

19961998
updateIgnoredSslErrorsCacheFromConfig( config );
1999+
mHasCheckedIfCustomConfigByHostExists = false;
2000+
mCustomConfigByHostCache.clear();
19972001

19982002
return true;
19992003
}
@@ -2042,23 +2046,53 @@ const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfig( const QString
20422046

20432047
const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfigByHost( const QString &hostport )
20442048
{
2045-
QMutexLocker locker( mMutex );
20462049
QgsAuthConfigSslServer config;
2047-
20482050
if ( hostport.isEmpty() )
20492051
{
2050-
QgsDebugMsg( QStringLiteral( "Passed host:port is empty" ) );
20512052
return config;
20522053
}
20532054

2055+
QMutexLocker locker( mMutex );
2056+
if ( mHasCheckedIfCustomConfigByHostExists && !mHasCustomConfigByHost )
2057+
return config;
2058+
if ( mCustomConfigByHostCache.contains( hostport ) )
2059+
return mCustomConfigByHostCache.value( hostport );
2060+
20542061
QSqlQuery query( authDatabaseConnection() );
2062+
2063+
// first run -- see if we have ANY custom config by host. If not, we can skip all future checks for any host
2064+
if ( !mHasCheckedIfCustomConfigByHostExists )
2065+
{
2066+
mHasCheckedIfCustomConfigByHostExists = true;
2067+
query.prepare( QString( "SELECT count(*) FROM %1" ).arg( authDatabaseServersTable() ) );
2068+
if ( !authDbQuery( &query ) )
2069+
{
2070+
mHasCustomConfigByHost = false;
2071+
return config;
2072+
}
2073+
if ( query.isActive() && query.isSelect() && query.first() )
2074+
{
2075+
mHasCustomConfigByHost = query.value( 0 ).toInt() > 0;
2076+
if ( !mHasCustomConfigByHost )
2077+
return config;
2078+
}
2079+
else
2080+
{
2081+
mHasCustomConfigByHost = false;
2082+
return config;
2083+
}
2084+
}
2085+
20552086
query.prepare( QString( "SELECT id, host, cert, config FROM %1 "
20562087
"WHERE host = :host" ).arg( authDatabaseServersTable() ) );
20572088

20582089
query.bindValue( QStringLiteral( ":host" ), hostport.trimmed() );
20592090

20602091
if ( !authDbQuery( &query ) )
2092+
{
2093+
mCustomConfigByHostCache.insert( hostport, config );
20612094
return config;
2095+
}
20622096

20632097
if ( query.isActive() && query.isSelect() )
20642098
{
@@ -2075,9 +2109,12 @@ const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfigByHost( const QS
20752109
emit messageOut( tr( "Authentication database contains duplicate SSL cert custom configs for host:port: %1" )
20762110
.arg( hostport ), authManTag(), WARNING );
20772111
QgsAuthConfigSslServer emptyconfig;
2112+
mCustomConfigByHostCache.insert( hostport, emptyconfig );
20782113
return emptyconfig;
20792114
}
20802115
}
2116+
2117+
mCustomConfigByHostCache.insert( hostport, config );
20812118
return config;
20822119
}
20832120

@@ -2155,6 +2192,9 @@ bool QgsAuthManager::removeSslCertCustomConfig( const QString &id, const QString
21552192
return false;
21562193
}
21572194

2195+
mHasCheckedIfCustomConfigByHostExists = false;
2196+
mCustomConfigByHostCache.clear();
2197+
21582198
QSqlQuery query( authDatabaseConnection() );
21592199

21602200
query.prepare( QStringLiteral( "DELETE FROM %1 WHERE id = :id AND host = :host" ).arg( authDatabaseServersTable() ) );

‎src/core/auth/qgsauthmanager.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -874,6 +874,10 @@ class CORE_EXPORT QgsAuthManager : public QObject
874874
QList<QSslCertificate> mTrustedCaCertsCache;
875875
// cache of SSL errors to be ignored in network connections, per sha-hostport
876876
QHash<QString, QSet<QSslError::SslError> > mIgnoredSslErrorsCache;
877+
878+
bool mHasCustomConfigByHost = false;
879+
bool mHasCheckedIfCustomConfigByHostExists = false;
880+
QMap< QString, QgsAuthConfigSslServer > mCustomConfigByHostCache;
877881
#endif
878882

879883
//////////////////////////////////////////////////////////////////////////////

0 commit comments

Comments
 (0)
Please sign in to comment.