Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[auth] Authmanager singleton removal from API
  • Loading branch information
elpaso committed Oct 26, 2017
1 parent ecf93e3 commit 48984dd
Show file tree
Hide file tree
Showing 51 changed files with 379 additions and 295 deletions.
29 changes: 18 additions & 11 deletions python/core/auth/qgsauthmanager.sip
Expand Up @@ -32,13 +32,15 @@ class QgsAuthManager : QObject
CRITICAL
};

static QgsAuthManager *instance();
bool init( const QString &pluginPath = QString(), const QString &authDatabasePath = QString() );
%Docstring
Enforce singleton pattern
.. note::

To set up the manager instance and initialize everything use QgsAuthManager.instance()->init()
:rtype: QgsAuthManager
init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database
\param pluginPath the plugin path
\param authDatabasePath the authentication DB path
:return: true on success
.. seealso:: QgsApplication.pluginPath
.. seealso:: QgsApplication.qgisAuthDatabaseFilePath
:rtype: bool
%End

~QgsAuthManager();
Expand All @@ -61,11 +63,6 @@ Name of the authentication database table that stores server exceptions/configs
:rtype: str
%End

bool init( const QString &pluginPath = QString() );
%Docstring
Initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database
:rtype: bool
%End

bool isDisabled() const;
%Docstring
Expand Down Expand Up @@ -738,6 +735,16 @@ Clear an authentication config from its associated authentication method cache
%End

protected:

static QgsAuthManager *instance();
%Docstring
Enforce singleton pattern
.. note::

To set up the manager instance and initialize everything use QgsAuthManager.instance()->init()
:rtype: QgsAuthManager
%End

explicit QgsAuthManager();

};
Expand Down
11 changes: 11 additions & 0 deletions python/core/qgsapplication.sip
Expand Up @@ -682,6 +682,17 @@ Returns path to the build output directory. Valid only when running from build d
:rtype: QgsMessageLog
%End

static QgsAuthManager *authManager();
%Docstring
Returns the application's authentication manager instance
.. note::

this can be a null pointer if called before initQgis
.. seealso:: initQgis
.. versionadded:: 3.0
:rtype: QgsAuthManager
%End

static QgsProcessingRegistry *processingRegistry();
%Docstring
Returns the application's processing registry, used for managing processing providers,
Expand Down
38 changes: 19 additions & 19 deletions src/app/qgisapp.cpp
Expand Up @@ -683,19 +683,6 @@ QgisApp::QgisApp( QSplashScreen *splash, bool restorePlugins, bool skipVersionCh
mTray->setIcon( QIcon( QgsApplication::appIconPath() ) );
mTray->hide();

startProfile( QStringLiteral( "Initializing authentication" ) );
mSplash->showMessage( tr( "Initializing authentication" ), Qt::AlignHCenter | Qt::AlignBottom );
qApp->processEvents();
QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
if ( !QgsAuthManager::instance()->isDisabled() )
{
masterPasswordSetup();
}
endProfile();

// Setup QgsNetworkAccessManager (this needs to happen after authentication, for proxy settings)
namSetup();

// Create the themes folder for the user
startProfile( QStringLiteral( "Creating theme folder" ) );
QgsApplication::createThemeFolder();
Expand Down Expand Up @@ -1008,6 +995,19 @@ QgisApp::QgisApp( QSplashScreen *splash, bool restorePlugins, bool skipVersionCh
qApp->processEvents();
QgsApplication::initQgis();

if ( !QgsApplication::authManager()->isDisabled() )
{
// Most of the auth initialization is done inside initQgis
startProfile( QStringLiteral( "Initializing authentication" ) );
mSplash->showMessage( tr( "Initializing authentication" ), Qt::AlignHCenter | Qt::AlignBottom );
qApp->processEvents();
masterPasswordSetup();
endProfile();
}

// Setup QgsNetworkAccessManager (this needs to happen after authentication, for proxy settings)
namSetup();

QgsApplication::dataItemProviderRegistry()->addProvider( new QgsQlrDataItemProvider() );
registerCustomDropHandler( new QgsQlrDropHandler() );
QgsApplication::dataItemProviderRegistry()->addProvider( new QgsQptDataItemProvider() );
Expand Down Expand Up @@ -9917,7 +9917,7 @@ QgsVectorLayer *QgisApp::addVectorLayer( const QString &vectorLayerPath, const Q
authok = false;
if ( !QgsAuthGuiUtils::isDisabled( messageBar(), messageTimeout() ) )
{
authok = QgsAuthManager::instance()->setMasterPassword( true );
authok = QgsApplication::authManager()->setMasterPassword( true );
}
}

Expand Down Expand Up @@ -12636,7 +12636,7 @@ void QgisApp::namSslErrors( QNetworkReply *reply, const QList<QSslError> &errors
QString digest( QgsAuthCertUtils::shaHexForCert( reply->sslConfiguration().peerCertificate() ) );
QString dgsthostport( QStringLiteral( "%1:%2" ).arg( digest, hostport ) );

const QHash<QString, QSet<QSslError::SslError> > &errscache( QgsAuthManager::instance()->getIgnoredSslErrorCache() );
const QHash<QString, QSet<QSslError::SslError> > &errscache( QgsApplication::authManager()->getIgnoredSslErrorCache() );

if ( errscache.contains( dgsthostport ) )
{
Expand Down Expand Up @@ -12715,11 +12715,11 @@ void QgisApp::namUpdate()

void QgisApp::masterPasswordSetup()
{
connect( QgsAuthManager::instance(), &QgsAuthManager::messageOut,
connect( QgsApplication::authManager(), &QgsAuthManager::messageOut,
this, &QgisApp::authMessageOut );
connect( QgsAuthManager::instance(), &QgsAuthManager::passwordHelperMessageOut,
connect( QgsApplication::authManager(), &QgsAuthManager::passwordHelperMessageOut,
this, &QgisApp::authMessageOut );
connect( QgsAuthManager::instance(), &QgsAuthManager::authDatabaseEraseRequested,
connect( QgsApplication::authManager(), &QgsAuthManager::authDatabaseEraseRequested,
this, &QgisApp::eraseAuthenticationDatabase );
}

Expand All @@ -12737,7 +12737,7 @@ void QgisApp::eraseAuthenticationDatabase()
if ( layertree && layertree->customProperty( QStringLiteral( "loading" ) ).toBool() )
{
QgsDebugMsg( "Project loading, skipping auth db erase" );
QgsAuthManager::instance()->setScheduledAuthDatabaseEraseRequestEmitted( false );
QgsApplication::authManager()->setScheduledAuthDatabaseEraseRequestEmitted( false );
return;
}
}
Expand Down
3 changes: 2 additions & 1 deletion src/auth/basic/qgsauthbasicmethod.cpp
Expand Up @@ -19,6 +19,7 @@

#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"

#include <QNetworkProxy>
#include <QMutexLocker>
Expand Down Expand Up @@ -182,7 +183,7 @@ QgsAuthMethodConfig QgsAuthBasicMethod::getMethodConfig( const QString &authcfg,
}

// else build basic bundle
if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, fullconfig ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, fullconfig ) )
{
QgsDebugMsg( QString( "Retrieve config FAILED for authcfg: %1" ).arg( authcfg ) );
return QgsAuthMethodConfig();
Expand Down
2 changes: 1 addition & 1 deletion src/auth/identcert/qgsauthidentcertedit.cpp
Expand Up @@ -75,7 +75,7 @@ void QgsAuthIdentCertEdit::populateIdentityComboBox()
{
cmbIdentityCert->addItem( tr( "Select identity..." ), "" );

QList<QSslCertificate> certs( QgsAuthManager::instance()->getCertIdentities() );
QList<QSslCertificate> certs( QgsApplication::authManager()->getCertIdentities() );
if ( !certs.isEmpty() )
{
cmbIdentityCert->setIconSize( QSize( 26, 22 ) );
Expand Down
7 changes: 4 additions & 3 deletions src/auth/identcert/qgsauthidentcertmethod.cpp
Expand Up @@ -30,6 +30,7 @@
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"

static const QString AUTH_METHOD_KEY = QStringLiteral( "Identity-Cert" );
static const QString AUTH_METHOD_DESCRIPTION = QStringLiteral( "Identity certificate authentication" );
Expand Down Expand Up @@ -143,7 +144,7 @@ bool QgsAuthIdentCertMethod::updateDataSourceUriItems( QStringList &connectionIt
// save CAs to temp file
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
pkiTempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthManager::instance()->getTrustedCaCertsPemText() );
QgsApplication::authManager()->getTrustedCaCertsPemText() );
if ( caFilePath.isEmpty() )
{
return false;
Expand Down Expand Up @@ -238,14 +239,14 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
// else build PKI bundle
QgsAuthMethodConfig mconfig;

if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, true ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
}

// get identity from database
QPair<QSslCertificate, QSslKey> cibundle( QgsAuthManager::instance()->getCertIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) );
QPair<QSslCertificate, QSslKey> cibundle( QgsApplication::authManager()->getCertIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) );

// init client cert
// Note: if this is not valid, no sense continuing
Expand Down
9 changes: 5 additions & 4 deletions src/auth/pkipaths/qgsauthpkipathsmethod.cpp
Expand Up @@ -30,6 +30,7 @@
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"


static const QString AUTH_METHOD_KEY = QStringLiteral( "PKI-Paths" );
Expand Down Expand Up @@ -160,17 +161,17 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
{
if ( pkibundle->config().config( QStringLiteral( "addrootca" ), QStringLiteral( "false" ) ) == QStringLiteral( "true" ) )
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(), pkibundle->caChain() );
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(), pkibundle->caChain() );
}
else
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(),
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(),
QgsAuthCertUtils::casRemoveSelfSigned( pkibundle->caChain() ) );
}
}
else
{
cas = QgsAuthManager::instance()->getTrustedCaCerts();
cas = QgsApplication::authManager()->getTrustedCaCerts();
}

// save CAs to temp file
Expand Down Expand Up @@ -274,7 +275,7 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
// else build PKI bundle
QgsAuthMethodConfig mconfig;

if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, true ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
Expand Down
9 changes: 5 additions & 4 deletions src/auth/pkipkcs12/qgsauthpkcs12method.cpp
Expand Up @@ -30,6 +30,7 @@
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"


static const QString AUTH_METHOD_KEY = QStringLiteral( "PKI-PKCS#12" );
Expand Down Expand Up @@ -160,17 +161,17 @@ bool QgsAuthPkcs12Method::updateDataSourceUriItems( QStringList &connectionItems
{
if ( pkibundle->config().config( QStringLiteral( "addrootca" ), QStringLiteral( "false" ) ) == QStringLiteral( "true" ) )
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(), pkibundle->caChain() );
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(), pkibundle->caChain() );
}
else
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(),
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(),
QgsAuthCertUtils::casRemoveSelfSigned( pkibundle->caChain() ) );
}
}
else
{
cas = QgsAuthManager::instance()->getTrustedCaCerts();
cas = QgsApplication::authManager()->getTrustedCaCerts();
}

// save CAs to temp file
Expand Down Expand Up @@ -273,7 +274,7 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth
// else build PKI bundle
QgsAuthMethodConfig mconfig;

if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, true ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
Expand Down
15 changes: 8 additions & 7 deletions src/core/auth/qgsauthcertutils.cpp
Expand Up @@ -25,6 +25,7 @@

#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"

QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
{
Expand Down Expand Up @@ -419,7 +420,7 @@ QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate &qcert
const QCA::Certificate &acert,
bool issuer )
{
if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return QString();

if ( acert.isNull() )
Expand Down Expand Up @@ -505,7 +506,7 @@ QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate &cert, bool forma

QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert )
{
if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return QCA::Certificate();

QCA::ConvertResult res;
Expand All @@ -521,7 +522,7 @@ QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert
QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const QList<QSslCertificate> &certs )
{
QCA::CertificateCollection qcacoll;
if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return qcacoll;

for ( const auto &cert : certs )
Expand Down Expand Up @@ -690,7 +691,7 @@ QList<QgsAuthCertUtils::CertUsageType> QgsAuthCertUtils::certificateUsageTypes(
{
QList<QgsAuthCertUtils::CertUsageType> usages;

if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return usages;

QCA::ConvertResult res;
Expand Down Expand Up @@ -724,9 +725,9 @@ QList<QgsAuthCertUtils::CertUsageType> QgsAuthCertUtils::certificateUsageTypes(

// ask QCA what it thinks about potential usages
QCA::CertificateCollection trustedCAs(
qtCertsToQcaCollection( QgsAuthManager::instance()->getTrustedCaCertsCache() ) );
qtCertsToQcaCollection( QgsApplication::authManager()->getTrustedCaCertsCache() ) );
QCA::CertificateCollection untrustedCAs(
qtCertsToQcaCollection( QgsAuthManager::instance()->getUntrustedCaCerts() ) );
qtCertsToQcaCollection( QgsApplication::authManager()->getUntrustedCaCerts() ) );

QCA::Validity v_any;
v_any = qcacert.validate( trustedCAs, untrustedCAs, QCA::UsageAny, QCA::ValidateAll );
Expand Down Expand Up @@ -790,7 +791,7 @@ bool QgsAuthCertUtils::certificateIsSslServer( const QSslCertificate &cert )
// only what it should not be able to do (cert sign, etc.). The logic here may need refined
// see: http://security.stackexchange.com/a/26650

if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return false;

QCA::ConvertResult res;
Expand Down

0 comments on commit 48984dd

Please sign in to comment.