[auth system] Python bindings for core and gui classes

qgis · Sep 21, 2015 · c894357 · c894357
1 parent 907b019
commit c894357
Show file tree

Hide file tree

Showing 22 changed files with 1,035 additions and 0 deletions.
diff --git a/python/core/auth/qgsauthcertutils.sip b/python/core/auth/qgsauthcertutils.sip
@@ -0,0 +1,147 @@
+class QgsAuthCertUtils
+{
+%TypeHeaderCode
+#include <qgsauthcertutils.h>
+%End
+  public:
+    enum CaCertSource
+    {
+      SystemRoot = 0,
+      FromFile = 1,
+      InDatabase = 2,
+      Connection = 3
+    };
+
+    enum CertTrustPolicy
+    {
+      DefaultTrust = 0,
+      Trusted = 1,
+      Untrusted = 2,
+      NoPolicy = 3
+    };
+
+    enum CertUsageType
+    {
+      UndeterminedUsage = 0,
+      AnyOrUnspecifiedUsage,
+      CertAuthorityUsage,
+      CertIssuerUsage,
+      TlsServerUsage,
+      TlsServerEvUsage,
+      TlsClientUsage,
+      CodeSigningUsage,
+      EmailProtectionUsage,
+      TimeStampingUsage,
+      CRLSigningUsage
+    };
+
+    enum ConstraintGroup
+    {
+      KeyUsage = 0,
+      ExtendedKeyUsage = 1
+    };
+
+
+
+    static const QString getSslProtocolName( QSsl::SslProtocol protocol );
+
+
+    static const QMap< QString, QSslCertificate> mapDigestToCerts( QList<QSslCertificate> certs );
+
+
+    // static const QMap< QString, QList<QSslCertificate> > certsGroupedByOrg( QList<QSslCertificate> certs );
+
+
+    static const QMap< QString, QgsAuthConfigSslServer> mapDigestToSslConfigs( QList<QgsAuthConfigSslServer> configs );
+
+
+    // static const QMap< QString, QList<QgsAuthConfigSslServer> > sslConfigsGroupedByOrg( QList<QgsAuthConfigSslServer> configs );
+
+
+    static const QList<QSslCertificate> certsFromFile( const QString &certspath );
+
+
+    static const QSslCertificate certFromFile( const QString &certpath );
+
+
+    static const QSslKey keyFromFile( const QString &keypath,
+                                      const QString &keypass = QString(),
+                                      QString *algtype = 0 );
+
+
+    static const QList<QSslCertificate> certsFromString( const QString &pemtext );
+
+
+    static const QStringList certKeyBundleToPem( const QString &certpath,
+                                                 const QString &keypath,
+                                                 const QString &keypass = QString(),
+                                                 bool reencrypt = true );
+
+
+    static const QStringList pkcs12BundleToPem( const QString &bundlepath,
+                                                const QString &bundlepass = QString(),
+                                                bool reencrypt = true );
+
+
+    static const QString getCaSourceName( QgsAuthCertUtils::CaCertSource source , bool single = false );
+
+
+    static const QString resolvedCertName( const QSslCertificate& cert, bool issuer = false );
+
+
+    // static const QString getCertDistinguishedName( const QSslCertificate& qcert,
+    //                                                const QCA::Certificate& acert = QCA::Certificate(),
+    //                                                bool issuer = false );
+
+
+    static const QString getCertTrustName( QgsAuthCertUtils::CertTrustPolicy trust );
+
+
+    static const QString getColonDelimited( const QString& txt );
+
+
+    static const QString shaHexForCert( const QSslCertificate &cert , bool formatted = false );
+
+
+    // static const QCA::Certificate qtCertToQcaCert( const QSslCertificate& cert );
+
+
+    // static const QCA::CertificateCollection qtCertsToQcaCollection( const QList<QSslCertificate>& certs );
+
+
+    // static const QCA::KeyBundle qcaKeyBundle( const QString &path, const QString &pass );
+
+
+    // static const QString qcaValidityMessage( QCA::Validity validity );
+
+
+    // static const QString qcaSignatureAlgorithm( QCA::SignatureAlgorithm algorithm );
+
+
+    // static const QString qcaKnownConstraint( QCA::ConstraintTypeKnown constraint );
+
+
+    static const QString certificateUsageTypeString( QgsAuthCertUtils::CertUsageType usagetype );
+
+
+    static QList<QgsAuthCertUtils::CertUsageType> certificateUsageTypes( const QSslCertificate& cert );
+
+
+    static bool certificateIsAuthority( const QSslCertificate& cert );
+
+
+    static bool certificateIsIssuer( const QSslCertificate& cert );
+
+
+    static bool certificateIsAuthorityOrIssuer( const QSslCertificate& cert );
+
+
+    static bool certificateIsSslServer( const QSslCertificate& cert );
+
+
+    static bool certificateIsSslClient( const QSslCertificate& cert );
+
+    static const QString sslErrorEnumString( QSslError::SslError errenum );
+
+    // static const QList<QPair<QSslError::SslError, QString> > sslErrorEnumStrings();
+};
diff --git a/python/core/auth/qgsauthconfig.sip b/python/core/auth/qgsauthconfig.sip
@@ -0,0 +1,208 @@
+class QgsAuthMethodConfig
+{
+%TypeHeaderCode
+#include <qgsauthconfig.h>
+%End
+  public:
+
+    QgsAuthMethodConfig( QString method = QString(), int version = 0 );
+
+    QgsAuthMethodConfig( const QgsAuthMethodConfig& methodconfig );
+
+    ~QgsAuthMethodConfig();
+
+    const QString id() const;
+    void setId( const QString& id );
+
+    const QString name() const;
+    void setName( const QString& name );
+
+    const QString uri() const;
+    void setUri( const QString& uri );
+
+    QString method() const;
+    void setMethod( QString method );
+
+    int version() const;
+    void setVersion( int version );
+
+    bool isValid( bool validateid = false ) const;
+
+    const QString configString() const;
+    void loadConfigString( const QString& configstr );
+
+    QgsStringMap configMap() const;
+    void setConfigMap( QgsStringMap map );
+
+    void setConfig( const QString &key, const QString &value );
+    void setConfigList( const QString &key, const QStringList &value );
+
+    int removeConfig( const QString &key );
+
+    QString config( const QString &key , const QString defaultvalue = QString() ) const;
+
+    QStringList configList( const QString &key ) const;
+
+    bool hasConfig( const QString &key ) const;
+
+    void clearConfigMap();
+
+    static bool uriToResource( const QString &accessurl, QString *resource, bool withpath = false );
+};
+
+typedef QHash<QString, QgsAuthMethodConfig> QgsAuthMethodConfigsMap;
+
+
+class QgsPkiBundle
+{
+%TypeHeaderCode
+#include <qgsauthconfig.h>
+%End
+  public:
+    QgsPkiBundle( const QSslCertificate &clientCert = QSslCertificate(),
+                  const QSslKey &clientKey = QSslKey(),
+                  const QString &keyPassphrase = QString::null ,
+                  const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
+    ~QgsPkiBundle();
+
+    static const QgsPkiBundle fromPemPaths( const QString &certPath,
+                                            const QString &keyPath,
+                                            const QString &keyPass = QString::null,
+                                            const QList<QSslCertificate> &caChain = QList<QSslCertificate>() );
+
+    static const QgsPkiBundle fromPkcs12Paths( const QString &bundlepath,
+                                               const QString &bundlepass = QString::null );
+
+    bool isNull() const;
+    bool isValid() const;
+
+    const QString certId() const;
+
+    const QSslCertificate clientCert() const;
+    void setClientCert( const QSslCertificate &cert );
+
+    const QSslKey clientKey( bool reencrypt = true ) const;
+    void setClientKey( const QSslKey &certkey );
+
+    const QString keyPassphrase() const;
+    void setKeyPassphrase( const QString &pass );
+
+    const QList<QSslCertificate> caChain() const;
+    void setCaChain( const QList<QSslCertificate> &cachain );
+};
+
+
+class QgsPkiConfigBundle
+{
+%TypeHeaderCode
+#include <qgsauthconfig.h>
+%End
+
+  public:
+    QgsPkiConfigBundle( const QgsAuthMethodConfig& config,
+                  const QSslCertificate& cert,
+                  const QSslKey& certkey );
+    ~QgsPkiConfigBundle();
+
+    bool isValid();
+
+    const QgsAuthMethodConfig config() const;
+    void setConfig( const QgsAuthMethodConfig& config );
+
+    const QSslCertificate clientCert() const;
+    void setClientCert( const QSslCertificate& cert );
+
+    const QSslKey clientCertKey() const;
+    void setClientCertKey( const QSslKey& certkey );
+};
+
+
+%MappedType QList<QSslError::SslError>
+{
+%TypeHeaderCode
+#include <QList>
+%End
+
+%ConvertFromTypeCode
+  // Create the list.
+  PyObject *l;
+
+  if ((l = PyList_New(sipCpp->size())) == NULL)
+    return NULL;
+
+  // Set the list elements.
+  QList<QSslError::SslError>::iterator it = sipCpp->begin();
+  for (int i = 0; it != sipCpp->end(); ++it, ++i)
+  {
+    PyObject *tobj;
+
+    if ((tobj = sipConvertFromEnum(*it, sipType_QSslError_SslError)) == NULL)
+    {
+      Py_DECREF(l);
+      return NULL;
+    }
+    PyList_SET_ITEM(l, i, tobj);
+  }
+
+  return l;
+%End
+
+%ConvertToTypeCode
+  // Check the type if that is all that is required.
+  if (sipIsErr == NULL)
+    return PyList_Check(sipPy);
+
+  QList<QSslError::SslError> *qlist = new QList<QSslError::SslError>;
+
+  for (int i = 0; i < PyList_GET_SIZE(sipPy); ++i)
+  {
+    *qlist << (QSslError::SslError)SIPLong_AsLong(PyList_GET_ITEM(sipPy, i));
+  }
+
+  *sipCppPtr = qlist;
+  return sipGetState(sipTransferObj);
+%End
+};
+
+
+class QgsAuthConfigSslServer
+{
+%TypeHeaderCode
+#include <qgsauthconfig.h>
+%End
+  public:
+    QgsAuthConfigSslServer();
+
+    ~QgsAuthConfigSslServer();
+
+    const QSslCertificate sslCertificate() const;
+    void setSslCertificate( const QSslCertificate& cert );
+
+    const QString sslHostPort() const;
+    void setSslHostPort( const QString& hostport );
+
+    QSsl::SslProtocol sslProtocol() const;
+    void setSslProtocol( QSsl::SslProtocol protocol );
+
+    const QList<QSslError> sslIgnoredErrors() const;
+    const QList<QSslError::SslError> sslIgnoredErrorEnums() const;
+    void setSslIgnoredErrorEnums( const QList<QSslError::SslError>& errors );
+
+    QSslSocket::PeerVerifyMode sslPeerVerifyMode() const;
+    void setSslPeerVerifyMode( QSslSocket::PeerVerifyMode mode );
+
+    int sslPeerVerifyDepth() const;
+    void setSslPeerVerifyDepth( int depth );
+
+    int version() const;
+    void setVersion( int version );
+
+    int qtVersion() const;
+    void setQtVersion( int version );
+
+    const QString configString() const;
+    void loadConfigString( const QString& config = QString() );
+
+    bool isNull() const;
+};
+
diff --git a/python/core/auth/qgsauthcrypto.sip b/python/core/auth/qgsauthcrypto.sip
@@ -0,0 +1,23 @@
+class QgsAuthCrypto
+{
+%TypeHeaderCode
+#include <qgsauthcrypto.h>
+%End
+
+  public:
+    static bool isDisabled();
+
+    static const QString encrypt( QString pass, QString cipheriv, QString text );
+
+    static const QString decrypt( QString pass, QString cipheriv, QString text );
+
+    static void passwordKeyHash( const QString &pass,
+                                 QString *salt,
+                                 QString *hash,
+                                 QString *cipheriv = 0 );
+
+    static bool verifyPasswordKeyHash( const QString& pass,
+                                       const QString& salt,
+                                       const QString& hash,
+                                       QString *hashderived = 0 );
+};