Merge pull request #5644 from boundlessgeo/bd-2648-auth-thread-safety

elpaso · web-flow · commit d590e98c3f23 · 2017-11-16T18:52:28.000+01:00
[auth] Thread safe auth methods with recursive mutex
diff --git a/python/core/auth/qgsauthmethod.sip b/python/core/auth/qgsauthmethod.sip
@@ -151,6 +151,7 @@ Increment this if method is significantly updated, allow updater code to be writ
    Non-public since this is an abstract base class
 %End
 
+
     static QString authMethodTag();
 %Docstring
 Tag signifying that this is an authentcation method (e.g. for use as title in message log panel output)
@@ -171,6 +172,7 @@ Set the support expansions (points in providers where the authentication is inje
 Set list of data providers this auth method supports
 %End
 
+
 };
 QFlags<QgsAuthMethod::Expansion> operator|(QgsAuthMethod::Expansion f1, QFlags<QgsAuthMethod::Expansion> f2);
 
diff --git a/src/auth/basic/qgsauthbasicmethod.cpp b/src/auth/basic/qgsauthbasicmethod.cpp
@@ -44,6 +44,7 @@ QgsAuthBasicMethod::QgsAuthBasicMethod()
                     << QStringLiteral( "wms" )
                     << QStringLiteral( "ogr" )
                     << QStringLiteral( "proxy" ) );
+
 }
 
 QString QgsAuthBasicMethod::key() const
@@ -65,7 +66,7 @@ bool QgsAuthBasicMethod::updateNetworkRequest( QNetworkRequest &request, const Q
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
-
+  QMutexLocker locker( &mMutex );
   QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );
   if ( !mconfig.isValid() )
   {
@@ -86,6 +87,8 @@ bool QgsAuthBasicMethod::updateNetworkRequest( QNetworkRequest &request, const Q
 bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems, const QString &authcfg,
     const QString &dataprovider )
 {
+  Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
   QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );
   if ( !mconfig.isValid() )
   {
@@ -277,6 +280,7 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
 bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );
   if ( !mconfig.isValid() )
@@ -298,6 +302,7 @@ bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString
 
 void QgsAuthBasicMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 {
+  QMutexLocker locker( &mMutex );
   if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )
   {
     QgsDebugMsg( "Updating old style auth method config" );
@@ -319,7 +324,7 @@ void QgsAuthBasicMethod::clearCachedConfig( const QString &authcfg )
 
 QgsAuthMethodConfig QgsAuthBasicMethod::getMethodConfig( const QString &authcfg, bool fullconfig )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsAuthMethodConfig mconfig;
 
   // check if it is cached
@@ -338,22 +343,21 @@ QgsAuthMethodConfig QgsAuthBasicMethod::getMethodConfig( const QString &authcfg,
   }
 
   // cache bundle
-  locker.unlock();
   putMethodConfig( authcfg, mconfig );
 
   return mconfig;
 }
 
 void QgsAuthBasicMethod::putMethodConfig( const QString &authcfg, const QgsAuthMethodConfig &mconfig )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsDebugMsg( QString( "Putting basic config for authcfg: %1" ).arg( authcfg ) );
   sAuthConfigCache.insert( authcfg, mconfig );
 }
 
 void QgsAuthBasicMethod::removeMethodConfig( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   if ( sAuthConfigCache.contains( authcfg ) )
   {
     sAuthConfigCache.remove( authcfg );
diff --git a/src/auth/basic/qgsauthbasicmethod.h b/src/auth/basic/qgsauthbasicmethod.h
@@ -63,7 +63,6 @@ class QgsAuthBasicMethod : public QgsAuthMethod
 
     static QMap<QString, QgsAuthMethodConfig> sAuthConfigCache;
 
-    QMutex mConfigMutex;
 };
 
 #endif // QGSAUTHBASICMETHOD_H
diff --git a/src/auth/identcert/qgsauthidentcertmethod.cpp b/src/auth/identcert/qgsauthidentcertmethod.cpp
@@ -52,7 +52,7 @@ QgsAuthIdentCertMethod::QgsAuthIdentCertMethod()
 
 QgsAuthIdentCertMethod::~QgsAuthIdentCertMethod()
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   qDeleteAll( sPkiConfigBundleCache );
   sPkiConfigBundleCache.clear();
 }
@@ -76,6 +76,7 @@ bool QgsAuthIdentCertMethod::updateNetworkRequest( QNetworkRequest &request, con
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   // TODO: is this too restrictive, to intercept only HTTPS connections?
   if ( request.url().scheme().toLower() != QLatin1String( "https" ) )
@@ -110,6 +111,7 @@ bool QgsAuthIdentCertMethod::updateDataSourceUriItems( QStringList &connectionIt
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   QgsDebugMsg( QString( "Update URI items for authcfg: %1" ).arg( authcfg ) );
 
@@ -208,6 +210,7 @@ void QgsAuthIdentCertMethod::clearCachedConfig( const QString &authcfg )
 
 void QgsAuthIdentCertMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 {
+  QMutexLocker locker( &mMutex );
   if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )
   {
     QgsDebugMsg( "Updating old style auth method config" );
@@ -222,7 +225,7 @@ void QgsAuthIdentCertMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 
 QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsPkiConfigBundle *bundle = nullptr;
 
   // check if it is cached
@@ -267,7 +270,6 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
 
   bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey );
 
-  locker.unlock();
   // cache bundle
   putPkiConfigBundle( authcfg, bundle );
 
@@ -276,14 +278,14 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
 
 void QgsAuthIdentCertMethod::putPkiConfigBundle( const QString &authcfg, QgsPkiConfigBundle *pkibundle )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsDebugMsg( QString( "Putting PKI bundle for authcfg %1" ).arg( authcfg ) );
   sPkiConfigBundleCache.insert( authcfg, pkibundle );
 }
 
 void QgsAuthIdentCertMethod::removePkiConfigBundle( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   if ( sPkiConfigBundleCache.contains( authcfg ) )
   {
     QgsPkiConfigBundle *pkibundle = sPkiConfigBundleCache.take( authcfg );
diff --git a/src/auth/identcert/qgsauthidentcertmethod.h b/src/auth/identcert/qgsauthidentcertmethod.h
@@ -59,7 +59,6 @@ class QgsAuthIdentCertMethod : public QgsAuthMethod
 
     static QMap<QString, QgsPkiConfigBundle *> sPkiConfigBundleCache;
 
-    QMutex mConfigMutex;
 };
 
 #endif // QGSAUTHIDENTCERTMETHOD_H
diff --git a/src/auth/pkipaths/qgsauthpkipathsmethod.cpp b/src/auth/pkipaths/qgsauthpkipathsmethod.cpp
@@ -53,7 +53,7 @@ QgsAuthPkiPathsMethod::QgsAuthPkiPathsMethod()
 
 QgsAuthPkiPathsMethod::~QgsAuthPkiPathsMethod()
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   qDeleteAll( sPkiConfigBundleCache );
   sPkiConfigBundleCache.clear();
 }
@@ -77,6 +77,7 @@ bool QgsAuthPkiPathsMethod::updateNetworkRequest( QNetworkRequest &request, cons
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   // TODO: is this too restrictive, to intercept only HTTPS connections?
   if ( request.url().scheme().toLower() != QLatin1String( "https" ) )
@@ -124,6 +125,7 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   QgsDebugMsg( QString( "Update URI items for authcfg: %1" ).arg( authcfg ) );
 
@@ -237,11 +239,13 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
 
 void QgsAuthPkiPathsMethod::clearCachedConfig( const QString &authcfg )
 {
+  QMutexLocker locker( &mMutex );
   removePkiConfigBundle( authcfg );
 }
 
 void QgsAuthPkiPathsMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 {
+  QMutexLocker locker( &mMutex );
   if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )
   {
     QgsDebugMsg( "Updating old style auth method config" );
@@ -258,7 +262,7 @@ void QgsAuthPkiPathsMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 
 QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsPkiConfigBundle *bundle = nullptr;
 
   // check if it is cached
@@ -301,7 +305,6 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
 
   bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey, QgsAuthCertUtils::casFromFile( mconfig.config( QStringLiteral( "certpath" ) ) ) );
 
-  locker.unlock();
   // cache bundle
   putPkiConfigBundle( authcfg, bundle );
 
@@ -310,14 +313,14 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
 
 void QgsAuthPkiPathsMethod::putPkiConfigBundle( const QString &authcfg, QgsPkiConfigBundle *pkibundle )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsDebugMsg( QString( "Putting PKI bundle for authcfg %1" ).arg( authcfg ) );
   sPkiConfigBundleCache.insert( authcfg, pkibundle );
 }
 
 void QgsAuthPkiPathsMethod::removePkiConfigBundle( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   if ( sPkiConfigBundleCache.contains( authcfg ) )
   {
     QgsPkiConfigBundle *pkibundle = sPkiConfigBundleCache.take( authcfg );
diff --git a/src/auth/pkipaths/qgsauthpkipathsmethod.h b/src/auth/pkipaths/qgsauthpkipathsmethod.h
@@ -59,8 +59,6 @@ class QgsAuthPkiPathsMethod : public QgsAuthMethod
 
     static QMap<QString, QgsPkiConfigBundle *> sPkiConfigBundleCache;
 
-    QMutex mConfigMutex;
-
 };
 
 #endif // QGSAUTHPKIPATHSMETHOD_H
diff --git a/src/auth/pkipkcs12/qgsauthpkcs12method.cpp b/src/auth/pkipkcs12/qgsauthpkcs12method.cpp
@@ -53,7 +53,6 @@ QgsAuthPkcs12Method::QgsAuthPkcs12Method()
 
 QgsAuthPkcs12Method::~QgsAuthPkcs12Method()
 {
-  QMutexLocker locker( &mConfigMutex );
   qDeleteAll( sPkiConfigBundleCache );
   sPkiConfigBundleCache.clear();
 }
@@ -77,6 +76,7 @@ bool QgsAuthPkcs12Method::updateNetworkRequest( QNetworkRequest &request, const
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   // TODO: is this too restrictive, to intercept only HTTPS connections?
   if ( request.url().scheme().toLower() != QLatin1String( "https" ) )
@@ -124,6 +124,7 @@ bool QgsAuthPkcs12Method::updateDataSourceUriItems( QStringList &connectionItems
     const QString &dataprovider )
 {
   Q_UNUSED( dataprovider )
+  QMutexLocker locker( &mMutex );
 
   QgsDebugMsg( QString( "Update URI items for authcfg: %1" ).arg( authcfg ) );
 
@@ -237,11 +238,13 @@ bool QgsAuthPkcs12Method::updateDataSourceUriItems( QStringList &connectionItems
 
 void QgsAuthPkcs12Method::clearCachedConfig( const QString &authcfg )
 {
+  QMutexLocker locker( &mMutex );
   removePkiConfigBundle( authcfg );
 }
 
 void QgsAuthPkcs12Method::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 {
+  QMutexLocker locker( &mMutex );
   if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )
   {
     QgsDebugMsg( "Updating old style auth method config" );
@@ -257,7 +260,7 @@ void QgsAuthPkcs12Method::updateMethodConfig( QgsAuthMethodConfig &mconfig )
 
 QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsPkiConfigBundle *bundle = nullptr;
 
   // check if it is cached
@@ -331,14 +334,14 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth
 
 void QgsAuthPkcs12Method::putPkiConfigBundle( const QString &authcfg, QgsPkiConfigBundle *pkibundle )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   QgsDebugMsg( QString( "Putting PKI bundle for authcfg %1" ).arg( authcfg ) );
   sPkiConfigBundleCache.insert( authcfg, pkibundle );
 }
 
 void QgsAuthPkcs12Method::removePkiConfigBundle( const QString &authcfg )
 {
-  QMutexLocker locker( &mConfigMutex );
+  QMutexLocker locker( &mMutex );
   if ( sPkiConfigBundleCache.contains( authcfg ) )
   {
     QgsPkiConfigBundle *pkibundle = sPkiConfigBundleCache.take( authcfg );
diff --git a/src/auth/pkipkcs12/qgsauthpkcs12method.h b/src/auth/pkipkcs12/qgsauthpkcs12method.h
@@ -60,7 +60,6 @@ class QgsAuthPkcs12Method : public QgsAuthMethod
 
     static QMap<QString, QgsPkiConfigBundle *> sPkiConfigBundleCache;
 
-    QMutex mConfigMutex;
 };
 
 #endif // QGSAUTHPKCS12METHOD_H
diff --git a/src/core/auth/qgsauthmethod.h b/src/core/auth/qgsauthmethod.h
@@ -23,6 +23,7 @@
 #include <QNetworkRequest>
 #include <QStringList>
 #include <QUrl>
+#include <QMutex>
 
 #include "qgis_core.h"
 
@@ -174,8 +175,10 @@ class CORE_EXPORT QgsAuthMethod : public QObject
     explicit QgsAuthMethod()
       : mExpansions( QgsAuthMethod::Expansions( nullptr ) )
       , mDataProviders( QStringList() )
+      , mMutex( QMutex::RecursionMode::Recursive )
     {}
 
+
     //! Tag signifying that this is an authentcation method (e.g. for use as title in message log panel output)
     static QString authMethodTag() { return QObject::tr( "Authentication method" ); }
 
@@ -190,6 +193,8 @@ class CORE_EXPORT QgsAuthMethod : public QObject
     QgsAuthMethod::Expansions mExpansions;
     QStringList mDataProviders;
     int mVersion = 0;
+    QMutex mMutex;
+
 };
 Q_DECLARE_OPERATORS_FOR_FLAGS( QgsAuthMethod::Expansions )
 

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ QgsAuthBasicMethod::QgsAuthBasicMethod()`
`44`	`44`	`<< QStringLiteral( "wms" )`
`45`	`45`	`<< QStringLiteral( "ogr" )`
`46`	`46`	`<< QStringLiteral( "proxy" ) );`
	`47`	`+`
`47`	`48`	`}`
`48`	`49`
`49`	`50`	`QString QgsAuthBasicMethod::key() const`
`@@ -65,7 +66,7 @@ bool QgsAuthBasicMethod::updateNetworkRequest( QNetworkRequest &request, const Q`
`65`	`66`	`const QString &dataprovider )`
`66`	`67`	`{`
`67`	`68`	`Q_UNUSED( dataprovider )`
`68`		`-`
	`69`	`+ QMutexLocker locker( &mMutex );`
`69`	`70`	`QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );`
`70`	`71`	`if ( !mconfig.isValid() )`
`71`	`72`	`{`
`@@ -86,6 +87,8 @@ bool QgsAuthBasicMethod::updateNetworkRequest( QNetworkRequest &request, const Q`
`86`	`87`	`bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems, const QString &authcfg,`
`87`	`88`	`const QString &dataprovider )`
`88`	`89`	`{`
	`90`	`+ Q_UNUSED( dataprovider )`
	`91`	`+ QMutexLocker locker( &mMutex );`
`89`	`92`	`QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );`
`90`	`93`	`if ( !mconfig.isValid() )`
`91`	`94`	`{`
`@@ -277,6 +280,7 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,`
`277`	`280`	`bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider )`
`278`	`281`	`{`
`279`	`282`	`Q_UNUSED( dataprovider )`
	`283`	`+ QMutexLocker locker( &mMutex );`
`280`	`284`
`281`	`285`	`QgsAuthMethodConfig mconfig = getMethodConfig( authcfg );`
`282`	`286`	`if ( !mconfig.isValid() )`
`@@ -298,6 +302,7 @@ bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString`
`298`	`302`
`299`	`303`	`void QgsAuthBasicMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`300`	`304`	`{`
	`305`	`+ QMutexLocker locker( &mMutex );`
`301`	`306`	`if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )`
`302`	`307`	`{`
`303`	`308`	`QgsDebugMsg( "Updating old style auth method config" );`
`@@ -319,7 +324,7 @@ void QgsAuthBasicMethod::clearCachedConfig( const QString &authcfg )`
`319`	`324`
`320`	`325`	`QgsAuthMethodConfig QgsAuthBasicMethod::getMethodConfig( const QString &authcfg, bool fullconfig )`
`321`	`326`	`{`
`322`		`- QMutexLocker locker( &mConfigMutex );`
	`327`	`+ QMutexLocker locker( &mMutex );`
`323`	`328`	`QgsAuthMethodConfig mconfig;`
`324`	`329`
`325`	`330`	`// check if it is cached`
`@@ -338,22 +343,21 @@ QgsAuthMethodConfig QgsAuthBasicMethod::getMethodConfig( const QString &authcfg,`
`338`	`343`	`}`
`339`	`344`
`340`	`345`	`// cache bundle`
`341`		`- locker.unlock();`
`342`	`346`	`putMethodConfig( authcfg, mconfig );`
`343`	`347`
`344`	`348`	`return mconfig;`
`345`	`349`	`}`
`346`	`350`
`347`	`351`	`void QgsAuthBasicMethod::putMethodConfig( const QString &authcfg, const QgsAuthMethodConfig &mconfig )`
`348`	`352`	`{`
`349`		`- QMutexLocker locker( &mConfigMutex );`
	`353`	`+ QMutexLocker locker( &mMutex );`
`350`	`354`	`QgsDebugMsg( QString( "Putting basic config for authcfg: %1" ).arg( authcfg ) );`
`351`	`355`	`sAuthConfigCache.insert( authcfg, mconfig );`
`352`	`356`	`}`
`353`	`357`
`354`	`358`	`void QgsAuthBasicMethod::removeMethodConfig( const QString &authcfg )`
`355`	`359`	`{`
`356`		`- QMutexLocker locker( &mConfigMutex );`
	`360`	`+ QMutexLocker locker( &mMutex );`
`357`	`361`	`if ( sAuthConfigCache.contains( authcfg ) )`
`358`	`362`	`{`
`359`	`363`	`sAuthConfigCache.remove( authcfg );`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ QgsAuthIdentCertMethod::QgsAuthIdentCertMethod()`
`52`	`52`
`53`	`53`	`QgsAuthIdentCertMethod::~QgsAuthIdentCertMethod()`
`54`	`54`	`{`
`55`		`- QMutexLocker locker( &mConfigMutex );`
	`55`	`+ QMutexLocker locker( &mMutex );`
`56`	`56`	`qDeleteAll( sPkiConfigBundleCache );`
`57`	`57`	`sPkiConfigBundleCache.clear();`
`58`	`58`	`}`
`@@ -76,6 +76,7 @@ bool QgsAuthIdentCertMethod::updateNetworkRequest( QNetworkRequest &request, con`
`76`	`76`	`const QString &dataprovider )`
`77`	`77`	`{`
`78`	`78`	`Q_UNUSED( dataprovider )`
	`79`	`+ QMutexLocker locker( &mMutex );`
`79`	`80`
`80`	`81`	`// TODO: is this too restrictive, to intercept only HTTPS connections?`
`81`	`82`	`if ( request.url().scheme().toLower() != QLatin1String( "https" ) )`
`@@ -110,6 +111,7 @@ bool QgsAuthIdentCertMethod::updateDataSourceUriItems( QStringList &connectionIt`
`110`	`111`	`const QString &dataprovider )`
`111`	`112`	`{`
`112`	`113`	`Q_UNUSED( dataprovider )`
	`114`	`+ QMutexLocker locker( &mMutex );`
`113`	`115`
`114`	`116`	`QgsDebugMsg( QString( "Update URI items for authcfg: %1" ).arg( authcfg ) );`
`115`	`117`
`@@ -208,6 +210,7 @@ void QgsAuthIdentCertMethod::clearCachedConfig( const QString &authcfg )`
`208`	`210`
`209`	`211`	`void QgsAuthIdentCertMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`210`	`212`	`{`
	`213`	`+ QMutexLocker locker( &mMutex );`
`211`	`214`	`if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )`
`212`	`215`	`{`
`213`	`216`	`QgsDebugMsg( "Updating old style auth method config" );`
`@@ -222,7 +225,7 @@ void QgsAuthIdentCertMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`222`	`225`
`223`	`226`	`QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &authcfg )`
`224`	`227`	`{`
`225`		`- QMutexLocker locker( &mConfigMutex );`
	`228`	`+ QMutexLocker locker( &mMutex );`
`226`	`229`	`QgsPkiConfigBundle *bundle = nullptr;`
`227`	`230`
`228`	`231`	`// check if it is cached`
`@@ -267,7 +270,6 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a`
`267`	`270`
`268`	`271`	`bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey );`
`269`	`272`
`270`		`- locker.unlock();`
`271`	`273`	`// cache bundle`
`272`	`274`	`putPkiConfigBundle( authcfg, bundle );`
`273`	`275`
`@@ -276,14 +278,14 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a`
`276`	`278`
`277`	`279`	`void QgsAuthIdentCertMethod::putPkiConfigBundle( const QString &authcfg, QgsPkiConfigBundle *pkibundle )`
`278`	`280`	`{`
`279`		`- QMutexLocker locker( &mConfigMutex );`
	`281`	`+ QMutexLocker locker( &mMutex );`
`280`	`282`	`QgsDebugMsg( QString( "Putting PKI bundle for authcfg %1" ).arg( authcfg ) );`
`281`	`283`	`sPkiConfigBundleCache.insert( authcfg, pkibundle );`
`282`	`284`	`}`
`283`	`285`
`284`	`286`	`void QgsAuthIdentCertMethod::removePkiConfigBundle( const QString &authcfg )`
`285`	`287`	`{`
`286`		`- QMutexLocker locker( &mConfigMutex );`
	`288`	`+ QMutexLocker locker( &mMutex );`
`287`	`289`	`if ( sPkiConfigBundleCache.contains( authcfg ) )`
`288`	`290`	`{`
`289`	`291`	`QgsPkiConfigBundle *pkibundle = sPkiConfigBundleCache.take( authcfg );`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ QgsAuthPkiPathsMethod::QgsAuthPkiPathsMethod()`
`53`	`53`
`54`	`54`	`QgsAuthPkiPathsMethod::~QgsAuthPkiPathsMethod()`
`55`	`55`	`{`
`56`		`- QMutexLocker locker( &mConfigMutex );`
	`56`	`+ QMutexLocker locker( &mMutex );`
`57`	`57`	`qDeleteAll( sPkiConfigBundleCache );`
`58`	`58`	`sPkiConfigBundleCache.clear();`
`59`	`59`	`}`
`@@ -77,6 +77,7 @@ bool QgsAuthPkiPathsMethod::updateNetworkRequest( QNetworkRequest &request, cons`
`77`	`77`	`const QString &dataprovider )`
`78`	`78`	`{`
`79`	`79`	`Q_UNUSED( dataprovider )`
	`80`	`+ QMutexLocker locker( &mMutex );`
`80`	`81`
`81`	`82`	`// TODO: is this too restrictive, to intercept only HTTPS connections?`
`82`	`83`	`if ( request.url().scheme().toLower() != QLatin1String( "https" ) )`
`@@ -124,6 +125,7 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte`
`124`	`125`	`const QString &dataprovider )`
`125`	`126`	`{`
`126`	`127`	`Q_UNUSED( dataprovider )`
	`128`	`+ QMutexLocker locker( &mMutex );`
`127`	`129`
`128`	`130`	`QgsDebugMsg( QString( "Update URI items for authcfg: %1" ).arg( authcfg ) );`
`129`	`131`
`@@ -237,11 +239,13 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte`
`237`	`239`
`238`	`240`	`void QgsAuthPkiPathsMethod::clearCachedConfig( const QString &authcfg )`
`239`	`241`	`{`
	`242`	`+ QMutexLocker locker( &mMutex );`
`240`	`243`	`removePkiConfigBundle( authcfg );`
`241`	`244`	`}`
`242`	`245`
`243`	`246`	`void QgsAuthPkiPathsMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`244`	`247`	`{`
	`248`	`+ QMutexLocker locker( &mMutex );`
`245`	`249`	`if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )`
`246`	`250`	`{`
`247`	`251`	`QgsDebugMsg( "Updating old style auth method config" );`
`@@ -258,7 +262,7 @@ void QgsAuthPkiPathsMethod::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`258`	`262`
`259`	`263`	`QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &authcfg )`
`260`	`264`	`{`
`261`		`- QMutexLocker locker( &mConfigMutex );`
	`265`	`+ QMutexLocker locker( &mMutex );`
`262`	`266`	`QgsPkiConfigBundle *bundle = nullptr;`
`263`	`267`
`264`	`268`	`// check if it is cached`
`@@ -301,7 +305,6 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au`
`301`	`305`
`302`	`306`	`bundle = new QgsPkiConfigBundle( mconfig, clientcert, clientkey, QgsAuthCertUtils::casFromFile( mconfig.config( QStringLiteral( "certpath" ) ) ) );`
`303`	`307`
`304`		`- locker.unlock();`
`305`	`308`	`// cache bundle`
`306`	`309`	`putPkiConfigBundle( authcfg, bundle );`
`307`	`310`
`@@ -310,14 +313,14 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au`
`310`	`313`
`311`	`314`	`void QgsAuthPkiPathsMethod::putPkiConfigBundle( const QString &authcfg, QgsPkiConfigBundle *pkibundle )`
`312`	`315`	`{`
`313`		`- QMutexLocker locker( &mConfigMutex );`
	`316`	`+ QMutexLocker locker( &mMutex );`
`314`	`317`	`QgsDebugMsg( QString( "Putting PKI bundle for authcfg %1" ).arg( authcfg ) );`
`315`	`318`	`sPkiConfigBundleCache.insert( authcfg, pkibundle );`
`316`	`319`	`}`
`317`	`320`
`318`	`321`	`void QgsAuthPkiPathsMethod::removePkiConfigBundle( const QString &authcfg )`
`319`	`322`	`{`
`320`		`- QMutexLocker locker( &mConfigMutex );`
	`323`	`+ QMutexLocker locker( &mMutex );`
`321`	`324`	`if ( sPkiConfigBundleCache.contains( authcfg ) )`
`322`	`325`	`{`
`323`	`326`	`QgsPkiConfigBundle *pkibundle = sPkiConfigBundleCache.take( authcfg );`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,6 @@ QgsAuthPkcs12Method::QgsAuthPkcs12Method()`
`53`	`53`
`54`	`54`	`QgsAuthPkcs12Method::~QgsAuthPkcs12Method()`
`55`	`55`	`{`
`56`		`- QMutexLocker locker( &mConfigMutex );`
`57`	`56`	`qDeleteAll( sPkiConfigBundleCache );`
`58`	`57`	`sPkiConfigBundleCache.clear();`
`59`	`58`	`}`
`@@ -77,6 +76,7 @@ bool QgsAuthPkcs12Method::updateNetworkRequest( QNetworkRequest &request, const`
`77`	`76`	`const QString &dataprovider )`
`78`	`77`	`{`
`79`	`78`	`Q_UNUSED( dataprovider )`
	`79`	`+ QMutexLocker locker( &mMutex );`
`80`	`80`
`81`	`81`	`// TODO: is this too restrictive, to intercept only HTTPS connections?`
`82`	`82`	`if ( request.url().scheme().toLower() != QLatin1String( "https" ) )`
`@@ -124,6 +124,7 @@ bool QgsAuthPkcs12Method::updateDataSourceUriItems( QStringList &connectionItems`
`124`	`124`	`const QString &dataprovider )`
`125`	`125`	`{`
`126`	`126`	`Q_UNUSED( dataprovider )`
	`127`	`+ QMutexLocker locker( &mMutex );`
`127`	`128`
`128`	`129`	`QgsDebugMsg( QString( "Update URI items for authcfg: %1" ).arg( authcfg ) );`
`129`	`130`
`@@ -237,11 +238,13 @@ bool QgsAuthPkcs12Method::updateDataSourceUriItems( QStringList &connectionItems`
`237`	`238`
`238`	`239`	`void QgsAuthPkcs12Method::clearCachedConfig( const QString &authcfg )`
`239`	`240`	`{`
	`241`	`+ QMutexLocker locker( &mMutex );`
`240`	`242`	`removePkiConfigBundle( authcfg );`
`241`	`243`	`}`
`242`	`244`
`243`	`245`	`void QgsAuthPkcs12Method::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`244`	`246`	`{`
	`247`	`+ QMutexLocker locker( &mMutex );`
`245`	`248`	`if ( mconfig.hasConfig( QStringLiteral( "oldconfigstyle" ) ) )`
`246`	`249`	`{`
`247`	`250`	`QgsDebugMsg( "Updating old style auth method config" );`
`@@ -257,7 +260,7 @@ void QgsAuthPkcs12Method::updateMethodConfig( QgsAuthMethodConfig &mconfig )`
`257`	`260`
`258`	`261`	`QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &authcfg )`
`259`	`262`	`{`
`260`		`- QMutexLocker locker( &mConfigMutex );`
	`263`	`+ QMutexLocker locker( &mMutex );`
`261`	`264`	`QgsPkiConfigBundle *bundle = nullptr;`
`262`	`265`
`263`	`266`	`// check if it is cached`
`@@ -331,14 +334,14 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth`
`331`	`334`
`332`	`335`	`void QgsAuthPkcs12Method::putPkiConfigBundle( const QString &authcfg, QgsPkiConfigBundle *pkibundle )`
`333`	`336`	`{`
`334`		`- QMutexLocker locker( &mConfigMutex );`
	`337`	`+ QMutexLocker locker( &mMutex );`
`335`	`338`	`QgsDebugMsg( QString( "Putting PKI bundle for authcfg %1" ).arg( authcfg ) );`
`336`	`339`	`sPkiConfigBundleCache.insert( authcfg, pkibundle );`
`337`	`340`	`}`
`338`	`341`
`339`	`342`	`void QgsAuthPkcs12Method::removePkiConfigBundle( const QString &authcfg )`
`340`	`343`	`{`
`341`		`- QMutexLocker locker( &mConfigMutex );`
	`344`	`+ QMutexLocker locker( &mMutex );`
`342`	`345`	`if ( sPkiConfigBundleCache.contains( authcfg ) )`
`343`	`346`	`{`
`344`	`347`	`QgsPkiConfigBundle *pkibundle = sPkiConfigBundleCache.take( authcfg );`