def test_160_cert_viable(self):
"""Text the viability of a given certificate"""
# null cert
cert = QSslCertificate()
self.assertFalse(QgsAuthCertUtils.certIsCurrent(cert))
res = QgsAuthCertUtils.certViabilityErrors(cert)
self.assertTrue(len(res) == 0)
self.assertFalse(QgsAuthCertUtils.certIsViable(cert))
cert.clear()
res.clear()
# valid cert
cert = QgsAuthCertUtils.certFromFile(PKIDATA + '/gerardus_cert.pem')
self.assertTrue(QgsAuthCertUtils.certIsCurrent(cert))
res = QgsAuthCertUtils.certViabilityErrors(cert)
self.assertTrue(len(res) == 0)
self.assertTrue(QgsAuthCertUtils.certIsViable(cert))
cert.clear()
res.clear()
# expired cert
cert = QgsAuthCertUtils.certFromFile(PKIDATA + '/marinus_cert-EXPIRED.pem')
self.assertFalse(QgsAuthCertUtils.certIsCurrent(cert))
res = QgsAuthCertUtils.certViabilityErrors(cert)
self.assertTrue(len(res) > 0)
self.assertTrue(QSslError(QSslError.CertificateExpired, cert) in res)
self.assertFalse(QgsAuthCertUtils.certIsViable(cert))
def test_160_cert_viable(self):
"""Text the viability of a given certificate"""
# null cert
cert = QSslCertificate()
self.assertFalse(QgsAuthCertUtils.certIsCurrent(cert))
res = QgsAuthCertUtils.certViabilityErrors(cert)
self.assertTrue(len(res) == 0)
self.assertFalse(QgsAuthCertUtils.certIsViable(cert))
cert.clear()
res.clear()
# valid cert
cert = QgsAuthCertUtils.certFromFile(PKIDATA + '/gerardus_cert.pem')
self.assertTrue(QgsAuthCertUtils.certIsCurrent(cert))
res = QgsAuthCertUtils.certViabilityErrors(cert)
self.assertTrue(len(res) == 0)
self.assertTrue(QgsAuthCertUtils.certIsViable(cert))
cert.clear()
res.clear()
# expired cert
cert = QgsAuthCertUtils.certFromFile(PKIDATA + '/marinus_cert-EXPIRED.pem')
self.assertFalse(QgsAuthCertUtils.certIsCurrent(cert))
res = QgsAuthCertUtils.certViabilityErrors(cert)
self.assertTrue(len(res) > 0)
self.assertTrue(QSslError(QSslError.CertificateExpired, cert) in res)
self.assertFalse(QgsAuthCertUtils.certIsViable(cert))
def run(plugin):
"""Import intermediate certs and return True on success"""
if QgsApplication.authManager().isDisabled():
plugin.log(QgsApplication.authManager().disabledMessage())
return False
ca_pems = dict()
with wincertstore.CertSystemStore("CA") as store:
for cert in store.itercerts(usage=None):
# plugin.log(cert.get_name())
# plugin.log(cert.enhanced_keyusage_names())
ca_pems[cert.get_name()] = cert.get_pem()
plugin.log(
plugin.tr("Number of possible CAs found: {0}").format(len(ca_pems)))
if not ca_pems:
return False
ca_certs = []
trusted_cas = QgsApplication.authManager().trustedCaCertsCache()
for ca_cn, ca_pem in ca_pems.items():
try:
ca_bytes = ca_pem.encode('ASCII')
except UnicodeEncodeError:
continue
pem_ba = QByteArray(ca_bytes)
cas = QSslCertificate.fromData(pem_ba)
# plugin.log("Converted PEM to QSslCertificate {0}: ".format(ca_cn))
if not cas:
plugin.log(
plugin.tr("Could not convert PEM to QSslCertificate: {0}").
format(ca_cn))
continue
ca = cas[0]
# noinspection PyArgumentList
if not QgsAuthCertUtils.certIsViable(cert=ca):
plugin.log(plugin.tr(" cert not viable: {0}").format(ca_cn))
continue
# noinspection PyArgumentList
if not QgsAuthCertUtils.certificateIsAuthority(cert=ca):
plugin.log(plugin.tr(" cert not a CA: {0}").format(ca_cn))
continue
if ca in trusted_cas:
plugin.log(
plugin.tr(" cert already in trusted CA cache: {0}").format(
ca_cn))
continue
plugin.log(plugin.tr(" found CA to add: {0}").format(ca_cn))
ca_certs.append(ca)
if ca_certs:
plugin.log(plugin.tr("Storing CAs in auth system db"))
if not QgsApplication.authManager().storeCertAuthorities(ca_certs):
plugin.log(plugin.tr(" FAILED"))
return False
plugin.log(plugin.tr(" SUCCESS"))
plugin.log(plugin.tr("Reinitializing auth system SSL caches"))
QgsApplication.authManager().initSslCaches()
return True
else:
plugin.log(plugin.tr("No CAs found to store in auth system db"))
return True
