def test_160_cert_viable(self): """Text the viability of a given certificate""" # null cert cert = QSslCertificate() self.assertFalse(QgsAuthCertUtils.certIsCurrent(cert)) res = QgsAuthCertUtils.certViabilityErrors(cert) self.assertTrue(len(res) == 0) self.assertFalse(QgsAuthCertUtils.certIsViable(cert)) cert.clear() res.clear() # valid cert cert = QgsAuthCertUtils.certFromFile(PKIDATA + '/gerardus_cert.pem') self.assertTrue(QgsAuthCertUtils.certIsCurrent(cert)) res = QgsAuthCertUtils.certViabilityErrors(cert) self.assertTrue(len(res) == 0) self.assertTrue(QgsAuthCertUtils.certIsViable(cert)) cert.clear() res.clear() # expired cert cert = QgsAuthCertUtils.certFromFile(PKIDATA + '/marinus_cert-EXPIRED.pem') self.assertFalse(QgsAuthCertUtils.certIsCurrent(cert)) res = QgsAuthCertUtils.certViabilityErrors(cert) self.assertTrue(len(res) > 0) self.assertTrue(QSslError(QSslError.CertificateExpired, cert) in res) self.assertFalse(QgsAuthCertUtils.certIsViable(cert))
def run(plugin): """Import intermediate certs and return True on success""" if QgsApplication.authManager().isDisabled(): plugin.log(QgsApplication.authManager().disabledMessage()) return False ca_pems = dict() with wincertstore.CertSystemStore("CA") as store: for cert in store.itercerts(usage=None): # plugin.log(cert.get_name()) # plugin.log(cert.enhanced_keyusage_names()) ca_pems[cert.get_name()] = cert.get_pem() plugin.log( plugin.tr("Number of possible CAs found: {0}").format(len(ca_pems))) if not ca_pems: return False ca_certs = [] trusted_cas = QgsApplication.authManager().trustedCaCertsCache() for ca_cn, ca_pem in ca_pems.items(): try: ca_bytes = ca_pem.encode('ASCII') except UnicodeEncodeError: continue pem_ba = QByteArray(ca_bytes) cas = QSslCertificate.fromData(pem_ba) # plugin.log("Converted PEM to QSslCertificate {0}: ".format(ca_cn)) if not cas: plugin.log( plugin.tr("Could not convert PEM to QSslCertificate: {0}"). format(ca_cn)) continue ca = cas[0] # noinspection PyArgumentList if not QgsAuthCertUtils.certIsViable(cert=ca): plugin.log(plugin.tr(" cert not viable: {0}").format(ca_cn)) continue # noinspection PyArgumentList if not QgsAuthCertUtils.certificateIsAuthority(cert=ca): plugin.log(plugin.tr(" cert not a CA: {0}").format(ca_cn)) continue if ca in trusted_cas: plugin.log( plugin.tr(" cert already in trusted CA cache: {0}").format( ca_cn)) continue plugin.log(plugin.tr(" found CA to add: {0}").format(ca_cn)) ca_certs.append(ca) if ca_certs: plugin.log(plugin.tr("Storing CAs in auth system db")) if not QgsApplication.authManager().storeCertAuthorities(ca_certs): plugin.log(plugin.tr(" FAILED")) return False plugin.log(plugin.tr(" SUCCESS")) plugin.log(plugin.tr("Reinitializing auth system SSL caches")) QgsApplication.authManager().initSslCaches() return True else: plugin.log(plugin.tr("No CAs found to store in auth system db")) return True