/**
* g_tls_database_verify_chain:
* @self: a #GTlsDatabase
* @chain: a #GTlsCertificate chain
* @purpose: the purpose that this certificate chain will be used for.
* @identity: (allow-none): the expected peer identity
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: additional verify flags
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @error: (allow-none): a #GError, or %NULL
*
* Verify's a certificate chain after looking up and adding any missing
* certificates to the chain.
*
* @chain is a chain of #GTlsCertificate objects each pointing to the next
* certificate in the chain by its %issuer property. The chain may initially
* consist of one or more certificates. After the verification process is
* complete, @chain may be modified by adding missing certificates, or removing
* extra certificates. If a certificate anchor was found, then it is added to
* the @chain.
*
* @purpose describes the purpose (or usage) for which the certificate
* is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
* which means that the certificate is being used to authenticate a server
* (and we are acting as the client).
*
* The @identity is used to check for pinned certificates (trust exceptions)
* in the database. These will override the normal verification process on a
* host by host basis.
*
* Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
* used.
*
* This function can block, use g_tls_database_verify_chain_async() to perform
* the verification operation asynchronously.
*
* Return value: the appropriate #GTlsCertificateFlags which represents the
* result of verification.
*
* Since: 2.30
*/
GTlsCertificateFlags
g_tls_database_verify_chain (GTlsDatabase *self,
GTlsCertificate *chain,
const gchar *purpose,
GSocketConnectable *identity,
GTlsInteraction *interaction,
GTlsDatabaseVerifyFlags flags,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_IS_TLS_DATABASE (self),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
G_TLS_CERTIFICATE_GENERIC_ERROR);
return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
chain,
purpose,
identity,
interaction,
flags,
cancellable,
error);
}
/**
* g_tls_database_verify_chain_async:
* @self: a #GTlsDatabase
* @chain: a #GTlsCertificate chain
* @purpose: the purpose that this certificate chain will be used for.
* @identity: (allow-none): the expected peer identity
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: additional verify flags
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @callback: callback to call when the operation completes
* @user_data: the data to pass to the callback function
*
* Asynchronously verify's a certificate chain after looking up and adding
* any missing certificates to the chain. See g_tls_database_verify_chain()
* for more information.
*
* Since: 2.30
*/
void
g_tls_database_verify_chain_async (GTlsDatabase *self,
GTlsCertificate *chain,
const gchar *purpose,
GSocketConnectable *identity,
GTlsInteraction *interaction,
GTlsDatabaseVerifyFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
g_return_if_fail (G_IS_TLS_DATABASE (self));
g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
g_return_if_fail (purpose != NULL);
g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity));
g_return_if_fail (callback != NULL);
g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
chain,
purpose,
identity,
interaction,
flags,
cancellable,
callback,
user_data);
}
/**
* g_tls_database_create_certificate_handle:
* @self: a #GTlsDatabase
* @certificate: certificate for which to create a handle.
*
* Create a handle string for the certificate. The database will only be able
* to create a handle for certificates that originate from the database. In
* cases where the database cannot create a handle for a certificate, %NULL
* will be returned.
*
* This handle should be stable across various instances of the application,
* and between applications. If a certificate is modified in the database,
* then it is not guaranteed that this handle will continue to point to it.
*
* Returns: (allow-none): a newly allocated string containing the handle.
* Since: 2.30
*/
gchar*
g_tls_database_create_certificate_handle (GTlsDatabase *self,
GTlsCertificate *certificate)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL);
return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self,
certificate);
}
/**
* g_dtls_connection_set_database:
* @conn: a #GDtlsConnection
* @database: a #GTlsDatabase
*
* Sets the certificate database that is used to verify peer certificates.
* This is set to the default database by default. See
* g_dtls_backend_get_default_database(). If set to %NULL, then
* peer certificate validation will always set the
* %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
* #GDtlsConnection::accept-certificate will always be emitted on
* client-side connections, unless that bit is not set in
* #GDtlsClientConnection:validation-flags).
*
* Since: 2.48
*/
void
g_dtls_connection_set_database (GDtlsConnection *conn,
GTlsDatabase *database)
{
g_return_if_fail (G_IS_DTLS_CONNECTION (conn));
g_return_if_fail (database == NULL || G_IS_TLS_DATABASE (database));
g_object_set (G_OBJECT (conn),
"database", database,
NULL);
}
/**
* g_tls_database_lookup_certificates_issued_by_finish:
* @self: a #GTlsDatabase
* @result: a #GAsyncResult.
* @error: a #GError pointer, or %NULL
*
* Finish an asynchronous lookup of certificates. See
* g_tls_database_lookup_certificates_issued_by() for more information.
*
* Return value: (transfer full): a newly allocated list of #GTlsCertificate objects.
* Use g_object_unref() on each certificate, and g_list_free() on the release the list.
*
* Since: 2.30
*/
GList*
g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase *self,
GAsyncResult *result,
GError **error)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL);
return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self,
result,
error);
}
/**
* g_tls_database_verify_chain_finish:
* @self: a #GTlsDatabase
* @result: a #GAsyncResult.
* @error: a #GError pointer, or %NULL
*
* Finish an asynchronous verify chain operation. See
* g_tls_database_verify_chain() for more information. *
* Return value: the appropriate #GTlsCertificateFlags which represents the
* result of verification.
*
* Since: 2.30
*/
GTlsCertificateFlags
g_tls_database_verify_chain_finish (GTlsDatabase *self,
GAsyncResult *result,
GError **error)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish,
G_TLS_CERTIFICATE_GENERIC_ERROR);
return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self,
result,
error);
}
/**
* g_tls_database_lookup_certificates_issued_by:
* @self: a #GTlsDatabase
* @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: Flags which affect the lookup operation.
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @error: (allow-none): a #GError, or %NULL
*
* Lookup certificates issued by this issuer in the database.
*
* This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
* the lookup operation asynchronously.
*
* Return value: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
* objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
*
* Since: 2.30
*/
GList*
g_tls_database_lookup_certificates_issued_by (GTlsDatabase *self,
GByteArray *issuer_raw_dn,
GTlsInteraction *interaction,
GTlsDatabaseLookupFlags flags,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
g_return_val_if_fail (issuer_raw_dn, NULL);
g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL);
return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self,
issuer_raw_dn,
interaction,
flags,
cancellable,
error);
}
/**
* g_tls_database_lookup_certificate_issuer:
* @self: a #GTlsDatabase
* @certificate: a #GTlsCertificate
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: flags which affect the lookup operation
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @error: (allow-none): a #GError, or %NULL
*
* Lookup the issuer of @certificate in the database.
*
* The %issuer property
* of @certificate is not modified, and the two certificates are not hooked
* into a chain.
*
* This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
* the lookup operation asynchronously.
*
* Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
* or %NULL. Use g_object_unref() to release the certificate.
*
* Since: 2.30
*/
GTlsCertificate*
g_tls_database_lookup_certificate_issuer (GTlsDatabase *self,
GTlsCertificate *certificate,
GTlsInteraction *interaction,
GTlsDatabaseLookupFlags flags,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL);
return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self,
certificate,
interaction,
flags,
cancellable,
error);
}
/**
* g_tls_database_lookup_certificate_for_handle_async:
* @self: a #GTlsDatabase
* @handle: a certificate handle
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: Flags which affect the lookup.
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @callback: callback to call when the operation completes
* @user_data: the data to pass to the callback function
*
* Asynchronously lookup a certificate by its handle in the database. See
* g_tls_database_lookup_certificate_for_handle() for more information.
*
* Since: 2.30
*/
void
g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase *self,
const gchar *handle,
GTlsInteraction *interaction,
GTlsDatabaseLookupFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
g_return_if_fail (G_IS_TLS_DATABASE (self));
g_return_if_fail (handle != NULL);
g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async);
G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self,
handle,
interaction,
flags,
cancellable,
callback,
user_data);
}
/**
* g_tls_database_lookup_certificates_issued_by_async:
* @self: a #GTlsDatabase
* @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: Flags which affect the lookup operation.
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @callback: callback to call when the operation completes
* @user_data: the data to pass to the callback function
*
* Asynchronously lookup certificates issued by this issuer in the database. See
* g_tls_database_lookup_certificates_issued_by() for more information.
*
* The database may choose to hold a reference to the issuer byte array for the duration
* of of this asynchronous operation. The byte array should not be modified during
* this time.
*
* Since: 2.30
*/
void
g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase *self,
GByteArray *issuer_raw_dn,
GTlsInteraction *interaction,
GTlsDatabaseLookupFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
g_return_if_fail (G_IS_TLS_DATABASE (self));
g_return_if_fail (issuer_raw_dn != NULL);
g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
g_return_if_fail (callback != NULL);
g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async);
G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self,
issuer_raw_dn,
interaction,
flags,
cancellable,
callback,
user_data);
}
