1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2010 Collabora, Ltd.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: Stef Walter <stefw@collabora.co.uk>
25 #include "gtlsdatabase.h"
27 #include "gasyncresult.h"
28 #include "gcancellable.h"
30 #include "gsimpleasyncresult.h"
31 #include "gsocketconnectable.h"
32 #include "gtlscertificate.h"
33 #include "gtlsinteraction.h"
36 * SECTION:gtlsdatabase
37 * @short_description: TLS database type
40 * #GTlsDatabase is used to lookup certificates and other information
41 * from a certificate or key store. It is an abstract base class which
42 * TLS library specific subtypes override.
44 * Most common client applications will not directly interact with
45 * #GTlsDatabase. It is used internally by #GTlsConnection.
53 * Abstract base class for the backend-specific database types.
58 G_DEFINE_ABSTRACT_TYPE (GTlsDatabase
, g_tls_database
, G_TYPE_OBJECT
);
67 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER:
69 * The purpose used to verify the server certificate in a TLS connection. This
70 * is the most common purpose in use. Used by TLS clients.
74 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT:
76 * The purpose used to verify the client certificate in a TLS connection.
77 * Used by TLS servers.
81 g_tls_database_init (GTlsDatabase
*cert
)
86 typedef struct _AsyncVerifyChain
{
87 GTlsCertificate
*chain
;
89 GSocketConnectable
*identity
;
90 GTlsInteraction
*interaction
;
91 GTlsDatabaseVerifyFlags flags
;
92 GTlsCertificateFlags verify_result
;
96 async_verify_chain_free (gpointer data
)
98 AsyncVerifyChain
*args
= data
;
99 g_clear_object (&args
->chain
);
100 g_free (args
->purpose
);
101 g_clear_object (&args
->identity
);
102 g_clear_object (&args
->interaction
);
103 g_slice_free (AsyncVerifyChain
, args
);
107 async_verify_chain_thread (GSimpleAsyncResult
*res
,
109 GCancellable
*cancellable
)
111 AsyncVerifyChain
*args
= g_simple_async_result_get_op_res_gpointer (res
);
112 GError
*error
= NULL
;
114 args
->verify_result
= g_tls_database_verify_chain (G_TLS_DATABASE (object
),
124 g_simple_async_result_take_error (res
, error
);
128 g_tls_database_real_verify_chain_async (GTlsDatabase
*self
,
129 GTlsCertificate
*chain
,
130 const gchar
*purpose
,
131 GSocketConnectable
*identity
,
132 GTlsInteraction
*interaction
,
133 GTlsDatabaseVerifyFlags flags
,
134 GCancellable
*cancellable
,
135 GAsyncReadyCallback callback
,
138 GSimpleAsyncResult
*res
;
139 AsyncVerifyChain
*args
;
141 args
= g_slice_new0 (AsyncVerifyChain
);
142 args
->chain
= g_object_ref (chain
);
143 args
->purpose
= g_strdup (purpose
);
144 args
->identity
= identity
? g_object_ref (identity
) : NULL
;
145 args
->interaction
= interaction
? g_object_ref (interaction
) : NULL
;
148 res
= g_simple_async_result_new (G_OBJECT (self
), callback
, user_data
,
149 g_tls_database_real_verify_chain_async
);
150 g_simple_async_result_set_op_res_gpointer (res
, args
, async_verify_chain_free
);
151 g_simple_async_result_run_in_thread (res
, async_verify_chain_thread
,
152 G_PRIORITY_DEFAULT
, cancellable
);
153 g_object_unref (res
);
156 static GTlsCertificateFlags
157 g_tls_database_real_verify_chain_finish (GTlsDatabase
*self
,
158 GAsyncResult
*result
,
161 AsyncVerifyChain
*args
;
163 g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result
), G_TLS_CERTIFICATE_GENERIC_ERROR
);
164 g_return_val_if_fail (g_simple_async_result_is_valid (result
, G_OBJECT (self
),
165 g_tls_database_real_verify_chain_async
), FALSE
);
167 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result
), error
))
168 return G_TLS_CERTIFICATE_GENERIC_ERROR
;
170 args
= g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result
));
171 return args
->verify_result
;
176 GTlsInteraction
*interaction
;
177 GTlsDatabaseLookupFlags flags
;
178 GTlsCertificate
*result
;
179 } AsyncLookupCertificateForHandle
;
182 async_lookup_certificate_for_handle_free (gpointer data
)
184 AsyncLookupCertificateForHandle
*args
= data
;
186 g_free (args
->handle
);
187 g_clear_object (&args
->interaction
);
188 g_clear_object (&args
->result
);
189 g_slice_free (AsyncLookupCertificateForHandle
, args
);
193 async_lookup_certificate_for_handle_thread (GSimpleAsyncResult
*res
,
195 GCancellable
*cancellable
)
197 AsyncLookupCertificateForHandle
*args
= g_simple_async_result_get_op_res_gpointer (res
);
198 GError
*error
= NULL
;
200 args
->result
= g_tls_database_lookup_certificate_for_handle (G_TLS_DATABASE (object
),
208 g_simple_async_result_take_error (res
, error
);
212 g_tls_database_real_lookup_certificate_for_handle_async (GTlsDatabase
*self
,
214 GTlsInteraction
*interaction
,
215 GTlsDatabaseLookupFlags flags
,
216 GCancellable
*cancellable
,
217 GAsyncReadyCallback callback
,
220 GSimpleAsyncResult
*res
;
221 AsyncLookupCertificateForHandle
*args
;
223 args
= g_slice_new0 (AsyncLookupCertificateForHandle
);
224 args
->handle
= g_strdup (handle
);
225 args
->interaction
= interaction
? g_object_ref (interaction
) : NULL
;
227 res
= g_simple_async_result_new (G_OBJECT (self
), callback
, user_data
,
228 g_tls_database_real_lookup_certificate_for_handle_async
);
229 g_simple_async_result_set_op_res_gpointer (res
, args
, async_lookup_certificate_for_handle_free
);
230 g_simple_async_result_run_in_thread (res
, async_lookup_certificate_for_handle_thread
,
231 G_PRIORITY_DEFAULT
, cancellable
);
232 g_object_unref (res
);
235 static GTlsCertificate
*
236 g_tls_database_real_lookup_certificate_for_handle_finish (GTlsDatabase
*self
,
237 GAsyncResult
*result
,
240 AsyncLookupCertificateForHandle
*args
;
241 GTlsCertificate
*certificate
;
243 g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result
), NULL
);
244 g_return_val_if_fail (g_simple_async_result_is_valid (result
, G_OBJECT (self
),
245 g_tls_database_real_lookup_certificate_for_handle_async
), FALSE
);
247 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result
), error
))
250 args
= g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result
));
251 certificate
= args
->result
;
258 GTlsCertificate
*certificate
;
259 GTlsInteraction
*interaction
;
260 GTlsDatabaseLookupFlags flags
;
261 GTlsCertificate
*issuer
;
262 } AsyncLookupCertificateIssuer
;
265 async_lookup_certificate_issuer_free (gpointer data
)
267 AsyncLookupCertificateIssuer
*args
= data
;
269 g_clear_object (&args
->certificate
);
270 g_clear_object (&args
->interaction
);
271 g_clear_object (&args
->issuer
);
272 g_slice_free (AsyncLookupCertificateIssuer
, args
);
276 async_lookup_certificate_issuer_thread (GSimpleAsyncResult
*res
,
278 GCancellable
*cancellable
)
280 AsyncLookupCertificateIssuer
*args
= g_simple_async_result_get_op_res_gpointer (res
);
281 GError
*error
= NULL
;
283 args
->issuer
= g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (object
),
291 g_simple_async_result_take_error (res
, error
);
295 g_tls_database_real_lookup_certificate_issuer_async (GTlsDatabase
*self
,
296 GTlsCertificate
*certificate
,
297 GTlsInteraction
*interaction
,
298 GTlsDatabaseLookupFlags flags
,
299 GCancellable
*cancellable
,
300 GAsyncReadyCallback callback
,
303 GSimpleAsyncResult
*res
;
304 AsyncLookupCertificateIssuer
*args
;
306 args
= g_slice_new0 (AsyncLookupCertificateIssuer
);
307 args
->certificate
= g_object_ref (certificate
);
309 args
->interaction
= interaction
? g_object_ref (interaction
) : NULL
;
311 res
= g_simple_async_result_new (G_OBJECT (self
), callback
, user_data
,
312 g_tls_database_real_lookup_certificate_issuer_async
);
313 g_simple_async_result_set_op_res_gpointer (res
, args
, async_lookup_certificate_issuer_free
);
314 g_simple_async_result_run_in_thread (res
, async_lookup_certificate_issuer_thread
,
315 G_PRIORITY_DEFAULT
, cancellable
);
316 g_object_unref (res
);
319 static GTlsCertificate
*
320 g_tls_database_real_lookup_certificate_issuer_finish (GTlsDatabase
*self
,
321 GAsyncResult
*result
,
324 AsyncLookupCertificateIssuer
*args
;
325 GTlsCertificate
*issuer
;
327 g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result
), NULL
);
328 g_return_val_if_fail (g_simple_async_result_is_valid (result
, G_OBJECT (self
),
329 g_tls_database_real_lookup_certificate_issuer_async
), FALSE
);
331 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result
), error
))
334 args
= g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result
));
335 issuer
= args
->issuer
;
342 GTlsInteraction
*interaction
;
343 GTlsDatabaseLookupFlags flags
;
345 } AsyncLookupCertificatesIssuedBy
;
348 async_lookup_certificates_issued_by_free (gpointer data
)
350 AsyncLookupCertificatesIssuedBy
*args
= data
;
353 g_byte_array_unref (args
->issuer
);
354 g_clear_object (&args
->interaction
);
355 for (l
= args
->results
; l
; l
= g_list_next (l
))
356 g_object_unref (l
->data
);
357 g_list_free (args
->results
);
358 g_slice_free (AsyncLookupCertificatesIssuedBy
, args
);
362 async_lookup_certificates_issued_by_thread (GSimpleAsyncResult
*res
,
364 GCancellable
*cancellable
)
366 AsyncLookupCertificatesIssuedBy
*args
= g_simple_async_result_get_op_res_gpointer (res
);
367 GError
*error
= NULL
;
369 args
->results
= g_tls_database_lookup_certificates_issued_by (G_TLS_DATABASE (object
),
377 g_simple_async_result_take_error (res
, error
);
381 g_tls_database_real_lookup_certificates_issued_by_async (GTlsDatabase
*self
,
383 GTlsInteraction
*interaction
,
384 GTlsDatabaseLookupFlags flags
,
385 GCancellable
*cancellable
,
386 GAsyncReadyCallback callback
,
389 GSimpleAsyncResult
*res
;
390 AsyncLookupCertificatesIssuedBy
*args
;
392 args
= g_slice_new0 (AsyncLookupCertificatesIssuedBy
);
393 args
->issuer
= g_byte_array_ref (issuer
);
395 args
->interaction
= interaction
? g_object_ref (interaction
) : NULL
;
397 res
= g_simple_async_result_new (G_OBJECT (self
), callback
, user_data
,
398 g_tls_database_real_lookup_certificates_issued_by_async
);
399 g_simple_async_result_set_op_res_gpointer (res
, args
, async_lookup_certificates_issued_by_free
);
400 g_simple_async_result_run_in_thread (res
, async_lookup_certificates_issued_by_thread
,
401 G_PRIORITY_DEFAULT
, cancellable
);
402 g_object_unref (res
);
406 g_tls_database_real_lookup_certificates_issued_by_finish (GTlsDatabase
*self
,
407 GAsyncResult
*result
,
410 AsyncLookupCertificatesIssuedBy
*args
;
413 g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result
), NULL
);
414 g_return_val_if_fail (g_simple_async_result_is_valid (result
, G_OBJECT (self
),
415 g_tls_database_real_lookup_certificates_issued_by_async
), FALSE
);
417 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result
), error
))
420 args
= g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result
));
421 results
= args
->results
;
422 args
->results
= NULL
;
427 g_tls_database_class_init (GTlsDatabaseClass
*klass
)
429 klass
->verify_chain_async
= g_tls_database_real_verify_chain_async
;
430 klass
->verify_chain_finish
= g_tls_database_real_verify_chain_finish
;
431 klass
->lookup_certificate_for_handle_async
= g_tls_database_real_lookup_certificate_for_handle_async
;
432 klass
->lookup_certificate_for_handle_finish
= g_tls_database_real_lookup_certificate_for_handle_finish
;
433 klass
->lookup_certificate_issuer_async
= g_tls_database_real_lookup_certificate_issuer_async
;
434 klass
->lookup_certificate_issuer_finish
= g_tls_database_real_lookup_certificate_issuer_finish
;
435 klass
->lookup_certificates_issued_by_async
= g_tls_database_real_lookup_certificates_issued_by_async
;
436 klass
->lookup_certificates_issued_by_finish
= g_tls_database_real_lookup_certificates_issued_by_finish
;
440 * g_tls_database_verify_chain:
441 * @self: a #GTlsDatabase
442 * @chain: a #GTlsCertificate chain
443 * @purpose: the purpose that this certificate chain will be used for.
444 * @identity: (allow-none): the expected peer identity
445 * @interaction: (allow-none): used to interact with the user if necessary
446 * @flags: additional verify flags
447 * @cancellable: (allow-none): a #GCancellable, or %NULL
448 * @error: (allow-none): a #GError, or %NULL
450 * Verify's a certificate chain after looking up and adding any missing
451 * certificates to the chain.
453 * @chain is a chain of #GTlsCertificate objects each pointing to the next
454 * certificate in the chain by its %issuer property. The chain may initially
455 * consist of one or more certificates. After the verification process is
456 * complete, @chain may be modified by adding missing certificates, or removing
457 * extra certificates. If a certificate anchor was found, then it is added to
460 * @purpose describes the purpose (or usage) for which the certificate
461 * is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
462 * which means that the certificate is being used to authenticate a server
463 * (and we are acting as the client).
465 * The @identity is used to check for pinned certificates (trust exceptions)
466 * in the database. These will override the normal verification process on a
467 * host by host basis.
469 * Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
472 * This function can block, use g_tls_database_verify_chain_async() to perform
473 * the verification operation asynchronously.
475 * Return value: the appropriate #GTlsCertificateFlags which represents the
476 * result of verification.
481 g_tls_database_verify_chain (GTlsDatabase
*self
,
482 GTlsCertificate
*chain
,
483 const gchar
*purpose
,
484 GSocketConnectable
*identity
,
485 GTlsInteraction
*interaction
,
486 GTlsDatabaseVerifyFlags flags
,
487 GCancellable
*cancellable
,
490 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), G_TLS_CERTIFICATE_GENERIC_ERROR
);
491 g_return_val_if_fail (G_IS_TLS_DATABASE (self
),
492 G_TLS_CERTIFICATE_GENERIC_ERROR
);
493 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain
),
494 G_TLS_CERTIFICATE_GENERIC_ERROR
);
495 g_return_val_if_fail (purpose
, G_TLS_CERTIFICATE_GENERIC_ERROR
);
496 g_return_val_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
),
497 G_TLS_CERTIFICATE_GENERIC_ERROR
);
498 g_return_val_if_fail (identity
== NULL
|| G_IS_SOCKET_CONNECTABLE (identity
),
499 G_TLS_CERTIFICATE_GENERIC_ERROR
);
500 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, G_TLS_CERTIFICATE_GENERIC_ERROR
);
502 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->verify_chain
,
503 G_TLS_CERTIFICATE_GENERIC_ERROR
);
505 return G_TLS_DATABASE_GET_CLASS (self
)->verify_chain (self
,
516 * g_tls_database_verify_chain_async:
517 * @self: a #GTlsDatabase
518 * @chain: a #GTlsCertificate chain
519 * @purpose: the purpose that this certificate chain will be used for.
520 * @identity: (allow-none): the expected peer identity
521 * @interaction: (allow-none): used to interact with the user if necessary
522 * @flags: additional verify flags
523 * @cancellable: (allow-none): a #GCancellable, or %NULL
524 * @callback: callback to call when the operation completes
525 * @user_data: the data to pass to the callback function
527 * Asynchronously verify's a certificate chain after looking up and adding
528 * any missing certificates to the chain. See g_tls_database_verify_chain()
529 * for more information.
534 g_tls_database_verify_chain_async (GTlsDatabase
*self
,
535 GTlsCertificate
*chain
,
536 const gchar
*purpose
,
537 GSocketConnectable
*identity
,
538 GTlsInteraction
*interaction
,
539 GTlsDatabaseVerifyFlags flags
,
540 GCancellable
*cancellable
,
541 GAsyncReadyCallback callback
,
544 g_return_if_fail (G_IS_TLS_DATABASE (self
));
545 g_return_if_fail (G_IS_TLS_CERTIFICATE (chain
));
546 g_return_if_fail (purpose
!= NULL
);
547 g_return_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
));
548 g_return_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
));
549 g_return_if_fail (identity
== NULL
|| G_IS_SOCKET_CONNECTABLE (identity
));
550 g_return_if_fail (callback
!= NULL
);
552 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->verify_chain_async
);
553 G_TLS_DATABASE_GET_CLASS (self
)->verify_chain_async (self
,
565 * g_tls_database_verify_chain_finish:
566 * @self: a #GTlsDatabase
567 * @result: a #GAsyncResult.
568 * @error: a #GError pointer, or %NULL
570 * Finish an asynchronous verify chain operation. See
571 * g_tls_database_verify_chain() for more information. *
572 * Return value: the appropriate #GTlsCertificateFlags which represents the
573 * result of verification.
578 g_tls_database_verify_chain_finish (GTlsDatabase
*self
,
579 GAsyncResult
*result
,
582 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), G_TLS_CERTIFICATE_GENERIC_ERROR
);
583 g_return_val_if_fail (G_IS_ASYNC_RESULT (result
), G_TLS_CERTIFICATE_GENERIC_ERROR
);
584 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, G_TLS_CERTIFICATE_GENERIC_ERROR
);
585 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->verify_chain_finish
,
586 G_TLS_CERTIFICATE_GENERIC_ERROR
);
587 return G_TLS_DATABASE_GET_CLASS (self
)->verify_chain_finish (self
,
593 * g_tls_database_create_certificate_handle:
594 * @self: a #GTlsDatabase
595 * @certificate: certificate for which to create a handle.
597 * Create a handle string for the certificate. The database will only be able
598 * to create a handle for certificates that originate from the database. In
599 * cases where the database cannot create a handle for a certificate, %NULL
602 * This handle should be stable across various instances of the application,
603 * and between applications. If a certificate is modified in the database,
604 * then it is not guaranteed that this handle will continue to point to it.
606 * Returns: (allow-none): a newly allocated string containing the handle.
610 g_tls_database_create_certificate_handle (GTlsDatabase
*self
,
611 GTlsCertificate
*certificate
)
613 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
614 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate
), NULL
);
615 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->create_certificate_handle
, NULL
);
616 return G_TLS_DATABASE_GET_CLASS (self
)->create_certificate_handle (self
,
621 * g_tls_database_lookup_certificate_for_handle:
622 * @self: a #GTlsDatabase
623 * @handle: a certificate handle
624 * @interaction: (allow-none): used to interact with the user if necessary
625 * @flags: Flags which affect the lookup.
626 * @cancellable: (allow-none): a #GCancellable, or %NULL
627 * @error: (allow-none): a #GError, or %NULL
629 * Lookup a certificate by its handle.
631 * The handle should have been created by calling
632 * g_tls_database_create_certificate_handle() on a #GTlsDatabase object of
633 * the same TLS backend. The handle is designed to remain valid across
634 * instantiations of the database.
636 * If the handle is no longer valid, or does not point to a certificate in
637 * this database, then %NULL will be returned.
639 * This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform
640 * the lookup operation asynchronously.
642 * Return value: (transfer full) (allow-none): a newly allocated
643 * #GTlsCertificate, or %NULL. Use g_object_unref() to release the certificate.
648 g_tls_database_lookup_certificate_for_handle (GTlsDatabase
*self
,
650 GTlsInteraction
*interaction
,
651 GTlsDatabaseLookupFlags flags
,
652 GCancellable
*cancellable
,
655 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
656 g_return_val_if_fail (handle
!= NULL
, NULL
);
657 g_return_val_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
), NULL
);
658 g_return_val_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
), NULL
);
659 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
660 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_for_handle
, NULL
);
661 return G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_for_handle (self
,
671 * g_tls_database_lookup_certificate_for_handle_async:
672 * @self: a #GTlsDatabase
673 * @handle: a certificate handle
674 * @interaction: (allow-none): used to interact with the user if necessary
675 * @flags: Flags which affect the lookup.
676 * @cancellable: (allow-none): a #GCancellable, or %NULL
677 * @callback: callback to call when the operation completes
678 * @user_data: the data to pass to the callback function
680 * Asynchronously lookup a certificate by its handle in the database. See
681 * g_tls_database_lookup_certificate_for_handle() for more information.
686 g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase
*self
,
688 GTlsInteraction
*interaction
,
689 GTlsDatabaseLookupFlags flags
,
690 GCancellable
*cancellable
,
691 GAsyncReadyCallback callback
,
694 g_return_if_fail (G_IS_TLS_DATABASE (self
));
695 g_return_if_fail (handle
!= NULL
);
696 g_return_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
));
697 g_return_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
));
698 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_for_handle_async
);
699 G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_for_handle_async (self
,
709 * g_tls_database_lookup_certificate_for_handle_finish:
710 * @self: a #GTlsDatabase
711 * @result: a #GAsyncResult.
712 * @error: a #GError pointer, or %NULL
714 * Finish an asynchronous lookup of a certificate by its handle. See
715 * g_tls_database_lookup_certificate_handle() for more information.
717 * If the handle is no longer valid, or does not point to a certificate in
718 * this database, then %NULL will be returned.
720 * Return value: (transfer full): a newly allocated #GTlsCertificate object.
721 * Use g_object_unref() to release the certificate.
726 g_tls_database_lookup_certificate_for_handle_finish (GTlsDatabase
*self
,
727 GAsyncResult
*result
,
730 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
731 g_return_val_if_fail (G_IS_ASYNC_RESULT (result
), NULL
);
732 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
733 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_for_handle_finish
, NULL
);
734 return G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_for_handle_finish (self
,
740 * g_tls_database_lookup_certificate_issuer:
741 * @self: a #GTlsDatabase
742 * @certificate: a #GTlsCertificate
743 * @interaction: (allow-none): used to interact with the user if necessary
744 * @flags: flags which affect the lookup operation
745 * @cancellable: (allow-none): a #GCancellable, or %NULL
746 * @error: (allow-none): a #GError, or %NULL
748 * Lookup the issuer of @certificate in the database.
750 * The %issuer property
751 * of @certificate is not modified, and the two certificates are not hooked
754 * This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
755 * the lookup operation asynchronously.
757 * Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
758 * or %NULL. Use g_object_unref() to release the certificate.
763 g_tls_database_lookup_certificate_issuer (GTlsDatabase
*self
,
764 GTlsCertificate
*certificate
,
765 GTlsInteraction
*interaction
,
766 GTlsDatabaseLookupFlags flags
,
767 GCancellable
*cancellable
,
770 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
771 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate
), NULL
);
772 g_return_val_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
), NULL
);
773 g_return_val_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
), NULL
);
774 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
775 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_issuer
, NULL
);
776 return G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_issuer (self
,
785 * g_tls_database_lookup_certificate_issuer_async:
786 * @self: a #GTlsDatabase
787 * @certificate: a #GTlsCertificate
788 * @interaction: (allow-none): used to interact with the user if necessary
789 * @flags: flags which affect the lookup operation
790 * @cancellable: (allow-none): a #GCancellable, or %NULL
791 * @callback: callback to call when the operation completes
792 * @user_data: the data to pass to the callback function
794 * Asynchronously lookup the issuer of @certificate in the database. See
795 * g_tls_database_lookup_certificate_issuer() for more information.
800 g_tls_database_lookup_certificate_issuer_async (GTlsDatabase
*self
,
801 GTlsCertificate
*certificate
,
802 GTlsInteraction
*interaction
,
803 GTlsDatabaseLookupFlags flags
,
804 GCancellable
*cancellable
,
805 GAsyncReadyCallback callback
,
808 g_return_if_fail (G_IS_TLS_DATABASE (self
));
809 g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate
));
810 g_return_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
));
811 g_return_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
));
812 g_return_if_fail (callback
!= NULL
);
813 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_issuer_async
);
814 G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_issuer_async (self
,
824 * g_tls_database_lookup_certificate_issuer_finish:
825 * @self: a #GTlsDatabase
826 * @result: a #GAsyncResult.
827 * @error: a #GError pointer, or %NULL
829 * Finish an asynchronous lookup issuer operation. See
830 * g_tls_database_lookup_certificate_issuer() for more information.
832 * Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
833 * or %NULL. Use g_object_unref() to release the certificate.
838 g_tls_database_lookup_certificate_issuer_finish (GTlsDatabase
*self
,
839 GAsyncResult
*result
,
842 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
843 g_return_val_if_fail (G_IS_ASYNC_RESULT (result
), NULL
);
844 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
845 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_issuer_finish
, NULL
);
846 return G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificate_issuer_finish (self
,
852 * g_tls_database_lookup_certificates_issued_by:
853 * @self: a #GTlsDatabase
854 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
855 * @interaction: (allow-none): used to interact with the user if necessary
856 * @flags: Flags which affect the lookup operation.
857 * @cancellable: (allow-none): a #GCancellable, or %NULL
858 * @error: (allow-none): a #GError, or %NULL
860 * Lookup certificates issued by this issuer in the database.
862 * This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
863 * the lookup operation asynchronously.
865 * Return value: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
866 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
871 g_tls_database_lookup_certificates_issued_by (GTlsDatabase
*self
,
872 GByteArray
*issuer_raw_dn
,
873 GTlsInteraction
*interaction
,
874 GTlsDatabaseLookupFlags flags
,
875 GCancellable
*cancellable
,
878 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
879 g_return_val_if_fail (issuer_raw_dn
, NULL
);
880 g_return_val_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
), NULL
);
881 g_return_val_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
), NULL
);
882 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
883 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificates_issued_by
, NULL
);
884 return G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificates_issued_by (self
,
893 * g_tls_database_lookup_certificates_issued_by_async:
894 * @self: a #GTlsDatabase
895 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
896 * @interaction: (allow-none): used to interact with the user if necessary
897 * @flags: Flags which affect the lookup operation.
898 * @cancellable: (allow-none): a #GCancellable, or %NULL
899 * @callback: callback to call when the operation completes
900 * @user_data: the data to pass to the callback function
902 * Asynchronously lookup certificates issued by this issuer in the database. See
903 * g_tls_database_lookup_certificates_issued_by() for more information.
905 * The database may choose to hold a reference to the issuer byte array for the duration
906 * of of this asynchronous operation. The byte array should not be modified during
912 g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase
*self
,
913 GByteArray
*issuer_raw_dn
,
914 GTlsInteraction
*interaction
,
915 GTlsDatabaseLookupFlags flags
,
916 GCancellable
*cancellable
,
917 GAsyncReadyCallback callback
,
920 g_return_if_fail (G_IS_TLS_DATABASE (self
));
921 g_return_if_fail (issuer_raw_dn
!= NULL
);
922 g_return_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
));
923 g_return_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
));
924 g_return_if_fail (callback
!= NULL
);
925 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificates_issued_by_async
);
926 G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificates_issued_by_async (self
,
936 * g_tls_database_lookup_certificates_issued_by_finish:
937 * @self: a #GTlsDatabase
938 * @result: a #GAsyncResult.
939 * @error: a #GError pointer, or %NULL
941 * Finish an asynchronous lookup of certificates. See
942 * g_tls_database_lookup_certificates_issued_by() for more information.
944 * Return value: (transfer full): a newly allocated list of #GTlsCertificate objects.
945 * Use g_object_unref() on each certificate, and g_list_free() on the release the list.
950 g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase
*self
,
951 GAsyncResult
*result
,
954 g_return_val_if_fail (G_IS_TLS_DATABASE (self
), NULL
);
955 g_return_val_if_fail (G_IS_ASYNC_RESULT (result
), NULL
);
956 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
957 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificates_issued_by_finish
, NULL
);
958 return G_TLS_DATABASE_GET_CLASS (self
)->lookup_certificates_issued_by_finish (self
,