gtlsbackend.c source code [gtk/subprojects/glib/gio/gtlsbackend.c]

1	/ GIO - GLib Input, Output and Streaming Library*
2	*
3	* Copyright © 2010 Red Hat, Inc
4	* Copyright © 2015 Collabora, Ltd.
5	*
6	* This library is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU Lesser General Public
8	* License as published by the Free Software Foundation; either
9	* version 2.1 of the License, or (at your option) any later version.
10	*
11	* This library is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14	* Lesser General Public License for more details.
15	*
16	* You should have received a copy of the GNU Lesser General
17	* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include "config.h"
21	#include "glib.h"
22
23	#include "gtlsbackend.h"
24	#include "gtlsdatabase.h"
25	#include "gdummytlsbackend.h"
26	#include "gioenumtypes.h"
27	#include "giomodule-priv.h"
28
29	/**
30	* SECTION:gtls
31	* @title: TLS Overview
32	* @short_description: TLS (aka SSL) support for GSocketConnection
33	* @include: gio/gio.h
34	*
35	* #GTlsConnection and related classes provide TLS (Transport Layer
36	* Security, previously known as SSL, Secure Sockets Layer) support for
37	* gio-based network streams.
38	*
39	* #GDtlsConnection and related classes provide DTLS (Datagram TLS) support for
40	* GIO-based network sockets, using the #GDatagramBased interface. The TLS and
41	* DTLS APIs are almost identical, except TLS is stream-based and DTLS is
42	* datagram-based. They share certificate and backend infrastructure.
43	*
44	* In the simplest case, for a client TLS connection, you can just set the
45	* #GSocketClient:tls flag on a #GSocketClient, and then any
46	* connections created by that client will have TLS negotiated
47	* automatically, using appropriate default settings, and rejecting
48	* any invalid or self-signed certificates (unless you change that
49	* default by setting the #GSocketClient:tls-validation-flags
50	* property). The returned object will be a #GTcpWrapperConnection,
51	* which wraps the underlying #GTlsClientConnection.
52	*
53	* For greater control, you can create your own #GTlsClientConnection,
54	* wrapping a #GSocketConnection (or an arbitrary #GIOStream with
55	* pollable input and output streams) and then connect to its signals,
56	* such as #GTlsConnection::accept-certificate, before starting the
57	* handshake.
58	*
59	* Server-side TLS is similar, using #GTlsServerConnection. At the
60	* moment, there is no support for automatically wrapping server-side
61	* connections in the way #GSocketClient does for client-side
62	* connections.
63	*/
64
65	/**
66	* SECTION:gtlsbackend
67	* @title: GTlsBackend
68	* @short_description: TLS backend implementation
69	* @include: gio/gio.h
70	*
71	* TLS (Transport Layer Security, aka SSL) and DTLS backend.
72	*
73	* Since: 2.28
74	*/
75
76	/**
77	* GTlsBackend:
78	*
79	* TLS (Transport Layer Security, aka SSL) and DTLS backend. This is an
80	* internal type used to coordinate the different classes implemented
81	* by a TLS backend.
82	*
83	* Since: 2.28
84	*/
85
86	G_DEFINE_INTERFACE (GTlsBackend, g_tls_backend, G_TYPE_OBJECT)
87
88	static GTlsDatabase *default_database;
89	G_LOCK_DEFINE_STATIC (default_database_lock);
90
91	static void
92	g_tls_backend_default_init (GTlsBackendInterface *iface)
93	{
94	}
95
96	static GTlsBackend tls_backend_default_singleton = NULL; /* (owned) (atomic) /
97
98	/**
99	* g_tls_backend_get_default:
100	*
101	* Gets the default #GTlsBackend for the system.
102	*
103	* Returns: (not nullable) (transfer none): a #GTlsBackend, which will be a
104	* dummy object if no TLS backend is available
105	*
106	* Since: 2.28
107	*/
108	GTlsBackend *
109	g_tls_backend_get_default (void)
110	{
111	if (g_once_init_enter (&tls_backend_default_singleton))
112	{
113	GTlsBackend *singleton;
114
115	singleton = _g_io_module_get_default (G_TLS_BACKEND_EXTENSION_POINT_NAME,
116	envvar: "GIO_USE_TLS",
117	NULL);
118
119	g_once_init_leave (&tls_backend_default_singleton, singleton);
120	}
121
122	return tls_backend_default_singleton;
123	}
124
125	/**
126	* g_tls_backend_supports_tls:
127	* @backend: the #GTlsBackend
128	*
129	* Checks if TLS is supported; if this returns %FALSE for the default
130	* #GTlsBackend, it means no "real" TLS backend is available.
131	*
132	* Returns: whether or not TLS is supported
133	*
134	* Since: 2.28
135	*/
136	gboolean
137	g_tls_backend_supports_tls (GTlsBackend *backend)
138	{
139	if (G_TLS_BACKEND_GET_INTERFACE (backend)->supports_tls)
140	return G_TLS_BACKEND_GET_INTERFACE (backend)->supports_tls (backend);
141	else if (G_IS_DUMMY_TLS_BACKEND (backend))
142	return FALSE;
143	else
144	return TRUE;
145	}
146
147	/**
148	* g_tls_backend_supports_dtls:
149	* @backend: the #GTlsBackend
150	*
151	* Checks if DTLS is supported. DTLS support may not be available even if TLS
152	* support is available, and vice-versa.
153	*
154	* Returns: whether DTLS is supported
155	*
156	* Since: 2.48
157	*/
158	gboolean
159	g_tls_backend_supports_dtls (GTlsBackend *backend)
160	{
161	if (G_TLS_BACKEND_GET_INTERFACE (backend)->supports_dtls)
162	return G_TLS_BACKEND_GET_INTERFACE (backend)->supports_dtls (backend);
163
164	return FALSE;
165	}
166
167	/**
168	* g_tls_backend_get_default_database:
169	* @backend: the #GTlsBackend
170	*
171	* Gets the default #GTlsDatabase used to verify TLS connections.
172	*
173	* Returns: (transfer full): the default database, which should be
174	* unreffed when done.
175	*
176	* Since: 2.30
177	*/
178	GTlsDatabase *
179	g_tls_backend_get_default_database (GTlsBackend *backend)
180	{
181	GTlsDatabase *db;
182
183	g_return_val_if_fail (G_IS_TLS_BACKEND (backend), NULL);
184
185	/ This method was added later, so accept the (remote) possibility it can be NULL /
186	if (!G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database)
187	return NULL;
188
189	G_LOCK (default_database_lock);
190
191	if (!default_database)
192	default_database = G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database (backend);
193	db = default_database ? g_object_ref (default_database) : NULL;
194	G_UNLOCK (default_database_lock);
195
196	return db;
197	}
198
199	/**
200	* g_tls_backend_set_default_database:
201	* @backend: the #GTlsBackend
202	* @database: (nullable): the #GTlsDatabase
203	*
204	* Set the default #GTlsDatabase used to verify TLS connections
205	*
206	* Any subsequent call to g_tls_backend_get_default_database() will return
207	* the database set in this call. Existing databases and connections are not
208	* modified.
209	*
210	* Setting a %NULL default database will reset to using the system default
211	* database as if g_tls_backend_set_default_database() had never been called.
212	*
213	* Since: 2.60
214	*/
215	void
216	g_tls_backend_set_default_database (GTlsBackend *backend,
217	GTlsDatabase *database)
218	{
219	g_return_if_fail (G_IS_TLS_BACKEND (backend));
220	g_return_if_fail (database == NULL \|\| G_IS_TLS_DATABASE (database));
221
222	G_LOCK (default_database_lock);
223	g_set_object (&default_database, database);
224	G_UNLOCK (default_database_lock);
225	}
226
227	/**
228	* g_tls_backend_get_certificate_type:
229	* @backend: the #GTlsBackend
230	*
231	* Gets the #GType of @backend's #GTlsCertificate implementation.
232	*
233	* Returns: the #GType of @backend's #GTlsCertificate
234	* implementation.
235	*
236	* Since: 2.28
237	*/
238	GType
239	g_tls_backend_get_certificate_type (GTlsBackend *backend)
240	{
241	return G_TLS_BACKEND_GET_INTERFACE (backend)->get_certificate_type ();
242	}
243
244	/**
245	* g_tls_backend_get_client_connection_type:
246	* @backend: the #GTlsBackend
247	*
248	* Gets the #GType of @backend's #GTlsClientConnection implementation.
249	*
250	* Returns: the #GType of @backend's #GTlsClientConnection
251	* implementation.
252	*
253	* Since: 2.28
254	*/
255	GType
256	g_tls_backend_get_client_connection_type (GTlsBackend *backend)
257	{
258	return G_TLS_BACKEND_GET_INTERFACE (backend)->get_client_connection_type ();
259	}
260
261	/**
262	* g_tls_backend_get_server_connection_type:
263	* @backend: the #GTlsBackend
264	*
265	* Gets the #GType of @backend's #GTlsServerConnection implementation.
266	*
267	* Returns: the #GType of @backend's #GTlsServerConnection
268	* implementation.
269	*
270	* Since: 2.28
271	*/
272	GType
273	g_tls_backend_get_server_connection_type (GTlsBackend *backend)
274	{
275	return G_TLS_BACKEND_GET_INTERFACE (backend)->get_server_connection_type ();
276	}
277
278	/**
279	* g_tls_backend_get_dtls_client_connection_type:
280	* @backend: the #GTlsBackend
281	*
282	* Gets the #GType of @backend’s #GDtlsClientConnection implementation.
283	*
284	* Returns: the #GType of @backend’s #GDtlsClientConnection
285	* implementation, or %G_TYPE_INVALID if this backend doesn’t support DTLS.
286	*
287	* Since: 2.48
288	*/
289	GType
290	g_tls_backend_get_dtls_client_connection_type (GTlsBackend *backend)
291	{
292	GTlsBackendInterface *iface;
293
294	g_return_val_if_fail (G_IS_TLS_BACKEND (backend), G_TYPE_INVALID);
295
296	iface = G_TLS_BACKEND_GET_INTERFACE (backend);
297	if (iface->get_dtls_client_connection_type == NULL)
298	return G_TYPE_INVALID;
299
300	return iface->get_dtls_client_connection_type ();
301	}
302
303	/**
304	* g_tls_backend_get_dtls_server_connection_type:
305	* @backend: the #GTlsBackend
306	*
307	* Gets the #GType of @backend’s #GDtlsServerConnection implementation.
308	*
309	* Returns: the #GType of @backend’s #GDtlsServerConnection
310	* implementation, or %G_TYPE_INVALID if this backend doesn’t support DTLS.
311	*
312	* Since: 2.48
313	*/
314	GType
315	g_tls_backend_get_dtls_server_connection_type (GTlsBackend *backend)
316	{
317	GTlsBackendInterface *iface;
318
319	g_return_val_if_fail (G_IS_TLS_BACKEND (backend), G_TYPE_INVALID);
320
321	iface = G_TLS_BACKEND_GET_INTERFACE (backend);
322	if (iface->get_dtls_server_connection_type == NULL)
323	return G_TYPE_INVALID;
324
325	return iface->get_dtls_server_connection_type ();
326	}
327
328	/**
329	* g_tls_backend_get_file_database_type:
330	* @backend: the #GTlsBackend
331	*
332	* Gets the #GType of @backend's #GTlsFileDatabase implementation.
333	*
334	* Returns: the #GType of backend's #GTlsFileDatabase implementation.
335	*
336	* Since: 2.30
337	*/
338	GType
339	g_tls_backend_get_file_database_type (GTlsBackend *backend)
340	{
341	g_return_val_if_fail (G_IS_TLS_BACKEND (backend), `0`);
342
343	/ This method was added later, so accept the (remote) possibility it can be NULL /
344	if (!G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type)
345	return `0`;
346
347	return G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type ();
348	}
349

source code of gtk/subprojects/glib/gio/gtlsbackend.c