gtlsdatabase.c source code [gtk/subprojects/glib/gio/gtlsdatabase.c]

1	/ GIO - GLib Input, Output and Streaming Library*
2	*
3	* Copyright (C) 2010 Collabora, Ltd.
4	*
5	* This library is free software; you can redistribute it and/or
6	* modify it under the terms of the GNU Lesser General Public
7	* License as published by the Free Software Foundation; either
8	* version 2.1 of the License, or (at your option) any later version.
9	*
10	* This library is distributed in the hope that it will be useful,
11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	* Lesser General Public License for more details.
14	*
15	* You should have received a copy of the GNU Lesser General
16	* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
17	*
18	* Author: Stef Walter <stefw@collabora.co.uk>
19	*/
20
21	#include "config.h"
22
23	#include "gtlsdatabase.h"
24
25	#include "gasyncresult.h"
26	#include "gcancellable.h"
27	#include "glibintl.h"
28	#include "gsocketconnectable.h"
29	#include "gtask.h"
30	#include "gtlscertificate.h"
31	#include "gtlsinteraction.h"
32
33	/**
34	* SECTION:gtlsdatabase
35	* @short_description: TLS database type
36	* @include: gio/gio.h
37	*
38	* #GTlsDatabase is used to look up certificates and other information
39	* from a certificate or key store. It is an abstract base class which
40	* TLS library specific subtypes override.
41	*
42	* A #GTlsDatabase may be accessed from multiple threads by the TLS backend.
43	* All implementations are required to be fully thread-safe.
44	*
45	* Most common client applications will not directly interact with
46	* #GTlsDatabase. It is used internally by #GTlsConnection.
47	*
48	* Since: 2.30
49	*/
50
51	/**
52	* GTlsDatabase:
53	*
54	* Abstract base class for the backend-specific database types.
55	*
56	* Since: 2.30
57	*/
58
59	/**
60	* GTlsDatabaseClass:
61	* @verify_chain: Virtual method implementing
62	* g_tls_database_verify_chain().
63	* @verify_chain_async: Virtual method implementing
64	* g_tls_database_verify_chain_async().
65	* @verify_chain_finish: Virtual method implementing
66	* g_tls_database_verify_chain_finish().
67	* @create_certificate_handle: Virtual method implementing
68	* g_tls_database_create_certificate_handle().
69	* @lookup_certificate_for_handle: Virtual method implementing
70	* g_tls_database_lookup_certificate_for_handle().
71	* @lookup_certificate_for_handle_async: Virtual method implementing
72	* g_tls_database_lookup_certificate_for_handle_async().
73	* @lookup_certificate_for_handle_finish: Virtual method implementing
74	* g_tls_database_lookup_certificate_for_handle_finish().
75	* @lookup_certificate_issuer: Virtual method implementing
76	* g_tls_database_lookup_certificate_issuer().
77	* @lookup_certificate_issuer_async: Virtual method implementing
78	* g_tls_database_lookup_certificate_issuer_async().
79	* @lookup_certificate_issuer_finish: Virtual method implementing
80	* g_tls_database_lookup_certificate_issuer_finish().
81	* @lookup_certificates_issued_by: Virtual method implementing
82	* g_tls_database_lookup_certificates_issued_by().
83	* @lookup_certificates_issued_by_async: Virtual method implementing
84	* g_tls_database_lookup_certificates_issued_by_async().
85	* @lookup_certificates_issued_by_finish: Virtual method implementing
86	* g_tls_database_lookup_certificates_issued_by_finish().
87	*
88	* The class for #GTlsDatabase. Derived classes should implement the various
89	* virtual methods. _async and _finish methods have a default
90	* implementation that runs the corresponding sync method in a thread.
91	*
92	* Since: 2.30
93	*/
94
95	G_DEFINE_ABSTRACT_TYPE (GTlsDatabase, g_tls_database, G_TYPE_OBJECT)
96
97	enum {
98	UNLOCK_REQUIRED,
99
100	LAST_SIGNAL
101	};
102
103	/**
104	* G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER:
105	*
106	* The purpose used to verify the server certificate in a TLS connection. This
107	* is the most common purpose in use. Used by TLS clients.
108	*/
109
110	/**
111	* G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT:
112	*
113	* The purpose used to verify the client certificate in a TLS connection.
114	* Used by TLS servers.
115	*/
116
117	static void
118	g_tls_database_init (GTlsDatabase *cert)
119	{
120
121	}
122
123	typedef struct _AsyncVerifyChain {
124	GTlsCertificate *chain;
125	gchar *purpose;
126	GSocketConnectable *identity;
127	GTlsInteraction *interaction;
128	GTlsDatabaseVerifyFlags flags;
129	} AsyncVerifyChain;
130
131	static void
132	async_verify_chain_free (gpointer data)
133	{
134	AsyncVerifyChain *args = data;
135	g_clear_object (&args->chain);
136	g_free (mem: args->purpose);
137	g_clear_object (&args->identity);
138	g_clear_object (&args->interaction);
139	g_slice_free (AsyncVerifyChain, args);
140	}
141
142	static void
143	async_verify_chain_thread (GTask *task,
144	gpointer object,
145	gpointer task_data,
146	GCancellable *cancellable)
147	{
148	AsyncVerifyChain *args = task_data;
149	GTlsCertificateFlags verify_result;
150	GError *error = NULL;
151
152	verify_result = g_tls_database_verify_chain (G_TLS_DATABASE (object),
153	chain: args->chain,
154	purpose: args->purpose,
155	identity: args->identity,
156	interaction: args->interaction,
157	flags: args->flags,
158	cancellable,
159	error: &error);
160	if (error)
161	g_task_return_error (task, error);
162	else
163	g_task_return_int (task, result: (gssize)verify_result);
164	}
165
166	static void
167	g_tls_database_real_verify_chain_async (GTlsDatabase *self,
168	GTlsCertificate *chain,
169	const gchar *purpose,
170	GSocketConnectable *identity,
171	GTlsInteraction *interaction,
172	GTlsDatabaseVerifyFlags flags,
173	GCancellable *cancellable,
174	GAsyncReadyCallback callback,
175	gpointer user_data)
176	{
177	GTask *task;
178	AsyncVerifyChain *args;
179
180	args = g_slice_new0 (AsyncVerifyChain);
181	args->chain = g_object_ref (chain);
182	args->purpose = g_strdup (str: purpose);
183	args->identity = identity ? g_object_ref (identity) : NULL;
184	args->interaction = interaction ? g_object_ref (interaction) : NULL;
185	args->flags = flags;
186
187	task = g_task_new (source_object: self, cancellable, callback, callback_data: user_data);
188	g_task_set_source_tag (task, g_tls_database_real_verify_chain_async);
189	g_task_set_name (task, name: "[gio] verify TLS chain");
190	g_task_set_task_data (task, task_data: args, task_data_destroy: async_verify_chain_free);
191	g_task_run_in_thread (task, task_func: async_verify_chain_thread);
192	g_object_unref (object: task);
193	}
194
195	static GTlsCertificateFlags
196	g_tls_database_real_verify_chain_finish (GTlsDatabase *self,
197	GAsyncResult *result,
198	GError **error)
199	{
200	GTlsCertificateFlags ret;
201
202	g_return_val_if_fail (g_task_is_valid (result, self), G_TLS_CERTIFICATE_GENERIC_ERROR);
203
204	ret = (GTlsCertificateFlags)g_task_propagate_int (G_TASK (result), error);
205	if (ret == (GTlsCertificateFlags)-`1`)
206	return G_TLS_CERTIFICATE_GENERIC_ERROR;
207	else
208	return ret;
209	}
210
211	typedef struct {
212	gchar *handle;
213	GTlsInteraction *interaction;
214	GTlsDatabaseLookupFlags flags;
215	} AsyncLookupCertificateForHandle;
216
217	static void
218	async_lookup_certificate_for_handle_free (gpointer data)
219	{
220	AsyncLookupCertificateForHandle *args = data;
221
222	g_free (mem: args->handle);
223	g_clear_object (&args->interaction);
224	g_slice_free (AsyncLookupCertificateForHandle, args);
225	}
226
227	static void
228	async_lookup_certificate_for_handle_thread (GTask *task,
229	gpointer object,
230	gpointer task_data,
231	GCancellable *cancellable)
232	{
233	AsyncLookupCertificateForHandle *args = task_data;
234	GTlsCertificate *result;
235	GError *error = NULL;
236
237	result = g_tls_database_lookup_certificate_for_handle (G_TLS_DATABASE (object),
238	handle: args->handle,
239	interaction: args->interaction,
240	flags: args->flags,
241	cancellable,
242	error: &error);
243	if (result)
244	g_task_return_pointer (task, result, result_destroy: g_object_unref);
245	else
246	g_task_return_error (task, error);
247	}
248
249	static void
250	g_tls_database_real_lookup_certificate_for_handle_async (GTlsDatabase *self,
251	const gchar *handle,
252	GTlsInteraction *interaction,
253	GTlsDatabaseLookupFlags flags,
254	GCancellable *cancellable,
255	GAsyncReadyCallback callback,
256	gpointer user_data)
257	{
258	GTask *task;
259	AsyncLookupCertificateForHandle *args;
260
261	args = g_slice_new0 (AsyncLookupCertificateForHandle);
262	args->handle = g_strdup (str: handle);
263	args->interaction = interaction ? g_object_ref (interaction) : NULL;
264
265	task = g_task_new (source_object: self, cancellable, callback, callback_data: user_data);
266	g_task_set_source_tag (task,
267	g_tls_database_real_lookup_certificate_for_handle_async);
268	g_task_set_name (task, name: "[gio] lookup TLS certificate");
269	g_task_set_task_data (task, task_data: args, task_data_destroy: async_lookup_certificate_for_handle_free);
270	g_task_run_in_thread (task, task_func: async_lookup_certificate_for_handle_thread);
271	g_object_unref (object: task);
272	}
273
274	static GTlsCertificate*
275	g_tls_database_real_lookup_certificate_for_handle_finish (GTlsDatabase *self,
276	GAsyncResult *result,
277	GError **error)
278	{
279	g_return_val_if_fail (g_task_is_valid (result, self), NULL);
280
281	return g_task_propagate_pointer (G_TASK (result), error);
282	}
283
284
285	typedef struct {
286	GTlsCertificate *certificate;
287	GTlsInteraction *interaction;
288	GTlsDatabaseLookupFlags flags;
289	} AsyncLookupCertificateIssuer;
290
291	static void
292	async_lookup_certificate_issuer_free (gpointer data)
293	{
294	AsyncLookupCertificateIssuer *args = data;
295
296	g_clear_object (&args->certificate);
297	g_clear_object (&args->interaction);
298	g_slice_free (AsyncLookupCertificateIssuer, args);
299	}
300
301	static void
302	async_lookup_certificate_issuer_thread (GTask *task,
303	gpointer object,
304	gpointer task_data,
305	GCancellable *cancellable)
306	{
307	AsyncLookupCertificateIssuer *args = task_data;
308	GTlsCertificate *issuer;
309	GError *error = NULL;
310
311	issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (object),
312	certificate: args->certificate,
313	interaction: args->interaction,
314	flags: args->flags,
315	cancellable,
316	error: &error);
317	if (issuer)
318	g_task_return_pointer (task, result: issuer, result_destroy: g_object_unref);
319	else
320	g_task_return_error (task, error);
321	}
322
323	static void
324	g_tls_database_real_lookup_certificate_issuer_async (GTlsDatabase *self,
325	GTlsCertificate *certificate,
326	GTlsInteraction *interaction,
327	GTlsDatabaseLookupFlags flags,
328	GCancellable *cancellable,
329	GAsyncReadyCallback callback,
330	gpointer user_data)
331	{
332	GTask *task;
333	AsyncLookupCertificateIssuer *args;
334
335	args = g_slice_new0 (AsyncLookupCertificateIssuer);
336	args->certificate = g_object_ref (certificate);
337	args->flags = flags;
338	args->interaction = interaction ? g_object_ref (interaction) : NULL;
339
340	task = g_task_new (source_object: self, cancellable, callback, callback_data: user_data);
341	g_task_set_source_tag (task,
342	g_tls_database_real_lookup_certificate_issuer_async);
343	g_task_set_name (task, name: "[gio] lookup certificate issuer");
344	g_task_set_task_data (task, task_data: args, task_data_destroy: async_lookup_certificate_issuer_free);
345	g_task_run_in_thread (task, task_func: async_lookup_certificate_issuer_thread);
346	g_object_unref (object: task);
347	}
348
349	static GTlsCertificate *
350	g_tls_database_real_lookup_certificate_issuer_finish (GTlsDatabase *self,
351	GAsyncResult *result,
352	GError **error)
353	{
354	g_return_val_if_fail (g_task_is_valid (result, self), NULL);
355
356	return g_task_propagate_pointer (G_TASK (result), error);
357	}
358
359	typedef struct {
360	GByteArray *issuer;
361	GTlsInteraction *interaction;
362	GTlsDatabaseLookupFlags flags;
363	} AsyncLookupCertificatesIssuedBy;
364
365	static void
366	async_lookup_certificates_issued_by_free (gpointer data)
367	{
368	AsyncLookupCertificatesIssuedBy *args = data;
369
370	g_byte_array_unref (array: args->issuer);
371	g_clear_object (&args->interaction);
372	g_slice_free (AsyncLookupCertificatesIssuedBy, args);
373	}
374
375	static void
376	async_lookup_certificates_free_certificates (gpointer data)
377	{
378	GList *list = data;
379
380	g_list_free_full (list, free_func: g_object_unref);
381	}
382
383	static void
384	async_lookup_certificates_issued_by_thread (GTask *task,
385	gpointer object,
386	gpointer task_data,
387	GCancellable *cancellable)
388	{
389	AsyncLookupCertificatesIssuedBy *args = task_data;
390	GList *results;
391	GError *error = NULL;
392
393	results = g_tls_database_lookup_certificates_issued_by (G_TLS_DATABASE (object),
394	issuer_raw_dn: args->issuer,
395	interaction: args->interaction,
396	flags: args->flags,
397	cancellable,
398	error: &error);
399	if (results)
400	g_task_return_pointer (task, result: results, result_destroy: async_lookup_certificates_free_certificates);
401	else
402	g_task_return_error (task, error);
403	}
404
405	static void
406	g_tls_database_real_lookup_certificates_issued_by_async (GTlsDatabase *self,
407	GByteArray *issuer,
408	GTlsInteraction *interaction,
409	GTlsDatabaseLookupFlags flags,
410	GCancellable *cancellable,
411	GAsyncReadyCallback callback,
412	gpointer user_data)
413	{
414	GTask *task;
415	AsyncLookupCertificatesIssuedBy *args;
416
417	args = g_slice_new0 (AsyncLookupCertificatesIssuedBy);
418	args->issuer = g_byte_array_ref (array: issuer);
419	args->flags = flags;
420	args->interaction = interaction ? g_object_ref (interaction) : NULL;
421
422	task = g_task_new (source_object: self, cancellable, callback, callback_data: user_data);
423	g_task_set_source_tag (task,
424	g_tls_database_real_lookup_certificates_issued_by_async);
425	g_task_set_name (task, name: "[gio] lookup certificates issued by");
426	g_task_set_task_data (task, task_data: args, task_data_destroy: async_lookup_certificates_issued_by_free);
427	g_task_run_in_thread (task, task_func: async_lookup_certificates_issued_by_thread);
428	g_object_unref (object: task);
429	}
430
431	static GList *
432	g_tls_database_real_lookup_certificates_issued_by_finish (GTlsDatabase *self,
433	GAsyncResult *result,
434	GError **error)
435	{
436	g_return_val_if_fail (g_task_is_valid (result, self), NULL);
437
438	return g_task_propagate_pointer (G_TASK (result), error);
439	}
440
441	static void
442	g_tls_database_class_init (GTlsDatabaseClass *klass)
443	{
444	klass->verify_chain_async = g_tls_database_real_verify_chain_async;
445	klass->verify_chain_finish = g_tls_database_real_verify_chain_finish;
446	klass->lookup_certificate_for_handle_async = g_tls_database_real_lookup_certificate_for_handle_async;
447	klass->lookup_certificate_for_handle_finish = g_tls_database_real_lookup_certificate_for_handle_finish;
448	klass->lookup_certificate_issuer_async = g_tls_database_real_lookup_certificate_issuer_async;
449	klass->lookup_certificate_issuer_finish = g_tls_database_real_lookup_certificate_issuer_finish;
450	klass->lookup_certificates_issued_by_async = g_tls_database_real_lookup_certificates_issued_by_async;
451	klass->lookup_certificates_issued_by_finish = g_tls_database_real_lookup_certificates_issued_by_finish;
452	}
453
454	/**
455	* g_tls_database_verify_chain:
456	* @self: a #GTlsDatabase
457	* @chain: a #GTlsCertificate chain
458	* @purpose: the purpose that this certificate chain will be used for.
459	* @identity: (nullable): the expected peer identity
460	* @interaction: (nullable): used to interact with the user if necessary
461	* @flags: additional verify flags
462	* @cancellable: (nullable): a #GCancellable, or %NULL
463	* @error: (nullable): a #GError, or %NULL
464	*
465	* Determines the validity of a certificate chain after looking up and
466	* adding any missing certificates to the chain.
467	*
468	* @chain is a chain of #GTlsCertificate objects each pointing to the next
469	* certificate in the chain by its #GTlsCertificate:issuer property. The chain may initially
470	* consist of one or more certificates. After the verification process is
471	* complete, @chain may be modified by adding missing certificates, or removing
472	* extra certificates. If a certificate anchor was found, then it is added to
473	* the @chain.
474	*
475	* @purpose describes the purpose (or usage) for which the certificate
476	* is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
477	* which means that the certificate is being used to authenticate a server
478	* (and we are acting as the client).
479	*
480	* The @identity is used to ensure the server certificate is valid for
481	* the expected peer identity. If the identity does not match the
482	* certificate, %G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the
483	* return value. If @identity is %NULL, that bit will never be set in
484	* the return value. The peer identity may also be used to check for
485	* pinned certificates (trust exceptions) in the database. These may
486	* override the normal verification process on a host-by-host basis.
487	*
488	* Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
489	* used.
490	*
491	* If @chain is found to be valid, then the return value will be 0. If
492	* @chain is found to be invalid, then the return value will indicate
493	* the problems found. If the function is unable to determine whether
494	* @chain is valid or not (eg, because @cancellable is triggered
495	* before it completes) then the return value will be
496	* %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set
497	* accordingly. @error is not set when @chain is successfully analyzed
498	* but found to be invalid.
499	*
500	* This function can block, use g_tls_database_verify_chain_async() to perform
501	* the verification operation asynchronously.
502	*
503	* Returns: the appropriate #GTlsCertificateFlags which represents the
504	* result of verification.
505	*
506	* Since: 2.30
507	*/
508	GTlsCertificateFlags
509	g_tls_database_verify_chain (GTlsDatabase *self,
510	GTlsCertificate *chain,
511	const gchar *purpose,
512	GSocketConnectable *identity,
513	GTlsInteraction *interaction,
514	GTlsDatabaseVerifyFlags flags,
515	GCancellable *cancellable,
516	GError **error)
517	{
518	g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
519	g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
520	G_TLS_CERTIFICATE_GENERIC_ERROR);
521	g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
522	g_return_val_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction),
523	G_TLS_CERTIFICATE_GENERIC_ERROR);
524	g_return_val_if_fail (identity == NULL \|\| G_IS_SOCKET_CONNECTABLE (identity),
525	G_TLS_CERTIFICATE_GENERIC_ERROR);
526	g_return_val_if_fail (error == NULL \|\| *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
527
528	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
529	G_TLS_CERTIFICATE_GENERIC_ERROR);
530
531	return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
532	chain,
533	purpose,
534	identity,
535	interaction,
536	flags,
537	cancellable,
538	error);
539	}
540
541	/**
542	* g_tls_database_verify_chain_async:
543	* @self: a #GTlsDatabase
544	* @chain: a #GTlsCertificate chain
545	* @purpose: the purpose that this certificate chain will be used for.
546	* @identity: (nullable): the expected peer identity
547	* @interaction: (nullable): used to interact with the user if necessary
548	* @flags: additional verify flags
549	* @cancellable: (nullable): a #GCancellable, or %NULL
550	* @callback: callback to call when the operation completes
551	* @user_data: the data to pass to the callback function
552	*
553	* Asynchronously determines the validity of a certificate chain after
554	* looking up and adding any missing certificates to the chain. See
555	* g_tls_database_verify_chain() for more information.
556	*
557	* Since: 2.30
558	*/
559	void
560	g_tls_database_verify_chain_async (GTlsDatabase *self,
561	GTlsCertificate *chain,
562	const gchar *purpose,
563	GSocketConnectable *identity,
564	GTlsInteraction *interaction,
565	GTlsDatabaseVerifyFlags flags,
566	GCancellable *cancellable,
567	GAsyncReadyCallback callback,
568	gpointer user_data)
569	{
570	g_return_if_fail (G_IS_TLS_DATABASE (self));
571	g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
572	g_return_if_fail (purpose != NULL);
573	g_return_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction));
574	g_return_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable));
575	g_return_if_fail (identity == NULL \|\| G_IS_SOCKET_CONNECTABLE (identity));
576	g_return_if_fail (callback != NULL);
577
578	g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
579	G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
580	chain,
581	purpose,
582	identity,
583	interaction,
584	flags,
585	cancellable,
586	callback,
587	user_data);
588	}
589
590	/**
591	* g_tls_database_verify_chain_finish:
592	* @self: a #GTlsDatabase
593	* @result: a #GAsyncResult.
594	* @error: a #GError pointer, or %NULL
595	*
596	* Finish an asynchronous verify chain operation. See
597	* g_tls_database_verify_chain() for more information.
598	*
599	* If @chain is found to be valid, then the return value will be 0. If
600	* @chain is found to be invalid, then the return value will indicate
601	* the problems found. If the function is unable to determine whether
602	* @chain is valid or not (eg, because @cancellable is triggered
603	* before it completes) then the return value will be
604	* %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set
605	* accordingly. @error is not set when @chain is successfully analyzed
606	* but found to be invalid.
607	*
608	* Returns: the appropriate #GTlsCertificateFlags which represents the
609	* result of verification.
610	*
611	* Since: 2.30
612	*/
613	GTlsCertificateFlags
614	g_tls_database_verify_chain_finish (GTlsDatabase *self,
615	GAsyncResult *result,
616	GError **error)
617	{
618	g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
619	g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
620	g_return_val_if_fail (error == NULL \|\| *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
621	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish,
622	G_TLS_CERTIFICATE_GENERIC_ERROR);
623	return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self,
624	result,
625	error);
626	}
627
628	/**
629	* g_tls_database_create_certificate_handle:
630	* @self: a #GTlsDatabase
631	* @certificate: certificate for which to create a handle.
632	*
633	* Create a handle string for the certificate. The database will only be able
634	* to create a handle for certificates that originate from the database. In
635	* cases where the database cannot create a handle for a certificate, %NULL
636	* will be returned.
637	*
638	* This handle should be stable across various instances of the application,
639	* and between applications. If a certificate is modified in the database,
640	* then it is not guaranteed that this handle will continue to point to it.
641	*
642	* Returns: (nullable): a newly allocated string containing the
643	* handle.
644	*
645	* Since: 2.30
646	*/
647	gchar*
648	g_tls_database_create_certificate_handle (GTlsDatabase *self,
649	GTlsCertificate *certificate)
650	{
651	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
652	g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
653	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL);
654	return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self,
655	certificate);
656	}
657
658	/**
659	* g_tls_database_lookup_certificate_for_handle:
660	* @self: a #GTlsDatabase
661	* @handle: a certificate handle
662	* @interaction: (nullable): used to interact with the user if necessary
663	* @flags: Flags which affect the lookup.
664	* @cancellable: (nullable): a #GCancellable, or %NULL
665	* @error: (nullable): a #GError, or %NULL
666	*
667	* Look up a certificate by its handle.
668	*
669	* The handle should have been created by calling
670	* g_tls_database_create_certificate_handle() on a #GTlsDatabase object of
671	* the same TLS backend. The handle is designed to remain valid across
672	* instantiations of the database.
673	*
674	* If the handle is no longer valid, or does not point to a certificate in
675	* this database, then %NULL will be returned.
676	*
677	* This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform
678	* the lookup operation asynchronously.
679	*
680	* Returns: (transfer full) (nullable): a newly allocated
681	* #GTlsCertificate, or %NULL. Use g_object_unref() to release the certificate.
682	*
683	* Since: 2.30
684	*/
685	GTlsCertificate*
686	g_tls_database_lookup_certificate_for_handle (GTlsDatabase *self,
687	const gchar *handle,
688	GTlsInteraction *interaction,
689	GTlsDatabaseLookupFlags flags,
690	GCancellable *cancellable,
691	GError **error)
692	{
693	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
694	g_return_val_if_fail (handle != NULL, NULL);
695	g_return_val_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction), NULL);
696	g_return_val_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable), NULL);
697	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
698	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle, NULL);
699	return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle (self,
700	handle,
701	interaction,
702	flags,
703	cancellable,
704	error);
705	}
706
707
708	/**
709	* g_tls_database_lookup_certificate_for_handle_async:
710	* @self: a #GTlsDatabase
711	* @handle: a certificate handle
712	* @interaction: (nullable): used to interact with the user if necessary
713	* @flags: Flags which affect the lookup.
714	* @cancellable: (nullable): a #GCancellable, or %NULL
715	* @callback: callback to call when the operation completes
716	* @user_data: the data to pass to the callback function
717	*
718	* Asynchronously look up a certificate by its handle in the database. See
719	* g_tls_database_lookup_certificate_for_handle() for more information.
720	*
721	* Since: 2.30
722	*/
723	void
724	g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase *self,
725	const gchar *handle,
726	GTlsInteraction *interaction,
727	GTlsDatabaseLookupFlags flags,
728	GCancellable *cancellable,
729	GAsyncReadyCallback callback,
730	gpointer user_data)
731	{
732	g_return_if_fail (G_IS_TLS_DATABASE (self));
733	g_return_if_fail (handle != NULL);
734	g_return_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction));
735	g_return_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable));
736	g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async);
737	G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self,
738	handle,
739	interaction,
740	flags,
741	cancellable,
742	callback,
743	user_data);
744	}
745
746	/**
747	* g_tls_database_lookup_certificate_for_handle_finish:
748	* @self: a #GTlsDatabase
749	* @result: a #GAsyncResult.
750	* @error: a #GError pointer, or %NULL
751	*
752	* Finish an asynchronous lookup of a certificate by its handle. See
753	* g_tls_database_lookup_certificate_for_handle() for more information.
754	*
755	* If the handle is no longer valid, or does not point to a certificate in
756	* this database, then %NULL will be returned.
757	*
758	* Returns: (transfer full): a newly allocated #GTlsCertificate object.
759	* Use g_object_unref() to release the certificate.
760	*
761	* Since: 2.30
762	*/
763	GTlsCertificate*
764	g_tls_database_lookup_certificate_for_handle_finish (GTlsDatabase *self,
765	GAsyncResult *result,
766	GError **error)
767	{
768	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
769	g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
770	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
771	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish, NULL);
772	return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish (self,
773	result,
774	error);
775	}
776
777	/**
778	* g_tls_database_lookup_certificate_issuer:
779	* @self: a #GTlsDatabase
780	* @certificate: a #GTlsCertificate
781	* @interaction: (nullable): used to interact with the user if necessary
782	* @flags: flags which affect the lookup operation
783	* @cancellable: (nullable): a #GCancellable, or %NULL
784	* @error: (nullable): a #GError, or %NULL
785	*
786	* Look up the issuer of @certificate in the database.
787	*
788	* The #GTlsCertificate:issuer property
789	* of @certificate is not modified, and the two certificates are not hooked
790	* into a chain.
791	*
792	* This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
793	* the lookup operation asynchronously.
794	*
795	* Returns: (transfer full): a newly allocated issuer #GTlsCertificate,
796	* or %NULL. Use g_object_unref() to release the certificate.
797	*
798	* Since: 2.30
799	*/
800	GTlsCertificate*
801	g_tls_database_lookup_certificate_issuer (GTlsDatabase *self,
802	GTlsCertificate *certificate,
803	GTlsInteraction *interaction,
804	GTlsDatabaseLookupFlags flags,
805	GCancellable *cancellable,
806	GError **error)
807	{
808	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
809	g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
810	g_return_val_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction), NULL);
811	g_return_val_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable), NULL);
812	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
813	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL);
814	return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self,
815	certificate,
816	interaction,
817	flags,
818	cancellable,
819	error);
820	}
821
822	/**
823	* g_tls_database_lookup_certificate_issuer_async:
824	* @self: a #GTlsDatabase
825	* @certificate: a #GTlsCertificate
826	* @interaction: (nullable): used to interact with the user if necessary
827	* @flags: flags which affect the lookup operation
828	* @cancellable: (nullable): a #GCancellable, or %NULL
829	* @callback: callback to call when the operation completes
830	* @user_data: the data to pass to the callback function
831	*
832	* Asynchronously look up the issuer of @certificate in the database. See
833	* g_tls_database_lookup_certificate_issuer() for more information.
834	*
835	* Since: 2.30
836	*/
837	void
838	g_tls_database_lookup_certificate_issuer_async (GTlsDatabase *self,
839	GTlsCertificate *certificate,
840	GTlsInteraction *interaction,
841	GTlsDatabaseLookupFlags flags,
842	GCancellable *cancellable,
843	GAsyncReadyCallback callback,
844	gpointer user_data)
845	{
846	g_return_if_fail (G_IS_TLS_DATABASE (self));
847	g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
848	g_return_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction));
849	g_return_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable));
850	g_return_if_fail (callback != NULL);
851	g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async);
852	G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async (self,
853	certificate,
854	interaction,
855	flags,
856	cancellable,
857	callback,
858	user_data);
859	}
860
861	/**
862	* g_tls_database_lookup_certificate_issuer_finish:
863	* @self: a #GTlsDatabase
864	* @result: a #GAsyncResult.
865	* @error: a #GError pointer, or %NULL
866	*
867	* Finish an asynchronous lookup issuer operation. See
868	* g_tls_database_lookup_certificate_issuer() for more information.
869	*
870	* Returns: (transfer full): a newly allocated issuer #GTlsCertificate,
871	* or %NULL. Use g_object_unref() to release the certificate.
872	*
873	* Since: 2.30
874	*/
875	GTlsCertificate*
876	g_tls_database_lookup_certificate_issuer_finish (GTlsDatabase *self,
877	GAsyncResult *result,
878	GError **error)
879	{
880	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
881	g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
882	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
883	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish, NULL);
884	return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish (self,
885	result,
886	error);
887	}
888
889	/**
890	* g_tls_database_lookup_certificates_issued_by:
891	* @self: a #GTlsDatabase
892	* @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
893	* @interaction: (nullable): used to interact with the user if necessary
894	* @flags: Flags which affect the lookup operation.
895	* @cancellable: (nullable): a #GCancellable, or %NULL
896	* @error: (nullable): a #GError, or %NULL
897	*
898	* Look up certificates issued by this issuer in the database.
899	*
900	* This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
901	* the lookup operation asynchronously.
902	*
903	* Returns: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
904	* objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
905	*
906	* Since: 2.30
907	*/
908	GList*
909	g_tls_database_lookup_certificates_issued_by (GTlsDatabase *self,
910	GByteArray *issuer_raw_dn,
911	GTlsInteraction *interaction,
912	GTlsDatabaseLookupFlags flags,
913	GCancellable *cancellable,
914	GError **error)
915	{
916	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
917	g_return_val_if_fail (issuer_raw_dn, NULL);
918	g_return_val_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction), NULL);
919	g_return_val_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable), NULL);
920	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
921	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL);
922	return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self,
923	issuer_raw_dn,
924	interaction,
925	flags,
926	cancellable,
927	error);
928	}
929
930	/**
931	* g_tls_database_lookup_certificates_issued_by_async:
932	* @self: a #GTlsDatabase
933	* @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
934	* @interaction: (nullable): used to interact with the user if necessary
935	* @flags: Flags which affect the lookup operation.
936	* @cancellable: (nullable): a #GCancellable, or %NULL
937	* @callback: callback to call when the operation completes
938	* @user_data: the data to pass to the callback function
939	*
940	* Asynchronously look up certificates issued by this issuer in the database. See
941	* g_tls_database_lookup_certificates_issued_by() for more information.
942	*
943	* The database may choose to hold a reference to the issuer byte array for the duration
944	* of of this asynchronous operation. The byte array should not be modified during
945	* this time.
946	*
947	* Since: 2.30
948	*/
949	void
950	g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase *self,
951	GByteArray *issuer_raw_dn,
952	GTlsInteraction *interaction,
953	GTlsDatabaseLookupFlags flags,
954	GCancellable *cancellable,
955	GAsyncReadyCallback callback,
956	gpointer user_data)
957	{
958	g_return_if_fail (G_IS_TLS_DATABASE (self));
959	g_return_if_fail (issuer_raw_dn != NULL);
960	g_return_if_fail (interaction == NULL \|\| G_IS_TLS_INTERACTION (interaction));
961	g_return_if_fail (cancellable == NULL \|\| G_IS_CANCELLABLE (cancellable));
962	g_return_if_fail (callback != NULL);
963	g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async);
964	G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self,
965	issuer_raw_dn,
966	interaction,
967	flags,
968	cancellable,
969	callback,
970	user_data);
971	}
972
973	/**
974	* g_tls_database_lookup_certificates_issued_by_finish:
975	* @self: a #GTlsDatabase
976	* @result: a #GAsyncResult.
977	* @error: a #GError pointer, or %NULL
978	*
979	* Finish an asynchronous lookup of certificates. See
980	* g_tls_database_lookup_certificates_issued_by() for more information.
981	*
982	* Returns: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
983	* objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
984	*
985	* Since: 2.30
986	*/
987	GList*
988	g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase *self,
989	GAsyncResult *result,
990	GError **error)
991	{
992	g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
993	g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
994	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
995	g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL);
996	return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self,
997	result,
998	error);
999	}
1000

source code of gtk/subprojects/glib/gio/gtlsdatabase.c