gio/auto/dtls_client_connection.rs
1// This file was generated by gir (https://github.com/gtk-rs/gir)
2// from gir-files (https://github.com/gtk-rs/gir-files)
3// DO NOT EDIT
4#![allow(deprecated)]
5
6use crate::{ffi, DatagramBased, DtlsConnection, SocketConnectable, TlsCertificateFlags};
7use glib::{
8 prelude::*,
9 signal::{connect_raw, SignalHandlerId},
10 translate::*,
11};
12use std::boxed::Box as Box_;
13
14glib::wrapper! {
15 /// `GDtlsClientConnection` is the client-side subclass of
16 /// [`DtlsConnection`][crate::DtlsConnection], representing a client-side DTLS connection.
17 ///
18 /// ## Properties
19 ///
20 ///
21 /// #### `accepted-cas`
22 /// A list of the distinguished names of the Certificate Authorities
23 /// that the server will accept client certificates signed by. If the
24 /// server requests a client certificate during the handshake, then
25 /// this property will be set after the handshake completes.
26 ///
27 /// Each item in the list is a #GByteArray which contains the complete
28 /// subject DN of the certificate authority.
29 ///
30 /// Readable
31 ///
32 ///
33 /// #### `server-identity`
34 /// A #GSocketConnectable describing the identity of the server that
35 /// is expected on the other end of the connection.
36 ///
37 /// If the [`TlsCertificateFlags::BAD_IDENTITY`][crate::TlsCertificateFlags::BAD_IDENTITY] flag is set in
38 /// #GDtlsClientConnection:validation-flags, this object will be used
39 /// to determine the expected identify of the remote end of the
40 /// connection; if #GDtlsClientConnection:server-identity is not set,
41 /// or does not match the identity presented by the server, then the
42 /// [`TlsCertificateFlags::BAD_IDENTITY`][crate::TlsCertificateFlags::BAD_IDENTITY] validation will fail.
43 ///
44 /// In addition to its use in verifying the server certificate,
45 /// this is also used to give a hint to the server about what
46 /// certificate we expect, which is useful for servers that serve
47 /// virtual hosts.
48 ///
49 /// Readable | Writeable | Construct
50 ///
51 ///
52 /// #### `validation-flags`
53 /// What steps to perform when validating a certificate received from
54 /// a server. Server certificates that fail to validate in any of the
55 /// ways indicated here will be rejected unless the application
56 /// overrides the default via #GDtlsConnection::accept-certificate.
57 ///
58 /// GLib guarantees that if certificate verification fails, at least one
59 /// flag will be set, but it does not guarantee that all possible flags
60 /// will be set. Accordingly, you may not safely decide to ignore any
61 /// particular type of error. For example, it would be incorrect to mask
62 /// [`TlsCertificateFlags::EXPIRED`][crate::TlsCertificateFlags::EXPIRED] if you want to allow expired certificates,
63 /// because this could potentially be the only error flag set even if
64 /// other problems exist with the certificate. Therefore, there is no
65 /// safe way to use this property. This is not a horrible problem,
66 /// though, because you should not be attempting to ignore validation
67 /// errors anyway. If you really must ignore TLS certificate errors,
68 /// connect to #GDtlsConnection::accept-certificate.
69 ///
70 /// Readable | Writeable | Construct
71 /// <details><summary><h4>DtlsConnection</h4></summary>
72 ///
73 ///
74 /// #### `advertised-protocols`
75 /// The list of application-layer protocols that the connection
76 /// advertises that it is willing to speak. See
77 /// g_dtls_connection_set_advertised_protocols().
78 ///
79 /// Readable | Writeable
80 ///
81 ///
82 /// #### `base-socket`
83 /// The #GDatagramBased that the connection wraps. Note that this may be any
84 /// implementation of #GDatagramBased, not just a #GSocket.
85 ///
86 /// Readable | Writeable | Construct Only
87 ///
88 ///
89 /// #### `certificate`
90 /// The connection's certificate; see
91 /// g_dtls_connection_set_certificate().
92 ///
93 /// Readable | Writeable
94 ///
95 ///
96 /// #### `ciphersuite-name`
97 /// The name of the DTLS ciphersuite in use. See g_dtls_connection_get_ciphersuite_name().
98 ///
99 /// Readable
100 ///
101 ///
102 /// #### `database`
103 /// The certificate database to use when verifying this TLS connection.
104 /// If no certificate database is set, then the default database will be
105 /// used. See g_tls_backend_get_default_database().
106 ///
107 /// When using a non-default database, #GDtlsConnection must fall back to using
108 /// the #GTlsDatabase to perform certificate verification using
109 /// g_tls_database_verify_chain(), which means certificate verification will
110 /// not be able to make use of TLS session context. This may be less secure.
111 /// For example, if you create your own #GTlsDatabase that just wraps the
112 /// default #GTlsDatabase, you might expect that you have not changed anything,
113 /// but this is not true because you may have altered the behavior of
114 /// #GDtlsConnection by causing it to use g_tls_database_verify_chain(). See the
115 /// documentation of g_tls_database_verify_chain() for more details on specific
116 /// security checks that may not be performed. Accordingly, setting a
117 /// non-default database is discouraged except for specialty applications with
118 /// unusual security requirements.
119 ///
120 /// Readable | Writeable
121 ///
122 ///
123 /// #### `interaction`
124 /// A #GTlsInteraction object to be used when the connection or certificate
125 /// database need to interact with the user. This will be used to prompt the
126 /// user for passwords where necessary.
127 ///
128 /// Readable | Writeable
129 ///
130 ///
131 /// #### `negotiated-protocol`
132 /// The application-layer protocol negotiated during the TLS
133 /// handshake. See g_dtls_connection_get_negotiated_protocol().
134 ///
135 /// Readable
136 ///
137 ///
138 /// #### `peer-certificate`
139 /// The connection's peer's certificate, after the TLS handshake has
140 /// completed or failed. Note in particular that this is not yet set
141 /// during the emission of #GDtlsConnection::accept-certificate.
142 ///
143 /// (You can watch for a #GObject::notify signal on this property to
144 /// detect when a handshake has occurred.)
145 ///
146 /// Readable
147 ///
148 ///
149 /// #### `peer-certificate-errors`
150 /// The errors noticed while verifying
151 /// #GDtlsConnection:peer-certificate. Normally this should be 0, but
152 /// it may not be if #GDtlsClientConnection:validation-flags is not
153 /// [`TlsCertificateFlags::VALIDATE_ALL`][crate::TlsCertificateFlags::VALIDATE_ALL], or if
154 /// #GDtlsConnection::accept-certificate overrode the default
155 /// behavior.
156 ///
157 /// GLib guarantees that if certificate verification fails, at least
158 /// one error will be set, but it does not guarantee that all possible
159 /// errors will be set. Accordingly, you may not safely decide to
160 /// ignore any particular type of error. For example, it would be
161 /// incorrect to mask [`TlsCertificateFlags::EXPIRED`][crate::TlsCertificateFlags::EXPIRED] if you want to allow
162 /// expired certificates, because this could potentially be the only
163 /// error flag set even if other problems exist with the certificate.
164 ///
165 /// Readable
166 ///
167 ///
168 /// #### `protocol-version`
169 /// The DTLS protocol version in use. See g_dtls_connection_get_protocol_version().
170 ///
171 /// Readable
172 ///
173 ///
174 /// #### `rehandshake-mode`
175 /// The rehandshaking mode. See
176 /// g_dtls_connection_set_rehandshake_mode().
177 ///
178 /// Readable | Writeable | Construct
179 ///
180 ///
181 /// #### `require-close-notify`
182 /// Whether or not proper TLS close notification is required.
183 /// See g_dtls_connection_set_require_close_notify().
184 ///
185 /// Readable | Writeable | Construct
186 /// </details>
187 ///
188 /// # Implements
189 ///
190 /// [`DtlsClientConnectionExt`][trait@crate::prelude::DtlsClientConnectionExt], [`DatagramBasedExt`][trait@crate::prelude::DatagramBasedExt], [`DtlsConnectionExt`][trait@crate::prelude::DtlsConnectionExt], [`DatagramBasedExtManual`][trait@crate::prelude::DatagramBasedExtManual]
191 #[doc(alias = "GDtlsClientConnection")]
192 pub struct DtlsClientConnection(Interface<ffi::GDtlsClientConnection, ffi::GDtlsClientConnectionInterface>) @requires DatagramBased, DtlsConnection;
193
194 match fn {
195 type_ => || ffi::g_dtls_client_connection_get_type(),
196 }
197}
198
199impl DtlsClientConnection {
200 pub const NONE: Option<&'static DtlsClientConnection> = None;
201
202 /// Creates a new #GDtlsClientConnection wrapping @base_socket which is
203 /// assumed to communicate with the server identified by @server_identity.
204 /// ## `base_socket`
205 /// the #GDatagramBased to wrap
206 /// ## `server_identity`
207 /// the expected identity of the server
208 ///
209 /// # Returns
210 ///
211 /// the new
212 /// #GDtlsClientConnection, or [`None`] on error
213 #[doc(alias = "g_dtls_client_connection_new")]
214 pub fn new(
215 base_socket: &impl IsA<DatagramBased>,
216 server_identity: Option<&impl IsA<SocketConnectable>>,
217 ) -> Result<DtlsClientConnection, glib::Error> {
218 unsafe {
219 let mut error = std::ptr::null_mut();
220 let ret = ffi::g_dtls_client_connection_new(
221 base_socket.as_ref().to_glib_none().0,
222 server_identity.map(|p| p.as_ref()).to_glib_none().0,
223 &mut error,
224 );
225 if error.is_null() {
226 Ok(from_glib_full(ret))
227 } else {
228 Err(from_glib_full(error))
229 }
230 }
231 }
232}
233
234/// Trait containing all [`struct@DtlsClientConnection`] methods.
235///
236/// # Implementors
237///
238/// [`DtlsClientConnection`][struct@crate::DtlsClientConnection]
239pub trait DtlsClientConnectionExt: IsA<DtlsClientConnection> + 'static {
240 /// Gets the list of distinguished names of the Certificate Authorities
241 /// that the server will accept certificates from. This will be set
242 /// during the TLS handshake if the server requests a certificate.
243 /// Otherwise, it will be [`None`].
244 ///
245 /// Each item in the list is a #GByteArray which contains the complete
246 /// subject DN of the certificate authority.
247 ///
248 /// # Returns
249 ///
250 /// the list of
251 /// CA DNs. You should unref each element with g_byte_array_unref() and then
252 /// the free the list with g_list_free().
253 #[doc(alias = "g_dtls_client_connection_get_accepted_cas")]
254 #[doc(alias = "get_accepted_cas")]
255 #[doc(alias = "accepted-cas")]
256 fn accepted_cas(&self) -> Vec<glib::ByteArray> {
257 unsafe {
258 FromGlibPtrContainer::from_glib_full(ffi::g_dtls_client_connection_get_accepted_cas(
259 self.as_ref().to_glib_none().0,
260 ))
261 }
262 }
263
264 /// Gets @self's expected server identity
265 ///
266 /// # Returns
267 ///
268 /// a #GSocketConnectable describing the
269 /// expected server identity, or [`None`] if the expected identity is not
270 /// known.
271 #[doc(alias = "g_dtls_client_connection_get_server_identity")]
272 #[doc(alias = "get_server_identity")]
273 #[doc(alias = "server-identity")]
274 fn server_identity(&self) -> SocketConnectable {
275 unsafe {
276 from_glib_none(ffi::g_dtls_client_connection_get_server_identity(
277 self.as_ref().to_glib_none().0,
278 ))
279 }
280 }
281
282 /// Gets @self's validation flags
283 ///
284 /// This function does not work as originally designed and is impossible
285 /// to use correctly. See #GDtlsClientConnection:validation-flags for more
286 /// information.
287 ///
288 /// # Deprecated since 2.74
289 ///
290 /// Do not attempt to ignore validation errors.
291 ///
292 /// # Returns
293 ///
294 /// the validation flags
295 #[cfg_attr(feature = "v2_74", deprecated = "Since 2.74")]
296 #[allow(deprecated)]
297 #[doc(alias = "g_dtls_client_connection_get_validation_flags")]
298 #[doc(alias = "get_validation_flags")]
299 #[doc(alias = "validation-flags")]
300 fn validation_flags(&self) -> TlsCertificateFlags {
301 unsafe {
302 from_glib(ffi::g_dtls_client_connection_get_validation_flags(
303 self.as_ref().to_glib_none().0,
304 ))
305 }
306 }
307
308 /// Sets @self's expected server identity, which is used both to tell
309 /// servers on virtual hosts which certificate to present, and also
310 /// to let @self know what name to look for in the certificate when
311 /// performing [`TlsCertificateFlags::BAD_IDENTITY`][crate::TlsCertificateFlags::BAD_IDENTITY] validation, if enabled.
312 /// ## `identity`
313 /// a #GSocketConnectable describing the expected server identity
314 #[doc(alias = "g_dtls_client_connection_set_server_identity")]
315 #[doc(alias = "server-identity")]
316 fn set_server_identity(&self, identity: &impl IsA<SocketConnectable>) {
317 unsafe {
318 ffi::g_dtls_client_connection_set_server_identity(
319 self.as_ref().to_glib_none().0,
320 identity.as_ref().to_glib_none().0,
321 );
322 }
323 }
324
325 /// Sets @self's validation flags, to override the default set of
326 /// checks performed when validating a server certificate. By default,
327 /// [`TlsCertificateFlags::VALIDATE_ALL`][crate::TlsCertificateFlags::VALIDATE_ALL] is used.
328 ///
329 /// This function does not work as originally designed and is impossible
330 /// to use correctly. See #GDtlsClientConnection:validation-flags for more
331 /// information.
332 ///
333 /// # Deprecated since 2.74
334 ///
335 /// Do not attempt to ignore validation errors.
336 /// ## `flags`
337 /// the #GTlsCertificateFlags to use
338 #[cfg_attr(feature = "v2_74", deprecated = "Since 2.74")]
339 #[allow(deprecated)]
340 #[doc(alias = "g_dtls_client_connection_set_validation_flags")]
341 #[doc(alias = "validation-flags")]
342 fn set_validation_flags(&self, flags: TlsCertificateFlags) {
343 unsafe {
344 ffi::g_dtls_client_connection_set_validation_flags(
345 self.as_ref().to_glib_none().0,
346 flags.into_glib(),
347 );
348 }
349 }
350
351 #[doc(alias = "accepted-cas")]
352 fn connect_accepted_cas_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
353 unsafe extern "C" fn notify_accepted_cas_trampoline<
354 P: IsA<DtlsClientConnection>,
355 F: Fn(&P) + 'static,
356 >(
357 this: *mut ffi::GDtlsClientConnection,
358 _param_spec: glib::ffi::gpointer,
359 f: glib::ffi::gpointer,
360 ) {
361 let f: &F = &*(f as *const F);
362 f(DtlsClientConnection::from_glib_borrow(this).unsafe_cast_ref())
363 }
364 unsafe {
365 let f: Box_<F> = Box_::new(f);
366 connect_raw(
367 self.as_ptr() as *mut _,
368 c"notify::accepted-cas".as_ptr() as *const _,
369 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
370 notify_accepted_cas_trampoline::<Self, F> as *const (),
371 )),
372 Box_::into_raw(f),
373 )
374 }
375 }
376
377 #[doc(alias = "server-identity")]
378 fn connect_server_identity_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
379 unsafe extern "C" fn notify_server_identity_trampoline<
380 P: IsA<DtlsClientConnection>,
381 F: Fn(&P) + 'static,
382 >(
383 this: *mut ffi::GDtlsClientConnection,
384 _param_spec: glib::ffi::gpointer,
385 f: glib::ffi::gpointer,
386 ) {
387 let f: &F = &*(f as *const F);
388 f(DtlsClientConnection::from_glib_borrow(this).unsafe_cast_ref())
389 }
390 unsafe {
391 let f: Box_<F> = Box_::new(f);
392 connect_raw(
393 self.as_ptr() as *mut _,
394 c"notify::server-identity".as_ptr() as *const _,
395 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
396 notify_server_identity_trampoline::<Self, F> as *const (),
397 )),
398 Box_::into_raw(f),
399 )
400 }
401 }
402
403 #[cfg_attr(feature = "v2_74", deprecated = "Since 2.74")]
404 #[doc(alias = "validation-flags")]
405 fn connect_validation_flags_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
406 unsafe extern "C" fn notify_validation_flags_trampoline<
407 P: IsA<DtlsClientConnection>,
408 F: Fn(&P) + 'static,
409 >(
410 this: *mut ffi::GDtlsClientConnection,
411 _param_spec: glib::ffi::gpointer,
412 f: glib::ffi::gpointer,
413 ) {
414 let f: &F = &*(f as *const F);
415 f(DtlsClientConnection::from_glib_borrow(this).unsafe_cast_ref())
416 }
417 unsafe {
418 let f: Box_<F> = Box_::new(f);
419 connect_raw(
420 self.as_ptr() as *mut _,
421 c"notify::validation-flags".as_ptr() as *const _,
422 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
423 notify_validation_flags_trampoline::<Self, F> as *const (),
424 )),
425 Box_::into_raw(f),
426 )
427 }
428 }
429}
430
431impl<O: IsA<DtlsClientConnection>> DtlsClientConnectionExt for O {}