gio/auto/tls_certificate.rs
1// This file was generated by gir (https://github.com/gtk-rs/gir)
2// from gir-files (https://github.com/gtk-rs/gir-files)
3// DO NOT EDIT
4
5#[cfg(feature = "v2_70")]
6#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
7use crate::InetAddress;
8use crate::{ffi, SocketConnectable, TlsCertificateFlags};
9#[cfg(feature = "v2_70")]
10#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
11use glib::signal::{connect_raw, SignalHandlerId};
12use glib::{prelude::*, translate::*};
13#[cfg(feature = "v2_70")]
14#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
15use std::boxed::Box as Box_;
16
17glib::wrapper! {
18 /// A certificate used for TLS authentication and encryption.
19 /// This can represent either a certificate only (eg, the certificate
20 /// received by a client from a server), or the combination of
21 /// a certificate and a private key (which is needed when acting as a
22 /// [`TlsServerConnection`][crate::TlsServerConnection]).
23 ///
24 /// This is an Abstract Base Class, you cannot instantiate it.
25 ///
26 /// ## Properties
27 ///
28 ///
29 /// #### `certificate`
30 /// The DER (binary) encoded representation of the certificate.
31 /// This property and the #GTlsCertificate:certificate-pem property
32 /// represent the same data, just in different forms.
33 ///
34 /// Readable | Writeable | Construct Only
35 ///
36 ///
37 /// #### `certificate-pem`
38 /// The PEM (ASCII) encoded representation of the certificate.
39 /// This property and the #GTlsCertificate:certificate
40 /// property represent the same data, just in different forms.
41 ///
42 /// Readable | Writeable | Construct Only
43 ///
44 ///
45 /// #### `dns-names`
46 /// The DNS names from the certificate's Subject Alternative Names (SANs),
47 /// [`None`] if unavailable.
48 ///
49 /// Readable
50 ///
51 ///
52 /// #### `ip-addresses`
53 /// The IP addresses from the certificate's Subject Alternative Names (SANs),
54 /// [`None`] if unavailable.
55 ///
56 /// Readable
57 ///
58 ///
59 /// #### `issuer`
60 /// A #GTlsCertificate representing the entity that issued this
61 /// certificate. If [`None`], this means that the certificate is either
62 /// self-signed, or else the certificate of the issuer is not
63 /// available.
64 ///
65 /// Beware the issuer certificate may not be the same as the
66 /// certificate that would actually be used to construct a valid
67 /// certification path during certificate verification.
68 /// [RFC 4158](https://datatracker.ietf.org/doc/html/rfc4158) explains
69 /// why an issuer certificate cannot be naively assumed to be part of the
70 /// the certification path (though GLib's TLS backends may not follow the
71 /// path building strategies outlined in this RFC). Due to the complexity
72 /// of certification path building, GLib does not provide any way to know
73 /// which certification path will actually be used. Accordingly, this
74 /// property cannot be used to make security-related decisions. Only
75 /// GLib itself should make security decisions about TLS certificates.
76 ///
77 /// Readable | Writeable | Construct Only
78 ///
79 ///
80 /// #### `issuer-name`
81 /// The issuer from the certificate,
82 /// [`None`] if unavailable.
83 ///
84 /// Readable
85 ///
86 ///
87 /// #### `not-valid-after`
88 /// The time at which this cert is no longer valid,
89 /// [`None`] if unavailable.
90 ///
91 /// Readable
92 ///
93 ///
94 /// #### `not-valid-before`
95 /// The time at which this cert is considered to be valid,
96 /// [`None`] if unavailable.
97 ///
98 /// Readable
99 ///
100 ///
101 /// #### `password`
102 /// An optional password used when constructed with GTlsCertificate:pkcs12-data.
103 ///
104 /// Writeable | Construct Only
105 ///
106 ///
107 /// #### `pkcs11-uri`
108 /// A URI referencing the [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
109 /// objects containing an X.509 certificate and optionally a private key.
110 ///
111 /// If [`None`], the certificate is either not backed by PKCS \#11 or the
112 /// #GTlsBackend does not support PKCS \#11.
113 ///
114 /// Readable | Writeable | Construct Only
115 ///
116 ///
117 /// #### `pkcs12-data`
118 /// The PKCS #12 formatted data used to construct the object.
119 ///
120 /// See also: g_tls_certificate_new_from_pkcs12()
121 ///
122 /// Writeable | Construct Only
123 ///
124 ///
125 /// #### `private-key`
126 /// The DER (binary) encoded representation of the certificate's
127 /// private key, in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
128 /// or unencrypted [PKCS \#8 format.](https://datatracker.ietf.org/doc/html/rfc5208)
129 /// PKCS \#8 format is supported since 2.32; earlier releases only
130 /// support PKCS \#1. You can use the `openssl rsa` tool to convert
131 /// PKCS \#8 keys to PKCS \#1.
132 ///
133 /// This property (or the #GTlsCertificate:private-key-pem property)
134 /// can be set when constructing a key (for example, from a file).
135 /// Since GLib 2.70, it is now also readable; however, be aware that if
136 /// the private key is backed by a PKCS \#11 URI – for example, if it
137 /// is stored on a smartcard – then this property will be [`None`]. If so,
138 /// the private key must be referenced via its PKCS \#11 URI,
139 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
140 /// properties to see if the certificate really has a private key.
141 /// When this property is read, the output format will be unencrypted
142 /// PKCS \#8.
143 ///
144 /// Readable | Writeable | Construct Only
145 ///
146 ///
147 /// #### `private-key-pem`
148 /// The PEM (ASCII) encoded representation of the certificate's
149 /// private key in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
150 /// ("`BEGIN RSA PRIVATE KEY`") or unencrypted
151 /// [PKCS \#8 format](https://datatracker.ietf.org/doc/html/rfc5208)
152 /// ("`BEGIN PRIVATE KEY`"). PKCS \#8 format is supported since 2.32;
153 /// earlier releases only support PKCS \#1. You can use the `openssl rsa`
154 /// tool to convert PKCS \#8 keys to PKCS \#1.
155 ///
156 /// This property (or the #GTlsCertificate:private-key property)
157 /// can be set when constructing a key (for example, from a file).
158 /// Since GLib 2.70, it is now also readable; however, be aware that if
159 /// the private key is backed by a PKCS \#11 URI - for example, if it
160 /// is stored on a smartcard - then this property will be [`None`]. If so,
161 /// the private key must be referenced via its PKCS \#11 URI,
162 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
163 /// properties to see if the certificate really has a private key.
164 /// When this property is read, the output format will be unencrypted
165 /// PKCS \#8.
166 ///
167 /// Readable | Writeable | Construct Only
168 ///
169 ///
170 /// #### `private-key-pkcs11-uri`
171 /// A URI referencing a [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
172 /// object containing a private key.
173 ///
174 /// Readable | Writeable | Construct Only
175 ///
176 ///
177 /// #### `subject-name`
178 /// The subject from the cert,
179 /// [`None`] if unavailable.
180 ///
181 /// Readable
182 ///
183 /// # Implements
184 ///
185 /// [`TlsCertificateExt`][trait@crate::prelude::TlsCertificateExt], [`trait@glib::ObjectExt`]
186 #[doc(alias = "GTlsCertificate")]
187 pub struct TlsCertificate(Object<ffi::GTlsCertificate, ffi::GTlsCertificateClass>);
188
189 match fn {
190 type_ => || ffi::g_tls_certificate_get_type(),
191 }
192}
193
194impl TlsCertificate {
195 pub const NONE: Option<&'static TlsCertificate> = None;
196
197 /// Creates a #GTlsCertificate from the data in @file.
198 ///
199 /// As of 2.72, if the filename ends in `.p12` or `.pfx` the data is loaded by
200 /// g_tls_certificate_new_from_pkcs12() otherwise it is loaded by
201 /// g_tls_certificate_new_from_pem(). See those functions for
202 /// exact details.
203 ///
204 /// If @file cannot be read or parsed, the function will return [`None`] and
205 /// set @error.
206 /// ## `file`
207 /// file containing a certificate to import
208 ///
209 /// # Returns
210 ///
211 /// the new certificate, or [`None`] on error
212 #[doc(alias = "g_tls_certificate_new_from_file")]
213 #[doc(alias = "new_from_file")]
214 pub fn from_file(file: impl AsRef<std::path::Path>) -> Result<TlsCertificate, glib::Error> {
215 unsafe {
216 let mut error = std::ptr::null_mut();
217 let ret =
218 ffi::g_tls_certificate_new_from_file(file.as_ref().to_glib_none().0, &mut error);
219 if error.is_null() {
220 Ok(from_glib_full(ret))
221 } else {
222 Err(from_glib_full(error))
223 }
224 }
225 }
226
227 /// Creates a #GTlsCertificate from the data in @file.
228 ///
229 /// If @file cannot be read or parsed, the function will return [`None`] and
230 /// set @error.
231 ///
232 /// Any unknown file types will error with [`IOErrorEnum::NotSupported`][crate::IOErrorEnum::NotSupported].
233 /// Currently only `.p12` and `.pfx` files are supported.
234 /// See g_tls_certificate_new_from_pkcs12() for more details.
235 /// ## `file`
236 /// file containing a certificate to import
237 /// ## `password`
238 /// password for PKCS #12 files
239 ///
240 /// # Returns
241 ///
242 /// the new certificate, or [`None`] on error
243 #[cfg(feature = "v2_72")]
244 #[cfg_attr(docsrs, doc(cfg(feature = "v2_72")))]
245 #[doc(alias = "g_tls_certificate_new_from_file_with_password")]
246 #[doc(alias = "new_from_file_with_password")]
247 pub fn from_file_with_password(
248 file: impl AsRef<std::path::Path>,
249 password: &str,
250 ) -> Result<TlsCertificate, glib::Error> {
251 unsafe {
252 let mut error = std::ptr::null_mut();
253 let ret = ffi::g_tls_certificate_new_from_file_with_password(
254 file.as_ref().to_glib_none().0,
255 password.to_glib_none().0,
256 &mut error,
257 );
258 if error.is_null() {
259 Ok(from_glib_full(ret))
260 } else {
261 Err(from_glib_full(error))
262 }
263 }
264 }
265
266 /// Creates a #GTlsCertificate from the PEM-encoded data in @cert_file
267 /// and @key_file. The returned certificate will be the first certificate
268 /// found in @cert_file. As of GLib 2.44, if @cert_file contains more
269 /// certificates it will try to load a certificate chain. All
270 /// certificates will be verified in the order found (top-level
271 /// certificate should be the last one in the file) and the
272 /// #GTlsCertificate:issuer property of each certificate will be set
273 /// accordingly if the verification succeeds. If any certificate in the
274 /// chain cannot be verified, the first certificate in the file will
275 /// still be returned.
276 ///
277 /// If either file cannot be read or parsed, the function will return
278 /// [`None`] and set @error. Otherwise, this behaves like
279 /// g_tls_certificate_new_from_pem().
280 /// ## `cert_file`
281 /// file containing one or more PEM-encoded
282 /// certificates to import
283 /// ## `key_file`
284 /// file containing a PEM-encoded private key
285 /// to import
286 ///
287 /// # Returns
288 ///
289 /// the new certificate, or [`None`] on error
290 #[doc(alias = "g_tls_certificate_new_from_files")]
291 #[doc(alias = "new_from_files")]
292 pub fn from_files(
293 cert_file: impl AsRef<std::path::Path>,
294 key_file: impl AsRef<std::path::Path>,
295 ) -> Result<TlsCertificate, glib::Error> {
296 unsafe {
297 let mut error = std::ptr::null_mut();
298 let ret = ffi::g_tls_certificate_new_from_files(
299 cert_file.as_ref().to_glib_none().0,
300 key_file.as_ref().to_glib_none().0,
301 &mut error,
302 );
303 if error.is_null() {
304 Ok(from_glib_full(ret))
305 } else {
306 Err(from_glib_full(error))
307 }
308 }
309 }
310
311 /// Creates a #GTlsCertificate from the PEM-encoded data in @data. If
312 /// @data includes both a certificate and a private key, then the
313 /// returned certificate will include the private key data as well. (See
314 /// the #GTlsCertificate:private-key-pem property for information about
315 /// supported formats.)
316 ///
317 /// The returned certificate will be the first certificate found in
318 /// @data. As of GLib 2.44, if @data contains more certificates it will
319 /// try to load a certificate chain. All certificates will be verified in
320 /// the order found (top-level certificate should be the last one in the
321 /// file) and the #GTlsCertificate:issuer property of each certificate
322 /// will be set accordingly if the verification succeeds. If any
323 /// certificate in the chain cannot be verified, the first certificate in
324 /// the file will still be returned.
325 /// ## `data`
326 /// PEM-encoded certificate data
327 /// ## `length`
328 /// the length of @data, or -1 if it's 0-terminated.
329 ///
330 /// # Returns
331 ///
332 /// the new certificate, or [`None`] if @data is invalid
333 #[doc(alias = "g_tls_certificate_new_from_pem")]
334 #[doc(alias = "new_from_pem")]
335 pub fn from_pem(data: &str) -> Result<TlsCertificate, glib::Error> {
336 let length = data.len() as _;
337 unsafe {
338 let mut error = std::ptr::null_mut();
339 let ret =
340 ffi::g_tls_certificate_new_from_pem(data.to_glib_none().0, length, &mut error);
341 if error.is_null() {
342 Ok(from_glib_full(ret))
343 } else {
344 Err(from_glib_full(error))
345 }
346 }
347 }
348
349 /// Creates a #GTlsCertificate from a
350 /// [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html) URI.
351 ///
352 /// An example @pkcs11_uri would be `pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My`20Client``20Certificate`;id=`01``
353 ///
354 /// Where the token’s layout is:
355 ///
356 ///
357 /// ```text
358 /// Object 0:
359 /// URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=private%20key;type=private
360 /// Type: Private key (RSA-2048)
361 /// ID: 01
362 ///
363 /// Object 1:
364 /// URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=Certificate%20for%20Authentication;type=cert
365 /// Type: X.509 Certificate (RSA-2048)
366 /// ID: 01
367 /// ```
368 ///
369 /// In this case the certificate and private key would both be detected and used as expected.
370 /// @pkcs_uri may also just reference an X.509 certificate object and then optionally
371 /// @private_key_pkcs11_uri allows using a private key exposed under a different URI.
372 ///
373 /// Note that the private key is not accessed until usage and may fail or require a PIN later.
374 /// ## `pkcs11_uri`
375 /// A PKCS \#11 URI
376 /// ## `private_key_pkcs11_uri`
377 /// A PKCS \#11 URI
378 ///
379 /// # Returns
380 ///
381 /// the new certificate, or [`None`] on error
382 #[cfg(feature = "v2_68")]
383 #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
384 #[doc(alias = "g_tls_certificate_new_from_pkcs11_uris")]
385 #[doc(alias = "new_from_pkcs11_uris")]
386 pub fn from_pkcs11_uris(
387 pkcs11_uri: &str,
388 private_key_pkcs11_uri: Option<&str>,
389 ) -> Result<TlsCertificate, glib::Error> {
390 unsafe {
391 let mut error = std::ptr::null_mut();
392 let ret = ffi::g_tls_certificate_new_from_pkcs11_uris(
393 pkcs11_uri.to_glib_none().0,
394 private_key_pkcs11_uri.to_glib_none().0,
395 &mut error,
396 );
397 if error.is_null() {
398 Ok(from_glib_full(ret))
399 } else {
400 Err(from_glib_full(error))
401 }
402 }
403 }
404
405 /// Creates a #GTlsCertificate from the data in @data. It must contain
406 /// a certificate and matching private key.
407 ///
408 /// If extra certificates are included they will be verified as a chain
409 /// and the #GTlsCertificate:issuer property will be set.
410 /// All other data will be ignored.
411 ///
412 /// You can pass as single password for all of the data which will be
413 /// used both for the PKCS #12 container as well as encrypted
414 /// private keys. If decryption fails it will error with
415 /// [`TlsError::BadCertificatePassword`][crate::TlsError::BadCertificatePassword].
416 ///
417 /// This constructor requires support in the current #GTlsBackend.
418 /// If support is missing it will error with
419 /// [`IOErrorEnum::NotSupported`][crate::IOErrorEnum::NotSupported].
420 ///
421 /// Other parsing failures will error with [`TlsError::BadCertificate`][crate::TlsError::BadCertificate].
422 /// ## `data`
423 /// DER-encoded PKCS #12 format certificate data
424 /// ## `password`
425 /// optional password for encrypted certificate data
426 ///
427 /// # Returns
428 ///
429 /// the new certificate, or [`None`] if @data is invalid
430 #[cfg(feature = "v2_72")]
431 #[cfg_attr(docsrs, doc(cfg(feature = "v2_72")))]
432 #[doc(alias = "g_tls_certificate_new_from_pkcs12")]
433 #[doc(alias = "new_from_pkcs12")]
434 pub fn from_pkcs12(data: &[u8], password: Option<&str>) -> Result<TlsCertificate, glib::Error> {
435 let length = data.len() as _;
436 unsafe {
437 let mut error = std::ptr::null_mut();
438 let ret = ffi::g_tls_certificate_new_from_pkcs12(
439 data.to_glib_none().0,
440 length,
441 password.to_glib_none().0,
442 &mut error,
443 );
444 if error.is_null() {
445 Ok(from_glib_full(ret))
446 } else {
447 Err(from_glib_full(error))
448 }
449 }
450 }
451
452 /// Creates one or more #GTlsCertificates from the PEM-encoded
453 /// data in @file. If @file cannot be read or parsed, the function will
454 /// return [`None`] and set @error. If @file does not contain any
455 /// PEM-encoded certificates, this will return an empty list and not
456 /// set @error.
457 /// ## `file`
458 /// file containing PEM-encoded certificates to import
459 ///
460 /// # Returns
461 ///
462 /// a
463 /// #GList containing #GTlsCertificate objects. You must free the list
464 /// and its contents when you are done with it.
465 #[doc(alias = "g_tls_certificate_list_new_from_file")]
466 pub fn list_new_from_file(
467 file: impl AsRef<std::path::Path>,
468 ) -> Result<Vec<TlsCertificate>, glib::Error> {
469 unsafe {
470 let mut error = std::ptr::null_mut();
471 let ret = ffi::g_tls_certificate_list_new_from_file(
472 file.as_ref().to_glib_none().0,
473 &mut error,
474 );
475 if error.is_null() {
476 Ok(FromGlibPtrContainer::from_glib_full(ret))
477 } else {
478 Err(from_glib_full(error))
479 }
480 }
481 }
482}
483
484/// Trait containing all [`struct@TlsCertificate`] methods.
485///
486/// # Implementors
487///
488/// [`TlsCertificate`][struct@crate::TlsCertificate]
489pub trait TlsCertificateExt: IsA<TlsCertificate> + 'static {
490 /// Gets the value of #GTlsCertificate:dns-names.
491 ///
492 /// # Returns
493 ///
494 /// A #GPtrArray of
495 /// #GBytes elements, or [`None`] if it's not available.
496 #[cfg(feature = "v2_70")]
497 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
498 #[doc(alias = "g_tls_certificate_get_dns_names")]
499 #[doc(alias = "get_dns_names")]
500 #[doc(alias = "dns-names")]
501 fn dns_names(&self) -> Vec<glib::Bytes> {
502 unsafe {
503 FromGlibPtrContainer::from_glib_container(ffi::g_tls_certificate_get_dns_names(
504 self.as_ref().to_glib_none().0,
505 ))
506 }
507 }
508
509 /// Gets the value of #GTlsCertificate:ip-addresses.
510 ///
511 /// # Returns
512 ///
513 /// A #GPtrArray
514 /// of #GInetAddress elements, or [`None`] if it's not available.
515 #[cfg(feature = "v2_70")]
516 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
517 #[doc(alias = "g_tls_certificate_get_ip_addresses")]
518 #[doc(alias = "get_ip_addresses")]
519 #[doc(alias = "ip-addresses")]
520 fn ip_addresses(&self) -> Vec<InetAddress> {
521 unsafe {
522 FromGlibPtrContainer::from_glib_container(ffi::g_tls_certificate_get_ip_addresses(
523 self.as_ref().to_glib_none().0,
524 ))
525 }
526 }
527
528 /// Gets the #GTlsCertificate representing @self's issuer, if known
529 ///
530 /// # Returns
531 ///
532 /// The certificate of @self's issuer,
533 /// or [`None`] if @self is self-signed or signed with an unknown
534 /// certificate.
535 #[doc(alias = "g_tls_certificate_get_issuer")]
536 #[doc(alias = "get_issuer")]
537 #[must_use]
538 fn issuer(&self) -> Option<TlsCertificate> {
539 unsafe {
540 from_glib_none(ffi::g_tls_certificate_get_issuer(
541 self.as_ref().to_glib_none().0,
542 ))
543 }
544 }
545
546 /// Returns the issuer name from the certificate.
547 ///
548 /// # Returns
549 ///
550 /// The issuer name, or [`None`] if it's not available.
551 #[cfg(feature = "v2_70")]
552 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
553 #[doc(alias = "g_tls_certificate_get_issuer_name")]
554 #[doc(alias = "get_issuer_name")]
555 #[doc(alias = "issuer-name")]
556 fn issuer_name(&self) -> Option<glib::GString> {
557 unsafe {
558 from_glib_full(ffi::g_tls_certificate_get_issuer_name(
559 self.as_ref().to_glib_none().0,
560 ))
561 }
562 }
563
564 /// Returns the time at which the certificate became or will become invalid.
565 ///
566 /// # Returns
567 ///
568 /// The not-valid-after date, or [`None`] if it's not available.
569 #[cfg(feature = "v2_70")]
570 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
571 #[doc(alias = "g_tls_certificate_get_not_valid_after")]
572 #[doc(alias = "get_not_valid_after")]
573 #[doc(alias = "not-valid-after")]
574 fn not_valid_after(&self) -> Option<glib::DateTime> {
575 unsafe {
576 from_glib_full(ffi::g_tls_certificate_get_not_valid_after(
577 self.as_ref().to_glib_none().0,
578 ))
579 }
580 }
581
582 /// Returns the time at which the certificate became or will become valid.
583 ///
584 /// # Returns
585 ///
586 /// The not-valid-before date, or [`None`] if it's not available.
587 #[cfg(feature = "v2_70")]
588 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
589 #[doc(alias = "g_tls_certificate_get_not_valid_before")]
590 #[doc(alias = "get_not_valid_before")]
591 #[doc(alias = "not-valid-before")]
592 fn not_valid_before(&self) -> Option<glib::DateTime> {
593 unsafe {
594 from_glib_full(ffi::g_tls_certificate_get_not_valid_before(
595 self.as_ref().to_glib_none().0,
596 ))
597 }
598 }
599
600 /// Returns the subject name from the certificate.
601 ///
602 /// # Returns
603 ///
604 /// The subject name, or [`None`] if it's not available.
605 #[cfg(feature = "v2_70")]
606 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
607 #[doc(alias = "g_tls_certificate_get_subject_name")]
608 #[doc(alias = "get_subject_name")]
609 #[doc(alias = "subject-name")]
610 fn subject_name(&self) -> Option<glib::GString> {
611 unsafe {
612 from_glib_full(ffi::g_tls_certificate_get_subject_name(
613 self.as_ref().to_glib_none().0,
614 ))
615 }
616 }
617
618 /// Check if two #GTlsCertificate objects represent the same certificate.
619 /// The raw DER byte data of the two certificates are checked for equality.
620 /// This has the effect that two certificates may compare equal even if
621 /// their #GTlsCertificate:issuer, #GTlsCertificate:private-key, or
622 /// #GTlsCertificate:private-key-pem properties differ.
623 /// ## `cert_two`
624 /// second certificate to compare
625 ///
626 /// # Returns
627 ///
628 /// whether the same or not
629 #[doc(alias = "g_tls_certificate_is_same")]
630 fn is_same(&self, cert_two: &impl IsA<TlsCertificate>) -> bool {
631 unsafe {
632 from_glib(ffi::g_tls_certificate_is_same(
633 self.as_ref().to_glib_none().0,
634 cert_two.as_ref().to_glib_none().0,
635 ))
636 }
637 }
638
639 /// This verifies @self and returns a set of #GTlsCertificateFlags
640 /// indicating any problems found with it. This can be used to verify a
641 /// certificate outside the context of making a connection, or to
642 /// check a certificate against a CA that is not part of the system
643 /// CA database.
644 ///
645 /// If @self is valid, `G_TLS_CERTIFICATE_NO_FLAGS` is returned.
646 ///
647 /// If @identity is not [`None`], @self's name(s) will be compared against
648 /// it, and [`TlsCertificateFlags::BAD_IDENTITY`][crate::TlsCertificateFlags::BAD_IDENTITY] will be set in the return
649 /// value if it does not match. If @identity is [`None`], that bit will
650 /// never be set in the return value.
651 ///
652 /// If @trusted_ca is not [`None`], then @self (or one of the certificates
653 /// in its chain) must be signed by it, or else
654 /// [`TlsCertificateFlags::UNKNOWN_CA`][crate::TlsCertificateFlags::UNKNOWN_CA] will be set in the return value. If
655 /// @trusted_ca is [`None`], that bit will never be set in the return
656 /// value.
657 ///
658 /// GLib guarantees that if certificate verification fails, at least one
659 /// error will be set in the return value, but it does not guarantee
660 /// that all possible errors will be set. Accordingly, you may not safely
661 /// decide to ignore any particular type of error. For example, it would
662 /// be incorrect to mask [`TlsCertificateFlags::EXPIRED`][crate::TlsCertificateFlags::EXPIRED] if you want to allow
663 /// expired certificates, because this could potentially be the only
664 /// error flag set even if other problems exist with the certificate.
665 ///
666 /// Because TLS session context is not used, #GTlsCertificate may not
667 /// perform as many checks on the certificates as #GTlsConnection would.
668 /// For example, certificate constraints may not be honored, and
669 /// revocation checks may not be performed. The best way to verify TLS
670 /// certificates used by a TLS connection is to let #GTlsConnection
671 /// handle the verification.
672 /// ## `identity`
673 /// the expected peer identity
674 /// ## `trusted_ca`
675 /// the certificate of a trusted authority
676 ///
677 /// # Returns
678 ///
679 /// the appropriate #GTlsCertificateFlags
680 #[doc(alias = "g_tls_certificate_verify")]
681 fn verify(
682 &self,
683 identity: Option<&impl IsA<SocketConnectable>>,
684 trusted_ca: Option<&impl IsA<TlsCertificate>>,
685 ) -> TlsCertificateFlags {
686 unsafe {
687 from_glib(ffi::g_tls_certificate_verify(
688 self.as_ref().to_glib_none().0,
689 identity.map(|p| p.as_ref()).to_glib_none().0,
690 trusted_ca.map(|p| p.as_ref()).to_glib_none().0,
691 ))
692 }
693 }
694
695 /// The DER (binary) encoded representation of the certificate.
696 /// This property and the #GTlsCertificate:certificate-pem property
697 /// represent the same data, just in different forms.
698 fn certificate(&self) -> Option<glib::ByteArray> {
699 ObjectExt::property(self.as_ref(), "certificate")
700 }
701
702 /// The PEM (ASCII) encoded representation of the certificate.
703 /// This property and the #GTlsCertificate:certificate
704 /// property represent the same data, just in different forms.
705 #[doc(alias = "certificate-pem")]
706 fn certificate_pem(&self) -> Option<glib::GString> {
707 ObjectExt::property(self.as_ref(), "certificate-pem")
708 }
709
710 /// A URI referencing the [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
711 /// objects containing an X.509 certificate and optionally a private key.
712 ///
713 /// If [`None`], the certificate is either not backed by PKCS \#11 or the
714 /// #GTlsBackend does not support PKCS \#11.
715 #[cfg(feature = "v2_68")]
716 #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
717 #[doc(alias = "pkcs11-uri")]
718 fn pkcs11_uri(&self) -> Option<glib::GString> {
719 ObjectExt::property(self.as_ref(), "pkcs11-uri")
720 }
721
722 /// The DER (binary) encoded representation of the certificate's
723 /// private key, in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
724 /// or unencrypted [PKCS \#8 format.](https://datatracker.ietf.org/doc/html/rfc5208)
725 /// PKCS \#8 format is supported since 2.32; earlier releases only
726 /// support PKCS \#1. You can use the `openssl rsa` tool to convert
727 /// PKCS \#8 keys to PKCS \#1.
728 ///
729 /// This property (or the #GTlsCertificate:private-key-pem property)
730 /// can be set when constructing a key (for example, from a file).
731 /// Since GLib 2.70, it is now also readable; however, be aware that if
732 /// the private key is backed by a PKCS \#11 URI – for example, if it
733 /// is stored on a smartcard – then this property will be [`None`]. If so,
734 /// the private key must be referenced via its PKCS \#11 URI,
735 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
736 /// properties to see if the certificate really has a private key.
737 /// When this property is read, the output format will be unencrypted
738 /// PKCS \#8.
739 #[doc(alias = "private-key")]
740 fn private_key(&self) -> Option<glib::ByteArray> {
741 ObjectExt::property(self.as_ref(), "private-key")
742 }
743
744 /// The PEM (ASCII) encoded representation of the certificate's
745 /// private key in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
746 /// ("`BEGIN RSA PRIVATE KEY`") or unencrypted
747 /// [PKCS \#8 format](https://datatracker.ietf.org/doc/html/rfc5208)
748 /// ("`BEGIN PRIVATE KEY`"). PKCS \#8 format is supported since 2.32;
749 /// earlier releases only support PKCS \#1. You can use the `openssl rsa`
750 /// tool to convert PKCS \#8 keys to PKCS \#1.
751 ///
752 /// This property (or the #GTlsCertificate:private-key property)
753 /// can be set when constructing a key (for example, from a file).
754 /// Since GLib 2.70, it is now also readable; however, be aware that if
755 /// the private key is backed by a PKCS \#11 URI - for example, if it
756 /// is stored on a smartcard - then this property will be [`None`]. If so,
757 /// the private key must be referenced via its PKCS \#11 URI,
758 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
759 /// properties to see if the certificate really has a private key.
760 /// When this property is read, the output format will be unencrypted
761 /// PKCS \#8.
762 #[doc(alias = "private-key-pem")]
763 fn private_key_pem(&self) -> Option<glib::GString> {
764 ObjectExt::property(self.as_ref(), "private-key-pem")
765 }
766
767 /// A URI referencing a [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
768 /// object containing a private key.
769 #[cfg(feature = "v2_68")]
770 #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
771 #[doc(alias = "private-key-pkcs11-uri")]
772 fn private_key_pkcs11_uri(&self) -> Option<glib::GString> {
773 ObjectExt::property(self.as_ref(), "private-key-pkcs11-uri")
774 }
775
776 #[cfg(feature = "v2_70")]
777 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
778 #[doc(alias = "dns-names")]
779 fn connect_dns_names_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
780 unsafe extern "C" fn notify_dns_names_trampoline<
781 P: IsA<TlsCertificate>,
782 F: Fn(&P) + 'static,
783 >(
784 this: *mut ffi::GTlsCertificate,
785 _param_spec: glib::ffi::gpointer,
786 f: glib::ffi::gpointer,
787 ) {
788 let f: &F = &*(f as *const F);
789 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
790 }
791 unsafe {
792 let f: Box_<F> = Box_::new(f);
793 connect_raw(
794 self.as_ptr() as *mut _,
795 c"notify::dns-names".as_ptr() as *const _,
796 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
797 notify_dns_names_trampoline::<Self, F> as *const (),
798 )),
799 Box_::into_raw(f),
800 )
801 }
802 }
803
804 #[cfg(feature = "v2_70")]
805 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
806 #[doc(alias = "ip-addresses")]
807 fn connect_ip_addresses_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
808 unsafe extern "C" fn notify_ip_addresses_trampoline<
809 P: IsA<TlsCertificate>,
810 F: Fn(&P) + 'static,
811 >(
812 this: *mut ffi::GTlsCertificate,
813 _param_spec: glib::ffi::gpointer,
814 f: glib::ffi::gpointer,
815 ) {
816 let f: &F = &*(f as *const F);
817 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
818 }
819 unsafe {
820 let f: Box_<F> = Box_::new(f);
821 connect_raw(
822 self.as_ptr() as *mut _,
823 c"notify::ip-addresses".as_ptr() as *const _,
824 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
825 notify_ip_addresses_trampoline::<Self, F> as *const (),
826 )),
827 Box_::into_raw(f),
828 )
829 }
830 }
831
832 #[cfg(feature = "v2_70")]
833 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
834 #[doc(alias = "issuer-name")]
835 fn connect_issuer_name_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
836 unsafe extern "C" fn notify_issuer_name_trampoline<
837 P: IsA<TlsCertificate>,
838 F: Fn(&P) + 'static,
839 >(
840 this: *mut ffi::GTlsCertificate,
841 _param_spec: glib::ffi::gpointer,
842 f: glib::ffi::gpointer,
843 ) {
844 let f: &F = &*(f as *const F);
845 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
846 }
847 unsafe {
848 let f: Box_<F> = Box_::new(f);
849 connect_raw(
850 self.as_ptr() as *mut _,
851 c"notify::issuer-name".as_ptr() as *const _,
852 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
853 notify_issuer_name_trampoline::<Self, F> as *const (),
854 )),
855 Box_::into_raw(f),
856 )
857 }
858 }
859
860 #[cfg(feature = "v2_70")]
861 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
862 #[doc(alias = "not-valid-after")]
863 fn connect_not_valid_after_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
864 unsafe extern "C" fn notify_not_valid_after_trampoline<
865 P: IsA<TlsCertificate>,
866 F: Fn(&P) + 'static,
867 >(
868 this: *mut ffi::GTlsCertificate,
869 _param_spec: glib::ffi::gpointer,
870 f: glib::ffi::gpointer,
871 ) {
872 let f: &F = &*(f as *const F);
873 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
874 }
875 unsafe {
876 let f: Box_<F> = Box_::new(f);
877 connect_raw(
878 self.as_ptr() as *mut _,
879 c"notify::not-valid-after".as_ptr() as *const _,
880 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
881 notify_not_valid_after_trampoline::<Self, F> as *const (),
882 )),
883 Box_::into_raw(f),
884 )
885 }
886 }
887
888 #[cfg(feature = "v2_70")]
889 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
890 #[doc(alias = "not-valid-before")]
891 fn connect_not_valid_before_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
892 unsafe extern "C" fn notify_not_valid_before_trampoline<
893 P: IsA<TlsCertificate>,
894 F: Fn(&P) + 'static,
895 >(
896 this: *mut ffi::GTlsCertificate,
897 _param_spec: glib::ffi::gpointer,
898 f: glib::ffi::gpointer,
899 ) {
900 let f: &F = &*(f as *const F);
901 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
902 }
903 unsafe {
904 let f: Box_<F> = Box_::new(f);
905 connect_raw(
906 self.as_ptr() as *mut _,
907 c"notify::not-valid-before".as_ptr() as *const _,
908 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
909 notify_not_valid_before_trampoline::<Self, F> as *const (),
910 )),
911 Box_::into_raw(f),
912 )
913 }
914 }
915
916 #[cfg(feature = "v2_70")]
917 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
918 #[doc(alias = "subject-name")]
919 fn connect_subject_name_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
920 unsafe extern "C" fn notify_subject_name_trampoline<
921 P: IsA<TlsCertificate>,
922 F: Fn(&P) + 'static,
923 >(
924 this: *mut ffi::GTlsCertificate,
925 _param_spec: glib::ffi::gpointer,
926 f: glib::ffi::gpointer,
927 ) {
928 let f: &F = &*(f as *const F);
929 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
930 }
931 unsafe {
932 let f: Box_<F> = Box_::new(f);
933 connect_raw(
934 self.as_ptr() as *mut _,
935 c"notify::subject-name".as_ptr() as *const _,
936 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
937 notify_subject_name_trampoline::<Self, F> as *const (),
938 )),
939 Box_::into_raw(f),
940 )
941 }
942 }
943}
944
945impl<O: IsA<TlsCertificate>> TlsCertificateExt for O {}