Trait gio::prelude::TlsDatabaseExt
source · pub trait TlsDatabaseExt: 'static {
Show 13 methods
// Required methods
fn create_certificate_handle(
&self,
certificate: &impl IsA<TlsCertificate>
) -> Option<GString>;
fn lookup_certificate_for_handle(
&self,
handle: &str,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<Option<TlsCertificate>, Error>;
fn lookup_certificate_for_handle_async<P: FnOnce(Result<TlsCertificate, Error>) + 'static>(
&self,
handle: &str,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
);
fn lookup_certificate_for_handle_future(
&self,
handle: &str,
interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>,
flags: TlsDatabaseLookupFlags
) -> Pin<Box_<dyn Future<Output = Result<TlsCertificate, Error>> + 'static>>;
fn lookup_certificate_issuer(
&self,
certificate: &impl IsA<TlsCertificate>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<TlsCertificate, Error>;
fn lookup_certificate_issuer_async<P: FnOnce(Result<TlsCertificate, Error>) + 'static>(
&self,
certificate: &impl IsA<TlsCertificate>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
);
fn lookup_certificate_issuer_future(
&self,
certificate: &impl IsA<TlsCertificate> + Clone + 'static,
interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>,
flags: TlsDatabaseLookupFlags
) -> Pin<Box_<dyn Future<Output = Result<TlsCertificate, Error>> + 'static>>;
fn lookup_certificates_issued_by(
&self,
issuer_raw_dn: &ByteArray,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<Vec<TlsCertificate>, Error>;
fn lookup_certificates_issued_by_async<P: FnOnce(Result<Vec<TlsCertificate>, Error>) + 'static>(
&self,
issuer_raw_dn: &ByteArray,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
);
fn lookup_certificates_issued_by_future(
&self,
issuer_raw_dn: &ByteArray,
interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>,
flags: TlsDatabaseLookupFlags
) -> Pin<Box_<dyn Future<Output = Result<Vec<TlsCertificate>, Error>> + 'static>>;
fn verify_chain(
&self,
chain: &impl IsA<TlsCertificate>,
purpose: &str,
identity: Option<&impl IsA<SocketConnectable>>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseVerifyFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<TlsCertificateFlags, Error>;
fn verify_chain_async<P: FnOnce(Result<TlsCertificateFlags, Error>) + 'static>(
&self,
chain: &impl IsA<TlsCertificate>,
purpose: &str,
identity: Option<&impl IsA<SocketConnectable>>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseVerifyFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
);
fn verify_chain_future(
&self,
chain: &impl IsA<TlsCertificate> + Clone + 'static,
purpose: &str,
identity: Option<&impl IsA<SocketConnectable> + Clone + 'static>,
interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>,
flags: TlsDatabaseVerifyFlags
) -> Pin<Box_<dyn Future<Output = Result<TlsCertificateFlags, Error>> + 'static>>;
}
Expand description
Required Methods§
sourcefn create_certificate_handle(
&self,
certificate: &impl IsA<TlsCertificate>
) -> Option<GString>
fn create_certificate_handle( &self, certificate: &impl IsA<TlsCertificate> ) -> Option<GString>
Create a handle string for the certificate. The database will only be able
to create a handle for certificates that originate from the database. In
cases where the database cannot create a handle for a certificate, None
will be returned.
This handle should be stable across various instances of the application, and between applications. If a certificate is modified in the database, then it is not guaranteed that this handle will continue to point to it.
certificate
certificate for which to create a handle.
Returns
a newly allocated string containing the handle.
sourcefn lookup_certificate_for_handle(
&self,
handle: &str,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<Option<TlsCertificate>, Error>
fn lookup_certificate_for_handle( &self, handle: &str, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseLookupFlags, cancellable: Option<&impl IsA<Cancellable>> ) -> Result<Option<TlsCertificate>, Error>
Look up a certificate by its handle.
The handle should have been created by calling
create_certificate_handle()
on a TlsDatabase
object of
the same TLS backend. The handle is designed to remain valid across
instantiations of the database.
If the handle is no longer valid, or does not point to a certificate in
this database, then None
will be returned.
This function can block, use lookup_certificate_for_handle_async()
to perform
the lookup operation asynchronously.
handle
a certificate handle
interaction
used to interact with the user if necessary
flags
Flags which affect the lookup.
cancellable
a Cancellable
, or None
Returns
a newly allocated
TlsCertificate
, or None
. Use g_object_unref()
to release the certificate.
sourcefn lookup_certificate_for_handle_async<P: FnOnce(Result<TlsCertificate, Error>) + 'static>(
&self,
handle: &str,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
)
fn lookup_certificate_for_handle_async<P: FnOnce(Result<TlsCertificate, Error>) + 'static>( &self, handle: &str, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseLookupFlags, cancellable: Option<&impl IsA<Cancellable>>, callback: P )
Asynchronously look up a certificate by its handle in the database. See
lookup_certificate_for_handle()
for more information.
handle
a certificate handle
interaction
used to interact with the user if necessary
flags
Flags which affect the lookup.
cancellable
a Cancellable
, or None
callback
callback to call when the operation completes
fn lookup_certificate_for_handle_future( &self, handle: &str, interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>, flags: TlsDatabaseLookupFlags ) -> Pin<Box_<dyn Future<Output = Result<TlsCertificate, Error>> + 'static>>
sourcefn lookup_certificate_issuer(
&self,
certificate: &impl IsA<TlsCertificate>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<TlsCertificate, Error>
fn lookup_certificate_issuer( &self, certificate: &impl IsA<TlsCertificate>, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseLookupFlags, cancellable: Option<&impl IsA<Cancellable>> ) -> Result<TlsCertificate, Error>
Look up the issuer of certificate
in the database. The
property::TlsCertificate::issuer
property of certificate
is not modified, and
the two certificates are not hooked into a chain.
This function can block. Use lookup_certificate_issuer_async()
to perform the lookup operation asynchronously.
Beware this function cannot be used to build certification paths. The issuer certificate returned by this function may not be the same as the certificate that would actually be used to construct a valid certification path during certificate verification. RFC 4158 explains why an issuer certificate cannot be naively assumed to be part of the the certification path (though GLib’s TLS backends may not follow the path building strategies outlined in this RFC). Due to the complexity of certification path building, GLib does not provide any way to know which certification path will actually be used when verifying a TLS certificate. Accordingly, this function cannot be used to make security-related decisions. Only GLib itself should make security decisions about TLS certificates.
certificate
interaction
used to interact with the user if necessary
flags
flags which affect the lookup operation
cancellable
a Cancellable
, or None
Returns
a newly allocated issuer TlsCertificate
,
or None
. Use g_object_unref()
to release the certificate.
sourcefn lookup_certificate_issuer_async<P: FnOnce(Result<TlsCertificate, Error>) + 'static>(
&self,
certificate: &impl IsA<TlsCertificate>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
)
fn lookup_certificate_issuer_async<P: FnOnce(Result<TlsCertificate, Error>) + 'static>( &self, certificate: &impl IsA<TlsCertificate>, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseLookupFlags, cancellable: Option<&impl IsA<Cancellable>>, callback: P )
Asynchronously look up the issuer of certificate
in the database. See
lookup_certificate_issuer()
for more information.
certificate
interaction
used to interact with the user if necessary
flags
flags which affect the lookup operation
cancellable
a Cancellable
, or None
callback
callback to call when the operation completes
fn lookup_certificate_issuer_future( &self, certificate: &impl IsA<TlsCertificate> + Clone + 'static, interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>, flags: TlsDatabaseLookupFlags ) -> Pin<Box_<dyn Future<Output = Result<TlsCertificate, Error>> + 'static>>
sourcefn lookup_certificates_issued_by(
&self,
issuer_raw_dn: &ByteArray,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<Vec<TlsCertificate>, Error>
fn lookup_certificates_issued_by( &self, issuer_raw_dn: &ByteArray, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseLookupFlags, cancellable: Option<&impl IsA<Cancellable>> ) -> Result<Vec<TlsCertificate>, Error>
Look up certificates issued by this issuer in the database.
This function can block, use lookup_certificates_issued_by_async()
to perform
the lookup operation asynchronously.
issuer_raw_dn
a glib::ByteArray
which holds the DER encoded issuer DN.
interaction
used to interact with the user if necessary
flags
Flags which affect the lookup operation.
cancellable
a Cancellable
, or None
Returns
a newly allocated list of TlsCertificate
objects. Use g_object_unref()
on each certificate, and g_list_free()
on the release the list.
sourcefn lookup_certificates_issued_by_async<P: FnOnce(Result<Vec<TlsCertificate>, Error>) + 'static>(
&self,
issuer_raw_dn: &ByteArray,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseLookupFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
)
fn lookup_certificates_issued_by_async<P: FnOnce(Result<Vec<TlsCertificate>, Error>) + 'static>( &self, issuer_raw_dn: &ByteArray, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseLookupFlags, cancellable: Option<&impl IsA<Cancellable>>, callback: P )
Asynchronously look up certificates issued by this issuer in the database. See
lookup_certificates_issued_by()
for more information.
The database may choose to hold a reference to the issuer byte array for the duration of of this asynchronous operation. The byte array should not be modified during this time.
issuer_raw_dn
a glib::ByteArray
which holds the DER encoded issuer DN.
interaction
used to interact with the user if necessary
flags
Flags which affect the lookup operation.
cancellable
a Cancellable
, or None
callback
callback to call when the operation completes
fn lookup_certificates_issued_by_future( &self, issuer_raw_dn: &ByteArray, interaction: Option<&impl IsA<TlsInteraction> + Clone + 'static>, flags: TlsDatabaseLookupFlags ) -> Pin<Box_<dyn Future<Output = Result<Vec<TlsCertificate>, Error>> + 'static>>
sourcefn verify_chain(
&self,
chain: &impl IsA<TlsCertificate>,
purpose: &str,
identity: Option<&impl IsA<SocketConnectable>>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseVerifyFlags,
cancellable: Option<&impl IsA<Cancellable>>
) -> Result<TlsCertificateFlags, Error>
fn verify_chain( &self, chain: &impl IsA<TlsCertificate>, purpose: &str, identity: Option<&impl IsA<SocketConnectable>>, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseVerifyFlags, cancellable: Option<&impl IsA<Cancellable>> ) -> Result<TlsCertificateFlags, Error>
Determines the validity of a certificate chain, outside the context of a TLS session.
chain
is a chain of TlsCertificate
objects each pointing to the next
certificate in the chain by its property::TlsCertificate::issuer
property.
purpose
describes the purpose (or usage) for which the certificate
is being used. Typically purpose
will be set to TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
which means that the certificate is being used to authenticate a server
(and we are acting as the client).
The identity
is used to ensure the server certificate is valid for
the expected peer identity. If the identity does not match the
certificate, TlsCertificateFlags::BAD_IDENTITY
will be set in the
return value. If identity
is None
, that bit will never be set in
the return value. The peer identity may also be used to check for
pinned certificates (trust exceptions) in the database. These may
override the normal verification process on a host-by-host basis.
Currently there are no flags
, and TlsDatabaseVerifyFlags::NONE
should be
used.
If chain
is found to be valid, then the return value will be 0. If
chain
is found to be invalid, then the return value will indicate at
least one problem found. If the function is unable to determine
whether chain
is valid (for example, because cancellable
is
triggered before it completes) then the return value will be
TlsCertificateFlags::GENERIC_ERROR
and error
will be set accordingly.
error
is not set when chain
is successfully analyzed but found to
be invalid.
GLib guarantees that if certificate verification fails, at least one
error will be set in the return value, but it does not guarantee
that all possible errors will be set. Accordingly, you may not safely
decide to ignore any particular type of error. For example, it would
be incorrect to mask TlsCertificateFlags::EXPIRED
if you want to allow
expired certificates, because this could potentially be the only
error flag set even if other problems exist with the certificate.
Prior to GLib 2.48, GLib’s default TLS backend modified chain
to
represent the certification path built by TlsDatabase
during
certificate verification by adjusting the property::TlsCertificate::issuer
property of each certificate in chain
. Since GLib 2.48, this no
longer occurs, so you cannot rely on property::TlsCertificate::issuer
to
represent the actual certification path used during certificate
verification.
Because TLS session context is not used, TlsDatabase
may not
perform as many checks on the certificates as TlsConnection
would.
For example, certificate constraints may not be honored, and
revocation checks may not be performed. The best way to verify TLS
certificates used by a TLS connection is to let TlsConnection
handle the verification.
The TLS backend may attempt to look up and add missing certificates to the chain. This may involve HTTP requests to download missing certificates.
This function can block. Use verify_chain_async()
to
perform the verification operation asynchronously.
chain
a TlsCertificate
chain
purpose
the purpose that this certificate chain will be used for.
identity
the expected peer identity
interaction
used to interact with the user if necessary
flags
additional verify flags
cancellable
a Cancellable
, or None
Returns
the appropriate TlsCertificateFlags
which represents the
result of verification.
sourcefn verify_chain_async<P: FnOnce(Result<TlsCertificateFlags, Error>) + 'static>(
&self,
chain: &impl IsA<TlsCertificate>,
purpose: &str,
identity: Option<&impl IsA<SocketConnectable>>,
interaction: Option<&impl IsA<TlsInteraction>>,
flags: TlsDatabaseVerifyFlags,
cancellable: Option<&impl IsA<Cancellable>>,
callback: P
)
fn verify_chain_async<P: FnOnce(Result<TlsCertificateFlags, Error>) + 'static>( &self, chain: &impl IsA<TlsCertificate>, purpose: &str, identity: Option<&impl IsA<SocketConnectable>>, interaction: Option<&impl IsA<TlsInteraction>>, flags: TlsDatabaseVerifyFlags, cancellable: Option<&impl IsA<Cancellable>>, callback: P )
Asynchronously determines the validity of a certificate chain after
looking up and adding any missing certificates to the chain. See
verify_chain()
for more information.
chain
a TlsCertificate
chain
purpose
the purpose that this certificate chain will be used for.
identity
the expected peer identity
interaction
used to interact with the user if necessary
flags
additional verify flags
cancellable
a Cancellable
, or None
callback
callback to call when the operation completes