gio/auto/tls_certificate.rs
1// This file was generated by gir (https://github.com/gtk-rs/gir)
2// from gir-files (https://github.com/gtk-rs/gir-files)
3// DO NOT EDIT
4
5#[cfg(feature = "v2_70")]
6#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
7use crate::InetAddress;
8use crate::{ffi, SocketConnectable, TlsCertificateFlags};
9#[cfg(feature = "v2_70")]
10#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
11use glib::signal::{connect_raw, SignalHandlerId};
12use glib::{prelude::*, translate::*};
13#[cfg(feature = "v2_70")]
14#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
15use std::boxed::Box as Box_;
16
17glib::wrapper! {
18 /// A certificate used for TLS authentication and encryption.
19 /// This can represent either a certificate only (eg, the certificate
20 /// received by a client from a server), or the combination of
21 /// a certificate and a private key (which is needed when acting as a
22 /// [`TlsServerConnection`][crate::TlsServerConnection]).
23 ///
24 /// This is an Abstract Base Class, you cannot instantiate it.
25 ///
26 /// ## Properties
27 ///
28 ///
29 /// #### `certificate`
30 /// The DER (binary) encoded representation of the certificate.
31 /// This property and the #GTlsCertificate:certificate-pem property
32 /// represent the same data, just in different forms.
33 ///
34 /// Readable | Writeable | Construct Only
35 ///
36 ///
37 /// #### `certificate-pem`
38 /// The PEM (ASCII) encoded representation of the certificate.
39 /// This property and the #GTlsCertificate:certificate
40 /// property represent the same data, just in different forms.
41 ///
42 /// Readable | Writeable | Construct Only
43 ///
44 ///
45 /// #### `dns-names`
46 /// The DNS names from the certificate's Subject Alternative Names (SANs),
47 /// [`None`] if unavailable.
48 ///
49 /// Readable
50 ///
51 ///
52 /// #### `ip-addresses`
53 /// The IP addresses from the certificate's Subject Alternative Names (SANs),
54 /// [`None`] if unavailable.
55 ///
56 /// Readable
57 ///
58 ///
59 /// #### `issuer`
60 /// A #GTlsCertificate representing the entity that issued this
61 /// certificate. If [`None`], this means that the certificate is either
62 /// self-signed, or else the certificate of the issuer is not
63 /// available.
64 ///
65 /// Beware the issuer certificate may not be the same as the
66 /// certificate that would actually be used to construct a valid
67 /// certification path during certificate verification.
68 /// [RFC 4158](https://datatracker.ietf.org/doc/html/rfc4158) explains
69 /// why an issuer certificate cannot be naively assumed to be part of the
70 /// the certification path (though GLib's TLS backends may not follow the
71 /// path building strategies outlined in this RFC). Due to the complexity
72 /// of certification path building, GLib does not provide any way to know
73 /// which certification path will actually be used. Accordingly, this
74 /// property cannot be used to make security-related decisions. Only
75 /// GLib itself should make security decisions about TLS certificates.
76 ///
77 /// Readable | Writeable | Construct Only
78 ///
79 ///
80 /// #### `issuer-name`
81 /// The issuer from the certificate,
82 /// [`None`] if unavailable.
83 ///
84 /// Readable
85 ///
86 ///
87 /// #### `not-valid-after`
88 /// The time at which this cert is no longer valid,
89 /// [`None`] if unavailable.
90 ///
91 /// Readable
92 ///
93 ///
94 /// #### `not-valid-before`
95 /// The time at which this cert is considered to be valid,
96 /// [`None`] if unavailable.
97 ///
98 /// Readable
99 ///
100 ///
101 /// #### `password`
102 /// An optional password used when constructed with GTlsCertificate:pkcs12-data.
103 ///
104 /// Writeable | Construct Only
105 ///
106 ///
107 /// #### `pkcs11-uri`
108 /// A URI referencing the [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
109 /// objects containing an X.509 certificate and optionally a private key.
110 ///
111 /// If [`None`], the certificate is either not backed by PKCS \#11 or the
112 /// #GTlsBackend does not support PKCS \#11.
113 ///
114 /// Readable | Writeable | Construct Only
115 ///
116 ///
117 /// #### `pkcs12-data`
118 /// The PKCS #12 formatted data used to construct the object.
119 ///
120 /// See also: g_tls_certificate_new_from_pkcs12()
121 ///
122 /// Writeable | Construct Only
123 ///
124 ///
125 /// #### `private-key`
126 /// The DER (binary) encoded representation of the certificate's
127 /// private key, in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
128 /// or unencrypted [PKCS \#8 format.](https://datatracker.ietf.org/doc/html/rfc5208)
129 /// PKCS \#8 format is supported since 2.32; earlier releases only
130 /// support PKCS \#1. You can use the `openssl rsa` tool to convert
131 /// PKCS \#8 keys to PKCS \#1.
132 ///
133 /// This property (or the #GTlsCertificate:private-key-pem property)
134 /// can be set when constructing a key (for example, from a file).
135 /// Since GLib 2.70, it is now also readable; however, be aware that if
136 /// the private key is backed by a PKCS \#11 URI – for example, if it
137 /// is stored on a smartcard – then this property will be [`None`]. If so,
138 /// the private key must be referenced via its PKCS \#11 URI,
139 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
140 /// properties to see if the certificate really has a private key.
141 /// When this property is read, the output format will be unencrypted
142 /// PKCS \#8.
143 ///
144 /// Readable | Writeable | Construct Only
145 ///
146 ///
147 /// #### `private-key-pem`
148 /// The PEM (ASCII) encoded representation of the certificate's
149 /// private key in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
150 /// ("`BEGIN RSA PRIVATE KEY`") or unencrypted
151 /// [PKCS \#8 format](https://datatracker.ietf.org/doc/html/rfc5208)
152 /// ("`BEGIN PRIVATE KEY`"). PKCS \#8 format is supported since 2.32;
153 /// earlier releases only support PKCS \#1. You can use the `openssl rsa`
154 /// tool to convert PKCS \#8 keys to PKCS \#1.
155 ///
156 /// This property (or the #GTlsCertificate:private-key property)
157 /// can be set when constructing a key (for example, from a file).
158 /// Since GLib 2.70, it is now also readable; however, be aware that if
159 /// the private key is backed by a PKCS \#11 URI - for example, if it
160 /// is stored on a smartcard - then this property will be [`None`]. If so,
161 /// the private key must be referenced via its PKCS \#11 URI,
162 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
163 /// properties to see if the certificate really has a private key.
164 /// When this property is read, the output format will be unencrypted
165 /// PKCS \#8.
166 ///
167 /// Readable | Writeable | Construct Only
168 ///
169 ///
170 /// #### `private-key-pkcs11-uri`
171 /// A URI referencing a [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
172 /// object containing a private key.
173 ///
174 /// Readable | Writeable | Construct Only
175 ///
176 ///
177 /// #### `subject-name`
178 /// The subject from the cert,
179 /// [`None`] if unavailable.
180 ///
181 /// Readable
182 ///
183 /// # Implements
184 ///
185 /// [`TlsCertificateExt`][trait@crate::prelude::TlsCertificateExt], [`trait@glib::ObjectExt`]
186 #[doc(alias = "GTlsCertificate")]
187 pub struct TlsCertificate(Object<ffi::GTlsCertificate, ffi::GTlsCertificateClass>);
188
189 match fn {
190 type_ => || ffi::g_tls_certificate_get_type(),
191 }
192}
193
194impl TlsCertificate {
195 pub const NONE: Option<&'static TlsCertificate> = None;
196
197 /// Creates a #GTlsCertificate from the data in @file.
198 ///
199 /// As of 2.72, if the filename ends in `.p12` or `.pfx` the data is loaded by
200 /// g_tls_certificate_new_from_pkcs12() otherwise it is loaded by
201 /// g_tls_certificate_new_from_pem(). See those functions for
202 /// exact details.
203 ///
204 /// If @file cannot be read or parsed, the function will return [`None`] and
205 /// set @error.
206 /// ## `file`
207 /// file containing a certificate to import
208 ///
209 /// # Returns
210 ///
211 /// the new certificate, or [`None`] on error
212 #[doc(alias = "g_tls_certificate_new_from_file")]
213 #[doc(alias = "new_from_file")]
214 pub fn from_file(file: impl AsRef<std::path::Path>) -> Result<TlsCertificate, glib::Error> {
215 unsafe {
216 let mut error = std::ptr::null_mut();
217 let ret =
218 ffi::g_tls_certificate_new_from_file(file.as_ref().to_glib_none().0, &mut error);
219 if error.is_null() {
220 Ok(from_glib_full(ret))
221 } else {
222 Err(from_glib_full(error))
223 }
224 }
225 }
226
227 /// Creates a #GTlsCertificate from the data in @file.
228 ///
229 /// If @file cannot be read or parsed, the function will return [`None`] and
230 /// set @error.
231 ///
232 /// Any unknown file types will error with [`IOErrorEnum::NotSupported`][crate::IOErrorEnum::NotSupported].
233 /// Currently only `.p12` and `.pfx` files are supported.
234 /// See g_tls_certificate_new_from_pkcs12() for more details.
235 /// ## `file`
236 /// file containing a certificate to import
237 /// ## `password`
238 /// password for PKCS #12 files
239 ///
240 /// # Returns
241 ///
242 /// the new certificate, or [`None`] on error
243 #[cfg(feature = "v2_72")]
244 #[cfg_attr(docsrs, doc(cfg(feature = "v2_72")))]
245 #[doc(alias = "g_tls_certificate_new_from_file_with_password")]
246 #[doc(alias = "new_from_file_with_password")]
247 pub fn from_file_with_password(
248 file: impl AsRef<std::path::Path>,
249 password: &str,
250 ) -> Result<TlsCertificate, glib::Error> {
251 unsafe {
252 let mut error = std::ptr::null_mut();
253 let ret = ffi::g_tls_certificate_new_from_file_with_password(
254 file.as_ref().to_glib_none().0,
255 password.to_glib_none().0,
256 &mut error,
257 );
258 if error.is_null() {
259 Ok(from_glib_full(ret))
260 } else {
261 Err(from_glib_full(error))
262 }
263 }
264 }
265
266 /// Creates a #GTlsCertificate from the PEM-encoded data in @cert_file
267 /// and @key_file. The returned certificate will be the first certificate
268 /// found in @cert_file. As of GLib 2.44, if @cert_file contains more
269 /// certificates it will try to load a certificate chain. All
270 /// certificates will be verified in the order found (top-level
271 /// certificate should be the last one in the file) and the
272 /// #GTlsCertificate:issuer property of each certificate will be set
273 /// accordingly if the verification succeeds. If any certificate in the
274 /// chain cannot be verified, the first certificate in the file will
275 /// still be returned.
276 ///
277 /// If either file cannot be read or parsed, the function will return
278 /// [`None`] and set @error. Otherwise, this behaves like
279 /// g_tls_certificate_new_from_pem().
280 /// ## `cert_file`
281 /// file containing one or more PEM-encoded
282 /// certificates to import
283 /// ## `key_file`
284 /// file containing a PEM-encoded private key
285 /// to import
286 ///
287 /// # Returns
288 ///
289 /// the new certificate, or [`None`] on error
290 #[doc(alias = "g_tls_certificate_new_from_files")]
291 #[doc(alias = "new_from_files")]
292 pub fn from_files(
293 cert_file: impl AsRef<std::path::Path>,
294 key_file: impl AsRef<std::path::Path>,
295 ) -> Result<TlsCertificate, glib::Error> {
296 unsafe {
297 let mut error = std::ptr::null_mut();
298 let ret = ffi::g_tls_certificate_new_from_files(
299 cert_file.as_ref().to_glib_none().0,
300 key_file.as_ref().to_glib_none().0,
301 &mut error,
302 );
303 if error.is_null() {
304 Ok(from_glib_full(ret))
305 } else {
306 Err(from_glib_full(error))
307 }
308 }
309 }
310
311 /// Creates a #GTlsCertificate from the PEM-encoded data in @data. If
312 /// @data includes both a certificate and a private key, then the
313 /// returned certificate will include the private key data as well. (See
314 /// the #GTlsCertificate:private-key-pem property for information about
315 /// supported formats.)
316 ///
317 /// The returned certificate will be the first certificate found in
318 /// @data. As of GLib 2.44, if @data contains more certificates it will
319 /// try to load a certificate chain. All certificates will be verified in
320 /// the order found (top-level certificate should be the last one in the
321 /// file) and the #GTlsCertificate:issuer property of each certificate
322 /// will be set accordingly if the verification succeeds. If any
323 /// certificate in the chain cannot be verified, the first certificate in
324 /// the file will still be returned.
325 /// ## `data`
326 /// PEM-encoded certificate data
327 /// ## `length`
328 /// the length of @data, or -1 if it's 0-terminated.
329 ///
330 /// # Returns
331 ///
332 /// the new certificate, or [`None`] if @data is invalid
333 #[doc(alias = "g_tls_certificate_new_from_pem")]
334 #[doc(alias = "new_from_pem")]
335 pub fn from_pem(data: &str) -> Result<TlsCertificate, glib::Error> {
336 let length = data.len() as _;
337 unsafe {
338 let mut error = std::ptr::null_mut();
339 let ret =
340 ffi::g_tls_certificate_new_from_pem(data.to_glib_none().0, length, &mut error);
341 if error.is_null() {
342 Ok(from_glib_full(ret))
343 } else {
344 Err(from_glib_full(error))
345 }
346 }
347 }
348
349 /// Creates a #GTlsCertificate from a
350 /// [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html) URI.
351 ///
352 /// An example @pkcs11_uri would be `pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My`20Client``20Certificate`;id=`01``
353 ///
354 /// Where the token’s layout is:
355 ///
356 ///
357 /// ```text
358 /// Object 0:
359 /// URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=private%20key;type=private
360 /// Type: Private key (RSA-2048)
361 /// ID: 01
362 ///
363 /// Object 1:
364 /// URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=Certificate%20for%20Authentication;type=cert
365 /// Type: X.509 Certificate (RSA-2048)
366 /// ID: 01
367 /// ```
368 ///
369 /// In this case the certificate and private key would both be detected and used as expected.
370 /// @pkcs_uri may also just reference an X.509 certificate object and then optionally
371 /// @private_key_pkcs11_uri allows using a private key exposed under a different URI.
372 ///
373 /// Note that the private key is not accessed until usage and may fail or require a PIN later.
374 /// ## `pkcs11_uri`
375 /// A PKCS \#11 URI
376 /// ## `private_key_pkcs11_uri`
377 /// A PKCS \#11 URI
378 ///
379 /// # Returns
380 ///
381 /// the new certificate, or [`None`] on error
382 #[cfg(feature = "v2_68")]
383 #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
384 #[doc(alias = "g_tls_certificate_new_from_pkcs11_uris")]
385 #[doc(alias = "new_from_pkcs11_uris")]
386 pub fn from_pkcs11_uris(
387 pkcs11_uri: &str,
388 private_key_pkcs11_uri: Option<&str>,
389 ) -> Result<TlsCertificate, glib::Error> {
390 unsafe {
391 let mut error = std::ptr::null_mut();
392 let ret = ffi::g_tls_certificate_new_from_pkcs11_uris(
393 pkcs11_uri.to_glib_none().0,
394 private_key_pkcs11_uri.to_glib_none().0,
395 &mut error,
396 );
397 if error.is_null() {
398 Ok(from_glib_full(ret))
399 } else {
400 Err(from_glib_full(error))
401 }
402 }
403 }
404
405 /// Creates a #GTlsCertificate from the data in @data. It must contain
406 /// a certificate and matching private key.
407 ///
408 /// If extra certificates are included they will be verified as a chain
409 /// and the #GTlsCertificate:issuer property will be set.
410 /// All other data will be ignored.
411 ///
412 /// You can pass as single password for all of the data which will be
413 /// used both for the PKCS #12 container as well as encrypted
414 /// private keys. If decryption fails it will error with
415 /// [`TlsError::BadCertificatePassword`][crate::TlsError::BadCertificatePassword].
416 ///
417 /// This constructor requires support in the current #GTlsBackend.
418 /// If support is missing it will error with
419 /// [`IOErrorEnum::NotSupported`][crate::IOErrorEnum::NotSupported].
420 ///
421 /// Other parsing failures will error with [`TlsError::BadCertificate`][crate::TlsError::BadCertificate].
422 /// ## `data`
423 /// DER-encoded PKCS #12 format certificate data
424 /// ## `password`
425 /// optional password for encrypted certificate data
426 ///
427 /// # Returns
428 ///
429 /// the new certificate, or [`None`] if @data is invalid
430 #[cfg(feature = "v2_72")]
431 #[cfg_attr(docsrs, doc(cfg(feature = "v2_72")))]
432 #[doc(alias = "g_tls_certificate_new_from_pkcs12")]
433 #[doc(alias = "new_from_pkcs12")]
434 pub fn from_pkcs12(data: &[u8], password: Option<&str>) -> Result<TlsCertificate, glib::Error> {
435 let length = data.len() as _;
436 unsafe {
437 let mut error = std::ptr::null_mut();
438 let ret = ffi::g_tls_certificate_new_from_pkcs12(
439 data.to_glib_none().0,
440 length,
441 password.to_glib_none().0,
442 &mut error,
443 );
444 if error.is_null() {
445 Ok(from_glib_full(ret))
446 } else {
447 Err(from_glib_full(error))
448 }
449 }
450 }
451
452 /// Creates one or more #GTlsCertificates from the PEM-encoded
453 /// data in @file. If @file cannot be read or parsed, the function will
454 /// return [`None`] and set @error. If @file does not contain any
455 /// PEM-encoded certificates, this will return an empty list and not
456 /// set @error.
457 /// ## `file`
458 /// file containing PEM-encoded certificates to import
459 ///
460 /// # Returns
461 ///
462 /// a
463 /// #GList containing #GTlsCertificate objects. You must free the list
464 /// and its contents when you are done with it.
465 #[doc(alias = "g_tls_certificate_list_new_from_file")]
466 pub fn list_new_from_file(
467 file: impl AsRef<std::path::Path>,
468 ) -> Result<Vec<TlsCertificate>, glib::Error> {
469 unsafe {
470 let mut error = std::ptr::null_mut();
471 let ret = ffi::g_tls_certificate_list_new_from_file(
472 file.as_ref().to_glib_none().0,
473 &mut error,
474 );
475 if error.is_null() {
476 Ok(FromGlibPtrContainer::from_glib_full(ret))
477 } else {
478 Err(from_glib_full(error))
479 }
480 }
481 }
482}
483
484mod sealed {
485 pub trait Sealed {}
486 impl<T: super::IsA<super::TlsCertificate>> Sealed for T {}
487}
488
489/// Trait containing all [`struct@TlsCertificate`] methods.
490///
491/// # Implementors
492///
493/// [`TlsCertificate`][struct@crate::TlsCertificate]
494pub trait TlsCertificateExt: IsA<TlsCertificate> + sealed::Sealed + 'static {
495 /// Gets the value of #GTlsCertificate:dns-names.
496 ///
497 /// # Returns
498 ///
499 /// A #GPtrArray of
500 /// #GBytes elements, or [`None`] if it's not available.
501 #[cfg(feature = "v2_70")]
502 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
503 #[doc(alias = "g_tls_certificate_get_dns_names")]
504 #[doc(alias = "get_dns_names")]
505 #[doc(alias = "dns-names")]
506 fn dns_names(&self) -> Vec<glib::Bytes> {
507 unsafe {
508 FromGlibPtrContainer::from_glib_container(ffi::g_tls_certificate_get_dns_names(
509 self.as_ref().to_glib_none().0,
510 ))
511 }
512 }
513
514 /// Gets the value of #GTlsCertificate:ip-addresses.
515 ///
516 /// # Returns
517 ///
518 /// A #GPtrArray
519 /// of #GInetAddress elements, or [`None`] if it's not available.
520 #[cfg(feature = "v2_70")]
521 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
522 #[doc(alias = "g_tls_certificate_get_ip_addresses")]
523 #[doc(alias = "get_ip_addresses")]
524 #[doc(alias = "ip-addresses")]
525 fn ip_addresses(&self) -> Vec<InetAddress> {
526 unsafe {
527 FromGlibPtrContainer::from_glib_container(ffi::g_tls_certificate_get_ip_addresses(
528 self.as_ref().to_glib_none().0,
529 ))
530 }
531 }
532
533 /// Gets the #GTlsCertificate representing @self's issuer, if known
534 ///
535 /// # Returns
536 ///
537 /// The certificate of @self's issuer,
538 /// or [`None`] if @self is self-signed or signed with an unknown
539 /// certificate.
540 #[doc(alias = "g_tls_certificate_get_issuer")]
541 #[doc(alias = "get_issuer")]
542 #[must_use]
543 fn issuer(&self) -> Option<TlsCertificate> {
544 unsafe {
545 from_glib_none(ffi::g_tls_certificate_get_issuer(
546 self.as_ref().to_glib_none().0,
547 ))
548 }
549 }
550
551 /// Returns the issuer name from the certificate.
552 ///
553 /// # Returns
554 ///
555 /// The issuer name, or [`None`] if it's not available.
556 #[cfg(feature = "v2_70")]
557 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
558 #[doc(alias = "g_tls_certificate_get_issuer_name")]
559 #[doc(alias = "get_issuer_name")]
560 #[doc(alias = "issuer-name")]
561 fn issuer_name(&self) -> Option<glib::GString> {
562 unsafe {
563 from_glib_full(ffi::g_tls_certificate_get_issuer_name(
564 self.as_ref().to_glib_none().0,
565 ))
566 }
567 }
568
569 /// Returns the time at which the certificate became or will become invalid.
570 ///
571 /// # Returns
572 ///
573 /// The not-valid-after date, or [`None`] if it's not available.
574 #[cfg(feature = "v2_70")]
575 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
576 #[doc(alias = "g_tls_certificate_get_not_valid_after")]
577 #[doc(alias = "get_not_valid_after")]
578 #[doc(alias = "not-valid-after")]
579 fn not_valid_after(&self) -> Option<glib::DateTime> {
580 unsafe {
581 from_glib_full(ffi::g_tls_certificate_get_not_valid_after(
582 self.as_ref().to_glib_none().0,
583 ))
584 }
585 }
586
587 /// Returns the time at which the certificate became or will become valid.
588 ///
589 /// # Returns
590 ///
591 /// The not-valid-before date, or [`None`] if it's not available.
592 #[cfg(feature = "v2_70")]
593 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
594 #[doc(alias = "g_tls_certificate_get_not_valid_before")]
595 #[doc(alias = "get_not_valid_before")]
596 #[doc(alias = "not-valid-before")]
597 fn not_valid_before(&self) -> Option<glib::DateTime> {
598 unsafe {
599 from_glib_full(ffi::g_tls_certificate_get_not_valid_before(
600 self.as_ref().to_glib_none().0,
601 ))
602 }
603 }
604
605 /// Returns the subject name from the certificate.
606 ///
607 /// # Returns
608 ///
609 /// The subject name, or [`None`] if it's not available.
610 #[cfg(feature = "v2_70")]
611 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
612 #[doc(alias = "g_tls_certificate_get_subject_name")]
613 #[doc(alias = "get_subject_name")]
614 #[doc(alias = "subject-name")]
615 fn subject_name(&self) -> Option<glib::GString> {
616 unsafe {
617 from_glib_full(ffi::g_tls_certificate_get_subject_name(
618 self.as_ref().to_glib_none().0,
619 ))
620 }
621 }
622
623 /// Check if two #GTlsCertificate objects represent the same certificate.
624 /// The raw DER byte data of the two certificates are checked for equality.
625 /// This has the effect that two certificates may compare equal even if
626 /// their #GTlsCertificate:issuer, #GTlsCertificate:private-key, or
627 /// #GTlsCertificate:private-key-pem properties differ.
628 /// ## `cert_two`
629 /// second certificate to compare
630 ///
631 /// # Returns
632 ///
633 /// whether the same or not
634 #[doc(alias = "g_tls_certificate_is_same")]
635 fn is_same(&self, cert_two: &impl IsA<TlsCertificate>) -> bool {
636 unsafe {
637 from_glib(ffi::g_tls_certificate_is_same(
638 self.as_ref().to_glib_none().0,
639 cert_two.as_ref().to_glib_none().0,
640 ))
641 }
642 }
643
644 /// This verifies @self and returns a set of #GTlsCertificateFlags
645 /// indicating any problems found with it. This can be used to verify a
646 /// certificate outside the context of making a connection, or to
647 /// check a certificate against a CA that is not part of the system
648 /// CA database.
649 ///
650 /// If @self is valid, `G_TLS_CERTIFICATE_NO_FLAGS` is returned.
651 ///
652 /// If @identity is not [`None`], @self's name(s) will be compared against
653 /// it, and [`TlsCertificateFlags::BAD_IDENTITY`][crate::TlsCertificateFlags::BAD_IDENTITY] will be set in the return
654 /// value if it does not match. If @identity is [`None`], that bit will
655 /// never be set in the return value.
656 ///
657 /// If @trusted_ca is not [`None`], then @self (or one of the certificates
658 /// in its chain) must be signed by it, or else
659 /// [`TlsCertificateFlags::UNKNOWN_CA`][crate::TlsCertificateFlags::UNKNOWN_CA] will be set in the return value. If
660 /// @trusted_ca is [`None`], that bit will never be set in the return
661 /// value.
662 ///
663 /// GLib guarantees that if certificate verification fails, at least one
664 /// error will be set in the return value, but it does not guarantee
665 /// that all possible errors will be set. Accordingly, you may not safely
666 /// decide to ignore any particular type of error. For example, it would
667 /// be incorrect to mask [`TlsCertificateFlags::EXPIRED`][crate::TlsCertificateFlags::EXPIRED] if you want to allow
668 /// expired certificates, because this could potentially be the only
669 /// error flag set even if other problems exist with the certificate.
670 ///
671 /// Because TLS session context is not used, #GTlsCertificate may not
672 /// perform as many checks on the certificates as #GTlsConnection would.
673 /// For example, certificate constraints may not be honored, and
674 /// revocation checks may not be performed. The best way to verify TLS
675 /// certificates used by a TLS connection is to let #GTlsConnection
676 /// handle the verification.
677 /// ## `identity`
678 /// the expected peer identity
679 /// ## `trusted_ca`
680 /// the certificate of a trusted authority
681 ///
682 /// # Returns
683 ///
684 /// the appropriate #GTlsCertificateFlags
685 #[doc(alias = "g_tls_certificate_verify")]
686 fn verify(
687 &self,
688 identity: Option<&impl IsA<SocketConnectable>>,
689 trusted_ca: Option<&impl IsA<TlsCertificate>>,
690 ) -> TlsCertificateFlags {
691 unsafe {
692 from_glib(ffi::g_tls_certificate_verify(
693 self.as_ref().to_glib_none().0,
694 identity.map(|p| p.as_ref()).to_glib_none().0,
695 trusted_ca.map(|p| p.as_ref()).to_glib_none().0,
696 ))
697 }
698 }
699
700 /// The DER (binary) encoded representation of the certificate.
701 /// This property and the #GTlsCertificate:certificate-pem property
702 /// represent the same data, just in different forms.
703 fn certificate(&self) -> Option<glib::ByteArray> {
704 ObjectExt::property(self.as_ref(), "certificate")
705 }
706
707 /// The PEM (ASCII) encoded representation of the certificate.
708 /// This property and the #GTlsCertificate:certificate
709 /// property represent the same data, just in different forms.
710 #[doc(alias = "certificate-pem")]
711 fn certificate_pem(&self) -> Option<glib::GString> {
712 ObjectExt::property(self.as_ref(), "certificate-pem")
713 }
714
715 /// A URI referencing the [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
716 /// objects containing an X.509 certificate and optionally a private key.
717 ///
718 /// If [`None`], the certificate is either not backed by PKCS \#11 or the
719 /// #GTlsBackend does not support PKCS \#11.
720 #[cfg(feature = "v2_68")]
721 #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
722 #[doc(alias = "pkcs11-uri")]
723 fn pkcs11_uri(&self) -> Option<glib::GString> {
724 ObjectExt::property(self.as_ref(), "pkcs11-uri")
725 }
726
727 /// The DER (binary) encoded representation of the certificate's
728 /// private key, in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
729 /// or unencrypted [PKCS \#8 format.](https://datatracker.ietf.org/doc/html/rfc5208)
730 /// PKCS \#8 format is supported since 2.32; earlier releases only
731 /// support PKCS \#1. You can use the `openssl rsa` tool to convert
732 /// PKCS \#8 keys to PKCS \#1.
733 ///
734 /// This property (or the #GTlsCertificate:private-key-pem property)
735 /// can be set when constructing a key (for example, from a file).
736 /// Since GLib 2.70, it is now also readable; however, be aware that if
737 /// the private key is backed by a PKCS \#11 URI – for example, if it
738 /// is stored on a smartcard – then this property will be [`None`]. If so,
739 /// the private key must be referenced via its PKCS \#11 URI,
740 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
741 /// properties to see if the certificate really has a private key.
742 /// When this property is read, the output format will be unencrypted
743 /// PKCS \#8.
744 #[doc(alias = "private-key")]
745 fn private_key(&self) -> Option<glib::ByteArray> {
746 ObjectExt::property(self.as_ref(), "private-key")
747 }
748
749 /// The PEM (ASCII) encoded representation of the certificate's
750 /// private key in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
751 /// ("`BEGIN RSA PRIVATE KEY`") or unencrypted
752 /// [PKCS \#8 format](https://datatracker.ietf.org/doc/html/rfc5208)
753 /// ("`BEGIN PRIVATE KEY`"). PKCS \#8 format is supported since 2.32;
754 /// earlier releases only support PKCS \#1. You can use the `openssl rsa`
755 /// tool to convert PKCS \#8 keys to PKCS \#1.
756 ///
757 /// This property (or the #GTlsCertificate:private-key property)
758 /// can be set when constructing a key (for example, from a file).
759 /// Since GLib 2.70, it is now also readable; however, be aware that if
760 /// the private key is backed by a PKCS \#11 URI - for example, if it
761 /// is stored on a smartcard - then this property will be [`None`]. If so,
762 /// the private key must be referenced via its PKCS \#11 URI,
763 /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
764 /// properties to see if the certificate really has a private key.
765 /// When this property is read, the output format will be unencrypted
766 /// PKCS \#8.
767 #[doc(alias = "private-key-pem")]
768 fn private_key_pem(&self) -> Option<glib::GString> {
769 ObjectExt::property(self.as_ref(), "private-key-pem")
770 }
771
772 /// A URI referencing a [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
773 /// object containing a private key.
774 #[cfg(feature = "v2_68")]
775 #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
776 #[doc(alias = "private-key-pkcs11-uri")]
777 fn private_key_pkcs11_uri(&self) -> Option<glib::GString> {
778 ObjectExt::property(self.as_ref(), "private-key-pkcs11-uri")
779 }
780
781 #[cfg(feature = "v2_70")]
782 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
783 #[doc(alias = "dns-names")]
784 fn connect_dns_names_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
785 unsafe extern "C" fn notify_dns_names_trampoline<
786 P: IsA<TlsCertificate>,
787 F: Fn(&P) + 'static,
788 >(
789 this: *mut ffi::GTlsCertificate,
790 _param_spec: glib::ffi::gpointer,
791 f: glib::ffi::gpointer,
792 ) {
793 let f: &F = &*(f as *const F);
794 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
795 }
796 unsafe {
797 let f: Box_<F> = Box_::new(f);
798 connect_raw(
799 self.as_ptr() as *mut _,
800 b"notify::dns-names\0".as_ptr() as *const _,
801 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
802 notify_dns_names_trampoline::<Self, F> as *const (),
803 )),
804 Box_::into_raw(f),
805 )
806 }
807 }
808
809 #[cfg(feature = "v2_70")]
810 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
811 #[doc(alias = "ip-addresses")]
812 fn connect_ip_addresses_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
813 unsafe extern "C" fn notify_ip_addresses_trampoline<
814 P: IsA<TlsCertificate>,
815 F: Fn(&P) + 'static,
816 >(
817 this: *mut ffi::GTlsCertificate,
818 _param_spec: glib::ffi::gpointer,
819 f: glib::ffi::gpointer,
820 ) {
821 let f: &F = &*(f as *const F);
822 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
823 }
824 unsafe {
825 let f: Box_<F> = Box_::new(f);
826 connect_raw(
827 self.as_ptr() as *mut _,
828 b"notify::ip-addresses\0".as_ptr() as *const _,
829 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
830 notify_ip_addresses_trampoline::<Self, F> as *const (),
831 )),
832 Box_::into_raw(f),
833 )
834 }
835 }
836
837 #[cfg(feature = "v2_70")]
838 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
839 #[doc(alias = "issuer-name")]
840 fn connect_issuer_name_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
841 unsafe extern "C" fn notify_issuer_name_trampoline<
842 P: IsA<TlsCertificate>,
843 F: Fn(&P) + 'static,
844 >(
845 this: *mut ffi::GTlsCertificate,
846 _param_spec: glib::ffi::gpointer,
847 f: glib::ffi::gpointer,
848 ) {
849 let f: &F = &*(f as *const F);
850 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
851 }
852 unsafe {
853 let f: Box_<F> = Box_::new(f);
854 connect_raw(
855 self.as_ptr() as *mut _,
856 b"notify::issuer-name\0".as_ptr() as *const _,
857 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
858 notify_issuer_name_trampoline::<Self, F> as *const (),
859 )),
860 Box_::into_raw(f),
861 )
862 }
863 }
864
865 #[cfg(feature = "v2_70")]
866 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
867 #[doc(alias = "not-valid-after")]
868 fn connect_not_valid_after_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
869 unsafe extern "C" fn notify_not_valid_after_trampoline<
870 P: IsA<TlsCertificate>,
871 F: Fn(&P) + 'static,
872 >(
873 this: *mut ffi::GTlsCertificate,
874 _param_spec: glib::ffi::gpointer,
875 f: glib::ffi::gpointer,
876 ) {
877 let f: &F = &*(f as *const F);
878 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
879 }
880 unsafe {
881 let f: Box_<F> = Box_::new(f);
882 connect_raw(
883 self.as_ptr() as *mut _,
884 b"notify::not-valid-after\0".as_ptr() as *const _,
885 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
886 notify_not_valid_after_trampoline::<Self, F> as *const (),
887 )),
888 Box_::into_raw(f),
889 )
890 }
891 }
892
893 #[cfg(feature = "v2_70")]
894 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
895 #[doc(alias = "not-valid-before")]
896 fn connect_not_valid_before_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
897 unsafe extern "C" fn notify_not_valid_before_trampoline<
898 P: IsA<TlsCertificate>,
899 F: Fn(&P) + 'static,
900 >(
901 this: *mut ffi::GTlsCertificate,
902 _param_spec: glib::ffi::gpointer,
903 f: glib::ffi::gpointer,
904 ) {
905 let f: &F = &*(f as *const F);
906 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
907 }
908 unsafe {
909 let f: Box_<F> = Box_::new(f);
910 connect_raw(
911 self.as_ptr() as *mut _,
912 b"notify::not-valid-before\0".as_ptr() as *const _,
913 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
914 notify_not_valid_before_trampoline::<Self, F> as *const (),
915 )),
916 Box_::into_raw(f),
917 )
918 }
919 }
920
921 #[cfg(feature = "v2_70")]
922 #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
923 #[doc(alias = "subject-name")]
924 fn connect_subject_name_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
925 unsafe extern "C" fn notify_subject_name_trampoline<
926 P: IsA<TlsCertificate>,
927 F: Fn(&P) + 'static,
928 >(
929 this: *mut ffi::GTlsCertificate,
930 _param_spec: glib::ffi::gpointer,
931 f: glib::ffi::gpointer,
932 ) {
933 let f: &F = &*(f as *const F);
934 f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
935 }
936 unsafe {
937 let f: Box_<F> = Box_::new(f);
938 connect_raw(
939 self.as_ptr() as *mut _,
940 b"notify::subject-name\0".as_ptr() as *const _,
941 Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
942 notify_subject_name_trampoline::<Self, F> as *const (),
943 )),
944 Box_::into_raw(f),
945 )
946 }
947 }
948}
949
950impl<O: IsA<TlsCertificate>> TlsCertificateExt for O {}