gio/auto/
tls_certificate.rs

1// This file was generated by gir (https://github.com/gtk-rs/gir)
2// from gir-files (https://github.com/gtk-rs/gir-files)
3// DO NOT EDIT
4
5#[cfg(feature = "v2_70")]
6#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
7use crate::InetAddress;
8use crate::{ffi, SocketConnectable, TlsCertificateFlags};
9#[cfg(feature = "v2_70")]
10#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
11use glib::signal::{connect_raw, SignalHandlerId};
12use glib::{prelude::*, translate::*};
13#[cfg(feature = "v2_70")]
14#[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
15use std::boxed::Box as Box_;
16
17glib::wrapper! {
18    /// A certificate used for TLS authentication and encryption.
19    /// This can represent either a certificate only (eg, the certificate
20    /// received by a client from a server), or the combination of
21    /// a certificate and a private key (which is needed when acting as a
22    /// [`TlsServerConnection`][crate::TlsServerConnection]).
23    ///
24    /// This is an Abstract Base Class, you cannot instantiate it.
25    ///
26    /// ## Properties
27    ///
28    ///
29    /// #### `certificate`
30    ///  The DER (binary) encoded representation of the certificate.
31    /// This property and the #GTlsCertificate:certificate-pem property
32    /// represent the same data, just in different forms.
33    ///
34    /// Readable | Writeable | Construct Only
35    ///
36    ///
37    /// #### `certificate-pem`
38    ///  The PEM (ASCII) encoded representation of the certificate.
39    /// This property and the #GTlsCertificate:certificate
40    /// property represent the same data, just in different forms.
41    ///
42    /// Readable | Writeable | Construct Only
43    ///
44    ///
45    /// #### `dns-names`
46    ///  The DNS names from the certificate's Subject Alternative Names (SANs),
47    /// [`None`] if unavailable.
48    ///
49    /// Readable
50    ///
51    ///
52    /// #### `ip-addresses`
53    ///  The IP addresses from the certificate's Subject Alternative Names (SANs),
54    /// [`None`] if unavailable.
55    ///
56    /// Readable
57    ///
58    ///
59    /// #### `issuer`
60    ///  A #GTlsCertificate representing the entity that issued this
61    /// certificate. If [`None`], this means that the certificate is either
62    /// self-signed, or else the certificate of the issuer is not
63    /// available.
64    ///
65    /// Beware the issuer certificate may not be the same as the
66    /// certificate that would actually be used to construct a valid
67    /// certification path during certificate verification.
68    /// [RFC 4158](https://datatracker.ietf.org/doc/html/rfc4158) explains
69    /// why an issuer certificate cannot be naively assumed to be part of the
70    /// the certification path (though GLib's TLS backends may not follow the
71    /// path building strategies outlined in this RFC). Due to the complexity
72    /// of certification path building, GLib does not provide any way to know
73    /// which certification path will actually be used. Accordingly, this
74    /// property cannot be used to make security-related decisions. Only
75    /// GLib itself should make security decisions about TLS certificates.
76    ///
77    /// Readable | Writeable | Construct Only
78    ///
79    ///
80    /// #### `issuer-name`
81    ///  The issuer from the certificate,
82    /// [`None`] if unavailable.
83    ///
84    /// Readable
85    ///
86    ///
87    /// #### `not-valid-after`
88    ///  The time at which this cert is no longer valid,
89    /// [`None`] if unavailable.
90    ///
91    /// Readable
92    ///
93    ///
94    /// #### `not-valid-before`
95    ///  The time at which this cert is considered to be valid,
96    /// [`None`] if unavailable.
97    ///
98    /// Readable
99    ///
100    ///
101    /// #### `password`
102    ///  An optional password used when constructed with GTlsCertificate:pkcs12-data.
103    ///
104    /// Writeable | Construct Only
105    ///
106    ///
107    /// #### `pkcs11-uri`
108    ///  A URI referencing the [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
109    /// objects containing an X.509 certificate and optionally a private key.
110    ///
111    /// If [`None`], the certificate is either not backed by PKCS \#11 or the
112    /// #GTlsBackend does not support PKCS \#11.
113    ///
114    /// Readable | Writeable | Construct Only
115    ///
116    ///
117    /// #### `pkcs12-data`
118    ///  The PKCS #12 formatted data used to construct the object.
119    ///
120    /// See also: g_tls_certificate_new_from_pkcs12()
121    ///
122    /// Writeable | Construct Only
123    ///
124    ///
125    /// #### `private-key`
126    ///  The DER (binary) encoded representation of the certificate's
127    /// private key, in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
128    /// or unencrypted [PKCS \#8 format.](https://datatracker.ietf.org/doc/html/rfc5208)
129    /// PKCS \#8 format is supported since 2.32; earlier releases only
130    /// support PKCS \#1. You can use the `openssl rsa` tool to convert
131    /// PKCS \#8 keys to PKCS \#1.
132    ///
133    /// This property (or the #GTlsCertificate:private-key-pem property)
134    /// can be set when constructing a key (for example, from a file).
135    /// Since GLib 2.70, it is now also readable; however, be aware that if
136    /// the private key is backed by a PKCS \#11 URI – for example, if it
137    /// is stored on a smartcard – then this property will be [`None`]. If so,
138    /// the private key must be referenced via its PKCS \#11 URI,
139    /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
140    /// properties to see if the certificate really has a private key.
141    /// When this property is read, the output format will be unencrypted
142    /// PKCS \#8.
143    ///
144    /// Readable | Writeable | Construct Only
145    ///
146    ///
147    /// #### `private-key-pem`
148    ///  The PEM (ASCII) encoded representation of the certificate's
149    /// private key in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
150    /// ("`BEGIN RSA PRIVATE KEY`") or unencrypted
151    /// [PKCS \#8 format](https://datatracker.ietf.org/doc/html/rfc5208)
152    /// ("`BEGIN PRIVATE KEY`"). PKCS \#8 format is supported since 2.32;
153    /// earlier releases only support PKCS \#1. You can use the `openssl rsa`
154    /// tool to convert PKCS \#8 keys to PKCS \#1.
155    ///
156    /// This property (or the #GTlsCertificate:private-key property)
157    /// can be set when constructing a key (for example, from a file).
158    /// Since GLib 2.70, it is now also readable; however, be aware that if
159    /// the private key is backed by a PKCS \#11 URI - for example, if it
160    /// is stored on a smartcard - then this property will be [`None`]. If so,
161    /// the private key must be referenced via its PKCS \#11 URI,
162    /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
163    /// properties to see if the certificate really has a private key.
164    /// When this property is read, the output format will be unencrypted
165    /// PKCS \#8.
166    ///
167    /// Readable | Writeable | Construct Only
168    ///
169    ///
170    /// #### `private-key-pkcs11-uri`
171    ///  A URI referencing a [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
172    /// object containing a private key.
173    ///
174    /// Readable | Writeable | Construct Only
175    ///
176    ///
177    /// #### `subject-name`
178    ///  The subject from the cert,
179    /// [`None`] if unavailable.
180    ///
181    /// Readable
182    ///
183    /// # Implements
184    ///
185    /// [`TlsCertificateExt`][trait@crate::prelude::TlsCertificateExt], [`trait@glib::ObjectExt`]
186    #[doc(alias = "GTlsCertificate")]
187    pub struct TlsCertificate(Object<ffi::GTlsCertificate, ffi::GTlsCertificateClass>);
188
189    match fn {
190        type_ => || ffi::g_tls_certificate_get_type(),
191    }
192}
193
194impl TlsCertificate {
195    pub const NONE: Option<&'static TlsCertificate> = None;
196
197    /// Creates a #GTlsCertificate from the data in @file.
198    ///
199    /// As of 2.72, if the filename ends in `.p12` or `.pfx` the data is loaded by
200    /// g_tls_certificate_new_from_pkcs12() otherwise it is loaded by
201    /// g_tls_certificate_new_from_pem(). See those functions for
202    /// exact details.
203    ///
204    /// If @file cannot be read or parsed, the function will return [`None`] and
205    /// set @error.
206    /// ## `file`
207    /// file containing a certificate to import
208    ///
209    /// # Returns
210    ///
211    /// the new certificate, or [`None`] on error
212    #[doc(alias = "g_tls_certificate_new_from_file")]
213    #[doc(alias = "new_from_file")]
214    pub fn from_file(file: impl AsRef<std::path::Path>) -> Result<TlsCertificate, glib::Error> {
215        unsafe {
216            let mut error = std::ptr::null_mut();
217            let ret =
218                ffi::g_tls_certificate_new_from_file(file.as_ref().to_glib_none().0, &mut error);
219            if error.is_null() {
220                Ok(from_glib_full(ret))
221            } else {
222                Err(from_glib_full(error))
223            }
224        }
225    }
226
227    /// Creates a #GTlsCertificate from the data in @file.
228    ///
229    /// If @file cannot be read or parsed, the function will return [`None`] and
230    /// set @error.
231    ///
232    /// Any unknown file types will error with [`IOErrorEnum::NotSupported`][crate::IOErrorEnum::NotSupported].
233    /// Currently only `.p12` and `.pfx` files are supported.
234    /// See g_tls_certificate_new_from_pkcs12() for more details.
235    /// ## `file`
236    /// file containing a certificate to import
237    /// ## `password`
238    /// password for PKCS #12 files
239    ///
240    /// # Returns
241    ///
242    /// the new certificate, or [`None`] on error
243    #[cfg(feature = "v2_72")]
244    #[cfg_attr(docsrs, doc(cfg(feature = "v2_72")))]
245    #[doc(alias = "g_tls_certificate_new_from_file_with_password")]
246    #[doc(alias = "new_from_file_with_password")]
247    pub fn from_file_with_password(
248        file: impl AsRef<std::path::Path>,
249        password: &str,
250    ) -> Result<TlsCertificate, glib::Error> {
251        unsafe {
252            let mut error = std::ptr::null_mut();
253            let ret = ffi::g_tls_certificate_new_from_file_with_password(
254                file.as_ref().to_glib_none().0,
255                password.to_glib_none().0,
256                &mut error,
257            );
258            if error.is_null() {
259                Ok(from_glib_full(ret))
260            } else {
261                Err(from_glib_full(error))
262            }
263        }
264    }
265
266    /// Creates a #GTlsCertificate from the PEM-encoded data in @cert_file
267    /// and @key_file. The returned certificate will be the first certificate
268    /// found in @cert_file. As of GLib 2.44, if @cert_file contains more
269    /// certificates it will try to load a certificate chain. All
270    /// certificates will be verified in the order found (top-level
271    /// certificate should be the last one in the file) and the
272    /// #GTlsCertificate:issuer property of each certificate will be set
273    /// accordingly if the verification succeeds. If any certificate in the
274    /// chain cannot be verified, the first certificate in the file will
275    /// still be returned.
276    ///
277    /// If either file cannot be read or parsed, the function will return
278    /// [`None`] and set @error. Otherwise, this behaves like
279    /// g_tls_certificate_new_from_pem().
280    /// ## `cert_file`
281    /// file containing one or more PEM-encoded
282    ///     certificates to import
283    /// ## `key_file`
284    /// file containing a PEM-encoded private key
285    ///     to import
286    ///
287    /// # Returns
288    ///
289    /// the new certificate, or [`None`] on error
290    #[doc(alias = "g_tls_certificate_new_from_files")]
291    #[doc(alias = "new_from_files")]
292    pub fn from_files(
293        cert_file: impl AsRef<std::path::Path>,
294        key_file: impl AsRef<std::path::Path>,
295    ) -> Result<TlsCertificate, glib::Error> {
296        unsafe {
297            let mut error = std::ptr::null_mut();
298            let ret = ffi::g_tls_certificate_new_from_files(
299                cert_file.as_ref().to_glib_none().0,
300                key_file.as_ref().to_glib_none().0,
301                &mut error,
302            );
303            if error.is_null() {
304                Ok(from_glib_full(ret))
305            } else {
306                Err(from_glib_full(error))
307            }
308        }
309    }
310
311    /// Creates a #GTlsCertificate from the PEM-encoded data in @data. If
312    /// @data includes both a certificate and a private key, then the
313    /// returned certificate will include the private key data as well. (See
314    /// the #GTlsCertificate:private-key-pem property for information about
315    /// supported formats.)
316    ///
317    /// The returned certificate will be the first certificate found in
318    /// @data. As of GLib 2.44, if @data contains more certificates it will
319    /// try to load a certificate chain. All certificates will be verified in
320    /// the order found (top-level certificate should be the last one in the
321    /// file) and the #GTlsCertificate:issuer property of each certificate
322    /// will be set accordingly if the verification succeeds. If any
323    /// certificate in the chain cannot be verified, the first certificate in
324    /// the file will still be returned.
325    /// ## `data`
326    /// PEM-encoded certificate data
327    /// ## `length`
328    /// the length of @data, or -1 if it's 0-terminated.
329    ///
330    /// # Returns
331    ///
332    /// the new certificate, or [`None`] if @data is invalid
333    #[doc(alias = "g_tls_certificate_new_from_pem")]
334    #[doc(alias = "new_from_pem")]
335    pub fn from_pem(data: &str) -> Result<TlsCertificate, glib::Error> {
336        let length = data.len() as _;
337        unsafe {
338            let mut error = std::ptr::null_mut();
339            let ret =
340                ffi::g_tls_certificate_new_from_pem(data.to_glib_none().0, length, &mut error);
341            if error.is_null() {
342                Ok(from_glib_full(ret))
343            } else {
344                Err(from_glib_full(error))
345            }
346        }
347    }
348
349    /// Creates a #GTlsCertificate from a
350    /// [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html) URI.
351    ///
352    /// An example @pkcs11_uri would be `pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My`20Client``20Certificate`;id=`01``
353    ///
354    /// Where the token’s layout is:
355    ///
356    ///
357    /// ```text
358    /// Object 0:
359    ///   URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=private%20key;type=private
360    ///   Type: Private key (RSA-2048)
361    ///   ID: 01
362    ///
363    /// Object 1:
364    ///   URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=Certificate%20for%20Authentication;type=cert
365    ///   Type: X.509 Certificate (RSA-2048)
366    ///   ID: 01
367    /// ```
368    ///
369    /// In this case the certificate and private key would both be detected and used as expected.
370    /// @pkcs_uri may also just reference an X.509 certificate object and then optionally
371    /// @private_key_pkcs11_uri allows using a private key exposed under a different URI.
372    ///
373    /// Note that the private key is not accessed until usage and may fail or require a PIN later.
374    /// ## `pkcs11_uri`
375    /// A PKCS \#11 URI
376    /// ## `private_key_pkcs11_uri`
377    /// A PKCS \#11 URI
378    ///
379    /// # Returns
380    ///
381    /// the new certificate, or [`None`] on error
382    #[cfg(feature = "v2_68")]
383    #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
384    #[doc(alias = "g_tls_certificate_new_from_pkcs11_uris")]
385    #[doc(alias = "new_from_pkcs11_uris")]
386    pub fn from_pkcs11_uris(
387        pkcs11_uri: &str,
388        private_key_pkcs11_uri: Option<&str>,
389    ) -> Result<TlsCertificate, glib::Error> {
390        unsafe {
391            let mut error = std::ptr::null_mut();
392            let ret = ffi::g_tls_certificate_new_from_pkcs11_uris(
393                pkcs11_uri.to_glib_none().0,
394                private_key_pkcs11_uri.to_glib_none().0,
395                &mut error,
396            );
397            if error.is_null() {
398                Ok(from_glib_full(ret))
399            } else {
400                Err(from_glib_full(error))
401            }
402        }
403    }
404
405    /// Creates a #GTlsCertificate from the data in @data. It must contain
406    /// a certificate and matching private key.
407    ///
408    /// If extra certificates are included they will be verified as a chain
409    /// and the #GTlsCertificate:issuer property will be set.
410    /// All other data will be ignored.
411    ///
412    /// You can pass as single password for all of the data which will be
413    /// used both for the PKCS #12 container as well as encrypted
414    /// private keys. If decryption fails it will error with
415    /// [`TlsError::BadCertificatePassword`][crate::TlsError::BadCertificatePassword].
416    ///
417    /// This constructor requires support in the current #GTlsBackend.
418    /// If support is missing it will error with
419    /// [`IOErrorEnum::NotSupported`][crate::IOErrorEnum::NotSupported].
420    ///
421    /// Other parsing failures will error with [`TlsError::BadCertificate`][crate::TlsError::BadCertificate].
422    /// ## `data`
423    /// DER-encoded PKCS #12 format certificate data
424    /// ## `password`
425    /// optional password for encrypted certificate data
426    ///
427    /// # Returns
428    ///
429    /// the new certificate, or [`None`] if @data is invalid
430    #[cfg(feature = "v2_72")]
431    #[cfg_attr(docsrs, doc(cfg(feature = "v2_72")))]
432    #[doc(alias = "g_tls_certificate_new_from_pkcs12")]
433    #[doc(alias = "new_from_pkcs12")]
434    pub fn from_pkcs12(data: &[u8], password: Option<&str>) -> Result<TlsCertificate, glib::Error> {
435        let length = data.len() as _;
436        unsafe {
437            let mut error = std::ptr::null_mut();
438            let ret = ffi::g_tls_certificate_new_from_pkcs12(
439                data.to_glib_none().0,
440                length,
441                password.to_glib_none().0,
442                &mut error,
443            );
444            if error.is_null() {
445                Ok(from_glib_full(ret))
446            } else {
447                Err(from_glib_full(error))
448            }
449        }
450    }
451
452    /// Creates one or more #GTlsCertificates from the PEM-encoded
453    /// data in @file. If @file cannot be read or parsed, the function will
454    /// return [`None`] and set @error. If @file does not contain any
455    /// PEM-encoded certificates, this will return an empty list and not
456    /// set @error.
457    /// ## `file`
458    /// file containing PEM-encoded certificates to import
459    ///
460    /// # Returns
461    ///
462    /// a
463    /// #GList containing #GTlsCertificate objects. You must free the list
464    /// and its contents when you are done with it.
465    #[doc(alias = "g_tls_certificate_list_new_from_file")]
466    pub fn list_new_from_file(
467        file: impl AsRef<std::path::Path>,
468    ) -> Result<Vec<TlsCertificate>, glib::Error> {
469        unsafe {
470            let mut error = std::ptr::null_mut();
471            let ret = ffi::g_tls_certificate_list_new_from_file(
472                file.as_ref().to_glib_none().0,
473                &mut error,
474            );
475            if error.is_null() {
476                Ok(FromGlibPtrContainer::from_glib_full(ret))
477            } else {
478                Err(from_glib_full(error))
479            }
480        }
481    }
482}
483
484mod sealed {
485    pub trait Sealed {}
486    impl<T: super::IsA<super::TlsCertificate>> Sealed for T {}
487}
488
489/// Trait containing all [`struct@TlsCertificate`] methods.
490///
491/// # Implementors
492///
493/// [`TlsCertificate`][struct@crate::TlsCertificate]
494pub trait TlsCertificateExt: IsA<TlsCertificate> + sealed::Sealed + 'static {
495    /// Gets the value of #GTlsCertificate:dns-names.
496    ///
497    /// # Returns
498    ///
499    /// A #GPtrArray of
500    /// #GBytes elements, or [`None`] if it's not available.
501    #[cfg(feature = "v2_70")]
502    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
503    #[doc(alias = "g_tls_certificate_get_dns_names")]
504    #[doc(alias = "get_dns_names")]
505    #[doc(alias = "dns-names")]
506    fn dns_names(&self) -> Vec<glib::Bytes> {
507        unsafe {
508            FromGlibPtrContainer::from_glib_container(ffi::g_tls_certificate_get_dns_names(
509                self.as_ref().to_glib_none().0,
510            ))
511        }
512    }
513
514    /// Gets the value of #GTlsCertificate:ip-addresses.
515    ///
516    /// # Returns
517    ///
518    /// A #GPtrArray
519    /// of #GInetAddress elements, or [`None`] if it's not available.
520    #[cfg(feature = "v2_70")]
521    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
522    #[doc(alias = "g_tls_certificate_get_ip_addresses")]
523    #[doc(alias = "get_ip_addresses")]
524    #[doc(alias = "ip-addresses")]
525    fn ip_addresses(&self) -> Vec<InetAddress> {
526        unsafe {
527            FromGlibPtrContainer::from_glib_container(ffi::g_tls_certificate_get_ip_addresses(
528                self.as_ref().to_glib_none().0,
529            ))
530        }
531    }
532
533    /// Gets the #GTlsCertificate representing @self's issuer, if known
534    ///
535    /// # Returns
536    ///
537    /// The certificate of @self's issuer,
538    /// or [`None`] if @self is self-signed or signed with an unknown
539    /// certificate.
540    #[doc(alias = "g_tls_certificate_get_issuer")]
541    #[doc(alias = "get_issuer")]
542    #[must_use]
543    fn issuer(&self) -> Option<TlsCertificate> {
544        unsafe {
545            from_glib_none(ffi::g_tls_certificate_get_issuer(
546                self.as_ref().to_glib_none().0,
547            ))
548        }
549    }
550
551    /// Returns the issuer name from the certificate.
552    ///
553    /// # Returns
554    ///
555    /// The issuer name, or [`None`] if it's not available.
556    #[cfg(feature = "v2_70")]
557    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
558    #[doc(alias = "g_tls_certificate_get_issuer_name")]
559    #[doc(alias = "get_issuer_name")]
560    #[doc(alias = "issuer-name")]
561    fn issuer_name(&self) -> Option<glib::GString> {
562        unsafe {
563            from_glib_full(ffi::g_tls_certificate_get_issuer_name(
564                self.as_ref().to_glib_none().0,
565            ))
566        }
567    }
568
569    /// Returns the time at which the certificate became or will become invalid.
570    ///
571    /// # Returns
572    ///
573    /// The not-valid-after date, or [`None`] if it's not available.
574    #[cfg(feature = "v2_70")]
575    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
576    #[doc(alias = "g_tls_certificate_get_not_valid_after")]
577    #[doc(alias = "get_not_valid_after")]
578    #[doc(alias = "not-valid-after")]
579    fn not_valid_after(&self) -> Option<glib::DateTime> {
580        unsafe {
581            from_glib_full(ffi::g_tls_certificate_get_not_valid_after(
582                self.as_ref().to_glib_none().0,
583            ))
584        }
585    }
586
587    /// Returns the time at which the certificate became or will become valid.
588    ///
589    /// # Returns
590    ///
591    /// The not-valid-before date, or [`None`] if it's not available.
592    #[cfg(feature = "v2_70")]
593    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
594    #[doc(alias = "g_tls_certificate_get_not_valid_before")]
595    #[doc(alias = "get_not_valid_before")]
596    #[doc(alias = "not-valid-before")]
597    fn not_valid_before(&self) -> Option<glib::DateTime> {
598        unsafe {
599            from_glib_full(ffi::g_tls_certificate_get_not_valid_before(
600                self.as_ref().to_glib_none().0,
601            ))
602        }
603    }
604
605    /// Returns the subject name from the certificate.
606    ///
607    /// # Returns
608    ///
609    /// The subject name, or [`None`] if it's not available.
610    #[cfg(feature = "v2_70")]
611    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
612    #[doc(alias = "g_tls_certificate_get_subject_name")]
613    #[doc(alias = "get_subject_name")]
614    #[doc(alias = "subject-name")]
615    fn subject_name(&self) -> Option<glib::GString> {
616        unsafe {
617            from_glib_full(ffi::g_tls_certificate_get_subject_name(
618                self.as_ref().to_glib_none().0,
619            ))
620        }
621    }
622
623    /// Check if two #GTlsCertificate objects represent the same certificate.
624    /// The raw DER byte data of the two certificates are checked for equality.
625    /// This has the effect that two certificates may compare equal even if
626    /// their #GTlsCertificate:issuer, #GTlsCertificate:private-key, or
627    /// #GTlsCertificate:private-key-pem properties differ.
628    /// ## `cert_two`
629    /// second certificate to compare
630    ///
631    /// # Returns
632    ///
633    /// whether the same or not
634    #[doc(alias = "g_tls_certificate_is_same")]
635    fn is_same(&self, cert_two: &impl IsA<TlsCertificate>) -> bool {
636        unsafe {
637            from_glib(ffi::g_tls_certificate_is_same(
638                self.as_ref().to_glib_none().0,
639                cert_two.as_ref().to_glib_none().0,
640            ))
641        }
642    }
643
644    /// This verifies @self and returns a set of #GTlsCertificateFlags
645    /// indicating any problems found with it. This can be used to verify a
646    /// certificate outside the context of making a connection, or to
647    /// check a certificate against a CA that is not part of the system
648    /// CA database.
649    ///
650    /// If @self is valid, `G_TLS_CERTIFICATE_NO_FLAGS` is returned.
651    ///
652    /// If @identity is not [`None`], @self's name(s) will be compared against
653    /// it, and [`TlsCertificateFlags::BAD_IDENTITY`][crate::TlsCertificateFlags::BAD_IDENTITY] will be set in the return
654    /// value if it does not match. If @identity is [`None`], that bit will
655    /// never be set in the return value.
656    ///
657    /// If @trusted_ca is not [`None`], then @self (or one of the certificates
658    /// in its chain) must be signed by it, or else
659    /// [`TlsCertificateFlags::UNKNOWN_CA`][crate::TlsCertificateFlags::UNKNOWN_CA] will be set in the return value. If
660    /// @trusted_ca is [`None`], that bit will never be set in the return
661    /// value.
662    ///
663    /// GLib guarantees that if certificate verification fails, at least one
664    /// error will be set in the return value, but it does not guarantee
665    /// that all possible errors will be set. Accordingly, you may not safely
666    /// decide to ignore any particular type of error. For example, it would
667    /// be incorrect to mask [`TlsCertificateFlags::EXPIRED`][crate::TlsCertificateFlags::EXPIRED] if you want to allow
668    /// expired certificates, because this could potentially be the only
669    /// error flag set even if other problems exist with the certificate.
670    ///
671    /// Because TLS session context is not used, #GTlsCertificate may not
672    /// perform as many checks on the certificates as #GTlsConnection would.
673    /// For example, certificate constraints may not be honored, and
674    /// revocation checks may not be performed. The best way to verify TLS
675    /// certificates used by a TLS connection is to let #GTlsConnection
676    /// handle the verification.
677    /// ## `identity`
678    /// the expected peer identity
679    /// ## `trusted_ca`
680    /// the certificate of a trusted authority
681    ///
682    /// # Returns
683    ///
684    /// the appropriate #GTlsCertificateFlags
685    #[doc(alias = "g_tls_certificate_verify")]
686    fn verify(
687        &self,
688        identity: Option<&impl IsA<SocketConnectable>>,
689        trusted_ca: Option<&impl IsA<TlsCertificate>>,
690    ) -> TlsCertificateFlags {
691        unsafe {
692            from_glib(ffi::g_tls_certificate_verify(
693                self.as_ref().to_glib_none().0,
694                identity.map(|p| p.as_ref()).to_glib_none().0,
695                trusted_ca.map(|p| p.as_ref()).to_glib_none().0,
696            ))
697        }
698    }
699
700    /// The DER (binary) encoded representation of the certificate.
701    /// This property and the #GTlsCertificate:certificate-pem property
702    /// represent the same data, just in different forms.
703    fn certificate(&self) -> Option<glib::ByteArray> {
704        ObjectExt::property(self.as_ref(), "certificate")
705    }
706
707    /// The PEM (ASCII) encoded representation of the certificate.
708    /// This property and the #GTlsCertificate:certificate
709    /// property represent the same data, just in different forms.
710    #[doc(alias = "certificate-pem")]
711    fn certificate_pem(&self) -> Option<glib::GString> {
712        ObjectExt::property(self.as_ref(), "certificate-pem")
713    }
714
715    /// A URI referencing the [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
716    /// objects containing an X.509 certificate and optionally a private key.
717    ///
718    /// If [`None`], the certificate is either not backed by PKCS \#11 or the
719    /// #GTlsBackend does not support PKCS \#11.
720    #[cfg(feature = "v2_68")]
721    #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
722    #[doc(alias = "pkcs11-uri")]
723    fn pkcs11_uri(&self) -> Option<glib::GString> {
724        ObjectExt::property(self.as_ref(), "pkcs11-uri")
725    }
726
727    /// The DER (binary) encoded representation of the certificate's
728    /// private key, in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
729    /// or unencrypted [PKCS \#8 format.](https://datatracker.ietf.org/doc/html/rfc5208)
730    /// PKCS \#8 format is supported since 2.32; earlier releases only
731    /// support PKCS \#1. You can use the `openssl rsa` tool to convert
732    /// PKCS \#8 keys to PKCS \#1.
733    ///
734    /// This property (or the #GTlsCertificate:private-key-pem property)
735    /// can be set when constructing a key (for example, from a file).
736    /// Since GLib 2.70, it is now also readable; however, be aware that if
737    /// the private key is backed by a PKCS \#11 URI – for example, if it
738    /// is stored on a smartcard – then this property will be [`None`]. If so,
739    /// the private key must be referenced via its PKCS \#11 URI,
740    /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
741    /// properties to see if the certificate really has a private key.
742    /// When this property is read, the output format will be unencrypted
743    /// PKCS \#8.
744    #[doc(alias = "private-key")]
745    fn private_key(&self) -> Option<glib::ByteArray> {
746        ObjectExt::property(self.as_ref(), "private-key")
747    }
748
749    /// The PEM (ASCII) encoded representation of the certificate's
750    /// private key in either [PKCS \#1 format](https://datatracker.ietf.org/doc/html/rfc8017)
751    /// ("`BEGIN RSA PRIVATE KEY`") or unencrypted
752    /// [PKCS \#8 format](https://datatracker.ietf.org/doc/html/rfc5208)
753    /// ("`BEGIN PRIVATE KEY`"). PKCS \#8 format is supported since 2.32;
754    /// earlier releases only support PKCS \#1. You can use the `openssl rsa`
755    /// tool to convert PKCS \#8 keys to PKCS \#1.
756    ///
757    /// This property (or the #GTlsCertificate:private-key property)
758    /// can be set when constructing a key (for example, from a file).
759    /// Since GLib 2.70, it is now also readable; however, be aware that if
760    /// the private key is backed by a PKCS \#11 URI - for example, if it
761    /// is stored on a smartcard - then this property will be [`None`]. If so,
762    /// the private key must be referenced via its PKCS \#11 URI,
763    /// #GTlsCertificate:private-key-pkcs11-uri. You must check both
764    /// properties to see if the certificate really has a private key.
765    /// When this property is read, the output format will be unencrypted
766    /// PKCS \#8.
767    #[doc(alias = "private-key-pem")]
768    fn private_key_pem(&self) -> Option<glib::GString> {
769        ObjectExt::property(self.as_ref(), "private-key-pem")
770    }
771
772    /// A URI referencing a [PKCS \#11](https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html)
773    /// object containing a private key.
774    #[cfg(feature = "v2_68")]
775    #[cfg_attr(docsrs, doc(cfg(feature = "v2_68")))]
776    #[doc(alias = "private-key-pkcs11-uri")]
777    fn private_key_pkcs11_uri(&self) -> Option<glib::GString> {
778        ObjectExt::property(self.as_ref(), "private-key-pkcs11-uri")
779    }
780
781    #[cfg(feature = "v2_70")]
782    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
783    #[doc(alias = "dns-names")]
784    fn connect_dns_names_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
785        unsafe extern "C" fn notify_dns_names_trampoline<
786            P: IsA<TlsCertificate>,
787            F: Fn(&P) + 'static,
788        >(
789            this: *mut ffi::GTlsCertificate,
790            _param_spec: glib::ffi::gpointer,
791            f: glib::ffi::gpointer,
792        ) {
793            let f: &F = &*(f as *const F);
794            f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
795        }
796        unsafe {
797            let f: Box_<F> = Box_::new(f);
798            connect_raw(
799                self.as_ptr() as *mut _,
800                b"notify::dns-names\0".as_ptr() as *const _,
801                Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
802                    notify_dns_names_trampoline::<Self, F> as *const (),
803                )),
804                Box_::into_raw(f),
805            )
806        }
807    }
808
809    #[cfg(feature = "v2_70")]
810    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
811    #[doc(alias = "ip-addresses")]
812    fn connect_ip_addresses_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
813        unsafe extern "C" fn notify_ip_addresses_trampoline<
814            P: IsA<TlsCertificate>,
815            F: Fn(&P) + 'static,
816        >(
817            this: *mut ffi::GTlsCertificate,
818            _param_spec: glib::ffi::gpointer,
819            f: glib::ffi::gpointer,
820        ) {
821            let f: &F = &*(f as *const F);
822            f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
823        }
824        unsafe {
825            let f: Box_<F> = Box_::new(f);
826            connect_raw(
827                self.as_ptr() as *mut _,
828                b"notify::ip-addresses\0".as_ptr() as *const _,
829                Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
830                    notify_ip_addresses_trampoline::<Self, F> as *const (),
831                )),
832                Box_::into_raw(f),
833            )
834        }
835    }
836
837    #[cfg(feature = "v2_70")]
838    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
839    #[doc(alias = "issuer-name")]
840    fn connect_issuer_name_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
841        unsafe extern "C" fn notify_issuer_name_trampoline<
842            P: IsA<TlsCertificate>,
843            F: Fn(&P) + 'static,
844        >(
845            this: *mut ffi::GTlsCertificate,
846            _param_spec: glib::ffi::gpointer,
847            f: glib::ffi::gpointer,
848        ) {
849            let f: &F = &*(f as *const F);
850            f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
851        }
852        unsafe {
853            let f: Box_<F> = Box_::new(f);
854            connect_raw(
855                self.as_ptr() as *mut _,
856                b"notify::issuer-name\0".as_ptr() as *const _,
857                Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
858                    notify_issuer_name_trampoline::<Self, F> as *const (),
859                )),
860                Box_::into_raw(f),
861            )
862        }
863    }
864
865    #[cfg(feature = "v2_70")]
866    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
867    #[doc(alias = "not-valid-after")]
868    fn connect_not_valid_after_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
869        unsafe extern "C" fn notify_not_valid_after_trampoline<
870            P: IsA<TlsCertificate>,
871            F: Fn(&P) + 'static,
872        >(
873            this: *mut ffi::GTlsCertificate,
874            _param_spec: glib::ffi::gpointer,
875            f: glib::ffi::gpointer,
876        ) {
877            let f: &F = &*(f as *const F);
878            f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
879        }
880        unsafe {
881            let f: Box_<F> = Box_::new(f);
882            connect_raw(
883                self.as_ptr() as *mut _,
884                b"notify::not-valid-after\0".as_ptr() as *const _,
885                Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
886                    notify_not_valid_after_trampoline::<Self, F> as *const (),
887                )),
888                Box_::into_raw(f),
889            )
890        }
891    }
892
893    #[cfg(feature = "v2_70")]
894    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
895    #[doc(alias = "not-valid-before")]
896    fn connect_not_valid_before_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
897        unsafe extern "C" fn notify_not_valid_before_trampoline<
898            P: IsA<TlsCertificate>,
899            F: Fn(&P) + 'static,
900        >(
901            this: *mut ffi::GTlsCertificate,
902            _param_spec: glib::ffi::gpointer,
903            f: glib::ffi::gpointer,
904        ) {
905            let f: &F = &*(f as *const F);
906            f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
907        }
908        unsafe {
909            let f: Box_<F> = Box_::new(f);
910            connect_raw(
911                self.as_ptr() as *mut _,
912                b"notify::not-valid-before\0".as_ptr() as *const _,
913                Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
914                    notify_not_valid_before_trampoline::<Self, F> as *const (),
915                )),
916                Box_::into_raw(f),
917            )
918        }
919    }
920
921    #[cfg(feature = "v2_70")]
922    #[cfg_attr(docsrs, doc(cfg(feature = "v2_70")))]
923    #[doc(alias = "subject-name")]
924    fn connect_subject_name_notify<F: Fn(&Self) + 'static>(&self, f: F) -> SignalHandlerId {
925        unsafe extern "C" fn notify_subject_name_trampoline<
926            P: IsA<TlsCertificate>,
927            F: Fn(&P) + 'static,
928        >(
929            this: *mut ffi::GTlsCertificate,
930            _param_spec: glib::ffi::gpointer,
931            f: glib::ffi::gpointer,
932        ) {
933            let f: &F = &*(f as *const F);
934            f(TlsCertificate::from_glib_borrow(this).unsafe_cast_ref())
935        }
936        unsafe {
937            let f: Box_<F> = Box_::new(f);
938            connect_raw(
939                self.as_ptr() as *mut _,
940                b"notify::subject-name\0".as_ptr() as *const _,
941                Some(std::mem::transmute::<*const (), unsafe extern "C" fn()>(
942                    notify_subject_name_trampoline::<Self, F> as *const (),
943                )),
944                Box_::into_raw(f),
945            )
946        }
947    }
948}
949
950impl<O: IsA<TlsCertificate>> TlsCertificateExt for O {}