1 /* GIO - GLib Input, Output and Streaming Library
2 *
3 * Copyright (C) 2010 Collabora, Ltd.
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
17 *
18 * Author: Stef Walter <stefw@collabora.co.uk>
19 */
20
21 #include "config.h"
22
23 #include "gtlsdatabase.h"
24
25 #include "gasyncresult.h"
26 #include "gcancellable.h"
27 #include "glibintl.h"
28 #include "gsocketconnectable.h"
29 #include "gtask.h"
30 #include "gtlscertificate.h"
31 #include "gtlsinteraction.h"
32
33 /**
34 * SECTION:gtlsdatabase
35 * @short_description: TLS database type
36 * @include: gio/gio.h
37 *
38 * #GTlsDatabase is used to look up certificates and other information
39 * from a certificate or key store. It is an abstract base class which
40 * TLS library specific subtypes override.
41 *
42 * A #GTlsDatabase may be accessed from multiple threads by the TLS backend.
43 * All implementations are required to be fully thread-safe.
44 *
45 * Most common client applications will not directly interact with
46 * #GTlsDatabase. It is used internally by #GTlsConnection.
47 *
48 * Since: 2.30
49 */
50
51 /**
52 * GTlsDatabase:
53 *
54 * Abstract base class for the backend-specific database types.
55 *
56 * Since: 2.30
57 */
58
59 /**
60 * GTlsDatabaseClass:
61 * @verify_chain: Virtual method implementing
62 * g_tls_database_verify_chain().
63 * @verify_chain_async: Virtual method implementing
64 * g_tls_database_verify_chain_async().
65 * @verify_chain_finish: Virtual method implementing
66 * g_tls_database_verify_chain_finish().
67 * @create_certificate_handle: Virtual method implementing
68 * g_tls_database_create_certificate_handle().
69 * @lookup_certificate_for_handle: Virtual method implementing
70 * g_tls_database_lookup_certificate_for_handle().
71 * @lookup_certificate_for_handle_async: Virtual method implementing
72 * g_tls_database_lookup_certificate_for_handle_async().
73 * @lookup_certificate_for_handle_finish: Virtual method implementing
74 * g_tls_database_lookup_certificate_for_handle_finish().
75 * @lookup_certificate_issuer: Virtual method implementing
76 * g_tls_database_lookup_certificate_issuer().
77 * @lookup_certificate_issuer_async: Virtual method implementing
78 * g_tls_database_lookup_certificate_issuer_async().
79 * @lookup_certificate_issuer_finish: Virtual method implementing
80 * g_tls_database_lookup_certificate_issuer_finish().
81 * @lookup_certificates_issued_by: Virtual method implementing
82 * g_tls_database_lookup_certificates_issued_by().
83 * @lookup_certificates_issued_by_async: Virtual method implementing
84 * g_tls_database_lookup_certificates_issued_by_async().
85 * @lookup_certificates_issued_by_finish: Virtual method implementing
86 * g_tls_database_lookup_certificates_issued_by_finish().
87 *
88 * The class for #GTlsDatabase. Derived classes should implement the various
89 * virtual methods. _async and _finish methods have a default
90 * implementation that runs the corresponding sync method in a thread.
91 *
92 * Since: 2.30
93 */
94
95 G_DEFINE_ABSTRACT_TYPE (GTlsDatabase, g_tls_database, G_TYPE_OBJECT)
96
97 enum {
98 UNLOCK_REQUIRED,
99
100 LAST_SIGNAL
101 };
102
103 /**
104 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER:
105 *
106 * The purpose used to verify the server certificate in a TLS connection. This
107 * is the most common purpose in use. Used by TLS clients.
108 */
109
110 /**
111 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT:
112 *
113 * The purpose used to verify the client certificate in a TLS connection.
114 * Used by TLS servers.
115 */
116
117 static void
g_tls_database_init(GTlsDatabase * cert)118 g_tls_database_init (GTlsDatabase *cert)
119 {
120
121 }
122
123 typedef struct _AsyncVerifyChain {
124 GTlsCertificate *chain;
125 gchar *purpose;
126 GSocketConnectable *identity;
127 GTlsInteraction *interaction;
128 GTlsDatabaseVerifyFlags flags;
129 } AsyncVerifyChain;
130
131 static void
async_verify_chain_free(gpointer data)132 async_verify_chain_free (gpointer data)
133 {
134 AsyncVerifyChain *args = data;
135 g_clear_object (&args->chain);
136 g_free (args->purpose);
137 g_clear_object (&args->identity);
138 g_clear_object (&args->interaction);
139 g_slice_free (AsyncVerifyChain, args);
140 }
141
142 static void
async_verify_chain_thread(GTask * task,gpointer object,gpointer task_data,GCancellable * cancellable)143 async_verify_chain_thread (GTask *task,
144 gpointer object,
145 gpointer task_data,
146 GCancellable *cancellable)
147 {
148 AsyncVerifyChain *args = task_data;
149 GTlsCertificateFlags verify_result;
150 GError *error = NULL;
151
152 verify_result = g_tls_database_verify_chain (G_TLS_DATABASE (object),
153 args->chain,
154 args->purpose,
155 args->identity,
156 args->interaction,
157 args->flags,
158 cancellable,
159 &error);
160 if (error)
161 g_task_return_error (task, error);
162 else
163 g_task_return_int (task, (gssize)verify_result);
164 }
165
166 static void
g_tls_database_real_verify_chain_async(GTlsDatabase * self,GTlsCertificate * chain,const gchar * purpose,GSocketConnectable * identity,GTlsInteraction * interaction,GTlsDatabaseVerifyFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)167 g_tls_database_real_verify_chain_async (GTlsDatabase *self,
168 GTlsCertificate *chain,
169 const gchar *purpose,
170 GSocketConnectable *identity,
171 GTlsInteraction *interaction,
172 GTlsDatabaseVerifyFlags flags,
173 GCancellable *cancellable,
174 GAsyncReadyCallback callback,
175 gpointer user_data)
176 {
177 GTask *task;
178 AsyncVerifyChain *args;
179
180 args = g_slice_new0 (AsyncVerifyChain);
181 args->chain = g_object_ref (chain);
182 args->purpose = g_strdup (purpose);
183 args->identity = identity ? g_object_ref (identity) : NULL;
184 args->interaction = interaction ? g_object_ref (interaction) : NULL;
185 args->flags = flags;
186
187 task = g_task_new (self, cancellable, callback, user_data);
188 g_task_set_source_tag (task, g_tls_database_real_verify_chain_async);
189 g_task_set_name (task, "[gio] verify TLS chain");
190 g_task_set_task_data (task, args, async_verify_chain_free);
191 g_task_run_in_thread (task, async_verify_chain_thread);
192 g_object_unref (task);
193 }
194
195 static GTlsCertificateFlags
g_tls_database_real_verify_chain_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)196 g_tls_database_real_verify_chain_finish (GTlsDatabase *self,
197 GAsyncResult *result,
198 GError **error)
199 {
200 GTlsCertificateFlags ret;
201
202 g_return_val_if_fail (g_task_is_valid (result, self), G_TLS_CERTIFICATE_GENERIC_ERROR);
203
204 ret = (GTlsCertificateFlags)g_task_propagate_int (G_TASK (result), error);
205 if (ret == (GTlsCertificateFlags)-1)
206 return G_TLS_CERTIFICATE_GENERIC_ERROR;
207 else
208 return ret;
209 }
210
211 typedef struct {
212 gchar *handle;
213 GTlsInteraction *interaction;
214 GTlsDatabaseLookupFlags flags;
215 } AsyncLookupCertificateForHandle;
216
217 static void
async_lookup_certificate_for_handle_free(gpointer data)218 async_lookup_certificate_for_handle_free (gpointer data)
219 {
220 AsyncLookupCertificateForHandle *args = data;
221
222 g_free (args->handle);
223 g_clear_object (&args->interaction);
224 g_slice_free (AsyncLookupCertificateForHandle, args);
225 }
226
227 static void
async_lookup_certificate_for_handle_thread(GTask * task,gpointer object,gpointer task_data,GCancellable * cancellable)228 async_lookup_certificate_for_handle_thread (GTask *task,
229 gpointer object,
230 gpointer task_data,
231 GCancellable *cancellable)
232 {
233 AsyncLookupCertificateForHandle *args = task_data;
234 GTlsCertificate *result;
235 GError *error = NULL;
236
237 result = g_tls_database_lookup_certificate_for_handle (G_TLS_DATABASE (object),
238 args->handle,
239 args->interaction,
240 args->flags,
241 cancellable,
242 &error);
243 if (result)
244 g_task_return_pointer (task, result, g_object_unref);
245 else
246 g_task_return_error (task, error);
247 }
248
249 static void
g_tls_database_real_lookup_certificate_for_handle_async(GTlsDatabase * self,const gchar * handle,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)250 g_tls_database_real_lookup_certificate_for_handle_async (GTlsDatabase *self,
251 const gchar *handle,
252 GTlsInteraction *interaction,
253 GTlsDatabaseLookupFlags flags,
254 GCancellable *cancellable,
255 GAsyncReadyCallback callback,
256 gpointer user_data)
257 {
258 GTask *task;
259 AsyncLookupCertificateForHandle *args;
260
261 args = g_slice_new0 (AsyncLookupCertificateForHandle);
262 args->handle = g_strdup (handle);
263 args->interaction = interaction ? g_object_ref (interaction) : NULL;
264
265 task = g_task_new (self, cancellable, callback, user_data);
266 g_task_set_source_tag (task,
267 g_tls_database_real_lookup_certificate_for_handle_async);
268 g_task_set_name (task, "[gio] lookup TLS certificate");
269 g_task_set_task_data (task, args, async_lookup_certificate_for_handle_free);
270 g_task_run_in_thread (task, async_lookup_certificate_for_handle_thread);
271 g_object_unref (task);
272 }
273
274 static GTlsCertificate*
g_tls_database_real_lookup_certificate_for_handle_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)275 g_tls_database_real_lookup_certificate_for_handle_finish (GTlsDatabase *self,
276 GAsyncResult *result,
277 GError **error)
278 {
279 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
280
281 return g_task_propagate_pointer (G_TASK (result), error);
282 }
283
284
285 typedef struct {
286 GTlsCertificate *certificate;
287 GTlsInteraction *interaction;
288 GTlsDatabaseLookupFlags flags;
289 } AsyncLookupCertificateIssuer;
290
291 static void
async_lookup_certificate_issuer_free(gpointer data)292 async_lookup_certificate_issuer_free (gpointer data)
293 {
294 AsyncLookupCertificateIssuer *args = data;
295
296 g_clear_object (&args->certificate);
297 g_clear_object (&args->interaction);
298 g_slice_free (AsyncLookupCertificateIssuer, args);
299 }
300
301 static void
async_lookup_certificate_issuer_thread(GTask * task,gpointer object,gpointer task_data,GCancellable * cancellable)302 async_lookup_certificate_issuer_thread (GTask *task,
303 gpointer object,
304 gpointer task_data,
305 GCancellable *cancellable)
306 {
307 AsyncLookupCertificateIssuer *args = task_data;
308 GTlsCertificate *issuer;
309 GError *error = NULL;
310
311 issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (object),
312 args->certificate,
313 args->interaction,
314 args->flags,
315 cancellable,
316 &error);
317 if (issuer)
318 g_task_return_pointer (task, issuer, g_object_unref);
319 else
320 g_task_return_error (task, error);
321 }
322
323 static void
g_tls_database_real_lookup_certificate_issuer_async(GTlsDatabase * self,GTlsCertificate * certificate,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)324 g_tls_database_real_lookup_certificate_issuer_async (GTlsDatabase *self,
325 GTlsCertificate *certificate,
326 GTlsInteraction *interaction,
327 GTlsDatabaseLookupFlags flags,
328 GCancellable *cancellable,
329 GAsyncReadyCallback callback,
330 gpointer user_data)
331 {
332 GTask *task;
333 AsyncLookupCertificateIssuer *args;
334
335 args = g_slice_new0 (AsyncLookupCertificateIssuer);
336 args->certificate = g_object_ref (certificate);
337 args->flags = flags;
338 args->interaction = interaction ? g_object_ref (interaction) : NULL;
339
340 task = g_task_new (self, cancellable, callback, user_data);
341 g_task_set_source_tag (task,
342 g_tls_database_real_lookup_certificate_issuer_async);
343 g_task_set_name (task, "[gio] lookup certificate issuer");
344 g_task_set_task_data (task, args, async_lookup_certificate_issuer_free);
345 g_task_run_in_thread (task, async_lookup_certificate_issuer_thread);
346 g_object_unref (task);
347 }
348
349 static GTlsCertificate *
g_tls_database_real_lookup_certificate_issuer_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)350 g_tls_database_real_lookup_certificate_issuer_finish (GTlsDatabase *self,
351 GAsyncResult *result,
352 GError **error)
353 {
354 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
355
356 return g_task_propagate_pointer (G_TASK (result), error);
357 }
358
359 typedef struct {
360 GByteArray *issuer;
361 GTlsInteraction *interaction;
362 GTlsDatabaseLookupFlags flags;
363 } AsyncLookupCertificatesIssuedBy;
364
365 static void
async_lookup_certificates_issued_by_free(gpointer data)366 async_lookup_certificates_issued_by_free (gpointer data)
367 {
368 AsyncLookupCertificatesIssuedBy *args = data;
369
370 g_byte_array_unref (args->issuer);
371 g_clear_object (&args->interaction);
372 g_slice_free (AsyncLookupCertificatesIssuedBy, args);
373 }
374
375 static void
async_lookup_certificates_free_certificates(gpointer data)376 async_lookup_certificates_free_certificates (gpointer data)
377 {
378 GList *list = data;
379
380 g_list_free_full (list, g_object_unref);
381 }
382
383 static void
async_lookup_certificates_issued_by_thread(GTask * task,gpointer object,gpointer task_data,GCancellable * cancellable)384 async_lookup_certificates_issued_by_thread (GTask *task,
385 gpointer object,
386 gpointer task_data,
387 GCancellable *cancellable)
388 {
389 AsyncLookupCertificatesIssuedBy *args = task_data;
390 GList *results;
391 GError *error = NULL;
392
393 results = g_tls_database_lookup_certificates_issued_by (G_TLS_DATABASE (object),
394 args->issuer,
395 args->interaction,
396 args->flags,
397 cancellable,
398 &error);
399 if (results)
400 g_task_return_pointer (task, results, async_lookup_certificates_free_certificates);
401 else
402 g_task_return_error (task, error);
403 }
404
405 static void
g_tls_database_real_lookup_certificates_issued_by_async(GTlsDatabase * self,GByteArray * issuer,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)406 g_tls_database_real_lookup_certificates_issued_by_async (GTlsDatabase *self,
407 GByteArray *issuer,
408 GTlsInteraction *interaction,
409 GTlsDatabaseLookupFlags flags,
410 GCancellable *cancellable,
411 GAsyncReadyCallback callback,
412 gpointer user_data)
413 {
414 GTask *task;
415 AsyncLookupCertificatesIssuedBy *args;
416
417 args = g_slice_new0 (AsyncLookupCertificatesIssuedBy);
418 args->issuer = g_byte_array_ref (issuer);
419 args->flags = flags;
420 args->interaction = interaction ? g_object_ref (interaction) : NULL;
421
422 task = g_task_new (self, cancellable, callback, user_data);
423 g_task_set_source_tag (task,
424 g_tls_database_real_lookup_certificates_issued_by_async);
425 g_task_set_name (task, "[gio] lookup certificates issued by");
426 g_task_set_task_data (task, args, async_lookup_certificates_issued_by_free);
427 g_task_run_in_thread (task, async_lookup_certificates_issued_by_thread);
428 g_object_unref (task);
429 }
430
431 static GList *
g_tls_database_real_lookup_certificates_issued_by_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)432 g_tls_database_real_lookup_certificates_issued_by_finish (GTlsDatabase *self,
433 GAsyncResult *result,
434 GError **error)
435 {
436 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
437
438 return g_task_propagate_pointer (G_TASK (result), error);
439 }
440
441 static void
g_tls_database_class_init(GTlsDatabaseClass * klass)442 g_tls_database_class_init (GTlsDatabaseClass *klass)
443 {
444 klass->verify_chain_async = g_tls_database_real_verify_chain_async;
445 klass->verify_chain_finish = g_tls_database_real_verify_chain_finish;
446 klass->lookup_certificate_for_handle_async = g_tls_database_real_lookup_certificate_for_handle_async;
447 klass->lookup_certificate_for_handle_finish = g_tls_database_real_lookup_certificate_for_handle_finish;
448 klass->lookup_certificate_issuer_async = g_tls_database_real_lookup_certificate_issuer_async;
449 klass->lookup_certificate_issuer_finish = g_tls_database_real_lookup_certificate_issuer_finish;
450 klass->lookup_certificates_issued_by_async = g_tls_database_real_lookup_certificates_issued_by_async;
451 klass->lookup_certificates_issued_by_finish = g_tls_database_real_lookup_certificates_issued_by_finish;
452 }
453
454 /**
455 * g_tls_database_verify_chain:
456 * @self: a #GTlsDatabase
457 * @chain: a #GTlsCertificate chain
458 * @purpose: the purpose that this certificate chain will be used for.
459 * @identity: (nullable): the expected peer identity
460 * @interaction: (nullable): used to interact with the user if necessary
461 * @flags: additional verify flags
462 * @cancellable: (nullable): a #GCancellable, or %NULL
463 * @error: (nullable): a #GError, or %NULL
464 *
465 * Determines the validity of a certificate chain after looking up and
466 * adding any missing certificates to the chain.
467 *
468 * @chain is a chain of #GTlsCertificate objects each pointing to the next
469 * certificate in the chain by its #GTlsCertificate:issuer property. The chain may initially
470 * consist of one or more certificates. After the verification process is
471 * complete, @chain may be modified by adding missing certificates, or removing
472 * extra certificates. If a certificate anchor was found, then it is added to
473 * the @chain.
474 *
475 * @purpose describes the purpose (or usage) for which the certificate
476 * is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
477 * which means that the certificate is being used to authenticate a server
478 * (and we are acting as the client).
479 *
480 * The @identity is used to ensure the server certificate is valid for
481 * the expected peer identity. If the identity does not match the
482 * certificate, %G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the
483 * return value. If @identity is %NULL, that bit will never be set in
484 * the return value. The peer identity may also be used to check for
485 * pinned certificates (trust exceptions) in the database. These may
486 * override the normal verification process on a host-by-host basis.
487 *
488 * Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
489 * used.
490 *
491 * If @chain is found to be valid, then the return value will be 0. If
492 * @chain is found to be invalid, then the return value will indicate
493 * the problems found. If the function is unable to determine whether
494 * @chain is valid or not (eg, because @cancellable is triggered
495 * before it completes) then the return value will be
496 * %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set
497 * accordingly. @error is not set when @chain is successfully analyzed
498 * but found to be invalid.
499 *
500 * This function can block, use g_tls_database_verify_chain_async() to perform
501 * the verification operation asynchronously.
502 *
503 * Returns: the appropriate #GTlsCertificateFlags which represents the
504 * result of verification.
505 *
506 * Since: 2.30
507 */
508 GTlsCertificateFlags
g_tls_database_verify_chain(GTlsDatabase * self,GTlsCertificate * chain,const gchar * purpose,GSocketConnectable * identity,GTlsInteraction * interaction,GTlsDatabaseVerifyFlags flags,GCancellable * cancellable,GError ** error)509 g_tls_database_verify_chain (GTlsDatabase *self,
510 GTlsCertificate *chain,
511 const gchar *purpose,
512 GSocketConnectable *identity,
513 GTlsInteraction *interaction,
514 GTlsDatabaseVerifyFlags flags,
515 GCancellable *cancellable,
516 GError **error)
517 {
518 g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
519 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
520 G_TLS_CERTIFICATE_GENERIC_ERROR);
521 g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
522 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction),
523 G_TLS_CERTIFICATE_GENERIC_ERROR);
524 g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity),
525 G_TLS_CERTIFICATE_GENERIC_ERROR);
526 g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
527
528 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
529 G_TLS_CERTIFICATE_GENERIC_ERROR);
530
531 return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
532 chain,
533 purpose,
534 identity,
535 interaction,
536 flags,
537 cancellable,
538 error);
539 }
540
541 /**
542 * g_tls_database_verify_chain_async:
543 * @self: a #GTlsDatabase
544 * @chain: a #GTlsCertificate chain
545 * @purpose: the purpose that this certificate chain will be used for.
546 * @identity: (nullable): the expected peer identity
547 * @interaction: (nullable): used to interact with the user if necessary
548 * @flags: additional verify flags
549 * @cancellable: (nullable): a #GCancellable, or %NULL
550 * @callback: callback to call when the operation completes
551 * @user_data: the data to pass to the callback function
552 *
553 * Asynchronously determines the validity of a certificate chain after
554 * looking up and adding any missing certificates to the chain. See
555 * g_tls_database_verify_chain() for more information.
556 *
557 * Since: 2.30
558 */
559 void
g_tls_database_verify_chain_async(GTlsDatabase * self,GTlsCertificate * chain,const gchar * purpose,GSocketConnectable * identity,GTlsInteraction * interaction,GTlsDatabaseVerifyFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)560 g_tls_database_verify_chain_async (GTlsDatabase *self,
561 GTlsCertificate *chain,
562 const gchar *purpose,
563 GSocketConnectable *identity,
564 GTlsInteraction *interaction,
565 GTlsDatabaseVerifyFlags flags,
566 GCancellable *cancellable,
567 GAsyncReadyCallback callback,
568 gpointer user_data)
569 {
570 g_return_if_fail (G_IS_TLS_DATABASE (self));
571 g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
572 g_return_if_fail (purpose != NULL);
573 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
574 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
575 g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity));
576 g_return_if_fail (callback != NULL);
577
578 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
579 G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
580 chain,
581 purpose,
582 identity,
583 interaction,
584 flags,
585 cancellable,
586 callback,
587 user_data);
588 }
589
590 /**
591 * g_tls_database_verify_chain_finish:
592 * @self: a #GTlsDatabase
593 * @result: a #GAsyncResult.
594 * @error: a #GError pointer, or %NULL
595 *
596 * Finish an asynchronous verify chain operation. See
597 * g_tls_database_verify_chain() for more information.
598 *
599 * If @chain is found to be valid, then the return value will be 0. If
600 * @chain is found to be invalid, then the return value will indicate
601 * the problems found. If the function is unable to determine whether
602 * @chain is valid or not (eg, because @cancellable is triggered
603 * before it completes) then the return value will be
604 * %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set
605 * accordingly. @error is not set when @chain is successfully analyzed
606 * but found to be invalid.
607 *
608 * Returns: the appropriate #GTlsCertificateFlags which represents the
609 * result of verification.
610 *
611 * Since: 2.30
612 */
613 GTlsCertificateFlags
g_tls_database_verify_chain_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)614 g_tls_database_verify_chain_finish (GTlsDatabase *self,
615 GAsyncResult *result,
616 GError **error)
617 {
618 g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
619 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
620 g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
621 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish,
622 G_TLS_CERTIFICATE_GENERIC_ERROR);
623 return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self,
624 result,
625 error);
626 }
627
628 /**
629 * g_tls_database_create_certificate_handle:
630 * @self: a #GTlsDatabase
631 * @certificate: certificate for which to create a handle.
632 *
633 * Create a handle string for the certificate. The database will only be able
634 * to create a handle for certificates that originate from the database. In
635 * cases where the database cannot create a handle for a certificate, %NULL
636 * will be returned.
637 *
638 * This handle should be stable across various instances of the application,
639 * and between applications. If a certificate is modified in the database,
640 * then it is not guaranteed that this handle will continue to point to it.
641 *
642 * Returns: (nullable): a newly allocated string containing the
643 * handle.
644 *
645 * Since: 2.30
646 */
647 gchar*
g_tls_database_create_certificate_handle(GTlsDatabase * self,GTlsCertificate * certificate)648 g_tls_database_create_certificate_handle (GTlsDatabase *self,
649 GTlsCertificate *certificate)
650 {
651 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
652 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
653 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL);
654 return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self,
655 certificate);
656 }
657
658 /**
659 * g_tls_database_lookup_certificate_for_handle:
660 * @self: a #GTlsDatabase
661 * @handle: a certificate handle
662 * @interaction: (nullable): used to interact with the user if necessary
663 * @flags: Flags which affect the lookup.
664 * @cancellable: (nullable): a #GCancellable, or %NULL
665 * @error: (nullable): a #GError, or %NULL
666 *
667 * Look up a certificate by its handle.
668 *
669 * The handle should have been created by calling
670 * g_tls_database_create_certificate_handle() on a #GTlsDatabase object of
671 * the same TLS backend. The handle is designed to remain valid across
672 * instantiations of the database.
673 *
674 * If the handle is no longer valid, or does not point to a certificate in
675 * this database, then %NULL will be returned.
676 *
677 * This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform
678 * the lookup operation asynchronously.
679 *
680 * Returns: (transfer full) (nullable): a newly allocated
681 * #GTlsCertificate, or %NULL. Use g_object_unref() to release the certificate.
682 *
683 * Since: 2.30
684 */
685 GTlsCertificate*
g_tls_database_lookup_certificate_for_handle(GTlsDatabase * self,const gchar * handle,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GError ** error)686 g_tls_database_lookup_certificate_for_handle (GTlsDatabase *self,
687 const gchar *handle,
688 GTlsInteraction *interaction,
689 GTlsDatabaseLookupFlags flags,
690 GCancellable *cancellable,
691 GError **error)
692 {
693 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
694 g_return_val_if_fail (handle != NULL, NULL);
695 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
696 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
697 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
698 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle, NULL);
699 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle (self,
700 handle,
701 interaction,
702 flags,
703 cancellable,
704 error);
705 }
706
707
708 /**
709 * g_tls_database_lookup_certificate_for_handle_async:
710 * @self: a #GTlsDatabase
711 * @handle: a certificate handle
712 * @interaction: (nullable): used to interact with the user if necessary
713 * @flags: Flags which affect the lookup.
714 * @cancellable: (nullable): a #GCancellable, or %NULL
715 * @callback: callback to call when the operation completes
716 * @user_data: the data to pass to the callback function
717 *
718 * Asynchronously look up a certificate by its handle in the database. See
719 * g_tls_database_lookup_certificate_for_handle() for more information.
720 *
721 * Since: 2.30
722 */
723 void
g_tls_database_lookup_certificate_for_handle_async(GTlsDatabase * self,const gchar * handle,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)724 g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase *self,
725 const gchar *handle,
726 GTlsInteraction *interaction,
727 GTlsDatabaseLookupFlags flags,
728 GCancellable *cancellable,
729 GAsyncReadyCallback callback,
730 gpointer user_data)
731 {
732 g_return_if_fail (G_IS_TLS_DATABASE (self));
733 g_return_if_fail (handle != NULL);
734 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
735 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
736 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async);
737 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self,
738 handle,
739 interaction,
740 flags,
741 cancellable,
742 callback,
743 user_data);
744 }
745
746 /**
747 * g_tls_database_lookup_certificate_for_handle_finish:
748 * @self: a #GTlsDatabase
749 * @result: a #GAsyncResult.
750 * @error: a #GError pointer, or %NULL
751 *
752 * Finish an asynchronous lookup of a certificate by its handle. See
753 * g_tls_database_lookup_certificate_for_handle() for more information.
754 *
755 * If the handle is no longer valid, or does not point to a certificate in
756 * this database, then %NULL will be returned.
757 *
758 * Returns: (transfer full): a newly allocated #GTlsCertificate object.
759 * Use g_object_unref() to release the certificate.
760 *
761 * Since: 2.30
762 */
763 GTlsCertificate*
g_tls_database_lookup_certificate_for_handle_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)764 g_tls_database_lookup_certificate_for_handle_finish (GTlsDatabase *self,
765 GAsyncResult *result,
766 GError **error)
767 {
768 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
769 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
770 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
771 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish, NULL);
772 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish (self,
773 result,
774 error);
775 }
776
777 /**
778 * g_tls_database_lookup_certificate_issuer:
779 * @self: a #GTlsDatabase
780 * @certificate: a #GTlsCertificate
781 * @interaction: (nullable): used to interact with the user if necessary
782 * @flags: flags which affect the lookup operation
783 * @cancellable: (nullable): a #GCancellable, or %NULL
784 * @error: (nullable): a #GError, or %NULL
785 *
786 * Look up the issuer of @certificate in the database.
787 *
788 * The #GTlsCertificate:issuer property
789 * of @certificate is not modified, and the two certificates are not hooked
790 * into a chain.
791 *
792 * This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
793 * the lookup operation asynchronously.
794 *
795 * Returns: (transfer full): a newly allocated issuer #GTlsCertificate,
796 * or %NULL. Use g_object_unref() to release the certificate.
797 *
798 * Since: 2.30
799 */
800 GTlsCertificate*
g_tls_database_lookup_certificate_issuer(GTlsDatabase * self,GTlsCertificate * certificate,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GError ** error)801 g_tls_database_lookup_certificate_issuer (GTlsDatabase *self,
802 GTlsCertificate *certificate,
803 GTlsInteraction *interaction,
804 GTlsDatabaseLookupFlags flags,
805 GCancellable *cancellable,
806 GError **error)
807 {
808 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
809 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
810 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
811 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
812 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
813 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL);
814 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self,
815 certificate,
816 interaction,
817 flags,
818 cancellable,
819 error);
820 }
821
822 /**
823 * g_tls_database_lookup_certificate_issuer_async:
824 * @self: a #GTlsDatabase
825 * @certificate: a #GTlsCertificate
826 * @interaction: (nullable): used to interact with the user if necessary
827 * @flags: flags which affect the lookup operation
828 * @cancellable: (nullable): a #GCancellable, or %NULL
829 * @callback: callback to call when the operation completes
830 * @user_data: the data to pass to the callback function
831 *
832 * Asynchronously look up the issuer of @certificate in the database. See
833 * g_tls_database_lookup_certificate_issuer() for more information.
834 *
835 * Since: 2.30
836 */
837 void
g_tls_database_lookup_certificate_issuer_async(GTlsDatabase * self,GTlsCertificate * certificate,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)838 g_tls_database_lookup_certificate_issuer_async (GTlsDatabase *self,
839 GTlsCertificate *certificate,
840 GTlsInteraction *interaction,
841 GTlsDatabaseLookupFlags flags,
842 GCancellable *cancellable,
843 GAsyncReadyCallback callback,
844 gpointer user_data)
845 {
846 g_return_if_fail (G_IS_TLS_DATABASE (self));
847 g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
848 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
849 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
850 g_return_if_fail (callback != NULL);
851 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async);
852 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async (self,
853 certificate,
854 interaction,
855 flags,
856 cancellable,
857 callback,
858 user_data);
859 }
860
861 /**
862 * g_tls_database_lookup_certificate_issuer_finish:
863 * @self: a #GTlsDatabase
864 * @result: a #GAsyncResult.
865 * @error: a #GError pointer, or %NULL
866 *
867 * Finish an asynchronous lookup issuer operation. See
868 * g_tls_database_lookup_certificate_issuer() for more information.
869 *
870 * Returns: (transfer full): a newly allocated issuer #GTlsCertificate,
871 * or %NULL. Use g_object_unref() to release the certificate.
872 *
873 * Since: 2.30
874 */
875 GTlsCertificate*
g_tls_database_lookup_certificate_issuer_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)876 g_tls_database_lookup_certificate_issuer_finish (GTlsDatabase *self,
877 GAsyncResult *result,
878 GError **error)
879 {
880 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
881 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
882 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
883 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish, NULL);
884 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish (self,
885 result,
886 error);
887 }
888
889 /**
890 * g_tls_database_lookup_certificates_issued_by:
891 * @self: a #GTlsDatabase
892 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
893 * @interaction: (nullable): used to interact with the user if necessary
894 * @flags: Flags which affect the lookup operation.
895 * @cancellable: (nullable): a #GCancellable, or %NULL
896 * @error: (nullable): a #GError, or %NULL
897 *
898 * Look up certificates issued by this issuer in the database.
899 *
900 * This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
901 * the lookup operation asynchronously.
902 *
903 * Returns: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
904 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
905 *
906 * Since: 2.30
907 */
908 GList*
g_tls_database_lookup_certificates_issued_by(GTlsDatabase * self,GByteArray * issuer_raw_dn,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GError ** error)909 g_tls_database_lookup_certificates_issued_by (GTlsDatabase *self,
910 GByteArray *issuer_raw_dn,
911 GTlsInteraction *interaction,
912 GTlsDatabaseLookupFlags flags,
913 GCancellable *cancellable,
914 GError **error)
915 {
916 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
917 g_return_val_if_fail (issuer_raw_dn, NULL);
918 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
919 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
920 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
921 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL);
922 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self,
923 issuer_raw_dn,
924 interaction,
925 flags,
926 cancellable,
927 error);
928 }
929
930 /**
931 * g_tls_database_lookup_certificates_issued_by_async:
932 * @self: a #GTlsDatabase
933 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
934 * @interaction: (nullable): used to interact with the user if necessary
935 * @flags: Flags which affect the lookup operation.
936 * @cancellable: (nullable): a #GCancellable, or %NULL
937 * @callback: callback to call when the operation completes
938 * @user_data: the data to pass to the callback function
939 *
940 * Asynchronously look up certificates issued by this issuer in the database. See
941 * g_tls_database_lookup_certificates_issued_by() for more information.
942 *
943 * The database may choose to hold a reference to the issuer byte array for the duration
944 * of of this asynchronous operation. The byte array should not be modified during
945 * this time.
946 *
947 * Since: 2.30
948 */
949 void
g_tls_database_lookup_certificates_issued_by_async(GTlsDatabase * self,GByteArray * issuer_raw_dn,GTlsInteraction * interaction,GTlsDatabaseLookupFlags flags,GCancellable * cancellable,GAsyncReadyCallback callback,gpointer user_data)950 g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase *self,
951 GByteArray *issuer_raw_dn,
952 GTlsInteraction *interaction,
953 GTlsDatabaseLookupFlags flags,
954 GCancellable *cancellable,
955 GAsyncReadyCallback callback,
956 gpointer user_data)
957 {
958 g_return_if_fail (G_IS_TLS_DATABASE (self));
959 g_return_if_fail (issuer_raw_dn != NULL);
960 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
961 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
962 g_return_if_fail (callback != NULL);
963 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async);
964 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self,
965 issuer_raw_dn,
966 interaction,
967 flags,
968 cancellable,
969 callback,
970 user_data);
971 }
972
973 /**
974 * g_tls_database_lookup_certificates_issued_by_finish:
975 * @self: a #GTlsDatabase
976 * @result: a #GAsyncResult.
977 * @error: a #GError pointer, or %NULL
978 *
979 * Finish an asynchronous lookup of certificates. See
980 * g_tls_database_lookup_certificates_issued_by() for more information.
981 *
982 * Returns: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
983 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
984 *
985 * Since: 2.30
986 */
987 GList*
g_tls_database_lookup_certificates_issued_by_finish(GTlsDatabase * self,GAsyncResult * result,GError ** error)988 g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase *self,
989 GAsyncResult *result,
990 GError **error)
991 {
992 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
993 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
994 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
995 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL);
996 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self,
997 result,
998 error);
999 }
1000