1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2010 Collabora, Ltd.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 * Author: Stef Walter <stefw@collabora.co.uk>
23 #include "gtlsdatabase.h"
25 #include "gasyncresult.h"
26 #include "gcancellable.h"
28 #include "gsocketconnectable.h"
30 #include "gtlscertificate.h"
31 #include "gtlsinteraction.h"
34 * SECTION:gtlsdatabase
35 * @short_description: TLS database type
38 * #GTlsDatabase is used to lookup certificates and other information
39 * from a certificate or key store. It is an abstract base class which
40 * TLS library specific subtypes override.
42 * Most common client applications will not directly interact with
43 * #GTlsDatabase. It is used internally by #GTlsConnection.
51 * Abstract base class for the backend-specific database types.
56 G_DEFINE_ABSTRACT_TYPE (GTlsDatabase, g_tls_database, G_TYPE_OBJECT);
65 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER:
67 * The purpose used to verify the server certificate in a TLS connection. This
68 * is the most common purpose in use. Used by TLS clients.
72 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT:
74 * The purpose used to verify the client certificate in a TLS connection.
75 * Used by TLS servers.
79 g_tls_database_init (GTlsDatabase *cert)
84 typedef struct _AsyncVerifyChain {
85 GTlsCertificate *chain;
87 GSocketConnectable *identity;
88 GTlsInteraction *interaction;
89 GTlsDatabaseVerifyFlags flags;
93 async_verify_chain_free (gpointer data)
95 AsyncVerifyChain *args = data;
96 g_clear_object (&args->chain);
97 g_free (args->purpose);
98 g_clear_object (&args->identity);
99 g_clear_object (&args->interaction);
100 g_slice_free (AsyncVerifyChain, args);
104 async_verify_chain_thread (GTask *task,
107 GCancellable *cancellable)
109 AsyncVerifyChain *args = task_data;
110 GTlsCertificateFlags verify_result;
111 GError *error = NULL;
113 verify_result = g_tls_database_verify_chain (G_TLS_DATABASE (object),
122 g_task_return_error (task, error);
124 g_task_return_int (task, (gssize)verify_result);
128 g_tls_database_real_verify_chain_async (GTlsDatabase *self,
129 GTlsCertificate *chain,
130 const gchar *purpose,
131 GSocketConnectable *identity,
132 GTlsInteraction *interaction,
133 GTlsDatabaseVerifyFlags flags,
134 GCancellable *cancellable,
135 GAsyncReadyCallback callback,
139 AsyncVerifyChain *args;
141 args = g_slice_new0 (AsyncVerifyChain);
142 args->chain = g_object_ref (chain);
143 args->purpose = g_strdup (purpose);
144 args->identity = identity ? g_object_ref (identity) : NULL;
145 args->interaction = interaction ? g_object_ref (interaction) : NULL;
148 task = g_task_new (self, cancellable, callback, user_data);
149 g_task_set_task_data (task, args, async_verify_chain_free);
150 g_task_run_in_thread (task, async_verify_chain_thread);
151 g_object_unref (task);
154 static GTlsCertificateFlags
155 g_tls_database_real_verify_chain_finish (GTlsDatabase *self,
156 GAsyncResult *result,
159 GTlsCertificateFlags ret;
161 g_return_val_if_fail (g_task_is_valid (result, self), G_TLS_CERTIFICATE_GENERIC_ERROR);
163 ret = (GTlsCertificateFlags)g_task_propagate_int (G_TASK (result), error);
164 if (ret == (GTlsCertificateFlags)-1)
165 return G_TLS_CERTIFICATE_GENERIC_ERROR;
172 GTlsInteraction *interaction;
173 GTlsDatabaseLookupFlags flags;
174 } AsyncLookupCertificateForHandle;
177 async_lookup_certificate_for_handle_free (gpointer data)
179 AsyncLookupCertificateForHandle *args = data;
181 g_free (args->handle);
182 g_clear_object (&args->interaction);
183 g_slice_free (AsyncLookupCertificateForHandle, args);
187 async_lookup_certificate_for_handle_thread (GTask *task,
190 GCancellable *cancellable)
192 AsyncLookupCertificateForHandle *args = task_data;
193 GTlsCertificate *result;
194 GError *error = NULL;
196 result = g_tls_database_lookup_certificate_for_handle (G_TLS_DATABASE (object),
203 g_task_return_pointer (task, result, g_object_unref);
205 g_task_return_error (task, error);
209 g_tls_database_real_lookup_certificate_for_handle_async (GTlsDatabase *self,
211 GTlsInteraction *interaction,
212 GTlsDatabaseLookupFlags flags,
213 GCancellable *cancellable,
214 GAsyncReadyCallback callback,
218 AsyncLookupCertificateForHandle *args;
220 args = g_slice_new0 (AsyncLookupCertificateForHandle);
221 args->handle = g_strdup (handle);
222 args->interaction = interaction ? g_object_ref (interaction) : NULL;
224 task = g_task_new (self, cancellable, callback, user_data);
225 g_task_set_task_data (task, args, async_lookup_certificate_for_handle_free);
226 g_task_run_in_thread (task, async_lookup_certificate_for_handle_thread);
227 g_object_unref (task);
230 static GTlsCertificate*
231 g_tls_database_real_lookup_certificate_for_handle_finish (GTlsDatabase *self,
232 GAsyncResult *result,
235 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
237 return g_task_propagate_pointer (G_TASK (result), error);
242 GTlsCertificate *certificate;
243 GTlsInteraction *interaction;
244 GTlsDatabaseLookupFlags flags;
245 } AsyncLookupCertificateIssuer;
248 async_lookup_certificate_issuer_free (gpointer data)
250 AsyncLookupCertificateIssuer *args = data;
252 g_clear_object (&args->certificate);
253 g_clear_object (&args->interaction);
254 g_slice_free (AsyncLookupCertificateIssuer, args);
258 async_lookup_certificate_issuer_thread (GTask *task,
261 GCancellable *cancellable)
263 AsyncLookupCertificateIssuer *args = task_data;
264 GTlsCertificate *issuer;
265 GError *error = NULL;
267 issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (object),
274 g_task_return_pointer (task, issuer, g_object_unref);
276 g_task_return_error (task, error);
280 g_tls_database_real_lookup_certificate_issuer_async (GTlsDatabase *self,
281 GTlsCertificate *certificate,
282 GTlsInteraction *interaction,
283 GTlsDatabaseLookupFlags flags,
284 GCancellable *cancellable,
285 GAsyncReadyCallback callback,
289 AsyncLookupCertificateIssuer *args;
291 args = g_slice_new0 (AsyncLookupCertificateIssuer);
292 args->certificate = g_object_ref (certificate);
294 args->interaction = interaction ? g_object_ref (interaction) : NULL;
296 task = g_task_new (self, cancellable, callback, user_data);
297 g_task_set_task_data (task, args, async_lookup_certificate_issuer_free);
298 g_task_run_in_thread (task, async_lookup_certificate_issuer_thread);
299 g_object_unref (task);
302 static GTlsCertificate *
303 g_tls_database_real_lookup_certificate_issuer_finish (GTlsDatabase *self,
304 GAsyncResult *result,
307 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
309 return g_task_propagate_pointer (G_TASK (result), error);
314 GTlsInteraction *interaction;
315 GTlsDatabaseLookupFlags flags;
316 } AsyncLookupCertificatesIssuedBy;
319 async_lookup_certificates_issued_by_free (gpointer data)
321 AsyncLookupCertificatesIssuedBy *args = data;
323 g_byte_array_unref (args->issuer);
324 g_clear_object (&args->interaction);
325 g_slice_free (AsyncLookupCertificatesIssuedBy, args);
329 async_lookup_certificates_free_certificates (gpointer data)
333 g_list_free_full (list, g_object_unref);
337 async_lookup_certificates_issued_by_thread (GTask *task,
340 GCancellable *cancellable)
342 AsyncLookupCertificatesIssuedBy *args = task_data;
344 GError *error = NULL;
346 results = g_tls_database_lookup_certificates_issued_by (G_TLS_DATABASE (object),
353 g_task_return_pointer (task, results, async_lookup_certificates_free_certificates);
355 g_task_return_error (task, error);
359 g_tls_database_real_lookup_certificates_issued_by_async (GTlsDatabase *self,
361 GTlsInteraction *interaction,
362 GTlsDatabaseLookupFlags flags,
363 GCancellable *cancellable,
364 GAsyncReadyCallback callback,
368 AsyncLookupCertificatesIssuedBy *args;
370 args = g_slice_new0 (AsyncLookupCertificatesIssuedBy);
371 args->issuer = g_byte_array_ref (issuer);
373 args->interaction = interaction ? g_object_ref (interaction) : NULL;
375 task = g_task_new (self, cancellable, callback, user_data);
376 g_task_set_task_data (task, args, async_lookup_certificates_issued_by_free);
377 g_task_run_in_thread (task, async_lookup_certificates_issued_by_thread);
378 g_object_unref (task);
382 g_tls_database_real_lookup_certificates_issued_by_finish (GTlsDatabase *self,
383 GAsyncResult *result,
386 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
388 return g_task_propagate_pointer (G_TASK (result), error);
392 g_tls_database_class_init (GTlsDatabaseClass *klass)
394 klass->verify_chain_async = g_tls_database_real_verify_chain_async;
395 klass->verify_chain_finish = g_tls_database_real_verify_chain_finish;
396 klass->lookup_certificate_for_handle_async = g_tls_database_real_lookup_certificate_for_handle_async;
397 klass->lookup_certificate_for_handle_finish = g_tls_database_real_lookup_certificate_for_handle_finish;
398 klass->lookup_certificate_issuer_async = g_tls_database_real_lookup_certificate_issuer_async;
399 klass->lookup_certificate_issuer_finish = g_tls_database_real_lookup_certificate_issuer_finish;
400 klass->lookup_certificates_issued_by_async = g_tls_database_real_lookup_certificates_issued_by_async;
401 klass->lookup_certificates_issued_by_finish = g_tls_database_real_lookup_certificates_issued_by_finish;
405 * g_tls_database_verify_chain:
406 * @self: a #GTlsDatabase
407 * @chain: a #GTlsCertificate chain
408 * @purpose: the purpose that this certificate chain will be used for.
409 * @identity: (allow-none): the expected peer identity
410 * @interaction: (allow-none): used to interact with the user if necessary
411 * @flags: additional verify flags
412 * @cancellable: (allow-none): a #GCancellable, or %NULL
413 * @error: (allow-none): a #GError, or %NULL
415 * Verify's a certificate chain after looking up and adding any missing
416 * certificates to the chain.
418 * @chain is a chain of #GTlsCertificate objects each pointing to the next
419 * certificate in the chain by its %issuer property. The chain may initially
420 * consist of one or more certificates. After the verification process is
421 * complete, @chain may be modified by adding missing certificates, or removing
422 * extra certificates. If a certificate anchor was found, then it is added to
425 * @purpose describes the purpose (or usage) for which the certificate
426 * is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
427 * which means that the certificate is being used to authenticate a server
428 * (and we are acting as the client).
430 * The @identity is used to check for pinned certificates (trust exceptions)
431 * in the database. These will override the normal verification process on a
432 * host by host basis.
434 * Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
437 * This function can block, use g_tls_database_verify_chain_async() to perform
438 * the verification operation asynchronously.
440 * Returns: the appropriate #GTlsCertificateFlags which represents the
441 * result of verification.
446 g_tls_database_verify_chain (GTlsDatabase *self,
447 GTlsCertificate *chain,
448 const gchar *purpose,
449 GSocketConnectable *identity,
450 GTlsInteraction *interaction,
451 GTlsDatabaseVerifyFlags flags,
452 GCancellable *cancellable,
455 g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
456 g_return_val_if_fail (G_IS_TLS_DATABASE (self),
457 G_TLS_CERTIFICATE_GENERIC_ERROR);
458 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
459 G_TLS_CERTIFICATE_GENERIC_ERROR);
460 g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
461 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction),
462 G_TLS_CERTIFICATE_GENERIC_ERROR);
463 g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity),
464 G_TLS_CERTIFICATE_GENERIC_ERROR);
465 g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
467 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
468 G_TLS_CERTIFICATE_GENERIC_ERROR);
470 return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
481 * g_tls_database_verify_chain_async:
482 * @self: a #GTlsDatabase
483 * @chain: a #GTlsCertificate chain
484 * @purpose: the purpose that this certificate chain will be used for.
485 * @identity: (allow-none): the expected peer identity
486 * @interaction: (allow-none): used to interact with the user if necessary
487 * @flags: additional verify flags
488 * @cancellable: (allow-none): a #GCancellable, or %NULL
489 * @callback: callback to call when the operation completes
490 * @user_data: the data to pass to the callback function
492 * Asynchronously verify's a certificate chain after looking up and adding
493 * any missing certificates to the chain. See g_tls_database_verify_chain()
494 * for more information.
499 g_tls_database_verify_chain_async (GTlsDatabase *self,
500 GTlsCertificate *chain,
501 const gchar *purpose,
502 GSocketConnectable *identity,
503 GTlsInteraction *interaction,
504 GTlsDatabaseVerifyFlags flags,
505 GCancellable *cancellable,
506 GAsyncReadyCallback callback,
509 g_return_if_fail (G_IS_TLS_DATABASE (self));
510 g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
511 g_return_if_fail (purpose != NULL);
512 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
513 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
514 g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity));
515 g_return_if_fail (callback != NULL);
517 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
518 G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
530 * g_tls_database_verify_chain_finish:
531 * @self: a #GTlsDatabase
532 * @result: a #GAsyncResult.
533 * @error: a #GError pointer, or %NULL
535 * Finish an asynchronous verify chain operation. See
536 * g_tls_database_verify_chain() for more information. *
537 * Returns: the appropriate #GTlsCertificateFlags which represents the
538 * result of verification.
543 g_tls_database_verify_chain_finish (GTlsDatabase *self,
544 GAsyncResult *result,
547 g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
548 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
549 g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
550 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish,
551 G_TLS_CERTIFICATE_GENERIC_ERROR);
552 return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self,
558 * g_tls_database_create_certificate_handle:
559 * @self: a #GTlsDatabase
560 * @certificate: certificate for which to create a handle.
562 * Create a handle string for the certificate. The database will only be able
563 * to create a handle for certificates that originate from the database. In
564 * cases where the database cannot create a handle for a certificate, %NULL
567 * This handle should be stable across various instances of the application,
568 * and between applications. If a certificate is modified in the database,
569 * then it is not guaranteed that this handle will continue to point to it.
571 * Returns: (nullable): a newly allocated string containing the
577 g_tls_database_create_certificate_handle (GTlsDatabase *self,
578 GTlsCertificate *certificate)
580 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
581 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
582 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL);
583 return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self,
588 * g_tls_database_lookup_certificate_for_handle:
589 * @self: a #GTlsDatabase
590 * @handle: a certificate handle
591 * @interaction: (allow-none): used to interact with the user if necessary
592 * @flags: Flags which affect the lookup.
593 * @cancellable: (allow-none): a #GCancellable, or %NULL
594 * @error: (allow-none): a #GError, or %NULL
596 * Lookup a certificate by its handle.
598 * The handle should have been created by calling
599 * g_tls_database_create_certificate_handle() on a #GTlsDatabase object of
600 * the same TLS backend. The handle is designed to remain valid across
601 * instantiations of the database.
603 * If the handle is no longer valid, or does not point to a certificate in
604 * this database, then %NULL will be returned.
606 * This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform
607 * the lookup operation asynchronously.
609 * Returns: (transfer full) (allow-none): a newly allocated
610 * #GTlsCertificate, or %NULL. Use g_object_unref() to release the certificate.
615 g_tls_database_lookup_certificate_for_handle (GTlsDatabase *self,
617 GTlsInteraction *interaction,
618 GTlsDatabaseLookupFlags flags,
619 GCancellable *cancellable,
622 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
623 g_return_val_if_fail (handle != NULL, NULL);
624 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
625 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
626 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
627 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle, NULL);
628 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle (self,
638 * g_tls_database_lookup_certificate_for_handle_async:
639 * @self: a #GTlsDatabase
640 * @handle: a certificate handle
641 * @interaction: (allow-none): used to interact with the user if necessary
642 * @flags: Flags which affect the lookup.
643 * @cancellable: (allow-none): a #GCancellable, or %NULL
644 * @callback: callback to call when the operation completes
645 * @user_data: the data to pass to the callback function
647 * Asynchronously lookup a certificate by its handle in the database. See
648 * g_tls_database_lookup_certificate_for_handle() for more information.
653 g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase *self,
655 GTlsInteraction *interaction,
656 GTlsDatabaseLookupFlags flags,
657 GCancellable *cancellable,
658 GAsyncReadyCallback callback,
661 g_return_if_fail (G_IS_TLS_DATABASE (self));
662 g_return_if_fail (handle != NULL);
663 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
664 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
665 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async);
666 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self,
676 * g_tls_database_lookup_certificate_for_handle_finish:
677 * @self: a #GTlsDatabase
678 * @result: a #GAsyncResult.
679 * @error: a #GError pointer, or %NULL
681 * Finish an asynchronous lookup of a certificate by its handle. See
682 * g_tls_database_lookup_certificate_handle() for more information.
684 * If the handle is no longer valid, or does not point to a certificate in
685 * this database, then %NULL will be returned.
687 * Returns: (transfer full): a newly allocated #GTlsCertificate object.
688 * Use g_object_unref() to release the certificate.
693 g_tls_database_lookup_certificate_for_handle_finish (GTlsDatabase *self,
694 GAsyncResult *result,
697 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
698 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
699 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
700 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish, NULL);
701 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish (self,
707 * g_tls_database_lookup_certificate_issuer:
708 * @self: a #GTlsDatabase
709 * @certificate: a #GTlsCertificate
710 * @interaction: (allow-none): used to interact with the user if necessary
711 * @flags: flags which affect the lookup operation
712 * @cancellable: (allow-none): a #GCancellable, or %NULL
713 * @error: (allow-none): a #GError, or %NULL
715 * Lookup the issuer of @certificate in the database.
717 * The %issuer property
718 * of @certificate is not modified, and the two certificates are not hooked
721 * This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
722 * the lookup operation asynchronously.
724 * Returns: (transfer full): a newly allocated issuer #GTlsCertificate,
725 * or %NULL. Use g_object_unref() to release the certificate.
730 g_tls_database_lookup_certificate_issuer (GTlsDatabase *self,
731 GTlsCertificate *certificate,
732 GTlsInteraction *interaction,
733 GTlsDatabaseLookupFlags flags,
734 GCancellable *cancellable,
737 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
738 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
739 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
740 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
741 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
742 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL);
743 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self,
752 * g_tls_database_lookup_certificate_issuer_async:
753 * @self: a #GTlsDatabase
754 * @certificate: a #GTlsCertificate
755 * @interaction: (allow-none): used to interact with the user if necessary
756 * @flags: flags which affect the lookup operation
757 * @cancellable: (allow-none): a #GCancellable, or %NULL
758 * @callback: callback to call when the operation completes
759 * @user_data: the data to pass to the callback function
761 * Asynchronously lookup the issuer of @certificate in the database. See
762 * g_tls_database_lookup_certificate_issuer() for more information.
767 g_tls_database_lookup_certificate_issuer_async (GTlsDatabase *self,
768 GTlsCertificate *certificate,
769 GTlsInteraction *interaction,
770 GTlsDatabaseLookupFlags flags,
771 GCancellable *cancellable,
772 GAsyncReadyCallback callback,
775 g_return_if_fail (G_IS_TLS_DATABASE (self));
776 g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
777 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
778 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
779 g_return_if_fail (callback != NULL);
780 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async);
781 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async (self,
791 * g_tls_database_lookup_certificate_issuer_finish:
792 * @self: a #GTlsDatabase
793 * @result: a #GAsyncResult.
794 * @error: a #GError pointer, or %NULL
796 * Finish an asynchronous lookup issuer operation. See
797 * g_tls_database_lookup_certificate_issuer() for more information.
799 * Returns: (transfer full): a newly allocated issuer #GTlsCertificate,
800 * or %NULL. Use g_object_unref() to release the certificate.
805 g_tls_database_lookup_certificate_issuer_finish (GTlsDatabase *self,
806 GAsyncResult *result,
809 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
810 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
811 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
812 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish, NULL);
813 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish (self,
819 * g_tls_database_lookup_certificates_issued_by:
820 * @self: a #GTlsDatabase
821 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
822 * @interaction: (allow-none): used to interact with the user if necessary
823 * @flags: Flags which affect the lookup operation.
824 * @cancellable: (allow-none): a #GCancellable, or %NULL
825 * @error: (allow-none): a #GError, or %NULL
827 * Lookup certificates issued by this issuer in the database.
829 * This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
830 * the lookup operation asynchronously.
832 * Returns: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
833 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
838 g_tls_database_lookup_certificates_issued_by (GTlsDatabase *self,
839 GByteArray *issuer_raw_dn,
840 GTlsInteraction *interaction,
841 GTlsDatabaseLookupFlags flags,
842 GCancellable *cancellable,
845 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
846 g_return_val_if_fail (issuer_raw_dn, NULL);
847 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
848 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
849 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
850 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL);
851 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self,
860 * g_tls_database_lookup_certificates_issued_by_async:
861 * @self: a #GTlsDatabase
862 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
863 * @interaction: (allow-none): used to interact with the user if necessary
864 * @flags: Flags which affect the lookup operation.
865 * @cancellable: (allow-none): a #GCancellable, or %NULL
866 * @callback: callback to call when the operation completes
867 * @user_data: the data to pass to the callback function
869 * Asynchronously lookup certificates issued by this issuer in the database. See
870 * g_tls_database_lookup_certificates_issued_by() for more information.
872 * The database may choose to hold a reference to the issuer byte array for the duration
873 * of of this asynchronous operation. The byte array should not be modified during
879 g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase *self,
880 GByteArray *issuer_raw_dn,
881 GTlsInteraction *interaction,
882 GTlsDatabaseLookupFlags flags,
883 GCancellable *cancellable,
884 GAsyncReadyCallback callback,
887 g_return_if_fail (G_IS_TLS_DATABASE (self));
888 g_return_if_fail (issuer_raw_dn != NULL);
889 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
890 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
891 g_return_if_fail (callback != NULL);
892 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async);
893 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self,
903 * g_tls_database_lookup_certificates_issued_by_finish:
904 * @self: a #GTlsDatabase
905 * @result: a #GAsyncResult.
906 * @error: a #GError pointer, or %NULL
908 * Finish an asynchronous lookup of certificates. See
909 * g_tls_database_lookup_certificates_issued_by() for more information.
911 * Returns: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
912 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
917 g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase *self,
918 GAsyncResult *result,
921 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
922 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
923 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
924 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL);
925 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self,