1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2010 Collabora, Ltd.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: Stef Walter <stefw@collabora.co.uk>
25 #include "gtlsdatabase.h"
27 #include "gasyncresult.h"
28 #include "gcancellable.h"
30 #include "gsocketconnectable.h"
32 #include "gtlscertificate.h"
33 #include "gtlsinteraction.h"
36 * SECTION:gtlsdatabase
37 * @short_description: TLS database type
40 * #GTlsDatabase is used to lookup certificates and other information
41 * from a certificate or key store. It is an abstract base class which
42 * TLS library specific subtypes override.
44 * Most common client applications will not directly interact with
45 * #GTlsDatabase. It is used internally by #GTlsConnection.
53 * Abstract base class for the backend-specific database types.
58 G_DEFINE_ABSTRACT_TYPE (GTlsDatabase, g_tls_database, G_TYPE_OBJECT);
67 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER:
69 * The purpose used to verify the server certificate in a TLS connection. This
70 * is the most common purpose in use. Used by TLS clients.
74 * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT:
76 * The purpose used to verify the client certificate in a TLS connection.
77 * Used by TLS servers.
81 g_tls_database_init (GTlsDatabase *cert)
86 typedef struct _AsyncVerifyChain {
87 GTlsCertificate *chain;
89 GSocketConnectable *identity;
90 GTlsInteraction *interaction;
91 GTlsDatabaseVerifyFlags flags;
95 async_verify_chain_free (gpointer data)
97 AsyncVerifyChain *args = data;
98 g_clear_object (&args->chain);
99 g_free (args->purpose);
100 g_clear_object (&args->identity);
101 g_clear_object (&args->interaction);
102 g_slice_free (AsyncVerifyChain, args);
106 async_verify_chain_thread (GTask *task,
109 GCancellable *cancellable)
111 AsyncVerifyChain *args = task_data;
112 GTlsCertificateFlags verify_result;
113 GError *error = NULL;
115 verify_result = g_tls_database_verify_chain (G_TLS_DATABASE (object),
124 g_task_return_error (task, error);
126 g_task_return_int (task, (gssize)verify_result);
130 g_tls_database_real_verify_chain_async (GTlsDatabase *self,
131 GTlsCertificate *chain,
132 const gchar *purpose,
133 GSocketConnectable *identity,
134 GTlsInteraction *interaction,
135 GTlsDatabaseVerifyFlags flags,
136 GCancellable *cancellable,
137 GAsyncReadyCallback callback,
141 AsyncVerifyChain *args;
143 args = g_slice_new0 (AsyncVerifyChain);
144 args->chain = g_object_ref (chain);
145 args->purpose = g_strdup (purpose);
146 args->identity = identity ? g_object_ref (identity) : NULL;
147 args->interaction = interaction ? g_object_ref (interaction) : NULL;
150 task = g_task_new (self, cancellable, callback, user_data);
151 g_task_set_task_data (task, args, async_verify_chain_free);
152 g_task_run_in_thread (task, async_verify_chain_thread);
153 g_object_unref (task);
156 static GTlsCertificateFlags
157 g_tls_database_real_verify_chain_finish (GTlsDatabase *self,
158 GAsyncResult *result,
161 GTlsCertificateFlags ret;
163 g_return_val_if_fail (g_task_is_valid (result, self), G_TLS_CERTIFICATE_GENERIC_ERROR);
165 ret = (GTlsCertificateFlags)g_task_propagate_int (G_TASK (result), error);
166 if (ret == (GTlsCertificateFlags)-1)
167 return G_TLS_CERTIFICATE_GENERIC_ERROR;
174 GTlsInteraction *interaction;
175 GTlsDatabaseLookupFlags flags;
176 } AsyncLookupCertificateForHandle;
179 async_lookup_certificate_for_handle_free (gpointer data)
181 AsyncLookupCertificateForHandle *args = data;
183 g_free (args->handle);
184 g_clear_object (&args->interaction);
185 g_slice_free (AsyncLookupCertificateForHandle, args);
189 async_lookup_certificate_for_handle_thread (GTask *task,
192 GCancellable *cancellable)
194 AsyncLookupCertificateForHandle *args = task_data;
195 GTlsCertificate *result;
196 GError *error = NULL;
198 result = g_tls_database_lookup_certificate_for_handle (G_TLS_DATABASE (object),
205 g_task_return_pointer (task, result, g_object_unref);
207 g_task_return_error (task, error);
211 g_tls_database_real_lookup_certificate_for_handle_async (GTlsDatabase *self,
213 GTlsInteraction *interaction,
214 GTlsDatabaseLookupFlags flags,
215 GCancellable *cancellable,
216 GAsyncReadyCallback callback,
220 AsyncLookupCertificateForHandle *args;
222 args = g_slice_new0 (AsyncLookupCertificateForHandle);
223 args->handle = g_strdup (handle);
224 args->interaction = interaction ? g_object_ref (interaction) : NULL;
226 task = g_task_new (self, cancellable, callback, user_data);
227 g_task_set_task_data (task, args, async_lookup_certificate_for_handle_free);
228 g_task_run_in_thread (task, async_lookup_certificate_for_handle_thread);
229 g_object_unref (task);
232 static GTlsCertificate*
233 g_tls_database_real_lookup_certificate_for_handle_finish (GTlsDatabase *self,
234 GAsyncResult *result,
237 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
239 return g_task_propagate_pointer (G_TASK (result), error);
244 GTlsCertificate *certificate;
245 GTlsInteraction *interaction;
246 GTlsDatabaseLookupFlags flags;
247 } AsyncLookupCertificateIssuer;
250 async_lookup_certificate_issuer_free (gpointer data)
252 AsyncLookupCertificateIssuer *args = data;
254 g_clear_object (&args->certificate);
255 g_clear_object (&args->interaction);
256 g_slice_free (AsyncLookupCertificateIssuer, args);
260 async_lookup_certificate_issuer_thread (GTask *task,
263 GCancellable *cancellable)
265 AsyncLookupCertificateIssuer *args = task_data;
266 GTlsCertificate *issuer;
267 GError *error = NULL;
269 issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (object),
276 g_task_return_pointer (task, issuer, g_object_unref);
278 g_task_return_error (task, error);
282 g_tls_database_real_lookup_certificate_issuer_async (GTlsDatabase *self,
283 GTlsCertificate *certificate,
284 GTlsInteraction *interaction,
285 GTlsDatabaseLookupFlags flags,
286 GCancellable *cancellable,
287 GAsyncReadyCallback callback,
291 AsyncLookupCertificateIssuer *args;
293 args = g_slice_new0 (AsyncLookupCertificateIssuer);
294 args->certificate = g_object_ref (certificate);
296 args->interaction = interaction ? g_object_ref (interaction) : NULL;
298 task = g_task_new (self, cancellable, callback, user_data);
299 g_task_set_task_data (task, args, async_lookup_certificate_issuer_free);
300 g_task_run_in_thread (task, async_lookup_certificate_issuer_thread);
301 g_object_unref (task);
304 static GTlsCertificate *
305 g_tls_database_real_lookup_certificate_issuer_finish (GTlsDatabase *self,
306 GAsyncResult *result,
309 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
311 return g_task_propagate_pointer (G_TASK (result), error);
316 GTlsInteraction *interaction;
317 GTlsDatabaseLookupFlags flags;
318 } AsyncLookupCertificatesIssuedBy;
321 async_lookup_certificates_issued_by_free (gpointer data)
323 AsyncLookupCertificatesIssuedBy *args = data;
325 g_byte_array_unref (args->issuer);
326 g_clear_object (&args->interaction);
327 g_slice_free (AsyncLookupCertificatesIssuedBy, args);
331 async_lookup_certificates_free_certificates (gpointer data)
335 g_list_free_full (list, g_object_unref);
339 async_lookup_certificates_issued_by_thread (GTask *task,
342 GCancellable *cancellable)
344 AsyncLookupCertificatesIssuedBy *args = task_data;
346 GError *error = NULL;
348 results = g_tls_database_lookup_certificates_issued_by (G_TLS_DATABASE (object),
355 g_task_return_pointer (task, results, async_lookup_certificates_free_certificates);
357 g_task_return_error (task, error);
361 g_tls_database_real_lookup_certificates_issued_by_async (GTlsDatabase *self,
363 GTlsInteraction *interaction,
364 GTlsDatabaseLookupFlags flags,
365 GCancellable *cancellable,
366 GAsyncReadyCallback callback,
370 AsyncLookupCertificatesIssuedBy *args;
372 args = g_slice_new0 (AsyncLookupCertificatesIssuedBy);
373 args->issuer = g_byte_array_ref (issuer);
375 args->interaction = interaction ? g_object_ref (interaction) : NULL;
377 task = g_task_new (self, cancellable, callback, user_data);
378 g_task_set_task_data (task, args, async_lookup_certificates_issued_by_free);
379 g_task_run_in_thread (task, async_lookup_certificates_issued_by_thread);
380 g_object_unref (task);
384 g_tls_database_real_lookup_certificates_issued_by_finish (GTlsDatabase *self,
385 GAsyncResult *result,
388 g_return_val_if_fail (g_task_is_valid (result, self), NULL);
390 return g_task_propagate_pointer (G_TASK (result), error);
394 g_tls_database_class_init (GTlsDatabaseClass *klass)
396 klass->verify_chain_async = g_tls_database_real_verify_chain_async;
397 klass->verify_chain_finish = g_tls_database_real_verify_chain_finish;
398 klass->lookup_certificate_for_handle_async = g_tls_database_real_lookup_certificate_for_handle_async;
399 klass->lookup_certificate_for_handle_finish = g_tls_database_real_lookup_certificate_for_handle_finish;
400 klass->lookup_certificate_issuer_async = g_tls_database_real_lookup_certificate_issuer_async;
401 klass->lookup_certificate_issuer_finish = g_tls_database_real_lookup_certificate_issuer_finish;
402 klass->lookup_certificates_issued_by_async = g_tls_database_real_lookup_certificates_issued_by_async;
403 klass->lookup_certificates_issued_by_finish = g_tls_database_real_lookup_certificates_issued_by_finish;
407 * g_tls_database_verify_chain:
408 * @self: a #GTlsDatabase
409 * @chain: a #GTlsCertificate chain
410 * @purpose: the purpose that this certificate chain will be used for.
411 * @identity: (allow-none): the expected peer identity
412 * @interaction: (allow-none): used to interact with the user if necessary
413 * @flags: additional verify flags
414 * @cancellable: (allow-none): a #GCancellable, or %NULL
415 * @error: (allow-none): a #GError, or %NULL
417 * Verify's a certificate chain after looking up and adding any missing
418 * certificates to the chain.
420 * @chain is a chain of #GTlsCertificate objects each pointing to the next
421 * certificate in the chain by its %issuer property. The chain may initially
422 * consist of one or more certificates. After the verification process is
423 * complete, @chain may be modified by adding missing certificates, or removing
424 * extra certificates. If a certificate anchor was found, then it is added to
427 * @purpose describes the purpose (or usage) for which the certificate
428 * is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
429 * which means that the certificate is being used to authenticate a server
430 * (and we are acting as the client).
432 * The @identity is used to check for pinned certificates (trust exceptions)
433 * in the database. These will override the normal verification process on a
434 * host by host basis.
436 * Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
439 * This function can block, use g_tls_database_verify_chain_async() to perform
440 * the verification operation asynchronously.
442 * Return value: the appropriate #GTlsCertificateFlags which represents the
443 * result of verification.
448 g_tls_database_verify_chain (GTlsDatabase *self,
449 GTlsCertificate *chain,
450 const gchar *purpose,
451 GSocketConnectable *identity,
452 GTlsInteraction *interaction,
453 GTlsDatabaseVerifyFlags flags,
454 GCancellable *cancellable,
457 g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
458 g_return_val_if_fail (G_IS_TLS_DATABASE (self),
459 G_TLS_CERTIFICATE_GENERIC_ERROR);
460 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
461 G_TLS_CERTIFICATE_GENERIC_ERROR);
462 g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
463 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction),
464 G_TLS_CERTIFICATE_GENERIC_ERROR);
465 g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity),
466 G_TLS_CERTIFICATE_GENERIC_ERROR);
467 g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
469 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
470 G_TLS_CERTIFICATE_GENERIC_ERROR);
472 return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
483 * g_tls_database_verify_chain_async:
484 * @self: a #GTlsDatabase
485 * @chain: a #GTlsCertificate chain
486 * @purpose: the purpose that this certificate chain will be used for.
487 * @identity: (allow-none): the expected peer identity
488 * @interaction: (allow-none): used to interact with the user if necessary
489 * @flags: additional verify flags
490 * @cancellable: (allow-none): a #GCancellable, or %NULL
491 * @callback: callback to call when the operation completes
492 * @user_data: the data to pass to the callback function
494 * Asynchronously verify's a certificate chain after looking up and adding
495 * any missing certificates to the chain. See g_tls_database_verify_chain()
496 * for more information.
501 g_tls_database_verify_chain_async (GTlsDatabase *self,
502 GTlsCertificate *chain,
503 const gchar *purpose,
504 GSocketConnectable *identity,
505 GTlsInteraction *interaction,
506 GTlsDatabaseVerifyFlags flags,
507 GCancellable *cancellable,
508 GAsyncReadyCallback callback,
511 g_return_if_fail (G_IS_TLS_DATABASE (self));
512 g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
513 g_return_if_fail (purpose != NULL);
514 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
515 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
516 g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity));
517 g_return_if_fail (callback != NULL);
519 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
520 G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
532 * g_tls_database_verify_chain_finish:
533 * @self: a #GTlsDatabase
534 * @result: a #GAsyncResult.
535 * @error: a #GError pointer, or %NULL
537 * Finish an asynchronous verify chain operation. See
538 * g_tls_database_verify_chain() for more information. *
539 * Return value: the appropriate #GTlsCertificateFlags which represents the
540 * result of verification.
545 g_tls_database_verify_chain_finish (GTlsDatabase *self,
546 GAsyncResult *result,
549 g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
550 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
551 g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
552 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish,
553 G_TLS_CERTIFICATE_GENERIC_ERROR);
554 return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self,
560 * g_tls_database_create_certificate_handle:
561 * @self: a #GTlsDatabase
562 * @certificate: certificate for which to create a handle.
564 * Create a handle string for the certificate. The database will only be able
565 * to create a handle for certificates that originate from the database. In
566 * cases where the database cannot create a handle for a certificate, %NULL
569 * This handle should be stable across various instances of the application,
570 * and between applications. If a certificate is modified in the database,
571 * then it is not guaranteed that this handle will continue to point to it.
573 * Returns: (allow-none): a newly allocated string containing the handle.
577 g_tls_database_create_certificate_handle (GTlsDatabase *self,
578 GTlsCertificate *certificate)
580 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
581 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
582 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL);
583 return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self,
588 * g_tls_database_lookup_certificate_for_handle:
589 * @self: a #GTlsDatabase
590 * @handle: a certificate handle
591 * @interaction: (allow-none): used to interact with the user if necessary
592 * @flags: Flags which affect the lookup.
593 * @cancellable: (allow-none): a #GCancellable, or %NULL
594 * @error: (allow-none): a #GError, or %NULL
596 * Lookup a certificate by its handle.
598 * The handle should have been created by calling
599 * g_tls_database_create_certificate_handle() on a #GTlsDatabase object of
600 * the same TLS backend. The handle is designed to remain valid across
601 * instantiations of the database.
603 * If the handle is no longer valid, or does not point to a certificate in
604 * this database, then %NULL will be returned.
606 * This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform
607 * the lookup operation asynchronously.
609 * Return value: (transfer full) (allow-none): a newly allocated
610 * #GTlsCertificate, or %NULL. Use g_object_unref() to release the certificate.
615 g_tls_database_lookup_certificate_for_handle (GTlsDatabase *self,
617 GTlsInteraction *interaction,
618 GTlsDatabaseLookupFlags flags,
619 GCancellable *cancellable,
622 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
623 g_return_val_if_fail (handle != NULL, NULL);
624 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
625 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
626 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
627 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle, NULL);
628 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle (self,
638 * g_tls_database_lookup_certificate_for_handle_async:
639 * @self: a #GTlsDatabase
640 * @handle: a certificate handle
641 * @interaction: (allow-none): used to interact with the user if necessary
642 * @flags: Flags which affect the lookup.
643 * @cancellable: (allow-none): a #GCancellable, or %NULL
644 * @callback: callback to call when the operation completes
645 * @user_data: the data to pass to the callback function
647 * Asynchronously lookup a certificate by its handle in the database. See
648 * g_tls_database_lookup_certificate_for_handle() for more information.
653 g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase *self,
655 GTlsInteraction *interaction,
656 GTlsDatabaseLookupFlags flags,
657 GCancellable *cancellable,
658 GAsyncReadyCallback callback,
661 g_return_if_fail (G_IS_TLS_DATABASE (self));
662 g_return_if_fail (handle != NULL);
663 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
664 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
665 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async);
666 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self,
676 * g_tls_database_lookup_certificate_for_handle_finish:
677 * @self: a #GTlsDatabase
678 * @result: a #GAsyncResult.
679 * @error: a #GError pointer, or %NULL
681 * Finish an asynchronous lookup of a certificate by its handle. See
682 * g_tls_database_lookup_certificate_handle() for more information.
684 * If the handle is no longer valid, or does not point to a certificate in
685 * this database, then %NULL will be returned.
687 * Return value: (transfer full): a newly allocated #GTlsCertificate object.
688 * Use g_object_unref() to release the certificate.
693 g_tls_database_lookup_certificate_for_handle_finish (GTlsDatabase *self,
694 GAsyncResult *result,
697 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
698 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
699 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
700 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish, NULL);
701 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish (self,
707 * g_tls_database_lookup_certificate_issuer:
708 * @self: a #GTlsDatabase
709 * @certificate: a #GTlsCertificate
710 * @interaction: (allow-none): used to interact with the user if necessary
711 * @flags: flags which affect the lookup operation
712 * @cancellable: (allow-none): a #GCancellable, or %NULL
713 * @error: (allow-none): a #GError, or %NULL
715 * Lookup the issuer of @certificate in the database.
717 * The %issuer property
718 * of @certificate is not modified, and the two certificates are not hooked
721 * This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
722 * the lookup operation asynchronously.
724 * Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
725 * or %NULL. Use g_object_unref() to release the certificate.
730 g_tls_database_lookup_certificate_issuer (GTlsDatabase *self,
731 GTlsCertificate *certificate,
732 GTlsInteraction *interaction,
733 GTlsDatabaseLookupFlags flags,
734 GCancellable *cancellable,
737 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
738 g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
739 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
740 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
741 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
742 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL);
743 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self,
752 * g_tls_database_lookup_certificate_issuer_async:
753 * @self: a #GTlsDatabase
754 * @certificate: a #GTlsCertificate
755 * @interaction: (allow-none): used to interact with the user if necessary
756 * @flags: flags which affect the lookup operation
757 * @cancellable: (allow-none): a #GCancellable, or %NULL
758 * @callback: callback to call when the operation completes
759 * @user_data: the data to pass to the callback function
761 * Asynchronously lookup the issuer of @certificate in the database. See
762 * g_tls_database_lookup_certificate_issuer() for more information.
767 g_tls_database_lookup_certificate_issuer_async (GTlsDatabase *self,
768 GTlsCertificate *certificate,
769 GTlsInteraction *interaction,
770 GTlsDatabaseLookupFlags flags,
771 GCancellable *cancellable,
772 GAsyncReadyCallback callback,
775 g_return_if_fail (G_IS_TLS_DATABASE (self));
776 g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
777 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
778 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
779 g_return_if_fail (callback != NULL);
780 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async);
781 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async (self,
791 * g_tls_database_lookup_certificate_issuer_finish:
792 * @self: a #GTlsDatabase
793 * @result: a #GAsyncResult.
794 * @error: a #GError pointer, or %NULL
796 * Finish an asynchronous lookup issuer operation. See
797 * g_tls_database_lookup_certificate_issuer() for more information.
799 * Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
800 * or %NULL. Use g_object_unref() to release the certificate.
805 g_tls_database_lookup_certificate_issuer_finish (GTlsDatabase *self,
806 GAsyncResult *result,
809 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
810 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
811 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
812 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish, NULL);
813 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish (self,
819 * g_tls_database_lookup_certificates_issued_by:
820 * @self: a #GTlsDatabase
821 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
822 * @interaction: (allow-none): used to interact with the user if necessary
823 * @flags: Flags which affect the lookup operation.
824 * @cancellable: (allow-none): a #GCancellable, or %NULL
825 * @error: (allow-none): a #GError, or %NULL
827 * Lookup certificates issued by this issuer in the database.
829 * This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
830 * the lookup operation asynchronously.
832 * Return value: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
833 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
838 g_tls_database_lookup_certificates_issued_by (GTlsDatabase *self,
839 GByteArray *issuer_raw_dn,
840 GTlsInteraction *interaction,
841 GTlsDatabaseLookupFlags flags,
842 GCancellable *cancellable,
845 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
846 g_return_val_if_fail (issuer_raw_dn, NULL);
847 g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
848 g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
849 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
850 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL);
851 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self,
860 * g_tls_database_lookup_certificates_issued_by_async:
861 * @self: a #GTlsDatabase
862 * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
863 * @interaction: (allow-none): used to interact with the user if necessary
864 * @flags: Flags which affect the lookup operation.
865 * @cancellable: (allow-none): a #GCancellable, or %NULL
866 * @callback: callback to call when the operation completes
867 * @user_data: the data to pass to the callback function
869 * Asynchronously lookup certificates issued by this issuer in the database. See
870 * g_tls_database_lookup_certificates_issued_by() for more information.
872 * The database may choose to hold a reference to the issuer byte array for the duration
873 * of of this asynchronous operation. The byte array should not be modified during
879 g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase *self,
880 GByteArray *issuer_raw_dn,
881 GTlsInteraction *interaction,
882 GTlsDatabaseLookupFlags flags,
883 GCancellable *cancellable,
884 GAsyncReadyCallback callback,
887 g_return_if_fail (G_IS_TLS_DATABASE (self));
888 g_return_if_fail (issuer_raw_dn != NULL);
889 g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
890 g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
891 g_return_if_fail (callback != NULL);
892 g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async);
893 G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self,
903 * g_tls_database_lookup_certificates_issued_by_finish:
904 * @self: a #GTlsDatabase
905 * @result: a #GAsyncResult.
906 * @error: a #GError pointer, or %NULL
908 * Finish an asynchronous lookup of certificates. See
909 * g_tls_database_lookup_certificates_issued_by() for more information.
911 * Return value: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate
912 * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list.
917 g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase *self,
918 GAsyncResult *result,
921 g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
922 g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
923 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
924 g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL);
925 return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self,