Merge remote-tracking branch 'gvdb/master'
[platform/upstream/glib.git] / gio / gtlsdatabase.c
1 /* GIO - GLib Input, Output and Streaming Library
2  *
3  * Copyright (C) 2010 Collabora, Ltd.
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General
16  * Public License along with this library; if not, write to the
17  * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18  * Boston, MA 02111-1307, USA.
19  *
20  * Author: Stef Walter <stefw@collabora.co.uk>
21  */
22
23 #include "config.h"
24
25 #include "gtlsdatabase.h"
26
27 #include "gasyncresult.h"
28 #include "gcancellable.h"
29 #include "glibintl.h"
30 #include "gsimpleasyncresult.h"
31 #include "gsocketconnectable.h"
32 #include "gtlscertificate.h"
33 #include "gtlsinteraction.h"
34
35 /**
36  * SECTION:gtlsdatabase
37  * @short_description: TLS database type
38  * @include: gio/gio.h
39  *
40  * #GTlsDatabase is used to lookup certificates and other information
41  * from a certificate or key store. It is an abstract base class which
42  * TLS library specific subtypes override.
43  *
44  * Most common client applications will not directly interact with
45  * #GTlsDatabase. It is used internally by #GTlsConnection.
46  *
47  * Since: 2.30
48  */
49
50 /**
51  * GTlsDatabase:
52  *
53  * Abstract base class for the backend-specific database types.
54  *
55  * Since: 2.30
56  */
57
58 G_DEFINE_ABSTRACT_TYPE (GTlsDatabase, g_tls_database, G_TYPE_OBJECT);
59
60 enum {
61   UNLOCK_REQUIRED,
62
63   LAST_SIGNAL
64 };
65
66 /**
67  * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER:
68  *
69  * The purpose used to verify the server certificate in a TLS connection. This
70  * is the most common purpose in use. Used by TLS clients.
71  */
72
73 /**
74  * G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT:
75  *
76  * The purpose used to verify the client certificate in a TLS connection.
77  * Used by TLS servers.
78  */
79
80 static void
81 g_tls_database_init (GTlsDatabase *cert)
82 {
83
84 }
85
86 typedef struct _AsyncVerifyChain {
87   GTlsCertificate *chain;
88   gchar *purpose;
89   GSocketConnectable *identity;
90   GTlsInteraction *interaction;
91   GTlsDatabaseVerifyFlags flags;
92   GTlsCertificateFlags verify_result;
93 } AsyncVerifyChain;
94
95 static void
96 async_verify_chain_free (gpointer data)
97 {
98   AsyncVerifyChain *args = data;
99   g_clear_object (&args->chain);
100   g_free (args->purpose);
101   g_clear_object (&args->identity);
102   g_clear_object (&args->interaction);
103   g_slice_free (AsyncVerifyChain, args);
104 }
105
106 static void
107 async_verify_chain_thread (GSimpleAsyncResult *res,
108                            GObject            *object,
109                            GCancellable       *cancellable)
110 {
111   AsyncVerifyChain *args = g_simple_async_result_get_op_res_gpointer (res);
112   GError *error = NULL;
113
114   args->verify_result = g_tls_database_verify_chain (G_TLS_DATABASE (object),
115                                                      args->chain,
116                                                      args->purpose,
117                                                      args->identity,
118                                                      args->interaction,
119                                                      args->flags,
120                                                      cancellable,
121                                                      &error);
122
123   if (error)
124       g_simple_async_result_take_error (res, error);
125 }
126
127 static void
128 g_tls_database_real_verify_chain_async (GTlsDatabase           *self,
129                                         GTlsCertificate        *chain,
130                                         const gchar            *purpose,
131                                         GSocketConnectable     *identity,
132                                         GTlsInteraction        *interaction,
133                                         GTlsDatabaseVerifyFlags flags,
134                                         GCancellable           *cancellable,
135                                         GAsyncReadyCallback     callback,
136                                         gpointer                user_data)
137 {
138   GSimpleAsyncResult *res;
139   AsyncVerifyChain *args;
140
141   args = g_slice_new0 (AsyncVerifyChain);
142   args->chain = g_object_ref (chain);
143   args->purpose = g_strdup (purpose);
144   args->identity = identity ? g_object_ref (identity) : NULL;
145   args->interaction = interaction ? g_object_ref (interaction) : NULL;
146   args->flags = flags;
147
148   res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
149                                    g_tls_database_real_verify_chain_async);
150   g_simple_async_result_set_op_res_gpointer (res, args, async_verify_chain_free);
151   g_simple_async_result_run_in_thread (res, async_verify_chain_thread,
152                                        G_PRIORITY_DEFAULT, cancellable);
153   g_object_unref (res);
154 }
155
156 static GTlsCertificateFlags
157 g_tls_database_real_verify_chain_finish (GTlsDatabase          *self,
158                                          GAsyncResult          *result,
159                                          GError               **error)
160 {
161   AsyncVerifyChain *args;
162
163   g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
164   g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
165                         g_tls_database_real_verify_chain_async), FALSE);
166
167   if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
168     return G_TLS_CERTIFICATE_GENERIC_ERROR;
169
170   args = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
171   return args->verify_result;
172 }
173
174 typedef struct {
175   gchar *handle;
176   GTlsInteraction *interaction;
177   GTlsDatabaseLookupFlags flags;
178   GTlsCertificate *result;
179 } AsyncLookupCertificateForHandle;
180
181 static void
182 async_lookup_certificate_for_handle_free (gpointer data)
183 {
184   AsyncLookupCertificateForHandle *args = data;
185
186   g_free (args->handle);
187   g_clear_object (&args->interaction);
188   g_clear_object (&args->result);
189   g_slice_free (AsyncLookupCertificateForHandle, args);
190 }
191
192 static void
193 async_lookup_certificate_for_handle_thread (GSimpleAsyncResult *res,
194                                             GObject            *object,
195                                             GCancellable       *cancellable)
196 {
197   AsyncLookupCertificateForHandle *args = g_simple_async_result_get_op_res_gpointer (res);
198   GError *error = NULL;
199
200   args->result = g_tls_database_lookup_certificate_for_handle (G_TLS_DATABASE (object),
201                                                                args->handle,
202                                                                args->interaction,
203                                                                args->flags,
204                                                                cancellable,
205                                                                &error);
206
207   if (error)
208       g_simple_async_result_take_error (res, error);
209 }
210
211 static void
212 g_tls_database_real_lookup_certificate_for_handle_async (GTlsDatabase           *self,
213                                                          const gchar            *handle,
214                                                          GTlsInteraction        *interaction,
215                                                          GTlsDatabaseLookupFlags flags,
216                                                          GCancellable           *cancellable,
217                                                          GAsyncReadyCallback     callback,
218                                                          gpointer                user_data)
219 {
220   GSimpleAsyncResult *res;
221   AsyncLookupCertificateForHandle *args;
222
223   g_return_if_fail (callback != NULL);
224
225   args = g_slice_new0 (AsyncLookupCertificateForHandle);
226   args->handle = g_strdup (handle);
227   args->interaction = interaction ? g_object_ref (interaction) : NULL;
228
229   res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
230                                    g_tls_database_real_lookup_certificate_for_handle_async);
231   g_simple_async_result_set_op_res_gpointer (res, args, async_lookup_certificate_for_handle_free);
232   g_simple_async_result_run_in_thread (res, async_lookup_certificate_for_handle_thread,
233                                        G_PRIORITY_DEFAULT, cancellable);
234   g_object_unref (res);
235 }
236
237 static GTlsCertificate*
238 g_tls_database_real_lookup_certificate_for_handle_finish (GTlsDatabase          *self,
239                                                           GAsyncResult          *result,
240                                                           GError               **error)
241 {
242   AsyncLookupCertificateForHandle *args;
243   GTlsCertificate *certificate;
244
245   g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), NULL);
246   g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
247                         g_tls_database_real_lookup_certificate_for_handle_async), FALSE);
248
249   if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
250     return NULL;
251
252   args = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
253   certificate = args->result;
254   args->result = NULL;
255   return certificate;
256 }
257
258
259 typedef struct {
260   GTlsCertificate *certificate;
261   GTlsInteraction *interaction;
262   GTlsDatabaseLookupFlags flags;
263   GTlsCertificate *issuer;
264 } AsyncLookupCertificateIssuer;
265
266 static void
267 async_lookup_certificate_issuer_free (gpointer data)
268 {
269   AsyncLookupCertificateIssuer *args = data;
270
271   g_clear_object (&args->certificate);
272   g_clear_object (&args->interaction);
273   g_clear_object (&args->issuer);
274   g_slice_free (AsyncLookupCertificateIssuer, args);
275 }
276
277 static void
278 async_lookup_certificate_issuer_thread (GSimpleAsyncResult *res,
279                             GObject            *object,
280                             GCancellable       *cancellable)
281 {
282   AsyncLookupCertificateIssuer *args = g_simple_async_result_get_op_res_gpointer (res);
283   GError *error = NULL;
284
285   args->issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (object),
286                                                            args->certificate,
287                                                            args->interaction,
288                                                            args->flags,
289                                                            cancellable,
290                                                            &error);
291
292   if (error)
293       g_simple_async_result_take_error (res, error);
294 }
295
296 static void
297 g_tls_database_real_lookup_certificate_issuer_async (GTlsDatabase           *self,
298                                                      GTlsCertificate        *certificate,
299                                                      GTlsInteraction        *interaction,
300                                                      GTlsDatabaseLookupFlags flags,
301                                                      GCancellable           *cancellable,
302                                                      GAsyncReadyCallback     callback,
303                                                      gpointer                user_data)
304 {
305   GSimpleAsyncResult *res;
306   AsyncLookupCertificateIssuer *args;
307
308   g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
309   g_return_if_fail (callback != NULL);
310
311   args = g_slice_new0 (AsyncLookupCertificateIssuer);
312   args->certificate = g_object_ref (certificate);
313   args->flags = flags;
314   args->interaction = interaction ? g_object_ref (interaction) : NULL;
315
316   res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
317                                    g_tls_database_real_lookup_certificate_issuer_async);
318   g_simple_async_result_set_op_res_gpointer (res, args, async_lookup_certificate_issuer_free);
319   g_simple_async_result_run_in_thread (res, async_lookup_certificate_issuer_thread,
320                                        G_PRIORITY_DEFAULT, cancellable);
321   g_object_unref (res);
322 }
323
324 static GTlsCertificate*
325 g_tls_database_real_lookup_certificate_issuer_finish (GTlsDatabase          *self,
326                                                       GAsyncResult          *result,
327                                                       GError               **error)
328 {
329   AsyncLookupCertificateIssuer *args;
330   GTlsCertificate *issuer;
331
332   g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), NULL);
333   g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
334                         g_tls_database_real_lookup_certificate_issuer_async), FALSE);
335
336   if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
337     return NULL;
338
339   args = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
340   issuer = args->issuer;
341   args->issuer = NULL;
342   return issuer;
343 }
344
345 typedef struct {
346   GByteArray *issuer;
347   GTlsInteraction *interaction;
348   GTlsDatabaseLookupFlags flags;
349   GList *results;
350 } AsyncLookupCertificatesIssuedBy;
351
352 static void
353 async_lookup_certificates_issued_by_free (gpointer data)
354 {
355   AsyncLookupCertificatesIssuedBy *args = data;
356   GList *l;
357
358   g_byte_array_unref (args->issuer);
359   g_clear_object (&args->interaction);
360   for (l = args->results; l; l = g_list_next (l))
361     g_object_unref (l->data);
362   g_list_free (args->results);
363   g_slice_free (AsyncLookupCertificatesIssuedBy, args);
364 }
365
366 static void
367 async_lookup_certificates_issued_by_thread (GSimpleAsyncResult *res,
368                                             GObject            *object,
369                                             GCancellable       *cancellable)
370 {
371   AsyncLookupCertificatesIssuedBy *args = g_simple_async_result_get_op_res_gpointer (res);
372   GError *error = NULL;
373
374   args->results = g_tls_database_lookup_certificates_issued_by (G_TLS_DATABASE (object),
375                                                                 args->issuer,
376                                                                 args->interaction,
377                                                                 args->flags,
378                                                                 cancellable,
379                                                                 &error);
380
381   if (error)
382       g_simple_async_result_take_error (res, error);
383 }
384
385 static void
386 g_tls_database_real_lookup_certificates_issued_by_async (GTlsDatabase           *self,
387                                                          GByteArray             *issuer,
388                                                          GTlsInteraction        *interaction,
389                                                          GTlsDatabaseLookupFlags flags,
390                                                          GCancellable           *cancellable,
391                                                          GAsyncReadyCallback     callback,
392                                                          gpointer                user_data)
393 {
394   GSimpleAsyncResult *res;
395   AsyncLookupCertificatesIssuedBy *args;
396
397   g_return_if_fail (callback);
398
399   args = g_slice_new0 (AsyncLookupCertificatesIssuedBy);
400   args->issuer = g_byte_array_ref (issuer);
401   args->flags = flags;
402   args->interaction = interaction ? g_object_ref (interaction) : NULL;
403
404   res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
405                                    g_tls_database_real_lookup_certificates_issued_by_async);
406   g_simple_async_result_set_op_res_gpointer (res, args, async_lookup_certificates_issued_by_free);
407   g_simple_async_result_run_in_thread (res, async_lookup_certificates_issued_by_thread,
408                                        G_PRIORITY_DEFAULT, cancellable);
409   g_object_unref (res);
410 }
411
412 static GList*
413 g_tls_database_real_lookup_certificates_issued_by_finish (GTlsDatabase          *self,
414                                                           GAsyncResult          *result,
415                                                           GError               **error)
416 {
417   AsyncLookupCertificatesIssuedBy *args;
418   GList *results;
419
420   g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), NULL);
421   g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
422                         g_tls_database_real_lookup_certificates_issued_by_async), FALSE);
423
424   if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
425     return NULL;
426
427   args = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
428   results = args->results;
429   args->results = NULL;
430   return results;
431 }
432
433 static void
434 g_tls_database_class_init (GTlsDatabaseClass *klass)
435 {
436   klass->verify_chain_async = g_tls_database_real_verify_chain_async;
437   klass->verify_chain_finish = g_tls_database_real_verify_chain_finish;
438   klass->lookup_certificate_for_handle_async = g_tls_database_real_lookup_certificate_for_handle_async;
439   klass->lookup_certificate_for_handle_finish = g_tls_database_real_lookup_certificate_for_handle_finish;
440   klass->lookup_certificate_issuer_async = g_tls_database_real_lookup_certificate_issuer_async;
441   klass->lookup_certificate_issuer_finish = g_tls_database_real_lookup_certificate_issuer_finish;
442   klass->lookup_certificates_issued_by_async = g_tls_database_real_lookup_certificates_issued_by_async;
443   klass->lookup_certificates_issued_by_finish = g_tls_database_real_lookup_certificates_issued_by_finish;
444 }
445
446 /**
447  * g_tls_database_verify_chain:
448  * @self: a #GTlsDatabase
449  * @chain: a #GTlsCertificate chain
450  * @purpose: the purpose that this certificate chain will be used for.
451  * @identity: (allow-none): the expected peer identity
452  * @interaction: (allow-none): used to interact with the user if necessary
453  * @flags: additional verify flags
454  * @cancellable: (allow-none): a #GCancellable, or %NULL
455  * @error: (allow-none): a #GError, or %NULL
456  *
457  * Verify's a certificate chain after looking up and adding any missing
458  * certificates to the chain.
459  *
460  * @chain is a chain of #GTlsCertificate objects each pointing to the next
461  * certificate in the chain by its %issuer property. The chain may initially
462  * consist of one or more certificates. After the verification process is
463  * complete, @chain may be modified by adding missing certificates, or removing
464  * extra certificates. If a certificate anchor was found, then it is added to
465  * the @chain.
466  *
467  * @purpose describes the purpose (or usage) for which the certificate
468  * is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
469  * which means that the certificate is being used to authenticate a server
470  * (and we are acting as the client).
471  *
472  * The @identity is used to check for pinned certificates (trust exceptions)
473  * in the database. These will override the normal verification process on a
474  * host by host basis.
475  *
476  * Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
477  * used.
478  *
479  * This function can block, use g_tls_database_verify_chain_async() to perform
480  * the verification operation asynchronously.
481  *
482  * Return value: the appropriate #GTlsCertificateFlags which represents the
483  * result of verification.
484  *
485  * Since: 2.30
486  */
487 GTlsCertificateFlags
488 g_tls_database_verify_chain (GTlsDatabase           *self,
489                              GTlsCertificate        *chain,
490                              const gchar            *purpose,
491                              GSocketConnectable     *identity,
492                              GTlsInteraction        *interaction,
493                              GTlsDatabaseVerifyFlags flags,
494                              GCancellable           *cancellable,
495                              GError                **error)
496 {
497   g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
498   g_return_val_if_fail (G_IS_TLS_DATABASE (self),
499                         G_TLS_CERTIFICATE_GENERIC_ERROR);
500   g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
501                         G_TLS_CERTIFICATE_GENERIC_ERROR);
502   g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
503   g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction),
504                         G_TLS_CERTIFICATE_GENERIC_ERROR);
505   g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity),
506                         G_TLS_CERTIFICATE_GENERIC_ERROR);
507   g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
508
509   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
510                         G_TLS_CERTIFICATE_GENERIC_ERROR);
511
512   return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
513                                                         chain,
514                                                         purpose,
515                                                         identity,
516                                                         interaction,
517                                                         flags,
518                                                         cancellable,
519                                                         error);
520 }
521
522 /**
523  * g_tls_database_verify_chain_async:
524  * @self: a #GTlsDatabase
525  * @chain: a #GTlsCertificate chain
526  * @purpose: the purpose that this certificate chain will be used for.
527  * @identity: (allow-none): the expected peer identity
528  * @interaction: (allow-none): used to interact with the user if necessary
529  * @flags: additional verify flags
530  * @cancellable: (allow-none): a #GCancellable, or %NULL
531  * @callback: callback to call when the operation completes
532  * @user_data: the data to pass to the callback function
533  *
534  * Asynchronously verify's a certificate chain after looking up and adding
535  * any missing certificates to the chain. See g_tls_database_verify_chain()
536  * for more information.
537  *
538  * Since: 2.30
539  */
540 void
541 g_tls_database_verify_chain_async (GTlsDatabase           *self,
542                                    GTlsCertificate        *chain,
543                                    const gchar            *purpose,
544                                    GSocketConnectable     *identity,
545                                    GTlsInteraction        *interaction,
546                                    GTlsDatabaseVerifyFlags flags,
547                                    GCancellable           *cancellable,
548                                    GAsyncReadyCallback     callback,
549                                    gpointer                user_data)
550 {
551   g_return_if_fail (G_IS_TLS_DATABASE (self));
552   g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
553   g_return_if_fail (purpose != NULL);
554   g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
555   g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
556   g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity));
557   g_return_if_fail (callback != NULL);
558
559   g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
560   G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
561                                                        chain,
562                                                        purpose,
563                                                        identity,
564                                                        interaction,
565                                                        flags,
566                                                        cancellable,
567                                                        callback,
568                                                        user_data);
569 }
570
571 /**
572  * g_tls_database_verify_chain_finish:
573  * @self: a #GTlsDatabase
574  * @result: a #GAsyncResult.
575  * @error: a #GError pointer, or %NULL
576  *
577  * Finish an asynchronous verify chain operation. See
578  * g_tls_database_verify_chain() for more information. *
579  * Return value: the appropriate #GTlsCertificateFlags which represents the
580  * result of verification.
581  *
582  * Since: 2.30
583  */
584 GTlsCertificateFlags
585 g_tls_database_verify_chain_finish (GTlsDatabase          *self,
586                                     GAsyncResult          *result,
587                                     GError               **error)
588 {
589   g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
590   g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR);
591   g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
592   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish,
593                         G_TLS_CERTIFICATE_GENERIC_ERROR);
594   return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self,
595                                                                result,
596                                                                error);
597 }
598
599 /**
600  * g_tls_database_create_certificate_handle:
601  * @self: a #GTlsDatabase
602  * @certificate: certificate for which to create a handle.
603  *
604  * Create a handle string for the certificate. The database will only be able
605  * to create a handle for certificates that originate from the database. In
606  * cases where the database cannot create a handle for a certificate, %NULL
607  * will be returned.
608  *
609  * This handle should be stable across various instances of the application,
610  * and between applications. If a certificate is modified in the database,
611  * then it is not guaranteed that this handle will continue to point to it.
612  *
613  * Returns: (allow-none): a newly allocated string containing the handle.
614  * Since: 2.30
615  */
616 gchar*
617 g_tls_database_create_certificate_handle (GTlsDatabase            *self,
618                                           GTlsCertificate         *certificate)
619 {
620   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
621   g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
622   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL);
623   return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self,
624                                                                      certificate);
625 }
626
627 /**
628  * g_tls_database_lookup_certificate_for_handle:
629  * @self: a #GTlsDatabase
630  * @handle: a certificate handle
631  * @interaction: (allow-none): used to interact with the user if necessary
632  * @flags: Flags which affect the lookup.
633  * @cancellable: (allow-none): a #GCancellable, or %NULL
634  * @error: (allow-none): a #GError, or %NULL
635  *
636  * Lookup a certificate by its handle.
637  *
638  * The handle should have been created by calling g_tls_database_create_handle()
639  * on a #GTlsDatabase object of the same TLS backend. The handle is designed
640  * to remain valid across instantiations of the database.
641  *
642  * If the handle is no longer valid, or does not point to a certificate in
643  * this database, then %NULL will be returned.
644  *
645  * This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform
646  * the lookup operation asynchronously.
647  *
648  * Return value: (transfer full) (allow-none): a newly allocated
649  * #GTlsCertificate, or %NULL. Use g_object_unref() to release the certificate.
650  *
651  * Since: 2.30
652  */
653 GTlsCertificate*
654 g_tls_database_lookup_certificate_for_handle (GTlsDatabase            *self,
655                                               const gchar             *handle,
656                                               GTlsInteraction         *interaction,
657                                               GTlsDatabaseLookupFlags  flags,
658                                               GCancellable            *cancellable,
659                                               GError                 **error)
660 {
661   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
662   g_return_val_if_fail (handle != NULL, NULL);
663   g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
664   g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
665   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
666   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle, NULL);
667   return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle (self,
668                                                                          handle,
669                                                                          interaction,
670                                                                          flags,
671                                                                          cancellable,
672                                                                          error);
673 }
674
675
676 /**
677  * g_tls_database_lookup_certificate_for_handle_async:
678  * @self: a #GTlsDatabase
679  * @handle: a certificate handle
680  * @interaction: (allow-none): used to interact with the user if necessary
681  * @flags: Flags which affect the lookup.
682  * @cancellable: (allow-none): a #GCancellable, or %NULL
683  * @callback: callback to call when the operation completes
684  * @user_data: the data to pass to the callback function
685  *
686  * Asynchronously lookup a certificate by its handle in the database. See
687  * g_tls_database_lookup_handle() for more information.
688  *
689  * Since: 2.30
690  */
691 void
692 g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase            *self,
693                                                     const gchar             *handle,
694                                                     GTlsInteraction         *interaction,
695                                                     GTlsDatabaseLookupFlags  flags,
696                                                     GCancellable            *cancellable,
697                                                     GAsyncReadyCallback      callback,
698                                                     gpointer                 user_data)
699 {
700   g_return_if_fail (G_IS_TLS_DATABASE (self));
701   g_return_if_fail (handle != NULL);
702   g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
703   g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
704   g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async);
705   G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self,
706                                                                                handle,
707                                                                                interaction,
708                                                                                flags,
709                                                                                cancellable,
710                                                                                callback,
711                                                                                user_data);
712 }
713
714 /**
715  * g_tls_database_lookup_certificate_for_handle_finish:
716  * @self: a #GTlsDatabase
717  * @result: a #GAsyncResult.
718  * @error: a #GError pointer, or %NULL
719  *
720  * Finish an asynchronous lookup of a certificate by its handle. See
721  * g_tls_database_lookup_handle() for more information.
722  *
723  * If the handle is no longer valid, or does not point to a certificate in
724  * this database, then %NULL will be returned.
725  *
726  * Return value: (transfer full): a newly allocated #GTlsCertificate object.
727  * Use g_object_unref() to release the certificate.
728  *
729  * Since: 2.30
730  */
731 GTlsCertificate*
732 g_tls_database_lookup_certificate_for_handle_finish (GTlsDatabase            *self,
733                                                      GAsyncResult            *result,
734                                                      GError                 **error)
735 {
736   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
737   g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
738   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
739   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish, NULL);
740   return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_finish (self,
741                                                                                 result,
742                                                                                 error);
743 }
744
745 /**
746  * g_tls_database_lookup_certificate_issuer:
747  * @self: a #GTlsDatabase
748  * @certificate: a #GTlsCertificate
749  * @interaction: (allow-none): used to interact with the user if necessary
750  * @flags: flags which affect the lookup operation
751  * @cancellable: (allow-none): a #GCancellable, or %NULL
752  * @error: (allow-none): a #GError, or %NULL
753  *
754  * Lookup the issuer of @certificate in the database.
755  *
756  * The %issuer property
757  * of @certificate is not modified, and the two certificates are not hooked
758  * into a chain.
759  *
760  * This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform
761  * the lookup operation asynchronously.
762  *
763  * Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
764  * or %NULL. Use g_object_unref() to release the certificate.
765  *
766  * Since: 2.30
767  */
768 GTlsCertificate*
769 g_tls_database_lookup_certificate_issuer (GTlsDatabase           *self,
770                                           GTlsCertificate        *certificate,
771                                           GTlsInteraction        *interaction,
772                                           GTlsDatabaseLookupFlags flags,
773                                           GCancellable           *cancellable,
774                                           GError                **error)
775 {
776   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
777   g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL);
778   g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
779   g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
780   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
781   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL);
782   return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self,
783                                                                      certificate,
784                                                                      interaction,
785                                                                      flags,
786                                                                      cancellable,
787                                                                      error);
788 }
789
790 /**
791  * g_tls_database_lookup_certificate_issuer_async:
792  * @self: a #GTlsDatabase
793  * @certificate: a #GTlsCertificate
794  * @interaction: (allow-none): used to interact with the user if necessary
795  * @flags: flags which affect the lookup operation
796  * @cancellable: (allow-none): a #GCancellable, or %NULL
797  * @callback: callback to call when the operation completes
798  * @user_data: the data to pass to the callback function
799  *
800  * Asynchronously lookup the issuer of @certificate in the database. See
801  * g_tls_database_lookup_certificate_issuer() for more information.
802  *
803  * Since: 2.30
804  */
805 void
806 g_tls_database_lookup_certificate_issuer_async (GTlsDatabase           *self,
807                                                 GTlsCertificate        *certificate,
808                                                 GTlsInteraction        *interaction,
809                                                 GTlsDatabaseLookupFlags flags,
810                                                 GCancellable           *cancellable,
811                                                 GAsyncReadyCallback     callback,
812                                                 gpointer                user_data)
813 {
814   g_return_if_fail (G_IS_TLS_DATABASE (self));
815   g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
816   g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
817   g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
818   g_return_if_fail (callback != NULL);
819   g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async);
820   G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_async (self,
821                                                         certificate,
822                                                         interaction,
823                                                         flags,
824                                                         cancellable,
825                                                         callback,
826                                                         user_data);
827 }
828
829 /**
830  * g_tls_database_lookup_certificate_issuer_finish:
831  * @self: a #GTlsDatabase
832  * @result: a #GAsyncResult.
833  * @error: a #GError pointer, or %NULL
834  *
835  * Finish an asynchronous lookup issuer operation. See
836  * g_tls_database_lookup_certificate_issuer() for more information.
837  *
838  * Return value: (transfer full): a newly allocated issuer #GTlsCertificate,
839  * or %NULL. Use g_object_unref() to release the certificate.
840  *
841  * Since: 2.30
842  */
843 GTlsCertificate*
844 g_tls_database_lookup_certificate_issuer_finish (GTlsDatabase          *self,
845                                                  GAsyncResult          *result,
846                                                  GError               **error)
847 {
848   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
849   g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
850   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
851   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish, NULL);
852   return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer_finish (self,
853                                                                 result,
854                                                                 error);
855 }
856
857 /**
858  * g_tls_database_lookup_certificates_issued_by:
859  * @self: a #GTlsDatabase
860  * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
861  * @interaction: (allow-none): used to interact with the user if necessary
862  * @flags: Flags which affect the lookup operation.
863  * @cancellable: (allow-none): a #GCancellable, or %NULL
864  * @error: (allow-none): a #GError, or %NULL
865  *
866  * Lookup certificates issued by this issuer in the database.
867  *
868  * This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform
869  * the lookup operation asynchronously.
870  *
871  * Return value: (transfer full): a newly allocated list of #GTlsCertificate objects.
872  * Use g_object_unref() on each certificate, and g_list_free() on the release the list.
873  *
874  * Since: 2.30
875  */
876 GList*
877 g_tls_database_lookup_certificates_issued_by (GTlsDatabase           *self,
878                                               GByteArray             *issuer_raw_dn,
879                                               GTlsInteraction        *interaction,
880                                               GTlsDatabaseLookupFlags flags,
881                                               GCancellable           *cancellable,
882                                               GError                **error)
883 {
884   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
885   g_return_val_if_fail (issuer_raw_dn, NULL);
886   g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL);
887   g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
888   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
889   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL);
890   return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self,
891                                                                          issuer_raw_dn,
892                                                                          interaction,
893                                                                          flags,
894                                                                          cancellable,
895                                                                          error);
896 }
897
898 /**
899  * g_tls_database_lookup_certificates_issued_by_async:
900  * @self: a #GTlsDatabase
901  * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN.
902  * @interaction: (allow-none): used to interact with the user if necessary
903  * @flags: Flags which affect the lookup operation.
904  * @cancellable: (allow-none): a #GCancellable, or %NULL
905  * @callback: callback to call when the operation completes
906  * @user_data: the data to pass to the callback function
907  *
908  * Asynchronously lookup certificates issued by this issuer in the database. See
909  * g_tls_database_lookup_certificates_issued_by() for more information.
910  *
911  * The database may choose to hold a reference to the issuer byte array for the duration
912  * of of this asynchronous operation. The byte array should not be modified during
913  * this time.
914  *
915  * Since: 2.30
916  */
917 void
918 g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase           *self,
919                                                     GByteArray             *issuer_raw_dn,
920                                                     GTlsInteraction        *interaction,
921                                                     GTlsDatabaseLookupFlags flags,
922                                                     GCancellable           *cancellable,
923                                                     GAsyncReadyCallback     callback,
924                                                     gpointer                user_data)
925 {
926   g_return_if_fail (G_IS_TLS_DATABASE (self));
927   g_return_if_fail (issuer_raw_dn != NULL);
928   g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
929   g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
930   g_return_if_fail (callback != NULL);
931   g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async);
932   G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self,
933                                                                         issuer_raw_dn,
934                                                                         interaction,
935                                                                         flags,
936                                                                         cancellable,
937                                                                         callback,
938                                                                         user_data);
939 }
940
941 /**
942  * g_tls_database_lookup_certificates_issued_by_finish:
943  * @self: a #GTlsDatabase
944  * @result: a #GAsyncResult.
945  * @error: a #GError pointer, or %NULL
946  *
947  * Finish an asynchronous lookup of certificates. See
948  * g_tls_database_lookup_certificates_issued_by() for more information.
949  *
950  * Return value: (transfer full): a newly allocated list of #GTlsCertificate objects.
951  * Use g_object_unref() on each certificate, and g_list_free() on the release the list.
952  *
953  * Since: 2.30
954  */
955 GList*
956 g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase          *self,
957                                                      GAsyncResult          *result,
958                                                      GError               **error)
959 {
960   g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
961   g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL);
962   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
963   g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL);
964   return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self,
965                                                                                 result,
966                                                                                 error);
967 }