PROP_0,
PROP_CERTIFICATE,
- PROP_CERTIFICATE_BYTES,
PROP_CERTIFICATE_PEM,
PROP_PRIVATE_KEY,
- PROP_PRIVATE_KEY_BYTES,
PROP_PRIVATE_KEY_PEM,
PROP_ISSUER
};
G_OBJECT_CLASS (g_tls_certificate_gnutls_parent_class)->finalize (object);
}
-static GByteArray *
-get_der_for_certificate (GTlsCertificateGnutls *self)
-{
- GByteArray *certificate;
- size_t size;
- int status;
-
- size = 0;
- status = gnutls_x509_crt_export (self->priv->cert,
- GNUTLS_X509_FMT_DER,
- NULL, &size);
- if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- certificate = NULL;
- }
- else
- {
- certificate = g_byte_array_sized_new (size);
- certificate->len = size;
- status = gnutls_x509_crt_export (self->priv->cert,
- GNUTLS_X509_FMT_DER,
- certificate->data, &size);
- if (status != 0)
- {
- g_byte_array_free (certificate, TRUE);
- certificate = NULL;
- }
- }
-
- return certificate;
-}
-
-static gchar *
-get_pem_for_certificate (GTlsCertificateGnutls *self)
-{
- char *certificate_pem;
- int status;
- size_t size;
-
- size = 0;
- status = gnutls_x509_crt_export (self->priv->cert,
- GNUTLS_X509_FMT_PEM,
- NULL, &size);
- if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- certificate_pem = NULL;
- }
- else
- {
- certificate_pem = g_malloc (size);
- status = gnutls_x509_crt_export (self->priv->cert,
- GNUTLS_X509_FMT_PEM,
- certificate_pem, &size);
- if (status != 0)
- {
- g_free (certificate_pem);
- certificate_pem = NULL;
- }
- }
-
- return certificate_pem;
-}
-
static void
g_tls_certificate_gnutls_get_property (GObject *object,
guint prop_id,
{
GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
GByteArray *certificate;
+ char *certificate_pem;
+ int status;
+ size_t size;
switch (prop_id)
{
case PROP_CERTIFICATE:
- g_value_take_boxed (value, get_der_for_certificate (gnutls));
- break;
-
- case PROP_CERTIFICATE_BYTES:
- certificate = get_der_for_certificate (gnutls);
- if (certificate == NULL)
- g_value_take_boxed (value, NULL);
+ size = 0;
+ status = gnutls_x509_crt_export (gnutls->priv->cert,
+ GNUTLS_X509_FMT_DER,
+ NULL, &size);
+ if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ certificate = NULL;
else
- g_value_take_boxed (value, g_byte_array_free_to_bytes (certificate));
+ {
+ certificate = g_byte_array_sized_new (size);
+ certificate->len = size;
+ status = gnutls_x509_crt_export (gnutls->priv->cert,
+ GNUTLS_X509_FMT_DER,
+ certificate->data, &size);
+ if (status != 0)
+ {
+ g_byte_array_free (certificate, TRUE);
+ certificate = NULL;
+ }
+ }
+ g_value_take_boxed (value, certificate);
break;
case PROP_CERTIFICATE_PEM:
- g_value_take_string (value, get_pem_for_certificate (gnutls));
+ size = 0;
+ status = gnutls_x509_crt_export (gnutls->priv->cert,
+ GNUTLS_X509_FMT_PEM,
+ NULL, &size);
+ if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ certificate_pem = NULL;
+ else
+ {
+ certificate_pem = g_malloc (size);
+ status = gnutls_x509_crt_export (gnutls->priv->cert,
+ GNUTLS_X509_FMT_PEM,
+ certificate_pem, &size);
+ if (status != 0)
+ {
+ g_free (certificate_pem);
+ certificate_pem = NULL;
+ }
+ }
+ g_value_take_string (value, certificate_pem);
break;
case PROP_ISSUER:
}
static void
-set_certificate_from_der (GTlsCertificateGnutls *self,
- const guchar *der,
- gsize len)
-{
- gnutls_datum_t data;
- int status;
-
- g_return_if_fail (self->priv->have_cert == FALSE);
- data.data = (guchar *)der;
- data.size = len;
- status = gnutls_x509_crt_import (self->priv->cert, &data,
- GNUTLS_X509_FMT_DER);
- if (status == 0)
- {
- self->priv->have_cert = TRUE;
- }
- else if (!self->priv->construct_error)
- {
- self->priv->construct_error =
- g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Could not parse DER certificate: %s"),
- gnutls_strerror (status));
- }
-}
-
-static void
-set_certificate_from_pem (GTlsCertificateGnutls *self,
- const gchar *string)
-{
- gnutls_datum_t data;
- int status;
-
- g_return_if_fail (self->priv->have_cert == FALSE);
- data.data = (guchar *)string;
- data.size = strlen (string);
- status = gnutls_x509_crt_import (self->priv->cert, &data,
- GNUTLS_X509_FMT_PEM);
- if (status == 0)
- {
- self->priv->have_cert = TRUE;
- }
- else if (!self->priv->construct_error)
- {
- self->priv->construct_error =
- g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Could not parse PEM certificate: %s"),
- gnutls_strerror (status));
- }
-}
-
-static void
-set_private_key_from_der (GTlsCertificateGnutls *self,
- const guchar *der,
- gsize len)
-{
- gnutls_datum_t data;
- int status;
-
- g_return_if_fail (self->priv->have_key == FALSE);
- data.data = (guchar *)der;
- data.size = len;
- if (!self->priv->key)
- gnutls_x509_privkey_init (&self->priv->key);
- status = gnutls_x509_privkey_import (self->priv->key, &data,
- GNUTLS_X509_FMT_DER);
- if (status != 0)
- {
- int pkcs8_status =
- gnutls_x509_privkey_import_pkcs8 (self->priv->key, &data,
- GNUTLS_X509_FMT_DER, NULL,
- GNUTLS_PKCS_PLAIN);
- if (pkcs8_status == 0)
- status = 0;
- }
- if (status == 0)
- {
- self->priv->have_key = TRUE;
- }
- else if (!self->priv->construct_error)
- {
- self->priv->construct_error =
- g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Could not parse DER private key: %s"),
- gnutls_strerror (status));
- }
-}
-
-static void
-set_private_key_from_pem (GTlsCertificateGnutls *self,
- const gchar *string)
-{
- gnutls_datum_t data;
- int status;
-
- g_return_if_fail (self->priv->have_key == FALSE);
- data.data = (guchar *)string;
- data.size = strlen (string);
- if (!self->priv->key)
- gnutls_x509_privkey_init (&self->priv->key);
- status = gnutls_x509_privkey_import (self->priv->key, &data,
- GNUTLS_X509_FMT_PEM);
- if (status != 0)
- {
- int pkcs8_status =
- gnutls_x509_privkey_import_pkcs8 (self->priv->key, &data,
- GNUTLS_X509_FMT_PEM, NULL,
- GNUTLS_PKCS_PLAIN);
- if (pkcs8_status == 0)
- status = 0;
- }
- if (status == 0)
- {
- self->priv->have_key = TRUE;
- }
- else if (!self->priv->construct_error)
- {
- self->priv->construct_error =
- g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Could not parse PEM private key: %s"),
- gnutls_strerror (status));
- }
-}
-
-static void
g_tls_certificate_gnutls_set_property (GObject *object,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
- GByteArray *byte_array;
+ GByteArray *bytes;
const char *string;
- GBytes *bytes;
+ gnutls_datum_t data;
+ int status;
switch (prop_id)
{
case PROP_CERTIFICATE:
- byte_array = g_value_get_boxed (value);
- if (byte_array)
- set_certificate_from_der (gnutls, byte_array->data, byte_array->len);
- break;
-
- case PROP_CERTIFICATE_BYTES:
bytes = g_value_get_boxed (value);
- if (bytes)
- {
- set_certificate_from_der (gnutls, g_bytes_get_data (bytes, NULL),
- g_bytes_get_size (bytes));
- }
+ if (!bytes)
+ break;
+ g_return_if_fail (gnutls->priv->have_cert == FALSE);
+ data.data = bytes->data;
+ data.size = bytes->len;
+ status = gnutls_x509_crt_import (gnutls->priv->cert, &data,
+ GNUTLS_X509_FMT_DER);
+ if (status == 0)
+ gnutls->priv->have_cert = TRUE;
+ else if (!gnutls->priv->construct_error)
+ {
+ gnutls->priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse DER certificate: %s"),
+ gnutls_strerror (status));
+ }
+
break;
case PROP_CERTIFICATE_PEM:
string = g_value_get_string (value);
- if (string)
- set_certificate_from_pem (gnutls, string);
+ if (!string)
+ break;
+ g_return_if_fail (gnutls->priv->have_cert == FALSE);
+ data.data = (void *)string;
+ data.size = strlen (string);
+ status = gnutls_x509_crt_import (gnutls->priv->cert, &data,
+ GNUTLS_X509_FMT_PEM);
+ if (status == 0)
+ gnutls->priv->have_cert = TRUE;
+ else if (!gnutls->priv->construct_error)
+ {
+ gnutls->priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse PEM certificate: %s"),
+ gnutls_strerror (status));
+ }
break;
case PROP_PRIVATE_KEY:
- byte_array = g_value_get_boxed (value);
- if (byte_array)
- set_private_key_from_der (gnutls, byte_array->data, byte_array->len);
- break;
-
- case PROP_PRIVATE_KEY_BYTES:
bytes = g_value_get_boxed (value);
- if (bytes)
- {
- set_private_key_from_der (gnutls, g_bytes_get_data (bytes, NULL),
- g_bytes_get_size (bytes));
- }
+ if (!bytes)
+ break;
+ g_return_if_fail (gnutls->priv->have_key == FALSE);
+ data.data = bytes->data;
+ data.size = bytes->len;
+ if (!gnutls->priv->key)
+ gnutls_x509_privkey_init (&gnutls->priv->key);
+ status = gnutls_x509_privkey_import (gnutls->priv->key, &data,
+ GNUTLS_X509_FMT_DER);
+ if (status != 0)
+ {
+ int pkcs8_status =
+ gnutls_x509_privkey_import_pkcs8 (gnutls->priv->key, &data,
+ GNUTLS_X509_FMT_DER, NULL,
+ GNUTLS_PKCS_PLAIN);
+ if (pkcs8_status == 0)
+ status = 0;
+ }
+ if (status == 0)
+ gnutls->priv->have_key = TRUE;
+ else if (!gnutls->priv->construct_error)
+ {
+ gnutls->priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse DER private key: %s"),
+ gnutls_strerror (status));
+ }
break;
case PROP_PRIVATE_KEY_PEM:
string = g_value_get_string (value);
- if (string)
- set_private_key_from_pem (gnutls, string);
+ if (!string)
+ break;
+ g_return_if_fail (gnutls->priv->have_key == FALSE);
+ data.data = (void *)string;
+ data.size = strlen (string);
+ if (!gnutls->priv->key)
+ gnutls_x509_privkey_init (&gnutls->priv->key);
+ status = gnutls_x509_privkey_import (gnutls->priv->key, &data,
+ GNUTLS_X509_FMT_PEM);
+ if (status != 0)
+ {
+ int pkcs8_status =
+ gnutls_x509_privkey_import_pkcs8 (gnutls->priv->key, &data,
+ GNUTLS_X509_FMT_PEM, NULL,
+ GNUTLS_PKCS_PLAIN);
+ if (pkcs8_status == 0)
+ status = 0;
+ }
+ if (status == 0)
+ gnutls->priv->have_key = TRUE;
+ else if (!gnutls->priv->construct_error)
+ {
+ gnutls->priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse PEM private key: %s"),
+ gnutls_strerror (status));
+ }
break;
case PROP_ISSUER:
klass->copy = g_tls_certificate_gnutls_real_copy;
g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
- g_object_class_override_property (gobject_class, PROP_CERTIFICATE_BYTES, "certificate-bytes");
g_object_class_override_property (gobject_class, PROP_CERTIFICATE_PEM, "certificate-pem");
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
- g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_BYTES, "private-key-bytes");
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer");
}
gnutls->priv->issuer = issuer;
g_object_notify (G_OBJECT (gnutls), "issuer");
}
+
+GBytes *
+g_tls_certificate_gnutls_get_bytes (GTlsCertificateGnutls *gnutls)
+{
+ GByteArray *array;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls), NULL);
+
+ g_object_get (gnutls, "certificate", &array, NULL);
+ return g_byte_array_free_to_bytes (array);
+}
gchar *cert_pem;
gsize cert_pem_length;
GByteArray *cert_der;
- GBytes *cert_bytes;
gchar *key_pem;
gsize key_pem_length;
GByteArray *key_der;
- GBytes *key_bytes;
} TestCertificate;
static void
g_byte_array_append (test->cert_der, (guint8 *)contents, length);
g_free (contents);
- test->cert_bytes = g_bytes_new_with_free_func (test->cert_der->data, test->cert_der->len,
- (GDestroyNotify)g_byte_array_unref,
- g_byte_array_ref (test->cert_der));
-
g_file_get_contents (TEST_FILE ("server-key.pem"), &test->key_pem,
&test->key_pem_length, &error);
g_assert_no_error (error);
test->key_der = g_byte_array_new ();
g_byte_array_append (test->key_der, (guint8 *)contents, length);
g_free (contents);
-
- test->key_bytes = g_bytes_new_with_free_func (test->key_der->data, test->key_der->len,
- (GDestroyNotify)g_byte_array_unref,
- g_byte_array_ref (test->key_der));
}
static void
{
g_free (test->cert_pem);
g_byte_array_free (test->cert_der, TRUE);
- g_bytes_unref (test->cert_bytes);
g_free (test->key_pem);
g_byte_array_free (test->key_der, TRUE);
- g_bytes_unref (test->key_bytes);
}
static void
GTlsCertificate *cert;
GByteArray *der = NULL;
GError *error = NULL;
- GBytes *bytes;
cert = g_initable_new (test->cert_gtype, NULL, &error,
"certificate", test->cert_der,
g_assert_cmpuint (der->len, ==, test->cert_der->len);
g_assert (memcmp (der->data, test->cert_der->data, der->len) == 0);
- /* Make sure that certificate-bytes is equal to certificate */
- bytes = NULL;
- g_object_get (cert, "certificate-bytes", &bytes, NULL);
- g_assert (bytes != NULL);
- g_assert_cmpuint (der->len, ==, g_bytes_get_size (bytes));
- g_assert (memcmp (der->data, g_bytes_get_data (bytes, NULL), der->len) == 0);
- g_bytes_unref (bytes);
-
g_byte_array_unref (der);
g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
}
static void
-test_create_bytes (TestCertificate *test,
- gconstpointer data)
-{
- GTlsCertificate *cert;
- GBytes *der = NULL;
- GError *error = NULL;
- GByteArray *array;
-
- cert = g_initable_new (test->cert_gtype, NULL, &error,
- "certificate-bytes", test->cert_bytes,
- NULL);
- g_assert_no_error (error);
- g_assert (G_IS_TLS_CERTIFICATE (cert));
-
- g_object_get (cert, "certificate-bytes", &der, NULL);
- g_assert (der);
- g_assert (g_bytes_equal (der, test->cert_bytes));
-
- /* Make sure that certificate is equal to certificate-bytes */
- array = NULL;
- g_object_get (cert, "certificate", &array, NULL);
- g_assert (array != NULL);
- g_assert_cmpuint (array->len, ==, g_bytes_get_size (der));
- g_assert (memcmp (array->data, g_bytes_get_data (der, NULL), array->len) == 0);
- g_byte_array_unref (array);
-
- g_bytes_unref (der);
-
- g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
- g_object_unref (cert);
- g_assert (cert == NULL);
-}
-
-static void
-test_create_with_key_bytes (TestCertificate *test,
- gconstpointer data)
-{
- GTlsCertificate *cert;
- GError *error = NULL;
-
- cert = g_initable_new (test->cert_gtype, NULL, &error,
- "certificate-bytes", test->cert_bytes,
- "private-key-bytes", test->key_bytes,
- NULL);
- g_assert_no_error (error);
- g_assert (G_IS_TLS_CERTIFICATE (cert));
-
- g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
- g_object_unref (cert);
- g_assert (cert == NULL);
-}
-
-static void
test_create_certificate_with_issuer (TestCertificate *test,
gconstpointer data)
{
setup_certificate, test_create_pem, teardown_certificate);
g_test_add ("/tls/certificate/create-der", TestCertificate, NULL,
setup_certificate, test_create_der, teardown_certificate);
- g_test_add ("/tls/certificate/create-bytes", TestCertificate, NULL,
- setup_certificate, test_create_bytes, teardown_certificate);
g_test_add ("/tls/certificate/create-with-key-pem", TestCertificate, NULL,
setup_certificate, test_create_with_key_pem, teardown_certificate);
g_test_add ("/tls/certificate/create-with-key-der", TestCertificate, NULL,
setup_certificate, test_create_with_key_der, teardown_certificate);
- g_test_add ("/tls/certificate/create-with-key-bytes", TestCertificate, NULL,
- setup_certificate, test_create_with_key_bytes, teardown_certificate);
g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_issuer, teardown_certificate);