* authorized to act as such. To check if a certificate is a trust anchor use
* gcr_trust_is_certificate_anchor().
*
- * Certificate exceptions are used when a user overrides the default trust
+ * Pinned certificates are used when a user overrides the default trust
* decision for a given certificate. They're often used with self-signed
- * certificates. Certificate exceptions are always only valid for a single peer
+ * certificates. Pinned certificates are always only valid for a single peer
* such as the remote host with which TLS is being performed. To lookup
- * certificate exceptions use gcr_trust_is_certificate_exception().
+ * pinned certificates use gcr_trust_is_certificate_pinned().
*
* After the user has requested to override the trust decision
- * about a given certificate then a certificate exception can be added by using
- * the gcr_trust_add_certificate_exception() function.
+ * about a given certificate then a pinned certificates can be added by using
+ * the gcr_trust_add_pinned_certificate() function.
*
* These functions do not constitute a viable method for verifying certificates
* used in TLS or other locations. Instead they support such verification
}
/* ----------------------------------------------------------------------------------
- * GET CERTIFICATE EXCEPTION
+ * GET PINNED CERTIFICATE
*/
static GckEnumerator*
-prepare_is_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
+prepare_is_certificate_pinned (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
}
static gboolean
-perform_is_certificate_exception (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_is_certificate_pinned (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GckObject *object;
}
/**
- * gcr_trust_is_certificate_exception:
+ * gcr_trust_is_certificate_pinned:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned
* @cancellable: a #GCancellable
* @error: a #GError, or NULL
*
- * Check if there is a recorded exception for connections using @certificate
- * for @purpose to communicate with @peer. A certificate exception overrides
- * all other certificate verification.
+ * Check if @certificate is pinned for @purpose to communicate with @peer.
+ * A pinned certificate overrides all other certificate verification.
*
- * This call may block, see gcr_trust_is_certificate_exception_async() for the
+ * This call may block, see gcr_trust_is_certificate_pinned_async() for the
* non-blocking version.
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* if an error occurred.
*
- * Returns: %TRUE if the certificate has a certificate exception
+ * Returns: %TRUE if the certificate is pinned for the host and purpose
*/
gboolean
-gcr_trust_is_certificate_exception (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable, GError **error)
+gcr_trust_is_certificate_pinned (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
_gcr_initialize ();
- en = prepare_is_certificate_exception (certificate, purpose, peer);
+ en = prepare_is_certificate_pinned (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
- ret = perform_is_certificate_exception (en, cancellable, error);
+ ret = perform_is_certificate_pinned (en, cancellable, error);
g_object_unref (en);
}
static void
-thread_is_certificate_exception (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_is_certificate_pinned (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_is_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+ perform_is_certificate_pinned (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
}
/**
- * gcr_trust_is_certificate_exception_async:
+ * gcr_trust_is_certificate_pinned_async:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned
* @cancellable: a #GCancellable
* @callback: a #GAsyncReadyCallback to call when the operation completes
* @user_data: the data to pass to callback function
*
- * Check if there is a recorded exception for connections using @certificate
- * for @purpose to communicate with @peer. A certificate exception overrides
- * all other certificate verification.
+ * Check if @certificate is pinned for @purpose to communicate with @peer. A
+ * pinned certificate overrides all other certificate verification.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_is_certificate_exception_finish() to get the result of the
+ * gcr_trust_is_certificate_pinned_finish() to get the result of the
* operation.
*/
void
-gcr_trust_is_certificate_exception_async (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gcr_trust_is_certificate_pinned_async (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
_gcr_initialize ();
- en = prepare_is_certificate_exception (certificate, purpose, peer);
+ en = prepare_is_certificate_pinned (certificate, purpose, peer);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_is_certificate_exception_async);
+ gcr_trust_is_certificate_pinned_async);
- g_simple_async_result_run_in_thread (async, thread_is_certificate_exception,
+ g_simple_async_result_run_in_thread (async, thread_is_certificate_pinned,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
}
/**
- * gcr_trust_is_certificate_exception_finish:
+ * gcr_trust_is_certificate_pinned_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_is_certificate_exception_async().
+ * gcr_trust_is_certificate_pinned_async().
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* if an error occurred.
*
- * Returns: %TRUE if the certificate has a certificate exception
+ * Returns: %TRUE if the certificate is pinned.
*/
gboolean
-gcr_trust_is_certificate_exception_finish (GAsyncResult *result, GError **error)
+gcr_trust_is_certificate_pinned_finish (GAsyncResult *result, GError **error)
{
GcrTrustOperation *op;
GObject *object;
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_is_certificate_exception_async), FALSE);
+ gcr_trust_is_certificate_pinned_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
}
/* ----------------------------------------------------------------------------------
- * ADD CERTIFICATE EXCEPTION
+ * ADD PINNED CERTIFICATE
*/
static GckEnumerator*
-prepare_add_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
+prepare_add_pinned_certificate (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
}
static gboolean
-perform_add_certificate_exception (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_add_pinned_certificate (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GckAttributes *attrs;
}
/**
- * gcr_trust_add_certificate_exception:
+ * gcr_trust_add_pinned_certificate:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @error: a #GError, or NULL
*
- * Add a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer. A certificate exception overrides all other
- * certificate verification and should be used with care.
+ * Add a pinned @certificate for connections to @peer for @purpose. A pinned
+ * certificate overrides all other certificate verification and should be
+ * used with care.
*
- * If the same certificate exception already exists, then this operation
+ * If the same pinned certificate already exists, then this operation
* does not add another, and succeeds without error.
*
- * This call may block, see gcr_trust_add_certificate_exception_async() for the
+ * This call may block, see gcr_trust_add_pinned_certificate_async() for the
* non-blocking version.
*
- * Returns: %TRUE if the certificate exception is recorded successfully
+ * Returns: %TRUE if the pinned certificate is recorded successfully
*/
gboolean
-gcr_trust_add_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
- GCancellable *cancellable, GError **error)
+gcr_trust_add_pinned_certificate (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
+ GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
_gcr_initialize ();
- en = prepare_add_certificate_exception (certificate, purpose, peer);
+ en = prepare_add_pinned_certificate (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
- ret = perform_add_certificate_exception (en, cancellable, error);
+ ret = perform_add_pinned_certificate (en, cancellable, error);
g_object_unref (en);
}
static void
-thread_add_certificate_exception (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_add_pinned_certificate (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_add_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+ perform_add_pinned_certificate (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
}
/**
- * gcr_trust_add_certificate_exception_async:
+ * gcr_trust_add_pinned_certificate_async:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @callback: a #GAsyncReadyCallback to call when the operation completes
* @user_data: the data to pass to callback function
*
- * Add a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer. A certificate exception overrides all other
- * certificate verification and should be used with care.
+ * Add a pinned certificate for communication with @peer for @purpose. A pinned
+ * certificate overrides all other certificate verification and should be used
+ * with care.
*
- * If the same certificate exception already exists, then this operation
+ * If the same pinned certificate already exists, then this operation
* does not add another, and succeeds without error.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_add_certificate_exception_finish() to get the result of the
+ * gcr_trust_add_pinned_certificate_finish() to get the result of the
* operation.
*/
void
-gcr_trust_add_certificate_exception_async (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gcr_trust_add_pinned_certificate_async (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
_gcr_initialize ();
- en = prepare_add_certificate_exception (certificate, purpose, peer);
+ en = prepare_add_pinned_certificate (certificate, purpose, peer);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_add_certificate_exception_async);
+ gcr_trust_add_pinned_certificate_async);
- g_simple_async_result_run_in_thread (async, thread_add_certificate_exception,
+ g_simple_async_result_run_in_thread (async, thread_add_pinned_certificate,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
}
/**
- * gcr_trust_add_certificate_exception_finish:
+ * gcr_trust_add_pinned_certificate_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_add_certificate_exception_async().
+ * gcr_trust_add_pinned_certificate_async().
*
- * Returns: %TRUE if the certificate exception is recorded successfully
+ * Returns: %TRUE if the pinned certificate is recorded successfully
*/
gboolean
-gcr_trust_add_certificate_exception_finish (GAsyncResult *result, GError **error)
+gcr_trust_add_pinned_certificate_finish (GAsyncResult *result, GError **error)
{
GObject *object;
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_add_certificate_exception_async), FALSE);
+ gcr_trust_add_pinned_certificate_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
}
/* -----------------------------------------------------------------------
- * REMOVE CERTIFICATE EXCEPTION
+ * REMOVE PINNED CERTIFICATE
*/
static GckEnumerator*
-prepare_remove_certificate_exception (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer)
+prepare_remove_pinned_certificate (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
}
static gboolean
-perform_remove_certificate_exception (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_remove_pinned_certificate (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GList *objects, *l;
}
/**
- * gcr_trust_remove_certificate_exception:
+ * gcr_trust_remove_pinned_certificate:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @error: a #GError, or NULL
*
- * Remove a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer.
+ * Remove a pinned certificate for communication with @peer for @purpose.
*
- * If the same certificate exception does not exist, or was already removed,
+ * If the same pinned certificate does not exist, or was already removed,
* then this operation succeeds without error.
*
- * This call may block, see gcr_trust_remove_certificate_exception_async() for the
+ * This call may block, see gcr_trust_remove_pinned_certificate_async() for the
* non-blocking version.
*
- * Returns: %TRUE if the certificate exception no longer exists
+ * Returns: %TRUE if the pinned certificate no longer exists
*/
gboolean
-gcr_trust_remove_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
- GCancellable *cancellable, GError **error)
+gcr_trust_remove_pinned_certificate (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
+ GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
_gcr_initialize ();
- en = prepare_remove_certificate_exception (certificate, purpose, peer);
+ en = prepare_remove_pinned_certificate (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
- ret = perform_remove_certificate_exception (en, cancellable, error);
+ ret = perform_remove_pinned_certificate (en, cancellable, error);
g_object_unref (en);
}
static void
-thread_remove_certificate_exception (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_remove_pinned_certificate (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_remove_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+ perform_remove_pinned_certificate (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
}
/**
- * gcr_trust_remove_certificate_exception_async:
+ * gcr_trust_remove_pinned_certificate_async:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @callback: a #GAsyncReadyCallback to call when the operation completes
* @user_data: the data to pass to callback function
*
- * Remove a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer.
+ * Remove a pinned certificate for communication with @peer for @purpose.
*
- * If the same certificate exception does not exist, or was already removed,
+ * If the same pinned certificate does not exist, or was already removed,
* then this operation succeeds without error.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_remove_certificate_exception_finish() to get the result of the
+ * gcr_trust_remove_pinned_certificate_finish() to get the result of the
* operation.
*/
void
-gcr_trust_remove_certificate_exception_async (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gcr_trust_remove_pinned_certificate_async (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
_gcr_initialize ();
- en = prepare_remove_certificate_exception (certificate, purpose, peer);
+ en = prepare_remove_pinned_certificate (certificate, purpose, peer);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_remove_certificate_exception_async);
+ gcr_trust_remove_pinned_certificate_async);
- g_simple_async_result_run_in_thread (async, thread_remove_certificate_exception,
+ g_simple_async_result_run_in_thread (async, thread_remove_pinned_certificate,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
}
/**
- * gcr_trust_remove_certificate_exception_finish:
+ * gcr_trust_remove_pinned_certificate_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_remove_certificate_exception_async().
+ * gcr_trust_remove_pinned_certificate_async().
*
- * Returns: %TRUE if the certificate exception no longer exists
+ * Returns: %TRUE if the pinned certificate no longer exists
*/
gboolean
-gcr_trust_remove_certificate_exception_finish (GAsyncResult *result, GError **error)
+gcr_trust_remove_pinned_certificate_finish (GAsyncResult *result, GError **error)
{
GObject *object;
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_remove_certificate_exception_async), FALSE);
+ gcr_trust_remove_pinned_certificate_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
*/
static GckEnumerator*
-prepare_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose)
+prepare_is_certificate_anchored (GcrCertificate *certificate, const gchar *purpose)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_ANCHOR);
+ attrs = prepare_trust_attrs (certificate, CKT_G_ANCHORED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
}
static gboolean
-perform_is_certificate_anchor (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_is_certificate_anchored (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GckObject *object;
}
/**
- * gcr_trust_is_certificate_anchor:
+ * gcr_trust_is_certificate_anchored:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
* @cancellable: a #GCancellable
* anchor is used to verify the signatures on other certificates when verifying
* a certificate chain. Also known as a trusted certificate authority.
*
- * This call may block, see gcr_trust_is_certificate_anchor_async() for the
+ * This call may block, see gcr_trust_is_certificate_anchored_async() for the
* non-blocking version.
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* Returns: %TRUE if the certificate is a trust anchor
*/
gboolean
-gcr_trust_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose,
- GCancellable *cancellable, GError **error)
+gcr_trust_is_certificate_anchored (GcrCertificate *certificate, const gchar *purpose,
+ GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
_gcr_initialize ();
- en = prepare_is_certificate_anchor (certificate, purpose);
+ en = prepare_is_certificate_anchored (certificate, purpose);
g_return_val_if_fail (en, FALSE);
- ret = perform_is_certificate_anchor (en, cancellable, error);
+ ret = perform_is_certificate_anchored (en, cancellable, error);
g_object_unref (en);
}
static void
-thread_is_certificate_anchor (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_is_certificate_anchored (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_is_certificate_anchor (GCK_ENUMERATOR (object), cancel, &error);
+ perform_is_certificate_anchored (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
}
/**
- * gcr_trust_is_certificate_anchor_async:
+ * gcr_trust_is_certificate_anchored_async:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
* @cancellable: a #GCancellable
* a certificate chain. Also known as a trusted certificate authority.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_is_certificate_anchor_finish() to get the result of the operation.
+ * gcr_trust_is_certificate_anchored_finish() to get the result of the operation.
*/
void
-gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate, const gchar *purpose,
- GCancellable *cancellable, GAsyncReadyCallback callback,
- gpointer user_data)
+gcr_trust_is_certificate_anchored_async (GcrCertificate *certificate, const gchar *purpose,
+ GCancellable *cancellable, GAsyncReadyCallback callback,
+ gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
_gcr_initialize ();
- en = prepare_is_certificate_anchor (certificate, purpose);
+ en = prepare_is_certificate_anchored (certificate, purpose);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_is_certificate_anchor_async);
+ gcr_trust_is_certificate_anchored_async);
- g_simple_async_result_run_in_thread (async, thread_is_certificate_anchor,
+ g_simple_async_result_run_in_thread (async, thread_is_certificate_anchored,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
}
/**
- * gcr_trust_is_certificate_anchor_finish:
+ * gcr_trust_is_certificate_anchored_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_is_certificate_anchor_async().
+ * gcr_trust_is_certificate_anchored_async().
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* if an error occurred.
* Returns: %TRUE if the certificate is a trust anchor
*/
gboolean
-gcr_trust_is_certificate_anchor_finish (GAsyncResult *result, GError **error)
+gcr_trust_is_certificate_anchored_finish (GAsyncResult *result, GError **error)
{
GcrTrustOperation *op;
GObject *object;
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_is_certificate_anchor_async), FALSE);
+ gcr_trust_is_certificate_anchored_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
gck_assert_cmprv (rv, ==, CKR_OK);
}
-TESTING_TEST (trust_is_exception_none)
+TESTING_TEST (trust_is_pinned_none)
{
GError *error = NULL;
gboolean trust;
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, FALSE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_add_and_is_exception)
+TESTING_TEST (trust_add_and_is_pinned)
{
GError *error = NULL;
gboolean trust;
gboolean ret;
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, FALSE);
g_assert (error == NULL);
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ ret = gcr_trust_add_pinned_certificate (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, TRUE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_add_certificate_exception_fail)
+TESTING_TEST (trust_add_certificate_pinned_fail)
{
GError *error = NULL;
gboolean ret;
/* Make this function fail */
funcs.C_CreateObject = gck_mock_fail_C_CreateObject;
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_CLIENT_AUTH, "peer", NULL, &error);
+ ret = gcr_trust_add_pinned_certificate (certificate, GCR_PURPOSE_CLIENT_AUTH, "peer", NULL, &error);
g_assert (ret == FALSE);
g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
}
-TESTING_TEST (trust_add_and_remov_exception)
+TESTING_TEST (trust_add_and_remov_pinned)
{
GError *error = NULL;
gboolean trust;
gboolean ret;
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ ret = gcr_trust_add_pinned_certificate (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, TRUE);
g_assert (error == NULL);
- ret = gcr_trust_remove_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ ret = gcr_trust_remove_pinned_certificate (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, FALSE);
g_assert (error == NULL);
}
testing_wait_stop ();
}
-TESTING_TEST (trust_add_and_is_exception_async)
+TESTING_TEST (trust_add_and_is_pinned_async)
{
GAsyncResult *result = NULL;
GError *error = NULL;
gboolean trust;
gboolean ret;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == FALSE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_add_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host",
+ gcr_trust_add_pinned_certificate_async (certificate, GCR_PURPOSE_EMAIL, "host",
NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_add_certificate_exception_finish (result, &error);
+ ret = gcr_trust_add_pinned_certificate_finish (result, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
}
-TESTING_TEST (trust_add_and_remov_exception_async)
+TESTING_TEST (trust_add_and_remov_pinned_async)
{
GAsyncResult *result = NULL;
GError *error = NULL;
gboolean trust;
gboolean ret;
- gcr_trust_add_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_add_pinned_certificate_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_add_certificate_exception_finish (result, &error);
+ ret = gcr_trust_add_pinned_certificate_finish (result, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_remove_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_remove_pinned_certificate_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_remove_certificate_exception_finish (result, &error);
+ ret = gcr_trust_remove_pinned_certificate_finish (result, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == FALSE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
}
-TESTING_TEST (trust_is_certificate_anchor_not)
+TESTING_TEST (trust_is_certificate_anchored_not)
{
GError *error = NULL;
gboolean ret;
- ret = gcr_trust_is_certificate_anchor (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
+ ret = gcr_trust_is_certificate_anchored (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
g_assert (ret == FALSE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_is_certificate_anchor_yes)
+TESTING_TEST (trust_is_certificate_anchored_yes)
{
GError *error = NULL;
GckAttributes *attrs;
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_CERTIFICATE_TRUST_ANCHOR);
+ gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
gck_mock_module_take_object (attrs);
- ret = gcr_trust_is_certificate_anchor (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
+ ret = gcr_trust_is_certificate_anchored (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_is_certificate_anchor_async)
+TESTING_TEST (trust_is_certificate_anchored_async)
{
GAsyncResult *result = NULL;
GError *error = NULL;
gboolean ret;
- gcr_trust_is_certificate_anchor_async (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_anchored_async (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_is_certificate_anchor_finish (result, &error);
+ ret = gcr_trust_is_certificate_anchored_finish (result, &error);
g_assert (ret == FALSE);
g_assert (error == NULL);