Checks the version of the Gcr library that is being compiled
against.
```
#if !GCR_CHECK_VERSION (3, 0, 0)
#warning Old Gcr version, disabling functionality
#endif
```
the major version to check for
the minor version to check for
the micro version to check for
An interface that represents an X.509 certificate.
Objects can implement this interface to make a certificate usable with the
GCR library.
Various methods are available to parse out relevant bits of the certificate.
However no verification of the validity of a certificate is done here. Use
your favorite crypto library to do this.
You can use [class@SimpleCertificate] to simply load a certificate for which
you already have the raw certificate data.
The #GcrCertificate interface has several properties that must be implemented.
You can use a mixin to implement these properties if desired. See the
gcr_certificate_mixin_class_init() and gcr_certificate_mixin_get_property()
functions.
Initialize the certificate mixin for the class. This mixin implements the
various required properties for the certificate.
Call this function near the end of your derived class_init function. The
derived class must implement the #GcrCertificate interface.
The GObjectClass for this class
Implementation to get various required certificate properties. This should
be called from your derived class get_property function, or used as a
get_property virtual function.
Example of use as called from derived class get_property function:
<informalexample><programlisting>
static void
my_get_property (GObject *obj, guint prop_id, GValue *value, GParamSpec *pspec)
{
switch (prop_id) {
...
default:
gcr_certificate_mixin_get_property (obj, prop_id, value, pspec);
break;
}
}
</programlisting></informalexample>
Example of use as get_property function:
<informalexample><programlisting>
static void
my_class_init (MyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
gobject_class->get_property = gcr_certificate_mixin_get_property;
...
}
</programlisting></informalexample>
The object
The property id
The value to fill in.
The param specification.
Gets the raw DER data for an X.509 certificate.
raw DER data of the X.509 certificate
a #GcrCertificate
a pointer to a location to store the size of the resulting DER data.
Get the basic constraints for the certificate if present. If %FALSE is
returned then no basic constraints are present and the @is_ca and
@path_len arguments are not changed.
whether basic constraints are present or not
the certificate
location to place a %TRUE if is an authority
location to place the max path length
Gets the raw DER data for an X.509 certificate.
raw DER data of the X.509 certificate
a #GcrCertificate
a pointer to a location to store the size of the resulting DER data.
Get the expiry date of this certificate.
An expiry date of this certificate.
a #GcrCertificate
Calculate the fingerprint for this certificate.
The caller should free the returned data using g_free() when
it is no longer required.
the raw binary fingerprint
a #GcrCertificate
the type of algorithm for the fingerprint.
The length of the resulting fingerprint.
Calculate the fingerprint for this certificate, and return it
as a hex string.
The caller should free the returned data using g_free() when
it is no longer required.
an allocated hex string which contains the fingerprint.
a #GcrCertificate
the type of algorithm for the fingerprint.
Get the list of sections from the certificate that can be shown to the user
interface.
A #GList of
#GcrCertificateSection
the #GcrCertificate
Get the issued date of this certificate.
A issued date of this certificate.
a #GcrCertificate
Get the common name of the issuer of this certificate.
The string returned should be freed by the caller when no longer
required.
The allocated issuer CN, or %NULL if no issuer CN present.
a #GcrCertificate
Get the full issuer DN of the certificate as a (mostly)
readable string.
The string returned should be freed by the caller when no longer
required.
The allocated issuer DN of the certificate.
a #GcrCertificate
Get a name to represent the issuer of this certificate.
This will try to lookup the common name, orianizational unit,
organization in that order.
the allocated issuer name, or %NULL if no issuer name
a #GcrCertificate
Get a part of the DN of the issuer of this certificate.
Examples of a @part might be the 'OU' (organizational unit)
or the 'CN' (common name). Only the value of that part
of the DN is returned.
The string returned should be freed by the caller when no longer
required.
the allocated part of the issuer DN, or %NULL if no
such part is present
a #GcrCertificate
a DN type string or OID.
Get the raw DER data for the issuer DN of the certificate.
The data should be freed by using g_free() when no longer required.
allocated memory
containing the raw issuer
a #GcrCertificate
The length of the returned data.
Get the key size in bits of the public key represented
by this certificate.
The key size of the certificate.
a #GcrCertificate
Get the raw binary serial number of the certificate.
The caller should free the returned data using g_free() when
it is no longer required.
the raw binary serial number.
a #GcrCertificate
the length of the returned data.
Get the serial number of the certificate as a hex string.
The caller should free the returned data using g_free() when
it is no longer required.
an allocated string containing the serial number as hex.
a #GcrCertificate
Get the common name of the subject of this certificate.
The string returned should be freed by the caller when no longer
required.
The allocated subject CN, or %NULL if no subject CN present.
a #GcrCertificate
Get the full subject DN of the certificate as a (mostly)
readable string.
The string returned should be freed by the caller when no longer
required.
The allocated subject DN of the certificate.
a #GcrCertificate
Get a name to represent the subject of this certificate.
This will try to lookup the common name, orianizational unit,
organization in that order.
the allocated subject name, or %NULL if no subject name
a #GcrCertificate
Get a part of the DN of the subject of this certificate.
Examples of a @part might be the 'OU' (organizational unit)
or the 'CN' (common name). Only the value of that part
of the DN is returned.
The string returned should be freed by the caller when no longer
required.
the allocated part of the subject DN, or %NULL if no
such part is present.
a #GcrCertificate
a DN type string or OID.
Get the raw DER data for the subject DN of the certificate.
The data should be freed by using g_free() when no longer required.
allocated memory
containing the raw subject
a #GcrCertificate
The length of the returned data.
Get the version of the X.509 certificate.
the version of the certificate
a #GcrCertificate
Check if @issuer could be the issuer of this certificate. This is done by
comparing the relevant subject and issuer fields. No signature check is
done. Proper verification of certificates must be done via a crypto
library.
whether @issuer could be the issuer of the certificate.
a #GcrCertificate
a possible issuer #GcrCertificate
Implementers of the #GcrCertificate mixin should call this function to notify
when the certificate has changed to emit notifications on the various
properties.
the #GcrCertificate
A readable description for this certificate
The expiry date of the certificate
Common name part of the certificate issuer
A readable label for this certificate.
Represents a chain of certificates, normally used to
validate the trust in a certificate. An X.509 certificate chain has one
endpoint certificate (the one for which trust is being verified) and then
in turn the certificate that issued each previous certificate in the chain.
This functionality is for building of certificate chains not for validating
them. Use your favorite crypto library to validate trust in a certificate
chain once its built.
The order of certificates in the chain should be first the endpoint
certificates and then the signing certificates.
Create a new certificate chain with [ctor@CertificateChain.new] and then
add the certificates with [method@CertificateChain.add].
You can then use [method@CertificateChain.build] to build the remainder of
the chain. This will lookup missing certificates in PKCS#11 modules and
also check that each certificate in the chain is the signer of the previous
one. If a trust anchor, pinned certificate, or self-signed certificate is
found, then the chain is considered built. Any extra certificates are
removed from the chain.
Once the certificate chain has been built, you can access its status
through [method@CertificateChain.get_status]. The status signifies whether
the chain is anchored on a trust root, self-signed, incomplete etc. See
[enum@CertificateChainStatus] for information on the various statuses.
It's important to understand that the building of a certificate chain is
merely the first step towards verifying trust in a certificate.
Create a new #GcrCertificateChain.
a newly allocated certificate chain
Add @certificate to the chain. The order of certificates in the chain are
important. The first certificate should be the endpoint certificate, and
then come the signers (certificate authorities) each in turn. If a root
certificate authority is present, it should come last.
Adding a certificate an already built chain (see
gcr_certificate_chain_build()) resets the type of the certificate chain
to %GCR_CERTIFICATE_CHAIN_UNKNOWN
the #GcrCertificateChain
a #GcrCertificate to add to the chain
Complete a certificate chain. Once a certificate chain has been built
its status can be examined.
This operation will lookup missing certificates in PKCS#11
modules and also that each certificate in the chain is the signer of the
previous one. If a trust anchor, pinned certificate, or self-signed certificate
is found, then the chain is considered built. Any extra certificates are
removed from the chain.
It's important to understand that building of a certificate chain does not
constitute verifying that chain. This is merely the first step towards
trust verification.
The @purpose is a string like %GCR_PURPOSE_CLIENT_AUTH and is the purpose
for which the certificate chain will be used. Trust anchors are looked up
for this purpose. This argument is required.
The @peer is usually the host name of the peer whith which this certificate
chain is being used. It is used to look up pinned certificates that have
been stored for this peer. If %NULL then no pinned certificates will
be considered.
If the %GCR_CERTIFICATE_CHAIN_NO_LOOKUPS flag is specified then no
lookups for anchors or pinned certificates are done, and the resulting chain
will be neither anchored or pinned. Additionally no missing certificate
authorities are looked up in PKCS#11
This call will block, see gcr_certificate_chain_build_async() for the
asynchronous version.
whether the operation completed successfully
the #GcrCertificateChain
the purpose the certificate chain will be used for
the peer the certificate chain will be used with, or %NULL
chain completion flags
a #GCancellable or %NULL
Complete a certificate chain. Once a certificate chain has been built
its status can be examined.
This will lookup missing certificates in PKCS#11
modules and also that each certificate in the chain is the signer of the
previous one. If a trust anchor, pinned certificate, or self-signed certificate
is found, then the chain is considered built. Any extra certificates are
removed from the chain.
It's important to understand that building of a certificate chain does not
constitute verifying that chain. This is merely the first step towards
trust verification.
The @purpose is a string like %GCR_PURPOSE_CLIENT_AUTH and is the purpose
for which the certificate chain will be used. Trust anchors are looked up
for this purpose. This argument is required.
The @peer is usually the host name of the peer whith which this certificate
chain is being used. It is used to look up pinned certificates that have
been stored for this peer. If %NULL then no pinned certificates will
be considered.
If the %GCR_CERTIFICATE_CHAIN_NO_LOOKUPS flag is specified then no
lookups for anchors or pinned certificates are done, and the resulting chain
will be neither anchored or pinned. Additionally no missing certificate
authorities are looked up in PKCS#11
When the operation is finished, @callback will be called. You can then call
gcr_certificate_chain_build_finish() to get the result of the operation.
the #GcrCertificateChain
the purpose the certificate chain will be used for
the peer the certificate chain will be used with, or %NULL
chain completion flags
a #GCancellable or %NULL
this will be called when the operation completes.
data to pass to the callback
Finishes an asynchronous operation started by
gcr_certificate_chain_build_async().
whether the operation succeeded
the #GcrCertificateChain
the #GAsyncResult passed to the callback
If the certificate chain has been built and is of status
%GCR_CERTIFICATE_CHAIN_ANCHORED, then this will return the anchor
certificate that was found. This is not necessarily a root certificate
authority. If an intermediate certificate authority in the chain was
found to be anchored, then that certificate will be returned.
If an anchor is returned it does not mean that the certificate chain has
been verified, but merely that an anchor has been found.
the anchor certificate, or %NULL if not anchored.
the #GcrCertificateChain
Get a certificate in the chain. It is an error to call this function
with an invalid index.
the certificate
the #GcrCertificateChain
index of the certificate to get
Get the endpoint certificate in the chain. This is always the first
certificate in the chain. The endpoint certificate cannot be anchored.
the endpoint certificate, or %NULL if the chain
is empty
the #GcrCertificateChain
Get the length of the certificate chain.
the length of the certificate chain
the #GcrCertificateChain
Get the status of a certificate chain. If the certificate chain has not
been built, then the status will be %GCR_CERTIFICATE_CHAIN_UNKNOWN.
A status of %GCR_CERTIFICATE_CHAIN_ANCHORED does not mean that the
certificate chain has been verified, but merely that an anchor has been
found.
the status of the certificate chain.
the #GcrCertificateChain
The length of the certificate chain.
The certificate chain status. See #GcrCertificateChainStatus
The class for #GcrCertificateChain.
The parent class
Flags to be used with the gcr_certificate_chain_build() operation.
no flags
If this flag is specified then no
lookups for anchors or pinned certificates are done, and the resulting chain
will be neither anchored or pinned. Additionally no missing certificate
authorities are looked up in PKCS#11.
The status of a built certificate chain. Will be set to
%GCR_CERTIFICATE_CHAIN_UNKNOWN for certificate chains that have not been
built.
The certificate chain's status is unknown.
When a chain is not yet built it has this status. If a chain is modified after
being built, it has this status.
A full chain could not be loaded. The
chain does not end with a self-signed certificate, a trusted anchor, or a
pinned certificate.
The certificate chain contains a revoked
or otherwise explicitly distrusted certificate. The entire chain should
be distrusted.
The chain ends with a self-signed
certificate. No trust anchor was found.
The chain represents a pinned certificate. A
pinned certificate is an exception which trusts a given certificate
explicitly for a purpose and communication with a certain peer.
The chain ends with an anchored
certificate. The anchored certificate is not necessarily self-signed.
Get the display label of the field.
the display label of the field
the #GcrCertificateField
Get the parent #GcrCertificateSection.
the parent #GcrCertificateSection
the #GcrCertificateField
Get the value of the field.
The @value will have been initialized to the `GType` the value should be
provided in.
%TRUE if the value was set successfully.
the #GcrCertificateField
the `GValue` to fill
Get the type associated with the value.
The `GType` of the value
the #GcrCertificateField
The interface that implementors of #GcrCertificate must implement.
the parent interface type
a method which returns the RAW der data of the certificate
raw DER data of the X.509 certificate
a #GcrCertificate
a pointer to a location to store the size of the resulting DER data.
An object that allows creation of certificate requests. A certificate
request is sent to a certificate authority to request an X.509 certificate.
Use [func@CertificateRequest.prepare] to create a blank certificate
request for a given private key. Set the common name on the certificate
request with [method@CertificateRequest.set_cn], and then sign the request
with [method@CertificateRequest.complete_async].
Check whether [class@CertificateRequest] is capable of creating a request
for the given @private_key.
whether a request can be created
a private key
cancellation object
Asynchronously check whether [class@CertificateRequest] is capable of
creating a request for the given @private_key.
a private key
cancellation object
will be called when the operation completes
data to be passed to callback
Get the result for asynchronously check whether [class@CertificateRequest] is
capable of creating a request for the given @private_key.
whether a request can be created
asynchronous result
Create a new certificate request, in the given format for the private key.
a new #GcrCertificate request
the format for the certificate request
the private key the the certificate is being requested for
Complete and sign a certificate request, so that it can be encoded
and sent to a certificate authority.
This call may block as it signs the request using the private key.
whether certificate request was successfully completed or not
a certificate request
a cancellation object
Asynchronously complete and sign a certificate request, so that it can
be encoded and sent to a certificate authority.
This call will return immediately and complete later.
a certificate request
a cancellation object
called when the operation completes
data to pass to the callback
Finish an asynchronous operation to complete and sign a certificate
request.
whether certificate request was successfully completed or not
a certificate request
result of the asynchronous operation
Encode the certificate request. It must have been completed with
[method@CertificateRequest.complete] or
[method@CertificateRequest.complete_async].
If @textual is %FALSE, the output is a DER encoded certificate request.
If @textual is %TRUE, the output is encoded as text. For PKCS#10 requests
this is done using the OpenSSL style PEM encoding.
the encoded certificate request
a certificate request
whether to encode output as text
location to place length of returned data
Get the format of this certificate request.
the format
the certificate request
Get the private key this certificate request is for.
the private key,
the certificate request
Set the common name encoded in the certificate request.
the certificate request
common name to set on the request
The format of the certificate request.
The private key that this certificate request is for.
The format of a certificate request. Currently only PKCS#10 is supported.
certificate request is in PKCS#10 format
Get the list of all the fields in this section.
a #GListModel of #GcrCertificateField
the #GcrCertificateSection
Get the flags.
the `GcrCertificateSectionFlags`
the #GcrCertificateSection
Get the displayable label of the section.
the displayable label of the section
the #GcrCertificateSection
Values responding to error codes for parsing and serializing data.
Failed to parse or serialize the data
The data was unrecognized or unsupported
The operation was cancelled
The data was encrypted or locked and could not be unlocked.
The various format identifiers.
Represents all the formats, when enabling or disabling
Not a valid format
DER encoded private key
DER encoded RSA private key
DER encoded DSA private key
DER encoded EC private key
DER encoded SubjectPublicKeyInfo
DER encoded X.509 certificate
DER encoded PKCS#7 container file which can contain certificates
DER encoded PKCS#8 file which can contain a key
Unencrypted DER encoded PKCS#8 file which can contain a key
Encrypted DER encoded PKCS#8 file which can contain a key
DER encoded PKCS#10 certificate request file
DER encoded SPKAC as generated by HTML5 keygen element
OpenSSL style SPKAC data
DER encoded PKCS#12 file which can contain certificates and/or keys
OpenSSH v1 or v2 public key
OpenPGP key packet(s)
OpenPGP public or private key armor encoded data
An OpenSSL style PEM file with unspecified contents
An OpenSSL style PEM file with a private RSA key
An OpenSSL style PEM file with a private DSA key
An OpenSSL style PEM file with an X.509 certificate
An OpenSSL style PEM file containing PKCS#7
Unencrypted OpenSSL style PEM file containing PKCS#8
Encrypted OpenSSL style PEM file containing PKCS#8
An OpenSSL style PEM file containing PKCS#12
An OpenSSL style PEM file with a private key
An OpenSSL style PEM file containing PKCS#10
An OpenSSL style PEM file with a private EC key
An OpenSSL style PEM file containing a SubjectPublicKeyInfo
This is an interface implemented by a caller performing an import. It allows
the importer to ask the caller for further information about the import.
It must be implemented on a derived class of [class@Gio.TlsInteraction]
Supplement attributes before import. This means prompting the user for
things like labels and the like. The needed attributes will have been passed
to gcr_import_interaction_supplement_prep().
This method prompts the user and fills in the attributes. If the user or
cancellable cancels the operation the error should be set with %G_IO_ERROR_CANCELLED.
%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED
the interaction
supplemented attributes
optional cancellable object
Asynchronously supplement attributes before import. This means prompting the
user for things like labels and the like. The needed attributes will have
been passed to gcr_import_interaction_supplement_prep().
This method prompts the user and fills in the attributes.
the interaction
supplemented attributes
optional cancellable object
called when the operation completes
data to be passed to the callback
Complete operation to asynchronously supplement attributes before import.
If the user or cancellable cancels the operation the error should be set
with %G_IO_ERROR_CANCELLED.
%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED
the interaction
the asynchronous result
Prepare for supplementing the given attributes before import. This means
prompting the user for things like labels and the like. The attributes
will contain attributes for values that the importer needs, either empty
or prefilled with suggested values.
This method does not prompt the user, but rather just prepares the
interaction that these are the attributes that are needed.
the interaction
attributes to supplement
Supplement attributes before import. This means prompting the user for
things like labels and the like. The needed attributes will have been passed
to gcr_import_interaction_supplement_prep().
This method prompts the user and fills in the attributes. If the user or
cancellable cancels the operation the error should be set with %G_IO_ERROR_CANCELLED.
%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED
the interaction
supplemented attributes
optional cancellable object
Asynchronously supplement attributes before import. This means prompting the
user for things like labels and the like. The needed attributes will have
been passed to gcr_import_interaction_supplement_prep().
This method prompts the user and fills in the attributes.
the interaction
supplemented attributes
optional cancellable object
called when the operation completes
data to be passed to the callback
Complete operation to asynchronously supplement attributes before import.
If the user or cancellable cancels the operation the error should be set
with %G_IO_ERROR_CANCELLED.
%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED
the interaction
the asynchronous result
Prepare for supplementing the given attributes before import. This means
prompting the user for things like labels and the like. The attributes
will contain attributes for values that the importer needs, either empty
or prefilled with suggested values.
This method does not prompt the user, but rather just prepares the
interaction that these are the attributes that are needed.
the interaction
attributes to supplement
Interface implemented by implementations of [iface@ImportInteraction].
parent interface
method which prepares for supplementing the given attributes before import
the interaction
attributes to supplement
method which synchronously supplements attributes before import
%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED
the interaction
supplemented attributes
optional cancellable object
method which asynchronously supplements attributes before import
the interaction
supplemented attributes
optional cancellable object
called when the operation completes
data to be passed to the callback
method which completes @supplement_async
%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED
the interaction
the asynchronous result
An interface which allows importing of certificates and keys. Each importer
is registered with a set of PKCS#11 attributes to match stuff that it can
import.
An importer gets passed a [class@Parser] and accesses the currently parsed
item. To create a set of importers that can import the currently parsed
item in a parser, use [func@Importer.create_for_parsed]. The list of
importers returned has the parsed item queued for import.
To queue additional items with a importer use
[method@Importer.queue_for_parsed]. In addition you can try and queue an
additional item with a set of importers using the
[func@Importer.queue_and_filter_for_parsed].
To start the import, use [method@Importer.import_async].
Create a set of importers which can import this parsed item.
The parsed item is represented by the state of the GcrParser at the
time of calling this method.
a list of importers
which can import the parsed item, which should be freed with
g_object_unref(), or %NULL if no types of importers can be created
a parser with a parsed item to import
Queues an additional item to be imported in all compattible importers
in the set. The parsed item is represented by the state of the #GcrParser
at the time of calling this method.
If the parsed item is incompatible with an importer, then that the item
will not be queued on that importer.
a new set of importers
that queued the item.
a set of importers
a parsed item
Register an importer to handle parsed items that match the given attributes.
the GType of the importer being registered
the attributes that this importer is compatible with
Register built-in PKCS#11 and GnuPG importers.
Import the queued items in the importer. This function returns immediately
and completes asynchronously.
the importer
a #GCancellable, or %NULL
called when the operation completes
data to be passed to the callback
Complete an asynchronous operation to import queued items.
whether the import succeeded or failed
the importer
an asynchronous result
Queues an additional item to be imported. The parsed item is represented
by the state of the [class@Parser] at the time of calling this method.
If the parsed item is incompatible with the importer, then this will
fail and the item will not be queued.
whether the item was queued or not
an importer to add additional items to
a parsed item to import
Get the interaction used to prompt the user when needed by this
importer.
the interaction or %NULL
the importer
Import the queued items in the importer. This function returns immediately
and completes asynchronously.
the importer
a #GCancellable, or %NULL
called when the operation completes
data to be passed to the callback
Complete an asynchronous operation to import queued items.
whether the import succeeded or failed
the importer
an asynchronous result
Queues an additional item to be imported. The parsed item is represented
by the state of the [class@Parser] at the time of calling this method.
If the parsed item is incompatible with the importer, then this will
fail and the item will not be queued.
whether the item was queued or not
an importer to add additional items to
a parsed item to import
Set the interaction used to prompt the user when needed by this
importer.
the importer
the interaction used by the importer
The interaction for the importer.
The label for the importer.
The URI of the location imported to.
Interface implemented for a #GcrImporter.
parent interface
implementation of gcr_importer_create_for_parsed(), required
implementation of gcr_importer_queue_for_parsed(), required
whether the item was queued or not
an importer to add additional items to
a parsed item to import
implementation of [method@Importer.import_async], required
the importer
a #GCancellable, or %NULL
called when the operation completes
data to be passed to the callback
implementation of [method@Importer.import_finish]
whether the import succeeded or failed
the importer
an asynchronous result
The major version number of the Gcr library.
The micro version number of the Gcr library.
The minor version number of the Gcr library.
The purpose used to verify the client certificate in a TLS connection.
The purpose used to verify certificate used for the signature on signed code.
The purpose used to verify certificates that are used in email communication
such as S/MIME.
The purpose used to verify the server certificate in a TLS connection. This
is the most common purpose in use.
A parsed item parsed by a #GcrParser.
Get the attributes which make up the parsed item.
the attributes for the item; these
are owned by the parsed item and should not be freed
a parsed item
Get the raw data block for the parsed item.
the raw data of the parsed item, or %NULL
a parsed item
Get the raw data block for the parsed item.
the raw data of
the parsed item, or %NULL
a parsed item
location to store size of returned data
Get the descirption for a parsed item.
the description
a parsed item
Get the filename of the parsed item.
the filename of
the parsed item, or %NULL
a parsed item
Get the format of the parsed item.
the data format of the item
a parsed item
Get the label for the parsed item.
the label for the item
a parsed item
Add a reference to a parsed item. An item may not be shared across threads
until it has been referenced at least once.
the parsed item
a parsed item
Unreferences a parsed item which was referenced with gcr_parsed_ref()
a parsed item
A parser for parsing various types of files or data.
A `GcrParser` can parse various certificate and key files such as OpenSSL
PEM files, DER encoded certifictes, PKCS#8 keys and so on. Each various
format is identified by a value in the [enum@DataFormat] enumeration.
In order to parse data, a new parser is created with gcr_parser_new() and
then the [signal@Parser::authenticate] and [signal@Parser::parsed] signals
should be connected to. Data is then fed to the parser via
[method@Parser.parse_data] or [method@Parser.parse_stream].
During the [signal@Parser::parsed] signal the attributes that make up the
currently parsed item can be retrieved using the
[method@Parser.get_parsed_attributes] function.
Create a new #GcrParser
a newly allocated #GcrParser
The default handler for the authenticate signal.
The default handler for the parsed signal.
Add a password to the set of passwords to try when parsing locked or encrypted
items. This is usually called from the [signal@Parser::authenticate] signal.
The parser
a password to try
Disable parsing of the given format. Use %GCR_FORMAT_ALL to disable all the formats.
The parser
The format identifier
Enable parsing of the given format. Use %GCR_FORMAT_ALL to enable all the formats.
The parser
The format identifier
Check whether the given format is supported by the parser.
Whether the format is supported.
The parser
The format identifier
Get the filename of the parser item.
the filename set on the parser, or %NULL
a parser item
Get the currently parsed item
the currently parsed item
a parser
Get the attributes which make up the currently parsed item. This is generally
only valid during the [signal@Parser::parsed] signal.
the attributes for the current item,
which are owned by the parser and should not be freed
The parser
Get the raw data block that represents this parsed object. This is only
valid during the [signal@Parser::parsed] signal.
the raw data
block of the currently parsed item; the value is owned by the parser
and should not be freed
a parser
a location to place the size of the block
Get the raw data block that represents this parsed object. This is only
valid during the [signal@Parser::parsed] signal.
the raw data block of the currently parsed item
a parser
Get a description for the type of the currently parsed item. This is generally
only valid during the [signal@Parser::parsed] signal.
the description for the current item; this is owned by
the parser and should not be freed
The parser
Get the format of the raw data block that represents this parsed object.
This corresponds with the data returned from
[method@Parser.get_parsed_block].
This is only valid during the [signal@Parser::parsed] signal.
the data format of the currently parsed item
a parser
Get the label of the currently parsed item. This is generally only valid
during the [signal@Parser::parsed] signal.
the label of the currently parsed item. The value is
owned by the parser and should not be freed.
The parser
Parse the data. The [signal@Parser::parsed] and
[signal@Parser::authenticate] signals may fire during the parsing.
Whether the data was parsed successfully or not.
The parser
the data to parse
Parse the data. The [signal@Parser::parsed] and [signal@Parser::authenticate]
signals may fire during the parsing.
A copy of the data will be made. Use [method@Parser.parse_bytes] to avoid
this.
Whether the data was parsed successfully or not.
The parser
the data to parse
The length of the data
Parse items from the data in a #GInputStream. This function may block while
reading from the input stream. Use [method@Parser.parse_stream_async] for
a non-blocking variant.
The [signal@Parser::parsed] and [signal@Parser::authenticate] signals
may fire during the parsing.
Whether the parsing completed successfully or not.
The parser
The input stream
An optional cancellation object
Parse items from the data in a #GInputStream. This function completes
asyncronously and doesn't block.
The [signal@Parser::parsed] and [signal@Parser::authenticate] signals
may fire during the parsing.
The parser
The input stream
An optional cancellation object
Called when the operation result is ready.
Data to pass to callback
Complete an operation to parse a stream.
Whether the parsing completed successfully or not.
The parser
The operation result
Sets the filename of the parser item.
a parser item
a string of the filename of the parser item
Get the attributes that make up the currently parsed item. This is
generally only valid during a [signal@Parser::parsed] signal.
The description of the type of the currently parsed item. This is generally
only valid during a [signal@Parser::parsed] signal.
The label of the currently parsed item. This is generally
only valid during a [signal@Parser::parsed] signal.
This signal is emitted when an item needs to be unlocked or decrypted before
it can be parsed. The @count argument specifies the number of times
the signal has been emitted for a given item. This can be used to
display a message saying the previous password was incorrect.
Typically the gcr_parser_add_password() function is called in
response to this signal.
If %FALSE is returned, then the authentication was not handled. If
no handlers return %TRUE then the item is not parsed and an error
with the code %GCR_ERROR_CANCELLED will be raised.
Whether the authentication was handled.
the number of times this item has been authenticated
This signal is emitted when an item is sucessfully parsed. To access
the information about the item use the gcr_parser_get_parsed_label(),
gcr_parser_get_parsed_attributes() and gcr_parser_get_parsed_description()
functions.
The class for #GcrParser
The parent class
The default handler for the authenticate signal.
The default handler for the parsed signal.
A certificate loaded from a PKCS#11 storage.
It is also a valid [class@Gck.Object] and can be used as such.
Use gcr_pkcs11_certificate_lookup_issuer() to lookup the issuer of a given
certificate in the PKCS#11 store.
Various common PKCS#11 certificate attributes are automatically loaded and
are available via gcr_pkcs11_certificate_get_attributes().
Lookup a the issuer of a @certificate in the PKCS#11 storage. The
lookup is done using the issuer DN of the certificate. No certificate chain
verification is done. Use a crypto library to make trust decisions.
This call may block, see gcr_pkcs11_certificate_lookup_issuer() for the
non-blocking version.
Will return %NULL if no issuer certificate is found. Use @error to determine
if an error occurred.
a new #GcrPkcs11Certificate, or %NULL
a #GcrCertificate
a #GCancellable
Lookup a the issuer of a @certificate in the PKCS#11 storage. The
lookup is done using the issuer DN of the certificate. No certificate chain
verification is done. Use a crypto library to make trust decisions.
When the operation is finished, callback will be called. You can then call
gcr_pkcs11_certificate_lookup_issuer_finish() to get the result of the
operation.
a #GcrCertificate
a #GCancellable
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
gcr_pkcs11_certificate_lookup_issuer_async().
Will return %NULL if no issuer certificate is found. Use @error to determine
if an error occurred.
a new #GcrPkcs11Certificate, or %NULL
the #GAsyncResult passed to the callback
Lookup a certificate in the PKCS#11 storage by the given URI.
This call may block, see gcr_pkcs11_certificate_new_from_uri_async() for the
non-blocking version.
Will return %NULL if no certificate is found. Use @error to determine
if an error occurred.
a new #GcrCertificate, or %NULL
a A PKCS \#11 URI
a #GCancellable
Lookup a certificate in the PKCS#11 storage by the given URI.
When the operation is finished, callback will be called. You can then call
gcr_pkcs11_certificate_new_from_uri_finish() to get the result of the
operation.
a A PKCS \#11 URI
a #GCancellable
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
gcr_pkcs11_certificate_new_from_uri_async().
Will return %NULL if no certificate is found. Use @error to determine
if an error occurred.
a new #GcrCertificate, or %NULL
the #GAsyncResult passed to the callback
Access the automatically loaded attributes for this certificate.
the certificate attributes
A #GcrPkcs11Certificate
Automatically loaded attributes for this certificate.
A prompt displayed to the user. It is an interface with various
implementations.
Various properties are set on the prompt, and then the prompt is displayed
the various prompt methods like [method@Prompt.password_run].
A `GcrPrompt` may be used to display multiple related prompts. Most
implementions do not hide the window between display of multiple related
prompts, and the #GcrPrompt must be closed or destroyed in order to make
it go away. This allows the user to see that the prompts are related.
Use `GcrPromptDialog` (part of gcr-ui) to create an in-process GTK+ dialog
prompt. Use [class@SystemPrompt] to create a system prompt in a prompter
process.
The prompt implementation will always display the [property@Prompt:message]
property, but may choose not to display the [property@Prompt:description] or
[property@Prompt:title] properties.
close a prompt
Prompts for confirmation asking a cancel/continue style question.
Set the various properties on the prompt before calling this method to
represent the question correctly.
This method will return immediately and complete asynchronously.
a prompt
optional cancellation object
called when the operation completes
data to pass to the callback
Complete an operation to prompt for confirmation.
%GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The
return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if
an error occurs. Check the @error argument to tell the difference.
the reply from the prompt
a prompt
asynchronous result passed to callback
Prompts for password. Set the various properties on the prompt before calling
this method to explain which password should be entered.
This method will return immediately and complete asynchronously.
a prompt
optional cancellation object
called when the operation completes
data to pass to the callback
Complete an operation to prompt for a password.
A password will be returned if the user enters a password successfully.
The returned password is valid until the next time a method is called
to display another prompt.
%NULL will be returned if the user cancels or if an error occurs. Check the
@error argument to tell the difference.
the password owned by the prompt, or %NULL
a prompt
asynchronous result passed to callback
Closes the prompt so that in can no longer be used to prompt. The various
prompt methods will return results as if the user dismissed the prompt.
The prompt may also be closed by the implementor of the prompt object.
This emits the [signal@Prompt::prompt-close] signal on the prompt object.
a prompt
Prompts for confirmation asking a cancel/continue style question.
Set the various properties on the prompt before calling this function to
represent the question correctly.
This method will block until the a response is returned from the prompter.
%GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The
return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if
an error occurs. Check the @error argument to tell the difference.
the reply from the prompt
a prompt
optional cancellation object
Prompts for confirmation asking a cancel/continue style question.
Set the various properties on the prompt before calling this method to
represent the question correctly.
This method will return immediately and complete asynchronously.
a prompt
optional cancellation object
called when the operation completes
data to pass to the callback
Complete an operation to prompt for confirmation.
%GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The
return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if
an error occurs. Check the @error argument to tell the difference.
the reply from the prompt
a prompt
asynchronous result passed to callback
Prompts for confirmation asking a cancel/continue style question.
Set the various properties on the prompt before calling this function to
represent the question correctly.
This method will block until the a response is returned from the prompter
and will run a main loop similar to a `gtk_dialog_run()`. The application
will remain responsive but care must be taken to handle reentrancy issues.
%GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The
return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if
an error occurs. Check the @error argument to tell the difference.
the reply from the prompt
a prompt
optional cancellation object
Get the string handle of the caller's window.
The caller window indicates to the prompt which window is prompting the
user. The prompt may choose to ignore this information or use it in whatever
way it sees fit.
a newly allocated string containing the string
handle of the window.
the prompt
Get the label for the cancel button.
This is the button that results in a %GCR_PROMPT_REPLY_CANCEL reply
from the prompt.
a newly allocated string containing the label
the prompt
Get whether the additional choice was chosen or not.
The additional choice would have been setup using
gcr_prompt_set_choice_label().
whether chosen
the prompt
Get the label for the additional choice.
This will be %NULL if no additional choice is being displayed.
a newly allocated string containing the additional
choice or %NULL
the prompt
Get the label for the continue button.
This is the button that results in a %GCR_PROMPT_REPLY_CONTINUE reply
from the prompt.
a newly allocated string containing the label
the prompt
Get the detailed description of the prompt.
A prompt implementation may choose not to display this detailed description.
The prompt message should contain relevant information.
a newly allocated string containing the detailed
description of the prompt
the prompt
Gets the prompt message for the user.
A prompt implementation should always display this message.
a newly allocated string containing the detailed
description of the prompt
the prompt
Get whether the prompt will prompt for a new password.
This will cause the prompt implementation to ask the user to confirm the
password and/or display other relevant user interface for creating a new
password.
whether in new password mode or not
the prompt
Get indication of the password strength.
Prompts will return a zero value if the password is empty, and a value
greater than zero if the password has any characters.
This is only valid after a successful prompt for a password.
zero if the password is empty, greater than zero if not
the prompt
Gets the title of the prompt.
A prompt implementation may choose not to display the prompt title. The
prompt message should contain relevant information.
a newly allocated string containing the prompt
title.
the prompt
Get a prompt warning displayed on the prompt.
This is a warning like "The password is incorrect." usually displayed to the
user about a previous 'unsuccessful' prompt.
If this string is %NULL then no warning is displayed.
a newly allocated string containing the prompt
warning, or %NULL if no warning
the prompt
Prompts for password. Set the various properties on the prompt before calling
this method to explain which password should be entered.
This method will block until the a response is returned from the prompter.
A password will be returned if the user enters a password successfully.
The returned password is valid until the next time a method is called
to display another prompt.
%NULL will be returned if the user cancels or if an error occurs. Check the
@error argument to tell the difference.
the password owned by the prompt, or %NULL
a prompt
optional cancellation object
Prompts for password. Set the various properties on the prompt before calling
this method to explain which password should be entered.
This method will return immediately and complete asynchronously.
a prompt
optional cancellation object
called when the operation completes
data to pass to the callback
Complete an operation to prompt for a password.
A password will be returned if the user enters a password successfully.
The returned password is valid until the next time a method is called
to display another prompt.
%NULL will be returned if the user cancels or if an error occurs. Check the
@error argument to tell the difference.
the password owned by the prompt, or %NULL
a prompt
asynchronous result passed to callback
Prompts for password. Set the various properties on the prompt before calling
this method to explain which password should be entered.
This method will block until the a response is returned from the prompter
and will run a main loop similar to a gtk_dialog_run(). The application
will remain responsive but care must be taken to handle reentrancy issues.
A password will be returned if the user enters a password successfully.
The returned password is valid until the next time a method is called
to display another prompt.
%NULL will be returned if the user cancels or if an error occurs. Check the
@error argument to tell the difference.
the password owned by the prompt, or %NULL
a prompt
optional cancellation object
Reset the contents and properties of the prompt.
the prompt
Set the string handle of the caller's window.
The caller window indicates to the prompt which window is prompting the
user. The prompt may choose to ignore this information or use it in whatever
way it sees fit.
the prompt
the window id
Set the label for the continue button.
This is the button that results in a %GCR_PROMPT_REPLY_CANCEL reply
from the prompt.
the prompt
the label
Set whether the additional choice is chosen or not.
The additional choice should be set up using gcr_prompt_set_choice_label().
the prompt
whether chosen
Set the label for the additional choice.
If this is a non-%NULL value then an additional boolean choice will be
displayed by the prompt allowing the user to select or deselect it.
The initial value of the choice can be set with the
gcr_prompt_set_choice_label() method.
If this is %NULL, then no additional choice is being displayed.
the prompt
the additional choice or %NULL
Set the label for the continue button.
This is the button that results in a %GCR_PROMPT_REPLY_CONTINUE reply
from the prompt.
the prompt
the label
Set the detailed description of the prompt.
A prompt implementation may choose not to display this detailed description.
Use gcr_prompt_set_message() to set a general message containing relevant
information.
the prompt
the detailed description
Sets the prompt message for the user.
A prompt implementation should always display this message.
the prompt
the prompt message
Set whether the prompt will prompt for a new password.
This will cause the prompt implementation to ask the user to confirm the
password and/or display other relevant user interface for creating a new
password.
the prompt
whether in new password mode or not
Sets the title of the prompt.
A prompt implementation may choose not to display the prompt title. The
prompt message should contain relevant information.
the prompt
the prompt title
Set a prompt warning displayed on the prompt.
This is a warning like "The password is incorrect." usually displayed to the
user about a previous 'unsuccessful' prompt.
If this string is %NULL then no warning is displayed.
the prompt
the warning or %NULL
The string handle of the caller's window.
The caller window indicates to the prompt which window is prompting the
user. The prompt may choose to ignore this information or use it in whatever
way it sees fit.
In X11, this will be a stringified version of the XWindow handle; in
Wayland this is the result of an export using the XDG foreign
protocol.
The label for the cancel button in the prompt.
Whether the additional choice is chosen or not.
The additional choice would have been setup using #GcrPrompt:choice-label.
The label for the additional choice.
If this is a non-%NULL value then an additional boolean choice will be
displayed by the prompt allowing the user to select or deselect it.
If %NULL, then no additional choice is displayed.
The initial value of the choice can be set with #GcrPrompt:choice-chosen.
The label for the continue button in the prompt.
The detailed description of the prompt.
A prompt implementation may choose not to display this detailed description.
The prompt message should contain relevant information.
The prompt message for the user.
A prompt implementation should always display this message.
Whether the prompt will prompt for a new password.
This will cause the prompt implementation to ask the user to confirm the
password and/or display other relevant user interface for creating a new
password.
Indication of the password strength.
Prompts will return a zero value if the password is empty, and a value
greater than zero if the password has any characters.
This is only valid after a successful prompt for a password.
The title of the prompt.
A prompt implementation may choose not to display the prompt title. The
#GcrPrompt:message should contain relevant information.
A prompt warning displayed on the prompt, or %NULL for no warning.
This is a warning like "The password is incorrect." usually displayed to the
user about a previous 'unsuccessful' prompt.
Action signal fired when the prompt is to be closed. After the default
handler has run, the prompt is closed. The various prompting methods
will return results as if the user dismissed the prompt.
You can use the [method@Prompt.close] method to emit this signal.
The interface for implementing [iface@Prompt].
parent interface
begin a password prompt
a prompt
optional cancellation object
called when the operation completes
data to pass to the callback
complete a password prompt
the password owned by the prompt, or %NULL
a prompt
asynchronous result passed to callback
begin a confirm prompt
a prompt
optional cancellation object
called when the operation completes
data to pass to the callback
complete a confirm prompt
the reply from the prompt
a prompt
asynchronous result passed to callback
close a prompt
Various replies returned by [method@Prompt.confirm] and friends.
the prompt was cancelled
the user replied with 'ok'
The current secret exchange protocol. Key agreement is done using DH with the
1536 bit IKE parameter group. Keys are derived using SHA256 with HKDF. The
transport encryption is done with 128 bit AES.
Allows exchange of secrets between two processes on the same system without
exposing those secrets to things like loggers, non-pageable memory etc.
This does not protect against active attacks like MITM attacks.
Each side creates a secret exchange object, and one of the sides calls
[method@SecretExchange.begin]. This creates a string, which should be passed
to the other side. Each side passes the strings it receives into
[method@SecretExchange.receive].
In order to send a reply (either with or without a secret) use
[method@SecretExchange.send]. A side must have successfully called
[method@SecretExchange.receive] before it can use
[method@SecretExchange.send].
The secret exchange objects can be used for multiple iterations of the
conversation, or for just one request/reply. The only limitation being that
the initial request cannot contain a secret.
Caveat: Information about the approximate length (rounded up to the nearest
16 bytes) may be leaked. If this is considered inacceptable, do not use
[class@SecretExchange].
Create a new secret exchange object.
Specify a protocol of %NULL to allow any protocol. This is especially
relevant on the side of the exchange that does not call
[method@SecretExchange.begin], that is the originator. Currently the only
protocol supported is %GCR_SECRET_EXCHANGE_PROTOCOL_1.
A new #GcrSecretExchange object
the exchange protocol to use
Begin the secret exchange. The resulting string should be sent to the other
side of the exchange. The other side should use [method@SecretExchange.receive]
to process the string.
A newly allocated string to be sent to the other
side of the secret exchange
a #GcrSecretExchange object
Will return %NULL if no protocol was specified, and either
[method@SecretExchange.begin] or [method@SecretExchange.receive] have not
been called successfully.
the protocol or %NULL
a #GcrSecretExchange object
Get the secret exchange protocol.
Returns the last secret received. If no secret has yet been received this
will return %NULL. The string is owned by the #GcrSecretExchange object
and will be valid until the next time that gcr_secret_exchange_receive()
is called on this object, or the object is destroyed.
Depending on the secret passed into the other side of the secret exchange,
the result may be a binary string. It does however have a null terminator,
so if you're certain that it is does not contain arbitrary binary data,
it can be used as a string.
the last secret received
a #GcrSecretExchange object
optionally, a location to store the length of returned secret
Receive a string from the other side of secret exchange. This string will
have been created by [method@SecretExchange.begin] or
[method@SecretExchange.send].
After this call completes successfully the value returned from
gcr_secret_exchange_get_secret() will have changed.
whether the string was successfully parsed and received
a #GcrSecretExchange object
the string received
Send a reply to the other side of the secret exchange, optionally sending a
secret.
[method@SecretExchange.receive] must have been successfully called at least
once on this object. In other words this object must have received data
from the other side of the secret exchange, before we can send a secret.
a newly allocated string to be sent to the other
side of the secret exchange
a #GcrSecretExchange object
optionally, a secret to send to the other side
length of @secret, or -1 if null terminated
The protocol being used for the exchange.
Will be %NULL if no protocol was specified when creating this object,
and either [method@SecretExchange.begin] or [method@SecretExchange.receive]
have not been called successfully.
An implementation of [iface@Certificate] which loads a certificate from DER
data already located in memory.
To create an object, use the [ctor@SimpleCertificate.new] or
[ctor@SimpleCertificate.new_static] functions.
Create a new #GcrSimpleCertificate for the raw DER data. The @data memory is
copied so you can dispose of it after this function returns.
a new #GcrSimpleCertificate
the raw DER certificate data
The length of @data
Create a new #GcrSimpleCertificate for the raw DER data. The @data memory is
not copied and must persist until the #GcrSimpleCertificate object is
destroyed.
a new #GcrSimpleCertificate
The raw DER certificate data
The length of @data
When used as the setup function while spawning an ssh command like ssh-add
or ssh, this allows callbacks for passwords on the provided interaction.
Create a new GcrSshAskpass object which can be used to spawn an
ssh command and prompt for any necessary passwords.
Use the gcr_ssh_askpass_child_setup() function as a callback with
g_spawn_sync(), g_spawn_async() or g_spawn_async_with_pipes().
A new #GcrSshAskpass object
the interaction to use for prompting paswords
Use this function as a callback setup function passed to g_spawn_sync(),
g_spawn_async(), g_spawn_async_with_pipes().
a #GcrSshAskpass object
Get the interaction associated with this object.
the interaction
a #GcrSshAskpass object
The interaction used to prompt for passwords.
A [iface@Prompt] implementation which calls to the system prompter to
display prompts in a system modal fashion.
Since the system prompter usually only displays one prompt at a time, you
may have to wait for the prompt to be displayed. Use [func@SystemPrompt.open]
or a related function to open a prompt. Since this can take a long time, you
should always check that the prompt is still needed after it is opened. A
previous prompt may have already provided the information needed and you
may no longer need to prompt.
Use [method@SystemPrompt.close] to close the prompt when you're done with it.
Opens a system prompt with the default prompter.
Most system prompters only allow showing one prompt at a time, and if
another prompt is shown then this method will block for up to
@timeout_seconds seconds. If @timeout_seconds is equal to -1, then this
will block indefinitely until the prompt can be opened. If @timeout_seconds
expires, then this function will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS
error.
the prompt, or %NULL if
prompt could not be opened
the number of seconds to wait to access the prompt, or -1
optional cancellation object
Asynchronously open a system prompt with the default system prompter.
Most system prompters only allow showing one prompt at a time, and if
another prompt is shown then this method will block for up to
@timeout_seconds seconds. If @timeout_seconds is equal to -1, then this
will block indefinitely until the prompt can be opened. If @timeout_seconds
expires, then this operation will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS
error.
the number of seconds to wait to access the prompt, or -1
optional cancellation object
called when the operation completes
data to pass the callback
Complete an operation to asynchronously open a system prompt.
the prompt, or %NULL if
prompt could not be opened
the asynchronous result
Opens a system prompt. If prompter_name is %NULL, then the default
system prompter is used.
Most system prompters only allow showing one prompt at a time, and if
another prompt is shown then this method will block for up to
@timeout_seconds seconds. If @timeout_seconds is equal to -1, then this
will block indefinitely until the prompt can be opened. If @timeout_seconds
expires, then this function will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS
error.
the prompt, or %NULL if
prompt could not be opened
the prompter dbus name
the number of seconds to wait to access the prompt, or -1
optional cancellation object
Opens a system prompt asynchronously. If prompter_name is %NULL, then the
default system prompter is used.
Most system prompters only allow showing one prompt at a time, and if
another prompt is shown then this method will block for up to
@timeout_seconds seconds. If @timeout_seconds is equal to -1, then this
will block indefinitely until the prompt can be opened. If @timeout_seconds
expires, then this operation will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS
error.
the prompter D-Bus name
the number of seconds to wait to access the prompt, or -1
optional cancellation object
called when the operation completes
data to pass the callback
Close this prompt. After calling this function, no further prompts will
succeed on this object. The prompt object is not unreferenced by this
function, and you must unreference it once done.
This call may block, use the gcr_system_prompt_close_async() to perform
this action indefinitely.
Whether or not this function returns %TRUE, the system prompt object is
still closed and may not be further used.
whether close was cleanly completed
the prompt
an optional cancellation object
Close this prompt asynchronously. After calling this function, no further
methods may be called on this object. The prompt object is not unreferenced
by this function, and you must unreference it once done.
This call returns immediately and completes asynchronously.
the prompt
an optional cancellation object
called when the operation completes
data to pass to the callback
Complete operation to close this prompt.
Whether or not this function returns %TRUE, the system prompt object is
still closed and may not be further used.
whether close was cleanly completed
the prompt
asynchronous operation result
Get the current [class@SecretExchange] used to transfer secrets in this prompt.
the secret exchange
a prompter
The DBus bus name of the prompter to use for prompting, or %NULL
for the default prompter.
The #GcrSecretExchange to use when transferring passwords. A default
secret exchange will be used if this is not set.
The timeout in seconds to wait when opening the prompt.
No error returned by the #GcrSystemPrompt is suitable for display or
to the user.
If the system prompter can only show one prompt at a time, and there is
already a prompt being displayed, and the timeout waiting to open the
prompt expires, then %GCR_SYSTEM_PROMPT_IN_PROGRESS is returned.
another prompt is already in progress
A prompter used by implementations of system prompts.
This is a D-Bus service which is rarely implemented. Use [class@SystemPrompt]
to display system prompts.
The system prompter service responds to D-Bus requests to create system
prompts and creates #GcrPrompt type objects to display those prompts.
Pass the GType of the implementation of [iface@Prompt] to
[ctor@SystemPrompter.new].
Create a new system prompter service. This prompter won't do anything unless
you connect to its signals and show appropriate prompts.
If @prompt_type is zero, then the new-prompt signal must be handled and
return a valid prompt object implementing the #GcrPrompt interface.
If @prompt_type is non-zero then the #GType must implement the #GcrPrompt
interface.
a new prompter service
the mode for the prompt
the gobject type for prompts created by this prompter
default handler for the #GcrSystemPrompter::new-prompt signal
Get the mode for this prompter.
Most system prompters only display one prompt at a time and therefore
return %GCR_SYSTEM_PROMPTER_SINGLE.
the prompter mode
the prompter
Get the #GType for prompts created by this prompter.
The returned #GType will be a #GcrPrompt implementation.
the prompt #GType
the prompter
Get whether prompting or not.
whether prompting or not
the prompter
Register this system prompter on the DBus @connection.
This makes the prompter available for clients to call. The prompter will
remain registered until gcr_system_prompter_unregister() is called, or the
prompter is unreferenced.
the system prompter
a DBus connection
Unregister this system prompter on the DBus @connection.
The prompter must have previously been registered with gcr_system_prompter_register().
If @wait is set then this function will wait until all prompts have been closed
or cancelled. This is usually only used by tests.
the system prompter
whether to wait for closing prompts
The mode for this prompter.
Most system prompters only display one prompt at a time and therefore
return %GCR_SYSTEM_PROMPTER_SINGLE.
The #GType for prompts created by this prompter. This must be a
#GcrPrompt implementation.
Whether the prompter is prompting or not.
Signal emitted to create a new prompt when needed.
The default implementation of this signal creates a prompt of the type
gcr_system_prompter_get_prompt_type().
the new prompt
The class for #GcrSystemPrompter.
parent class
default handler for the #GcrSystemPrompter::new-prompt signal
The mode for the system prompter. Most system prompters can only show
one prompt at a time and would use the %GCR_SYSTEM_PROMPTER_SINGLE mode.
only one prompt shown at a time
more than one prompt shown at a time
Initialize the certificate mixin for the class. This mixin implements the
various required properties for the certificate.
Call this function near the end of your derived class_init function. The
derived class must implement the #GcrCertificate interface.
The GObjectClass for this class
Implementation to get various required certificate properties. This should
be called from your derived class get_property function, or used as a
get_property virtual function.
Example of use as called from derived class get_property function:
<informalexample><programlisting>
static void
my_get_property (GObject *obj, guint prop_id, GValue *value, GParamSpec *pspec)
{
switch (prop_id) {
...
default:
gcr_certificate_mixin_get_property (obj, prop_id, value, pspec);
break;
}
}
</programlisting></informalexample>
Example of use as get_property function:
<informalexample><programlisting>
static void
my_class_init (MyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
gobject_class->get_property = gcr_certificate_mixin_get_property;
...
}
</programlisting></informalexample>
The object
The property id
The value to fill in.
The param specification.
Create a key fingerprint for a certificate, public key or private key.
Note that this is not a fingerprint of certificate data, which you would
use gcr_certificate_get_fingerprint() for.
the
fingerprint or %NULL if the input was invalid.
attributes for key or certificate
the type of fingerprint to create
the length of fingerprint returned
Create a key fingerprint for a DER encoded subjectPublicKeyInfo. The
fingerprint is created so that it will be identical for a key and its
corresponding certificate.
Note that in the case of certificates this is not a fingerprint of the
actual certificate data, but rather of the public key contained in a
certificate.
the
fingerprint or %NULL if the input was invalid.
DER encoded subjectPublicKeyInfo structure
length of DER encoded structure
the type of fingerprint to create
the length of fingerprint returned
Create a set of importers which can import this parsed item.
The parsed item is represented by the state of the GcrParser at the
time of calling this method.
a list of importers
which can import the parsed item, which should be freed with
g_object_unref(), or %NULL if no types of importers can be created
a parser with a parsed item to import
Queues an additional item to be imported in all compattible importers
in the set. The parsed item is represented by the state of the #GcrParser
at the time of calling this method.
If the parsed item is incompatible with an importer, then that the item
will not be queued on that importer.
a new set of importers
that queued the item.
a set of importers
a parsed item
Register an importer to handle parsed items that match the given attributes.
the GType of the importer being registered
the attributes that this importer is compatible with
Register built-in PKCS#11 and GnuPG importers.
Disconnect the mock prompter
Queue an expected response on the mock prompter.
Expects any prompt, and closes the prompt when it gets it.
Queue an expected response on the mock prompter.
Expects a confirmation prompt, and then cancels that prompt.
Queue an expected response on the mock prompter.
Expects a confirmation prompt, and then confirms that prompt by
simulating a click on the ok button.
Additional property pairs for the prompt can be added in the argument
list, in the same way that you would with g_object_new().
If the "choice-chosen" property is specified then that value will be
set on the prompt as if the user had changed the value.
All other properties will be checked against the prompt, and an error
will occur if they do not match the value set on the prompt.
the first property name in the argument list or %NULL
properties to expect
Queue an expected response on the mock prompter.
Expects a password prompt, and then cancels that prompt.
Queue an expected response on the mock prompter.
Expects a password prompt, and returns @password as if the user had entered
it and clicked the ok button.
Additional property pairs for the prompt can be added in the argument
list, in the same way that you would with g_object_new().
If the "choice-chosen" property is specified then that value will be
set on the prompt as if the user had changed the value.
All other properties will be checked against the prompt, and an error
will occur if they do not match the value set on the prompt.
the password to return from the prompt
the first property name in the argument list or %NULL
properties to expect
Get the delay in milliseconds before the mock prompter completes
an expected prompt.
the delay
Check if the mock prompter is expecting a response. This will be %TRUE
when one of the <literal>gcr_mock_prompter_expect_xxx<!-- -->()</literal>
functions have been used to queue an expected prompt, but that prompt
response has not be 'used' yet.
whether expecting a prompt
Check if the mock prompter is showing any prompts.
whether prompting
Set the delay in milliseconds before the mock prompter completes
an expected prompt.
prompt response delay in milliseconds
Start the mock prompter. This is often used from the
<literal>setup<!-- -->()</literal> function of tests.
Starts the mock prompter in an additional thread. Use the returned DBus bus
name with gcr_system_prompt_open_for_prompter() to connect to this prompter.
the bus name that the mock prompter is listening on
Stop the mock prompter. This is often used from the
<literal>teardown<!-- -->()</literal> function of tests.
Unreferences a parsed item which was referenced with gcr_parsed_ref()
a parsed item
Add a #GckModule to the list of PKCS#11 modules that are used by the
GCR library.
It is not normally necessary to call this function. The available
PKCS#11 modules installed on the system are automatically loaded
by the GCR library.
a #GckModule
Initialize a PKCS#11 module and add it to the modules that are
used by the GCR library. Note that is an error to initialize the same
PKCS#11 module twice.
It is not normally necessary to call this function. The available
PKCS#11 modules installed on the system are automatically loaded
by the GCR library.
whether the module was sucessfully added.
the full file path of the PKCS#11 module
unused
List all the PKCS#11 modules that are used by the GCR library.
Each module is a [class@Gck.Module] object.
An empty list of modules will be returned if [func@pkcs11_set_modules],
or [func@pkcs11_initialize] has not yet run.
a newly allocated list
of #GckModule objects
List all the PKCS#11 slots that are used by the GCR library for lookup
of trust assertions. Each slot is a [class@Gck.Slot] object.
This will return an empty list if the [func@pkcs11_initialize] function has
not yet been called.
a list of #GckSlot
objects to use for lookup of trust, or the empty list if not
initialized or no appropriate trust stores could be found.
Get the PKCS#11 URIs that are used to identify which slots to use for
lookup trust assertions.
the uri which identifies trust storage slot
Selects an appropriate PKCS#11 slot to store trust assertions. The slot
to use is normally configured automatically by the system.
This will only return a valid result after the [func@pkcs11_initialize]
method has been called.
When done with the #GckSlot, use g_object_unref() to release it.
the #GckSlot to use for trust
assertions, or null if not initialized or no appropriate
trust store could be found.
Get the PKCS#11 URI that is used to identify which slot to use for
storing trust storage.
the uri which identifies trust storage slot
Asynchronously initialize the registered PKCS#11 modules.
whether the operation was successful or not.
optional cancellable used to cancel the operation
Asynchronously initialize the registered PKCS#11 modules.
optional cancellable used to cancel the operation
callback which will be called when the operation completes
data passed to the callback
Complete the asynchronous operation to initialize the registered PKCS#11
modules.
whether the operation was successful or not.
the asynchronous result
Set the list of PKCS#11 modules that are used by the GCR library.
Each module in the list is a [class@Gck.Module] object.
It is not normally necessary to call this function. The available
PKCS#11 modules installed on the system are automatically loaded
by the GCR library.
a list of PKCS#11 modules
Set the PKCS#11 URIs that are used to identify which slots to use for
lookup of trust assertions.
It is not normally necessary to call this function. The relevant
PKCS#11 slots are automatically configured by the GCR library.
the uris which identifies trust lookup slots
Set the PKCS#11 URI that is used to identify which slot to use for
storing trust assertions.
It is not normally necessary to call this function. The relevant
PKCS#11 slot is automatically configured by the GCR library.
the uri which identifies trust storage slot
Allocate a block of non-pageable memory.
If non-pageable memory cannot be allocated then normal memory will be
returned.
new memory block which should be freed
with gcr_secure_memory_free()
The new desired size of the memory block.
Free a block of non-pageable memory.
Glib memory is also freed correctly when passed to this function. If called
with a %NULL pointer then no action is taken.
pointer to the beginning of the block of memory to free
Check if a pointer is in non-pageable memory allocated by.
whether the memory is secure non-pageable memory allocated by the
Gcr library or not
pointer to check
Allocate objects in non-pageable memory.
C type of the objects to allocate
number of objects to allocate
Reallocate a block of non-pageable memory.
Glib memory is also reallocated correctly. If called with a null pointer,
then a new block of memory is allocated. If called with a zero size,
then the block of memory is freed.
If non-pageable memory cannot be allocated then normal memory will be
returned.
new block, or %NULL if the block was
freed; memory block should be freed with gcr_secure_memory_free()
pointer to reallocate or %NULL to allocate a new block
new desired size of the memory block, or 0 to free the memory
Copy a string into non-pageable memory. If the input string is %NULL, then
%NULL will be returned.
copied string, should be freed with gcr_secure_memory_free()
null terminated string to copy
Free a string, whether securely allocated using these functions or not.
This will also clear out the contents of the string so they do not
remain in memory.
null terminated string to fere
Allocate a block of non-pageable memory.
If non-pageable memory cannot be allocated, then %NULL is returned.
new block, or %NULL if memory cannot be
allocated; memory block should be freed with gcr_secure_memory_free()
new desired size of the memory block
Reallocate a block of non-pageable memory.
Glib memory is also reallocated correctly when passed to this function.
If called with a null pointer, then a new block of memory is allocated.
If called with a zero size, then the block of memory is freed.
If memory cannot be allocated, %NULL is returned and the original block
of memory remains intact.
the new block, or %NULL if memory cannot be
allocated; the memory block should be freed with gcr_secure_memory_free()
pointer to reallocate or %NULL to allocate a new block
new desired size of the memory block
Add a pinned @certificate for connections to @peer for @purpose. A pinned
certificate overrides all other certificate verification and should be
used with care.
If the same pinned certificate already exists, then this operation
does not add another, and succeeds without error.
This call may block, see gcr_trust_add_pinned_certificate_async() for the
non-blocking version.
%TRUE if the pinned certificate is recorded successfully
a #GcrCertificate
the purpose string
the peer for this pinned certificate
a #GCancellable
Add a pinned certificate for communication with @peer for @purpose. A pinned
certificate overrides all other certificate verification and should be used
with care.
If the same pinned certificate already exists, then this operation
does not add another, and succeeds without error.
When the operation is finished, callback will be called. You can then call
[func@Gcr.trust_add_pinned_certificate_finish] to get the result of the
operation.
a #GcrCertificate
the purpose string
the peer for this pinned certificate
a #GCancellable
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
gcr_trust_add_pinned_certificate_async().
%TRUE if the pinned certificate is recorded successfully
the #GAsyncResult passed to the callback
Check if the @certificate is a trust anchor for the given @purpose. A trust
anchor is used to verify the signatures on other certificates when verifying
a certificate chain. Also known as a trusted certificate authority.
This call may block, see [func@Gcr.trust_is_certificate_anchored_async] for
the non-blocking version.
In the case of an error, %FALSE is also returned. Check @error to detect
if an error occurred.
%TRUE if the certificate is a trust anchor
a #GcrCertificate to check
the purpose string
a #GCancellable
Check if the @certificate is a trust anchor for the given @purpose. A trust
anchor is used to verify the signatures on other certificates when verifying
a certificate chain. Also known as a trusted certificate authority.
When the operation is finished, callback will be called. You can then call
gcr_trust_is_certificate_anchored_finish() to get the result of the operation.
a #GcrCertificate to check
the purpose string
a #GCancellable
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
gcr_trust_is_certificate_anchored_async().
In the case of an error, %FALSE is also returned. Check @error to detect
if an error occurred.
%TRUE if the certificate is a trust anchor
the #GAsyncResult passed to the callback
Checks whether the certificate that can be uniquely identified with the
given @serial_nr and @issuer is marked as distrusted (for example by the
user, or because it's part of a CRL).
Since we can't directly use [iface@Certificate] to fetch these values, you
need to call these with the raw serial number and issuer as provided by the
PKCS#11 fields `CKA_SERIAL_NR` and `CKA_ISSUER`.
%TRUE if the certificate is marked as distrusted
The serial number of the certificate
The nr of bytes in @serial_nr
The raw issuer
The nr of bytes in @issuer
a #GCancellable or %NULL
Asynchronously checks whether the certificate that can be uniquely
identified with the given @serial_nr and @issuer is marked as distrusted
(for example by the user, or because it's part of a CRL).
Since we can't directly use [iface@Certificate] to fetch these values, you
need to call these with the raw serial number and issuer as provided by the
PKCS#11 fields `CKA_SERIAL_NR` and `CKA_ISSUER`.
When the operation is finished, @callback will be called. You can then call
[func@trust_is_certificate_distrusted_finish] to get the result of the
operation.
The serial number of the certificate
The nr of bytes in @serial_nr
The raw issuer
The number of bytes in @issuer
a #GCancellable or %NULL
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
[func@trust_is_certificate_distrusted_async].
In the case of an error, %FALSE is also returned. Check @error to detect
if an error occurred.
%TRUE if the certificate is a trust anchor
the #GAsyncResult passed to the callback
Check if @certificate is pinned for @purpose to communicate with @peer.
A pinned certificate overrides all other certificate verification.
This call may block, see gcr_trust_is_certificate_pinned_async() for the
non-blocking version.
In the case of an error, %FALSE is also returned. Check @error to detect
if an error occurred.
%TRUE if the certificate is pinned for the host and purpose
a #GcrCertificate to check
the purpose string
the peer for this pinned
a #GCancellable
Check if @certificate is pinned for @purpose to communicate with @peer. A
pinned certificate overrides all other certificate verification.
When the operation is finished, callback will be called. You can then call
[func@Gcr.trust_is_certificate_pinned_finish] to get the result of the
operation.
a #GcrCertificate to check
the purpose string
the peer for this pinned
a #GCancellable
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
gcr_trust_is_certificate_pinned_async().
In the case of an error, %FALSE is also returned. Check @error to detect
if an error occurred.
%TRUE if the certificate is pinned.
the #GAsyncResult passed to the callback
Remove a pinned certificate for communication with @peer for @purpose.
If the same pinned certificate does not exist, or was already removed,
then this operation succeeds without error.
This call may block, see gcr_trust_remove_pinned_certificate_async() for the
non-blocking version.
%TRUE if the pinned certificate no longer exists
a #GcrCertificate
the purpose string
the peer for this pinned certificate
a #GCancellable
Remove a pinned certificate for communication with @peer for @purpose.
If the same pinned certificate does not exist, or was already removed,
then this operation succeeds without error.
When the operation is finished, callback will be called. You can then call
gcr_trust_remove_pinned_certificate_finish() to get the result of the
operation.
a #GcrCertificate
the purpose string
the peer for this pinned certificate
a #GCancellable
a #GAsyncReadyCallback to call when the operation completes
the data to pass to callback function
Finishes an asynchronous operation started by
gcr_trust_remove_pinned_certificate_async().
%TRUE if the pinned certificate no longer exists
the #GAsyncResult passed to the callback