{- | Copyright : Will Thompson, Iñaki García Etxebarria and Jonas Platte License : LGPL-2.1 Maintainer : Iñaki García Etxebarria (garetxe@gmail.com) A certificate used for TLS authentication and encryption. This can represent either a certificate only (eg, the certificate received by a client from a server), or the combination of a certificate and a private key (which is needed when acting as a 'GI.Gio.Interfaces.TlsServerConnection.TlsServerConnection'). /Since: 2.28/ -} #define ENABLE_OVERLOADING (MIN_VERSION_haskell_gi_overloading(1,0,0) \ && !defined(__HADDOCK_VERSION__)) module GI.Gio.Objects.TlsCertificate ( -- * Exported types TlsCertificate(..) , IsTlsCertificate , toTlsCertificate , noTlsCertificate , -- * Methods -- ** getIssuer #method:getIssuer# #if ENABLE_OVERLOADING TlsCertificateGetIssuerMethodInfo , #endif tlsCertificateGetIssuer , -- ** isSame #method:isSame# #if ENABLE_OVERLOADING TlsCertificateIsSameMethodInfo , #endif tlsCertificateIsSame , -- ** listNewFromFile #method:listNewFromFile# tlsCertificateListNewFromFile , -- ** newFromFile #method:newFromFile# tlsCertificateNewFromFile , -- ** newFromFiles #method:newFromFiles# tlsCertificateNewFromFiles , -- ** newFromPem #method:newFromPem# tlsCertificateNewFromPem , -- ** verify #method:verify# #if ENABLE_OVERLOADING TlsCertificateVerifyMethodInfo , #endif tlsCertificateVerify , -- * Properties -- ** certificate #attr:certificate# {- | The DER (binary) encoded representation of the certificate. This property and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/certificate-pem/@ property represent the same data, just in different forms. /Since: 2.28/ -} #if ENABLE_OVERLOADING TlsCertificateCertificatePropertyInfo , #endif constructTlsCertificateCertificate , getTlsCertificateCertificate , #if ENABLE_OVERLOADING tlsCertificateCertificate , #endif -- ** certificatePem #attr:certificatePem# {- | The PEM (ASCII) encoded representation of the certificate. This property and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/certificate/@ property represent the same data, just in different forms. /Since: 2.28/ -} #if ENABLE_OVERLOADING TlsCertificateCertificatePemPropertyInfo, #endif constructTlsCertificateCertificatePem , getTlsCertificateCertificatePem , #if ENABLE_OVERLOADING tlsCertificateCertificatePem , #endif -- ** issuer #attr:issuer# {- | A 'GI.Gio.Objects.TlsCertificate.TlsCertificate' representing the entity that issued this certificate. If 'Nothing', this means that the certificate is either self-signed, or else the certificate of the issuer is not available. /Since: 2.28/ -} #if ENABLE_OVERLOADING TlsCertificateIssuerPropertyInfo , #endif constructTlsCertificateIssuer , getTlsCertificateIssuer , #if ENABLE_OVERLOADING tlsCertificateIssuer , #endif -- ** privateKey #attr:privateKey# {- | The DER (binary) encoded representation of the certificate\'s private key, in either PKCS@/1/@ format or unencrypted PKCS@/8/@ format. This property (or the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key-pem/@ property) can be set when constructing a key (eg, from a file), but cannot be read. PKCS@/8/@ format is supported since 2.32; earlier releases only support PKCS@/1/@. You can use the @openssl rsa@ tool to convert PKCS@/8/@ keys to PKCS@/1/@. /Since: 2.28/ -} #if ENABLE_OVERLOADING TlsCertificatePrivateKeyPropertyInfo , #endif constructTlsCertificatePrivateKey , #if ENABLE_OVERLOADING tlsCertificatePrivateKey , #endif -- ** privateKeyPem #attr:privateKeyPem# {- | The PEM (ASCII) encoded representation of the certificate\'s private key in either PKCS@/1/@ format (\"@BEGIN RSA PRIVATE KEY@\") or unencrypted PKCS@/8/@ format (\"@BEGIN PRIVATE KEY@\"). This property (or the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key/@ property) can be set when constructing a key (eg, from a file), but cannot be read. PKCS@/8/@ format is supported since 2.32; earlier releases only support PKCS@/1/@. You can use the @openssl rsa@ tool to convert PKCS@/8/@ keys to PKCS@/1/@. /Since: 2.28/ -} #if ENABLE_OVERLOADING TlsCertificatePrivateKeyPemPropertyInfo , #endif constructTlsCertificatePrivateKeyPem , #if ENABLE_OVERLOADING tlsCertificatePrivateKeyPem , #endif ) where import Data.GI.Base.ShortPrelude import qualified Data.GI.Base.ShortPrelude as SP import qualified Data.GI.Base.Overloading as O import qualified Prelude as P import qualified Data.GI.Base.Attributes as GI.Attributes import qualified Data.GI.Base.ManagedPtr as B.ManagedPtr import qualified Data.GI.Base.GError as B.GError import qualified Data.GI.Base.GVariant as B.GVariant import qualified Data.GI.Base.GValue as B.GValue import qualified Data.GI.Base.GParamSpec as B.GParamSpec import qualified Data.GI.Base.CallStack as B.CallStack import qualified Data.Text as T import qualified Data.ByteString.Char8 as B import qualified Data.Map as Map import qualified Foreign.Ptr as FP import qualified GI.GObject.Objects.Object as GObject.Object import {-# SOURCE #-} qualified GI.Gio.Flags as Gio.Flags import {-# SOURCE #-} qualified GI.Gio.Interfaces.SocketConnectable as Gio.SocketConnectable -- | Memory-managed wrapper type. newtype TlsCertificate = TlsCertificate (ManagedPtr TlsCertificate) foreign import ccall "g_tls_certificate_get_type" c_g_tls_certificate_get_type :: IO GType instance GObject TlsCertificate where gobjectType _ = c_g_tls_certificate_get_type -- | Type class for types which can be safely cast to `TlsCertificate`, for instance with `toTlsCertificate`. class GObject o => IsTlsCertificate o #if MIN_VERSION_base(4,9,0) instance {-# OVERLAPPABLE #-} (GObject a, O.UnknownAncestorError TlsCertificate a) => IsTlsCertificate a #endif instance IsTlsCertificate TlsCertificate instance GObject.Object.IsObject TlsCertificate -- | Cast to `TlsCertificate`, for types for which this is known to be safe. For general casts, use `Data.GI.Base.ManagedPtr.castTo`. toTlsCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate toTlsCertificate = liftIO . unsafeCastTo TlsCertificate -- | A convenience alias for `Nothing` :: `Maybe` `TlsCertificate`. noTlsCertificate :: Maybe TlsCertificate noTlsCertificate = Nothing #if ENABLE_OVERLOADING type family ResolveTlsCertificateMethod (t :: Symbol) (o :: *) :: * where ResolveTlsCertificateMethod "bindProperty" o = GObject.Object.ObjectBindPropertyMethodInfo ResolveTlsCertificateMethod "bindPropertyFull" o = GObject.Object.ObjectBindPropertyFullMethodInfo ResolveTlsCertificateMethod "forceFloating" o = GObject.Object.ObjectForceFloatingMethodInfo ResolveTlsCertificateMethod "freezeNotify" o = GObject.Object.ObjectFreezeNotifyMethodInfo ResolveTlsCertificateMethod "getv" o = GObject.Object.ObjectGetvMethodInfo ResolveTlsCertificateMethod "isFloating" o = GObject.Object.ObjectIsFloatingMethodInfo ResolveTlsCertificateMethod "isSame" o = TlsCertificateIsSameMethodInfo ResolveTlsCertificateMethod "notify" o = GObject.Object.ObjectNotifyMethodInfo ResolveTlsCertificateMethod "notifyByPspec" o = GObject.Object.ObjectNotifyByPspecMethodInfo ResolveTlsCertificateMethod "ref" o = GObject.Object.ObjectRefMethodInfo ResolveTlsCertificateMethod "refSink" o = GObject.Object.ObjectRefSinkMethodInfo ResolveTlsCertificateMethod "runDispose" o = GObject.Object.ObjectRunDisposeMethodInfo ResolveTlsCertificateMethod "stealData" o = GObject.Object.ObjectStealDataMethodInfo ResolveTlsCertificateMethod "stealQdata" o = GObject.Object.ObjectStealQdataMethodInfo ResolveTlsCertificateMethod "thawNotify" o = GObject.Object.ObjectThawNotifyMethodInfo ResolveTlsCertificateMethod "unref" o = GObject.Object.ObjectUnrefMethodInfo ResolveTlsCertificateMethod "verify" o = TlsCertificateVerifyMethodInfo ResolveTlsCertificateMethod "watchClosure" o = GObject.Object.ObjectWatchClosureMethodInfo ResolveTlsCertificateMethod "getData" o = GObject.Object.ObjectGetDataMethodInfo ResolveTlsCertificateMethod "getIssuer" o = TlsCertificateGetIssuerMethodInfo ResolveTlsCertificateMethod "getProperty" o = GObject.Object.ObjectGetPropertyMethodInfo ResolveTlsCertificateMethod "getQdata" o = GObject.Object.ObjectGetQdataMethodInfo ResolveTlsCertificateMethod "setData" o = GObject.Object.ObjectSetDataMethodInfo ResolveTlsCertificateMethod "setProperty" o = GObject.Object.ObjectSetPropertyMethodInfo ResolveTlsCertificateMethod l o = O.MethodResolutionFailed l o instance (info ~ ResolveTlsCertificateMethod t TlsCertificate, O.MethodInfo info TlsCertificate p) => O.IsLabelProxy t (TlsCertificate -> p) where fromLabelProxy _ = O.overloadedMethod (O.MethodProxy :: O.MethodProxy info) #if MIN_VERSION_base(4,9,0) instance (info ~ ResolveTlsCertificateMethod t TlsCertificate, O.MethodInfo info TlsCertificate p) => O.IsLabel t (TlsCertificate -> p) where #if MIN_VERSION_base(4,10,0) fromLabel = O.overloadedMethod (O.MethodProxy :: O.MethodProxy info) #else fromLabel _ = O.overloadedMethod (O.MethodProxy :: O.MethodProxy info) #endif #endif #endif -- VVV Prop "certificate" -- Type: TByteArray -- Flags: [PropertyReadable,PropertyWritable,PropertyConstructOnly] -- Nullable: (Nothing,Nothing) {- | Get the value of the “@certificate@” property. When <https://github.com/haskell-gi/haskell-gi/wiki/Overloading overloading> is enabled, this is equivalent to @ 'Data.GI.Base.Attributes.get' tlsCertificate #certificate @ -} getTlsCertificateCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString) getTlsCertificateCertificate obj = liftIO $ getObjectPropertyByteArray obj "certificate" {- | Construct a `GValueConstruct` with valid value for the “@certificate@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`. -} constructTlsCertificateCertificate :: (IsTlsCertificate o) => ByteString -> IO (GValueConstruct o) constructTlsCertificateCertificate val = constructObjectPropertyByteArray "certificate" (Just val) #if ENABLE_OVERLOADING data TlsCertificateCertificatePropertyInfo instance AttrInfo TlsCertificateCertificatePropertyInfo where type AttrAllowedOps TlsCertificateCertificatePropertyInfo = '[ 'AttrConstruct, 'AttrGet, 'AttrClear] type AttrSetTypeConstraint TlsCertificateCertificatePropertyInfo = (~) ByteString type AttrBaseTypeConstraint TlsCertificateCertificatePropertyInfo = IsTlsCertificate type AttrGetType TlsCertificateCertificatePropertyInfo = (Maybe ByteString) type AttrLabel TlsCertificateCertificatePropertyInfo = "certificate" type AttrOrigin TlsCertificateCertificatePropertyInfo = TlsCertificate attrGet _ = getTlsCertificateCertificate attrSet _ = undefined attrConstruct _ = constructTlsCertificateCertificate attrClear _ = undefined #endif -- VVV Prop "certificate-pem" -- Type: TBasicType TUTF8 -- Flags: [PropertyReadable,PropertyWritable,PropertyConstructOnly] -- Nullable: (Nothing,Nothing) {- | Get the value of the “@certificate-pem@” property. When <https://github.com/haskell-gi/haskell-gi/wiki/Overloading overloading> is enabled, this is equivalent to @ 'Data.GI.Base.Attributes.get' tlsCertificate #certificatePem @ -} getTlsCertificateCertificatePem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe T.Text) getTlsCertificateCertificatePem obj = liftIO $ getObjectPropertyString obj "certificate-pem" {- | Construct a `GValueConstruct` with valid value for the “@certificate-pem@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`. -} constructTlsCertificateCertificatePem :: (IsTlsCertificate o) => T.Text -> IO (GValueConstruct o) constructTlsCertificateCertificatePem val = constructObjectPropertyString "certificate-pem" (Just val) #if ENABLE_OVERLOADING data TlsCertificateCertificatePemPropertyInfo instance AttrInfo TlsCertificateCertificatePemPropertyInfo where type AttrAllowedOps TlsCertificateCertificatePemPropertyInfo = '[ 'AttrConstruct, 'AttrGet, 'AttrClear] type AttrSetTypeConstraint TlsCertificateCertificatePemPropertyInfo = (~) T.Text type AttrBaseTypeConstraint TlsCertificateCertificatePemPropertyInfo = IsTlsCertificate type AttrGetType TlsCertificateCertificatePemPropertyInfo = (Maybe T.Text) type AttrLabel TlsCertificateCertificatePemPropertyInfo = "certificate-pem" type AttrOrigin TlsCertificateCertificatePemPropertyInfo = TlsCertificate attrGet _ = getTlsCertificateCertificatePem attrSet _ = undefined attrConstruct _ = constructTlsCertificateCertificatePem attrClear _ = undefined #endif -- VVV Prop "issuer" -- Type: TInterface (Name {namespace = "Gio", name = "TlsCertificate"}) -- Flags: [PropertyReadable,PropertyWritable,PropertyConstructOnly] -- Nullable: (Just False,Nothing) {- | Get the value of the “@issuer@” property. When <https://github.com/haskell-gi/haskell-gi/wiki/Overloading overloading> is enabled, this is equivalent to @ 'Data.GI.Base.Attributes.get' tlsCertificate #issuer @ -} getTlsCertificateIssuer :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate getTlsCertificateIssuer obj = liftIO $ checkUnexpectedNothing "getTlsCertificateIssuer" $ getObjectPropertyObject obj "issuer" TlsCertificate {- | Construct a `GValueConstruct` with valid value for the “@issuer@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`. -} constructTlsCertificateIssuer :: (IsTlsCertificate o, IsTlsCertificate a) => a -> IO (GValueConstruct o) constructTlsCertificateIssuer val = constructObjectPropertyObject "issuer" (Just val) #if ENABLE_OVERLOADING data TlsCertificateIssuerPropertyInfo instance AttrInfo TlsCertificateIssuerPropertyInfo where type AttrAllowedOps TlsCertificateIssuerPropertyInfo = '[ 'AttrConstruct, 'AttrGet, 'AttrClear] type AttrSetTypeConstraint TlsCertificateIssuerPropertyInfo = IsTlsCertificate type AttrBaseTypeConstraint TlsCertificateIssuerPropertyInfo = IsTlsCertificate type AttrGetType TlsCertificateIssuerPropertyInfo = TlsCertificate type AttrLabel TlsCertificateIssuerPropertyInfo = "issuer" type AttrOrigin TlsCertificateIssuerPropertyInfo = TlsCertificate attrGet _ = getTlsCertificateIssuer attrSet _ = undefined attrConstruct _ = constructTlsCertificateIssuer attrClear _ = undefined #endif -- VVV Prop "private-key" -- Type: TByteArray -- Flags: [PropertyWritable,PropertyConstructOnly] -- Nullable: (Nothing,Nothing) {- | Construct a `GValueConstruct` with valid value for the “@private-key@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`. -} constructTlsCertificatePrivateKey :: (IsTlsCertificate o) => ByteString -> IO (GValueConstruct o) constructTlsCertificatePrivateKey val = constructObjectPropertyByteArray "private-key" (Just val) #if ENABLE_OVERLOADING data TlsCertificatePrivateKeyPropertyInfo instance AttrInfo TlsCertificatePrivateKeyPropertyInfo where type AttrAllowedOps TlsCertificatePrivateKeyPropertyInfo = '[ 'AttrConstruct, 'AttrClear] type AttrSetTypeConstraint TlsCertificatePrivateKeyPropertyInfo = (~) ByteString type AttrBaseTypeConstraint TlsCertificatePrivateKeyPropertyInfo = IsTlsCertificate type AttrGetType TlsCertificatePrivateKeyPropertyInfo = () type AttrLabel TlsCertificatePrivateKeyPropertyInfo = "private-key" type AttrOrigin TlsCertificatePrivateKeyPropertyInfo = TlsCertificate attrGet _ = undefined attrSet _ = undefined attrConstruct _ = constructTlsCertificatePrivateKey attrClear _ = undefined #endif -- VVV Prop "private-key-pem" -- Type: TBasicType TUTF8 -- Flags: [PropertyWritable,PropertyConstructOnly] -- Nullable: (Nothing,Nothing) {- | Construct a `GValueConstruct` with valid value for the “@private-key-pem@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`. -} constructTlsCertificatePrivateKeyPem :: (IsTlsCertificate o) => T.Text -> IO (GValueConstruct o) constructTlsCertificatePrivateKeyPem val = constructObjectPropertyString "private-key-pem" (Just val) #if ENABLE_OVERLOADING data TlsCertificatePrivateKeyPemPropertyInfo instance AttrInfo TlsCertificatePrivateKeyPemPropertyInfo where type AttrAllowedOps TlsCertificatePrivateKeyPemPropertyInfo = '[ 'AttrConstruct, 'AttrClear] type AttrSetTypeConstraint TlsCertificatePrivateKeyPemPropertyInfo = (~) T.Text type AttrBaseTypeConstraint TlsCertificatePrivateKeyPemPropertyInfo = IsTlsCertificate type AttrGetType TlsCertificatePrivateKeyPemPropertyInfo = () type AttrLabel TlsCertificatePrivateKeyPemPropertyInfo = "private-key-pem" type AttrOrigin TlsCertificatePrivateKeyPemPropertyInfo = TlsCertificate attrGet _ = undefined attrSet _ = undefined attrConstruct _ = constructTlsCertificatePrivateKeyPem attrClear _ = undefined #endif #if ENABLE_OVERLOADING instance O.HasAttributeList TlsCertificate type instance O.AttributeList TlsCertificate = TlsCertificateAttributeList type TlsCertificateAttributeList = ('[ '("certificate", TlsCertificateCertificatePropertyInfo), '("certificatePem", TlsCertificateCertificatePemPropertyInfo), '("issuer", TlsCertificateIssuerPropertyInfo), '("privateKey", TlsCertificatePrivateKeyPropertyInfo), '("privateKeyPem", TlsCertificatePrivateKeyPemPropertyInfo)] :: [(Symbol, *)]) #endif #if ENABLE_OVERLOADING tlsCertificateCertificate :: AttrLabelProxy "certificate" tlsCertificateCertificate = AttrLabelProxy tlsCertificateCertificatePem :: AttrLabelProxy "certificatePem" tlsCertificateCertificatePem = AttrLabelProxy tlsCertificateIssuer :: AttrLabelProxy "issuer" tlsCertificateIssuer = AttrLabelProxy tlsCertificatePrivateKey :: AttrLabelProxy "privateKey" tlsCertificatePrivateKey = AttrLabelProxy tlsCertificatePrivateKeyPem :: AttrLabelProxy "privateKeyPem" tlsCertificatePrivateKeyPem = AttrLabelProxy #endif #if ENABLE_OVERLOADING type instance O.SignalList TlsCertificate = TlsCertificateSignalList type TlsCertificateSignalList = ('[ '("notify", GObject.Object.ObjectNotifySignalInfo)] :: [(Symbol, *)]) #endif -- method TlsCertificate::new_from_file -- method type : Constructor -- Args : [Arg {argCName = "file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing a PEM-encoded certificate to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"})) -- throws : True -- Skip return : False foreign import ccall "g_tls_certificate_new_from_file" g_tls_certificate_new_from_file :: CString -> -- file : TBasicType TFileName Ptr (Ptr GError) -> -- error IO (Ptr TlsCertificate) {- | Creates a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' from the PEM-encoded data in /@file@/. The returned certificate will be the first certificate found in /@file@/. As of GLib 2.44, if /@file@/ contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@ property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned. If /@file@/ cannot be read or parsed, the function will return 'Nothing' and set /@error@/. Otherwise, this behaves like 'GI.Gio.Objects.TlsCertificate.tlsCertificateNewFromPem'. /Since: 2.28/ -} tlsCertificateNewFromFile :: (B.CallStack.HasCallStack, MonadIO m) => [Char] {- ^ /@file@/: file containing a PEM-encoded certificate to import -} -> m TlsCertificate {- ^ __Returns:__ the new certificate, or 'Nothing' on error /(Can throw 'Data.GI.Base.GError.GError')/ -} tlsCertificateNewFromFile file = liftIO $ do file' <- stringToCString file onException (do result <- propagateGError $ g_tls_certificate_new_from_file file' checkUnexpectedReturnNULL "tlsCertificateNewFromFile" result result' <- (wrapObject TlsCertificate) result freeMem file' return result' ) (do freeMem file' ) #if ENABLE_OVERLOADING #endif -- method TlsCertificate::new_from_files -- method type : Constructor -- Args : [Arg {argCName = "cert_file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing one or more PEM-encoded\n certificates to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "key_file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing a PEM-encoded private key\n to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"})) -- throws : True -- Skip return : False foreign import ccall "g_tls_certificate_new_from_files" g_tls_certificate_new_from_files :: CString -> -- cert_file : TBasicType TFileName CString -> -- key_file : TBasicType TFileName Ptr (Ptr GError) -> -- error IO (Ptr TlsCertificate) {- | Creates a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' from the PEM-encoded data in /@certFile@/ and /@keyFile@/. The returned certificate will be the first certificate found in /@certFile@/. As of GLib 2.44, if /@certFile@/ contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@ property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned. If either file cannot be read or parsed, the function will return 'Nothing' and set /@error@/. Otherwise, this behaves like 'GI.Gio.Objects.TlsCertificate.tlsCertificateNewFromPem'. /Since: 2.28/ -} tlsCertificateNewFromFiles :: (B.CallStack.HasCallStack, MonadIO m) => [Char] {- ^ /@certFile@/: file containing one or more PEM-encoded certificates to import -} -> [Char] {- ^ /@keyFile@/: file containing a PEM-encoded private key to import -} -> m TlsCertificate {- ^ __Returns:__ the new certificate, or 'Nothing' on error /(Can throw 'Data.GI.Base.GError.GError')/ -} tlsCertificateNewFromFiles certFile keyFile = liftIO $ do certFile' <- stringToCString certFile keyFile' <- stringToCString keyFile onException (do result <- propagateGError $ g_tls_certificate_new_from_files certFile' keyFile' checkUnexpectedReturnNULL "tlsCertificateNewFromFiles" result result' <- (wrapObject TlsCertificate) result freeMem certFile' freeMem keyFile' return result' ) (do freeMem certFile' freeMem keyFile' ) #if ENABLE_OVERLOADING #endif -- method TlsCertificate::new_from_pem -- method type : Constructor -- Args : [Arg {argCName = "data", argType = TBasicType TUTF8, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "PEM-encoded certificate data", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "length", argType = TBasicType TInt64, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "the length of @data, or -1 if it's 0-terminated.", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"})) -- throws : True -- Skip return : False foreign import ccall "g_tls_certificate_new_from_pem" g_tls_certificate_new_from_pem :: CString -> -- data : TBasicType TUTF8 Int64 -> -- length : TBasicType TInt64 Ptr (Ptr GError) -> -- error IO (Ptr TlsCertificate) {- | Creates a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' from the PEM-encoded data in /@data@/. If /@data@/ includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key-pem/@ property for information about supported formats.) The returned certificate will be the first certificate found in /@data@/. As of GLib 2.44, if /@data@/ contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@ property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned. /Since: 2.28/ -} tlsCertificateNewFromPem :: (B.CallStack.HasCallStack, MonadIO m) => T.Text {- ^ /@data@/: PEM-encoded certificate data -} -> Int64 {- ^ /@length@/: the length of /@data@/, or -1 if it\'s 0-terminated. -} -> m TlsCertificate {- ^ __Returns:__ the new certificate, or 'Nothing' if /@data@/ is invalid /(Can throw 'Data.GI.Base.GError.GError')/ -} tlsCertificateNewFromPem data_ length_ = liftIO $ do data_' <- textToCString data_ onException (do result <- propagateGError $ g_tls_certificate_new_from_pem data_' length_ checkUnexpectedReturnNULL "tlsCertificateNewFromPem" result result' <- (wrapObject TlsCertificate) result freeMem data_' return result' ) (do freeMem data_' ) #if ENABLE_OVERLOADING #endif -- method TlsCertificate::get_issuer -- method type : OrdinaryMethod -- Args : [Arg {argCName = "cert", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "a #GTlsCertificate", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"})) -- throws : False -- Skip return : False foreign import ccall "g_tls_certificate_get_issuer" g_tls_certificate_get_issuer :: Ptr TlsCertificate -> -- cert : TInterface (Name {namespace = "Gio", name = "TlsCertificate"}) IO (Ptr TlsCertificate) {- | Gets the 'GI.Gio.Objects.TlsCertificate.TlsCertificate' representing /@cert@/\'s issuer, if known /Since: 2.28/ -} tlsCertificateGetIssuer :: (B.CallStack.HasCallStack, MonadIO m, IsTlsCertificate a) => a {- ^ /@cert@/: a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' -} -> m TlsCertificate {- ^ __Returns:__ The certificate of /@cert@/\'s issuer, or 'Nothing' if /@cert@/ is self-signed or signed with an unknown certificate. -} tlsCertificateGetIssuer cert = liftIO $ do cert' <- unsafeManagedPtrCastPtr cert result <- g_tls_certificate_get_issuer cert' checkUnexpectedReturnNULL "tlsCertificateGetIssuer" result result' <- (newObject TlsCertificate) result touchManagedPtr cert return result' #if ENABLE_OVERLOADING data TlsCertificateGetIssuerMethodInfo instance (signature ~ (m TlsCertificate), MonadIO m, IsTlsCertificate a) => O.MethodInfo TlsCertificateGetIssuerMethodInfo a signature where overloadedMethod _ = tlsCertificateGetIssuer #endif -- method TlsCertificate::is_same -- method type : OrdinaryMethod -- Args : [Arg {argCName = "cert_one", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "first certificate to compare", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "cert_two", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "second certificate to compare", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TBasicType TBoolean) -- throws : False -- Skip return : False foreign import ccall "g_tls_certificate_is_same" g_tls_certificate_is_same :: Ptr TlsCertificate -> -- cert_one : TInterface (Name {namespace = "Gio", name = "TlsCertificate"}) Ptr TlsCertificate -> -- cert_two : TInterface (Name {namespace = "Gio", name = "TlsCertificate"}) IO CInt {- | Check if two 'GI.Gio.Objects.TlsCertificate.TlsCertificate' objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@, 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key/@, or 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key-pem/@ properties differ. /Since: 2.34/ -} tlsCertificateIsSame :: (B.CallStack.HasCallStack, MonadIO m, IsTlsCertificate a, IsTlsCertificate b) => a {- ^ /@certOne@/: first certificate to compare -} -> b {- ^ /@certTwo@/: second certificate to compare -} -> m Bool {- ^ __Returns:__ whether the same or not -} tlsCertificateIsSame certOne certTwo = liftIO $ do certOne' <- unsafeManagedPtrCastPtr certOne certTwo' <- unsafeManagedPtrCastPtr certTwo result <- g_tls_certificate_is_same certOne' certTwo' let result' = (/= 0) result touchManagedPtr certOne touchManagedPtr certTwo return result' #if ENABLE_OVERLOADING data TlsCertificateIsSameMethodInfo instance (signature ~ (b -> m Bool), MonadIO m, IsTlsCertificate a, IsTlsCertificate b) => O.MethodInfo TlsCertificateIsSameMethodInfo a signature where overloadedMethod _ = tlsCertificateIsSame #endif -- method TlsCertificate::verify -- method type : OrdinaryMethod -- Args : [Arg {argCName = "cert", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "a #GTlsCertificate", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "identity", argType = TInterface (Name {namespace = "Gio", name = "SocketConnectable"}), direction = DirectionIn, mayBeNull = True, argDoc = Documentation {rawDocText = Just "the expected peer identity", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "trusted_ca", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = True, argDoc = Documentation {rawDocText = Just "the certificate of a trusted authority", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificateFlags"})) -- throws : False -- Skip return : False foreign import ccall "g_tls_certificate_verify" g_tls_certificate_verify :: Ptr TlsCertificate -> -- cert : TInterface (Name {namespace = "Gio", name = "TlsCertificate"}) Ptr Gio.SocketConnectable.SocketConnectable -> -- identity : TInterface (Name {namespace = "Gio", name = "SocketConnectable"}) Ptr TlsCertificate -> -- trusted_ca : TInterface (Name {namespace = "Gio", name = "TlsCertificate"}) IO CUInt {- | This verifies /@cert@/ and returns a set of 'GI.Gio.Flags.TlsCertificateFlags' indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database. If /@identity@/ is not 'Nothing', /@cert@/\'s name(s) will be compared against it, and 'GI.Gio.Flags.TlsCertificateFlagsBadIdentity' will be set in the return value if it does not match. If /@identity@/ is 'Nothing', that bit will never be set in the return value. If /@trustedCa@/ is not 'Nothing', then /@cert@/ (or one of the certificates in its chain) must be signed by it, or else 'GI.Gio.Flags.TlsCertificateFlagsUnknownCa' will be set in the return value. If /@trustedCa@/ is 'Nothing', that bit will never be set in the return value. (All other 'GI.Gio.Flags.TlsCertificateFlags' values will always be set or unset as appropriate.) /Since: 2.28/ -} tlsCertificateVerify :: (B.CallStack.HasCallStack, MonadIO m, IsTlsCertificate a, Gio.SocketConnectable.IsSocketConnectable b, IsTlsCertificate c) => a {- ^ /@cert@/: a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' -} -> Maybe (b) {- ^ /@identity@/: the expected peer identity -} -> Maybe (c) {- ^ /@trustedCa@/: the certificate of a trusted authority -} -> m [Gio.Flags.TlsCertificateFlags] {- ^ __Returns:__ the appropriate 'GI.Gio.Flags.TlsCertificateFlags' -} tlsCertificateVerify cert identity trustedCa = liftIO $ do cert' <- unsafeManagedPtrCastPtr cert maybeIdentity <- case identity of Nothing -> return nullPtr Just jIdentity -> do jIdentity' <- unsafeManagedPtrCastPtr jIdentity return jIdentity' maybeTrustedCa <- case trustedCa of Nothing -> return nullPtr Just jTrustedCa -> do jTrustedCa' <- unsafeManagedPtrCastPtr jTrustedCa return jTrustedCa' result <- g_tls_certificate_verify cert' maybeIdentity maybeTrustedCa let result' = wordToGFlags result touchManagedPtr cert whenJust identity touchManagedPtr whenJust trustedCa touchManagedPtr return result' #if ENABLE_OVERLOADING data TlsCertificateVerifyMethodInfo instance (signature ~ (Maybe (b) -> Maybe (c) -> m [Gio.Flags.TlsCertificateFlags]), MonadIO m, IsTlsCertificate a, Gio.SocketConnectable.IsSocketConnectable b, IsTlsCertificate c) => O.MethodInfo TlsCertificateVerifyMethodInfo a signature where overloadedMethod _ = tlsCertificateVerify #endif -- method TlsCertificate::list_new_from_file -- method type : MemberFunction -- Args : [Arg {argCName = "file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing PEM-encoded certificates to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}] -- Lengths : [] -- returnType : Just (TGList (TInterface (Name {namespace = "Gio", name = "TlsCertificate"}))) -- throws : True -- Skip return : False foreign import ccall "g_tls_certificate_list_new_from_file" g_tls_certificate_list_new_from_file :: CString -> -- file : TBasicType TFileName Ptr (Ptr GError) -> -- error IO (Ptr (GList (Ptr TlsCertificate))) {- | Creates one or more @/GTlsCertificates/@ from the PEM-encoded data in /@file@/. If /@file@/ cannot be read or parsed, the function will return 'Nothing' and set /@error@/. If /@file@/ does not contain any PEM-encoded certificates, this will return an empty list and not set /@error@/. /Since: 2.28/ -} tlsCertificateListNewFromFile :: (B.CallStack.HasCallStack, MonadIO m) => [Char] {- ^ /@file@/: file containing PEM-encoded certificates to import -} -> m [TlsCertificate] {- ^ __Returns:__ a 'GI.GLib.Structs.List.List' containing 'GI.Gio.Objects.TlsCertificate.TlsCertificate' objects. You must free the list and its contents when you are done with it. /(Can throw 'Data.GI.Base.GError.GError')/ -} tlsCertificateListNewFromFile file = liftIO $ do file' <- stringToCString file onException (do result <- propagateGError $ g_tls_certificate_list_new_from_file file' result' <- unpackGList result result'' <- mapM (wrapObject TlsCertificate) result' g_list_free result freeMem file' return result'' ) (do freeMem file' ) #if ENABLE_OVERLOADING #endif