{- |
Copyright  : Will Thompson, Iñaki García Etxebarria and Jonas Platte
License    : LGPL-2.1
Maintainer : Iñaki García Etxebarria (garetxe@gmail.com)

A certificate used for TLS authentication and encryption.
This can represent either a certificate only (eg, the certificate
received by a client from a server), or the combination of
a certificate and a private key (which is needed when acting as a
'GI.Gio.Interfaces.TlsServerConnection.TlsServerConnection').

/Since: 2.28/
-}

#define ENABLE_OVERLOADING (MIN_VERSION_haskell_gi_overloading(1,0,0) \
       && !defined(__HADDOCK_VERSION__))

module GI.Gio.Objects.TlsCertificate
    (

-- * Exported types
    TlsCertificate(..)                      ,
    IsTlsCertificate                        ,
    toTlsCertificate                        ,
    noTlsCertificate                        ,


 -- * Methods
-- ** getIssuer #method:getIssuer#

#if ENABLE_OVERLOADING
    TlsCertificateGetIssuerMethodInfo       ,
#endif
    tlsCertificateGetIssuer                 ,


-- ** isSame #method:isSame#

#if ENABLE_OVERLOADING
    TlsCertificateIsSameMethodInfo          ,
#endif
    tlsCertificateIsSame                    ,


-- ** listNewFromFile #method:listNewFromFile#

    tlsCertificateListNewFromFile           ,


-- ** newFromFile #method:newFromFile#

    tlsCertificateNewFromFile               ,


-- ** newFromFiles #method:newFromFiles#

    tlsCertificateNewFromFiles              ,


-- ** newFromPem #method:newFromPem#

    tlsCertificateNewFromPem                ,


-- ** verify #method:verify#

#if ENABLE_OVERLOADING
    TlsCertificateVerifyMethodInfo          ,
#endif
    tlsCertificateVerify                    ,




 -- * Properties
-- ** certificate #attr:certificate#
{- | The DER (binary) encoded representation of the certificate.
This property and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/certificate-pem/@ property
represent the same data, just in different forms.

/Since: 2.28/
-}
#if ENABLE_OVERLOADING
    TlsCertificateCertificatePropertyInfo   ,
#endif
    constructTlsCertificateCertificate      ,
    getTlsCertificateCertificate            ,
#if ENABLE_OVERLOADING
    tlsCertificateCertificate               ,
#endif


-- ** certificatePem #attr:certificatePem#
{- | The PEM (ASCII) encoded representation of the certificate.
This property and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/certificate/@
property represent the same data, just in different forms.

/Since: 2.28/
-}
#if ENABLE_OVERLOADING
    TlsCertificateCertificatePemPropertyInfo,
#endif
    constructTlsCertificateCertificatePem   ,
    getTlsCertificateCertificatePem         ,
#if ENABLE_OVERLOADING
    tlsCertificateCertificatePem            ,
#endif


-- ** issuer #attr:issuer#
{- | A 'GI.Gio.Objects.TlsCertificate.TlsCertificate' representing the entity that issued this
certificate. If 'Nothing', this means that the certificate is either
self-signed, or else the certificate of the issuer is not
available.

/Since: 2.28/
-}
#if ENABLE_OVERLOADING
    TlsCertificateIssuerPropertyInfo        ,
#endif
    constructTlsCertificateIssuer           ,
    getTlsCertificateIssuer                 ,
#if ENABLE_OVERLOADING
    tlsCertificateIssuer                    ,
#endif


-- ** privateKey #attr:privateKey#
{- | The DER (binary) encoded representation of the certificate\'s
private key, in either PKCS@/1/@ format or unencrypted PKCS@/8/@
format. This property (or the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key-pem/@
property) can be set when constructing a key (eg, from a file),
but cannot be read.

PKCS@/8/@ format is supported since 2.32; earlier releases only
support PKCS@/1/@. You can use the @openssl rsa@
tool to convert PKCS@/8/@ keys to PKCS@/1/@.

/Since: 2.28/
-}
#if ENABLE_OVERLOADING
    TlsCertificatePrivateKeyPropertyInfo    ,
#endif
    constructTlsCertificatePrivateKey       ,
#if ENABLE_OVERLOADING
    tlsCertificatePrivateKey                ,
#endif


-- ** privateKeyPem #attr:privateKeyPem#
{- | The PEM (ASCII) encoded representation of the certificate\'s
private key in either PKCS@/1/@ format (\"@BEGIN RSA PRIVATE
KEY@\") or unencrypted PKCS@/8/@ format (\"@BEGIN
PRIVATE KEY@\"). This property (or the
'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key/@ property) can be set when
constructing a key (eg, from a file), but cannot be read.

PKCS@/8/@ format is supported since 2.32; earlier releases only
support PKCS@/1/@. You can use the @openssl rsa@
tool to convert PKCS@/8/@ keys to PKCS@/1/@.

/Since: 2.28/
-}
#if ENABLE_OVERLOADING
    TlsCertificatePrivateKeyPemPropertyInfo ,
#endif
    constructTlsCertificatePrivateKeyPem    ,
#if ENABLE_OVERLOADING
    tlsCertificatePrivateKeyPem             ,
#endif




    ) where

import Data.GI.Base.ShortPrelude
import qualified Data.GI.Base.ShortPrelude as SP
import qualified Data.GI.Base.Overloading as O
import qualified Prelude as P

import qualified Data.GI.Base.Attributes as GI.Attributes
import qualified Data.GI.Base.ManagedPtr as B.ManagedPtr
import qualified Data.GI.Base.GError as B.GError
import qualified Data.GI.Base.GVariant as B.GVariant
import qualified Data.GI.Base.GValue as B.GValue
import qualified Data.GI.Base.GParamSpec as B.GParamSpec
import qualified Data.GI.Base.CallStack as B.CallStack
import qualified Data.Text as T
import qualified Data.ByteString.Char8 as B
import qualified Data.Map as Map
import qualified Foreign.Ptr as FP

import qualified GI.GObject.Objects.Object as GObject.Object
import {-# SOURCE #-} qualified GI.Gio.Flags as Gio.Flags
import {-# SOURCE #-} qualified GI.Gio.Interfaces.SocketConnectable as Gio.SocketConnectable

-- | Memory-managed wrapper type.
newtype TlsCertificate = TlsCertificate (ManagedPtr TlsCertificate)
foreign import ccall "g_tls_certificate_get_type"
    c_g_tls_certificate_get_type :: IO GType

instance GObject TlsCertificate where
    gobjectType _ = c_g_tls_certificate_get_type


-- | Type class for types which can be safely cast to `TlsCertificate`, for instance with `toTlsCertificate`.
class GObject o => IsTlsCertificate o
#if MIN_VERSION_base(4,9,0)
instance {-# OVERLAPPABLE #-} (GObject a, O.UnknownAncestorError TlsCertificate a) =>
    IsTlsCertificate a
#endif
instance IsTlsCertificate TlsCertificate
instance GObject.Object.IsObject TlsCertificate

-- | Cast to `TlsCertificate`, for types for which this is known to be safe. For general casts, use `Data.GI.Base.ManagedPtr.castTo`.
toTlsCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate
toTlsCertificate = liftIO . unsafeCastTo TlsCertificate

-- | A convenience alias for `Nothing` :: `Maybe` `TlsCertificate`.
noTlsCertificate :: Maybe TlsCertificate
noTlsCertificate = Nothing

#if ENABLE_OVERLOADING
type family ResolveTlsCertificateMethod (t :: Symbol) (o :: *) :: * where
    ResolveTlsCertificateMethod "bindProperty" o = GObject.Object.ObjectBindPropertyMethodInfo
    ResolveTlsCertificateMethod "bindPropertyFull" o = GObject.Object.ObjectBindPropertyFullMethodInfo
    ResolveTlsCertificateMethod "forceFloating" o = GObject.Object.ObjectForceFloatingMethodInfo
    ResolveTlsCertificateMethod "freezeNotify" o = GObject.Object.ObjectFreezeNotifyMethodInfo
    ResolveTlsCertificateMethod "getv" o = GObject.Object.ObjectGetvMethodInfo
    ResolveTlsCertificateMethod "isFloating" o = GObject.Object.ObjectIsFloatingMethodInfo
    ResolveTlsCertificateMethod "isSame" o = TlsCertificateIsSameMethodInfo
    ResolveTlsCertificateMethod "notify" o = GObject.Object.ObjectNotifyMethodInfo
    ResolveTlsCertificateMethod "notifyByPspec" o = GObject.Object.ObjectNotifyByPspecMethodInfo
    ResolveTlsCertificateMethod "ref" o = GObject.Object.ObjectRefMethodInfo
    ResolveTlsCertificateMethod "refSink" o = GObject.Object.ObjectRefSinkMethodInfo
    ResolveTlsCertificateMethod "runDispose" o = GObject.Object.ObjectRunDisposeMethodInfo
    ResolveTlsCertificateMethod "stealData" o = GObject.Object.ObjectStealDataMethodInfo
    ResolveTlsCertificateMethod "stealQdata" o = GObject.Object.ObjectStealQdataMethodInfo
    ResolveTlsCertificateMethod "thawNotify" o = GObject.Object.ObjectThawNotifyMethodInfo
    ResolveTlsCertificateMethod "unref" o = GObject.Object.ObjectUnrefMethodInfo
    ResolveTlsCertificateMethod "verify" o = TlsCertificateVerifyMethodInfo
    ResolveTlsCertificateMethod "watchClosure" o = GObject.Object.ObjectWatchClosureMethodInfo
    ResolveTlsCertificateMethod "getData" o = GObject.Object.ObjectGetDataMethodInfo
    ResolveTlsCertificateMethod "getIssuer" o = TlsCertificateGetIssuerMethodInfo
    ResolveTlsCertificateMethod "getProperty" o = GObject.Object.ObjectGetPropertyMethodInfo
    ResolveTlsCertificateMethod "getQdata" o = GObject.Object.ObjectGetQdataMethodInfo
    ResolveTlsCertificateMethod "setData" o = GObject.Object.ObjectSetDataMethodInfo
    ResolveTlsCertificateMethod "setProperty" o = GObject.Object.ObjectSetPropertyMethodInfo
    ResolveTlsCertificateMethod l o = O.MethodResolutionFailed l o

instance (info ~ ResolveTlsCertificateMethod t TlsCertificate, O.MethodInfo info TlsCertificate p) => O.IsLabelProxy t (TlsCertificate -> p) where
    fromLabelProxy _ = O.overloadedMethod (O.MethodProxy :: O.MethodProxy info)

#if MIN_VERSION_base(4,9,0)
instance (info ~ ResolveTlsCertificateMethod t TlsCertificate, O.MethodInfo info TlsCertificate p) => O.IsLabel t (TlsCertificate -> p) where
#if MIN_VERSION_base(4,10,0)
    fromLabel = O.overloadedMethod (O.MethodProxy :: O.MethodProxy info)
#else
    fromLabel _ = O.overloadedMethod (O.MethodProxy :: O.MethodProxy info)
#endif
#endif

#endif

-- VVV Prop "certificate"
   -- Type: TByteArray
   -- Flags: [PropertyReadable,PropertyWritable,PropertyConstructOnly]
   -- Nullable: (Nothing,Nothing)

{- |
Get the value of the “@certificate@” property.
When <https://github.com/haskell-gi/haskell-gi/wiki/Overloading overloading> is enabled, this is equivalent to

@
'Data.GI.Base.Attributes.get' tlsCertificate #certificate
@
-}
getTlsCertificateCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString)
getTlsCertificateCertificate obj = liftIO $ getObjectPropertyByteArray obj "certificate"

{- |
Construct a `GValueConstruct` with valid value for the “@certificate@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`.
-}
constructTlsCertificateCertificate :: (IsTlsCertificate o) => ByteString -> IO (GValueConstruct o)
constructTlsCertificateCertificate val = constructObjectPropertyByteArray "certificate" (Just val)

#if ENABLE_OVERLOADING
data TlsCertificateCertificatePropertyInfo
instance AttrInfo TlsCertificateCertificatePropertyInfo where
    type AttrAllowedOps TlsCertificateCertificatePropertyInfo = '[ 'AttrConstruct, 'AttrGet, 'AttrClear]
    type AttrSetTypeConstraint TlsCertificateCertificatePropertyInfo = (~) ByteString
    type AttrBaseTypeConstraint TlsCertificateCertificatePropertyInfo = IsTlsCertificate
    type AttrGetType TlsCertificateCertificatePropertyInfo = (Maybe ByteString)
    type AttrLabel TlsCertificateCertificatePropertyInfo = "certificate"
    type AttrOrigin TlsCertificateCertificatePropertyInfo = TlsCertificate
    attrGet _ = getTlsCertificateCertificate
    attrSet _ = undefined
    attrConstruct _ = constructTlsCertificateCertificate
    attrClear _ = undefined
#endif

-- VVV Prop "certificate-pem"
   -- Type: TBasicType TUTF8
   -- Flags: [PropertyReadable,PropertyWritable,PropertyConstructOnly]
   -- Nullable: (Nothing,Nothing)

{- |
Get the value of the “@certificate-pem@” property.
When <https://github.com/haskell-gi/haskell-gi/wiki/Overloading overloading> is enabled, this is equivalent to

@
'Data.GI.Base.Attributes.get' tlsCertificate #certificatePem
@
-}
getTlsCertificateCertificatePem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe T.Text)
getTlsCertificateCertificatePem obj = liftIO $ getObjectPropertyString obj "certificate-pem"

{- |
Construct a `GValueConstruct` with valid value for the “@certificate-pem@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`.
-}
constructTlsCertificateCertificatePem :: (IsTlsCertificate o) => T.Text -> IO (GValueConstruct o)
constructTlsCertificateCertificatePem val = constructObjectPropertyString "certificate-pem" (Just val)

#if ENABLE_OVERLOADING
data TlsCertificateCertificatePemPropertyInfo
instance AttrInfo TlsCertificateCertificatePemPropertyInfo where
    type AttrAllowedOps TlsCertificateCertificatePemPropertyInfo = '[ 'AttrConstruct, 'AttrGet, 'AttrClear]
    type AttrSetTypeConstraint TlsCertificateCertificatePemPropertyInfo = (~) T.Text
    type AttrBaseTypeConstraint TlsCertificateCertificatePemPropertyInfo = IsTlsCertificate
    type AttrGetType TlsCertificateCertificatePemPropertyInfo = (Maybe T.Text)
    type AttrLabel TlsCertificateCertificatePemPropertyInfo = "certificate-pem"
    type AttrOrigin TlsCertificateCertificatePemPropertyInfo = TlsCertificate
    attrGet _ = getTlsCertificateCertificatePem
    attrSet _ = undefined
    attrConstruct _ = constructTlsCertificateCertificatePem
    attrClear _ = undefined
#endif

-- VVV Prop "issuer"
   -- Type: TInterface (Name {namespace = "Gio", name = "TlsCertificate"})
   -- Flags: [PropertyReadable,PropertyWritable,PropertyConstructOnly]
   -- Nullable: (Just False,Nothing)

{- |
Get the value of the “@issuer@” property.
When <https://github.com/haskell-gi/haskell-gi/wiki/Overloading overloading> is enabled, this is equivalent to

@
'Data.GI.Base.Attributes.get' tlsCertificate #issuer
@
-}
getTlsCertificateIssuer :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate
getTlsCertificateIssuer obj = liftIO $ checkUnexpectedNothing "getTlsCertificateIssuer" $ getObjectPropertyObject obj "issuer" TlsCertificate

{- |
Construct a `GValueConstruct` with valid value for the “@issuer@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`.
-}
constructTlsCertificateIssuer :: (IsTlsCertificate o, IsTlsCertificate a) => a -> IO (GValueConstruct o)
constructTlsCertificateIssuer val = constructObjectPropertyObject "issuer" (Just val)

#if ENABLE_OVERLOADING
data TlsCertificateIssuerPropertyInfo
instance AttrInfo TlsCertificateIssuerPropertyInfo where
    type AttrAllowedOps TlsCertificateIssuerPropertyInfo = '[ 'AttrConstruct, 'AttrGet, 'AttrClear]
    type AttrSetTypeConstraint TlsCertificateIssuerPropertyInfo = IsTlsCertificate
    type AttrBaseTypeConstraint TlsCertificateIssuerPropertyInfo = IsTlsCertificate
    type AttrGetType TlsCertificateIssuerPropertyInfo = TlsCertificate
    type AttrLabel TlsCertificateIssuerPropertyInfo = "issuer"
    type AttrOrigin TlsCertificateIssuerPropertyInfo = TlsCertificate
    attrGet _ = getTlsCertificateIssuer
    attrSet _ = undefined
    attrConstruct _ = constructTlsCertificateIssuer
    attrClear _ = undefined
#endif

-- VVV Prop "private-key"
   -- Type: TByteArray
   -- Flags: [PropertyWritable,PropertyConstructOnly]
   -- Nullable: (Nothing,Nothing)

{- |
Construct a `GValueConstruct` with valid value for the “@private-key@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`.
-}
constructTlsCertificatePrivateKey :: (IsTlsCertificate o) => ByteString -> IO (GValueConstruct o)
constructTlsCertificatePrivateKey val = constructObjectPropertyByteArray "private-key" (Just val)

#if ENABLE_OVERLOADING
data TlsCertificatePrivateKeyPropertyInfo
instance AttrInfo TlsCertificatePrivateKeyPropertyInfo where
    type AttrAllowedOps TlsCertificatePrivateKeyPropertyInfo = '[ 'AttrConstruct, 'AttrClear]
    type AttrSetTypeConstraint TlsCertificatePrivateKeyPropertyInfo = (~) ByteString
    type AttrBaseTypeConstraint TlsCertificatePrivateKeyPropertyInfo = IsTlsCertificate
    type AttrGetType TlsCertificatePrivateKeyPropertyInfo = ()
    type AttrLabel TlsCertificatePrivateKeyPropertyInfo = "private-key"
    type AttrOrigin TlsCertificatePrivateKeyPropertyInfo = TlsCertificate
    attrGet _ = undefined
    attrSet _ = undefined
    attrConstruct _ = constructTlsCertificatePrivateKey
    attrClear _ = undefined
#endif

-- VVV Prop "private-key-pem"
   -- Type: TBasicType TUTF8
   -- Flags: [PropertyWritable,PropertyConstructOnly]
   -- Nullable: (Nothing,Nothing)

{- |
Construct a `GValueConstruct` with valid value for the “@private-key-pem@” property. This is rarely needed directly, but it is used by `Data.GI.Base.Constructible.new`.
-}
constructTlsCertificatePrivateKeyPem :: (IsTlsCertificate o) => T.Text -> IO (GValueConstruct o)
constructTlsCertificatePrivateKeyPem val = constructObjectPropertyString "private-key-pem" (Just val)

#if ENABLE_OVERLOADING
data TlsCertificatePrivateKeyPemPropertyInfo
instance AttrInfo TlsCertificatePrivateKeyPemPropertyInfo where
    type AttrAllowedOps TlsCertificatePrivateKeyPemPropertyInfo = '[ 'AttrConstruct, 'AttrClear]
    type AttrSetTypeConstraint TlsCertificatePrivateKeyPemPropertyInfo = (~) T.Text
    type AttrBaseTypeConstraint TlsCertificatePrivateKeyPemPropertyInfo = IsTlsCertificate
    type AttrGetType TlsCertificatePrivateKeyPemPropertyInfo = ()
    type AttrLabel TlsCertificatePrivateKeyPemPropertyInfo = "private-key-pem"
    type AttrOrigin TlsCertificatePrivateKeyPemPropertyInfo = TlsCertificate
    attrGet _ = undefined
    attrSet _ = undefined
    attrConstruct _ = constructTlsCertificatePrivateKeyPem
    attrClear _ = undefined
#endif

#if ENABLE_OVERLOADING
instance O.HasAttributeList TlsCertificate
type instance O.AttributeList TlsCertificate = TlsCertificateAttributeList
type TlsCertificateAttributeList = ('[ '("certificate", TlsCertificateCertificatePropertyInfo), '("certificatePem", TlsCertificateCertificatePemPropertyInfo), '("issuer", TlsCertificateIssuerPropertyInfo), '("privateKey", TlsCertificatePrivateKeyPropertyInfo), '("privateKeyPem", TlsCertificatePrivateKeyPemPropertyInfo)] :: [(Symbol, *)])
#endif

#if ENABLE_OVERLOADING
tlsCertificateCertificate :: AttrLabelProxy "certificate"
tlsCertificateCertificate = AttrLabelProxy

tlsCertificateCertificatePem :: AttrLabelProxy "certificatePem"
tlsCertificateCertificatePem = AttrLabelProxy

tlsCertificateIssuer :: AttrLabelProxy "issuer"
tlsCertificateIssuer = AttrLabelProxy

tlsCertificatePrivateKey :: AttrLabelProxy "privateKey"
tlsCertificatePrivateKey = AttrLabelProxy

tlsCertificatePrivateKeyPem :: AttrLabelProxy "privateKeyPem"
tlsCertificatePrivateKeyPem = AttrLabelProxy

#endif

#if ENABLE_OVERLOADING
type instance O.SignalList TlsCertificate = TlsCertificateSignalList
type TlsCertificateSignalList = ('[ '("notify", GObject.Object.ObjectNotifySignalInfo)] :: [(Symbol, *)])

#endif

-- method TlsCertificate::new_from_file
-- method type : Constructor
-- Args : [Arg {argCName = "file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing a PEM-encoded certificate to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"}))
-- throws : True
-- Skip return : False

foreign import ccall "g_tls_certificate_new_from_file" g_tls_certificate_new_from_file ::
    CString ->                              -- file : TBasicType TFileName
    Ptr (Ptr GError) ->                     -- error
    IO (Ptr TlsCertificate)

{- |
Creates a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' from the PEM-encoded data in /@file@/. The
returned certificate will be the first certificate found in /@file@/. As
of GLib 2.44, if /@file@/ contains more certificates it will try to load
a certificate chain. All certificates will be verified in the order
found (top-level certificate should be the last one in the file) and
the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@ property of each certificate will be set
accordingly if the verification succeeds. If any certificate in the
chain cannot be verified, the first certificate in the file will
still be returned.

If /@file@/ cannot be read or parsed, the function will return 'Nothing' and
set /@error@/. Otherwise, this behaves like
'GI.Gio.Objects.TlsCertificate.tlsCertificateNewFromPem'.

/Since: 2.28/
-}
tlsCertificateNewFromFile ::
    (B.CallStack.HasCallStack, MonadIO m) =>
    [Char]
    {- ^ /@file@/: file containing a PEM-encoded certificate to import -}
    -> m TlsCertificate
    {- ^ __Returns:__ the new certificate, or 'Nothing' on error /(Can throw 'Data.GI.Base.GError.GError')/ -}
tlsCertificateNewFromFile file = liftIO $ do
    file' <- stringToCString file
    onException (do
        result <- propagateGError $ g_tls_certificate_new_from_file file'
        checkUnexpectedReturnNULL "tlsCertificateNewFromFile" result
        result' <- (wrapObject TlsCertificate) result
        freeMem file'
        return result'
     ) (do
        freeMem file'
     )

#if ENABLE_OVERLOADING
#endif

-- method TlsCertificate::new_from_files
-- method type : Constructor
-- Args : [Arg {argCName = "cert_file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing one or more PEM-encoded\n    certificates to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "key_file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing a PEM-encoded private key\n    to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"}))
-- throws : True
-- Skip return : False

foreign import ccall "g_tls_certificate_new_from_files" g_tls_certificate_new_from_files ::
    CString ->                              -- cert_file : TBasicType TFileName
    CString ->                              -- key_file : TBasicType TFileName
    Ptr (Ptr GError) ->                     -- error
    IO (Ptr TlsCertificate)

{- |
Creates a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' from the PEM-encoded data in /@certFile@/
and /@keyFile@/. The returned certificate will be the first certificate
found in /@certFile@/. As of GLib 2.44, if /@certFile@/ contains more
certificates it will try to load a certificate chain. All
certificates will be verified in the order found (top-level
certificate should be the last one in the file) and the
'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@ property of each certificate will be set
accordingly if the verification succeeds. If any certificate in the
chain cannot be verified, the first certificate in the file will
still be returned.

If either file cannot be read or parsed, the function will return
'Nothing' and set /@error@/. Otherwise, this behaves like
'GI.Gio.Objects.TlsCertificate.tlsCertificateNewFromPem'.

/Since: 2.28/
-}
tlsCertificateNewFromFiles ::
    (B.CallStack.HasCallStack, MonadIO m) =>
    [Char]
    {- ^ /@certFile@/: file containing one or more PEM-encoded
    certificates to import -}
    -> [Char]
    {- ^ /@keyFile@/: file containing a PEM-encoded private key
    to import -}
    -> m TlsCertificate
    {- ^ __Returns:__ the new certificate, or 'Nothing' on error /(Can throw 'Data.GI.Base.GError.GError')/ -}
tlsCertificateNewFromFiles certFile keyFile = liftIO $ do
    certFile' <- stringToCString certFile
    keyFile' <- stringToCString keyFile
    onException (do
        result <- propagateGError $ g_tls_certificate_new_from_files certFile' keyFile'
        checkUnexpectedReturnNULL "tlsCertificateNewFromFiles" result
        result' <- (wrapObject TlsCertificate) result
        freeMem certFile'
        freeMem keyFile'
        return result'
     ) (do
        freeMem certFile'
        freeMem keyFile'
     )

#if ENABLE_OVERLOADING
#endif

-- method TlsCertificate::new_from_pem
-- method type : Constructor
-- Args : [Arg {argCName = "data", argType = TBasicType TUTF8, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "PEM-encoded certificate data", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "length", argType = TBasicType TInt64, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "the length of @data, or -1 if it's 0-terminated.", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"}))
-- throws : True
-- Skip return : False

foreign import ccall "g_tls_certificate_new_from_pem" g_tls_certificate_new_from_pem ::
    CString ->                              -- data : TBasicType TUTF8
    Int64 ->                                -- length : TBasicType TInt64
    Ptr (Ptr GError) ->                     -- error
    IO (Ptr TlsCertificate)

{- |
Creates a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' from the PEM-encoded data in /@data@/. If
/@data@/ includes both a certificate and a private key, then the
returned certificate will include the private key data as well. (See
the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key-pem/@ property for information about
supported formats.)

The returned certificate will be the first certificate found in
/@data@/. As of GLib 2.44, if /@data@/ contains more certificates it will
try to load a certificate chain. All certificates will be verified in
the order found (top-level certificate should be the last one in the
file) and the 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@ property of each certificate
will be set accordingly if the verification succeeds. If any
certificate in the chain cannot be verified, the first certificate in
the file will still be returned.

/Since: 2.28/
-}
tlsCertificateNewFromPem ::
    (B.CallStack.HasCallStack, MonadIO m) =>
    T.Text
    {- ^ /@data@/: PEM-encoded certificate data -}
    -> Int64
    {- ^ /@length@/: the length of /@data@/, or -1 if it\'s 0-terminated. -}
    -> m TlsCertificate
    {- ^ __Returns:__ the new certificate, or 'Nothing' if /@data@/ is invalid /(Can throw 'Data.GI.Base.GError.GError')/ -}
tlsCertificateNewFromPem data_ length_ = liftIO $ do
    data_' <- textToCString data_
    onException (do
        result <- propagateGError $ g_tls_certificate_new_from_pem data_' length_
        checkUnexpectedReturnNULL "tlsCertificateNewFromPem" result
        result' <- (wrapObject TlsCertificate) result
        freeMem data_'
        return result'
     ) (do
        freeMem data_'
     )

#if ENABLE_OVERLOADING
#endif

-- method TlsCertificate::get_issuer
-- method type : OrdinaryMethod
-- Args : [Arg {argCName = "cert", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "a #GTlsCertificate", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificate"}))
-- throws : False
-- Skip return : False

foreign import ccall "g_tls_certificate_get_issuer" g_tls_certificate_get_issuer ::
    Ptr TlsCertificate ->                   -- cert : TInterface (Name {namespace = "Gio", name = "TlsCertificate"})
    IO (Ptr TlsCertificate)

{- |
Gets the 'GI.Gio.Objects.TlsCertificate.TlsCertificate' representing /@cert@/\'s issuer, if known

/Since: 2.28/
-}
tlsCertificateGetIssuer ::
    (B.CallStack.HasCallStack, MonadIO m, IsTlsCertificate a) =>
    a
    {- ^ /@cert@/: a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' -}
    -> m TlsCertificate
    {- ^ __Returns:__ The certificate of /@cert@/\'s issuer,
or 'Nothing' if /@cert@/ is self-signed or signed with an unknown
certificate. -}
tlsCertificateGetIssuer cert = liftIO $ do
    cert' <- unsafeManagedPtrCastPtr cert
    result <- g_tls_certificate_get_issuer cert'
    checkUnexpectedReturnNULL "tlsCertificateGetIssuer" result
    result' <- (newObject TlsCertificate) result
    touchManagedPtr cert
    return result'

#if ENABLE_OVERLOADING
data TlsCertificateGetIssuerMethodInfo
instance (signature ~ (m TlsCertificate), MonadIO m, IsTlsCertificate a) => O.MethodInfo TlsCertificateGetIssuerMethodInfo a signature where
    overloadedMethod _ = tlsCertificateGetIssuer

#endif

-- method TlsCertificate::is_same
-- method type : OrdinaryMethod
-- Args : [Arg {argCName = "cert_one", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "first certificate to compare", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "cert_two", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "second certificate to compare", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TBasicType TBoolean)
-- throws : False
-- Skip return : False

foreign import ccall "g_tls_certificate_is_same" g_tls_certificate_is_same ::
    Ptr TlsCertificate ->                   -- cert_one : TInterface (Name {namespace = "Gio", name = "TlsCertificate"})
    Ptr TlsCertificate ->                   -- cert_two : TInterface (Name {namespace = "Gio", name = "TlsCertificate"})
    IO CInt

{- |
Check if two 'GI.Gio.Objects.TlsCertificate.TlsCertificate' objects represent the same certificate.
The raw DER byte data of the two certificates are checked for equality.
This has the effect that two certificates may compare equal even if
their 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/issuer/@, 'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key/@, or
'GI.Gio.Objects.TlsCertificate.TlsCertificate':@/private-key-pem/@ properties differ.

/Since: 2.34/
-}
tlsCertificateIsSame ::
    (B.CallStack.HasCallStack, MonadIO m, IsTlsCertificate a, IsTlsCertificate b) =>
    a
    {- ^ /@certOne@/: first certificate to compare -}
    -> b
    {- ^ /@certTwo@/: second certificate to compare -}
    -> m Bool
    {- ^ __Returns:__ whether the same or not -}
tlsCertificateIsSame certOne certTwo = liftIO $ do
    certOne' <- unsafeManagedPtrCastPtr certOne
    certTwo' <- unsafeManagedPtrCastPtr certTwo
    result <- g_tls_certificate_is_same certOne' certTwo'
    let result' = (/= 0) result
    touchManagedPtr certOne
    touchManagedPtr certTwo
    return result'

#if ENABLE_OVERLOADING
data TlsCertificateIsSameMethodInfo
instance (signature ~ (b -> m Bool), MonadIO m, IsTlsCertificate a, IsTlsCertificate b) => O.MethodInfo TlsCertificateIsSameMethodInfo a signature where
    overloadedMethod _ = tlsCertificateIsSame

#endif

-- method TlsCertificate::verify
-- method type : OrdinaryMethod
-- Args : [Arg {argCName = "cert", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "a #GTlsCertificate", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "identity", argType = TInterface (Name {namespace = "Gio", name = "SocketConnectable"}), direction = DirectionIn, mayBeNull = True, argDoc = Documentation {rawDocText = Just "the expected peer identity", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing},Arg {argCName = "trusted_ca", argType = TInterface (Name {namespace = "Gio", name = "TlsCertificate"}), direction = DirectionIn, mayBeNull = True, argDoc = Documentation {rawDocText = Just "the certificate of a trusted authority", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TInterface (Name {namespace = "Gio", name = "TlsCertificateFlags"}))
-- throws : False
-- Skip return : False

foreign import ccall "g_tls_certificate_verify" g_tls_certificate_verify ::
    Ptr TlsCertificate ->                   -- cert : TInterface (Name {namespace = "Gio", name = "TlsCertificate"})
    Ptr Gio.SocketConnectable.SocketConnectable -> -- identity : TInterface (Name {namespace = "Gio", name = "SocketConnectable"})
    Ptr TlsCertificate ->                   -- trusted_ca : TInterface (Name {namespace = "Gio", name = "TlsCertificate"})
    IO CUInt

{- |
This verifies /@cert@/ and returns a set of 'GI.Gio.Flags.TlsCertificateFlags'
indicating any problems found with it. This can be used to verify a
certificate outside the context of making a connection, or to
check a certificate against a CA that is not part of the system
CA database.

If /@identity@/ is not 'Nothing', /@cert@/\'s name(s) will be compared against
it, and 'GI.Gio.Flags.TlsCertificateFlagsBadIdentity' will be set in the return
value if it does not match. If /@identity@/ is 'Nothing', that bit will
never be set in the return value.

If /@trustedCa@/ is not 'Nothing', then /@cert@/ (or one of the certificates
in its chain) must be signed by it, or else
'GI.Gio.Flags.TlsCertificateFlagsUnknownCa' will be set in the return value. If
/@trustedCa@/ is 'Nothing', that bit will never be set in the return
value.

(All other 'GI.Gio.Flags.TlsCertificateFlags' values will always be set or unset
as appropriate.)

/Since: 2.28/
-}
tlsCertificateVerify ::
    (B.CallStack.HasCallStack, MonadIO m, IsTlsCertificate a, Gio.SocketConnectable.IsSocketConnectable b, IsTlsCertificate c) =>
    a
    {- ^ /@cert@/: a 'GI.Gio.Objects.TlsCertificate.TlsCertificate' -}
    -> Maybe (b)
    {- ^ /@identity@/: the expected peer identity -}
    -> Maybe (c)
    {- ^ /@trustedCa@/: the certificate of a trusted authority -}
    -> m [Gio.Flags.TlsCertificateFlags]
    {- ^ __Returns:__ the appropriate 'GI.Gio.Flags.TlsCertificateFlags' -}
tlsCertificateVerify cert identity trustedCa = liftIO $ do
    cert' <- unsafeManagedPtrCastPtr cert
    maybeIdentity <- case identity of
        Nothing -> return nullPtr
        Just jIdentity -> do
            jIdentity' <- unsafeManagedPtrCastPtr jIdentity
            return jIdentity'
    maybeTrustedCa <- case trustedCa of
        Nothing -> return nullPtr
        Just jTrustedCa -> do
            jTrustedCa' <- unsafeManagedPtrCastPtr jTrustedCa
            return jTrustedCa'
    result <- g_tls_certificate_verify cert' maybeIdentity maybeTrustedCa
    let result' = wordToGFlags result
    touchManagedPtr cert
    whenJust identity touchManagedPtr
    whenJust trustedCa touchManagedPtr
    return result'

#if ENABLE_OVERLOADING
data TlsCertificateVerifyMethodInfo
instance (signature ~ (Maybe (b) -> Maybe (c) -> m [Gio.Flags.TlsCertificateFlags]), MonadIO m, IsTlsCertificate a, Gio.SocketConnectable.IsSocketConnectable b, IsTlsCertificate c) => O.MethodInfo TlsCertificateVerifyMethodInfo a signature where
    overloadedMethod _ = tlsCertificateVerify

#endif

-- method TlsCertificate::list_new_from_file
-- method type : MemberFunction
-- Args : [Arg {argCName = "file", argType = TBasicType TFileName, direction = DirectionIn, mayBeNull = False, argDoc = Documentation {rawDocText = Just "file containing PEM-encoded certificates to import", sinceVersion = Nothing}, argScope = ScopeTypeInvalid, argClosure = -1, argDestroy = -1, argCallerAllocates = False, transfer = TransferNothing}]
-- Lengths : []
-- returnType : Just (TGList (TInterface (Name {namespace = "Gio", name = "TlsCertificate"})))
-- throws : True
-- Skip return : False

foreign import ccall "g_tls_certificate_list_new_from_file" g_tls_certificate_list_new_from_file ::
    CString ->                              -- file : TBasicType TFileName
    Ptr (Ptr GError) ->                     -- error
    IO (Ptr (GList (Ptr TlsCertificate)))

{- |
Creates one or more @/GTlsCertificates/@ from the PEM-encoded
data in /@file@/. If /@file@/ cannot be read or parsed, the function will
return 'Nothing' and set /@error@/. If /@file@/ does not contain any
PEM-encoded certificates, this will return an empty list and not
set /@error@/.

/Since: 2.28/
-}
tlsCertificateListNewFromFile ::
    (B.CallStack.HasCallStack, MonadIO m) =>
    [Char]
    {- ^ /@file@/: file containing PEM-encoded certificates to import -}
    -> m [TlsCertificate]
    {- ^ __Returns:__ a
'GI.GLib.Structs.List.List' containing 'GI.Gio.Objects.TlsCertificate.TlsCertificate' objects. You must free the list
and its contents when you are done with it. /(Can throw 'Data.GI.Base.GError.GError')/ -}
tlsCertificateListNewFromFile file = liftIO $ do
    file' <- stringToCString file
    onException (do
        result <- propagateGError $ g_tls_certificate_list_new_from_file file'
        result' <- unpackGList result
        result'' <- mapM (wrapObject TlsCertificate) result'
        g_list_free result
        freeMem file'
        return result''
     ) (do
        freeMem file'
     )

#if ENABLE_OVERLOADING
#endif