[glib/tls-database] Add initial implementation of GTlsDatabase
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/tls-database] Add initial implementation of GTlsDatabase
- Date: Thu, 16 Dec 2010 03:06:33 +0000 (UTC)
commit 784c92dcd09318deef293fb1e5142bfe2490495f
Author: Stef Walter <stefw collabora co uk>
Date: Thu Dec 16 03:04:01 2010 +0000
Add initial implementation of GTlsDatabase
This is a object used to lookup and verify certificates and trust
assertions like anchors, pinned certificates, revoked etc.
https://bugzilla.gnome.org/show_bug.cgi?id=636572
gio/Makefile.am | 2 +
gio/gio.h | 1 +
gio/giotypes.h | 1 +
gio/gtlsdatabase.c | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++
gio/gtlsdatabase.h | 147 ++++++++++++++++++++++
5 files changed, 497 insertions(+), 0 deletions(-)
---
diff --git a/gio/Makefile.am b/gio/Makefile.am
index 89aa162..e35bf86 100644
--- a/gio/Makefile.am
+++ b/gio/Makefile.am
@@ -386,6 +386,7 @@ libgio_2_0_la_SOURCES = \
gtlscertificate.c \
gtlsclientconnection.c \
gtlsconnection.c \
+ gtlsdatabase.c \
gtlsserverconnection.c \
gunionvolumemonitor.c \
gunionvolumemonitor.h \
@@ -540,6 +541,7 @@ gio_headers = \
gtlscertificate.h \
gtlsclientconnection.h \
gtlsconnection.h \
+ gtlsdatabase.h \
gtlsserverconnection.h \
gvfs.h \
gvolume.h \
diff --git a/gio/gio.h b/gio/gio.h
index 306012f..337780f 100644
--- a/gio/gio.h
+++ b/gio/gio.h
@@ -124,6 +124,7 @@
#include <gio/gtlscertificate.h>
#include <gio/gtlsclientconnection.h>
#include <gio/gtlsconnection.h>
+#include <gio/gtlsdatabase.h>
#include <gio/gtlsserverconnection.h>
#include <gio/gvfs.h>
#include <gio/gvolume.h>
diff --git a/gio/giotypes.h b/gio/giotypes.h
index 1c35083..45c8334 100644
--- a/gio/giotypes.h
+++ b/gio/giotypes.h
@@ -208,6 +208,7 @@ typedef struct _GTlsClientConnection GTlsClientConnection; /* Dummy typ
typedef struct _GTlsClientContext GTlsClientContext; /* Dummy typedef */
typedef struct _GTlsConnection GTlsConnection;
typedef struct _GTlsContext GTlsContext;
+typedef struct _GTlsDatabase GTlsDatabase;
typedef struct _GTlsServerConnection GTlsServerConnection; /* Dummy typedef */
typedef struct _GTlsServerContext GTlsServerContext; /* Dummy typedef */
typedef struct _GVfs GVfs; /* Dummy typedef */
diff --git a/gio/gtlsdatabase.c b/gio/gtlsdatabase.c
new file mode 100644
index 0000000..410aa77
--- /dev/null
+++ b/gio/gtlsdatabase.c
@@ -0,0 +1,346 @@
+/* GIO - GLib Input, Output and Certificateing Library
+ *
+ * Copyright (C) 2010 Collabora, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include "gtlsdatabase.h"
+
+#include "gsimpleasyncresult.h"
+#include "gsocketconnectable.h"
+#include "gtlscertificate.h"
+
+G_DEFINE_ABSTRACT_TYPE (GTlsDatabase, g_tls_database, G_TYPE_OBJECT);
+
+static GQuark Q_ASYNC_DATA = 0;
+
+static void
+g_tls_database_init (GTlsDatabase *cert)
+{
+
+}
+
+typedef struct _AsyncBuildChainAndVerify {
+ GList *input;
+ GSocketConnectable *identity;
+ gint flags;
+ GList *chain;
+ GTlsCertificateFlags verify_result;
+} AsyncBuildChainAndVerify;
+
+static void
+async_build_chain_and_verify_free (gpointer data)
+{
+ AsyncBuildChainAndVerify *args = data;
+ GList *l;
+
+ if (args->identity)
+ g_object_unref (args->identity);
+ for (l = args->input; l; l = g_list_next (l))
+ g_object_unref (l->data);
+ g_list_free (args->input);
+ for (l = args->chain; l; l = g_list_next (l))
+ g_object_unref (l->data);
+ g_list_free (args->chain);
+ g_slice_free (AsyncBuildChainAndVerify, args);
+}
+
+static void
+async_build_chain_and_verify_thread (GSimpleAsyncResult *res,
+ GObject *object,
+ GCancellable *cancellable)
+{
+ AsyncBuildChainAndVerify *args = g_object_get_qdata (G_OBJECT (res), Q_ASYNC_DATA);
+ GError *error = NULL;
+
+ args->chain = g_tls_database_build_chain_and_verify (G_TLS_DATABASE (object),
+ args->input,
+ args->identity,
+ args->flags,
+ cancellable,
+ &args->verify_result,
+ &error);
+
+ if (error)
+ g_simple_async_result_take_error (res, error);
+}
+
+static void
+g_tls_database_real_build_chain_and_verify_async (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GSimpleAsyncResult *res;
+ AsyncBuildChainAndVerify *args;
+ GList *l;
+
+ g_return_if_fail (callback);
+
+ args = g_slice_new0 (AsyncBuildChainAndVerify);
+ args->input = NULL;
+ for (l = input; l; l = g_list_next (l))
+ args->input = g_list_append (args->input, l->data);
+ args->identity = g_object_ref (identity);
+ args->flags = flags;
+
+ res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
+ g_tls_database_real_build_chain_and_verify_async);
+ g_object_set_qdata_full (G_OBJECT (res), Q_ASYNC_DATA, args, async_build_chain_and_verify_free);
+ g_simple_async_result_run_in_thread (res, async_build_chain_and_verify_thread,
+ G_PRIORITY_DEFAULT, cancellable);
+ g_object_unref (res);
+}
+
+static GList*
+g_tls_database_real_build_chain_and_verify_finish (GTlsDatabase *self,
+ GAsyncResult *result,
+ GTlsCertificateFlags *verify_result,
+ GError **error)
+{
+ AsyncBuildChainAndVerify *args;
+ GList *chain;
+
+ g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
+ g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), NULL);
+ g_return_val_if_fail (verify_result, NULL);
+ g_return_val_if_fail (!error || !*error, NULL);
+
+ g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
+ g_tls_database_real_build_chain_and_verify_async), FALSE);
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
+ return NULL;
+
+ args = g_object_get_qdata (G_OBJECT (result), Q_ASYNC_DATA);
+ *verify_result = args->verify_result;
+ chain = args->chain;
+ args->chain = NULL;
+ return chain;
+}
+
+typedef struct _AsyncLookupCertificates {
+ GTlsDatabaseLookup lookup_type;
+ gpointer identifier;
+ gsize n_identifier;
+ GList *results;
+} AsyncLookupCertificates;
+
+static void
+async_lookup_certificates_free (gpointer data)
+{
+ AsyncLookupCertificates *args = data;
+ GList *l;
+
+ g_free (args->identifier);
+ for (l = args->results; l; l = g_list_next (l))
+ g_object_unref (l->data);
+ g_list_free (args->results);
+ g_slice_free (AsyncLookupCertificates, args);
+}
+
+static void
+async_lookup_certificates_thread (GSimpleAsyncResult *res,
+ GObject *object,
+ GCancellable *cancellable)
+{
+ AsyncLookupCertificates *args = g_object_get_qdata (G_OBJECT (res), Q_ASYNC_DATA);
+ GError *error = NULL;
+
+ args->results = g_tls_database_lookup_certificates (G_TLS_DATABASE (object),
+ args->lookup_type,
+ args->identifier,
+ args->n_identifier,
+ cancellable,
+ &error);
+
+ if (error)
+ g_simple_async_result_take_error (res, error);
+}
+
+static void
+g_tls_database_real_lookup_certificates_async (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GSimpleAsyncResult *res;
+ AsyncLookupCertificates *args;
+
+ g_return_if_fail (callback);
+
+ args = g_slice_new0 (AsyncLookupCertificates);
+ args->lookup_type = lookup_type;
+ args->identifier = g_memdup (identifier, n_identifier);
+ args->n_identifier = n_identifier;
+
+ res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
+ g_tls_database_real_lookup_certificates_async);
+ g_object_set_qdata_full (G_OBJECT (res), Q_ASYNC_DATA, args, async_lookup_certificates_free);
+ g_simple_async_result_run_in_thread (res, async_lookup_certificates_thread,
+ G_PRIORITY_DEFAULT, cancellable);
+ g_object_unref (res);
+}
+
+static GList*
+g_tls_database_real_lookup_certificates_finish (GTlsDatabase *self,
+ GAsyncResult *result,
+ GError **error)
+{
+ AsyncLookupCertificates *args;
+ GList *results;
+
+ g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
+ g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), NULL);
+ g_return_val_if_fail (!error || !*error, NULL);
+
+ g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
+ g_tls_database_real_build_chain_and_verify_async), FALSE);
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
+ return NULL;
+
+ args = g_object_get_qdata (G_OBJECT (result), Q_ASYNC_DATA);
+ results = args->results;
+ args->results = NULL;
+ return results;
+}
+
+static void
+g_tls_database_class_init (GTlsDatabaseClass *klass)
+{
+ klass->build_chain_and_verify_async = g_tls_database_real_build_chain_and_verify_async;
+ klass->build_chain_and_verify_finish = g_tls_database_real_build_chain_and_verify_finish;
+ klass->lookup_certificates_async = g_tls_database_real_lookup_certificates_async;
+ klass->lookup_certificates_finish = g_tls_database_real_lookup_certificates_finish;
+
+ Q_ASYNC_DATA = g_quark_from_static_string ("GTlsDatabase::AsyncArgs");
+}
+
+GList*
+g_tls_database_build_chain_and_verify (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GTlsCertificateFlags *verify_result,
+ GError **error)
+{
+ g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
+ g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->build_chain_and_verify, NULL);
+ return G_TLS_DATABASE_GET_CLASS (self)->build_chain_and_verify (self,
+ input,
+ identity,
+ flags,
+ cancellable,
+ verify_result,
+ error);
+}
+
+void
+g_tls_database_build_chain_and_verify_async (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ g_return_if_fail (G_IS_TLS_DATABASE (self));
+ g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->build_chain_and_verify_async);
+ G_TLS_DATABASE_GET_CLASS (self)->build_chain_and_verify_async (self,
+ input,
+ identity,
+ flags,
+ cancellable,
+ callback,
+ user_data);
+}
+
+GList*
+g_tls_database_build_chain_and_verify_finish (GTlsDatabase *self,
+ GAsyncResult *result,
+ GTlsCertificateFlags *verify_result,
+ GError **error)
+{
+ g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
+ g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->build_chain_and_verify_finish, NULL);
+ return G_TLS_DATABASE_GET_CLASS (self)->build_chain_and_verify_finish (self,
+ result,
+ verify_result,
+ error);
+}
+
+GList*
+g_tls_database_lookup_certificates (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GError **error)
+{
+ g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
+ g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates, NULL);
+ return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates (self,
+ lookup_type,
+ identifier,
+ n_identifier,
+ cancellable,
+ error);
+}
+
+void
+g_tls_database_lookup_certificates_async (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ g_return_if_fail (G_IS_TLS_DATABASE (self));
+ g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_async);
+ G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_async (self,
+ lookup_type,
+ identifier,
+ n_identifier,
+ cancellable,
+ callback,
+ user_data);
+}
+
+GList*
+g_tls_database_lookup_certificates_finish (GTlsDatabase *self,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL);
+ g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_finish, NULL);
+ return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_finish (self,
+ result,
+ error);
+}
diff --git a/gio/gtlsdatabase.h b/gio/gtlsdatabase.h
new file mode 100644
index 0000000..6e478cd
--- /dev/null
+++ b/gio/gtlsdatabase.h
@@ -0,0 +1,147 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright (C) 2010 Collabora, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#if !defined (__GIO_GIO_H_INSIDE__) && !defined (GIO_COMPILATION)
+#error "Only <gio/gio.h> can be included directly."
+#endif
+
+#ifndef __G_TLS_DATABASE_H__
+#define __G_TLS_DATABASE_H__
+
+#include <gio/giotypes.h>
+
+G_BEGIN_DECLS
+
+typedef enum {
+ G_TLS_DATABASE_LOOKUP_ISSUER,
+} GTlsDatabaseLookup;
+
+#define G_TYPE_TLS_DATABASE (g_tls_certificate_get_type ())
+#define G_TLS_DATABASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_DATABASE, GTlsDatabase))
+#define G_TLS_DATABASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE, GTlsDatabaseClass))
+#define G_IS_TLS_DATABASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_DATABASE))
+#define G_IS_TLS_DATABASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_DATABASE))
+#define G_TLS_DATABASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_DATABASE, GTlsDatabaseClass))
+
+typedef struct _GTlsDatabaseClass GTlsDatabaseClass;
+typedef struct _GTlsDatabasePrivate GTlsDatabasePrivate;
+
+struct _GTlsDatabase {
+ GObject parent_instance;
+
+ GTlsDatabasePrivate *priv;
+};
+
+struct _GTlsDatabaseClass
+{
+ GObjectClass parent_class;
+
+ GList* (*build_chain_and_verify) (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GTlsCertificateFlags *verify_result,
+ GError **error);
+
+ void (*build_chain_and_verify_async) (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+ GList* (*build_chain_and_verify_finish) (GTlsDatabase *self,
+ GAsyncResult *result,
+ GTlsCertificateFlags *verify_result,
+ GError **error);
+
+ GList* (*lookup_certificates) (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GError **error);
+
+ void (*lookup_certificates_async) (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+ GList* (*lookup_certificates_finish) (GTlsDatabase *self,
+ GAsyncResult *result,
+ GError **error);
+
+ /*< private >*/
+ /* Padding for future expansion */
+ gpointer padding[16];
+};
+
+GType g_tls_database_get_type (void) G_GNUC_CONST;
+
+GList* g_tls_database_build_chain_and_verify (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GTlsCertificateFlags *verify_result,
+ GError **error);
+
+void g_tls_database_build_chain_and_verify_async (GTlsDatabase *self,
+ GList *input,
+ GSocketConnectable *identity,
+ gint flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+GList* g_tls_database_build_chain_and_verify_finish (GTlsDatabase *self,
+ GAsyncResult *result,
+ GTlsCertificateFlags *verify_result,
+ GError **error);
+
+GList* g_tls_database_lookup_certificates (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GError **error);
+
+void g_tls_database_lookup_certificates_async (GTlsDatabase *self,
+ GTlsDatabaseLookup lookup_type,
+ gconstpointer identifier,
+ gsize n_identifier,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+GList* g_tls_database_lookup_certificates_finish (GTlsDatabase *self,
+ GAsyncResult *result,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_DATABASE_H__ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
