[glib/tls-database] GTlsFileDatabase is a new interface for file based GTlsDatabase
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/tls-database] GTlsFileDatabase is a new interface for file based GTlsDatabase
- Date: Tue, 28 Dec 2010 10:37:03 +0000 (UTC)
commit b53c1ac4fd0d26ae08379f2f9e94e97f80ac10ce
Author: Stef Walter <stefw collabora co uk>
Date: Tue Dec 28 03:24:10 2010 -0600
GTlsFileDatabase is a new interface for file based GTlsDatabase
* Allows loading from a anchor file.
* Added virtual methods to GTlsBackend for GTlsFileDatabase
type and default database.
docs/reference/gio/gio-docs.xml | 1 +
docs/reference/gio/gio-sections.txt | 16 +++++
docs/reference/gio/gio.types | 1 +
gio/Makefile.am | 2 +
gio/gdummytlsbackend.c | 103 ++++++++++++++++++++++++++++++++++-
gio/gio.h | 1 +
gio/giotypes.h | 1 +
gio/gtlsbackend.c | 24 ++++++++
gio/gtlsbackend.h | 28 ++++++---
gio/gtlsdatabase.h | 2 +-
gio/gtlsfiledatabase.c | 104 +++++++++++++++++++++++++++++++++++
gio/gtlsfiledatabase.h | 45 +++++++++++++++
12 files changed, 316 insertions(+), 12 deletions(-)
---
diff --git a/docs/reference/gio/gio-docs.xml b/docs/reference/gio/gio-docs.xml
index e342df4..050340d 100644
--- a/docs/reference/gio/gio-docs.xml
+++ b/docs/reference/gio/gio-docs.xml
@@ -138,6 +138,7 @@
<xi:include href="xml/gtlsserverconnection.xml"/>
<xi:include href="xml/gtlsbackend.xml"/>
<xi:include href="xml/gtlsdatabase.xml"/>
+ <xi:include href="xml/gtlsfiledatabase.xml"/>
</chapter>
<chapter id="resolver">
<title>DNS resolution</title>
diff --git a/docs/reference/gio/gio-sections.txt b/docs/reference/gio/gio-sections.txt
index c3196e8..e274bee 100644
--- a/docs/reference/gio/gio-sections.txt
+++ b/docs/reference/gio/gio-sections.txt
@@ -2995,9 +2995,11 @@ GTlsBackend
GTlsBackendInterface
g_tls_backend_get_default
g_tls_backend_supports_tls
+g_tls_backend_get_default_database
g_tls_backend_get_certificate_type
g_tls_backend_get_client_connection_type
g_tls_backend_get_server_connection_type
+g_tls_backend_get_file_database_type
<SUBSECTION Standard>
G_IS_TLS_BACKEND
G_TLS_BACKEND
@@ -3113,6 +3115,20 @@ GTlsDatabasePrivate
</SECTION>
<SECTION>
+<FILE>gtlsfiledatabase</FILE>
+<TITLE>GTlsFileDatabase</TITLE>
+GTlsFileDatabase
+GTlsFileDatabaseInterface
+g_tls_file_database_new
+<SUBSECTION Standard>
+G_TLS_FILE_DATABASE
+G_TLS_FILE_DATABASE_GET_INTERFACE
+G_TYPE_TLS_FILE_DATABASE
+<SUBSECTION Private>
+g_tls_database_get_type
+</SECTION>
+
+<SECTION>
<FILE>gtlsserverconnection</FILE>
<TITLE>GTlsServerConnection</TITLE>
GTlsServerConnection
diff --git a/docs/reference/gio/gio.types b/docs/reference/gio/gio.types
index e808a77..cd4937b 100644
--- a/docs/reference/gio/gio.types
+++ b/docs/reference/gio/gio.types
@@ -111,6 +111,7 @@ g_tls_certificate_get_type
g_tls_client_connection_get_type
g_tls_connection_get_type
g_tls_database_get_type
+g_tls_file_database_get_type
g_tls_server_connection_get_type
g_unix_connection_get_type
g_unix_fd_list_get_type
diff --git a/gio/Makefile.am b/gio/Makefile.am
index 5ca723a..240604e 100644
--- a/gio/Makefile.am
+++ b/gio/Makefile.am
@@ -386,6 +386,7 @@ libgio_2_0_la_SOURCES = \
gtlsclientconnection.c \
gtlsconnection.c \
gtlsdatabase.c \
+ gtlsfiledatabase.c \
gtlsserverconnection.c \
gunionvolumemonitor.c \
gunionvolumemonitor.h \
@@ -540,6 +541,7 @@ gio_headers = \
gtlsclientconnection.h \
gtlsconnection.h \
gtlsdatabase.h \
+ gtlsfiledatabase.h \
gtlsserverconnection.h \
gvfs.h \
gvolume.h \
diff --git a/gio/gdummytlsbackend.c b/gio/gdummytlsbackend.c
index 0202f27..59ed004 100644
--- a/gio/gdummytlsbackend.c
+++ b/gio/gdummytlsbackend.c
@@ -30,6 +30,8 @@
#include "gtlsbackend.h"
#include "gtlscertificate.h"
#include "gtlsclientconnection.h"
+#include "gtlsdatabase.h"
+#include "gtlsfiledatabase.h"
#include "gtlsserverconnection.h"
#include "gsimpleasyncresult.h"
@@ -40,9 +42,11 @@
static GType _g_dummy_tls_certificate_get_type (void);
static GType _g_dummy_tls_connection_get_type (void);
+static GType _g_dummy_tls_database_get_type (void);
struct _GDummyTlsBackend {
- GObject parent_instance;
+ GObject parent_instance;
+ GTlsDatabase *database;
};
static void g_dummy_tls_backend_iface_init (GTlsBackendInterface *iface);
@@ -67,12 +71,20 @@ g_dummy_tls_backend_class_init (GDummyTlsBackendClass *backend_class)
{
}
+static GTlsDatabase*
+g_dummy_tls_backend_get_default_database (GTlsBackend *backend)
+{
+ return g_object_new (_g_dummy_tls_database_get_type (), NULL);
+}
+
static void
g_dummy_tls_backend_iface_init (GTlsBackendInterface *iface)
{
iface->get_certificate_type = _g_dummy_tls_certificate_get_type;
iface->get_client_connection_type = _g_dummy_tls_connection_get_type;
iface->get_server_connection_type = _g_dummy_tls_connection_get_type;
+ iface->get_file_database_type = _g_dummy_tls_database_get_type;
+ iface->get_default_database = g_dummy_tls_backend_get_default_database;
}
/* Dummy certificate type */
@@ -275,3 +287,92 @@ g_dummy_tls_connection_initable_iface_init (GInitableIface *iface)
iface->init = g_dummy_tls_connection_initable_init;
}
+/* Dummy database type.
+ */
+
+typedef struct _GDummyTlsDatabase GDummyTlsDatabase;
+typedef struct _GDummyTlsDatabaseClass GDummyTlsDatabaseClass;
+
+struct _GDummyTlsDatabase {
+ GTlsDatabase parent_instance;
+};
+
+struct _GDummyTlsDatabaseClass {
+ GTlsDatabaseClass parent_class;
+};
+
+enum
+{
+ PROP_DATABASE_0,
+
+ PROP_ANCHOR_FILE,
+};
+
+static void g_dummy_tls_database_file_database_iface_init (GTlsFileDatabaseInterface *iface);
+static void g_dummy_tls_database_initable_iface_init (GInitableIface *iface);
+
+#define g_dummy_tls_database_get_type _g_dummy_tls_database_get_type
+G_DEFINE_TYPE_WITH_CODE (GDummyTlsDatabase, g_dummy_tls_database, G_TYPE_TLS_DATABASE,
+ G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
+ g_dummy_tls_database_file_database_iface_init);
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_dummy_tls_database_initable_iface_init);)
+
+
+static void
+g_dummy_tls_database_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ /* We need to define this method to make GObject happy, but it will
+ * never be possible to construct a working GDummyTlsDatabase, so
+ * it doesn't have to do anything useful.
+ */
+}
+
+static void
+g_dummy_tls_database_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ /* Just ignore all attempts to set properties. */
+}
+
+static void
+g_dummy_tls_database_class_init (GDummyTlsDatabaseClass *database_class)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (database_class);
+
+ gobject_class->get_property = g_dummy_tls_database_get_property;
+ gobject_class->set_property = g_dummy_tls_database_set_property;
+
+ g_object_class_override_property (gobject_class, PROP_ANCHOR_FILE, "anchor-file");
+}
+
+static void
+g_dummy_tls_database_init (GDummyTlsDatabase *database)
+{
+}
+
+static void
+g_dummy_tls_database_file_database_iface_init (GTlsFileDatabaseInterface *iface)
+{
+}
+
+static gboolean
+g_dummy_tls_database_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_UNAVAILABLE,
+ _("TLS support is not available"));
+ return FALSE;
+}
+
+static void
+g_dummy_tls_database_initable_iface_init (GInitableIface *iface)
+{
+ iface->init = g_dummy_tls_database_initable_init;
+}
diff --git a/gio/gio.h b/gio/gio.h
index f1814bf..908708d 100644
--- a/gio/gio.h
+++ b/gio/gio.h
@@ -124,6 +124,7 @@
#include <gio/gtlsclientconnection.h>
#include <gio/gtlsconnection.h>
#include <gio/gtlsdatabase.h>
+#include <gio/gtlsfiledatabase.h>
#include <gio/gtlsserverconnection.h>
#include <gio/gvfs.h>
#include <gio/gvolume.h>
diff --git a/gio/giotypes.h b/gio/giotypes.h
index 45c8334..a081b50 100644
--- a/gio/giotypes.h
+++ b/gio/giotypes.h
@@ -209,6 +209,7 @@ typedef struct _GTlsClientContext GTlsClientContext; /* Dummy typede
typedef struct _GTlsConnection GTlsConnection;
typedef struct _GTlsContext GTlsContext;
typedef struct _GTlsDatabase GTlsDatabase;
+typedef struct _GTlsFileDatabase GTlsFileDatabase;
typedef struct _GTlsServerConnection GTlsServerConnection; /* Dummy typedef */
typedef struct _GTlsServerContext GTlsServerContext; /* Dummy typedef */
typedef struct _GVfs GVfs; /* Dummy typedef */
diff --git a/gio/gtlsbackend.c b/gio/gtlsbackend.c
index 64a9794..61341bc 100644
--- a/gio/gtlsbackend.c
+++ b/gio/gtlsbackend.c
@@ -149,6 +149,14 @@ g_tls_backend_supports_tls (GTlsBackend *backend)
return TRUE;
}
+GTlsDatabase *
+g_tls_backend_get_default_database (GTlsBackend *backend)
+{
+ g_return_val_if_fail (G_IS_TLS_BACKEND (backend), NULL);
+ g_return_val_if_fail (G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database, NULL);
+ return G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database (backend);
+}
+
/**
* g_tls_backend_get_certificate_type:
* @backend: the #GTlsBackend
@@ -199,3 +207,19 @@ g_tls_backend_get_server_connection_type (GTlsBackend *backend)
{
return G_TLS_BACKEND_GET_INTERFACE (backend)->get_server_connection_type ();
}
+
+/**
+ * g_tls_backend_get_file_database_type:
+ * @backend: the #GTlsBackend
+ *
+ * Gets the #GTyep of @backend's #GTlsFileDatabase implementation.
+ *
+ * Return value: the #GType of backend's #GTlsFileDatabase implementation.
+ *
+ * Since: 2.28
+ */
+GType
+g_tls_backend_get_file_database_type (GTlsBackend *backend)
+{
+ return G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type ();
+}
diff --git a/gio/gtlsbackend.h b/gio/gtlsbackend.h
index 24ae911..813dc55 100644
--- a/gio/gtlsbackend.h
+++ b/gio/gtlsbackend.h
@@ -58,9 +58,12 @@ typedef struct _GTlsBackendInterface GTlsBackendInterface;
/**
* GTlsBackendInterface:
* @g_iface: The parent interface.
+ * @supports_tls: returns whether the backend supports TLS.
+ * @get_default_database: returns a default #GTlsDatabase instance.
* @get_certificate_type: returns the #GTlsCertificate implementation type
* @get_client_connection_type: returns the #GTlsClientConnection implementation type
* @get_server_connection_type: returns the #GTlsServerConnection implementation type
+ * @get_file_database_type: returns the #GTlsFileDatabase implementation type.
*
* Provides an interface for describing TLS-related types.
*
@@ -71,21 +74,26 @@ struct _GTlsBackendInterface
GTypeInterface g_iface;
/* methods */
- gboolean ( *supports_tls) (GTlsBackend *backend);
- GType ( *get_certificate_type) (void);
- GType ( *get_client_connection_type) (void);
- GType ( *get_server_connection_type) (void);
+ gboolean ( *supports_tls) (GTlsBackend *backend);
+ GTlsDatabase * ( *get_default_database) (GTlsBackend *backend);
+ GType ( *get_certificate_type) (void);
+ GType ( *get_client_connection_type) (void);
+ GType ( *get_server_connection_type) (void);
+ GType ( *get_file_database_type) (void);
};
-GType g_tls_backend_get_type (void) G_GNUC_CONST;
+GType g_tls_backend_get_type (void) G_GNUC_CONST;
-GTlsBackend *g_tls_backend_get_default (void);
+GTlsBackend * g_tls_backend_get_default (void);
-gboolean g_tls_backend_supports_tls (GTlsBackend *backend);
+GTlsDatabase * g_tls_backend_get_default_database (GTlsBackend *backend);
-GType g_tls_backend_get_certificate_type (GTlsBackend *backend);
-GType g_tls_backend_get_client_connection_type (GTlsBackend *backend);
-GType g_tls_backend_get_server_connection_type (GTlsBackend *backend);
+gboolean g_tls_backend_supports_tls (GTlsBackend *backend);
+
+GType g_tls_backend_get_certificate_type (GTlsBackend *backend);
+GType g_tls_backend_get_client_connection_type (GTlsBackend *backend);
+GType g_tls_backend_get_server_connection_type (GTlsBackend *backend);
+GType g_tls_backend_get_file_database_type (GTlsBackend *backend);
G_END_DECLS
diff --git a/gio/gtlsdatabase.h b/gio/gtlsdatabase.h
index 13e790c..be90760 100644
--- a/gio/gtlsdatabase.h
+++ b/gio/gtlsdatabase.h
@@ -34,7 +34,7 @@ G_BEGIN_DECLS
#define G_TLS_DATABASE_PURPOSE_SERVER_AUTH "1.3.6.1.5.5.7.3.1"
#define G_TLS_DATABASE_PURPOSE_CLIENT_AUTH "1.3.6.1.5.5.7.3.2"
-#define G_TYPE_TLS_DATABASE (g_tls_certificate_get_type ())
+#define G_TYPE_TLS_DATABASE (g_tls_database_get_type ())
#define G_TLS_DATABASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_DATABASE, GTlsDatabase))
#define G_TLS_DATABASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE, GTlsDatabaseClass))
#define G_IS_TLS_DATABASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_DATABASE))
diff --git a/gio/gtlsfiledatabase.c b/gio/gtlsfiledatabase.c
new file mode 100644
index 0000000..02ae166
--- /dev/null
+++ b/gio/gtlsfiledatabase.c
@@ -0,0 +1,104 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright © 2010 Collabora, Ltd
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include "gtlsfiledatabase.h"
+
+#include "ginitable.h"
+#include "gtlsbackend.h"
+#include "gtlsdatabase.h"
+#include "glibintl.h"
+
+/**
+ * SECTION:gtlsfiledatabase
+ * @short_description: TLS file based database type
+ * @include: gio/gio.h
+ *
+ * #GTlsFileDatabase is implemented by #GTlsDatabase objects which load
+ * their certificate information from a file. It is in interface which
+ * TLS library specific subtypes implement.
+ *
+ * Since: 2.28
+ */
+
+/**
+ * GTlsFileDatabase:
+ *
+ * Implemented by a #GTlsDatabase which allows you to load certificates
+ * from a file.
+ *
+ * Since: 2.28
+ */
+G_DEFINE_INTERFACE (GTlsFileDatabase, g_tls_file_database, G_TYPE_TLS_DATABASE)
+
+static void
+g_tls_file_database_default_init (GTlsFileDatabaseInterface *iface)
+{
+ /**
+ * GTlsFileDatabase:anchor-file:
+ *
+ * The path to a file containing PEM encoded certificate authority
+ * root anchors. The certificates in this file will be treated as
+ * root authorities for the purpose of verifying other certificates
+ * via the g_tls_database_verify_chain() operation.
+ *
+ * Since: 2.28
+ */
+ g_object_interface_install_property (iface,
+ g_param_spec_string ("anchor-file",
+ P_("Anchor File"),
+ P_("The certificate authority anchor file"),
+ NULL,
+ G_PARAM_READWRITE |
+ G_PARAM_CONSTRUCT |
+ G_PARAM_STATIC_STRINGS));
+}
+
+/**
+ * g_tls_file_database_new:
+ * @anchor_file: filename of anchor certificate authorities.
+ * @error: #GError for error reporting, or %NULL to ignore.
+ *
+ * Creates a new #GTlsFileDatabase which uses anchor certificate authorities
+ * in @anchor_file to verify certificate chains.
+ *
+ * The certificates in @anchor_file must be PEM encoded.
+ *
+ * Return value: the new #GTlsFileDatabase, or %NULL on error
+ *
+ * Since: 2.28
+ */
+GTlsDatabase*
+g_tls_file_database_new (const gchar *anchor_file,
+ GError **error)
+{
+ GObject *database;
+ GTlsBackend *backend;
+
+ backend = g_tls_backend_get_default ();
+ database = g_initable_new (g_tls_backend_get_file_database_type (backend),
+ NULL, error,
+ "anchor-file", anchor_file,
+ NULL);
+ return G_TLS_DATABASE (database);
+}
diff --git a/gio/gtlsfiledatabase.h b/gio/gtlsfiledatabase.h
new file mode 100644
index 0000000..1b8decb
--- /dev/null
+++ b/gio/gtlsfiledatabase.h
@@ -0,0 +1,45 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright © 2010 Collabora, Ltd.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#if !defined (__GIO_GIO_H_INSIDE__) && !defined (GIO_COMPILATION)
+#error "Only <gio/gio.h> can be included directly."
+#endif
+
+#ifndef __G_TLS_FILE_DATABASE_H__
+#define __G_TLS_FILE_DATABASE_H__
+
+#include <gio/giotypes.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_FILE_DATABASE (g_tls_file_database_get_type ())
+#define G_TLS_FILE_DATABASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_FILE_DATABASE, GTlsFileDatabase))
+#define G_IS_TLS_FILE_DATABASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_FILE_DATABASE))
+#define G_TLS_FILE_DATABASE_GET_INTERFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE ((inst), G_TYPE_TLS_FILE_DATABASE, GTlsFileDatabaseInterface))
+
+typedef struct _GTlsFileDatabaseInterface GTlsFileDatabaseInterface;
+
+struct _GTlsFileDatabaseInterface
+{
+ GTypeInterface g_iface;
+};
+
+GType g_tls_file_database_get_type (void) G_GNUC_CONST;
+
+GTlsDatabase* g_tls_file_database_new (const gchar *anchor_file,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_FILE_DATABASE_H___ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
