[glib/wip/danw/tls-new-apis: 3/4] GTlsConnection: add g_tls_connection_get_connection_info()

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib/wip/danw/tls-new-apis: 3/4] GTlsConnection: add g_tls_connection_get_connection_info()
Date: Wed, 31 May 2017 19:04:37 +0000 (UTC)
commit 7894ffeb60a31da605948b27ec1a1ec3a73067ba
Author: Dan Winship <danw gnome org>
Date:   Thu Oct 16 20:53:58 2014 -0400

    GTlsConnection: add g_tls_connection_get_connection_info()
    
    Add an API to get various information about a GTlsConnection, such as
    the negotiated SSL/TLS version and ciphersuite.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=745637

 docs/reference/gio/gio-sections.txt |    2 +
 gio/gioenums.h                      |   27 ++++++++++++
 gio/gtlsconnection.c                |   78 ++++++++++++++++++++++++++++++++++-
 gio/gtlsconnection.h                |    3 +
 4 files changed, 109 insertions(+), 1 deletions(-)
---
diff --git a/docs/reference/gio/gio-sections.txt b/docs/reference/gio/gio-sections.txt
index cb46e77..240c654 100644
--- a/docs/reference/gio/gio-sections.txt
+++ b/docs/reference/gio/gio-sections.txt
@@ -3636,6 +3636,8 @@ g_tls_connection_get_database
 g_tls_connection_set_database
 g_tls_connection_get_interaction
 g_tls_connection_set_interaction
+GTlsVersion
+g_tls_connection_get_info
 <SUBSECTION>
 g_tls_connection_handshake
 g_tls_connection_handshake_async
diff --git a/gio/gioenums.h b/gio/gioenums.h
index aa7e604..16da42f 100644
--- a/gio/gioenums.h
+++ b/gio/gioenums.h
@@ -1894,6 +1894,33 @@ typedef enum {
   G_NETWORK_CONNECTIVITY_FULL        = 4
 } GNetworkConnectivity;
 
+/**
+ * GTlsVersion:
+ * @G_TLS_VERSION_INVALID: invalid or unspecified version
+ * @G_TLS_VERSION_SSL_3_0: SSL 3.0
+ * @G_TLS_VERSION_TLS_1_0: TLS 1.0
+ * @G_TLS_VERSION_TLS_1_1: TLS 1.1
+ * @G_TLS_VERSION_TLS_1_2: TLS 1.2
+ * @G_TLS_VERSION_DTLS_1_0: Datagram TLS 1.0
+ * @G_TLS_VERSION_DTLS_1_2: Datagram TLS 1.2
+ *
+ * Versions of TLS/SSL. Note that the enumeration values are simply
+ * the two-byte "ProtocolVersion" values used in the TLS/SSL protocol,
+ * and new values will be added to the enumeration in the future if
+ * new versions of TLS are defined.
+ *
+ * Since: 2.46
+ */
+typedef enum {
+  G_TLS_VERSION_INVALID  = 0,
+  G_TLS_VERSION_SSL_3_0  = 0x0300,
+  G_TLS_VERSION_TLS_1_0  = 0x0301,
+  G_TLS_VERSION_TLS_1_1  = 0x0302,
+  G_TLS_VERSION_TLS_1_2  = 0x0303,
+  G_TLS_VERSION_DTLS_1_0 = 0xFEFF,
+  G_TLS_VERSION_DTLS_1_2 = 0xFEFD
+} GTlsVersion;
+
 G_END_DECLS
 
 #endif /* __GIO_ENUMS_H__ */
diff --git a/gio/gtlsconnection.c b/gio/gtlsconnection.c
index dda9d7a..80e4d10 100644
--- a/gio/gtlsconnection.c
+++ b/gio/gtlsconnection.c
@@ -83,7 +83,8 @@ enum {
   PROP_PEER_CERTIFICATE,
   PROP_PEER_CERTIFICATE_ERRORS,
   PROP_ADVERTISED_PROTOCOLS,
-  PROP_NEGOTIATED_PROTOCOL
+  PROP_NEGOTIATED_PROTOCOL,
+  PROP_CONNECTION_INFO
 };
 
 static void
@@ -279,6 +280,27 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
                                                         G_PARAM_STATIC_STRINGS));
 
   /**
+   * GTlsConnection:connection-info:
+   *
+   * Miscellaneous information about the negotiated parameters for the
+   * connection (ciphersuite, extensions, etc). See
+   * g_tls_connection_get_connection_info() for details.
+   *
+   * This is only valid after a handshake has completed; before that
+   * it will be %NULL.
+   *
+   * Since: 2.46
+   */
+  g_object_class_install_property (gobject_class, PROP_CONNECTION_INFO,
+                                   g_param_spec_variant ("connection-info",
+                                                         P_("Connection Info"),
+                                                         P_("Negotiated SSL/TLS information"),
+                                                         G_VARIANT_TYPE_VARDICT,
+                                                         NULL,
+                                                         G_PARAM_READABLE |
+                                                         G_PARAM_STATIC_STRINGS));
+
+  /**
    * GTlsConnection::accept-certificate:
    * @conn: a #GTlsConnection
    * @peer_cert: the peer's #GTlsCertificate
@@ -815,6 +837,60 @@ g_tls_connection_get_negotiated_protocol (GTlsConnection *conn)
 }
 
 /**
+ * g_tls_connection_get_connection_info:
+ * @conn: a #GTlsConnection
+ *
+ * Gets information about the encryption and other TLS session
+ * parameters of @conn, as a #GVariant dictionary containing various
+ * pieces of information.
+ *
+ * Certain pieces of information are available for all connections:
+ *
+ * - `version` (int16): the negotiated #GTlsVersion. (In fact, this is
+ *   just the version number value in the binary format used by the
+ *   TLS protocol. For known SSL/TLS versions, this will be one of the
+ *   values of the #GTlsVersion enumeration, but future versions of
+ *   the backend TLS library may negotiate connections using TLS
+ *   versions not yet known to GLib.)
+ * - `key-exchange` (string): the key exchange algorithm (eg, "RSA" or
+ *   "ECDH_ECDSA")
+ * - `cipher` (string): the cipher algorithm (eg, "DES" or
+ *   "AES_256_CBC")
+ * - `mac` (string): the MAC algorithm (eg, "MD5" or "SHA256")
+ * - `cipher-suite` (string): the full cipher suite name (eg,
+ *   "TLS_RSA_WITH_AES128_CBC_SHA")
+ * - `key-size` (int32): the size of the key used by the cipher
+ *   algorithm
+ * - `mac-size` (int32): the output size of the MAC algorithm
+ *
+ * Additional data may also be available depending on the ciphersuite
+ * or extensions:
+ *
+ * - `dh-prime-size` (int32): for cipher suites using Diffie-Hellman key
+ *   exchange, the length in bits of the prime modulus.
+ * - `ext-renegotiation-info` (boolean): %TRUE if client and server
+ *   both support the TLS Renegotiation Indication Extension
+ *
+ * Returns: (transfer full) (nullable): a variant dictionary
+ * containing information about @conn, or %NULL if @conn is not
+ * connected or has not completed a handshake.
+ *
+ * Since: 2.46
+ */
+GVariant *
+g_tls_connection_get_connection_info (GTlsConnection *conn)
+{
+  GVariant *info;
+
+  g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
+
+  g_object_get (G_OBJECT (conn),
+                "connection-info", &info,
+                NULL);
+  return info;
+}
+
+/**
  * g_tls_connection_handshake:
  * @conn: a #GTlsConnection
  * @cancellable: (allow-none): a #GCancellable, or %NULL
diff --git a/gio/gtlsconnection.h b/gio/gtlsconnection.h
index 553be66..66c8ae3 100644
--- a/gio/gtlsconnection.h
+++ b/gio/gtlsconnection.h
@@ -122,6 +122,9 @@ void                  g_tls_connection_set_advertised_protocols    (GTlsConnecti
 GLIB_AVAILABLE_IN_2_46
 const char *          g_tls_connection_get_negotiated_protocol     (GTlsConnection       *conn);
 
+GLIB_AVAILABLE_IN_2_46
+GVariant *            g_tls_connection_get_connection_info         (GTlsConnection       *conn);
+
 GLIB_AVAILABLE_IN_ALL
 gboolean              g_tls_connection_handshake                   (GTlsConnection       *conn,
                                                                    GCancellable         *cancellable,
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]