Copyright | Will Thompson, Iñaki García Etxebarria and Jonas Platte |
---|---|
License | LGPL-2.1 |
Maintainer | Iñaki García Etxebarria (garetxe@gmail.com) |
Safe Haskell | None |
Language | Haskell2010 |
A certificate used for TLS authentication and encryption.
This can represent either a certificate only (eg, the certificate
received by a client from a server), or the combination of
a certificate and a private key (which is needed when acting as a
TlsServerConnection
).
- newtype TlsCertificate = TlsCertificate (ManagedPtr TlsCertificate)
- class GObject o => IsTlsCertificate o
- toTlsCertificate :: IsTlsCertificate o => o -> IO TlsCertificate
- noTlsCertificate :: Maybe TlsCertificate
- data TlsCertificateGetIssuerMethodInfo
- tlsCertificateGetIssuer :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m TlsCertificate
- data TlsCertificateIsSameMethodInfo
- tlsCertificateIsSame :: (HasCallStack, MonadIO m, IsTlsCertificate a, IsTlsCertificate b) => a -> b -> m Bool
- tlsCertificateListNewFromFile :: (HasCallStack, MonadIO m) => [Char] -> m [TlsCertificate]
- tlsCertificateNewFromFile :: (HasCallStack, MonadIO m) => [Char] -> m TlsCertificate
- tlsCertificateNewFromFiles :: (HasCallStack, MonadIO m) => [Char] -> [Char] -> m TlsCertificate
- tlsCertificateNewFromPem :: (HasCallStack, MonadIO m) => Text -> Int64 -> m TlsCertificate
- data TlsCertificateVerifyMethodInfo
- tlsCertificateVerify :: (HasCallStack, MonadIO m, IsTlsCertificate a, IsSocketConnectable b, IsTlsCertificate c) => a -> Maybe b -> Maybe c -> m [TlsCertificateFlags]
- data TlsCertificateCertificatePropertyInfo
- constructTlsCertificateCertificate :: IsTlsCertificate o => ByteString -> IO (GValueConstruct o)
- getTlsCertificateCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString)
- tlsCertificateCertificate :: AttrLabelProxy "certificate"
- data TlsCertificateCertificatePemPropertyInfo
- constructTlsCertificateCertificatePem :: IsTlsCertificate o => Text -> IO (GValueConstruct o)
- getTlsCertificateCertificatePem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
- tlsCertificateCertificatePem :: AttrLabelProxy "certificatePem"
- data TlsCertificateIssuerPropertyInfo
- constructTlsCertificateIssuer :: (IsTlsCertificate o, IsTlsCertificate a) => a -> IO (GValueConstruct o)
- getTlsCertificateIssuer :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate
- tlsCertificateIssuer :: AttrLabelProxy "issuer"
- data TlsCertificatePrivateKeyPropertyInfo
- constructTlsCertificatePrivateKey :: IsTlsCertificate o => ByteString -> IO (GValueConstruct o)
- tlsCertificatePrivateKey :: AttrLabelProxy "privateKey"
- data TlsCertificatePrivateKeyPemPropertyInfo
- constructTlsCertificatePrivateKeyPem :: IsTlsCertificate o => Text -> IO (GValueConstruct o)
- tlsCertificatePrivateKeyPem :: AttrLabelProxy "privateKeyPem"
Exported types
newtype TlsCertificate Source #
GObject TlsCertificate Source # | |
IsObject TlsCertificate Source # | |
IsTlsCertificate TlsCertificate Source # | |
((~) * info (ResolveTlsCertificateMethod t TlsCertificate), MethodInfo * info TlsCertificate p) => IsLabel t (TlsCertificate -> p) Source # | |
((~) * info (ResolveTlsCertificateMethod t TlsCertificate), MethodInfo * info TlsCertificate p) => IsLabelProxy t (TlsCertificate -> p) Source # | |
HasAttributeList * TlsCertificate Source # | |
type AttributeList TlsCertificate Source # | |
type SignalList TlsCertificate Source # | |
class GObject o => IsTlsCertificate o Source #
toTlsCertificate :: IsTlsCertificate o => o -> IO TlsCertificate Source #
Methods
getIssuer
data TlsCertificateGetIssuerMethodInfo Source #
((~) * signature (m TlsCertificate), MonadIO m, IsTlsCertificate a) => MethodInfo * TlsCertificateGetIssuerMethodInfo a signature Source # | |
tlsCertificateGetIssuer Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m TlsCertificate | Returns: The certificate of |
Gets the TlsCertificate
representing cert
's issuer, if known
Since: 2.28
isSame
data TlsCertificateIsSameMethodInfo Source #
((~) * signature (b -> m Bool), MonadIO m, IsTlsCertificate a, IsTlsCertificate b) => MethodInfo * TlsCertificateIsSameMethodInfo a signature Source # | |
:: (HasCallStack, MonadIO m, IsTlsCertificate a, IsTlsCertificate b) | |
=> a |
|
-> b |
|
-> m Bool | Returns: whether the same or not |
Check if two TlsCertificate
objects represent the same certificate.
The raw DER byte data of the two certificates are checked for equality.
This has the effect that two certificates may compare equal even if
their TlsCertificate
:issuer
, TlsCertificate
:private-key
, or
TlsCertificate
:private-key-pem
properties differ.
Since: 2.34
listNewFromFile
tlsCertificateListNewFromFile Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> m [TlsCertificate] | Returns: a
|
Creates one or more GTlsCertificates
from the PEM-encoded
data in file
. If file
cannot be read or parsed, the function will
return Nothing
and set error
. If file
does not contain any
PEM-encoded certificates, this will return an empty list and not
set error
.
Since: 2.28
newFromFile
tlsCertificateNewFromFile Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the PEM-encoded data in file
. The
returned certificate will be the first certificate found in file
. As
of GLib 2.44, if file
contains more certificates it will try to load
a certificate chain. All certificates will be verified in the order
found (top-level certificate should be the last one in the file) and
the TlsCertificate
:issuer
property of each certificate will be set
accordingly if the verification succeeds. If any certificate in the
chain cannot be verified, the first certificate in the file will
still be returned.
If file
cannot be read or parsed, the function will return Nothing
and
set error
. Otherwise, this behaves like
tlsCertificateNewFromPem
.
Since: 2.28
newFromFiles
tlsCertificateNewFromFiles Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> [Char] |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the PEM-encoded data in certFile
and keyFile
. The returned certificate will be the first certificate
found in certFile
. As of GLib 2.44, if certFile
contains more
certificates it will try to load a certificate chain. All
certificates will be verified in the order found (top-level
certificate should be the last one in the file) and the
TlsCertificate
:issuer
property of each certificate will be set
accordingly if the verification succeeds. If any certificate in the
chain cannot be verified, the first certificate in the file will
still be returned.
If either file cannot be read or parsed, the function will return
Nothing
and set error
. Otherwise, this behaves like
tlsCertificateNewFromPem
.
Since: 2.28
newFromPem
tlsCertificateNewFromPem Source #
:: (HasCallStack, MonadIO m) | |
=> Text |
|
-> Int64 |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the PEM-encoded data in data
. If
data
includes both a certificate and a private key, then the
returned certificate will include the private key data as well. (See
the TlsCertificate
:private-key-pem
property for information about
supported formats.)
The returned certificate will be the first certificate found in
data
. As of GLib 2.44, if data
contains more certificates it will
try to load a certificate chain. All certificates will be verified in
the order found (top-level certificate should be the last one in the
file) and the TlsCertificate
:issuer
property of each certificate
will be set accordingly if the verification succeeds. If any
certificate in the chain cannot be verified, the first certificate in
the file will still be returned.
Since: 2.28
verify
data TlsCertificateVerifyMethodInfo Source #
((~) * signature (Maybe b -> Maybe c -> m [TlsCertificateFlags]), MonadIO m, IsTlsCertificate a, IsSocketConnectable b, IsTlsCertificate c) => MethodInfo * TlsCertificateVerifyMethodInfo a signature Source # | |
:: (HasCallStack, MonadIO m, IsTlsCertificate a, IsSocketConnectable b, IsTlsCertificate c) | |
=> a |
|
-> Maybe b |
|
-> Maybe c |
|
-> m [TlsCertificateFlags] | Returns: the appropriate |
This verifies cert
and returns a set of TlsCertificateFlags
indicating any problems found with it. This can be used to verify a
certificate outside the context of making a connection, or to
check a certificate against a CA that is not part of the system
CA database.
If identity
is not Nothing
, cert
's name(s) will be compared against
it, and TlsCertificateFlagsBadIdentity
will be set in the return
value if it does not match. If identity
is Nothing
, that bit will
never be set in the return value.
If trustedCa
is not Nothing
, then cert
(or one of the certificates
in its chain) must be signed by it, or else
TlsCertificateFlagsUnknownCa
will be set in the return value. If
trustedCa
is Nothing
, that bit will never be set in the return
value.
(All other TlsCertificateFlags
values will always be set or unset
as appropriate.)
Since: 2.28
Properties
certificate
data TlsCertificateCertificatePropertyInfo Source #
constructTlsCertificateCertificate :: IsTlsCertificate o => ByteString -> IO (GValueConstruct o) Source #
getTlsCertificateCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString) Source #
tlsCertificateCertificate :: AttrLabelProxy "certificate" Source #
certificatePem
data TlsCertificateCertificatePemPropertyInfo Source #
constructTlsCertificateCertificatePem :: IsTlsCertificate o => Text -> IO (GValueConstruct o) Source #
getTlsCertificateCertificatePem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
tlsCertificateCertificatePem :: AttrLabelProxy "certificatePem" Source #
issuer
data TlsCertificateIssuerPropertyInfo Source #
constructTlsCertificateIssuer :: (IsTlsCertificate o, IsTlsCertificate a) => a -> IO (GValueConstruct o) Source #
getTlsCertificateIssuer :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate Source #
tlsCertificateIssuer :: AttrLabelProxy "issuer" Source #
privateKey
data TlsCertificatePrivateKeyPropertyInfo Source #
constructTlsCertificatePrivateKey :: IsTlsCertificate o => ByteString -> IO (GValueConstruct o) Source #
tlsCertificatePrivateKey :: AttrLabelProxy "privateKey" Source #
privateKeyPem
data TlsCertificatePrivateKeyPemPropertyInfo Source #
constructTlsCertificatePrivateKeyPem :: IsTlsCertificate o => Text -> IO (GValueConstruct o) Source #
tlsCertificatePrivateKeyPem :: AttrLabelProxy "privateKeyPem" Source #