Class: Gio::TlsCertificate
- Inherits:
-
Object
- Object
- Gio::TlsCertificate
- Defined in:
- (unknown)
Instance Method Summary collapse
-
#certificate ⇒ Gio::
The DER (binary) encoded representation of the certificate.
-
#certificate=(certificate) ⇒ Gio::
The DER (binary) encoded representation of the certificate.
-
#certificate_pem ⇒ String
The PEM (ASCII) encoded representation of the certificate.
-
#certificate_pem=(certificate_pem) ⇒ String
The PEM (ASCII) encoded representation of the certificate.
-
#is_same(cert_two) ⇒ TrueClass
Check if two GTls::Certificate objects represent the same certificate.
-
#issuer ⇒ Gio::TlsCertificate
A GTls::Certificate representing the entity that issued this certificate.
-
#issuer=(issuer) ⇒ Gio::TlsCertificate
A GTls::Certificate representing the entity that issued this certificate.
-
#new_from_file(file) ⇒ Gio::TlsCertificate
Creates a GTls::Certificate from the PEM-encoded data in file.
-
#new_from_files(cert_file, key_file) ⇒ Gio::TlsCertificate
Creates a GTls::Certificate from the PEM-encoded data in cert_file and key_file.
-
#new_from_pem(data, length) ⇒ Gio::TlsCertificate
Creates a GTls::Certificate from the PEM-encoded data in data.
-
#private_key=(private_key) ⇒ Gio::
The DER (binary) encoded representation of the certificate’s private key, in either PKCS#1 format or unencrypted PKCS#8 format.
-
#private_key_pem=(private_key_pem) ⇒ String
The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS#1 format (“‘BEGIN RSA PRIVATE KEY`”) or unencrypted PKCS#8 format (“`BEGIN PRIVATE KEY`”).
-
#verify(identity, trusted_ca) ⇒ Gio::TlsCertificateFlags
This verifies cert and returns a set of GTls::CertificateFlags indicating any problems found with it.
Instance Method Details
#certificate ⇒ Gio::
The DER (binary) encoded representation of the certificate. This property and the GTls::Certificate:certificate-pem property represent the same data, just in different forms.
#certificate=(certificate) ⇒ Gio::
The DER (binary) encoded representation of the certificate. This property and the GTls::Certificate:certificate-pem property represent the same data, just in different forms.
#certificate_pem ⇒ String
The PEM (ASCII) encoded representation of the certificate. This property and the GTls::Certificate:certificate property represent the same data, just in different forms.
#certificate_pem=(certificate_pem) ⇒ String
The PEM (ASCII) encoded representation of the certificate. This property and the GTls::Certificate:certificate property represent the same data, just in different forms.
#is_same(cert_two) ⇒ TrueClass
Check if two GTls::Certificate objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their GTls::Certificate:issuer, #GTlsCertificate:private-key, or GTls::Certificate:private-key-pem properties differ.
#issuer ⇒ Gio::TlsCertificate
A GTls::Certificate representing the entity that issued this certificate. If nil, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.
#issuer=(issuer) ⇒ Gio::TlsCertificate
A GTls::Certificate representing the entity that issued this certificate. If nil, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.
#new_from_file(file) ⇒ Gio::TlsCertificate
Creates a GTls::Certificate from the PEM-encoded data in file. The returned certificate will be the first certificate found in file. As of GLib 2.44, if file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTls::Certificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.
If file cannot be read or parsed, the function will return nil and set error. Otherwise, this behaves like g_tls_certificate_new_from_pem().
#new_from_files(cert_file, key_file) ⇒ Gio::TlsCertificate
Creates a GTls::Certificate from the PEM-encoded data in cert_file and key_file. The returned certificate will be the first certificate found in cert_file. As of GLib 2.44, if cert_file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTls::Certificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.
If either file cannot be read or parsed, the function will return nil and set error. Otherwise, this behaves like g_tls_certificate_new_from_pem().
#new_from_pem(data, length) ⇒ Gio::TlsCertificate
Creates a GTls::Certificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the GTls::Certificate:private-key-pem property for information about supported formats.)
The returned certificate will be the first certificate found in data. As of GLib 2.44, if data contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTls::Certificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.
#private_key=(private_key) ⇒ Gio::
The DER (binary) encoded representation of the certificate’s private key, in either PKCS#1 format or unencrypted PKCS#8 format. This property (or the GTls::Certificate:private-key-pem property) can be set when constructing a key (eg, from a file), but cannot be read.
PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the ‘openssl rsa` tool to convert PKCS#8 keys to PKCS#1.
#private_key_pem=(private_key_pem) ⇒ String
The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS#1 format (“‘BEGIN RSA PRIVATE KEY`”) or unencrypted PKCS#8 format (“`BEGIN PRIVATE KEY`”). This property (or the GTls::Certificate:private-key property) can be set when constructing a key (eg, from a file), but cannot be read.
PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the ‘openssl rsa` tool to convert PKCS#8 keys to PKCS#1.
#verify(identity, trusted_ca) ⇒ Gio::TlsCertificateFlags
This verifies cert and returns a set of GTls::CertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.
If identity is not nil, cert’s name(s) will be compared against it, and %G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the return value if it does not match. If identity is nil, that bit will never be set in the return value.
If trusted_ca is not nil, then cert (or one of the certificates in its chain) must be signed by it, or else %G_TLS_CERTIFICATE_UNKNOWN_CA will be set in the return value. If trusted_ca is nil, that bit will never be set in the return value.
(All other GTls::CertificateFlags values will always be set or unset as appropriate.)