Class: Gio::TlsCertificate

Inherits:
Object
  • Object
show all
Defined in:
(unknown)

Instance Method Summary collapse

Instance Method Details

#certificateGio::

The DER (binary) encoded representation of the certificate. This property and the GTls::Certificate:certificate-pem property represent the same data, just in different forms.

Returns:

  • (Gio::)

    certificate

#certificate=(certificate) ⇒ Gio::

The DER (binary) encoded representation of the certificate. This property and the GTls::Certificate:certificate-pem property represent the same data, just in different forms.

Parameters:

Returns:

#certificate_pemString

The PEM (ASCII) encoded representation of the certificate. This property and the GTls::Certificate:certificate property represent the same data, just in different forms.

Returns:

  • (String)

    certificate-pem

#certificate_pem=(certificate_pem) ⇒ String

The PEM (ASCII) encoded representation of the certificate. This property and the GTls::Certificate:certificate property represent the same data, just in different forms.

Parameters:

  • certificate_pem (String)

Returns:

  • (String)

    certificate-pem

  • (String)

    certificate-pem

#is_same(cert_two) ⇒ TrueClass

Check if two GTls::Certificate objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their GTls::Certificate:issuer, #GTlsCertificate:private-key, or GTls::Certificate:private-key-pem properties differ.

Parameters:

Returns:

  • (TrueClass)

    whether the same or not

#issuerGio::TlsCertificate

A GTls::Certificate representing the entity that issued this certificate. If nil, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

Returns:

#issuer=(issuer) ⇒ Gio::TlsCertificate

A GTls::Certificate representing the entity that issued this certificate. If nil, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

Parameters:

Returns:

#new_from_file(file) ⇒ Gio::TlsCertificate

Creates a GTls::Certificate from the PEM-encoded data in file. The returned certificate will be the first certificate found in file. As of GLib 2.44, if file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTls::Certificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

If file cannot be read or parsed, the function will return nil and set error. Otherwise, this behaves like g_tls_certificate_new_from_pem().

Parameters:

  • file (Gio::filename)

    file containing a PEM-encoded certificate to import

Returns:

#new_from_files(cert_file, key_file) ⇒ Gio::TlsCertificate

Creates a GTls::Certificate from the PEM-encoded data in cert_file and key_file. The returned certificate will be the first certificate found in cert_file. As of GLib 2.44, if cert_file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTls::Certificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

If either file cannot be read or parsed, the function will return nil and set error. Otherwise, this behaves like g_tls_certificate_new_from_pem().

Parameters:

  • cert_file (Gio::filename)

    file containing one or more PEM-encoded certificates to import

  • key_file (Gio::filename)

    file containing a PEM-encoded private key to import

Returns:

#new_from_pem(data, length) ⇒ Gio::TlsCertificate

Creates a GTls::Certificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the GTls::Certificate:private-key-pem property for information about supported formats.)

The returned certificate will be the first certificate found in data. As of GLib 2.44, if data contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTls::Certificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

Parameters:

  • data (String)

    PEM-encoded certificate data

  • length (Gio::gssize)

    the length of data, or -1 if it’s 0-terminated.

Returns:

#private_key=(private_key) ⇒ Gio::

The DER (binary) encoded representation of the certificate’s private key, in either PKCS#1 format or unencrypted PKCS#8 format. This property (or the GTls::Certificate:private-key-pem property) can be set when constructing a key (eg, from a file), but cannot be read.

PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the ‘openssl rsa` tool to convert PKCS#8 keys to PKCS#1.

Parameters:

Returns:

  • (Gio::)

    private-key

#private_key_pem=(private_key_pem) ⇒ String

The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS#1 format (“‘BEGIN RSA PRIVATE KEY`”) or unencrypted PKCS#8 format (“`BEGIN PRIVATE KEY`”). This property (or the GTls::Certificate:private-key property) can be set when constructing a key (eg, from a file), but cannot be read.

PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the ‘openssl rsa` tool to convert PKCS#8 keys to PKCS#1.

Parameters:

  • private_key_pem (String)

Returns:

  • (String)

    private-key-pem

#verify(identity, trusted_ca) ⇒ Gio::TlsCertificateFlags

This verifies cert and returns a set of GTls::CertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

If identity is not nil, cert’s name(s) will be compared against it, and %G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the return value if it does not match. If identity is nil, that bit will never be set in the return value.

If trusted_ca is not nil, then cert (or one of the certificates in its chain) must be signed by it, or else %G_TLS_CERTIFICATE_UNKNOWN_CA will be set in the return value. If trusted_ca is nil, that bit will never be set in the return value.

(All other GTls::CertificateFlags values will always be set or unset as appropriate.)

Parameters:

Returns: