1 // Generated by gmmproc 2.64.2 -- DO NOT MODIFY! 2 #ifndef _GIOMM_TLSCLIENTCONNECTION_H 3 #define _GIOMM_TLSCLIENTCONNECTION_H 4 5 6 #include <glibmm/ustring.h> 7 #include <sigc++/sigc++.h> 8 9 /* Copyright (C) 2013 The giomm Development Team 10 * 11 * This library is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU Lesser General Public 13 * License as published by the Free Software Foundation; either 14 * version 2.1 of the License, or (at your option) any later version. 15 * 16 * This library is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 * Lesser General Public License for more details. 20 * 21 * You should have received a copy of the GNU Lesser General Public 22 * License along with this library. If not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include <glibmm/interface.h> 26 #include <giomm/tlsconnection.h> 27 #include <giomm/enums.h> 28 29 30 #ifndef DOXYGEN_SHOULD_SKIP_THIS 31 typedef struct _GTlsClientConnectionInterface GTlsClientConnectionInterface; 32 #endif /* DOXYGEN_SHOULD_SKIP_THIS */ 33 34 #ifndef DOXYGEN_SHOULD_SKIP_THIS 35 using GTlsClientConnection = struct _GTlsClientConnection; 36 using GTlsClientConnectionClass = struct _GTlsClientConnectionClass; 37 #endif /* DOXYGEN_SHOULD_SKIP_THIS */ 38 39 40 #ifndef DOXYGEN_SHOULD_SKIP_THIS 41 namespace Gio 42 { class GIOMM_API TlsClientConnection_Class; } // namespace Gio 43 #endif // DOXYGEN_SHOULD_SKIP_THIS 44 45 namespace Gio 46 { 47 48 class GIOMM_API SocketConnectable; 49 50 /** TlsClientConnection - TLS client-side connection. 51 * TlsClientConnection is the client-side subclass of TlsConnection, 52 * representing a client-side TLS connection. 53 * @newin{2,36} 54 */ 55 56 class GIOMM_API TlsClientConnection 57 : public Glib::Interface, 58 public TlsConnection 59 { 60 61 #ifndef DOXYGEN_SHOULD_SKIP_THIS 62 63 public: 64 using CppObjectType = TlsClientConnection; 65 using CppClassType = TlsClientConnection_Class; 66 using BaseObjectType = GTlsClientConnection; 67 using BaseClassType = GTlsClientConnectionInterface; 68 69 // noncopyable 70 TlsClientConnection(const TlsClientConnection&) = delete; 71 TlsClientConnection& operator=(const TlsClientConnection&) = delete; 72 73 private: 74 friend class TlsClientConnection_Class; 75 static CppClassType tlsclientconnection_class_; 76 77 #endif /* DOXYGEN_SHOULD_SKIP_THIS */ 78 protected: 79 /** 80 * You should derive from this class to use it. 81 */ 82 TlsClientConnection(); 83 84 #ifndef DOXYGEN_SHOULD_SKIP_THIS 85 /** Called by constructors of derived classes. Provide the result of 86 * the Class init() function to ensure that it is properly 87 * initialized. 88 * 89 * @param interface_class The Class object for the derived type. 90 */ 91 explicit TlsClientConnection(const Glib::Interface_Class& interface_class); 92 93 public: 94 // This is public so that C++ wrapper instances can be 95 // created for C instances of unwrapped types. 96 // For instance, if an unexpected C type implements the C interface. 97 explicit TlsClientConnection(GTlsClientConnection* castitem); 98 99 protected: 100 #endif /* DOXYGEN_SHOULD_SKIP_THIS */ 101 102 public: 103 104 TlsClientConnection(TlsClientConnection&& src) noexcept; 105 TlsClientConnection& operator=(TlsClientConnection&& src) noexcept; 106 107 ~TlsClientConnection() noexcept override; 108 109 static void add_interface(GType gtype_implementer); 110 111 /** Get the GType for this class, for use with the underlying GObject type system. 112 */ 113 static GType get_type() G_GNUC_CONST; 114 115 #ifndef DOXYGEN_SHOULD_SKIP_THIS 116 static GType get_base_type() G_GNUC_CONST; 117 #endif 118 119 ///Provides access to the underlying C GObject. gobj()120 GTlsClientConnection* gobj() { return reinterpret_cast<GTlsClientConnection*>(gobject_); } 121 122 ///Provides access to the underlying C GObject. gobj()123 const GTlsClientConnection* gobj() const { return reinterpret_cast<GTlsClientConnection*>(gobject_); } 124 125 private: 126 127 128 public: 129 //TODO: It's not possible to use _WRAP_CTOR/_WRAP_CREATE to wrap the new 130 //function because this is an interface. 131 132 133 /** Creates a new TlsClientConnection wrapping @a base_io_stream (which 134 * must have pollable input and output streams) which is assumed to 135 * communicate with the server identified by @a server_identity. 136 * 137 * See the documentation for TlsConnection::property_base_io_stream() for restrictions 138 * on when application code can run operations on the @a base_io_stream after 139 * this function has returned. 140 * 141 * @newin{2,28} 142 * 143 * @param base_io_stream The IOStream to wrap. 144 * @param server_identity The expected identity of the server. 145 * @return The new 146 * TlsClientConnection, or <tt>nullptr</tt> on error. 147 * 148 * @throws Glib::Error 149 */ 150 static Glib::RefPtr<TlsClientConnection> create(const Glib::RefPtr<IOStream>& base_io_stream, const Glib::RefPtr<const SocketConnectable>& server_identity); 151 152 /// A create() convenience overload. 153 static Glib::RefPtr<TlsClientConnection> create(const Glib::RefPtr<IOStream>& base_io_stream); 154 155 156 /** Sets @a conn's expected server identity, which is used both to tell 157 * servers on virtual hosts which certificate to present, and also 158 * to let @a conn know what name to look for in the certificate when 159 * performing TLS_CERTIFICATE_BAD_IDENTITY validation, if enabled. 160 * 161 * @newin{2,28} 162 * 163 * @param identity A SocketConnectable describing the expected server identity. 164 */ 165 void set_server_identity(const Glib::RefPtr<SocketConnectable>& identity); 166 167 168 /** Gets @a conn's expected server identity 169 * 170 * @newin{2,28} 171 * 172 * @return A SocketConnectable describing the 173 * expected server identity, or <tt>nullptr</tt> if the expected identity is not 174 * known. 175 */ 176 Glib::RefPtr<SocketConnectable> get_server_identity(); 177 178 /** Gets @a conn's expected server identity 179 * 180 * @newin{2,28} 181 * 182 * @return A SocketConnectable describing the 183 * expected server identity, or <tt>nullptr</tt> if the expected identity is not 184 * known. 185 */ 186 Glib::RefPtr<const SocketConnectable> get_server_identity() const; 187 188 189 /** Sets @a conn's validation flags, to override the default set of 190 * checks performed when validating a server certificate. By default, 191 * TLS_CERTIFICATE_VALIDATE_ALL is used. 192 * 193 * @newin{2,28} 194 * 195 * @param flags The TlsCertificateFlags to use. 196 */ 197 void set_validation_flags(TlsCertificateFlags flags); 198 199 /** Gets @a conn's validation flags 200 * 201 * @newin{2,28} 202 * 203 * @return The validation flags. 204 */ 205 TlsCertificateFlags get_validation_flags() const; 206 207 208 #ifndef GIOMM_DISABLE_DEPRECATED 209 210 /** Since GLib 2.42.1, SSL 3.0 is no longer supported. 211 * 212 * From GLib 2.42.1 through GLib 2.62, this function could be used to 213 * force use of TLS 1.0, the lowest-supported TLS protocol version at 214 * the time. In the past, this was needed to connect to broken TLS 215 * servers that exhibited protocol version intolerance. Such servers 216 * are no longer common, and using TLS 1.0 is no longer considered 217 * acceptable. 218 * 219 * Since GLib 2.64, this function does nothing. 220 * 221 * @newin{2,28} 222 * 223 * Deprecated: 2.56: SSL 3.0 is insecure. 224 * 225 * @deprecated SSL 3.0 is insecure, and this function does not generally enable or disable it, despite its name. 226 * 227 * @param use_ssl3 A <tt>bool</tt>, ignored. 228 */ 229 void set_use_ssl3(bool use_ssl3 = true); 230 #endif // GIOMM_DISABLE_DEPRECATED 231 232 233 #ifndef GIOMM_DISABLE_DEPRECATED 234 235 /** SSL 3.0 is no longer supported. See 236 * g_tls_client_connection_set_use_ssl3() for details. 237 * 238 * @newin{2,28} 239 * 240 * Deprecated: 2.56: SSL 3.0 is insecure. 241 * 242 * @deprecated SSL 3.0 is insecure, and this function does not actually indicate whether it is enabled. 243 * 244 * @return <tt>false</tt>. 245 */ 246 bool get_use_ssl3() const; 247 #endif // GIOMM_DISABLE_DEPRECATED 248 249 250 /** Gets the list of distinguished names of the Certificate Authorities 251 * that the server will accept certificates from. This will be set 252 * during the TLS handshake if the server requests a certificate. 253 * Otherwise, it will be <tt>nullptr</tt>. 254 * 255 * Each item in the list is a ByteArray which contains the complete 256 * subject DN of the certificate authority. 257 * 258 * @newin{2,28} 259 * 260 * @return The list of 261 * CA DNs. 262 */ 263 std::vector< Glib::RefPtr<Glib::ByteArray> > get_accepted_cas(); 264 265 266 /** Gets the list of distinguished names of the Certificate Authorities 267 * that the server will accept certificates from. This will be set 268 * during the TLS handshake if the server requests a certificate. 269 * Otherwise, it will be <tt>nullptr</tt>. 270 * 271 * Each item in the list is a ByteArray which contains the complete 272 * subject DN of the certificate authority. 273 * 274 * @newin{2,28} 275 * 276 * @return The list of 277 * CA DNs. 278 */ 279 std::vector< Glib::RefPtr<const Glib::ByteArray> > get_accepted_cas() const; 280 281 282 /** Possibly copies session state from one connection to another, for use 283 * in TLS session resumption. This is not normally needed, but may be 284 * used when the same session needs to be used between different 285 * endpoints, as is required by some protocols, such as FTP over TLS. 286 * @a source should have already completed a handshake and, since TLS 1.3, 287 * it should have been used to read data at least once. @a conn should not 288 * have completed a handshake. 289 * 290 * It is not possible to know whether a call to this function will 291 * actually do anything. Because session resumption is normally used 292 * only for performance benefit, the TLS backend might not implement 293 * this function. Even if implemented, it may not actually succeed in 294 * allowing @a conn to resume @a source's TLS session, because the server 295 * may not have sent a session resumption token to @a source, or it may 296 * refuse to accept the token from @a conn. There is no way to know 297 * whether a call to this function is actually successful. 298 * 299 * Using this function is not required to benefit from session 300 * resumption. If the TLS backend supports session resumption, the 301 * session will be resumed automatically if it is possible to do so 302 * without weakening the privacy guarantees normally provided by TLS, 303 * without need to call this function. For example, with TLS 1.3, 304 * a session ticket will be automatically copied from any 305 * TlsClientConnection that has previously received session tickets 306 * from the server, provided a ticket is available that has not 307 * previously been used for session resumption, since session ticket 308 * reuse would be a privacy weakness. Using this function causes the 309 * ticket to be copied without regard for privacy considerations. 310 * 311 * @newin{2,46} 312 * 313 * @param source A TlsClientConnection. 314 */ 315 void copy_session_state(const Glib::RefPtr<TlsClientConnection>& source); 316 317 // property_accepted_cas() won't work unless a Glib::Value<std::vector<Glib::RefPtr<Glib::ByteArray>>> 318 // specialization is added. Workaround: Use get_accepted_cas(). 319 320 #ifndef GIOMM_DISABLE_DEPRECATED 321 322 /** A list of the distinguished names of the Certificate Authorities 323 * that the server will accept client certificates signed by. If the 324 * server requests a client certificate during the handshake, then 325 * this property will be set after the handshake completes. 326 * 327 * Each item in the list is a ByteArray which contains the complete 328 * subject DN of the certificate authority. 329 * 330 * @newin{2,28} 331 * 332 * @deprecated property_accepted_cas() does not work. Use get_accepted_cas() instead. 333 * 334 * @return A PropertyProxy_ReadOnly that allows you to get the value of the property, 335 * or receive notification when the value of the property changes. 336 */ 337 Glib::PropertyProxy_ReadOnly< std::vector< Glib::RefPtr<Glib::ByteArray> > > property_accepted_cas() const; 338 339 340 #endif // GIOMM_DISABLE_DEPRECATED 341 342 /** A SocketConnectable describing the identity of the server that 343 * is expected on the other end of the connection. 344 * 345 * If the TLS_CERTIFICATE_BAD_IDENTITY flag is set in 346 * TlsClientConnection::property_validation_flags(), this object will be used 347 * to determine the expected identify of the remote end of the 348 * connection; if TlsClientConnection::property_server_identity() is not set, 349 * or does not match the identity presented by the server, then the 350 * TLS_CERTIFICATE_BAD_IDENTITY validation will fail. 351 * 352 * In addition to its use in verifying the server certificate, 353 * this is also used to give a hint to the server about what 354 * certificate we expect, which is useful for servers that serve 355 * virtual hosts. 356 * 357 * @newin{2,28} 358 * 359 * @return A PropertyProxy that allows you to get or set the value of the property, 360 * or receive notification when the value of the property changes. 361 */ 362 Glib::PropertyProxy< Glib::RefPtr<SocketConnectable> > property_server_identity() ; 363 364 /** A SocketConnectable describing the identity of the server that 365 * is expected on the other end of the connection. 366 * 367 * If the TLS_CERTIFICATE_BAD_IDENTITY flag is set in 368 * TlsClientConnection::property_validation_flags(), this object will be used 369 * to determine the expected identify of the remote end of the 370 * connection; if TlsClientConnection::property_server_identity() is not set, 371 * or does not match the identity presented by the server, then the 372 * TLS_CERTIFICATE_BAD_IDENTITY validation will fail. 373 * 374 * In addition to its use in verifying the server certificate, 375 * this is also used to give a hint to the server about what 376 * certificate we expect, which is useful for servers that serve 377 * virtual hosts. 378 * 379 * @newin{2,28} 380 * 381 * @return A PropertyProxy_ReadOnly that allows you to get the value of the property, 382 * or receive notification when the value of the property changes. 383 */ 384 Glib::PropertyProxy_ReadOnly< Glib::RefPtr<SocketConnectable> > property_server_identity() const; 385 386 387 #ifndef GIOMM_DISABLE_DEPRECATED 388 389 /** SSL 3.0 is no longer supported. See 390 * g_tls_client_connection_set_use_ssl3() for details. 391 * 392 * @newin{2,28} 393 * 394 * Deprecated: 2.56: SSL 3.0 is insecure. 395 * 396 * @deprecated SSL 3.0 is insecure, and this property does not generally enable or disable it, despite its name. 397 * 398 * Default value: <tt>false</tt> 399 * 400 * @return A PropertyProxy that allows you to get or set the value of the property, 401 * or receive notification when the value of the property changes. 402 */ 403 Glib::PropertyProxy< bool > property_use_ssl3() ; 404 405 /** SSL 3.0 is no longer supported. See 406 * g_tls_client_connection_set_use_ssl3() for details. 407 * 408 * @newin{2,28} 409 * 410 * Deprecated: 2.56: SSL 3.0 is insecure. 411 * 412 * @deprecated SSL 3.0 is insecure, and this property does not generally enable or disable it, despite its name. 413 * 414 * Default value: <tt>false</tt> 415 * 416 * @return A PropertyProxy_ReadOnly that allows you to get the value of the property, 417 * or receive notification when the value of the property changes. 418 */ 419 Glib::PropertyProxy_ReadOnly< bool > property_use_ssl3() const; 420 421 #endif // GIOMM_DISABLE_DEPRECATED 422 423 /** What steps to perform when validating a certificate received from 424 * a server. Server certificates that fail to validate in all of the 425 * ways indicated here will be rejected unless the application 426 * overrides the default via TlsConnection::signal_accept_certificate(). 427 * 428 * @newin{2,28} 429 * 430 * Default value: TLS_CERTIFICATE_UNKNOWN_CA | TLS_CERTIFICATE_BAD_IDENTITY | TLS_CERTIFICATE_NOT_ACTIVATED | TLS_CERTIFICATE_EXPIRED | TLS_CERTIFICATE_REVOKED | TLS_CERTIFICATE_INSECURE | TLS_CERTIFICATE_GENERIC_ERROR 431 * 432 * @return A PropertyProxy that allows you to get or set the value of the property, 433 * or receive notification when the value of the property changes. 434 */ 435 Glib::PropertyProxy< TlsCertificateFlags > property_validation_flags() ; 436 437 /** What steps to perform when validating a certificate received from 438 * a server. Server certificates that fail to validate in all of the 439 * ways indicated here will be rejected unless the application 440 * overrides the default via TlsConnection::signal_accept_certificate(). 441 * 442 * @newin{2,28} 443 * 444 * Default value: TLS_CERTIFICATE_UNKNOWN_CA | TLS_CERTIFICATE_BAD_IDENTITY | TLS_CERTIFICATE_NOT_ACTIVATED | TLS_CERTIFICATE_EXPIRED | TLS_CERTIFICATE_REVOKED | TLS_CERTIFICATE_INSECURE | TLS_CERTIFICATE_GENERIC_ERROR 445 * 446 * @return A PropertyProxy_ReadOnly that allows you to get the value of the property, 447 * or receive notification when the value of the property changes. 448 */ 449 Glib::PropertyProxy_ReadOnly< TlsCertificateFlags > property_validation_flags() const; 450 451 452 public: 453 454 public: 455 //C++ methods used to invoke GTK+ virtual functions: 456 457 protected: 458 //GTK+ Virtual Functions (override these to change behaviour): 459 460 //Default Signal Handlers:: 461 462 463 }; 464 465 } // namespace Gio 466 467 468 namespace Glib 469 { 470 /** A Glib::wrap() method for this object. 471 * 472 * @param object The C instance. 473 * @param take_copy False if the result should take ownership of the C instance. True if it should take a new copy or ref. 474 * @result A C++ instance that wraps this C instance. 475 * 476 * @relates Gio::TlsClientConnection 477 */ 478 GIOMM_API 479 Glib::RefPtr<Gio::TlsClientConnection> wrap(GTlsClientConnection* object, bool take_copy = false); 480 481 } // namespace Glib 482 483 484 #endif /* _GIOMM_TLSCLIENTCONNECTION_H */ 485 486