diff options
author | Michael Catanzaro <mcatanzaro@gnome.org> | 2021-06-10 00:54:45 +0000 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@gnome.org> | 2021-06-10 00:54:45 +0000 |
commit | c816ee5bd1c666436fc6f1be19721eb3f9b27de4 (patch) | |
tree | 41586122e38829dc6414fc7ba254546a3978f00b | |
parent | eff19df20584fab0c342df9d77478137b52dd1b5 (diff) | |
parent | 4d3618cbd14c0f494652567084acfeec8f437773 (diff) | |
download | glib-c816ee5bd1c666436fc6f1be19721eb3f9b27de4.tar.gz |
Merge branch 'feature/tls-cert-additional-fields' into 'main'
tls: expose SAN details on GTlsCertificate
See merge request GNOME/glib!2142
-rw-r--r-- | docs/reference/gio/gio-sections-common.txt | 2 | ||||
-rw-r--r-- | gio/gtlscertificate.c | 80 | ||||
-rw-r--r-- | gio/gtlscertificate.h | 6 | ||||
-rw-r--r-- | gio/tests/gtesttlsbackend.c | 16 | ||||
-rw-r--r-- | gio/tests/tls-certificate.c | 49 |
5 files changed, 153 insertions, 0 deletions
diff --git a/docs/reference/gio/gio-sections-common.txt b/docs/reference/gio/gio-sections-common.txt index 9cdc4ba66..5151a9d75 100644 --- a/docs/reference/gio/gio-sections-common.txt +++ b/docs/reference/gio/gio-sections-common.txt @@ -3718,6 +3718,8 @@ g_tls_certificate_new_from_file g_tls_certificate_new_from_files g_tls_certificate_new_from_pkcs11_uris g_tls_certificate_list_new_from_file +g_tls_certificate_get_dns_names +g_tls_certificate_get_ip_addresses g_tls_certificate_get_issuer g_tls_certificate_get_issuer_name g_tls_certificate_get_not_valid_before diff --git a/gio/gtlscertificate.c b/gio/gtlscertificate.c index 1e01af659..aadc562a6 100644 --- a/gio/gtlscertificate.c +++ b/gio/gtlscertificate.c @@ -67,6 +67,8 @@ enum PROP_NOT_VALID_AFTER, PROP_SUBJECT_NAME, PROP_ISSUER_NAME, + PROP_DNS_NAMES, + PROP_IP_ADDRESSES, }; static void @@ -315,6 +317,38 @@ g_tls_certificate_class_init (GTlsCertificateClass *class) NULL, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS)); + + /** + * GTlsCertificate:dns-names: (nullable) + * + * The DNS names from the certificate's Subject Alternative Names (SANs), + * %NULL if unavailable. + * + * Since: 2.70 + */ + g_object_class_install_property (gobject_class, PROP_DNS_NAMES, + g_param_spec_boxed ("dns-names", + P_("DNS Names"), + P_("DNS Names listed on the cert."), + G_TYPE_PTR_ARRAY, + G_PARAM_READABLE | + G_PARAM_STATIC_STRINGS)); + + /** + * GTlsCertificate:ip-addresses: (nullable) + * + * The IP addresses from the certificate's Subject Alternative Names (SANs), + * %NULL if unavailable. + * + * Since: 2.70 + */ + g_object_class_install_property (gobject_class, PROP_IP_ADDRESSES, + g_param_spec_boxed ("ip-addresses", + P_("IP Addresses"), + P_("IP Addresses listed on the cert."), + G_TYPE_PTR_ARRAY, + G_PARAM_READABLE | + G_PARAM_STATIC_STRINGS)); } static GTlsCertificate * @@ -1033,3 +1067,49 @@ g_tls_certificate_get_issuer_name (GTlsCertificate *cert) return g_steal_pointer (&issuer_name); } + +/** + * g_tls_certificate_get_dns_names: + * @cert: a #GTlsCertificate + * + * Gets the value of #GTlsCertificate:dns-names. + * + * Returns: (nullable) (element-type GBytes) (transfer container): A #GPtrArray of + * #GBytes elements, or %NULL if it's not available. + * + * Since: 2.70 + */ +GPtrArray * +g_tls_certificate_get_dns_names (GTlsCertificate *cert) +{ + GPtrArray *dns_names = NULL; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE (cert), NULL); + + g_object_get (G_OBJECT (cert), "dns-names", &dns_names, NULL); + + return g_steal_pointer (&dns_names); +} + +/** + * g_tls_certificate_get_ip_addresses: + * @cert: a #GTlsCertificate + * + * Gets the value of #GTlsCertificate:ip-addresses. + * + * Returns: (nullable) (element-type GInetAddress) (transfer container): A #GPtrArray + * of #GInetAddress elements, or %NULL if it's not available. + * + * Since: 2.70 + */ +GPtrArray * +g_tls_certificate_get_ip_addresses (GTlsCertificate *cert) +{ + GPtrArray *ip_addresses = NULL; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE (cert), NULL); + + g_object_get (G_OBJECT (cert), "ip-addresses", &ip_addresses, NULL); + + return g_steal_pointer (&ip_addresses); +} diff --git a/gio/gtlscertificate.h b/gio/gtlscertificate.h index 27307d8a2..3b92b97fc 100644 --- a/gio/gtlscertificate.h +++ b/gio/gtlscertificate.h @@ -104,6 +104,12 @@ gchar *g_tls_certificate_get_subject_name (GTlsCertificate GLIB_AVAILABLE_IN_2_70 gchar *g_tls_certificate_get_issuer_name (GTlsCertificate *cert); +GLIB_AVAILABLE_IN_2_70 +GPtrArray *g_tls_certificate_get_dns_names (GTlsCertificate *cert); + +GLIB_AVAILABLE_IN_2_70 +GPtrArray *g_tls_certificate_get_ip_addresses (GTlsCertificate *cert); + G_END_DECLS #endif /* __G_TLS_CERTIFICATE_H__ */ diff --git a/gio/tests/gtesttlsbackend.c b/gio/tests/gtesttlsbackend.c index 869c71673..1e07c1e5e 100644 --- a/gio/tests/gtesttlsbackend.c +++ b/gio/tests/gtesttlsbackend.c @@ -114,6 +114,8 @@ enum PROP_CERT_NOT_VALID_AFTER, PROP_CERT_SUBJECT_NAME, PROP_CERT_ISSUER_NAME, + PROP_CERT_DNS_NAMES, + PROP_CERT_IP_ADDRESSES, }; static void g_test_tls_certificate_initable_iface_init (GInitableIface *iface); @@ -139,6 +141,8 @@ g_test_tls_certificate_get_property (GObject *object, GParamSpec *pspec) { GTestTlsCertificate *cert = (GTestTlsCertificate *) object; + GPtrArray *data = NULL; + const gchar *dns_name = "a.example.com"; switch (prop_id) { @@ -172,6 +176,16 @@ g_test_tls_certificate_get_property (GObject *object, case PROP_CERT_ISSUER_NAME: g_value_set_string (value, "DC=COM,DC=EXAMPLE,OU=Certificate Authority,CN=ca.example.com,emailAddress=ca@example.com"); break; + case PROP_CERT_DNS_NAMES: + data = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref); + g_ptr_array_add (data, g_bytes_new_static (dns_name, strlen (dns_name))); + g_value_take_boxed (value, data); + break; + case PROP_CERT_IP_ADDRESSES: + data = g_ptr_array_new_with_free_func (g_object_unref); + g_ptr_array_add (data, g_inet_address_new_from_string ("192.0.2.1")); + g_value_take_boxed (value, data); + break; default: g_assert_not_reached (); break; @@ -250,6 +264,8 @@ g_test_tls_certificate_class_init (GTestTlsCertificateClass *test_class) g_object_class_override_property (gobject_class, PROP_CERT_NOT_VALID_AFTER, "not-valid-after"); g_object_class_override_property (gobject_class, PROP_CERT_SUBJECT_NAME, "subject-name"); g_object_class_override_property (gobject_class, PROP_CERT_ISSUER_NAME, "issuer-name"); + g_object_class_override_property (gobject_class, PROP_CERT_DNS_NAMES, "dns-names"); + g_object_class_override_property (gobject_class, PROP_CERT_IP_ADDRESSES, "ip-addresses"); } static void diff --git a/gio/tests/tls-certificate.c b/gio/tests/tls-certificate.c index 6f68a5ddb..d0a908530 100644 --- a/gio/tests/tls-certificate.c +++ b/gio/tests/tls-certificate.c @@ -548,6 +548,51 @@ issuer_name (void) g_object_unref (cert); } +static void +dns_names (void) +{ + GTlsCertificate *cert; + GError *error = NULL; + GPtrArray *actual; + const gchar *dns_name = "a.example.com"; + GBytes *expected = g_bytes_new_static (dns_name, strlen (dns_name)); + + cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error); + g_assert_no_error (error); + g_assert_nonnull (cert); + + actual = g_tls_certificate_get_dns_names (cert); + g_assert_nonnull (actual); + g_assert_cmpuint (actual->len, ==, 1); + g_assert_true (g_ptr_array_find_with_equal_func (actual, expected, (GEqualFunc)g_bytes_equal, NULL)); + + g_ptr_array_free (actual, FALSE); + g_bytes_unref (expected); + g_object_unref (cert); +} + +static void +ip_addresses (void) +{ + GTlsCertificate *cert; + GError *error = NULL; + GPtrArray *actual; + GInetAddress *expected = g_inet_address_new_from_string ("192.0.2.1"); + + cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error); + g_assert_no_error (error); + g_assert_nonnull (cert); + + actual = g_tls_certificate_get_ip_addresses (cert); + g_assert_nonnull (actual); + g_assert_cmpuint (actual->len, ==, 1); + g_assert_true (g_ptr_array_find_with_equal_func (actual, expected, (GEqualFunc)g_inet_address_equal, NULL)); + + g_ptr_array_free (actual, TRUE); + g_object_unref (expected); + g_object_unref (cert); +} + int main (int argc, char *argv[]) @@ -626,6 +671,10 @@ main (int argc, subject_name); g_test_add_func ("/tls-certificate/issuer-name", issuer_name); + g_test_add_func ("/tls-certificate/dns-names", + dns_names); + g_test_add_func ("/tls-certificate/ip-addresses", + ip_addresses); g_test_add_func ("/tls-certificate/pem-parser-no-sentinel", pem_parser_no_sentinel); |