Copyright © 2010 Collabora Limited This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. (as stable API) This object represents a TLS certificate.

The raw data contained in a TLS certificate.

For X.509 certificates (CertificateType = "x509"), this MUST be in DER format, as defined by the X.690 ITU standard.

For PGP certificates (CertificateType = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1 of RFC 4880.

Struct representing one reason why a TLS certificate was rejected.

Since there can be multiple things wrong with a TLS certificate, arrays of this type are used to represent lists of reasons for rejection. In that case, the most important reason SHOULD be placed first in the list.

The value of the TLS_Certificate_Reject_Reason enumeration for this certificate rejection. Clients that do not understand the Error member, which may be implementation-specific, can use this property to classify rejection reasons into common categories.

The DBus error name for this certificate rejection.

This MAY correspond to the value of the Reason member, or MAY be a more specific D-Bus error name, perhaps implementation-specific.

Additional information about why the certificate was rejected. This MAY also include one or more of the following well-known keys:

user-requested (b)

True if the error was due to an user-requested rejection of the certificate; False if there was an unrecoverable error in the verification process.

expected-hostname (s)

If the rejection reason is Hostname_Mismatch, the hostname that the server certificate was expected to have.

certificate-hostname (s)

If the rejection reason is Hostname_Mismatch, the hostname of the certificate that was presented.

For instance, if you try to connect to gmail.com but are presented with a TLS certificate issued to evil.example.org, the error details for Hostname_Mismatch MAY include:

                {
                  'expected-hostname': 'gmail.com',
                  'certificate-hostname': 'evil.example.org',
                }

debug-message (s)

Debugging information on the error, corresponding to the message part of a D-Bus error message, which SHOULD NOT be displayed to users under normal circumstances

The possible states for a TLSCertificate object. The certificate is currently waiting to be accepted or rejected. The certificate has been verified. The certificate has been rejected. Possible reasons to reject a TLS certificate. The certificate has been rejected for another reason not listed in this enumeration. The certificate is not trusted. The certificate is expired. The certificate is not active yet. The certificate provided does not have the expected fingerprint. The hostname certified does not match the provided one. The certificate is self-signed. The certificate has been revoked. The certificate uses an insecure cipher algorithm, or is cryptographically weak. The length in bytes of the certificate, or the depth of the certificate chain exceed the limits imposed by the crypto library. The current state of this certificate. State change notifications happen by means of the Accepted and Rejected signals.

If the State is Rejected, an array of TLS_Certificate_Rejection structures containing the reason why the certificate is rejected.

If the State is not Rejected, this property is not meaningful, and SHOULD be set to an empty array.

The first rejection in the list MAY be assumed to be the most important; if the array contains more than one element, the CM MAY either use the values after the first, or ignore them.

The type of this TLS certificate (e.g. 'x509' or 'pgp').

This property is immutable

One or more TLS certificates forming a trust chain, each encoded as specified by Certificate_Data.

The first certificate in the chain MUST be the server certificate, followed by the issuer's certificate, followed by the issuer's issuer and so on.

The State of this certificate has changed to Accepted. The State of this certificate has changed to Rejected. The new value of the Rejections property. Accepts this certificate, i.e. marks it as verified. Rejects this certificate.

The new value of the Rejections property.

This MUST NOT be an empty array.

Raised when the method is called on an object whose State is not Pending, or when the provided rejection list is empty.