Gio.TlsCertificate¶

Subclasses:	None

Methods¶

Inherited:	GObject.Object (37)
Structs:	GObject.ObjectClass (5)

class	`list_new_from_file` (file)
class	`new_from_file` (file)
class	`new_from_files` (cert_file, key_file)
class	`new_from_pem` (data, length)
	`get_issuer` ()
	`is_same` (cert_two)
	`verify` (identity, trusted_ca)

Virtual Methods¶

Inherited:	GObject.Object (7)

do_verify (identity, trusted_ca)

Properties¶

Name	Type	Flags	Short Description
`certificate`	`GLib.ByteArray`	r/w/co	The DER representation of the certificate
`certificate-pem`	`str`	r/w/co	The PEM representation of the certificate
`issuer`	`Gio.TlsCertificate`	r/w/co	The certificate for the issuing entity
`private-key`	`GLib.ByteArray`	w/co	The DER representation of the certificate’s private key
`private-key-pem`	`str`	w/co	The PEM representation of the certificate’s private key

Signals¶

Inherited:	GObject.Object (1)

Fields¶

Inherited:	GObject.Object (1)

Name	Type	Access	Description
parent_instance	`GObject.Object`	r

Class Details¶

class Gio.TlsCertificate(**kwargs)¶

Bases:	`GObject.Object`
Abstract:	Yes
Structure:	`Gio.TlsCertificateClass`

A certificate used for TLS authentication and encryption. This can represent either a certificate only (eg, the certificate received by a client from a server), or the combination of a certificate and a private key (which is needed when acting as a Gio.TlsServerConnection).

New in version 2.28.

classmethod list_new_from_file(file)[source]¶

Parameters:	file (`str`) – file containing PEM-encoded certificates to import
Raises:	`GLib.Error`
Returns:	a `GLib.List` containing `Gio.TlsCertificate` objects. You must free the list and its contents when you are done with it.
Return type:	[`Gio.TlsCertificate`]

Creates one or more Gio.TlsCertificates from the PEM-encoded data in file. If file cannot be read or parsed, the function will return None and set error. If file does not contain any PEM-encoded certificates, this will return an empty list and not set error.

New in version 2.28.

classmethod new_from_file(file)[source]¶

Parameters:	file (`str`) – file containing a PEM-encoded certificate to import
Raises:	`GLib.Error`
Returns:	the new certificate, or `None` on error
Return type:	`Gio.TlsCertificate`

Creates a Gio.TlsCertificate from the PEM-encoded data in file. The returned certificate will be the first certificate found in file. As of GLib 2.44, if file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the Gio.TlsCertificate :issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

If file cannot be read or parsed, the function will return None and set error. Otherwise, this behaves like Gio.TlsCertificate.new_from_pem().

New in version 2.28.

classmethod new_from_files(cert_file, key_file)[source]¶

Parameters:	cert_file (`str`) – file containing one or more PEM-encoded certificates to import key_file (`str`) – file containing a PEM-encoded private key to import
Raises:	`GLib.Error`
Returns:	the new certificate, or `None` on error
Return type:	`Gio.TlsCertificate`

Creates a Gio.TlsCertificate from the PEM-encoded data in cert_file and key_file. The returned certificate will be the first certificate found in cert_file. As of GLib 2.44, if cert_file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the Gio.TlsCertificate :issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

If either file cannot be read or parsed, the function will return None and set error. Otherwise, this behaves like Gio.TlsCertificate.new_from_pem().

New in version 2.28.

classmethod new_from_pem(data, length)[source]¶

Parameters:	data (`str`) – PEM-encoded certificate data length (`int`) – the length of data, or -1 if it’s 0-terminated.
Raises:	`GLib.Error`
Returns:	the new certificate, or `None` if data is invalid
Return type:	`Gio.TlsCertificate`

Creates a Gio.TlsCertificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the Gio.TlsCertificate :private-key-pem property for information about supported formats.)

The returned certificate will be the first certificate found in data. As of GLib 2.44, if data contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the Gio.TlsCertificate :issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

New in version 2.28.

get_issuer()[source]¶

Returns:	The certificate of self’s issuer, or `None` if self is self-signed or signed with an unknown certificate.
Return type:	`Gio.TlsCertificate`

Gets the Gio.TlsCertificate representing self’s issuer, if known

New in version 2.28.

is_same(cert_two)[source]¶

Parameters:	cert_two (`Gio.TlsCertificate`) – second certificate to compare
Returns:	whether the same or not
Return type:	`bool`

Check if two Gio.TlsCertificate objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their Gio.TlsCertificate :issuer, Gio.TlsCertificate :private-key, or Gio.TlsCertificate :private-key-pem properties differ.

New in version 2.34.

verify(identity, trusted_ca)[source]¶

Parameters:	identity (`Gio.SocketConnectable` or `None`) – the expected peer identity trusted_ca (`Gio.TlsCertificate` or `None`) – the certificate of a trusted authority
Returns:	the appropriate `Gio.TlsCertificateFlags`
Return type:	`Gio.TlsCertificateFlags`

This verifies self and returns a set of Gio.TlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

If identity is not None, self’s name(s) will be compared against it, and Gio.TlsCertificateFlags.BAD_IDENTITY will be set in the return value if it does not match. If identity is None, that bit will never be set in the return value.

If trusted_ca is not None, then self (or one of the certificates in its chain) must be signed by it, or else Gio.TlsCertificateFlags.UNKNOWN_CA will be set in the return value. If trusted_ca is None, that bit will never be set in the return value.

(All other Gio.TlsCertificateFlags values will always be set or unset as appropriate.)

New in version 2.28.

do_verify(identity, trusted_ca) virtual¶

Parameters:	identity (`Gio.SocketConnectable` or `None`) – the expected peer identity trusted_ca (`Gio.TlsCertificate` or `None`) – the certificate of a trusted authority
Returns:	the appropriate `Gio.TlsCertificateFlags`
Return type:	`Gio.TlsCertificateFlags`

This verifies cert and returns a set of Gio.TlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

If identity is not None, cert’s name(s) will be compared against it, and Gio.TlsCertificateFlags.BAD_IDENTITY will be set in the return value if it does not match. If identity is None, that bit will never be set in the return value.

If trusted_ca is not None, then cert (or one of the certificates in its chain) must be signed by it, or else Gio.TlsCertificateFlags.UNKNOWN_CA will be set in the return value. If trusted_ca is None, that bit will never be set in the return value.

(All other Gio.TlsCertificateFlags values will always be set or unset as appropriate.)

New in version 2.28.

Property Details¶

Gio.TlsCertificate.props.certificate¶

Name:	`certificate`
Type:	`GLib.ByteArray`
Default Value:	`None`
Flags:	`READABLE`, `WRITABLE`, `CONSTRUCT_ONLY`

The DER (binary) encoded representation of the certificate. This property and the Gio.TlsCertificate :certificate-pem property represent the same data, just in different forms.

New in version 2.28.

Gio.TlsCertificate.props.certificate_pem¶

Name:	`certificate-pem`
Type:	`str`
Default Value:	`None`
Flags:	`READABLE`, `WRITABLE`, `CONSTRUCT_ONLY`

The PEM (ASCII) encoded representation of the certificate. This property and the Gio.TlsCertificate :certificate property represent the same data, just in different forms.

New in version 2.28.

Gio.TlsCertificate.props.issuer¶

Name:	`issuer`
Type:	`Gio.TlsCertificate`
Default Value:	`None`
Flags:	`READABLE`, `WRITABLE`, `CONSTRUCT_ONLY`

A Gio.TlsCertificate representing the entity that issued this certificate. If None, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

New in version 2.28.

Gio.TlsCertificate.props.private_key¶

Name:	`private-key`
Type:	`GLib.ByteArray`
Default Value:	`None`
Flags:	`WRITABLE`, `CONSTRUCT_ONLY`

The DER (binary) encoded representation of the certificate’s private key, in either PKCS#1 format or unencrypted PKCS#8 format. This property (or the Gio.TlsCertificate :private-key-pem property) can be set when constructing a key (eg, from a file), but cannot be read.

PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the openssl rsa tool to convert PKCS#8 keys to PKCS#1.

New in version 2.28.

Gio.TlsCertificate.props.private_key_pem¶

Name:	`private-key-pem`
Type:	`str`
Default Value:	`None`
Flags:	`WRITABLE`, `CONSTRUCT_ONLY`

The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS#1 format (”BEGIN RSA PRIVATE KEY”) or unencrypted PKCS#8 format (”BEGIN PRIVATE KEY”). This property (or the Gio.TlsCertificate :private-key property) can be set when constructing a key (eg, from a file), but cannot be read.

PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the openssl rsa tool to convert PKCS#8 keys to PKCS#1.

New in version 2.28.