diff options
author | Stef Walter <stefw@collabora.co.uk> | 2010-12-11 03:07:32 +0000 |
---|---|---|
committer | Stef Walter <stefw@collabora.co.uk> | 2010-12-11 03:07:32 +0000 |
commit | e6a42ba58e703d44f9272dfa53faad2eca2cdd08 (patch) | |
tree | 6afa87c6cacb0dffb92083e19606edf085bb5826 /gcr/gcr-certificate-chain.c | |
parent | 03d5d5c022e398e5dc4c5e0f22cc5d7d55943482 (diff) | |
download | gcr-e6a42ba58e703d44f9272dfa53faad2eca2cdd08.tar.gz |
[gcr] Certificate chain has a 'status' not a 'type'
This makes things clearer. Also add enum and flags types for
certificate chain stuff.
Diffstat (limited to 'gcr/gcr-certificate-chain.c')
-rw-r--r-- | gcr/gcr-certificate-chain.c | 122 |
1 files changed, 81 insertions, 41 deletions
diff --git a/gcr/gcr-certificate-chain.c b/gcr/gcr-certificate-chain.c index 39a3e0c..d0b2d0d 100644 --- a/gcr/gcr-certificate-chain.c +++ b/gcr/gcr-certificate-chain.c @@ -58,20 +58,20 @@ * found, then the chain is considered built. Any extra certificates are * removed from the chain. * - * Once the certificate chain has been built, you can access its type - * through gcr_certificate_chain_get_chain_type(). The type signifies whether + * Once the certificate chain has been built, you can access its status + * through gcr_certificate_chain_get_status(). The status signifies whether * the chain is anchored on a trust root, self-signed, incomplete etc. See - * #GcrCertificateChainType for information on the various types. + * #GcrCertificateChainStatus for information on the various statuses. * * It's important to understand that the building of a certificate chain is * merely the first step towards verifying trust in a certificate. */ /** - * GcrCertificateChainType: - * @GCR_CERTIFICATE_CHAIN_UNKNOWN: The certificate chain's type is unknown. - * When a chain is not yet built it has this type. If a chain is modified after - * being built, it has this type. + * GcrCertificateChainStatus: + * @GCR_CERTIFICATE_CHAIN_UNKNOWN: The certificate chain's status is unknown. + * When a chain is not yet built it has this status. If a chain is modified after + * being built, it has this status. * @GCR_CERTIFICATE_CHAIN_INCOMPLETE: A full chain could not be loaded. The * chain does not end with a self-signed certificate, a trusted anchor, or a * pinned certificate. @@ -83,7 +83,7 @@ * pinned certificate is an exception which trusts a given certificate * explicitly for a purpose and communication with a certain peer. * - * The type of a built certificate chain. Will be set to + * The status of a built certificate chain. Will be set to * %GCR_CERTIFICATE_CHAIN_UNKNOWN for certificate chains that have not been * built. */ @@ -100,13 +100,13 @@ enum { PROP_0, - PROP_TYPE, + PROP_STATUS, PROP_LENGTH, }; struct _GcrCertificateChainPrivate { GPtrArray *certificates; - GcrCertificateChainType type; + GcrCertificateChainStatus status; /* Used in build operation */ gchar *purpose; @@ -158,7 +158,7 @@ prep_chain_private (GcrCertificateChainPrivate *orig, const gchar *purpose, g_ptr_array_add (pv->certificates, g_object_ref (certificate)); } - pv->type = orig->type; + pv->status = orig->status; pv->purpose = g_strdup (purpose); pv->peer = g_strdup (peer); pv->flags = flags; @@ -238,7 +238,7 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable, g_assert (pv); g_assert (pv->certificates); - pv->type = GCR_CERTIFICATE_CHAIN_UNKNOWN; + pv->status = GCR_CERTIFICATE_CHAIN_UNKNOWN; lookups = !((pv->flags & GCR_CERTIFICATE_CHAIN_FLAG_NO_LOOKUPS) == GCR_CERTIFICATE_CHAIN_FLAG_NO_LOOKUPS); /* This chain is built */ @@ -261,7 +261,7 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable, */ if (ret) { g_ptr_array_set_size (pv->certificates, 1); - pv->type = GCR_CERTIFICATE_CHAIN_PINNED; + pv->status = GCR_CERTIFICATE_CHAIN_PINNED; return TRUE; } } @@ -269,11 +269,11 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable, length = 1; /* The first certificate is always unconditionally in the chain */ - while (pv->type == GCR_CERTIFICATE_CHAIN_UNKNOWN) { + while (pv->status == GCR_CERTIFICATE_CHAIN_UNKNOWN) { /* Stop the chain if previous was self-signed */ if (gcr_certificate_is_issuer (certificate, certificate)) { - pv->type = GCR_CERTIFICATE_CHAIN_SELFSIGNED; + pv->status = GCR_CERTIFICATE_CHAIN_SELFSIGNED; break; } @@ -299,7 +299,7 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable, /* Stop the chain if nothing found */ if (certificate == NULL) { - pv->type = GCR_CERTIFICATE_CHAIN_INCOMPLETE; + pv->status = GCR_CERTIFICATE_CHAIN_INCOMPLETE; break; } @@ -316,7 +316,7 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable, /* Stop the chain at the first anchor */ } else if (ret) { - pv->type = GCR_CERTIFICATE_CHAIN_ANCHORED; + pv->status = GCR_CERTIFICATE_CHAIN_ANCHORED; break; } } @@ -360,7 +360,7 @@ gcr_certificate_chain_dispose (GObject *obj) GcrCertificateChain *self = GCR_CERTIFICATE_CHAIN (obj); g_ptr_array_set_size (self->pv->certificates, 0); - self->pv->type = GCR_CERTIFICATE_CHAIN_UNKNOWN; + self->pv->status = GCR_CERTIFICATE_CHAIN_UNKNOWN; G_OBJECT_CLASS (gcr_certificate_chain_parent_class)->dispose (obj); } @@ -383,8 +383,8 @@ gcr_certificate_chain_get_property (GObject *obj, guint prop_id, GValue *value, GcrCertificateChain *self = GCR_CERTIFICATE_CHAIN (obj); switch (prop_id) { - case PROP_TYPE: - g_value_set_uint (value, gcr_certificate_chain_get_chain_type (self)); + case PROP_STATUS: + g_value_set_enum (value, gcr_certificate_chain_get_status (self)); break; case PROP_LENGTH: g_value_set_uint (value, gcr_certificate_chain_get_length (self)); @@ -407,13 +407,13 @@ gcr_certificate_chain_class_init (GcrCertificateChainClass *klass) gobject_class->get_property = gcr_certificate_chain_get_property; /** - * GcrCertificateChain:type: + * GcrCertificateChain:status: * - * The certificate chain type. See #GcrCertificateChainType + * The certificate chain status. See #GcrCertificateChainStatus */ - g_object_class_install_property (gobject_class, PROP_TYPE, - g_param_spec_uint ("type", "Type", "Type of certificate chain", - 0, _GCR_CERTIFICATE_CHAIN_TYPE_MAX, + g_object_class_install_property (gobject_class, PROP_STATUS, + g_param_spec_enum ("status", "Status", "Status of certificate chain", + GCR_TYPE_CERTIFICATE_CHAIN_STATUS, GCR_CERTIFICATE_CHAIN_UNKNOWN, G_PARAM_READABLE)); /** @@ -433,6 +433,46 @@ gcr_certificate_chain_class_init (GcrCertificateChainClass *klass) * PUBLIC */ +GType +gcr_certificate_chain_status_get_type (void) +{ + static volatile gsize initialized = 0; + static GType type = 0; + static const GEnumValue values[] = { + { GCR_CERTIFICATE_CHAIN_UNKNOWN, "GCR_CERTIFICATE_CHAIN_UNKNOWN", "unknown" }, + { GCR_CERTIFICATE_CHAIN_INCOMPLETE, "GCR_CERTIFICATE_CHAIN_INCOMPLETE", "incomplete" }, + { GCR_CERTIFICATE_CHAIN_SELFSIGNED, "GCR_CERTIFICATE_CHAIN_SELFSIGNED", "self-signed" }, + { GCR_CERTIFICATE_CHAIN_PINNED, "GCR_CERTIFICATE_CHAIN_PINNED", "pinned" }, + { GCR_CERTIFICATE_CHAIN_ANCHORED, "GCR_CERTIFICATE_CHAIN_ANCHORED", "anchored" }, + { 0, NULL, NULL } + }; + + if (g_once_init_enter (&initialized)) { + type = g_enum_register_static ("GcrCertificateChainStatus", values); + g_once_init_leave (&initialized, 1); + } + + return type; +} + +GType +gcr_certificate_chain_flags_get_type (void) +{ + static volatile gsize initialized = 0; + static GType type = 0; + static const GFlagsValue values[] = { + { GCR_CERTIFICATE_CHAIN_FLAG_NO_LOOKUPS, "GCR_CERTIFICATE_CHAIN_FLAG_NO_LOOKUPS", "no-lookups" }, + { 0, NULL, NULL } + }; + + if (g_once_init_enter (&initialized)) { + type = g_flags_register_static ("GcrCertificateChainFlags", values); + g_once_init_leave (&initialized, 1); + } + + return type; +} + /** * gcr_certificate_chain_new: * @@ -466,36 +506,36 @@ gcr_certificate_chain_add (GcrCertificateChain *self, GcrCertificate *certificat g_return_if_fail (GCR_IS_CERTIFICATE_CHAIN (self)); g_return_if_fail (GCR_IS_CERTIFICATE (certificate)); g_ptr_array_add (self->pv->certificates, g_object_ref (certificate)); - self->pv->type = GCR_CERTIFICATE_CHAIN_UNKNOWN; - g_object_notify (G_OBJECT (self), "type"); + self->pv->status = GCR_CERTIFICATE_CHAIN_UNKNOWN; + g_object_notify (G_OBJECT (self), "status"); g_object_notify (G_OBJECT (self), "length"); } /** - * gcr_certificate_chain_get_chain_type: + * gcr_certificate_chain_get_status: * @self: the #GcrCertificateChain * - * Get the type of a certificate chain. If the certificate chain has not - * been built, then the type will be %GCR_CERTIFICATE_CHAIN_UNKNOWN. + * Get the status of a certificate chain. If the certificate chain has not + * been built, then the status will be %GCR_CERTIFICATE_CHAIN_UNKNOWN. * - * A type of %GCR_CERTIFICATE_CHAIN_ANCHORED does not mean that the + * A status of %GCR_CERTIFICATE_CHAIN_ANCHORED does not mean that the * certificate chain has been verified, but merely that an anchor has been * found. * - * Returns: the type of the certificate chain. + * Returns: the status of the certificate chain. */ -GcrCertificateChainType -gcr_certificate_chain_get_chain_type (GcrCertificateChain *self) +GcrCertificateChainStatus +gcr_certificate_chain_get_status (GcrCertificateChain *self) { g_return_val_if_fail (GCR_IS_CERTIFICATE_CHAIN (self), GCR_CERTIFICATE_CHAIN_UNKNOWN); - return self->pv->type; + return self->pv->status; } /** * gcr_certificate_chain_get_anchor: * @self: the #GcrCertificateChain * - * If the certificate chain has been built and is of type + * If the certificate chain has been built and is of status * %GCR_CERTIFICATE_CHAIN_ANCHORED, then this will return the anchor * certificate that was found. This is not necessarily a root certificate * authority. If an intermediate certificate authority in the chain was @@ -510,7 +550,7 @@ GcrCertificate* gcr_certificate_chain_get_anchor (GcrCertificateChain *self) { g_return_val_if_fail (GCR_IS_CERTIFICATE_CHAIN (self), NULL); - if (self->pv->type != GCR_CERTIFICATE_CHAIN_ANCHORED) + if (self->pv->status != GCR_CERTIFICATE_CHAIN_ANCHORED) return NULL; g_assert (self->pv->certificates->len > 0); return GCR_CERTIFICATE (g_ptr_array_index (self->pv->certificates, @@ -578,7 +618,7 @@ gcr_certificate_chain_get_certificate (GcrCertificateChain *self, guint index) * @error: a #GError or %NULL * * Complete a certificate chain. Once a certificate chain has been built - * its type can be examined. + * its status can be examined. * * This operation will lookup missing certificates in PKCS\#11 * modules and also that each certificate in the chain is the signer of the @@ -627,7 +667,7 @@ gcr_certificate_chain_build (GcrCertificateChain *self, const gchar *purpose, if (ret) { free_chain_private (self->pv); self->pv = cleanup_chain_private (pv); - g_object_notify (G_OBJECT (self), "type"); + g_object_notify (G_OBJECT (self), "status"); g_object_notify (G_OBJECT (self), "length"); } @@ -645,7 +685,7 @@ gcr_certificate_chain_build (GcrCertificateChain *self, const gchar *purpose, * @user_data: data to pass to the callback * * Complete a certificate chain. Once a certificate chain has been built - * its type can be examined. + * its status can be examined. * * This will lookup missing certificates in PKCS\#11 * modules and also that each certificate in the chain is the signer of the @@ -729,7 +769,7 @@ gcr_certificate_chain_build_finish (GcrCertificateChain *self, GAsyncResult *res free_chain_private (self->pv); self->pv = cleanup_chain_private (pv); - g_object_notify (G_OBJECT (self), "type"); + g_object_notify (G_OBJECT (self), "status"); g_object_notify (G_OBJECT (self), "length"); return TRUE; } |