1 /* 2 * This file is part of gtkD. 3 * 4 * gtkD is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU Lesser General Public License 6 * as published by the Free Software Foundation; either version 3 7 * of the License, or (at your option) any later version, with 8 * some exceptions, please read the COPYING file. 9 * 10 * gtkD is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public License 16 * along with gtkD; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA 18 */ 19 20 // generated automatically - do not change 21 // find conversion definition on APILookup.txt 22 // implement new conversion functionalities on the wrap.utils pakage 23 24 25 module gio.DtlsConnectionIF; 26 27 private import gio.AsyncResultIF; 28 private import gio.Cancellable; 29 private import gio.TlsCertificate; 30 private import gio.TlsDatabase; 31 private import gio.TlsInteraction; 32 private import gio.c.functions; 33 public import gio.c.types; 34 private import glib.ErrorG; 35 private import glib.GException; 36 private import glib.Str; 37 private import gobject.ObjectG; 38 private import gobject.Signals; 39 public import gtkc.giotypes; 40 private import std.algorithm; 41 42 43 /** 44 * #GDtlsConnection is the base DTLS connection class type, which wraps 45 * a #GDatagramBased and provides DTLS encryption on top of it. Its 46 * subclasses, #GDtlsClientConnection and #GDtlsServerConnection, 47 * implement client-side and server-side DTLS, respectively. 48 * 49 * For TLS support, see #GTlsConnection. 50 * 51 * As DTLS is datagram based, #GDtlsConnection implements #GDatagramBased, 52 * presenting a datagram-socket-like API for the encrypted connection. This 53 * operates over a base datagram connection, which is also a #GDatagramBased 54 * (#GDtlsConnection:base-socket). 55 * 56 * To close a DTLS connection, use g_dtls_connection_close(). 57 * 58 * Neither #GDtlsServerConnection or #GDtlsClientConnection set the peer address 59 * on their base #GDatagramBased if it is a #GSocket — it is up to the caller to 60 * do that if they wish. If they do not, and g_socket_close() is called on the 61 * base socket, the #GDtlsConnection will not raise a %G_IO_ERROR_NOT_CONNECTED 62 * error on further I/O. 63 * 64 * Since: 2.48 65 */ 66 public interface DtlsConnectionIF{ 67 /** Get the main Gtk struct */ 68 public GDtlsConnection* getDtlsConnectionStruct(bool transferOwnership = false); 69 70 /** the main Gtk struct as a void* */ 71 protected void* getStruct(); 72 73 74 /** */ 75 public static GType getType() 76 { 77 return g_dtls_connection_get_type(); 78 } 79 80 /** 81 * Close the DTLS connection. This is equivalent to calling 82 * g_dtls_connection_shutdown() to shut down both sides of the connection. 83 * 84 * Closing a #GDtlsConnection waits for all buffered but untransmitted data to 85 * be sent before it completes. It then sends a `close_notify` DTLS alert to the 86 * peer and may wait for a `close_notify` to be received from the peer. It does 87 * not close the underlying #GDtlsConnection:base-socket; that must be closed 88 * separately. 89 * 90 * Once @conn is closed, all other operations will return %G_IO_ERROR_CLOSED. 91 * Closing a #GDtlsConnection multiple times will not return an error. 92 * 93 * #GDtlsConnections will be automatically closed when the last reference is 94 * dropped, but you might want to call this function to make sure resources are 95 * released as early as possible. 96 * 97 * If @cancellable is cancelled, the #GDtlsConnection may be left 98 * partially-closed and any pending untransmitted data may be lost. Call 99 * g_dtls_connection_close() again to complete closing the #GDtlsConnection. 100 * 101 * Params: 102 * cancellable = a #GCancellable, or %NULL 103 * 104 * Returns: %TRUE on success, %FALSE otherwise 105 * 106 * Since: 2.48 107 * 108 * Throws: GException on failure. 109 */ 110 public bool close(Cancellable cancellable); 111 112 /** 113 * Asynchronously close the DTLS connection. See g_dtls_connection_close() for 114 * more information. 115 * 116 * Params: 117 * ioPriority = the [I/O priority][io-priority] of the request 118 * cancellable = a #GCancellable, or %NULL 119 * callback = callback to call when the close operation is complete 120 * userData = the data to pass to the callback function 121 * 122 * Since: 2.48 123 */ 124 public void closeAsync(int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData); 125 126 /** 127 * Finish an asynchronous TLS close operation. See g_dtls_connection_close() 128 * for more information. 129 * 130 * Params: 131 * result = a #GAsyncResult 132 * 133 * Returns: %TRUE on success, %FALSE on failure, in which 134 * case @error will be set 135 * 136 * Since: 2.48 137 * 138 * Throws: GException on failure. 139 */ 140 public bool closeFinish(AsyncResultIF result); 141 142 /** 143 * Used by #GDtlsConnection implementations to emit the 144 * #GDtlsConnection::accept-certificate signal. 145 * 146 * Params: 147 * peerCert = the peer's #GTlsCertificate 148 * errors = the problems with @peer_cert 149 * 150 * Returns: %TRUE if one of the signal handlers has returned 151 * %TRUE to accept @peer_cert 152 * 153 * Since: 2.48 154 */ 155 public bool emitAcceptCertificate(TlsCertificate peerCert, GTlsCertificateFlags errors); 156 157 /** 158 * Gets @conn's certificate, as set by 159 * g_dtls_connection_set_certificate(). 160 * 161 * Returns: @conn's certificate, or %NULL 162 * 163 * Since: 2.48 164 */ 165 public TlsCertificate getCertificate(); 166 167 /** 168 * Gets the certificate database that @conn uses to verify 169 * peer certificates. See g_dtls_connection_set_database(). 170 * 171 * Returns: the certificate database that @conn uses or %NULL 172 * 173 * Since: 2.48 174 */ 175 public TlsDatabase getDatabase(); 176 177 /** 178 * Get the object that will be used to interact with the user. It will be used 179 * for things like prompting the user for passwords. If %NULL is returned, then 180 * no user interaction will occur for this connection. 181 * 182 * Returns: The interaction object. 183 * 184 * Since: 2.48 185 */ 186 public TlsInteraction getInteraction(); 187 188 /** 189 * Gets the name of the application-layer protocol negotiated during 190 * the handshake. 191 * 192 * If the peer did not use the ALPN extension, or did not advertise a 193 * protocol that matched one of @conn's protocols, or the TLS backend 194 * does not support ALPN, then this will be %NULL. See 195 * g_dtls_connection_set_advertised_protocols(). 196 * 197 * Returns: the negotiated protocol, or %NULL 198 * 199 * Since: 2.60 200 */ 201 public string getNegotiatedProtocol(); 202 203 /** 204 * Gets @conn's peer's certificate after the handshake has completed. 205 * (It is not set during the emission of 206 * #GDtlsConnection::accept-certificate.) 207 * 208 * Returns: @conn's peer's certificate, or %NULL 209 * 210 * Since: 2.48 211 */ 212 public TlsCertificate getPeerCertificate(); 213 214 /** 215 * Gets the errors associated with validating @conn's peer's 216 * certificate, after the handshake has completed. (It is not set 217 * during the emission of #GDtlsConnection::accept-certificate.) 218 * 219 * Returns: @conn's peer's certificate errors 220 * 221 * Since: 2.48 222 */ 223 public GTlsCertificateFlags getPeerCertificateErrors(); 224 225 /** 226 * Gets @conn rehandshaking mode. See 227 * g_dtls_connection_set_rehandshake_mode() for details. 228 * 229 * Deprecated: Changing the rehandshake mode is no longer 230 * required for compatibility. Also, rehandshaking has been removed 231 * from the TLS protocol in TLS 1.3. 232 * 233 * Returns: %G_TLS_REHANDSHAKE_SAFELY 234 * 235 * Since: 2.48 236 */ 237 public GTlsRehandshakeMode getRehandshakeMode(); 238 239 /** 240 * Tests whether or not @conn expects a proper TLS close notification 241 * when the connection is closed. See 242 * g_dtls_connection_set_require_close_notify() for details. 243 * 244 * Returns: %TRUE if @conn requires a proper TLS close notification. 245 * 246 * Since: 2.48 247 */ 248 public bool getRequireCloseNotify(); 249 250 /** 251 * Attempts a TLS handshake on @conn. 252 * 253 * On the client side, it is never necessary to call this method; 254 * although the connection needs to perform a handshake after 255 * connecting, #GDtlsConnection will handle this for you automatically 256 * when you try to send or receive data on the connection. You can call 257 * g_dtls_connection_handshake() manually if you want to know whether 258 * the initial handshake succeeded or failed (as opposed to just 259 * immediately trying to use @conn to read or write, in which case, 260 * if it fails, it may not be possible to tell if it failed before 261 * or after completing the handshake), but beware that servers may reject 262 * client authentication after the handshake has completed, so a 263 * successful handshake does not indicate the connection will be usable. 264 * 265 * Likewise, on the server side, although a handshake is necessary at 266 * the beginning of the communication, you do not need to call this 267 * function explicitly unless you want clearer error reporting. 268 * 269 * Previously, calling g_dtls_connection_handshake() after the initial 270 * handshake would trigger a rehandshake; however, this usage was 271 * deprecated in GLib 2.60 because rehandshaking was removed from the 272 * TLS protocol in TLS 1.3. Since GLib 2.64, calling this function after 273 * the initial handshake will no longer do anything. 274 * 275 * #GDtlsConnection::accept_certificate may be emitted during the 276 * handshake. 277 * 278 * Params: 279 * cancellable = a #GCancellable, or %NULL 280 * 281 * Returns: success or failure 282 * 283 * Since: 2.48 284 * 285 * Throws: GException on failure. 286 */ 287 public bool handshake(Cancellable cancellable); 288 289 /** 290 * Asynchronously performs a TLS handshake on @conn. See 291 * g_dtls_connection_handshake() for more information. 292 * 293 * Params: 294 * ioPriority = the [I/O priority][io-priority] of the request 295 * cancellable = a #GCancellable, or %NULL 296 * callback = callback to call when the handshake is complete 297 * userData = the data to pass to the callback function 298 * 299 * Since: 2.48 300 */ 301 public void handshakeAsync(int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData); 302 303 /** 304 * Finish an asynchronous TLS handshake operation. See 305 * g_dtls_connection_handshake() for more information. 306 * 307 * Params: 308 * result = a #GAsyncResult. 309 * 310 * Returns: %TRUE on success, %FALSE on failure, in which 311 * case @error will be set. 312 * 313 * Since: 2.48 314 * 315 * Throws: GException on failure. 316 */ 317 public bool handshakeFinish(AsyncResultIF result); 318 319 /** 320 * Sets the list of application-layer protocols to advertise that the 321 * caller is willing to speak on this connection. The 322 * Application-Layer Protocol Negotiation (ALPN) extension will be 323 * used to negotiate a compatible protocol with the peer; use 324 * g_dtls_connection_get_negotiated_protocol() to find the negotiated 325 * protocol after the handshake. Specifying %NULL for the the value 326 * of @protocols will disable ALPN negotiation. 327 * 328 * See [IANA TLS ALPN Protocol IDs](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids) 329 * for a list of registered protocol IDs. 330 * 331 * Params: 332 * protocols = a %NULL-terminated 333 * array of ALPN protocol names (eg, "http/1.1", "h2"), or %NULL 334 * 335 * Since: 2.60 336 */ 337 public void setAdvertisedProtocols(string[] protocols); 338 339 /** 340 * This sets the certificate that @conn will present to its peer 341 * during the TLS handshake. For a #GDtlsServerConnection, it is 342 * mandatory to set this, and that will normally be done at construct 343 * time. 344 * 345 * For a #GDtlsClientConnection, this is optional. If a handshake fails 346 * with %G_TLS_ERROR_CERTIFICATE_REQUIRED, that means that the server 347 * requires a certificate, and if you try connecting again, you should 348 * call this method first. You can call 349 * g_dtls_client_connection_get_accepted_cas() on the failed connection 350 * to get a list of Certificate Authorities that the server will 351 * accept certificates from. 352 * 353 * (It is also possible that a server will allow the connection with 354 * or without a certificate; in that case, if you don't provide a 355 * certificate, you can tell that the server requested one by the fact 356 * that g_dtls_client_connection_get_accepted_cas() will return 357 * non-%NULL.) 358 * 359 * Params: 360 * certificate = the certificate to use for @conn 361 * 362 * Since: 2.48 363 */ 364 public void setCertificate(TlsCertificate certificate); 365 366 /** 367 * Sets the certificate database that is used to verify peer certificates. 368 * This is set to the default database by default. See 369 * g_tls_backend_get_default_database(). If set to %NULL, then 370 * peer certificate validation will always set the 371 * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning 372 * #GDtlsConnection::accept-certificate will always be emitted on 373 * client-side connections, unless that bit is not set in 374 * #GDtlsClientConnection:validation-flags). 375 * 376 * Params: 377 * database = a #GTlsDatabase 378 * 379 * Since: 2.48 380 */ 381 public void setDatabase(TlsDatabase database); 382 383 /** 384 * Set the object that will be used to interact with the user. It will be used 385 * for things like prompting the user for passwords. 386 * 387 * The @interaction argument will normally be a derived subclass of 388 * #GTlsInteraction. %NULL can also be provided if no user interaction 389 * should occur for this connection. 390 * 391 * Params: 392 * interaction = an interaction object, or %NULL 393 * 394 * Since: 2.48 395 */ 396 public void setInteraction(TlsInteraction interaction); 397 398 /** 399 * Since GLib 2.64, changing the rehandshake mode is no longer supported 400 * and will have no effect. With TLS 1.3, rehandshaking has been removed from 401 * the TLS protocol, replaced by separate post-handshake authentication and 402 * rekey operations. 403 * 404 * Deprecated: Changing the rehandshake mode is no longer 405 * required for compatibility. Also, rehandshaking has been removed 406 * from the TLS protocol in TLS 1.3. 407 * 408 * Params: 409 * mode = the rehandshaking mode 410 * 411 * Since: 2.48 412 */ 413 public void setRehandshakeMode(GTlsRehandshakeMode mode); 414 415 /** 416 * Sets whether or not @conn expects a proper TLS close notification 417 * before the connection is closed. If this is %TRUE (the default), 418 * then @conn will expect to receive a TLS close notification from its 419 * peer before the connection is closed, and will return a 420 * %G_TLS_ERROR_EOF error if the connection is closed without proper 421 * notification (since this may indicate a network error, or 422 * man-in-the-middle attack). 423 * 424 * In some protocols, the application will know whether or not the 425 * connection was closed cleanly based on application-level data 426 * (because the application-level data includes a length field, or is 427 * somehow self-delimiting); in this case, the close notify is 428 * redundant and may be omitted. You 429 * can use g_dtls_connection_set_require_close_notify() to tell @conn 430 * to allow an "unannounced" connection close, in which case the close 431 * will show up as a 0-length read, as in a non-TLS 432 * #GDatagramBased, and it is up to the application to check that 433 * the data has been fully received. 434 * 435 * Note that this only affects the behavior when the peer closes the 436 * connection; when the application calls g_dtls_connection_close_async() on 437 * @conn itself, this will send a close notification regardless of the 438 * setting of this property. If you explicitly want to do an unclean 439 * close, you can close @conn's #GDtlsConnection:base-socket rather 440 * than closing @conn itself. 441 * 442 * Params: 443 * requireCloseNotify = whether or not to require close notification 444 * 445 * Since: 2.48 446 */ 447 public void setRequireCloseNotify(bool requireCloseNotify); 448 449 /** 450 * Shut down part or all of a DTLS connection. 451 * 452 * If @shutdown_read is %TRUE then the receiving side of the connection is shut 453 * down, and further reading is disallowed. Subsequent calls to 454 * g_datagram_based_receive_messages() will return %G_IO_ERROR_CLOSED. 455 * 456 * If @shutdown_write is %TRUE then the sending side of the connection is shut 457 * down, and further writing is disallowed. Subsequent calls to 458 * g_datagram_based_send_messages() will return %G_IO_ERROR_CLOSED. 459 * 460 * It is allowed for both @shutdown_read and @shutdown_write to be TRUE — this 461 * is equivalent to calling g_dtls_connection_close(). 462 * 463 * If @cancellable is cancelled, the #GDtlsConnection may be left 464 * partially-closed and any pending untransmitted data may be lost. Call 465 * g_dtls_connection_shutdown() again to complete closing the #GDtlsConnection. 466 * 467 * Params: 468 * shutdownRead = %TRUE to stop reception of incoming datagrams 469 * shutdownWrite = %TRUE to stop sending outgoing datagrams 470 * cancellable = a #GCancellable, or %NULL 471 * 472 * Returns: %TRUE on success, %FALSE otherwise 473 * 474 * Since: 2.48 475 * 476 * Throws: GException on failure. 477 */ 478 public bool shutdown(bool shutdownRead, bool shutdownWrite, Cancellable cancellable); 479 480 /** 481 * Asynchronously shut down part or all of the DTLS connection. See 482 * g_dtls_connection_shutdown() for more information. 483 * 484 * Params: 485 * shutdownRead = %TRUE to stop reception of incoming datagrams 486 * shutdownWrite = %TRUE to stop sending outgoing datagrams 487 * ioPriority = the [I/O priority][io-priority] of the request 488 * cancellable = a #GCancellable, or %NULL 489 * callback = callback to call when the shutdown operation is complete 490 * userData = the data to pass to the callback function 491 * 492 * Since: 2.48 493 */ 494 public void shutdownAsync(bool shutdownRead, bool shutdownWrite, int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData); 495 496 /** 497 * Finish an asynchronous TLS shutdown operation. See 498 * g_dtls_connection_shutdown() for more information. 499 * 500 * Params: 501 * result = a #GAsyncResult 502 * 503 * Returns: %TRUE on success, %FALSE on failure, in which 504 * case @error will be set 505 * 506 * Since: 2.48 507 * 508 * Throws: GException on failure. 509 */ 510 public bool shutdownFinish(AsyncResultIF result); 511 512 /** 513 * Emitted during the TLS handshake after the peer certificate has 514 * been received. You can examine @peer_cert's certification path by 515 * calling g_tls_certificate_get_issuer() on it. 516 * 517 * For a client-side connection, @peer_cert is the server's 518 * certificate, and the signal will only be emitted if the 519 * certificate was not acceptable according to @conn's 520 * #GDtlsClientConnection:validation_flags. If you would like the 521 * certificate to be accepted despite @errors, return %TRUE from the 522 * signal handler. Otherwise, if no handler accepts the certificate, 523 * the handshake will fail with %G_TLS_ERROR_BAD_CERTIFICATE. 524 * 525 * For a server-side connection, @peer_cert is the certificate 526 * presented by the client, if this was requested via the server's 527 * #GDtlsServerConnection:authentication_mode. On the server side, 528 * the signal is always emitted when the client presents a 529 * certificate, and the certificate will only be accepted if a 530 * handler returns %TRUE. 531 * 532 * Note that if this signal is emitted as part of asynchronous I/O 533 * in the main thread, then you should not attempt to interact with 534 * the user before returning from the signal handler. If you want to 535 * let the user decide whether or not to accept the certificate, you 536 * would have to return %FALSE from the signal handler on the first 537 * attempt, and then after the connection attempt returns a 538 * %G_TLS_ERROR_BAD_CERTIFICATE, you can interact with the user, and 539 * if the user decides to accept the certificate, remember that fact, 540 * create a new connection, and return %TRUE from the signal handler 541 * the next time. 542 * 543 * If you are doing I/O in another thread, you do not 544 * need to worry about this, and can simply block in the signal 545 * handler until the UI thread returns an answer. 546 * 547 * Params: 548 * peerCert = the peer's #GTlsCertificate 549 * errors = the problems with @peer_cert. 550 * 551 * Returns: %TRUE to accept @peer_cert (which will also 552 * immediately end the signal emission). %FALSE to allow the signal 553 * emission to continue, which will cause the handshake to fail if 554 * no one else overrides it. 555 * 556 * Since: 2.48 557 */ 558 gulong addOnAcceptCertificate(bool delegate(TlsCertificate, GTlsCertificateFlags, DtlsConnectionIF) dlg, ConnectFlags connectFlags=cast(ConnectFlags)0); 559 }