1 /*
2  * This file is part of gtkD.
3  *
4  * gtkD is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU Lesser General Public License
6  * as published by the Free Software Foundation; either version 3
7  * of the License, or (at your option) any later version, with
8  * some exceptions, please read the COPYING file.
9  *
10  * gtkD is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public License
16  * along with gtkD; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
18  */
19  
20 // generated automatically - do not change
21 // find conversion definition on APILookup.txt
22 // implement new conversion functionalities on the wrap.utils pakage
23 
24 /*
25  * Conversion parameters:
26  * inFile  = GTlsConnection.html
27  * outPack = gio
28  * outFile = TlsConnection
29  * strct   = GTlsConnection
30  * realStrct=
31  * ctorStrct=GIOStream
32  * clss    = TlsConnection
33  * interf  = 
34  * class Code: No
35  * interface Code: No
36  * template for:
37  * extend  = 
38  * implements:
39  * prefixes:
40  * 	- g_tls_connection_
41  * omit structs:
42  * omit prefixes:
43  * omit code:
44  * omit signals:
45  * imports:
46  * 	- glib.Str
47  * 	- glib.ErrorG
48  * 	- glib.GException
49  * 	- gio.AsyncResultIF
50  * 	- gio.Cancellable
51  * 	- gio.TlsCertificate
52  * 	- gio.TlsDatabase
53  * 	- gio.TlsInteraction
54  * structWrap:
55  * 	- GCancellable* -> Cancellable
56  * 	- GTlsCertificate* -> TlsCertificate
57  * 	- GTlsDatabase* -> TlsDatabase
58  * 	- GTlsInteraction* -> TlsInteraction
59  * module aliases:
60  * local aliases:
61  * overrides:
62  */
63 
64 module gio.TlsConnection;
65 
66 public  import gtkc.giotypes;
67 
68 private import gtkc.gio;
69 private import glib.ConstructionException;
70 private import gobject.ObjectG;
71 
72 private import gobject.Signals;
73 public  import gtkc.gdktypes;
74 
75 private import glib.Str;
76 private import glib.ErrorG;
77 private import glib.GException;
78 private import gio.AsyncResultIF;
79 private import gio.Cancellable;
80 private import gio.TlsCertificate;
81 private import gio.TlsDatabase;
82 private import gio.TlsInteraction;
83 
84 
85 
86 private import gio.IOStream;
87 
88 /**
89  * GTlsConnection is the base TLS connection class type, which wraps
90  * a GIOStream and provides TLS encryption on top of it. Its
91  * subclasses, GTlsClientConnection and GTlsServerConnection,
92  * implement client-side and server-side TLS, respectively.
93  */
94 public class TlsConnection : IOStream
95 {
96 	
97 	/** the main Gtk struct */
98 	protected GTlsConnection* gTlsConnection;
99 	
100 	
101 	public GTlsConnection* getTlsConnectionStruct()
102 	{
103 		return gTlsConnection;
104 	}
105 	
106 	
107 	/** the main Gtk struct as a void* */
108 	protected override void* getStruct()
109 	{
110 		return cast(void*)gTlsConnection;
111 	}
112 	
113 	/**
114 	 * Sets our main struct and passes it to the parent class
115 	 */
116 	public this (GTlsConnection* gTlsConnection)
117 	{
118 		super(cast(GIOStream*)gTlsConnection);
119 		this.gTlsConnection = gTlsConnection;
120 	}
121 	
122 	protected override void setStruct(GObject* obj)
123 	{
124 		super.setStruct(obj);
125 		gTlsConnection = cast(GTlsConnection*)obj;
126 	}
127 	
128 	/**
129 	 */
130 	int[string] connectedSignals;
131 	
132 	bool delegate(TlsCertificate, GTlsCertificateFlags, TlsConnection)[] onAcceptCertificateListeners;
133 	/**
134 	 * Emitted during the TLS handshake after the peer certificate has
135 	 * been received. You can examine peer_cert's certification path by
136 	 * calling g_tls_certificate_get_issuer() on it.
137 	 * For a client-side connection, peer_cert is the server's
138 	 * certificate, and the signal will only be emitted if the
139 	 * certificate was not acceptable according to conn's
140 	 * "validation_flags". If you would like the
141 	 * certificate to be accepted despite errors, return TRUE from the
142 	 * signal handler. Otherwise, if no handler accepts the certificate,
143 	 * the handshake will fail with G_TLS_ERROR_BAD_CERTIFICATE.
144 	 * For a server-side connection, peer_cert is the certificate
145 	 * presented by the client, if this was requested via the server's
146 	 * "authentication_mode". On the server side,
147 	 * the signal is always emitted when the client presents a
148 	 * certificate, and the certificate will only be accepted if a
149 	 * handler returns TRUE.
150 	 * Note that if this signal is emitted as part of asynchronous I/O
151 	 * in the main thread, then you should not attempt to interact with
152 	 * the user before returning from the signal handler. If you want to
153 	 * let the user decide whether or not to accept the certificate, you
154 	 * would have to return FALSE from the signal handler on the first
155 	 * attempt, and then after the connection attempt returns a
156 	 * G_TLS_ERROR_HANDSHAKE, you can interact with the user, and if
157 	 * the user decides to accept the certificate, remember that fact,
158 	 * create a new connection, and return TRUE from the signal handler
159 	 * the next time.
160 	 * If you are doing I/O in another thread, you do not
161 	 * need to worry about this, and can simply block in the signal
162 	 * handler until the UI thread returns an answer.
163 	 * TRUE to accept peer_cert (which will also
164 	 * immediately end the signal emission). FALSE to allow the signal
165 	 * emission to continue, which will cause the handshake to fail if
166 	 * no one else overrides it.
167 	 * Since 2.28
168 	 */
169 	void addOnAcceptCertificate(bool delegate(TlsCertificate, GTlsCertificateFlags, TlsConnection) dlg, ConnectFlags connectFlags=cast(ConnectFlags)0)
170 	{
171 		if ( !("accept-certificate" in connectedSignals) )
172 		{
173 			Signals.connectData(
174 			getStruct(),
175 			"accept-certificate",
176 			cast(GCallback)&callBackAcceptCertificate,
177 			cast(void*)this,
178 			null,
179 			connectFlags);
180 			connectedSignals["accept-certificate"] = 1;
181 		}
182 		onAcceptCertificateListeners ~= dlg;
183 	}
184 	extern(C) static gboolean callBackAcceptCertificate(GTlsConnection* connStruct, GTlsCertificate* peerCert, GTlsCertificateFlags errors, TlsConnection _tlsConnection)
185 	{
186 		foreach ( bool delegate(TlsCertificate, GTlsCertificateFlags, TlsConnection) dlg ; _tlsConnection.onAcceptCertificateListeners )
187 		{
188 			if ( dlg(ObjectG.getDObject!(TlsCertificate)(peerCert), errors, _tlsConnection) )
189 			{
190 				return 1;
191 			}
192 		}
193 		
194 		return 0;
195 	}
196 	
197 	
198 	/**
199 	 * This sets the certificate that conn will present to its peer
200 	 * during the TLS handshake. For a GTlsServerConnection, it is
201 	 * mandatory to set this, and that will normally be done at construct
202 	 * time.
203 	 * For a GTlsClientConnection, this is optional. If a handshake fails
204 	 * with G_TLS_ERROR_CERTIFICATE_REQUIRED, that means that the server
205 	 * requires a certificate, and if you try connecting again, you should
206 	 * call this method first. You can call
207 	 * g_tls_client_connection_get_accepted_cas() on the failed connection
208 	 * to get a list of Certificate Authorities that the server will
209 	 * accept certificates from.
210 	 * (It is also possible that a server will allow the connection with
211 	 * or without a certificate; in that case, if you don't provide a
212 	 * certificate, you can tell that the server requested one by the fact
213 	 * that g_tls_client_connection_get_accepted_cas() will return
214 	 * non-NULL.)
215 	 * Since 2.28
216 	 * Params:
217 	 * certificate = the certificate to use for conn
218 	 */
219 	public void setCertificate(TlsCertificate certificate)
220 	{
221 		// void g_tls_connection_set_certificate (GTlsConnection *conn,  GTlsCertificate *certificate);
222 		g_tls_connection_set_certificate(gTlsConnection, (certificate is null) ? null : certificate.getTlsCertificateStruct());
223 	}
224 	
225 	/**
226 	 * Gets conn's certificate, as set by
227 	 * g_tls_connection_set_certificate().
228 	 * Since 2.28
229 	 * Returns: conn's certificate, or NULL. [transfer none]
230 	 */
231 	public TlsCertificate getCertificate()
232 	{
233 		// GTlsCertificate * g_tls_connection_get_certificate (GTlsConnection *conn);
234 		auto p = g_tls_connection_get_certificate(gTlsConnection);
235 		
236 		if(p is null)
237 		{
238 			return null;
239 		}
240 		
241 		return ObjectG.getDObject!(TlsCertificate)(cast(GTlsCertificate*) p);
242 	}
243 	
244 	/**
245 	 * Gets conn's peer's certificate after the handshake has completed.
246 	 * (It is not set during the emission of
247 	 * "accept-certificate".)
248 	 * Since 2.28
249 	 * Returns: conn's peer's certificate, or NULL. [transfer none]
250 	 */
251 	public TlsCertificate getPeerCertificate()
252 	{
253 		// GTlsCertificate * g_tls_connection_get_peer_certificate  (GTlsConnection *conn);
254 		auto p = g_tls_connection_get_peer_certificate(gTlsConnection);
255 		
256 		if(p is null)
257 		{
258 			return null;
259 		}
260 		
261 		return ObjectG.getDObject!(TlsCertificate)(cast(GTlsCertificate*) p);
262 	}
263 	
264 	/**
265 	 * Gets the errors associated with validating conn's peer's
266 	 * certificate, after the handshake has completed. (It is not set
267 	 * during the emission of "accept-certificate".)
268 	 * Since 2.28
269 	 * Returns: conn's peer's certificate errors
270 	 */
271 	public GTlsCertificateFlags getPeerCertificateErrors()
272 	{
273 		// GTlsCertificateFlags g_tls_connection_get_peer_certificate_errors  (GTlsConnection *conn);
274 		return g_tls_connection_get_peer_certificate_errors(gTlsConnection);
275 	}
276 	
277 	/**
278 	 * Sets whether or not conn expects a proper TLS close notification
279 	 * before the connection is closed. If this is TRUE (the default),
280 	 * then conn will expect to receive a TLS close notification from its
281 	 * peer before the connection is closed, and will return a
282 	 * G_TLS_ERROR_EOF error if the connection is closed without proper
283 	 * notification (since this may indicate a network error, or
284 	 * man-in-the-middle attack).
285 	 * In some protocols, the application will know whether or not the
286 	 * connection was closed cleanly based on application-level data
287 	 * (because the application-level data includes a length field, or is
288 	 * somehow self-delimiting); in this case, the close notify is
289 	 * redundant and sometimes omitted. (TLS 1.1 explicitly allows this;
290 	 * in TLS 1.0 it is technically an error, but often done anyway.) You
291 	 * can use g_tls_connection_set_require_close_notify() to tell conn
292 	 * to allow an "unannounced" connection close, in which case the close
293 	 * will show up as a 0-length read, as in a non-TLS
294 	 * GSocketConnection, and it is up to the application to check that
295 	 * the data has been fully received.
296 	 * Note that this only affects the behavior when the peer closes the
297 	 * connection; when the application calls g_io_stream_close() itself
298 	 * on conn, this will send a close notification regardless of the
299 	 * setting of this property. If you explicitly want to do an unclean
300 	 * close, you can close conn's "base-io-stream" rather
301 	 * than closing conn itself.
302 	 * Since 2.28
303 	 * Params:
304 	 * requireCloseNotify = whether or not to require close notification
305 	 */
306 	public void setRequireCloseNotify(int requireCloseNotify)
307 	{
308 		// void g_tls_connection_set_require_close_notify  (GTlsConnection *conn,  gboolean require_close_notify);
309 		g_tls_connection_set_require_close_notify(gTlsConnection, requireCloseNotify);
310 	}
311 	
312 	/**
313 	 * Tests whether or not conn expects a proper TLS close notification
314 	 * when the connection is closed. See
315 	 * g_tls_connection_set_require_close_notify() for details.
316 	 * Since 2.28
317 	 * Returns: TRUE if conn requires a proper TLS close notification.
318 	 */
319 	public int getRequireCloseNotify()
320 	{
321 		// gboolean g_tls_connection_get_require_close_notify  (GTlsConnection *conn);
322 		return g_tls_connection_get_require_close_notify(gTlsConnection);
323 	}
324 	
325 	/**
326 	 * Sets how conn behaves with respect to rehandshaking requests.
327 	 * G_TLS_REHANDSHAKE_NEVER means that it will never agree to
328 	 * rehandshake after the initial handshake is complete. (For a client,
329 	 * this means it will refuse rehandshake requests from the server, and
330 	 * for a server, this means it will close the connection with an error
331 	 * if the client attempts to rehandshake.)
332 	 * G_TLS_REHANDSHAKE_SAFELY means that the connection will allow a
333 	 * rehandshake only if the other end of the connection supports the
334 	 * TLS renegotiation_info extension. This is the
335 	 * default behavior, but means that rehandshaking will not work
336 	 * against older implementations that do not support that extension.
337 	 * G_TLS_REHANDSHAKE_UNSAFELY means that the connection will allow
338 	 * rehandshaking even without the
339 	 * renegotiation_info extension. On the server side
340 	 * in particular, this is not recommended, since it leaves the server
341 	 * open to certain attacks. However, this mode is necessary if you
342 	 * need to allow renegotiation with older client software.
343 	 * Since 2.28
344 	 * Params:
345 	 * mode = the rehandshaking mode
346 	 */
347 	public void setRehandshakeMode(GTlsRehandshakeMode mode)
348 	{
349 		// void g_tls_connection_set_rehandshake_mode  (GTlsConnection *conn,  GTlsRehandshakeMode mode);
350 		g_tls_connection_set_rehandshake_mode(gTlsConnection, mode);
351 	}
352 	
353 	/**
354 	 * Gets conn rehandshaking mode. See
355 	 * g_tls_connection_set_rehandshake_mode() for details.
356 	 * Since 2.28
357 	 * Returns: conn's rehandshaking mode
358 	 */
359 	public GTlsRehandshakeMode getRehandshakeMode()
360 	{
361 		// GTlsRehandshakeMode g_tls_connection_get_rehandshake_mode  (GTlsConnection *conn);
362 		return g_tls_connection_get_rehandshake_mode(gTlsConnection);
363 	}
364 	
365 	/**
366 	 * Warning
367 	 * g_tls_connection_set_use_system_certdb has been deprecated since version 2.30 and should not be used in newly-written code. Use g_tls_connection_set_database() instead
368 	 * Sets whether conn uses the system certificate database to verify
369 	 * peer certificates. This is TRUE by default. If set to FALSE, then
370 	 * peer certificate validation will always set the
371 	 * G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
372 	 * "accept-certificate" will always be emitted on
373 	 * client-side connections, unless that bit is not set in
374 	 * "validation-flags").
375 	 * Params:
376 	 * useSystemCertdb = whether to use the system certificate database
377 	 */
378 	public void setUseSystemCertdb(int useSystemCertdb)
379 	{
380 		// void g_tls_connection_set_use_system_certdb  (GTlsConnection *conn,  gboolean use_system_certdb);
381 		g_tls_connection_set_use_system_certdb(gTlsConnection, useSystemCertdb);
382 	}
383 	
384 	/**
385 	 * Warning
386 	 * g_tls_connection_get_use_system_certdb has been deprecated since version 2.30 and should not be used in newly-written code. Use g_tls_connection_get_database() instead
387 	 * Gets whether conn uses the system certificate database to verify
388 	 * peer certificates. See g_tls_connection_set_use_system_certdb().
389 	 * Returns: whether conn uses the system certificate database
390 	 */
391 	public int getUseSystemCertdb()
392 	{
393 		// gboolean g_tls_connection_get_use_system_certdb  (GTlsConnection *conn);
394 		return g_tls_connection_get_use_system_certdb(gTlsConnection);
395 	}
396 	
397 	/**
398 	 * Gets the certificate database that conn uses to verify
399 	 * peer certificates. See g_tls_connection_set_database().
400 	 * Since 2.30
401 	 * Returns: the certificate database that conn uses or NULL. [transfer none]
402 	 */
403 	public TlsDatabase getDatabase()
404 	{
405 		// GTlsDatabase * g_tls_connection_get_database (GTlsConnection *conn);
406 		auto p = g_tls_connection_get_database(gTlsConnection);
407 		
408 		if(p is null)
409 		{
410 			return null;
411 		}
412 		
413 		return ObjectG.getDObject!(TlsDatabase)(cast(GTlsDatabase*) p);
414 	}
415 	
416 	/**
417 	 * Sets the certificate database that is used to verify peer certificates.
418 	 * This is set to the default database by default. See
419 	 * g_tls_backend_get_default_database(). If set to NULL, then
420 	 * peer certificate validation will always set the
421 	 * G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
422 	 * "accept-certificate" will always be emitted on
423 	 * client-side connections, unless that bit is not set in
424 	 * "validation-flags").
425 	 * Since 2.30
426 	 * Params:
427 	 * database = a GTlsDatabase
428 	 */
429 	public void setDatabase(TlsDatabase database)
430 	{
431 		// void g_tls_connection_set_database (GTlsConnection *conn,  GTlsDatabase *database);
432 		g_tls_connection_set_database(gTlsConnection, (database is null) ? null : database.getTlsDatabaseStruct());
433 	}
434 	
435 	/**
436 	 * Get the object that will be used to interact with the user. It will be used
437 	 * for things like prompting the user for passwords. If NULL is returned, then
438 	 * no user interaction will occur for this connection.
439 	 * Since 2.30
440 	 * Returns: The interaction object. [transfer none]
441 	 */
442 	public TlsInteraction getInteraction()
443 	{
444 		// GTlsInteraction * g_tls_connection_get_interaction (GTlsConnection *conn);
445 		auto p = g_tls_connection_get_interaction(gTlsConnection);
446 		
447 		if(p is null)
448 		{
449 			return null;
450 		}
451 		
452 		return ObjectG.getDObject!(TlsInteraction)(cast(GTlsInteraction*) p);
453 	}
454 	
455 	/**
456 	 * Set the object that will be used to interact with the user. It will be used
457 	 * for things like prompting the user for passwords.
458 	 * The interaction argument will normally be a derived subclass of
459 	 * GTlsInteraction. NULL can also be provided if no user interaction
460 	 * should occur for this connection.
461 	 * Since 2.30
462 	 * Params:
463 	 * interaction = an interaction object, or NULL. [allow-none]
464 	 */
465 	public void setInteraction(TlsInteraction interaction)
466 	{
467 		// void g_tls_connection_set_interaction (GTlsConnection *conn,  GTlsInteraction *interaction);
468 		g_tls_connection_set_interaction(gTlsConnection, (interaction is null) ? null : interaction.getTlsInteractionStruct());
469 	}
470 	
471 	/**
472 	 * Attempts a TLS handshake on conn.
473 	 * On the client side, it is never necessary to call this method;
474 	 * although the connection needs to perform a handshake after
475 	 * connecting (or after sending a "STARTTLS"-type command) and may
476 	 * need to rehandshake later if the server requests it,
477 	 * GTlsConnection will handle this for you automatically when you try
478 	 * to send or receive data on the connection. However, you can call
479 	 * g_tls_connection_handshake() manually if you want to know for sure
480 	 * whether the initial handshake succeeded or failed (as opposed to
481 	 * just immediately trying to write to conn's output stream, in which
482 	 * case if it fails, it may not be possible to tell if it failed
483 	 * before or after completing the handshake).
484 	 * Likewise, on the server side, although a handshake is necessary at
485 	 * the beginning of the communication, you do not need to call this
486 	 * function explicitly unless you want clearer error reporting.
487 	 * However, you may call g_tls_connection_handshake() later on to
488 	 * renegotiate parameters (encryption methods, etc) with the client.
489 	 * "accept_certificate" may be emitted during the
490 	 * handshake.
491 	 * Since 2.28
492 	 * Params:
493 	 * cancellable = a GCancellable, or NULL. [allow-none]
494 	 * Returns: success or failure
495 	 * Throws: GException on failure.
496 	 */
497 	public int handshake(Cancellable cancellable)
498 	{
499 		// gboolean g_tls_connection_handshake (GTlsConnection *conn,  GCancellable *cancellable,  GError **error);
500 		GError* err = null;
501 		
502 		auto p = g_tls_connection_handshake(gTlsConnection, (cancellable is null) ? null : cancellable.getCancellableStruct(), &err);
503 		
504 		if (err !is null)
505 		{
506 			throw new GException( new ErrorG(err) );
507 		}
508 		
509 		return p;
510 	}
511 	
512 	/**
513 	 * Asynchronously performs a TLS handshake on conn. See
514 	 * g_tls_connection_handshake() for more information.
515 	 * Since 2.28
516 	 * Params:
517 	 * ioPriority = the I/O priority
518 	 * of the request.
519 	 * cancellable = a GCancellable, or NULL. [allow-none]
520 	 * callback = callback to call when the handshake is complete
521 	 * userData = the data to pass to the callback function
522 	 */
523 	public void handshakeAsync(int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData)
524 	{
525 		// void g_tls_connection_handshake_async (GTlsConnection *conn,  int io_priority,  GCancellable *cancellable,  GAsyncReadyCallback callback,  gpointer user_data);
526 		g_tls_connection_handshake_async(gTlsConnection, ioPriority, (cancellable is null) ? null : cancellable.getCancellableStruct(), callback, userData);
527 	}
528 	
529 	/**
530 	 * Finish an asynchronous TLS handshake operation. See
531 	 * g_tls_connection_handshake() for more information.
532 	 * Since 2.28
533 	 * Params:
534 	 * result = a GAsyncResult.
535 	 * Returns: TRUE on success, FALSE on failure, in which case error will be set.
536 	 * Throws: GException on failure.
537 	 */
538 	public int handshakeFinish(GAsyncResult* result)
539 	{
540 		// gboolean g_tls_connection_handshake_finish (GTlsConnection *conn,  GAsyncResult *result,  GError **error);
541 		GError* err = null;
542 		
543 		auto p = g_tls_connection_handshake_finish(gTlsConnection, result, &err);
544 		
545 		if (err !is null)
546 		{
547 			throw new GException( new ErrorG(err) );
548 		}
549 		
550 		return p;
551 	}
552 	
553 	/**
554 	 * Used by GTlsConnection implementations to emit the
555 	 * "accept-certificate" signal.
556 	 * Since 2.28
557 	 * Params:
558 	 * peerCert = the peer's GTlsCertificate
559 	 * errors = the problems with peer_cert
560 	 * Returns: TRUE if one of the signal handlers has returned TRUE to accept peer_cert
561 	 */
562 	public int emitAcceptCertificate(TlsCertificate peerCert, GTlsCertificateFlags errors)
563 	{
564 		// gboolean g_tls_connection_emit_accept_certificate  (GTlsConnection *conn,  GTlsCertificate *peer_cert,  GTlsCertificateFlags errors);
565 		return g_tls_connection_emit_accept_certificate(gTlsConnection, (peerCert is null) ? null : peerCert.getTlsCertificateStruct(), errors);
566 	}
567 }