Gio.TlsCertificate

g GObject.Object GObject.Object Gio.TlsCertificate Gio.TlsCertificate GObject.Object->Gio.TlsCertificate

Subclasses:None

Methods

Inherited:GObject.Object (37)
Structs:GObject.ObjectClass (5)
class list_new_from_file (file)
class new_from_file (file)
class new_from_files (cert_file, key_file)
class new_from_pem (data, length)
  get_issuer ()
  is_same (cert_two)
  verify (identity, trusted_ca)

Virtual Methods

Inherited:GObject.Object (7)
  do_verify (identity, trusted_ca)

Properties

Name Type Flags Short Description
certificate GLib.ByteArray r/w/co The DER representation of the certificate
certificate-pem str r/w/co The PEM representation of the certificate
issuer Gio.TlsCertificate r/w/co The certificate for the issuing entity
private-key GLib.ByteArray w/co The DER representation of the certificate’s private key
private-key-pem str w/co The PEM representation of the certificate’s private key

Signals

Inherited:GObject.Object (1)

Fields

Inherited:GObject.Object (1)
Name Type Access Description
parent_instance GObject.Object r  
priv Gio.TlsCertificatePrivate r  

Class Details

class Gio.TlsCertificate(**kwargs)
Bases:GObject.Object
Abstract:Yes
Structure:Gio.TlsCertificateClass

A certificate used for TLS authentication and encryption. This can represent either a certificate only (eg, the certificate received by a client from a server), or the combination of a certificate and a private key (which is needed when acting as a Gio.TlsServerConnection).

New in version 2.28.

classmethod list_new_from_file(file)[source]
Parameters:file (str) – file containing PEM-encoded certificates to import
Raises:GLib.Error
Returns:a GLib.List containing Gio.TlsCertificate objects. You must free the list and its contents when you are done with it.
Return type:[Gio.TlsCertificate]

Creates one or more Gio.TlsCertificates from the PEM-encoded data in file. If file cannot be read or parsed, the function will return None and set error. If file does not contain any PEM-encoded certificates, this will return an empty list and not set error.

New in version 2.28.

classmethod new_from_file(file)[source]
Parameters:file (str) – file containing a PEM-encoded certificate to import
Raises:GLib.Error
Returns:the new certificate, or None on error
Return type:Gio.TlsCertificate

Creates a Gio.TlsCertificate from the PEM-encoded data in file. The returned certificate will be the first certificate found in file. As of GLib 2.44, if file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the Gio.TlsCertificate :issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

If file cannot be read or parsed, the function will return None and set error. Otherwise, this behaves like Gio.TlsCertificate.new_from_pem().

New in version 2.28.

classmethod new_from_files(cert_file, key_file)[source]
Parameters:
  • cert_file (str) – file containing one or more PEM-encoded certificates to import
  • key_file (str) – file containing a PEM-encoded private key to import
Raises:

GLib.Error

Returns:

the new certificate, or None on error

Return type:

Gio.TlsCertificate

Creates a Gio.TlsCertificate from the PEM-encoded data in cert_file and key_file. The returned certificate will be the first certificate found in cert_file. As of GLib 2.44, if cert_file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the Gio.TlsCertificate :issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

If either file cannot be read or parsed, the function will return None and set error. Otherwise, this behaves like Gio.TlsCertificate.new_from_pem().

New in version 2.28.

classmethod new_from_pem(data, length)[source]
Parameters:
  • data (str) – PEM-encoded certificate data
  • length (int) – the length of data, or -1 if it’s 0-terminated.
Raises:

GLib.Error

Returns:

the new certificate, or None if data is invalid

Return type:

Gio.TlsCertificate

Creates a Gio.TlsCertificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the Gio.TlsCertificate :private-key-pem property for information about supported formats.)

The returned certificate will be the first certificate found in data. As of GLib 2.44, if data contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the Gio.TlsCertificate :issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

New in version 2.28.

get_issuer()[source]
Returns:The certificate of self’s issuer, or None if self is self-signed or signed with an unknown certificate.
Return type:Gio.TlsCertificate

Gets the Gio.TlsCertificate representing self’s issuer, if known

New in version 2.28.

is_same(cert_two)[source]
Parameters:cert_two (Gio.TlsCertificate) – second certificate to compare
Returns:whether the same or not
Return type:bool

Check if two Gio.TlsCertificate objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their Gio.TlsCertificate :issuer, Gio.TlsCertificate :private-key, or Gio.TlsCertificate :private-key-pem properties differ.

New in version 2.34.

verify(identity, trusted_ca)[source]
Parameters:
Returns:

the appropriate Gio.TlsCertificateFlags

Return type:

Gio.TlsCertificateFlags

This verifies self and returns a set of Gio.TlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

If identity is not None, self’s name(s) will be compared against it, and Gio.TlsCertificateFlags.BAD_IDENTITY will be set in the return value if it does not match. If identity is None, that bit will never be set in the return value.

If trusted_ca is not None, then self (or one of the certificates in its chain) must be signed by it, or else Gio.TlsCertificateFlags.UNKNOWN_CA will be set in the return value. If trusted_ca is None, that bit will never be set in the return value.

(All other Gio.TlsCertificateFlags values will always be set or unset as appropriate.)

New in version 2.28.

do_verify(identity, trusted_ca) virtual
Parameters:
Returns:

the appropriate Gio.TlsCertificateFlags

Return type:

Gio.TlsCertificateFlags

This verifies cert and returns a set of Gio.TlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

If identity is not None, cert’s name(s) will be compared against it, and Gio.TlsCertificateFlags.BAD_IDENTITY will be set in the return value if it does not match. If identity is None, that bit will never be set in the return value.

If trusted_ca is not None, then cert (or one of the certificates in its chain) must be signed by it, or else Gio.TlsCertificateFlags.UNKNOWN_CA will be set in the return value. If trusted_ca is None, that bit will never be set in the return value.

(All other Gio.TlsCertificateFlags values will always be set or unset as appropriate.)

New in version 2.28.

Property Details

Gio.TlsCertificate.props.certificate
Name:certificate
Type:GLib.ByteArray
Default Value:None
Flags:READABLE, WRITABLE, CONSTRUCT_ONLY

The DER (binary) encoded representation of the certificate. This property and the Gio.TlsCertificate :certificate-pem property represent the same data, just in different forms.

New in version 2.28.

Gio.TlsCertificate.props.certificate_pem
Name:certificate-pem
Type:str
Default Value:None
Flags:READABLE, WRITABLE, CONSTRUCT_ONLY

The PEM (ASCII) encoded representation of the certificate. This property and the Gio.TlsCertificate :certificate property represent the same data, just in different forms.

New in version 2.28.

Gio.TlsCertificate.props.issuer
Name:issuer
Type:Gio.TlsCertificate
Default Value:None
Flags:READABLE, WRITABLE, CONSTRUCT_ONLY

A Gio.TlsCertificate representing the entity that issued this certificate. If None, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

New in version 2.28.

Gio.TlsCertificate.props.private_key
Name:private-key
Type:GLib.ByteArray
Default Value:None
Flags:WRITABLE, CONSTRUCT_ONLY

The DER (binary) encoded representation of the certificate’s private key, in either PKCS#1 format or unencrypted PKCS#8 format. This property (or the Gio.TlsCertificate :private-key-pem property) can be set when constructing a key (eg, from a file), but cannot be read.

PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the openssl rsa tool to convert PKCS#8 keys to PKCS#1.

New in version 2.28.

Gio.TlsCertificate.props.private_key_pem
Name:private-key-pem
Type:str
Default Value:None
Flags:WRITABLE, CONSTRUCT_ONLY

The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS#1 format (“BEGIN RSA PRIVATE KEY”) or unencrypted PKCS#8 format (“BEGIN PRIVATE KEY”). This property (or the Gio.TlsCertificate :private-key property) can be set when constructing a key (eg, from a file), but cannot be read.

PKCS#8 format is supported since 2.32; earlier releases only support PKCS#1. You can use the openssl rsa tool to convert PKCS#8 keys to PKCS#1.

New in version 2.28.