Infinity.CertificateVerify¶

Subclasses:: None

Methods¶

Inherited:: GObject.Object (37)
Structs:: GObject.ObjectClass (5)

class	`new` (xmpp_manager, known_hosts_file)
	`checked` (connection, result)

Virtual Methods¶

Inherited:: GObject.Object (7)

	`do_check_cancelled` (connection)
	`do_check_certificate` (connection, certificate_chain, pinned_certificate, flags)

Properties¶

Name	Type	Flags	Short Description
`known-hosts-file`	`str`	r/w	File containing certificates of known hosts
`xmpp-manager`	`Infinity.XmppManager`	r/w/co	The XMPP manager of registered connections

Signals¶

Inherited:: GObject.Object (1)

Name	Short Description
`check-cancelled`	This signal is emitted when a manual certificate check as initiated with the `Infinity.CertificateVerify` `::check-certificate` signal should be cancelled.
`check-certificate`	This signal is emitted every time a certificate presented by a remote host needs to be checked manually.

Fields¶

Inherited:: GObject.Object (1)

Name	Type	Access	Description
parent	`GObject.Object`	r

Class Details¶

class Infinity.CertificateVerify(**kwargs)¶

Bases:: GObject.Object
Abstract:: No
Structure:: Infinity.CertificateVerifyClass

Infinity.CertificateVerify is an opaque data type. You should only access it via the public API functions.

classmethod new(xmpp_manager, known_hosts_file)¶

Parameters:

xmpp_manager (Infinity.XmppManager) – The Infinity.XmppManager whose Infinity.XmppConnection s to manage the certificates for.
known_hosts_file (str or None) – Path pointing to a file that contains certificates of known hosts, or None.

Returns:

A new Infinity.CertificateVerify.

Return type:

Infinity.CertificateVerify

Creates a new Infinity.CertificateVerify. For each new client-side Infinity.XmppConnection in xmpp_manager, the certificate manager will verify the server’s certificate.

If the certificate is contained in known_hosts_file, or is issued by a trusted CA, then the certificate is accepted automatically. Otherwise, the Infinity.CertificateVerify ::check-certificate signal is emitted for a manual check of the certificate to be performed.

checked(connection, result)¶

Parameters:

connection (Infinity.XmppConnection) – The Infinity.XmppConnection whose certificate has been checked.
result (bool) – True if the certificate of connection should be accepted, or False if it should be rejected.

This function should be called as a response to the Infinity.CertificateVerify ::check-certificate signal being emitted.

do_check_cancelled(connection) virtual¶

Parameters:: connection (Infinity.XmppConnection) –

do_check_certificate(connection, certificate_chain, pinned_certificate, flags) virtual¶

Parameters:

connection (Infinity.XmppConnection) –
certificate_chain (Infinity.CertificateChain) –
pinned_certificate (InfGnutls.X509Crt) –
flags (Infinity.CertificateVerifyFlags) –

Signal Details¶

Infinity.CertificateVerify.signals.check_cancelled(certificate_verify, connection)¶

Signal Name:

check-cancelled

Flags:

RUN_LAST

Parameters:

certificate_verify (Infinity.CertificateVerify) – The object which received the signal
connection (Infinity.XmppConnection) – The connection to the remote host whose certificate is being verified.

This signal is emitted when a manual certificate check as initiated with the Infinity.CertificateVerify ::check-certificate signal should be cancelled. After this signal has been emitted, Infinity.CertificateVerify.checked() should not be called anymore for the specified connection.

This typically happens when the connection to the remote host is lost while the certificate check is in progress.

Infinity.CertificateVerify.signals.check_certificate(certificate_verify, connection, certificate_chain, pinned_certificate, flags)¶

Signal Name:

check-certificate

Flags:

RUN_LAST

Parameters:

certificate_verify (Infinity.CertificateVerify) – The object which received the signal
connection (Infinity.XmppConnection) – The connection to the remote host whose certificate is being verified.
certificate_chain (Infinity.CertificateChain) – The certificate chain presented by the remote host.
pinned_certificate (object or None) – The certificate that we have pinned for this host, or None.
flags (Infinity.CertificateVerifyFlags) – Flags explaining why this certificate needs to be checked.

This signal is emitted every time a certificate presented by a remote host needs to be checked manually. This happens when the issuer of the certificate is not in the list of trusted CAs, or the certificate was issued for a different hostname than we expected. In this case, if the certificate is accepted manually, it will be pinned, so that next time a connection is made to the same host under the same hostname, the certificate is accepted automatically.

Consumers of this class should listen to this signal and call Infinity.CertificateVerify.checked() when they finished the manual certificate check.

The pinned_certificate instance is valid until either Infinity.CertificateVerify.checked() is called or the Infinity.CertificateVerify ::check-cancelled signal is emitted.

Property Details¶

Infinity.CertificateVerify.props.known_hosts_file¶

Name:: known-hosts-file
Type:: str
Default Value:: None
Flags:: READABLE, WRITABLE

File containing certificates of known hosts

Infinity.CertificateVerify.props.xmpp_manager¶

Name:: xmpp-manager
Type:: Infinity.XmppManager
Default Value:: None
Flags:: READABLE, WRITABLE, CONSTRUCT_ONLY

The XMPP manager of registered connections