:right-sidebar: True

Certificate
===================================================================

.. currentmodule:: gi.repository.Gcr





.. class:: Certificate(*args, **kwargs)
   :no-contents-entry:





Implementations: :class:`~gi.repository.Gcr.Pkcs11Certificate`, :class:`~gi.repository.Gcr.SimpleCertificate`


An interface that represents an X.509 certificate.

Objects can implement this interface to make a certificate usable with the
GCR library.

Various methods are available to parse out relevant bits of the certificate.
However no verification of the validity of a certificate is done here. Use
your favorite crypto library to do this.

You can use :obj:`~gi.repository.Gcr.SimpleCertificate` to simply load a certificate for which
you already have the raw certificate data.

The :obj:`~gi.repository.Gcr.Certificate` interface has several properties that must be implemented.
You can use a mixin to implement these properties if desired. See the
:func:`~gi.repository.Gcr.Certificate.mixin_class_init` and :func:`~gi.repository.Gcr.Certificate.mixin_get_property`
functions.




Methods
-------

.. rst-class:: interim-class

.. class:: Certificate
   :no-index:


   .. method:: get_basic_constraints() -> ~typing.Tuple[bool, bool, int]

      Get the basic constraints for the certificate if present. If :const:`False` is
      returned then no basic constraints are present and the ``is_ca`` and
      ``path_len`` arguments are not changed.









   .. method:: get_der_data() -> list[int]

      Gets the raw DER data for an X.509 certificate.









   .. method:: get_expiry_date() -> ~gi.repository.GLib.DateTime | None

      Get the expiry date of this certificate.









   .. method:: get_fingerprint(type: ~gi.repository.GLib.ChecksumType) -> list[int] | None

      Calculate the fingerprint for this certificate.

      The caller should free the returned data using :func:`~gi.repository.GLib.free` when
      it is no longer required.






      :param type: the type of algorithm for the fingerprint.




   .. method:: get_fingerprint_hex(type: ~gi.repository.GLib.ChecksumType) -> str | None

      Calculate the fingerprint for this certificate, and return it
      as a hex string.

      The caller should free the returned data using :func:`~gi.repository.GLib.free` when
      it is no longer required.






      :param type: the type of algorithm for the fingerprint.




   .. method:: get_interface_elements() -> list[~gi.repository.Gcr.CertificateSection]

      Get the list of sections from the certificate that can be shown to the user
      interface.









   .. method:: get_issued_date() -> ~gi.repository.GLib.DateTime | None

      Get the issued date of this certificate.









   .. method:: get_issuer_cn() -> str | None

      Get the common name of the issuer of this certificate.

      The string returned should be freed by the caller when no longer
      required.









   .. method:: get_issuer_dn() -> str | None

      Get the full issuer DN of the certificate as a (mostly)
      readable string.

      The string returned should be freed by the caller when no longer
      required.









   .. method:: get_issuer_name() -> str | None

      Get a name to represent the issuer of this certificate.

      This will try to lookup the common name, orianizational unit,
      organization in that order.









   .. method:: get_issuer_part(part: str) -> str | None

      Get a part of the DN of the issuer of this certificate.

      Examples of a ``part`` might be the 'OU' (organizational unit)
      or the 'CN' (common name). Only the value of that part
      of the DN is returned.

      The string returned should be freed by the caller when no longer
      required.






      :param part: a DN type string or OID.




   .. method:: get_issuer_raw() -> list[int] | None

      Get the raw DER data for the issuer DN of the certificate.

      The data should be freed by using :func:`~gi.repository.GLib.free` when no longer required.









   .. method:: get_key_size() -> int

      Get the key size in bits of the public key represented
      by this certificate.









   .. method:: get_serial_number() -> list[int] | None

      Get the raw binary serial number of the certificate.

      The caller should free the returned data using :func:`~gi.repository.GLib.free` when
      it is no longer required.









   .. method:: get_serial_number_hex() -> str | None

      Get the serial number of the certificate as a hex string.

      The caller should free the returned data using :func:`~gi.repository.GLib.free` when
      it is no longer required.









   .. method:: get_subject_cn() -> str | None

      Get the common name of the subject of this certificate.

      The string returned should be freed by the caller when no longer
      required.









   .. method:: get_subject_dn() -> str | None

      Get the full subject DN of the certificate as a (mostly)
      readable string.

      The string returned should be freed by the caller when no longer
      required.









   .. method:: get_subject_name() -> str | None

      Get a name to represent the subject of this certificate.

      This will try to lookup the common name, orianizational unit,
      organization in that order.









   .. method:: get_subject_part(part: str) -> str | None

      Get a part of the DN of the subject of this certificate.

      Examples of a ``part`` might be the 'OU' (organizational unit)
      or the 'CN' (common name). Only the value of that part
      of the DN is returned.

      The string returned should be freed by the caller when no longer
      required.






      :param part: a DN type string or OID.




   .. method:: get_subject_raw() -> list[int] | None

      Get the raw DER data for the subject DN of the certificate.

      The data should be freed by using :func:`~gi.repository.GLib.free` when no longer required.









   .. method:: get_version() -> int

      Get the version of the X.509 certificate.









   .. method:: is_issuer(issuer: ~gi.repository.Gcr.Certificate) -> bool

      Check if ``issuer`` could be the issuer of this certificate. This is done by
      comparing the relevant subject and issuer fields. No signature check is
      done. Proper verification of certificates must be done via a crypto
      library.






      :param issuer: a possible issuer :obj:`~gi.repository.Gcr.Certificate`




   .. method:: mixin_emit_notify() -> None

      Implementers of the :obj:`~gi.repository.Gcr.Certificate` mixin should call this function to notify
      when the certificate has changed to emit notifications on the various
      properties.













Properties
----------

.. rst-class:: interim-class

.. class:: Certificate
   :no-index:
   

   .. attribute:: props.description
      :type: str

      The type of the None singleton.







   .. attribute:: props.expiry_date
      :type: ~gi.repository.GLib.DateTime

      The type of the None singleton.







   .. attribute:: props.issuer_name
      :type: str

      The type of the None singleton.







   .. attribute:: props.label
      :type: str

      The type of the None singleton.







   .. attribute:: props.subject_name
      :type: str

      The type of the None singleton.













Virtual Methods
---------------

.. rst-class:: interim-class

.. class:: Certificate
   :no-index:
   

   .. method:: do_get_der_data() -> list[int]

      Gets the raw DER data for an X.509 certificate.