TlsCertificate.from_pkcs11_uris
Description:
[ CCode ( has_construct_function = false ) ]
[ Version ( since = "2.68" ) ]
public TlsCertificate.from_pkcs11_uris (string pkcs11_uri, string? private_key_pkcs11_uri) throws Error
[ Version ( since = "2.68" ) ]
public TlsCertificate.from_pkcs11_uris (string pkcs11_uri, string? private_key_pkcs11_uri) throws Error
Creates a TlsCertificate from a PKCS #11 URI.
An example pkcs11_uri would be `pkcs11GTlsCertificate:model
=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=01`
Where the token’s layout is:
Object 0:
URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=private%20key;type=private
Type: Private key (RSA-2048)
ID: 01
Object 1:
URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=Certificate%20for%20Authentication;type=cert
Type: X.509 Certificate (RSA-2048)
ID: 01In this case the certificate and private key would both be detected and used as expected. pkcs_uri may also just reference an
X.509 certificate object and then optionally private_key_pkcs11_uri allows using a private key exposed under a different URI.
Note that the private key is not accessed until usage and may fail or require a PIN later.
Parameters:
| pkcs11_uri |
A PKCS #11 URI |
| private_key_pkcs11_uri |
A PKCS #11 URI |
Returns:
|
the new certificate, or null on error |