/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef TransportSecurityInfo_h #define TransportSecurityInfo_h #include "CertVerifier.h" // For CertificateTransparencyInfo, EVStatus #include "ScopedNSSTypes.h" #include "mozilla/Assertions.h" #include "mozilla/BasePrincipal.h" #include "mozilla/Components.h" #include "mozilla/Maybe.h" #include "mozilla/RefPtr.h" #include "mozilla/ipc/TransportSecurityInfoUtils.h" #include "mozpkix/pkixtypes.h" #include "nsIObjectInputStream.h" #include "nsITransportSecurityInfo.h" #include "nsIX509Cert.h" #include "nsString.h" namespace mozilla { namespace psm { // TransportSecurityInfo implements nsITransportSecurityInfo, which is a // collection of attributes describing the outcome of a TLS handshake. It is // constant - once created, it cannot be modified. It should probably not be // instantiated directly, but rather accessed via // nsITLSSocketControl.securityInfo. class TransportSecurityInfo : public nsITransportSecurityInfo { public: TransportSecurityInfo( uint32_t aSecurityState, PRErrorCode aErrorCode, nsTArray>&& aFailedCertChain, nsCOMPtr& aServerCert, nsTArray>&& aSucceededCertChain, Maybe aCipherSuite, Maybe aKeaGroupName, Maybe aSignatureSchemeName, Maybe aProtocolVersion, uint16_t aCertificateTransparencyStatus, Maybe aIsAcceptedEch, Maybe aIsDelegatedCredential, Maybe aOverridableErrorCategory, bool aMadeOCSPRequests, bool aUsedPrivateDNS, Maybe aIsEV, bool aNPNCompleted, const nsCString& aNegotiatedNPN, bool aResumed, bool aIsBuiltCertChainRootBuiltInRoot, const nsCString& aPeerId); NS_DECL_THREADSAFE_ISUPPORTS NS_DECL_NSITRANSPORTSECURITYINFO static bool DeserializeFromIPC(IPC::MessageReader* aReader, RefPtr* aResult); static nsresult Read(const nsCString& aSerializedSecurityInfo, nsITransportSecurityInfo** aResult); static uint16_t ConvertCertificateTransparencyInfoToStatus( const mozilla::psm::CertificateTransparencyInfo& info); private: virtual ~TransportSecurityInfo() = default; const uint32_t mSecurityState; const PRErrorCode mErrorCode; // Peer cert chain for failed connections. const nsTArray> mFailedCertChain; const nsCOMPtr mServerCert; const nsTArray> mSucceededCertChain; const mozilla::Maybe mCipherSuite; const mozilla::Maybe mKeaGroupName; const mozilla::Maybe mSignatureSchemeName; const mozilla::Maybe mProtocolVersion; const uint16_t mCertificateTransparencyStatus; const mozilla::Maybe mIsAcceptedEch; const mozilla::Maybe mIsDelegatedCredential; const mozilla::Maybe mOverridableErrorCategory; const bool mMadeOCSPRequests; const bool mUsedPrivateDNS; const mozilla::Maybe mIsEV; const bool mNPNCompleted; const nsCString mNegotiatedNPN; const bool mResumed; const bool mIsBuiltCertChainRootBuiltInRoot; const nsCString mPeerId; static nsresult ReadOldOverridableErrorBits( nsIObjectInputStream* aStream, OverridableErrorCategory& aOverridableErrorCategory); static nsresult ReadSSLStatus( nsIObjectInputStream* aStream, nsCOMPtr& aServerCert, Maybe& aCipherSuite, Maybe& aProtocolVersion, Maybe& aOverridableErrorCategory, Maybe& aIsEV, uint16_t& aCertificateTransparencyStatus, Maybe& aKeaGroupName, Maybe& aSignatureSchemeName, nsTArray>& aSucceededCertChain); // This function is used to read the binary that are serialized // by using nsIX509CertList static nsresult ReadCertList(nsIObjectInputStream* aStream, nsTArray>& aCertList); static nsresult ReadCertificatesFromStream( nsIObjectInputStream* aStream, uint32_t aSize, nsTArray>& aCertList); }; } // namespace psm } // namespace mozilla #endif // TransportSecurityInfo_h