/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef TransportSecurityInfo_h #define TransportSecurityInfo_h #include "CertVerifier.h" // For CertificateTransparencyInfo, EVStatus #include "ScopedNSSTypes.h" #include "mozilla/Assertions.h" #include "mozilla/BasePrincipal.h" #include "mozilla/Components.h" #include "mozilla/Maybe.h" #include "mozilla/RefPtr.h" #include "mozilla/ipc/TransportSecurityInfoUtils.h" #include "mozpkix/pkixtypes.h" #include "nsIObjectInputStream.h" #include "nsITransportSecurityInfo.h" #include "nsIX509Cert.h" #include "nsString.h" namespace mozilla { namespace psm { // TransportSecurityInfo implements nsITransportSecurityInfo, which is a // collection of attributes describing the outcome of a TLS handshake. It is // constant - once created, it cannot be modified. It should probably not be // instantiated directly, but rather accessed via // nsITLSSocketControl.securityInfo. class TransportSecurityInfo : public nsITransportSecurityInfo { public: TransportSecurityInfo( uint32_t aSecurityState, PRErrorCode aErrorCode, nsTArray<RefPtr<nsIX509Cert>>&& aFailedCertChain, nsCOMPtr<nsIX509Cert>& aServerCert, nsTArray<RefPtr<nsIX509Cert>>&& aSucceededCertChain, Maybe<uint16_t> aCipherSuite, Maybe<nsCString> aKeaGroupName, Maybe<nsCString> aSignatureSchemeName, Maybe<uint16_t> aProtocolVersion, uint16_t aCertificateTransparencyStatus, Maybe<bool> aIsAcceptedEch, Maybe<bool> aIsDelegatedCredential, Maybe<OverridableErrorCategory> aOverridableErrorCategory, bool aMadeOCSPRequests, bool aUsedPrivateDNS, Maybe<bool> aIsEV, bool aNPNCompleted, const nsCString& aNegotiatedNPN, bool aResumed, bool aIsBuiltCertChainRootBuiltInRoot, const nsCString& aPeerId); NS_DECL_THREADSAFE_ISUPPORTS NS_DECL_NSITRANSPORTSECURITYINFO static bool DeserializeFromIPC(IPC::MessageReader* aReader, RefPtr<nsITransportSecurityInfo>* aResult); static nsresult Read(const nsCString& aSerializedSecurityInfo, nsITransportSecurityInfo** aResult); static uint16_t ConvertCertificateTransparencyInfoToStatus( const mozilla::psm::CertificateTransparencyInfo& info); private: virtual ~TransportSecurityInfo() = default; const uint32_t mSecurityState; const PRErrorCode mErrorCode; // Peer cert chain for failed connections. const nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain; const nsCOMPtr<nsIX509Cert> mServerCert; const nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain; const mozilla::Maybe<uint16_t> mCipherSuite; const mozilla::Maybe<nsCString> mKeaGroupName; const mozilla::Maybe<nsCString> mSignatureSchemeName; const mozilla::Maybe<uint16_t> mProtocolVersion; const uint16_t mCertificateTransparencyStatus; const mozilla::Maybe<bool> mIsAcceptedEch; const mozilla::Maybe<bool> mIsDelegatedCredential; const mozilla::Maybe<OverridableErrorCategory> mOverridableErrorCategory; const bool mMadeOCSPRequests; const bool mUsedPrivateDNS; const mozilla::Maybe<bool> mIsEV; const bool mNPNCompleted; const nsCString mNegotiatedNPN; const bool mResumed; const bool mIsBuiltCertChainRootBuiltInRoot; const nsCString mPeerId; static nsresult ReadOldOverridableErrorBits( nsIObjectInputStream* aStream, OverridableErrorCategory& aOverridableErrorCategory); static nsresult ReadSSLStatus( nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert, Maybe<uint16_t>& aCipherSuite, Maybe<uint16_t>& aProtocolVersion, Maybe<OverridableErrorCategory>& aOverridableErrorCategory, Maybe<bool>& aIsEV, uint16_t& aCertificateTransparencyStatus, Maybe<nsCString>& aKeaGroupName, Maybe<nsCString>& aSignatureSchemeName, nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain); // This function is used to read the binary that are serialized // by using nsIX509CertList static nsresult ReadCertList(nsIObjectInputStream* aStream, nsTArray<RefPtr<nsIX509Cert>>& aCertList); static nsresult ReadCertificatesFromStream( nsIObjectInputStream* aStream, uint32_t aSize, nsTArray<RefPtr<nsIX509Cert>>& aCertList); }; } // namespace psm } // namespace mozilla #endif // TransportSecurityInfo_h