diff options
Diffstat (limited to 'security/manager/ssl/CommonSocketControl.h')
-rw-r--r-- | security/manager/ssl/CommonSocketControl.h | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/security/manager/ssl/CommonSocketControl.h b/security/manager/ssl/CommonSocketControl.h new file mode 100644 index 0000000000..4ff8bd4094 --- /dev/null +++ b/security/manager/ssl/CommonSocketControl.h @@ -0,0 +1,191 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CommonSocketControl_h +#define CommonSocketControl_h + +#include "CertVerifier.h" +#include "TransportSecurityInfo.h" +#include "mozilla/Maybe.h" +#include "mozilla/net/SSLTokensCache.h" +#include "nsIInterfaceRequestor.h" +#include "nsITLSSocketControl.h" +#include "nsSocketTransportService2.h" + +#ifdef DEBUG +# include "prthread.h" +# define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \ + MOZ_ASSERT(mOwningThread == PR_GetCurrentThread()) +#else +# define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \ + do { \ + } while (false) +#endif + +// CommonSocketControl is the base class that implements nsITLSSocketControl. +// Various concrete TLS socket control implementations inherit from this class. +// Currently these implementations consist of NSSSocketControl (a socket +// control for NSS) and QuicSocketControl (a socket control for quic). +// NB: these classes must only be used on the socket thread (the one exception +// being tests that incidentally use CommonSocketControl on the main thread +// (and only the main thread)). This is enforced via the macro +// COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() that should be called at the +// beginning of every function in this class and all subclasses. +class CommonSocketControl : public nsITLSSocketControl { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSITLSSOCKETCONTROL + + CommonSocketControl(const nsCString& aHostName, int32_t aPort, + uint32_t aProviderFlags); + + // Use "errorCode" 0 to indicate success. + virtual void SetCertVerificationResult(PRErrorCode errorCode) { + MOZ_ASSERT_UNREACHABLE("Subclasses must override this."); + } + + const nsACString& GetHostName() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mHostName; + } + int32_t GetPort() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mPort; + } + void SetMadeOCSPRequests(bool aMadeOCSPRequests) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mMadeOCSPRequests = aMadeOCSPRequests; + } + bool GetMadeOCSPRequests() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mMadeOCSPRequests; + } + void SetUsedPrivateDNS(bool aUsedPrivateDNS) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mUsedPrivateDNS = aUsedPrivateDNS; + } + bool GetUsedPrivateDNS() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mUsedPrivateDNS; + } + + void SetServerCert(const nsCOMPtr<nsIX509Cert>& aServerCert, + mozilla::psm::EVStatus aEVStatus); + already_AddRefed<nsIX509Cert> GetServerCert() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return do_AddRef(mServerCert); + } + bool HasServerCert() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mServerCert != nullptr; + } + void SetStatusErrorBits(const nsCOMPtr<nsIX509Cert>& cert, + nsITransportSecurityInfo::OverridableErrorCategory + overridableErrorCategory); + bool HasUserOverriddenCertificateError() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mOverridableErrorCategory.isSome() && + *mOverridableErrorCategory != + nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET; + } + void SetSucceededCertChain(nsTArray<nsTArray<uint8_t>>&& certList); + void SetFailedCertChain(nsTArray<nsTArray<uint8_t>>&& certList); + void SetIsBuiltCertChainRootBuiltInRoot( + bool aIsBuiltCertChainRootBuiltInRoot) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mIsBuiltCertChainRootBuiltInRoot = aIsBuiltCertChainRootBuiltInRoot; + } + void SetCertificateTransparencyStatus( + uint16_t aCertificateTransparencyStatus) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mCertificateTransparencyStatus = aCertificateTransparencyStatus; + } + void SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mOriginAttributes = aOriginAttributes; + } + mozilla::OriginAttributes& GetOriginAttributes() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mOriginAttributes; + } + + void SetSecurityState(uint32_t aSecurityState) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mSecurityState = aSecurityState; + } + void SetResumed(bool aResumed) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mResumed = aResumed; + } + + uint32_t GetProviderFlags() const { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mProviderFlags; + } + void SetSSLVersionUsed(uint16_t version) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mSSLVersionUsed = version; + } + void SetSessionCacheInfo(mozilla::net::SessionCacheInfo&& aInfo) { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + mSessionCacheInfo.reset(); + mSessionCacheInfo.emplace(std::move(aInfo)); + } + void RebuildCertificateInfoFromSSLTokenCache(); + void SetCanceled(PRErrorCode errorCode); + bool IsCanceled() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); + return mCanceled; + } + int32_t GetErrorCode(); + + protected: + virtual ~CommonSocketControl() = default; + + nsCString mHostName; + int32_t mPort; + mozilla::OriginAttributes mOriginAttributes; + + bool mCanceled; + mozilla::Maybe<mozilla::net::SessionCacheInfo> mSessionCacheInfo; + bool mHandshakeCompleted; + bool mJoined; + bool mSentClientCert; + bool mFailedVerification; + uint16_t mSSLVersionUsed; + uint32_t mProviderFlags; + + // Fields used to build a TransportSecurityInfo + uint32_t mSecurityState; + PRErrorCode mErrorCode; + // Peer cert chain for failed connections. + nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain; + nsCOMPtr<nsIX509Cert> mServerCert; + nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain; + mozilla::Maybe<uint16_t> mCipherSuite; + mozilla::Maybe<nsCString> mKeaGroupName; + mozilla::Maybe<nsCString> mSignatureSchemeName; + mozilla::Maybe<uint16_t> mProtocolVersion; + uint16_t mCertificateTransparencyStatus; + mozilla::Maybe<bool> mIsAcceptedEch; + mozilla::Maybe<bool> mIsDelegatedCredential; + mozilla::Maybe<nsITransportSecurityInfo::OverridableErrorCategory> + mOverridableErrorCategory; + bool mMadeOCSPRequests; + bool mUsedPrivateDNS; + mozilla::Maybe<bool> mIsEV; + bool mNPNCompleted; + nsCString mNegotiatedNPN; + bool mResumed; + bool mIsBuiltCertChainRootBuiltInRoot; + nsCString mPeerId; + +#ifdef DEBUG + const PRThread* mOwningThread; +#endif +}; + +#endif // CommonSocketControl_h |