summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/CommonSocketControl.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/CommonSocketControl.h')
-rw-r--r--security/manager/ssl/CommonSocketControl.h191
1 files changed, 191 insertions, 0 deletions
diff --git a/security/manager/ssl/CommonSocketControl.h b/security/manager/ssl/CommonSocketControl.h
new file mode 100644
index 0000000000..4ff8bd4094
--- /dev/null
+++ b/security/manager/ssl/CommonSocketControl.h
@@ -0,0 +1,191 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CommonSocketControl_h
+#define CommonSocketControl_h
+
+#include "CertVerifier.h"
+#include "TransportSecurityInfo.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/net/SSLTokensCache.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsITLSSocketControl.h"
+#include "nsSocketTransportService2.h"
+
+#ifdef DEBUG
+# include "prthread.h"
+# define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
+ MOZ_ASSERT(mOwningThread == PR_GetCurrentThread())
+#else
+# define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
+ do { \
+ } while (false)
+#endif
+
+// CommonSocketControl is the base class that implements nsITLSSocketControl.
+// Various concrete TLS socket control implementations inherit from this class.
+// Currently these implementations consist of NSSSocketControl (a socket
+// control for NSS) and QuicSocketControl (a socket control for quic).
+// NB: these classes must only be used on the socket thread (the one exception
+// being tests that incidentally use CommonSocketControl on the main thread
+// (and only the main thread)). This is enforced via the macro
+// COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() that should be called at the
+// beginning of every function in this class and all subclasses.
+class CommonSocketControl : public nsITLSSocketControl {
+ public:
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSITLSSOCKETCONTROL
+
+ CommonSocketControl(const nsCString& aHostName, int32_t aPort,
+ uint32_t aProviderFlags);
+
+ // Use "errorCode" 0 to indicate success.
+ virtual void SetCertVerificationResult(PRErrorCode errorCode) {
+ MOZ_ASSERT_UNREACHABLE("Subclasses must override this.");
+ }
+
+ const nsACString& GetHostName() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mHostName;
+ }
+ int32_t GetPort() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mPort;
+ }
+ void SetMadeOCSPRequests(bool aMadeOCSPRequests) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mMadeOCSPRequests = aMadeOCSPRequests;
+ }
+ bool GetMadeOCSPRequests() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mMadeOCSPRequests;
+ }
+ void SetUsedPrivateDNS(bool aUsedPrivateDNS) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mUsedPrivateDNS = aUsedPrivateDNS;
+ }
+ bool GetUsedPrivateDNS() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mUsedPrivateDNS;
+ }
+
+ void SetServerCert(const nsCOMPtr<nsIX509Cert>& aServerCert,
+ mozilla::psm::EVStatus aEVStatus);
+ already_AddRefed<nsIX509Cert> GetServerCert() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return do_AddRef(mServerCert);
+ }
+ bool HasServerCert() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mServerCert != nullptr;
+ }
+ void SetStatusErrorBits(const nsCOMPtr<nsIX509Cert>& cert,
+ nsITransportSecurityInfo::OverridableErrorCategory
+ overridableErrorCategory);
+ bool HasUserOverriddenCertificateError() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mOverridableErrorCategory.isSome() &&
+ *mOverridableErrorCategory !=
+ nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
+ }
+ void SetSucceededCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
+ void SetFailedCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
+ void SetIsBuiltCertChainRootBuiltInRoot(
+ bool aIsBuiltCertChainRootBuiltInRoot) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mIsBuiltCertChainRootBuiltInRoot = aIsBuiltCertChainRootBuiltInRoot;
+ }
+ void SetCertificateTransparencyStatus(
+ uint16_t aCertificateTransparencyStatus) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mCertificateTransparencyStatus = aCertificateTransparencyStatus;
+ }
+ void SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mOriginAttributes = aOriginAttributes;
+ }
+ mozilla::OriginAttributes& GetOriginAttributes() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mOriginAttributes;
+ }
+
+ void SetSecurityState(uint32_t aSecurityState) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mSecurityState = aSecurityState;
+ }
+ void SetResumed(bool aResumed) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mResumed = aResumed;
+ }
+
+ uint32_t GetProviderFlags() const {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mProviderFlags;
+ }
+ void SetSSLVersionUsed(uint16_t version) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mSSLVersionUsed = version;
+ }
+ void SetSessionCacheInfo(mozilla::net::SessionCacheInfo&& aInfo) {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ mSessionCacheInfo.reset();
+ mSessionCacheInfo.emplace(std::move(aInfo));
+ }
+ void RebuildCertificateInfoFromSSLTokenCache();
+ void SetCanceled(PRErrorCode errorCode);
+ bool IsCanceled() {
+ COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+ return mCanceled;
+ }
+ int32_t GetErrorCode();
+
+ protected:
+ virtual ~CommonSocketControl() = default;
+
+ nsCString mHostName;
+ int32_t mPort;
+ mozilla::OriginAttributes mOriginAttributes;
+
+ bool mCanceled;
+ mozilla::Maybe<mozilla::net::SessionCacheInfo> mSessionCacheInfo;
+ bool mHandshakeCompleted;
+ bool mJoined;
+ bool mSentClientCert;
+ bool mFailedVerification;
+ uint16_t mSSLVersionUsed;
+ uint32_t mProviderFlags;
+
+ // Fields used to build a TransportSecurityInfo
+ uint32_t mSecurityState;
+ PRErrorCode mErrorCode;
+ // Peer cert chain for failed connections.
+ nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain;
+ nsCOMPtr<nsIX509Cert> mServerCert;
+ nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
+ mozilla::Maybe<uint16_t> mCipherSuite;
+ mozilla::Maybe<nsCString> mKeaGroupName;
+ mozilla::Maybe<nsCString> mSignatureSchemeName;
+ mozilla::Maybe<uint16_t> mProtocolVersion;
+ uint16_t mCertificateTransparencyStatus;
+ mozilla::Maybe<bool> mIsAcceptedEch;
+ mozilla::Maybe<bool> mIsDelegatedCredential;
+ mozilla::Maybe<nsITransportSecurityInfo::OverridableErrorCategory>
+ mOverridableErrorCategory;
+ bool mMadeOCSPRequests;
+ bool mUsedPrivateDNS;
+ mozilla::Maybe<bool> mIsEV;
+ bool mNPNCompleted;
+ nsCString mNegotiatedNPN;
+ bool mResumed;
+ bool mIsBuiltCertChainRootBuiltInRoot;
+ nsCString mPeerId;
+
+#ifdef DEBUG
+ const PRThread* mOwningThread;
+#endif
+};
+
+#endif // CommonSocketControl_h