diff options
Diffstat (limited to '')
-rw-r--r-- | security/manager/ssl/nsITransportSecurityInfo.idl | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/security/manager/ssl/nsITransportSecurityInfo.idl b/security/manager/ssl/nsITransportSecurityInfo.idl new file mode 100644 index 0000000000..8fe5879e4a --- /dev/null +++ b/security/manager/ssl/nsITransportSecurityInfo.idl @@ -0,0 +1,137 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIObjectOutputStream; +interface nsIX509Cert; + +%{ C++ +namespace IPC { +class MessageWriter; +} +%} + +[ptr] native IpcMessageWriterPtr(IPC::MessageWriter); + +[builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)] +interface nsITransportSecurityInfo : nsISupports { + cenum OverridableErrorCategory : 32 { + ERROR_UNSET, + ERROR_TRUST, + ERROR_DOMAIN, + ERROR_TIME, + }; + + readonly attribute unsigned long securityState; + readonly attribute long errorCode; // PRErrorCode + // errorCode as string (e.g. "SEC_ERROR_UNKNOWN_ISSUER") + readonly attribute AString errorCodeString; + + /** + * The following parameters are only valid after the TLS handshake + * has completed. Check securityState first. + */ + + /** + * If certificate verification failed, this will be the peer certificate + * chain provided in the handshake, so it can be used for error reporting. + * If verification succeeded, this will be empty. + */ + readonly attribute Array<nsIX509Cert> failedCertChain; + + readonly attribute nsIX509Cert serverCert; + readonly attribute Array<nsIX509Cert> succeededCertChain; + + [must_use] + readonly attribute ACString cipherName; + [must_use] + readonly attribute unsigned long keyLength; + [must_use] + readonly attribute unsigned long secretKeyLength; + [must_use] + readonly attribute ACString keaGroupName; + [must_use] + readonly attribute ACString signatureSchemeName; + + const short SSL_VERSION_3 = 0; + const short TLS_VERSION_1 = 1; + const short TLS_VERSION_1_1 = 2; + const short TLS_VERSION_1_2 = 3; + const short TLS_VERSION_1_3 = 4; + [must_use] + readonly attribute unsigned short protocolVersion; + + const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE = 0; + const short CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT = 5; + const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS = 6; + const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS = 7; + [must_use] + readonly attribute unsigned short certificateTransparencyStatus; + + [must_use] + readonly attribute boolean isAcceptedEch; + [must_use] + readonly attribute boolean isDelegatedCredential; + [must_use] + readonly attribute nsITransportSecurityInfo_OverridableErrorCategory overridableErrorCategory; + + /** + * True if OCSP requests were made to query the status of certificates + * used in this connection. + */ + [must_use] + readonly attribute boolean madeOCSPRequests; + + /** + * True if the DNS record used for this connection was fetched over an encrypted connection. + */ + [must_use] + readonly attribute boolean usedPrivateDNS; + + /** + * True only if (and after) serverCert was successfully validated as + * Extended Validation (EV). + */ + [must_use] + readonly attribute boolean isExtendedValidation; + + [notxpcom, noscript] + void SerializeToIPC(in IpcMessageWriterPtr aWriter); + + /** + * Serializes the data represented in this interface to a base64-encoded + * string that can be deserialized using TransportSecurityInfo::Read. + */ + [must_use] + ACString toString(); + + /* negotiatedNPN is '' if no NPN list was provided by the client, + * or if the server did not select any protocol choice from that + * list. That also includes the case where the server does not + * implement NPN. + * + * If negotiatedNPN is read before NPN has progressed to the point + * where this information is available NS_ERROR_NOT_CONNECTED is + * raised. + */ + readonly attribute ACString negotiatedNPN; + + /** + * True iff the connection was resumed using the resumption token. + */ + readonly attribute boolean resumed; + + /** + * True iff the succeededCertChain is built in root. + */ + readonly attribute boolean isBuiltCertChainRootBuiltInRoot; + + /** + * The id used to uniquely identify the connection to the peer. + */ + readonly attribute ACString peerId; +}; |