Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / net / ssl / ssl_info.h
blob154c4a0e901bbfd8b60e73b99e35e6297c8f8e96
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_SSL_INFO_H_
6 #define NET_SSL_SSL_INFO_H_
8 #include <vector>
10 #include "base/memory/ref_counted.h"
11 #include "net/base/net_export.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/cert/sct_status_flags.h"
14 #include "net/cert/x509_cert_types.h"
15 #include "net/ssl/signed_certificate_timestamp_and_status.h"
17 class Pickle;
18 class PickleIterator;
20 namespace net {
22 class X509Certificate;
24 // SSL connection info.
25 // This is really a struct. All members are public.
26 class NET_EXPORT SSLInfo {
27 public:
28 // HandshakeType enumerates the possible resumption cases after an SSL
29 // handshake.
30 enum HandshakeType {
31 HANDSHAKE_UNKNOWN = 0,
32 HANDSHAKE_RESUME, // we resumed a previous session.
33 HANDSHAKE_FULL, // we negotiated a new session.
36 SSLInfo();
37 SSLInfo(const SSLInfo& info);
38 ~SSLInfo();
39 SSLInfo& operator=(const SSLInfo& info);
41 void Reset();
43 bool is_valid() const { return cert.get() != NULL; }
45 // Adds the specified |error| to the cert status.
46 void SetCertError(int error);
48 // The SSL certificate.
49 scoped_refptr<X509Certificate> cert;
51 // Bitmask of status info of |cert|, representing, for example, known errors
52 // and extended validation (EV) status.
53 // See cert_status_flags.h for values.
54 CertStatus cert_status;
56 // The security strength, in bits, of the SSL cipher suite.
57 // 0 means the connection is not encrypted.
58 // -1 means the security strength is unknown.
59 int security_bits;
61 // Information about the SSL connection itself. See
62 // ssl_connection_status_flags.h for values. The protocol version,
63 // ciphersuite, and compression in use are encoded within.
64 int connection_status;
66 // If the certificate is valid, then this is true iff it was rooted at a
67 // standard CA root. (As opposed to a user-installed root.)
68 bool is_issued_by_known_root;
70 // True if a client certificate was sent to the server. Note that sending
71 // a Certificate message with no client certificate in it does not count.
72 bool client_cert_sent;
74 // True if a channel ID was sent to the server.
75 bool channel_id_sent;
77 HandshakeType handshake_type;
79 // The hashes, in several algorithms, of the SubjectPublicKeyInfos from
80 // each certificate in the chain.
81 HashValueVector public_key_hashes;
83 // pinning_failure_log contains a message produced by
84 // TransportSecurityState::DomainState::CheckPublicKeyPins in the event of a
85 // pinning failure. It is a (somewhat) human-readable string.
86 std::string pinning_failure_log;
88 // List of SignedCertificateTimestamps and their corresponding validation
89 // status.
90 SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
93 } // namespace net
95 #endif // NET_SSL_SSL_INFO_H_