1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_SSL_INFO_H_
6 #define NET_SSL_SSL_INFO_H_
10 #include "base/memory/ref_counted.h"
11 #include "net/base/net_export.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/cert/sct_status_flags.h"
14 #include "net/cert/x509_cert_types.h"
15 #include "net/ssl/signed_certificate_timestamp_and_status.h"
22 class X509Certificate
;
24 // SSL connection info.
25 // This is really a struct. All members are public.
26 class NET_EXPORT SSLInfo
{
28 // HandshakeType enumerates the possible resumption cases after an SSL
31 HANDSHAKE_UNKNOWN
= 0,
32 HANDSHAKE_RESUME
, // we resumed a previous session.
33 HANDSHAKE_FULL
, // we negotiated a new session.
37 SSLInfo(const SSLInfo
& info
);
39 SSLInfo
& operator=(const SSLInfo
& info
);
43 bool is_valid() const { return cert
.get() != NULL
; }
45 // Adds the specified |error| to the cert status.
46 void SetCertError(int error
);
48 // The SSL certificate.
49 scoped_refptr
<X509Certificate
> cert
;
51 // Bitmask of status info of |cert|, representing, for example, known errors
52 // and extended validation (EV) status.
53 // See cert_status_flags.h for values.
54 CertStatus cert_status
;
56 // The security strength, in bits, of the SSL cipher suite.
57 // 0 means the connection is not encrypted.
58 // -1 means the security strength is unknown.
61 // Information about the SSL connection itself. See
62 // ssl_connection_status_flags.h for values. The protocol version,
63 // ciphersuite, and compression in use are encoded within.
64 int connection_status
;
66 // If the certificate is valid, then this is true iff it was rooted at a
67 // standard CA root. (As opposed to a user-installed root.)
68 bool is_issued_by_known_root
;
70 // True if a client certificate was sent to the server. Note that sending
71 // a Certificate message with no client certificate in it does not count.
72 bool client_cert_sent
;
74 // True if a channel ID was sent to the server.
77 HandshakeType handshake_type
;
79 // The hashes, in several algorithms, of the SubjectPublicKeyInfos from
80 // each certificate in the chain.
81 HashValueVector public_key_hashes
;
83 // pinning_failure_log contains a message produced by
84 // TransportSecurityState::DomainState::CheckPublicKeyPins in the event of a
85 // pinning failure. It is a (somewhat) human-readable string.
86 std::string pinning_failure_log
;
88 // List of SignedCertificateTimestamps and their corresponding validation
90 SignedCertificateTimestampAndStatusList signed_certificate_timestamps
;
95 #endif // NET_SSL_SSL_INFO_H_