net/ssl/ssl_info.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_INFO_H_
   6 #define NET_SSL_SSL_INFO_H_
   7
   8 #include <vector>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "net/base/net_export.h"
  12 #include "net/cert/cert_status_flags.h"
  13 #include "net/cert/sct_status_flags.h"
  14 #include "net/cert/x509_cert_types.h"
  15 #include "net/ssl/signed_certificate_timestamp_and_status.h"
  16
  17 namespace net {
  18
  19 class X509Certificate;
  20
  21 // SSL connection info.
  22 // This is really a struct.  All members are public.
  23 class NET_EXPORT SSLInfo {
  24  public:
  25   // HandshakeType enumerates the possible resumption cases after an SSL
  26   // handshake.
  27   enum HandshakeType {
  28     HANDSHAKE_UNKNOWN = 0,
  29     HANDSHAKE_RESUME,  // we resumed a previous session.
  30     HANDSHAKE_FULL,  // we negotiated a new session.
  31   };
  32
  33   SSLInfo();
  34   SSLInfo(const SSLInfo& info);
  35   ~SSLInfo();
  36   SSLInfo& operator=(const SSLInfo& info);
  37
  38   void Reset();
  39
  40   bool is_valid() const { return cert.get() != NULL; }
  41
  42   // Adds the specified |error| to the cert status.
  43   void SetCertError(int error);
  44
  45   // The SSL certificate.
  46   scoped_refptr<X509Certificate> cert;
  47
  48   // The SSL certificate as received by the client. Can be different
  49   // from |cert|, which is the chain as built by the client during
  50   // validation.
  51   scoped_refptr<X509Certificate> unverified_cert;
  52
  53   // Bitmask of status info of |cert|, representing, for example, known errors
  54   // and extended validation (EV) status.
  55   // See cert_status_flags.h for values.
  56   CertStatus cert_status;
  57
  58   // The security strength, in bits, of the SSL cipher suite.
  59   // 0 means the connection is not encrypted.
  60   // -1 means the security strength is unknown.
  61   int security_bits;
  62
  63   // Security information of the SSL connection handshake.
  64   // The meaning depends on the cipher used, see BoringSSL's |SSL_SESSION|'s
  65   // key_exchange_info for more information.
  66   // A zero indicates that the value is unknown.
  67   int key_exchange_info;
  68
  69   // Information about the SSL connection itself. See
  70   // ssl_connection_status_flags.h for values. The protocol version,
  71   // ciphersuite, and compression in use are encoded within.
  72   int connection_status;
  73
  74   // If the certificate is valid, then this is true iff it was rooted at a
  75   // standard CA root. (As opposed to a user-installed root.)
  76   bool is_issued_by_known_root;
  77
  78   // True if a client certificate was sent to the server.  Note that sending
  79   // a Certificate message with no client certificate in it does not count.
  80   bool client_cert_sent;
  81
  82   // True if a channel ID was sent to the server.
  83   bool channel_id_sent;
  84
  85   HandshakeType handshake_type;
  86
  87   // The hashes, in several algorithms, of the SubjectPublicKeyInfos from
  88   // each certificate in the chain.
  89   HashValueVector public_key_hashes;
  90
  91   // pinning_failure_log contains a message produced by
  92   // TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a
  93   // pinning failure. It is a (somewhat) human-readable string.
  94   std::string pinning_failure_log;
  95
  96   // List of SignedCertificateTimestamps and their corresponding validation
  97   // status.
  98   SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
  99 };
 100
 101 }  // namespace net
 102
 103 #endif  // NET_SSL_SSL_INFO_H_