net/ssl/ssl_info.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_INFO_H_
   6 #define NET_SSL_SSL_INFO_H_
   7
   8 #include <vector>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "net/base/net_export.h"
  12 #include "net/cert/cert_status_flags.h"
  13 #include "net/cert/sct_status_flags.h"
  14 #include "net/cert/x509_cert_types.h"
  15 #include "net/ssl/signed_certificate_timestamp_and_status.h"
  16
  17 namespace net {
  18
  19 class X509Certificate;
  20
  21 // SSL connection info.
  22 // This is really a struct.  All members are public.
  23 class NET_EXPORT SSLInfo {
  24  public:
  25   // HandshakeType enumerates the possible resumption cases after an SSL
  26   // handshake.
  27   enum HandshakeType {
  28     HANDSHAKE_UNKNOWN = 0,
  29     HANDSHAKE_RESUME,  // we resumed a previous session.
  30     HANDSHAKE_FULL,  // we negotiated a new session.
  31   };
  32
  33   SSLInfo();
  34   SSLInfo(const SSLInfo& info);
  35   ~SSLInfo();
  36   SSLInfo& operator=(const SSLInfo& info);
  37
  38   void Reset();
  39
  40   bool is_valid() const { return cert.get() != NULL; }
  41
  42   // Adds the specified |error| to the cert status.
  43   void SetCertError(int error);
  44
  45   // The SSL certificate.
  46   scoped_refptr<X509Certificate> cert;
  47
  48   // The SSL certificate as received by the client. Can be different
  49   // from |cert|, which is the chain as built by the client during
  50   // validation.
  51   scoped_refptr<X509Certificate> unverified_cert;
  52
  53   // Bitmask of status info of |cert|, representing, for example, known errors
  54   // and extended validation (EV) status.
  55   // See cert_status_flags.h for values.
  56   CertStatus cert_status;
  57
  58   // The security strength, in bits, of the SSL cipher suite.
  59   // 0 means the connection is not encrypted.
  60   // -1 means the security strength is unknown.
  61   int security_bits;
  62
  63   // Information about the SSL connection itself. See
  64   // ssl_connection_status_flags.h for values. The protocol version,
  65   // ciphersuite, and compression in use are encoded within.
  66   int connection_status;
  67
  68   // If the certificate is valid, then this is true iff it was rooted at a
  69   // standard CA root. (As opposed to a user-installed root.)
  70   bool is_issued_by_known_root;
  71
  72   // True if a client certificate was sent to the server.  Note that sending
  73   // a Certificate message with no client certificate in it does not count.
  74   bool client_cert_sent;
  75
  76   // True if a channel ID was sent to the server.
  77   bool channel_id_sent;
  78
  79   HandshakeType handshake_type;
  80
  81   // The hashes, in several algorithms, of the SubjectPublicKeyInfos from
  82   // each certificate in the chain.
  83   HashValueVector public_key_hashes;
  84
  85   // pinning_failure_log contains a message produced by
  86   // TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a
  87   // pinning failure. It is a (somewhat) human-readable string.
  88   std::string pinning_failure_log;
  89
  90   // List of SignedCertificateTimestamps and their corresponding validation
  91   // status.
  92   SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
  93 };
  94
  95 }  // namespace net
  96
  97 #endif  // NET_SSL_SSL_INFO_H_