1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef CommonSocketControl_h
8 #define CommonSocketControl_h
10 #include "CertVerifier.h"
11 #include "TransportSecurityInfo.h"
12 #include "mozilla/Maybe.h"
13 #include "mozilla/net/SSLTokensCache.h"
14 #include "nsIInterfaceRequestor.h"
15 #include "nsITLSSocketControl.h"
16 #include "nsSocketTransportService2.h"
18 #if defined(MOZ_DIAGNOSTIC_ASSERT_ENABLED)
19 # include "prthread.h"
20 # define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
21 MOZ_DIAGNOSTIC_ASSERT(mOwningThread == PR_GetCurrentThread())
23 # define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
28 // CommonSocketControl is the base class that implements nsITLSSocketControl.
29 // Various concrete TLS socket control implementations inherit from this class.
30 // Currently these implementations consist of NSSSocketControl (a socket
31 // control for NSS) and QuicSocketControl (a socket control for quic).
32 // NB: these classes must only be used on the socket thread (the one exception
33 // being tests that incidentally use CommonSocketControl on the main thread
34 // (and only the main thread)). This is enforced via the macro
35 // COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() that should be called at the
36 // beginning of every function in this class and all subclasses.
37 class CommonSocketControl
: public nsITLSSocketControl
{
39 NS_DECL_THREADSAFE_ISUPPORTS
40 NS_DECL_NSITLSSOCKETCONTROL
42 CommonSocketControl(const nsCString
& aHostName
, int32_t aPort
,
43 uint32_t aProviderFlags
);
45 // Use "errorCode" 0 to indicate success.
46 virtual void SetCertVerificationResult(PRErrorCode errorCode
) {
47 MOZ_ASSERT_UNREACHABLE("Subclasses must override this.");
50 const nsACString
& GetHostName() {
51 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
55 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
58 void SetMadeOCSPRequests(bool aMadeOCSPRequests
) {
59 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
60 mMadeOCSPRequests
= aMadeOCSPRequests
;
62 bool GetMadeOCSPRequests() {
63 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
64 return mMadeOCSPRequests
;
66 void SetUsedPrivateDNS(bool aUsedPrivateDNS
) {
67 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
68 mUsedPrivateDNS
= aUsedPrivateDNS
;
70 bool GetUsedPrivateDNS() {
71 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
72 return mUsedPrivateDNS
;
75 void SetServerCert(const nsCOMPtr
<nsIX509Cert
>& aServerCert
,
76 mozilla::psm::EVStatus aEVStatus
);
77 already_AddRefed
<nsIX509Cert
> GetServerCert() {
78 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
79 return do_AddRef(mServerCert
);
81 bool HasServerCert() {
82 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
83 return mServerCert
!= nullptr;
85 void SetStatusErrorBits(const nsCOMPtr
<nsIX509Cert
>& cert
,
86 nsITransportSecurityInfo::OverridableErrorCategory
87 overridableErrorCategory
);
88 bool HasUserOverriddenCertificateError() {
89 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
90 return mOverridableErrorCategory
.isSome() &&
91 *mOverridableErrorCategory
!=
92 nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET
;
94 void SetSucceededCertChain(nsTArray
<nsTArray
<uint8_t>>&& certList
);
95 void SetFailedCertChain(nsTArray
<nsTArray
<uint8_t>>&& certList
);
96 void SetIsBuiltCertChainRootBuiltInRoot(
97 bool aIsBuiltCertChainRootBuiltInRoot
) {
98 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
99 mIsBuiltCertChainRootBuiltInRoot
= aIsBuiltCertChainRootBuiltInRoot
;
101 void SetCertificateTransparencyStatus(
102 uint16_t aCertificateTransparencyStatus
) {
103 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
104 mCertificateTransparencyStatus
= aCertificateTransparencyStatus
;
106 void SetOriginAttributes(const mozilla::OriginAttributes
& aOriginAttributes
) {
107 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
108 mOriginAttributes
= aOriginAttributes
;
110 mozilla::OriginAttributes
& GetOriginAttributes() {
111 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
112 return mOriginAttributes
;
115 void SetSecurityState(uint32_t aSecurityState
) {
116 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
117 mSecurityState
= aSecurityState
;
119 void SetResumed(bool aResumed
) {
120 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
124 uint32_t GetProviderFlags() const {
125 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
126 return mProviderFlags
;
128 void SetSSLVersionUsed(uint16_t version
) {
129 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
130 mSSLVersionUsed
= version
;
132 void SetSessionCacheInfo(mozilla::net::SessionCacheInfo
&& aInfo
) {
133 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
134 mSessionCacheInfo
.reset();
135 mSessionCacheInfo
.emplace(std::move(aInfo
));
137 void RebuildCertificateInfoFromSSLTokenCache();
138 void SetCanceled(PRErrorCode errorCode
);
140 COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
143 int32_t GetErrorCode();
146 virtual ~CommonSocketControl() = default;
150 mozilla::OriginAttributes mOriginAttributes
;
153 mozilla::Maybe
<mozilla::net::SessionCacheInfo
> mSessionCacheInfo
;
154 bool mHandshakeCompleted
;
156 bool mSentClientCert
;
157 bool mFailedVerification
;
158 uint16_t mSSLVersionUsed
;
159 uint32_t mProviderFlags
;
161 // Fields used to build a TransportSecurityInfo
162 uint32_t mSecurityState
;
163 PRErrorCode mErrorCode
;
164 // Peer cert chain for failed connections.
165 nsTArray
<RefPtr
<nsIX509Cert
>> mFailedCertChain
;
166 nsCOMPtr
<nsIX509Cert
> mServerCert
;
167 nsTArray
<RefPtr
<nsIX509Cert
>> mSucceededCertChain
;
168 mozilla::Maybe
<uint16_t> mCipherSuite
;
169 mozilla::Maybe
<nsCString
> mKeaGroupName
;
170 mozilla::Maybe
<nsCString
> mSignatureSchemeName
;
171 mozilla::Maybe
<uint16_t> mProtocolVersion
;
172 uint16_t mCertificateTransparencyStatus
;
173 mozilla::Maybe
<bool> mIsAcceptedEch
;
174 mozilla::Maybe
<bool> mIsDelegatedCredential
;
175 mozilla::Maybe
<nsITransportSecurityInfo::OverridableErrorCategory
>
176 mOverridableErrorCategory
;
177 bool mMadeOCSPRequests
;
178 bool mUsedPrivateDNS
;
179 mozilla::Maybe
<bool> mIsEV
;
181 nsCString mNegotiatedNPN
;
183 bool mIsBuiltCertChainRootBuiltInRoot
;
186 #if defined(MOZ_DIAGNOSTIC_ASSERT_ENABLED)
187 const PRThread
* mOwningThread
;
191 #endif // CommonSocketControl_h