security/manager/ssl/TransportSecurityInfo.h

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
   2  *
   3  * This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef TransportSecurityInfo_h
   8 #define TransportSecurityInfo_h
   9
  10 #include "CertVerifier.h"  // For CertificateTransparencyInfo, EVStatus
  11 #include "ScopedNSSTypes.h"
  12 #include "mozilla/Assertions.h"
  13 #include "mozilla/BasePrincipal.h"
  14 #include "mozilla/Components.h"
  15 #include "mozilla/Maybe.h"
  16 #include "mozilla/RefPtr.h"
  17 #include "mozilla/ipc/TransportSecurityInfoUtils.h"
  18 #include "mozpkix/pkixtypes.h"
  19 #include "nsIObjectInputStream.h"
  20 #include "nsITransportSecurityInfo.h"
  21 #include "nsIX509Cert.h"
  22 #include "nsString.h"
  23
  24 namespace mozilla {
  25 namespace psm {
  26
  27 // TransportSecurityInfo implements nsITransportSecurityInfo, which is a
  28 // collection of attributes describing the outcome of a TLS handshake. It is
  29 // constant - once created, it cannot be modified.  It should probably not be
  30 // instantiated directly, but rather accessed via
  31 // nsITLSSocketControl.securityInfo.
  32 class TransportSecurityInfo : public nsITransportSecurityInfo {
  33  public:
  34   TransportSecurityInfo(
  35       uint32_t aSecurityState, PRErrorCode aErrorCode,
  36       nsTArray<RefPtr<nsIX509Cert>>&& aFailedCertChain,
  37       nsCOMPtr<nsIX509Cert>& aServerCert,
  38       nsTArray<RefPtr<nsIX509Cert>>&& aSucceededCertChain,
  39       Maybe<uint16_t> aCipherSuite, Maybe<nsCString> aKeaGroupName,
  40       Maybe<nsCString> aSignatureSchemeName, Maybe<uint16_t> aProtocolVersion,
  41       uint16_t aCertificateTransparencyStatus, Maybe<bool> aIsAcceptedEch,
  42       Maybe<bool> aIsDelegatedCredential,
  43       Maybe<OverridableErrorCategory> aOverridableErrorCategory,
  44       bool aMadeOCSPRequests, bool aUsedPrivateDNS, Maybe<bool> aIsEV,
  45       bool aNPNCompleted, const nsCString& aNegotiatedNPN, bool aResumed,
  46       bool aIsBuiltCertChainRootBuiltInRoot, const nsCString& aPeerId);
  47
  48   NS_DECL_THREADSAFE_ISUPPORTS
  49   NS_DECL_NSITRANSPORTSECURITYINFO
  50
  51   static bool DeserializeFromIPC(IPC::MessageReader* aReader,
  52                                  RefPtr<nsITransportSecurityInfo>* aResult);
  53   static nsresult Read(const nsCString& aSerializedSecurityInfo,
  54                        nsITransportSecurityInfo** aResult);
  55   static uint16_t ConvertCertificateTransparencyInfoToStatus(
  56       const mozilla::psm::CertificateTransparencyInfo& info);
  57
  58  private:
  59   virtual ~TransportSecurityInfo() = default;
  60
  61   const uint32_t mSecurityState;
  62   const PRErrorCode mErrorCode;
  63   // Peer cert chain for failed connections.
  64   const nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain;
  65   const nsCOMPtr<nsIX509Cert> mServerCert;
  66   const nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
  67   const mozilla::Maybe<uint16_t> mCipherSuite;
  68   const mozilla::Maybe<nsCString> mKeaGroupName;
  69   const mozilla::Maybe<nsCString> mSignatureSchemeName;
  70   const mozilla::Maybe<uint16_t> mProtocolVersion;
  71   const uint16_t mCertificateTransparencyStatus;
  72   const mozilla::Maybe<bool> mIsAcceptedEch;
  73   const mozilla::Maybe<bool> mIsDelegatedCredential;
  74   const mozilla::Maybe<OverridableErrorCategory> mOverridableErrorCategory;
  75   const bool mMadeOCSPRequests;
  76   const bool mUsedPrivateDNS;
  77   const mozilla::Maybe<bool> mIsEV;
  78   const bool mNPNCompleted;
  79   const nsCString mNegotiatedNPN;
  80   const bool mResumed;
  81   const bool mIsBuiltCertChainRootBuiltInRoot;
  82   const nsCString mPeerId;
  83
  84   static nsresult ReadOldOverridableErrorBits(
  85       nsIObjectInputStream* aStream,
  86       OverridableErrorCategory& aOverridableErrorCategory);
  87   static nsresult ReadSSLStatus(
  88       nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert,
  89       Maybe<uint16_t>& aCipherSuite, Maybe<uint16_t>& aProtocolVersion,
  90       Maybe<OverridableErrorCategory>& aOverridableErrorCategory,
  91       Maybe<bool>& aIsEV, uint16_t& aCertificateTransparencyStatus,
  92       Maybe<nsCString>& aKeaGroupName, Maybe<nsCString>& aSignatureSchemeName,
  93       nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain);
  94
  95   // This function is used to read the binary that are serialized
  96   // by using nsIX509CertList
  97   static nsresult ReadCertList(nsIObjectInputStream* aStream,
  98                                nsTArray<RefPtr<nsIX509Cert>>& aCertList);
  99   static nsresult ReadCertificatesFromStream(
 100       nsIObjectInputStream* aStream, uint32_t aSize,
 101       nsTArray<RefPtr<nsIX509Cert>>& aCertList);
 102 };
 103
 104 }  // namespace psm
 105 }  // namespace mozilla
 106
 107 #endif  // TransportSecurityInfo_h