tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

CommonSocketControl.h (6784B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
      2 *
      3 * This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef CommonSocketControl_h
      8 #define CommonSocketControl_h
      9 
     10 #include "CertVerifier.h"
     11 #include "TransportSecurityInfo.h"
     12 #include "mozilla/Maybe.h"
     13 #include "mozilla/net/SSLTokensCache.h"
     14 #include "nsIInterfaceRequestor.h"
     15 #include "nsITLSSocketControl.h"
     16 #include "nsSocketTransportService2.h"
     17 
     18 #if defined(MOZ_DIAGNOSTIC_ASSERT_ENABLED)
     19 #  include "prthread.h"
     20 #  define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
     21    MOZ_DIAGNOSTIC_ASSERT(mOwningThread == PR_GetCurrentThread())
     22 #else
     23 #  define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
     24    do {                                                  \
     25    } while (false)
     26 #endif
     27 
     28 // CommonSocketControl is the base class that implements nsITLSSocketControl.
     29 // Various concrete TLS socket control implementations inherit from this class.
     30 // Currently these implementations consist of NSSSocketControl (a socket
     31 // control for NSS) and QuicSocketControl (a socket control for quic).
     32 // NB: these classes must only be used on the socket thread (the one exception
     33 // being tests that incidentally use CommonSocketControl on the main thread
     34 // (and only the main thread)). This is enforced via the macro
     35 // COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() that should be called at the
     36 // beginning of every function in this class and all subclasses.
     37 class CommonSocketControl : public nsITLSSocketControl {
     38 public:
     39  NS_DECL_THREADSAFE_ISUPPORTS
     40  NS_DECL_NSITLSSOCKETCONTROL
     41 
     42  CommonSocketControl(const nsCString& aHostName, int32_t aPort,
     43                      uint32_t aProviderFlags);
     44 
     45  // Use "errorCode" 0 to indicate success.
     46  virtual void SetCertVerificationResult(PRErrorCode errorCode) {
     47    MOZ_ASSERT_UNREACHABLE("Subclasses must override this.");
     48  }
     49 
     50  const nsACString& GetHostName() {
     51    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     52    return mHostName;
     53  }
     54  int32_t GetPort() {
     55    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     56    return mPort;
     57  }
     58  void SetMadeOCSPRequests(bool aMadeOCSPRequests) {
     59    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     60    mMadeOCSPRequests = aMadeOCSPRequests;
     61  }
     62  bool GetMadeOCSPRequests() {
     63    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     64    return mMadeOCSPRequests;
     65  }
     66  bool GetUsedPrivateDNS() {
     67    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     68    return mUsedPrivateDNS;
     69  }
     70 
     71  void SetServerCert(const nsCOMPtr<nsIX509Cert>& aServerCert,
     72                     mozilla::psm::EVStatus aEVStatus);
     73  already_AddRefed<nsIX509Cert> GetServerCert() {
     74    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     75    return do_AddRef(mServerCert);
     76  }
     77  bool HasServerCert() {
     78    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     79    return mServerCert != nullptr;
     80  }
     81  void SetStatusErrorBits(nsITransportSecurityInfo::OverridableErrorCategory
     82                              overridableErrorCategory);
     83  bool HasUserOverriddenCertificateError() {
     84    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     85    return mOverridableErrorCategory.isSome() &&
     86           *mOverridableErrorCategory !=
     87               nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
     88  }
     89  void SetSucceededCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
     90  void SetHandshakeCertificates(nsTArray<nsTArray<uint8_t>>&& certList);
     91  void SetIsBuiltCertChainRootBuiltInRoot(
     92      bool aIsBuiltCertChainRootBuiltInRoot) {
     93    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     94    mIsBuiltCertChainRootBuiltInRoot = aIsBuiltCertChainRootBuiltInRoot;
     95  }
     96  void SetCertificateTransparencyStatus(
     97      uint16_t aCertificateTransparencyStatus) {
     98    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     99    mCertificateTransparencyStatus = aCertificateTransparencyStatus;
    100  }
    101  void SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes) {
    102    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    103    mOriginAttributes = aOriginAttributes;
    104  }
    105  mozilla::OriginAttributes& GetOriginAttributes() {
    106    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    107    return mOriginAttributes;
    108  }
    109 
    110  void SetSecurityState(uint32_t aSecurityState) {
    111    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    112    mSecurityState = aSecurityState;
    113  }
    114  void SetResumed(bool aResumed) {
    115    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    116    mResumed = aResumed;
    117  }
    118 
    119  uint32_t GetProviderFlags() const {
    120    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    121    return mProviderFlags;
    122  }
    123  void SetSSLVersionUsed(uint16_t version) {
    124    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    125    mSSLVersionUsed = version;
    126  }
    127  void SetSessionCacheInfo(mozilla::net::SessionCacheInfo&& aInfo) {
    128    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    129    mSessionCacheInfo.reset();
    130    mSessionCacheInfo.emplace(std::move(aInfo));
    131  }
    132  void RebuildCertificateInfoFromSSLTokenCache();
    133  void SetCanceled(PRErrorCode errorCode);
    134  bool IsCanceled() {
    135    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
    136    return mCanceled;
    137  }
    138  int32_t GetErrorCode();
    139 
    140 protected:
    141  virtual ~CommonSocketControl() = default;
    142 
    143  nsCString mHostName;
    144  int32_t mPort;
    145  mozilla::OriginAttributes mOriginAttributes;
    146 
    147  bool mCanceled;
    148  mozilla::Maybe<mozilla::net::SessionCacheInfo> mSessionCacheInfo;
    149  bool mHandshakeCompleted;
    150  bool mJoined;
    151  bool mSentClientCert;
    152  bool mFailedVerification;
    153  uint16_t mSSLVersionUsed;
    154  uint32_t mProviderFlags;
    155 
    156  // Fields used to build a TransportSecurityInfo
    157  uint32_t mSecurityState;
    158  PRErrorCode mErrorCode;
    159  // Certificates provided in the TLS handshake by the server.
    160  nsTArray<RefPtr<nsIX509Cert>> mHandshakeCertificates;
    161  // The server end-entity certificate.
    162  nsCOMPtr<nsIX509Cert> mServerCert;
    163  // The chain built during certificate validation, if successful.
    164  nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
    165  mozilla::Maybe<uint16_t> mCipherSuite;
    166  mozilla::Maybe<nsCString> mKeaGroupName;
    167  mozilla::Maybe<nsCString> mSignatureSchemeName;
    168  mozilla::Maybe<uint16_t> mProtocolVersion;
    169  uint16_t mCertificateTransparencyStatus;
    170  mozilla::Maybe<bool> mIsAcceptedEch;
    171  mozilla::Maybe<bool> mIsDelegatedCredential;
    172  mozilla::Maybe<nsITransportSecurityInfo::OverridableErrorCategory>
    173      mOverridableErrorCategory;
    174  bool mMadeOCSPRequests;
    175  bool mUsedPrivateDNS;
    176  mozilla::Maybe<bool> mIsEV;
    177  bool mNPNCompleted;
    178  nsCString mNegotiatedNPN;
    179  bool mResumed;
    180  bool mIsBuiltCertChainRootBuiltInRoot;
    181  nsCString mPeerId;
    182 
    183 #if defined(MOZ_DIAGNOSTIC_ASSERT_ENABLED)
    184  const PRThread* mOwningThread;
    185 #endif
    186 };
    187 
    188 #endif  // CommonSocketControl_h