tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

TransportSecurityInfo.h (4646B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
      2 *
      3 * This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef TransportSecurityInfo_h
      8 #define TransportSecurityInfo_h
      9 
     10 #include "CertVerifier.h"  // For CertificateTransparencyInfo, EVStatus
     11 #include "ScopedNSSTypes.h"
     12 #include "mozilla/BasePrincipal.h"
     13 #include "mozilla/Components.h"
     14 #include "mozilla/Maybe.h"
     15 #include "mozilla/RefPtr.h"
     16 #include "mozilla/ipc/TransportSecurityInfoUtils.h"
     17 #include "mozpkix/pkixtypes.h"
     18 #include "nsIObjectInputStream.h"
     19 #include "nsITransportSecurityInfo.h"
     20 #include "nsIX509Cert.h"
     21 #include "nsString.h"
     22 
     23 namespace mozilla {
     24 namespace psm {
     25 
     26 // TransportSecurityInfo implements nsITransportSecurityInfo, which is a
     27 // collection of attributes describing the outcome of a TLS handshake. It is
     28 // constant - once created, it cannot be modified.  It should probably not be
     29 // instantiated directly, but rather accessed via
     30 // nsITLSSocketControl.securityInfo.
     31 class TransportSecurityInfo : public nsITransportSecurityInfo {
     32 public:
     33  TransportSecurityInfo(
     34      uint32_t aSecurityState, PRErrorCode aErrorCode,
     35      nsTArray<RefPtr<nsIX509Cert>>&& aHandshakeCertificates,
     36      nsCOMPtr<nsIX509Cert>& aServerCert,
     37      nsTArray<RefPtr<nsIX509Cert>>&& aSucceededCertChain,
     38      Maybe<uint16_t> aCipherSuite, Maybe<nsCString> aKeaGroupName,
     39      Maybe<nsCString> aSignatureSchemeName, Maybe<uint16_t> aProtocolVersion,
     40      uint16_t aCertificateTransparencyStatus, Maybe<bool> aIsAcceptedEch,
     41      Maybe<bool> aIsDelegatedCredential,
     42      Maybe<OverridableErrorCategory> aOverridableErrorCategory,
     43      bool aMadeOCSPRequests, bool aUsedPrivateDNS, Maybe<bool> aIsEV,
     44      bool aNPNCompleted, const nsCString& aNegotiatedNPN, bool aResumed,
     45      bool aIsBuiltCertChainRootBuiltInRoot, const nsCString& aPeerId);
     46 
     47  NS_DECL_THREADSAFE_ISUPPORTS
     48  NS_DECL_NSITRANSPORTSECURITYINFO
     49 
     50  static bool DeserializeFromIPC(IPC::MessageReader* aReader,
     51                                 RefPtr<nsITransportSecurityInfo>* aResult);
     52  static nsresult Read(const nsCString& aSerializedSecurityInfo,
     53                       nsITransportSecurityInfo** aResult);
     54  static uint16_t ConvertCertificateTransparencyInfoToStatus(
     55      const mozilla::psm::CertificateTransparencyInfo& info);
     56 
     57 private:
     58  virtual ~TransportSecurityInfo() = default;
     59 
     60  const uint32_t mSecurityState;
     61  const PRErrorCode mErrorCode;
     62  // Certificates provided in the TLS handshake by the server.
     63  const nsTArray<RefPtr<nsIX509Cert>> mHandshakeCertificates;
     64  // The server end-entity certificate.
     65  const nsCOMPtr<nsIX509Cert> mServerCert;
     66  // The chain built during certificate validation, if successful.
     67  const nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
     68  const mozilla::Maybe<uint16_t> mCipherSuite;
     69  const mozilla::Maybe<nsCString> mKeaGroupName;
     70  const mozilla::Maybe<nsCString> mSignatureSchemeName;
     71  const mozilla::Maybe<uint16_t> mProtocolVersion;
     72  const uint16_t mCertificateTransparencyStatus;
     73  const mozilla::Maybe<bool> mIsAcceptedEch;
     74  const mozilla::Maybe<bool> mIsDelegatedCredential;
     75  const mozilla::Maybe<OverridableErrorCategory> mOverridableErrorCategory;
     76  const bool mMadeOCSPRequests;
     77  const bool mUsedPrivateDNS;
     78  const mozilla::Maybe<bool> mIsEV;
     79  const bool mNPNCompleted;
     80  const nsCString mNegotiatedNPN;
     81  const bool mResumed;
     82  const bool mIsBuiltCertChainRootBuiltInRoot;
     83  const nsCString mPeerId;
     84 
     85  static nsresult ReadOldOverridableErrorBits(
     86      nsIObjectInputStream* aStream,
     87      OverridableErrorCategory& aOverridableErrorCategory);
     88  static nsresult ReadSSLStatus(
     89      nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert,
     90      Maybe<uint16_t>& aCipherSuite, Maybe<uint16_t>& aProtocolVersion,
     91      Maybe<OverridableErrorCategory>& aOverridableErrorCategory,
     92      Maybe<bool>& aIsEV, uint16_t& aCertificateTransparencyStatus,
     93      Maybe<nsCString>& aKeaGroupName, Maybe<nsCString>& aSignatureSchemeName,
     94      nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain);
     95 
     96  // This function is used to read the binary that are serialized
     97  // by using nsIX509CertList
     98  static nsresult ReadCertList(nsIObjectInputStream* aStream,
     99                               nsTArray<RefPtr<nsIX509Cert>>& aCertList);
    100  static nsresult ReadCertificatesFromStream(
    101      nsIObjectInputStream* aStream, uint32_t aSize,
    102      nsTArray<RefPtr<nsIX509Cert>>& aCertList);
    103 };
    104 
    105 }  // namespace psm
    106 }  // namespace mozilla
    107 
    108 #endif  // TransportSecurityInfo_h