tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsITransportSecurityInfo.idl (4476B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
      2 *
      3 * This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include "nsISupports.idl"
      8 
      9 interface nsIObjectOutputStream;
     10 interface nsIX509Cert;
     11 
     12 %{ C++
     13 namespace IPC {
     14 class MessageWriter;
     15 }
     16 %}
     17 
     18 [ptr] native IpcMessageWriterPtr(IPC::MessageWriter);
     19 
     20 [builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
     21 interface nsITransportSecurityInfo : nsISupports {
     22    cenum OverridableErrorCategory : 32 {
     23      ERROR_UNSET,
     24      ERROR_TRUST,
     25      ERROR_DOMAIN,
     26      ERROR_TIME,
     27    };
     28 
     29    readonly attribute unsigned long securityState;
     30    readonly attribute long errorCode; // PRErrorCode
     31    // errorCode as string (e.g. "SEC_ERROR_UNKNOWN_ISSUER")
     32    readonly attribute AString errorCodeString;
     33 
     34    /**
     35     * The following parameters are only valid after the TLS handshake
     36     * has completed.  Check securityState first.
     37     */
     38 
     39    /**
     40     * The list of certificates provided by the server during the TLS
     41     * handshake.
     42     */
     43    readonly attribute Array<nsIX509Cert> handshakeCertificates;
     44 
     45    /**
     46     * The server certificate (also called "end-entity certificate").
     47     */
     48    readonly attribute nsIX509Cert serverCert;
     49 
     50    /**
     51     * If the server certificate verified successfully, this will consist of
     52     * the verified path from the end-entity to the trust-anchor.
     53     */
     54    readonly attribute Array<nsIX509Cert> succeededCertChain;
     55 
     56    [must_use]
     57    readonly attribute ACString cipherName;
     58    [must_use]
     59    readonly attribute unsigned long keyLength;
     60    [must_use]
     61    readonly attribute unsigned long secretKeyLength;
     62    [must_use]
     63    readonly attribute ACString keaGroupName;
     64    [must_use]
     65    readonly attribute ACString signatureSchemeName;
     66 
     67    const short SSL_VERSION_3   = 0;
     68    const short TLS_VERSION_1   = 1;
     69    const short TLS_VERSION_1_1 = 2;
     70    const short TLS_VERSION_1_2 = 3;
     71    const short TLS_VERSION_1_3 = 4;
     72    [must_use]
     73    readonly attribute unsigned short protocolVersion;
     74 
     75    const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE          = 0;
     76    const short CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT        = 5;
     77    const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS  = 6;
     78    const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS = 7;
     79    [must_use]
     80    readonly attribute unsigned short certificateTransparencyStatus;
     81 
     82    [must_use]
     83    readonly attribute boolean isAcceptedEch;
     84    [must_use]
     85    readonly attribute boolean isDelegatedCredential;
     86    [must_use]
     87    readonly attribute nsITransportSecurityInfo_OverridableErrorCategory overridableErrorCategory;
     88 
     89    /**
     90     * True if OCSP requests were made to query the status of certificates
     91     * used in this connection.
     92     */
     93    [must_use]
     94    readonly attribute boolean madeOCSPRequests;
     95 
     96    /**
     97     * True if the DNS record used for this connection was fetched over an encrypted connection.
     98     */
     99    [must_use]
    100    readonly attribute boolean usedPrivateDNS;
    101 
    102    /**
    103     * True only if (and after) serverCert was successfully validated as
    104     * Extended Validation (EV).
    105     */
    106    [must_use]
    107    readonly attribute boolean isExtendedValidation;
    108 
    109    [notxpcom, noscript]
    110    void SerializeToIPC(in IpcMessageWriterPtr aWriter);
    111 
    112    /**
    113     * Serializes the data represented in this interface to a base64-encoded
    114     * string that can be deserialized using TransportSecurityInfo::Read.
    115     */
    116    [must_use]
    117    ACString toString();
    118 
    119    /* negotiatedNPN is '' if no NPN list was provided by the client,
    120     * or if the server did not select any protocol choice from that
    121     * list. That also includes the case where the server does not
    122     * implement NPN.
    123     *
    124     * If negotiatedNPN is read before NPN has progressed to the point
    125     * where this information is available NS_ERROR_NOT_CONNECTED is
    126     * raised.
    127     */
    128    readonly attribute ACString negotiatedNPN;
    129 
    130    /**
    131     * True iff the connection was resumed using the resumption token.
    132     */
    133    readonly attribute boolean resumed;
    134 
    135    /**
    136     * True iff the succeededCertChain is built in root.
    137     */
    138    readonly attribute boolean isBuiltCertChainRootBuiltInRoot;
    139 
    140    /**
    141     * The id used to uniquely identify the connection to the peer.
    142     */
    143    readonly attribute ACString peerId;
    144 };