15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef NET_SSL_SSL_INFO_H_ 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define NET_SSL_SSL_INFO_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <vector> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/ref_counted.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_export.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_status_flags.h" 13a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/cert/sct_status_flags.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_cert_types.h" 15a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/ssl/signed_certificate_timestamp_and_status.h" 16a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class Pickle; 18a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class PickleIterator; 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class X509Certificate; 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SSL connection info. 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This is really a struct. All members are public. 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NET_EXPORT SSLInfo { 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // HandshakeType enumerates the possible resumption cases after an SSL 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // handshake. 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum HandshakeType { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDSHAKE_UNKNOWN = 0, 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDSHAKE_RESUME, // we resumed a previous session. 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDSHAKE_FULL, // we negotiated a new session. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLInfo(); 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLInfo(const SSLInfo& info); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ~SSLInfo(); 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLInfo& operator=(const SSLInfo& info); 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void Reset(); 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 43868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) bool is_valid() const { return cert.get() != NULL; } 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Adds the specified |error| to the cert status. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void SetCertError(int error); 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The SSL certificate. 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<X509Certificate> cert; 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Bitmask of status info of |cert|, representing, for example, known errors 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and extended validation (EV) status. 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // See cert_status_flags.h for values. 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertStatus cert_status; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The security strength, in bits, of the SSL cipher suite. 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 0 means the connection is not encrypted. 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // -1 means the security strength is unknown. 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int security_bits; 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Information about the SSL connection itself. See 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // ssl_connection_status_flags.h for values. The protocol version, 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // ciphersuite, and compression in use are encoded within. 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int connection_status; 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If the certificate is valid, then this is true iff it was rooted at a 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // standard CA root. (As opposed to a user-installed root.) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool is_issued_by_known_root; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // True if a client certificate was sent to the server. Note that sending 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // a Certificate message with no client certificate in it does not count. 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool client_cert_sent; 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // True if a channel ID was sent to the server. 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool channel_id_sent; 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HandshakeType handshake_type; 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The hashes, in several algorithms, of the SubjectPublicKeyInfos from 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // each certificate in the chain. 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashValueVector public_key_hashes; 82a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 83c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch // pinning_failure_log contains a message produced by 84c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch // TransportSecurityState::DomainState::CheckPublicKeyPins in the event of a 85c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch // pinning failure. It is a (somewhat) human-readable string. 86c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch std::string pinning_failure_log; 87c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 88a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // List of SignedCertificateTimestamps and their corresponding validation 89a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // status. 90a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) SignedCertificateTimestampAndStatusList signed_certificate_timestamps; 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 952a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif // NET_SSL_SSL_INFO_H_ 96