Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SSL_INFO_H_
      6 #define NET_SSL_SSL_INFO_H_
      7 
      8 #include <vector>
      9 
     10 #include "base/memory/ref_counted.h"
     11 #include "net/base/net_export.h"
     12 #include "net/cert/cert_status_flags.h"
     13 #include "net/cert/sct_status_flags.h"
     14 #include "net/cert/x509_cert_types.h"
     15 #include "net/ssl/signed_certificate_timestamp_and_status.h"
     16 
     17 class Pickle;
     18 class PickleIterator;
     19 
     20 namespace net {
     21 
     22 class X509Certificate;
     23 
     24 // SSL connection info.
     25 // This is really a struct.  All members are public.
     26 class NET_EXPORT SSLInfo {
     27  public:
     28   // HandshakeType enumerates the possible resumption cases after an SSL
     29   // handshake.
     30   enum HandshakeType {
     31     HANDSHAKE_UNKNOWN = 0,
     32     HANDSHAKE_RESUME,  // we resumed a previous session.
     33     HANDSHAKE_FULL,  // we negotiated a new session.
     34   };
     35 
     36   SSLInfo();
     37   SSLInfo(const SSLInfo& info);
     38   ~SSLInfo();
     39   SSLInfo& operator=(const SSLInfo& info);
     40 
     41   void Reset();
     42 
     43   bool is_valid() const { return cert.get() != NULL; }
     44 
     45   // Adds the specified |error| to the cert status.
     46   void SetCertError(int error);
     47 
     48   // The SSL certificate.
     49   scoped_refptr<X509Certificate> cert;
     50 
     51   // Bitmask of status info of |cert|, representing, for example, known errors
     52   // and extended validation (EV) status.
     53   // See cert_status_flags.h for values.
     54   CertStatus cert_status;
     55 
     56   // The security strength, in bits, of the SSL cipher suite.
     57   // 0 means the connection is not encrypted.
     58   // -1 means the security strength is unknown.
     59   int security_bits;
     60 
     61   // Information about the SSL connection itself. See
     62   // ssl_connection_status_flags.h for values. The protocol version,
     63   // ciphersuite, and compression in use are encoded within.
     64   int connection_status;
     65 
     66   // If the certificate is valid, then this is true iff it was rooted at a
     67   // standard CA root. (As opposed to a user-installed root.)
     68   bool is_issued_by_known_root;
     69 
     70   // True if a client certificate was sent to the server.  Note that sending
     71   // a Certificate message with no client certificate in it does not count.
     72   bool client_cert_sent;
     73 
     74   // True if a channel ID was sent to the server.
     75   bool channel_id_sent;
     76 
     77   HandshakeType handshake_type;
     78 
     79   // The hashes, in several algorithms, of the SubjectPublicKeyInfos from
     80   // each certificate in the chain.
     81   HashValueVector public_key_hashes;
     82 
     83   // pinning_failure_log contains a message produced by
     84   // TransportSecurityState::DomainState::CheckPublicKeyPins in the event of a
     85   // pinning failure. It is a (somewhat) human-readable string.
     86   std::string pinning_failure_log;
     87 
     88   // List of SignedCertificateTimestamps and their corresponding validation
     89   // status.
     90   SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
     91 };
     92 
     93 }  // namespace net
     94 
     95 #endif  // NET_SSL_SSL_INFO_H_
     96