net/ssl/ssl_info.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_INFO_H_
   6 #define NET_SSL_SSL_INFO_H_
   7
   8 #include <vector>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "net/base/net_export.h"
  12 #include "net/cert/cert_status_flags.h"
  13 #include "net/cert/sct_status_flags.h"
  14 #include "net/cert/x509_cert_types.h"
  15 #include "net/ssl/signed_certificate_timestamp_and_status.h"
  16
  17 class Pickle;
  18 class PickleIterator;
  19
  20 namespace net {
  21
  22 class X509Certificate;
  23
  24 // SSL connection info.
  25 // This is really a struct.  All members are public.
  26 class NET_EXPORT SSLInfo {
  27  public:
  28   // HandshakeType enumerates the possible resumption cases after an SSL
  29   // handshake.
  30   enum HandshakeType {
  31     HANDSHAKE_UNKNOWN = 0,
  32     HANDSHAKE_RESUME,  // we resumed a previous session.
  33     HANDSHAKE_FULL,  // we negotiated a new session.
  34   };
  35
  36   SSLInfo();
  37   SSLInfo(const SSLInfo& info);
  38   ~SSLInfo();
  39   SSLInfo& operator=(const SSLInfo& info);
  40
  41   void Reset();
  42
  43   bool is_valid() const { return cert.get() != NULL; }
  44
  45   // Adds the specified |error| to the cert status.
  46   void SetCertError(int error);
  47
  48   // The SSL certificate.
  49   scoped_refptr<X509Certificate> cert;
  50
  51   // Bitmask of status info of |cert|, representing, for example, known errors
  52   // and extended validation (EV) status.
  53   // See cert_status_flags.h for values.
  54   CertStatus cert_status;
  55
  56   // The security strength, in bits, of the SSL cipher suite.
  57   // 0 means the connection is not encrypted.
  58   // -1 means the security strength is unknown.
  59   int security_bits;
  60
  61   // Information about the SSL connection itself. See
  62   // ssl_connection_status_flags.h for values. The protocol version,
  63   // ciphersuite, and compression in use are encoded within.
  64   int connection_status;
  65
  66   // If the certificate is valid, then this is true iff it was rooted at a
  67   // standard CA root. (As opposed to a user-installed root.)
  68   bool is_issued_by_known_root;
  69
  70   // True if a client certificate was sent to the server.  Note that sending
  71   // a Certificate message with no client certificate in it does not count.
  72   bool client_cert_sent;
  73
  74   // True if a channel ID was sent to the server.
  75   bool channel_id_sent;
  76
  77   HandshakeType handshake_type;
  78
  79   // The hashes, in several algorithms, of the SubjectPublicKeyInfos from
  80   // each certificate in the chain.
  81   HashValueVector public_key_hashes;
  82
  83   // pinning_failure_log contains a message produced by
  84   // TransportSecurityState::DomainState::CheckPublicKeyPins in the event of a
  85   // pinning failure. It is a (somewhat) human-readable string.
  86   std::string pinning_failure_log;
  87
  88   // List of SignedCertificateTimestamps and their corresponding validation
  89   // status.
  90   SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
  91 };
  92
  93 }  // namespace net
  94
  95 #endif  // NET_SSL_SSL_INFO_H_