security/manager/ssl/CommonSocketControl.h

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
   2  *
   3  * This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef CommonSocketControl_h
   8 #define CommonSocketControl_h
   9
  10 #include "CertVerifier.h"
  11 #include "TransportSecurityInfo.h"
  12 #include "mozilla/Maybe.h"
  13 #include "mozilla/net/SSLTokensCache.h"
  14 #include "nsIInterfaceRequestor.h"
  15 #include "nsITLSSocketControl.h"
  16 #include "nsSocketTransportService2.h"
  17
  18 #ifdef DEBUG
  19 #  include "prthread.h"
  20 #  define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
  21     MOZ_ASSERT(mOwningThread == PR_GetCurrentThread())
  22 #else
  23 #  define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
  24     do {                                                  \
  25     } while (false)
  26 #endif
  27
  28 // CommonSocketControl is the base class that implements nsITLSSocketControl.
  29 // Various concrete TLS socket control implementations inherit from this class.
  30 // Currently these implementations consist of NSSSocketControl (a socket
  31 // control for NSS) and QuicSocketControl (a socket control for quic).
  32 // NB: these classes must only be used on the socket thread (the one exception
  33 // being tests that incidentally use CommonSocketControl on the main thread
  34 // (and only the main thread)). This is enforced via the macro
  35 // COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() that should be called at the
  36 // beginning of every function in this class and all subclasses.
  37 class CommonSocketControl : public nsITLSSocketControl {
  38  public:
  39   NS_DECL_THREADSAFE_ISUPPORTS
  40   NS_DECL_NSITLSSOCKETCONTROL
  41
  42   CommonSocketControl(const nsCString& aHostName, int32_t aPort,
  43                       uint32_t aProviderFlags);
  44
  45   // Use "errorCode" 0 to indicate success.
  46   virtual void SetCertVerificationResult(PRErrorCode errorCode) {
  47     MOZ_ASSERT_UNREACHABLE("Subclasses must override this.");
  48   }
  49
  50   const nsACString& GetHostName() {
  51     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  52     return mHostName;
  53   }
  54   int32_t GetPort() {
  55     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  56     return mPort;
  57   }
  58   void SetMadeOCSPRequests(bool aMadeOCSPRequests) {
  59     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  60     mMadeOCSPRequests = aMadeOCSPRequests;
  61   }
  62   bool GetMadeOCSPRequests() {
  63     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  64     return mMadeOCSPRequests;
  65   }
  66   void SetUsedPrivateDNS(bool aUsedPrivateDNS) {
  67     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  68     mUsedPrivateDNS = aUsedPrivateDNS;
  69   }
  70   bool GetUsedPrivateDNS() {
  71     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  72     return mUsedPrivateDNS;
  73   }
  74
  75   void SetServerCert(const nsCOMPtr<nsIX509Cert>& aServerCert,
  76                      mozilla::psm::EVStatus aEVStatus);
  77   already_AddRefed<nsIX509Cert> GetServerCert() {
  78     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  79     return do_AddRef(mServerCert);
  80   }
  81   bool HasServerCert() {
  82     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  83     return mServerCert != nullptr;
  84   }
  85   void SetStatusErrorBits(const nsCOMPtr<nsIX509Cert>& cert,
  86                           nsITransportSecurityInfo::OverridableErrorCategory
  87                               overridableErrorCategory);
  88   bool HasUserOverriddenCertificateError() {
  89     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  90     return mOverridableErrorCategory.isSome() &&
  91            *mOverridableErrorCategory !=
  92                nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
  93   }
  94   void SetSucceededCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
  95   void SetFailedCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
  96   void SetIsBuiltCertChainRootBuiltInRoot(
  97       bool aIsBuiltCertChainRootBuiltInRoot) {
  98     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
  99     mIsBuiltCertChainRootBuiltInRoot = aIsBuiltCertChainRootBuiltInRoot;
 100   }
 101   void SetCertificateTransparencyStatus(
 102       uint16_t aCertificateTransparencyStatus) {
 103     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 104     mCertificateTransparencyStatus = aCertificateTransparencyStatus;
 105   }
 106   void SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes) {
 107     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 108     mOriginAttributes = aOriginAttributes;
 109   }
 110   mozilla::OriginAttributes& GetOriginAttributes() {
 111     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 112     return mOriginAttributes;
 113   }
 114
 115   void SetSecurityState(uint32_t aSecurityState) {
 116     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 117     mSecurityState = aSecurityState;
 118   }
 119   void SetResumed(bool aResumed) {
 120     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 121     mResumed = aResumed;
 122   }
 123
 124   uint32_t GetProviderFlags() const {
 125     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 126     return mProviderFlags;
 127   }
 128   void SetSSLVersionUsed(uint16_t version) {
 129     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 130     mSSLVersionUsed = version;
 131   }
 132   void SetSessionCacheInfo(mozilla::net::SessionCacheInfo&& aInfo) {
 133     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 134     mSessionCacheInfo.reset();
 135     mSessionCacheInfo.emplace(std::move(aInfo));
 136   }
 137   void RebuildCertificateInfoFromSSLTokenCache();
 138   void SetCanceled(PRErrorCode errorCode);
 139   bool IsCanceled() {
 140     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
 141     return mCanceled;
 142   }
 143   int32_t GetErrorCode();
 144
 145  protected:
 146   virtual ~CommonSocketControl() = default;
 147
 148   nsCString mHostName;
 149   int32_t mPort;
 150   mozilla::OriginAttributes mOriginAttributes;
 151
 152   bool mCanceled;
 153   mozilla::Maybe<mozilla::net::SessionCacheInfo> mSessionCacheInfo;
 154   bool mHandshakeCompleted;
 155   bool mJoined;
 156   bool mSentClientCert;
 157   bool mFailedVerification;
 158   uint16_t mSSLVersionUsed;
 159   uint32_t mProviderFlags;
 160
 161   // Fields used to build a TransportSecurityInfo
 162   uint32_t mSecurityState;
 163   PRErrorCode mErrorCode;
 164   // Peer cert chain for failed connections.
 165   nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain;
 166   nsCOMPtr<nsIX509Cert> mServerCert;
 167   nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
 168   mozilla::Maybe<uint16_t> mCipherSuite;
 169   mozilla::Maybe<nsCString> mKeaGroupName;
 170   mozilla::Maybe<nsCString> mSignatureSchemeName;
 171   mozilla::Maybe<uint16_t> mProtocolVersion;
 172   uint16_t mCertificateTransparencyStatus;
 173   mozilla::Maybe<bool> mIsAcceptedEch;
 174   mozilla::Maybe<bool> mIsDelegatedCredential;
 175   mozilla::Maybe<nsITransportSecurityInfo::OverridableErrorCategory>
 176       mOverridableErrorCategory;
 177   bool mMadeOCSPRequests;
 178   bool mUsedPrivateDNS;
 179   mozilla::Maybe<bool> mIsEV;
 180   bool mNPNCompleted;
 181   nsCString mNegotiatedNPN;
 182   bool mResumed;
 183   bool mIsBuiltCertChainRootBuiltInRoot;
 184   nsCString mPeerId;
 185
 186 #ifdef DEBUG
 187   const PRThread* mOwningThread;
 188 #endif
 189 };
 190
 191 #endif  // CommonSocketControl_h