Bug 783551 - Get tooltool running on the b2g on OS X builds. r=respindola
[gecko.git] / security / manager / ssl / src / nsNSSIOLayer.h
blob6465a0474c6a185b9ea077f2e50f23e6a19bddd5
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef _NSNSSIOLAYER_H
8 #define _NSNSSIOLAYER_H
10 #include "TransportSecurityInfo.h"
11 #include "nsISSLSocketControl.h"
12 #include "nsIClientAuthDialogs.h"
13 #include "nsAutoPtr.h"
14 #include "nsNSSCertificate.h"
15 #include "nsDataHashtable.h"
16 #include "nsTHashtable.h"
18 class nsNSSSocketInfo : public mozilla::psm::TransportSecurityInfo,
19 public nsISSLSocketControl,
20 public nsIClientAuthUserDecision
22 public:
23 nsNSSSocketInfo();
25 NS_DECL_ISUPPORTS_INHERITED
26 NS_DECL_NSISSLSOCKETCONTROL
27 NS_DECL_NSICLIENTAUTHUSERDECISION
29 nsresult SetForSTARTTLS(bool aForSTARTTLS);
30 nsresult GetForSTARTTLS(bool *aForSTARTTLS);
32 nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
33 nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
35 nsresult GetHandshakePending(bool *aHandshakePending);
36 nsresult SetHandshakePending(bool aHandshakePending);
38 void GetPreviousCert(nsIX509Cert** _result);
40 void SetHasCleartextPhase(bool aHasCleartextPhase);
41 bool GetHasCleartextPhase();
43 void SetHandshakeInProgress(bool aIsIn);
44 bool GetHandshakeInProgress() { return mHandshakeInProgress; }
45 void SetFirstServerHelloReceived() { mFirstServerHelloReceived = true; }
46 bool HandshakeTimeout();
48 void SetAllowTLSIntoleranceTimeout(bool aAllow);
50 PRStatus CloseSocketAndDestroy(
51 const nsNSSShutDownPreventionLock & proofOfLock);
53 void SetNegotiatedNPN(const char *value, PRUint32 length);
54 void SetHandshakeCompleted() { mHandshakeCompleted = true; }
56 bool GetJoined() { return mJoined; }
57 void SetSentClientCert() { mSentClientCert = true; }
59 // XXX: These are only used on for diagnostic purposes
60 enum CertVerificationState {
61 before_cert_verification,
62 waiting_for_cert_verification,
63 after_cert_verification
65 void SetCertVerificationWaiting();
66 // Use errorCode == 0 to indicate success; in that case, errorMessageType is
67 // ignored.
68 void SetCertVerificationResult(PRErrorCode errorCode,
69 ::mozilla::psm::SSLErrorMessageType errorMessageType);
71 // for logging only
72 PRBool IsWaitingForCertVerification() const
74 return mCertVerificationState == waiting_for_cert_verification;
77 bool IsSSL3Enabled() const { return mSSL3Enabled; }
78 void SetSSL3Enabled(bool enabled) { mSSL3Enabled = enabled; }
79 bool IsTLSEnabled() const { return mTLSEnabled; }
80 void SetTLSEnabled(bool enabled) { mTLSEnabled = enabled; }
81 private:
82 PRFileDesc* mFd;
84 CertVerificationState mCertVerificationState;
86 bool mForSTARTTLS;
87 bool mSSL3Enabled;
88 bool mTLSEnabled;
89 bool mHandshakePending;
90 bool mHasCleartextPhase;
91 bool mHandshakeInProgress;
92 bool mAllowTLSIntoleranceTimeout;
93 bool mRememberClientAuthCertificate;
94 PRIntervalTime mHandshakeStartTime;
95 bool mFirstServerHelloReceived;
97 nsresult ActivateSSL();
99 nsCString mNegotiatedNPN;
100 bool mNPNCompleted;
101 bool mHandshakeCompleted;
102 bool mJoined;
103 bool mSentClientCert;
106 class nsSSLIOLayerHelpers
108 public:
109 static nsresult Init();
110 static void Cleanup();
112 static bool nsSSLIOLayerInitialized;
113 static PRDescIdentity nsSSLIOLayerIdentity;
114 static PRIOMethods nsSSLIOLayerMethods;
116 static mozilla::Mutex *mutex;
117 static nsTHashtable<nsCStringHashKey> *mTLSIntolerantSites;
118 static nsTHashtable<nsCStringHashKey> *mTLSTolerantSites;
120 static nsTHashtable<nsCStringHashKey> *mRenegoUnrestrictedSites;
121 static bool mTreatUnsafeNegotiationAsBroken;
122 static PRInt32 mWarnLevelMissingRFC5746;
124 static void setTreatUnsafeNegotiationAsBroken(bool broken);
125 static bool treatUnsafeNegotiationAsBroken();
127 static void setWarnLevelMissingRFC5746(PRInt32 level);
128 static PRInt32 getWarnLevelMissingRFC5746();
130 static void getSiteKey(nsNSSSocketInfo *socketInfo, nsCSubstring &key);
131 static bool rememberPossibleTLSProblemSite(nsNSSSocketInfo *socketInfo);
132 static void rememberTolerantSite(nsNSSSocketInfo *socketInfo);
134 static void addIntolerantSite(const nsCString &str);
135 static void removeIntolerantSite(const nsCString &str);
136 static bool isKnownAsIntolerantSite(const nsCString &str);
138 static void setRenegoUnrestrictedSites(const nsCString &str);
139 static bool isRenegoUnrestrictedSite(const nsCString &str);
142 nsresult nsSSLIOLayerNewSocket(PRInt32 family,
143 const char *host,
144 PRInt32 port,
145 const char *proxyHost,
146 PRInt32 proxyPort,
147 PRFileDesc **fd,
148 nsISupports **securityInfo,
149 bool forSTARTTLS,
150 bool anonymousLoad);
152 nsresult nsSSLIOLayerAddToSocket(PRInt32 family,
153 const char *host,
154 PRInt32 port,
155 const char *proxyHost,
156 PRInt32 proxyPort,
157 PRFileDesc *fd,
158 nsISupports **securityInfo,
159 bool forSTARTTLS,
160 bool anonymousLoad);
162 nsresult nsSSLIOLayerFreeTLSIntolerantSites();
163 nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo *infoObject, int error);
165 #endif /* _NSNSSIOLAYER_H */