1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_SSL_SSL_INFO_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_SSL_SSL_INFO_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include "base/memory/scoped_refptr.h" 9*6777b538SAndroid Build Coastguard Worker #include "net/base/hash_value.h" 10*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 11*6777b538SAndroid Build Coastguard Worker #include "net/cert/cert_status_flags.h" 12*6777b538SAndroid Build Coastguard Worker #include "net/cert/ct_policy_status.h" 13*6777b538SAndroid Build Coastguard Worker #include "net/cert/sct_status_flags.h" 14*6777b538SAndroid Build Coastguard Worker #include "net/cert/signed_certificate_timestamp_and_status.h" 15*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/pki/ocsp_verify_result.h" 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker namespace net { 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker class X509Certificate; 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker // SSL connection info. 22*6777b538SAndroid Build Coastguard Worker // This is really a struct. All members are public. 23*6777b538SAndroid Build Coastguard Worker class NET_EXPORT SSLInfo { 24*6777b538SAndroid Build Coastguard Worker public: 25*6777b538SAndroid Build Coastguard Worker // HandshakeType enumerates the possible resumption cases after an SSL 26*6777b538SAndroid Build Coastguard Worker // handshake. 27*6777b538SAndroid Build Coastguard Worker enum HandshakeType { 28*6777b538SAndroid Build Coastguard Worker HANDSHAKE_UNKNOWN = 0, 29*6777b538SAndroid Build Coastguard Worker HANDSHAKE_RESUME, // we resumed a previous session. 30*6777b538SAndroid Build Coastguard Worker HANDSHAKE_FULL, // we negotiated a new session. 31*6777b538SAndroid Build Coastguard Worker }; 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker SSLInfo(); 34*6777b538SAndroid Build Coastguard Worker SSLInfo(const SSLInfo& info); 35*6777b538SAndroid Build Coastguard Worker ~SSLInfo(); 36*6777b538SAndroid Build Coastguard Worker SSLInfo& operator=(const SSLInfo& info); 37*6777b538SAndroid Build Coastguard Worker 38*6777b538SAndroid Build Coastguard Worker void Reset(); 39*6777b538SAndroid Build Coastguard Worker is_valid()40*6777b538SAndroid Build Coastguard Worker bool is_valid() const { return cert.get() != nullptr; } 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Worker // The SSL certificate. 43*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> cert; 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker // The SSL certificate as received by the client. Can be different 46*6777b538SAndroid Build Coastguard Worker // from |cert|, which is the chain as built by the client during 47*6777b538SAndroid Build Coastguard Worker // validation. 48*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> unverified_cert; 49*6777b538SAndroid Build Coastguard Worker 50*6777b538SAndroid Build Coastguard Worker // Bitmask of status info of |cert|, representing, for example, known errors 51*6777b538SAndroid Build Coastguard Worker // and extended validation (EV) status. 52*6777b538SAndroid Build Coastguard Worker // See cert_status_flags.h for values. 53*6777b538SAndroid Build Coastguard Worker CertStatus cert_status = 0; 54*6777b538SAndroid Build Coastguard Worker 55*6777b538SAndroid Build Coastguard Worker // The ID of the (EC)DH group used by the key exchange or zero if unknown 56*6777b538SAndroid Build Coastguard Worker // (older cache entries may not store the value) or not applicable. 57*6777b538SAndroid Build Coastguard Worker uint16_t key_exchange_group = 0; 58*6777b538SAndroid Build Coastguard Worker 59*6777b538SAndroid Build Coastguard Worker // The signature algorithm used by the peer in the TLS handshake, as defined 60*6777b538SAndroid Build Coastguard Worker // by the TLS SignatureScheme registry 61*6777b538SAndroid Build Coastguard Worker // (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme). 62*6777b538SAndroid Build Coastguard Worker // These correspond to |SSL_SIGN_*| constants in BoringSSL. The value is zero 63*6777b538SAndroid Build Coastguard Worker // if unknown (older cache entries may not store the value) or not applicable. 64*6777b538SAndroid Build Coastguard Worker uint16_t peer_signature_algorithm = 0; 65*6777b538SAndroid Build Coastguard Worker 66*6777b538SAndroid Build Coastguard Worker // Information about the SSL connection itself. See 67*6777b538SAndroid Build Coastguard Worker // ssl_connection_status_flags.h for values. The protocol version, 68*6777b538SAndroid Build Coastguard Worker // ciphersuite, and compression in use are encoded within. 69*6777b538SAndroid Build Coastguard Worker int connection_status = 0; 70*6777b538SAndroid Build Coastguard Worker 71*6777b538SAndroid Build Coastguard Worker // If the certificate is valid, then this is true iff it was rooted at a 72*6777b538SAndroid Build Coastguard Worker // standard CA root. (As opposed to a user-installed root.) 73*6777b538SAndroid Build Coastguard Worker bool is_issued_by_known_root = false; 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker // True if pinning was bypassed on this connection. 76*6777b538SAndroid Build Coastguard Worker bool pkp_bypassed = false; 77*6777b538SAndroid Build Coastguard Worker 78*6777b538SAndroid Build Coastguard Worker // True if a client certificate was sent to the server. Note that sending 79*6777b538SAndroid Build Coastguard Worker // a Certificate message with no client certificate in it does not count. 80*6777b538SAndroid Build Coastguard Worker bool client_cert_sent = false; 81*6777b538SAndroid Build Coastguard Worker 82*6777b538SAndroid Build Coastguard Worker // True if data was received over early data on the server. This field is only 83*6777b538SAndroid Build Coastguard Worker // set for server sockets. 84*6777b538SAndroid Build Coastguard Worker bool early_data_received = false; 85*6777b538SAndroid Build Coastguard Worker 86*6777b538SAndroid Build Coastguard Worker // True if the connection negotiated the Encrypted ClientHello extension. 87*6777b538SAndroid Build Coastguard Worker bool encrypted_client_hello = false; 88*6777b538SAndroid Build Coastguard Worker 89*6777b538SAndroid Build Coastguard Worker HandshakeType handshake_type = HANDSHAKE_UNKNOWN; 90*6777b538SAndroid Build Coastguard Worker 91*6777b538SAndroid Build Coastguard Worker // The hashes, in several algorithms, of the SubjectPublicKeyInfos from 92*6777b538SAndroid Build Coastguard Worker // each certificate in the chain. 93*6777b538SAndroid Build Coastguard Worker HashValueVector public_key_hashes; 94*6777b538SAndroid Build Coastguard Worker 95*6777b538SAndroid Build Coastguard Worker // List of SignedCertificateTimestamps and their corresponding validation 96*6777b538SAndroid Build Coastguard Worker // status. 97*6777b538SAndroid Build Coastguard Worker SignedCertificateTimestampAndStatusList signed_certificate_timestamps; 98*6777b538SAndroid Build Coastguard Worker 99*6777b538SAndroid Build Coastguard Worker // Whether the connection complied with the CT cert policy, and if 100*6777b538SAndroid Build Coastguard Worker // not, why not. 101*6777b538SAndroid Build Coastguard Worker ct::CTPolicyCompliance ct_policy_compliance = 102*6777b538SAndroid Build Coastguard Worker ct::CTPolicyCompliance::CT_POLICY_COMPLIANCE_DETAILS_NOT_AVAILABLE; 103*6777b538SAndroid Build Coastguard Worker 104*6777b538SAndroid Build Coastguard Worker // OCSP stapling details. 105*6777b538SAndroid Build Coastguard Worker bssl::OCSPVerifyResult ocsp_result; 106*6777b538SAndroid Build Coastguard Worker 107*6777b538SAndroid Build Coastguard Worker // True if there was a certificate error which should be treated as fatal, 108*6777b538SAndroid Build Coastguard Worker // and false otherwise. 109*6777b538SAndroid Build Coastguard Worker bool is_fatal_cert_error = false; 110*6777b538SAndroid Build Coastguard Worker }; 111*6777b538SAndroid Build Coastguard Worker 112*6777b538SAndroid Build Coastguard Worker } // namespace net 113*6777b538SAndroid Build Coastguard Worker 114*6777b538SAndroid Build Coastguard Worker #endif // NET_SSL_SSL_INFO_H_ 115