1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_SSL_INFO_H_ 6 #define NET_SSL_SSL_INFO_H_ 7 8 #include <vector> 9 10 #include "base/memory/ref_counted.h" 11 #include "net/base/net_export.h" 12 #include "net/cert/cert_status_flags.h" 13 #include "net/cert/sct_status_flags.h" 14 #include "net/cert/x509_cert_types.h" 15 #include "net/ssl/signed_certificate_timestamp_and_status.h" 16 17 class Pickle; 18 class PickleIterator; 19 20 namespace net { 21 22 class X509Certificate; 23 24 // SSL connection info. 25 // This is really a struct. All members are public. 26 class NET_EXPORT SSLInfo { 27 public: 28 // HandshakeType enumerates the possible resumption cases after an SSL 29 // handshake. 30 enum HandshakeType { 31 HANDSHAKE_UNKNOWN = 0, 32 HANDSHAKE_RESUME, // we resumed a previous session. 33 HANDSHAKE_FULL, // we negotiated a new session. 34 }; 35 36 SSLInfo(); 37 SSLInfo(const SSLInfo& info); 38 ~SSLInfo(); 39 SSLInfo& operator=(const SSLInfo& info); 40 41 void Reset(); 42 is_valid()43 bool is_valid() const { return cert.get() != NULL; } 44 45 // Adds the specified |error| to the cert status. 46 void SetCertError(int error); 47 48 // The SSL certificate. 49 scoped_refptr<X509Certificate> cert; 50 51 // Bitmask of status info of |cert|, representing, for example, known errors 52 // and extended validation (EV) status. 53 // See cert_status_flags.h for values. 54 CertStatus cert_status; 55 56 // The security strength, in bits, of the SSL cipher suite. 57 // 0 means the connection is not encrypted. 58 // -1 means the security strength is unknown. 59 int security_bits; 60 61 // Information about the SSL connection itself. See 62 // ssl_connection_status_flags.h for values. The protocol version, 63 // ciphersuite, and compression in use are encoded within. 64 int connection_status; 65 66 // If the certificate is valid, then this is true iff it was rooted at a 67 // standard CA root. (As opposed to a user-installed root.) 68 bool is_issued_by_known_root; 69 70 // True if a client certificate was sent to the server. Note that sending 71 // a Certificate message with no client certificate in it does not count. 72 bool client_cert_sent; 73 74 // True if a channel ID was sent to the server. 75 bool channel_id_sent; 76 77 HandshakeType handshake_type; 78 79 // The hashes, in several algorithms, of the SubjectPublicKeyInfos from 80 // each certificate in the chain. 81 HashValueVector public_key_hashes; 82 83 // pinning_failure_log contains a message produced by 84 // TransportSecurityState::DomainState::CheckPublicKeyPins in the event of a 85 // pinning failure. It is a (somewhat) human-readable string. 86 std::string pinning_failure_log; 87 88 // List of SignedCertificateTimestamps and their corresponding validation 89 // status. 90 SignedCertificateTimestampAndStatusList signed_certificate_timestamps; 91 }; 92 93 } // namespace net 94 95 #endif // NET_SSL_SSL_INFO_H_ 96