/src/mozilla-central/security/manager/ssl/TransportSecurityInfo.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef TransportSecurityInfo_h
#define TransportSecurityInfo_h

#include "CertVerifier.h" // For CertificateTransparencyInfo
#include "ScopedNSSTypes.h"
#include "certt.h"
#include "mozilla/Assertions.h"
#include "mozilla/BasePrincipal.h"
#include "mozilla/Mutex.h"
#include "mozilla/RefPtr.h"
#include "nsDataHashtable.h"
#include "nsIClassInfo.h"
#include "nsIInterfaceRequestor.h"
#include "nsITransportSecurityInfo.h"
#include "nsNSSCertificate.h"
#include "nsString.h"
#include "pkix/pkixtypes.h"

namespace mozilla { namespace psm {

enum class EVStatus {
  NotEV = 0,
  EV = 1,
};

class TransportSecurityInfo : public nsITransportSecurityInfo
                            , public nsIInterfaceRequestor
                            , public nsISerializable
                            , public nsIClassInfo
{
protected:
  virtual ~TransportSecurityInfo() {}
public:
  TransportSecurityInfo();

  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSITRANSPORTSECURITYINFO
  NS_DECL_NSIINTERFACEREQUESTOR
  NS_DECL_NSISERIALIZABLE
  NS_DECL_NSICLASSINFO

  void SetSecurityState(uint32_t aState);

  inline int32_t GetErrorCode()
  {
    int32_t result;
    mozilla::DebugOnly<nsresult> rv = GetErrorCode(&result);
    MOZ_ASSERT(NS_SUCCEEDED(rv));
    return result;
  }

  const nsACString & GetHostName() const { return mHostName; }

  void SetHostName(const char* host);

  int32_t GetPort() const { return mPort; }
  void SetPort(int32_t aPort);

  const OriginAttributes& GetOriginAttributes() const {
    return mOriginAttributes;
  }
  void SetOriginAttributes(const OriginAttributes& aOriginAttributes);

  void SetCanceled(PRErrorCode errorCode);

  void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors);

  nsresult SetFailedCertChain(UniqueCERTCertList certList);

  void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus);

  nsresult SetSucceededCertChain(mozilla::UniqueCERTCertList certList);

  bool HasServerCert() {
    return mServerCert != nullptr;
  }

  void SetCertificateTransparencyInfo(
    const mozilla::psm::CertificateTransparencyInfo& info);

  uint16_t mCipherSuite;
  uint16_t mProtocolVersion;
  uint16_t mCertificateTransparencyStatus;
  nsCString mKeaGroup;
  nsCString mSignatureSchemeName;

  bool mIsDomainMismatch;
  bool mIsNotValidAtThisTime;
  bool mIsUntrusted;
  bool mIsEV;

  bool mHasIsEVStatus;
  bool mHaveCipherSuiteAndProtocol;

  /* mHaveCertErrrorBits is relied on to determine whether or not a SPDY
     connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */
  bool mHaveCertErrorBits;

private:
  mutable ::mozilla::Mutex mMutex;

protected:
  nsCOMPtr<nsIInterfaceRequestor> mCallbacks;

private:
  uint32_t mSecurityState;

  PRErrorCode mErrorCode;

  int32_t mPort;
  nsCString mHostName;
  OriginAttributes mOriginAttributes;

  nsCOMPtr<nsIX509Cert> mServerCert;
  nsCOMPtr<nsIX509CertList> mSucceededCertChain;

  /* Peer cert chain for failed connections (for error reporting) */
  nsCOMPtr<nsIX509CertList> mFailedCertChain;

  nsresult ReadSSLStatus(nsIObjectInputStream* aStream);
};

class RememberCertErrorsTable
{
private:
  RememberCertErrorsTable();

  struct CertStateBits
  {
    bool mIsDomainMismatch;
    bool mIsNotValidAtThisTime;
    bool mIsUntrusted;
  };
  nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts;

public:
  void RememberCertHasError(TransportSecurityInfo* infoObject,
                            SECStatus certVerificationResult);
  void LookupCertErrorBits(TransportSecurityInfo* infoObject);

  static void Init()
  {
    sInstance = new RememberCertErrorsTable();
  }

  static RememberCertErrorsTable & GetInstance()
  {
    MOZ_ASSERT(sInstance);
    return *sInstance;
  }

  static void Cleanup()
  {
    delete sInstance;
    sInstance = nullptr;
  }
private:
  Mutex mMutex;

  static RememberCertErrorsTable * sInstance;
};

} } // namespace mozilla::psm

// 16786594-0296-4471-8096-8f84497ca428
#define TRANSPORTSECURITYINFO_CID \
{ 0x16786594, 0x0296, 0x4471, \
    { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }

#endif // TransportSecurityInfo_h

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --
2		*
3		* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#ifndef TransportSecurityInfo_h
8		#define TransportSecurityInfo_h
9
10		#include "CertVerifier.h" // For CertificateTransparencyInfo
11		#include "ScopedNSSTypes.h"
12		#include "certt.h"
13		#include "mozilla/Assertions.h"
14		#include "mozilla/BasePrincipal.h"
15		#include "mozilla/Mutex.h"
16		#include "mozilla/RefPtr.h"
17		#include "nsDataHashtable.h"
18		#include "nsIClassInfo.h"
19		#include "nsIInterfaceRequestor.h"
20		#include "nsITransportSecurityInfo.h"
21		#include "nsNSSCertificate.h"
22		#include "nsString.h"
23		#include "pkix/pkixtypes.h"
24
25		namespace mozilla { namespace psm {
26
27		enum class EVStatus {
28		NotEV = 0,
29		EV = 1,
30		};
31
32		class TransportSecurityInfo : public nsITransportSecurityInfo
33		, public nsIInterfaceRequestor
34		, public nsISerializable
35		, public nsIClassInfo
36		{
37		protected:
38	0	virtual ~TransportSecurityInfo() {}
39		public:
40		TransportSecurityInfo();
41
42		NS_DECL_THREADSAFE_ISUPPORTS
43		NS_DECL_NSITRANSPORTSECURITYINFO
44		NS_DECL_NSIINTERFACEREQUESTOR
45		NS_DECL_NSISERIALIZABLE
46		NS_DECL_NSICLASSINFO
47
48		void SetSecurityState(uint32_t aState);
49
50		inline int32_t GetErrorCode()
51	0	{
52	0	int32_t result;
53	0	mozilla::DebugOnly<nsresult> rv = GetErrorCode(&result);
54	0	MOZ_ASSERT(NS_SUCCEEDED(rv));
55	0	return result;
56	0	}
57
58	0	const nsACString & GetHostName() const { return mHostName; }
59
60		void SetHostName(const char* host);
61
62	0	int32_t GetPort() const { return mPort; }
63		void SetPort(int32_t aPort);
64
65	0	const OriginAttributes& GetOriginAttributes() const {
66	0	return mOriginAttributes;
67	0	}
68		void SetOriginAttributes(const OriginAttributes& aOriginAttributes);
69
70		void SetCanceled(PRErrorCode errorCode);
71
72		void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors);
73
74		nsresult SetFailedCertChain(UniqueCERTCertList certList);
75
76		void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus);
77
78		nsresult SetSucceededCertChain(mozilla::UniqueCERTCertList certList);
79
80	0	bool HasServerCert() {
81	0	return mServerCert != nullptr;
82	0	}
83
84		void SetCertificateTransparencyInfo(
85		const mozilla::psm::CertificateTransparencyInfo& info);
86
87		uint16_t mCipherSuite;
88		uint16_t mProtocolVersion;
89		uint16_t mCertificateTransparencyStatus;
90		nsCString mKeaGroup;
91		nsCString mSignatureSchemeName;
92
93		bool mIsDomainMismatch;
94		bool mIsNotValidAtThisTime;
95		bool mIsUntrusted;
96		bool mIsEV;
97
98		bool mHasIsEVStatus;
99		bool mHaveCipherSuiteAndProtocol;
100
101		/* mHaveCertErrrorBits is relied on to determine whether or not a SPDY
102		connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */
103		bool mHaveCertErrorBits;
104
105		private:
106		mutable ::mozilla::Mutex mMutex;
107
108		protected:
109		nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
110
111		private:
112		uint32_t mSecurityState;
113
114		PRErrorCode mErrorCode;
115
116		int32_t mPort;
117		nsCString mHostName;
118		OriginAttributes mOriginAttributes;
119
120		nsCOMPtr<nsIX509Cert> mServerCert;
121		nsCOMPtr<nsIX509CertList> mSucceededCertChain;
122
123		/* Peer cert chain for failed connections (for error reporting) */
124		nsCOMPtr<nsIX509CertList> mFailedCertChain;
125
126		nsresult ReadSSLStatus(nsIObjectInputStream* aStream);
127		};
128
129		class RememberCertErrorsTable
130		{
131		private:
132		RememberCertErrorsTable();
133
134		struct CertStateBits
135		{
136		bool mIsDomainMismatch;
137		bool mIsNotValidAtThisTime;
138		bool mIsUntrusted;
139		};
140		nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts;
141
142		public:
143		void RememberCertHasError(TransportSecurityInfo* infoObject,
144		SECStatus certVerificationResult);
145		void LookupCertErrorBits(TransportSecurityInfo* infoObject);
146
147		static void Init()
148	0	{
149	0	sInstance = new RememberCertErrorsTable();
150	0	}
151
152		static RememberCertErrorsTable & GetInstance()
153	0	{
154	0	MOZ_ASSERT(sInstance);
155	0	return *sInstance;
156	0	}
157
158		static void Cleanup()
159	0	{
160	0	delete sInstance;
161	0	sInstance = nullptr;
162	0	}
163		private:
164		Mutex mMutex;
165
166		static RememberCertErrorsTable * sInstance;
167		};
168
169		} } // namespace mozilla::psm
170
171		// 16786594-0296-4471-8096-8f84497ca428
172		#define TRANSPORTSECURITYINFO_CID \
173		{ 0x16786594, 0x0296, 0x4471, \
174		{ 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
175
176		#endif // TransportSecurityInfo_h

Coverage Report

Created: 2018-09-25 14:53