2001-03-06 08:00:47 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
|
|
|
*
|
2012-05-21 15:12:37 +04:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2001-03-06 08:00:47 +03:00
|
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
|
|
2018-09-11 03:07:30 +03:00
|
|
|
interface nsIX509Cert;
|
2014-08-15 22:27:22 +04:00
|
|
|
|
Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.
This (de)serialization will address the performance issues present in the
current implementation.
As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.
Differential Revision: https://phabricator.services.mozilla.com/D35090
--HG--
extra : moz-landing-system : lando
2019-08-28 21:55:31 +03:00
|
|
|
%{ C++
|
|
|
|
|
namespace IPC {
|
|
|
|
|
class Message;
|
|
|
|
|
}
|
|
|
|
|
class PickleIterator;
|
|
|
|
|
%}
|
|
|
|
|
|
|
|
|
|
[ptr] native IpcMessagePtr(IPC::Message);
|
|
|
|
|
[ptr] native PickleIteratorPtr(PickleIterator);
|
|
|
|
|
|
2019-08-21 00:38:24 +03:00
|
|
|
[builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
|
2001-03-06 08:00:47 +03:00
|
|
|
interface nsITransportSecurityInfo : nsISupports {
|
2017-09-23 04:43:18 +03:00
|
|
|
readonly attribute unsigned long securityState;
|
2018-09-11 03:07:30 +03:00
|
|
|
readonly attribute long errorCode; // PRErrorCode
|
2018-03-27 14:31:52 +03:00
|
|
|
// errorCode as string (e.g. "SEC_ERROR_UNKNOWN_ISSUER")
|
|
|
|
|
readonly attribute AString errorCodeString;
|
2014-08-15 22:27:22 +04:00
|
|
|
|
2018-09-11 03:07:30 +03:00
|
|
|
/**
|
|
|
|
|
* The following parameters are only valid after the TLS handshake
|
|
|
|
|
* has completed. Check securityState first.
|
|
|
|
|
*/
|
|
|
|
|
|
2014-08-15 22:27:22 +04:00
|
|
|
/**
|
|
|
|
|
* If certificate verification failed, this will be the peer certificate
|
|
|
|
|
* chain provided in the handshake, so it can be used for error reporting.
|
2019-10-29 20:20:07 +03:00
|
|
|
* If verification succeeded, this will be empty.
|
2014-08-15 22:27:22 +04:00
|
|
|
*/
|
2019-10-29 20:20:07 +03:00
|
|
|
readonly attribute Array<nsIX509Cert> failedCertChain;
|
2018-07-13 21:48:55 +03:00
|
|
|
|
2018-09-11 03:07:30 +03:00
|
|
|
readonly attribute nsIX509Cert serverCert;
|
2019-10-29 20:20:07 +03:00
|
|
|
readonly attribute Array<nsIX509Cert> succeededCertChain;
|
2018-09-11 03:07:30 +03:00
|
|
|
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute ACString cipherName;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute unsigned long keyLength;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute unsigned long secretKeyLength;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute ACString keaGroupName;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute ACString signatureSchemeName;
|
|
|
|
|
|
|
|
|
|
const short SSL_VERSION_3 = 0;
|
|
|
|
|
const short TLS_VERSION_1 = 1;
|
|
|
|
|
const short TLS_VERSION_1_1 = 2;
|
|
|
|
|
const short TLS_VERSION_1_2 = 3;
|
|
|
|
|
const short TLS_VERSION_1_3 = 4;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute unsigned short protocolVersion;
|
|
|
|
|
|
|
|
|
|
const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE = 0;
|
|
|
|
|
const short CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT = 5;
|
|
|
|
|
const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS = 6;
|
|
|
|
|
const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS = 7;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute unsigned short certificateTransparencyStatus;
|
|
|
|
|
|
2019-09-11 18:19:57 +03:00
|
|
|
[must_use]
|
|
|
|
|
readonly attribute boolean isDelegatedCredential;
|
2018-09-11 03:07:30 +03:00
|
|
|
[must_use]
|
|
|
|
|
readonly attribute boolean isDomainMismatch;
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute boolean isNotValidAtThisTime;
|
|
|
|
|
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute boolean isUntrusted;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* True only if (and after) serverCert was successfully validated as
|
|
|
|
|
* Extended Validation (EV).
|
|
|
|
|
*/
|
|
|
|
|
[must_use]
|
|
|
|
|
readonly attribute boolean isExtendedValidation;
|
Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.
This (de)serialization will address the performance issues present in the
current implementation.
As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.
Differential Revision: https://phabricator.services.mozilla.com/D35090
--HG--
extra : moz-landing-system : lando
2019-08-28 21:55:31 +03:00
|
|
|
|
|
|
|
|
[notxpcom, noscript]
|
|
|
|
|
void SerializeToIPC(in IpcMessagePtr aMsg);
|
|
|
|
|
|
|
|
|
|
[notxpcom, noscript]
|
|
|
|
|
bool DeserializeFromIPC([const] in IpcMessagePtr aMsg, in PickleIteratorPtr aIter);
|
2020-03-02 23:28:15 +03:00
|
|
|
|
|
|
|
|
/* negotiatedNPN is '' if no NPN list was provided by the client,
|
|
|
|
|
* or if the server did not select any protocol choice from that
|
|
|
|
|
* list. That also includes the case where the server does not
|
|
|
|
|
* implement NPN.
|
|
|
|
|
*
|
|
|
|
|
* If negotiatedNPN is read before NPN has progressed to the point
|
|
|
|
|
* where this information is available NS_ERROR_NOT_CONNECTED is
|
|
|
|
|
* raised.
|
|
|
|
|
*/
|
|
|
|
|
readonly attribute ACString negotiatedNPN;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* True iff the connection was resumed using the resumption token.
|
|
|
|
|
*/
|
|
|
|
|
readonly attribute boolean resumed;
|
2020-04-24 17:45:56 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* True iff the succeededCertChain is built in root.
|
|
|
|
|
*/
|
|
|
|
|
attribute boolean isBuiltCertChainRootBuiltInRoot;
|
2001-03-06 08:00:47 +03:00
|
|
|
};
|
