a5814edff6
Previously the PVerifySSLServerCert protocol consisted of two functions: one to call when certificate verification succeeded, and another to call upon failure. This was unnecessary, as the code before and after this protocol didn't have the same split. This patch unifies the protocol to better match the surrounding code. It also takes the opportunity to make use of some IPC helpers to serialize enums rather than manually casting to and from basic integer types. Differential Revision: https://phabricator.services.mozilla.com/D212594
62 lines
2.1 KiB
C++
62 lines
2.1 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set sw=2 ts=8 et tw=80 : */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef mozilla_psm_VerifySSLServerCertChild_h__
|
|
#define mozilla_psm_VerifySSLServerCertChild_h__
|
|
|
|
#include "mozilla/psm/PVerifySSLServerCertChild.h"
|
|
|
|
#include "SSLServerCertVerification.h"
|
|
#include "mozilla/RefPtr.h"
|
|
#include "nsISupportsImpl.h"
|
|
#include "nsString.h"
|
|
#include "seccomon.h"
|
|
|
|
namespace mozilla {
|
|
namespace psm {
|
|
|
|
class DelegatedCredentialInfo;
|
|
|
|
// This class implements the socket process part of the server certificate
|
|
// verification IPC protocol.
|
|
class VerifySSLServerCertChild : public PVerifySSLServerCertChild {
|
|
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(VerifySSLServerCertChild, override);
|
|
|
|
explicit VerifySSLServerCertChild(
|
|
SSLServerCertVerificationResult* aResultTask,
|
|
nsTArray<nsTArray<uint8_t>>&& aPeerCertChain, uint32_t aProviderFlags);
|
|
|
|
ipc::IPCResult RecvOnVerifySSLServerCertFinished(
|
|
nsTArray<ByteArray>&& aBuiltCertChain,
|
|
const uint16_t& aCertTransparencyStatus, const EVStatus& aEVStatus,
|
|
const bool& aSucceeded, int32_t aFinalError,
|
|
const nsITransportSecurityInfo::OverridableErrorCategory&
|
|
aOverridableErrorCategory,
|
|
const bool& aIsBuiltCertChainRootBuiltInRoot,
|
|
const bool& aMadeOCSPRequests);
|
|
|
|
private:
|
|
~VerifySSLServerCertChild() = default;
|
|
|
|
RefPtr<SSLServerCertVerificationResult> mResultTask;
|
|
nsTArray<nsTArray<uint8_t>> mPeerCertChain;
|
|
uint32_t mProviderFlags;
|
|
};
|
|
|
|
SECStatus RemoteProcessCertVerification(
|
|
nsTArray<nsTArray<uint8_t>>&& aPeerCertChain, const nsACString& aHostName,
|
|
int32_t aPort, const OriginAttributes& aOriginAttributes,
|
|
Maybe<nsTArray<uint8_t>>& aStapledOCSPResponse,
|
|
Maybe<nsTArray<uint8_t>>& aSctsFromTLSExtension,
|
|
Maybe<DelegatedCredentialInfo>& aDcInfo, uint32_t aProviderFlags,
|
|
uint32_t aCertVerifierFlags, SSLServerCertVerificationResult* aResultTask);
|
|
|
|
} // namespace psm
|
|
} // namespace mozilla
|
|
|
|
#endif
|