blob: 309de8f241a847e92b8d5d27307331e078bc8c9d [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// These interfaces support a trial comparing two different implementations of
// certificate verification, where the certificate verification may occur in
// one process and the configuration and reporting in another. They will be
// removed when the trial is completed.
// See
module network.mojom;
import "mojo/public/mojom/base/time.mojom";
import "services/network/public/mojom/network_param.mojom";
// Receives cert verifier trial configuration updates.
interface TrialComparisonCertVerifierConfigClient {
OnTrialConfigUpdated(bool allowed);
struct MacCertEvidenceInfo {
// A bitfield indicating various status of the cert, defined in cssmapple.h
uint32 status_bits;
// CSSM_RETURN status codes for the cert, defined in cssmtype.h, values in
// cssmerr.h and cssmErrorStrings.h.
array<int32> status_codes;
struct MacPlatformVerifierDebugInfo {
// The SecTrustResultType result from SecTrustEvaluate.
uint32 trust_result;
// The OSStatus resultCode from SecTrustGetCssmResultCode.
int32 result_code;
// The CSSM_TP_APPLE_EVIDENCE_INFO statusChain from SecTrustGetResult. Each
// entry corresponds to one of the certs in the verified chain (leaf first).
array<MacCertEvidenceInfo> status_chain;
// Contains additional debugging data about the verification. This information
// does not change the meaning of the results.
struct CertVerifierDebugInfo {
// A bitfield of net::TrustStoreMac::TrustDebugInfo flags, containing the
// union of flags from all the GetTrust calls done during verification.
int32 mac_combined_trust_debug_info;
MacPlatformVerifierDebugInfo? mac_platform_debug_info;
// The time as seen by CertVerifyProcBuiltin, in raw timestamp and in
// exploded & encoded GeneralizedTime string.
mojo_base.mojom.Time trial_verification_time;
string trial_der_verification_time;
// Sends reports of differences found in the cert verifier trial.
interface TrialComparisonCertVerifierReportClient {
string hostname, X509Certificate cert, bool enable_rev_checking,
bool require_rev_checking_local_anchors, bool enable_sha1_local_anchors,
bool disable_symantec_enforcement, array<uint8> stapled_ocsp,
array<uint8> sct_list, CertVerifyResult primary_result,
CertVerifyResult trial_result, CertVerifierDebugInfo debug_info);
// Parameters for initializing the cert verification trial.
// |initial_allowed| is the initial setting for whether the trial is allowed.
// |config_client_receiver| is the Mojo pipe over which trial configuration
// updates are received.
// |report_client| is the Mojo pipe used to send trial reports.
struct TrialComparisonCertVerifierParams {
bool initial_allowed = false;
pending_remote<TrialComparisonCertVerifierReportClient>? report_client;