Skip to main content

browser_protocol/security/
mod.rs

1use serde::{Serialize, Deserialize};
2
3/// An internal certificate ID value.
4
5pub type CertificateId = i64;
6
7/// A description of mixed content (HTTP resources on HTTPS pages), as defined by
8/// <https://www.w3.org/TR/mixed-content/#categories>
9
10#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
11pub enum MixedContentType {
12    #[default]
13    Blockable,
14    OptionallyBlockable,
15    None,
16}
17
18/// The security level of a page or resource.
19
20#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
21pub enum SecurityState {
22    #[default]
23    Unknown,
24    Neutral,
25    Insecure,
26    Secure,
27    Info,
28    InsecureBroken,
29}
30
31/// Details about the security state of the page certificate.
32
33#[derive(Debug, Clone, Serialize, Deserialize, Default)]
34#[serde(rename_all = "camelCase")]
35pub struct CertificateSecurityState {
36    /// Protocol name (e.g. "TLS 1.2" or "QUIC").
37
38    pub protocol: String,
39    /// Key Exchange used by the connection, or the empty string if not applicable.
40
41    pub keyExchange: String,
42    /// (EC)DH group used by the connection, if applicable.
43
44    #[serde(skip_serializing_if = "Option::is_none")]
45    pub keyExchangeGroup: Option<String>,
46    /// Cipher name.
47
48    pub cipher: String,
49    /// TLS MAC. Note that AEAD ciphers do not have separate MACs.
50
51    #[serde(skip_serializing_if = "Option::is_none")]
52    pub mac: Option<String>,
53    /// Page certificate.
54
55    pub certificate: Vec<String>,
56    /// Certificate subject name.
57
58    pub subjectName: String,
59    /// Name of the issuing CA.
60
61    pub issuer: String,
62    /// Certificate valid from date.
63
64    pub validFrom: crate::network::TimeSinceEpoch,
65    /// Certificate valid to (expiration) date
66
67    pub validTo: crate::network::TimeSinceEpoch,
68    /// The highest priority network error code, if the certificate has an error.
69
70    #[serde(skip_serializing_if = "Option::is_none")]
71    pub certificateNetworkError: Option<String>,
72    /// True if the certificate uses a weak signature algorithm.
73
74    pub certificateHasWeakSignature: bool,
75    /// True if the certificate has a SHA1 signature in the chain.
76
77    pub certificateHasSha1Signature: bool,
78    /// True if modern SSL
79
80    pub modernSSL: bool,
81    /// True if the connection is using an obsolete SSL protocol.
82
83    pub obsoleteSslProtocol: bool,
84    /// True if the connection is using an obsolete SSL key exchange.
85
86    pub obsoleteSslKeyExchange: bool,
87    /// True if the connection is using an obsolete SSL cipher.
88
89    pub obsoleteSslCipher: bool,
90    /// True if the connection is using an obsolete SSL signature.
91
92    pub obsoleteSslSignature: bool,
93}
94
95
96#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
97pub enum SafetyTipStatus {
98    #[default]
99    BadReputation,
100    Lookalike,
101}
102
103
104#[derive(Debug, Clone, Serialize, Deserialize, Default)]
105#[serde(rename_all = "camelCase")]
106pub struct SafetyTipInfo {
107    /// Describes whether the page triggers any safety tips or reputation warnings. Default is unknown.
108
109    pub safetyTipStatus: SafetyTipStatus,
110    /// The URL the safety tip suggested ("Did you mean?"). Only filled in for lookalike matches.
111
112    #[serde(skip_serializing_if = "Option::is_none")]
113    pub safeUrl: Option<String>,
114}
115
116/// Security state information about the page.
117
118#[derive(Debug, Clone, Serialize, Deserialize, Default)]
119#[serde(rename_all = "camelCase")]
120pub struct VisibleSecurityState {
121    /// The security level of the page.
122
123    pub securityState: SecurityState,
124    /// Security state details about the page certificate.
125
126    #[serde(skip_serializing_if = "Option::is_none")]
127    pub certificateSecurityState: Option<CertificateSecurityState>,
128    /// The type of Safety Tip triggered on the page. Note that this field will be set even if the Safety Tip UI was not actually shown.
129
130    #[serde(skip_serializing_if = "Option::is_none")]
131    pub safetyTipInfo: Option<SafetyTipInfo>,
132    /// Array of security state issues ids.
133
134    pub securityStateIssueIds: Vec<String>,
135}
136
137/// An explanation of an factor contributing to the security state.
138
139#[derive(Debug, Clone, Serialize, Deserialize, Default)]
140#[serde(rename_all = "camelCase")]
141pub struct SecurityStateExplanation {
142    /// Security state representing the severity of the factor being explained.
143
144    pub securityState: SecurityState,
145    /// Title describing the type of factor.
146
147    pub title: String,
148    /// Short phrase describing the type of factor.
149
150    pub summary: String,
151    /// Full text explanation of the factor.
152
153    pub description: String,
154    /// The type of mixed content described by the explanation.
155
156    pub mixedContentType: MixedContentType,
157    /// Page certificate.
158
159    pub certificate: Vec<String>,
160    /// Recommendations to fix any issues.
161
162    #[serde(skip_serializing_if = "Option::is_none")]
163    pub recommendations: Option<Vec<String>>,
164}
165
166/// Information about insecure content on the page.
167
168#[derive(Debug, Clone, Serialize, Deserialize, Default)]
169#[serde(rename_all = "camelCase")]
170pub struct InsecureContentStatus {
171    /// Always false.
172
173    pub ranMixedContent: bool,
174    /// Always false.
175
176    pub displayedMixedContent: bool,
177    /// Always false.
178
179    pub containedMixedForm: bool,
180    /// Always false.
181
182    pub ranContentWithCertErrors: bool,
183    /// Always false.
184
185    pub displayedContentWithCertErrors: bool,
186    /// Always set to unknown.
187
188    pub ranInsecureContentStyle: SecurityState,
189    /// Always set to unknown.
190
191    pub displayedInsecureContentStyle: SecurityState,
192}
193
194/// The action to take when a certificate error occurs. continue will continue processing the
195/// request and cancel will cancel the request.
196
197#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
198pub enum CertificateErrorAction {
199    #[default]
200    Continue,
201    Cancel,
202}
203
204/// Enable/disable whether all certificate errors should be ignored.
205
206#[derive(Debug, Clone, Serialize, Deserialize, Default)]
207#[serde(rename_all = "camelCase")]
208pub struct SetIgnoreCertificateErrorsParams {
209    /// If true, all certificate errors will be ignored.
210
211    pub ignore: bool,
212}
213
214/// Handles a certificate error that fired a certificateError event.
215
216#[derive(Debug, Clone, Serialize, Deserialize, Default)]
217#[serde(rename_all = "camelCase")]
218pub struct HandleCertificateErrorParams {
219    /// The ID of the event.
220
221    pub eventId: u64,
222    /// The action to take on the certificate error.
223
224    pub action: CertificateErrorAction,
225}
226
227/// Enable/disable overriding certificate errors. If enabled, all certificate error events need to
228/// be handled by the DevTools client and should be answered with 'handleCertificateError' commands.
229
230#[derive(Debug, Clone, Serialize, Deserialize, Default)]
231#[serde(rename_all = "camelCase")]
232pub struct SetOverrideCertificateErrorsParams {
233    /// If true, certificate errors will be overridden.
234
235    #[serde(rename = "override")]
236    pub override_: bool,
237}