mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-03 18:56:09 +03:00
320 lines
14 KiB
Plaintext
320 lines
14 KiB
Plaintext
|
// Copyright 2017 The Chromium Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style license that can be
|
||
|
// found in the LICENSE file.
|
||
|
|
||
|
module network.mojom;
|
||
|
|
||
|
import "mojo/public/mojom/base/file.mojom";
|
||
|
import "mojo/public/mojom/base/file_path.mojom";
|
||
|
import "mojo/public/mojom/base/read_only_buffer.mojom";
|
||
|
import "mojo/public/mojom/base/string16.mojom";
|
||
|
import "mojo/public/mojom/base/values.mojom";
|
||
|
import "services/network/public/mojom/cookie_manager.mojom";
|
||
|
import "services/network/public/mojom/network_change_manager.mojom";
|
||
|
import "services/network/public/mojom/network_context.mojom";
|
||
|
import "services/network/public/mojom/network_param.mojom";
|
||
|
import "services/network/public/mojom/network_quality_estimator_manager.mojom";
|
||
|
import "services/network/public/mojom/signed_tree_head.mojom";
|
||
|
import "services/network/public/mojom/url_loader.mojom";
|
||
|
import "services/network/public/mojom/url_loader_factory.mojom";
|
||
|
import "url/mojom/origin.mojom";
|
||
|
import "url/mojom/url.mojom";
|
||
|
|
||
|
// The content/browser implementation of this SSLPrivateKey interface wraps the
|
||
|
// scoped_refptr<net::SSLPrivateKey> that is received from
|
||
|
// SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is
|
||
|
// sent from content/browser to services/network so that services/network can
|
||
|
// have its own net::SSLPrivateKey implementation that internally uses this mojo
|
||
|
// interface.
|
||
|
// The |algorithm| and |input| parameters correspond to the |algorithm| and
|
||
|
// |input| parameters in net::SSLPrivateKey::Sign().
|
||
|
// The |net_error| and |signature| parameters correspond to the parameters in
|
||
|
// net::SSLPrivateKey::SignCallback.
|
||
|
interface SSLPrivateKey {
|
||
|
Sign(uint16 algorithm,
|
||
|
array<uint8> input) => (int32 net_error, array<uint8> signature);
|
||
|
};
|
||
|
|
||
|
// The |credentials| output parameter is given to URLRequest::SetAuth()
|
||
|
// through this mojo interface. It is not set when URLRequest::CancelAuth()
|
||
|
// needs to be called.
|
||
|
interface AuthChallengeResponder {
|
||
|
OnAuthCredentials(AuthCredentials? credentials);
|
||
|
};
|
||
|
|
||
|
struct LoadInfo {
|
||
|
uint32 process_id;
|
||
|
uint32 routing_id;
|
||
|
string host;
|
||
|
uint32 load_state; // net::LoadState enum
|
||
|
mojo_base.mojom.String16 state_param;
|
||
|
uint64 upload_position;
|
||
|
uint64 upload_size;
|
||
|
};
|
||
|
|
||
|
// Network service interface to the browser.
|
||
|
interface NetworkServiceClient {
|
||
|
// Called when we receive an authentication failure.
|
||
|
// The |auth_challenge_responder| will respond to auth challenge with
|
||
|
// credentials. |head| can provide response headers for the response
|
||
|
// which has elicited this auth request, if applicable.
|
||
|
OnAuthRequired(uint32 process_id,
|
||
|
uint32 routing_id,
|
||
|
uint32 request_id,
|
||
|
url.mojom.Url url,
|
||
|
url.mojom.Url site_for_cookies,
|
||
|
bool first_auth_attempt,
|
||
|
AuthChallengeInfo auth_info,
|
||
|
int32 resource_type,
|
||
|
URLResponseHead? head,
|
||
|
AuthChallengeResponder auth_challenge_responder);
|
||
|
// Called when an SSL certificate requested message is received for client
|
||
|
// authentication.
|
||
|
// The |algorithm_preferences| parameter corresponds to the return value
|
||
|
// of net::SSLPrivateKey::GetAlgorithmPreferences().
|
||
|
// The |cancel_certificate_selection| parameter is used to distinguish
|
||
|
// between the following two cases because the |x509_certificate| will be
|
||
|
// nullptr in both cases:
|
||
|
// 1. The connection is continued with no client cert,
|
||
|
// net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be
|
||
|
// called.
|
||
|
// 2. The request is aborted, net::URLRequest::CancelWithError() needs to be
|
||
|
// called.
|
||
|
OnCertificateRequested(uint32 process_id,
|
||
|
uint32 routing_id,
|
||
|
uint32 request_id,
|
||
|
network.mojom.SSLCertRequestInfo cert_info) => (
|
||
|
network.mojom.X509Certificate x509_certificate,
|
||
|
array<uint16> algorithm_preferences,
|
||
|
SSLPrivateKey ssl_private_key,
|
||
|
bool cancel_certificate_selection);
|
||
|
// Called when an SSL certificate is encountered.
|
||
|
// The callback argument is a net::ERROR value. If it's net::OK, then the
|
||
|
// request is resumed. Otherwise it's cancelled with the given error.
|
||
|
OnSSLCertificateError(uint32 process_id,
|
||
|
uint32 routing_id,
|
||
|
uint32 request_id,
|
||
|
int32 resource_type,
|
||
|
url.mojom.Url url,
|
||
|
SSLInfo ssl_info,
|
||
|
bool fatal) => (int32 net_error);
|
||
|
// Called when file uploading was requested.
|
||
|
// If the process that requested the uploads has permission to read all of
|
||
|
// the files referenced by |file_paths|, the callback arguments will be
|
||
|
// net::OK, along with an array of open file handles. The array will contain
|
||
|
// exactly one handle for each path in |file_paths|, in the same order.
|
||
|
// If any files referenced by |file_paths| cannot be read, a net::ERROR will
|
||
|
// be returned, and |files| will be an empty list. If the |async| parameter
|
||
|
// is true, the files will be opened with FLAG_ASYNC.
|
||
|
OnFileUploadRequested(uint32 process_id,
|
||
|
bool async,
|
||
|
array<mojo_base.mojom.FilePath> file_paths) =>
|
||
|
(int32 net_error, array<mojo_base.mojom.File> files);
|
||
|
|
||
|
// Called when an attempt has been made to set |cookie|.
|
||
|
OnCookieChange(
|
||
|
int32 process_id, int32 routing_id, url.mojom.Url url,
|
||
|
url.mojom.Url frame_url, CanonicalCookie cookie, bool blocked_by_policy);
|
||
|
|
||
|
// Called when an attempt has been made to read the cookies in |cookie_list|.
|
||
|
OnCookiesRead(
|
||
|
int32 process_id, int32 routing_id, url.mojom.Url url,
|
||
|
url.mojom.Url frame_url, array<CanonicalCookie> cookie_list,
|
||
|
bool blocked_by_policy);
|
||
|
|
||
|
// Called periodically to update the client about progress of the current
|
||
|
// loads. To avoid flooding the client, it has to ack the update before it can
|
||
|
// receive the next update.
|
||
|
OnLoadingStateUpdate(array<LoadInfo> infos) => ();
|
||
|
|
||
|
// Called when the Clear-Site-Data header has been received. The callback
|
||
|
// should be run after the data is deleted.
|
||
|
// https://www.w3.org/TR/clear-site-data/
|
||
|
// TODO(crbug.com/876931): We might want to move header parsing work to
|
||
|
// Network Service for security concerns (e.g. |header_value| => booleans).
|
||
|
OnClearSiteData(int32 process_id,
|
||
|
int32 routing_id,
|
||
|
url.mojom.Url url,
|
||
|
string header_value,
|
||
|
int32 load_flags) => ();
|
||
|
};
|
||
|
|
||
|
// An HTTPS server to send DNS queries to, per the DNS Queries over HTTPS spec.
|
||
|
// spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-12
|
||
|
struct DnsOverHttpsServer {
|
||
|
// DNS over HTTPS server URI template. Must be HTTPS.
|
||
|
string server_template;
|
||
|
|
||
|
// Whether to use POST to do DNS lookups. Otherwise, GET is used. See spec
|
||
|
// for more details.
|
||
|
bool use_post = false;
|
||
|
};
|
||
|
|
||
|
// Values for configuring HTTP authentication that can only be set once.
|
||
|
struct HttpAuthStaticParams {
|
||
|
// List of supported auth schemes. Unrecognized schemes are ignored.
|
||
|
// The default value of this field (an empty list) does not match default
|
||
|
// behavior of NetworkService when no HttpAuthStaticParams is specified.
|
||
|
array<string> supported_schemes;
|
||
|
|
||
|
// File name the GSSAPI library to load. Only supported on
|
||
|
// (OS_POSIX && !OS_ANDROID && !OS_CHROMEOS && OS_IOS) platforms.
|
||
|
string gssapi_library_name;
|
||
|
|
||
|
// Indicates whether the GSSAPI library should be loaded. Only supported on
|
||
|
// ChromeOS.
|
||
|
bool allow_gssapi_library_load = true;
|
||
|
};
|
||
|
|
||
|
// Values for configurating HTTP authentication that can be changed as needed.
|
||
|
struct HttpAuthDynamicParams {
|
||
|
// Comma / semi-colon delimited whitelist of server origins which the network
|
||
|
// service may send the default credentials for NTLM or Negotiate
|
||
|
// authentication.
|
||
|
string server_whitelist;
|
||
|
|
||
|
// Comma / semi-colon delimited whitelist of server origins for which Kerberos
|
||
|
// delegation is allowed for NTLM or Negotiate authentication.
|
||
|
string delegate_whitelist;
|
||
|
|
||
|
// True if canonical hostnames should be resolved when using Negotiate.
|
||
|
bool negotiate_disable_cname_lookup = false;
|
||
|
|
||
|
// True if Negotiate SPNs (service principal names) should include ports
|
||
|
// when the port isn't a standard port (80 or 443).
|
||
|
bool enable_negotiate_port = true;
|
||
|
|
||
|
// Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere.
|
||
|
bool ntlm_v2_enabled = false;
|
||
|
|
||
|
// The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android
|
||
|
// when using Negotiate authentication.
|
||
|
string android_negotiate_account_type;
|
||
|
};
|
||
|
|
||
|
// Values for configuring OSCrypt.
|
||
|
[EnableIf=needs_crypt_config]
|
||
|
struct CryptConfig {
|
||
|
// Force OSCrypt to use a specific linux password store.
|
||
|
string store;
|
||
|
|
||
|
// The product name to use for permission prompts.
|
||
|
string product_name;
|
||
|
|
||
|
// Controls whether preference on using or ignoring backends is used.
|
||
|
bool should_use_preference;
|
||
|
|
||
|
// Preferences are stored in a separate file in the user data directory.
|
||
|
mojo_base.mojom.FilePath user_data_path;
|
||
|
};
|
||
|
|
||
|
// Browser interface to the network service.
|
||
|
interface NetworkService {
|
||
|
// Sets client used by all |NetworkContext|s creating by |NetworkService|.
|
||
|
// Pending requests may hang if the |client| pipe is closed before they
|
||
|
// complete.
|
||
|
SetClient(NetworkServiceClient client);
|
||
|
|
||
|
// Starts observing the NetLog event stream and writing entries to |file|.
|
||
|
// |constants| is a legend used for decoding constant values in the log; it
|
||
|
// will be merged with the |GetNetConstants()| dictionary before being passed
|
||
|
// through to the FileObserver. (See |FileNetLogObserver::CreateBounded()|
|
||
|
// for more details). Most clients will just be adding a dictionary under
|
||
|
// the key "clientInfo".
|
||
|
StartNetLog(mojo_base.mojom.File file,
|
||
|
mojo_base.mojom.DictionaryValue constants);
|
||
|
|
||
|
// Creates a new network context with the given parameters.
|
||
|
CreateNetworkContext(NetworkContext& context,
|
||
|
NetworkContextParams params);
|
||
|
|
||
|
// Configures whether the built-in stub host resolver is used in preference
|
||
|
// over getaddrinfo. When enabled, the stub resolver will attempt to use the
|
||
|
// system's DNS settings to do DNS lookups itself. See
|
||
|
// https://tools.ietf.org/html/rfc1034#section-5.3.1 for definition of a stub
|
||
|
// resolver.
|
||
|
//
|
||
|
// |dns_over_https_servers| is an optional list of DNS over HTTPS servers.
|
||
|
// When populated, all DNS lookups will try to use DNS over HTTPS in the order
|
||
|
// the servers are provided in and will only fall back to using system
|
||
|
// settings if DNS over HTTPS fails. It is illegal to have a populated
|
||
|
// |dns_over_https_servers| when |stub_resolver_enabled| is false.
|
||
|
//
|
||
|
// DNS over HTTPS will use the primary NetworkContext, so can only be enabled
|
||
|
// after the primary network context has been created. Other than that
|
||
|
// limitation, this method can be called at any time to change DNS
|
||
|
// configuration, though calling it will fail any DNS lookups that have
|
||
|
// already been started.
|
||
|
//
|
||
|
// Both the stub resolver and DNS over HTTPS are disabled by default.
|
||
|
ConfigureStubHostResolver(bool stub_resolver_enabled,
|
||
|
array<DnsOverHttpsServer>? dns_over_https_servers);
|
||
|
|
||
|
// Disables QUIC for the NetworkService. Affects all existing NetworkContexts,
|
||
|
// and all new ones that are created. Once called, QUIC cannot be re-enabled.
|
||
|
DisableQuic();
|
||
|
|
||
|
// Configures HTTP authentication for all NetworkContexts created using the
|
||
|
// NetworkService. May only be called at most once, and may only be called
|
||
|
// before any NetworkContexts are created.
|
||
|
//
|
||
|
// If this method is not invoked, default values will be used (which currently
|
||
|
// allow all supported schemes on the current platform).
|
||
|
SetUpHttpAuth(HttpAuthStaticParams http_auth_static_params);
|
||
|
|
||
|
// Sets global auth params. Unlike SetUpAuth(), may be called multiple times,
|
||
|
// at any point in time. Affects all NetworkContexts, both already existing
|
||
|
// one and subsequently created ones.
|
||
|
ConfigureHttpAuthPrefs(HttpAuthDynamicParams http_auth_dynamic_params);
|
||
|
|
||
|
// Specifies whether requests for raw headers coming through URLLoaderFactory
|
||
|
// associated with the specified process will be granted. Granting such a
|
||
|
// permission increases risks in case the child process becomes compromised,
|
||
|
// so this should be done only in specific cases (e.g. DevTools attached).
|
||
|
SetRawHeadersAccess(uint32 process_id, bool allow);
|
||
|
|
||
|
// Gets the NetworkChangeManager.
|
||
|
GetNetworkChangeManager(
|
||
|
NetworkChangeManager& network_change_manager);
|
||
|
|
||
|
// Gets the NetworkQualityEstimatorManager.
|
||
|
GetNetworkQualityEstimatorManager(
|
||
|
NetworkQualityEstimatorManager& network_quality_estimator_manager);
|
||
|
|
||
|
// Gets the accumulated network usage since the start/restart of the service.
|
||
|
GetTotalNetworkUsages() => (array<NetworkUsage> total_network_usages);
|
||
|
|
||
|
// Updates Signed Tree Heads (STH) used in the handling of Certificate
|
||
|
// Transparency. Broadcast to each NetworkContext using the NetworkService.
|
||
|
// NetworkContextes ignore STHs from unrecognized logs.
|
||
|
UpdateSignedTreeHead(SignedTreeHead signed_tree_head);
|
||
|
|
||
|
// Updates the CRLSet used in the verification of certificates. CRLSets that
|
||
|
// cannot be parsed using net::CRLSet::Parse will be ignored, as will older
|
||
|
// CRLSets (where older is determined by the sequence number). All Network
|
||
|
// Contexts created by the Network Service, including those created after
|
||
|
// this call, will use the same CRLSet.
|
||
|
UpdateCRLSet(mojo_base.mojom.ReadOnlyBuffer crl_set);
|
||
|
|
||
|
// Sets up OSCrypt for the network service process. Must be called before
|
||
|
// encrypted cookies can be read or set.
|
||
|
[EnableIf=needs_crypt_config]
|
||
|
SetCryptConfig(CryptConfig crypt_config);
|
||
|
|
||
|
// Send the encryption key to the network service to use for AES encryption.
|
||
|
[EnableIf=is_mac]
|
||
|
SetEncryptionKey(string encryption_key);
|
||
|
|
||
|
// Notifies CORB (Cross-Origin Read Blocking) that |process_id| is proxying
|
||
|
// requests on behalf of a universal-access plugin and therefore CORB should
|
||
|
// stop blocking requests marked as RESOURCE_TYPE_PLUGIN_RESOURCE.
|
||
|
//
|
||
|
// TODO(lukasza, laforge): https://crbug.com/702995: Remove the ...ForPlugin
|
||
|
// methods once Flash support is removed from Chromium (probably around 2020
|
||
|
// - see https://www.chromium.org/flash-roadmap).
|
||
|
AddCorbExceptionForPlugin(uint32 process_id);
|
||
|
|
||
|
// Reverts AddCorbExceptionForPlugin.
|
||
|
RemoveCorbExceptionForPlugin(uint32 process_id);
|
||
|
};
|