| // Copyright 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| import "mojo/public/mojom/base/file.mojom"; |
| import "mojo/public/mojom/base/file_path.mojom"; |
| import "services/network/public/mojom/cookie_manager.mojom"; |
| import "services/network/public/mojom/network_change_manager.mojom"; |
| import "services/network/public/mojom/network_context.mojom"; |
| import "services/network/public/mojom/network_param.mojom"; |
| import "services/network/public/mojom/network_quality_estimator_manager.mojom"; |
| import "services/network/public/mojom/signed_tree_head.mojom"; |
| import "services/network/public/mojom/url_loader.mojom"; |
| import "services/network/public/mojom/url_loader_factory.mojom"; |
| import "url/mojom/origin.mojom"; |
| import "url/mojom/url.mojom"; |
| |
| // The content/browser implementation of this SSLPrivateKey interface wraps the |
| // scoped_refptr<net::SSLPrivateKey> that is received from |
| // SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is |
| // sent from content/browser to services/network so that services/network can |
| // have its own net::SSLPrivateKey implementation that internally uses this mojo |
| // interface. |
| // The |algorithm| and |input| parameters correspond to the |algorithm| and |
| // |input| parameters in net::SSLPrivateKey::Sign(). |
| // The |net_error| and |signature| parameters correspond to the parameters in |
| // net::SSLPrivateKey::SignCallback. |
| interface SSLPrivateKey { |
| Sign(uint16 algorithm, |
| array<uint8> input) => (int32 net_error, array<uint8> signature); |
| }; |
| |
| // The |credentials| output parameter is given to URLRequest::SetAuth() |
| // through this mojo interface. It is not set when URLRequest::CancelAuth() |
| // needs to be called. |
| interface AuthChallengeResponder { |
| OnAuthCredentials(AuthCredentials? credentials); |
| }; |
| |
| // Network service interface to the browser. |
| interface NetworkServiceClient { |
| // Called when we receive an authentication failure. |
| // The |auth_challenge_responder| will respond to auth challenge with |
| // credentials. |head| can provide response headers for the response |
| // which has elicited this auth request, if applicable. |
| OnAuthRequired(uint32 process_id, |
| uint32 routing_id, |
| uint32 request_id, |
| url.mojom.Url url, |
| url.mojom.Url site_for_cookies, |
| bool first_auth_attempt, |
| AuthChallengeInfo auth_info, |
| int32 resource_type, |
| URLResponseHead? head, |
| AuthChallengeResponder auth_challenge_responder); |
| // Called when an SSL certificate requested message is received for client |
| // authentication. |
| // The |algorithm_preferences| parameter corresponds to the return value |
| // of net::SSLPrivateKey::GetAlgorithmPreferences(). |
| // The |cancel_certificate_selection| parameter is used to distinguish |
| // between the following two cases because the |x509_certificate| will be |
| // nullptr in both cases: |
| // 1. The connection is continued with no client cert, |
| // net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be |
| // called. |
| // 2. The request is aborted, net::URLRequest::CancelWithError() needs to be |
| // called. |
| OnCertificateRequested(uint32 process_id, |
| uint32 routing_id, |
| uint32 request_id, |
| network.mojom.SSLCertRequestInfo cert_info) => ( |
| network.mojom.X509Certificate x509_certificate, |
| array<uint16> algorithm_preferences, |
| SSLPrivateKey ssl_private_key, |
| bool cancel_certificate_selection); |
| // Called when an SSL certificate is encountered. |
| // The callback argument is a net::ERROR value. If it's net::OK, then the |
| // request is resumed. Otherwise it's cancelled with the given error. |
| OnSSLCertificateError(uint32 process_id, |
| uint32 routing_id, |
| uint32 request_id, |
| int32 resource_type, |
| url.mojom.Url url, |
| SSLInfo ssl_info, |
| bool fatal) => (int32 net_error); |
| // Called when file uploading was requested. |
| // If the process that requested the uploads has permission to read all of |
| // the files referenced by |file_paths|, the callback arguments will be |
| // net::OK, along with an array of open file handles. The array will contain |
| // exactly one handle for each path in |file_paths|, in the same order. |
| // If any files referenced by |file_paths| cannot be read, a net::ERROR will |
| // be returned, and |files| will be an empty list. If the |async| parameter |
| // is true, the files will be opened with FLAG_ASYNC. |
| OnFileUploadRequested(uint32 process_id, |
| bool async, |
| array<mojo_base.mojom.FilePath> file_paths) => |
| (int32 net_error, array<mojo_base.mojom.File> files); |
| |
| // Called when an attempt has been made to set |cookie|. |
| OnCookieChange( |
| int32 process_id, int32 routing_id, url.mojom.Url url, |
| url.mojom.Url frame_url, CanonicalCookie cookie, bool blocked_by_policy); |
| |
| // Called when an attempt has been made to read the cookies in |cookie_list|. |
| OnCookiesRead( |
| int32 process_id, int32 routing_id, url.mojom.Url url, |
| url.mojom.Url frame_url, array<CanonicalCookie> cookie_list, |
| bool blocked_by_policy); |
| }; |
| |
| // An HTTPS server to send DNS queries to, per the DNS Queries over HTTPS spec. |
| // spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-07 |
| struct DnsOverHttpsServer { |
| // DNS over HTTPS server URL. Must be HTTPS. |
| url.mojom.Url url; |
| |
| // Whether to use POSTs to do DNS lookups. Otherwise, GETs are used. See spec |
| // for more details. |
| bool use_posts = false; |
| }; |
| |
| // Values for configuring HTTP authentication that can only be set once. |
| struct HttpAuthStaticParams { |
| // List of supported auth schemes. Unrecognized schemes are ignored. |
| // The default value of this field (an empty list) does not match default |
| // behavior of NetworkService when no HttpAuthStaticParams is specified. |
| array<string> supported_schemes; |
| |
| // File name the GSSAPI library to load. Only supported on |
| // (OS_POSIX && !OS_ANDROID && !OS_CHROMEOS && OS_IOS) platforms. |
| string gssapi_library_name; |
| |
| // Indicates whether the GSSAPI library should be loaded. Only supported on |
| // ChromeOS. |
| bool allow_gssapi_library_load = true; |
| }; |
| |
| // Values for configurating HTTP authentication that can be changed as needed. |
| struct HttpAuthDynamicParams { |
| // Comma / semi-colon delimited whitelist of server origins which the network |
| // service may send the default credentials for NTLM or Negotiate |
| // authentication. |
| string server_whitelist; |
| |
| // Comma / semi-colon delimited whitelist of server origins for which Kerberos |
| // delegation is allowed for NTLM or Negotiate authentication. |
| string delegate_whitelist; |
| |
| // True if canonical hostnames should be resolved when using Negotiate. |
| bool negotiate_disable_cname_lookup = false; |
| |
| // True if Negotiate SPNs (service principal names) should include ports |
| // when the port isn't a standard port (80 or 443). |
| bool enable_negotiate_port = true; |
| |
| // Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere. |
| bool ntlm_v2_enabled = false; |
| |
| // The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android |
| // when using Negotiate authentication. |
| string android_negotiate_account_type; |
| }; |
| |
| // Browser interface to the network service. |
| interface NetworkService { |
| SetClient(NetworkServiceClient client); |
| |
| // Creates a new network context with the given parameters. |
| CreateNetworkContext(NetworkContext& context, |
| NetworkContextParams params); |
| |
| // Configures whether the built-in stub host resolver is used in preference |
| // over getaddrinfo. When enabled, the stub resolver will attempt to use the |
| // system's DNS settings to do DNS lookups itself. See |
| // https://tools.ietf.org/html/rfc1034#section-5.3.1 for definition of a stub |
| // resolver. |
| // |
| // |dns_over_https_servers| is an optional list of DNS over HTTPS servers. |
| // When populated, all DNS lookups will try to use DNS over HTTPS in the order |
| // the servers are provided in and will only fall back to using system |
| // settings if DNS over HTTPS fails. It is illegal to have a populated |
| // |dns_over_https_servers| when |stub_resolver_enabled| is false. |
| // |
| // DNS over HTTPS will use the primary NetworkContext, so can only be enabled |
| // after the primary network context has been created. Other than that |
| // limitation, this method can be called at any time to change DNS |
| // configuration, though calling it will fail any DNS lookups that have |
| // already been started. |
| // |
| // Both the stub resolver and DNS over HTTPS are disabled by default. |
| ConfigureStubHostResolver(bool stub_resolver_enabled, |
| array<DnsOverHttpsServer>? dns_over_https_servers); |
| |
| // Disables QUIC for the NetworkService. Affects all existing NetworkContexts, |
| // and all new ones that are created. Once called, QUIC cannot be re-enabled. |
| DisableQuic(); |
| |
| // Configures HTTP authentication for all NetworkContexts created using the |
| // NetworkService. May only be called at most once, and may only be called |
| // before any NetworkContexts are created. |
| // |
| // If this method is not invoked, default values will be used (which currently |
| // allow all supported schemes on the current platform). |
| SetUpHttpAuth(HttpAuthStaticParams http_auth_static_params); |
| |
| // Sets global auth params. Unlike SetUpAuth(), may be called multiple times, |
| // at any point in time. Affects all NetworkContexts, both already existing |
| // one and subsequently created ones. |
| ConfigureHttpAuthPrefs(HttpAuthDynamicParams http_auth_dynamic_params); |
| |
| // Specifies whether requests for raw headers coming through URLLoaderFactory |
| // associated with the specified process will be granted. Granting such a |
| // permission increases risks in case the child process becomes compromised, |
| // so this should be done only in specific cases (e.g. DevTools attached). |
| SetRawHeadersAccess(uint32 process_id, bool allow); |
| |
| // Gets the NetworkChangeManager. |
| GetNetworkChangeManager( |
| NetworkChangeManager& network_change_manager); |
| |
| // Gets the NetworkQualityEstimatorManager. |
| GetNetworkQualityEstimatorManager( |
| NetworkQualityEstimatorManager& network_quality_estimator_manager); |
| |
| // Gets the accumulated network usage since the start/restart of the service. |
| GetTotalNetworkUsages() => (array<NetworkUsage> total_network_usages); |
| |
| // Update Signed Tree Heads (STH) used in the handling of Certificate |
| // Transparency. Broadcast to each NetworkContext using the NetworkService. |
| // NetworkContextes ignore STHs from unrecognized logs. |
| UpdateSignedTreeHead(SignedTreeHead signed_tree_head); |
| }; |