forked from mirrors/gecko-dev
		
	
		
			
				
	
	
		
			158 lines
		
	
	
	
		
			5.8 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
			
		
		
	
	
			158 lines
		
	
	
	
		
			5.8 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
| /* This Source Code Form is subject to the terms of the Mozilla Public
 | |
|  * License, v. 2.0. If a copy of the MPL was not distributed with this
 | |
|  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 | |
| 
 | |
| #ifndef __nsSiteSecurityService_h__
 | |
| #define __nsSiteSecurityService_h__
 | |
| 
 | |
| #include "mozilla/BasePrincipal.h"
 | |
| #include "mozilla/Dafsa.h"
 | |
| #include "mozilla/RefPtr.h"
 | |
| #include "nsCOMPtr.h"
 | |
| #include "nsIDataStorage.h"
 | |
| #include "nsIObserver.h"
 | |
| #include "nsISiteSecurityService.h"
 | |
| #include "nsString.h"
 | |
| #include "nsTArray.h"
 | |
| #include "mozpkix/pkixtypes.h"
 | |
| #include "prtime.h"
 | |
| 
 | |
| class nsIURI;
 | |
| 
 | |
| using mozilla::OriginAttributes;
 | |
| 
 | |
| // {16955eee-6c48-4152-9309-c42a465138a1}
 | |
| #define NS_SITE_SECURITY_SERVICE_CID                 \
 | |
|   {                                                  \
 | |
|     0x16955eee, 0x6c48, 0x4152, {                    \
 | |
|       0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1 \
 | |
|     }                                                \
 | |
|   }
 | |
| 
 | |
| /**
 | |
|  * SecurityPropertyState: A utility enum for representing the different states
 | |
|  * a security property can be in.
 | |
|  * SecurityPropertySet and SecurityPropertyUnset correspond to indicating
 | |
|  * a site has or does not have the security property in question, respectively.
 | |
|  * SecurityPropertyKnockout indicates a value on a preloaded list is being
 | |
|  * overridden, and the associated site does not have the security property
 | |
|  * in question.
 | |
|  */
 | |
| enum SecurityPropertyState {
 | |
|   SecurityPropertyUnset = 0,
 | |
|   SecurityPropertySet = 1,
 | |
|   SecurityPropertyKnockout = 2,
 | |
| };
 | |
| 
 | |
| /**
 | |
|  * SiteHSTSState: A utility class that encodes/decodes a string describing
 | |
|  * the security state of a site. Currently only handles HSTS.
 | |
|  * HSTS state consists of:
 | |
|  *  - Hostname (nsCString)
 | |
|  *  - Origin attributes (OriginAttributes)
 | |
|  *  - Expiry time (PRTime (aka int64_t) in milliseconds)
 | |
|  *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
 | |
|  *  - An include subdomains flag (bool, default false)
 | |
|  */
 | |
| class SiteHSTSState {
 | |
|  public:
 | |
|   SiteHSTSState(const nsCString& aHost,
 | |
|                 const OriginAttributes& aOriginAttributes,
 | |
|                 const nsCString& aStateString);
 | |
|   SiteHSTSState(const nsCString& aHost,
 | |
|                 const OriginAttributes& aOriginAttributes,
 | |
|                 PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
 | |
|                 bool aHSTSIncludeSubdomains);
 | |
| 
 | |
|   nsCString mHostname;
 | |
|   OriginAttributes mOriginAttributes;
 | |
|   PRTime mHSTSExpireTime;
 | |
|   SecurityPropertyState mHSTSState;
 | |
|   bool mHSTSIncludeSubdomains;
 | |
| 
 | |
|   bool IsExpired() {
 | |
|     // If mHSTSExpireTime is 0, this entry never expires (this is the case for
 | |
|     // knockout entries).
 | |
|     if (mHSTSExpireTime == 0) {
 | |
|       return false;
 | |
|     }
 | |
| 
 | |
|     PRTime now = PR_Now() / PR_USEC_PER_MSEC;
 | |
|     if (now > mHSTSExpireTime) {
 | |
|       return true;
 | |
|     }
 | |
| 
 | |
|     return false;
 | |
|   }
 | |
| 
 | |
|   void ToString(nsCString& aString);
 | |
| };
 | |
| 
 | |
| struct nsSTSPreload;
 | |
| 
 | |
| class nsSiteSecurityService : public nsISiteSecurityService,
 | |
|                               public nsIObserver {
 | |
|  public:
 | |
|   NS_DECL_THREADSAFE_ISUPPORTS
 | |
|   NS_DECL_NSIOBSERVER
 | |
|   NS_DECL_NSISITESECURITYSERVICE
 | |
| 
 | |
|   nsSiteSecurityService();
 | |
|   nsresult Init();
 | |
| 
 | |
|   static nsresult GetHost(nsIURI* aURI, nsACString& aResult);
 | |
|   static bool HostIsIPAddress(const nsCString& hostname);
 | |
| 
 | |
|  protected:
 | |
|   virtual ~nsSiteSecurityService();
 | |
| 
 | |
|  private:
 | |
|   nsresult SetHSTSState(const char* aHost, int64_t maxage,
 | |
|                         bool includeSubdomains,
 | |
|                         SecurityPropertyState aHSTSState,
 | |
|                         const OriginAttributes& aOriginAttributes);
 | |
|   nsresult ProcessHeaderInternal(nsIURI* aSourceURI, const nsCString& aHeader,
 | |
|                                  const OriginAttributes& aOriginAttributes,
 | |
|                                  uint64_t* aMaxAge, bool* aIncludeSubdomains,
 | |
|                                  uint32_t* aFailureResult);
 | |
|   nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
 | |
|                             const OriginAttributes& aOriginAttributes,
 | |
|                             uint64_t* aMaxAge, bool* aIncludeSubdomains,
 | |
|                             uint32_t* aFailureResult);
 | |
|   nsresult MarkHostAsNotHSTS(const nsAutoCString& aHost,
 | |
|                              const OriginAttributes& aOriginAttributes);
 | |
|   nsresult ResetStateInternal(nsIURI* aURI,
 | |
|                               const OriginAttributes& aOriginAttributes,
 | |
|                               nsISiteSecurityService::ResetStateBy aScope);
 | |
|   void ResetStateForExactDomain(const nsCString& aHostname,
 | |
|                                 const OriginAttributes& aOriginAttributes);
 | |
|   nsresult HostHasHSTSEntry(const nsAutoCString& aHost,
 | |
|                             bool aRequireIncludeSubdomains,
 | |
|                             const OriginAttributes& aOriginAttributes,
 | |
|                             bool& aHostHasHSTSEntry, bool* aResult);
 | |
|   bool GetPreloadStatus(
 | |
|       const nsACString& aHost,
 | |
|       /*optional out*/ bool* aIncludeSubdomains = nullptr) const;
 | |
|   nsresult IsSecureHost(const nsACString& aHost,
 | |
|                         const OriginAttributes& aOriginAttributes,
 | |
|                         bool* aResult);
 | |
| 
 | |
|   nsresult GetWithMigration(const nsACString& aHostname,
 | |
|                             const OriginAttributes& aOriginAttributes,
 | |
|                             nsIDataStorage::DataType aDataStorageType,
 | |
|                             nsACString& aValue);
 | |
|   nsresult PutWithMigration(const nsACString& aHostname,
 | |
|                             const OriginAttributes& aOriginAttributes,
 | |
|                             nsIDataStorage::DataType aDataStorageType,
 | |
|                             const nsACString& aStateString);
 | |
|   nsresult RemoveWithMigration(const nsACString& aHostname,
 | |
|                                const OriginAttributes& aOriginAttributes,
 | |
|                                nsIDataStorage::DataType aDataStorageType);
 | |
| 
 | |
|   bool mUsePreloadList;
 | |
|   int64_t mPreloadListTimeOffset;
 | |
|   nsCOMPtr<nsIDataStorage> mSiteStateStorage;
 | |
|   const mozilla::Dafsa mDafsa;
 | |
| };
 | |
| 
 | |
| #endif  // __nsSiteSecurityService_h__
 | 
