/security/manager/boot/src/nsStrictTransportSecurityService.h

http://github.com/zpao/v8monkey · C Header · 165 lines · 73 code · 20 blank · 72 comment · 0 complexity · 51778a2f248de0d955d95ca1203e7654 MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is Strict-Transport-Security.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Mozilla Foundation.
  18. * Portions created by the Initial Developer are Copyright (C) 2010
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Sid Stamm <sid@mozilla.com>
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. /**
  38. * This wraps nsSimpleURI so that all calls to it are done on the main thread.
  39. */
  40. #ifndef __nsStrictTransportSecurityService_h__
  41. #define __nsStrictTransportSecurityService_h__
  42. #include "nsIStrictTransportSecurityService.h"
  43. #include "nsIObserver.h"
  44. #include "nsIObserverService.h"
  45. #include "nsIPermissionManager.h"
  46. #include "nsCOMPtr.h"
  47. #include "nsIURI.h"
  48. #include "nsString.h"
  49. #include "nsTHashtable.h"
  50. // {16955eee-6c48-4152-9309-c42a465138a1}
  51. #define NS_STRICT_TRANSPORT_SECURITY_CID \
  52. {0x16955eee, 0x6c48, 0x4152, \
  53. {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
  54. ////////////////////////////////////////////////////////////////////////////////
  55. // nsSTSHostEntry - similar to the nsHostEntry class in
  56. // nsPermissionManager.cpp, but specific to private-mode caching of STS
  57. // permissions.
  58. //
  59. // Each nsSTSHostEntry contains:
  60. // - Expiry time
  61. // - Deleted flag (boolean, default false)
  62. // - Subdomains flag (boolean, default false)
  63. //
  64. // The existence of the nsSTSHostEntry implies STS state is set for the given
  65. // host -- unless the deleted flag is set, in which case not only is the STS
  66. // state not set for the host, but any permission actually present in the
  67. // permission manager should be ignored.
  68. //
  69. // Note: Only one expiry time is stored since the subdomains and STS
  70. // permissions are both encountered at the same time in the HTTP header; if the
  71. // includeSubdomains directive isn't present in the header, it means to delete
  72. // the permission, so the subdomains flag in the nsSTSHostEntry means both that
  73. // the permission doesn't exist and any permission in the real permission
  74. // manager should be ignored since newer information about it has been
  75. // encountered in private browsing mode.
  76. //
  77. // Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set
  78. // for the host (including the subdomains permission) when the header is
  79. // encountered. Furthermore, any user-set permissions are stored persistently
  80. // and can't be shadowed.
  81. class nsSTSHostEntry : public PLDHashEntryHdr
  82. {
  83. public:
  84. explicit nsSTSHostEntry(const char* aHost);
  85. explicit nsSTSHostEntry(const nsSTSHostEntry& toCopy);
  86. nsCString mHost;
  87. PRInt64 mExpireTime;
  88. bool mDeleted;
  89. bool mIncludeSubdomains;
  90. // Hash methods
  91. typedef const char* KeyType;
  92. typedef const char* KeyTypePointer;
  93. KeyType GetKey() const
  94. {
  95. return mHost.get();
  96. }
  97. bool KeyEquals(KeyTypePointer aKey) const
  98. {
  99. return !strcmp(mHost.get(), aKey);
  100. }
  101. static KeyTypePointer KeyToPointer(KeyType aKey)
  102. {
  103. return aKey;
  104. }
  105. static PLDHashNumber HashKey(KeyTypePointer aKey)
  106. {
  107. return PL_DHashStringKey(nsnull, aKey);
  108. }
  109. // force the hashtable to use the copy constructor.
  110. enum { ALLOW_MEMMOVE = false };
  111. };
  112. ////////////////////////////////////////////////////////////////////////////////
  113. class nsStrictTransportSecurityService : public nsIStrictTransportSecurityService
  114. , public nsIObserver
  115. {
  116. public:
  117. NS_DECL_ISUPPORTS
  118. NS_DECL_NSIOBSERVER
  119. NS_DECL_NSISTRICTTRANSPORTSECURITYSERVICE
  120. nsStrictTransportSecurityService();
  121. nsresult Init();
  122. virtual ~nsStrictTransportSecurityService();
  123. private:
  124. nsresult GetHost(nsIURI *aURI, nsACString &aResult);
  125. nsresult SetStsState(nsIURI* aSourceURI, PRInt64 maxage, bool includeSubdomains);
  126. nsresult ProcessStsHeaderMutating(nsIURI* aSourceURI, char* aHeader);
  127. // private-mode-preserving permission manager overlay functions
  128. nsresult AddPermission(nsIURI *aURI,
  129. const char *aType,
  130. PRUint32 aPermission,
  131. PRUint32 aExpireType,
  132. PRInt64 aExpireTime);
  133. nsresult RemovePermission(const nsCString &aHost,
  134. const char *aType);
  135. nsresult TestPermission(nsIURI *aURI,
  136. const char *aType,
  137. PRUint32 *aPermission,
  138. bool testExact);
  139. // cached services
  140. nsCOMPtr<nsIPermissionManager> mPermMgr;
  141. nsCOMPtr<nsIObserverService> mObserverService;
  142. bool mInPrivateMode;
  143. nsTHashtable<nsSTSHostEntry> mPrivateModeHostTable;
  144. };
  145. #endif // __nsStrictTransportSecurityService_h__