1 : /* ***** BEGIN LICENSE BLOCK *****
2 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 : *
4 : * The contents of this file are subject to the Mozilla Public License Version
5 : * 1.1 (the "License"); you may not use this file except in compliance with
6 : * the License. You may obtain a copy of the License at
7 : * http://www.mozilla.org/MPL/
8 : *
9 : * Software distributed under the License is distributed on an "AS IS" basis,
10 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 : * for the specific language governing rights and limitations under the
12 : * License.
13 : *
14 : * The Original Code is Strict-Transport-Security.
15 : *
16 : * The Initial Developer of the Original Code is
17 : * Mozilla Foundation.
18 : * Portions created by the Initial Developer are Copyright (C) 2010
19 : * the Initial Developer. All Rights Reserved.
20 : *
21 : * Contributor(s):
22 : * Sid Stamm <sid@mozilla.com>
23 : *
24 : * Alternatively, the contents of this file may be used under the terms of
25 : * either the GNU General Public License Version 2 or later (the "GPL"), or
26 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 : * in which case the provisions of the GPL or the LGPL are applicable instead
28 : * of those above. If you wish to allow use of your version of this file only
29 : * under the terms of either the GPL or the LGPL, and not to allow others to
30 : * use your version of this file under the terms of the MPL, indicate your
31 : * decision by deleting the provisions above and replace them with the notice
32 : * and other provisions required by the GPL or the LGPL. If you do not delete
33 : * the provisions above, a recipient may use your version of this file under
34 : * the terms of any one of the MPL, the GPL or the LGPL.
35 : *
36 : * ***** END LICENSE BLOCK ***** */
37 :
38 : /**
39 : * This wraps nsSimpleURI so that all calls to it are done on the main thread.
40 : */
41 :
42 : #ifndef __nsStrictTransportSecurityService_h__
43 : #define __nsStrictTransportSecurityService_h__
44 :
45 : #include "nsIStrictTransportSecurityService.h"
46 : #include "nsIObserver.h"
47 : #include "nsIObserverService.h"
48 : #include "nsIPermissionManager.h"
49 : #include "nsCOMPtr.h"
50 : #include "nsIURI.h"
51 : #include "nsString.h"
52 : #include "nsTHashtable.h"
53 :
54 : // {16955eee-6c48-4152-9309-c42a465138a1}
55 : #define NS_STRICT_TRANSPORT_SECURITY_CID \
56 : {0x16955eee, 0x6c48, 0x4152, \
57 : {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
58 :
59 : ////////////////////////////////////////////////////////////////////////////////
60 : // nsSTSHostEntry - similar to the nsHostEntry class in
61 : // nsPermissionManager.cpp, but specific to private-mode caching of STS
62 : // permissions.
63 : //
64 : // Each nsSTSHostEntry contains:
65 : // - Expiry time
66 : // - Deleted flag (boolean, default false)
67 : // - Subdomains flag (boolean, default false)
68 : //
69 : // The existence of the nsSTSHostEntry implies STS state is set for the given
70 : // host -- unless the deleted flag is set, in which case not only is the STS
71 : // state not set for the host, but any permission actually present in the
72 : // permission manager should be ignored.
73 : //
74 : // Note: Only one expiry time is stored since the subdomains and STS
75 : // permissions are both encountered at the same time in the HTTP header; if the
76 : // includeSubdomains directive isn't present in the header, it means to delete
77 : // the permission, so the subdomains flag in the nsSTSHostEntry means both that
78 : // the permission doesn't exist and any permission in the real permission
79 : // manager should be ignored since newer information about it has been
80 : // encountered in private browsing mode.
81 : //
82 : // Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set
83 : // for the host (including the subdomains permission) when the header is
84 : // encountered. Furthermore, any user-set permissions are stored persistently
85 : // and can't be shadowed.
86 :
87 : class nsSTSHostEntry : public PLDHashEntryHdr
88 0 : {
89 : public:
90 : explicit nsSTSHostEntry(const char* aHost);
91 : explicit nsSTSHostEntry(const nsSTSHostEntry& toCopy);
92 :
93 : nsCString mHost;
94 : PRInt64 mExpireTime;
95 : bool mDeleted;
96 : bool mIncludeSubdomains;
97 :
98 : // Hash methods
99 : typedef const char* KeyType;
100 : typedef const char* KeyTypePointer;
101 :
102 : KeyType GetKey() const
103 : {
104 : return mHost.get();
105 : }
106 :
107 0 : bool KeyEquals(KeyTypePointer aKey) const
108 : {
109 0 : return !strcmp(mHost.get(), aKey);
110 : }
111 :
112 6 : static KeyTypePointer KeyToPointer(KeyType aKey)
113 : {
114 6 : return aKey;
115 : }
116 :
117 6 : static PLDHashNumber HashKey(KeyTypePointer aKey)
118 : {
119 6 : return PL_DHashStringKey(nsnull, aKey);
120 : }
121 :
122 : // force the hashtable to use the copy constructor.
123 : enum { ALLOW_MEMMOVE = false };
124 : };
125 : ////////////////////////////////////////////////////////////////////////////////
126 :
127 : class nsStrictTransportSecurityService : public nsIStrictTransportSecurityService
128 : , public nsIObserver
129 : {
130 : public:
131 : NS_DECL_ISUPPORTS
132 : NS_DECL_NSIOBSERVER
133 : NS_DECL_NSISTRICTTRANSPORTSECURITYSERVICE
134 :
135 : nsStrictTransportSecurityService();
136 : nsresult Init();
137 : virtual ~nsStrictTransportSecurityService();
138 :
139 : private:
140 : nsresult GetHost(nsIURI *aURI, nsACString &aResult);
141 : nsresult SetStsState(nsIURI* aSourceURI, PRInt64 maxage, bool includeSubdomains);
142 : nsresult ProcessStsHeaderMutating(nsIURI* aSourceURI, char* aHeader);
143 :
144 : // private-mode-preserving permission manager overlay functions
145 : nsresult AddPermission(nsIURI *aURI,
146 : const char *aType,
147 : PRUint32 aPermission,
148 : PRUint32 aExpireType,
149 : PRInt64 aExpireTime);
150 : nsresult RemovePermission(const nsCString &aHost,
151 : const char *aType);
152 : nsresult TestPermission(nsIURI *aURI,
153 : const char *aType,
154 : PRUint32 *aPermission,
155 : bool testExact);
156 :
157 : // cached services
158 : nsCOMPtr<nsIPermissionManager> mPermMgr;
159 : nsCOMPtr<nsIObserverService> mObserverService;
160 :
161 : bool mInPrivateMode;
162 : nsTHashtable<nsSTSHostEntry> mPrivateModeHostTable;
163 : };
164 :
165 : #endif // __nsStrictTransportSecurityService_h__
|