1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 : *
3 : * ***** BEGIN LICENSE BLOCK *****
4 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 : *
6 : * The contents of this file are subject to the Mozilla Public License Version
7 : * 1.1 (the "License"); you may not use this file except in compliance with
8 : * the License. You may obtain a copy of the License at
9 : * http://www.mozilla.org/MPL/
10 : *
11 : * Software distributed under the License is distributed on an "AS IS" basis,
12 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 : * for the specific language governing rights and limitations under the
14 : * License.
15 : *
16 : * The Original Code is mozilla.org code.
17 : *
18 : * The Initial Developer of the Original Code is
19 : * Red Hat, Inc.
20 : * Portions created by the Initial Developer are Copyright (C) 2006
21 : * the Initial Developer. All Rights Reserved.
22 : *
23 : * Contributor(s):
24 : * Kai Engert <kengert@redhat.com>
25 : * Ehsan Akhgari <ehsan.akhgari@gmail.com>
26 : *
27 : * Alternatively, the contents of this file may be used under the terms of
28 : * either the GNU General Public License Version 2 or later (the "GPL"), or
29 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 : * in which case the provisions of the GPL or the LGPL are applicable instead
31 : * of those above. If you wish to allow use of your version of this file only
32 : * under the terms of either the GPL or the LGPL, and not to allow others to
33 : * use your version of this file under the terms of the MPL, indicate your
34 : * decision by deleting the provisions above and replace them with the notice
35 : * and other provisions required by the GPL or the LGPL. If you do not delete
36 : * the provisions above, a recipient may use your version of this file under
37 : * the terms of any one of the MPL, the GPL or the LGPL.
38 : *
39 : * ***** END LICENSE BLOCK ***** */
40 :
41 : #ifndef __NSCERTOVERRIDESERVICE_H__
42 : #define __NSCERTOVERRIDESERVICE_H__
43 :
44 : #include "mozilla/ReentrantMonitor.h"
45 : #include "nsICertOverrideService.h"
46 : #include "nsTHashtable.h"
47 : #include "nsIObserver.h"
48 : #include "nsString.h"
49 : #include "nsIFile.h"
50 : #include "secoidt.h"
51 : #include "nsWeakReference.h"
52 :
53 : class nsCertOverride
54 0 : {
55 : public:
56 :
57 : enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,
58 : ob_Time_error=4 };
59 :
60 0 : nsCertOverride()
61 : :mPort(-1)
62 0 : ,mOverrideBits(ob_None)
63 : {
64 0 : }
65 :
66 : nsCertOverride(const nsCertOverride &other)
67 : {
68 : this->operator=(other);
69 : }
70 :
71 0 : nsCertOverride &operator=(const nsCertOverride &other)
72 : {
73 0 : mAsciiHost = other.mAsciiHost;
74 0 : mPort = other.mPort;
75 0 : mIsTemporary = other.mIsTemporary;
76 0 : mFingerprintAlgOID = other.mFingerprintAlgOID;
77 0 : mFingerprint = other.mFingerprint;
78 0 : mOverrideBits = other.mOverrideBits;
79 0 : mDBKey = other.mDBKey;
80 0 : mCert = other.mCert;
81 0 : return *this;
82 : }
83 :
84 : nsCString mAsciiHost;
85 : PRInt32 mPort;
86 : bool mIsTemporary; // true: session only, false: stored on disk
87 : nsCString mFingerprint;
88 : nsCString mFingerprintAlgOID;
89 : OverrideBits mOverrideBits;
90 : nsCString mDBKey;
91 : nsCOMPtr <nsIX509Cert> mCert;
92 :
93 : static void convertBitsToString(OverrideBits ob, nsACString &str);
94 : static void convertStringToBits(const nsACString &str, OverrideBits &ob);
95 : };
96 :
97 :
98 : // hash entry class
99 : class nsCertOverrideEntry : public PLDHashEntryHdr
100 : {
101 : public:
102 : // Hash methods
103 : typedef const char* KeyType;
104 : typedef const char* KeyTypePointer;
105 :
106 : // do nothing with aHost - we require mHead to be set before we're live!
107 0 : nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
108 0 : {
109 0 : }
110 :
111 0 : nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)
112 0 : {
113 0 : mSettings = toCopy.mSettings;
114 0 : mHostWithPort = toCopy.mHostWithPort;
115 0 : }
116 :
117 0 : ~nsCertOverrideEntry()
118 0 : {
119 0 : }
120 :
121 : KeyType GetKey() const
122 : {
123 : return HostWithPortPtr();
124 : }
125 :
126 : KeyTypePointer GetKeyPointer() const
127 : {
128 : return HostWithPortPtr();
129 : }
130 :
131 0 : bool KeyEquals(KeyTypePointer aKey) const
132 : {
133 0 : return !strcmp(HostWithPortPtr(), aKey);
134 : }
135 :
136 0 : static KeyTypePointer KeyToPointer(KeyType aKey)
137 : {
138 0 : return aKey;
139 : }
140 :
141 0 : static PLDHashNumber HashKey(KeyTypePointer aKey)
142 : {
143 : // PL_DHashStringKey doesn't use the table parameter, so we can safely
144 : // pass nsnull
145 0 : return PL_DHashStringKey(nsnull, aKey);
146 : }
147 :
148 : enum { ALLOW_MEMMOVE = false };
149 :
150 : // get methods
151 : inline const nsCString &HostWithPort() const { return mHostWithPort; }
152 :
153 0 : inline KeyTypePointer HostWithPortPtr() const
154 : {
155 0 : return mHostWithPort.get();
156 : }
157 :
158 : nsCertOverride mSettings;
159 : nsCString mHostWithPort;
160 : };
161 :
162 : class nsCertOverrideService : public nsICertOverrideService
163 : , public nsIObserver
164 : , public nsSupportsWeakReference
165 : {
166 : public:
167 : NS_DECL_ISUPPORTS
168 : NS_DECL_NSICERTOVERRIDESERVICE
169 : NS_DECL_NSIOBSERVER
170 :
171 : nsCertOverrideService();
172 : ~nsCertOverrideService();
173 :
174 : nsresult Init();
175 : void RemoveAllTemporaryOverrides();
176 :
177 : typedef void
178 : (*PR_CALLBACK CertOverrideEnumerator)(const nsCertOverride &aSettings,
179 : void *aUserData);
180 :
181 : // aCert == null: return all overrides
182 : // aCert != null: return overrides that match the given cert
183 : nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
184 : CertOverrideEnumerator enumerator,
185 : void *aUserData);
186 :
187 : // Concates host name and the port number. If the port number is -1 then
188 : // port 443 is automatically used. This method ensures there is always a port
189 : // number separated with colon.
190 : static void GetHostWithPort(const nsACString & aHostName, PRInt32 aPort, nsACString& _retval);
191 :
192 : protected:
193 : mozilla::ReentrantMonitor monitor;
194 : nsCOMPtr<nsIFile> mSettingsFile;
195 : nsTHashtable<nsCertOverrideEntry> mSettingsTable;
196 :
197 : SECOidTag mOidTagForStoringNewHashes;
198 : nsCString mDottedOidForStoringNewHashes;
199 :
200 : void RemoveAllFromMemory();
201 : nsresult Read();
202 : nsresult Write();
203 : nsresult AddEntryToList(const nsACString &host, PRInt32 port,
204 : nsIX509Cert *aCert,
205 : const bool aIsTemporary,
206 : const nsACString &algo_oid,
207 : const nsACString &fingerprint,
208 : nsCertOverride::OverrideBits ob,
209 : const nsACString &dbKey);
210 : };
211 :
212 : #define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
213 : 0x67ba681d, \
214 : 0x5485, \
215 : 0x4fff, \
216 : {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6} \
217 : }
218 :
219 : #endif
|