1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 * This wraps nsSimpleURI so that all calls to it are done on the main thread.
9 #ifndef __nsStrictTransportSecurityService_h__
10 #define __nsStrictTransportSecurityService_h__
12 #include "nsIStrictTransportSecurityService.h"
13 #include "nsIObserver.h"
14 #include "nsIObserverService.h"
15 #include "nsIPermissionManager.h"
19 #include "nsTHashtable.h"
21 // {16955eee-6c48-4152-9309-c42a465138a1}
22 #define NS_STRICT_TRANSPORT_SECURITY_CID \
23 {0x16955eee, 0x6c48, 0x4152, \
24 {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
26 ////////////////////////////////////////////////////////////////////////////////
27 // nsSTSHostEntry - similar to the nsHostEntry class in
28 // nsPermissionManager.cpp, but specific to private-mode caching of STS
31 // Each nsSTSHostEntry contains:
32 // - Expiry time (PRTime, milliseconds)
33 // - Expired flag (bool, default false)
34 // - STS permission (uint32_t, default STS_UNSET)
35 // - Include subdomains flag (bool, default false)
37 // Note: the subdomains flag has no meaning if the STS permission is STS_UNSET.
39 // The existence of the nsSTSHostEntry implies STS state is set for the given
40 // host -- unless the expired flag is set, in which case not only is the STS
41 // state not set for the host, but any permission actually present in the
42 // permission manager should be ignored.
44 // Note: Only one expiry time is stored since the subdomains and STS
45 // permissions are both encountered at the same time in the HTTP header; if the
46 // includeSubdomains directive isn't present in the header, it means to delete
47 // the permission, so the subdomains flag in the nsSTSHostEntry means both that
48 // the permission doesn't exist and any permission in the real permission
49 // manager should be ignored since newer information about it has been
50 // encountered in private browsing mode.
52 // Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set
53 // for the host (including the subdomains permission) when the header is
54 // encountered. Furthermore, any user-set permissions are stored persistently
55 // and can't be shadowed.
57 class nsSTSHostEntry
: public PLDHashEntryHdr
60 explicit nsSTSHostEntry(const char* aHost
);
61 explicit nsSTSHostEntry(const nsSTSHostEntry
& toCopy
);
65 uint32_t mStsPermission
;
67 bool mIncludeSubdomains
;
70 typedef const char* KeyType
;
71 typedef const char* KeyTypePointer
;
73 KeyType
GetKey() const
78 bool KeyEquals(KeyTypePointer aKey
) const
80 return !strcmp(mHost
.get(), aKey
);
83 static KeyTypePointer
KeyToPointer(KeyType aKey
)
88 static PLDHashNumber
HashKey(KeyTypePointer aKey
)
90 return PL_DHashStringKey(nullptr, aKey
);
93 void SetExpireTime(PRTime aExpireTime
)
95 mExpireTime
= aExpireTime
;
101 // If mExpireTime is 0, this entry never expires (this is the case for
102 // knockout entries).
103 // If we've already expired or we never expire, return early.
104 if (mExpired
|| mExpireTime
== 0) {
108 PRTime now
= PR_Now() / PR_USEC_PER_MSEC
;
109 if (now
> mExpireTime
) {
116 // force the hashtable to use the copy constructor.
117 enum { ALLOW_MEMMOVE
= false };
119 ////////////////////////////////////////////////////////////////////////////////
123 class nsStrictTransportSecurityService
: public nsIStrictTransportSecurityService
129 NS_DECL_NSISTRICTTRANSPORTSECURITYSERVICE
131 nsStrictTransportSecurityService();
133 virtual ~nsStrictTransportSecurityService();
136 nsresult
GetHost(nsIURI
*aURI
, nsACString
&aResult
);
137 nsresult
GetPrincipalForURI(nsIURI
*aURI
, nsIPrincipal
**aPrincipal
);
138 nsresult
SetStsState(nsIURI
* aSourceURI
, int64_t maxage
, bool includeSubdomains
);
139 nsresult
ProcessStsHeaderMutating(nsIURI
* aSourceURI
, char* aHeader
);
140 const nsSTSPreload
*GetPreloadListEntry(const char *aHost
);
142 // private-mode-preserving permission manager overlay functions
143 nsresult
AddPermission(nsIURI
*aURI
,
145 uint32_t aPermission
,
146 uint32_t aExpireType
,
147 int64_t aExpireTime
);
148 nsresult
RemovePermission(const nsCString
&aHost
,
152 nsCOMPtr
<nsIPermissionManager
> mPermMgr
;
153 nsCOMPtr
<nsIObserverService
> mObserverService
;
156 nsTHashtable
<nsSTSHostEntry
> mPrivateModeHostTable
;
159 #endif // __nsStrictTransportSecurityService_h__