security/manager/boot/src/nsStrictTransportSecurityService.h

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 /**
   6  * This wraps nsSimpleURI so that all calls to it are done on the main thread.
   7  */
   8
   9 #ifndef __nsStrictTransportSecurityService_h__
  10 #define __nsStrictTransportSecurityService_h__
  11
  12 #include "nsIStrictTransportSecurityService.h"
  13 #include "nsIObserver.h"
  14 #include "nsIObserverService.h"
  15 #include "nsIPermissionManager.h"
  16 #include "nsCOMPtr.h"
  17 #include "nsIURI.h"
  18 #include "nsString.h"
  19 #include "nsTHashtable.h"
  20
  21 // {16955eee-6c48-4152-9309-c42a465138a1}
  22 #define NS_STRICT_TRANSPORT_SECURITY_CID \
  23   {0x16955eee, 0x6c48, 0x4152, \
  24     {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
  25
  26 ////////////////////////////////////////////////////////////////////////////////
  27 // nsSTSHostEntry - similar to the nsHostEntry class in
  28 // nsPermissionManager.cpp, but specific to private-mode caching of STS
  29 // permissions.
  30 //
  31 // Each nsSTSHostEntry contains:
  32 //  - Expiry time (PRTime, milliseconds)
  33 //  - Expired flag (bool, default false)
  34 //  - STS permission (uint32_t, default STS_UNSET)
  35 //  - Include subdomains flag (bool, default false)
  36 //
  37 // Note: the subdomains flag has no meaning if the STS permission is STS_UNSET.
  38 //
  39 // The existence of the nsSTSHostEntry implies STS state is set for the given
  40 // host -- unless the expired flag is set, in which case not only is the STS
  41 // state not set for the host, but any permission actually present in the
  42 // permission manager should be ignored.
  43 //
  44 // Note: Only one expiry time is stored since the subdomains and STS
  45 // permissions are both encountered at the same time in the HTTP header; if the
  46 // includeSubdomains directive isn't present in the header, it means to delete
  47 // the permission, so the subdomains flag in the nsSTSHostEntry means both that
  48 // the permission doesn't exist and any permission in the real permission
  49 // manager should be ignored since newer information about it has been
  50 // encountered in private browsing mode.
  51 //
  52 // Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set
  53 // for the host (including the subdomains permission) when the header is
  54 // encountered.  Furthermore, any user-set permissions are stored persistently
  55 // and can't be shadowed.
  56
  57 class nsSTSHostEntry : public PLDHashEntryHdr
  58 {
  59   public:
  60     explicit nsSTSHostEntry(const char* aHost);
  61     explicit nsSTSHostEntry(const nsSTSHostEntry& toCopy);
  62
  63     nsCString    mHost;
  64     PRTime       mExpireTime;
  65     uint32_t     mStsPermission;
  66     bool         mExpired;
  67     bool         mIncludeSubdomains;
  68
  69     // Hash methods
  70     typedef const char* KeyType;
  71     typedef const char* KeyTypePointer;
  72
  73     KeyType GetKey() const
  74     {
  75       return mHost.get();
  76     }
  77
  78     bool KeyEquals(KeyTypePointer aKey) const
  79     {
  80       return !strcmp(mHost.get(), aKey);
  81     }
  82
  83     static KeyTypePointer KeyToPointer(KeyType aKey)
  84     {
  85       return aKey;
  86     }
  87
  88     static PLDHashNumber HashKey(KeyTypePointer aKey)
  89     {
  90       return PL_DHashStringKey(nullptr, aKey);
  91     }
  92
  93     void SetExpireTime(PRTime aExpireTime)
  94     {
  95       mExpireTime = aExpireTime;
  96       mExpired = false;
  97     }
  98
  99     bool IsExpired()
 100     {
 101       // If mExpireTime is 0, this entry never expires (this is the case for
 102       // knockout entries).
 103       // If we've already expired or we never expire, return early.
 104       if (mExpired || mExpireTime == 0) {
 105         return mExpired;
 106       }
 107
 108       PRTime now = PR_Now() / PR_USEC_PER_MSEC;
 109       if (now > mExpireTime) {
 110         mExpired = true;
 111       }
 112
 113       return mExpired;
 114     }
 115
 116     // force the hashtable to use the copy constructor.
 117     enum { ALLOW_MEMMOVE = false };
 118 };
 119 ////////////////////////////////////////////////////////////////////////////////
 120
 121 class nsSTSPreload;
 122
 123 class nsStrictTransportSecurityService : public nsIStrictTransportSecurityService
 124                                        , public nsIObserver
 125 {
 126 public:
 127   NS_DECL_ISUPPORTS
 128   NS_DECL_NSIOBSERVER
 129   NS_DECL_NSISTRICTTRANSPORTSECURITYSERVICE
 130
 131   nsStrictTransportSecurityService();
 132   nsresult Init();
 133   virtual ~nsStrictTransportSecurityService();
 134
 135 private:
 136   nsresult GetHost(nsIURI *aURI, nsACString &aResult);
 137   nsresult GetPrincipalForURI(nsIURI *aURI, nsIPrincipal **aPrincipal);
 138   nsresult SetStsState(nsIURI* aSourceURI, int64_t maxage, bool includeSubdomains);
 139   nsresult ProcessStsHeaderMutating(nsIURI* aSourceURI, char* aHeader);
 140   const nsSTSPreload *GetPreloadListEntry(const char *aHost);
 141
 142   // private-mode-preserving permission manager overlay functions
 143   nsresult AddPermission(nsIURI     *aURI,
 144                          const char *aType,
 145                          uint32_t   aPermission,
 146                          uint32_t   aExpireType,
 147                          int64_t    aExpireTime);
 148   nsresult RemovePermission(const nsCString  &aHost,
 149                             const char       *aType);
 150
 151   // cached services
 152   nsCOMPtr<nsIPermissionManager> mPermMgr;
 153   nsCOMPtr<nsIObserverService> mObserverService;
 154
 155   bool mInPrivateMode;
 156   nsTHashtable<nsSTSHostEntry> mPrivateModeHostTable;
 157 };
 158
 159 #endif // __nsStrictTransportSecurityService_h__