security/manager/ssl/nsCertOverrideService.h

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
   2  *
   3  * This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef nsCertOverrideService_h
   8 #define nsCertOverrideService_h
   9
  10 #include <utility>
  11
  12 #include "mozilla/HashFunctions.h"
  13 #include "mozilla/Mutex.h"
  14 #include "mozilla/OriginAttributes.h"
  15 #include "mozilla/TaskQueue.h"
  16 #include "nsIAsyncShutdown.h"
  17 #include "nsICertOverrideService.h"
  18 #include "nsIFile.h"
  19 #include "nsIObserver.h"
  20 #include "nsString.h"
  21 #include "nsTHashtable.h"
  22 #include "nsWeakReference.h"
  23 #include "secoidt.h"
  24
  25 class nsCertOverride final : public nsICertOverride {
  26  public:
  27   NS_DECL_THREADSAFE_ISUPPORTS
  28   NS_DECL_NSICERTOVERRIDE
  29
  30   nsCertOverride() : mPort(-1), mIsTemporary(false) {}
  31
  32   nsCString mAsciiHost;
  33   int32_t mPort;
  34   mozilla::OriginAttributes mOriginAttributes;
  35   bool mIsTemporary;  // true: session only, false: stored on disk
  36   nsCString mFingerprint;
  37
  38  private:
  39   ~nsCertOverride() = default;
  40 };
  41
  42 // hash entry class
  43 class nsCertOverrideEntry final : public PLDHashEntryHdr {
  44  public:
  45   // Hash methods
  46   typedef const char* KeyType;
  47   typedef const char* KeyTypePointer;
  48
  49   // do nothing with aHost - we require mHead to be set before we're live!
  50   explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8) {}
  51
  52   nsCertOverrideEntry(nsCertOverrideEntry&& toMove)
  53       : PLDHashEntryHdr(std::move(toMove)),
  54         mSettings(std::move(toMove.mSettings)),
  55         mKeyString(std::move(toMove.mKeyString)) {}
  56
  57   ~nsCertOverrideEntry() = default;
  58
  59   KeyType GetKey() const { return KeyStringPtr(); }
  60
  61   KeyTypePointer GetKeyPointer() const { return KeyStringPtr(); }
  62
  63   bool KeyEquals(KeyTypePointer aKey) const {
  64     return !strcmp(KeyStringPtr(), aKey);
  65   }
  66
  67   static KeyTypePointer KeyToPointer(KeyType aKey) { return aKey; }
  68
  69   static PLDHashNumber HashKey(KeyTypePointer aKey) {
  70     return mozilla::HashString(aKey);
  71   }
  72
  73   enum { ALLOW_MEMMOVE = false };
  74
  75   // get methods
  76   inline const nsCString& KeyString() const { return mKeyString; }
  77
  78   inline KeyTypePointer KeyStringPtr() const { return mKeyString.get(); }
  79
  80   RefPtr<nsCertOverride> mSettings;
  81   nsCString mKeyString;
  82 };
  83
  84 class nsCertOverrideService final : public nsICertOverrideService,
  85                                     public nsIObserver,
  86                                     public nsSupportsWeakReference,
  87                                     public nsIAsyncShutdownBlocker {
  88  public:
  89   NS_DECL_THREADSAFE_ISUPPORTS
  90   NS_DECL_NSICERTOVERRIDESERVICE
  91   NS_DECL_NSIOBSERVER
  92   NS_DECL_NSIASYNCSHUTDOWNBLOCKER
  93
  94   nsCertOverrideService();
  95
  96   nsresult Init();
  97   void RemoveAllTemporaryOverrides();
  98
  99   // Concatenates host name and the port number. If the port number is -1 then
 100   // port 443 is automatically used. This method ensures there is always a port
 101   // number separated with colon.
 102   static void GetHostWithPort(const nsACString& aHostName, int32_t aPort,
 103                               nsACString& aRetval);
 104
 105   // Concatenates host name, port number, and origin attributes.
 106   static void GetKeyString(const nsACString& aHostName, int32_t aPort,
 107                            const mozilla::OriginAttributes& aOriginAttributes,
 108                            nsACString& aRetval);
 109
 110   void AssertOnTaskQueue() const {
 111     MOZ_ASSERT(mWriterTaskQueue->IsOnCurrentThread());
 112   }
 113
 114   void RemoveShutdownBlocker();
 115
 116  private:
 117   ~nsCertOverrideService();
 118
 119   mozilla::Mutex mMutex;
 120   bool mDisableAllSecurityCheck MOZ_GUARDED_BY(mMutex);
 121   nsCOMPtr<nsIFile> mSettingsFile MOZ_GUARDED_BY(mMutex);
 122   nsTHashtable<nsCertOverrideEntry> mSettingsTable MOZ_GUARDED_BY(mMutex);
 123
 124   void CountPermanentOverrideTelemetry(
 125       const mozilla::MutexAutoLock& aProofOfLock);
 126
 127   nsresult Read(const mozilla::MutexAutoLock& aProofOfLock);
 128   nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
 129   nsresult AddEntryToList(const nsACString& host, int32_t port,
 130                           const mozilla::OriginAttributes& aOriginAttributes,
 131                           const bool aIsTemporary,
 132                           const nsACString& fingerprint,
 133                           const mozilla::MutexAutoLock& aProofOfLock);
 134   already_AddRefed<nsCertOverride> GetOverrideFor(
 135       const nsACString& aHostName, int32_t aPort,
 136       const mozilla::OriginAttributes& aOriginAttributes);
 137
 138   // Set in constructor only
 139   RefPtr<mozilla::TaskQueue> mWriterTaskQueue;
 140
 141   // Only accessed on the main thread
 142   uint64_t mPendingWriteCount;
 143 };
 144
 145 #define NS_CERTOVERRIDE_CID                          \
 146   { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */       \
 147     0x67ba681d, 0x5485, 0x4fff, {                    \
 148       0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6 \
 149     }                                                \
 150   }
 151
 152 #endif  // nsCertOverrideService_h