search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1935611 - Fix libyuv/libpng link failed for loongarch64. r=glandium,tnikkel,ng
[gecko.git] / security / manager / ssl / nsSiteSecurityService.h
blobf5de35936a4992044bf0c1599ae97e16b8e9b75a
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef __nsSiteSecurityService_h__
6 #define __nsSiteSecurityService_h__
7
8 #include "mozilla/BasePrincipal.h"
9 #include "mozilla/Dafsa.h"
10 #include "mozilla/RefPtr.h"
11 #include "nsCOMPtr.h"
12 #include "nsIDataStorage.h"
13 #include "nsIObserver.h"
14 #include "nsISiteSecurityService.h"
15 #include "nsString.h"
16 #include "nsTArray.h"
17 #include "mozpkix/pkixtypes.h"
18 #include "prtime.h"
19
20 class nsIURI;
21
22 using mozilla::OriginAttributes;
23
24 // {16955eee-6c48-4152-9309-c42a465138a1}
25 #define NS_SITE_SECURITY_SERVICE_CID \
26 { \
27 0x16955eee, 0x6c48, 0x4152, { \
28 0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1 \
29 } \
30 }
31
32 /**
33 * SecurityPropertyState: A utility enum for representing the different states
34 * a security property can be in.
35 * SecurityPropertySet and SecurityPropertyUnset correspond to indicating
36 * a site has or does not have the security property in question, respectively.
37 * SecurityPropertyKnockout indicates a value on a preloaded list is being
38 * overridden, and the associated site does not have the security property
39 * in question.
40 */
41 enum SecurityPropertyState {
42 SecurityPropertyUnset = 0,
43 SecurityPropertySet = 1,
44 SecurityPropertyKnockout = 2,
45 };
46
47 /**
48 * SiteHSTSState: A utility class that encodes/decodes a string describing
49 * the security state of a site. Currently only handles HSTS.
50 * HSTS state consists of:
51 * - Hostname (nsCString)
52 * - Origin attributes (OriginAttributes)
53 * - Expiry time (PRTime (aka int64_t) in milliseconds)
54 * - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
55 * - An include subdomains flag (bool, default false)
56 */
57 class SiteHSTSState {
58 public:
59 SiteHSTSState(const nsCString& aHost,
60 const OriginAttributes& aOriginAttributes,
61 const nsCString& aStateString);
62 SiteHSTSState(const nsCString& aHost,
63 const OriginAttributes& aOriginAttributes,
64 PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
65 bool aHSTSIncludeSubdomains);
66
67 nsCString mHostname;
68 OriginAttributes mOriginAttributes;
69 PRTime mHSTSExpireTime;
70 SecurityPropertyState mHSTSState;
71 bool mHSTSIncludeSubdomains;
72
73 bool IsExpired() {
74 // If mHSTSExpireTime is 0, this entry never expires (this is the case for
75 // knockout entries).
76 if (mHSTSExpireTime == 0) {
77 return false;
78 }
79
80 PRTime now = PR_Now() / PR_USEC_PER_MSEC;
81 if (now > mHSTSExpireTime) {
82 return true;
83 }
84
85 return false;
86 }
87
88 void ToString(nsCString& aString);
89 };
90
91 struct nsSTSPreload;
92
93 class nsSiteSecurityService : public nsISiteSecurityService,
94 public nsIObserver {
95 public:
96 NS_DECL_THREADSAFE_ISUPPORTS
97 NS_DECL_NSIOBSERVER
98 NS_DECL_NSISITESECURITYSERVICE
99
100 nsSiteSecurityService();
101 nsresult Init();
102
103 static nsresult GetHost(nsIURI* aURI, nsACString& aResult);
104 static bool HostIsIPAddress(const nsCString& hostname);
105
106 protected:
107 virtual ~nsSiteSecurityService();
108
109 private:
110 nsresult SetHSTSState(const char* aHost, int64_t maxage,
111 bool includeSubdomains,
112 SecurityPropertyState aHSTSState,
113 const OriginAttributes& aOriginAttributes);
114 nsresult ProcessHeaderInternal(nsIURI* aSourceURI, const nsCString& aHeader,
115 const OriginAttributes& aOriginAttributes,
116 uint64_t* aMaxAge, bool* aIncludeSubdomains,
117 uint32_t* aFailureResult);
118 nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
119 const OriginAttributes& aOriginAttributes,
120 uint64_t* aMaxAge, bool* aIncludeSubdomains,
121 uint32_t* aFailureResult);
122 nsresult MarkHostAsNotHSTS(const nsAutoCString& aHost,
123 const OriginAttributes& aOriginAttributes);
124 nsresult ResetStateInternal(nsIURI* aURI,
125 const OriginAttributes& aOriginAttributes,
126 nsISiteSecurityService::ResetStateBy aScope);
127 void ResetStateForExactDomain(const nsCString& aHostname,
128 const OriginAttributes& aOriginAttributes);
129 nsresult HostMatchesHSTSEntry(const nsAutoCString& aHost,
130 bool aRequireIncludeSubdomains,
131 const OriginAttributes& aOriginAttributes,
132 bool& aHostMatchesHSTSEntry);
133 bool GetPreloadStatus(
134 const nsACString& aHost,
135 /*optional out*/ bool* aIncludeSubdomains = nullptr) const;
136 nsresult IsSecureHost(const nsACString& aHost,
137 const OriginAttributes& aOriginAttributes,
138 bool* aResult);
139
140 nsresult GetWithMigration(const nsACString& aHostname,
141 const OriginAttributes& aOriginAttributes,
142 nsIDataStorage::DataType aDataStorageType,
143 nsACString& aValue);
144 nsresult PutWithMigration(const nsACString& aHostname,
145 const OriginAttributes& aOriginAttributes,
146 nsIDataStorage::DataType aDataStorageType,
147 const nsACString& aStateString);
148 nsresult RemoveWithMigration(const nsACString& aHostname,
149 const OriginAttributes& aOriginAttributes,
150 nsIDataStorage::DataType aDataStorageType);
151
152 bool mUsePreloadList;
153 int64_t mPreloadListTimeOffset;
154 nsCOMPtr<nsIDataStorage> mSiteStateStorage;
155 const mozilla::Dafsa mDafsa;
156 };
157
158 #endif // __nsSiteSecurityService_h__