• file
• revisions
• annotate
• diff
• comparison
• raw

security/manager/boot/src/nsSiteSecurityService.h@b8a032363ba2 (annotated)

security/manager/boot/src/nsSiteSecurityService.h

Thu, 22 Jan 2015 13:21:57 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Thu, 22 Jan 2015 13:21:57 +0100

branch

TOR_BUG_9701

changeset 15

b8a032363ba2

permissions

-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0	1	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	2	* License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	4
michael@0	5	/**
michael@0	6	* This wraps nsSimpleURI so that all calls to it are done on the main thread.
michael@0	7	*/
michael@0	8
michael@0	9	#ifndef __nsSiteSecurityService_h__
michael@0	10	#define __nsSiteSecurityService_h__
michael@0	11
michael@0	12	#include "nsISiteSecurityService.h"
michael@0	13	#include "nsIObserver.h"
michael@0	14	#include "nsIObserverService.h"
michael@0	15	#include "nsIPermissionManager.h"
michael@0	16	#include "nsCOMPtr.h"
michael@0	17	#include "nsIURI.h"
michael@0	18	#include "nsString.h"
michael@0	19	#include "nsTHashtable.h"
michael@0	20	#include "prtime.h"
michael@0	21
michael@0	22	// {16955eee-6c48-4152-9309-c42a465138a1}
michael@0	23	#define NS_SITE_SECURITY_SERVICE_CID \
michael@0	24	{0x16955eee, 0x6c48, 0x4152, \
michael@0	25	{0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
michael@0	26
michael@0	27	////////////////////////////////////////////////////////////////////////////////
michael@0	28	// nsSSSHostEntry - similar to the nsHostEntry class in
michael@0	29	// nsPermissionManager.cpp, but specific to private-mode caching of STS
michael@0	30	// permissions.
michael@0	31	//
michael@0	32	// Each nsSSSHostEntry contains:
michael@0	33	// - Expiry time (PRTime, milliseconds)
michael@0	34	// - Expired flag (bool, default false)
michael@0	35	// - STS permission (uint32_t, default STS_UNSET)
michael@0	36	// - Include subdomains flag (bool, default false)
michael@0	37	//
michael@0	38	// Note: the subdomains flag has no meaning if the STS permission is STS_UNSET.
michael@0	39	//
michael@0	40	// The existence of the nsSSSHostEntry implies STS state is set for the given
michael@0	41	// host -- unless the expired flag is set, in which case not only is the STS
michael@0	42	// state not set for the host, but any permission actually present in the
michael@0	43	// permission manager should be ignored.
michael@0	44	//
michael@0	45	// Note: Only one expiry time is stored since the subdomains and STS
michael@0	46	// permissions are both encountered at the same time in the HTTP header; if the
michael@0	47	// includeSubdomains directive isn't present in the header, it means to delete
michael@0	48	// the permission, so the subdomains flag in the nsSSSHostEntry means both that
michael@0	49	// the permission doesn't exist and any permission in the real permission
michael@0	50	// manager should be ignored since newer information about it has been
michael@0	51	// encountered in private browsing mode.
michael@0	52	//
michael@0	53	// Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set
michael@0	54	// for the host (including the subdomains permission) when the header is
michael@0	55	// encountered. Furthermore, any user-set permissions are stored persistently
michael@0	56	// and can't be shadowed.
michael@0	57
michael@0	58	class nsSSSHostEntry : public PLDHashEntryHdr
michael@0	59	{
michael@0	60	public:
michael@0	61	explicit nsSSSHostEntry(const char* aHost);
michael@0	62	explicit nsSSSHostEntry(const nsSSSHostEntry& toCopy);
michael@0	63
michael@0	64	nsCString mHost;
michael@0	65	PRTime mExpireTime;
michael@0	66	uint32_t mStsPermission;
michael@0	67	bool mExpired;
michael@0	68	bool mIncludeSubdomains;
michael@0	69
michael@0	70	// Hash methods
michael@0	71	typedef const char* KeyType;
michael@0	72	typedef const char* KeyTypePointer;
michael@0	73
michael@0	74	KeyType GetKey() const
michael@0	75	{
michael@0	76	return mHost.get();
michael@0	77	}
michael@0	78
michael@0	79	bool KeyEquals(KeyTypePointer aKey) const
michael@0	80	{
michael@0	81	return !strcmp(mHost.get(), aKey);
michael@0	82	}
michael@0	83
michael@0	84	static KeyTypePointer KeyToPointer(KeyType aKey)
michael@0	85	{
michael@0	86	return aKey;
michael@0	87	}
michael@0	88
michael@0	89	static PLDHashNumber HashKey(KeyTypePointer aKey)
michael@0	90	{
michael@0	91	return PL_DHashStringKey(nullptr, aKey);
michael@0	92	}
michael@0	93
michael@0	94	void SetExpireTime(PRTime aExpireTime)
michael@0	95	{
michael@0	96	mExpireTime = aExpireTime;
michael@0	97	mExpired = false;
michael@0	98	}
michael@0	99
michael@0	100	bool IsExpired()
michael@0	101	{
michael@0	102	// If mExpireTime is 0, this entry never expires (this is the case for
michael@0	103	// knockout entries).
michael@0	104	// If we've already expired or we never expire, return early.
michael@0	105	if (mExpired || mExpireTime == 0) {
michael@0	106	return mExpired;
michael@0	107	}
michael@0	108
michael@0	109	PRTime now = PR_Now() / PR_USEC_PER_MSEC;
michael@0	110	if (now > mExpireTime) {
michael@0	111	mExpired = true;
michael@0	112	}
michael@0	113
michael@0	114	return mExpired;
michael@0	115	}
michael@0	116
michael@0	117	// force the hashtable to use the copy constructor.
michael@0	118	enum { ALLOW_MEMMOVE = false };
michael@0	119	};
michael@0	120	////////////////////////////////////////////////////////////////////////////////
michael@0	121
michael@0	122	class nsSTSPreload;
michael@0	123
michael@0	124	class nsSiteSecurityService : public nsISiteSecurityService
michael@0	125	, public nsIObserver
michael@0	126	{
michael@0	127	public:
michael@0	128	NS_DECL_THREADSAFE_ISUPPORTS
michael@0	129	NS_DECL_NSIOBSERVER
michael@0	130	NS_DECL_NSISITESECURITYSERVICE
michael@0	131
michael@0	132	nsSiteSecurityService();
michael@0	133	nsresult Init();
michael@0	134	virtual ~nsSiteSecurityService();
michael@0	135
michael@0	136	private:
michael@0	137	nsresult GetHost(nsIURI *aURI, nsACString &aResult);
michael@0	138	nsresult GetPrincipalForURI(nsIURI *aURI, nsIPrincipal **aPrincipal);
michael@0	139	nsresult SetState(uint32_t aType, nsIURI* aSourceURI, int64_t maxage,
michael@0	140	bool includeSubdomains, uint32_t flags);
michael@0	141	nsresult ProcessHeaderMutating(uint32_t aType, nsIURI* aSourceURI,
michael@0	142	char* aHeader, uint32_t flags,
michael@0	143	uint64_t *aMaxAge, bool *aIncludeSubdomains);
michael@0	144	const nsSTSPreload *GetPreloadListEntry(const char *aHost);
michael@0	145
michael@0	146	// private-mode-preserving permission manager overlay functions
michael@0	147	nsresult AddPermission(nsIURI *aURI,
michael@0	148	const char *aType,
michael@0	149	uint32_t aPermission,
michael@0	150	uint32_t aExpireType,
michael@0	151	int64_t aExpireTime,
michael@0	152	bool aIsPrivate);
michael@0	153	nsresult RemovePermission(const nsCString &aHost,
michael@0	154	const char *aType,
michael@0	155	bool aIsPrivate);
michael@0	156
michael@0	157	// cached services
michael@0	158	nsCOMPtr<nsIPermissionManager> mPermMgr;
michael@0	159	nsCOMPtr<nsIObserverService> mObserverService;
michael@0	160
michael@0	161	nsTHashtable<nsSSSHostEntry> mPrivateModeHostTable;
michael@0	162	bool mUsePreloadList;
michael@0	163	};
michael@0	164
michael@0	165	#endif // __nsSiteSecurityService_h__