The Tor Browser / file comparison

comparison: security/manager/boot/src/nsSiteSecurityService.h

security/manager/boot/src/nsSiteSecurityService.h

branch
TOR_BUG_9701
changeset 15
b8a032363ba2
equal deleted inserted replaced
-1:000000000000 0:c7dbb43b0ec0
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 /**
6 * This wraps nsSimpleURI so that all calls to it are done on the main thread.
7 */
8
9 #ifndef __nsSiteSecurityService_h__
10 #define __nsSiteSecurityService_h__
11
12 #include "nsISiteSecurityService.h"
13 #include "nsIObserver.h"
14 #include "nsIObserverService.h"
15 #include "nsIPermissionManager.h"
16 #include "nsCOMPtr.h"
17 #include "nsIURI.h"
18 #include "nsString.h"
19 #include "nsTHashtable.h"
20 #include "prtime.h"
21
22 // {16955eee-6c48-4152-9309-c42a465138a1}
23 #define NS_SITE_SECURITY_SERVICE_CID \
24 {0x16955eee, 0x6c48, 0x4152, \
25 {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
26
27 ////////////////////////////////////////////////////////////////////////////////
28 // nsSSSHostEntry - similar to the nsHostEntry class in
29 // nsPermissionManager.cpp, but specific to private-mode caching of STS
30 // permissions.
31 //
32 // Each nsSSSHostEntry contains:
33 // - Expiry time (PRTime, milliseconds)
34 // - Expired flag (bool, default false)
35 // - STS permission (uint32_t, default STS_UNSET)
36 // - Include subdomains flag (bool, default false)
37 //
38 // Note: the subdomains flag has no meaning if the STS permission is STS_UNSET.
39 //
40 // The existence of the nsSSSHostEntry implies STS state is set for the given
41 // host -- unless the expired flag is set, in which case not only is the STS
42 // state not set for the host, but any permission actually present in the
43 // permission manager should be ignored.
44 //
45 // Note: Only one expiry time is stored since the subdomains and STS
46 // permissions are both encountered at the same time in the HTTP header; if the
47 // includeSubdomains directive isn't present in the header, it means to delete
48 // the permission, so the subdomains flag in the nsSSSHostEntry means both that
49 // the permission doesn't exist and any permission in the real permission
50 // manager should be ignored since newer information about it has been
51 // encountered in private browsing mode.
52 //
53 // Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set
54 // for the host (including the subdomains permission) when the header is
55 // encountered. Furthermore, any user-set permissions are stored persistently
56 // and can't be shadowed.
57
58 class nsSSSHostEntry : public PLDHashEntryHdr
59 {
60 public:
61 explicit nsSSSHostEntry(const char* aHost);
62 explicit nsSSSHostEntry(const nsSSSHostEntry& toCopy);
63
64 nsCString mHost;
65 PRTime mExpireTime;
66 uint32_t mStsPermission;
67 bool mExpired;
68 bool mIncludeSubdomains;
69
70 // Hash methods
71 typedef const char* KeyType;
72 typedef const char* KeyTypePointer;
73
74 KeyType GetKey() const
75 {
76 return mHost.get();
77 }
78
79 bool KeyEquals(KeyTypePointer aKey) const
80 {
81 return !strcmp(mHost.get(), aKey);
82 }
83
84 static KeyTypePointer KeyToPointer(KeyType aKey)
85 {
86 return aKey;
87 }
88
89 static PLDHashNumber HashKey(KeyTypePointer aKey)
90 {
91 return PL_DHashStringKey(nullptr, aKey);
92 }
93
94 void SetExpireTime(PRTime aExpireTime)
95 {
96 mExpireTime = aExpireTime;
97 mExpired = false;
98 }
99
100 bool IsExpired()
101 {
102 // If mExpireTime is 0, this entry never expires (this is the case for
103 // knockout entries).
104 // If we've already expired or we never expire, return early.
105 if (mExpired || mExpireTime == 0) {
106 return mExpired;
107 }
108
109 PRTime now = PR_Now() / PR_USEC_PER_MSEC;
110 if (now > mExpireTime) {
111 mExpired = true;
112 }
113
114 return mExpired;
115 }
116
117 // force the hashtable to use the copy constructor.
118 enum { ALLOW_MEMMOVE = false };
119 };
120 ////////////////////////////////////////////////////////////////////////////////
121
122 class nsSTSPreload;
123
124 class nsSiteSecurityService : public nsISiteSecurityService
125 , public nsIObserver
126 {
127 public:
128 NS_DECL_THREADSAFE_ISUPPORTS
129 NS_DECL_NSIOBSERVER
130 NS_DECL_NSISITESECURITYSERVICE
131
132 nsSiteSecurityService();
133 nsresult Init();
134 virtual ~nsSiteSecurityService();
135
136 private:
137 nsresult GetHost(nsIURI *aURI, nsACString &aResult);
138 nsresult GetPrincipalForURI(nsIURI *aURI, nsIPrincipal **aPrincipal);
139 nsresult SetState(uint32_t aType, nsIURI* aSourceURI, int64_t maxage,
140 bool includeSubdomains, uint32_t flags);
141 nsresult ProcessHeaderMutating(uint32_t aType, nsIURI* aSourceURI,
142 char* aHeader, uint32_t flags,
143 uint64_t *aMaxAge, bool *aIncludeSubdomains);
144 const nsSTSPreload *GetPreloadListEntry(const char *aHost);
145
146 // private-mode-preserving permission manager overlay functions
147 nsresult AddPermission(nsIURI *aURI,
148 const char *aType,
149 uint32_t aPermission,
150 uint32_t aExpireType,
151 int64_t aExpireTime,
152 bool aIsPrivate);
153 nsresult RemovePermission(const nsCString &aHost,
154 const char *aType,
155 bool aIsPrivate);
156
157 // cached services
158 nsCOMPtr<nsIPermissionManager> mPermMgr;
159 nsCOMPtr<nsIObserverService> mObserverService;
160
161 nsTHashtable<nsSSSHostEntry> mPrivateModeHostTable;
162 bool mUsePreloadList;
163 };
164
165 #endif // __nsSiteSecurityService_h__

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial