The Tor Browser / file comparison

comparison: security/manager/ssl/src/nsCertOverrideService.h

security/manager/ssl/src/nsCertOverrideService.h

branch
TOR_BUG_9701
changeset 15
b8a032363ba2
equal deleted inserted replaced
-1:000000000000 0:6ef445bc83d3
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef __NSCERTOVERRIDESERVICE_H__
8 #define __NSCERTOVERRIDESERVICE_H__
9
10 #include "mozilla/ReentrantMonitor.h"
11 #include "nsICertOverrideService.h"
12 #include "nsTHashtable.h"
13 #include "nsIObserver.h"
14 #include "nsString.h"
15 #include "nsIFile.h"
16 #include "secoidt.h"
17 #include "nsWeakReference.h"
18 #include "mozilla/Attributes.h"
19
20 class nsCertOverride
21 {
22 public:
23
24 enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,
25 ob_Time_error=4 };
26
27 nsCertOverride()
28 :mPort(-1)
29 ,mOverrideBits(ob_None)
30 {
31 }
32
33 nsCertOverride(const nsCertOverride &other)
34 {
35 this->operator=(other);
36 }
37
38 nsCertOverride &operator=(const nsCertOverride &other)
39 {
40 mAsciiHost = other.mAsciiHost;
41 mPort = other.mPort;
42 mIsTemporary = other.mIsTemporary;
43 mFingerprintAlgOID = other.mFingerprintAlgOID;
44 mFingerprint = other.mFingerprint;
45 mOverrideBits = other.mOverrideBits;
46 mDBKey = other.mDBKey;
47 mCert = other.mCert;
48 return *this;
49 }
50
51 nsCString mAsciiHost;
52 int32_t mPort;
53 bool mIsTemporary; // true: session only, false: stored on disk
54 nsCString mFingerprint;
55 nsCString mFingerprintAlgOID;
56 OverrideBits mOverrideBits;
57 nsCString mDBKey;
58 nsCOMPtr <nsIX509Cert> mCert;
59
60 static void convertBitsToString(OverrideBits ob, nsACString &str);
61 static void convertStringToBits(const nsACString &str, OverrideBits &ob);
62 };
63
64
65 // hash entry class
66 class nsCertOverrideEntry MOZ_FINAL : public PLDHashEntryHdr
67 {
68 public:
69 // Hash methods
70 typedef const char* KeyType;
71 typedef const char* KeyTypePointer;
72
73 // do nothing with aHost - we require mHead to be set before we're live!
74 nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
75 {
76 }
77
78 nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)
79 {
80 mSettings = toCopy.mSettings;
81 mHostWithPort = toCopy.mHostWithPort;
82 }
83
84 ~nsCertOverrideEntry()
85 {
86 }
87
88 KeyType GetKey() const
89 {
90 return HostWithPortPtr();
91 }
92
93 KeyTypePointer GetKeyPointer() const
94 {
95 return HostWithPortPtr();
96 }
97
98 bool KeyEquals(KeyTypePointer aKey) const
99 {
100 return !strcmp(HostWithPortPtr(), aKey);
101 }
102
103 static KeyTypePointer KeyToPointer(KeyType aKey)
104 {
105 return aKey;
106 }
107
108 static PLDHashNumber HashKey(KeyTypePointer aKey)
109 {
110 // PL_DHashStringKey doesn't use the table parameter, so we can safely
111 // pass nullptr
112 return PL_DHashStringKey(nullptr, aKey);
113 }
114
115 enum { ALLOW_MEMMOVE = false };
116
117 // get methods
118 inline const nsCString &HostWithPort() const { return mHostWithPort; }
119
120 inline KeyTypePointer HostWithPortPtr() const
121 {
122 return mHostWithPort.get();
123 }
124
125 nsCertOverride mSettings;
126 nsCString mHostWithPort;
127 };
128
129 class nsCertOverrideService MOZ_FINAL : public nsICertOverrideService
130 , public nsIObserver
131 , public nsSupportsWeakReference
132 {
133 public:
134 NS_DECL_THREADSAFE_ISUPPORTS
135 NS_DECL_NSICERTOVERRIDESERVICE
136 NS_DECL_NSIOBSERVER
137
138 nsCertOverrideService();
139 ~nsCertOverrideService();
140
141 nsresult Init();
142 void RemoveAllTemporaryOverrides();
143
144 typedef void
145 (*CertOverrideEnumerator)(const nsCertOverride &aSettings,
146 void *aUserData);
147
148 // aCert == null: return all overrides
149 // aCert != null: return overrides that match the given cert
150 nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
151 CertOverrideEnumerator enumerator,
152 void *aUserData);
153
154 // Concates host name and the port number. If the port number is -1 then
155 // port 443 is automatically used. This method ensures there is always a port
156 // number separated with colon.
157 static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);
158
159 protected:
160 mozilla::ReentrantMonitor monitor;
161 nsCOMPtr<nsIFile> mSettingsFile;
162 nsTHashtable<nsCertOverrideEntry> mSettingsTable;
163
164 SECOidTag mOidTagForStoringNewHashes;
165 nsCString mDottedOidForStoringNewHashes;
166
167 void RemoveAllFromMemory();
168 nsresult Read();
169 nsresult Write();
170 nsresult AddEntryToList(const nsACString &host, int32_t port,
171 nsIX509Cert *aCert,
172 const bool aIsTemporary,
173 const nsACString &algo_oid,
174 const nsACString &fingerprint,
175 nsCertOverride::OverrideBits ob,
176 const nsACString &dbKey);
177 };
178
179 #define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
180 0x67ba681d, \
181 0x5485, \
182 0x4fff, \
183 {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6} \
184 }
185
186 #endif

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial