1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/src/nsCertOverrideService.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,186 @@
1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
1.5 + *
1.6 + * This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +#ifndef __NSCERTOVERRIDESERVICE_H__
1.11 +#define __NSCERTOVERRIDESERVICE_H__
1.12 +
1.13 +#include "mozilla/ReentrantMonitor.h"
1.14 +#include "nsICertOverrideService.h"
1.15 +#include "nsTHashtable.h"
1.16 +#include "nsIObserver.h"
1.17 +#include "nsString.h"
1.18 +#include "nsIFile.h"
1.19 +#include "secoidt.h"
1.20 +#include "nsWeakReference.h"
1.21 +#include "mozilla/Attributes.h"
1.22 +
1.23 +class nsCertOverride
1.24 +{
1.25 +public:
1.26 +
1.27 + enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,
1.28 + ob_Time_error=4 };
1.29 +
1.30 + nsCertOverride()
1.31 + :mPort(-1)
1.32 + ,mOverrideBits(ob_None)
1.33 + {
1.34 + }
1.35 +
1.36 + nsCertOverride(const nsCertOverride &other)
1.37 + {
1.38 + this->operator=(other);
1.39 + }
1.40 +
1.41 + nsCertOverride &operator=(const nsCertOverride &other)
1.42 + {
1.43 + mAsciiHost = other.mAsciiHost;
1.44 + mPort = other.mPort;
1.45 + mIsTemporary = other.mIsTemporary;
1.46 + mFingerprintAlgOID = other.mFingerprintAlgOID;
1.47 + mFingerprint = other.mFingerprint;
1.48 + mOverrideBits = other.mOverrideBits;
1.49 + mDBKey = other.mDBKey;
1.50 + mCert = other.mCert;
1.51 + return *this;
1.52 + }
1.53 +
1.54 + nsCString mAsciiHost;
1.55 + int32_t mPort;
1.56 + bool mIsTemporary; // true: session only, false: stored on disk
1.57 + nsCString mFingerprint;
1.58 + nsCString mFingerprintAlgOID;
1.59 + OverrideBits mOverrideBits;
1.60 + nsCString mDBKey;
1.61 + nsCOMPtr <nsIX509Cert> mCert;
1.62 +
1.63 + static void convertBitsToString(OverrideBits ob, nsACString &str);
1.64 + static void convertStringToBits(const nsACString &str, OverrideBits &ob);
1.65 +};
1.66 +
1.67 +
1.68 +// hash entry class
1.69 +class nsCertOverrideEntry MOZ_FINAL : public PLDHashEntryHdr
1.70 +{
1.71 + public:
1.72 + // Hash methods
1.73 + typedef const char* KeyType;
1.74 + typedef const char* KeyTypePointer;
1.75 +
1.76 + // do nothing with aHost - we require mHead to be set before we're live!
1.77 + nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
1.78 + {
1.79 + }
1.80 +
1.81 + nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)
1.82 + {
1.83 + mSettings = toCopy.mSettings;
1.84 + mHostWithPort = toCopy.mHostWithPort;
1.85 + }
1.86 +
1.87 + ~nsCertOverrideEntry()
1.88 + {
1.89 + }
1.90 +
1.91 + KeyType GetKey() const
1.92 + {
1.93 + return HostWithPortPtr();
1.94 + }
1.95 +
1.96 + KeyTypePointer GetKeyPointer() const
1.97 + {
1.98 + return HostWithPortPtr();
1.99 + }
1.100 +
1.101 + bool KeyEquals(KeyTypePointer aKey) const
1.102 + {
1.103 + return !strcmp(HostWithPortPtr(), aKey);
1.104 + }
1.105 +
1.106 + static KeyTypePointer KeyToPointer(KeyType aKey)
1.107 + {
1.108 + return aKey;
1.109 + }
1.110 +
1.111 + static PLDHashNumber HashKey(KeyTypePointer aKey)
1.112 + {
1.113 + // PL_DHashStringKey doesn't use the table parameter, so we can safely
1.114 + // pass nullptr
1.115 + return PL_DHashStringKey(nullptr, aKey);
1.116 + }
1.117 +
1.118 + enum { ALLOW_MEMMOVE = false };
1.119 +
1.120 + // get methods
1.121 + inline const nsCString &HostWithPort() const { return mHostWithPort; }
1.122 +
1.123 + inline KeyTypePointer HostWithPortPtr() const
1.124 + {
1.125 + return mHostWithPort.get();
1.126 + }
1.127 +
1.128 + nsCertOverride mSettings;
1.129 + nsCString mHostWithPort;
1.130 +};
1.131 +
1.132 +class nsCertOverrideService MOZ_FINAL : public nsICertOverrideService
1.133 + , public nsIObserver
1.134 + , public nsSupportsWeakReference
1.135 +{
1.136 +public:
1.137 + NS_DECL_THREADSAFE_ISUPPORTS
1.138 + NS_DECL_NSICERTOVERRIDESERVICE
1.139 + NS_DECL_NSIOBSERVER
1.140 +
1.141 + nsCertOverrideService();
1.142 + ~nsCertOverrideService();
1.143 +
1.144 + nsresult Init();
1.145 + void RemoveAllTemporaryOverrides();
1.146 +
1.147 + typedef void
1.148 + (*CertOverrideEnumerator)(const nsCertOverride &aSettings,
1.149 + void *aUserData);
1.150 +
1.151 + // aCert == null: return all overrides
1.152 + // aCert != null: return overrides that match the given cert
1.153 + nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
1.154 + CertOverrideEnumerator enumerator,
1.155 + void *aUserData);
1.156 +
1.157 + // Concates host name and the port number. If the port number is -1 then
1.158 + // port 443 is automatically used. This method ensures there is always a port
1.159 + // number separated with colon.
1.160 + static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);
1.161 +
1.162 +protected:
1.163 + mozilla::ReentrantMonitor monitor;
1.164 + nsCOMPtr<nsIFile> mSettingsFile;
1.165 + nsTHashtable<nsCertOverrideEntry> mSettingsTable;
1.166 +
1.167 + SECOidTag mOidTagForStoringNewHashes;
1.168 + nsCString mDottedOidForStoringNewHashes;
1.169 +
1.170 + void RemoveAllFromMemory();
1.171 + nsresult Read();
1.172 + nsresult Write();
1.173 + nsresult AddEntryToList(const nsACString &host, int32_t port,
1.174 + nsIX509Cert *aCert,
1.175 + const bool aIsTemporary,
1.176 + const nsACString &algo_oid,
1.177 + const nsACString &fingerprint,
1.178 + nsCertOverride::OverrideBits ob,
1.179 + const nsACString &dbKey);
1.180 +};
1.181 +
1.182 +#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
1.183 + 0x67ba681d, \
1.184 + 0x5485, \
1.185 + 0x4fff, \
1.186 + {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6} \
1.187 + }
1.188 +
1.189 +#endif
