The Tor Browser / file revision

security/manager/ssl/src/nsCertOverrideService.h@141e0f1194b1

security/manager/ssl/src/nsCertOverrideService.h

Wed, 31 Dec 2014 07:16:47 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 07:16:47 +0100
branch
TOR_BUG_9701
changeset 3
141e0f1194b1
permissions
-rw-r--r--

Revert simplistic fix pending revisit of Mozilla integration attempt.

     1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-

     2  *

     3  * This Source Code Form is subject to the terms of the Mozilla Public

     4  * License, v. 2.0. If a copy of the MPL was not distributed with this

     5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     6 

     7 #ifndef __NSCERTOVERRIDESERVICE_H__

     8 #define __NSCERTOVERRIDESERVICE_H__

     9 

    10 #include "mozilla/ReentrantMonitor.h"

    11 #include "nsICertOverrideService.h"

    12 #include "nsTHashtable.h"

    13 #include "nsIObserver.h"

    14 #include "nsString.h"

    15 #include "nsIFile.h"

    16 #include "secoidt.h"

    17 #include "nsWeakReference.h"

    18 #include "mozilla/Attributes.h"

    19 

    20 class nsCertOverride

    21 {

    22 public:

    23 

    24   enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,

    25                       ob_Time_error=4 };

    26 

    27   nsCertOverride()

    28   :mPort(-1)

    29   ,mOverrideBits(ob_None)

    30   {

    31   }

    32 

    33   nsCertOverride(const nsCertOverride &other)

    34   {

    35     this->operator=(other);

    36   }

    37 

    38   nsCertOverride &operator=(const nsCertOverride &other)

    39   {

    40     mAsciiHost = other.mAsciiHost;

    41     mPort = other.mPort;

    42     mIsTemporary = other.mIsTemporary;

    43     mFingerprintAlgOID = other.mFingerprintAlgOID;

    44     mFingerprint = other.mFingerprint;

    45     mOverrideBits = other.mOverrideBits;

    46     mDBKey = other.mDBKey;

    47     mCert = other.mCert;

    48     return *this;

    49   }

    50 

    51   nsCString mAsciiHost;

    52   int32_t mPort;

    53   bool mIsTemporary; // true: session only, false: stored on disk

    54   nsCString mFingerprint;

    55   nsCString mFingerprintAlgOID;

    56   OverrideBits mOverrideBits;

    57   nsCString mDBKey;

    58   nsCOMPtr <nsIX509Cert> mCert;

    59 

    60   static void convertBitsToString(OverrideBits ob, nsACString &str);

    61   static void convertStringToBits(const nsACString &str, OverrideBits &ob);

    62 };

    63 

    64 

    65 // hash entry class

    66 class nsCertOverrideEntry MOZ_FINAL : public PLDHashEntryHdr

    67 {

    68   public:

    69     // Hash methods

    70     typedef const char* KeyType;

    71     typedef const char* KeyTypePointer;

    72 

    73     // do nothing with aHost - we require mHead to be set before we're live!

    74     nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)

    75     {

    76     }

    77 

    78     nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)

    79     {

    80       mSettings = toCopy.mSettings;

    81       mHostWithPort = toCopy.mHostWithPort;

    82     }

    83 

    84     ~nsCertOverrideEntry()

    85     {

    86     }

    87 

    88     KeyType GetKey() const

    89     {

    90       return HostWithPortPtr();

    91     }

    92 

    93     KeyTypePointer GetKeyPointer() const

    94     {

    95       return HostWithPortPtr();

    96     }

    97 

    98     bool KeyEquals(KeyTypePointer aKey) const

    99     {

   100       return !strcmp(HostWithPortPtr(), aKey);

   101     }

   102 

   103     static KeyTypePointer KeyToPointer(KeyType aKey)

   104     {

   105       return aKey;

   106     }

   107 

   108     static PLDHashNumber HashKey(KeyTypePointer aKey)

   109     {

   110       // PL_DHashStringKey doesn't use the table parameter, so we can safely

   111       // pass nullptr

   112       return PL_DHashStringKey(nullptr, aKey);

   113     }

   114 

   115     enum { ALLOW_MEMMOVE = false };

   116 

   117     // get methods

   118     inline const nsCString &HostWithPort() const { return mHostWithPort; }

   119 

   120     inline KeyTypePointer HostWithPortPtr() const

   121     {

   122       return mHostWithPort.get();

   123     }

   124 

   125     nsCertOverride mSettings;

   126     nsCString mHostWithPort;

   127 };

   128 

   129 class nsCertOverrideService MOZ_FINAL : public nsICertOverrideService

   130                                       , public nsIObserver

   131                                       , public nsSupportsWeakReference

   132 {

   133 public:

   134   NS_DECL_THREADSAFE_ISUPPORTS

   135   NS_DECL_NSICERTOVERRIDESERVICE

   136   NS_DECL_NSIOBSERVER

   137 

   138   nsCertOverrideService();

   139   ~nsCertOverrideService();

   140 

   141   nsresult Init();

   142   void RemoveAllTemporaryOverrides();

   143 

   144   typedef void 

   145   (*CertOverrideEnumerator)(const nsCertOverride &aSettings,

   146                             void *aUserData);

   147 

   148   // aCert == null: return all overrides

   149   // aCert != null: return overrides that match the given cert

   150   nsresult EnumerateCertOverrides(nsIX509Cert *aCert,

   151                                   CertOverrideEnumerator enumerator,

   152                                   void *aUserData);

   153 

   154     // Concates host name and the port number. If the port number is -1 then

   155     // port 443 is automatically used. This method ensures there is always a port

   156     // number separated with colon.

   157     static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);

   158 

   159 protected:

   160     mozilla::ReentrantMonitor monitor;

   161     nsCOMPtr<nsIFile> mSettingsFile;

   162     nsTHashtable<nsCertOverrideEntry> mSettingsTable;

   163 

   164     SECOidTag mOidTagForStoringNewHashes;

   165     nsCString mDottedOidForStoringNewHashes;

   166 

   167     void RemoveAllFromMemory();

   168     nsresult Read();

   169     nsresult Write();

   170     nsresult AddEntryToList(const nsACString &host, int32_t port,

   171                             nsIX509Cert *aCert,

   172                             const bool aIsTemporary,

   173                             const nsACString &algo_oid, 

   174                             const nsACString &fingerprint,

   175                             nsCertOverride::OverrideBits ob,

   176                             const nsACString &dbKey);

   177 };

   178 

   179 #define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \

   180     0x67ba681d,                                                        \

   181     0x5485,                                                            \

   182     0x4fff,                                                            \

   183     {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6}                   \

   184   }

   185 

   186 #endif

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial