michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: /** michael@0: * This wraps nsSimpleURI so that all calls to it are done on the main thread. michael@0: */ michael@0: michael@0: #ifndef __nsSiteSecurityService_h__ michael@0: #define __nsSiteSecurityService_h__ michael@0: michael@0: #include "nsISiteSecurityService.h" michael@0: #include "nsIObserver.h" michael@0: #include "nsIObserverService.h" michael@0: #include "nsIPermissionManager.h" michael@0: #include "nsCOMPtr.h" michael@0: #include "nsIURI.h" michael@0: #include "nsString.h" michael@0: #include "nsTHashtable.h" michael@0: #include "prtime.h" michael@0: michael@0: // {16955eee-6c48-4152-9309-c42a465138a1} michael@0: #define NS_SITE_SECURITY_SERVICE_CID \ michael@0: {0x16955eee, 0x6c48, 0x4152, \ michael@0: {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} } michael@0: michael@0: //////////////////////////////////////////////////////////////////////////////// michael@0: // nsSSSHostEntry - similar to the nsHostEntry class in michael@0: // nsPermissionManager.cpp, but specific to private-mode caching of STS michael@0: // permissions. michael@0: // michael@0: // Each nsSSSHostEntry contains: michael@0: // - Expiry time (PRTime, milliseconds) michael@0: // - Expired flag (bool, default false) michael@0: // - STS permission (uint32_t, default STS_UNSET) michael@0: // - Include subdomains flag (bool, default false) michael@0: // michael@0: // Note: the subdomains flag has no meaning if the STS permission is STS_UNSET. michael@0: // michael@0: // The existence of the nsSSSHostEntry implies STS state is set for the given michael@0: // host -- unless the expired flag is set, in which case not only is the STS michael@0: // state not set for the host, but any permission actually present in the michael@0: // permission manager should be ignored. michael@0: // michael@0: // Note: Only one expiry time is stored since the subdomains and STS michael@0: // permissions are both encountered at the same time in the HTTP header; if the michael@0: // includeSubdomains directive isn't present in the header, it means to delete michael@0: // the permission, so the subdomains flag in the nsSSSHostEntry means both that michael@0: // the permission doesn't exist and any permission in the real permission michael@0: // manager should be ignored since newer information about it has been michael@0: // encountered in private browsing mode. michael@0: // michael@0: // Note: If there's a permission set by the user (EXPIRE_NEVER), STS is not set michael@0: // for the host (including the subdomains permission) when the header is michael@0: // encountered. Furthermore, any user-set permissions are stored persistently michael@0: // and can't be shadowed. michael@0: michael@0: class nsSSSHostEntry : public PLDHashEntryHdr michael@0: { michael@0: public: michael@0: explicit nsSSSHostEntry(const char* aHost); michael@0: explicit nsSSSHostEntry(const nsSSSHostEntry& toCopy); michael@0: michael@0: nsCString mHost; michael@0: PRTime mExpireTime; michael@0: uint32_t mStsPermission; michael@0: bool mExpired; michael@0: bool mIncludeSubdomains; michael@0: michael@0: // Hash methods michael@0: typedef const char* KeyType; michael@0: typedef const char* KeyTypePointer; michael@0: michael@0: KeyType GetKey() const michael@0: { michael@0: return mHost.get(); michael@0: } michael@0: michael@0: bool KeyEquals(KeyTypePointer aKey) const michael@0: { michael@0: return !strcmp(mHost.get(), aKey); michael@0: } michael@0: michael@0: static KeyTypePointer KeyToPointer(KeyType aKey) michael@0: { michael@0: return aKey; michael@0: } michael@0: michael@0: static PLDHashNumber HashKey(KeyTypePointer aKey) michael@0: { michael@0: return PL_DHashStringKey(nullptr, aKey); michael@0: } michael@0: michael@0: void SetExpireTime(PRTime aExpireTime) michael@0: { michael@0: mExpireTime = aExpireTime; michael@0: mExpired = false; michael@0: } michael@0: michael@0: bool IsExpired() michael@0: { michael@0: // If mExpireTime is 0, this entry never expires (this is the case for michael@0: // knockout entries). michael@0: // If we've already expired or we never expire, return early. michael@0: if (mExpired || mExpireTime == 0) { michael@0: return mExpired; michael@0: } michael@0: michael@0: PRTime now = PR_Now() / PR_USEC_PER_MSEC; michael@0: if (now > mExpireTime) { michael@0: mExpired = true; michael@0: } michael@0: michael@0: return mExpired; michael@0: } michael@0: michael@0: // force the hashtable to use the copy constructor. michael@0: enum { ALLOW_MEMMOVE = false }; michael@0: }; michael@0: //////////////////////////////////////////////////////////////////////////////// michael@0: michael@0: class nsSTSPreload; michael@0: michael@0: class nsSiteSecurityService : public nsISiteSecurityService michael@0: , public nsIObserver michael@0: { michael@0: public: michael@0: NS_DECL_THREADSAFE_ISUPPORTS michael@0: NS_DECL_NSIOBSERVER michael@0: NS_DECL_NSISITESECURITYSERVICE michael@0: michael@0: nsSiteSecurityService(); michael@0: nsresult Init(); michael@0: virtual ~nsSiteSecurityService(); michael@0: michael@0: private: michael@0: nsresult GetHost(nsIURI *aURI, nsACString &aResult); michael@0: nsresult GetPrincipalForURI(nsIURI *aURI, nsIPrincipal **aPrincipal); michael@0: nsresult SetState(uint32_t aType, nsIURI* aSourceURI, int64_t maxage, michael@0: bool includeSubdomains, uint32_t flags); michael@0: nsresult ProcessHeaderMutating(uint32_t aType, nsIURI* aSourceURI, michael@0: char* aHeader, uint32_t flags, michael@0: uint64_t *aMaxAge, bool *aIncludeSubdomains); michael@0: const nsSTSPreload *GetPreloadListEntry(const char *aHost); michael@0: michael@0: // private-mode-preserving permission manager overlay functions michael@0: nsresult AddPermission(nsIURI *aURI, michael@0: const char *aType, michael@0: uint32_t aPermission, michael@0: uint32_t aExpireType, michael@0: int64_t aExpireTime, michael@0: bool aIsPrivate); michael@0: nsresult RemovePermission(const nsCString &aHost, michael@0: const char *aType, michael@0: bool aIsPrivate); michael@0: michael@0: // cached services michael@0: nsCOMPtr mPermMgr; michael@0: nsCOMPtr mObserverService; michael@0: michael@0: nsTHashtable mPrivateModeHostTable; michael@0: bool mUsePreloadList; michael@0: }; michael@0: michael@0: #endif // __nsSiteSecurityService_h__