diff options
Diffstat (limited to 'security/manager/ssl/nsISiteSecurityService.idl')
-rw-r--r-- | security/manager/ssl/nsISiteSecurityService.idl | 204 |
1 files changed, 204 insertions, 0 deletions
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl new file mode 100644 index 000000000..fa20fe307 --- /dev/null +++ b/security/manager/ssl/nsISiteSecurityService.idl @@ -0,0 +1,204 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIURI; +interface nsIObserver; +interface nsIHttpChannel; +interface nsISSLStatus; + +%{C++ +#include "nsTArrayForwardDeclare.h" +class nsCString; +namespace mozilla +{ + namespace pkix + { + class Time; + } +} +%} +[ref] native nsCStringTArrayRef(nsTArray<nsCString>); +[ref] native mozillaPkixTime(mozilla::pkix::Time); + +[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)] +interface nsISiteSecurityService : nsISupports +{ + const uint32_t HEADER_HSTS = 0; + const uint32_t HEADER_HPKP = 1; + const uint32_t HEADER_OMS = 2; + + const uint32_t Success = 0; + const uint32_t ERROR_UNKNOWN = 1; + const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2; + const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3; + const uint32_t ERROR_NO_MAX_AGE = 4; + const uint32_t ERROR_MULTIPLE_MAX_AGES = 5; + const uint32_t ERROR_INVALID_MAX_AGE = 6; + const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7; + const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8; + const uint32_t ERROR_INVALID_PIN = 9; + const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10; + const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11; + const uint32_t ERROR_NO_BACKUP_PIN = 12; + const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13; + const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14; + + /** + * Parses a given HTTP header and records the results internally. + * Currently two header types are supported: HSTS (aka STS) and HPKP + * The format of the HSTS header is defined by the HSTS specification: + * https://tools.ietf.org/html/rfc6797 + * and allows a host to specify that future HTTP requests should be + * upgraded to HTTPS. + * The format of the HPKP header is defined by the HPKP specification: + * https://tools.ietf.org/html/rfc7469 + * and allows a host to specify a subset of trusted anchors to be used + * in future HTTPS connections. + * + * @param aType the type of security header in question. + * @param aSourceURI the URI of the resource with the HTTP header. + * @param aSSLStatus the SSLStatus of the current channel + * @param aHeader the HTTP response header specifying security data. + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + * @param aMaxAge the parsed max-age directive of the header. + * @param aIncludeSubdomains the parsed includeSubdomains directive. + * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE + was returned. + * @return NS_OK if it succeeds + * NS_ERROR_FAILURE if it can't be parsed + * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA + * if there are unrecognized tokens in the header. + */ + void processHeader(in uint32_t aType, + in nsIURI aSourceURI, + in string aHeader, + in nsISSLStatus aSSLStatus, + in uint32_t aFlags, + [optional] out unsigned long long aMaxAge, + [optional] out boolean aIncludeSubdomains, + [optional] out uint32_t aFailureResult); + + /** + * Same as processHeader but without checking for the security properties + * of the connection. Use ONLY for testing. + */ + void unsafeProcessHeader(in uint32_t aType, + in nsIURI aSourceURI, + in string aHeader, + in uint32_t aFlags, + [optional] out unsigned long long aMaxAge, + [optional] out boolean aIncludeSubdomains, + [optional] out uint32_t aFailureResult); + + /** + * Given a header type, removes state relating to that header of a host, + * including the includeSubdomains state that would affect subdomains. + * This essentially removes the state for the domain tree rooted at this + * host. + * @param aType the type of security state in question + * @param aURI the URI of the target host + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + */ + void removeState(in uint32_t aType, + in nsIURI aURI, + in uint32_t aFlags); + + /** + * See isSecureURI + * + * @param aType the type of security state in question. + * @param aHost the hostname (punycode) to query for state. + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + * @param aCached true if we have cached information regarding whether or not + * the host is HSTS, false otherwise. + */ + boolean isSecureHost(in uint32_t aType, + in string aHost, + in uint32_t aFlags, + [optional] out boolean aCached); + + /** + * Checks whether or not the URI's hostname has a given security state set. + * For example, for HSTS: + * The URI is an HSTS URI if either the host has the HSTS state set, or one + * of its super-domains has the HSTS "includeSubdomains" flag set. + * NOTE: this function makes decisions based only on the + * host contained in the URI, and disregards other portions of the URI + * such as path and port. + * + * @param aType the type of security state in question. + * @param aURI the URI to query for STS state. + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + * @param aCached true if we have cached information regarding whether or not + * the host is HSTS, false otherwise. + */ + boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags, + [optional] out boolean aCached); + + /** + * Removes all non-preloaded security state by resetting to factory-original + * settings. + */ + void clearAll(); + + /** + * Removes all preloaded security state. + */ + void clearPreloads(); + + /** + * Returns an array of sha256-hashed key pins for the given domain, if any. + * If these pins also apply to subdomains of the given domain, + * aIncludeSubdomains will be true. Pins returned are only for non-built-in + * pin entries. + * + * @param aHostname the hosname (punycode) to be queried about + * @param the time at which the pins should be valid. This is in + mozilla::pkix::Time which uses internally seconds since 0 AD. + * @param aPinArray the set of sha256-hashed key pins for the given domain + * @param aIncludeSubdomains true if the pins apply to subdomains of the + * given domain + */ + [noscript] boolean getKeyPinsForHostname(in string aHostname, + in mozillaPkixTime evalTime, + out nsCStringTArrayRef aPinArray, + out boolean aIncludeSubdomains); + + /** + * Set public-key pins for a host. The resulting pins will be permanent + * and visible from private and non-private contexts. These pins replace + * any already set by this mechanism or those built-in to Gecko. + * + * @param aHost the hostname (punycode) that pins will apply to + * @param aIncludeSubdomains whether these pins also apply to subdomains + * @param aExpires the time this pin should expire (millis since epoch) + * @param aPinCount number of keys being pinnned + * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64) + * @param aIsPreload are these key pins for a preload entry? (false by + * default) + */ + boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains, + in int64_t aExpires, in unsigned long aPinCount, + [array, size_is(aPinCount)] in string aSha256Pins, + [optional] in boolean aIsPreload); + + /** + * Mark a host as declining to provide a given security state so that features + * such as HSTS priming will not flood a server with requests. + * + * @param aURI the nsIURI that this applies to + * @param aMaxAge lifetime (in seconds) of this negative cache + */ + [noscript] void cacheNegativeHSTSResult(in nsIURI aURI, in unsigned long long aMaxAge); +}; + +%{C++ +#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1" +%} |