diff options
Diffstat (limited to 'security/manager/ssl/nsCertOverrideService.h')
-rw-r--r-- | security/manager/ssl/nsCertOverrideService.h | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h new file mode 100644 index 000000000..bb410f8da --- /dev/null +++ b/security/manager/ssl/nsCertOverrideService.h @@ -0,0 +1,187 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __NSCERTOVERRIDESERVICE_H__ +#define __NSCERTOVERRIDESERVICE_H__ + +#include "mozilla/ReentrantMonitor.h" +#include "nsICertOverrideService.h" +#include "nsTHashtable.h" +#include "nsIObserver.h" +#include "nsString.h" +#include "nsIFile.h" +#include "secoidt.h" +#include "nsWeakReference.h" +#include "mozilla/Attributes.h" + +class nsCertOverride +{ +public: + + enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2, + ob_Time_error=4 }; + + nsCertOverride() + :mPort(-1) + ,mOverrideBits(ob_None) + { + } + + nsCertOverride(const nsCertOverride &other) + { + this->operator=(other); + } + + nsCertOverride &operator=(const nsCertOverride &other) + { + mAsciiHost = other.mAsciiHost; + mPort = other.mPort; + mIsTemporary = other.mIsTemporary; + mFingerprintAlgOID = other.mFingerprintAlgOID; + mFingerprint = other.mFingerprint; + mOverrideBits = other.mOverrideBits; + mDBKey = other.mDBKey; + mCert = other.mCert; + return *this; + } + + nsCString mAsciiHost; + int32_t mPort; + bool mIsTemporary; // true: session only, false: stored on disk + nsCString mFingerprint; + nsCString mFingerprintAlgOID; + OverrideBits mOverrideBits; + nsCString mDBKey; + nsCOMPtr <nsIX509Cert> mCert; + + static void convertBitsToString(OverrideBits ob, nsACString &str); + static void convertStringToBits(const nsACString &str, OverrideBits &ob); +}; + + +// hash entry class +class nsCertOverrideEntry final : public PLDHashEntryHdr +{ + public: + // Hash methods + typedef const char* KeyType; + typedef const char* KeyTypePointer; + + // do nothing with aHost - we require mHead to be set before we're live! + explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8) + { + } + + nsCertOverrideEntry(const nsCertOverrideEntry& toCopy) + { + mSettings = toCopy.mSettings; + mHostWithPort = toCopy.mHostWithPort; + } + + ~nsCertOverrideEntry() + { + } + + KeyType GetKey() const + { + return HostWithPortPtr(); + } + + KeyTypePointer GetKeyPointer() const + { + return HostWithPortPtr(); + } + + bool KeyEquals(KeyTypePointer aKey) const + { + return !strcmp(HostWithPortPtr(), aKey); + } + + static KeyTypePointer KeyToPointer(KeyType aKey) + { + return aKey; + } + + static PLDHashNumber HashKey(KeyTypePointer aKey) + { + return PLDHashTable::HashStringKey(aKey); + } + + enum { ALLOW_MEMMOVE = false }; + + // get methods + inline const nsCString &HostWithPort() const { return mHostWithPort; } + + inline KeyTypePointer HostWithPortPtr() const + { + return mHostWithPort.get(); + } + + nsCertOverride mSettings; + nsCString mHostWithPort; +}; + +class nsCertOverrideService final : public nsICertOverrideService + , public nsIObserver + , public nsSupportsWeakReference +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSICERTOVERRIDESERVICE + NS_DECL_NSIOBSERVER + + nsCertOverrideService(); + + nsresult Init(); + void RemoveAllTemporaryOverrides(); + + typedef void + (*CertOverrideEnumerator)(const nsCertOverride &aSettings, + void *aUserData); + + // aCert == null: return all overrides + // aCert != null: return overrides that match the given cert + nsresult EnumerateCertOverrides(nsIX509Cert *aCert, + CertOverrideEnumerator enumerator, + void *aUserData); + + // Concates host name and the port number. If the port number is -1 then + // port 443 is automatically used. This method ensures there is always a port + // number separated with colon. + static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval); + +protected: + ~nsCertOverrideService(); + + mozilla::ReentrantMonitor monitor; + nsCOMPtr<nsIFile> mSettingsFile; + nsTHashtable<nsCertOverrideEntry> mSettingsTable; + + SECOidTag mOidTagForStoringNewHashes; + nsCString mDottedOidForStoringNewHashes; + + void CountPermanentOverrideTelemetry(); + + void RemoveAllFromMemory(); + nsresult Read(); + nsresult Write(); + nsresult AddEntryToList(const nsACString &host, int32_t port, + nsIX509Cert *aCert, + const bool aIsTemporary, + const nsACString &algo_oid, + const nsACString &fingerprint, + nsCertOverride::OverrideBits ob, + const nsACString &dbKey); +}; + +#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \ + 0x67ba681d, \ + 0x5485, \ + 0x4fff, \ + {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6} \ + } + +#endif |