summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsISiteSecurityService.idl
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsISiteSecurityService.idl')
-rw-r--r--security/manager/ssl/nsISiteSecurityService.idl204
1 files changed, 204 insertions, 0 deletions
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl
new file mode 100644
index 000000000..fa20fe307
--- /dev/null
+++ b/security/manager/ssl/nsISiteSecurityService.idl
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+interface nsIObserver;
+interface nsIHttpChannel;
+interface nsISSLStatus;
+
+%{C++
+#include "nsTArrayForwardDeclare.h"
+class nsCString;
+namespace mozilla
+{
+ namespace pkix
+ {
+ class Time;
+ }
+}
+%}
+[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
+[ref] native mozillaPkixTime(mozilla::pkix::Time);
+
+[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
+interface nsISiteSecurityService : nsISupports
+{
+ const uint32_t HEADER_HSTS = 0;
+ const uint32_t HEADER_HPKP = 1;
+ const uint32_t HEADER_OMS = 2;
+
+ const uint32_t Success = 0;
+ const uint32_t ERROR_UNKNOWN = 1;
+ const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
+ const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
+ const uint32_t ERROR_NO_MAX_AGE = 4;
+ const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
+ const uint32_t ERROR_INVALID_MAX_AGE = 6;
+ const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
+ const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
+ const uint32_t ERROR_INVALID_PIN = 9;
+ const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10;
+ const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11;
+ const uint32_t ERROR_NO_BACKUP_PIN = 12;
+ const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
+ const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14;
+
+ /**
+ * Parses a given HTTP header and records the results internally.
+ * Currently two header types are supported: HSTS (aka STS) and HPKP
+ * The format of the HSTS header is defined by the HSTS specification:
+ * https://tools.ietf.org/html/rfc6797
+ * and allows a host to specify that future HTTP requests should be
+ * upgraded to HTTPS.
+ * The format of the HPKP header is defined by the HPKP specification:
+ * https://tools.ietf.org/html/rfc7469
+ * and allows a host to specify a subset of trusted anchors to be used
+ * in future HTTPS connections.
+ *
+ * @param aType the type of security header in question.
+ * @param aSourceURI the URI of the resource with the HTTP header.
+ * @param aSSLStatus the SSLStatus of the current channel
+ * @param aHeader the HTTP response header specifying security data.
+ * @param aFlags options for this request as defined in nsISocketProvider:
+ * NO_PERMANENT_STORAGE
+ * @param aMaxAge the parsed max-age directive of the header.
+ * @param aIncludeSubdomains the parsed includeSubdomains directive.
+ * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
+ was returned.
+ * @return NS_OK if it succeeds
+ * NS_ERROR_FAILURE if it can't be parsed
+ * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+ * if there are unrecognized tokens in the header.
+ */
+ void processHeader(in uint32_t aType,
+ in nsIURI aSourceURI,
+ in string aHeader,
+ in nsISSLStatus aSSLStatus,
+ in uint32_t aFlags,
+ [optional] out unsigned long long aMaxAge,
+ [optional] out boolean aIncludeSubdomains,
+ [optional] out uint32_t aFailureResult);
+
+ /**
+ * Same as processHeader but without checking for the security properties
+ * of the connection. Use ONLY for testing.
+ */
+ void unsafeProcessHeader(in uint32_t aType,
+ in nsIURI aSourceURI,
+ in string aHeader,
+ in uint32_t aFlags,
+ [optional] out unsigned long long aMaxAge,
+ [optional] out boolean aIncludeSubdomains,
+ [optional] out uint32_t aFailureResult);
+
+ /**
+ * Given a header type, removes state relating to that header of a host,
+ * including the includeSubdomains state that would affect subdomains.
+ * This essentially removes the state for the domain tree rooted at this
+ * host.
+ * @param aType the type of security state in question
+ * @param aURI the URI of the target host
+ * @param aFlags options for this request as defined in nsISocketProvider:
+ * NO_PERMANENT_STORAGE
+ */
+ void removeState(in uint32_t aType,
+ in nsIURI aURI,
+ in uint32_t aFlags);
+
+ /**
+ * See isSecureURI
+ *
+ * @param aType the type of security state in question.
+ * @param aHost the hostname (punycode) to query for state.
+ * @param aFlags options for this request as defined in nsISocketProvider:
+ * NO_PERMANENT_STORAGE
+ * @param aCached true if we have cached information regarding whether or not
+ * the host is HSTS, false otherwise.
+ */
+ boolean isSecureHost(in uint32_t aType,
+ in string aHost,
+ in uint32_t aFlags,
+ [optional] out boolean aCached);
+
+ /**
+ * Checks whether or not the URI's hostname has a given security state set.
+ * For example, for HSTS:
+ * The URI is an HSTS URI if either the host has the HSTS state set, or one
+ * of its super-domains has the HSTS "includeSubdomains" flag set.
+ * NOTE: this function makes decisions based only on the
+ * host contained in the URI, and disregards other portions of the URI
+ * such as path and port.
+ *
+ * @param aType the type of security state in question.
+ * @param aURI the URI to query for STS state.
+ * @param aFlags options for this request as defined in nsISocketProvider:
+ * NO_PERMANENT_STORAGE
+ * @param aCached true if we have cached information regarding whether or not
+ * the host is HSTS, false otherwise.
+ */
+ boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags,
+ [optional] out boolean aCached);
+
+ /**
+ * Removes all non-preloaded security state by resetting to factory-original
+ * settings.
+ */
+ void clearAll();
+
+ /**
+ * Removes all preloaded security state.
+ */
+ void clearPreloads();
+
+ /**
+ * Returns an array of sha256-hashed key pins for the given domain, if any.
+ * If these pins also apply to subdomains of the given domain,
+ * aIncludeSubdomains will be true. Pins returned are only for non-built-in
+ * pin entries.
+ *
+ * @param aHostname the hosname (punycode) to be queried about
+ * @param the time at which the pins should be valid. This is in
+ mozilla::pkix::Time which uses internally seconds since 0 AD.
+ * @param aPinArray the set of sha256-hashed key pins for the given domain
+ * @param aIncludeSubdomains true if the pins apply to subdomains of the
+ * given domain
+ */
+ [noscript] boolean getKeyPinsForHostname(in string aHostname,
+ in mozillaPkixTime evalTime,
+ out nsCStringTArrayRef aPinArray,
+ out boolean aIncludeSubdomains);
+
+ /**
+ * Set public-key pins for a host. The resulting pins will be permanent
+ * and visible from private and non-private contexts. These pins replace
+ * any already set by this mechanism or those built-in to Gecko.
+ *
+ * @param aHost the hostname (punycode) that pins will apply to
+ * @param aIncludeSubdomains whether these pins also apply to subdomains
+ * @param aExpires the time this pin should expire (millis since epoch)
+ * @param aPinCount number of keys being pinnned
+ * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64)
+ * @param aIsPreload are these key pins for a preload entry? (false by
+ * default)
+ */
+ boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains,
+ in int64_t aExpires, in unsigned long aPinCount,
+ [array, size_is(aPinCount)] in string aSha256Pins,
+ [optional] in boolean aIsPreload);
+
+ /**
+ * Mark a host as declining to provide a given security state so that features
+ * such as HSTS priming will not flood a server with requests.
+ *
+ * @param aURI the nsIURI that this applies to
+ * @param aMaxAge lifetime (in seconds) of this negative cache
+ */
+ [noscript] void cacheNegativeHSTSResult(in nsIURI aURI, in unsigned long long aMaxAge);
+};
+
+%{C++
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
+%}