/src/mozilla-central/security/manager/ssl/nsCertOverrideService.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsCertOverrideService_h
#define nsCertOverrideService_h

#include "mozilla/HashFunctions.h"
#include "mozilla/Move.h"
#include "mozilla/Mutex.h"
#include "mozilla/TypedEnumBits.h"
#include "nsICertOverrideService.h"
#include "nsIFile.h"
#include "nsIObserver.h"
#include "nsString.h"
#include "nsTHashtable.h"
#include "nsWeakReference.h"
#include "secoidt.h"

class nsCertOverride
{
public:
  enum class OverrideBits {
    None = 0,
    Untrusted = nsICertOverrideService::ERROR_UNTRUSTED,
    Mismatch = nsICertOverrideService::ERROR_MISMATCH,
    Time = nsICertOverrideService::ERROR_TIME,
  };

  nsCertOverride()
    : mPort(-1)
    , mIsTemporary(false)
    , mOverrideBits(OverrideBits::None)
  {
  }

  nsCertOverride(const nsCertOverride &other)
  {
    this->operator=(other);
  }

  nsCertOverride &operator=(const nsCertOverride &other)
  {
    mAsciiHost = other.mAsciiHost;
    mPort = other.mPort;
    mIsTemporary = other.mIsTemporary;
    mFingerprint = other.mFingerprint;
    mOverrideBits = other.mOverrideBits;
    mDBKey = other.mDBKey;
    mCert = other.mCert;
    return *this;
  }

  nsCString mAsciiHost;
  int32_t mPort;
  bool mIsTemporary; // true: session only, false: stored on disk
  nsCString mFingerprint;
  OverrideBits mOverrideBits;
  nsCString mDBKey;
  nsCOMPtr <nsIX509Cert> mCert;

  static void convertBitsToString(OverrideBits ob, nsACString &str);
  static void convertStringToBits(const nsACString &str, OverrideBits &ob);
};

MOZ_MAKE_ENUM_CLASS_BITWISE_OPERATORS(nsCertOverride::OverrideBits)

// hash entry class
class nsCertOverrideEntry final : public PLDHashEntryHdr
{
  public:
    // Hash methods
    typedef const char* KeyType;
    typedef const char* KeyTypePointer;

    // do nothing with aHost - we require mHead to be set before we're live!
    explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
    {
    }

    nsCertOverrideEntry(nsCertOverrideEntry&& toMove)
      : PLDHashEntryHdr(std::move(toMove))
      , mSettings(std::move(toMove.mSettings))
      , mHostWithPort(std::move(toMove.mHostWithPort))
    {
    }

    ~nsCertOverrideEntry()
    {
    }

    KeyType GetKey() const
    {
      return HostWithPortPtr();
    }

    KeyTypePointer GetKeyPointer() const
    {
      return HostWithPortPtr();
    }

    bool KeyEquals(KeyTypePointer aKey) const
    {
      return !strcmp(HostWithPortPtr(), aKey);
    }

    static KeyTypePointer KeyToPointer(KeyType aKey)
    {
      return aKey;
    }

    static PLDHashNumber HashKey(KeyTypePointer aKey)
    {
      return mozilla::HashString(aKey);
    }

    enum { ALLOW_MEMMOVE = false };

    // get methods
    inline const nsCString &HostWithPort() const { return mHostWithPort; }

    inline KeyTypePointer HostWithPortPtr() const
    {
      return mHostWithPort.get();
    }

    nsCertOverride mSettings;
    nsCString mHostWithPort;
};

class nsCertOverrideService final : public nsICertOverrideService
                                  , public nsIObserver
                                  , public nsSupportsWeakReference
{
public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSICERTOVERRIDESERVICE
  NS_DECL_NSIOBSERVER

  nsCertOverrideService();

  nsresult Init();
  void RemoveAllTemporaryOverrides();

  typedef void
  (*CertOverrideEnumerator)(const nsCertOverride &aSettings,
                            void *aUserData);

  // aCert == null: return all overrides
  // aCert != null: return overrides that match the given cert
  nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
                                  CertOverrideEnumerator enumerator,
                                  void *aUserData);

    // Concates host name and the port number. If the port number is -1 then
    // port 443 is automatically used. This method ensures there is always a port
    // number separated with colon.
    static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);

protected:
    ~nsCertOverrideService();

    mozilla::Mutex mMutex;
    nsCOMPtr<nsIFile> mSettingsFile;
    nsTHashtable<nsCertOverrideEntry> mSettingsTable;

    void CountPermanentOverrideTelemetry(const mozilla::MutexAutoLock& aProofOfLock);

    void RemoveAllFromMemory();
    nsresult Read(const mozilla::MutexAutoLock& aProofOfLock);
    nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
    nsresult AddEntryToList(const nsACString &host, int32_t port,
                            nsIX509Cert *aCert,
                            const bool aIsTemporary,
                            const nsACString &fingerprint,
                            nsCertOverride::OverrideBits ob,
                            const nsACString &dbKey,
                            const mozilla::MutexAutoLock& aProofOfLock);
};

#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
    0x67ba681d,                                                        \
    0x5485,                                                            \
    0x4fff,                                                            \
    {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6}                   \
  }

#endif // nsCertOverrideService_h

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --
2		*
3		* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#ifndef nsCertOverrideService_h
8		#define nsCertOverrideService_h
9
10		#include "mozilla/HashFunctions.h"
11		#include "mozilla/Move.h"
12		#include "mozilla/Mutex.h"
13		#include "mozilla/TypedEnumBits.h"
14		#include "nsICertOverrideService.h"
15		#include "nsIFile.h"
16		#include "nsIObserver.h"
17		#include "nsString.h"
18		#include "nsTHashtable.h"
19		#include "nsWeakReference.h"
20		#include "secoidt.h"
21
22		class nsCertOverride
23		{
24		public:
25		enum class OverrideBits {
26		None = 0,
27		Untrusted = nsICertOverrideService::ERROR_UNTRUSTED,
28		Mismatch = nsICertOverrideService::ERROR_MISMATCH,
29		Time = nsICertOverrideService::ERROR_TIME,
30		};
31
32		nsCertOverride()
33		: mPort(-1)
34		, mIsTemporary(false)
35		, mOverrideBits(OverrideBits::None)
36	0	{
37	0	}
38
39		nsCertOverride(const nsCertOverride &other)
40	0	{
41	0	this->operator=(other);
42	0	}
43
44		nsCertOverride &operator=(const nsCertOverride &other)
45	0	{
46	0	mAsciiHost = other.mAsciiHost;
47	0	mPort = other.mPort;
48	0	mIsTemporary = other.mIsTemporary;
49	0	mFingerprint = other.mFingerprint;
50	0	mOverrideBits = other.mOverrideBits;
51	0	mDBKey = other.mDBKey;
52	0	mCert = other.mCert;
53	0	return *this;
54	0	}
55
56		nsCString mAsciiHost;
57		int32_t mPort;
58		bool mIsTemporary; // true: session only, false: stored on disk
59		nsCString mFingerprint;
60		OverrideBits mOverrideBits;
61		nsCString mDBKey;
62		nsCOMPtr <nsIX509Cert> mCert;
63
64		static void convertBitsToString(OverrideBits ob, nsACString &str);
65		static void convertStringToBits(const nsACString &str, OverrideBits &ob);
66		};
67
68		MOZ_MAKE_ENUM_CLASS_BITWISE_OPERATORS(nsCertOverride::OverrideBits)
69
70		// hash entry class
71		class nsCertOverrideEntry final : public PLDHashEntryHdr
72		{
73		public:
74		// Hash methods
75		typedef const char* KeyType;
76		typedef const char* KeyTypePointer;
77
78		// do nothing with aHost - we require mHead to be set before we're live!
79		explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
80	0	{
81	0	}
82
83		nsCertOverrideEntry(nsCertOverrideEntry&& toMove)
84		: PLDHashEntryHdr(std::move(toMove))
85		, mSettings(std::move(toMove.mSettings))
86		, mHostWithPort(std::move(toMove.mHostWithPort))
87	0	{
88	0	}
89
90		~nsCertOverrideEntry()
91	0	{
92	0	}
93
94		KeyType GetKey() const
95	0	{
96	0	return HostWithPortPtr();
97	0	}
98
99		KeyTypePointer GetKeyPointer() const
100	0	{
101	0	return HostWithPortPtr();
102	0	}
103
104		bool KeyEquals(KeyTypePointer aKey) const
105	0	{
106	0	return !strcmp(HostWithPortPtr(), aKey);
107	0	}
108
109		static KeyTypePointer KeyToPointer(KeyType aKey)
110	0	{
111	0	return aKey;
112	0	}
113
114		static PLDHashNumber HashKey(KeyTypePointer aKey)
115	0	{
116	0	return mozilla::HashString(aKey);
117	0	}
118
119		enum { ALLOW_MEMMOVE = false };
120
121		// get methods
122	0	inline const nsCString &HostWithPort() const { return mHostWithPort; }
123
124		inline KeyTypePointer HostWithPortPtr() const
125	0	{
126	0	return mHostWithPort.get();
127	0	}
128
129		nsCertOverride mSettings;
130		nsCString mHostWithPort;
131		};
132
133		class nsCertOverrideService final : public nsICertOverrideService
134		, public nsIObserver
135		, public nsSupportsWeakReference
136		{
137		public:
138		NS_DECL_THREADSAFE_ISUPPORTS
139		NS_DECL_NSICERTOVERRIDESERVICE
140		NS_DECL_NSIOBSERVER
141
142		nsCertOverrideService();
143
144		nsresult Init();
145		void RemoveAllTemporaryOverrides();
146
147		typedef void
148		(*CertOverrideEnumerator)(const nsCertOverride &aSettings,
149		void *aUserData);
150
151		// aCert == null: return all overrides
152		// aCert != null: return overrides that match the given cert
153		nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
154		CertOverrideEnumerator enumerator,
155		void *aUserData);
156
157		// Concates host name and the port number. If the port number is -1 then
158		// port 443 is automatically used. This method ensures there is always a port
159		// number separated with colon.
160		static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);
161
162		protected:
163		~nsCertOverrideService();
164
165		mozilla::Mutex mMutex;
166		nsCOMPtr<nsIFile> mSettingsFile;
167		nsTHashtable<nsCertOverrideEntry> mSettingsTable;
168
169		void CountPermanentOverrideTelemetry(const mozilla::MutexAutoLock& aProofOfLock);
170
171		void RemoveAllFromMemory();
172		nsresult Read(const mozilla::MutexAutoLock& aProofOfLock);
173		nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
174		nsresult AddEntryToList(const nsACString &host, int32_t port,
175		nsIX509Cert *aCert,
176		const bool aIsTemporary,
177		const nsACString &fingerprint,
178		nsCertOverride::OverrideBits ob,
179		const nsACString &dbKey,
180		const mozilla::MutexAutoLock& aProofOfLock);
181		};
182
183		#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
184		0x67ba681d, \
185		0x5485, \
186		0x4fff, \
187		{0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6} \
188		}
189
190		#endif // nsCertOverrideService_h

Coverage Report

Created: 2018-09-25 14:53