/src/mozilla-central/security/manager/ssl/nsSiteSecurityService.h

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef __nsSiteSecurityService_h__
#define __nsSiteSecurityService_h__

#include "mozilla/BasePrincipal.h"
#include "mozilla/Dafsa.h"
#include "mozilla/DataStorage.h"
#include "mozilla/RefPtr.h"
#include "nsCOMPtr.h"
#include "nsIObserver.h"
#include "nsISiteSecurityService.h"
#include "nsString.h"
#include "nsTArray.h"
#include "pkix/pkixtypes.h"
#include "prtime.h"

class nsIURI;
class nsITransportSecurityInfo;

using mozilla::OriginAttributes;

// {16955eee-6c48-4152-9309-c42a465138a1}
#define NS_SITE_SECURITY_SERVICE_CID \
  {0x16955eee, 0x6c48, 0x4152, \
    {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }

/**
 * SecurityPropertyState: A utility enum for representing the different states
 * a security property can be in.
 * SecurityPropertySet and SecurityPropertyUnset correspond to indicating
 * a site has or does not have the security property in question, respectively.
 * SecurityPropertyKnockout indicates a value on a preloaded list is being
 * overridden, and the associated site does not have the security property
 * in question.
 */
enum SecurityPropertyState {
  SecurityPropertyUnset = nsISiteSecurityState::SECURITY_PROPERTY_UNSET,
  SecurityPropertySet = nsISiteSecurityState::SECURITY_PROPERTY_SET,
  SecurityPropertyKnockout = nsISiteSecurityState::SECURITY_PROPERTY_KNOCKOUT,
  SecurityPropertyNegative = nsISiteSecurityState::SECURITY_PROPERTY_NEGATIVE,
};

enum SecurityPropertySource {
  SourceUnknown = nsISiteSecurityService::SOURCE_UNKNOWN,
  SourcePreload = nsISiteSecurityService::SOURCE_PRELOAD_LIST,
  SourceOrganic = nsISiteSecurityService::SOURCE_ORGANIC_REQUEST,
};

/**
 * SiteHPKPState: A utility class that encodes/decodes a string describing
 * the public key pins of a site.
 * HPKP state consists of:
 *  - Hostname (nsCString)
 *  - Origin attributes (OriginAttributes)
 *  - Expiry time (PRTime (aka int64_t) in milliseconds)
 *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
 *  - An include subdomains flag (bool, default false)
 *  - An array of sha-256 hashed base 64 encoded fingerprints of required keys
 */
class SiteHPKPState : public nsISiteHPKPState
{
public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSISITEHPKPSTATE
  NS_DECL_NSISITESECURITYSTATE

  SiteHPKPState();
  SiteHPKPState(const nsCString& aHost,
                const OriginAttributes& aOriginAttributes,
                const nsCString& aStateString);
  SiteHPKPState(const nsCString& aHost,
                const OriginAttributes& aOriginAttributes,
                PRTime aExpireTime, SecurityPropertyState aState,
                bool aIncludeSubdomains, nsTArray<nsCString>& SHA256keys);

  nsCString mHostname;
  OriginAttributes mOriginAttributes;
  PRTime mExpireTime;
  SecurityPropertyState mState;
  bool mIncludeSubdomains;
  nsTArray<nsCString> mSHA256keys;

  bool IsExpired(mozilla::pkix::Time aTime)
  {
    if (aTime > mozilla::pkix::TimeFromEpochInSeconds(mExpireTime /
                                                      PR_MSEC_PER_SEC)) {
      return true;
    }
    return false;
  }

  void ToString(nsCString& aString);

protected:
  virtual ~SiteHPKPState() {};
};

/**
 * SiteHSTSState: A utility class that encodes/decodes a string describing
 * the security state of a site. Currently only handles HSTS.
 * HSTS state consists of:
 *  - Hostname (nsCString)
 *  - Origin attributes (OriginAttributes)
 *  - Expiry time (PRTime (aka int64_t) in milliseconds)
 *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
 *  - An include subdomains flag (bool, default false)
 */
class SiteHSTSState : public nsISiteHSTSState
{
public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSISITEHSTSSTATE
  NS_DECL_NSISITESECURITYSTATE

  SiteHSTSState(const nsCString& aHost,
                const OriginAttributes& aOriginAttributes,
                const nsCString& aStateString);
  SiteHSTSState(const nsCString& aHost,
                const OriginAttributes& aOriginAttributes,
                PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
                bool aHSTSIncludeSubdomains,
                SecurityPropertySource aSource);

  nsCString mHostname;
  OriginAttributes mOriginAttributes;
  PRTime mHSTSExpireTime;
  SecurityPropertyState mHSTSState;
  bool mHSTSIncludeSubdomains;
  SecurityPropertySource mHSTSSource;

  bool IsExpired(uint32_t aType)
  {
    // If mHSTSExpireTime is 0, this entry never expires (this is the case for
    // knockout entries).
    if (mHSTSExpireTime == 0) {
      return false;
    }

    PRTime now = PR_Now() / PR_USEC_PER_MSEC;
    if (now > mHSTSExpireTime) {
      return true;
    }

    return false;
  }

  void ToString(nsCString &aString);

protected:
  virtual ~SiteHSTSState() {}
};

struct nsSTSPreload;

class nsSiteSecurityService : public nsISiteSecurityService
                            , public nsIObserver
{
public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIOBSERVER
  NS_DECL_NSISITESECURITYSERVICE

  nsSiteSecurityService();
  nsresult Init();

protected:
  virtual ~nsSiteSecurityService();

private:
  nsresult GetHost(nsIURI *aURI, nsACString &aResult);
  nsresult SetHSTSState(uint32_t aType, const char* aHost, int64_t maxage,
                        bool includeSubdomains, uint32_t flags,
                        SecurityPropertyState aHSTSState,
                        SecurityPropertySource aSource,
                        const OriginAttributes& aOriginAttributes);
  nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
                                 const nsCString& aHeader,
                                 nsITransportSecurityInfo* aSecInfo,
                                 uint32_t aFlags,
                                 SecurityPropertySource aSource,
                                 const OriginAttributes& aOriginAttributes,
                                 uint64_t* aMaxAge, bool* aIncludeSubdomains,
                                 uint32_t* aFailureResult);
  nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
                            uint32_t flags,
                            SecurityPropertySource aSource,
                            const OriginAttributes& aOriginAttributes,
                            uint64_t* aMaxAge, bool* aIncludeSubdomains,
                            uint32_t* aFailureResult);
  nsresult ProcessPKPHeader(nsIURI* aSourceURI, const nsCString& aHeader,
                            nsITransportSecurityInfo* aSecInfo, uint32_t flags,
                            const OriginAttributes& aOriginAttributes,
                            uint64_t* aMaxAge, bool* aIncludeSubdomains,
                            uint32_t* aFailureResult);
  nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags,
                        bool aIsPreload,
                        const OriginAttributes& aOriginAttributes);
  nsresult RemoveStateInternal(uint32_t aType, nsIURI* aURI, uint32_t aFlags,
                               const OriginAttributes& aOriginAttributes);
  nsresult RemoveStateInternal(uint32_t aType, const nsAutoCString& aHost,
                               uint32_t aFlags, bool aIsPreload,
                               const OriginAttributes& aOriginAttributes);
  bool HostHasHSTSEntry(const nsAutoCString& aHost,
                        bool aRequireIncludeSubdomains, uint32_t aFlags,
                        const OriginAttributes& aOriginAttributes,
                        bool* aResult, bool* aCached,
                        SecurityPropertySource* aSource);
  bool GetPreloadStatus(const nsACString& aHost,
                        /*optional out*/ bool* aIncludeSubdomains = nullptr) const;
  nsresult IsSecureHost(uint32_t aType, const nsACString& aHost,
                        uint32_t aFlags,
                        const OriginAttributes& aOriginAttributes,
                        bool* aCached, SecurityPropertySource* aSource,
                        bool* aResult);

  uint64_t mMaxMaxAge;
  bool mUsePreloadList;
  int64_t mPreloadListTimeOffset;
  bool mProcessPKPHeadersFromNonBuiltInRoots;
  RefPtr<mozilla::DataStorage> mSiteStateStorage;
  RefPtr<mozilla::DataStorage> mPreloadStateStorage;
  const mozilla::Dafsa mDafsa;
};

#endif // __nsSiteSecurityService_h__

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#ifndef __nsSiteSecurityService_h__
6		#define __nsSiteSecurityService_h__
7
8		#include "mozilla/BasePrincipal.h"
9		#include "mozilla/Dafsa.h"
10		#include "mozilla/DataStorage.h"
11		#include "mozilla/RefPtr.h"
12		#include "nsCOMPtr.h"
13		#include "nsIObserver.h"
14		#include "nsISiteSecurityService.h"
15		#include "nsString.h"
16		#include "nsTArray.h"
17		#include "pkix/pkixtypes.h"
18		#include "prtime.h"
19
20		class nsIURI;
21		class nsITransportSecurityInfo;
22
23		using mozilla::OriginAttributes;
24
25		// {16955eee-6c48-4152-9309-c42a465138a1}
26		#define NS_SITE_SECURITY_SERVICE_CID \
27		{0x16955eee, 0x6c48, 0x4152, \
28		{0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
29
30		/**
31		* SecurityPropertyState: A utility enum for representing the different states
32		* a security property can be in.
33		* SecurityPropertySet and SecurityPropertyUnset correspond to indicating
34		* a site has or does not have the security property in question, respectively.
35		* SecurityPropertyKnockout indicates a value on a preloaded list is being
36		* overridden, and the associated site does not have the security property
37		* in question.
38		*/
39		enum SecurityPropertyState {
40		SecurityPropertyUnset = nsISiteSecurityState::SECURITY_PROPERTY_UNSET,
41		SecurityPropertySet = nsISiteSecurityState::SECURITY_PROPERTY_SET,
42		SecurityPropertyKnockout = nsISiteSecurityState::SECURITY_PROPERTY_KNOCKOUT,
43		SecurityPropertyNegative = nsISiteSecurityState::SECURITY_PROPERTY_NEGATIVE,
44		};
45
46		enum SecurityPropertySource {
47		SourceUnknown = nsISiteSecurityService::SOURCE_UNKNOWN,
48		SourcePreload = nsISiteSecurityService::SOURCE_PRELOAD_LIST,
49		SourceOrganic = nsISiteSecurityService::SOURCE_ORGANIC_REQUEST,
50		};
51
52		/**
53		* SiteHPKPState: A utility class that encodes/decodes a string describing
54		* the public key pins of a site.
55		* HPKP state consists of:
56		* - Hostname (nsCString)
57		* - Origin attributes (OriginAttributes)
58		* - Expiry time (PRTime (aka int64_t) in milliseconds)
59		* - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
60		* - An include subdomains flag (bool, default false)
61		* - An array of sha-256 hashed base 64 encoded fingerprints of required keys
62		*/
63		class SiteHPKPState : public nsISiteHPKPState
64		{
65		public:
66		NS_DECL_ISUPPORTS
67		NS_DECL_NSISITEHPKPSTATE
68		NS_DECL_NSISITESECURITYSTATE
69
70		SiteHPKPState();
71		SiteHPKPState(const nsCString& aHost,
72		const OriginAttributes& aOriginAttributes,
73		const nsCString& aStateString);
74		SiteHPKPState(const nsCString& aHost,
75		const OriginAttributes& aOriginAttributes,
76		PRTime aExpireTime, SecurityPropertyState aState,
77		bool aIncludeSubdomains, nsTArray<nsCString>& SHA256keys);
78
79		nsCString mHostname;
80		OriginAttributes mOriginAttributes;
81		PRTime mExpireTime;
82		SecurityPropertyState mState;
83		bool mIncludeSubdomains;
84		nsTArray<nsCString> mSHA256keys;
85
86		bool IsExpired(mozilla::pkix::Time aTime)
87	0	{
88	0	if (aTime > mozilla::pkix::TimeFromEpochInSeconds(mExpireTime /
89	0	PR_MSEC_PER_SEC)) {
90	0	return true;
91	0	}
92	0	return false;
93	0	}
94
95		void ToString(nsCString& aString);
96
97		protected:
98	0	virtual ~SiteHPKPState() {};
99		};
100
101		/**
102		* SiteHSTSState: A utility class that encodes/decodes a string describing
103		* the security state of a site. Currently only handles HSTS.
104		* HSTS state consists of:
105		* - Hostname (nsCString)
106		* - Origin attributes (OriginAttributes)
107		* - Expiry time (PRTime (aka int64_t) in milliseconds)
108		* - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
109		* - An include subdomains flag (bool, default false)
110		*/
111		class SiteHSTSState : public nsISiteHSTSState
112		{
113		public:
114		NS_DECL_ISUPPORTS
115		NS_DECL_NSISITEHSTSSTATE
116		NS_DECL_NSISITESECURITYSTATE
117
118		SiteHSTSState(const nsCString& aHost,
119		const OriginAttributes& aOriginAttributes,
120		const nsCString& aStateString);
121		SiteHSTSState(const nsCString& aHost,
122		const OriginAttributes& aOriginAttributes,
123		PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
124		bool aHSTSIncludeSubdomains,
125		SecurityPropertySource aSource);
126
127		nsCString mHostname;
128		OriginAttributes mOriginAttributes;
129		PRTime mHSTSExpireTime;
130		SecurityPropertyState mHSTSState;
131		bool mHSTSIncludeSubdomains;
132		SecurityPropertySource mHSTSSource;
133
134		bool IsExpired(uint32_t aType)
135	0	{
136	0	// If mHSTSExpireTime is 0, this entry never expires (this is the case for
137	0	// knockout entries).
138	0	if (mHSTSExpireTime == 0) {
139	0	return false;
140	0	}
141	0
142	0	PRTime now = PR_Now() / PR_USEC_PER_MSEC;
143	0	if (now > mHSTSExpireTime) {
144	0	return true;
145	0	}
146	0
147	0	return false;
148	0	}
149
150		void ToString(nsCString &aString);
151
152		protected:
153	0	virtual ~SiteHSTSState() {}
154		};
155
156		struct nsSTSPreload;
157
158		class nsSiteSecurityService : public nsISiteSecurityService
159		, public nsIObserver
160		{
161		public:
162		NS_DECL_THREADSAFE_ISUPPORTS
163		NS_DECL_NSIOBSERVER
164		NS_DECL_NSISITESECURITYSERVICE
165
166		nsSiteSecurityService();
167		nsresult Init();
168
169		protected:
170		virtual ~nsSiteSecurityService();
171
172		private:
173		nsresult GetHost(nsIURI *aURI, nsACString &aResult);
174		nsresult SetHSTSState(uint32_t aType, const char* aHost, int64_t maxage,
175		bool includeSubdomains, uint32_t flags,
176		SecurityPropertyState aHSTSState,
177		SecurityPropertySource aSource,
178		const OriginAttributes& aOriginAttributes);
179		nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
180		const nsCString& aHeader,
181		nsITransportSecurityInfo* aSecInfo,
182		uint32_t aFlags,
183		SecurityPropertySource aSource,
184		const OriginAttributes& aOriginAttributes,
185		uint64_t* aMaxAge, bool* aIncludeSubdomains,
186		uint32_t* aFailureResult);
187		nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
188		uint32_t flags,
189		SecurityPropertySource aSource,
190		const OriginAttributes& aOriginAttributes,
191		uint64_t* aMaxAge, bool* aIncludeSubdomains,
192		uint32_t* aFailureResult);
193		nsresult ProcessPKPHeader(nsIURI* aSourceURI, const nsCString& aHeader,
194		nsITransportSecurityInfo* aSecInfo, uint32_t flags,
195		const OriginAttributes& aOriginAttributes,
196		uint64_t* aMaxAge, bool* aIncludeSubdomains,
197		uint32_t* aFailureResult);
198		nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags,
199		bool aIsPreload,
200		const OriginAttributes& aOriginAttributes);
201		nsresult RemoveStateInternal(uint32_t aType, nsIURI* aURI, uint32_t aFlags,
202		const OriginAttributes& aOriginAttributes);
203		nsresult RemoveStateInternal(uint32_t aType, const nsAutoCString& aHost,
204		uint32_t aFlags, bool aIsPreload,
205		const OriginAttributes& aOriginAttributes);
206		bool HostHasHSTSEntry(const nsAutoCString& aHost,
207		bool aRequireIncludeSubdomains, uint32_t aFlags,
208		const OriginAttributes& aOriginAttributes,
209		bool* aResult, bool* aCached,
210		SecurityPropertySource* aSource);
211		bool GetPreloadStatus(const nsACString& aHost,
212		/optional out/ bool* aIncludeSubdomains = nullptr) const;
213		nsresult IsSecureHost(uint32_t aType, const nsACString& aHost,
214		uint32_t aFlags,
215		const OriginAttributes& aOriginAttributes,
216		bool* aCached, SecurityPropertySource* aSource,
217		bool* aResult);
218
219		uint64_t mMaxMaxAge;
220		bool mUsePreloadList;
221		int64_t mPreloadListTimeOffset;
222		bool mProcessPKPHeadersFromNonBuiltInRoots;
223		RefPtr<mozilla::DataStorage> mSiteStateStorage;
224		RefPtr<mozilla::DataStorage> mPreloadStateStorage;
225		const mozilla::Dafsa mDafsa;
226		};
227
228		#endif // __nsSiteSecurityService_h__