2012-05-31 13:33:35 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2010-06-04 01:03:17 +04:00
|
|
|
|
2013-08-03 02:48:37 +04:00
|
|
|
#ifndef __nsSiteSecurityService_h__
|
|
|
|
#define __nsSiteSecurityService_h__
|
2010-06-04 01:03:17 +04:00
|
|
|
|
2017-02-14 05:29:10 +03:00
|
|
|
#include "mozilla/BasePrincipal.h"
|
2014-09-04 21:42:31 +04:00
|
|
|
#include "mozilla/DataStorage.h"
|
2017-01-12 09:58:04 +03:00
|
|
|
#include "mozilla/RefPtr.h"
|
2010-06-04 01:03:17 +04:00
|
|
|
#include "nsCOMPtr.h"
|
2014-09-04 21:42:31 +04:00
|
|
|
#include "nsIObserver.h"
|
|
|
|
#include "nsISiteSecurityService.h"
|
2010-06-04 01:03:17 +04:00
|
|
|
#include "nsString.h"
|
2014-09-13 01:59:37 +04:00
|
|
|
#include "nsTArray.h"
|
|
|
|
#include "pkix/pkixtypes.h"
|
2013-07-03 19:56:26 +04:00
|
|
|
#include "prtime.h"
|
2010-06-04 01:03:17 +04:00
|
|
|
|
2014-09-04 21:42:31 +04:00
|
|
|
class nsIURI;
|
2014-09-03 21:24:12 +04:00
|
|
|
class nsISSLStatus;
|
2014-09-04 21:42:31 +04:00
|
|
|
|
2017-02-14 05:29:10 +03:00
|
|
|
using mozilla::OriginAttributes;
|
|
|
|
|
2010-06-04 01:03:17 +04:00
|
|
|
// {16955eee-6c48-4152-9309-c42a465138a1}
|
2013-08-03 02:48:37 +04:00
|
|
|
#define NS_SITE_SECURITY_SERVICE_CID \
|
2010-06-04 01:03:17 +04:00
|
|
|
{0x16955eee, 0x6c48, 0x4152, \
|
|
|
|
{0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
|
|
|
|
|
2014-09-04 21:42:31 +04:00
|
|
|
/**
|
|
|
|
* SecurityPropertyState: A utility enum for representing the different states
|
|
|
|
* a security property can be in.
|
|
|
|
* SecurityPropertySet and SecurityPropertyUnset correspond to indicating
|
|
|
|
* a site has or does not have the security property in question, respectively.
|
|
|
|
* SecurityPropertyKnockout indicates a value on a preloaded list is being
|
|
|
|
* overridden, and the associated site does not have the security property
|
|
|
|
* in question.
|
|
|
|
*/
|
|
|
|
enum SecurityPropertyState {
|
2017-01-12 09:58:04 +03:00
|
|
|
SecurityPropertyUnset = nsISiteSecurityState::SECURITY_PROPERTY_UNSET,
|
|
|
|
SecurityPropertySet = nsISiteSecurityState::SECURITY_PROPERTY_SET,
|
|
|
|
SecurityPropertyKnockout = nsISiteSecurityState::SECURITY_PROPERTY_KNOCKOUT,
|
|
|
|
SecurityPropertyNegative = nsISiteSecurityState::SECURITY_PROPERTY_NEGATIVE,
|
2014-09-04 21:42:31 +04:00
|
|
|
};
|
2010-10-06 21:07:39 +04:00
|
|
|
|
2014-09-04 21:42:31 +04:00
|
|
|
/**
|
2014-09-13 01:59:37 +04:00
|
|
|
* SiteHPKPState: A utility class that encodes/decodes a string describing
|
|
|
|
* the public key pins of a site.
|
|
|
|
* HPKP state consists of:
|
2017-01-12 09:58:04 +03:00
|
|
|
* - Hostname (nsCString)
|
2017-02-14 05:29:10 +03:00
|
|
|
* - Origin attributes (OriginAttributes)
|
2014-09-13 01:59:37 +04:00
|
|
|
* - Expiry time (PRTime (aka int64_t) in milliseconds)
|
|
|
|
* - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
|
|
|
|
* - An include subdomains flag (bool, default false)
|
|
|
|
* - An array of sha-256 hashed base 64 encoded fingerprints of required keys
|
|
|
|
*/
|
2017-01-12 09:58:04 +03:00
|
|
|
class SiteHPKPState : public nsISiteHPKPState
|
2014-09-13 01:59:37 +04:00
|
|
|
{
|
|
|
|
public:
|
2017-01-12 09:58:04 +03:00
|
|
|
NS_DECL_ISUPPORTS
|
|
|
|
NS_DECL_NSISITEHPKPSTATE
|
|
|
|
NS_DECL_NSISITESECURITYSTATE
|
|
|
|
|
2014-09-13 01:59:37 +04:00
|
|
|
SiteHPKPState();
|
2017-02-14 05:29:10 +03:00
|
|
|
SiteHPKPState(const nsCString& aHost,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
const nsCString& aStateString);
|
|
|
|
SiteHPKPState(const nsCString& aHost,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
PRTime aExpireTime, SecurityPropertyState aState,
|
|
|
|
bool aIncludeSubdomains, nsTArray<nsCString>& SHA256keys);
|
2014-09-13 01:59:37 +04:00
|
|
|
|
2017-01-12 09:58:04 +03:00
|
|
|
nsCString mHostname;
|
2017-02-14 05:29:10 +03:00
|
|
|
OriginAttributes mOriginAttributes;
|
2014-09-13 01:59:37 +04:00
|
|
|
PRTime mExpireTime;
|
|
|
|
SecurityPropertyState mState;
|
|
|
|
bool mIncludeSubdomains;
|
|
|
|
nsTArray<nsCString> mSHA256keys;
|
|
|
|
|
|
|
|
bool IsExpired(mozilla::pkix::Time aTime)
|
|
|
|
{
|
|
|
|
if (aTime > mozilla::pkix::TimeFromEpochInSeconds(mExpireTime /
|
|
|
|
PR_MSEC_PER_SEC)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
void ToString(nsCString& aString);
|
2017-01-12 09:58:04 +03:00
|
|
|
|
|
|
|
protected:
|
|
|
|
virtual ~SiteHPKPState() {};
|
2014-09-13 01:59:37 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* SiteHSTSState: A utility class that encodes/decodes a string describing
|
2014-09-04 21:42:31 +04:00
|
|
|
* the security state of a site. Currently only handles HSTS.
|
|
|
|
* HSTS state consists of:
|
2017-01-12 09:58:04 +03:00
|
|
|
* - Hostname (nsCString)
|
2017-02-14 05:29:10 +03:00
|
|
|
* - Origin attributes (OriginAttributes)
|
2014-09-04 21:42:31 +04:00
|
|
|
* - Expiry time (PRTime (aka int64_t) in milliseconds)
|
|
|
|
* - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
|
|
|
|
* - An include subdomains flag (bool, default false)
|
|
|
|
*/
|
2017-01-12 09:58:04 +03:00
|
|
|
class SiteHSTSState : public nsISiteHSTSState
|
2014-09-04 21:42:31 +04:00
|
|
|
{
|
|
|
|
public:
|
2017-01-12 09:58:04 +03:00
|
|
|
NS_DECL_ISUPPORTS
|
|
|
|
NS_DECL_NSISITEHSTSSTATE
|
|
|
|
NS_DECL_NSISITESECURITYSTATE
|
2014-09-04 21:42:31 +04:00
|
|
|
|
2017-02-14 05:29:10 +03:00
|
|
|
SiteHSTSState(const nsCString& aHost,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
const nsCString& aStateString);
|
|
|
|
SiteHSTSState(const nsCString& aHost,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
|
|
|
|
bool aHSTSIncludeSubdomains);
|
2017-01-12 09:58:04 +03:00
|
|
|
|
|
|
|
nsCString mHostname;
|
2017-02-14 05:29:10 +03:00
|
|
|
OriginAttributes mOriginAttributes;
|
2014-09-04 21:42:31 +04:00
|
|
|
PRTime mHSTSExpireTime;
|
|
|
|
SecurityPropertyState mHSTSState;
|
|
|
|
bool mHSTSIncludeSubdomains;
|
|
|
|
|
|
|
|
bool IsExpired(uint32_t aType)
|
|
|
|
{
|
|
|
|
// If mHSTSExpireTime is 0, this entry never expires (this is the case for
|
|
|
|
// knockout entries).
|
|
|
|
if (mHSTSExpireTime == 0) {
|
|
|
|
return false;
|
2010-10-06 21:07:39 +04:00
|
|
|
}
|
|
|
|
|
2014-09-04 21:42:31 +04:00
|
|
|
PRTime now = PR_Now() / PR_USEC_PER_MSEC;
|
|
|
|
if (now > mHSTSExpireTime) {
|
|
|
|
return true;
|
2012-08-25 01:17:27 +04:00
|
|
|
}
|
|
|
|
|
2014-09-04 21:42:31 +04:00
|
|
|
return false;
|
|
|
|
}
|
2012-08-25 01:17:27 +04:00
|
|
|
|
2014-09-04 21:42:31 +04:00
|
|
|
void ToString(nsCString &aString);
|
2017-01-12 09:58:04 +03:00
|
|
|
|
|
|
|
protected:
|
|
|
|
virtual ~SiteHSTSState() {}
|
2010-10-06 21:07:39 +04:00
|
|
|
};
|
|
|
|
|
2016-03-24 22:09:28 +03:00
|
|
|
struct nsSTSPreload;
|
2012-08-25 01:17:27 +04:00
|
|
|
|
2013-08-03 02:48:37 +04:00
|
|
|
class nsSiteSecurityService : public nsISiteSecurityService
|
|
|
|
, public nsIObserver
|
2010-06-04 01:03:17 +04:00
|
|
|
{
|
|
|
|
public:
|
2013-07-19 06:24:14 +04:00
|
|
|
NS_DECL_THREADSAFE_ISUPPORTS
|
2010-10-06 21:07:39 +04:00
|
|
|
NS_DECL_NSIOBSERVER
|
2013-08-03 02:48:37 +04:00
|
|
|
NS_DECL_NSISITESECURITYSERVICE
|
2010-06-04 01:03:17 +04:00
|
|
|
|
2013-08-03 02:48:37 +04:00
|
|
|
nsSiteSecurityService();
|
2010-06-04 01:03:17 +04:00
|
|
|
nsresult Init();
|
2014-06-24 02:40:03 +04:00
|
|
|
|
|
|
|
protected:
|
2013-08-03 02:48:37 +04:00
|
|
|
virtual ~nsSiteSecurityService();
|
2010-06-04 01:03:17 +04:00
|
|
|
|
|
|
|
private:
|
|
|
|
nsresult GetHost(nsIURI *aURI, nsACString &aResult);
|
2016-12-20 10:16:41 +03:00
|
|
|
nsresult SetHSTSState(uint32_t aType, const char* aHost, int64_t maxage,
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
bool includeSubdomains, uint32_t flags,
|
2017-02-14 05:29:10 +03:00
|
|
|
SecurityPropertyState aHSTSState, bool aIsPreload,
|
|
|
|
const OriginAttributes& aOriginAttributes);
|
2014-09-03 21:24:12 +04:00
|
|
|
nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
|
2017-01-14 08:10:06 +03:00
|
|
|
const nsCString& aHeader,
|
|
|
|
nsISSLStatus* aSSLStatus,
|
2017-02-14 05:29:10 +03:00
|
|
|
uint32_t aFlags,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
uint64_t* aMaxAge, bool* aIncludeSubdomains,
|
2015-08-05 08:51:00 +03:00
|
|
|
uint32_t* aFailureResult);
|
2017-01-14 08:10:06 +03:00
|
|
|
nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
|
2017-02-14 05:29:10 +03:00
|
|
|
uint32_t flags,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
uint64_t* aMaxAge, bool* aIncludeSubdomains,
|
|
|
|
uint32_t* aFailureResult);
|
2017-01-14 08:10:06 +03:00
|
|
|
nsresult ProcessPKPHeader(nsIURI* aSourceURI, const nsCString& aHeader,
|
2014-09-03 21:24:12 +04:00
|
|
|
nsISSLStatus* aSSLStatus, uint32_t flags,
|
2017-02-14 05:29:10 +03:00
|
|
|
const OriginAttributes& aOriginAttributes,
|
2015-08-05 08:51:00 +03:00
|
|
|
uint64_t* aMaxAge, bool* aIncludeSubdomains,
|
|
|
|
uint32_t* aFailureResult);
|
2016-10-06 13:00:43 +03:00
|
|
|
nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags,
|
2017-02-14 05:29:10 +03:00
|
|
|
bool aIsPreload,
|
|
|
|
const OriginAttributes& aOriginAttributes);
|
|
|
|
nsresult RemoveStateInternal(uint32_t aType, nsIURI* aURI, uint32_t aFlags,
|
|
|
|
const OriginAttributes& aOriginAttributes);
|
2016-12-20 10:16:41 +03:00
|
|
|
nsresult RemoveStateInternal(uint32_t aType, const nsAutoCString& aHost,
|
2017-02-14 05:29:10 +03:00
|
|
|
uint32_t aFlags, bool aIsPreload,
|
|
|
|
const OriginAttributes& aOriginAttributes);
|
2016-12-20 10:16:41 +03:00
|
|
|
bool HostHasHSTSEntry(const nsAutoCString& aHost,
|
|
|
|
bool aRequireIncludeSubdomains, uint32_t aFlags,
|
2017-02-14 05:29:10 +03:00
|
|
|
const OriginAttributes& aOriginAttributes,
|
2016-12-20 10:16:41 +03:00
|
|
|
bool* aResult, bool* aCached);
|
2012-08-25 01:17:27 +04:00
|
|
|
const nsSTSPreload *GetPreloadListEntry(const char *aHost);
|
2017-02-08 06:17:29 +03:00
|
|
|
nsresult IsSecureHost(uint32_t aType, const nsACString& aHost,
|
2017-02-14 05:29:10 +03:00
|
|
|
uint32_t aFlags,
|
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
bool* aCached, bool* aResult);
|
2010-10-06 21:07:39 +04:00
|
|
|
|
2016-07-07 02:16:29 +03:00
|
|
|
uint64_t mMaxMaxAge;
|
2012-10-16 01:43:57 +04:00
|
|
|
bool mUsePreloadList;
|
2014-09-04 21:42:31 +04:00
|
|
|
int64_t mPreloadListTimeOffset;
|
2014-09-03 21:24:12 +04:00
|
|
|
bool mProcessPKPHeadersFromNonBuiltInRoots;
|
2015-10-18 08:24:48 +03:00
|
|
|
RefPtr<mozilla::DataStorage> mSiteStateStorage;
|
2016-10-06 13:00:43 +03:00
|
|
|
RefPtr<mozilla::DataStorage> mPreloadStateStorage;
|
2010-06-04 01:03:17 +04:00
|
|
|
};
|
|
|
|
|
2013-08-03 02:48:37 +04:00
|
|
|
#endif // __nsSiteSecurityService_h__
|