tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsCertOverrideService.h (5035B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
      2 *
      3 * This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef nsCertOverrideService_h
      8 #define nsCertOverrideService_h
      9 
     10 #include <utility>
     11 
     12 #include "mozilla/HashFunctions.h"
     13 #include "mozilla/Mutex.h"
     14 #include "mozilla/OriginAttributes.h"
     15 #include "mozilla/TaskQueue.h"
     16 #include "nsIAsyncShutdown.h"
     17 #include "nsICertOverrideService.h"
     18 #include "nsIFile.h"
     19 #include "nsIObserver.h"
     20 #include "nsString.h"
     21 #include "nsTHashtable.h"
     22 #include "nsWeakReference.h"
     23 #include "secoidt.h"
     24 
     25 class nsCertOverride final : public nsICertOverride {
     26 public:
     27  NS_DECL_THREADSAFE_ISUPPORTS
     28  NS_DECL_NSICERTOVERRIDE
     29 
     30  nsCertOverride() : mPort(-1), mIsTemporary(false) {}
     31 
     32  nsCString mAsciiHost;
     33  int32_t mPort;
     34  mozilla::OriginAttributes mOriginAttributes;
     35  bool mIsTemporary;  // true: session only, false: stored on disk
     36  nsCString mFingerprint;
     37 
     38 private:
     39  ~nsCertOverride() = default;
     40 };
     41 
     42 // hash entry class
     43 class nsCertOverrideEntry final : public PLDHashEntryHdr {
     44 public:
     45  // Hash methods
     46  typedef const char* KeyType;
     47  typedef const char* KeyTypePointer;
     48 
     49  // do nothing with aHost - we require mHead to be set before we're live!
     50  explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8) {}
     51 
     52  nsCertOverrideEntry(nsCertOverrideEntry&& toMove)
     53      : PLDHashEntryHdr(std::move(toMove)),
     54        mSettings(std::move(toMove.mSettings)),
     55        mKeyString(std::move(toMove.mKeyString)) {}
     56 
     57  ~nsCertOverrideEntry() = default;
     58 
     59  KeyType GetKey() const { return KeyStringPtr(); }
     60 
     61  KeyTypePointer GetKeyPointer() const { return KeyStringPtr(); }
     62 
     63  bool KeyEquals(KeyTypePointer aKey) const {
     64    return !strcmp(KeyStringPtr(), aKey);
     65  }
     66 
     67  static KeyTypePointer KeyToPointer(KeyType aKey) { return aKey; }
     68 
     69  static PLDHashNumber HashKey(KeyTypePointer aKey) {
     70    return mozilla::HashString(aKey);
     71  }
     72 
     73  enum { ALLOW_MEMMOVE = false };
     74 
     75  // get methods
     76  inline const nsCString& KeyString() const { return mKeyString; }
     77 
     78  inline KeyTypePointer KeyStringPtr() const { return mKeyString.get(); }
     79 
     80  RefPtr<nsCertOverride> mSettings;
     81  nsCString mKeyString;
     82 };
     83 
     84 class nsCertOverrideService final : public nsICertOverrideService,
     85                                    public nsIObserver,
     86                                    public nsSupportsWeakReference,
     87                                    public nsIAsyncShutdownBlocker {
     88 public:
     89  NS_DECL_THREADSAFE_ISUPPORTS
     90  NS_DECL_NSICERTOVERRIDESERVICE
     91  NS_DECL_NSIOBSERVER
     92  NS_DECL_NSIASYNCSHUTDOWNBLOCKER
     93 
     94  nsCertOverrideService();
     95 
     96  nsresult Init();
     97  void RemoveAllTemporaryOverrides();
     98 
     99  // Concatenates host name and the port number. If the port number is -1 then
    100  // port 443 is automatically used. This method ensures there is always a port
    101  // number separated with colon.
    102  static void GetHostWithPort(const nsACString& aHostName, int32_t aPort,
    103                              nsACString& aRetval);
    104 
    105  // Concatenates host name, port number, and origin attributes.
    106  static void GetKeyString(const nsACString& aHostName, int32_t aPort,
    107                           const mozilla::OriginAttributes& aOriginAttributes,
    108                           nsACString& aRetval);
    109 
    110  void AssertOnTaskQueue() const {
    111    MOZ_ASSERT(mWriterTaskQueue->IsOnCurrentThread());
    112  }
    113 
    114  void RemoveShutdownBlocker();
    115 
    116 private:
    117  ~nsCertOverrideService();
    118 
    119  mozilla::Mutex mMutex;
    120  bool mDisableAllSecurityCheck MOZ_GUARDED_BY(mMutex);
    121  mozilla::HashMap<uint32_t, bool> mUserContextIdsWithSecurityChecksOverride
    122      MOZ_GUARDED_BY(mMutex);
    123  nsCOMPtr<nsIFile> mSettingsFile MOZ_GUARDED_BY(mMutex);
    124  nsTHashtable<nsCertOverrideEntry> mSettingsTable MOZ_GUARDED_BY(mMutex);
    125 
    126  void CountPermanentOverrideTelemetry(
    127      const mozilla::MutexAutoLock& aProofOfLock);
    128 
    129  nsresult Read(const mozilla::MutexAutoLock& aProofOfLock);
    130  nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
    131  nsresult AddEntryToList(const nsACString& host, int32_t port,
    132                          const mozilla::OriginAttributes& aOriginAttributes,
    133                          const bool aIsTemporary,
    134                          const nsACString& fingerprint,
    135                          const mozilla::MutexAutoLock& aProofOfLock);
    136  already_AddRefed<nsCertOverride> GetOverrideFor(
    137      const nsACString& aHostName, int32_t aPort,
    138      const mozilla::OriginAttributes& aOriginAttributes);
    139 
    140  // Set in constructor only
    141  RefPtr<mozilla::TaskQueue> mWriterTaskQueue;
    142 
    143  // Only accessed on the main thread
    144  uint64_t mPendingWriteCount;
    145 };
    146 
    147 #define NS_CERTOVERRIDE_CID                   \
    148  {/* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
    149   0x67ba681d,                                \
    150   0x5485,                                    \
    151   0x4fff,                                    \
    152   {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6}}
    153 
    154 #endif  // nsCertOverrideService_h