2012-05-21 11:12:37 +00:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2010-06-03 21:03:17 +00:00
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
|
|
|
|
interface nsIURI;
|
2010-10-06 17:07:39 +00:00
|
|
|
interface nsIObserver;
|
2010-06-03 21:03:17 +00:00
|
|
|
interface nsIHttpChannel;
|
2014-09-03 17:24:12 +00:00
|
|
|
interface nsISSLStatus;
|
2010-06-03 21:03:17 +00:00
|
|
|
|
2014-09-12 21:56:53 +00:00
|
|
|
%{C++
|
|
|
|
template<class T> class nsTArray;
|
|
|
|
class nsCString;
|
|
|
|
namespace mozilla
|
|
|
|
{
|
|
|
|
namespace pkix
|
|
|
|
{
|
|
|
|
class Time;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
%}
|
|
|
|
[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
|
|
|
|
[ref] native mozillaPkixTime(mozilla::pkix::Time);
|
|
|
|
|
2015-08-20 21:33:29 +00:00
|
|
|
[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
|
2013-08-02 22:48:37 +00:00
|
|
|
interface nsISiteSecurityService : nsISupports
|
2010-06-03 21:03:17 +00:00
|
|
|
{
|
2013-08-02 23:23:18 +00:00
|
|
|
const uint32_t HEADER_HSTS = 0;
|
2014-09-12 21:56:53 +00:00
|
|
|
const uint32_t HEADER_HPKP = 1;
|
2013-08-02 23:23:18 +00:00
|
|
|
const uint32_t HEADER_OMS = 2;
|
|
|
|
|
2015-08-05 05:51:00 +00:00
|
|
|
const uint32_t Success = 0;
|
|
|
|
const uint32_t ERROR_UNKNOWN = 1;
|
|
|
|
const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
|
|
|
|
const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
|
|
|
|
const uint32_t ERROR_NO_MAX_AGE = 4;
|
|
|
|
const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
|
|
|
|
const uint32_t ERROR_INVALID_MAX_AGE = 6;
|
|
|
|
const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
|
|
|
|
const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
|
|
|
|
const uint32_t ERROR_INVALID_PIN = 9;
|
|
|
|
const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10;
|
|
|
|
const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11;
|
|
|
|
const uint32_t ERROR_NO_BACKUP_PIN = 12;
|
|
|
|
const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
|
2015-08-20 21:33:29 +00:00
|
|
|
const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14;
|
2015-08-05 05:51:00 +00:00
|
|
|
|
2010-06-03 21:03:17 +00:00
|
|
|
/**
|
|
|
|
* Parses a given HTTP header and records the results internally.
|
2014-09-03 17:24:12 +00:00
|
|
|
* Currently two header types are supported: HSTS (aka STS) and HPKP
|
2013-08-02 23:23:18 +00:00
|
|
|
* The format of the HSTS header is defined by the HSTS specification:
|
|
|
|
* https://tools.ietf.org/html/rfc6797
|
|
|
|
* and allows a host to specify that future HTTP requests should be
|
2010-06-03 21:03:17 +00:00
|
|
|
* upgraded to HTTPS.
|
2015-08-05 05:51:00 +00:00
|
|
|
* The format of the HPKP header is defined by the HPKP specification:
|
|
|
|
* https://tools.ietf.org/html/rfc7469
|
|
|
|
* and allows a host to specify a subset of trusted anchors to be used
|
2014-09-03 17:24:12 +00:00
|
|
|
* in future HTTPS connections.
|
2010-06-03 21:03:17 +00:00
|
|
|
*
|
2013-08-02 23:23:18 +00:00
|
|
|
* @param aType the type of security header in question.
|
2010-06-03 21:03:17 +00:00
|
|
|
* @param aSourceURI the URI of the resource with the HTTP header.
|
2014-09-03 17:24:12 +00:00
|
|
|
* @param aSSLStatus the SSLStatus of the current channel
|
2013-08-02 23:23:18 +00:00
|
|
|
* @param aHeader the HTTP response header specifying security data.
|
2012-06-30 14:34:17 +00:00
|
|
|
* @param aFlags options for this request as defined in nsISocketProvider:
|
|
|
|
* NO_PERMANENT_STORAGE
|
2012-10-15 21:43:57 +00:00
|
|
|
* @param aMaxAge the parsed max-age directive of the header.
|
|
|
|
* @param aIncludeSubdomains the parsed includeSubdomains directive.
|
2015-08-05 05:51:00 +00:00
|
|
|
* @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
|
|
|
|
was returned.
|
2010-06-03 21:03:17 +00:00
|
|
|
* @return NS_OK if it succeeds
|
|
|
|
* NS_ERROR_FAILURE if it can't be parsed
|
|
|
|
* NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
|
|
|
|
* if there are unrecognized tokens in the header.
|
|
|
|
*/
|
2013-08-02 23:23:18 +00:00
|
|
|
void processHeader(in uint32_t aType,
|
|
|
|
in nsIURI aSourceURI,
|
|
|
|
in string aHeader,
|
2014-09-03 17:24:12 +00:00
|
|
|
in nsISSLStatus aSSLStatus,
|
2013-08-02 23:23:18 +00:00
|
|
|
in uint32_t aFlags,
|
|
|
|
[optional] out unsigned long long aMaxAge,
|
2015-08-05 05:51:00 +00:00
|
|
|
[optional] out boolean aIncludeSubdomains,
|
|
|
|
[optional] out uint32_t aFailureResult);
|
2010-06-03 21:03:17 +00:00
|
|
|
|
2014-09-03 17:24:12 +00:00
|
|
|
/**
|
|
|
|
* Same as processHeader but without checking for the security properties
|
|
|
|
* of the connection. Use ONLY for testing.
|
|
|
|
*/
|
|
|
|
void unsafeProcessHeader(in uint32_t aType,
|
|
|
|
in nsIURI aSourceURI,
|
|
|
|
in string aHeader,
|
|
|
|
in uint32_t aFlags,
|
|
|
|
[optional] out unsigned long long aMaxAge,
|
2015-08-05 05:51:00 +00:00
|
|
|
[optional] out boolean aIncludeSubdomains,
|
|
|
|
[optional] out uint32_t aFailureResult);
|
2014-09-03 17:24:12 +00:00
|
|
|
|
2010-06-03 21:03:17 +00:00
|
|
|
/**
|
2013-08-02 23:23:18 +00:00
|
|
|
* Given a header type, removes state relating to that header of a host,
|
|
|
|
* including the includeSubdomains state that would affect subdomains.
|
|
|
|
* This essentially removes the state for the domain tree rooted at this
|
|
|
|
* host.
|
|
|
|
* @param aType the type of security state in question
|
2012-06-30 14:34:17 +00:00
|
|
|
* @param aURI the URI of the target host
|
|
|
|
* @param aFlags options for this request as defined in nsISocketProvider:
|
|
|
|
* NO_PERMANENT_STORAGE
|
2010-06-03 21:03:17 +00:00
|
|
|
*/
|
2013-08-02 23:23:18 +00:00
|
|
|
void removeState(in uint32_t aType,
|
|
|
|
in nsIURI aURI,
|
|
|
|
in uint32_t aFlags);
|
2013-08-05 20:18:06 +00:00
|
|
|
|
|
|
|
/**
|
2013-08-02 23:23:18 +00:00
|
|
|
* See isSecureURI
|
2013-08-05 20:18:06 +00:00
|
|
|
*
|
2013-08-02 23:23:18 +00:00
|
|
|
* @param aType the type of security state in question.
|
|
|
|
* @param aHost the hostname (punycode) to query for state.
|
2013-08-05 20:18:06 +00:00
|
|
|
* @param aFlags options for this request as defined in nsISocketProvider:
|
|
|
|
* NO_PERMANENT_STORAGE
|
|
|
|
*/
|
2013-08-02 23:23:18 +00:00
|
|
|
boolean isSecureHost(in uint32_t aType,
|
|
|
|
in string aHost,
|
|
|
|
in uint32_t aFlags);
|
|
|
|
|
2010-06-03 21:03:17 +00:00
|
|
|
/**
|
2013-08-02 23:23:18 +00:00
|
|
|
* Checks whether or not the URI's hostname has a given security state set.
|
|
|
|
* For example, for HSTS:
|
|
|
|
* The URI is an HSTS URI if either the host has the HSTS state set, or one
|
|
|
|
* of its super-domains has the HSTS "includeSubdomains" flag set.
|
|
|
|
* NOTE: this function makes decisions based only on the
|
2010-06-03 21:03:17 +00:00
|
|
|
* host contained in the URI, and disregards other portions of the URI
|
|
|
|
* such as path and port.
|
|
|
|
*
|
2013-08-02 23:23:18 +00:00
|
|
|
* @param aType the type of security state in question.
|
2010-06-03 21:03:17 +00:00
|
|
|
* @param aURI the URI to query for STS state.
|
2012-06-30 14:34:17 +00:00
|
|
|
* @param aFlags options for this request as defined in nsISocketProvider:
|
|
|
|
* NO_PERMANENT_STORAGE
|
2010-06-03 21:03:17 +00:00
|
|
|
*/
|
2013-08-02 23:23:18 +00:00
|
|
|
boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags);
|
2010-06-03 21:03:17 +00:00
|
|
|
|
2014-09-04 17:42:31 +00:00
|
|
|
/**
|
|
|
|
* Removes all security state by resetting to factory-original settings.
|
|
|
|
*/
|
|
|
|
void clearAll();
|
2014-09-12 21:56:53 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns an array of sha256-hashed key pins for the given domain, if any.
|
|
|
|
* If these pins also apply to subdomains of the given domain,
|
|
|
|
* aIncludeSubdomains will be true. Pins returned are only for non-built-in
|
|
|
|
* pin entries.
|
|
|
|
*
|
|
|
|
* @param aHostname the hosname (punycode) to be queried about
|
|
|
|
* @param the time at which the pins should be valid. This is in
|
|
|
|
mozilla::pkix::Time which uses internally seconds since 0 AD.
|
|
|
|
* @param aPinArray the set of sha256-hashed key pins for the given domain
|
|
|
|
* @param aIncludeSubdomains true if the pins apply to subdomains of the
|
|
|
|
* given domain
|
|
|
|
*/
|
|
|
|
[noscript] boolean getKeyPinsForHostname(in string aHostname,
|
|
|
|
in mozillaPkixTime evalTime,
|
|
|
|
out nsCStringTArrayRef aPinArray,
|
|
|
|
out boolean aIncludeSubdomains);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set public-key pins for a host. The resulting pins will be permanent
|
|
|
|
* and visible from private and non-private contexts. These pins replace
|
|
|
|
* any already set by this mechanism or those built-in to Gecko.
|
|
|
|
*
|
|
|
|
* @param aHost the hostname (punycode) that pins will apply to
|
|
|
|
* @param aIncludeSubdomains whether these pins also apply to subdomains
|
|
|
|
* @param aMaxAge lifetime (in seconds) of this pin set
|
|
|
|
* @param aPinCount number of keys being pinnned
|
|
|
|
* @param aSha256Pins array of hashed key fingerprints (SHA-256, base64)
|
|
|
|
*/
|
|
|
|
boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains,
|
|
|
|
in unsigned long aMaxAge, in unsigned long aPinCount,
|
|
|
|
[array, size_is(aPinCount)] in string aSha256Pins);
|
|
|
|
|
2010-06-03 21:03:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
%{C++
|
2013-08-02 22:48:37 +00:00
|
|
|
#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
|
2010-06-03 21:03:17 +00:00
|
|
|
%}
|