author Wes Kocher <>
Wed, 22 Feb 2017 15:01:04 -0800
changeset 344314 32dcdde1fc64fc39a9065dc4218265dbc727673f
parent 288939 4a416720bfb3075cb6af708b129bf9eb711a9e12
child 344983 dfdf88ae01913f893d1c50f99a7089ad8853429d
permissions -rw-r--r--
Merge inbound to central, a=merge MozReview-Commit-ID: 2R3yE5OIznC

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */


#include "mozilla/ReentrantMonitor.h"
#include "nsICertOverrideService.h"
#include "nsTHashtable.h"
#include "nsIObserver.h"
#include "nsString.h"
#include "nsIFile.h"
#include "secoidt.h"
#include "nsWeakReference.h"
#include "mozilla/Attributes.h"

class nsCertOverride

  enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,
                      ob_Time_error=4 };


  nsCertOverride(const nsCertOverride &other)

  nsCertOverride &operator=(const nsCertOverride &other)
    mAsciiHost = other.mAsciiHost;
    mPort = other.mPort;
    mIsTemporary = other.mIsTemporary;
    mFingerprintAlgOID = other.mFingerprintAlgOID;
    mFingerprint = other.mFingerprint;
    mOverrideBits = other.mOverrideBits;
    mDBKey = other.mDBKey;
    mCert = other.mCert;
    return *this;

  nsCString mAsciiHost;
  int32_t mPort;
  bool mIsTemporary; // true: session only, false: stored on disk
  nsCString mFingerprint;
  nsCString mFingerprintAlgOID;
  OverrideBits mOverrideBits;
  nsCString mDBKey;
  nsCOMPtr <nsIX509Cert> mCert;

  static void convertBitsToString(OverrideBits ob, nsACString &str);
  static void convertStringToBits(const nsACString &str, OverrideBits &ob);

// hash entry class
class nsCertOverrideEntry final : public PLDHashEntryHdr
    // Hash methods
    typedef const char* KeyType;
    typedef const char* KeyTypePointer;

    // do nothing with aHost - we require mHead to be set before we're live!
    explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)

    nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)
      mSettings = toCopy.mSettings;
      mHostWithPort = toCopy.mHostWithPort;


    KeyType GetKey() const
      return HostWithPortPtr();

    KeyTypePointer GetKeyPointer() const
      return HostWithPortPtr();

    bool KeyEquals(KeyTypePointer aKey) const
      return !strcmp(HostWithPortPtr(), aKey);

    static KeyTypePointer KeyToPointer(KeyType aKey)
      return aKey;

    static PLDHashNumber HashKey(KeyTypePointer aKey)
      return PLDHashTable::HashStringKey(aKey);

    enum { ALLOW_MEMMOVE = false };

    // get methods
    inline const nsCString &HostWithPort() const { return mHostWithPort; }

    inline KeyTypePointer HostWithPortPtr() const
      return mHostWithPort.get();

    nsCertOverride mSettings;
    nsCString mHostWithPort;

class nsCertOverrideService final : public nsICertOverrideService
                                  , public nsIObserver
                                  , public nsSupportsWeakReference


  nsresult Init();
  void RemoveAllTemporaryOverrides();

  typedef void 
  (*CertOverrideEnumerator)(const nsCertOverride &aSettings,
                            void *aUserData);

  // aCert == null: return all overrides
  // aCert != null: return overrides that match the given cert
  nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
                                  CertOverrideEnumerator enumerator,
                                  void *aUserData);

    // Concates host name and the port number. If the port number is -1 then
    // port 443 is automatically used. This method ensures there is always a port
    // number separated with colon.
    static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);


    mozilla::ReentrantMonitor monitor;
    nsCOMPtr<nsIFile> mSettingsFile;
    nsTHashtable<nsCertOverrideEntry> mSettingsTable;

    SECOidTag mOidTagForStoringNewHashes;
    nsCString mDottedOidForStoringNewHashes;

    void CountPermanentOverrideTelemetry();

    void RemoveAllFromMemory();
    nsresult Read();
    nsresult Write();
    nsresult AddEntryToList(const nsACString &host, int32_t port,
                            nsIX509Cert *aCert,
                            const bool aIsTemporary,
                            const nsACString &algo_oid, 
                            const nsACString &fingerprint,
                            nsCertOverride::OverrideBits ob,
                            const nsACString &dbKey);

#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
    0x67ba681d,                                                        \
    0x5485,                                                            \
    0x4fff,                                                            \
    {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6}                   \