summaryrefslogtreecommitdiffstats
path: root/dom/security/SRIMetadata.h
blob: 37c05ed7b3395afec8a14ecf25ed67f9a5bff91b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef mozilla_dom_SRIMetadata_h
#define mozilla_dom_SRIMetadata_h

#include "nsTArray.h"
#include "nsString.h"
#include "SRICheck.h"

namespace mozilla {
namespace dom {

class SRIMetadata final {
  friend class SRICheck;

 public:
  static const uint32_t MAX_ALTERNATE_HASHES = 256;
  static const int8_t UNKNOWN_ALGORITHM = -1;

  /**
   * Create an empty metadata object.
   */
  SRIMetadata() : mAlgorithmType(UNKNOWN_ALGORITHM), mEmpty(true) {}

  /**
   * Split a string token into the components of an SRI metadata
   * attribute.
   */
  explicit SRIMetadata(const nsACString& aToken);

  /**
   * Returns true when this object's hash algorithm is weaker than the
   * other object's hash algorithm.
   */
  bool operator<(const SRIMetadata& aOther) const;

  /**
   * Not implemented. Should not be used.
   */
  bool operator>(const SRIMetadata& aOther) const;

  /**
   * Add another metadata's hash to this one.
   */
  SRIMetadata& operator+=(const SRIMetadata& aOther);

  /**
   * Returns true when the two metadata use the same hash algorithm.
   */
  bool operator==(const SRIMetadata& aOther) const;

  bool IsEmpty() const { return mEmpty; }
  bool IsMalformed() const { return mHashes.IsEmpty() || mAlgorithm.IsEmpty(); }
  bool IsAlgorithmSupported() const {
    return mAlgorithmType != UNKNOWN_ALGORITHM;
  }
  bool IsValid() const { return !IsMalformed() && IsAlgorithmSupported(); }

  uint32_t HashCount() const { return mHashes.Length(); }
  void GetHash(uint32_t aIndex, nsCString* outHash) const;
  void GetAlgorithm(nsCString* outAlg) const { *outAlg = mAlgorithm; }
  void GetHashType(int8_t* outType, uint32_t* outLength) const;

  const nsString& GetIntegrityString() const { return mIntegrityString; }

  // Return true if:
  // * this SRI is empty
  // * the other SRI has a stronger hash algorithm
  // * the other SRI has the same hash algorithm and also the same set of values
  // otherwise, return false.
  //
  // This method simply checks if the other SRI is stronger or identical to this
  // one, so that a load that has been checked against that other SRI has the
  // same or higher level of trust than this SRI provides.
  bool CanTrustBeDelegatedTo(const SRIMetadata& aOther) const;

 private:
  CopyableTArray<nsCString> mHashes;
  nsString mIntegrityString;
  nsCString mAlgorithm;
  int8_t mAlgorithmType;
  bool mEmpty;
};

}  // namespace dom
}  // namespace mozilla

#endif  // mozilla_dom_SRIMetadata_h