1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIURI;
interface nsISimpleEnumerator;
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
// [infallible] attributes are only allowed on [builtinclass]
[scriptable, uuid(31313372-842c-4110-bdf1-6aea17c845ad), builtinclass]
interface nsISiteSecurityState : nsISupports
{
[must_use]
readonly attribute ACString hostname;
[infallible] readonly attribute long long expireTime;
[infallible] readonly attribute short securityPropertyState;
[infallible] readonly attribute boolean includeSubdomains;
[implicit_jscontext, must_use]
readonly attribute jsval originAttributes;
/*
* SECURITY_PROPERTY_SET and SECURITY_PROPERTY_UNSET correspond to indicating
* a site has or does not have the security property in question,
* respectively.
* SECURITY_PROPERTY_KNOCKOUT indicates a value on a preloaded
* list is being overridden, and the associated site does not have the
* security property in question.
*/
const short SECURITY_PROPERTY_UNSET = 0;
const short SECURITY_PROPERTY_SET = 1;
const short SECURITY_PROPERTY_KNOCKOUT = 2;
};
// This has to be a builtinclass because it derives from a builtinclass.
[scriptable, uuid(9ff16e40-1029-496c-95c2-bc819872b216), builtinclass]
interface nsISiteHSTSState : nsISiteSecurityState
{
};
[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
interface nsISiteSecurityService : nsISupports
{
const uint32_t Success = 0;
const uint32_t ERROR_UNKNOWN = 1;
// ERROR_UNTRUSTWORTHY_CONNECTION was 2 (the caller is now responsible for
// checking this)
const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
const uint32_t ERROR_NO_MAX_AGE = 4;
const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
const uint32_t ERROR_INVALID_MAX_AGE = 6;
const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
// The constants that were removed below were used in HPKP processing
// (which has been removed entirely).
// ERROR_INVALID_PIN was 9
// ERROR_MULTIPLE_REPORT_URIS was 10
// ERROR_PINSET_DOES_NOT_MATCH_CHAIN was 11
// ERROR_NO_BACKUP_PIN was 12
const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
// ERROR_ROOT_NOT_BUILT_IN was 14
/**
* Parses a given HTTP header and records the results internally.
* Currently one header type is supported: HSTS (aka STS).
* The format of the HSTS header is defined by the HSTS specification:
* https://tools.ietf.org/html/rfc6797
* and allows a host to specify that future HTTP requests should be
* upgraded to HTTPS.
* The caller is responsible for first determining that the header was
* delivered via a trustworthy connection (namely, https with no errors).
*
* @param aSourceURI the URI of the resource with the HTTP header.
* @param aHeader the HTTP response header specifying security data.
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
* If mPrivateBrowsingId > 0, information gathered
* from this header will not be saved persistently.
* @param aMaxAge the parsed max-age directive of the header.
* @param aIncludeSubdomains the parsed includeSubdomains directive.
* @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
was returned.
* @return NS_OK if it succeeds
* NS_ERROR_FAILURE if it can't be parsed
* NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
* if there are unrecognized tokens in the header.
*/
[binaryname(ProcessHeader), noscript, must_use]
void processHeaderNative(in nsIURI aSourceURI,
in ACString aHeader,
in const_OriginAttributesRef aOriginAttributes,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
[binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc,
must_use]
void processHeader(in nsIURI aSourceURI,
in ACString aHeader,
[optional] in jsval aOriginAttributes,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
/**
* Resets HSTS state a host, including the includeSubdomains state that
* would affect subdomains. This essentially removes the state for the
* domain tree rooted at this host. If any preloaded information is present
* for that host, that information will then be used instead of any other
* previously existing state.
*
* @param aURI the URI of the target host
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
*/
[implicit_jscontext, optional_argc, must_use]
void resetState(in nsIURI aURI, [optional] in jsval aOriginAttributes);
/**
* Checks whether or not the URI's hostname has HSTS set.
* For example:
* The URI is an HSTS URI if either the host has the HSTS state set, or one
* of its super-domains has the HSTS "includeSubdomains" flag set.
* NOTE: this function makes decisions based only on the
* host contained in the URI, and disregards other portions of the URI
* such as path and port.
*
* @param aURI the URI to query for STS state.
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
*/
[binaryname(IsSecureURI), noscript, must_use]
boolean isSecureURINative(in nsIURI aURI,
in const_OriginAttributesRef aOriginAttributes);
[binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc,
must_use]
boolean isSecureURI(in nsIURI aURI, [optional] in jsval aOriginAttributes);
/**
* Removes all non-preloaded HSTS state by resetting to factory-original
* settings.
*/
[must_use]
void clearAll();
/**
* Returns an enumerator of the nsISiteSecurityService storage. Each item in
* the enumeration is a nsISiteSecurityState that can be QueryInterfaced to
* nsISiteHSTSState.
* Doesn't include hard-coded preloaded entries.
*/
[must_use]
nsISimpleEnumerator enumerate();
};
%{C++
#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
%}
|
