NS_IMETHODIMP
nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI, uint32_t aFlags)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
NS_ENSURE_TRUE(NS_IsMainThread(), NS_ERROR_UNEXPECTED);
// Only HSTS is supported at the moment.
NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS,
NS_ERROR_NOT_IMPLEMENTED);
nsAutoCString hostname;
nsresult rv = GetHost(aURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
rv = RemovePermission(hostname, STS_PERMISSION, isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
SSSLOG(("SSS: deleted maxage permission\n"));
rv = RemovePermission(hostname, STS_SUBDOMAIN_PERMISSION, isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
SSSLOG(("SSS: deleted subdomains permission\n"));
return NS_OK;
}
NS_IMETHODIMP
nsStrictTransportSecurityService::RemoveStsState(nsIURI* aURI)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
NS_ENSURE_TRUE(NS_IsMainThread(), NS_ERROR_UNEXPECTED);
nsAutoCString hostname;
nsresult rv = GetHost(aURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
rv = RemovePermission(hostname, STS_PERMISSION);
NS_ENSURE_SUCCESS(rv, rv);
STSLOG(("STS: deleted maxage permission\n"));
rv = RemovePermission(hostname, STS_SUBDOMAIN_PERMISSION);
NS_ENSURE_SUCCESS(rv, rv);
STSLOG(("STS: deleted subdomains permission\n"));
return NS_OK;
}
nsresult
nsSiteSecurityService::SetState(uint32_t aType,
nsIURI* aSourceURI,
int64_t maxage,
bool includeSubdomains,
uint32_t flags)
{
// If max-age is zero, that's an indication to immediately remove the
// permissions, so here's a shortcut.
if (!maxage) {
return RemoveState(aType, aSourceURI, flags);
}
// Expire time is millis from now. Since STS max-age is in seconds, and
// PR_Now() is in micros, must equalize the units at milliseconds.
int64_t expiretime = (PR_Now() / PR_USEC_PER_MSEC) +
(maxage * PR_MSEC_PER_SEC);
bool isPrivate = flags & nsISocketProvider::NO_PERMANENT_STORAGE;
// record entry for this host with max-age in the permissions manager
SSSLOG(("SSS: maxage permission SET, adding permission\n"));
nsresult rv = AddPermission(aSourceURI,
STS_PERMISSION,
(uint32_t) STS_SET,
(uint32_t) nsIPermissionManager::EXPIRE_TIME,
expiretime,
isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
if (includeSubdomains) {
// record entry for this host with include subdomains in the permissions manager
SSSLOG(("SSS: subdomains permission SET, adding permission\n"));
rv = AddPermission(aSourceURI,
STS_SUBDOMAIN_PERMISSION,
(uint32_t) STS_SET,
(uint32_t) nsIPermissionManager::EXPIRE_TIME,
expiretime,
isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
} else { // !includeSubdomains
nsAutoCString hostname;
rv = GetHost(aSourceURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
SSSLOG(("SSS: subdomains permission UNSET, removing any existing ones\n"));
rv = RemovePermission(hostname, STS_SUBDOMAIN_PERMISSION, isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
}
return NS_OK;
}
nsresult
nsStrictTransportSecurityService::SetStsState(nsIURI* aSourceURI,
PRInt64 maxage,
bool includeSubdomains)
{
// If max-age is zero, that's an indication to immediately remove the
// permissions, so here's a shortcut.
if (!maxage)
return RemoveStsState(aSourceURI);
// Expire time is millis from now. Since STS max-age is in seconds, and
// PR_Now() is in micros, must equalize the units at milliseconds.
PRInt64 expiretime = (PR_Now() / 1000) + (maxage * 1000);
// record entry for this host with max-age in the permissions manager
STSLOG(("STS: maxage permission SET, adding permission\n"));
nsresult rv = AddPermission(aSourceURI,
STS_PERMISSION,
(PRUint32) nsIPermissionManager::ALLOW_ACTION,
(PRUint32) nsIPermissionManager::EXPIRE_TIME,
expiretime);
NS_ENSURE_SUCCESS(rv, rv);
if (includeSubdomains) {
// record entry for this host with include subdomains in the permissions manager
STSLOG(("STS: subdomains permission SET, adding permission\n"));
rv = AddPermission(aSourceURI,
STS_SUBDOMAIN_PERMISSION,
(PRUint32) nsIPermissionManager::ALLOW_ACTION,
(PRUint32) nsIPermissionManager::EXPIRE_TIME,
expiretime);
NS_ENSURE_SUCCESS(rv, rv);
} else { // !includeSubdomains
nsCAutoString hostname;
rv = GetHost(aSourceURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
STSLOG(("STS: subdomains permission UNSET, removing any existing ones\n"));
rv = RemovePermission(hostname, STS_SUBDOMAIN_PERMISSION);
NS_ENSURE_SUCCESS(rv, rv);
}
return NS_OK;
}