1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5#include "nsISupports.idl"
6
7interface nsIURI;
8interface nsITransportSecurityInfo;
9interface nsISimpleEnumerator;
10
11[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
12
13// [infallible] attributes are only allowed on [builtinclass]
14[scriptable, uuid(31313372-842c-4110-bdf1-6aea17c845ad), builtinclass]
15interface nsISiteSecurityState : nsISupports
16{
17  [must_use]
18  readonly attribute ACString hostname;
19  [infallible] readonly attribute long long expireTime;
20  [infallible] readonly attribute short securityPropertyState;
21  [infallible] readonly attribute boolean includeSubdomains;
22
23  [implicit_jscontext, must_use]
24  readonly attribute jsval originAttributes;
25
26  /*
27   * SECURITY_PROPERTY_SET and SECURITY_PROPERTY_UNSET correspond to indicating
28   * a site has or does not have the security property in question,
29   * respectively.
30   * SECURITY_PROPERTY_KNOCKOUT indicates a value on a preloaded
31   * list is being overridden, and the associated site does not have the
32   * security property in question.
33   */
34  const short SECURITY_PROPERTY_UNSET = 0;
35  const short SECURITY_PROPERTY_SET = 1;
36  const short SECURITY_PROPERTY_KNOCKOUT = 2;
37};
38
39// This has to be a builtinclass because it derives from a builtinclass.
40[scriptable, uuid(9ff16e40-1029-496c-95c2-bc819872b216), builtinclass]
41interface nsISiteHSTSState : nsISiteSecurityState
42{
43};
44
45[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
46interface nsISiteSecurityService : nsISupports
47{
48    const uint32_t Success = 0;
49    const uint32_t ERROR_UNKNOWN = 1;
50    const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
51    const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
52    const uint32_t ERROR_NO_MAX_AGE = 4;
53    const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
54    const uint32_t ERROR_INVALID_MAX_AGE = 6;
55    const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
56    const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
57    // The constants that were removed below were used in HPKP processing
58    // (which has been removed entirely).
59    // ERROR_INVALID_PIN was 9
60    // ERROR_MULTIPLE_REPORT_URIS was 10
61    // ERROR_PINSET_DOES_NOT_MATCH_CHAIN was 11
62    // ERROR_NO_BACKUP_PIN was 12
63    const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
64    // ERROR_ROOT_NOT_BUILT_IN was 14
65
66    /**
67     * nsISiteSecurityService::IsSecureURI can optionally return a flag
68     * indicating the source of the HSTS cache entry, if it comes from the
69     * preload list, was seen naturally, or is a result of HSTS priming.
70     */
71    const uint32_t SOURCE_UNKNOWN         = 0;
72    const uint32_t SOURCE_PRELOAD_LIST    = 1;
73    const uint32_t SOURCE_ORGANIC_REQUEST = 2;
74
75    /**
76     * Parses a given HTTP header and records the results internally.
77     * Currently one header type is supported: HSTS (aka STS).
78     * The format of the HSTS header is defined by the HSTS specification:
79     * https://tools.ietf.org/html/rfc6797
80     * and allows a host to specify that future HTTP requests should be
81     * upgraded to HTTPS.
82     *
83     * @param aSourceURI the URI of the resource with the HTTP header.
84     * @param aHeader the HTTP response header specifying security data.
85     * @param aSecInfo the TransportSecurityInfo of the current channel.
86     * @param aFlags  options for this request as defined in nsISocketProvider:
87     *                  NO_PERMANENT_STORAGE
88     * @param aOriginAttributes the origin attributes that isolate this origin,
89     *                          (note that this implementation does not isolate
90     *                          by userContextId because of the risk of man-in-
91     *                          the-middle attacks before trust-on-second-use
92     *                          happens).
93     * @param aSource the source of the header, whether it was from the preload
94     *                list, an organic header, or unknown.
95     * @param aMaxAge the parsed max-age directive of the header.
96     * @param aIncludeSubdomains the parsed includeSubdomains directive.
97     * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
98                             was returned.
99     * @return NS_OK            if it succeeds
100     *         NS_ERROR_FAILURE if it can't be parsed
101     *         NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
102     *                          if there are unrecognized tokens in the header.
103     */
104    [binaryname(ProcessHeader), noscript, must_use]
105    void processHeaderNative(in nsIURI aSourceURI,
106                             in ACString aHeader,
107                             in nsITransportSecurityInfo aSecInfo,
108                             in uint32_t aFlags,
109                             in uint32_t aSource,
110                             in const_OriginAttributesRef aOriginAttributes,
111                             [optional] out unsigned long long aMaxAge,
112                             [optional] out boolean aIncludeSubdomains,
113                             [optional] out uint32_t aFailureResult);
114
115    [binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc,
116     must_use]
117    void processHeader(in nsIURI aSourceURI,
118                       in ACString aHeader,
119                       in nsITransportSecurityInfo aSecInfo,
120                       in uint32_t aFlags,
121                       in uint32_t aSource,
122                       [optional] in jsval aOriginAttributes,
123                       [optional] out unsigned long long aMaxAge,
124                       [optional] out boolean aIncludeSubdomains,
125                       [optional] out uint32_t aFailureResult);
126
127    /**
128     * Resets HSTS state a host, including the includeSubdomains state that
129     * would affect subdomains. This essentially removes the state for the
130     * domain tree rooted at this host. If any preloaded information is present
131     * for that host, that information will then be used instead of any other
132     * previously existing state.
133     *
134     * @param aURI    the URI of the target host
135     * @param aFlags  options for this request as defined in nsISocketProvider:
136     *                  NO_PERMANENT_STORAGE
137     * @param aOriginAttributes the origin attributes that isolate this origin,
138     *                          (note that this implementation does not isolate
139     *                          by userContextId because of the risk of man-in-
140     *                          the-middle attacks before trust-on-second-use
141     *                          happens).
142     */
143    [implicit_jscontext, optional_argc, must_use]
144    void resetState(in nsIURI aURI,
145                    in uint32_t aFlags,
146                    [optional] in jsval aOriginAttributes);
147
148    /**
149     * Checks whether or not the URI's hostname has HSTS set.
150     * For example:
151     * The URI is an HSTS URI if either the host has the HSTS state set, or one
152     * of its super-domains has the HSTS "includeSubdomains" flag set.
153     * NOTE: this function makes decisions based only on the
154     * host contained in the URI, and disregards other portions of the URI
155     * such as path and port.
156     *
157     * @param aURI the URI to query for STS state.
158     * @param aFlags  options for this request as defined in nsISocketProvider:
159     *                  NO_PERMANENT_STORAGE
160     * @param aOriginAttributes the origin attributes that isolate this origin,
161     *                          (note that this implementation does not isolate
162     *                          by userContextId because of the risk of man-in-
163     *                          the-middle attacks before trust-on-second-use
164     *                          happens).
165     * @param aCached true if we have cached information about this host, even
166     *                if the security state is false.
167     * @param aSource the source of the HSTS entry. One of SOURCE_PRELOAD_LIST,
168     *                SOURCE_ORGANIC_REQUEST, or SOURCE_UNKNOWN.
169     */
170    [binaryname(IsSecureURI), noscript, must_use]
171    boolean isSecureURINative(in nsIURI aURI, in uint32_t aFlags,
172                              in const_OriginAttributesRef aOriginAttributes,
173                              [optional] out boolean aCached,
174                              [optional] out uint32_t aSource);
175
176    [binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc,
177     must_use]
178    boolean isSecureURI(in nsIURI aURI, in uint32_t aFlags,
179                        [optional] in jsval aOriginAttributes,
180                        [optional] out boolean aCached,
181                        [optional] out uint32_t aSource);
182
183    /**
184     * Removes all non-preloaded HSTS state by resetting to factory-original
185     * settings.
186     */
187    [must_use]
188    void clearAll();
189
190    /**
191     * Returns an enumerator of the nsISiteSecurityService storage. Each item in
192     * the enumeration is a nsISiteSecurityState that can be QueryInterfaced to
193     * nsISiteHSTSState.
194     * Doesn't include hard-coded preloaded entries.
195     */
196    [must_use]
197    nsISimpleEnumerator enumerate();
198};
199
200%{C++
201#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
202%}
203