diff --git a/content/base/test/test_websocket.html b/content/base/test/test_websocket.html
index 2e15e7c17a8a8..3c64a4e22c7d4 100644
--- a/content/base/test/test_websocket.html
+++ b/content/base/test/test_websocket.html
@@ -1230,14 +1230,14 @@
const Ci = Components.interfaces;
var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
var thehost = ios.newURI("http://example.com", null, null);
- var stss = Cc["@mozilla.org/stsservice;1"].getService(Ci.nsIStrictTransportSecurityService);
+ var sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
var loadContext = window.QueryInterface(Ci.nsIInterfaceRequestor)
.getInterface(Ci.nsIWebNavigation)
.QueryInterface(Ci.nsILoadContext);
var flags = 0;
if (loadContext.usePrivateBrowsing)
flags |= Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
- stss.removeStsState(thehost, flags);
+ sss.removeStsState(thehost, flags);
doTest(42);
}
}
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 8cc167a5d22ab..ff6ffe62bfaf0 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -135,7 +135,7 @@
#include "nsIDOMHTMLAnchorElement.h"
#include "nsIWebBrowserChrome3.h"
#include "nsITabChild.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
#include "nsStructuredCloneContainer.h"
#include "nsIStructuredCloneContainer.h"
#ifdef MOZ_PLACES
@@ -4266,14 +4266,14 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
// if this is a Strict-Transport-Security host and the cert
// is bad, don't allow overrides (STS Spec section 7.3).
- nsCOMPtr stss =
- do_GetService(NS_STSSERVICE_CONTRACTID, &rv);
+ nsCOMPtr sss =
+ do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
uint32_t flags =
mInPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
bool isStsHost = false;
- rv = stss->IsStsURI(aURI, flags, &isStsHost);
+ rv = sss->IsStsURI(aURI, flags, &isStsHost);
NS_ENSURE_SUCCESS(rv, rv);
uint32_t bucketId;
diff --git a/netwerk/base/public/moz.build b/netwerk/base/public/moz.build
index 8bd7166f7bbac..f39509709c435 100644
--- a/netwerk/base/public/moz.build
+++ b/netwerk/base/public/moz.build
@@ -85,6 +85,7 @@ XPIDL_SOURCES += [
'nsISerializationHelper.idl',
'nsIServerSocket.idl',
'nsISimpleStreamListener.idl',
+ 'nsISiteSecurityService.idl',
'nsISocketTransport.idl',
'nsISocketTransportService.idl',
'nsISpeculativeConnect.idl',
@@ -93,7 +94,6 @@ XPIDL_SOURCES += [
'nsIStreamListenerTee.idl',
'nsIStreamLoader.idl',
'nsIStreamTransportService.idl',
- 'nsIStrictTransportSecurityService.idl',
'nsISyncStreamListener.idl',
'nsISystemProxySettings.idl',
'nsIThreadRetargetableRequest.idl',
diff --git a/netwerk/base/public/nsIStrictTransportSecurityService.idl b/netwerk/base/public/nsISiteSecurityService.idl
similarity index 95%
rename from netwerk/base/public/nsIStrictTransportSecurityService.idl
rename to netwerk/base/public/nsISiteSecurityService.idl
index 386f708ad9409..62a82c1052819 100644
--- a/netwerk/base/public/nsIStrictTransportSecurityService.idl
+++ b/netwerk/base/public/nsISiteSecurityService.idl
@@ -8,8 +8,8 @@ interface nsIURI;
interface nsIObserver;
interface nsIHttpChannel;
-[scriptable, uuid(c6138514-f212-4747-98c2-7abfce3be293)]
-interface nsIStrictTransportSecurityService : nsISupports
+[scriptable, uuid(1ca9de3d-26b8-4e0c-9641-62c380bdd9c7)]
+interface nsISiteSecurityService : nsISupports
{
/**
* Parses a given HTTP header and records the results internally.
@@ -80,7 +80,7 @@ interface nsIStrictTransportSecurityService : nsISupports
};
%{C++
-#define NS_STSSERVICE_CONTRACTID "@mozilla.org/stsservice;1"
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
#define STS_PERMISSION "sts/use"
#define STS_SUBDOMAIN_PERMISSION "sts/subd"
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index 157f73902720b..cf56a050efe45 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -378,12 +378,12 @@ nsHttpChannel::Connect()
if (!usingSSL) {
// enforce Strict-Transport-Security
- nsIStrictTransportSecurityService* stss = gHttpHandler->GetSTSService();
- NS_ENSURE_TRUE(stss, NS_ERROR_OUT_OF_MEMORY);
+ nsISiteSecurityService* sss = gHttpHandler->GetSSService();
+ NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
bool isStsHost = false;
uint32_t flags = mPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
- rv = stss->IsStsURI(mURI, flags, &isStsHost);
+ rv = sss->IsStsURI(mURI, flags, &isStsHost);
// if STS fails, there's no reason to cancel the load, but it's
// worrisome.
@@ -1143,8 +1143,8 @@ nsHttpChannel::ProcessSTSHeader()
if (PR_SUCCESS == PR_StringToNetAddr(asciiHost.get(), &hostAddr))
return NS_OK;
- nsIStrictTransportSecurityService* stss = gHttpHandler->GetSTSService();
- NS_ENSURE_TRUE(stss, NS_ERROR_OUT_OF_MEMORY);
+ nsISiteSecurityService* sss = gHttpHandler->GetSSService();
+ NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
// mSecurityInfo may not always be present, and if it's not then it is okay
// to just disregard any STS headers since we know nothing about the
@@ -1155,7 +1155,7 @@ nsHttpChannel::ProcessSTSHeader()
// If there are certificate errors, we still load the data, we just ignore
// any STS headers that are present.
bool tlsIsBroken = false;
- rv = stss->ShouldIgnoreStsHeader(mSecurityInfo, &tlsIsBroken);
+ rv = sss->ShouldIgnoreStsHeader(mSecurityInfo, &tlsIsBroken);
NS_ENSURE_SUCCESS(rv, NS_OK);
// If this was already an STS host, the connection should have been aborted
@@ -1166,7 +1166,7 @@ nsHttpChannel::ProcessSTSHeader()
bool wasAlreadySTSHost;
uint32_t flags =
NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
- rv = stss->IsStsURI(mURI, flags, &wasAlreadySTSHost);
+ rv = sss->IsStsURI(mURI, flags, &wasAlreadySTSHost);
// Failure here means STS is broken. Don't prevent the load, but this
// shouldn't fail.
NS_ENSURE_SUCCESS(rv, NS_OK);
@@ -1194,7 +1194,7 @@ nsHttpChannel::ProcessSTSHeader()
// All other failures are fatal.
NS_ENSURE_SUCCESS(rv, rv);
- rv = stss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
+ rv = sss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
if (NS_FAILED(rv)) {
AddSecurityMessage(NS_LITERAL_STRING("InvalidSTSHeaders"),
NS_LITERAL_STRING("Invalid HSTS Headers"));
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
index 83c016f6859b4..7df7d1ec91e0d 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -475,12 +475,12 @@ nsHttpHandler::GetStreamConverterService(nsIStreamConverterService **result)
return NS_OK;
}
-nsIStrictTransportSecurityService*
-nsHttpHandler::GetSTSService()
+nsISiteSecurityService*
+nsHttpHandler::GetSSService()
{
- if (!mSTSService)
- mSTSService = do_GetService(NS_STSSERVICE_CONTRACTID);
- return mSTSService;
+ if (!mSSService)
+ mSSService = do_GetService(NS_SSSERVICE_CONTRACTID);
+ return mSSService;
}
nsICookieService *
@@ -1830,9 +1830,9 @@ NS_IMETHODIMP
nsHttpHandler::SpeculativeConnect(nsIURI *aURI,
nsIInterfaceRequestor *aCallbacks)
{
- nsIStrictTransportSecurityService* stss = gHttpHandler->GetSTSService();
+ nsISiteSecurityService* sss = gHttpHandler->GetSSService();
bool isStsHost = false;
- if (!stss)
+ if (!sss)
return NS_OK;
nsCOMPtr loadContext = do_GetInterface(aCallbacks);
@@ -1840,7 +1840,7 @@ nsHttpHandler::SpeculativeConnect(nsIURI *aURI,
if (loadContext && loadContext->UsePrivateBrowsing())
flags |= nsISocketProvider::NO_PERMANENT_STORAGE;
nsCOMPtr clone;
- if (NS_SUCCEEDED(stss->IsStsURI(aURI, flags, &isStsHost)) && isStsHost) {
+ if (NS_SUCCEEDED(sss->IsStsURI(aURI, flags, &isStsHost)) && isStsHost) {
if (NS_SUCCEEDED(aURI->Clone(getter_AddRefs(clone)))) {
clone->SetScheme(NS_LITERAL_CSTRING("https"));
aURI = clone.get();
diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h
index db57e50e6ae7f..ce258b4d4adc6 100644
--- a/netwerk/protocol/http/nsHttpHandler.h
+++ b/netwerk/protocol/http/nsHttpHandler.h
@@ -26,7 +26,7 @@
#include "nsICacheSession.h"
#include "nsICookieService.h"
#include "nsITimer.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
#include "nsISpeculativeConnect.h"
class nsHttpConnectionInfo;
@@ -196,7 +196,7 @@ class nsHttpHandler : public nsIHttpProtocolHandler
nsresult GetStreamConverterService(nsIStreamConverterService **);
nsresult GetIOService(nsIIOService** service);
nsICookieService * GetCookieService(); // not addrefed
- nsIStrictTransportSecurityService * GetSTSService();
+ nsISiteSecurityService * GetSSService();
// callable from socket thread only
uint32_t Get32BitsOfPseudoRandom();
@@ -308,7 +308,7 @@ class nsHttpHandler : public nsIHttpProtocolHandler
nsCOMPtr mStreamConvSvc;
nsCOMPtr mObserverService;
nsCOMPtr mCookieService;
- nsCOMPtr mSTSService;
+ nsCOMPtr mSSService;
// the authentication credentials cache
nsHttpAuthCache mAuthCache;
diff --git a/netwerk/test/TestSTSParser.cpp b/netwerk/test/TestSTSParser.cpp
index 9239393042f7a..a23a7380c767c 100644
--- a/netwerk/test/TestSTSParser.cpp
+++ b/netwerk/test/TestSTSParser.cpp
@@ -9,7 +9,7 @@
#include "plstr.h"
#include "nsNetUtil.h"
#include "nsStringGlue.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
#include "nsIPermissionManager.h"
#define EXPECT_SUCCESS(rv, ...) \
@@ -40,7 +40,7 @@
bool
TestSuccess(const char* hdr, bool extraTokens,
uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
- nsIStrictTransportSecurityService* stss,
+ nsISiteSecurityService* sss,
nsIPermissionManager* pm)
{
nsCOMPtr dummyUri;
@@ -49,7 +49,7 @@ TestSuccess(const char* hdr, bool extraTokens,
uint64_t maxAge = 0;
bool includeSubdomains = false;
- rv = stss->ProcessStsHeader(dummyUri, hdr, 0, &maxAge, &includeSubdomains);
+ rv = sss->ProcessStsHeader(dummyUri, hdr, 0, &maxAge, &includeSubdomains);
EXPECT_SUCCESS(rv, "Failed to process valid header: %s", hdr);
REQUIRE_EQUAL(maxAge, expectedMaxAge, "Did not correctly parse maxAge");
@@ -67,14 +67,14 @@ TestSuccess(const char* hdr, bool extraTokens,
}
bool TestFailure(const char* hdr,
- nsIStrictTransportSecurityService* stss,
- nsIPermissionManager* pm)
+ nsISiteSecurityService* sss,
+ nsIPermissionManager* pm)
{
nsCOMPtr dummyUri;
nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
EXPECT_SUCCESS(rv, "Failed to create URI");
- rv = stss->ProcessStsHeader(dummyUri, hdr, 0, NULL, NULL);
+ rv = sss->ProcessStsHeader(dummyUri, hdr, 0, NULL, NULL);
EXPECT_FAILURE(rv, "Parsed invalid header: %s", hdr);
passed(hdr);
return true;
@@ -96,8 +96,8 @@ main(int32_t argc, char *argv[])
}
// grab handle to the service
- nsCOMPtr stss;
- stss = do_GetService("@mozilla.org/stsservice;1", &rv);
+ nsCOMPtr sss;
+ sss = do_GetService("@mozilla.org/ssservice;1", &rv);
NS_ENSURE_SUCCESS(rv, -1);
nsCOMPtr pm;
@@ -112,42 +112,42 @@ main(int32_t argc, char *argv[])
printf("*** Attempting to parse valid STS headers ...\n");
// SHOULD SUCCEED:
- rvs.AppendElement(TestSuccess("max-age=100", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("max-age =100", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess(" max-age=100", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("max-age = \"100\" ", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("max-age=\"100\"", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess(" max-age =\"100\" ", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, stss, pm));
-
- rvs.AppendElement(TestSuccess("maX-aGe=100", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("MAX-age =100", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("max-AGE=100", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("Max-Age = 100 ", false, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("MAX-AGE = 100 ", false, 100, false, stss, pm));
-
- rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess(" max-age=100; includeSubdomains", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, stss, pm));
-
- rvs.AppendElement(TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("MAX-age =100; includeSubDomains", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, stss, pm));
- rvs.AppendElement(TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, stss, pm));
+ rvs.AppendElement(TestSuccess("max-age=100", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age =100", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess(" max-age=100", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age = \"100\" ", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age=\"100\"", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess(" max-age =\"100\" ", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, sss, pm));
+
+ rvs.AppendElement(TestSuccess("maX-aGe=100", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("MAX-age =100", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("max-AGE=100", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("Max-Age = 100 ", false, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("MAX-AGE = 100 ", false, 100, false, sss, pm));
+
+ rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss, pm));
+
+ rvs.AppendElement(TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("MAX-age =100; includeSubDomains", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss, pm));
+ rvs.AppendElement(TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss, pm));
// Turns out, the actual directive is entirely optional (hence the
// trailing semicolon)
- rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains;", true, 100, true, stss, pm));
+ rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss, pm));
// these are weird tests, but are testing that some extended syntax is
// still allowed (but it is ignored)
- rvs.AppendElement(TestSuccess("max-age=100 ; includesubdomainsSomeStuff", true, 100, false, stss, pm));
- rvs.AppendElement(TestSuccess("\r\n\t\t \tcompletelyUnrelated = foobar; max-age= 34520103 \t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", true, 34520103, true, stss, pm));
- rvs.AppendElement(TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", true, 100, false, stss, pm));
+ rvs.AppendElement(TestSuccess("max-age=100 ; includesubdomainsSomeStuff", true, 100, false, sss, pm));
+ rvs.AppendElement(TestSuccess("\r\n\t\t \tcompletelyUnrelated = foobar; max-age= 34520103 \t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", true, 34520103, true, sss, pm));
+ rvs.AppendElement(TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", true, 100, false, sss, pm));
rv0 = rvs.Contains(false) ? 1 : 0;
if (rv0 == 0)
@@ -158,37 +158,37 @@ main(int32_t argc, char *argv[])
// SHOULD FAIL:
printf("*** Attempting to parse invalid STS headers (should not parse)...\n");
// invalid max-ages
- rvs.AppendElement(TestFailure("max-age", stss, pm));
- rvs.AppendElement(TestFailure("max-age ", stss, pm));
- rvs.AppendElement(TestFailure("max-age=p", stss, pm));
- rvs.AppendElement(TestFailure("max-age=*1p2", stss, pm));
- rvs.AppendElement(TestFailure("max-age=.20032", stss, pm));
- rvs.AppendElement(TestFailure("max-age=!20032", stss, pm));
- rvs.AppendElement(TestFailure("max-age==20032", stss, pm));
+ rvs.AppendElement(TestFailure("max-age", sss, pm));
+ rvs.AppendElement(TestFailure("max-age ", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=p", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=*1p2", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=.20032", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=!20032", sss, pm));
+ rvs.AppendElement(TestFailure("max-age==20032", sss, pm));
// invalid headers
- rvs.AppendElement(TestFailure("foobar", stss, pm));
- rvs.AppendElement(TestFailure("maxage=100", stss, pm));
- rvs.AppendElement(TestFailure("maxa-ge=100", stss, pm));
- rvs.AppendElement(TestFailure("max-ag=100", stss, pm));
- rvs.AppendElement(TestFailure("includesubdomains", stss, pm));
- rvs.AppendElement(TestFailure(";", stss, pm));
- rvs.AppendElement(TestFailure("max-age=\"100", stss, pm));
+ rvs.AppendElement(TestFailure("foobar", sss, pm));
+ rvs.AppendElement(TestFailure("maxage=100", sss, pm));
+ rvs.AppendElement(TestFailure("maxa-ge=100", sss, pm));
+ rvs.AppendElement(TestFailure("max-ag=100", sss, pm));
+ rvs.AppendElement(TestFailure("includesubdomains", sss, pm));
+ rvs.AppendElement(TestFailure(";", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=\"100", sss, pm));
// The max-age directive here doesn't conform to the spec, so it MUST
// be ignored. Consequently, the REQUIRED max-age directive is not
// present in this header, and so it is invalid.
- rvs.AppendElement(TestFailure("max-age=100, max-age=200; includeSubdomains", stss, pm));
- rvs.AppendElement(TestFailure("max-age=100 includesubdomains", stss, pm));
- rvs.AppendElement(TestFailure("max-age=100 bar foo", stss, pm));
- rvs.AppendElement(TestFailure("max-age=100randomstuffhere", stss, pm));
+ rvs.AppendElement(TestFailure("max-age=100, max-age=200; includeSubdomains", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=100 includesubdomains", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=100 bar foo", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=100randomstuffhere", sss, pm));
// All directives MUST appear only once in an STS header field.
- rvs.AppendElement(TestFailure("max-age=100; max-age=200", stss, pm));
- rvs.AppendElement(TestFailure("includeSubdomains; max-age=200; includeSubdomains", stss, pm));
- rvs.AppendElement(TestFailure("max-age=200; includeSubdomains; includeSubdomains", stss, pm));
+ rvs.AppendElement(TestFailure("max-age=100; max-age=200", sss, pm));
+ rvs.AppendElement(TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss, pm));
+ rvs.AppendElement(TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss, pm));
// The includeSubdomains directive is valueless.
- rvs.AppendElement(TestFailure("max-age=100; includeSubdomains=unexpected", stss, pm));
+ rvs.AppendElement(TestFailure("max-age=100; includeSubdomains=unexpected", sss, pm));
// LWS must have at least one space or horizontal tab
- rvs.AppendElement(TestFailure("\r\nmax-age=200", stss, pm));
+ rvs.AppendElement(TestFailure("\r\nmax-age=200", sss, pm));
rv1 = rvs.Contains(false) ? 1 : 0;
if (rv1 == 0)
diff --git a/security/manager/boot/src/moz.build b/security/manager/boot/src/moz.build
index 2d478e920b1b6..865030329d206 100644
--- a/security/manager/boot/src/moz.build
+++ b/security/manager/boot/src/moz.build
@@ -12,7 +12,7 @@ CPP_SOURCES += [
'nsSecureBrowserUIImpl.cpp',
'nsSecurityHeaderParser.cpp',
'nsSecurityWarningDialogs.cpp',
- 'nsStrictTransportSecurityService.cpp',
+ 'nsSiteSecurityService.cpp',
]
LIBRARY_NAME = 'pipboot'
diff --git a/security/manager/boot/src/nsBOOTModule.cpp b/security/manager/boot/src/nsBOOTModule.cpp
index 059606341c75e..ae95cb481e81d 100644
--- a/security/manager/boot/src/nsBOOTModule.cpp
+++ b/security/manager/boot/src/nsBOOTModule.cpp
@@ -8,23 +8,23 @@
#include "nsEntropyCollector.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsSecurityWarningDialogs.h"
-#include "nsStrictTransportSecurityService.h"
+#include "nsSiteSecurityService.h"
NS_GENERIC_FACTORY_CONSTRUCTOR(nsEntropyCollector)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecurityWarningDialogs, Init)
-NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsStrictTransportSecurityService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
NS_DEFINE_NAMED_CID(NS_ENTROPYCOLLECTOR_CID);
NS_DEFINE_NAMED_CID(NS_SECURITYWARNINGDIALOGS_CID);
NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
-NS_DEFINE_NAMED_CID(NS_STRICT_TRANSPORT_SECURITY_CID);
+NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
static const mozilla::Module::CIDEntry kBOOTCIDs[] = {
{ &kNS_ENTROPYCOLLECTOR_CID, false, nullptr, nsEntropyCollectorConstructor },
{ &kNS_SECURITYWARNINGDIALOGS_CID, false, nullptr, nsSecurityWarningDialogsConstructor },
{ &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
- { &kNS_STRICT_TRANSPORT_SECURITY_CID, false, nullptr, nsStrictTransportSecurityServiceConstructor },
+ { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
{ nullptr }
};
@@ -32,7 +32,7 @@ static const mozilla::Module::ContractIDEntry kBOOTContracts[] = {
{ NS_ENTROPYCOLLECTOR_CONTRACTID, &kNS_ENTROPYCOLLECTOR_CID },
{ NS_SECURITYWARNINGDIALOGS_CONTRACTID, &kNS_SECURITYWARNINGDIALOGS_CID },
{ NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
- { NS_STSSERVICE_CONTRACTID, &kNS_STRICT_TRANSPORT_SECURITY_CID },
+ { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
{ nullptr }
};
diff --git a/security/manager/boot/src/nsStrictTransportSecurityService.cpp b/security/manager/boot/src/nsSiteSecurityService.cpp
similarity index 79%
rename from security/manager/boot/src/nsStrictTransportSecurityService.cpp
rename to security/manager/boot/src/nsSiteSecurityService.cpp
index eac114b935e22..43557580bd98a 100644
--- a/security/manager/boot/src/nsStrictTransportSecurityService.cpp
+++ b/security/manager/boot/src/nsSiteSecurityService.cpp
@@ -9,7 +9,7 @@
#include "nsIPermissionManager.h"
#include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h"
-#include "nsStrictTransportSecurityService.h"
+#include "nsSiteSecurityService.h"
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsThreadUtils.h"
@@ -36,20 +36,20 @@
#if defined(PR_LOGGING)
static PRLogModuleInfo *
-GetSTSLog()
+GetSSSLog()
{
- static PRLogModuleInfo *gSTSLog;
- if (!gSTSLog)
- gSTSLog = PR_NewLogModule("nsSTSService");
- return gSTSLog;
+ static PRLogModuleInfo *gSSSLog;
+ if (!gSSSLog)
+ gSSSLog = PR_NewLogModule("nsSSService");
+ return gSSSLog;
}
#endif
-#define STSLOG(args) PR_LOG(GetSTSLog(), 4, args)
+#define SSSLOG(args) PR_LOG(GetSSSLog(), 4, args)
////////////////////////////////////////////////////////////////////////////////
-nsSTSHostEntry::nsSTSHostEntry(const char* aHost)
+nsSSSHostEntry::nsSSSHostEntry(const char* aHost)
: mHost(aHost)
, mExpireTime(0)
, mStsPermission(STS_UNSET)
@@ -58,7 +58,7 @@ nsSTSHostEntry::nsSTSHostEntry(const char* aHost)
{
}
-nsSTSHostEntry::nsSTSHostEntry(const nsSTSHostEntry& toCopy)
+nsSSSHostEntry::nsSSSHostEntry(const nsSSSHostEntry& toCopy)
: mHost(toCopy.mHost)
, mExpireTime(toCopy.mExpireTime)
, mStsPermission(toCopy.mStsPermission)
@@ -70,21 +70,21 @@ nsSTSHostEntry::nsSTSHostEntry(const nsSTSHostEntry& toCopy)
////////////////////////////////////////////////////////////////////////////////
-nsStrictTransportSecurityService::nsStrictTransportSecurityService()
+nsSiteSecurityService::nsSiteSecurityService()
: mUsePreloadList(true)
{
}
-nsStrictTransportSecurityService::~nsStrictTransportSecurityService()
+nsSiteSecurityService::~nsSiteSecurityService()
{
}
-NS_IMPL_ISUPPORTS2(nsStrictTransportSecurityService,
+NS_IMPL_ISUPPORTS2(nsSiteSecurityService,
nsIObserver,
- nsIStrictTransportSecurityService)
+ nsISiteSecurityService)
nsresult
-nsStrictTransportSecurityService::Init()
+nsSiteSecurityService::Init()
{
nsresult rv;
@@ -103,7 +103,7 @@ nsStrictTransportSecurityService::Init()
}
nsresult
-nsStrictTransportSecurityService::GetHost(nsIURI *aURI, nsACString &aResult)
+nsSiteSecurityService::GetHost(nsIURI *aURI, nsACString &aResult)
{
nsCOMPtr innerURI = NS_GetInnermostURI(aURI);
if (!innerURI) return NS_ERROR_FAILURE;
@@ -117,8 +117,8 @@ nsStrictTransportSecurityService::GetHost(nsIURI *aURI, nsACString &aResult)
}
nsresult
-nsStrictTransportSecurityService::GetPrincipalForURI(nsIURI* aURI,
- nsIPrincipal** aPrincipal)
+nsSiteSecurityService::GetPrincipalForURI(nsIURI* aURI,
+ nsIPrincipal** aPrincipal)
{
nsresult rv;
nsCOMPtr securityManager =
@@ -140,10 +140,10 @@ nsStrictTransportSecurityService::GetPrincipalForURI(nsIURI* aURI,
}
nsresult
-nsStrictTransportSecurityService::SetStsState(nsIURI* aSourceURI,
- int64_t maxage,
- bool includeSubdomains,
- uint32_t flags)
+nsSiteSecurityService::SetStsState(nsIURI* aSourceURI,
+ int64_t maxage,
+ bool includeSubdomains,
+ uint32_t flags)
{
// If max-age is zero, that's an indication to immediately remove the
// permissions, so here's a shortcut.
@@ -159,7 +159,7 @@ nsStrictTransportSecurityService::SetStsState(nsIURI* aSourceURI,
bool isPrivate = flags & nsISocketProvider::NO_PERMANENT_STORAGE;
// record entry for this host with max-age in the permissions manager
- STSLOG(("STS: maxage permission SET, adding permission\n"));
+ SSSLOG(("SSS: maxage permission SET, adding permission\n"));
nsresult rv = AddPermission(aSourceURI,
STS_PERMISSION,
(uint32_t) STS_SET,
@@ -170,7 +170,7 @@ nsStrictTransportSecurityService::SetStsState(nsIURI* aSourceURI,
if (includeSubdomains) {
// record entry for this host with include subdomains in the permissions manager
- STSLOG(("STS: subdomains permission SET, adding permission\n"));
+ SSSLOG(("SSS: subdomains permission SET, adding permission\n"));
rv = AddPermission(aSourceURI,
STS_SUBDOMAIN_PERMISSION,
(uint32_t) STS_SET,
@@ -183,7 +183,7 @@ nsStrictTransportSecurityService::SetStsState(nsIURI* aSourceURI,
rv = GetHost(aSourceURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
- STSLOG(("STS: subdomains permission UNSET, removing any existing ones\n"));
+ SSSLOG(("SSS: subdomains permission UNSET, removing any existing ones\n"));
rv = RemovePermission(hostname, STS_SUBDOMAIN_PERMISSION, isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
}
@@ -191,7 +191,7 @@ nsStrictTransportSecurityService::SetStsState(nsIURI* aSourceURI,
}
NS_IMETHODIMP
-nsStrictTransportSecurityService::RemoveStsState(nsIURI* aURI, uint32_t aFlags)
+nsSiteSecurityService::RemoveStsState(nsIURI* aURI, uint32_t aFlags)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
@@ -205,21 +205,21 @@ nsStrictTransportSecurityService::RemoveStsState(nsIURI* aURI, uint32_t aFlags)
rv = RemovePermission(hostname, STS_PERMISSION, isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
- STSLOG(("STS: deleted maxage permission\n"));
+ SSSLOG(("SSS: deleted maxage permission\n"));
rv = RemovePermission(hostname, STS_SUBDOMAIN_PERMISSION, isPrivate);
NS_ENSURE_SUCCESS(rv, rv);
- STSLOG(("STS: deleted subdomains permission\n"));
+ SSSLOG(("SSS: deleted subdomains permission\n"));
return NS_OK;
}
NS_IMETHODIMP
-nsStrictTransportSecurityService::ProcessStsHeader(nsIURI* aSourceURI,
- const char* aHeader,
- uint32_t aFlags,
- uint64_t *aMaxAge,
- bool *aIncludeSubdomains)
+nsSiteSecurityService::ProcessStsHeader(nsIURI* aSourceURI,
+ const char* aHeader,
+ uint32_t aFlags,
+ uint64_t *aMaxAge,
+ bool *aIncludeSubdomains)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
@@ -242,13 +242,13 @@ nsStrictTransportSecurityService::ProcessStsHeader(nsIURI* aSourceURI,
}
nsresult
-nsStrictTransportSecurityService::ProcessStsHeaderMutating(nsIURI* aSourceURI,
- char* aHeader,
- uint32_t aFlags,
- uint64_t *aMaxAge,
- bool *aIncludeSubdomains)
+nsSiteSecurityService::ProcessStsHeaderMutating(nsIURI* aSourceURI,
+ char* aHeader,
+ uint32_t aFlags,
+ uint64_t *aMaxAge,
+ bool *aIncludeSubdomains)
{
- STSLOG(("STS: processing header '%s'", aHeader));
+ SSSLOG(("SSS: processing header '%s'", aHeader));
// "Strict-Transport-Security" ":" OWS
// STS-d *( OWS ";" OWS STS-d OWS)
@@ -280,7 +280,7 @@ nsStrictTransportSecurityService::ProcessStsHeaderMutating(nsIURI* aSourceURI,
nsSecurityHeaderParser parser(aHeader);
nsresult rv = parser.Parse();
if (NS_FAILED(rv)) {
- STSLOG(("STS: could not parse header"));
+ SSSLOG(("SSS: could not parse header"));
return rv;
}
mozilla::LinkedList *directives = parser.GetDirectives();
@@ -291,45 +291,45 @@ nsStrictTransportSecurityService::ProcessStsHeaderMutating(nsIURI* aSourceURI,
directive->mName.EqualsIgnoreCase(max_age_var.get(),
max_age_var.Length())) {
if (foundMaxAge) {
- STSLOG(("STS: found two max-age directives"));
+ SSSLOG(("SSS: found two max-age directives"));
return NS_ERROR_FAILURE;
}
- STSLOG(("STS: found max-age directive"));
+ SSSLOG(("SSS: found max-age directive"));
foundMaxAge = true;
size_t len = directive->mValue.Length();
for (size_t i = 0; i < len; i++) {
char chr = directive->mValue.CharAt(i);
if (chr < '0' || chr > '9') {
- STSLOG(("STS: invalid value for max-age directive"));
+ SSSLOG(("SSS: invalid value for max-age directive"));
return NS_ERROR_FAILURE;
}
}
if (PR_sscanf(directive->mValue.get(), "%lld", &maxAge) != 1) {
- STSLOG(("STS: could not parse delta-seconds"));
+ SSSLOG(("SSS: could not parse delta-seconds"));
return NS_ERROR_FAILURE;
}
- STSLOG(("STS: parsed delta-seconds: %lld", maxAge));
+ SSSLOG(("SSS: parsed delta-seconds: %lld", maxAge));
} else if (directive->mName.Length() == include_subd_var.Length() &&
directive->mName.EqualsIgnoreCase(include_subd_var.get(),
include_subd_var.Length())) {
if (foundIncludeSubdomains) {
- STSLOG(("STS: found two includeSubdomains directives"));
+ SSSLOG(("SSS: found two includeSubdomains directives"));
return NS_ERROR_FAILURE;
}
- STSLOG(("STS: found includeSubdomains directive"));
+ SSSLOG(("SSS: found includeSubdomains directive"));
foundIncludeSubdomains = true;
if (directive->mValue.Length() != 0) {
- STSLOG(("STS: includeSubdomains directive unexpectedly had value '%s'", directive->mValue.get()));
+ SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'", directive->mValue.get()));
return NS_ERROR_FAILURE;
}
} else {
- STSLOG(("STS: ignoring unrecognized directive '%s'", directive->mName.get()));
+ SSSLOG(("SSS: ignoring unrecognized directive '%s'", directive->mName.get()));
foundUnrecognizedDirective = true;
}
}
@@ -337,7 +337,7 @@ nsStrictTransportSecurityService::ProcessStsHeaderMutating(nsIURI* aSourceURI,
// after processing all the directives, make sure we came across max-age
// somewhere.
if (!foundMaxAge) {
- STSLOG(("STS: did not encounter required max-age directive"));
+ SSSLOG(("SSS: did not encounter required max-age directive"));
return NS_ERROR_FAILURE;
}
@@ -358,7 +358,7 @@ nsStrictTransportSecurityService::ProcessStsHeaderMutating(nsIURI* aSourceURI,
}
NS_IMETHODIMP
-nsStrictTransportSecurityService::IsStsHost(const char* aHost, uint32_t aFlags, bool* aResult)
+nsSiteSecurityService::IsStsHost(const char* aHost, uint32_t aFlags, bool* aResult)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
@@ -383,7 +383,7 @@ int STSPreloadCompare(const void *key, const void *entry)
// Only does exact host matching - the user must decide how to use the returned
// data. May return null.
const nsSTSPreload *
-nsStrictTransportSecurityService::GetPreloadListEntry(const char *aHost)
+nsSiteSecurityService::GetPreloadListEntry(const char *aHost)
{
PRTime currentTime = PR_Now();
int32_t timeOffset = 0;
@@ -405,7 +405,7 @@ nsStrictTransportSecurityService::GetPreloadListEntry(const char *aHost)
}
NS_IMETHODIMP
-nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool* aResult)
+nsSiteSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool* aResult)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
@@ -419,7 +419,7 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
NS_ENSURE_SUCCESS(rv, rv);
const nsSTSPreload *preload = nullptr;
- nsSTSHostEntry *pbEntry = nullptr;
+ nsSSSHostEntry *pbEntry = nullptr;
bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
if (isPrivate) {
@@ -443,7 +443,7 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
// on the host, because the knockout entry indicates "we have no information
// regarding the sts status of this host".
if (pbEntry && pbEntry->mStsPermission != STS_UNSET) {
- STSLOG(("Found private browsing table entry for %s", host.get()));
+ SSSLOG(("Found private browsing table entry for %s", host.get()));
if (!pbEntry->IsExpired() && pbEntry->mStsPermission == STS_SET) {
*aResult = true;
return NS_OK;
@@ -452,7 +452,7 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
// Next we look in the permission manager. Same story here regarding
// knockout entries.
else if (permMgrPermission != STS_UNSET) {
- STSLOG(("Found permission manager entry for %s", host.get()));
+ SSSLOG(("Found permission manager entry for %s", host.get()));
if (permMgrPermission == STS_SET) {
*aResult = true;
return NS_OK;
@@ -461,7 +461,7 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
// Finally look in the preloaded list. This is the exact host,
// so if an entry exists at all, this host is sts.
else if (GetPreloadListEntry(host.get())) {
- STSLOG(("%s is a preloaded STS host", host.get()));
+ SSSLOG(("%s is a preloaded STS host", host.get()));
*aResult = true;
return NS_OK;
}
@@ -471,7 +471,7 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
nsCOMPtr domainWalkPrincipal;
const char *subdomain;
- STSLOG(("no HSTS data for %s found, walking up domain", host.get()));
+ SSSLOG(("no HSTS data for %s found, walking up domain", host.get()));
uint32_t offset = 0;
for (offset = host.FindChar('.', offset) + 1;
offset > 0;
@@ -508,14 +508,14 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
// knockout entry - and again, if it is a knockout entry, we stop looking
// for data on it and skip to the next higher up ancestor domain).
if (pbEntry && pbEntry->mStsPermission != STS_UNSET) {
- STSLOG(("Found private browsing table entry for %s", subdomain));
+ SSSLOG(("Found private browsing table entry for %s", subdomain));
if (!pbEntry->IsExpired() && pbEntry->mStsPermission == STS_SET) {
*aResult = pbEntry->mIncludeSubdomains;
break;
}
}
else if (permMgrPermission != STS_UNSET) {
- STSLOG(("Found permission manager entry for %s", subdomain));
+ SSSLOG(("Found permission manager entry for %s", subdomain));
if (permMgrPermission == STS_SET) {
uint32_t subdomainPermission;
rv = mPermMgr->TestExactPermissionFromPrincipal(domainWalkPrincipal,
@@ -530,13 +530,13 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
// preloaded entry includes subdomains.
else if ((preload = GetPreloadListEntry(subdomain)) != nullptr) {
if (preload->mIncludeSubdomains) {
- STSLOG(("%s is a preloaded STS host", subdomain));
+ SSSLOG(("%s is a preloaded STS host", subdomain));
*aResult = true;
break;
}
}
- STSLOG(("no HSTS data for %s found, walking up domain", subdomain));
+ SSSLOG(("no HSTS data for %s found, walking up domain", subdomain));
}
// Use whatever we ended up with, which defaults to false.
@@ -546,8 +546,8 @@ nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, uint32_t aFlags, bool*
// Verify the trustworthiness of the security info (are there any cert errors?)
NS_IMETHODIMP
-nsStrictTransportSecurityService::ShouldIgnoreStsHeader(nsISupports* aSecurityInfo,
- bool* aResult)
+nsSiteSecurityService::ShouldIgnoreStsHeader(nsISupports* aSecurityInfo,
+ bool* aResult)
{
nsresult rv;
bool tlsIsBroken = false;
@@ -577,13 +577,13 @@ nsStrictTransportSecurityService::ShouldIgnoreStsHeader(nsISupports* aSecurityIn
}
//------------------------------------------------------------
-// nsStrictTransportSecurityService::nsIObserver
+// nsSiteSecurityService::nsIObserver
//------------------------------------------------------------
NS_IMETHODIMP
-nsStrictTransportSecurityService::Observe(nsISupports *subject,
- const char *topic,
- const PRUnichar *data)
+nsSiteSecurityService::Observe(nsISupports *subject,
+ const char *topic,
+ const PRUnichar *data)
{
if (strcmp(topic, "last-pb-context-exited") == 0) {
mPrivateModeHostTable.Clear();
@@ -600,12 +600,12 @@ nsStrictTransportSecurityService::Observe(nsISupports *subject,
// we're in private browsing mode.
//------------------------------------------------------------
nsresult
-nsStrictTransportSecurityService::AddPermission(nsIURI *aURI,
- const char *aType,
- uint32_t aPermission,
- uint32_t aExpireType,
- int64_t aExpireTime,
- bool aIsPrivate)
+nsSiteSecurityService::AddPermission(nsIURI *aURI,
+ const char *aType,
+ uint32_t aPermission,
+ uint32_t aExpireType,
+ int64_t aExpireTime,
+ bool aIsPrivate)
{
// Private mode doesn't address user-set (EXPIRE_NEVER) permissions: let
// those be stored persistently.
@@ -622,7 +622,7 @@ nsStrictTransportSecurityService::AddPermission(nsIURI *aURI,
nsAutoCString host;
nsresult rv = GetHost(aURI, host);
NS_ENSURE_SUCCESS(rv, rv);
- STSLOG(("AddPermission for entry for %s", host.get()));
+ SSSLOG(("AddPermission for entry for %s", host.get()));
// Update in mPrivateModeHostTable only, so any changes will be rolled
// back when exiting private mode.
@@ -636,17 +636,17 @@ nsStrictTransportSecurityService::AddPermission(nsIURI *aURI,
// PutEntry returns an existing entry if there already is one, or it
// creates a new one if there isn't.
- nsSTSHostEntry* entry = mPrivateModeHostTable.PutEntry(host.get());
+ nsSSSHostEntry* entry = mPrivateModeHostTable.PutEntry(host.get());
if (!entry) {
return NS_ERROR_OUT_OF_MEMORY;
}
- STSLOG(("Created private mode entry for %s", host.get()));
+ SSSLOG(("Created private mode entry for %s", host.get()));
// AddPermission() will be called twice if the STS header encountered has
// includeSubdomains (first for the main permission and second for the
// subdomains permission). If AddPermission() gets called a second time
// with the STS_SUBDOMAIN_PERMISSION, we just have to flip that bit in
- // the nsSTSHostEntry.
+ // the nsSSSHostEntry.
if (strcmp(aType, STS_SUBDOMAIN_PERMISSION) == 0) {
entry->mIncludeSubdomains = true;
}
@@ -660,9 +660,9 @@ nsStrictTransportSecurityService::AddPermission(nsIURI *aURI,
}
nsresult
-nsStrictTransportSecurityService::RemovePermission(const nsCString &aHost,
- const char *aType,
- bool aIsPrivate)
+nsSiteSecurityService::RemovePermission(const nsCString &aHost,
+ const char *aType,
+ bool aIsPrivate)
{
// Build up a principal for use with the permission manager.
// normalize all URIs with https://
@@ -686,14 +686,14 @@ nsStrictTransportSecurityService::RemovePermission(const nsCString &aHost,
// Make changes in mPrivateModeHostTable only, so any changes will be
// rolled back when exiting private mode.
- nsSTSHostEntry* entry = mPrivateModeHostTable.GetEntry(aHost.get());
+ nsSSSHostEntry* entry = mPrivateModeHostTable.GetEntry(aHost.get());
if (!entry) {
entry = mPrivateModeHostTable.PutEntry(aHost.get());
if (!entry) {
return NS_ERROR_OUT_OF_MEMORY;
}
- STSLOG(("Created private mode deleted mask for %s", aHost.get()));
+ SSSLOG(("Created private mode deleted mask for %s", aHost.get()));
}
if (strcmp(aType, STS_PERMISSION) == 0) {
diff --git a/security/manager/boot/src/nsStrictTransportSecurityService.h b/security/manager/boot/src/nsSiteSecurityService.h
similarity index 83%
rename from security/manager/boot/src/nsStrictTransportSecurityService.h
rename to security/manager/boot/src/nsSiteSecurityService.h
index d7c3dadf69a8e..81c4b5217f4a7 100644
--- a/security/manager/boot/src/nsStrictTransportSecurityService.h
+++ b/security/manager/boot/src/nsSiteSecurityService.h
@@ -6,10 +6,10 @@
* This wraps nsSimpleURI so that all calls to it are done on the main thread.
*/
-#ifndef __nsStrictTransportSecurityService_h__
-#define __nsStrictTransportSecurityService_h__
+#ifndef __nsSiteSecurityService_h__
+#define __nsSiteSecurityService_h__
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
#include "nsIObserver.h"
#include "nsIObserverService.h"
#include "nsIPermissionManager.h"
@@ -20,16 +20,16 @@
#include "prtime.h"
// {16955eee-6c48-4152-9309-c42a465138a1}
-#define NS_STRICT_TRANSPORT_SECURITY_CID \
+#define NS_SITE_SECURITY_SERVICE_CID \
{0x16955eee, 0x6c48, 0x4152, \
{0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
////////////////////////////////////////////////////////////////////////////////
-// nsSTSHostEntry - similar to the nsHostEntry class in
+// nsSSSHostEntry - similar to the nsHostEntry class in
// nsPermissionManager.cpp, but specific to private-mode caching of STS
// permissions.
//
-// Each nsSTSHostEntry contains:
+// Each nsSSSHostEntry contains:
// - Expiry time (PRTime, milliseconds)
// - Expired flag (bool, default false)
// - STS permission (uint32_t, default STS_UNSET)
@@ -37,7 +37,7 @@
//
// Note: the subdomains flag has no meaning if the STS permission is STS_UNSET.
//
-// The existence of the nsSTSHostEntry implies STS state is set for the given
+// The existence of the nsSSSHostEntry implies STS state is set for the given
// host -- unless the expired flag is set, in which case not only is the STS
// state not set for the host, but any permission actually present in the
// permission manager should be ignored.
@@ -45,7 +45,7 @@
// Note: Only one expiry time is stored since the subdomains and STS
// permissions are both encountered at the same time in the HTTP header; if the
// includeSubdomains directive isn't present in the header, it means to delete
-// the permission, so the subdomains flag in the nsSTSHostEntry means both that
+// the permission, so the subdomains flag in the nsSSSHostEntry means both that
// the permission doesn't exist and any permission in the real permission
// manager should be ignored since newer information about it has been
// encountered in private browsing mode.
@@ -55,11 +55,11 @@
// encountered. Furthermore, any user-set permissions are stored persistently
// and can't be shadowed.
-class nsSTSHostEntry : public PLDHashEntryHdr
+class nsSSSHostEntry : public PLDHashEntryHdr
{
public:
- explicit nsSTSHostEntry(const char* aHost);
- explicit nsSTSHostEntry(const nsSTSHostEntry& toCopy);
+ explicit nsSSSHostEntry(const char* aHost);
+ explicit nsSSSHostEntry(const nsSSSHostEntry& toCopy);
nsCString mHost;
PRTime mExpireTime;
@@ -121,17 +121,17 @@ class nsSTSHostEntry : public PLDHashEntryHdr
class nsSTSPreload;
-class nsStrictTransportSecurityService : public nsIStrictTransportSecurityService
- , public nsIObserver
+class nsSiteSecurityService : public nsISiteSecurityService
+ , public nsIObserver
{
public:
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSIOBSERVER
- NS_DECL_NSISTRICTTRANSPORTSECURITYSERVICE
+ NS_DECL_NSISITESECURITYSERVICE
- nsStrictTransportSecurityService();
+ nsSiteSecurityService();
nsresult Init();
- virtual ~nsStrictTransportSecurityService();
+ virtual ~nsSiteSecurityService();
private:
nsresult GetHost(nsIURI *aURI, nsACString &aResult);
@@ -156,8 +156,8 @@ class nsStrictTransportSecurityService : public nsIStrictTransportSecurityServic
nsCOMPtr mPermMgr;
nsCOMPtr mObserverService;
- nsTHashtable mPrivateModeHostTable;
+ nsTHashtable mPrivateModeHostTable;
bool mUsePreloadList;
};
-#endif // __nsStrictTransportSecurityService_h__
+#endif // __nsSiteSecurityService_h__
diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp
index 56995d213ff0a..234893de965a3 100644
--- a/security/manager/ssl/src/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/src/SSLServerCertVerification.cpp
@@ -98,7 +98,7 @@
#include "CertVerifier.h"
#include "nsIBadCertListener2.h"
#include "nsICertOverrideService.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
#include "nsNSSComponent.h"
#include "nsNSSCleaner.h"
#include "nsRecentBadCerts.h"
@@ -315,14 +315,14 @@ CertErrorRunnable::CheckCertOverrides()
// connections must be dropped when there are any certificate errors
// (STS Spec section 7.3).
bool strictTransportSecurityEnabled = false;
- nsCOMPtr stss
- = do_GetService(NS_STSSERVICE_CONTRACTID, &nsrv);
+ nsCOMPtr sss
+ = do_GetService(NS_SSSERVICE_CONTRACTID, &nsrv);
if (NS_SUCCEEDED(nsrv)) {
nsCOMPtr sslSocketControl = do_QueryInterface(
NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, mInfoObject));
- nsrv = stss->IsStsHost(mInfoObject->GetHostName(),
- mProviderFlags,
- &strictTransportSecurityEnabled);
+ nsrv = sss->IsStsHost(mInfoObject->GetHostName(),
+ mProviderFlags,
+ &strictTransportSecurityEnabled);
}
if (NS_FAILED(nsrv)) {
return new SSLServerCertVerificationResult(mInfoObject,
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
index 617fb9a94ba67..d9f812a4afe1a 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
@@ -10,8 +10,8 @@ function test() {
let windowsToClose = [];
let testURI = "about:blank";
let uri;
- let gSTSService = Cc["@mozilla.org/stsservice;1"].
- getService(Ci.nsIStrictTransportSecurityService);
+ let gSSService = Cc["@mozilla.org/ssservice;1"].
+ getService(Ci.nsISiteSecurityService);
function privacyFlags(aIsPrivateMode) {
return aIsPrivateMode ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
@@ -22,8 +22,8 @@ function test() {
aWindow.gBrowser.selectedBrowser.removeEventListener("load", onLoad, true);
uri = aWindow.Services.io.newURI("https://localhost/img.png", null, null);
- gSTSService.processStsHeader(uri, "max-age=1000", privacyFlags(aIsPrivateMode));
- ok(gSTSService.isStsHost("localhost", privacyFlags(aIsPrivateMode)), "checking sts host");
+ gSSService.processStsHeader(uri, "max-age=1000", privacyFlags(aIsPrivateMode));
+ ok(gSSService.isStsHost("localhost", privacyFlags(aIsPrivateMode)), "checking sts host");
aCallback();
}, true);
@@ -47,7 +47,7 @@ function test() {
aWin.close();
});
uri = Services.io.newURI("http://localhost", null, null);
- gSTSService.removeStsState(uri, privacyFlags(true));
+ gSSService.removeStsState(uri, privacyFlags(true));
});
// test first when on private mode
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
index d2468c8d66a5e..f702541a46d4f 100644
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -53,8 +53,8 @@
var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
var thehost = ios.newURI("http://example.com", null, null);
- var stss = Cc["@mozilla.org/stsservice;1"].getService(Ci.nsIStrictTransportSecurityService);
- stss.removeStsState(thehost, 0);
+ var sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
+ sss.removeStsState(thehost, 0);
}
function loadVerifyFrames(round) {
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
index 2a847eeae0de5..7e97fc7c2629b 100644
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
@@ -187,20 +187,20 @@
var ios =
Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
var thehost = ios.newURI("http://example.com", null, null);
- var stss =
- Cc["@mozilla.org/stsservice;1"].
- getService(Ci.nsIStrictTransportSecurityService);
+ var sss =
+ Cc["@mozilla.org/ssservice;1"].
+ getService(Ci.nsISiteSecurityService);
var flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0
- stss.removeStsState(thehost, flags);
+ sss.removeStsState(thehost, flags);
dump_STSState(isPrivate);
}
function dump_STSState(isPrivate) {
- var stss =
- Cc["@mozilla.org/stsservice;1"].
- getService(Ci.nsIStrictTransportSecurityService);
+ var sss =
+ Cc["@mozilla.org/ssservice;1"].
+ getService(Ci.nsISiteSecurityService);
var flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0
- SimpleTest.info("State of example.com: " + stss.isStsHost("example.com", flags));
+ SimpleTest.info("State of example.com: " + sss.isStsHost("example.com", flags));
}
// These are executed in the order presented.
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
index b1934814d7aff..2c72d8aa9858d 100644
--- a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -4,8 +4,8 @@
// invested in HSTS. Additionally, www.torproject.org was deemed likely to
// continue to use HSTS.
-var gSTSService = Cc["@mozilla.org/stsservice;1"]
- .getService(Ci.nsIStrictTransportSecurityService);
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+ .getService(Ci.nsISiteSecurityService);
function Observer() {}
Observer.prototype = {
@@ -17,7 +17,7 @@ Observer.prototype = {
var gObserver = new Observer();
-// nsIStrictTransportSecurityService.removeStsState removes a given domain's
+// nsISiteSecurityService.removeStsState removes a given domain's
// HSTS status. This means that a domain on the preload list will be
// considered not HSTS if this is called. So, to reset everything to its
// original state, we have to reach into the permission manager and clear
@@ -54,52 +54,52 @@ function run_test() {
function test_part1() {
// check that a host not in the list is not identified as an sts host
- do_check_false(gSTSService.isStsHost("nonexistent.mozilla.com", 0));
+ do_check_false(gSSService.isStsHost("nonexistent.mozilla.com", 0));
// check that an ancestor domain is not identified as an sts host
- do_check_false(gSTSService.isStsHost("com", 0));
+ do_check_false(gSSService.isStsHost("com", 0));
// check that the pref to toggle using the preload list works
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
- do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_false(gSSService.isStsHost("bugzilla.mozilla.org", 0));
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
- do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("bugzilla.mozilla.org", 0));
// check that a subdomain is an sts host (includeSubdomains is set)
- do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
// check that another subdomain is an sts host (includeSubdomains is set)
- do_check_true(gSTSService.isStsHost("a.b.c.def.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("a.b.c.def.bugzilla.mozilla.org", 0));
// check that a subdomain is not an sts host (includeSubdomains is not set)
- do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0));
+ do_check_false(gSSService.isStsHost("subdomain.www.torproject.org", 0));
// check that a host with a dot on the end won't break anything
- do_check_false(gSTSService.isStsHost("notsts.nonexistent.mozilla.com.", 0));
+ do_check_false(gSSService.isStsHost("notsts.nonexistent.mozilla.com.", 0));
// check that processing a header with max-age: 0 will remove a preloaded
// site from the list
var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
- gSTSService.processStsHeader(uri, "max-age=0", 0);
- do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
- do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
+ gSSService.processStsHeader(uri, "max-age=0", 0);
+ do_check_false(gSSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_false(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
// check that processing another header (with max-age non-zero) will
// re-enable a site's sts status
- gSTSService.processStsHeader(uri, "max-age=1000", 0);
- do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
+ gSSService.processStsHeader(uri, "max-age=1000", 0);
+ do_check_true(gSSService.isStsHost("bugzilla.mozilla.org", 0));
// but this time include subdomains was not set, so test for that
- do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
+ do_check_false(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
clearStsState();
// check that processing a header with max-age: 0 from a subdomain of a site
// will not remove that (ancestor) site from the list
var uri = Services.io.newURI("http://subdomain.www.torproject.org", null, null);
- gSTSService.processStsHeader(uri, "max-age=0", 0);
- do_check_true(gSTSService.isStsHost("www.torproject.org", 0));
- do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0));
+ gSSService.processStsHeader(uri, "max-age=0", 0);
+ do_check_true(gSSService.isStsHost("www.torproject.org", 0));
+ do_check_false(gSSService.isStsHost("subdomain.www.torproject.org", 0));
var uri = Services.io.newURI("http://subdomain.bugzilla.mozilla.org", null, null);
- gSTSService.processStsHeader(uri, "max-age=0", 0);
+ gSSService.processStsHeader(uri, "max-age=0", 0);
// we received a header with "max-age=0", so we have "no information"
// regarding the sts state of subdomain.bugzilla.mozilla.org specifically,
// but it is actually still an STS host, because of the preloaded
@@ -109,20 +109,20 @@ function test_part1() {
// |-- subdomain.bugzilla.mozilla.org IS sts host
// | `-- another.subdomain.bugzilla.mozilla.org IS sts host
// `-- sibling.bugzilla.mozilla.org IS sts host
- do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
- do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
- do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
- do_check_true(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
- gSTSService.processStsHeader(uri, "max-age=1000", 0);
+ gSSService.processStsHeader(uri, "max-age=1000", 0);
// Here's what we have now:
// |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host
// |-- subdomain.bugzilla.mozilla.org (include subdomains is false) IS sts host
// | `-- another.subdomain.bugzilla.mozilla.org IS NOT sts host
// `-- sibling.bugzilla.mozilla.org IS sts host
- do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
- do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
- do_check_false(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
+ do_check_false(gSSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
// Simulate leaving private browsing mode
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
@@ -133,24 +133,24 @@ const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
function test_private_browsing1() {
clearStsState();
// sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set
- do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
- do_check_true(gSTSService.isStsHost("a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+ do_check_true(gSSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
+ do_check_true(gSSService.isStsHost("a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
- gSTSService.processStsHeader(uri, "max-age=0", IS_PRIVATE);
- do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
- do_check_false(gSTSService.isStsHost("a.b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+ gSSService.processStsHeader(uri, "max-age=0", IS_PRIVATE);
+ do_check_false(gSSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
+ do_check_false(gSSService.isStsHost("a.b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
// check adding it back in
- gSTSService.processStsHeader(uri, "max-age=1000", IS_PRIVATE);
- do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
+ gSSService.processStsHeader(uri, "max-age=1000", IS_PRIVATE);
+ do_check_true(gSSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
// but no includeSubdomains this time
- do_check_false(gSTSService.isStsHost("b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+ do_check_false(gSSService.isStsHost("b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
// do the hokey-pokey...
- gSTSService.processStsHeader(uri, "max-age=0", IS_PRIVATE);
- do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
- do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+ gSSService.processStsHeader(uri, "max-age=0", IS_PRIVATE);
+ do_check_false(gSSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
+ do_check_false(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", IS_PRIVATE));
// TODO unfortunately we don't have a good way to know when an entry
// has expired in the permission manager, so we can't yet extend this test
@@ -161,11 +161,11 @@ function test_private_browsing1() {
// a site on the preload list, and that header later expires. We need to
// then treat that host as no longer an sts host.)
// (sanity check first - this should be in the preload list)
- do_check_true(gSTSService.isStsHost("login.persona.org", IS_PRIVATE));
+ do_check_true(gSSService.isStsHost("login.persona.org", IS_PRIVATE));
var uri = Services.io.newURI("http://login.persona.org", null, null);
- gSTSService.processStsHeader(uri, "max-age=1", IS_PRIVATE);
+ gSSService.processStsHeader(uri, "max-age=1", IS_PRIVATE);
do_timeout(1250, function() {
- do_check_false(gSTSService.isStsHost("login.persona.org", IS_PRIVATE));
+ do_check_false(gSSService.isStsHost("login.persona.org", IS_PRIVATE));
// Simulate leaving private browsing mode
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
});
@@ -173,13 +173,13 @@ function test_private_browsing1() {
function test_private_browsing2() {
// if this test gets this far, it means there's a private browsing service
- do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("bugzilla.mozilla.org", 0));
// the bugzilla.mozilla.org entry has includeSubdomains set
- do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
+ do_check_true(gSSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
// Now that we're out of private browsing mode, we need to make sure
// we've "forgotten" that we "forgot" this site's sts status.
- do_check_true(gSTSService.isStsHost("login.persona.org", 0));
+ do_check_true(gSSService.isStsHost("login.persona.org", 0));
run_next_test();
}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
index 1c41087de274a..a58ef41b6811a 100644
--- a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
@@ -2,20 +2,20 @@
// on the preload list for a long time.
function run_test() {
- let STSService = Cc["@mozilla.org/stsservice;1"]
- .getService(Ci.nsIStrictTransportSecurityService);
+ let SSService = Cc["@mozilla.org/ssservice;1"]
+ .getService(Ci.nsISiteSecurityService);
// check that a host on the preload list is identified as an sts host
- do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_true(SSService.isStsHost("bugzilla.mozilla.org", 0));
// now simulate that it's 19 weeks later than it actually is
let offsetSeconds = 19 * 7 * 24 * 60 * 60;
Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
// check that the preloaded host is no longer considered sts
- do_check_false(STSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_false(SSService.isStsHost("bugzilla.mozilla.org", 0));
// just make sure we can get everything back to normal
Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
- do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0));
+ do_check_true(SSService.isStsHost("bugzilla.mozilla.org", 0));
}
diff --git a/security/manager/tools/getHSTSPreloadList.js b/security/manager/tools/getHSTSPreloadList.js
index 98abeb4d10396..31d67ad29f3f9 100644
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -47,7 +47,7 @@ const HEADER = "/* This Source Code Form is subject to the terms of the Mozilla
"\n" +
"/*****************************************************************************/\n" +
"/* This is an automatically generated file. If you're not */\n" +
-"/* nsStrictTransportSecurityService.cpp, you shouldn't be #including it. */\n" +
+"/* nsSiteSecurityService.cpp, you shouldn't be #including it. */\n" +
"/*****************************************************************************/\n" +
"\n" +
"#include \n";
@@ -110,8 +110,8 @@ function getHosts(rawdata) {
return hosts;
}
-var gSTSService = Cc["@mozilla.org/stsservice;1"]
- .getService(Ci.nsIStrictTransportSecurityService);
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+ .getService(Ci.nsISiteSecurityService);
function processStsHeader(host, header, status) {
var maxAge = { value: 0 };
@@ -120,7 +120,7 @@ function processStsHeader(host, header, status) {
if (header != null) {
try {
var uri = Services.io.newURI("https://" + host.name, null, null);
- gSTSService.processStsHeader(uri, header, 0, maxAge, includeSubdomains);
+ gSSService.processStsHeader(uri, header, 0, maxAge, includeSubdomains);
}
catch (e) {
dump("ERROR: could not process header '" + header + "' from " +