mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Re-land patch for bug 83536, merging principal objects. 

Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
This commit is contained in:
caillon%returnzero.com 2003-10-21 22:11:49 +00:00
Родитель 95401a7d95
Коммит 66caced69a
72 изменённых файлов: 1081 добавлений и 3101 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
caps/idl/Makefile.in
Просмотреть файл

@ -32,9 +32,6 @@ GRE_MODULE = 1
XPIDLSRCS = \
nsIScriptSecurityManager.idl \
nsIPrincipal.idl \
nsICodebasePrincipal.idl \
nsICertificatePrincipal.idl \
nsIAggregatePrincipal.idl \
nsISignatureVerifier.idl \
nsISecurityCheckedComponent.idl \
$(NULL)

60
caps/idl/nsIAggregatePrincipal.idl
Просмотреть файл

@ -1,60 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitch Stoltz <mstoltz@netscape.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Defines an interface for aggregate principals. */
%{C++
#define NS_AGGREGATEPRINCIPAL_CONTRACTID "@mozilla.org/aggregateprincipal;1"
#define NS_AGGREGATEPRINCIPAL_CLASSNAME "aggregateprincipal"
%}
#include "nsIPrincipal.idl"
[uuid(1c30a682-1dd2-11b2-ba9b-86a86f300cbc)]
interface nsIAggregatePrincipal : nsISupports {
attribute nsIPrincipal certificate;
attribute nsIPrincipal codebase;
attribute boolean domainChanged;
readonly attribute nsIPrincipal originalCodebase;
readonly attribute nsIPrincipal primaryChild;
void intersect(in nsIPrincipal other);
attribute voidPtr cachedSecurityPolicy;
};

53
caps/idl/nsICertificatePrincipal.idl
Просмотреть файл

@ -1,53 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitchell Stoltz <mstoltz@netscape.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Defines an interface for certificate principals. */
#include "nsIPrincipal.idl"
#include "nsIZipReader.idl"
%{C++
#define NS_CERTIFICATEPRINCIPAL_CONTRACTID "@mozilla.org/certificateprincipal;1"
#define NS_CERTIFICATEPRINCIPAL_CLASSNAME "certificateprincipal"
%}
[uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
interface nsICertificatePrincipal : nsISupports {
readonly attribute string certificateID;
attribute string commonName;
};

56
caps/idl/nsICodebasePrincipal.idl
Просмотреть файл

@ -1,56 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Defines an interface for codebase principals. */
#include "nsIPrincipal.idl"
interface nsIURI;
%{C++
#define NS_CODEBASEPRINCIPAL_CONTRACTID "@mozilla.org/codebaseprincipal;1"
#define NS_CODEBASEPRINCIPAL_CLASSNAME "codebaseprincipal"
%}
[uuid(829fe440-25e1-11d2-8160-006008119d7a)]
interface nsICodebasePrincipal : nsISupports {
readonly attribute nsIURI URI;
readonly attribute string origin;
readonly attribute string spec;
};

109
caps/idl/nsIPrincipal.idl
Просмотреть файл

@ -14,12 +14,14 @@
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* Portions created by the Initial Developer are Copyright (C) 1999-2003
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitchell Stoltz <mstoltz@netscape.com>
* Christopher A. Aillon <christopher@aillon.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
@ -44,41 +46,108 @@
struct JSPrincipals;
%}
interface nsIURI;
[ptr] native JSPrincipals(JSPrincipals);
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
interface nsIPrincipal : nsISerializable
{
// Values of capabilities for each principal. Order is
// significant: if an operation is performed on a set
// of capabilities, the minimum is computed.
/**
* Values of capabilities for each principal. Order is
* significant: if an operation is performed on a set
* of capabilities, the minimum is computed.
*/
const short ENABLE_DENIED = 1;
const short ENABLE_UNKNOWN = 2;
const short ENABLE_WITH_USER_PERMISSION = 3;
const short ENABLE_GRANTED = 4;
string ToString();
string ToUserVisibleString();
void GetPreferences(out string prefName, out string id,
/**
* Returns the security preferences associated with this principal.
* prefBranch will be set to the pref branch to which these preferences
* pertain. id is a pseudo-unique identifier, pertaining to either the
* certificateID or the origin. grantedList and deniedList are
* space-separated lists of capabilities which were explicitly granted
* or denied by a pref.
*/
void getPreferences(out string prefBranch, out string id,
out string grantedList, out string deniedList);
boolean Equals(in nsIPrincipal other);
/**
* Returns whether the other principal is equivalent to this principal.
* Principals are considered equal if they are the same principal,
* they have the same origin, or have the same certificate ID
*/
boolean equals(in nsIPrincipal other);
unsigned long HashValue();
/**
* Returns a hash value for the principal.
*/
readonly attribute unsigned long hashValue;
JSPrincipals GetJSPrincipals();
/**
* Returns the JS equivalent of the principal.
* @see JSPrincipals.h
*/
readonly attribute JSPrincipals jsPrincipals;
short CanEnableCapability(in string capability);
/**
* The domain security policy of the principal.
*/
// XXXcaa should this be here? The script security manager is the only
// thing that should care about this. Wouldn't storing this data in one
// of the hashtables in nsScriptSecurityManager be better?
attribute voidPtr securityPolicy;
void SetCanEnableCapability(in string capability, in short canEnable);
// XXXcaa probably should be turned into {get|set}CapabilityFlags
short canEnableCapability(in string capability);
void setCanEnableCapability(in string capability, in short canEnable);
boolean isCapabilityEnabled(in string capability, in voidPtr annotation);
void enableCapability(in string capability, inout voidPtr annotation);
void revertCapability(in string capability, inout voidPtr annotation);
void disableCapability(in string capability, inout voidPtr annotation);
boolean IsCapabilityEnabled(in string capability, in voidPtr annotation);
void EnableCapability(in string capability, inout voidPtr annotation);
/**
* The codebase URI to which this principal pertains. This is
* generally the document URI.
*/
readonly attribute nsIURI URI;
void RevertCapability(in string capability, inout voidPtr annotation);
/**
* The domain URI to which this principal pertains.
* This is congruent with HTMLDocument.domain, and may be null.
* Setting this has no effect on the URI.
*/
attribute nsIURI domain;
void DisableCapability(in string capability, inout voidPtr annotation);
/**
* The origin of this principal's domain, if non-null, or its
* codebase URI otherwise. An origin is defined as:
* scheme + host + port.
*/
// XXXcaa this should probably be turned into an nsIURI.
// The system principal's origin should be some caps namespace
// with a chrome URI. All of chrome should probably be the same.
readonly attribute string origin;
/**
* Whether this principal is associated with a certificate.
*/
readonly attribute boolean hasCertificate;
/**
* The fingerprint ID of this principal's certificate.
* Throws if there is no certificate associated with this principal.
*/
// XXXcaa kaie says this may not be unique. We should probably
// consider using something else for this....
readonly attribute string certificateID;
/**
* The common name for the certificate.
* This pertains to the certificate authority organization.
* Throws if there is no certificate associated with this principal.
*/
attribute string commonName;
};

19
caps/idl/nsIScriptSecurityManager.idl
Просмотреть файл

@ -134,23 +134,22 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
* executing script. Will return null if there is no script
* currently executing.
*/
nsIPrincipal getSubjectPrincipal();
[noscript] nsIPrincipal getSubjectPrincipal();
/**
* Return the all-powerful system principal.
*/
nsIPrincipal getSystemPrincipal();
[noscript] nsIPrincipal getSystemPrincipal();
/**
* Return a principal that can be QI'd to nsICertificatePrincipal.
* Return a principal with the specified certificate ID and codebase URI.
*/
nsIPrincipal getCertificatePrincipal(in string CertID);
[noscript] nsIPrincipal getCertificatePrincipal(in string CertID, in nsIURI aURI);
/**
* Return a principal that can be QI'd to nsICodebasePrincipal and
* has the same origin as aURI.
* Return a principal that has the same origin as aURI.
*/
nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
[noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
///////////////// Capabilities API /////////////////////
/**
@ -159,13 +158,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
* necessary. Returns nsIPrincipal::ENABLE_GRANTED or
* nsIPrincipal::ENABLE_DENIED based on user's choice.
*/
void requestCapability(in nsIPrincipal principal, in string capability,
out short result);
[noscript] short requestCapability(in nsIPrincipal principal,
in string capability);
/**
* Return true if the currently executing script has 'capability' enabled.
*/
boolean IsCapabilityEnabled(in string capability);
boolean isCapabilityEnabled(in string capability);
/**
* Enable 'capability' in the innermost frame of the currently executing

10
caps/include/Makefile.in
Просмотреть файл

@ -29,14 +29,8 @@ include $(DEPTH)/config/autoconf.mk
MODULE = caps
EXPORTS = \
nsBasePrincipal.h \
nsSystemPrincipal.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsAggregatePrincipal.h \
nsJSPrincipals.h \
nsScriptSecurityManager.h \
$(NULL)
nsJSPrincipals.h \
$(NULL)
include $(topsrcdir)/config/rules.mk

116
caps/include/nsAggregatePrincipal.h
Просмотреть файл

@ -1,116 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* describes aggregate principals which combine the
behavior of one or more other principals */
#ifndef _NS_AGGREGATE_PRINCIPAL_H_
#define _NS_AGGREGATE_PRINCIPAL_H_
#include "nsIAggregatePrincipal.h"
#include "nsICertificatePrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsBasePrincipal.h"
#include "nsCOMPtr.h"
#define NS_AGGREGATEPRINCIPAL_CID \
{ 0x867cf414, 0x1dd2, 0x11b2, \
{ 0x82, 0x66, 0xca, 0x64, 0x3b, 0xbc, 0x35, 0x64 }}
/* 867cf414-1dd2-11b2-8266-ca643bbc3564 */
class nsAggregatePrincipal : public nsIAggregatePrincipal,
public nsICertificatePrincipal,
public nsICodebasePrincipal,
public nsBasePrincipal
{
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_AGGREGATEPRINCIPAL_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISERIALIZABLE
NS_DECL_NSIAGGREGATEPRINCIPAL
NS_DECL_NSICERTIFICATEPRINCIPAL
NS_DECL_NSICODEBASEPRINCIPAL
NS_IMETHOD
ToString(char **result);
NS_IMETHOD
ToUserVisibleString(char **result);
NS_IMETHOD
Equals(nsIPrincipal *other, PRBool *result);
NS_IMETHOD
HashValue(PRUint32 *result);
NS_IMETHOD
CanEnableCapability(const char *capability, PRInt16 *result);
NS_IMETHOD
SetCanEnableCapability(const char *capability, PRInt16 canEnable);
NS_IMETHOD
IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result);
NS_IMETHOD
EnableCapability(const char *capability, void **annotation);
NS_IMETHOD
RevertCapability(const char *capability, void **annotation);
NS_IMETHOD
DisableCapability(const char *capability, void **annotation);
NS_IMETHOD
GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList);
nsAggregatePrincipal();
virtual ~nsAggregatePrincipal(void);
protected:
nsCOMPtr<nsIPrincipal> mCertificate;
nsCOMPtr<nsIPrincipal> mCodebase;
nsCOMPtr<nsIPrincipal> mOriginalCodebase;
void* mCachedSecurityPolicy;
PRPackedBool mDomainChanged;
};
#endif // _NS_AGGREGATE_PRINCIPAL_H_

122
caps/include/nsBasePrincipal.h
Просмотреть файл

@ -1,122 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999-2000 Netscape Communications Corporation. All Rights
* Reserved.
*
* Contributors:
* Norris Boyd
*/
/* Shared implementation code for principals. */
#ifndef _NS_BASE_PRINCIPAL_H_
#define _NS_BASE_PRINCIPAL_H_
#include "jsapi.h"
#include "nsJSPrincipals.h"
#include "nsVoidArray.h"
#include "nsHashtable.h"
#include "nsIObjectInputStream.h"
#include "nsIObjectOutputStream.h"
class nsBasePrincipal: public nsIPrincipal {
public:
nsBasePrincipal();
virtual ~nsBasePrincipal(void);
NS_IMETHOD
GetJSPrincipals(JSPrincipals **jsprin);
NS_IMETHOD
CanEnableCapability(const char *capability, PRInt16 *result);
NS_IMETHOD
SetCanEnableCapability(const char *capability, PRInt16 canEnable);
NS_IMETHOD
IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result);
NS_IMETHOD
EnableCapability(const char *capability, void **annotation);
NS_IMETHOD
RevertCapability(const char *capability, void **annotation);
NS_IMETHOD
DisableCapability(const char *capability, void **annotation);
NS_IMETHOD
GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList);
nsresult
InitFromPersistent(const char* aPrefName,const char* aID,
const char* aGrantedList, const char* aDeniedList);
NS_IMETHOD
Read(nsIObjectInputStream* aStream);
NS_IMETHOD
Write(nsIObjectOutputStream* aStream);
static const char Invalid[];
protected:
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
NS_IMETHOD
SetCapability(const char *capability, void **annotation,
AnnotationValue value);
nsJSPrincipals mJSPrincipals;
nsVoidArray mAnnotations;
nsHashtable *mCapabilities;
nsCString mPrefName;
static int mCapabilitiesOrdinal;
};
// special AddRef/Release to unify reference counts between XPCOM
// and JSPrincipals
#define NSBASEPRINCIPALS_ADDREF(className) \
NS_IMETHODIMP_(nsrefcnt) \
className::AddRef(void) \
{ \
NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt"); \
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");\
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);\
NS_LOG_ADDREF(this, count, #className, sizeof(*this)); \
return count; \
}
#define NSBASEPRINCIPALS_RELEASE(className) \
NS_IMETHODIMP_(nsrefcnt) \
className::Release(void) \
{ \
NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt"); \
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release"); \
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);\
NS_LOG_RELEASE(this, count, #className); \
if (count == 0) { \
NS_DELETEXPCOM(this); \
return 0; \
} \
return count; \
}
#endif // _NS_BASE_PRINCIPAL_H_

89
caps/include/nsCertificatePrincipal.h
Просмотреть файл

@ -1,89 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* describes principals for use with signed scripts */
#ifndef _NS_CERTIFICATE_PRINCIPAL_H_
#define _NS_CERTIFICATE_PRINCIPAL_H_
#include "jsapi.h"
#include "nsICertificatePrincipal.h"
#include "nsBasePrincipal.h"
class nsIURI;
#define NS_CERTIFICATEPRINCIPAL_CID \
{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsCertificatePrincipal : public nsICertificatePrincipal, public nsBasePrincipal
{
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPAL_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISERIALIZABLE
NS_DECL_NSICERTIFICATEPRINCIPAL
NS_IMETHOD ToString(char **result);
NS_IMETHOD ToUserVisibleString(char **result);
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList);
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
NS_IMETHOD HashValue(PRUint32 *result);
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
NS_IMETHOD Init(const char* aCertificateID);
nsresult InitFromPersistent(const char* aPrefName, const char* aID,
const char* aGrantedList, const char* aDeniedList);
nsCertificatePrincipal();
virtual ~nsCertificatePrincipal(void);
protected:
nsCString mCertificateID;
nsCString mCommonName;
};
#endif // _NS_CERTIFICATE_PRINCIPAL_H_

93
caps/include/nsCodebasePrincipal.h
Просмотреть файл

@ -1,93 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* describes principals by their orginating URIs */
#ifndef _NS_CODEBASE_PRINCIPAL_H_
#define _NS_CODEBASE_PRINCIPAL_H_
#include "jsapi.h"
#include "nsBasePrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsIURI.h"
#include "nsCOMPtr.h"
#define NS_CODEBASEPRINCIPAL_CID \
{ 0x7ee2a400, 0x0b91, 0xaad3, \
{ 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsCodebasePrincipal : public nsBasePrincipal, public nsICodebasePrincipal {
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISERIALIZABLE
NS_DECL_NSICODEBASEPRINCIPAL
NS_IMETHOD ToString(char **result);
NS_IMETHOD ToUserVisibleString(char **result);
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList);
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
NS_IMETHOD HashValue(PRUint32 *result);
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
nsCodebasePrincipal();
nsresult
Init(nsIURI *uri);
nsresult
InitFromPersistent(const char* aPrefName, const char* aID,
const char* aGrantedList, const char* aDeniedList,
PRBool aTrusted);
virtual ~nsCodebasePrincipal(void);
protected:
nsCOMPtr<nsIURI> mURI;
PRBool mTrusted;
};
#endif // _NS_CODEBASE_PRINCIPAL_H_

17
caps/include/nsJSPrincipals.h
Просмотреть файл

@ -1,4 +1,4 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
@ -36,19 +36,20 @@
*
* ***** END LICENSE BLOCK ***** */
/* describes principals by their orginating uris*/
#ifndef _NS_JSPRINCIPALS_H_
#define _NS_JSPRINCIPALS_H_
#ifndef nsJSPrincipals_h__
#define nsJSPrincipals_h__
#include "jsapi.h"
#include "nsIPrincipal.h"
struct nsJSPrincipals : JSPrincipals {
struct nsJSPrincipals : JSPrincipals
{
static nsresult Startup();
nsJSPrincipals();
nsresult Init(char *prin);
nsresult Init(nsIPrincipal* aPrincipal, const char *aCodebase);
~nsJSPrincipals(void);
nsIPrincipal *nsIPrincipalPtr;
nsIPrincipal *nsIPrincipalPtr; // [WEAK] it owns us.
};
#endif /* _NS_JSPRINCIPALS_H_ */
#endif /* nsJSPrincipals_h__ */

16
caps/include/nsPrincipal.h
Просмотреть файл

@ -52,7 +52,6 @@ class nsPrincipal : public nsIPrincipal
{
public:
nsPrincipal();
nsPrincipal(nsIURI *aURI);
protected:
virtual ~nsPrincipal();
@ -61,23 +60,24 @@ public:
// Our refcount is managed by mJSPrincipals. Use this macro to avoid
// an extra refcount member.
NS_DECL_ISUPPORTS_INHERITED
protected:
// XXXcaa Probably unnecessary. See bug 143559.
NS_DECL_OWNINGTHREAD
public:
NS_DECL_NSIPRINCIPAL
NS_DECL_NSISERIALIZABLE
// Either Init() or InitFromPersistent() must be called before
// the principal is in a usable state.
nsresult Init(const char *aCertID, nsIURI *aCodebase);
nsresult InitFromPersistent(const char* aPrefName,
const char* aToken,
const char* aGrantedList,
const char* aDeniedList,
PRBool aIsCert = PR_FALSE,
PRBool aTrusted = PR_FALSE);
PRBool aIsCert,
PRBool aTrusted);
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
void SetURI(nsIURI *aURI);
nsresult SetCapability(const char *capability, void **annotation,
AnnotationValue value);
@ -104,6 +104,8 @@ protected:
nsCString commonName;
};
nsresult SetCertificate(const char* aCertID, const char* aName);
// Keep this is a pointer, even though it may slightly increase the
// cost of keeping a certificate, this is a good tradeoff though since
// it is very rare that we actually have a certificate.
@ -113,8 +115,8 @@ protected:
nsCOMPtr<nsIURI> mCodebase;
nsCOMPtr<nsIURI> mDomain;
PRUint8 mType;
PRPackedBool mTrusted;
PRPackedBool mInitialized;
};

141
caps/include/nsScriptSecurityManager.h
Просмотреть файл

@ -22,6 +22,7 @@
* Contributor(s):
* Norris Boyd <nboyd@atg.com>
* Mitch Stoltz <mstoltz@netscape.com>
* Christopher A. Aillon <christopher@aillon.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
@ -37,14 +38,15 @@
*
* ***** END LICENSE BLOCK ***** */
#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_
#define _NS_SCRIPT_SECURITY_MANAGER_H_
#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include "nsIXPCSecurityManager.h"
#include "nsInterfaceHashtable.h"
#include "nsHashtable.h"
#include "nsCOMPtr.h"
#include "nsIPrefService.h"
@ -57,44 +59,86 @@
class nsIDocShell;
class nsString;
class nsIClassInfo;
class nsIIOService;
class nsIXPConnect;
class nsIStringBundle;
class nsSystemPrincipal;
struct ClassPolicy;
#if defined(DEBUG_mstoltz) || defined(DEBUG_caillon)
#define DEBUG_CAPS_HACKER
#endif
#ifdef DEBUG_CAPS_HACKER
#define DEBUG_CAPS_CheckPropertyAccessImpl
#define DEBUG_CAPS_LookupPolicy
#define DEBUG_CAPS_CheckComponentPermissions
#endif
#if 0
#define DEBUG_CAPS_CanCreateWrapper
#define DEBUG_CAPS_CanCreateInstance
#define DEBUG_CAPS_CanGetService
#endif
/////////////////////
// nsIPrincipalKey //
// PrincipalKey //
/////////////////////
class nsIPrincipalKey : public nsHashKey
class PrincipalKey : public PLDHashEntryHdr
{
public:
nsIPrincipalKey(nsIPrincipal* key) {
mKey = key;
NS_IF_ADDREF(mKey);
}
~nsIPrincipalKey(void) {
NS_IF_RELEASE(mKey);
}
PRUint32 HashCode(void) const {
PRUint32 hash;
mKey->HashValue(&hash);
return hash;
}
PRBool Equals(const nsHashKey* aKey) const {
PRBool eq;
mKey->Equals(((nsIPrincipalKey*) aKey)->mKey, &eq);
return eq;
}
nsHashKey *Clone(void) const {
return new nsIPrincipalKey(mKey);
typedef const nsIPrincipal* KeyType;
typedef const nsIPrincipal* KeyTypePointer;
PrincipalKey(const nsIPrincipal* key)
: mKey(NS_CONST_CAST(nsIPrincipal*, key))
{
}
protected:
nsIPrincipal* mKey;
PrincipalKey(const PrincipalKey& toCopy)
: mKey(toCopy.mKey)
{
}
~PrincipalKey()
{
}
KeyType GetKey() const
{
return mKey;
}
KeyTypePointer GetKeyPointer() const
{
return mKey;
}
PRBool KeyEquals(KeyTypePointer aKey) const
{
PRBool eq;
mKey->Equals(NS_CONST_CAST(nsIPrincipal*, aKey),
&eq);
return eq;
}
static KeyTypePointer KeyToPointer(KeyType aKey)
{
return aKey;
}
static PLDHashNumber HashKey(KeyTypePointer aKey)
{
PRUint32 hash;
NS_CONST_CAST(nsIPrincipal*, aKey)->GetHashValue(&hash);
return PLDHashNumber(hash);
}
enum { ALLOW_MEMMOVE = PR_TRUE };
private:
nsCOMPtr<nsIPrincipal> mKey;
};
////////////////////
@ -214,9 +258,12 @@ class DomainPolicy : public PLDHashTable
public:
DomainPolicy() : mWildcardPolicy(nsnull),
mRefCount(0)
{
static PLDHashTableOps domainPolicyOps =
}
PRBool Init()
{
static const PLDHashTableOps domainPolicyOps =
{
PL_DHashAllocTable,
PL_DHashFreeTable,
@ -229,8 +276,8 @@ public:
InitClassPolicyEntry
};
PL_DHashTableInit(this, &domainPolicyOps, nsnull,
sizeof(ClassPolicy), 16);
return PL_DHashTableInit(this, &domainPolicyOps, nsnull,
sizeof(ClassPolicy), 16);
}
~DomainPolicy()
@ -394,7 +441,7 @@ private:
nsresult
CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
#endif
#ifdef DEBUG_mstoltz
#ifdef DEBUG_CAPS_HACKER
void
PrintPolicyDB();
#endif
@ -405,8 +452,8 @@ private:
inline void
JSEnabledPrefChanged(nsISecurityPref* aSecurityPref);
static const char* sJSEnabledPrefName;
static const char* sJSMailEnabledPrefName;
static const char sJSEnabledPrefName[];
static const char sJSMailEnabledPrefName[];
nsObjectHashtable* mOriginToPolicyMap;
DomainPolicy* mDefaultPolicy;
@ -414,20 +461,22 @@ private:
nsCOMPtr<nsIPrefBranch> mPrefBranch;
nsCOMPtr<nsISecurityPref> mSecurityPref;
nsIPrincipal* mSystemPrincipal;
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
nsCOMPtr<nsIPrincipal> mSystemCertificate;
nsSupportsHashtable* mPrincipals;
PRBool mIsJavaScriptEnabled;
PRBool mIsMailJavaScriptEnabled;
PRBool mIsWritingPrefs;
nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
PRBool mNameSetRegistered;
PRBool mPolicyPrefsChanged;
PRPackedBool mIsJavaScriptEnabled;
PRPackedBool mIsMailJavaScriptEnabled;
PRPackedBool mIsWritingPrefs;
PRPackedBool mPolicyPrefsChanged;
#ifdef XPC_IDISPATCH_SUPPORT
PRBool mXPCDefaultGrantAll;
static const char* sXPCDefaultGrantAllName;
PRPackedBool mXPCDefaultGrantAll;
static const char sXPCDefaultGrantAllName[];
#endif
static nsIIOService *sIOService;
static nsIXPConnect *sXPConnect;
static nsIStringBundle *sStrBundle;
};
#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/
#endif // nsScriptSecurityManager_h__

50
caps/include/nsSystemPrincipal.h
Просмотреть файл

@ -14,7 +14,7 @@
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* the Initial Developer. All Rights Reserved.
@ -38,10 +38,11 @@
/* The privileged system principal. */
#ifndef _NS_SYSTEM_PRINCIPAL_H_
#define _NS_SYSTEM_PRINCIPAL_H_
#ifndef nsSystemPrincipal_h__
#define nsSystemPrincipal_h__
#include "nsBasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsJSPrincipals.h"
#define NS_SYSTEMPRINCIPAL_CLASSNAME "systemprincipal"
#define NS_SYSTEMPRINCIPAL_CID \
@ -50,42 +51,23 @@
#define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1"
class nsSystemPrincipal : public nsBasePrincipal {
class nsSystemPrincipal : public nsIPrincipal
{
public:
NS_DECL_ISUPPORTS
NS_DECL_ISUPPORTS_INHERITED
NS_DECL_NSIPRINCIPAL
NS_DECL_NSISERIALIZABLE
NS_IMETHOD ToString(char **result);
NS_IMETHOD ToUserVisibleString(char **result);
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
NS_IMETHOD HashValue(PRUint32 *result);
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
NS_IMETHOD SetCanEnableCapability(const char *capability,
PRInt16 canEnable);
NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation,
PRBool *result);
NS_IMETHOD EnableCapability(const char *capability, void * *annotation);
NS_IMETHOD RevertCapability(const char *capability, void * *annotation);
NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList);
NS_IMETHOD Init();
nsresult Init();
nsSystemPrincipal();
protected:
virtual ~nsSystemPrincipal(void);
nsJSPrincipals mJSPrincipals;
// XXX Probably unnecessary. See bug 143559.
NS_DECL_OWNINGTHREAD
};
#endif // _NS_SYSTEM_PRINCIPAL_H_
#endif // nsSystemPrincipal_h__

5
caps/src/Makefile.in
Просмотреть файл

@ -50,11 +50,8 @@ REQUIRES = xpcom \
$(NULL)
CPPSRCS = \
nsBasePrincipal.cpp \
nsPrincipal.cpp \
nsSystemPrincipal.cpp \
nsCertificatePrincipal.cpp \
nsCodebasePrincipal.cpp \
nsAggregatePrincipal.cpp \
nsJSPrincipals.cpp \
nsScriptSecurityManager.cpp \
nsSecurityManagerFactory.cpp \

479
caps/src/nsAggregatePrincipal.cpp
Просмотреть файл

@ -1,479 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitch Stoltz <mstoltz@netscape.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*describes principals which combine one or more principals*/
#include "nsAggregatePrincipal.h"
#include "nsIURI.h"
static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID);
NS_IMPL_QUERY_INTERFACE5_CI(nsAggregatePrincipal, nsIAggregatePrincipal,
nsICertificatePrincipal, nsICodebasePrincipal,
nsIPrincipal, nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER5(nsAggregatePrincipal, nsIAggregatePrincipal,
nsICertificatePrincipal, nsICodebasePrincipal,
nsIPrincipal, nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal)
NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal)
//////////////////////////////////////////////////
// Methods implementing nsICertificatePrincipal //
//////////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetCertificateID(char** aCertificateID)
{
if (!mCertificate)
{
*aCertificateID = nsnull;
return NS_OK;
}
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
return certificate->GetCertificateID(aCertificateID);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCommonName(char** aCommonName)
{
if (!mCertificate)
{
*aCommonName = nsnull;
return NS_OK;
}
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
return certificate->GetCommonName(aCommonName);
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCommonName(const char* aCommonName)
{
if (!mCertificate)
return NS_ERROR_FAILURE;
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
return certificate->SetCommonName(aCommonName);
}
///////////////////////////////////////////////
// Methods implementing nsICodebasePrincipal //
///////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetURI(nsIURI** aURI)
{
if (!mCodebase)
{
*aURI = nsnull;
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
return codebase->GetURI(aURI);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetOrigin(char** aOrigin)
{
if (!mCodebase)
{
*aOrigin = nsnull;
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
return codebase->GetOrigin(aOrigin);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetSpec(char** aSpec)
{
if (!mCodebase)
{
*aSpec = nsnull;
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
return codebase->GetSpec(aSpec);
}
////////////////////////////////////////////////
// Methods implementing nsIAggregatePrincipal //
////////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetCertificate(nsIPrincipal** result)
{
*result = mCertificate;
NS_IF_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCodebase(nsIPrincipal** result)
{
*result = mCodebase;
NS_IF_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate)
{
nsresult rv;
//-- Make sure this really is a certificate principal
if (aCertificate)
{
nsCOMPtr<nsICertificatePrincipal> tempCertificate =
do_QueryInterface(aCertificate, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
}
//-- If aCertificate is an aggregate, get its underlying certificate
nsCOMPtr<nsIAggregatePrincipal> agg =
do_QueryInterface(aCertificate, &rv);
if (NS_SUCCEEDED(rv))
{
nsCOMPtr<nsIPrincipal> underlying;
rv = agg->GetCertificate(getter_AddRefs(underlying));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
mCertificate = underlying.get();
}
else
mCertificate = aCertificate;
// New certificate, so forget cached security policy
mCachedSecurityPolicy = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
{
nsresult rv;
nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
//-- If newCodebase is an aggregate, get its underlying codebase
nsCOMPtr<nsIAggregatePrincipal> agg =
do_QueryInterface(newCodebase, &rv);
if (NS_SUCCEEDED(rv))
{
rv = agg->GetCodebase(getter_AddRefs(newCodebase));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
}
else
{ //-- Make sure this really is a codebase principal
nsCOMPtr<nsICodebasePrincipal> tempCodebase =
do_QueryInterface(newCodebase, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
}
mCodebase = newCodebase;
//-- If this is the first codebase set, remember it.
if (!mOriginalCodebase)
mOriginalCodebase = newCodebase;
else
{
mDomainChanged = PR_TRUE;
// Codebase has changed, forget cached security policy
mCachedSecurityPolicy = nsnull;
}
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
{
NS_ENSURE_ARG_POINTER(aOriginalCodebase);
*aOriginalCodebase = mOriginalCodebase;
NS_IF_ADDREF(*aOriginalCodebase);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild)
{
//-- If a certificate is present, then that's the PrimaryChild principal.
// Otherwise we use the codebase.
if (mCertificate)
*aPrimaryChild = mCertificate.get();
else if (mCodebase)
*aPrimaryChild = mCodebase.get();
else
{
*aPrimaryChild = nsnull;
return NS_ERROR_FAILURE;
}
NS_IF_ADDREF(*aPrimaryChild);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::Intersect(nsIPrincipal* other)
{
NS_ASSERTION(mCodebase, "Principal without codebase");
if (mCertificate)
{
PRBool sameCert = PR_FALSE;
if (NS_FAILED(mCertificate->Equals(other, &sameCert)))
return NS_ERROR_FAILURE;
if (!sameCert)
SetCertificate(nsnull);
}
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetDomainChanged(PRBool aDomainChanged)
{
mDomainChanged = aDomainChanged;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetDomainChanged(PRBool* aDomainChanged)
{
*aDomainChanged = mDomainChanged;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCachedSecurityPolicy(void** aCachedSecurityPolicy)
{
*aCachedSecurityPolicy = mCachedSecurityPolicy;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCachedSecurityPolicy(void* aCachedSecurityPolicy)
{
mCachedSecurityPolicy = aCachedSecurityPolicy;
return NS_OK;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::ToString(char **result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->ToString(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::ToUserVisibleString(char **result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->ToUserVisibleString(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
*result = PR_FALSE;
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
if (!other)
return NS_OK;
nsresult rv;
nsCOMPtr<nsIAggregatePrincipal> otherAgg =
do_QueryInterface(other, &rv);
if (NS_FAILED(rv))
return NS_OK;
//-- Two aggregates are equal if both codebase and certificate are equal
PRBool certEqual = PR_TRUE;
if (mCertificate)
{
rv = mCertificate->Equals(other, &certEqual);
if(NS_FAILED(rv)) return rv;
}
PRBool cbEqual = PR_TRUE;
if (mCodebase)
{
rv = mCodebase->Equals(other, &cbEqual);
if(NS_FAILED(rv)) return rv;
}
if (mCertificate || mCodebase) // At least one must be present
*result = certEqual && cbEqual;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::HashValue(PRUint32 *result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->HashValue(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->CanEnableCapability(capability, result);
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->SetCanEnableCapability(capability, canEnable);
}
NS_IMETHODIMP
nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->IsCapabilityEnabled(capability, annotation, result);
}
NS_IMETHODIMP
nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->EnableCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->RevertCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->DisableCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->GetPreferences(aPrefName, aID,
aGrantedList, aDeniedList);
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Read(aStream);
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCertificate));
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCodebase));
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Write(aStream);
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalObject(aStream, mCertificate, PR_TRUE);
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIPrincipal), PR_TRUE);
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsAggregatePrincipal::nsAggregatePrincipal() : mCachedSecurityPolicy(nsnull),
mDomainChanged(PR_FALSE)
{
}
nsAggregatePrincipal::~nsAggregatePrincipal()
{
}

421
caps/src/nsBasePrincipal.cpp
Просмотреть файл

@ -1,421 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999-2000 Netscape Communications Corporation. All Rights
* Reserved.
*
* Contributor(s):
* Norris Boyd
* Mitch Stoltz
*/
#include "nscore.h"
#include "nsBasePrincipal.h"
#include "nsScriptSecurityManager.h"
#include "nsString.h"
#include "nsReadableUtils.h"
#include "plstr.h"
#include "nsCRT.h"
//////////////////////////
nsBasePrincipal::nsBasePrincipal()
: mCapabilities(nsnull)
{
}
PR_STATIC_CALLBACK(PRBool)
deleteElement(void* aElement, void *aData)
{
nsHashtable *ht = (nsHashtable *) aElement;
delete ht;
return PR_TRUE;
}
nsBasePrincipal::~nsBasePrincipal(void)
{
mAnnotations.EnumerateForwards(deleteElement, nsnull);
delete mCapabilities;
}
NS_IMETHODIMP
nsBasePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
{
if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
mJSPrincipals.nsIPrincipalPtr = this;
// No need for a ADDREF since it is a self-reference
}
*jsprin = &mJSPrincipals;
JSPRINCIPALS_HOLD(cx, *jsprin);
return NS_OK;
}
const char
nsBasePrincipal::Invalid[] = "Invalid";
NS_IMETHODIMP
nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
{
if (!mCapabilities) {
*result = nsIPrincipal::ENABLE_UNKNOWN;
return NS_OK;
}
else // If this principal is marked invalid, can't enable any capabilities
{
nsCStringKey invalidKey(Invalid);
if (mCapabilities->Exists(&invalidKey))
{
*result = nsIPrincipal::ENABLE_DENIED;
return NS_OK;
}
}
const char *start = capability;
*result = nsIPrincipal::ENABLE_GRANTED;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities->Get(&key));
if (value == 0)
value = nsIPrincipal::ENABLE_UNKNOWN;
if (value < *result)
*result = value;
if (!space)
return NS_OK;
start = space + 1;
}
/* NOTREACHED */
return NS_OK;
}
NS_IMETHODIMP
nsBasePrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{
if (!mCapabilities) {
mCapabilities = new nsHashtable(7);
if (!mCapabilities)
return NS_ERROR_OUT_OF_MEMORY;
}
else // If this principal is marked invalid, can't enable any capabilities
{
nsCStringKey invalidKey(Invalid);
if (mCapabilities->Exists(&invalidKey))
return NS_OK;
}
if (PL_strcmp(capability, Invalid) == 0)
mCapabilities->Reset();
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
mCapabilities->Put(&key, (void *) canEnable);
if (!space)
return NS_OK;
start = space + 1;
}
/* NOTREACHED */
return NS_OK;
}
NS_IMETHODIMP
nsBasePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result)
{
*result = PR_FALSE;
nsHashtable *ht = (nsHashtable *) annotation;
if (!ht) {
return NS_OK;
}
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
*result = (ht->Get(&key) == (void *) AnnotationEnabled);
if (!*result) {
// If any single capability is not enabled, then return false.
return NS_OK;
}
if (!space)
return NS_OK;
start = space + 1;
}
return NS_OK;
}
NS_IMETHODIMP
nsBasePrincipal::EnableCapability(const char *capability, void **annotation)
{
return SetCapability(capability, annotation, AnnotationEnabled);
}
NS_IMETHODIMP
nsBasePrincipal::DisableCapability(const char *capability, void **annotation)
{
return SetCapability(capability, annotation, AnnotationDisabled);
}
NS_IMETHODIMP
nsBasePrincipal::RevertCapability(const char *capability, void **annotation)
{
if (*annotation) {
nsHashtable *ht = (nsHashtable *) *annotation;
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
ht->Remove(&key);
if (!space)
return NS_OK;
start = space + 1;
}
}
return NS_OK;
}
NS_IMETHODIMP
nsBasePrincipal::SetCapability(const char *capability, void **annotation,
AnnotationValue value)
{
if (*annotation == nsnull) {
*annotation = new nsHashtable(5);
if (!*annotation)
return NS_ERROR_OUT_OF_MEMORY;
// This object owns its annotations. Save them so we can release
// them when we destroy this object.
mAnnotations.AppendElement(*annotation);
}
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
nsHashtable *ht = (nsHashtable *) *annotation;
ht->Put(&key, (void *) value);
if (!space)
return NS_OK;
start = space + 1;
}
/* NOTREACHED */
return NS_OK;
}
int nsBasePrincipal::mCapabilitiesOrdinal = 0;
nsresult
nsBasePrincipal::InitFromPersistent(const char* aPrefName, const char* aID,
const char* aGrantedList, const char* aDeniedList)
{
//-- Empty the capability table
if (mCapabilities)
mCapabilities->Reset();
//-- Save the preference name
mPrefName = aPrefName;
const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890");
if (ordinalBegin) {
int n = atoi(ordinalBegin);
if (mCapabilitiesOrdinal <= n)
mCapabilitiesOrdinal = n+1;
}
//-- Store the capabilities
if (aGrantedList)
if(NS_FAILED(SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED)))
return NS_ERROR_FAILURE;
if (aDeniedList)
if(NS_FAILED(SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED)))
return NS_ERROR_FAILURE;
return NS_OK;
}
struct CapabilityList
{
nsCString* granted;
nsCString* denied;
};
PR_STATIC_CALLBACK(PRBool)
AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
{
CapabilityList* capList = (CapabilityList*)capListPtr;
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData);
nsCStringKey* key = (nsCStringKey *)aKey;
if (value == nsIPrincipal::ENABLE_GRANTED)
{
capList->granted->Append(key->GetString(), key->GetStringLength());
capList->granted->Append(' ');
}
else if (value == nsIPrincipal::ENABLE_DENIED)
{
capList->denied->Append(key->GetString(), key->GetStringLength());
capList->denied->Append(' ');
}
return PR_TRUE;
}
NS_IMETHODIMP
nsBasePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
//-- Preference name
*aPrefName = ToNewCString(mPrefName);
if (!aPrefName)
return NS_ERROR_OUT_OF_MEMORY;
//-- ID
if (NS_FAILED(ToString(aID)))
return NS_ERROR_FAILURE;
//-- Capabilities
*aGrantedList = nsnull;
*aDeniedList = nsnull;
if (mCapabilities) {
nsCAutoString grantedListStr;
nsCAutoString deniedListStr;
CapabilityList* capList = new CapabilityList();
capList->granted = &grantedListStr;
capList->denied = &deniedListStr;
mCapabilities->Enumerate(AppendCapability, (void*)capList);
if (!grantedListStr.IsEmpty())
{
grantedListStr.Truncate(grantedListStr.Length()-1);
*aGrantedList = ToNewCString(grantedListStr);
if (!*aGrantedList) return NS_ERROR_OUT_OF_MEMORY;
}
if (!deniedListStr.IsEmpty())
{
deniedListStr.Truncate(deniedListStr.Length()-1);
*aDeniedList = ToNewCString(deniedListStr);
if (!*aDeniedList) return NS_ERROR_OUT_OF_MEMORY;
}
}
return NS_OK;
}
PR_STATIC_CALLBACK(nsresult)
ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey,
void** aData)
{
nsresult rv;
nsCStringKey* key = new nsCStringKey(aStream, &rv);
if (NS_FAILED(rv)) return rv;
PRUint32 value;
rv = aStream->Read32(&value);
if (NS_FAILED(rv)) {
delete key;
return rv;
}
*aKey = key;
*aData = (void*) value;
return NS_OK;
}
PR_STATIC_CALLBACK(void)
FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey,
void* aData)
{
if (aKey)
delete NS_STATIC_CAST(nsCStringKey*, aKey);
}
nsresult
nsBasePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
PRUint32 annotationCount;
rv = aStream->Read32(&annotationCount);
if (NS_FAILED(rv)) return rv;
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
nsHashtable *ht = new nsHashtable(aStream,
ReadAnnotationEntry,
FreeAnnotationEntry,
&rv);
NS_ASSERTION(NS_SUCCEEDED(rv) || ht == nsnull,
"failure but non-null return from nsHashtable ctor!");
if (NS_FAILED(rv)) return rv;
if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) {
delete ht;
return NS_ERROR_OUT_OF_MEMORY;
}
}
PRBool hasCapabilities;
rv = aStream->ReadBoolean(&hasCapabilities);
if (NS_SUCCEEDED(rv) && hasCapabilities) {
mCapabilities = new nsHashtable(aStream,
ReadAnnotationEntry,
FreeAnnotationEntry,
&rv);
}
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalCString(aStream, mPrefName);
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
PR_STATIC_CALLBACK(nsresult)
WriteScalarValue(nsIObjectOutputStream* aStream, void* aData)
{
PRUint32 value = NS_PTR_TO_INT32(aData);
return aStream->Write32(value);
}
nsresult
nsBasePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
PRUint32 annotationCount = PRUint32(mAnnotations.Count());
rv = aStream->Write32(annotationCount);
if (NS_FAILED(rv)) return rv;
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]);
rv = ht->Write(aStream, WriteScalarValue);
if (NS_FAILED(rv)) return rv;
}
PRBool hasCapabilities = (mCapabilities != nsnull);
rv = aStream->WriteBoolean(hasCapabilities);
if (NS_SUCCEEDED(rv) && hasCapabilities)
rv = mCapabilities->Write(aStream, WriteScalarValue);
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalStringZ(aStream, mPrefName.get());
if (NS_FAILED(rv)) return rv;
return NS_OK;
}

227
caps/src/nsCertificatePrincipal.cpp
Просмотреть файл

@ -1,227 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitch Stoltz <mstoltz@netscape.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*describes principals for use in signed scripts*/
#include "nsCertificatePrincipal.h"
#include "prmem.h"
#include "nsCOMPtr.h"
#include "nsReadableUtils.h"
#include "nsCRT.h"
static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
NS_IMPL_QUERY_INTERFACE3_CI(nsCertificatePrincipal,
nsICertificatePrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER3(nsCertificatePrincipal,
nsICertificatePrincipal,
nsIPrincipal,
nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal)
NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal)
//////////////////////////////////////////////////
// Methods implementing nsICertificatePrincipal //
//////////////////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::GetCertificateID(char** aCertificateID)
{
*aCertificateID = ToNewCString(mCertificateID);
return *aCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetCommonName(char** aCommonName)
{
*aCommonName = ToNewCString(mCommonName);
return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCertificatePrincipal::SetCommonName(const char* aCommonName)
{
mCommonName = aCommonName;
return NS_OK;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
if(NS_FAILED(nsBasePrincipal::CanEnableCapability(capability, result)))
return NS_ERROR_FAILURE;
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
*result = ENABLE_WITH_USER_PERMISSION;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::ToString(char **result)
{
return GetCertificateID(result);
}
NS_IMETHODIMP
nsCertificatePrincipal::ToUserVisibleString(char **result)
{
return GetCommonName(result);
}
NS_IMETHODIMP
nsCertificatePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
if (mPrefName.IsEmpty()) {
mPrefName.Assign("capability.principal.certificate.p");
mPrefName.AppendInt(mCapabilitiesOrdinal++);
mPrefName.Append(".id");
}
return nsBasePrincipal::GetPreferences(aPrefName, aID,
aGrantedList, aDeniedList);
}
NS_IMETHODIMP
nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
*result = PR_FALSE;
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
if (!other)
return NS_OK;
nsresult rv;
nsCOMPtr<nsICertificatePrincipal> otherCertificate =
do_QueryInterface(other, &rv);
if (NS_FAILED(rv))
return NS_OK;
//-- Compare cert ID's
char* otherID;
rv = otherCertificate->GetCertificateID(&otherID);
if (NS_FAILED(rv))
{
PR_FREEIF(otherID);
return rv;
}
*result = mCertificateID.Equals(otherID);
PR_FREEIF(otherID);
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::HashValue(PRUint32 *result)
{
char* str;
if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE;
*result = nsCRT::HashCode(str, nsnull);
nsCRT::free(str);
return NS_OK;
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Read(aStream);
if (NS_FAILED(rv)) return rv;
rv = aStream->ReadCString(mCertificateID);
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalCString(aStream, mCommonName);
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Write(aStream);
if (NS_FAILED(rv)) return rv;
rv = aStream->WriteStringZ(mCertificateID.get());
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalStringZ(aStream, mCommonName.get());
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsresult
nsCertificatePrincipal::InitFromPersistent(const char* aPrefName, const char* aCertID,
const char* aGrantedList, const char* aDeniedList)
{
if (NS_FAILED(Init(aCertID)))
return NS_ERROR_FAILURE;
return nsBasePrincipal::InitFromPersistent(aPrefName, aCertID,
aGrantedList, aDeniedList);
}
NS_IMETHODIMP
nsCertificatePrincipal::Init(const char* aCertificateID)
{
mCertificateID = aCertificateID;
return NS_OK;
}
nsCertificatePrincipal::nsCertificatePrincipal()
{
}
nsCertificatePrincipal::~nsCertificatePrincipal()
{
}

310
caps/src/nsCodebasePrincipal.cpp
Просмотреть файл

@ -1,310 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Describes principals by their orginating uris */
#include "nsCodebasePrincipal.h"
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsNetUtil.h"
#include "nsIURL.h"
#include "nsIJARURI.h"
#include "nsCOMPtr.h"
#include "nsIPrefBranch.h"
#include "nsIPrefService.h"
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
#include "nsCRT.h"
#include "nsScriptSecurityManager.h"
NS_IMPL_QUERY_INTERFACE3_CI(nsCodebasePrincipal,
nsICodebasePrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER3(nsCodebasePrincipal,
nsICodebasePrincipal,
nsIPrincipal,
nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal)
NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal)
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsCodebasePrincipal::ToString(char **result)
{
*result = nsnull;
PRBool isFile = PR_TRUE;
if(NS_FAILED(mURI->SchemeIs("file", &isFile)))
return NS_ERROR_FAILURE;
if (isFile)
{
nsCOMPtr<nsIURL> url(do_QueryInterface(mURI));
if (url)
{
nsCAutoString directory;
nsresult rv = url->GetDirectory(directory);
if (NS_FAILED(rv))
return rv;
nsCAutoString fileName;
rv = url->GetFileName(fileName);
if (NS_FAILED(rv))
return rv;
*result =
ToNewCString(NS_LITERAL_CSTRING("file://") + directory + fileName);
if (!*result)
return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}
}
return GetOrigin(result);
}
NS_IMETHODIMP
nsCodebasePrincipal::ToUserVisibleString(char **result)
{
return ToString(result);
}
NS_IMETHODIMP
nsCodebasePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
if (mPrefName.IsEmpty())
{
mPrefName.Assign("capability.principal.codebase.p");
mPrefName.AppendInt(mCapabilitiesOrdinal++);
mPrefName.Append(".id");
}
return nsBasePrincipal::GetPreferences(aPrefName, aID,
aGrantedList, aDeniedList);
}
NS_IMETHODIMP
nsCodebasePrincipal::HashValue(PRUint32 *result)
{
nsXPIDLCString spec;
if (NS_FAILED(GetSpec(getter_Copies(spec))))
return NS_ERROR_FAILURE;
*result = nsCRT::HashCode(spec, nsnull);
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
// Either this principal must be preconfigured as a trusted source
// (mTrusted), or else the codebase principal pref must be enabled
if (!mTrusted)
{
static char pref[] = "signed.applets.codebase_principal_support";
nsCOMPtr<nsIPrefBranch> prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID));
if (!prefBranch)
return NS_ERROR_FAILURE;
PRBool enabled;
if (NS_FAILED(prefBranch->GetBoolPref(pref, &enabled)) || !enabled)
{
// Deny unless subject is executing from file: or resource:
PRBool isFile = PR_FALSE;
PRBool isRes = PR_FALSE;
if (NS_FAILED(mURI->SchemeIs("file", &isFile)) ||
NS_FAILED(mURI->SchemeIs("resource", &isRes)) ||
(!isFile && !isRes))
{
*result = nsIPrincipal::ENABLE_DENIED;
return NS_OK;
}
}
}
nsBasePrincipal::CanEnableCapability(capability, result);
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
*result = ENABLE_WITH_USER_PERMISSION;
return NS_OK;
}
///////////////////////////////////////////////
// Methods implementing nsICodebasePrincipal //
///////////////////////////////////////////////
NS_IMETHODIMP
nsCodebasePrincipal::GetURI(nsIURI **uri)
{
*uri = mURI;
NS_ADDREF(*uri);
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::GetOrigin(char **origin)
{
nsresult rv;
nsCAutoString hostPort;
if (NS_SUCCEEDED(mURI->GetHostPort(hostPort)))
{
nsCAutoString scheme;
rv = mURI->GetScheme(scheme);
NS_ENSURE_SUCCESS(rv, rv);
*origin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
}
else
{
// Some URIs (e.g., nsSimpleURI) don't support host. Just
// get the full spec.
nsCAutoString spec;
rv = mURI->GetSpec(spec);
NS_ENSURE_SUCCESS(rv, rv);
*origin = ToNewCString(spec);
}
return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCodebasePrincipal::GetSpec(char **spec)
{
nsCAutoString buf;
nsresult rv = mURI->GetSpec(buf);
if (NS_FAILED(rv)) return rv;
*spec = ToNewCString(buf);
return *spec ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCodebasePrincipal::Equals(nsIPrincipal *aOther, PRBool *result)
{
if (this == aOther)
{
*result = PR_TRUE;
return NS_OK;
}
*result = PR_FALSE;
if (!aOther)
return NS_OK;
// Get a URI from the other principal
nsCOMPtr<nsICodebasePrincipal> otherCodebase(
do_QueryInterface(aOther));
if (!otherCodebase)
{
// Other principal is not a codebase, so return false
return NS_OK;
}
nsCOMPtr<nsIURI> otherURI;
otherCodebase->GetURI(getter_AddRefs(otherURI));
NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE);
return nsScriptSecurityManager::GetScriptSecurityManager()
->SecurityCompareURIs(mURI, otherURI, result);
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
NS_IMETHODIMP
nsCodebasePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Read(aStream);
if (NS_FAILED(rv)) return rv;
return aStream->ReadObject(PR_TRUE, getter_AddRefs(mURI));
}
NS_IMETHODIMP
nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Write(aStream);
if (NS_FAILED(rv)) return rv;
return aStream->WriteCompoundObject(mURI, NS_GET_IID(nsIURI), PR_TRUE);
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE)
{
}
nsresult
nsCodebasePrincipal::Init(nsIURI *uri)
{
nsCAutoString codebase;
if (uri == nsnull || NS_FAILED(uri->GetSpec(codebase)))
return NS_ERROR_FAILURE;
if (NS_FAILED(mJSPrincipals.Init(ToNewCString(codebase))))
return NS_ERROR_FAILURE;
// JSPrincipals::Init adopts its input
mURI = uri;
return NS_OK;
}
// This method overrides nsBasePrincipal::InitFromPersistent
nsresult
nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr,
const char* aGrantedList, const char* aDeniedList,
PRBool aTrusted)
{
nsresult rv;
nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aURLStr), nsnull);
NS_ASSERTION(NS_SUCCEEDED(rv), "Malformed URI in security.principal preference.");
if (NS_FAILED(rv)) return rv;
if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE;
// XXX: Add check for trusted = SSL only here?
mTrusted = aTrusted;
return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr,
aGrantedList, aDeniedList);
}
nsCodebasePrincipal::~nsCodebasePrincipal()
{
}

20
caps/src/nsJSPrincipals.cpp
Просмотреть файл

@ -35,7 +35,10 @@
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsCodebasePrincipal.h"
#include "nsString.h"
#include "nsIObjectOutputStream.h"
#include "nsIObjectInputStream.h"
#include "nsJSPrincipals.h"
#include "plstr.h"
#include "nsXPIDLString.h"
@ -138,7 +141,7 @@ nsTranscodeJSPrincipals(JSXDRState *xdr, JSPrincipals **jsprinp)
nsMemory::Free(olddata);
::JS_XDRMemSetData(xdr, data, size);
prin->GetJSPrincipals(jsprinp);
prin->GetJsPrincipals(jsprinp);
}
}
}
@ -183,9 +186,18 @@ nsJSPrincipals::nsJSPrincipals()
}
nsresult
nsJSPrincipals::Init(char *aCodebase)
nsJSPrincipals::Init(nsIPrincipal *aPrincipal, const char *aCodebase)
{
codebase = aCodebase;
if (nsIPrincipalPtr) {
NS_ERROR("Init called twice!");
return NS_ERROR_UNEXPECTED;
}
nsIPrincipalPtr = aPrincipal;
codebase = PL_strdup(aCodebase);
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}

114
caps/src/nsPrincipal.cpp
Просмотреть файл

@ -58,13 +58,6 @@ PRInt32 nsPrincipal::sCapabilitiesOrdinal = 0;
const char nsPrincipal::sInvalid[] = "Invalid";
nsPrincipal::nsPrincipal()
: mCapabilities(7),
mSecurityPolicy(nsnull)
{
}
NS_IMPL_QUERY_INTERFACE2_CI(nsPrincipal,
nsIPrincipal,
nsISerializable)
@ -95,12 +88,44 @@ nsPrincipal::Release()
return count;
}
nsPrincipal::nsPrincipal(nsIURI *aURI)
: mSecurityPolicy(nsnull),
mCodebase(aURI)
nsPrincipal::nsPrincipal()
: mCapabilities(7),
mSecurityPolicy(nsnull),
mTrusted(PR_FALSE),
mInitialized(PR_FALSE)
{
}
nsresult
nsPrincipal::Init(const char *aCertID, nsIURI *aCodebase)
{
NS_ENSURE_STATE(!mInitialized);
NS_ENSURE_ARG_POINTER(aCertID || aCodebase); // better have one of these.
mInitialized = PR_TRUE;
mCodebase = aCodebase;
nsresult rv;
if (aCertID) {
rv = SetCertificate(aCertID, nsnull);
if (NS_SUCCEEDED(rv)) {
rv = mJSPrincipals.Init(this, aCertID);
}
}
else {
nsCAutoString spec;
rv = mCodebase->GetSpec(spec);
if (NS_SUCCEEDED(rv)) {
rv = mJSPrincipals.Init(this, spec.get());
}
}
NS_WARN_IF_FALSE(NS_SUCCEEDED(rv), "nsPrincipal::Init() failed");
return rv;
}
PR_STATIC_CALLBACK(PRBool)
deleteElement(void* aElement, void *aData)
@ -118,10 +143,7 @@ nsPrincipal::~nsPrincipal(void)
NS_IMETHODIMP
nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
{
if (!mJSPrincipals.nsIPrincipalPtr) {
// Don't addref here, since we are referencing each other.
mJSPrincipals.nsIPrincipalPtr = this;
}
NS_PRECONDITION(mJSPrincipals.nsIPrincipalPtr, "mJSPrincipals is uninitalized!");
*jsprin = &mJSPrincipals;
@ -135,8 +157,13 @@ nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
NS_IMETHODIMP
nsPrincipal::GetOrigin(char **aOrigin)
{
*aOrigin = nsnull;
nsIURI* uri = mDomain ? mDomain : mCodebase;
NS_ASSERTION(uri, "No Domain or Codebase");
if (!uri) {
NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
return NS_ERROR_FAILURE;
}
nsCAutoString hostPort;
@ -202,9 +229,8 @@ nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult)
nsXPIDLCString otherCertID;
aOther->GetCertificateID(getter_Copies(otherCertID));
if (!otherCertID.Equals(mCert->certificateID)) {
return NS_OK;
}
*aResult = otherCertID.Equals(mCert->certificateID);
return NS_OK;
}
// Codebases are equal if they have the same origin.
@ -409,30 +435,25 @@ nsPrincipal::GetURI(nsIURI** aURI)
return NS_OK;
}
NS_IMETHODIMP
void
nsPrincipal::SetURI(nsIURI* aURI)
{
mCodebase = aURI;
mDomain = nsnull;
// Codebase has changed, forget cached security policy
mSecurityPolicy = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetCertificateID(const char* aID)
nsresult
nsPrincipal::SetCertificate(const char* aID, const char* aName)
{
if (!aID) {
mCert = nsnull;
return NS_OK;
NS_ENSURE_STATE(!mCert);
if (!aID && !aName) {
return NS_ERROR_INVALID_POINTER;
}
mCert = new Certificate(aID, aName);
if (!mCert) {
mCert = new Certificate(aID, "");
if (!mCert) {
return NS_ERROR_OUT_OF_MEMORY;
}
return NS_ERROR_OUT_OF_MEMORY;
}
return NS_OK;
@ -526,31 +547,30 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
"mCapabilities was already initialized?");
NS_PRECONDITION(mAnnotations.Count() == 0,
"mAnnotations was already initialized?");
NS_PRECONDITION(!mInitialized, "We were already initialized?");
mInitialized = PR_TRUE;
nsresult rv;
if (aIsCert) {
SetCertificateID(aToken);
rv = SetCertificate(aToken, nsnull);
if (NS_FAILED(rv)) {
return rv;
}
}
else {
nsresult rv = NS_NewURI(getter_AddRefs(mCodebase), aToken, nsnull);
rv = NS_NewURI(getter_AddRefs(mCodebase), aToken, nsnull);
if (NS_FAILED(rv)) {
NS_ERROR("Malformed URI in capability.principal preference.");
return rv;
}
nsCAutoString token;
rv = mCodebase->GetSpec(token);
if (NS_FAILED(rv)) {
return rv;
}
rv = mJSPrincipals.Init(PL_strdup(token.get()));
if (NS_FAILED(rv)) {
return rv;
}
mTrusted = aTrusted;
}
rv = mJSPrincipals.Init(this, aToken);
NS_ENSURE_SUCCESS(rv, rv);
//-- Save the preference name
mPrefName = aPrefName;
@ -563,7 +583,7 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
}
//-- Store the capabilities
nsresult rv = NS_OK;
rv = NS_OK;
if (aGrantedList) {
rv = SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED);
}

792
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

54
caps/src/nsSecurityManagerFactory.cpp
Просмотреть файл

@ -43,9 +43,7 @@
#include "nsIScriptSecurityManager.h"
#include "nsScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsAggregatePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsCodebasePrincipal.h"
#include "nsPrincipal.h"
#include "nsSystemPrincipal.h"
#include "nsIScriptNameSpaceManager.h"
#include "nsIScriptExternalNameSet.h"
@ -234,8 +232,8 @@ netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
// NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
rv = securityManager->SetCanEnableCapability(principalID,
nsBasePrincipal::Invalid,
rv = securityManager->SetCanEnableCapability(principalID,
nsPrincipal::sInvalid,
nsIPrincipal::ENABLE_GRANTED);
if (NS_FAILED(rv))
return JS_FALSE;
@ -310,17 +308,13 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
NS_DECL_CLASSINFO(nsAggregatePrincipal)
NS_DECL_CLASSINFO(nsCertificatePrincipal)
NS_DECL_CLASSINFO(nsCodebasePrincipal)
NS_DECL_CLASSINFO(nsPrincipal)
NS_DECL_CLASSINFO(nsSystemPrincipal)
@ -388,42 +382,16 @@ static const nsModuleComponentInfo capsComponentInfo[] =
nsIClassInfo::MAIN_THREAD_ONLY
},
{ NS_AGGREGATEPRINCIPAL_CLASSNAME,
NS_AGGREGATEPRINCIPAL_CID,
NS_AGGREGATEPRINCIPAL_CONTRACTID,
nsAggregatePrincipalConstructor,
{ NS_PRINCIPAL_CLASSNAME,
NS_PRINCIPAL_CID,
NS_PRINCIPAL_CONTRACTID,
nsPrincipalConstructor,
nsnull,
nsnull,
nsnull,
NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal),
NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
nsnull,
&NS_CLASSINFO_NAME(nsAggregatePrincipal),
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
},
{ NS_CERTIFICATEPRINCIPAL_CLASSNAME,
NS_CERTIFICATEPRINCIPAL_CID,
NS_CERTIFICATEPRINCIPAL_CONTRACTID,
nsCertificatePrincipalConstructor,
nsnull,
nsnull,
nsnull,
NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal),
nsnull,
&NS_CLASSINFO_NAME(nsCertificatePrincipal),
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
},
{ NS_CODEBASEPRINCIPAL_CLASSNAME,
NS_CODEBASEPRINCIPAL_CID,
NS_CODEBASEPRINCIPAL_CONTRACTID,
nsCodebasePrincipalConstructor,
nsnull,
nsnull,
nsnull,
NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal),
nsnull,
&NS_CLASSINFO_NAME(nsCodebasePrincipal),
&NS_CLASSINFO_NAME(nsPrincipal),
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
},

145
caps/src/nsSystemPrincipal.cpp
Просмотреть файл

@ -47,40 +47,53 @@
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
#include "nsCRT.h"
#include "nsString.h"
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, nsIPrincipal, nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, nsIPrincipal, nsISerializable)
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal,
nsIPrincipal,
nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal)
NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal)
NS_IMETHODIMP_(nsrefcnt)
nsSystemPrincipal::AddRef()
{
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
NS_LOG_ADDREF(this, count, "nsSystemPrincipal", sizeof(*this));
return count;
}
NS_IMETHODIMP_(nsrefcnt)
nsSystemPrincipal::Release()
{
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
NS_LOG_RELEASE(this, count, "nsSystemPrincipal");
if (count == 0) {
NS_DELETEXPCOM(this);
}
return count;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsSystemPrincipal::ToString(char **result)
{
nsAutoString buf;
buf.Assign(NS_LITERAL_STRING("[System]"));
*result = ToNewCString(buf);
return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsSystemPrincipal::ToUserVisibleString(char **result)
{
return ToString(result);
}
NS_IMETHODIMP
nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
// The system principal should never be streamed out
*aPrefName = nsnull;
*aID = nsnull;
*aGrantedList = nsnull;
*aDeniedList = nsnull;
return NS_ERROR_FAILURE;
}
@ -92,7 +105,7 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result)
}
NS_IMETHODIMP
nsSystemPrincipal::HashValue(PRUint32 *result)
nsSystemPrincipal::GetHashValue(PRUint32 *result)
{
*result = NS_PTR_TO_INT32(this);
return NS_OK;
@ -127,12 +140,14 @@ nsSystemPrincipal::IsCapabilityEnabled(const char *capability,
NS_IMETHODIMP
nsSystemPrincipal::EnableCapability(const char *capability, void **annotation)
{
*annotation = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::RevertCapability(const char *capability, void **annotation)
{
*annotation = nsnull;
return NS_OK;
}
@ -141,9 +156,88 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation)
{
// Can't disable the capabilities of the system principal.
// XXX might be handy to be able to do so!
*annotation = nsnull;
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsSystemPrincipal::GetURI(nsIURI** aURI)
{
*aURI = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetOrigin(char** aOrigin)
{
*aOrigin = ToNewCString(NS_LITERAL_CSTRING("[System]"));
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsSystemPrincipal::GetCertificateID(char** aID)
{
*aID = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetCommonName(char** aName)
{
*aName = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetCommonName(const char* aName)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetHasCertificate(PRBool* aResult)
{
*aResult = PR_FALSE;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetDomain(nsIURI** aDomain)
{
*aDomain = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetDomain(nsIURI* aDomain)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
{
*aSecurityPolicy = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
{
NS_PRECONDITION(mJSPrincipals.nsIPrincipalPtr, "mJSPrincipals is uninitalized!");
*jsprin = &mJSPrincipals;
JSPRINCIPALS_HOLD(cx, *jsprin);
return NS_OK;
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
@ -170,15 +264,10 @@ nsSystemPrincipal::nsSystemPrincipal()
{
}
NS_IMETHODIMP
nsresult
nsSystemPrincipal::Init()
{
char *codebase = nsCRT::strdup("[System Principal]");
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
if (NS_FAILED(mJSPrincipals.Init(codebase)))
return NS_ERROR_FAILURE;
return NS_OK;
return mJSPrincipals.Init(this, "[System Principal]");
}
nsSystemPrincipal::~nsSystemPrincipal(void)

5
content/base/public/nsContentUtils.h
Просмотреть файл

@ -249,6 +249,11 @@ public:
{
return sIOService;
};
static nsIScriptSecurityManager* GetSecurityManager()
{
return sSecurityManager;
}
static nsresult GenerateStateKey(nsIContent* aContent,
nsIStatefulFrame::SpecialStateID aID,

5
content/base/public/nsIDocument.h
Просмотреть файл

@ -130,10 +130,9 @@ public:
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal) = 0;
/**
* Update principal responsible for this document to the intersection
* of its previous value and aPrincipal.
* Set the principal responsible for this document.
*/
NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal) = 0;
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal) = 0;
/**
* Return the LoadGroup for the document. May return null.

25
content/base/src/nsContentSink.cpp
Просмотреть файл

@ -60,13 +60,13 @@
#include "nsHTMLAtoms.h"
#include "nsIDOMWindowInternal.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsICookieService.h"
#include "nsIPrompt.h"
#include "nsIAggregatePrincipal.h"
#include "nsIServiceManagerUtils.h"
#include "nsICodebasePrincipal.h"
#include "nsICharsetConverterManager.h"
#include "nsContentUtils.h"
#include "nsParserUtils.h"
#include "nsCRT.h"
#include "nsEscape.h"
@ -355,23 +355,18 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
return rv;
}
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase =
do_QueryInterface(originalPrincipal, &rv);
if (NS_FAILED(rv)) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
nsCOMPtr<nsIPrincipal> systemPrincipal;
nsContentUtils::GetSecurityManager()->
GetSystemPrincipal(getter_AddRefs(systemPrincipal));
NS_ASSERTION(systemPrincipal, "No system principal");
if (docPrincipal == systemPrincipal) {
// Document's principal is not a codebase, so we can't set cookies
return NS_OK;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
rv = docPrincipal->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIScriptGlobalObject> globalObj;

18
content/base/src/nsDocument.cpp
Просмотреть файл

@ -87,7 +87,7 @@
#include "nsNetUtil.h" // for NS_MakeAbsoluteURI
#include "nsIScriptSecurityManager.h"
#include "nsIAggregatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIPrivateDOMImplementation.h"
#include "nsIDOMWindowInternal.h"
@ -840,21 +840,9 @@ nsDocument::GetPrincipal(nsIPrincipal **aPrincipal)
}
NS_IMETHODIMP
nsDocument::AddPrincipal(nsIPrincipal *aNewPrincipal)
nsDocument::SetPrincipal(nsIPrincipal *aNewPrincipal)
{
nsresult rv;
if (!mPrincipal) {
nsCOMPtr<nsIPrincipal> principal;
rv = GetPrincipal(getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
}
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
if (NS_SUCCEEDED(rv)) {
rv = agg->Intersect(aNewPrincipal);
if (NS_FAILED(rv))
return rv;
}
mPrincipal = aNewPrincipal;
return NS_OK;
}

5
content/base/src/nsDocument.h
Просмотреть файл

@ -276,10 +276,9 @@ public:
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal);
/**
* Update principal responsible for this document to the intersection
* of its previous value and aPrincipal, and return its new value.
* Set the principal responsible for this document.
*/
NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal);
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal);
/**
* Get the Content-Type of this document.

9
content/base/src/nsFrameLoader.cpp
Просмотреть файл

@ -59,7 +59,6 @@
#include "nsIWebShell.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIURI.h"
#include "nsIURL.h"
@ -203,12 +202,8 @@ nsFrameLoader::LoadFrame()
// If we were called from script, get the referring URL from the script
if (principal) {
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal));
if (codebase) {
rv = codebase->GetURI(getter_AddRefs(referrer));
NS_ENSURE_SUCCESS(rv, rv);
}
rv = principal->GetURI(getter_AddRefs(referrer));
NS_ENSURE_SUCCESS(rv, rv);
// Pass the script principal to the docshell

2
content/base/src/nsGenericElement.cpp
Просмотреть файл

@ -74,7 +74,7 @@
#include "nsINameSpaceManager.h"
#include "nsContentList.h"
#include "nsDOMError.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIDOMMutationEvent.h"
#include "nsMutationEvent.h"

1
content/base/src/nsNodeInfoManager.cpp
Просмотреть файл

@ -43,6 +43,7 @@
#include "nsIAtom.h"
#include "nsIDocument.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsISupportsArray.h"
#include "nsContentUtils.h"
#include "nsReadableUtils.h"

4
content/base/src/nsNodeInfoManager.h
Просмотреть файл

@ -42,10 +42,10 @@
#include "nsINodeInfo.h"
#include "nsCOMPtr.h"
#include "plhash.h"
#include "nsIURI.h"
#include "nsIPrincipal.h"
class nsNodeInfo;
class nsIPrincipal;
class nsIURI;
class nsNodeInfoManager : public nsINodeInfoManager

2
content/base/src/nsRange.cpp
Просмотреть файл

@ -61,7 +61,7 @@
#include "nsParserCIID.h"
#include "nsIHTMLFragmentContentSink.h"
#include "nsIEnumerator.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptContext.h"
#include "nsIHTMLDocument.h"

69
content/base/src/nsScriptLoader.cpp
Просмотреть файл

@ -52,6 +52,38 @@ static NS_DEFINE_CID(kCharsetConverterManagerCID, NS_ICHARSETCONVERTERMANAGER_CI
//
//////////////////////////////////////////////////////////////
static already_AddRefed<nsIPrincipal>
IntersectPrincipalCerts(nsIPrincipal *aOld, nsIPrincipal *aNew)
{
NS_PRECONDITION(aOld, "Null old principal!");
NS_PRECONDITION(aNew, "Null new principal!");
nsIPrincipal *principal = aOld;
PRBool hasCert;
aOld->GetHasCertificate(&hasCert);
if (hasCert) {
PRBool equal;
aOld->Equals(aNew, &equal);
if (!equal) {
nsCOMPtr<nsIURI> uri, domain;
aOld->GetURI(getter_AddRefs(uri));
aOld->GetDomain(getter_AddRefs(domain));
nsContentUtils::GetSecurityManager()->GetCodebasePrincipal(uri, &principal);
if (principal && domain) {
principal->SetDomain(domain);
}
return principal;
}
}
NS_ADDREF(principal);
return principal;
}
//////////////////////////////////////////////////////////////
// Per-request data structure
//////////////////////////////////////////////////////////////
@ -412,17 +444,14 @@ nsScriptLoader::ProcessScriptElement(nsIDOMHTMLScriptElement *aElement,
}
// Check that the containing page is allowed to load this URI.
nsCOMPtr<nsIScriptSecurityManager> securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
if (NS_FAILED(rv)) {
return FireErrorNotification(rv, aElement, aObserver);
}
nsCOMPtr<nsIURI> docURI;
mDocument->GetDocumentURL(getter_AddRefs(docURI));
if (!docURI) {
return FireErrorNotification(NS_ERROR_UNEXPECTED, aElement, aObserver);
}
rv = securityManager->CheckLoadURI(docURI, scriptURI,
nsIScriptSecurityManager::ALLOW_CHROME);
rv = nsContentUtils::GetSecurityManager()->
CheckLoadURI(docURI, scriptURI, nsIScriptSecurityManager::ALLOW_CHROME);
if (NS_FAILED(rv)) {
return FireErrorNotification(rv, aElement, aObserver);
}
@ -874,18 +903,22 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
if (channel) {
nsCOMPtr<nsISupports> owner;
channel->GetOwner(getter_AddRefs(owner));
nsCOMPtr<nsIPrincipal> prin;
if (owner) {
prin = do_QueryInterface(owner, &rv);
}
rv = mDocument->AddPrincipal(prin);
if (NS_FAILED(rv)) {
mPendingRequests.RemoveObject(request);
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
ProcessPendingReqests();
return NS_OK;
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(owner);
if (principal) {
nsCOMPtr<nsIPrincipal> docPrincipal;
rv = mDocument->GetPrincipal(getter_AddRefs(docPrincipal));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIPrincipal> newPrincipal =
IntersectPrincipalCerts(docPrincipal, principal);
mDocument->SetPrincipal(newPrincipal);
} else {
mPendingRequests.RemoveObject(request);
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
ProcessPendingReqests();
return NS_OK;
}
}
}
}

1
content/events/src/nsEventListenerManager.h
Просмотреть файл

@ -42,7 +42,6 @@
#include "nsIEventListenerManager.h"
#include "jsapi.h"
#include "nsCOMPtr.h"
#include "nsIPrincipal.h"
#include "nsIDOMEventReceiver.h"
#include "nsIDOM3EventTarget.h"
#include "nsHashtable.h"

2
content/html/document/src/nsHTMLContentSink.cpp
Просмотреть файл

@ -104,8 +104,6 @@
#include "nsVoidArray.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsTextFragment.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptGlobalObjectOwner.h"

84
content/html/document/src/nsHTMLDocument.cpp
Просмотреть файл

@ -85,8 +85,7 @@
#include "nsIXPConnect.h"
#include "nsContentList.h"
#include "nsDOMError.h"
#include "nsICodebasePrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScrollableView.h"
@ -1896,11 +1895,10 @@ nsHTMLDocument::GetDomainURI(nsIURI **aURI)
if (NS_FAILED(GetPrincipal(getter_AddRefs(principal))))
return;
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
if (!codebase)
return;
codebase->GetURI(aURI);
principal->GetDomain(aURI);
if (!*aURI) {
principal->GetURI(aURI);
}
}
@ -1972,27 +1970,10 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain)
if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString)))
return NS_ERROR_FAILURE;
// Get codebase principal
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager> securityManager =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> newCodebase;
rv = securityManager->GetCodebasePrincipal(newURI,
getter_AddRefs(newCodebase));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
rv = agg->SetCodebase(newCodebase);
nsresult rv = mPrincipal->SetDomain(newURI);
// Bug 13871: Frameset spoofing - note that document.domain was set
if (NS_SUCCEEDED(rv)) {
agg->SetDomainChanged(PR_TRUE);
mDomainWasSet = PR_TRUE;
}
@ -2254,23 +2235,16 @@ nsHTMLDocument::GetCookie(nsAString& aCookie)
if (service) {
// Get a URI from the document principal. We use the original
// codebase in case the codebase was changed by SetDomain
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> codebaseURI;
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
if (!codebaseURI) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
do_QueryInterface(originalPrincipal, &rv));
if (NS_FAILED(rv)) {
// Document's principal is not a codebase, so can't get cookies
return NS_OK;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
nsXPIDLCString cookie;
rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie));
if (NS_SUCCEEDED(rv) && cookie)
@ -2306,25 +2280,16 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie)
}
}
// Get a URI from the document principal. We use the original
// codebase in case the codebase was changed by SetDomain
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> codebaseURI;
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
if (!codebaseURI) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
do_QueryInterface(originalPrincipal, &rv));
if (NS_FAILED(rv)) {
// Document's principal is not a codebase, so can't set cookies
return NS_OK;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
rv = NS_ERROR_OUT_OF_MEMORY;
char* cookie = ToNewCString(aCookie);
if (cookie) {
@ -2680,19 +2645,12 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
NS_ENSURE_SUCCESS(rv, rv);
// why is the above code duplicated below???
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
NS_ENSURE_SUCCESS(rv, rv);
if (subject) {
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
if (codebase) {
nsCOMPtr<nsIURI> subjectURI;
rv = codebase->GetURI(getter_AddRefs(subjectURI));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> subjectURI;
subject->GetURI(getter_AddRefs(subjectURI));
if (subjectURI) {
mDocumentURL = subjectURI;
mPrincipal = subject;
}
}

3
content/xml/document/src/nsXMLContentSink.cpp
Просмотреть файл

@ -99,8 +99,6 @@
#include "nsIDOMWindowInternal.h"
#include "nsIChannel.h"
#include "nsIPrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsXBLAtoms.h"
#include "nsXMLPrettyPrinter.h"
@ -718,6 +716,7 @@ nsXMLContentSink::ProcessBASETag(nsIContent* aContent)
}
}
}
return rv;
}

19
content/xml/document/src/nsXMLDocument.cpp
Просмотреть файл

@ -76,9 +76,8 @@
#include "nsICharsetAlias.h"
#include "nsNetUtil.h"
#include "nsDOMError.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsLayoutCID.h"
#include "nsDOMAttribute.h"
#include "nsGUIEvent.h"
@ -332,21 +331,7 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
return rv;
}
nsCOMPtr<nsIPrincipal> newCodebase;
rv = secMan->GetCodebasePrincipal(newLocation,
getter_AddRefs(newCodebase));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
rv = agg->SetCodebase(newCodebase);
return rv;
return secMan->GetCodebasePrincipal(newLocation, getter_AddRefs(mPrincipal));
}
NS_IMETHODIMP

6
content/xul/document/src/nsXULDocument.cpp
Просмотреть файл

@ -68,7 +68,7 @@
#include "nsDOMError.h"
#include "nsIBoxObject.h"
#include "nsIChromeRegistry.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIContentSink.h" // for NS_CONTENT_ID_COUNTER_BASE
#include "nsIScrollableView.h"
#include "nsIContentViewer.h"
@ -684,9 +684,9 @@ nsXULDocument::GetPrincipal(nsIPrincipal **aPrincipal)
}
NS_IMETHODIMP
nsXULDocument::AddPrincipal(nsIPrincipal *aPrincipal)
nsXULDocument::SetPrincipal(nsIPrincipal *aPrincipal)
{
NS_NOTREACHED("AddPrincipal");
NS_NOTREACHED("SetPrincipal");
return NS_ERROR_NOT_IMPLEMENTED;
}

2
content/xul/document/src/nsXULDocument.h
Просмотреть файл

@ -105,7 +105,7 @@ public:
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal);
NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal);
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal);
NS_IMETHOD SetContentType(const nsAString& aContentType);

8
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -53,7 +53,7 @@
#include "nsIHttpEventSink.h"
#include "nsIUploadChannel.h"
#include "nsISecurityEventSink.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsDocumentCharsetInfoCID.h"
#include "nsICanvasFrame.h"
#include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...)
@ -106,7 +106,6 @@
#include "nsIWyciwygChannel.h"
// The following are for bug #13871: Prevent frameset spoofing
#include "nsICodebasePrincipal.h"
#include "nsIHTMLDocument.h"
// For reporting errors with the console service.
@ -957,11 +956,8 @@ PRBool ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem, nsIDocShellTreeItem*
rv = targetDocument->GetPrincipal(getter_AddRefs(targetPrincipal));
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipal, rv);
nsCOMPtr<nsICodebasePrincipal> targetCodebasePrincipal(do_QueryInterface(targetPrincipal));
NS_ENSURE_TRUE(targetCodebasePrincipal, PR_TRUE);
nsCOMPtr<nsIURI> targetPrincipalURI;
rv = targetCodebasePrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE);
// Find out if document.domain was set for HTML documents

12
dom/src/base/nsGlobalWindow.cpp
Просмотреть файл

@ -73,7 +73,6 @@
#include "nsIWidget.h"
#include "nsIBaseWindow.h"
#include "nsICharsetConverterManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIContent.h"
#include "nsIWebBrowserPrint.h"
#include "nsIContentViewerEdit.h"
@ -4648,12 +4647,13 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl,
if (sSecMan) {
nsCOMPtr<nsIPrincipal> principal;
sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
nsCOMPtr<nsICodebasePrincipal> codebasePrin(do_QueryInterface(principal));
if (codebasePrin) {
if (principal) {
nsCOMPtr<nsIURI> subjectURI;
codebasePrin->GetURI(getter_AddRefs(subjectURI));
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
domReturnPrivate->SetOpenerScriptURL(subjectURI);
principal->GetURI(getter_AddRefs(subjectURI));
if (subjectURI) {
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
domReturnPrivate->SetOpenerScriptURL(subjectURI);
}
}
}
}

14
dom/src/base/nsJSEnvironment.cpp
Просмотреть файл

@ -704,7 +704,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
JSPrincipals *jsprin;
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
if (aPrincipal) {
aPrincipal->GetJSPrincipals(&jsprin);
aPrincipal->GetJsPrincipals(&jsprin);
}
else {
nsCOMPtr<nsIScriptGlobalObject> global;
@ -717,7 +717,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
principal->GetJSPrincipals(&jsprin);
principal->GetJsPrincipals(&jsprin);
}
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
@ -882,7 +882,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
JSPrincipals *jsprin;
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
if (aPrincipal) {
aPrincipal->GetJSPrincipals(&jsprin);
aPrincipal->GetJsPrincipals(&jsprin);
}
else {
nsCOMPtr<nsIScriptGlobalObject> global;
@ -895,7 +895,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
principal->GetJSPrincipals(&jsprin);
principal->GetJsPrincipals(&jsprin);
}
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
@ -995,7 +995,7 @@ nsJSContext::CompileScript(const PRUnichar* aText,
aScopeObject = ::JS_GetGlobalObject(mContext);
JSPrincipals *jsprin;
aPrincipal->GetJSPrincipals(&jsprin);
aPrincipal->GetJsPrincipals(&jsprin);
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
PRBool ok = PR_FALSE;
@ -1169,7 +1169,7 @@ nsJSContext::CompileEventHandler(void *aTarget, nsIAtom *aName,
getter_AddRefs(prin));
NS_ENSURE_SUCCESS(rv, rv);
prin->GetJSPrincipals(&jsprin);
prin->GetJsPrincipals(&jsprin);
NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE);
}
@ -1222,7 +1222,7 @@ nsJSContext::CompileFunction(void* aTarget,
nsCOMPtr<nsIPrincipal> prin;
if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(prin))))
return NS_ERROR_FAILURE;
prin->GetJSPrincipals(&jsprin);
prin->GetJsPrincipals(&jsprin);
}
}

1
dom/src/base/nsLocation.cpp
Просмотреть файл

@ -58,7 +58,6 @@
#include "nsEscape.h"
#include "nsJSUtils.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIDOMWindow.h"
#include "nsIDOMDocument.h"
#include "nsIDocument.h"

44
dom/src/jsurl/nsJSProtocolHandler.cpp
Просмотреть файл

@ -55,7 +55,6 @@
#include "nsIScriptGlobalObjectOwner.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIInterfaceRequestor.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsIStringStream.h"
@ -230,32 +229,21 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel)
if (NS_FAILED(rv))
return rv;
PRBool equals = PR_FALSE;
if ((NS_FAILED(objectPrincipal->Equals(principal, &equals)) || !equals)) {
// If the principals aren't equal
nsCOMPtr<nsIPrincipal> systemPrincipal;
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
if (principal.get() != systemPrincipal.get()) {
// and the script to be run does not have the system principal
nsCOMPtr<nsICodebasePrincipal>
objectCodebase(do_QueryInterface(objectPrincipal));
nsXPIDLCString objectOrigin;
rv = objectCodebase->GetOrigin(getter_Copies(objectOrigin));
if (PL_strcmp("about:blank", objectOrigin) != 0) {
// and the target window is not about:blank, then
// don't run the script. Print a message to the console and
// return undefined.
nsCOMPtr<nsIConsoleService>
console(do_GetService("@mozilla.org/consoleservice;1"));
if (console) {
console->LogStringMessage(
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
}
return NS_ERROR_DOM_RETVAL_UNDEFINED;
nsCOMPtr<nsIPrincipal> systemPrincipal;
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
if (principal != systemPrincipal) {
rv = securityManager->CheckSameOriginPrincipal(principal,
objectPrincipal);
if (NS_FAILED(rv)) {
nsCOMPtr<nsIConsoleService> console =
do_GetService("@mozilla.org/consoleservice;1");
if (console) {
// XXX Localize me!
console->LogStringMessage(
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
}
return NS_ERROR_DOM_RETVAL_UNDEFINED;
}
}
}
@ -300,9 +288,9 @@ nsresult nsJSThunk::BringUpConsole(nsIDOMWindow *aDomWindow)
nsresult rv;
// First, get the Window Mediator service.
nsCOMPtr<nsIWindowMediator> windowMediator;
nsCOMPtr<nsIWindowMediator> windowMediator =
do_GetService(kWindowMediatorCID, &rv);
windowMediator = do_GetService(kWindowMediatorCID, &rv);
if (NS_FAILED(rv)) return rv;
// Next, find out whether there's a console already open.

2
embedding/browser/activex/src/plugin/LegacyPlugin.cpp
Просмотреть файл

@ -404,7 +404,7 @@ MozAxAutoPushJSContext::MozAxAutoPushJSContext(JSContext *cx,
if (NS_SUCCEEDED(mPushResult))
{
JSPrincipals* jsprinc;
principal->GetJSPrincipals(&jsprinc);
principal->GetJsPrincipals(&jsprinc);
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
jsprinc, "", 0, "", 1);

7
extensions/webservices/schema/src/nsSchemaLoader.cpp
Просмотреть файл

@ -43,7 +43,7 @@
// XPConnect includes
#include "nsIXPConnect.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
// XPCOM includes
#include "nsIServiceManager.h"
@ -813,10 +813,7 @@ nsSchemaLoader::GetResolvedURI(const nsAString& aSchemaURI,
nsCOMPtr<nsIPrincipal> principal;
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
if (codebase) {
codebase->GetURI(getter_AddRefs(baseURI));
}
principal->GetURI(getter_AddRefs(baseURI));
}
rv = NS_NewURI(aURI, aSchemaURI, nsnull, baseURI);

10
extensions/webservices/security/src/nsWebScriptsAccess.cpp
Просмотреть файл

@ -43,7 +43,7 @@
#include "nsIDOMNodeList.h"
#include "nsIDOMAttr.h"
#include "nsIDOMNamedNodeMap.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIURL.h"
#include "nsReadableUtils.h"
#include "nsIHttpChannel.h"
@ -260,13 +260,7 @@ nsWebScriptsAccess::GetCodebaseURI(nsIURI** aCodebase)
rv = mSecurityManager->GetSubjectPrincipal(getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal, &rv));
NS_ENSURE_SUCCESS(rv, rv);
rv = codebase->GetURI(aCodebase);
NS_ENSURE_SUCCESS(rv, rv);
return NS_OK;
return principal->GetURI(aCodebase);
}
nsresult

52
extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
Просмотреть файл

@ -44,7 +44,7 @@
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIVariant.h"
#include "nsString.h"
#include "nsSOAPUtils.h"
@ -57,7 +57,6 @@
#include "nsIWebScriptsAccessService.h"
#include "nsMemory.h"
#include "nsIDocument.h"
#include "nsIAggregatePrincipal.h"
nsHTTPSOAPTransport::nsHTTPSOAPTransport()
{
@ -93,9 +92,9 @@ static NS_NAMED_LITERAL_STRING(kAnyURISchemaType, "anyURI");
/**
* This method will replace the target document's
* codebase pricipal with the subject codebase to
* override cross domain checks. So use caution
* because this might lead to serious security breech
* codebase principal with the subject codebase to
* override cross-domain checks. So use caution
* because this might lead to a serious security breach
* if misused.
* @param aDocument - The target/response document.
*/
@ -121,25 +120,8 @@ nsresult ChangePrincipal(nsIDOMDocument* aDocument)
if (NS_FAILED(rv)) {
nsCOMPtr<nsIPrincipal> subjectPrincipal;
rv = secMgr->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIAggregatePrincipal> subjectAgg =
do_QueryInterface(subjectPrincipal, &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> subjectCodebase;
rv = subjectAgg->GetOriginalCodebase(getter_AddRefs(subjectCodebase));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> targetPrincipal;
rv = targetDoc->GetPrincipal(getter_AddRefs(targetPrincipal));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIAggregatePrincipal> targetAgg =
do_QueryInterface(targetPrincipal, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = targetAgg->SetCodebase(subjectCodebase);
if (NS_SUCCEEDED(rv))
targetDoc->SetPrincipal(subjectPrincipal);
}
return rv;
}
@ -216,24 +198,20 @@ static nsresult GetTransportURI(nsISOAPCall * aCall, nsAString & aURI)
"SOAP_INVOKE_VERIFY_PRINCIPAL",
"Source-verified message cannot be sent without principal.");
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal,&rc);
if (NS_FAILED(rc))
return rc;
if (!codebase) {
nsCOMPtr<nsIURI> uri;
principal->GetURI(getter_AddRefs(uri));
if (!uri) {
return SOAP_EXCEPTION(NS_ERROR_FAILURE,
"SOAP_INVOKE_VERIFY_CODEBASE",
"Source-verified message cannot be sent without codebase.");
"SOAP_INVOKE_VERIFY_URI",
"Source-verified message cannot be sent without URI.");
}
char* str;
rc = codebase->GetSpec(&str);
nsCAutoString spec;
rc = uri->GetSpec(spec);
if (NS_FAILED(rc))
return rc;
CopyASCIItoUCS2(nsDependentCString(str), sourceURI);
nsMemory::Free(str);
CopyASCIItoUCS2(spec, sourceURI);
}
// Adding a header to tell the server that it must understand and verify the source of the call

7
extensions/webservices/wsdl/src/nsWSDLLoader.cpp
Просмотреть файл

@ -40,7 +40,7 @@
// XPConnect includes
#include "nsIXPConnect.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
// XPCOM includes
#include "nsIServiceManager.h"
@ -218,10 +218,7 @@ nsWSDLLoader::GetResolvedURI(const nsAString& aWSDLURI, const char* aMethod,
nsCOMPtr<nsIPrincipal> principal;
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
if (codebase) {
codebase->GetURI(getter_AddRefs(baseURI));
}
principal->GetURI(getter_AddRefs(baseURI));
}
rv = NS_NewURI(aURI, aWSDLURI, nsnull, baseURI);

8
extensions/xmlextras/base/src/nsDOMSerializer.cpp
Просмотреть файл

@ -50,7 +50,6 @@
#include "nsIJSContextStack.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIURI.h"
nsDOMSerializer::nsDOMSerializer()
@ -156,11 +155,8 @@ nsresult CheckSameOrigin(nsIDOMNode *aRoot)
doc->GetPrincipal(getter_AddRefs(principal));
nsCOMPtr<nsICodebasePrincipal> codebase_principal =
do_QueryInterface(principal);
if (codebase_principal) {
codebase_principal->GetURI(getter_AddRefs(root_uri));
if (principal) {
principal->GetURI(getter_AddRefs(root_uri));
}
if (root_uri) {

2
js/src/liveconnect/nsCLiveconnect.cpp
Просмотреть файл

@ -210,7 +210,7 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports,
if (!hasScript)
{
JSPrincipals* jsprinc;
principal->GetJSPrincipals(&jsprinc);
principal->GetJsPrincipals(&jsprinc);
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
jsprinc, "", 0, "", 1);

4
js/src/xpconnect/loader/mozJSComponentLoader.cpp
Просмотреть файл

@ -269,7 +269,7 @@ EvalInSandbox(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
NS_FAILED(secman->GetCodebasePrincipal(iURL,
getter_AddRefs(principal))) ||
!principal ||
NS_FAILED(principal->GetJSPrincipals(&jsPrincipals)) ||
NS_FAILED(principal->GetJsPrincipals(&jsPrincipals)) ||
!jsPrincipals) {
JS_ReportError(cx, "Can't get principals for evalInSandbox");
return JS_FALSE;
@ -997,7 +997,7 @@ mozJSComponentLoader::GlobalForLocation(const char *aLocation,
nsCOMPtr<nsIScriptObjectPrincipal> backstagePass =
new BackstagePass(mSystemPrincipal);
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
if (NS_FAILED(rv) || !jsPrincipals)
return nsnull;

2
js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
Просмотреть файл

@ -299,7 +299,7 @@ mozJSSubScriptLoader::LoadSubScript (const PRUnichar * /*url*/
/* we can't hold onto jsPrincipals as a module var because the
* JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the
* destructor */
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
if (NS_FAILED(rv) || !jsPrincipals) {
delete[] buf;
return rv;

1
layout/generic/nsFrameFrame.cpp
Просмотреть файл

@ -76,7 +76,6 @@
#include "nsLayoutAtoms.h"
#include "nsIChromeEventHandler.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsXPIDLString.h"
#include "nsIScrollable.h"
#include "nsINameSpaceManager.h"

1
layout/html/document/src/nsFrameFrame.cpp
Просмотреть файл

@ -76,7 +76,6 @@
#include "nsLayoutAtoms.h"
#include "nsIChromeEventHandler.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsXPIDLString.h"
#include "nsIScrollable.h"
#include "nsINameSpaceManager.h"

26
modules/libjar/nsJARChannel.cpp
Просмотреть файл

@ -22,12 +22,11 @@
#include "nsMimeTypes.h"
#include "nsNetUtil.h"
#include "nsScriptSecurityManager.h"
#include "nsIAggregatePrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIFileURL.h"
#include "nsIJAR.h"
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
//-----------------------------------------------------------------------------
@ -419,24 +418,19 @@ nsJARChannel::GetOwner(nsISupports **result)
if (NS_FAILED(rv)) return rv;
if (cert) {
// Get the codebase principal
nsXPIDLCString certID;
rv = cert->GetCertificateID(getter_Copies(certID));
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(kScriptSecurityManagerCID, &rv);
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIPrincipal> codebase;
rv = secMan->GetCodebasePrincipal(mJarBaseURI,
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
rv = secMan->GetCertificatePrincipal(certID, mJarBaseURI,
getter_AddRefs(cert));
if (NS_FAILED(rv)) return rv;
rv = agg->SetCodebase(codebase);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
mOwner = do_QueryInterface(cert, &rv);
if (NS_FAILED(rv)) return rv;
NS_ADDREF(*result = mOwner);

7
modules/libpref/src/nsPrefBranch.cpp
Просмотреть файл

@ -46,7 +46,7 @@
#include "nsString.h"
#include "nsReadableUtils.h"
#include "nsXPIDLString.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIStringBundle.h"
#include "prefapi.h"
#include "prmem.h"
@ -68,8 +68,6 @@ struct PrefCallbackData {
};
static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
// Prototypes
PR_STATIC_CALLBACK(PLDHashOperator)
pref_enumChild(PLDHashTable *table, PLDHashEntryHdr *heh,
@ -843,7 +841,8 @@ nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **
{
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(kSecurityManagerCID, &rv);
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;

5
modules/oji/src/ProxyClassLoader.cpp
Просмотреть файл

@ -45,7 +45,6 @@
#include "nsIServiceManager.h"
#include "nsIJSContextStack.h"
#include "nsIPrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsIScriptContext.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptObjectPrincipal.h"
@ -70,9 +69,7 @@ static nsresult getScriptCodebase(JSContext* cx, nsIURI* *result)
nsCOMPtr<nsIPrincipal> principal;
scriptObjectPrincipal->GetPrincipal(getter_AddRefs(principal));
if (principal) {
nsCOMPtr<nsICodebasePrincipal> codebasePrincipal = do_QueryInterface(principal);
if (codebasePrincipal)
return codebasePrincipal->GetURI(result);
return principal->GetURI(result);
}
}
}

4
modules/oji/src/lcglue.cpp
Просмотреть файл

@ -352,7 +352,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
rv = ssm->GetCodebasePrincipal(codebaseURI, getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {
JSPrincipals* jsprincipals;
principal->GetJSPrincipals(&jsprincipals);
principal->GetJsPrincipals(&jsprincipals);
return jsprincipals;
}
}
@ -362,7 +362,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(credentials);
if (principal) {
JSPrincipals* jsprincipals;
principal->GetJSPrincipals(&jsprincipals);
principal->GetJsPrincipals(&jsprincipals);
return jsprincipals;
}
}

73
modules/oji/src/nsCSecurityContext.cpp
Просмотреть файл

@ -53,12 +53,7 @@
// For GetOrigin()
#include "nsCOMPtr.h"
#include "nsJSPrincipals.h"
#include "nsSystemPrincipal.h"
#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIServiceManager.h"
#include "nsIScriptObjectPrincipal.h"
@ -135,39 +130,27 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen)
}
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(m_pPrincipal);
if (!codebase)
nsXPIDLCString origin;
m_pPrincipal->GetOrigin(getter_Copies(origin));
PRInt32 originlen = origin.Length();
if (origin.IsEmpty() || originlen > buflen - 1) {
return NS_ERROR_FAILURE;
char* origin=nsnull;
codebase->GetOrigin(&origin);
if (origin) {
PRInt32 originlen = (PRInt32) strlen(origin);
if (!buf || buflen<=originlen) {
if (origin) {
nsCRT::free(origin);
}
return NS_ERROR_FAILURE;
}
// Copy the string into to user supplied buffer. Is there a better
// way to do this?
memcpy(buf,origin,originlen);
buf[originlen]=nsnull; // Gotta terminate it.
nsCRT::free(origin);
} else {
*buf = nsnull;
}
// Copy the string into to user supplied buffer. Is there a better
// way to do this?
memcpy(buf, origin, originlen);
buf[originlen] = nsnull; // Gotta terminate it.
return NS_OK;
}
NS_METHOD
nsCSecurityContext::GetCertificateID(char* buf, int buflen)
{
nsCOMPtr<nsIPrincipal> principal = NULL;
nsCOMPtr<nsIPrincipal> principal;
// Get the Script Security Manager.
@ -176,28 +159,22 @@ nsCSecurityContext::GetCertificateID(char* buf, int buflen)
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv) || !secMan) return NS_ERROR_FAILURE;
secMan->GetSubjectPrincipal(getter_AddRefs(principal));
nsCOMPtr<nsICertificatePrincipal> cprincipal = do_QueryInterface(principal);
if (!cprincipal)
if (!principal) {
return NS_ERROR_FAILURE;
char* certificate = nsnull;
cprincipal->GetCertificateID(&certificate);
if (certificate) {
PRInt32 certlen = (PRInt32) strlen(certificate);
if( buflen<=certlen ) {
nsCRT::free(certificate);
return NS_ERROR_FAILURE;
}
memcpy(buf,certificate,certlen);
buf[certlen]=nsnull;
nsCRT::free(certificate);
} else {
*buf = nsnull;
}
nsXPIDLCString certificate;
principal->GetCertificateID(getter_Copies(certificate));
PRInt32 certlen = certificate.Length();
if (buflen <= certlen) {
return NS_ERROR_FAILURE;
}
memcpy(buf, certificate.get(), certlen);
buf[certlen] = nsnull;
return NS_OK;
}

20
modules/oji/src/nsJVMManager.cpp
Просмотреть файл

@ -68,14 +68,10 @@
#include "nspr.h"
#include "plstr.h"
#include "nsCOMPtr.h"
//#include "nsJSPrincipals.h"
//#include "nsSystemPrincipal.h"
//#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsISignatureVerifier.h"
//#include "nsScriptSecurityManager.h"
extern "C" int XP_PROGRESS_STARTING_JAVA;
extern "C" int XP_PROGRESS_STARTING_JAVA_DONE;
@ -956,7 +952,7 @@ nsJVMManager::IsAllPermissionGranted(
{
nsresult rv = NS_OK;
nsIPrincipal* pIPrincipal = NULL;
nsCOMPtr<nsIPrincipal> pIPrincipal;
// Get the Script Security Manager.
@ -968,18 +964,12 @@ nsJVMManager::IsAllPermissionGranted(
// The fingerprint is a one way hash of this certificate. It is used
// as the key to store the principal in the principal database.
rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal);
rv = secMan->GetCertificatePrincipal(lastFP, nsnull,
getter_AddRefs(pIPrincipal));
if (NS_FAILED(rv)) return PR_FALSE;
// Get the nsICertificatePrincipal interface so that we can set the
// common name. The common name is a user meaningful string.
nsCOMPtr<nsICertificatePrincipal> pICertificate = do_QueryInterface(pIPrincipal, &rv);
if (NS_FAILED(rv) || !pICertificate) return PR_FALSE;
// Set the common name.
rv = pICertificate->SetCommonName(lastCN);
rv = pIPrincipal->SetCommonName(lastCN);
PRInt16 ret;

26
netwerk/protocol/jar/src/nsJARChannel.cpp
Просмотреть файл

@ -22,12 +22,11 @@
#include "nsMimeTypes.h"
#include "nsNetUtil.h"
#include "nsScriptSecurityManager.h"
#include "nsIAggregatePrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIFileURL.h"
#include "nsIJAR.h"
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
//-----------------------------------------------------------------------------
@ -419,24 +418,19 @@ nsJARChannel::GetOwner(nsISupports **result)
if (NS_FAILED(rv)) return rv;
if (cert) {
// Get the codebase principal
nsXPIDLCString certID;
rv = cert->GetCertificateID(getter_Copies(certID));
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(kScriptSecurityManagerCID, &rv);
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIPrincipal> codebase;
rv = secMan->GetCodebasePrincipal(mJarBaseURI,
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
rv = secMan->GetCertificatePrincipal(certID, mJarBaseURI,
getter_AddRefs(cert));
if (NS_FAILED(rv)) return rv;
rv = agg->SetCodebase(codebase);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
mOwner = do_QueryInterface(cert, &rv);
if (NS_FAILED(rv)) return rv;
NS_ADDREF(*result = mOwner);

4
security/manager/ssl/src/nsCrypto.cpp
Просмотреть файл

@ -47,12 +47,12 @@
#include "nsIPrompt.h"
#include "nsIFilePicker.h"
#include "nsJSPrincipals.h"
#include "nsScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsXPIDLString.h"
#include "nsIGenKeypairInfoDlg.h"
#include "nsIDOMCryptoDialogs.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include <ctype.h>
#include "nsReadableUtils.h"
#include "pk11func.h"
@ -1788,7 +1788,7 @@ nsCryptoRunnable::Run()
nsNSSShutDownPreventionLock locker;
JSPrincipals *principals;
nsresult rv = m_args->m_principals->GetJSPrincipals(&principals);
nsresult rv = m_args->m_principals->GetJsPrincipals(&principals);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;

12
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -58,7 +58,7 @@
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsProxiedService.h"
#include "nsICertificatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsReadableUtils.h"
#include "nsIDateTimeFormat.h"
#include "prtypes.h"
@ -1458,17 +1458,19 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
rv2 = pCert->GetSha1Fingerprint(fingerprint);
NS_LossyConvertUCS2toASCII fingerprintStr(fingerprint);
if (NS_FAILED(rv2)) return rv2;
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), aPrincipal);
if (NS_FAILED(rv2) || !*aPrincipal) return rv2;
nsCOMPtr<nsIPrincipal> certPrincipal;
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), nsnull,
getter_AddRefs(certPrincipal));
if (NS_FAILED(rv2) || !certPrincipal) return rv2;
nsCOMPtr<nsICertificatePrincipal> certPrincipal = do_QueryInterface(*aPrincipal, &rv2);
if (NS_FAILED(rv2)) return rv2;
nsAutoString orgName;
rv2 = pCert->GetOrganization(orgName);
if (NS_FAILED(rv2)) return rv2;
NS_LossyConvertUCS2toASCII orgNameStr(orgName);
rv2 = certPrincipal->SetCommonName(orgNameStr.get());
if (NS_FAILED(rv2)) return rv2;
*aPrincipal = certPrincipal;
}
if (p7_info) {

4
xpinstall/src/CertReader.cpp
Просмотреть файл

@ -42,6 +42,10 @@
#include "nsIServiceManager.h"
#include "nsISignatureVerifier.h"
#include "nsIInputStream.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsPICertNotification.h"
#include "nsNetUtil.h"

11
xpinstall/src/CertReader.h
Просмотреть файл

@ -36,11 +36,12 @@
#include "nsCOMPtr.h"
#include "nsIStreamListener.h"
#include "nsString.h"
#include "nsISignatureVerifier.h"
#include "nsICertificatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsPICertNotification.h"
class nsISignatureVerifier;
class nsIPrincipal;
class nsIURI;
class nsPICertNotification;
class CertReader : public nsIStreamListener
{

6
xpinstall/src/nsSoftwareUpdateRun.cpp
Просмотреть файл

@ -55,7 +55,6 @@
#include "nsIJAR.h"
#include "nsIPrincipal.h"
#include "nsICertificatePrincipal.h"
static NS_DEFINE_CID(kSoftwareUpdateCID, NS_SoftwareUpdate_CID);
static NS_DEFINE_CID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
@ -82,8 +81,9 @@ nsresult VerifySigning(nsIZipReader* hZip, nsIPrincipal* aPrincipal)
if (!aPrincipal)
return NS_OK; // not signed, but not an error
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
if (!cp)
PRBool hasCert;
aPrincipal->GetHasCertificate(&hasCert);
if (!hasCert)
return NS_ERROR_FAILURE;
nsCOMPtr<nsIJAR> jar(do_QueryInterface(hZip));

26
xpinstall/src/nsXPITriggerInfo.cpp
Просмотреть файл

@ -1,4 +1,4 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
@ -27,7 +27,6 @@
#include "nsDebug.h"
#include "nsIServiceManager.h"
#include "nsIEventQueueService.h"
#include "nsICertificatePrincipal.h"
static NS_DEFINE_IID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
@ -93,15 +92,24 @@ PRBool nsXPITriggerItem::IsRelativeURL()
void
nsXPITriggerItem::SetPrincipal(nsIPrincipal* aPrincipal)
{
mPrincipal = aPrincipal;
mPrincipal = aPrincipal;
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
if (cp) {
nsXPIDLCString cName;
cp->GetCommonName(getter_Copies(cName));
mCertName = NS_ConvertUTF8toUCS2(cName);
}
// aPrincipal can be null for various failure cases.
// see bug 213894 for an example.
// nsXPInstallManager::OnCertAvailable can be called with a null principal
// and it can also force a null principal.
if (!aPrincipal)
return;
PRBool hasCert;
aPrincipal->GetHasCertificate(&hasCert);
if (hasCert) {
nsXPIDLCString cName;
aPrincipal->GetCommonName(getter_Copies(cName));
mCertName = NS_ConvertUTF8toUCS2(cName);
}
}
//
// nsXPITriggerInfo
//