From 66caced69ad6f7c917a92fe87217c0ebc0192ad6 Mon Sep 17 00:00:00 2001
From: "caillon%returnzero.com" <caillon%returnzero.com>
Date: Tue, 21 Oct 2003 22:11:49 +0000
Subject: [PATCH] Re-land patch for bug 83536, merging principal objects. Also
 includes fixes from bug 216041. r=bzbarsky sr=jst

---
 caps/idl/Makefile.in                          |   3 -
 caps/idl/nsIAggregatePrincipal.idl            |  60 --
 caps/idl/nsICertificatePrincipal.idl          |  53 --
 caps/idl/nsICodebasePrincipal.idl             |  56 --
 caps/idl/nsIPrincipal.idl                     | 109 ++-
 caps/idl/nsIScriptSecurityManager.idl         |  19 +-
 caps/include/Makefile.in                      |  10 +-
 caps/include/nsAggregatePrincipal.h           | 116 ---
 caps/include/nsBasePrincipal.h                | 122 ---
 caps/include/nsCertificatePrincipal.h         |  89 --
 caps/include/nsCodebasePrincipal.h            |  93 --
 caps/include/nsJSPrincipals.h                 |  17 +-
 caps/include/nsPrincipal.h                    |  16 +-
 caps/include/nsScriptSecurityManager.h        | 141 +++-
 caps/include/nsSystemPrincipal.h              |  50 +-
 caps/src/Makefile.in                          |   5 +-
 caps/src/nsAggregatePrincipal.cpp             | 479 -----------
 caps/src/nsBasePrincipal.cpp                  | 421 ----------
 caps/src/nsCertificatePrincipal.cpp           | 227 -----
 caps/src/nsCodebasePrincipal.cpp              | 310 -------
 caps/src/nsJSPrincipals.cpp                   |  20 +-
 caps/src/nsPrincipal.cpp                      | 114 +--
 caps/src/nsScriptSecurityManager.cpp          | 792 +++++++++---------
 caps/src/nsSecurityManagerFactory.cpp         |  54 +-
 caps/src/nsSystemPrincipal.cpp                | 145 +++-
 content/base/public/nsContentUtils.h          |   5 +
 content/base/public/nsIDocument.h             |   5 +-
 content/base/src/nsContentSink.cpp            |  25 +-
 content/base/src/nsDocument.cpp               |  18 +-
 content/base/src/nsDocument.h                 |   5 +-
 content/base/src/nsFrameLoader.cpp            |   9 +-
 content/base/src/nsGenericElement.cpp         |   2 +-
 content/base/src/nsNodeInfoManager.cpp        |   1 +
 content/base/src/nsNodeInfoManager.h          |   4 +-
 content/base/src/nsRange.cpp                  |   2 +-
 content/base/src/nsScriptLoader.cpp           |  69 +-
 content/events/src/nsEventListenerManager.h   |   1 -
 .../html/document/src/nsHTMLContentSink.cpp   |   2 -
 content/html/document/src/nsHTMLDocument.cpp  |  84 +-
 content/xml/document/src/nsXMLContentSink.cpp |   3 +-
 content/xml/document/src/nsXMLDocument.cpp    |  19 +-
 content/xul/document/src/nsXULDocument.cpp    |   6 +-
 content/xul/document/src/nsXULDocument.h      |   2 +-
 docshell/base/nsDocShell.cpp                  |   8 +-
 dom/src/base/nsGlobalWindow.cpp               |  12 +-
 dom/src/base/nsJSEnvironment.cpp              |  14 +-
 dom/src/base/nsLocation.cpp                   |   1 -
 dom/src/jsurl/nsJSProtocolHandler.cpp         |  44 +-
 .../activex/src/plugin/LegacyPlugin.cpp       |   2 +-
 .../webservices/schema/src/nsSchemaLoader.cpp |   7 +-
 .../security/src/nsWebScriptsAccess.cpp       |  10 +-
 .../soap/src/nsHTTPSOAPTransport.cpp          |  52 +-
 .../webservices/wsdl/src/nsWSDLLoader.cpp     |   7 +-
 .../xmlextras/base/src/nsDOMSerializer.cpp    |   8 +-
 js/src/liveconnect/nsCLiveconnect.cpp         |   2 +-
 .../xpconnect/loader/mozJSComponentLoader.cpp |   4 +-
 .../xpconnect/loader/mozJSSubScriptLoader.cpp |   2 +-
 layout/generic/nsFrameFrame.cpp               |   1 -
 layout/html/document/src/nsFrameFrame.cpp     |   1 -
 modules/libjar/nsJARChannel.cpp               |  26 +-
 modules/libpref/src/nsPrefBranch.cpp          |   7 +-
 modules/oji/src/ProxyClassLoader.cpp          |   5 +-
 modules/oji/src/lcglue.cpp                    |   4 +-
 modules/oji/src/nsCSecurityContext.cpp        |  73 +-
 modules/oji/src/nsJVMManager.cpp              |  20 +-
 netwerk/protocol/jar/src/nsJARChannel.cpp     |  26 +-
 security/manager/ssl/src/nsCrypto.cpp         |   4 +-
 security/manager/ssl/src/nsNSSComponent.cpp   |  12 +-
 xpinstall/src/CertReader.cpp                  |   4 +
 xpinstall/src/CertReader.h                    |  11 +-
 xpinstall/src/nsSoftwareUpdateRun.cpp         |   6 +-
 xpinstall/src/nsXPITriggerInfo.cpp            |  26 +-
 72 files changed, 1081 insertions(+), 3101 deletions(-)
 delete mode 100644 caps/idl/nsIAggregatePrincipal.idl
 delete mode 100644 caps/idl/nsICertificatePrincipal.idl
 delete mode 100644 caps/idl/nsICodebasePrincipal.idl
 delete mode 100644 caps/include/nsAggregatePrincipal.h
 delete mode 100644 caps/include/nsBasePrincipal.h
 delete mode 100644 caps/include/nsCertificatePrincipal.h
 delete mode 100644 caps/include/nsCodebasePrincipal.h
 delete mode 100644 caps/src/nsAggregatePrincipal.cpp
 delete mode 100644 caps/src/nsBasePrincipal.cpp
 delete mode 100644 caps/src/nsCertificatePrincipal.cpp
 delete mode 100644 caps/src/nsCodebasePrincipal.cpp

diff --git a/caps/idl/Makefile.in b/caps/idl/Makefile.in
index b4ed527a7bb9..5eb5d4e91635 100644
--- a/caps/idl/Makefile.in
+++ b/caps/idl/Makefile.in
@@ -32,9 +32,6 @@ GRE_MODULE	= 1
 XPIDLSRCS	= \
 		nsIScriptSecurityManager.idl \
 		nsIPrincipal.idl \
-		nsICodebasePrincipal.idl \
-		nsICertificatePrincipal.idl \
-		nsIAggregatePrincipal.idl \
 		nsISignatureVerifier.idl \
 		nsISecurityCheckedComponent.idl \
 		$(NULL)
diff --git a/caps/idl/nsIAggregatePrincipal.idl b/caps/idl/nsIAggregatePrincipal.idl
deleted file mode 100644
index 4a7269afe8fe..000000000000
--- a/caps/idl/nsIAggregatePrincipal.idl
+++ /dev/null
@@ -1,60 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1999-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Mitch Stoltz <mstoltz@netscape.com>
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* Defines an interface for aggregate principals. */
-
-%{C++
-#define NS_AGGREGATEPRINCIPAL_CONTRACTID "@mozilla.org/aggregateprincipal;1"
-#define NS_AGGREGATEPRINCIPAL_CLASSNAME "aggregateprincipal"
-%}
-
-#include "nsIPrincipal.idl"
-
-[uuid(1c30a682-1dd2-11b2-ba9b-86a86f300cbc)]
-interface nsIAggregatePrincipal : nsISupports {
-
-    attribute nsIPrincipal certificate;
-    attribute nsIPrincipal codebase;
-    attribute boolean domainChanged;
-    readonly attribute nsIPrincipal originalCodebase;
-    readonly attribute nsIPrincipal primaryChild;
-
-    void intersect(in nsIPrincipal other);
-
-	attribute voidPtr cachedSecurityPolicy;
-};
diff --git a/caps/idl/nsICertificatePrincipal.idl b/caps/idl/nsICertificatePrincipal.idl
deleted file mode 100644
index b8249a11bb8f..000000000000
--- a/caps/idl/nsICertificatePrincipal.idl
+++ /dev/null
@@ -1,53 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1999-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Mitchell Stoltz <mstoltz@netscape.com>
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* Defines an interface for certificate principals. */
-#include "nsIPrincipal.idl"
-#include "nsIZipReader.idl"
-
-%{C++
-#define NS_CERTIFICATEPRINCIPAL_CONTRACTID "@mozilla.org/certificateprincipal;1"
-#define NS_CERTIFICATEPRINCIPAL_CLASSNAME "certificateprincipal"
-%}
-
-[uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
-interface nsICertificatePrincipal : nsISupports {
-
-    readonly attribute string certificateID;
-    attribute string commonName;
-};
diff --git a/caps/idl/nsICodebasePrincipal.idl b/caps/idl/nsICodebasePrincipal.idl
deleted file mode 100644
index b684e6cfbb22..000000000000
--- a/caps/idl/nsICodebasePrincipal.idl
+++ /dev/null
@@ -1,56 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1999
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* Defines an interface for codebase principals. */
-#include "nsIPrincipal.idl"
-interface nsIURI;
-
-%{C++
-#define NS_CODEBASEPRINCIPAL_CONTRACTID "@mozilla.org/codebaseprincipal;1"
-#define NS_CODEBASEPRINCIPAL_CLASSNAME "codebaseprincipal"
-%}
-
-[uuid(829fe440-25e1-11d2-8160-006008119d7a)]
-interface nsICodebasePrincipal : nsISupports {
-
-	readonly attribute nsIURI URI;
-
-	readonly attribute string origin;
-
-	readonly attribute string spec;
-};
-
diff --git a/caps/idl/nsIPrincipal.idl b/caps/idl/nsIPrincipal.idl
index 84fa7a96af7a..44cfbc47514f 100644
--- a/caps/idl/nsIPrincipal.idl
+++ b/caps/idl/nsIPrincipal.idl
@@ -14,12 +14,14 @@
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is 
+ * The Initial Developer of the Original Code is
  * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1999-2000
+ * Portions created by the Initial Developer are Copyright (C) 1999-2003
  * the Initial Developer. All Rights Reserved.
  *
  * Contributor(s):
+ *   Mitchell Stoltz <mstoltz@netscape.com>
+ *   Christopher A. Aillon <christopher@aillon.com>
  *
  *
  * Alternatively, the contents of this file may be used under the terms of
@@ -44,41 +46,108 @@
 struct JSPrincipals;
 %}
 
+interface nsIURI;
+
 [ptr] native JSPrincipals(JSPrincipals);
 
 [uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
 interface nsIPrincipal : nsISerializable
 {
-    // Values of capabilities for each principal. Order is
-    // significant: if an operation is performed on a set
-    // of capabilities, the minimum is computed.
+    /**
+     * Values of capabilities for each principal. Order is
+     * significant: if an operation is performed on a set
+     * of capabilities, the minimum is computed.
+     */
     const short ENABLE_DENIED                = 1;
     const short ENABLE_UNKNOWN               = 2;
     const short ENABLE_WITH_USER_PERMISSION  = 3;
     const short ENABLE_GRANTED               = 4;
 
-    string ToString();
-
-    string ToUserVisibleString();
-
-    void GetPreferences(out string prefName, out string id, 
+    /**
+     * Returns the security preferences associated with this principal.
+     * prefBranch will be set to the pref branch to which these preferences
+     * pertain.  id is a pseudo-unique identifier, pertaining to either the
+     * certificateID or the origin.  grantedList and deniedList are
+     * space-separated lists of capabilities which were explicitly granted
+     * or denied by a pref.
+     */
+    void getPreferences(out string prefBranch, out string id,
                         out string grantedList, out string deniedList);
 
-    boolean Equals(in nsIPrincipal other);
+    /**
+     * Returns whether the other principal is equivalent to this principal.
+     * Principals are considered equal if they are the same principal,
+     * they have the same origin, or have the same certificate ID
+     */
+    boolean equals(in nsIPrincipal other);
 
-    unsigned long HashValue();
+    /**
+     * Returns a hash value for the principal.
+     */
+    readonly attribute unsigned long hashValue;
 
-    JSPrincipals GetJSPrincipals();
+    /**
+     * Returns the JS equivalent of the principal.
+     * @see JSPrincipals.h
+     */
+    readonly attribute JSPrincipals jsPrincipals;
 
-    short CanEnableCapability(in string capability);
+    /**
+     * The domain security policy of the principal.
+     */
+    // XXXcaa should this be here?  The script security manager is the only
+    // thing that should care about this.  Wouldn't storing this data in one
+    // of the hashtables in nsScriptSecurityManager be better?
+    attribute voidPtr securityPolicy;
 
-    void SetCanEnableCapability(in string capability, in short canEnable);
+    // XXXcaa probably should be turned into {get|set}CapabilityFlags
+    short canEnableCapability(in string capability);
+    void setCanEnableCapability(in string capability, in short canEnable);
+    boolean isCapabilityEnabled(in string capability, in voidPtr annotation);
+    void enableCapability(in string capability, inout voidPtr annotation);
+    void revertCapability(in string capability, inout voidPtr annotation);
+    void disableCapability(in string capability, inout voidPtr annotation);
 
-    boolean IsCapabilityEnabled(in string capability, in voidPtr annotation);
-    
-    void EnableCapability(in string capability, inout voidPtr annotation);
+    /**
+     * The codebase URI to which this principal pertains.  This is
+     * generally the document URI.
+     */
+    readonly attribute nsIURI URI;
 
-    void RevertCapability(in string capability, inout voidPtr annotation);
+    /**
+     * The domain URI to which this principal pertains.
+     * This is congruent with HTMLDocument.domain, and may be null.
+     * Setting this has no effect on the URI.
+     */
+    attribute nsIURI domain;
 
-    void DisableCapability(in string capability, inout voidPtr annotation);
+    /**
+     * The origin of this principal's domain, if non-null, or its
+     * codebase URI otherwise. An origin is defined as:
+     * scheme + host + port.
+     */
+    // XXXcaa this should probably be turned into an nsIURI.
+    // The system principal's origin should be some caps namespace
+    // with a chrome URI.  All of chrome should probably be the same.
+    readonly attribute string origin;
+
+    /**
+     * Whether this principal is associated with a certificate.
+     */
+    readonly attribute boolean hasCertificate;
+
+    /**
+     * The fingerprint ID of this principal's certificate.
+     * Throws if there is no certificate associated with this principal.
+     */
+    // XXXcaa kaie says this may not be unique.  We should probably
+    // consider using something else for this....
+    readonly attribute string certificateID;
+
+    /**
+     * The common name for the certificate.
+     * This pertains to the certificate authority organization.
+     * Throws if there is no certificate associated with this principal.
+     */
+    attribute string commonName;
 };
diff --git a/caps/idl/nsIScriptSecurityManager.idl b/caps/idl/nsIScriptSecurityManager.idl
index 41ad9ad0d757..06ea32178576 100644
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@@ -134,23 +134,22 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
      * executing script. Will return null if there is no script 
      * currently executing.
      */
-    nsIPrincipal getSubjectPrincipal();
+    [noscript] nsIPrincipal getSubjectPrincipal();
 
     /**
      * Return the all-powerful system principal.
      */
-    nsIPrincipal getSystemPrincipal();
+    [noscript] nsIPrincipal getSystemPrincipal();
 
     /**
-     * Return a principal that can be QI'd to nsICertificatePrincipal.
+     * Return a principal with the specified certificate ID and codebase URI.
      */
-    nsIPrincipal getCertificatePrincipal(in string CertID);
+    [noscript] nsIPrincipal getCertificatePrincipal(in string CertID, in nsIURI aURI);
 
     /**
-     * Return a principal that can be QI'd to nsICodebasePrincipal and 
-     * has the same origin as aURI.
+     * Return a principal that has the same origin as aURI.
      */
-    nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
+    [noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
 
     ///////////////// Capabilities API /////////////////////
     /**
@@ -159,13 +158,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
      * necessary. Returns nsIPrincipal::ENABLE_GRANTED or
      * nsIPrincipal::ENABLE_DENIED based on user's choice.
      */
-    void requestCapability(in nsIPrincipal principal, in string capability,
-                           out short result);
+    [noscript] short requestCapability(in nsIPrincipal principal,
+                                       in string capability);
     
     /**
      * Return true if the currently executing script has 'capability' enabled.
      */
-    boolean IsCapabilityEnabled(in string capability);
+    boolean isCapabilityEnabled(in string capability);
     
     /**
      * Enable 'capability' in the innermost frame of the currently executing
diff --git a/caps/include/Makefile.in b/caps/include/Makefile.in
index 1b7c9edda603..a08770c1886b 100644
--- a/caps/include/Makefile.in
+++ b/caps/include/Makefile.in
@@ -29,14 +29,8 @@ include $(DEPTH)/config/autoconf.mk
 MODULE		= caps
 
 EXPORTS		= \
-		nsBasePrincipal.h \
-		nsSystemPrincipal.h \
-		nsCertificatePrincipal.h \
-		nsCodebasePrincipal.h \
-		nsAggregatePrincipal.h \
-		nsJSPrincipals.h \
-		nsScriptSecurityManager.h \
-		$(NULL)
+            nsJSPrincipals.h \
+            $(NULL)
 
 include $(topsrcdir)/config/rules.mk
 
diff --git a/caps/include/nsAggregatePrincipal.h b/caps/include/nsAggregatePrincipal.h
deleted file mode 100644
index cacda09a0194..000000000000
--- a/caps/include/nsAggregatePrincipal.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* describes aggregate principals which combine the
-   behavior of one or more other principals */
-
-#ifndef _NS_AGGREGATE_PRINCIPAL_H_
-#define _NS_AGGREGATE_PRINCIPAL_H_
-#include "nsIAggregatePrincipal.h"
-#include "nsICertificatePrincipal.h"
-#include "nsICodebasePrincipal.h"
-#include "nsBasePrincipal.h"
-#include "nsCOMPtr.h"
-
-#define NS_AGGREGATEPRINCIPAL_CID \
-{ 0x867cf414, 0x1dd2, 0x11b2, \
-{ 0x82, 0x66, 0xca, 0x64, 0x3b, 0xbc, 0x35, 0x64 }}
-
-/* 867cf414-1dd2-11b2-8266-ca643bbc3564 */
-class nsAggregatePrincipal : public nsIAggregatePrincipal,
-                             public nsICertificatePrincipal,
-                             public nsICodebasePrincipal,
-                             public nsBasePrincipal 
-{
-public:
-
-    NS_DEFINE_STATIC_CID_ACCESSOR(NS_AGGREGATEPRINCIPAL_CID)
-    NS_DECL_ISUPPORTS
-    NS_DECL_NSISERIALIZABLE
-    NS_DECL_NSIAGGREGATEPRINCIPAL
-    NS_DECL_NSICERTIFICATEPRINCIPAL
-    NS_DECL_NSICODEBASEPRINCIPAL
-
-    NS_IMETHOD 
-    ToString(char **result);
-
-    NS_IMETHOD 
-    ToUserVisibleString(char **result);
-
-    NS_IMETHOD 
-    Equals(nsIPrincipal *other, PRBool *result);
-
-    NS_IMETHOD 
-    HashValue(PRUint32 *result);
-
-    NS_IMETHOD 
-    CanEnableCapability(const char *capability, PRInt16 *result);
-
-    NS_IMETHOD 
-    SetCanEnableCapability(const char *capability, PRInt16 canEnable);
-    
-    NS_IMETHOD 
-    IsCapabilityEnabled(const char *capability, void *annotation, 
-                        PRBool *result);
-
-    NS_IMETHOD 
-    EnableCapability(const char *capability, void **annotation);
-
-    NS_IMETHOD 
-    RevertCapability(const char *capability, void **annotation);
-
-    NS_IMETHOD 
-    DisableCapability(const char *capability, void **annotation);
-    
-    NS_IMETHOD 
-    GetPreferences(char** aPrefName, char** aID, 
-                   char** aGrantedList, char** aDeniedList);
-    
-    nsAggregatePrincipal();
-
-    virtual ~nsAggregatePrincipal(void);
-
-protected:
-    nsCOMPtr<nsIPrincipal> mCertificate;
-    nsCOMPtr<nsIPrincipal> mCodebase;
-    nsCOMPtr<nsIPrincipal> mOriginalCodebase;
-    void* mCachedSecurityPolicy;
-    PRPackedBool mDomainChanged;
-};
-
-#endif // _NS_AGGREGATE_PRINCIPAL_H_
diff --git a/caps/include/nsBasePrincipal.h b/caps/include/nsBasePrincipal.h
deleted file mode 100644
index 56a1fb8cacdd..000000000000
--- a/caps/include/nsBasePrincipal.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.0 (the "NPL"); you may not use this file except in
- * compliance with the NPL.  You may obtain a copy of the NPL at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the NPL is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
- * for the specific language governing rights and limitations under the
- * NPL.
- *
- * The Initial Developer of this code under the NPL is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999-2000 Netscape Communications Corporation.  All Rights
- * Reserved.
- *
- * Contributors:
- * Norris Boyd
- */
-
-/* Shared implementation code for principals. */
-
-#ifndef _NS_BASE_PRINCIPAL_H_
-#define _NS_BASE_PRINCIPAL_H_
-
-#include "jsapi.h"
-#include "nsJSPrincipals.h"
-#include "nsVoidArray.h"
-#include "nsHashtable.h"
-#include "nsIObjectInputStream.h"
-#include "nsIObjectOutputStream.h"
-
-class nsBasePrincipal: public nsIPrincipal {
-public:
-          
-    nsBasePrincipal();
-    
-    virtual ~nsBasePrincipal(void);
-
-    NS_IMETHOD
-    GetJSPrincipals(JSPrincipals **jsprin);
-
-    NS_IMETHOD 
-    CanEnableCapability(const char *capability, PRInt16 *result);
-    
-    NS_IMETHOD 
-    SetCanEnableCapability(const char *capability, PRInt16 canEnable);
-    
-    NS_IMETHOD 
-    IsCapabilityEnabled(const char *capability, void *annotation, 
-                        PRBool *result);
-
-    NS_IMETHOD 
-    EnableCapability(const char *capability, void **annotation);
-
-    NS_IMETHOD 
-    RevertCapability(const char *capability, void **annotation);
-
-    NS_IMETHOD 
-    DisableCapability(const char *capability, void **annotation);
-    
-    NS_IMETHOD 
-    GetPreferences(char** aPrefName, char** aID, 
-                   char** aGrantedList, char** aDeniedList);
-
-    nsresult
-    InitFromPersistent(const char* aPrefName,const char* aID, 
-                       const char* aGrantedList, const char* aDeniedList);
-
-    NS_IMETHOD
-    Read(nsIObjectInputStream* aStream);
-
-    NS_IMETHOD
-    Write(nsIObjectOutputStream* aStream);
-
-    static const char Invalid[];
-
-protected:
-    enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
-
-    NS_IMETHOD
-    SetCapability(const char *capability, void **annotation, 
-                  AnnotationValue value);
-
-    nsJSPrincipals mJSPrincipals;
-    nsVoidArray mAnnotations;
-    nsHashtable *mCapabilities;
-    nsCString mPrefName;
-    static int mCapabilitiesOrdinal;
-};
-
-// special AddRef/Release to unify reference counts between XPCOM 
-//  and JSPrincipals
-
-#define NSBASEPRINCIPALS_ADDREF(className)                                  \
-NS_IMETHODIMP_(nsrefcnt)                                                    \
-className::AddRef(void)                                                     \
-{                                                                           \
-    NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt");              \
-    NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");\
-    nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);\
-    NS_LOG_ADDREF(this, count, #className, sizeof(*this));                  \
-    return count;                                                           \
-}
-
-#define NSBASEPRINCIPALS_RELEASE(className)                                 \
-NS_IMETHODIMP_(nsrefcnt)                                                    \
-className::Release(void)                                                    \
-{                                                                           \
-    NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt");              \
-    NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");            \
-    nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);\
-    NS_LOG_RELEASE(this, count, #className);                                \
-    if (count == 0) {                                                       \
-        NS_DELETEXPCOM(this);                                               \
-        return 0;                                                           \
-    }                                                                       \
-    return count;                                                           \
-}
-
-#endif // _NS_BASE_PRINCIPAL_H_
diff --git a/caps/include/nsCertificatePrincipal.h b/caps/include/nsCertificatePrincipal.h
deleted file mode 100644
index 65976044002c..000000000000
--- a/caps/include/nsCertificatePrincipal.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* describes principals for use with signed scripts */
-
-#ifndef _NS_CERTIFICATE_PRINCIPAL_H_
-#define _NS_CERTIFICATE_PRINCIPAL_H_
-#include "jsapi.h"
-#include "nsICertificatePrincipal.h"
-#include "nsBasePrincipal.h"
-
-class nsIURI;
-
-#define NS_CERTIFICATEPRINCIPAL_CID \
-{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
-{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
-
-class nsCertificatePrincipal : public nsICertificatePrincipal, public nsBasePrincipal 
-{
-public:
-
-    NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPAL_CID)
-    NS_DECL_ISUPPORTS
-    NS_DECL_NSISERIALIZABLE
-    NS_DECL_NSICERTIFICATEPRINCIPAL
-
-    NS_IMETHOD ToString(char **result);
-
-    NS_IMETHOD ToUserVisibleString(char **result);
-    
-    NS_IMETHOD GetPreferences(char** aPrefName, char** aID, 
-                              char** aGrantedList, char** aDeniedList);
-    
-    NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
-
-    NS_IMETHOD HashValue(PRUint32 *result);
-
-    NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
-
-    NS_IMETHOD Init(const char* aCertificateID);
-
-    nsresult InitFromPersistent(const char* aPrefName, const char* aID, 
-                                const char* aGrantedList, const char* aDeniedList);
-
-    nsCertificatePrincipal();
-
-	virtual ~nsCertificatePrincipal(void);
-
-protected:
-    nsCString mCertificateID;
-    nsCString mCommonName;
-};
-
-#endif // _NS_CERTIFICATE_PRINCIPAL_H_
diff --git a/caps/include/nsCodebasePrincipal.h b/caps/include/nsCodebasePrincipal.h
deleted file mode 100644
index 710c54a68098..000000000000
--- a/caps/include/nsCodebasePrincipal.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* describes principals by their orginating URIs */
-
-#ifndef _NS_CODEBASE_PRINCIPAL_H_
-#define _NS_CODEBASE_PRINCIPAL_H_
-
-#include "jsapi.h"
-#include "nsBasePrincipal.h"
-#include "nsICodebasePrincipal.h"
-#include "nsIURI.h"
-#include "nsCOMPtr.h"
-
-#define NS_CODEBASEPRINCIPAL_CID \
-{ 0x7ee2a400, 0x0b91, 0xaad3, \
-{ 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
-
-class nsCodebasePrincipal : public nsBasePrincipal, public nsICodebasePrincipal {
-public:
-    
-    NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
-        
-    NS_DECL_ISUPPORTS
-    NS_DECL_NSISERIALIZABLE
-    NS_DECL_NSICODEBASEPRINCIPAL
-    
-    NS_IMETHOD ToString(char **result);
-
-    NS_IMETHOD ToUserVisibleString(char **result);
-    
-    NS_IMETHOD GetPreferences(char** aPrefName, char** aID, 
-                              char** aGrantedList, char** aDeniedList);
-    
-    NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
-
-    NS_IMETHOD HashValue(PRUint32 *result);
-
-    NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
-
-    nsCodebasePrincipal();
-    
-    nsresult
-    Init(nsIURI *uri);
-
-    nsresult
-    InitFromPersistent(const char* aPrefName, const char* aID, 
-                       const char* aGrantedList, const char* aDeniedList,
-                       PRBool aTrusted);
-
-    virtual ~nsCodebasePrincipal(void);
-    
-protected:
-    nsCOMPtr<nsIURI> mURI;
-    PRBool mTrusted;
-};
-
-#endif // _NS_CODEBASE_PRINCIPAL_H_
diff --git a/caps/include/nsJSPrincipals.h b/caps/include/nsJSPrincipals.h
index d7caf8603919..e35bd1a9afb7 100644
--- a/caps/include/nsJSPrincipals.h
+++ b/caps/include/nsJSPrincipals.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
@@ -36,19 +36,20 @@
  *
  * ***** END LICENSE BLOCK ***** */
 /* describes principals by their orginating uris*/
-#ifndef _NS_JSPRINCIPALS_H_
-#define _NS_JSPRINCIPALS_H_
+
+#ifndef nsJSPrincipals_h__
+#define nsJSPrincipals_h__
 #include "jsapi.h"
 #include "nsIPrincipal.h"
 
-struct nsJSPrincipals : JSPrincipals {
+struct nsJSPrincipals : JSPrincipals
+{
   static nsresult Startup();
   nsJSPrincipals();
-  nsresult Init(char *prin);
+  nsresult Init(nsIPrincipal* aPrincipal, const char *aCodebase);
   ~nsJSPrincipals(void);
 
-  nsIPrincipal *nsIPrincipalPtr;
+  nsIPrincipal *nsIPrincipalPtr; // [WEAK] it owns us.
 };
 
-#endif /* _NS_JSPRINCIPALS_H_ */
-
+#endif /* nsJSPrincipals_h__ */
diff --git a/caps/include/nsPrincipal.h b/caps/include/nsPrincipal.h
index 2cecc55ec926..ed1d64628021 100755
--- a/caps/include/nsPrincipal.h
+++ b/caps/include/nsPrincipal.h
@@ -52,7 +52,6 @@ class nsPrincipal : public nsIPrincipal
 {
 public:
   nsPrincipal();
-  nsPrincipal(nsIURI *aURI);
 
 protected:
   virtual ~nsPrincipal();
@@ -61,23 +60,24 @@ public:
   // Our refcount is managed by mJSPrincipals.  Use this macro to avoid
   // an extra refcount member.
   NS_DECL_ISUPPORTS_INHERITED
-protected:
-  // XXXcaa Probably unnecessary.  See bug 143559.
-  NS_DECL_OWNINGTHREAD
 public:
 
   NS_DECL_NSIPRINCIPAL
   NS_DECL_NSISERIALIZABLE
 
+  // Either Init() or InitFromPersistent() must be called before
+  // the principal is in a usable state.
+  nsresult Init(const char *aCertID, nsIURI *aCodebase);
   nsresult InitFromPersistent(const char* aPrefName,
                               const char* aToken,
                               const char* aGrantedList,
                               const char* aDeniedList,
-                              PRBool aIsCert = PR_FALSE,
-                              PRBool aTrusted = PR_FALSE);
+                              PRBool aIsCert,
+                              PRBool aTrusted);
 
   enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
 
+  void SetURI(nsIURI *aURI);
   nsresult SetCapability(const char *capability, void **annotation, 
                          AnnotationValue value);
 
@@ -104,6 +104,8 @@ protected:
     nsCString commonName;
   };
 
+  nsresult SetCertificate(const char* aCertID, const char* aName);
+
   // Keep this is a pointer, even though it may slightly increase the
   // cost of keeping a certificate, this is a good tradeoff though since
   // it is very rare that we actually have a certificate.
@@ -113,8 +115,8 @@ protected:
 
   nsCOMPtr<nsIURI> mCodebase;
   nsCOMPtr<nsIURI> mDomain;
-  PRUint8 mType;
   PRPackedBool mTrusted;
+  PRPackedBool mInitialized;
 };
 
 
diff --git a/caps/include/nsScriptSecurityManager.h b/caps/include/nsScriptSecurityManager.h
index 5076be2e1fe1..0bf38c06510c 100644
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@@ -22,6 +22,7 @@
  * Contributor(s):
  *  Norris Boyd  <nboyd@atg.com>
  *  Mitch Stoltz <mstoltz@netscape.com>
+ *  Christopher A. Aillon <christopher@aillon.com>
  *
  * Alternatively, the contents of this file may be used under the terms of
  * either the GNU General Public License Version 2 or later (the "GPL"), or
@@ -37,14 +38,15 @@
  *
  * ***** END LICENSE BLOCK ***** */
 
-#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_
-#define _NS_SCRIPT_SECURITY_MANAGER_H_
+#ifndef nsScriptSecurityManager_h__
+#define nsScriptSecurityManager_h__
 
 #include "nsIScriptSecurityManager.h"
 #include "nsIPrincipal.h"
 #include "jsapi.h"
 #include "jsdbgapi.h"
 #include "nsIXPCSecurityManager.h"
+#include "nsInterfaceHashtable.h"
 #include "nsHashtable.h"
 #include "nsCOMPtr.h"
 #include "nsIPrefService.h"
@@ -57,44 +59,86 @@
 class nsIDocShell;
 class nsString;
 class nsIClassInfo;
+class nsIIOService;
+class nsIXPConnect;
 class nsIStringBundle;
 class nsSystemPrincipal;
 struct ClassPolicy;
 
+#if defined(DEBUG_mstoltz) || defined(DEBUG_caillon)
+#define DEBUG_CAPS_HACKER
+#endif
+
+#ifdef DEBUG_CAPS_HACKER
+#define DEBUG_CAPS_CheckPropertyAccessImpl
+#define DEBUG_CAPS_LookupPolicy
+#define DEBUG_CAPS_CheckComponentPermissions
+#endif
+
+#if 0
+#define DEBUG_CAPS_CanCreateWrapper
+#define DEBUG_CAPS_CanCreateInstance
+#define DEBUG_CAPS_CanGetService
+#endif
+
 /////////////////////
-// nsIPrincipalKey //
+// PrincipalKey //
 /////////////////////
 
-class nsIPrincipalKey : public nsHashKey
+class PrincipalKey : public PLDHashEntryHdr
 {
 public:
-    nsIPrincipalKey(nsIPrincipal* key) {
-        mKey = key;
-        NS_IF_ADDREF(mKey);
-    }
-    
-    ~nsIPrincipalKey(void) {
-        NS_IF_RELEASE(mKey);
-    }
-    
-    PRUint32 HashCode(void) const {
-        PRUint32 hash;
-        mKey->HashValue(&hash);
-        return hash;
-    }
-    
-    PRBool Equals(const nsHashKey* aKey) const {
-        PRBool eq;
-        mKey->Equals(((nsIPrincipalKey*) aKey)->mKey, &eq);
-        return eq;
-    }
-    
-    nsHashKey *Clone(void) const {
-        return new nsIPrincipalKey(mKey);
+    typedef const nsIPrincipal* KeyType;
+    typedef const nsIPrincipal* KeyTypePointer;
+
+    PrincipalKey(const nsIPrincipal* key)
+      : mKey(NS_CONST_CAST(nsIPrincipal*, key))
+    {
     }
 
-protected:
-    nsIPrincipal* mKey;
+    PrincipalKey(const PrincipalKey& toCopy)
+      : mKey(toCopy.mKey)
+    {
+    } 
+
+    ~PrincipalKey()
+    {
+    }
+
+    KeyType GetKey() const
+    {
+        return mKey;
+    }
+
+    KeyTypePointer GetKeyPointer() const
+    {
+        return mKey;
+    }
+
+    PRBool KeyEquals(KeyTypePointer aKey) const
+    {
+        PRBool eq;
+        mKey->Equals(NS_CONST_CAST(nsIPrincipal*, aKey),
+                     &eq);
+        return eq;
+    }
+
+    static KeyTypePointer KeyToPointer(KeyType aKey)
+    {
+        return aKey;
+    }
+
+    static PLDHashNumber HashKey(KeyTypePointer aKey)
+    {
+        PRUint32 hash;
+        NS_CONST_CAST(nsIPrincipal*, aKey)->GetHashValue(&hash);
+        return PLDHashNumber(hash);
+    }
+
+    enum { ALLOW_MEMMOVE = PR_TRUE };
+
+private:
+    nsCOMPtr<nsIPrincipal> mKey;
 };
 
 ////////////////////
@@ -214,9 +258,12 @@ class DomainPolicy : public PLDHashTable
 public:
     DomainPolicy() : mWildcardPolicy(nsnull),
                      mRefCount(0)
-                     
     {
-        static PLDHashTableOps domainPolicyOps =
+    }
+
+    PRBool Init()
+    {
+        static const PLDHashTableOps domainPolicyOps =
         {
             PL_DHashAllocTable,
             PL_DHashFreeTable,
@@ -229,8 +276,8 @@ public:
             InitClassPolicyEntry
         };
 
-        PL_DHashTableInit(this, &domainPolicyOps, nsnull,
-                          sizeof(ClassPolicy), 16);
+        return PL_DHashTableInit(this, &domainPolicyOps, nsnull,
+                                 sizeof(ClassPolicy), 16);
     }
 
     ~DomainPolicy()
@@ -394,7 +441,7 @@ private:
     nsresult
     CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
 #endif
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_HACKER
     void
     PrintPolicyDB();
 #endif
@@ -405,8 +452,8 @@ private:
     inline void
     JSEnabledPrefChanged(nsISecurityPref* aSecurityPref);
 
-    static const char* sJSEnabledPrefName;
-    static const char* sJSMailEnabledPrefName;
+    static const char sJSEnabledPrefName[];
+    static const char sJSMailEnabledPrefName[];
 
     nsObjectHashtable* mOriginToPolicyMap;
     DomainPolicy* mDefaultPolicy;
@@ -414,20 +461,22 @@ private:
 
     nsCOMPtr<nsIPrefBranch> mPrefBranch;
     nsCOMPtr<nsISecurityPref> mSecurityPref;
-    nsIPrincipal* mSystemPrincipal;
+    nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     nsCOMPtr<nsIPrincipal> mSystemCertificate;
-    nsSupportsHashtable* mPrincipals;
-    PRBool mIsJavaScriptEnabled;
-    PRBool mIsMailJavaScriptEnabled;
-    PRBool mIsWritingPrefs;
+    nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
     nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
-    PRBool mNameSetRegistered;
-    PRBool mPolicyPrefsChanged;
+    PRPackedBool mIsJavaScriptEnabled;
+    PRPackedBool mIsMailJavaScriptEnabled;
+    PRPackedBool mIsWritingPrefs;
+    PRPackedBool mPolicyPrefsChanged;
 #ifdef XPC_IDISPATCH_SUPPORT    
-    PRBool mXPCDefaultGrantAll;
-    static const char* sXPCDefaultGrantAllName;
+    PRPackedBool mXPCDefaultGrantAll;
+    static const char sXPCDefaultGrantAllName[];
 #endif
 
+    static nsIIOService    *sIOService;
+    static nsIXPConnect    *sXPConnect;
     static nsIStringBundle *sStrBundle;
 };
-#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/
+
+#endif // nsScriptSecurityManager_h__
diff --git a/caps/include/nsSystemPrincipal.h b/caps/include/nsSystemPrincipal.h
index ae31356df2ca..dc65780a3b42 100644
--- a/caps/include/nsSystemPrincipal.h
+++ b/caps/include/nsSystemPrincipal.h
@@ -14,7 +14,7 @@
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is 
+ * The Initial Developer of the Original Code is
  * Netscape Communications Corporation.
  * Portions created by the Initial Developer are Copyright (C) 1999-2000
  * the Initial Developer. All Rights Reserved.
@@ -38,10 +38,11 @@
 
 /* The privileged system principal. */
 
-#ifndef _NS_SYSTEM_PRINCIPAL_H_
-#define _NS_SYSTEM_PRINCIPAL_H_
+#ifndef nsSystemPrincipal_h__
+#define nsSystemPrincipal_h__
 
-#include "nsBasePrincipal.h"
+#include "nsIPrincipal.h"
+#include "nsJSPrincipals.h"
 
 #define NS_SYSTEMPRINCIPAL_CLASSNAME "systemprincipal"
 #define NS_SYSTEMPRINCIPAL_CID \
@@ -50,42 +51,23 @@
 #define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1"
 
 
-class nsSystemPrincipal : public nsBasePrincipal {
+class nsSystemPrincipal : public nsIPrincipal
+{
 public:
-    
-    NS_DECL_ISUPPORTS
+    NS_DECL_ISUPPORTS_INHERITED
+    NS_DECL_NSIPRINCIPAL
     NS_DECL_NSISERIALIZABLE
-    
-    NS_IMETHOD ToString(char **result);
 
-    NS_IMETHOD ToUserVisibleString(char **result);
-
-    NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
-
-    NS_IMETHOD HashValue(PRUint32 *result);
-
-    NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
-
-    NS_IMETHOD SetCanEnableCapability(const char *capability, 
-                                      PRInt16 canEnable);
-
-    NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation, 
-                                   PRBool *result);
-
-    NS_IMETHOD EnableCapability(const char *capability, void * *annotation);
-
-    NS_IMETHOD RevertCapability(const char *capability, void * *annotation);
-
-    NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
-
-    NS_IMETHOD GetPreferences(char** aPrefName, char** aID, 
-                              char** aGrantedList, char** aDeniedList);
-    
-    NS_IMETHOD Init();
+    nsresult Init();
 
     nsSystemPrincipal();
 
+protected:
     virtual ~nsSystemPrincipal(void);
+
+    nsJSPrincipals mJSPrincipals;
+    // XXX Probably unnecessary.  See bug 143559.
+    NS_DECL_OWNINGTHREAD
 };
 
-#endif // _NS_SYSTEM_PRINCIPAL_H_
+#endif // nsSystemPrincipal_h__
diff --git a/caps/src/Makefile.in b/caps/src/Makefile.in
index 390c192b536e..d4fccf9899c1 100644
--- a/caps/src/Makefile.in
+++ b/caps/src/Makefile.in
@@ -50,11 +50,8 @@ REQUIRES	= xpcom \
 		  $(NULL)
 
 CPPSRCS		= \
-		nsBasePrincipal.cpp \
+		nsPrincipal.cpp \
 		nsSystemPrincipal.cpp \
-		nsCertificatePrincipal.cpp \
-		nsCodebasePrincipal.cpp \
-		nsAggregatePrincipal.cpp \
 		nsJSPrincipals.cpp \
 		nsScriptSecurityManager.cpp \
 		nsSecurityManagerFactory.cpp \
diff --git a/caps/src/nsAggregatePrincipal.cpp b/caps/src/nsAggregatePrincipal.cpp
deleted file mode 100644
index a7a82d3392d1..000000000000
--- a/caps/src/nsAggregatePrincipal.cpp
+++ /dev/null
@@ -1,479 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Mitch Stoltz <mstoltz@netscape.com>
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*describes principals which combine one or more principals*/
-#include "nsAggregatePrincipal.h"
-#include "nsIURI.h"
-
-static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID);
-
-NS_IMPL_QUERY_INTERFACE5_CI(nsAggregatePrincipal, nsIAggregatePrincipal, 
-                            nsICertificatePrincipal, nsICodebasePrincipal,
-                            nsIPrincipal, nsISerializable)
-NS_IMPL_CI_INTERFACE_GETTER5(nsAggregatePrincipal, nsIAggregatePrincipal, 
-                             nsICertificatePrincipal, nsICodebasePrincipal,
-                             nsIPrincipal, nsISerializable)
-
-NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal)
-NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal)
-
-//////////////////////////////////////////////////
-// Methods implementing nsICertificatePrincipal //
-//////////////////////////////////////////////////
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetCertificateID(char** aCertificateID)
-{
-    if (!mCertificate)
-    {
-        *aCertificateID = nsnull;
-        return NS_OK;
-    }
-
-    nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
-    return certificate->GetCertificateID(aCertificateID);
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetCommonName(char** aCommonName)
-{
-    if (!mCertificate)
-    {
-        *aCommonName = nsnull;
-        return NS_OK;
-    }
-
-    nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
-    return certificate->GetCommonName(aCommonName);
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::SetCommonName(const char* aCommonName)
-{
-    if (!mCertificate)
-        return NS_ERROR_FAILURE;
-
-    nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
-    return certificate->SetCommonName(aCommonName);
-}
-
-///////////////////////////////////////////////
-// Methods implementing nsICodebasePrincipal //
-///////////////////////////////////////////////
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetURI(nsIURI** aURI)
-{
-    if (!mCodebase)
-    {
-        *aURI = nsnull;
-        return NS_ERROR_FAILURE;
-    }
-
-    nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
-    return codebase->GetURI(aURI);
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetOrigin(char** aOrigin)
-{
-    if (!mCodebase)
-    {
-        *aOrigin = nsnull;
-        return NS_ERROR_FAILURE;
-    }
-
-    nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
-    return codebase->GetOrigin(aOrigin);
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetSpec(char** aSpec)
-{
-    if (!mCodebase)
-    {
-        *aSpec = nsnull;
-        return NS_ERROR_FAILURE;
-    }
-
-    nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
-    return codebase->GetSpec(aSpec);
-}
-
-////////////////////////////////////////////////
-// Methods implementing nsIAggregatePrincipal //
-////////////////////////////////////////////////
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetCertificate(nsIPrincipal** result)
-{
-    *result = mCertificate;
-    NS_IF_ADDREF(*result);
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetCodebase(nsIPrincipal** result)
-{
-    *result = mCodebase;
-    NS_IF_ADDREF(*result);
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate)
-{
-    nsresult rv;
-    //-- Make sure this really is a certificate principal
-    if (aCertificate)
-    {
-        nsCOMPtr<nsICertificatePrincipal> tempCertificate = 
-            do_QueryInterface(aCertificate, &rv);
-        if (NS_FAILED(rv))
-            return NS_ERROR_FAILURE;
-    }
-
-    //-- If aCertificate is an aggregate, get its underlying certificate
-    nsCOMPtr<nsIAggregatePrincipal> agg = 
-        do_QueryInterface(aCertificate, &rv);
-    if (NS_SUCCEEDED(rv))
-    {
-        nsCOMPtr<nsIPrincipal> underlying;
-        rv = agg->GetCertificate(getter_AddRefs(underlying));
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        mCertificate = underlying.get();
-    }
-    else
-        mCertificate = aCertificate;
-    // New certificate, so forget cached security policy
-    mCachedSecurityPolicy = nsnull;
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
-{
-    nsresult rv;
-    nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
-
-    //-- If newCodebase is an aggregate, get its underlying codebase
-    nsCOMPtr<nsIAggregatePrincipal> agg = 
-        do_QueryInterface(newCodebase, &rv);
-    if (NS_SUCCEEDED(rv))
-    {
-        rv = agg->GetCodebase(getter_AddRefs(newCodebase));
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-    }
-    else
-    { //-- Make sure this really is a codebase principal
-        nsCOMPtr<nsICodebasePrincipal> tempCodebase = 
-            do_QueryInterface(newCodebase, &rv);
-        if (NS_FAILED(rv))
-            return NS_ERROR_FAILURE;
-    }
-
-    mCodebase = newCodebase;
-
-    //-- If this is the first codebase set, remember it.
-    if (!mOriginalCodebase)
-        mOriginalCodebase = newCodebase;
-    else
-    {
-        mDomainChanged = PR_TRUE;
-        // Codebase has changed, forget cached security policy
-        mCachedSecurityPolicy = nsnull;
-    }
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
-{
-    NS_ENSURE_ARG_POINTER(aOriginalCodebase);
-
-    *aOriginalCodebase = mOriginalCodebase;
-    NS_IF_ADDREF(*aOriginalCodebase);
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild)
-{
-    //-- If a certificate is present, then that's the PrimaryChild principal.
-    //   Otherwise we use the codebase.
-    if (mCertificate)
-        *aPrimaryChild = mCertificate.get();
-    else if (mCodebase)
-        *aPrimaryChild = mCodebase.get();
-    else
-    {
-        *aPrimaryChild = nsnull;
-        return NS_ERROR_FAILURE;
-    }
-
-    NS_IF_ADDREF(*aPrimaryChild);
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::Intersect(nsIPrincipal* other)
-{
-    NS_ASSERTION(mCodebase, "Principal without codebase");
-
-    if (mCertificate)
-    {
-        PRBool sameCert = PR_FALSE;
-        if (NS_FAILED(mCertificate->Equals(other, &sameCert)))
-            return NS_ERROR_FAILURE;
-        if (!sameCert)
-            SetCertificate(nsnull);
-    }
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::SetDomainChanged(PRBool aDomainChanged)
-{
-    mDomainChanged = aDomainChanged;
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetDomainChanged(PRBool* aDomainChanged)
-{
-    *aDomainChanged = mDomainChanged;
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::GetCachedSecurityPolicy(void** aCachedSecurityPolicy)
-{
-    *aCachedSecurityPolicy = mCachedSecurityPolicy;
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::SetCachedSecurityPolicy(void* aCachedSecurityPolicy)
-{
-    mCachedSecurityPolicy = aCachedSecurityPolicy;
-    return NS_OK;
-}
-
-
-///////////////////////////////////////
-// Methods implementing nsIPrincipal //
-///////////////////////////////////////
-NS_IMETHODIMP 
-nsAggregatePrincipal::ToString(char **result)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->ToString(result);
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::ToUserVisibleString(char **result)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->ToUserVisibleString(result);
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
-{
-    *result = PR_FALSE;
-    if (this == other) {
-        *result = PR_TRUE;
-        return NS_OK;
-    }
-    if (!other)
-        return NS_OK;
-    
-    nsresult rv;
-    nsCOMPtr<nsIAggregatePrincipal> otherAgg = 
-        do_QueryInterface(other, &rv);
-    if (NS_FAILED(rv))
-        return NS_OK;
-       //-- Two aggregates are equal if both codebase and certificate are equal
-    PRBool certEqual = PR_TRUE;
-    if (mCertificate)
-    {
-        rv = mCertificate->Equals(other, &certEqual);
-        if(NS_FAILED(rv)) return rv;
-    }
-    PRBool cbEqual = PR_TRUE;
-    if (mCodebase)
-    {
-        rv = mCodebase->Equals(other, &cbEqual);
-        if(NS_FAILED(rv)) return rv;
-    }
-    if (mCertificate || mCodebase) // At least one must be present
-        *result = certEqual && cbEqual;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::HashValue(PRUint32 *result)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->HashValue(result);
-}
-
-NS_IMETHODIMP 
-nsAggregatePrincipal::CanEnableCapability(const char *capability,
-                                          PRInt16 *result)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->CanEnableCapability(capability, result);
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::SetCanEnableCapability(const char *capability, 
-                                             PRInt16 canEnable)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->SetCanEnableCapability(capability, canEnable);
-}   
-
-NS_IMETHODIMP
-nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation, 
-                                          PRBool *result)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->IsCapabilityEnabled(capability, annotation, result);
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->EnableCapability(capability, annotation);
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->RevertCapability(capability, annotation);
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->DisableCapability(capability, annotation);
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::GetPreferences(char** aPrefName, char** aID, 
-                                     char** aGrantedList, char** aDeniedList)
-{
-    nsCOMPtr<nsIPrincipal> PrimaryChild;
-    if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
-        return NS_ERROR_FAILURE;
-    return PrimaryChild->GetPreferences(aPrefName, aID, 
-                                          aGrantedList, aDeniedList);
-}
-
-//////////////////////////////////////////
-// Methods implementing nsISerializable //
-//////////////////////////////////////////
-
-NS_IMETHODIMP
-nsAggregatePrincipal::Read(nsIObjectInputStream* aStream)
-{
-    nsresult rv;
-
-    rv = nsBasePrincipal::Read(aStream);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCertificate));
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCodebase));
-    if (NS_FAILED(rv)) return rv;
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
-{
-    nsresult rv;
-
-    rv = nsBasePrincipal::Write(aStream);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_WriteOptionalObject(aStream, mCertificate, PR_TRUE);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIPrincipal), PR_TRUE);
-    if (NS_FAILED(rv)) return rv;
-
-    return NS_OK;
-}
-
-/////////////////////////////////////////////
-// Constructor, Destructor, initialization //
-/////////////////////////////////////////////
-
-nsAggregatePrincipal::nsAggregatePrincipal() : mCachedSecurityPolicy(nsnull),
-                                               mDomainChanged(PR_FALSE)
-{
-}
-
-nsAggregatePrincipal::~nsAggregatePrincipal()
-{
-}
diff --git a/caps/src/nsBasePrincipal.cpp b/caps/src/nsBasePrincipal.cpp
deleted file mode 100644
index 71e7b75c9cd9..000000000000
--- a/caps/src/nsBasePrincipal.cpp
+++ /dev/null
@@ -1,421 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.0 (the "NPL"); you may not use this file except in
- * compliance with the NPL.  You may obtain a copy of the NPL at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the NPL is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
- * for the specific language governing rights and limitations under the
- * NPL.
- *
- * The Initial Developer of this code under the NPL is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999-2000 Netscape Communications Corporation.  All Rights
- * Reserved.
- * 
- * Contributor(s):
- * Norris Boyd
- * Mitch Stoltz
- */
-
-#include "nscore.h"
-#include "nsBasePrincipal.h"
-#include "nsScriptSecurityManager.h"
-#include "nsString.h"
-#include "nsReadableUtils.h"
-#include "plstr.h"
-#include "nsCRT.h"
-
-//////////////////////////
-
-nsBasePrincipal::nsBasePrincipal()
-    : mCapabilities(nsnull)
-{
-}
-
-PR_STATIC_CALLBACK(PRBool)
-deleteElement(void* aElement, void *aData)
-{
-    nsHashtable *ht = (nsHashtable *) aElement;
-    delete ht;
-    return PR_TRUE;
-}
-
-nsBasePrincipal::~nsBasePrincipal(void)
-{
-    mAnnotations.EnumerateForwards(deleteElement, nsnull);
-    delete mCapabilities;
-}
-
-NS_IMETHODIMP
-nsBasePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
-{
-    if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
-        mJSPrincipals.nsIPrincipalPtr = this;
-        // No need for a ADDREF since it is a self-reference
-    }
-    *jsprin = &mJSPrincipals;
-    JSPRINCIPALS_HOLD(cx, *jsprin);
-    return NS_OK;
-}
-
-const char
-nsBasePrincipal::Invalid[] = "Invalid";
-
-NS_IMETHODIMP 
-nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
-{
-    if (!mCapabilities) {
-        *result = nsIPrincipal::ENABLE_UNKNOWN;
-        return NS_OK;
-    }
-    else // If this principal is marked invalid, can't enable any capabilities
-    {
-        nsCStringKey invalidKey(Invalid);
-        if (mCapabilities->Exists(&invalidKey))
-        {
-           *result = nsIPrincipal::ENABLE_DENIED;
-           return NS_OK;
-        }
-    }
-
-    const char *start = capability;
-    *result = nsIPrincipal::ENABLE_GRANTED;
-    for(;;) {
-        const char *space = PL_strchr(start, ' ');
-        int len = space ? space - start : strlen(start);
-        nsCAutoString capString(start, len);
-        nsCStringKey key(capString);
-        PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities->Get(&key));
-        if (value == 0)
-            value = nsIPrincipal::ENABLE_UNKNOWN;
-        if (value < *result)
-            *result = value;
-        if (!space)
-            return NS_OK;
-        start = space + 1;
-    }
-    /* NOTREACHED */
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsBasePrincipal::SetCanEnableCapability(const char *capability, 
-                                        PRInt16 canEnable)
-{
-    if (!mCapabilities) {
-        mCapabilities = new nsHashtable(7);
-        if (!mCapabilities)
-            return NS_ERROR_OUT_OF_MEMORY;
-    }
-    else // If this principal is marked invalid, can't enable any capabilities
-    {
-        nsCStringKey invalidKey(Invalid);
-        if (mCapabilities->Exists(&invalidKey))
-            return NS_OK;
-    }
-
-    if (PL_strcmp(capability, Invalid) == 0)
-        mCapabilities->Reset();
-
-    const char *start = capability;
-    for(;;) {
-        const char *space = PL_strchr(start, ' ');
-        int len = space ? space - start : strlen(start);
-        nsCAutoString capString(start, len);
-        nsCStringKey key(capString);
-        mCapabilities->Put(&key, (void *) canEnable);
-        if (!space)
-            return NS_OK;
-        start = space + 1;
-    }
-    /* NOTREACHED */
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsBasePrincipal::IsCapabilityEnabled(const char *capability, void *annotation, 
-                                     PRBool *result)
-{
-    *result = PR_FALSE;
-    nsHashtable *ht = (nsHashtable *) annotation;
-    if (!ht) {
-        return NS_OK;
-    }
-    const char *start = capability;
-    for(;;) {
-        const char *space = PL_strchr(start, ' ');
-        int len = space ? space - start : strlen(start);
-        nsCAutoString capString(start, len);
-        nsCStringKey key(capString);
-        *result = (ht->Get(&key) == (void *) AnnotationEnabled);
-        if (!*result) {
-            // If any single capability is not enabled, then return false.
-            return NS_OK;
-        }
-        if (!space)
-            return NS_OK;
-        start = space + 1;
-    }
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsBasePrincipal::EnableCapability(const char *capability, void **annotation) 
-{
-    return SetCapability(capability, annotation, AnnotationEnabled);
-}
-
-NS_IMETHODIMP 
-nsBasePrincipal::DisableCapability(const char *capability, void **annotation) 
-{
-    return SetCapability(capability, annotation, AnnotationDisabled);
-}
-
-NS_IMETHODIMP 
-nsBasePrincipal::RevertCapability(const char *capability, void **annotation) 
-{
-    if (*annotation) {
-        nsHashtable *ht = (nsHashtable *) *annotation;
-        const char *start = capability;
-        for(;;) {
-            const char *space = PL_strchr(start, ' ');
-            int len = space ? space - start : strlen(start);
-            nsCAutoString capString(start, len);
-            nsCStringKey key(capString);
-            ht->Remove(&key);
-            if (!space)
-                return NS_OK;
-            start = space + 1;
-        }
-    }
-    return NS_OK;
-}    
-
-NS_IMETHODIMP
-nsBasePrincipal::SetCapability(const char *capability, void **annotation,
-                               AnnotationValue value) 
-{
-    if (*annotation == nsnull) {
-        *annotation = new nsHashtable(5);
-        if (!*annotation)
-             return NS_ERROR_OUT_OF_MEMORY;
-        // This object owns its annotations. Save them so we can release
-        // them when we destroy this object.
-        mAnnotations.AppendElement(*annotation);
-    }
-
-    const char *start = capability;
-    for(;;) {
-        const char *space = PL_strchr(start, ' ');
-        int len = space ? space - start : strlen(start);
-        nsCAutoString capString(start, len);
-        nsCStringKey key(capString);
-        nsHashtable *ht = (nsHashtable *) *annotation;
-        ht->Put(&key, (void *) value);
-        if (!space)
-            return NS_OK;
-        start = space + 1;
-    }
-    /* NOTREACHED */
-    return NS_OK;
-}
-
-int nsBasePrincipal::mCapabilitiesOrdinal = 0;
-
-nsresult
-nsBasePrincipal::InitFromPersistent(const char* aPrefName, const char* aID, 
-                                    const char* aGrantedList, const char* aDeniedList)
-{
-    //-- Empty the capability table
-    if (mCapabilities)
-        mCapabilities->Reset();
-
-    //-- Save the preference name
-    mPrefName = aPrefName;
-
-    const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890");
-    if (ordinalBegin) {
-        int  n = atoi(ordinalBegin);
-         if (mCapabilitiesOrdinal <= n)
-            mCapabilitiesOrdinal = n+1;
-    }
-    
-    //-- Store the capabilities
-    if (aGrantedList)
-        if(NS_FAILED(SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED))) 
-            return NS_ERROR_FAILURE;
-    if (aDeniedList)
-        if(NS_FAILED(SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED))) 
-            return NS_ERROR_FAILURE;
-    return NS_OK;
-}
-
-struct CapabilityList
-{
-    nsCString* granted;
-    nsCString* denied;
-};
-
-PR_STATIC_CALLBACK(PRBool)
-AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
-{
-    CapabilityList* capList = (CapabilityList*)capListPtr;
-    PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData);
-    nsCStringKey* key = (nsCStringKey *)aKey;
-    if (value == nsIPrincipal::ENABLE_GRANTED)
-    {
-        capList->granted->Append(key->GetString(), key->GetStringLength());
-        capList->granted->Append(' ');
-    }
-    else if (value == nsIPrincipal::ENABLE_DENIED)
-    {
-        capList->denied->Append(key->GetString(), key->GetStringLength());
-        capList->denied->Append(' ');
-    }
-    return PR_TRUE;
-}
-
-NS_IMETHODIMP 
-nsBasePrincipal::GetPreferences(char** aPrefName, char** aID, 
-                                char** aGrantedList, char** aDeniedList)
-{
-    //-- Preference name
-    *aPrefName = ToNewCString(mPrefName);
-    if (!aPrefName)
-        return NS_ERROR_OUT_OF_MEMORY;
-
-    //-- ID
-    if (NS_FAILED(ToString(aID)))
-        return NS_ERROR_FAILURE;
-
-    //-- Capabilities
-    *aGrantedList = nsnull;
-    *aDeniedList = nsnull;
-    if (mCapabilities) {
-        nsCAutoString grantedListStr;
-        nsCAutoString deniedListStr;
-        CapabilityList* capList = new CapabilityList();
-        capList->granted = &grantedListStr;
-        capList->denied = &deniedListStr;        
-        mCapabilities->Enumerate(AppendCapability, (void*)capList);
-        if (!grantedListStr.IsEmpty())
-        {
-            grantedListStr.Truncate(grantedListStr.Length()-1);
-            *aGrantedList = ToNewCString(grantedListStr);
-            if (!*aGrantedList) return NS_ERROR_OUT_OF_MEMORY;
-        }
-        if (!deniedListStr.IsEmpty())
-        {
-            deniedListStr.Truncate(deniedListStr.Length()-1);
-            *aDeniedList = ToNewCString(deniedListStr);
-            if (!*aDeniedList) return NS_ERROR_OUT_OF_MEMORY;
-        }
-    }
-    return NS_OK;
-}
-
-PR_STATIC_CALLBACK(nsresult)
-ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey,
-                    void** aData)
-{
-    nsresult rv;
-    nsCStringKey* key = new nsCStringKey(aStream, &rv);
-    if (NS_FAILED(rv)) return rv;
-
-    PRUint32 value;
-    rv = aStream->Read32(&value);
-    if (NS_FAILED(rv)) {
-        delete key;
-        return rv;
-    }
-
-    *aKey = key;
-    *aData = (void*) value;
-    return NS_OK;
-}
-
-PR_STATIC_CALLBACK(void)
-FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey,
-                    void* aData)
-{
-    if (aKey)
-        delete NS_STATIC_CAST(nsCStringKey*, aKey);
-}
-
-nsresult
-nsBasePrincipal::Read(nsIObjectInputStream* aStream)
-{
-    nsresult rv;
-
-    PRUint32 annotationCount;
-    rv = aStream->Read32(&annotationCount);
-    if (NS_FAILED(rv)) return rv;
-
-    for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
-        nsHashtable *ht = new nsHashtable(aStream,
-                                          ReadAnnotationEntry,
-                                          FreeAnnotationEntry,
-                                          &rv);
-        NS_ASSERTION(NS_SUCCEEDED(rv) || ht == nsnull,
-                     "failure but non-null return from nsHashtable ctor!");
-        if (NS_FAILED(rv)) return rv;
-
-        if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) {
-            delete ht;
-            return NS_ERROR_OUT_OF_MEMORY;
-        }
-    }
-
-    PRBool hasCapabilities;
-    rv = aStream->ReadBoolean(&hasCapabilities);
-    if (NS_SUCCEEDED(rv) && hasCapabilities) {
-        mCapabilities = new nsHashtable(aStream,
-                                        ReadAnnotationEntry,
-                                        FreeAnnotationEntry,
-                                        &rv);
-    }
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_ReadOptionalCString(aStream, mPrefName);
-    if (NS_FAILED(rv)) return rv;
-
-    return NS_OK;
-}
-
-PR_STATIC_CALLBACK(nsresult)
-WriteScalarValue(nsIObjectOutputStream* aStream, void* aData)
-{
-    PRUint32 value = NS_PTR_TO_INT32(aData);
-
-    return aStream->Write32(value);
-}
-
-nsresult
-nsBasePrincipal::Write(nsIObjectOutputStream* aStream)
-{
-    nsresult rv;
-
-    PRUint32 annotationCount = PRUint32(mAnnotations.Count());
-    rv = aStream->Write32(annotationCount);
-    if (NS_FAILED(rv)) return rv;
-
-    for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
-        nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]);
-        rv = ht->Write(aStream, WriteScalarValue);
-        if (NS_FAILED(rv)) return rv;
-    }
-
-    PRBool hasCapabilities = (mCapabilities != nsnull);
-    rv = aStream->WriteBoolean(hasCapabilities);
-    if (NS_SUCCEEDED(rv) && hasCapabilities)
-        rv = mCapabilities->Write(aStream, WriteScalarValue);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_WriteOptionalStringZ(aStream, mPrefName.get());
-    if (NS_FAILED(rv)) return rv;
-
-    return NS_OK;
-}
diff --git a/caps/src/nsCertificatePrincipal.cpp b/caps/src/nsCertificatePrincipal.cpp
deleted file mode 100644
index 4db838cb2293..000000000000
--- a/caps/src/nsCertificatePrincipal.cpp
+++ /dev/null
@@ -1,227 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Mitch Stoltz <mstoltz@netscape.com>
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*describes principals for use in signed scripts*/
-#include "nsCertificatePrincipal.h"
-#include "prmem.h"
-#include "nsCOMPtr.h"
-#include "nsReadableUtils.h"
-#include "nsCRT.h"
-
-static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
-
-NS_IMPL_QUERY_INTERFACE3_CI(nsCertificatePrincipal,
-                            nsICertificatePrincipal,
-                            nsIPrincipal,
-                            nsISerializable)
-NS_IMPL_CI_INTERFACE_GETTER3(nsCertificatePrincipal,
-                             nsICertificatePrincipal,
-                             nsIPrincipal,
-                             nsISerializable)
-
-NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal)
-NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal)
-
-//////////////////////////////////////////////////
-// Methods implementing nsICertificatePrincipal //
-//////////////////////////////////////////////////
-NS_IMETHODIMP
-nsCertificatePrincipal::GetCertificateID(char** aCertificateID) 
-{
-    *aCertificateID = ToNewCString(mCertificateID);
-    return *aCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
-}
-
-NS_IMETHODIMP
-nsCertificatePrincipal::GetCommonName(char** aCommonName)
-{
-    *aCommonName = ToNewCString(mCommonName);
-    return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
-}
-
-NS_IMETHODIMP
-nsCertificatePrincipal::SetCommonName(const char* aCommonName)
-{
-    mCommonName = aCommonName;
-    return NS_OK;
-}
-
-///////////////////////////////////////
-// Methods implementing nsIPrincipal //
-///////////////////////////////////////
-NS_IMETHODIMP 
-nsCertificatePrincipal::CanEnableCapability(const char *capability,
-                                            PRInt16 *result)
-{
-    if(NS_FAILED(nsBasePrincipal::CanEnableCapability(capability, result)))
-        return NS_ERROR_FAILURE;
-    if (*result == nsIPrincipal::ENABLE_UNKNOWN)
-        *result = ENABLE_WITH_USER_PERMISSION;
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsCertificatePrincipal::ToString(char **result)
-{
-    return GetCertificateID(result);
-}
-
-NS_IMETHODIMP 
-nsCertificatePrincipal::ToUserVisibleString(char **result)
-{
-    return GetCommonName(result);
-}
-
-NS_IMETHODIMP 
-nsCertificatePrincipal::GetPreferences(char** aPrefName, char** aID, 
-                                       char** aGrantedList, char** aDeniedList)
-{
-    if (mPrefName.IsEmpty()) {
-        mPrefName.Assign("capability.principal.certificate.p");
-        mPrefName.AppendInt(mCapabilitiesOrdinal++);
-        mPrefName.Append(".id");
-    }
-    return nsBasePrincipal::GetPreferences(aPrefName, aID, 
-                                           aGrantedList, aDeniedList);
-}
-
-NS_IMETHODIMP
-nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
-{
-    *result = PR_FALSE;
-    if (this == other) {
-        *result = PR_TRUE;
-        return NS_OK;
-    }
-    if (!other)
-        return NS_OK;
-    nsresult rv;
-    nsCOMPtr<nsICertificatePrincipal> otherCertificate = 
-        do_QueryInterface(other, &rv);
-    if (NS_FAILED(rv))
-        return NS_OK;
-    //-- Compare cert ID's
-    char* otherID;
-    rv = otherCertificate->GetCertificateID(&otherID);
-    if (NS_FAILED(rv)) 
-    {
-        PR_FREEIF(otherID);
-        return rv;
-    }
-    *result = mCertificateID.Equals(otherID);
-    PR_FREEIF(otherID);
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsCertificatePrincipal::HashValue(PRUint32 *result)
-{
-    char* str;
-    if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE;
-    *result = nsCRT::HashCode(str, nsnull);
-    nsCRT::free(str);
-    return NS_OK;
-}
-
-//////////////////////////////////////////
-// Methods implementing nsISerializable //
-//////////////////////////////////////////
-
-NS_IMETHODIMP
-nsCertificatePrincipal::Read(nsIObjectInputStream* aStream)
-{
-    nsresult rv;
-
-    rv = nsBasePrincipal::Read(aStream);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = aStream->ReadCString(mCertificateID);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_ReadOptionalCString(aStream, mCommonName);
-    if (NS_FAILED(rv)) return rv;
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsCertificatePrincipal::Write(nsIObjectOutputStream* aStream)
-{
-    nsresult rv;
-
-    rv = nsBasePrincipal::Write(aStream);
-    if (NS_FAILED(rv)) return rv;
-
-    rv = aStream->WriteStringZ(mCertificateID.get());
-    if (NS_FAILED(rv)) return rv;
-
-    rv = NS_WriteOptionalStringZ(aStream, mCommonName.get());
-    if (NS_FAILED(rv)) return rv;
-
-    return NS_OK;
-}
-
-/////////////////////////////////////////////
-// Constructor, Destructor, initialization //
-/////////////////////////////////////////////
-nsresult
-nsCertificatePrincipal::InitFromPersistent(const char* aPrefName, const char*  aCertID, 
-                                           const char* aGrantedList, const char* aDeniedList)
-{
-    if (NS_FAILED(Init(aCertID))) 
-        return NS_ERROR_FAILURE;
-    
-    return nsBasePrincipal::InitFromPersistent(aPrefName, aCertID, 
-                                               aGrantedList, aDeniedList);
-}
-
-NS_IMETHODIMP
-nsCertificatePrincipal::Init(const char* aCertificateID)
-{
-    mCertificateID = aCertificateID;
-    return NS_OK;
-}
-
-nsCertificatePrincipal::nsCertificatePrincipal()
-{
-}
-
-nsCertificatePrincipal::~nsCertificatePrincipal()
-{
-}
diff --git a/caps/src/nsCodebasePrincipal.cpp b/caps/src/nsCodebasePrincipal.cpp
deleted file mode 100644
index 8279e527c424..000000000000
--- a/caps/src/nsCodebasePrincipal.cpp
+++ /dev/null
@@ -1,310 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: NPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Netscape Public License
- * Version 1.1 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is 
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1999-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the NPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the NPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* Describes principals by their orginating uris */
-
-#include "nsCodebasePrincipal.h"
-#include "nsIComponentManager.h"
-#include "nsIServiceManager.h"
-#include "nsNetUtil.h"
-#include "nsIURL.h"
-#include "nsIJARURI.h"
-#include "nsCOMPtr.h"
-#include "nsIPrefBranch.h"
-#include "nsIPrefService.h"
-#include "nsXPIDLString.h"
-#include "nsReadableUtils.h"
-#include "nsCRT.h"
-#include "nsScriptSecurityManager.h"
-
-NS_IMPL_QUERY_INTERFACE3_CI(nsCodebasePrincipal,
-                            nsICodebasePrincipal,
-                            nsIPrincipal,
-                            nsISerializable)
-NS_IMPL_CI_INTERFACE_GETTER3(nsCodebasePrincipal,
-                             nsICodebasePrincipal,
-                             nsIPrincipal,
-                             nsISerializable)
-
-NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal)
-NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal)
-
-///////////////////////////////////////
-// Methods implementing nsIPrincipal //
-///////////////////////////////////////
-NS_IMETHODIMP
-nsCodebasePrincipal::ToString(char **result)
-{
-    *result = nsnull;
-    PRBool isFile = PR_TRUE;
-    if(NS_FAILED(mURI->SchemeIs("file", &isFile)))
-        return NS_ERROR_FAILURE;
-
-    if (isFile)
-    {
-        nsCOMPtr<nsIURL> url(do_QueryInterface(mURI));
-        if (url)
-        {
-            nsCAutoString directory;
-            nsresult rv = url->GetDirectory(directory);
-            if (NS_FAILED(rv))
-                return rv;
-            nsCAutoString fileName;
-            rv = url->GetFileName(fileName);
-            if (NS_FAILED(rv))
-                return rv;
-            *result =
-                ToNewCString(NS_LITERAL_CSTRING("file://") + directory + fileName);
-            if (!*result)
-                return NS_ERROR_OUT_OF_MEMORY;
-            return NS_OK;
-        }
-    }
-    return GetOrigin(result);
-}
-
-NS_IMETHODIMP
-nsCodebasePrincipal::ToUserVisibleString(char **result)
-{
-    return ToString(result);
-}
-
-NS_IMETHODIMP 
-nsCodebasePrincipal::GetPreferences(char** aPrefName, char** aID, 
-                                    char** aGrantedList, char** aDeniedList)
-{
-    if (mPrefName.IsEmpty())
-	{
-        mPrefName.Assign("capability.principal.codebase.p");
-        mPrefName.AppendInt(mCapabilitiesOrdinal++);
-        mPrefName.Append(".id");
-    }
-    return nsBasePrincipal::GetPreferences(aPrefName, aID, 
-                                           aGrantedList, aDeniedList);
-}
-
-NS_IMETHODIMP
-nsCodebasePrincipal::HashValue(PRUint32 *result)
-{
-    nsXPIDLCString spec;
-    if (NS_FAILED(GetSpec(getter_Copies(spec))))
-        return NS_ERROR_FAILURE;
-    *result = nsCRT::HashCode(spec, nsnull);
-    return NS_OK;
-}
-
-NS_IMETHODIMP 
-nsCodebasePrincipal::CanEnableCapability(const char *capability, 
-                                         PRInt16 *result)
-{
-    // Either this principal must be preconfigured as a trusted source
-    // (mTrusted), or else the codebase principal pref must be enabled
-    if (!mTrusted)
-    {
-        static char pref[] = "signed.applets.codebase_principal_support";
-        nsCOMPtr<nsIPrefBranch> prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID));
-        if (!prefBranch)
-            return NS_ERROR_FAILURE;
-        PRBool enabled;
-        if (NS_FAILED(prefBranch->GetBoolPref(pref, &enabled)) || !enabled) 
-        {
-            // Deny unless subject is executing from file: or resource: 
-            PRBool isFile = PR_FALSE;
-            PRBool isRes = PR_FALSE;
-
-            if (NS_FAILED(mURI->SchemeIs("file", &isFile)) || 
-                NS_FAILED(mURI->SchemeIs("resource", &isRes)) ||
-                (!isFile && !isRes))
-            {
-                *result = nsIPrincipal::ENABLE_DENIED;
-                return NS_OK;
-            }
-        }
-    }
-    nsBasePrincipal::CanEnableCapability(capability, result);
-    if (*result == nsIPrincipal::ENABLE_UNKNOWN)
-        *result = ENABLE_WITH_USER_PERMISSION;
-    return NS_OK;
-}
-
-///////////////////////////////////////////////
-// Methods implementing nsICodebasePrincipal //
-///////////////////////////////////////////////
-
-NS_IMETHODIMP
-nsCodebasePrincipal::GetURI(nsIURI **uri) 
-{
-    *uri = mURI;
-    NS_ADDREF(*uri);
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsCodebasePrincipal::GetOrigin(char **origin) 
-{
-    nsresult rv;
-    nsCAutoString hostPort;
-    if (NS_SUCCEEDED(mURI->GetHostPort(hostPort)))
-    {
-        nsCAutoString scheme;
-        rv = mURI->GetScheme(scheme);
-        NS_ENSURE_SUCCESS(rv, rv);
-        *origin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
-    }        
-    else
-    {
-        // Some URIs (e.g., nsSimpleURI) don't support host. Just
-        // get the full spec.
-        nsCAutoString spec;
-        rv = mURI->GetSpec(spec);
-        NS_ENSURE_SUCCESS(rv, rv);
-        *origin = ToNewCString(spec);
-    }
-
-    return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
-}
-
-NS_IMETHODIMP
-nsCodebasePrincipal::GetSpec(char **spec) 
-{
-    nsCAutoString buf;
-    nsresult rv = mURI->GetSpec(buf);
-    if (NS_FAILED(rv)) return rv;
-
-    *spec = ToNewCString(buf);
-    return *spec ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
-}
-
-NS_IMETHODIMP
-nsCodebasePrincipal::Equals(nsIPrincipal *aOther, PRBool *result)
-{
-    if (this == aOther) 
-    {
-	 *result = PR_TRUE;
-	 return NS_OK;
-    }
-    *result = PR_FALSE;
-    if (!aOther)
-        return NS_OK;
-
-    // Get a URI from the other principal
-    nsCOMPtr<nsICodebasePrincipal> otherCodebase(
-        do_QueryInterface(aOther));
-    if (!otherCodebase)
-    {
-        // Other principal is not a codebase, so return false
-        return NS_OK;
-    }
-    nsCOMPtr<nsIURI> otherURI;
-    otherCodebase->GetURI(getter_AddRefs(otherURI));
-
-    NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE);
-    return nsScriptSecurityManager::GetScriptSecurityManager()
-           ->SecurityCompareURIs(mURI, otherURI, result);
-}
-
-//////////////////////////////////////////
-// Methods implementing nsISerializable //
-//////////////////////////////////////////
-
-NS_IMETHODIMP
-nsCodebasePrincipal::Read(nsIObjectInputStream* aStream)
-{
-    nsresult rv;
-
-    rv = nsBasePrincipal::Read(aStream);
-    if (NS_FAILED(rv)) return rv;
-
-    return aStream->ReadObject(PR_TRUE, getter_AddRefs(mURI));
-}
-
-NS_IMETHODIMP
-nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream)
-{
-    nsresult rv;
-
-    rv = nsBasePrincipal::Write(aStream);
-    if (NS_FAILED(rv)) return rv;
-
-    return aStream->WriteCompoundObject(mURI, NS_GET_IID(nsIURI), PR_TRUE);
-}
-
-/////////////////////////////////////////////
-// Constructor, Destructor, initialization //
-/////////////////////////////////////////////
-
-nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE)
-{
-}
-
-nsresult
-nsCodebasePrincipal::Init(nsIURI *uri)
-{
-    nsCAutoString codebase;
-    if (uri == nsnull || NS_FAILED(uri->GetSpec(codebase))) 
-        return NS_ERROR_FAILURE;
-    if (NS_FAILED(mJSPrincipals.Init(ToNewCString(codebase))))
-        return NS_ERROR_FAILURE;
-    // JSPrincipals::Init adopts its input
-    mURI = uri;
-    return NS_OK;
-}
-
-// This method overrides nsBasePrincipal::InitFromPersistent
-nsresult
-nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr, 
-                                        const char* aGrantedList, const char* aDeniedList,
-                                        PRBool aTrusted)
-{
-    nsresult rv;
-    nsCOMPtr<nsIURI> uri;
-    rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aURLStr), nsnull);
-    NS_ASSERTION(NS_SUCCEEDED(rv), "Malformed URI in security.principal preference.");
-    if (NS_FAILED(rv)) return rv;
-
-    if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE;
-    // XXX: Add check for trusted = SSL only here?
-    mTrusted = aTrusted;
-
-    return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr, 
-                                               aGrantedList, aDeniedList);
-}
-
-nsCodebasePrincipal::~nsCodebasePrincipal()
-{
-}
diff --git a/caps/src/nsJSPrincipals.cpp b/caps/src/nsJSPrincipals.cpp
index 09e768212354..81f64dd3e82b 100644
--- a/caps/src/nsJSPrincipals.cpp
+++ b/caps/src/nsJSPrincipals.cpp
@@ -35,7 +35,10 @@
  * the terms of any one of the NPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-#include "nsCodebasePrincipal.h"
+
+#include "nsString.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIObjectInputStream.h"
 #include "nsJSPrincipals.h"
 #include "plstr.h"
 #include "nsXPIDLString.h"
@@ -138,7 +141,7 @@ nsTranscodeJSPrincipals(JSXDRState *xdr, JSPrincipals **jsprinp)
                     nsMemory::Free(olddata);
                     ::JS_XDRMemSetData(xdr, data, size);
 
-                    prin->GetJSPrincipals(jsprinp);
+                    prin->GetJsPrincipals(jsprinp);
                 }
             }
         }
@@ -183,9 +186,18 @@ nsJSPrincipals::nsJSPrincipals()
 }
 
 nsresult
-nsJSPrincipals::Init(char *aCodebase)
+nsJSPrincipals::Init(nsIPrincipal *aPrincipal, const char *aCodebase)
 {
-    codebase = aCodebase;
+    if (nsIPrincipalPtr) {
+        NS_ERROR("Init called twice!");
+        return NS_ERROR_UNEXPECTED;
+    }
+
+    nsIPrincipalPtr = aPrincipal;
+    codebase = PL_strdup(aCodebase);
+    if (!codebase)
+        return NS_ERROR_OUT_OF_MEMORY;
+
     return NS_OK;
 }
 
diff --git a/caps/src/nsPrincipal.cpp b/caps/src/nsPrincipal.cpp
index 7c87a8d1bd23..f0a0f67a0876 100755
--- a/caps/src/nsPrincipal.cpp
+++ b/caps/src/nsPrincipal.cpp
@@ -58,13 +58,6 @@ PRInt32 nsPrincipal::sCapabilitiesOrdinal = 0;
 const char nsPrincipal::sInvalid[] = "Invalid";
 
 
-nsPrincipal::nsPrincipal()
-  : mCapabilities(7),
-    mSecurityPolicy(nsnull)
-{
-}
-
-
 NS_IMPL_QUERY_INTERFACE2_CI(nsPrincipal,
                             nsIPrincipal,
                             nsISerializable)
@@ -95,12 +88,44 @@ nsPrincipal::Release()
   return count;
 }
 
-nsPrincipal::nsPrincipal(nsIURI *aURI)
-  : mSecurityPolicy(nsnull),
-    mCodebase(aURI)
+nsPrincipal::nsPrincipal()
+  : mCapabilities(7),
+    mSecurityPolicy(nsnull),
+    mTrusted(PR_FALSE),
+    mInitialized(PR_FALSE)
 {
 }
 
+nsresult
+nsPrincipal::Init(const char *aCertID, nsIURI *aCodebase)
+{
+  NS_ENSURE_STATE(!mInitialized);
+  NS_ENSURE_ARG_POINTER(aCertID || aCodebase); // better have one of these.
+
+  mInitialized = PR_TRUE;
+
+  mCodebase = aCodebase;
+
+  nsresult rv;
+  if (aCertID) {
+    rv = SetCertificate(aCertID, nsnull);
+    if (NS_SUCCEEDED(rv)) {
+      rv = mJSPrincipals.Init(this, aCertID);
+    }
+  }
+  else {
+    nsCAutoString spec;
+    rv = mCodebase->GetSpec(spec);
+    if (NS_SUCCEEDED(rv)) {
+      rv = mJSPrincipals.Init(this, spec.get());
+    }
+  }
+
+  NS_WARN_IF_FALSE(NS_SUCCEEDED(rv), "nsPrincipal::Init() failed");
+
+  return rv;
+}
+
 
 PR_STATIC_CALLBACK(PRBool)
 deleteElement(void* aElement, void *aData)
@@ -118,10 +143,7 @@ nsPrincipal::~nsPrincipal(void)
 NS_IMETHODIMP
 nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
 {
-  if (!mJSPrincipals.nsIPrincipalPtr) {
-    // Don't addref here, since we are referencing each other.
-    mJSPrincipals.nsIPrincipalPtr = this;
-  }
+  NS_PRECONDITION(mJSPrincipals.nsIPrincipalPtr, "mJSPrincipals is uninitalized!");
 
   *jsprin = &mJSPrincipals;
 
@@ -135,8 +157,13 @@ nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
 NS_IMETHODIMP
 nsPrincipal::GetOrigin(char **aOrigin)
 {
+  *aOrigin = nsnull;
+
   nsIURI* uri = mDomain ? mDomain : mCodebase;
-  NS_ASSERTION(uri, "No Domain or Codebase");
+  if (!uri) {
+    NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
+    return NS_ERROR_FAILURE;
+  }
 
   nsCAutoString hostPort;
 
@@ -202,9 +229,8 @@ nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult)
 
       nsXPIDLCString otherCertID;
       aOther->GetCertificateID(getter_Copies(otherCertID));
-      if (!otherCertID.Equals(mCert->certificateID)) {
-        return NS_OK;
-      }
+      *aResult = otherCertID.Equals(mCert->certificateID);
+      return NS_OK;
     }
 
     // Codebases are equal if they have the same origin.
@@ -409,30 +435,25 @@ nsPrincipal::GetURI(nsIURI** aURI)
   return NS_OK;
 }
 
-NS_IMETHODIMP
+void
 nsPrincipal::SetURI(nsIURI* aURI)
 {
   mCodebase = aURI;
-  mDomain = nsnull;
-  // Codebase has changed, forget cached security policy
-  mSecurityPolicy = nsnull;
-
-  return NS_OK;
 }
 
-NS_IMETHODIMP
-nsPrincipal::SetCertificateID(const char* aID)
+
+nsresult
+nsPrincipal::SetCertificate(const char* aID, const char* aName)
 {
-  if (!aID) {
-    mCert = nsnull;
-    return NS_OK;
+  NS_ENSURE_STATE(!mCert);
+
+  if (!aID && !aName) {
+    return NS_ERROR_INVALID_POINTER;
   }
 
+  mCert = new Certificate(aID, aName);
   if (!mCert) {
-    mCert = new Certificate(aID, "");
-    if (!mCert) {
-      return NS_ERROR_OUT_OF_MEMORY;
-    }
+    return NS_ERROR_OUT_OF_MEMORY;
   }
 
   return NS_OK;
@@ -526,31 +547,30 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
                   "mCapabilities was already initialized?");
   NS_PRECONDITION(mAnnotations.Count() == 0,
                   "mAnnotations was already initialized?");
+  NS_PRECONDITION(!mInitialized, "We were already initialized?");
 
+  mInitialized = PR_TRUE;
+
+  nsresult rv;
   if (aIsCert) {
-    SetCertificateID(aToken);
+    rv = SetCertificate(aToken, nsnull);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
   }
   else {
-    nsresult rv = NS_NewURI(getter_AddRefs(mCodebase), aToken, nsnull);
+    rv = NS_NewURI(getter_AddRefs(mCodebase), aToken, nsnull);
     if (NS_FAILED(rv)) {
       NS_ERROR("Malformed URI in capability.principal preference.");
       return rv;
     }
 
-    nsCAutoString token;
-    rv = mCodebase->GetSpec(token);
-    if (NS_FAILED(rv)) {
-      return rv;
-    }
-
-    rv = mJSPrincipals.Init(PL_strdup(token.get()));
-    if (NS_FAILED(rv)) {
-      return rv;
-    }
-
     mTrusted = aTrusted;
   }
 
+  rv = mJSPrincipals.Init(this, aToken);
+  NS_ENSURE_SUCCESS(rv, rv);
+
   //-- Save the preference name
   mPrefName = aPrefName;
 
@@ -563,7 +583,7 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
   }
 
   //-- Store the capabilities
-  nsresult rv = NS_OK;
+  rv = NS_OK;
   if (aGrantedList) {
     rv = SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED);
   }
diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
index 3d74bf066c45..57fb86ce6fd3 100644
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -23,7 +23,7 @@
  * Norris Boyd
  * Mitch Stoltz
  * Steve Morse
- *
+ * Christopher A. Aillon
  *
  * Alternatively, the contents of this file may be used under the terms of
  * either the GNU General Public License Version 2 or later (the "GPL"), or
@@ -47,9 +47,7 @@
 #include "nspr.h"
 #include "nsJSPrincipals.h"
 #include "nsSystemPrincipal.h"
-#include "nsCodebasePrincipal.h"
-#include "nsCertificatePrincipal.h"
-#include "nsAggregatePrincipal.h"
+#include "nsPrincipal.h"
 #include "nsXPIDLString.h"
 #include "nsCRT.h"
 #include "nsIJSContextStack.h"
@@ -61,7 +59,7 @@
 #include "nsTextFormatter.h"
 #include "nsIStringBundle.h"
 #include "nsNetUtil.h"
-#include "nsDirectoryService.h"
+#include "nsIProperties.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsIFile.h"
 #include "nsIZipReader.h"
@@ -80,14 +78,12 @@
 #include "nsIJSRuntimeService.h"
 #include "nsIObserverService.h"
 #include "nsIContent.h"
+#include "nsAutoPtr.h"
 
-static NS_DEFINE_IID(kIStringBundleServiceIID, NS_ISTRINGBUNDLESERVICE_IID);
-static NS_DEFINE_IID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
-static NS_DEFINE_CID(kCScriptNameSetRegistryCID,
-                     NS_SCRIPT_NAMESET_REGISTRY_CID);
 static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
-static NS_DEFINE_IID(kObserverServiceIID, NS_IOBSERVERSERVICE_IID);
 
+nsIIOService    *nsScriptSecurityManager::sIOService = nsnull;
+nsIXPConnect    *nsScriptSecurityManager::sXPConnect = nsnull;
 nsIStringBundle *nsScriptSecurityManager::sStrBundle = nsnull;
 
 ///////////////////////////
@@ -118,8 +114,10 @@ class ClassInfoData
 {
 public:
     ClassInfoData(nsIClassInfo *aClassInfo, const char *aName)
-        : mClassInfo(aClassInfo), mDidGetFlags(PR_FALSE),
-          mName(NS_CONST_CAST(char *, aName)), mMustFreeName(PR_FALSE)
+        : mClassInfo(aClassInfo),
+          mName(NS_CONST_CAST(char *, aName)),
+          mDidGetFlags(PR_FALSE),
+          mMustFreeName(PR_FALSE)
     {
     }
 
@@ -176,10 +174,10 @@ public:
 
 private:
     nsIClassInfo *mClassInfo; // WEAK
-    PRBool mDidGetFlags;
     PRUint32 mFlags;
     char *mName;
-    PRBool mMustFreeName;
+    PRPackedBool mDidGetFlags;
+    PRPackedBool mMustFreeName;
 };
  
 JSContext *
@@ -219,7 +217,6 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
                                              nsIURI* aTargetURI,
                                              PRBool* result)
 {
-    nsresult rv;
     *result = PR_FALSE;
 
     if (aSourceURI == aTargetURI)
@@ -227,7 +224,8 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
         *result = PR_TRUE;
         return NS_OK;
     }
-    if (aTargetURI == nsnull) 
+
+    if (!aTargetURI) 
     {
         // return false
         return NS_OK;
@@ -251,25 +249,20 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
 
     // Compare schemes
     nsCAutoString targetScheme;
-    rv = targetBaseURI->GetScheme(targetScheme);
+    nsresult rv = targetBaseURI->GetScheme(targetScheme);
     nsCAutoString sourceScheme;
     if (NS_SUCCEEDED(rv))
         rv = sourceBaseURI->GetScheme(sourceScheme);
-    if (NS_SUCCEEDED(rv) && 
-        targetScheme.Equals(sourceScheme, nsCaseInsensitiveCStringComparator())) 
+    if (NS_SUCCEEDED(rv) && targetScheme.Equals(sourceScheme))
     {
-        if (targetScheme.Equals(NS_LITERAL_CSTRING("file"),
-            nsCaseInsensitiveCStringComparator()))
+        if (targetScheme.Equals(NS_LITERAL_CSTRING("file")))
         {
             // All file: urls are considered to have the same origin.
             *result = PR_TRUE;
         }
-        else if (targetScheme.Equals(NS_LITERAL_CSTRING("imap"),
-                                     nsCaseInsensitiveCStringComparator()) ||
-                 targetScheme.Equals(NS_LITERAL_CSTRING("mailbox"),
-                                     nsCaseInsensitiveCStringComparator()) ||
-                 targetScheme.Equals(NS_LITERAL_CSTRING("news"),
-                                     nsCaseInsensitiveCStringComparator()))
+        else if (targetScheme.Equals(NS_LITERAL_CSTRING("imap")) ||
+                 targetScheme.Equals(NS_LITERAL_CSTRING("mailbox")) ||
+                 targetScheme.Equals(NS_LITERAL_CSTRING("news")))
         {
             // Each message is a distinct trust domain; use the 
             // whole spec for comparison
@@ -306,34 +299,22 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
                 // for that scheme.
                 if (!*result && (sourcePort == -1 || targetPort == -1))
                 {
+                    NS_ENSURE_STATE(sIOService);
+
                     PRInt32 defaultPort;
-                    //XXX had to hard-code the defualt port for http(s) here.
-                    //    remove this after darin fixes bug 113206
-                    if (sourceScheme.Equals(NS_LITERAL_CSTRING("http"),
-                                            nsCaseInsensitiveCStringComparator()))
-                        defaultPort = 80;
-                    else if (sourceScheme.Equals(NS_LITERAL_CSTRING("https"),
-                                                 nsCaseInsensitiveCStringComparator()))
-                        defaultPort = 443;
-                    else
+                    nsCOMPtr<nsIProtocolHandler> protocolHandler;
+                    rv = sIOService->GetProtocolHandler(sourceScheme.get(),
+                                                        getter_AddRefs(protocolHandler));
+                    if (NS_FAILED(rv))
                     {
-                        nsCOMPtr<nsIIOService> ioService(
-                            do_GetService(NS_IOSERVICE_CONTRACTID));
-                        if (!ioService)
-                            return NS_ERROR_FAILURE;
-                        nsCOMPtr<nsIProtocolHandler> protocolHandler;
-                        rv = ioService->GetProtocolHandler(sourceScheme.get(),
-                                                           getter_AddRefs(protocolHandler));
-                        if (NS_FAILED(rv))
-                        {
-                            *result = PR_FALSE;
-                            return NS_OK;
-                        }
-                    
-                        rv = protocolHandler->GetDefaultPort(&defaultPort);
-                        if (NS_FAILED(rv) || defaultPort == -1)
-                            return NS_OK; // No default port for this scheme
+                        *result = PR_FALSE;
+                        return NS_OK;
                     }
+                    
+                    rv = protocolHandler->GetDefaultPort(&defaultPort);
+                    if (NS_FAILED(rv) || defaultPort == -1)
+                        return NS_OK; // No default port for this scheme
+
                     if (sourcePort == -1)
                         sourcePort = defaultPort;
                     else if (targetPort == -1)
@@ -533,9 +514,7 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
         return NS_OK;
     }
 
-    PRBool equals = PR_FALSE;
-    rv = sourcePrincipal->Equals(mSystemPrincipal, &equals);
-    if (NS_SUCCEEDED(rv) && equals)
+    if (sourcePrincipal == mSystemPrincipal)
     {
         // This is a system (chrome) script, so allow access
         return NS_OK;
@@ -544,16 +523,12 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
     // Get the original URI from the source principal.
     // This has the effect of ignoring any change to document.domain
     // which must be done to avoid DNS spoofing (bug 154930)
-    nsCOMPtr<nsIAggregatePrincipal> sourceAgg(do_QueryInterface(sourcePrincipal, &rv));
-    NS_ENSURE_SUCCESS(rv, rv); // If it's not a system principal, it must be an aggregate
-    nsCOMPtr<nsIPrincipal> sourceOriginal;
-    rv = sourceAgg->GetOriginalCodebase(getter_AddRefs(sourceOriginal));
-    NS_ENSURE_SUCCESS(rv, rv);
-    nsCOMPtr<nsICodebasePrincipal> sourceCodebase(do_QueryInterface(sourcePrincipal, &rv));
-    NS_ENSURE_SUCCESS(rv, rv);
     nsCOMPtr<nsIURI> sourceURI;
-    rv = sourceCodebase->GetURI(getter_AddRefs(sourceURI));
-    NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
+    sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
+    if (!sourceURI) {
+      sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
+      NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
+    }
 
     // Compare origins
     PRBool sameOrigin = PR_FALSE;
@@ -609,9 +584,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
     if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(subjectPrincipal))))
         return NS_ERROR_FAILURE;
 
-    PRBool equals;
-    if (!subjectPrincipal ||
-        NS_SUCCEEDED(subjectPrincipal->Equals(mSystemPrincipal, &equals)) && equals)
+    if (!subjectPrincipal || subjectPrincipal == mSystemPrincipal)
         // We have native code or the system principal: just allow access
         return NS_OK;
 
@@ -619,7 +592,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
     // Hold the class info data here so we don't have to go back to virtual
     // methods all the time
     ClassInfoData classInfoData(aClassInfo, aClassName);
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
     nsCAutoString propertyName;
     propertyName.AssignWithConversion((PRUnichar*)JSValIDToString(cx, aProperty));
     printf("### CanAccess(%s.%s, %i) ", classInfoData.GetName(), 
@@ -651,14 +624,14 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
         switch (securityLevel.level)
         {
         case SCRIPT_SECURITY_NO_ACCESS:
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
             printf("noAccess ");
 #endif
             rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
             break;
 
         case SCRIPT_SECURITY_ALL_ACCESS:
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
             printf("allAccess ");
 #endif
             rv = NS_OK;
@@ -666,7 +639,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
 
         case SCRIPT_SECURITY_SAME_ORIGIN_ACCESS:
             {
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
                 printf("sameOrigin ");
 #endif
                 nsCOMPtr<nsIPrincipal> objectPrincipal;
@@ -695,7 +668,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
                 break;
             }
         default:
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
                 printf("ERROR ");
 #endif
             NS_ERROR("Bad Security Level Value");
@@ -704,7 +677,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
     }
     else // if SECURITY_ACCESS_LEVEL_FLAG is false, securityLevel is a capability
     {
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
         printf("Cap:%s ", securityLevel.capability);
 #endif
         PRBool capabilityEnabled = PR_FALSE;
@@ -728,7 +701,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
 
     if (NS_SUCCEEDED(rv))
     {
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
     printf(" GRANTED.\n");
 #endif
         return rv;
@@ -772,7 +745,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
         }
     }
     rv = CheckXPCPermissions(aObj, objectSecurityLevel);
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
     if(NS_SUCCEEDED(rv))
         printf("CheckXPCPerms GRANTED.\n");
     else
@@ -805,21 +778,20 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
         // We need to keep our existing failure rv and not override it
         // with a likely success code from the following string bundle
         // call in order to throw the correct security exception later.
-        nsresult rv2 = sStrBundle->FormatStringFromName(PromiseFlatString(stringName).get(),
+        nsresult rv2 = sStrBundle->FormatStringFromName(stringName.get(),
                                                         formatStrings,
                                                         NS_ARRAY_LENGTH(formatStrings),
                                                         getter_Copies(errorMsg));
         NS_ENSURE_SUCCESS(rv2, rv2);
- 
+
         JS_SetPendingException(cx,
             STRING_TO_JSVAL(JS_NewUCStringCopyZ(cx,
                 NS_REINTERPRET_CAST(const jschar*, errorMsg.get()))));
 
-        nsCOMPtr<nsIXPConnect> xpc = do_GetService(nsIXPConnect::GetCID());
-        if (xpc)
+        if (sXPConnect)
         {
             nsCOMPtr<nsIXPCNativeCallContext> xpcCallContext;
-            xpc->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext));
+            sXPConnect->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext));
             if (xpcCallContext)
                 xpcCallContext->SetExceptionWasThrown(PR_TRUE);
         }
@@ -839,8 +811,20 @@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal(nsIPrincipal* aSubject
     if (aSubject == aObject)
         return NS_OK;
 
+    nsCOMPtr<nsIURI> subjectURI;
+    nsCOMPtr<nsIURI> objectURI;
+    aSubject->GetDomain(getter_AddRefs(subjectURI));
+    if (!subjectURI) {
+      aSubject->GetURI(getter_AddRefs(subjectURI));
+    }
+
+    aObject->GetDomain(getter_AddRefs(objectURI));
+    if (!objectURI) {
+      aObject->GetURI(getter_AddRefs(objectURI));
+    }
+
     PRBool isSameOrigin = PR_FALSE;
-    nsresult rv = aSubject->Equals(aObject, &isSameOrigin);
+    nsresult rv = SecurityCompareURIs(subjectURI, objectURI, &isSameOrigin);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (isSameOrigin)
@@ -856,32 +840,23 @@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal(nsIPrincipal* aSubject
         if (aIsCheckConnect)
             return NS_OK;
 
-        nsCOMPtr<nsIAggregatePrincipal> subjectAgg(do_QueryInterface(aSubject, &rv));
-        NS_ENSURE_SUCCESS(rv, rv);
-        PRBool subjectDomainChanged = PR_FALSE;
-        subjectAgg->GetDomainChanged(&subjectDomainChanged);
+        nsCOMPtr<nsIURI> subjectDomain;
+        aSubject->GetDomain(getter_AddRefs(subjectDomain));
 
-        nsCOMPtr<nsIAggregatePrincipal> objectAgg(do_QueryInterface(aObject, &rv));
-        NS_ENSURE_SUCCESS(rv, rv);
-        PRBool objectDomainChanged = PR_FALSE;
-        objectAgg->GetDomainChanged(&objectDomainChanged);
+        nsCOMPtr<nsIURI> objectDomain;
+        aObject->GetDomain(getter_AddRefs(objectDomain));
 
         // If both or neither explicitly set their domain, allow the access
-        if (!(subjectDomainChanged || objectDomainChanged) ||
-            (subjectDomainChanged && objectDomainChanged))
+        if (!subjectDomain == !objectDomain)
             return NS_OK;
     }
 
     // Allow access to about:blank
-    nsCOMPtr<nsICodebasePrincipal> objectCodebase(do_QueryInterface(aObject));
-    if (objectCodebase)
-    {
-        nsXPIDLCString origin;
-        rv = objectCodebase->GetOrigin(getter_Copies(origin));
-        NS_ENSURE_SUCCESS(rv, rv);
-        if (nsCRT::strcasecmp(origin, "about:blank") == 0)
-            return NS_OK;
-    }
+    nsXPIDLCString origin;
+    rv = aObject->GetOrigin(getter_Copies(origin));
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (nsCRT::strcasecmp(origin, "about:blank") == 0)
+        return NS_OK;
 
     /*
     ** Access tests failed, so now report error.
@@ -942,24 +917,17 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
     }
 
     DomainPolicy* dpolicy = nsnull;
-    nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(aPrincipal));
-    NS_ASSERTION(agg, "Subject principal not an aggregate - this shouldn't happen");
-    if (agg)
-        agg->GetCachedSecurityPolicy((void**)&dpolicy);
+    aPrincipal->GetSecurityPolicy((void**)&dpolicy);
 
     if (!dpolicy && mOriginToPolicyMap)
     {
         //-- Look up the relevant domain policy, if any
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_LookupPolicy
         printf("DomainLookup ");
 #endif
 
-        nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(aPrincipal));
-        if (!codebase)
-            return NS_ERROR_FAILURE;
-
         nsXPIDLCString origin;
-        if (NS_FAILED(rv = codebase->GetOrigin(getter_Copies(origin))))
+        if (NS_FAILED(rv = aPrincipal->GetOrigin(getter_Copies(origin))))
             return rv;
  
         const char *start = origin;
@@ -1001,7 +969,7 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
         if (!dpolicy)
             dpolicy = mDefaultPolicy;
 
-        agg->SetCachedSecurityPolicy((void*)dpolicy);
+        aPrincipal->SetSecurityPolicy((void*)dpolicy);
     }
 
     ClassPolicy* cpolicy = nsnull;
@@ -1015,14 +983,14 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
 
     if (!cpolicy)
     { //-- No cached policy for this class, need to look it up
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_LookupPolicy
         printf("ClassLookup ");
 #endif
 
-        cpolicy = NS_REINTERPRET_CAST(ClassPolicy*,
-                                      PL_DHashTableOperate(dpolicy,
-                                                           aClassName,
-                                                           PL_DHASH_LOOKUP));
+        cpolicy = NS_STATIC_CAST(ClassPolicy*,
+                                 PL_DHashTableOperate(dpolicy,
+                                                      aClassName,
+                                                      PL_DHASH_LOOKUP));
 
         if (PL_DHASH_ENTRY_IS_FREE(cpolicy))
             cpolicy = NO_POLICY_FOR_CLASS;
@@ -1033,10 +1001,10 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
     PropertyPolicy* ppolicy = nsnull;
     if (cpolicy != NO_POLICY_FOR_CLASS)
     {
-        ppolicy = NS_REINTERPRET_CAST(PropertyPolicy*,
-                                      PL_DHashTableOperate(cpolicy->mPolicy,
-                                                           (void*)aProperty,
-                                                           PL_DHASH_LOOKUP));
+        ppolicy = NS_STATIC_CAST(PropertyPolicy*,
+                                 PL_DHashTableOperate(cpolicy->mPolicy,
+                                                      (void*)aProperty,
+                                                      PL_DHASH_LOOKUP));
     }
     else
     {
@@ -1048,27 +1016,27 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
         if (dpolicy->mWildcardPolicy)
         {
             ppolicy =
-              NS_REINTERPRET_CAST(PropertyPolicy*,
-                                  PL_DHashTableOperate(dpolicy->mWildcardPolicy->mPolicy,
-                                                       (void*)aProperty,
-                                                       PL_DHASH_LOOKUP));
+              NS_STATIC_CAST(PropertyPolicy*,
+                             PL_DHashTableOperate(dpolicy->mWildcardPolicy->mPolicy,
+                                                  (void*)aProperty,
+                                                  PL_DHASH_LOOKUP));
         }
 
         // If there's no wildcard policy, check the default policy for this class
         if (!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy))
         {
-            cpolicy = NS_REINTERPRET_CAST(ClassPolicy*,
-                                          PL_DHashTableOperate(mDefaultPolicy,
-                                                               aClassName,
-                                                               PL_DHASH_LOOKUP));
+            cpolicy = NS_STATIC_CAST(ClassPolicy*,
+                                     PL_DHashTableOperate(mDefaultPolicy,
+                                                          aClassName,
+                                                          PL_DHASH_LOOKUP));
 
             if (PL_DHASH_ENTRY_IS_BUSY(cpolicy))
             {
                 ppolicy =
-                  NS_REINTERPRET_CAST(PropertyPolicy*,
-                                      PL_DHashTableOperate(cpolicy->mPolicy,
-                                                           (void*)aProperty,
-                                                           PL_DHASH_LOOKUP));
+                  NS_STATIC_CAST(PropertyPolicy*,
+                                 PL_DHashTableOperate(cpolicy->mPolicy,
+                                                      (void*)aProperty,
+                                                      PL_DHASH_LOOKUP));
             }
         }
     }
@@ -1099,19 +1067,13 @@ nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI)
         return NS_OK;
 
     // The system principal can load all URIs.
-    PRBool equals = PR_FALSE;
-    if (NS_FAILED(principal->Equals(mSystemPrincipal, &equals)))
-        return NS_ERROR_FAILURE;
-    if (equals)
+    if (principal == mSystemPrincipal)
         return NS_OK;
 
-    // Otherwise, principal should have a codebase that we can use to
+    // Otherwise, principal should have a codebase URI that we can use to
     // do the remaining tests.
-    nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal));
-    if (!codebase)
-        return NS_ERROR_FAILURE;
     nsCOMPtr<nsIURI> uri;
-    if (NS_FAILED(codebase->GetURI(getter_AddRefs(uri))))
+    if (NS_FAILED(principal->GetURI(getter_AddRefs(uri))))
         return NS_ERROR_FAILURE;
     if (NS_SUCCEEDED(CheckLoadURI(uri, aURI, nsIScriptSecurityManager::STANDARD )))
         return NS_OK;
@@ -1160,7 +1122,7 @@ nsScriptSecurityManager::GetBaseURIScheme(nsIURI* aURI, char** aScheme)
     {
         rv = uri->GetPath(path);
         if (NS_FAILED(rv)) return rv;
-        rv = NS_NewURI(getter_AddRefs(uri), path, nsnull);
+        rv = NS_NewURI(getter_AddRefs(uri), path, nsnull, nsnull, sIOService);
         if (NS_FAILED(rv)) return rv;
         rv = uri->GetScheme(scheme);
         if (NS_FAILED(rv)) return rv;
@@ -1364,11 +1326,10 @@ nsScriptSecurityManager::ReportError(JSContext* cx, const nsAString& messageTag,
             STRING_TO_JSVAL(JS_NewUCStringCopyZ(cx,
                 NS_REINTERPRET_CAST(const jschar*, message.get()))));
         // Tell XPConnect that an exception was thrown, if appropriate
-        nsCOMPtr<nsIXPConnect> xpc = do_GetService(nsIXPConnect::GetCID());
-        if (xpc)
+        if (sXPConnect)
         {
             nsCOMPtr<nsIXPCNativeCallContext> xpcCallContext;
-            xpc->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext));
+            sXPConnect->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext));
              if (xpcCallContext)
                 xpcCallContext->SetExceptionWasThrown(PR_TRUE);
         }
@@ -1392,10 +1353,14 @@ nsScriptSecurityManager::CheckLoadURIStr(const char* aSourceURIStr, const char*
                                          PRUint32 aFlags)
 {
     nsCOMPtr<nsIURI> source;
-    nsresult rv = NS_NewURI(getter_AddRefs(source), nsDependentCString(aSourceURIStr), nsnull);
+    nsresult rv = NS_NewURI(getter_AddRefs(source),
+                            nsDependentCString(aSourceURIStr),
+                            nsnull, nsnull, sIOService);
     NS_ENSURE_SUCCESS(rv, rv);
     nsCOMPtr<nsIURI> target;
-    rv = NS_NewURI(getter_AddRefs(target), nsDependentCString(aTargetURIStr), nsnull);
+    rv = NS_NewURI(getter_AddRefs(target),
+                   nsDependentCString(aTargetURIStr),
+                   nsnull, nsnull, sIOService);
     NS_ENSURE_SUCCESS(rv, rv);
     return CheckLoadURI(source, target, aFlags);
 }
@@ -1429,8 +1394,7 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,
     if (!subject) return NS_ERROR_FAILURE;
 
 
-    PRBool isSystem;
-    if (NS_SUCCEEDED(subject->Equals(mSystemPrincipal, &isSystem)) && isSystem)
+    if (subject == mSystemPrincipal)
         // This is the system principal: just allow access
         return NS_OK;
 
@@ -1455,28 +1419,7 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,
     if (subject == object)
         return NS_OK;
 
-    PRBool isSameOrigin = PR_FALSE;
-    if (NS_FAILED(subject->Equals(object, &isSameOrigin)))
-        return NS_ERROR_FAILURE;
-
-    if (isSameOrigin)
-        return NS_OK;
-
-    // Allow access to about:blank
-    nsCOMPtr<nsICodebasePrincipal> objectCodebase(do_QueryInterface(object));
-    if (objectCodebase)
-    {
-        nsXPIDLCString origin;
-        if (NS_FAILED(objectCodebase->GetOrigin(getter_Copies(origin))))
-            return NS_ERROR_FAILURE;
-        if (nsCRT::strcasecmp(origin, "about:blank") == 0)
-            return NS_OK;
-    }
-
-    /*
-    ** Access tests failed.  Fail silently without a JS exception.
-    */
-    return NS_ERROR_DOM_SECURITY_ERR;
+    return CheckSameOriginPrincipalInternal(subject, object, PR_TRUE);
 }
 
 nsresult
@@ -1518,20 +1461,18 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx,
     //-- Always allow chrome pages to run scripts
     //   This is for about: URLs, which are chrome but don't
     //   have the system principal
-    nsresult rv;
     if (!mIsJavaScriptEnabled)
     {
-        nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(aPrincipal));
-        if (codebase)
+        nsCOMPtr<nsIURI> principalURI;
+        aPrincipal->GetURI(getter_AddRefs(principalURI));
+        if (principalURI)
         {
-            nsXPIDLCString origin;
-            rv = codebase->GetOrigin(getter_Copies(origin));
-            static const char chromePrefix[] = "chrome:";
-            if (NS_SUCCEEDED(rv) &&
-                (PL_strncmp(origin, chromePrefix, sizeof(chromePrefix)-1) == 0))
+            PRBool isChrome = PR_FALSE;
+            principalURI->SchemeIs("chrome", &isChrome);
+            if (isChrome)
             {
                 *result = PR_TRUE;
-                return NS_OK;
+                return NS_OK;              
             }
         }
     }
@@ -1543,60 +1484,53 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx,
     scriptContext->GetGlobalObject(getter_AddRefs(globalObject));
     if (!globalObject) return NS_ERROR_FAILURE;
     
+    nsresult rv;
     nsCOMPtr<nsIDocShell> docshell;
     globalObject->GetDocShell(getter_AddRefs(docshell));
-    nsCOMPtr<nsIDocShellTreeItem> treeItem;
-    if (docshell) 
+    nsCOMPtr<nsIDocShellTreeItem> globalObjTreeItem = do_QueryInterface(docshell);
+    if (globalObjTreeItem) 
     {
-        treeItem = do_QueryInterface(docshell);
+        nsCOMPtr<nsIDocShellTreeItem> treeItem(globalObjTreeItem);
         nsCOMPtr<nsIDocShellTreeItem> parentItem;
+
         // Walk up the docshell tree to see if any containing docshell disallows scripts
-        do 
+        do
         {
             rv = docshell->GetAllowJavascript(result);
             if (NS_FAILED(rv)) return rv;
             if (!*result)
                 return NS_OK; // Do not run scripts
-            if (treeItem) 
-            {
-                treeItem->GetParent(getter_AddRefs(parentItem));
-                if (parentItem)
-                {
-                    treeItem = parentItem;
-                    docshell = do_QueryInterface(treeItem, &rv);
-                    NS_ASSERTION(docshell, "cannot get a docshell from a treeItem!");
-                    if (NS_FAILED(rv)) break;
-                }
+            treeItem->GetParent(getter_AddRefs(parentItem));
+            treeItem.swap(parentItem);
+            docshell = do_QueryInterface(treeItem);
+#ifdef DEBUG
+            if (treeItem && !docshell) {
+              NS_ERROR("cannot get a docshell from a treeItem!");
             }
-        } while (parentItem);
+#endif // DEBUG
+        } while (treeItem && docshell);
     }
 
     //-- See if JS is disabled globally (via prefs)
     *result = mIsJavaScriptEnabled;
-    if (mIsJavaScriptEnabled != mIsMailJavaScriptEnabled) 
+    if (mIsJavaScriptEnabled != mIsMailJavaScriptEnabled && globalObjTreeItem) 
     {
-        // Get docshell from the global window again.
-        globalObject->GetDocShell(getter_AddRefs(docshell));
-        treeItem = do_QueryInterface(docshell);
-        if (treeItem) 
+        nsCOMPtr<nsIDocShellTreeItem> rootItem;
+        globalObjTreeItem->GetRootTreeItem(getter_AddRefs(rootItem));
+        docshell = do_QueryInterface(rootItem);
+        if (docshell) 
         {
-            nsCOMPtr<nsIDocShellTreeItem> rootItem;
-            treeItem->GetRootTreeItem(getter_AddRefs(rootItem));
-            docshell = do_QueryInterface(rootItem);
-            if (docshell) 
+            // Is this script running from mail?
+            PRUint32 appType;
+            rv = docshell->GetAppType(&appType);
+            if (NS_FAILED(rv)) return rv;
+            if (appType == nsIDocShell::APP_TYPE_MAIL) 
             {
-                // Is this script running from mail?
-                PRUint32 appType;
-                rv = docshell->GetAppType(&appType);
-                if (NS_FAILED(rv)) return rv;
-                if (appType == nsIDocShell::APP_TYPE_MAIL) 
-                {
-                    *result = mIsMailJavaScriptEnabled;
-                }
+                *result = mIsMailJavaScriptEnabled;
             }
         }
     }
-    
+
     if (!*result)
         return NS_OK; // Do not run scripts
 
@@ -1636,13 +1570,19 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
 {
     if (!mSystemPrincipal)
     {
-        mSystemPrincipal = new nsSystemPrincipal();
-        if (!mSystemPrincipal)
+        nsRefPtr<nsSystemPrincipal> system = new nsSystemPrincipal();
+        if (!system)
             return NS_ERROR_OUT_OF_MEMORY;
-        NS_ADDREF(mSystemPrincipal);
+
+        nsresult rv = system->Init();
+        if (NS_FAILED(rv))
+            return rv;
+
+        mSystemPrincipal = system;
     }
-    *result = mSystemPrincipal;
-    NS_ADDREF(*result);
+
+    NS_ADDREF(*result = mSystemPrincipal);
+
     return NS_OK;
 }
 
@@ -1673,61 +1613,77 @@ nsScriptSecurityManager::SubjectPrincipalIsSystem(PRBool* aIsSystem)
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID,
+                                                 nsIURI* aURI,
                                                  nsIPrincipal **result)
 {
-    nsresult rv;
-    //-- Create a certificate principal
-    nsCertificatePrincipal *certificate = new nsCertificatePrincipal();
+    // Create a certificate principal out of the certificate ID
+    // and URI given to us.  We will use this principal to test
+    // equality when doing our hashtable lookups below.
+    nsRefPtr<nsPrincipal> certificate = new nsPrincipal();
     if (!certificate)
         return NS_ERROR_OUT_OF_MEMORY;
-    NS_ADDREF(certificate);
-    if (NS_FAILED(certificate->Init(aCertID)))
-    {
-        NS_RELEASE(certificate);
-        return NS_ERROR_FAILURE;
-    }
-    nsCOMPtr<nsIPrincipal> principal(do_QueryInterface((nsBasePrincipal*)certificate, &rv));
-    NS_RELEASE(certificate);
-    if (NS_FAILED(rv)) return rv;
 
-    if (mPrincipals)
-    {
-        // Check to see if we already have this principal.
-        nsIPrincipalKey key(principal);
-        nsCOMPtr<nsIPrincipal> fromTable = (nsIPrincipal *) mPrincipals->Get(&key);
-        if (fromTable)
-            principal = fromTable;
+    nsresult rv = certificate->Init(aCertID, aURI);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    // Check to see if we already have this principal.
+    nsCOMPtr<nsIPrincipal> fromTable;
+    mPrincipals.Get(certificate, getter_AddRefs(fromTable));
+    if (fromTable) {
+        // Bingo.  We found the certificate in the table, which means
+        // that it has escalated priveleges.
+        if (!aURI) {
+            // We were asked to just get the base certificate, so output
+            // what we have in the table.
+            certificate = NS_STATIC_CAST(nsPrincipal*,
+                                         NS_STATIC_CAST(nsIPrincipal*,
+                                                        fromTable));
+        } else {
+            // We found a certificate and now need to install a codebase
+            // on it.  We don't want to modify the principal in the hash
+            // table, so create a new principal and clone the pertinent
+            // things.
+            nsXPIDLCString prefName;
+            nsXPIDLCString id;
+            nsXPIDLCString granted;
+            nsXPIDLCString denied;
+            rv = fromTable->GetPreferences(getter_Copies(prefName),
+                                           getter_Copies(id),
+                                           getter_Copies(granted),
+                                           getter_Copies(denied));
+            if (NS_SUCCEEDED(rv)) {
+                certificate = new nsPrincipal();
+                if (!certificate)
+                    return NS_ERROR_OUT_OF_MEMORY;
+
+                rv = certificate->InitFromPersistent(prefName, id,
+                                                     granted, denied,
+                                                     PR_TRUE, PR_FALSE);
+                if (NS_SUCCEEDED(rv))
+                    certificate->SetURI(aURI);
+            }
+        }
     }
 
-    //-- Bundle this certificate principal into an aggregate principal
-    nsAggregatePrincipal* agg = new nsAggregatePrincipal();
-    if (!agg) return NS_ERROR_OUT_OF_MEMORY;
-    rv = agg->SetCertificate(principal);
-    if (NS_FAILED(rv)) return rv;
-    principal = do_QueryInterface((nsBasePrincipal*)agg, &rv);
-    if (NS_FAILED(rv)) return rv;
+    NS_ADDREF(*result = certificate);
 
-    *result = principal;
-    NS_ADDREF(*result);
-    return NS_OK;
+    return rv;
 }
 
 nsresult
 nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, nsIPrincipal **result)
 {
-    nsresult rv = NS_OK;
-    nsCodebasePrincipal *codebase = new nsCodebasePrincipal();
+    nsRefPtr<nsPrincipal> codebase = new nsPrincipal();
     if (!codebase)
         return NS_ERROR_OUT_OF_MEMORY;
-    NS_ADDREF(codebase);
-    if (NS_FAILED(codebase->Init(aURI)))
-    {
-        NS_RELEASE(codebase);
-        return NS_ERROR_FAILURE;
-    }
-    rv = CallQueryInterface((nsBasePrincipal*)codebase, result);
-    NS_RELEASE(codebase);
-    return rv;
+
+    nsresult rv = codebase->Init(nsnull, aURI);
+    if (NS_FAILED(rv))
+        return rv;
+
+    NS_ADDREF(*result = codebase);
+
+    return NS_OK;
 }
 
 NS_IMETHODIMP
@@ -1739,42 +1695,32 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
     rv = CreateCodebasePrincipal(aURI, getter_AddRefs(principal));
     if (NS_FAILED(rv)) return rv;
 
-    if (mPrincipals)
+    if (mPrincipals.Count() > 0)
     {
         //-- Check to see if we already have this principal.
-        nsIPrincipalKey key(principal);
-        nsCOMPtr<nsIPrincipal> fromTable = (nsIPrincipal *) mPrincipals->Get(&key);
+        nsCOMPtr<nsIPrincipal> fromTable;
+        mPrincipals.Get(principal, getter_AddRefs(fromTable));
         if (fromTable)
             principal = fromTable;
         else //-- Check to see if we have a more general principal
         {
-            nsCOMPtr<nsICodebasePrincipal> codebasePrin(do_QueryInterface(principal));
             nsXPIDLCString originUrl;
-            rv = codebasePrin->GetOrigin(getter_Copies(originUrl));
+            rv = principal->GetOrigin(getter_Copies(originUrl));
             if (NS_FAILED(rv)) return rv;
             nsCOMPtr<nsIURI> newURI;
-            rv = NS_NewURI(getter_AddRefs(newURI), originUrl, nsnull);
+            rv = NS_NewURI(getter_AddRefs(newURI), originUrl, nsnull, sIOService);
             if (NS_FAILED(rv)) return rv;
             nsCOMPtr<nsIPrincipal> principal2;
             rv = CreateCodebasePrincipal(newURI, getter_AddRefs(principal2));
             if (NS_FAILED(rv)) return rv;
-             nsIPrincipalKey key2(principal2);
-                fromTable = (nsIPrincipal *) mPrincipals->Get(&key2);
+            mPrincipals.Get(principal2, getter_AddRefs(fromTable));
             if (fromTable)
                 principal = fromTable;
-        }		
+        }
     }
 
-    //-- Bundle this codebase principal into an aggregate principal
-    nsAggregatePrincipal* agg = new nsAggregatePrincipal();
-    if (!agg) return NS_ERROR_OUT_OF_MEMORY;
-    rv = agg->SetCodebase(principal);
-    if (NS_FAILED(rv)) return rv;
-    principal = do_QueryInterface((nsBasePrincipal*)agg, &rv);
-    if (NS_FAILED(rv)) return rv;
+    NS_IF_ADDREF(*result = principal);
 
-    *result = principal;
-    NS_ADDREF(*result);
     return NS_OK;
 }
 
@@ -1850,8 +1796,8 @@ nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx,
 
     }
 
-    *result = scriptPrincipal.get();
-    NS_IF_ADDREF(*result);
+    NS_IF_ADDREF(*result = scriptPrincipal);
+
     return NS_OK;
 }
 
@@ -1996,32 +1942,18 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSContext *aCx, JSObject *aObj,
 nsresult
 nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave)
 {
-    nsresult rv;
-    nsCOMPtr<nsIPrincipal> persistent = aToSave;
-    nsCOMPtr<nsIAggregatePrincipal> aggregate(do_QueryInterface(aToSave, &rv));
-    if (NS_SUCCEEDED(rv))
-        if (NS_FAILED(aggregate->GetPrimaryChild(getter_AddRefs(persistent))))
-            return NS_ERROR_FAILURE;
-
     //-- Save to mPrincipals
-    if (!mPrincipals)
-    {
-        mPrincipals = new nsSupportsHashtable(31);
-        if (!mPrincipals)
-            return NS_ERROR_OUT_OF_MEMORY;
-    }
-    nsIPrincipalKey key(persistent);
-    mPrincipals->Put(&key, persistent);
+    mPrincipals.Put(aToSave, aToSave);
 
     //-- Save to prefs
     nsXPIDLCString idPrefName;
     nsXPIDLCString id;
     nsXPIDLCString grantedList;
     nsXPIDLCString deniedList;
-    rv = persistent->GetPreferences(getter_Copies(idPrefName),
-                                    getter_Copies(id),
-                                    getter_Copies(grantedList),
-                                    getter_Copies(deniedList));
+    nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName),
+                                          getter_Copies(id),
+                                          getter_Copies(grantedList),
+                                          getter_Copies(deniedList));
     if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
 
     nsXPIDLCString grantedPrefName;
@@ -2162,13 +2094,18 @@ nsScriptSecurityManager::CheckConfirmDialog(JSContext* cx, nsIPrincipal* aPrinci
     if (NS_FAILED(rv))
         return PR_FALSE;
 
-    nsXPIDLCString source;
-    rv = aPrincipal->ToUserVisibleString(getter_Copies(source));
+    nsXPIDLCString val;
+    PRBool hasCert;
+    aPrincipal->GetHasCertificate(&hasCert);
+    if (hasCert)
+        rv = aPrincipal->GetCommonName(getter_Copies(val));
+    else
+        rv = aPrincipal->GetOrigin(getter_Copies(val));
 
     if (NS_FAILED(rv))
         return PR_FALSE;
 
-    NS_ConvertUTF8toUTF16 location(source.get());
+    NS_ConvertUTF8toUTF16 location(val.get());
     NS_ConvertUTF8toUTF16 capability(aCapability);
     const PRUnichar *formatStrings[] = { location.get(), capability.get() };
 
@@ -2250,7 +2187,13 @@ nsScriptSecurityManager::EnableCapability(const char *capability)
     if (canEnable != nsIPrincipal::ENABLE_GRANTED)
     {
         nsXPIDLCString val;
-        nsresult rv = principal->ToUserVisibleString(getter_Copies(val));
+        PRBool hasCert;
+        nsresult rv;
+        principal->GetHasCertificate(&hasCert);
+        if (hasCert)
+            rv = principal->GetCommonName(getter_Copies(val));
+        else
+            rv = principal->GetOrigin(getter_Copies(val));
 
         if (NS_FAILED(rv))
             return rv;
@@ -2335,10 +2278,7 @@ nsScriptSecurityManager::SetCanEnableCapability(const char* certificateID,
 #endif
         systemCertFile->AppendNative(NS_LITERAL_CSTRING("systemSignature.jar"));
         if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        nsCOMPtr<nsIZipReader> systemCertZip;
-        rv = nsComponentManager::CreateInstance(kZipReaderCID, nsnull,
-                                                NS_GET_IID(nsIZipReader),
-                                                getter_AddRefs(systemCertZip));
+        nsCOMPtr<nsIZipReader> systemCertZip = do_CreateInstance(kZipReaderCID, &rv);
         if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
         systemCertZip->Init(systemCertFile);
         rv = systemCertZip->Open();
@@ -2372,7 +2312,7 @@ nsScriptSecurityManager::SetCanEnableCapability(const char* certificateID,
 
     //-- Get the target principal
     nsCOMPtr<nsIPrincipal> objectPrincipal;
-    rv =  GetCertificatePrincipal(certificateID, getter_AddRefs(objectPrincipal));
+    rv =  GetCertificatePrincipal(certificateID, nsnull, getter_AddRefs(objectPrincipal));
     if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
     rv = objectPrincipal->SetCanEnableCapability(capability, canEnable);
     if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
@@ -2390,16 +2330,16 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx,
                                           nsIClassInfo *aClassInfo,
                                           void **aPolicy)
 {
-#if 0
+#ifdef DEBUG_CAPS_CanCreateWrapper
     char* iidStr = aIID.ToString();
     printf("### CanCreateWrapper(%s) ", iidStr);
-    PR_FREEIF(iidStr);
+    nsCRT::free(iidStr);
 #endif
 // XXX Special case for nsIXPCException ?
     ClassInfoData objClassInfo = ClassInfoData(aClassInfo, nsnull);
     if (objClassInfo.IsDOMClass())
     {
-#if 0
+#ifdef DEBUG_CAPS_CanCreateWrapper
         printf("DOM class - GRANTED.\n");
 #endif
         return NS_OK;
@@ -2436,7 +2376,16 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx,
         JS_SetPendingException(cx,
             STRING_TO_JSVAL(JS_NewUCStringCopyZ(cx,
                 NS_REINTERPRET_CAST(const jschar*, errorMsg.get()))));
+
+#ifdef DEBUG_CAPS_CanCreateWrapper
+        printf("DENIED.\n");
     }
+    else
+    {
+        printf("GRANTED.\n");
+#endif
+    }
+
     return rv;
 }
 
@@ -2457,7 +2406,7 @@ nsScriptSecurityManager::CheckComponentPermissions(JSContext *cx,
                       Substring(cidTemp, 1, cidTemp.Length() - 2));
     ToUpperCase(cid);
 
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckComponentPermissions
     printf("### CheckComponentPermissions(ClassID.%s) ",cid.get());
 #endif
 
@@ -2479,13 +2428,13 @@ nsScriptSecurityManager::CheckComponentPermissions(JSContext *cx,
 
     if (securityLevel.level == SCRIPT_SECURITY_ALL_ACCESS)
     {
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckComponentPermissions
         printf(" GRANTED.\n");
 #endif
         return NS_OK;
     }
 
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_CheckComponentPermissions
     printf(" DENIED.\n");
 #endif
     return NS_ERROR_DOM_PROP_ACCESS_DENIED;
@@ -2496,6 +2445,12 @@ NS_IMETHODIMP
 nsScriptSecurityManager::CanCreateInstance(JSContext *cx,
                                            const nsCID &aCID)
 {
+#ifdef DEBUG_CAPS_CanCreateInstance
+    char* cidStr = aCID.ToString();
+    printf("### CanCreateInstance(%s) ", cidStr);
+    nsCRT::free(cidStr);
+#endif
+
     nsresult rv = CheckXPCPermissions(nsnull, nsnull);
     if (NS_FAILED(rv))
 #ifdef XPC_IDISPATCH_SUPPORT
@@ -2512,6 +2467,14 @@ nsScriptSecurityManager::CanCreateInstance(JSContext *cx,
         errorMsg.Append(cidStr);
         JS_SetPendingException(cx,
                                STRING_TO_JSVAL(JS_NewStringCopyZ(cx, errorMsg.get())));
+
+#ifdef DEBUG_CAPS_CanCreateInstance
+        printf("DENIED\n");
+    }
+    else
+    {
+        printf("GRANTED\n");
+#endif
     }
     return rv;
 }
@@ -2520,10 +2483,10 @@ NS_IMETHODIMP
 nsScriptSecurityManager::CanGetService(JSContext *cx,
                                        const nsCID &aCID)
 {
-#if 0
+#ifdef DEBUG_CAPS_CanGetService
     char* cidStr = aCID.ToString();
     printf("### CanGetService(%s) ", cidStr);
-    PR_FREEIF(cidStr);
+    nsCRT::free(cidStr);
 #endif
 
     nsresult rv = CheckXPCPermissions(nsnull, nsnull);
@@ -2536,7 +2499,16 @@ nsScriptSecurityManager::CanGetService(JSContext *cx,
         errorMsg.Append(cidStr);
         JS_SetPendingException(cx,
                                STRING_TO_JSVAL(JS_NewStringCopyZ(cx, errorMsg.get())));
+
+#ifdef DEBUG_CAPS_CanGetService
+        printf("DENIED\n");
     }
+    else
+    {
+        printf("GRANTED\n");
+#endif
+    }
+
     return rv;
 }
 
@@ -2650,17 +2622,16 @@ nsScriptSecurityManager::nsScriptSecurityManager(void)
     : mOriginToPolicyMap(nsnull),
       mDefaultPolicy(nsnull),
       mCapabilities(nsnull),
-      mSystemPrincipal(nsnull), mPrincipals(nsnull),
       mIsJavaScriptEnabled(PR_FALSE),
       mIsMailJavaScriptEnabled(PR_FALSE),
       mIsWritingPrefs(PR_FALSE),
-      mNameSetRegistered(PR_FALSE),
       mPolicyPrefsChanged(PR_TRUE)
 #ifdef XPC_IDISPATCH_SUPPORT
       ,mXPCDefaultGrantAll(PR_FALSE)
 #endif
 {
     NS_ASSERTION(sizeof(long) == sizeof(void*), "long and void* have different lengths on this platform. This may cause a security failure.");
+    mPrincipals.Init(31);
 }
 
 
@@ -2677,6 +2648,12 @@ nsresult nsScriptSecurityManager::Init()
     nsresult rv = InitPrefs();
     NS_ENSURE_SUCCESS(rv, rv);
 
+    rv = CallGetService(NS_IOSERVICE_CONTRACTID, &sIOService);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    rv = CallGetService(nsIXPConnect::GetCID(), &sXPConnect);
+    NS_ENSURE_SUCCESS(rv, rv);
+
     nsCOMPtr<nsIStringBundleService> bundleService = do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
 
@@ -2711,8 +2688,6 @@ nsScriptSecurityManager::~nsScriptSecurityManager(void)
 {
     delete mOriginToPolicyMap;
     delete mDefaultPolicy;
-    NS_IF_RELEASE(mSystemPrincipal);
-    delete mPrincipals;
     delete mCapabilities;
     gScriptSecMan = nsnull;
 }
@@ -2722,6 +2697,8 @@ nsScriptSecurityManager::Shutdown()
 {
     sEnabledID = JSVAL_VOID;
 
+    NS_IF_RELEASE(sIOService);
+    NS_IF_RELEASE(sXPConnect);
     NS_IF_RELEASE(sStrBundle);
 }
 
@@ -2748,16 +2725,8 @@ nsScriptSecurityManager::GetScriptSecurityManager()
             return nsnull;
         }
  
-        nsCOMPtr<nsIXPConnect> xpc = do_GetService(nsIXPConnect::GetCID(), &rv);
-        if (NS_FAILED(rv) || !xpc) {
-            NS_WARNING("Failed to get the XPConnect service");
-            delete ssManager;
-            return nsnull;
-        }
- 
-            rv = xpc->SetDefaultSecurityManager(
-                        NS_STATIC_CAST(nsIXPCSecurityManager*, ssManager),
-                            nsIXPCSecurityManager::HOOK_ALL);
+        rv = sXPConnect->SetDefaultSecurityManager(ssManager,
+                                                   nsIXPCSecurityManager::HOOK_ALL);
         if (NS_FAILED(rv)) {
             NS_WARNING("Failed to install xpconnect security manager!");
             delete ssManager;
@@ -2784,15 +2753,12 @@ nsScriptSecurityManager::SystemPrincipalSingletonConstructor()
 nsresult
 nsScriptSecurityManager::InitPolicies()
 {
-    nsresult rv;
-
     // Reset the "dirty" flag
     mPolicyPrefsChanged = PR_FALSE;
 
     // Clear any policies cached on XPConnect wrappers
-    nsCOMPtr<nsIXPConnect> xpc(do_GetService(nsIXPConnect::GetCID(), &rv));
-    if (NS_FAILED(rv)) return rv;
-    rv = xpc->ClearAllWrappedNativeSecurityPolicies();
+    NS_ENSURE_STATE(sXPConnect);
+    nsresult rv = sXPConnect->ClearAllWrappedNativeSecurityPolicies();
     if (NS_FAILED(rv)) return rv;
 
     //-- Reset mOriginToPolicyMap
@@ -2802,11 +2768,13 @@ nsScriptSecurityManager::InitPolicies()
 
     //-- Reset and initialize the default policy
     delete mDefaultPolicy;
-    mDefaultPolicy =
-      new DomainPolicy();
+    mDefaultPolicy = new DomainPolicy();
     if (!mOriginToPolicyMap || !mDefaultPolicy)
         return NS_ERROR_OUT_OF_MEMORY;
 
+    if (!mDefaultPolicy->Init())
+        return NS_ERROR_UNEXPECTED;
+
     //-- Initialize the table of security levels
     if (!mCapabilities)
     {
@@ -2862,6 +2830,12 @@ nsScriptSecurityManager::InitPolicies()
         if (!domainPolicy)
             return NS_ERROR_OUT_OF_MEMORY;
 
+        if (!domainPolicy->Init())
+        {
+            delete domainPolicy;
+            return NS_ERROR_UNEXPECTED;
+        }
+
         //-- Parse list of sites and create an entry in mOriginToPolicyMap for each
         char* domainStart = (char*)domainList.get();
         char* domainCurrent = domainStart;
@@ -2877,7 +2851,10 @@ nsScriptSecurityManager::InitPolicies()
                 nsCStringKey key(nextToLastDot ? nextToLastDot+1 : domainStart);
                 DomainEntry *newEntry = new DomainEntry(domainStart, domainPolicy);
                 if (!newEntry)
+                {
+                    delete domainPolicy;
                     return NS_ERROR_OUT_OF_MEMORY;
+                }
 #ifdef DEBUG
                 newEntry->mPolicyName_DEBUG = nameBegin;
 #endif
@@ -2920,10 +2897,11 @@ nsScriptSecurityManager::InitPolicies()
         }
 
         rv = InitDomainPolicy(cx, nameBegin, domainPolicy);
-        NS_ENSURE_SUCCESS(rv, rv);
+        if (NS_FAILED(rv))
+            return rv;
     }
 
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_HACKER
     PrintPolicyDB();
 #endif
     return NS_OK;
@@ -2937,15 +2915,14 @@ nsScriptSecurityManager::InitDomainPolicy(JSContext* cx,
 {
     nsresult rv;
     nsCAutoString policyPrefix(sPolicyPrefix +
-			       nsDependentCString(aPolicyName) +
-			       NS_LITERAL_CSTRING("."));
+                               nsDependentCString(aPolicyName) +
+                               NS_LITERAL_CSTRING("."));
     PRUint32 prefixLength = policyPrefix.Length() - 1; // subtract the '.'
 
-    // XXX fix string use here.
     PRUint32 prefCount;
     char** prefNames;
     rv = mPrefBranch->GetChildList(policyPrefix.get(),
-				   &prefCount, &prefNames);
+                                   &prefCount, &prefNames);
     if (NS_FAILED(rv)) return rv;
     if (prefCount == 0)
         return NS_OK;
@@ -2955,14 +2932,14 @@ nsScriptSecurityManager::InitDomainPolicy(JSContext* cx,
     for (; currentPref < prefCount; currentPref++)
     {
         // Get the class name
-        const char* start = prefNames[currentPref] + prefixLength +1;
+        const char* start = prefNames[currentPref] + prefixLength + 1;
         char* end = PL_strchr(start, '.');
         if (!end) // malformed pref, bail on this one
             continue;
         static const char sitesStr[] = "sites";
 
-	// We dealt with "sites" in InitPolicies(), so no need to do
-	// that again...
+        // We dealt with "sites" in InitPolicies(), so no need to do
+        // that again...
         if (PL_strncmp(start, sitesStr, sizeof(sitesStr)-1) == 0)
             continue;
 
@@ -2998,9 +2975,9 @@ nsScriptSecurityManager::InitDomainPolicy(JSContext* cx,
         *end = '\0';
         // Find or store this class in the classes table
         ClassPolicy* cpolicy = 
-          NS_REINTERPRET_CAST(ClassPolicy*,
-                              PL_DHashTableOperate(aDomainPolicy, start,
-                                                   PL_DHASH_ADD));
+          NS_STATIC_CAST(ClassPolicy*,
+                         PL_DHashTableOperate(aDomainPolicy, start,
+                                              PL_DHASH_ADD));
         if (!cpolicy)
             break;
 
@@ -3023,9 +3000,9 @@ nsScriptSecurityManager::InitDomainPolicy(JSContext* cx,
         const void* ppkey =
           NS_REINTERPRET_CAST(const void*, STRING_TO_JSVAL(propertyKey));
         PropertyPolicy* ppolicy = 
-          NS_REINTERPRET_CAST(PropertyPolicy*,
-                              PL_DHashTableOperate(cpolicy->mPolicy, ppkey,
-                                                   PL_DHASH_ADD));
+          NS_STATIC_CAST(PropertyPolicy*,
+                         PL_DHashTableOperate(cpolicy->mPolicy, ppkey,
+                                              PL_DHASH_ADD));
         if (!ppolicy)
             break;
 
@@ -3118,23 +3095,20 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN
                                          getter_Copies(deniedPrefName));
         if (rv == NS_ERROR_OUT_OF_MEMORY)
             return rv;
-        else if (NS_FAILED(rv))
+        if (NS_FAILED(rv))
             continue;
 
-        char* grantedList = nsnull;
-        mSecurityPref->SecurityGetCharPref(grantedPrefName, &grantedList);
-        char* deniedList = nsnull;
-        mSecurityPref->SecurityGetCharPref(deniedPrefName, &deniedList);
+        nsXPIDLCString grantedList;
+        mSecurityPref->SecurityGetCharPref(grantedPrefName, getter_Copies(grantedList));
+        nsXPIDLCString deniedList;
+        mSecurityPref->SecurityGetCharPref(deniedPrefName, getter_Copies(deniedList));
 
         //-- Delete prefs if their value is the empty string
-        if ((!id || id[0] == '\0') ||
-            ((!grantedList || grantedList[0] == '\0') && (!deniedList || deniedList[0] == '\0')))
+        if (id.IsEmpty() || (grantedList.IsEmpty() && deniedList.IsEmpty()))
         {
             mSecurityPref->SecurityClearUserPref(aPrefNames[c]);
             mSecurityPref->SecurityClearUserPref(grantedPrefName);
             mSecurityPref->SecurityClearUserPref(deniedPrefName);
-            PR_FREEIF(grantedList);
-            PR_FREEIF(deniedList);
             continue;
         }
 
@@ -3142,74 +3116,64 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN
         static const char certificateName[] = "capability.principal.certificate";
         static const char codebaseName[] = "capability.principal.codebase";
         static const char codebaseTrustedName[] = "capability.principal.codebaseTrusted";
-        nsCOMPtr<nsIPrincipal> principal;
-        if (PL_strncmp(aPrefNames[c], certificateName,
-                       sizeof(certificateName)-1) == 0)
-        {
-            nsCertificatePrincipal *certificate = new nsCertificatePrincipal();
-            if (certificate) {
-                NS_ADDREF(certificate);
-                if (NS_SUCCEEDED(certificate->InitFromPersistent(aPrefNames[c], id,
-                                                                 grantedList, deniedList)))
-                    principal = do_QueryInterface((nsBasePrincipal*)certificate);
-                NS_RELEASE(certificate);
-            }
-        } else if(PL_strncmp(aPrefNames[c], codebaseName,
-                             sizeof(codebaseName)-1) == 0)
-        {
-            nsCodebasePrincipal *codebase = new nsCodebasePrincipal();
-            if (codebase) {
-                NS_ADDREF(codebase);
-                PRBool trusted = (PL_strncmp(aPrefNames[c], codebaseTrustedName,
-                                             sizeof(codebaseTrustedName)-1) == 0);
-                if (NS_SUCCEEDED(codebase->InitFromPersistent(aPrefNames[c], id,
-                                                              grantedList, deniedList,
-                                                              trusted)))
-                    principal = do_QueryInterface((nsBasePrincipal*)codebase);
-                NS_RELEASE(codebase);
-            }
-        }
-        PR_FREEIF(grantedList);
-        PR_FREEIF(deniedList);
 
-        if (principal)
+        PRBool isCert = PR_FALSE;
+        PRBool isTrusted = PR_FALSE;
+        
+        if (PL_strncmp(aPrefNames[c], certificateName,
+                       sizeof(certificateName) - 1) == 0)
         {
-            if (!mPrincipals)
-            {
-                mPrincipals = new nsSupportsHashtable(31);
-                if (!mPrincipals)
-                    return NS_ERROR_OUT_OF_MEMORY;
-            }
-            nsIPrincipalKey key(principal);
-            mPrincipals->Put(&key, principal);
+            isCert = PR_TRUE;
         }
+        else if (PL_strncmp(aPrefNames[c], codebaseName,
+                            sizeof(codebaseName) - 1) == 0)
+        {
+            isTrusted = (PL_strncmp(aPrefNames[c], codebaseTrustedName,
+                                    sizeof(codebaseTrustedName) - 1) == 0);
+        }
+        else
+        {
+          NS_ERROR("Not a codebase or a certificate?!");
+        }
+
+        nsRefPtr<nsPrincipal> newPrincipal = new nsPrincipal();
+        if (!newPrincipal)
+            return NS_ERROR_OUT_OF_MEMORY;
+
+        rv = newPrincipal->InitFromPersistent(aPrefNames[c], id.get(),
+                                              grantedList, deniedList,
+                                              isCert, isTrusted);
+        if (NS_SUCCEEDED(rv))
+            mPrincipals.Put(newPrincipal, newPrincipal);
     }
     return NS_OK;
 }
 
-const char* nsScriptSecurityManager::sJSEnabledPrefName = "javascript.enabled";
-const char* nsScriptSecurityManager::sJSMailEnabledPrefName = "javascript.allow.mailnews";
+const char nsScriptSecurityManager::sJSEnabledPrefName[] =
+    "javascript.enabled";
+const char nsScriptSecurityManager::sJSMailEnabledPrefName[] =
+    "javascript.allow.mailnews";
 #ifdef XPC_IDISPATCH_SUPPORT
-const char* nsScriptSecurityManager::sXPCDefaultGrantAllName =
-                "security.classID.allowByDefault";
+const char nsScriptSecurityManager::sXPCDefaultGrantAllName[] =
+    "security.classID.allowByDefault";
 #endif
+
 inline void
 nsScriptSecurityManager::JSEnabledPrefChanged(nsISecurityPref* aSecurityPref)
 {
-    if (NS_FAILED(mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName,
-                                                     &mIsJavaScriptEnabled)))
-        // Default to enabled.
-        mIsJavaScriptEnabled = PR_TRUE;
+    PRBool temp;
+    nsresult rv = mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName, &temp);
+    // JavaScript defaults to enabled in failure cases.
+    mIsJavaScriptEnabled = NS_FAILED(rv) || temp;
+
+    rv = mSecurityPref->SecurityGetBoolPref(sJSMailEnabledPrefName, &temp);
+    // JavaScript in Mail defaults to enabled in failure cases.
+    mIsMailJavaScriptEnabled = NS_FAILED(rv) || temp;
 
-    if (NS_FAILED(mSecurityPref->SecurityGetBoolPref(sJSMailEnabledPrefName,
-                                                     &mIsMailJavaScriptEnabled)))
-        // Default to enabled.
-        mIsMailJavaScriptEnabled = PR_TRUE;
 #ifdef XPC_IDISPATCH_SUPPORT
-    if (NS_FAILED(mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName,
-                                                     &mXPCDefaultGrantAll)))
-        // Default to disabled.
-        mXPCDefaultGrantAll = PR_FALSE;
+    rv = mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, &temp);
+    // Granting XPC Priveleges defaults to disabled in failure cases.
+    mXPCDefaultGrantAll = NS_SUCCEEDED(rv) && temp;
 #endif
 }
 
@@ -3256,7 +3220,7 @@ nsScriptSecurityManager::InitPrefs()
 
 ///////////////////////////////////////////////////////////////////////////////
 // The following code prints the contents of the policy DB to the console.
-#ifdef DEBUG_mstoltz
+#ifdef DEBUG_CAPS_HACKER
 
 //typedef PLDHashOperator
 //(* PR_CALLBACK PLDHashEnumerator)(PLDHashTable *table, PLDHashEntryHdr *hdr,
diff --git a/caps/src/nsSecurityManagerFactory.cpp b/caps/src/nsSecurityManagerFactory.cpp
index f1fa7933863e..2065ee6fa674 100644
--- a/caps/src/nsSecurityManagerFactory.cpp
+++ b/caps/src/nsSecurityManagerFactory.cpp
@@ -43,9 +43,7 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsScriptSecurityManager.h"
 #include "nsIPrincipal.h"
-#include "nsAggregatePrincipal.h"
-#include "nsCertificatePrincipal.h"
-#include "nsCodebasePrincipal.h"
+#include "nsPrincipal.h"
 #include "nsSystemPrincipal.h"
 #include "nsIScriptNameSpaceManager.h"
 #include "nsIScriptExternalNameSet.h"
@@ -234,8 +232,8 @@ netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
 
     //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 
-    rv = securityManager->SetCanEnableCapability(principalID, 
-                                                 nsBasePrincipal::Invalid,
+    rv = securityManager->SetCanEnableCapability(principalID,
+                                                 nsPrincipal::sInvalid,
                                                  nsIPrincipal::ENABLE_GRANTED);
     if (NS_FAILED(rv))
         return JS_FALSE;
@@ -310,17 +308,13 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
 
 
 
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal)
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal)
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
 NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
     nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
 
 
-NS_DECL_CLASSINFO(nsAggregatePrincipal)
-NS_DECL_CLASSINFO(nsCertificatePrincipal)
-NS_DECL_CLASSINFO(nsCodebasePrincipal)
+NS_DECL_CLASSINFO(nsPrincipal)
 NS_DECL_CLASSINFO(nsSystemPrincipal)
 
 
@@ -388,42 +382,16 @@ static const nsModuleComponentInfo capsComponentInfo[] =
       nsIClassInfo::MAIN_THREAD_ONLY
     },
 
-    { NS_AGGREGATEPRINCIPAL_CLASSNAME, 
-      NS_AGGREGATEPRINCIPAL_CID, 
-      NS_AGGREGATEPRINCIPAL_CONTRACTID,
-      nsAggregatePrincipalConstructor,
+    { NS_PRINCIPAL_CLASSNAME, 
+      NS_PRINCIPAL_CID, 
+      NS_PRINCIPAL_CONTRACTID,
+      nsPrincipalConstructor,
       nsnull,
       nsnull,
       nsnull,
-      NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal),
+      NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
       nsnull,
-      &NS_CLASSINFO_NAME(nsAggregatePrincipal),
-      nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
-    },
-
-    { NS_CERTIFICATEPRINCIPAL_CLASSNAME, 
-      NS_CERTIFICATEPRINCIPAL_CID, 
-      NS_CERTIFICATEPRINCIPAL_CONTRACTID,
-      nsCertificatePrincipalConstructor,
-      nsnull,
-      nsnull,
-      nsnull,
-      NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal),
-      nsnull,
-      &NS_CLASSINFO_NAME(nsCertificatePrincipal),
-      nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
-    },
-
-    { NS_CODEBASEPRINCIPAL_CLASSNAME, 
-      NS_CODEBASEPRINCIPAL_CID, 
-      NS_CODEBASEPRINCIPAL_CONTRACTID,
-      nsCodebasePrincipalConstructor,
-      nsnull,
-      nsnull,
-      nsnull,
-      NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal),
-      nsnull,
-      &NS_CLASSINFO_NAME(nsCodebasePrincipal),
+      &NS_CLASSINFO_NAME(nsPrincipal),
       nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
     },
 
diff --git a/caps/src/nsSystemPrincipal.cpp b/caps/src/nsSystemPrincipal.cpp
index e2f9b64b8ebc..e34c2288e53c 100644
--- a/caps/src/nsSystemPrincipal.cpp
+++ b/caps/src/nsSystemPrincipal.cpp
@@ -47,40 +47,53 @@
 #include "nsXPIDLString.h"
 #include "nsReadableUtils.h"
 #include "nsCRT.h"
+#include "nsString.h"
 
 
-NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, nsIPrincipal, nsISerializable)
-NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, nsIPrincipal, nsISerializable)
+NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal,
+                            nsIPrincipal,
+                            nsISerializable)
+NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal,
+                             nsIPrincipal,
+                             nsISerializable)
 
-NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal)
-NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal)
+NS_IMETHODIMP_(nsrefcnt) 
+nsSystemPrincipal::AddRef()
+{
+  NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
+  nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
+  NS_LOG_ADDREF(this, count, "nsSystemPrincipal", sizeof(*this));
+  return count;
+}
+
+NS_IMETHODIMP_(nsrefcnt)
+nsSystemPrincipal::Release()
+{
+  NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
+  nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
+  NS_LOG_RELEASE(this, count, "nsSystemPrincipal");
+  if (count == 0) {
+    NS_DELETEXPCOM(this);
+  }
+
+  return count;
+}
 
 
 ///////////////////////////////////////
 // Methods implementing nsIPrincipal //
 ///////////////////////////////////////
 
-NS_IMETHODIMP
-nsSystemPrincipal::ToString(char **result)
-{
-    nsAutoString buf;
-    buf.Assign(NS_LITERAL_STRING("[System]"));
-
-    *result = ToNewCString(buf);
-    return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
-}
-
-NS_IMETHODIMP
-nsSystemPrincipal::ToUserVisibleString(char **result)
-{
-    return ToString(result);
-}
-
 NS_IMETHODIMP
 nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID, 
                                   char** aGrantedList, char** aDeniedList)
 {
     // The system principal should never be streamed out
+    *aPrefName = nsnull;
+    *aID = nsnull;
+    *aGrantedList = nsnull;
+    *aDeniedList = nsnull;
+
     return NS_ERROR_FAILURE; 
 }
 
@@ -92,7 +105,7 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result)
 }
 
 NS_IMETHODIMP
-nsSystemPrincipal::HashValue(PRUint32 *result)
+nsSystemPrincipal::GetHashValue(PRUint32 *result)
 {
     *result = NS_PTR_TO_INT32(this);
     return NS_OK;
@@ -127,12 +140,14 @@ nsSystemPrincipal::IsCapabilityEnabled(const char *capability,
 NS_IMETHODIMP 
 nsSystemPrincipal::EnableCapability(const char *capability, void **annotation)
 {
+    *annotation = nsnull;
     return NS_OK;
 }
 
 NS_IMETHODIMP 
 nsSystemPrincipal::RevertCapability(const char *capability, void **annotation)
 {
+    *annotation = nsnull;
     return NS_OK;
 }
 
@@ -141,9 +156,88 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation)
 {
     // Can't disable the capabilities of the system principal.
     // XXX might be handy to be able to do so!
+    *annotation = nsnull;
     return NS_ERROR_FAILURE;
 }
 
+NS_IMETHODIMP 
+nsSystemPrincipal::GetURI(nsIURI** aURI)
+{
+    *aURI = nsnull;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::GetOrigin(char** aOrigin)
+{
+    *aOrigin = ToNewCString(NS_LITERAL_CSTRING("[System]"));
+    return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::GetCertificateID(char** aID)
+{
+    *aID = nsnull;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::GetCommonName(char** aName)
+{
+    *aName = nsnull;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::SetCommonName(const char* aName)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::GetHasCertificate(PRBool* aResult)
+{
+    *aResult = PR_FALSE;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSystemPrincipal::GetDomain(nsIURI** aDomain)
+{
+    *aDomain = nsnull;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSystemPrincipal::SetDomain(nsIURI* aDomain)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
+{
+    *aSecurityPolicy = nsnull;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSystemPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
+{
+    NS_PRECONDITION(mJSPrincipals.nsIPrincipalPtr, "mJSPrincipals is uninitalized!");
+
+    *jsprin = &mJSPrincipals;
+    JSPRINCIPALS_HOLD(cx, *jsprin);
+    return NS_OK;
+}
+
+
 //////////////////////////////////////////
 // Methods implementing nsISerializable //
 //////////////////////////////////////////
@@ -170,15 +264,10 @@ nsSystemPrincipal::nsSystemPrincipal()
 {
 }
 
-NS_IMETHODIMP
+nsresult
 nsSystemPrincipal::Init()
 {
-    char *codebase = nsCRT::strdup("[System Principal]");
-    if (!codebase)
-        return NS_ERROR_OUT_OF_MEMORY;
-    if (NS_FAILED(mJSPrincipals.Init(codebase))) 
-        return NS_ERROR_FAILURE;
-    return NS_OK;
+    return mJSPrincipals.Init(this, "[System Principal]"); 
 }
 
 nsSystemPrincipal::~nsSystemPrincipal(void)
diff --git a/content/base/public/nsContentUtils.h b/content/base/public/nsContentUtils.h
index 7c06c66eaf80..23bc4d4572f4 100644
--- a/content/base/public/nsContentUtils.h
+++ b/content/base/public/nsContentUtils.h
@@ -249,6 +249,11 @@ public:
   {
     return sIOService;
   };
+
+  static nsIScriptSecurityManager* GetSecurityManager()
+  {
+    return sSecurityManager;
+  }
   
   static nsresult GenerateStateKey(nsIContent* aContent,
                                    nsIStatefulFrame::SpecialStateID aID,
diff --git a/content/base/public/nsIDocument.h b/content/base/public/nsIDocument.h
index 8a43a528eeeb..b098d57ac48d 100644
--- a/content/base/public/nsIDocument.h
+++ b/content/base/public/nsIDocument.h
@@ -130,10 +130,9 @@ public:
   NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal) = 0;
 
   /**
-   * Update principal responsible for this document to the intersection
-   * of its previous value and aPrincipal.
+   * Set the principal responsible for this document.
    */
-  NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal) = 0;
+  NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal) = 0;
   
   /**
    * Return the LoadGroup for the document. May return null.
diff --git a/content/base/src/nsContentSink.cpp b/content/base/src/nsContentSink.cpp
index 665d32bf9013..cb85ca6c43c3 100644
--- a/content/base/src/nsContentSink.cpp
+++ b/content/base/src/nsContentSink.cpp
@@ -60,13 +60,13 @@
 #include "nsHTMLAtoms.h"
 #include "nsIDOMWindowInternal.h"
 #include "nsIPrincipal.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsICookieService.h"
 #include "nsIPrompt.h"
-#include "nsIAggregatePrincipal.h"
 #include "nsIServiceManagerUtils.h"
-#include "nsICodebasePrincipal.h"
 #include "nsICharsetConverterManager.h"
+#include "nsContentUtils.h"
 #include "nsParserUtils.h"
 #include "nsCRT.h"
 #include "nsEscape.h"
@@ -355,23 +355,18 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
       return rv;
     }
 
-    nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
-    // Document principal should always be an aggregate
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    nsCOMPtr<nsIPrincipal> originalPrincipal;
-    rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
-    nsCOMPtr<nsICodebasePrincipal> originalCodebase =
-      do_QueryInterface(originalPrincipal, &rv);
-    if (NS_FAILED(rv)) {
-      // Document's principal is not a codebase (may be system), so
-      // can't set cookies
-
+    nsCOMPtr<nsIPrincipal> systemPrincipal;
+    nsContentUtils::GetSecurityManager()->
+      GetSystemPrincipal(getter_AddRefs(systemPrincipal));
+    NS_ASSERTION(systemPrincipal, "No system principal");
+    
+    if (docPrincipal == systemPrincipal) {
+      // Document's principal is not a codebase, so we can't set cookies
       return NS_OK;
     }
 
     nsCOMPtr<nsIURI> codebaseURI;
-    rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
+    rv = docPrincipal->GetURI(getter_AddRefs(codebaseURI));
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIScriptGlobalObject> globalObj;
diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp
index bc499e34e2a9..b858261c578b 100644
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -87,7 +87,7 @@
 #include "nsNetUtil.h"     // for NS_MakeAbsoluteURI
 
 #include "nsIScriptSecurityManager.h"
-#include "nsIAggregatePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsIPrivateDOMImplementation.h"
 
 #include "nsIDOMWindowInternal.h"
@@ -840,21 +840,9 @@ nsDocument::GetPrincipal(nsIPrincipal **aPrincipal)
 }
 
 NS_IMETHODIMP
-nsDocument::AddPrincipal(nsIPrincipal *aNewPrincipal)
+nsDocument::SetPrincipal(nsIPrincipal *aNewPrincipal)
 {
-  nsresult rv;
-  if (!mPrincipal) {
-    nsCOMPtr<nsIPrincipal> principal;
-    rv = GetPrincipal(getter_AddRefs(principal));
-    NS_ENSURE_SUCCESS(rv, rv);
-  }
-
-  nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
-  if (NS_SUCCEEDED(rv)) {
-    rv = agg->Intersect(aNewPrincipal);
-    if (NS_FAILED(rv))
-      return rv;
-  }
+  mPrincipal = aNewPrincipal;
 
   return NS_OK;
 }
diff --git a/content/base/src/nsDocument.h b/content/base/src/nsDocument.h
index 41094e3b76f8..1e6325c592c0 100644
--- a/content/base/src/nsDocument.h
+++ b/content/base/src/nsDocument.h
@@ -276,10 +276,9 @@ public:
   NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal);
 
   /**
-   * Update principal responsible for this document to the intersection
-   * of its previous value and aPrincipal, and return its new value.
+   * Set the principal responsible for this document.
    */
-  NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal);
+  NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal);
 
   /**
    * Get the Content-Type of this document.
diff --git a/content/base/src/nsFrameLoader.cpp b/content/base/src/nsFrameLoader.cpp
index 02a0ffbe9ff5..59465c0e7d5c 100644
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@@ -59,7 +59,6 @@
 #include "nsIWebShell.h"
 
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
 
 #include "nsIURI.h"
 #include "nsIURL.h"
@@ -203,12 +202,8 @@ nsFrameLoader::LoadFrame()
   // If we were called from script, get the referring URL from the script
 
   if (principal) {
-    nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal));
-
-    if (codebase) {
-      rv = codebase->GetURI(getter_AddRefs(referrer));
-      NS_ENSURE_SUCCESS(rv, rv);
-    }
+    rv = principal->GetURI(getter_AddRefs(referrer));
+    NS_ENSURE_SUCCESS(rv, rv);
 
     // Pass the script principal to the docshell
 
diff --git a/content/base/src/nsGenericElement.cpp b/content/base/src/nsGenericElement.cpp
index 0e435798129e..02ca0245a117 100644
--- a/content/base/src/nsGenericElement.cpp
+++ b/content/base/src/nsGenericElement.cpp
@@ -74,7 +74,7 @@
 #include "nsINameSpaceManager.h"
 #include "nsContentList.h"
 #include "nsDOMError.h"
-#include "nsScriptSecurityManager.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsIDOMMutationEvent.h"
 #include "nsMutationEvent.h"
 
diff --git a/content/base/src/nsNodeInfoManager.cpp b/content/base/src/nsNodeInfoManager.cpp
index 1ce7530dfe84..70fb115b424a 100644
--- a/content/base/src/nsNodeInfoManager.cpp
+++ b/content/base/src/nsNodeInfoManager.cpp
@@ -43,6 +43,7 @@
 #include "nsIAtom.h"
 #include "nsIDocument.h"
 #include "nsIPrincipal.h"
+#include "nsIURI.h"
 #include "nsISupportsArray.h"
 #include "nsContentUtils.h"
 #include "nsReadableUtils.h"
diff --git a/content/base/src/nsNodeInfoManager.h b/content/base/src/nsNodeInfoManager.h
index d91b2722acc0..360907e47300 100644
--- a/content/base/src/nsNodeInfoManager.h
+++ b/content/base/src/nsNodeInfoManager.h
@@ -42,10 +42,10 @@
 #include "nsINodeInfo.h"
 #include "nsCOMPtr.h"
 #include "plhash.h"
-#include "nsIURI.h"
-#include "nsIPrincipal.h"
 
 class nsNodeInfo;
+class nsIPrincipal;
+class nsIURI;
 
 
 class nsNodeInfoManager : public nsINodeInfoManager
diff --git a/content/base/src/nsRange.cpp b/content/base/src/nsRange.cpp
index 3d906c68522f..8357c83a71fe 100644
--- a/content/base/src/nsRange.cpp
+++ b/content/base/src/nsRange.cpp
@@ -61,7 +61,7 @@
 #include "nsParserCIID.h"
 #include "nsIHTMLFragmentContentSink.h"
 #include "nsIEnumerator.h"
-#include "nsScriptSecurityManager.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsIScriptContext.h"
 #include "nsIHTMLDocument.h"
diff --git a/content/base/src/nsScriptLoader.cpp b/content/base/src/nsScriptLoader.cpp
index 11dbbbaeb8a5..9444a6c6504a 100644
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@@ -52,6 +52,38 @@ static NS_DEFINE_CID(kCharsetConverterManagerCID, NS_ICHARSETCONVERTERMANAGER_CI
 //
 //////////////////////////////////////////////////////////////
 
+static already_AddRefed<nsIPrincipal>
+IntersectPrincipalCerts(nsIPrincipal *aOld, nsIPrincipal *aNew)
+{
+  NS_PRECONDITION(aOld, "Null old principal!");
+  NS_PRECONDITION(aNew, "Null new principal!");
+
+  nsIPrincipal *principal = aOld;
+
+  PRBool hasCert;
+  aOld->GetHasCertificate(&hasCert);
+  if (hasCert) {
+    PRBool equal;
+    aOld->Equals(aNew, &equal);
+    if (!equal) {
+      nsCOMPtr<nsIURI> uri, domain;
+      aOld->GetURI(getter_AddRefs(uri));
+      aOld->GetDomain(getter_AddRefs(domain));
+
+      nsContentUtils::GetSecurityManager()->GetCodebasePrincipal(uri, &principal);
+      if (principal && domain) {
+        principal->SetDomain(domain);
+      }
+
+      return principal;
+    }
+  }
+
+  NS_ADDREF(principal);
+
+  return principal;
+}
+
 //////////////////////////////////////////////////////////////
 // Per-request data structure
 //////////////////////////////////////////////////////////////
@@ -412,17 +444,14 @@ nsScriptLoader::ProcessScriptElement(nsIDOMHTMLScriptElement *aElement,
     }
     
     // Check that the containing page is allowed to load this URI.
-    nsCOMPtr<nsIScriptSecurityManager> securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
-    if (NS_FAILED(rv)) {
-      return FireErrorNotification(rv, aElement, aObserver);
-    }
     nsCOMPtr<nsIURI> docURI;
     mDocument->GetDocumentURL(getter_AddRefs(docURI));
     if (!docURI) {
       return FireErrorNotification(NS_ERROR_UNEXPECTED, aElement, aObserver);
     }
-    rv = securityManager->CheckLoadURI(docURI, scriptURI, 
-                                       nsIScriptSecurityManager::ALLOW_CHROME);
+    rv = nsContentUtils::GetSecurityManager()->
+      CheckLoadURI(docURI, scriptURI, nsIScriptSecurityManager::ALLOW_CHROME);
+
     if (NS_FAILED(rv)) {
       return FireErrorNotification(rv, aElement, aObserver);
     }
@@ -874,18 +903,22 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
     if (channel) {
       nsCOMPtr<nsISupports> owner;
       channel->GetOwner(getter_AddRefs(owner));
-      nsCOMPtr<nsIPrincipal> prin;
-      
-      if (owner) {
-        prin = do_QueryInterface(owner, &rv);
-      }
-      
-      rv = mDocument->AddPrincipal(prin);
-      if (NS_FAILED(rv)) {
-        mPendingRequests.RemoveObject(request);
-        FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
-        ProcessPendingReqests();
-        return NS_OK;
+      nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(owner);
+
+      if (principal) {
+        nsCOMPtr<nsIPrincipal> docPrincipal;
+        rv = mDocument->GetPrincipal(getter_AddRefs(docPrincipal));
+        if (NS_SUCCEEDED(rv)) {
+          nsCOMPtr<nsIPrincipal> newPrincipal =
+              IntersectPrincipalCerts(docPrincipal, principal);
+
+          mDocument->SetPrincipal(newPrincipal);
+        } else {
+          mPendingRequests.RemoveObject(request);
+          FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
+          ProcessPendingReqests();
+          return NS_OK;
+        }
       }
     }
   }
diff --git a/content/events/src/nsEventListenerManager.h b/content/events/src/nsEventListenerManager.h
index 57bc66290fbb..e2ff59b5ba63 100644
--- a/content/events/src/nsEventListenerManager.h
+++ b/content/events/src/nsEventListenerManager.h
@@ -42,7 +42,6 @@
 #include "nsIEventListenerManager.h"
 #include "jsapi.h"
 #include "nsCOMPtr.h"
-#include "nsIPrincipal.h"
 #include "nsIDOMEventReceiver.h"
 #include "nsIDOM3EventTarget.h"
 #include "nsHashtable.h"
diff --git a/content/html/document/src/nsHTMLContentSink.cpp b/content/html/document/src/nsHTMLContentSink.cpp
index a46dd5a2c19f..e5aa098c9e36 100644
--- a/content/html/document/src/nsHTMLContentSink.cpp
+++ b/content/html/document/src/nsHTMLContentSink.cpp
@@ -104,8 +104,6 @@
 #include "nsVoidArray.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsIPrincipal.h"
-#include "nsICodebasePrincipal.h"
-#include "nsIAggregatePrincipal.h"
 #include "nsTextFragment.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsIScriptGlobalObjectOwner.h"
diff --git a/content/html/document/src/nsHTMLDocument.cpp b/content/html/document/src/nsHTMLDocument.cpp
index 93da9ff1e774..af8ce9085d56 100644
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@@ -85,8 +85,7 @@
 #include "nsIXPConnect.h"
 #include "nsContentList.h"
 #include "nsDOMError.h"
-#include "nsICodebasePrincipal.h"
-#include "nsIAggregatePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsIScrollableView.h"
 
@@ -1896,11 +1895,10 @@ nsHTMLDocument::GetDomainURI(nsIURI **aURI)
   if (NS_FAILED(GetPrincipal(getter_AddRefs(principal))))
     return;
 
-  nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
-  if (!codebase)
-    return;
-
-  codebase->GetURI(aURI);
+  principal->GetDomain(aURI);
+  if (!*aURI) {
+    principal->GetURI(aURI);
+  }
 }
 
 
@@ -1972,27 +1970,10 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain)
   if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString)))
     return NS_ERROR_FAILURE;
 
-  // Get codebase principal
-  nsresult rv;
-  nsCOMPtr<nsIScriptSecurityManager> securityManager =
-           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  if (NS_FAILED(rv))
-    return NS_ERROR_FAILURE;
-  nsCOMPtr<nsIPrincipal> newCodebase;
-  rv = securityManager->GetCodebasePrincipal(newURI,
-                                             getter_AddRefs(newCodebase));
-    if (NS_FAILED(rv))
-    return NS_ERROR_FAILURE;
-  nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
-  NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
-  if (NS_FAILED(rv))
-    return NS_ERROR_FAILURE;
-
-  rv = agg->SetCodebase(newCodebase);
+  nsresult rv = mPrincipal->SetDomain(newURI);
 
   // Bug 13871: Frameset spoofing - note that document.domain was set
   if (NS_SUCCEEDED(rv)) {
-    agg->SetDomainChanged(PR_TRUE);
     mDomainWasSet = PR_TRUE;
   }
 
@@ -2254,23 +2235,16 @@ nsHTMLDocument::GetCookie(nsAString& aCookie)
   if (service) {
     // Get a URI from the document principal. We use the original
     // codebase in case the codebase was changed by SetDomain
-    nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
-    // Document principal should always be an aggregate
-    NS_ENSURE_SUCCESS(rv, rv);
+    nsCOMPtr<nsIURI> codebaseURI;
+    mPrincipal->GetURI(getter_AddRefs(codebaseURI));
+
+    if (!codebaseURI) {
+      // Document's principal is not a codebase (may be system), so
+      // can't set cookies
 
-    nsCOMPtr<nsIPrincipal> originalPrincipal;
-    rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
-    nsCOMPtr<nsICodebasePrincipal> originalCodebase(
-        do_QueryInterface(originalPrincipal, &rv));
-    if (NS_FAILED(rv)) {
-      // Document's principal is not a codebase, so can't get cookies
       return NS_OK;
     }
 
-    nsCOMPtr<nsIURI> codebaseURI;
-    rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
-    NS_ENSURE_SUCCESS(rv, rv);
-
     nsXPIDLCString cookie;
       rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie));
     if (NS_SUCCEEDED(rv) && cookie)
@@ -2306,25 +2280,16 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie)
       }
     }
 
-    // Get a URI from the document principal. We use the original
-    // codebase in case the codebase was changed by SetDomain
-    nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
-    // Document principal should always be an aggregate
-    NS_ENSURE_SUCCESS(rv, rv);
+    nsCOMPtr<nsIURI> codebaseURI;
+    mPrincipal->GetURI(getter_AddRefs(codebaseURI));
+
+    if (!codebaseURI) {
+      // Document's principal is not a codebase (may be system), so
+      // can't set cookies
 
-    nsCOMPtr<nsIPrincipal> originalPrincipal;
-    rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
-    nsCOMPtr<nsICodebasePrincipal> originalCodebase(
-        do_QueryInterface(originalPrincipal, &rv));
-    if (NS_FAILED(rv)) {
-      // Document's principal is not a codebase, so can't set cookies
       return NS_OK;
     }
 
-    nsCOMPtr<nsIURI> codebaseURI;
-    rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
-    NS_ENSURE_SUCCESS(rv, rv);
-
     rv = NS_ERROR_OUT_OF_MEMORY;
     char* cookie = ToNewCString(aCookie);
     if (cookie) {
@@ -2680,19 +2645,12 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
     rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
     NS_ENSURE_SUCCESS(rv, rv);
 
-    // why is the above code duplicated below???
-    rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
-    NS_ENSURE_SUCCESS(rv, rv);
-
     if (subject) {
-      nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
-      if (codebase) {
-        nsCOMPtr<nsIURI> subjectURI;
-        rv = codebase->GetURI(getter_AddRefs(subjectURI));
-        NS_ENSURE_SUCCESS(rv, rv);
+      nsCOMPtr<nsIURI> subjectURI;
+      subject->GetURI(getter_AddRefs(subjectURI));
 
+      if (subjectURI) {
         mDocumentURL = subjectURI;
-
         mPrincipal = subject;
       }
     }
diff --git a/content/xml/document/src/nsXMLContentSink.cpp b/content/xml/document/src/nsXMLContentSink.cpp
index a001cf6eaf0a..4b3032fc97bd 100644
--- a/content/xml/document/src/nsXMLContentSink.cpp
+++ b/content/xml/document/src/nsXMLContentSink.cpp
@@ -99,8 +99,6 @@
 #include "nsIDOMWindowInternal.h"
 #include "nsIChannel.h"
 #include "nsIPrincipal.h"
-#include "nsIAggregatePrincipal.h"
-#include "nsICodebasePrincipal.h"
 #include "nsXBLAtoms.h"
 #include "nsXMLPrettyPrinter.h"
 
@@ -718,6 +716,7 @@ nsXMLContentSink::ProcessBASETag(nsIContent* aContent)
       }
     }
   }
+
   return rv;
 }
 
diff --git a/content/xml/document/src/nsXMLDocument.cpp b/content/xml/document/src/nsXMLDocument.cpp
index d7519c641f6f..dd3819a3478a 100644
--- a/content/xml/document/src/nsXMLDocument.cpp
+++ b/content/xml/document/src/nsXMLDocument.cpp
@@ -76,9 +76,8 @@
 #include "nsICharsetAlias.h"
 #include "nsNetUtil.h"
 #include "nsDOMError.h"
-#include "nsScriptSecurityManager.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsIPrincipal.h"
-#include "nsIAggregatePrincipal.h"
 #include "nsLayoutCID.h"
 #include "nsDOMAttribute.h"
 #include "nsGUIEvent.h"
@@ -332,21 +331,7 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
       return rv;
   }
 
-  nsCOMPtr<nsIPrincipal> newCodebase;
-  rv = secMan->GetCodebasePrincipal(newLocation,
-                                    getter_AddRefs(newCodebase));
-  if (NS_FAILED(rv))
-    return NS_ERROR_FAILURE;
-
-  nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
-  NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
-
-  if (NS_FAILED(rv))
-    return NS_ERROR_FAILURE;
-
-  rv = agg->SetCodebase(newCodebase);
-
-  return rv;
+  return secMan->GetCodebasePrincipal(newLocation, getter_AddRefs(mPrincipal));
 }
 
 NS_IMETHODIMP
diff --git a/content/xul/document/src/nsXULDocument.cpp b/content/xul/document/src/nsXULDocument.cpp
index 97f18458a8fc..35a629b9b6ca 100644
--- a/content/xul/document/src/nsXULDocument.cpp
+++ b/content/xul/document/src/nsXULDocument.cpp
@@ -68,7 +68,7 @@
 #include "nsDOMError.h"
 #include "nsIBoxObject.h"
 #include "nsIChromeRegistry.h"
-#include "nsICodebasePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsIContentSink.h" // for NS_CONTENT_ID_COUNTER_BASE
 #include "nsIScrollableView.h"
 #include "nsIContentViewer.h"
@@ -684,9 +684,9 @@ nsXULDocument::GetPrincipal(nsIPrincipal **aPrincipal)
 }
 
 NS_IMETHODIMP
-nsXULDocument::AddPrincipal(nsIPrincipal *aPrincipal)
+nsXULDocument::SetPrincipal(nsIPrincipal *aPrincipal)
 {
-    NS_NOTREACHED("AddPrincipal");
+    NS_NOTREACHED("SetPrincipal");
     return NS_ERROR_NOT_IMPLEMENTED;
 }
 
diff --git a/content/xul/document/src/nsXULDocument.h b/content/xul/document/src/nsXULDocument.h
index f9a5c9526495..8ab5b292483e 100644
--- a/content/xul/document/src/nsXULDocument.h
+++ b/content/xul/document/src/nsXULDocument.h
@@ -105,7 +105,7 @@ public:
 
     NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal);
 
-    NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal);
+    NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal);
 
     NS_IMETHOD SetContentType(const nsAString& aContentType);
 
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 7288ed8f9266..f0ffbfeecc56 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -53,7 +53,7 @@
 #include "nsIHttpEventSink.h"
 #include "nsIUploadChannel.h"
 #include "nsISecurityEventSink.h"
-#include "nsScriptSecurityManager.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsDocumentCharsetInfoCID.h"
 #include "nsICanvasFrame.h"
 #include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...)
@@ -106,7 +106,6 @@
 #include "nsIWyciwygChannel.h"
 
 // The following are for bug #13871: Prevent frameset spoofing
-#include "nsICodebasePrincipal.h"
 #include "nsIHTMLDocument.h"
 
 // For reporting errors with the console service.
@@ -957,11 +956,8 @@ PRBool ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem, nsIDocShellTreeItem*
   rv = targetDocument->GetPrincipal(getter_AddRefs(targetPrincipal));
   NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipal, rv);
 
-  nsCOMPtr<nsICodebasePrincipal> targetCodebasePrincipal(do_QueryInterface(targetPrincipal));
-  NS_ENSURE_TRUE(targetCodebasePrincipal, PR_TRUE);
-
   nsCOMPtr<nsIURI> targetPrincipalURI;
-  rv = targetCodebasePrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
+  rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
   NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE);
 
   // Find out if document.domain was set for HTML documents
diff --git a/dom/src/base/nsGlobalWindow.cpp b/dom/src/base/nsGlobalWindow.cpp
index 8e1ee1a86d34..585d8f9865ab 100644
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@@ -73,7 +73,6 @@
 #include "nsIWidget.h"
 #include "nsIBaseWindow.h"
 #include "nsICharsetConverterManager.h"
-#include "nsICodebasePrincipal.h"
 #include "nsIContent.h"
 #include "nsIWebBrowserPrint.h"
 #include "nsIContentViewerEdit.h"
@@ -4648,12 +4647,13 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl,
         if (sSecMan) {
           nsCOMPtr<nsIPrincipal> principal;
           sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
-          nsCOMPtr<nsICodebasePrincipal> codebasePrin(do_QueryInterface(principal));
-          if (codebasePrin) {
+          if (principal) {
             nsCOMPtr<nsIURI> subjectURI;
-            codebasePrin->GetURI(getter_AddRefs(subjectURI));
-            nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
-            domReturnPrivate->SetOpenerScriptURL(subjectURI);
+            principal->GetURI(getter_AddRefs(subjectURI));
+            if (subjectURI) {
+              nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
+              domReturnPrivate->SetOpenerScriptURL(subjectURI);
+            }
           }
         }
       }
diff --git a/dom/src/base/nsJSEnvironment.cpp b/dom/src/base/nsJSEnvironment.cpp
index 2d4a120f3f1d..e02e175c4cd5 100644
--- a/dom/src/base/nsJSEnvironment.cpp
+++ b/dom/src/base/nsJSEnvironment.cpp
@@ -704,7 +704,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
   JSPrincipals *jsprin;
   nsCOMPtr<nsIPrincipal> principal = aPrincipal;
   if (aPrincipal) {
-    aPrincipal->GetJSPrincipals(&jsprin);
+    aPrincipal->GetJsPrincipals(&jsprin);
   }
   else {
     nsCOMPtr<nsIScriptGlobalObject> global;
@@ -717,7 +717,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
     rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
     if (NS_FAILED(rv))
       return NS_ERROR_FAILURE;
-    principal->GetJSPrincipals(&jsprin);
+    principal->GetJsPrincipals(&jsprin);
   }
   // From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
 
@@ -882,7 +882,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
   JSPrincipals *jsprin;
   nsCOMPtr<nsIPrincipal> principal = aPrincipal;
   if (aPrincipal) {
-    aPrincipal->GetJSPrincipals(&jsprin);
+    aPrincipal->GetJsPrincipals(&jsprin);
   }
   else {
     nsCOMPtr<nsIScriptGlobalObject> global;
@@ -895,7 +895,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
     rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
     if (NS_FAILED(rv))
       return NS_ERROR_FAILURE;
-    principal->GetJSPrincipals(&jsprin);
+    principal->GetJsPrincipals(&jsprin);
   }
   // From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
 
@@ -995,7 +995,7 @@ nsJSContext::CompileScript(const PRUnichar* aText,
     aScopeObject = ::JS_GetGlobalObject(mContext);
 
   JSPrincipals *jsprin;
-  aPrincipal->GetJSPrincipals(&jsprin);
+  aPrincipal->GetJsPrincipals(&jsprin);
   // From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
 
   PRBool ok = PR_FALSE;
@@ -1169,7 +1169,7 @@ nsJSContext::CompileEventHandler(void *aTarget, nsIAtom *aName,
                                                        getter_AddRefs(prin));
     NS_ENSURE_SUCCESS(rv, rv);
 
-    prin->GetJSPrincipals(&jsprin);
+    prin->GetJsPrincipals(&jsprin);
     NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE);
   }
 
@@ -1222,7 +1222,7 @@ nsJSContext::CompileFunction(void* aTarget,
       nsCOMPtr<nsIPrincipal> prin;
       if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(prin))))
         return NS_ERROR_FAILURE;
-      prin->GetJSPrincipals(&jsprin);
+      prin->GetJsPrincipals(&jsprin);
     }
   }
 
diff --git a/dom/src/base/nsLocation.cpp b/dom/src/base/nsLocation.cpp
index 35f4d4c07d98..3440e10175d7 100644
--- a/dom/src/base/nsLocation.cpp
+++ b/dom/src/base/nsLocation.cpp
@@ -58,7 +58,6 @@
 #include "nsEscape.h"
 #include "nsJSUtils.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
 #include "nsIDOMWindow.h"
 #include "nsIDOMDocument.h"
 #include "nsIDocument.h"
diff --git a/dom/src/jsurl/nsJSProtocolHandler.cpp b/dom/src/jsurl/nsJSProtocolHandler.cpp
index fd73dfe4411c..75503f9068bf 100644
--- a/dom/src/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/src/jsurl/nsJSProtocolHandler.cpp
@@ -55,7 +55,6 @@
 #include "nsIScriptGlobalObjectOwner.h"
 #include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIStringStream.h"
@@ -230,32 +229,21 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel)
         if (NS_FAILED(rv))
             return rv;
 
-        PRBool equals = PR_FALSE;
-        if ((NS_FAILED(objectPrincipal->Equals(principal, &equals)) || !equals)) {
-            // If the principals aren't equal
-
-            nsCOMPtr<nsIPrincipal> systemPrincipal;
-            securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
-            if (principal.get() != systemPrincipal.get()) {
-                // and the script to be run does not have the system principal
-
-                nsCOMPtr<nsICodebasePrincipal> 
-                    objectCodebase(do_QueryInterface(objectPrincipal));
-                nsXPIDLCString objectOrigin;
-                rv = objectCodebase->GetOrigin(getter_Copies(objectOrigin));
-                if (PL_strcmp("about:blank", objectOrigin) != 0) {
-                    // and the target window is not about:blank, then
-                    // don't run the script. Print a message to the console and
-                    // return undefined.
-
-                    nsCOMPtr<nsIConsoleService> 
-                        console(do_GetService("@mozilla.org/consoleservice;1"));
-                    if (console) {
-                            console->LogStringMessage(
-                                NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
-                    }
-                    return NS_ERROR_DOM_RETVAL_UNDEFINED;
+        nsCOMPtr<nsIPrincipal> systemPrincipal;
+        securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
+        if (principal != systemPrincipal) {
+            rv = securityManager->CheckSameOriginPrincipal(principal,
+                                                           objectPrincipal);
+            if (NS_FAILED(rv)) {
+                nsCOMPtr<nsIConsoleService> console =
+                    do_GetService("@mozilla.org/consoleservice;1");
+                if (console) {
+                    // XXX Localize me!
+                    console->LogStringMessage(
+                        NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
                 }
+
+                return NS_ERROR_DOM_RETVAL_UNDEFINED;
             }
         }
     }
@@ -300,9 +288,9 @@ nsresult nsJSThunk::BringUpConsole(nsIDOMWindow *aDomWindow)
     nsresult rv;
 
     // First, get the Window Mediator service.
-    nsCOMPtr<nsIWindowMediator> windowMediator;
+    nsCOMPtr<nsIWindowMediator> windowMediator =
+        do_GetService(kWindowMediatorCID, &rv);
 
-    windowMediator = do_GetService(kWindowMediatorCID, &rv);
     if (NS_FAILED(rv)) return rv;
 
     // Next, find out whether there's a console already open.
diff --git a/embedding/browser/activex/src/plugin/LegacyPlugin.cpp b/embedding/browser/activex/src/plugin/LegacyPlugin.cpp
index 1358c9b2c646..df1142b4698b 100644
--- a/embedding/browser/activex/src/plugin/LegacyPlugin.cpp
+++ b/embedding/browser/activex/src/plugin/LegacyPlugin.cpp
@@ -404,7 +404,7 @@ MozAxAutoPushJSContext::MozAxAutoPushJSContext(JSContext *cx,
         if (NS_SUCCEEDED(mPushResult))
         {
             JSPrincipals* jsprinc;
-            principal->GetJSPrincipals(&jsprinc);
+            principal->GetJsPrincipals(&jsprinc);
 
             mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
                                                           jsprinc, "", 0, "", 1);
diff --git a/extensions/webservices/schema/src/nsSchemaLoader.cpp b/extensions/webservices/schema/src/nsSchemaLoader.cpp
index 0e086a687a7b..51c985be89fc 100644
--- a/extensions/webservices/schema/src/nsSchemaLoader.cpp
+++ b/extensions/webservices/schema/src/nsSchemaLoader.cpp
@@ -43,7 +43,7 @@
 // XPConnect includes
 #include "nsIXPConnect.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
+#include "nsIPrincipal.h"
 
 // XPCOM includes
 #include "nsIServiceManager.h"
@@ -813,10 +813,7 @@ nsSchemaLoader::GetResolvedURI(const nsAString& aSchemaURI,
     nsCOMPtr<nsIPrincipal> principal;
     rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
     if (NS_SUCCEEDED(rv)) {
-      nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
-      if (codebase) {
-        codebase->GetURI(getter_AddRefs(baseURI));
-      }
+      principal->GetURI(getter_AddRefs(baseURI));
     }
     
     rv = NS_NewURI(aURI, aSchemaURI, nsnull, baseURI);
diff --git a/extensions/webservices/security/src/nsWebScriptsAccess.cpp b/extensions/webservices/security/src/nsWebScriptsAccess.cpp
index 2c219d9303bd..f53f10eb50ac 100755
--- a/extensions/webservices/security/src/nsWebScriptsAccess.cpp
+++ b/extensions/webservices/security/src/nsWebScriptsAccess.cpp
@@ -43,7 +43,7 @@
 #include "nsIDOMNodeList.h"
 #include "nsIDOMAttr.h"
 #include "nsIDOMNamedNodeMap.h"
-#include "nsICodebasePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsIURL.h"
 #include "nsReadableUtils.h"
 #include "nsIHttpChannel.h"
@@ -260,13 +260,7 @@ nsWebScriptsAccess::GetCodebaseURI(nsIURI** aCodebase)
   rv = mSecurityManager->GetSubjectPrincipal(getter_AddRefs(principal));
   NS_ENSURE_SUCCESS(rv, rv);
   
-  nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal, &rv));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = codebase->GetURI(aCodebase);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  return NS_OK;
+  return principal->GetURI(aCodebase);
 }
 
 nsresult 
diff --git a/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp b/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
index a484ed99af25..6668070e1a7b 100644
--- a/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
+++ b/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
@@ -44,7 +44,7 @@
 #include "nsIURI.h"
 #include "nsNetUtil.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsIVariant.h"
 #include "nsString.h"
 #include "nsSOAPUtils.h"
@@ -57,7 +57,6 @@
 #include "nsIWebScriptsAccessService.h"
 #include "nsMemory.h"
 #include "nsIDocument.h"
-#include "nsIAggregatePrincipal.h"
 
 nsHTTPSOAPTransport::nsHTTPSOAPTransport()
 {
@@ -93,9 +92,9 @@ static NS_NAMED_LITERAL_STRING(kAnyURISchemaType, "anyURI");
 
 /**
   * This method will replace the target document's 
-  * codebase pricipal with the subject codebase to
-  * override cross domain checks. So use caution 
-  * because this might lead to serious security breech
+  * codebase principal with the subject codebase to
+  * override cross-domain checks. So use caution 
+  * because this might lead to a serious security breach
   * if misused.
   * @param aDocument - The target/response document.
   */
@@ -121,25 +120,8 @@ nsresult ChangePrincipal(nsIDOMDocument* aDocument)
   if (NS_FAILED(rv)) {
     nsCOMPtr<nsIPrincipal> subjectPrincipal;
     rv = secMgr->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    nsCOMPtr<nsIAggregatePrincipal> subjectAgg = 
-      do_QueryInterface(subjectPrincipal, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-       
-    nsCOMPtr<nsIPrincipal> subjectCodebase;
-    rv = subjectAgg->GetOriginalCodebase(getter_AddRefs(subjectCodebase));
-    NS_ENSURE_SUCCESS(rv, rv);
-       
-    nsCOMPtr<nsIPrincipal> targetPrincipal;
-    rv = targetDoc->GetPrincipal(getter_AddRefs(targetPrincipal));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    nsCOMPtr<nsIAggregatePrincipal> targetAgg = 
-      do_QueryInterface(targetPrincipal, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    rv = targetAgg->SetCodebase(subjectCodebase);
+    if (NS_SUCCEEDED(rv))
+      targetDoc->SetPrincipal(subjectPrincipal);
   }
   return rv;
 }
@@ -216,24 +198,20 @@ static nsresult GetTransportURI(nsISOAPCall * aCall, nsAString & aURI)
                               "SOAP_INVOKE_VERIFY_PRINCIPAL", 
                               "Source-verified message cannot be sent without principal.");
       }
-      nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal,&rc);
-      if (NS_FAILED(rc)) 
-        return rc;
-  
-      if (!codebase) {
+
+      nsCOMPtr<nsIURI> uri;
+      principal->GetURI(getter_AddRefs(uri));
+      if (!uri) {
         return SOAP_EXCEPTION(NS_ERROR_FAILURE,
-                              "SOAP_INVOKE_VERIFY_CODEBASE", 
-                              "Source-verified message cannot be sent without codebase.");
+                              "SOAP_INVOKE_VERIFY_URI", 
+                              "Source-verified message cannot be sent without URI.");
       }
-  
-      char* str;
 
-      rc = codebase->GetSpec(&str);
+      nsCAutoString spec;
+      rc = uri->GetSpec(spec);
       if (NS_FAILED(rc)) 
         return rc;
-      CopyASCIItoUCS2(nsDependentCString(str), sourceURI);
-      nsMemory::Free(str);
-
+      CopyASCIItoUCS2(spec, sourceURI);
     }
 
 //  Adding a header to tell the server that it must understand and verify the source of the call
diff --git a/extensions/webservices/wsdl/src/nsWSDLLoader.cpp b/extensions/webservices/wsdl/src/nsWSDLLoader.cpp
index a5db5fc88a5e..63edfe39d5f5 100644
--- a/extensions/webservices/wsdl/src/nsWSDLLoader.cpp
+++ b/extensions/webservices/wsdl/src/nsWSDLLoader.cpp
@@ -40,7 +40,7 @@
 // XPConnect includes
 #include "nsIXPConnect.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
+#include "nsIPrincipal.h"
 
 // XPCOM includes
 #include "nsIServiceManager.h"
@@ -218,10 +218,7 @@ nsWSDLLoader::GetResolvedURI(const nsAString& aWSDLURI, const char* aMethod,
     nsCOMPtr<nsIPrincipal> principal;
     rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
     if (NS_SUCCEEDED(rv)) {
-      nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
-      if (codebase) {
-        codebase->GetURI(getter_AddRefs(baseURI));
-      }
+      principal->GetURI(getter_AddRefs(baseURI));
     }
 
     rv = NS_NewURI(aURI, aWSDLURI, nsnull, baseURI);
diff --git a/extensions/xmlextras/base/src/nsDOMSerializer.cpp b/extensions/xmlextras/base/src/nsDOMSerializer.cpp
index c10d745704d8..b34833b83646 100644
--- a/extensions/xmlextras/base/src/nsDOMSerializer.cpp
+++ b/extensions/xmlextras/base/src/nsDOMSerializer.cpp
@@ -50,7 +50,6 @@
 
 #include "nsIJSContextStack.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
 #include "nsIURI.h"
 
 nsDOMSerializer::nsDOMSerializer()
@@ -156,11 +155,8 @@ nsresult CheckSameOrigin(nsIDOMNode *aRoot)
 
       doc->GetPrincipal(getter_AddRefs(principal));
 
-      nsCOMPtr<nsICodebasePrincipal> codebase_principal =
-        do_QueryInterface(principal);
-
-      if (codebase_principal) {
-        codebase_principal->GetURI(getter_AddRefs(root_uri));
+      if (principal) {
+        principal->GetURI(getter_AddRefs(root_uri));
       }
 
       if (root_uri) {
diff --git a/js/src/liveconnect/nsCLiveconnect.cpp b/js/src/liveconnect/nsCLiveconnect.cpp
index 072ee91fd775..a1e54eb27019 100644
--- a/js/src/liveconnect/nsCLiveconnect.cpp
+++ b/js/src/liveconnect/nsCLiveconnect.cpp
@@ -210,7 +210,7 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports,
         if (!hasScript)
         {
             JSPrincipals* jsprinc;
-            principal->GetJSPrincipals(&jsprinc);
+            principal->GetJsPrincipals(&jsprinc);
 
             mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
                                                           jsprinc, "", 0, "", 1);
diff --git a/js/src/xpconnect/loader/mozJSComponentLoader.cpp b/js/src/xpconnect/loader/mozJSComponentLoader.cpp
index 190d97f2e7b8..47749187b473 100644
--- a/js/src/xpconnect/loader/mozJSComponentLoader.cpp
+++ b/js/src/xpconnect/loader/mozJSComponentLoader.cpp
@@ -269,7 +269,7 @@ EvalInSandbox(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
         NS_FAILED(secman->GetCodebasePrincipal(iURL,
                                                getter_AddRefs(principal))) ||
         !principal ||
-        NS_FAILED(principal->GetJSPrincipals(&jsPrincipals)) ||
+        NS_FAILED(principal->GetJsPrincipals(&jsPrincipals)) ||
         !jsPrincipals) {
         JS_ReportError(cx, "Can't get principals for evalInSandbox");
         return JS_FALSE;
@@ -997,7 +997,7 @@ mozJSComponentLoader::GlobalForLocation(const char *aLocation,
     nsCOMPtr<nsIScriptObjectPrincipal> backstagePass =
       new BackstagePass(mSystemPrincipal);
 
-    rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
+    rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
     if (NS_FAILED(rv) || !jsPrincipals)
         return nsnull;
 
diff --git a/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp b/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
index efd0e19e90df..4ba3cb45874e 100644
--- a/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
+++ b/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
@@ -299,7 +299,7 @@ mozJSSubScriptLoader::LoadSubScript (const PRUnichar * /*url*/
     /* we can't hold onto jsPrincipals as a module var because the
      * JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the
      * destructor */
-    rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
+    rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
     if (NS_FAILED(rv) || !jsPrincipals) {
         delete[] buf;
         return rv;
diff --git a/layout/generic/nsFrameFrame.cpp b/layout/generic/nsFrameFrame.cpp
index f7b44b5abfdd..4c36b696ed7b 100644
--- a/layout/generic/nsFrameFrame.cpp
+++ b/layout/generic/nsFrameFrame.cpp
@@ -76,7 +76,6 @@
 #include "nsLayoutAtoms.h"
 #include "nsIChromeEventHandler.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
 #include "nsXPIDLString.h"
 #include "nsIScrollable.h"
 #include "nsINameSpaceManager.h"
diff --git a/layout/html/document/src/nsFrameFrame.cpp b/layout/html/document/src/nsFrameFrame.cpp
index f7b44b5abfdd..4c36b696ed7b 100644
--- a/layout/html/document/src/nsFrameFrame.cpp
+++ b/layout/html/document/src/nsFrameFrame.cpp
@@ -76,7 +76,6 @@
 #include "nsLayoutAtoms.h"
 #include "nsIChromeEventHandler.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsICodebasePrincipal.h"
 #include "nsXPIDLString.h"
 #include "nsIScrollable.h"
 #include "nsINameSpaceManager.h"
diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp
index e8cefd75f833..e4b123b6dad7 100644
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@@ -22,12 +22,11 @@
 #include "nsMimeTypes.h"
 #include "nsNetUtil.h"
 
-#include "nsScriptSecurityManager.h"
-#include "nsIAggregatePrincipal.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIPrincipal.h"
 #include "nsIFileURL.h"
 #include "nsIJAR.h"
 
-static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
 static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
 
 //-----------------------------------------------------------------------------
@@ -419,24 +418,19 @@ nsJARChannel::GetOwner(nsISupports **result)
     if (NS_FAILED(rv)) return rv;
 
     if (cert) {
-        // Get the codebase principal
+        nsXPIDLCString certID;
+        rv = cert->GetCertificateID(getter_Copies(certID));
+        if (NS_FAILED(rv)) return rv;
+
         nsCOMPtr<nsIScriptSecurityManager> secMan = 
-                 do_GetService(kScriptSecurityManagerCID, &rv);
+                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
         if (NS_FAILED(rv)) return rv;
 
-        nsCOMPtr<nsIPrincipal> codebase;
-        rv = secMan->GetCodebasePrincipal(mJarBaseURI, 
-                                          getter_AddRefs(codebase));
-        if (NS_FAILED(rv)) return rv;
-    
-        // Join the certificate and the codebase
-        nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
+        rv = secMan->GetCertificatePrincipal(certID, mJarBaseURI,
+                                             getter_AddRefs(cert));
         if (NS_FAILED(rv)) return rv;
 
-        rv = agg->SetCodebase(codebase);
-        if (NS_FAILED(rv)) return rv;
-
-        mOwner = do_QueryInterface(agg, &rv);
+        mOwner = do_QueryInterface(cert, &rv);
         if (NS_FAILED(rv)) return rv;
 
         NS_ADDREF(*result = mOwner);
diff --git a/modules/libpref/src/nsPrefBranch.cpp b/modules/libpref/src/nsPrefBranch.cpp
index b698229bf54e..12d64ff247d5 100644
--- a/modules/libpref/src/nsPrefBranch.cpp
+++ b/modules/libpref/src/nsPrefBranch.cpp
@@ -46,7 +46,7 @@
 #include "nsString.h"
 #include "nsReadableUtils.h"
 #include "nsXPIDLString.h"
-#include "nsScriptSecurityManager.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsIStringBundle.h"
 #include "prefapi.h"
 #include "prmem.h"
@@ -68,8 +68,6 @@ struct PrefCallbackData {
 };
 
 
-static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
-
 // Prototypes
 PR_STATIC_CALLBACK(PLDHashOperator)
   pref_enumChild(PLDHashTable *table, PLDHashEntryHdr *heh,
@@ -843,7 +841,8 @@ nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **
   {
     nsresult rv;
     nsCOMPtr<nsIScriptSecurityManager> secMan = 
-             do_GetService(kSecurityManagerCID, &rv);
+             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+
     if (NS_FAILED(rv))
       return NS_ERROR_FAILURE;
 
diff --git a/modules/oji/src/ProxyClassLoader.cpp b/modules/oji/src/ProxyClassLoader.cpp
index 4f82ea23f30d..a3909eb4f104 100644
--- a/modules/oji/src/ProxyClassLoader.cpp
+++ b/modules/oji/src/ProxyClassLoader.cpp
@@ -45,7 +45,6 @@
 #include "nsIServiceManager.h"
 #include "nsIJSContextStack.h"
 #include "nsIPrincipal.h"
-#include "nsICodebasePrincipal.h"
 #include "nsIScriptContext.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsIScriptObjectPrincipal.h"
@@ -70,9 +69,7 @@ static nsresult getScriptCodebase(JSContext* cx, nsIURI* *result)
             nsCOMPtr<nsIPrincipal> principal;
             scriptObjectPrincipal->GetPrincipal(getter_AddRefs(principal));
             if (principal) {
-                nsCOMPtr<nsICodebasePrincipal> codebasePrincipal = do_QueryInterface(principal);
-                if (codebasePrincipal)
-                    return codebasePrincipal->GetURI(result);
+                return principal->GetURI(result);
             }
         }
     }
diff --git a/modules/oji/src/lcglue.cpp b/modules/oji/src/lcglue.cpp
index a43d7662bed5..b29ccb557ba6 100644
--- a/modules/oji/src/lcglue.cpp
+++ b/modules/oji/src/lcglue.cpp
@@ -352,7 +352,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
                     rv = ssm->GetCodebasePrincipal(codebaseURI, getter_AddRefs(principal));
                     if (NS_SUCCEEDED(rv)) {
                         JSPrincipals* jsprincipals;
-                        principal->GetJSPrincipals(&jsprincipals);
+                        principal->GetJsPrincipals(&jsprincipals);
                         return jsprincipals;
                     }
                 }
@@ -362,7 +362,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
         nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(credentials);
         if (principal) {
             JSPrincipals* jsprincipals;
-            principal->GetJSPrincipals(&jsprincipals);
+            principal->GetJsPrincipals(&jsprincipals);
             return jsprincipals;
         }
     }
diff --git a/modules/oji/src/nsCSecurityContext.cpp b/modules/oji/src/nsCSecurityContext.cpp
index 9169398fa259..a5e7bc8cdd87 100644
--- a/modules/oji/src/nsCSecurityContext.cpp
+++ b/modules/oji/src/nsCSecurityContext.cpp
@@ -53,12 +53,7 @@
 
 // For GetOrigin()
 
-#include "nsCOMPtr.h"
-#include "nsJSPrincipals.h"
-#include "nsSystemPrincipal.h"
-#include "nsCodebasePrincipal.h"
-#include "nsCertificatePrincipal.h"
-#include "nsScriptSecurityManager.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsIServiceManager.h"
 #include "nsIScriptObjectPrincipal.h"
@@ -135,39 +130,27 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen)
         }
     }
 
-    nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(m_pPrincipal);
-    if (!codebase) 
+    nsXPIDLCString origin;
+    m_pPrincipal->GetOrigin(getter_Copies(origin));
+
+    PRInt32 originlen = origin.Length();
+    if (origin.IsEmpty() || originlen > buflen - 1) {
         return NS_ERROR_FAILURE;
-
-    char* origin=nsnull;
-    codebase->GetOrigin(&origin);
-
-    if (origin) {
-        PRInt32 originlen = (PRInt32) strlen(origin);
-        if (!buf || buflen<=originlen) {
-            if (origin) {
-                nsCRT::free(origin);
-            }
-            return NS_ERROR_FAILURE;
-        }
-
-        // Copy the string into to user supplied buffer. Is there a better
-        // way to do this?
-
-        memcpy(buf,origin,originlen);
-        buf[originlen]=nsnull; // Gotta terminate it.
-        nsCRT::free(origin);
-    } else {
-        *buf = nsnull;
     }
 
+    // Copy the string into to user supplied buffer. Is there a better
+    // way to do this?
+
+    memcpy(buf, origin, originlen);
+    buf[originlen] = nsnull; // Gotta terminate it.
+
     return NS_OK;
 }
 
 NS_METHOD 
 nsCSecurityContext::GetCertificateID(char* buf, int buflen)
 {
-    nsCOMPtr<nsIPrincipal> principal = NULL;
+    nsCOMPtr<nsIPrincipal> principal;
   
     // Get the Script Security Manager.
 
@@ -176,28 +159,22 @@ nsCSecurityContext::GetCertificateID(char* buf, int buflen)
              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
     if (NS_FAILED(rv) || !secMan) return NS_ERROR_FAILURE;
 
-
     secMan->GetSubjectPrincipal(getter_AddRefs(principal));
-    nsCOMPtr<nsICertificatePrincipal> cprincipal = do_QueryInterface(principal);
-    if (!cprincipal) 
+    if (!principal) {
         return NS_ERROR_FAILURE;
-
-    char* certificate = nsnull;
-    cprincipal->GetCertificateID(&certificate);
-
-    if (certificate) {
-        PRInt32 certlen = (PRInt32) strlen(certificate);
-        if( buflen<=certlen ) {
-            nsCRT::free(certificate);
-            return NS_ERROR_FAILURE;
-        }
-        memcpy(buf,certificate,certlen);
-        buf[certlen]=nsnull;
-        nsCRT::free(certificate);
-    } else {
-        *buf = nsnull;
     }
 
+    nsXPIDLCString certificate;
+    principal->GetCertificateID(getter_Copies(certificate));
+
+    PRInt32 certlen = certificate.Length();
+    if (buflen <= certlen) {
+        return NS_ERROR_FAILURE;
+    }
+
+    memcpy(buf, certificate.get(), certlen);
+    buf[certlen] = nsnull;
+
     return NS_OK;
 }
 
diff --git a/modules/oji/src/nsJVMManager.cpp b/modules/oji/src/nsJVMManager.cpp
index a5f8b19d7ef4..9fef2b88cc35 100644
--- a/modules/oji/src/nsJVMManager.cpp
+++ b/modules/oji/src/nsJVMManager.cpp
@@ -68,14 +68,10 @@
 #include "nspr.h"
 #include "plstr.h"
 #include "nsCOMPtr.h"
-//#include "nsJSPrincipals.h"
-//#include "nsSystemPrincipal.h"
-//#include "nsCodebasePrincipal.h"
-#include "nsCertificatePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsISignatureVerifier.h"
 
-//#include "nsScriptSecurityManager.h"
 
 extern "C" int XP_PROGRESS_STARTING_JAVA;
 extern "C" int XP_PROGRESS_STARTING_JAVA_DONE;
@@ -956,7 +952,7 @@ nsJVMManager::IsAllPermissionGranted(
 {
     nsresult rv      = NS_OK;
 
-    nsIPrincipal* pIPrincipal = NULL;
+    nsCOMPtr<nsIPrincipal> pIPrincipal;
   
     // Get the Script Security Manager.
 
@@ -968,18 +964,12 @@ nsJVMManager::IsAllPermissionGranted(
     // The fingerprint is a one way hash of this certificate. It is used
     // as the key to store the principal in the principal database.
 
-    rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal);
+    rv = secMan->GetCertificatePrincipal(lastFP, nsnull,
+                                         getter_AddRefs(pIPrincipal));
     if (NS_FAILED(rv)) return PR_FALSE;
 
-    // Get the nsICertificatePrincipal interface so that we can set the
-    // common name. The common name is a user meaningful string.
-    
-    nsCOMPtr<nsICertificatePrincipal> pICertificate = do_QueryInterface(pIPrincipal, &rv);
-    if (NS_FAILED(rv) || !pICertificate) return PR_FALSE;
-
     // Set the common name.
-
-    rv = pICertificate->SetCommonName(lastCN);
+    rv = pIPrincipal->SetCommonName(lastCN);
 
     PRInt16 ret;
 
diff --git a/netwerk/protocol/jar/src/nsJARChannel.cpp b/netwerk/protocol/jar/src/nsJARChannel.cpp
index e8cefd75f833..e4b123b6dad7 100644
--- a/netwerk/protocol/jar/src/nsJARChannel.cpp
+++ b/netwerk/protocol/jar/src/nsJARChannel.cpp
@@ -22,12 +22,11 @@
 #include "nsMimeTypes.h"
 #include "nsNetUtil.h"
 
-#include "nsScriptSecurityManager.h"
-#include "nsIAggregatePrincipal.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIPrincipal.h"
 #include "nsIFileURL.h"
 #include "nsIJAR.h"
 
-static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
 static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
 
 //-----------------------------------------------------------------------------
@@ -419,24 +418,19 @@ nsJARChannel::GetOwner(nsISupports **result)
     if (NS_FAILED(rv)) return rv;
 
     if (cert) {
-        // Get the codebase principal
+        nsXPIDLCString certID;
+        rv = cert->GetCertificateID(getter_Copies(certID));
+        if (NS_FAILED(rv)) return rv;
+
         nsCOMPtr<nsIScriptSecurityManager> secMan = 
-                 do_GetService(kScriptSecurityManagerCID, &rv);
+                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
         if (NS_FAILED(rv)) return rv;
 
-        nsCOMPtr<nsIPrincipal> codebase;
-        rv = secMan->GetCodebasePrincipal(mJarBaseURI, 
-                                          getter_AddRefs(codebase));
-        if (NS_FAILED(rv)) return rv;
-    
-        // Join the certificate and the codebase
-        nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
+        rv = secMan->GetCertificatePrincipal(certID, mJarBaseURI,
+                                             getter_AddRefs(cert));
         if (NS_FAILED(rv)) return rv;
 
-        rv = agg->SetCodebase(codebase);
-        if (NS_FAILED(rv)) return rv;
-
-        mOwner = do_QueryInterface(agg, &rv);
+        mOwner = do_QueryInterface(cert, &rv);
         if (NS_FAILED(rv)) return rv;
 
         NS_ADDREF(*result = mOwner);
diff --git a/security/manager/ssl/src/nsCrypto.cpp b/security/manager/ssl/src/nsCrypto.cpp
index 770f2be4e974..415f0ca6ec08 100644
--- a/security/manager/ssl/src/nsCrypto.cpp
+++ b/security/manager/ssl/src/nsCrypto.cpp
@@ -47,12 +47,12 @@
 #include "nsIPrompt.h"
 #include "nsIFilePicker.h"
 #include "nsJSPrincipals.h"
-#include "nsScriptSecurityManager.h"
 #include "nsIPrincipal.h"
 #include "nsXPIDLString.h"
 #include "nsIGenKeypairInfoDlg.h"
 #include "nsIDOMCryptoDialogs.h"
 #include "jsapi.h"
+#include "jsdbgapi.h"
 #include <ctype.h>
 #include "nsReadableUtils.h"
 #include "pk11func.h"
@@ -1788,7 +1788,7 @@ nsCryptoRunnable::Run()
   nsNSSShutDownPreventionLock locker;
   JSPrincipals *principals;
 
-  nsresult rv = m_args->m_principals->GetJSPrincipals(&principals);
+  nsresult rv = m_args->m_principals->GetJsPrincipals(&principals);
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
index c09960dbabb8..49b1a7880c3d 100644
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -58,7 +58,7 @@
 #include "nsIWindowWatcher.h"
 #include "nsIPrompt.h"
 #include "nsProxiedService.h"
-#include "nsICertificatePrincipal.h"
+#include "nsIPrincipal.h"
 #include "nsReadableUtils.h"
 #include "nsIDateTimeFormat.h"
 #include "prtypes.h"
@@ -1458,17 +1458,19 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
     rv2 = pCert->GetSha1Fingerprint(fingerprint);
     NS_LossyConvertUCS2toASCII fingerprintStr(fingerprint);
     if (NS_FAILED(rv2)) return rv2;
-    rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), aPrincipal);
-    if (NS_FAILED(rv2) || !*aPrincipal) return rv2;
+    nsCOMPtr<nsIPrincipal> certPrincipal;
+    rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), nsnull,
+                                                          getter_AddRefs(certPrincipal));
+    if (NS_FAILED(rv2) || !certPrincipal) return rv2;
 
-    nsCOMPtr<nsICertificatePrincipal> certPrincipal = do_QueryInterface(*aPrincipal, &rv2);
-    if (NS_FAILED(rv2)) return rv2;
     nsAutoString orgName;
     rv2 = pCert->GetOrganization(orgName);
     if (NS_FAILED(rv2)) return rv2;
     NS_LossyConvertUCS2toASCII  orgNameStr(orgName);
     rv2 = certPrincipal->SetCommonName(orgNameStr.get());
     if (NS_FAILED(rv2)) return rv2;
+
+    *aPrincipal = certPrincipal;
   }
 
   if (p7_info) {
diff --git a/xpinstall/src/CertReader.cpp b/xpinstall/src/CertReader.cpp
index 83722ba96afa..d375a65cd7d0 100644
--- a/xpinstall/src/CertReader.cpp
+++ b/xpinstall/src/CertReader.cpp
@@ -42,6 +42,10 @@
 #include "nsIServiceManager.h"
 #include "nsISignatureVerifier.h"
 #include "nsIInputStream.h"
+#include "nsIPrincipal.h"
+#include "nsIURI.h"
+#include "nsPICertNotification.h"
+
 
 #include "nsNetUtil.h"
 
diff --git a/xpinstall/src/CertReader.h b/xpinstall/src/CertReader.h
index 22e62a750a30..5558282e00ea 100644
--- a/xpinstall/src/CertReader.h
+++ b/xpinstall/src/CertReader.h
@@ -36,11 +36,12 @@
 #include "nsCOMPtr.h"
 #include "nsIStreamListener.h"
 #include "nsString.h"
-#include "nsISignatureVerifier.h"
-#include "nsICertificatePrincipal.h"
-#include "nsIPrincipal.h"
-#include "nsIURI.h"
-#include "nsPICertNotification.h"
+
+class nsISignatureVerifier;
+class nsIPrincipal;
+class nsIURI;
+class nsPICertNotification;
+
 
 class CertReader : public nsIStreamListener
 {
diff --git a/xpinstall/src/nsSoftwareUpdateRun.cpp b/xpinstall/src/nsSoftwareUpdateRun.cpp
index 6d9e42fd83cb..ba46f66dd0b4 100644
--- a/xpinstall/src/nsSoftwareUpdateRun.cpp
+++ b/xpinstall/src/nsSoftwareUpdateRun.cpp
@@ -55,7 +55,6 @@
 
 #include "nsIJAR.h"
 #include "nsIPrincipal.h"
-#include "nsICertificatePrincipal.h"
 
 static NS_DEFINE_CID(kSoftwareUpdateCID,  NS_SoftwareUpdate_CID);
 static NS_DEFINE_CID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
@@ -82,8 +81,9 @@ nsresult VerifySigning(nsIZipReader* hZip, nsIPrincipal* aPrincipal)
     if (!aPrincipal) 
         return NS_OK; // not signed, but not an error
 
-    nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
-    if (!cp) 
+    PRBool hasCert;
+    aPrincipal->GetHasCertificate(&hasCert);
+    if (!hasCert)
         return NS_ERROR_FAILURE;
 
     nsCOMPtr<nsIJAR> jar(do_QueryInterface(hZip));
diff --git a/xpinstall/src/nsXPITriggerInfo.cpp b/xpinstall/src/nsXPITriggerInfo.cpp
index d607731cea8a..0079f6459857 100644
--- a/xpinstall/src/nsXPITriggerInfo.cpp
+++ b/xpinstall/src/nsXPITriggerInfo.cpp
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * The contents of this file are subject to the Netscape Public
  * License Version 1.1 (the "License"); you may not use this file
@@ -27,7 +27,6 @@
 #include "nsDebug.h"
 #include "nsIServiceManager.h"
 #include "nsIEventQueueService.h"
-#include "nsICertificatePrincipal.h"
 
 static NS_DEFINE_IID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
 
@@ -93,15 +92,24 @@ PRBool nsXPITriggerItem::IsRelativeURL()
 void
 nsXPITriggerItem::SetPrincipal(nsIPrincipal* aPrincipal)
 {
-	mPrincipal = aPrincipal;
+    mPrincipal = aPrincipal;
 
-	nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
-	if (cp) {
-		nsXPIDLCString cName;
-		cp->GetCommonName(getter_Copies(cName));
-		mCertName = NS_ConvertUTF8toUCS2(cName);
-	}
+    // aPrincipal can be null for various failure cases.
+    // see bug 213894 for an example.
+    // nsXPInstallManager::OnCertAvailable can be called with a null principal
+    // and it can also force a null principal.
+    if (!aPrincipal)
+        return;
+
+    PRBool hasCert;
+    aPrincipal->GetHasCertificate(&hasCert);
+    if (hasCert) {
+        nsXPIDLCString cName;
+        aPrincipal->GetCommonName(getter_Copies(cName));
+        mCertName = NS_ConvertUTF8toUCS2(cName);
+    }
 }
+
 //
 // nsXPITriggerInfo
 //