зеркало из https://github.com/mozilla/gecko-dev.git
Re-land patch for bug 83536, merging principal objects.
Also includes fixes from bug 216041. r=bzbarsky sr=jst
This commit is contained in:
Родитель
95401a7d95
Коммит
66caced69a
|
@ -32,9 +32,6 @@ GRE_MODULE = 1
|
|||
XPIDLSRCS = \
|
||||
nsIScriptSecurityManager.idl \
|
||||
nsIPrincipal.idl \
|
||||
nsICodebasePrincipal.idl \
|
||||
nsICertificatePrincipal.idl \
|
||||
nsIAggregatePrincipal.idl \
|
||||
nsISignatureVerifier.idl \
|
||||
nsISecurityCheckedComponent.idl \
|
||||
$(NULL)
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* Defines an interface for aggregate principals. */
|
||||
|
||||
%{C++
|
||||
#define NS_AGGREGATEPRINCIPAL_CONTRACTID "@mozilla.org/aggregateprincipal;1"
|
||||
#define NS_AGGREGATEPRINCIPAL_CLASSNAME "aggregateprincipal"
|
||||
%}
|
||||
|
||||
#include "nsIPrincipal.idl"
|
||||
|
||||
[uuid(1c30a682-1dd2-11b2-ba9b-86a86f300cbc)]
|
||||
interface nsIAggregatePrincipal : nsISupports {
|
||||
|
||||
attribute nsIPrincipal certificate;
|
||||
attribute nsIPrincipal codebase;
|
||||
attribute boolean domainChanged;
|
||||
readonly attribute nsIPrincipal originalCodebase;
|
||||
readonly attribute nsIPrincipal primaryChild;
|
||||
|
||||
void intersect(in nsIPrincipal other);
|
||||
|
||||
attribute voidPtr cachedSecurityPolicy;
|
||||
};
|
|
@ -1,53 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitchell Stoltz <mstoltz@netscape.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* Defines an interface for certificate principals. */
|
||||
#include "nsIPrincipal.idl"
|
||||
#include "nsIZipReader.idl"
|
||||
|
||||
%{C++
|
||||
#define NS_CERTIFICATEPRINCIPAL_CONTRACTID "@mozilla.org/certificateprincipal;1"
|
||||
#define NS_CERTIFICATEPRINCIPAL_CLASSNAME "certificateprincipal"
|
||||
%}
|
||||
|
||||
[uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
|
||||
interface nsICertificatePrincipal : nsISupports {
|
||||
|
||||
readonly attribute string certificateID;
|
||||
attribute string commonName;
|
||||
};
|
|
@ -1,56 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* Defines an interface for codebase principals. */
|
||||
#include "nsIPrincipal.idl"
|
||||
interface nsIURI;
|
||||
|
||||
%{C++
|
||||
#define NS_CODEBASEPRINCIPAL_CONTRACTID "@mozilla.org/codebaseprincipal;1"
|
||||
#define NS_CODEBASEPRINCIPAL_CLASSNAME "codebaseprincipal"
|
||||
%}
|
||||
|
||||
[uuid(829fe440-25e1-11d2-8160-006008119d7a)]
|
||||
interface nsICodebasePrincipal : nsISupports {
|
||||
|
||||
readonly attribute nsIURI URI;
|
||||
|
||||
readonly attribute string origin;
|
||||
|
||||
readonly attribute string spec;
|
||||
};
|
||||
|
|
@ -16,10 +16,12 @@
|
|||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2003
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitchell Stoltz <mstoltz@netscape.com>
|
||||
* Christopher A. Aillon <christopher@aillon.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
|
@ -44,41 +46,108 @@
|
|||
struct JSPrincipals;
|
||||
%}
|
||||
|
||||
interface nsIURI;
|
||||
|
||||
[ptr] native JSPrincipals(JSPrincipals);
|
||||
|
||||
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
|
||||
interface nsIPrincipal : nsISerializable
|
||||
{
|
||||
// Values of capabilities for each principal. Order is
|
||||
// significant: if an operation is performed on a set
|
||||
// of capabilities, the minimum is computed.
|
||||
/**
|
||||
* Values of capabilities for each principal. Order is
|
||||
* significant: if an operation is performed on a set
|
||||
* of capabilities, the minimum is computed.
|
||||
*/
|
||||
const short ENABLE_DENIED = 1;
|
||||
const short ENABLE_UNKNOWN = 2;
|
||||
const short ENABLE_WITH_USER_PERMISSION = 3;
|
||||
const short ENABLE_GRANTED = 4;
|
||||
|
||||
string ToString();
|
||||
|
||||
string ToUserVisibleString();
|
||||
|
||||
void GetPreferences(out string prefName, out string id,
|
||||
/**
|
||||
* Returns the security preferences associated with this principal.
|
||||
* prefBranch will be set to the pref branch to which these preferences
|
||||
* pertain. id is a pseudo-unique identifier, pertaining to either the
|
||||
* certificateID or the origin. grantedList and deniedList are
|
||||
* space-separated lists of capabilities which were explicitly granted
|
||||
* or denied by a pref.
|
||||
*/
|
||||
void getPreferences(out string prefBranch, out string id,
|
||||
out string grantedList, out string deniedList);
|
||||
|
||||
boolean Equals(in nsIPrincipal other);
|
||||
/**
|
||||
* Returns whether the other principal is equivalent to this principal.
|
||||
* Principals are considered equal if they are the same principal,
|
||||
* they have the same origin, or have the same certificate ID
|
||||
*/
|
||||
boolean equals(in nsIPrincipal other);
|
||||
|
||||
unsigned long HashValue();
|
||||
/**
|
||||
* Returns a hash value for the principal.
|
||||
*/
|
||||
readonly attribute unsigned long hashValue;
|
||||
|
||||
JSPrincipals GetJSPrincipals();
|
||||
/**
|
||||
* Returns the JS equivalent of the principal.
|
||||
* @see JSPrincipals.h
|
||||
*/
|
||||
readonly attribute JSPrincipals jsPrincipals;
|
||||
|
||||
short CanEnableCapability(in string capability);
|
||||
/**
|
||||
* The domain security policy of the principal.
|
||||
*/
|
||||
// XXXcaa should this be here? The script security manager is the only
|
||||
// thing that should care about this. Wouldn't storing this data in one
|
||||
// of the hashtables in nsScriptSecurityManager be better?
|
||||
attribute voidPtr securityPolicy;
|
||||
|
||||
void SetCanEnableCapability(in string capability, in short canEnable);
|
||||
// XXXcaa probably should be turned into {get|set}CapabilityFlags
|
||||
short canEnableCapability(in string capability);
|
||||
void setCanEnableCapability(in string capability, in short canEnable);
|
||||
boolean isCapabilityEnabled(in string capability, in voidPtr annotation);
|
||||
void enableCapability(in string capability, inout voidPtr annotation);
|
||||
void revertCapability(in string capability, inout voidPtr annotation);
|
||||
void disableCapability(in string capability, inout voidPtr annotation);
|
||||
|
||||
boolean IsCapabilityEnabled(in string capability, in voidPtr annotation);
|
||||
/**
|
||||
* The codebase URI to which this principal pertains. This is
|
||||
* generally the document URI.
|
||||
*/
|
||||
readonly attribute nsIURI URI;
|
||||
|
||||
void EnableCapability(in string capability, inout voidPtr annotation);
|
||||
/**
|
||||
* The domain URI to which this principal pertains.
|
||||
* This is congruent with HTMLDocument.domain, and may be null.
|
||||
* Setting this has no effect on the URI.
|
||||
*/
|
||||
attribute nsIURI domain;
|
||||
|
||||
void RevertCapability(in string capability, inout voidPtr annotation);
|
||||
/**
|
||||
* The origin of this principal's domain, if non-null, or its
|
||||
* codebase URI otherwise. An origin is defined as:
|
||||
* scheme + host + port.
|
||||
*/
|
||||
// XXXcaa this should probably be turned into an nsIURI.
|
||||
// The system principal's origin should be some caps namespace
|
||||
// with a chrome URI. All of chrome should probably be the same.
|
||||
readonly attribute string origin;
|
||||
|
||||
void DisableCapability(in string capability, inout voidPtr annotation);
|
||||
/**
|
||||
* Whether this principal is associated with a certificate.
|
||||
*/
|
||||
readonly attribute boolean hasCertificate;
|
||||
|
||||
/**
|
||||
* The fingerprint ID of this principal's certificate.
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
// XXXcaa kaie says this may not be unique. We should probably
|
||||
// consider using something else for this....
|
||||
readonly attribute string certificateID;
|
||||
|
||||
/**
|
||||
* The common name for the certificate.
|
||||
* This pertains to the certificate authority organization.
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
attribute string commonName;
|
||||
};
|
||||
|
|
|
@ -134,23 +134,22 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
|||
* executing script. Will return null if there is no script
|
||||
* currently executing.
|
||||
*/
|
||||
nsIPrincipal getSubjectPrincipal();
|
||||
[noscript] nsIPrincipal getSubjectPrincipal();
|
||||
|
||||
/**
|
||||
* Return the all-powerful system principal.
|
||||
*/
|
||||
nsIPrincipal getSystemPrincipal();
|
||||
[noscript] nsIPrincipal getSystemPrincipal();
|
||||
|
||||
/**
|
||||
* Return a principal that can be QI'd to nsICertificatePrincipal.
|
||||
* Return a principal with the specified certificate ID and codebase URI.
|
||||
*/
|
||||
nsIPrincipal getCertificatePrincipal(in string CertID);
|
||||
[noscript] nsIPrincipal getCertificatePrincipal(in string CertID, in nsIURI aURI);
|
||||
|
||||
/**
|
||||
* Return a principal that can be QI'd to nsICodebasePrincipal and
|
||||
* has the same origin as aURI.
|
||||
* Return a principal that has the same origin as aURI.
|
||||
*/
|
||||
nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
|
||||
[noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
|
||||
|
||||
///////////////// Capabilities API /////////////////////
|
||||
/**
|
||||
|
@ -159,13 +158,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
|||
* necessary. Returns nsIPrincipal::ENABLE_GRANTED or
|
||||
* nsIPrincipal::ENABLE_DENIED based on user's choice.
|
||||
*/
|
||||
void requestCapability(in nsIPrincipal principal, in string capability,
|
||||
out short result);
|
||||
[noscript] short requestCapability(in nsIPrincipal principal,
|
||||
in string capability);
|
||||
|
||||
/**
|
||||
* Return true if the currently executing script has 'capability' enabled.
|
||||
*/
|
||||
boolean IsCapabilityEnabled(in string capability);
|
||||
boolean isCapabilityEnabled(in string capability);
|
||||
|
||||
/**
|
||||
* Enable 'capability' in the innermost frame of the currently executing
|
||||
|
|
|
@ -29,14 +29,8 @@ include $(DEPTH)/config/autoconf.mk
|
|||
MODULE = caps
|
||||
|
||||
EXPORTS = \
|
||||
nsBasePrincipal.h \
|
||||
nsSystemPrincipal.h \
|
||||
nsCertificatePrincipal.h \
|
||||
nsCodebasePrincipal.h \
|
||||
nsAggregatePrincipal.h \
|
||||
nsJSPrincipals.h \
|
||||
nsScriptSecurityManager.h \
|
||||
$(NULL)
|
||||
nsJSPrincipals.h \
|
||||
$(NULL)
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
|
|
|
@ -1,116 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* describes aggregate principals which combine the
|
||||
behavior of one or more other principals */
|
||||
|
||||
#ifndef _NS_AGGREGATE_PRINCIPAL_H_
|
||||
#define _NS_AGGREGATE_PRINCIPAL_H_
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsBasePrincipal.h"
|
||||
#include "nsCOMPtr.h"
|
||||
|
||||
#define NS_AGGREGATEPRINCIPAL_CID \
|
||||
{ 0x867cf414, 0x1dd2, 0x11b2, \
|
||||
{ 0x82, 0x66, 0xca, 0x64, 0x3b, 0xbc, 0x35, 0x64 }}
|
||||
|
||||
/* 867cf414-1dd2-11b2-8266-ca643bbc3564 */
|
||||
class nsAggregatePrincipal : public nsIAggregatePrincipal,
|
||||
public nsICertificatePrincipal,
|
||||
public nsICodebasePrincipal,
|
||||
public nsBasePrincipal
|
||||
{
|
||||
public:
|
||||
|
||||
NS_DEFINE_STATIC_CID_ACCESSOR(NS_AGGREGATEPRINCIPAL_CID)
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
NS_DECL_NSIAGGREGATEPRINCIPAL
|
||||
NS_DECL_NSICERTIFICATEPRINCIPAL
|
||||
NS_DECL_NSICODEBASEPRINCIPAL
|
||||
|
||||
NS_IMETHOD
|
||||
ToString(char **result);
|
||||
|
||||
NS_IMETHOD
|
||||
ToUserVisibleString(char **result);
|
||||
|
||||
NS_IMETHOD
|
||||
Equals(nsIPrincipal *other, PRBool *result);
|
||||
|
||||
NS_IMETHOD
|
||||
HashValue(PRUint32 *result);
|
||||
|
||||
NS_IMETHOD
|
||||
CanEnableCapability(const char *capability, PRInt16 *result);
|
||||
|
||||
NS_IMETHOD
|
||||
SetCanEnableCapability(const char *capability, PRInt16 canEnable);
|
||||
|
||||
NS_IMETHOD
|
||||
IsCapabilityEnabled(const char *capability, void *annotation,
|
||||
PRBool *result);
|
||||
|
||||
NS_IMETHOD
|
||||
EnableCapability(const char *capability, void **annotation);
|
||||
|
||||
NS_IMETHOD
|
||||
RevertCapability(const char *capability, void **annotation);
|
||||
|
||||
NS_IMETHOD
|
||||
DisableCapability(const char *capability, void **annotation);
|
||||
|
||||
NS_IMETHOD
|
||||
GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList);
|
||||
|
||||
nsAggregatePrincipal();
|
||||
|
||||
virtual ~nsAggregatePrincipal(void);
|
||||
|
||||
protected:
|
||||
nsCOMPtr<nsIPrincipal> mCertificate;
|
||||
nsCOMPtr<nsIPrincipal> mCodebase;
|
||||
nsCOMPtr<nsIPrincipal> mOriginalCodebase;
|
||||
void* mCachedSecurityPolicy;
|
||||
PRPackedBool mDomainChanged;
|
||||
};
|
||||
|
||||
#endif // _NS_AGGREGATE_PRINCIPAL_H_
|
|
@ -1,122 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.0 (the "NPL"); you may not use this file except in
|
||||
* compliance with the NPL. You may obtain a copy of the NPL at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the NPL is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
|
||||
* for the specific language governing rights and limitations under the
|
||||
* NPL.
|
||||
*
|
||||
* The Initial Developer of this code under the NPL is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 1999-2000 Netscape Communications Corporation. All Rights
|
||||
* Reserved.
|
||||
*
|
||||
* Contributors:
|
||||
* Norris Boyd
|
||||
*/
|
||||
|
||||
/* Shared implementation code for principals. */
|
||||
|
||||
#ifndef _NS_BASE_PRINCIPAL_H_
|
||||
#define _NS_BASE_PRINCIPAL_H_
|
||||
|
||||
#include "jsapi.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "nsVoidArray.h"
|
||||
#include "nsHashtable.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
#include "nsIObjectOutputStream.h"
|
||||
|
||||
class nsBasePrincipal: public nsIPrincipal {
|
||||
public:
|
||||
|
||||
nsBasePrincipal();
|
||||
|
||||
virtual ~nsBasePrincipal(void);
|
||||
|
||||
NS_IMETHOD
|
||||
GetJSPrincipals(JSPrincipals **jsprin);
|
||||
|
||||
NS_IMETHOD
|
||||
CanEnableCapability(const char *capability, PRInt16 *result);
|
||||
|
||||
NS_IMETHOD
|
||||
SetCanEnableCapability(const char *capability, PRInt16 canEnable);
|
||||
|
||||
NS_IMETHOD
|
||||
IsCapabilityEnabled(const char *capability, void *annotation,
|
||||
PRBool *result);
|
||||
|
||||
NS_IMETHOD
|
||||
EnableCapability(const char *capability, void **annotation);
|
||||
|
||||
NS_IMETHOD
|
||||
RevertCapability(const char *capability, void **annotation);
|
||||
|
||||
NS_IMETHOD
|
||||
DisableCapability(const char *capability, void **annotation);
|
||||
|
||||
NS_IMETHOD
|
||||
GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList);
|
||||
|
||||
nsresult
|
||||
InitFromPersistent(const char* aPrefName,const char* aID,
|
||||
const char* aGrantedList, const char* aDeniedList);
|
||||
|
||||
NS_IMETHOD
|
||||
Read(nsIObjectInputStream* aStream);
|
||||
|
||||
NS_IMETHOD
|
||||
Write(nsIObjectOutputStream* aStream);
|
||||
|
||||
static const char Invalid[];
|
||||
|
||||
protected:
|
||||
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
|
||||
|
||||
NS_IMETHOD
|
||||
SetCapability(const char *capability, void **annotation,
|
||||
AnnotationValue value);
|
||||
|
||||
nsJSPrincipals mJSPrincipals;
|
||||
nsVoidArray mAnnotations;
|
||||
nsHashtable *mCapabilities;
|
||||
nsCString mPrefName;
|
||||
static int mCapabilitiesOrdinal;
|
||||
};
|
||||
|
||||
// special AddRef/Release to unify reference counts between XPCOM
|
||||
// and JSPrincipals
|
||||
|
||||
#define NSBASEPRINCIPALS_ADDREF(className) \
|
||||
NS_IMETHODIMP_(nsrefcnt) \
|
||||
className::AddRef(void) \
|
||||
{ \
|
||||
NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt"); \
|
||||
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");\
|
||||
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);\
|
||||
NS_LOG_ADDREF(this, count, #className, sizeof(*this)); \
|
||||
return count; \
|
||||
}
|
||||
|
||||
#define NSBASEPRINCIPALS_RELEASE(className) \
|
||||
NS_IMETHODIMP_(nsrefcnt) \
|
||||
className::Release(void) \
|
||||
{ \
|
||||
NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt"); \
|
||||
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release"); \
|
||||
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);\
|
||||
NS_LOG_RELEASE(this, count, #className); \
|
||||
if (count == 0) { \
|
||||
NS_DELETEXPCOM(this); \
|
||||
return 0; \
|
||||
} \
|
||||
return count; \
|
||||
}
|
||||
|
||||
#endif // _NS_BASE_PRINCIPAL_H_
|
|
@ -1,89 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* describes principals for use with signed scripts */
|
||||
|
||||
#ifndef _NS_CERTIFICATE_PRINCIPAL_H_
|
||||
#define _NS_CERTIFICATE_PRINCIPAL_H_
|
||||
#include "jsapi.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsBasePrincipal.h"
|
||||
|
||||
class nsIURI;
|
||||
|
||||
#define NS_CERTIFICATEPRINCIPAL_CID \
|
||||
{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
|
||||
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
|
||||
|
||||
class nsCertificatePrincipal : public nsICertificatePrincipal, public nsBasePrincipal
|
||||
{
|
||||
public:
|
||||
|
||||
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPAL_CID)
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
NS_DECL_NSICERTIFICATEPRINCIPAL
|
||||
|
||||
NS_IMETHOD ToString(char **result);
|
||||
|
||||
NS_IMETHOD ToUserVisibleString(char **result);
|
||||
|
||||
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList);
|
||||
|
||||
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
|
||||
|
||||
NS_IMETHOD HashValue(PRUint32 *result);
|
||||
|
||||
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
|
||||
|
||||
NS_IMETHOD Init(const char* aCertificateID);
|
||||
|
||||
nsresult InitFromPersistent(const char* aPrefName, const char* aID,
|
||||
const char* aGrantedList, const char* aDeniedList);
|
||||
|
||||
nsCertificatePrincipal();
|
||||
|
||||
virtual ~nsCertificatePrincipal(void);
|
||||
|
||||
protected:
|
||||
nsCString mCertificateID;
|
||||
nsCString mCommonName;
|
||||
};
|
||||
|
||||
#endif // _NS_CERTIFICATE_PRINCIPAL_H_
|
|
@ -1,93 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* describes principals by their orginating URIs */
|
||||
|
||||
#ifndef _NS_CODEBASE_PRINCIPAL_H_
|
||||
#define _NS_CODEBASE_PRINCIPAL_H_
|
||||
|
||||
#include "jsapi.h"
|
||||
#include "nsBasePrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsCOMPtr.h"
|
||||
|
||||
#define NS_CODEBASEPRINCIPAL_CID \
|
||||
{ 0x7ee2a400, 0x0b91, 0xaad3, \
|
||||
{ 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
|
||||
|
||||
class nsCodebasePrincipal : public nsBasePrincipal, public nsICodebasePrincipal {
|
||||
public:
|
||||
|
||||
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
|
||||
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
NS_DECL_NSICODEBASEPRINCIPAL
|
||||
|
||||
NS_IMETHOD ToString(char **result);
|
||||
|
||||
NS_IMETHOD ToUserVisibleString(char **result);
|
||||
|
||||
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList);
|
||||
|
||||
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
|
||||
|
||||
NS_IMETHOD HashValue(PRUint32 *result);
|
||||
|
||||
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
|
||||
|
||||
nsCodebasePrincipal();
|
||||
|
||||
nsresult
|
||||
Init(nsIURI *uri);
|
||||
|
||||
nsresult
|
||||
InitFromPersistent(const char* aPrefName, const char* aID,
|
||||
const char* aGrantedList, const char* aDeniedList,
|
||||
PRBool aTrusted);
|
||||
|
||||
virtual ~nsCodebasePrincipal(void);
|
||||
|
||||
protected:
|
||||
nsCOMPtr<nsIURI> mURI;
|
||||
PRBool mTrusted;
|
||||
};
|
||||
|
||||
#endif // _NS_CODEBASE_PRINCIPAL_H_
|
|
@ -1,4 +1,4 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
|
@ -36,19 +36,20 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* describes principals by their orginating uris*/
|
||||
#ifndef _NS_JSPRINCIPALS_H_
|
||||
#define _NS_JSPRINCIPALS_H_
|
||||
|
||||
#ifndef nsJSPrincipals_h__
|
||||
#define nsJSPrincipals_h__
|
||||
#include "jsapi.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
struct nsJSPrincipals : JSPrincipals {
|
||||
struct nsJSPrincipals : JSPrincipals
|
||||
{
|
||||
static nsresult Startup();
|
||||
nsJSPrincipals();
|
||||
nsresult Init(char *prin);
|
||||
nsresult Init(nsIPrincipal* aPrincipal, const char *aCodebase);
|
||||
~nsJSPrincipals(void);
|
||||
|
||||
nsIPrincipal *nsIPrincipalPtr;
|
||||
nsIPrincipal *nsIPrincipalPtr; // [WEAK] it owns us.
|
||||
};
|
||||
|
||||
#endif /* _NS_JSPRINCIPALS_H_ */
|
||||
|
||||
#endif /* nsJSPrincipals_h__ */
|
||||
|
|
|
@ -52,7 +52,6 @@ class nsPrincipal : public nsIPrincipal
|
|||
{
|
||||
public:
|
||||
nsPrincipal();
|
||||
nsPrincipal(nsIURI *aURI);
|
||||
|
||||
protected:
|
||||
virtual ~nsPrincipal();
|
||||
|
@ -61,23 +60,24 @@ public:
|
|||
// Our refcount is managed by mJSPrincipals. Use this macro to avoid
|
||||
// an extra refcount member.
|
||||
NS_DECL_ISUPPORTS_INHERITED
|
||||
protected:
|
||||
// XXXcaa Probably unnecessary. See bug 143559.
|
||||
NS_DECL_OWNINGTHREAD
|
||||
public:
|
||||
|
||||
NS_DECL_NSIPRINCIPAL
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
|
||||
// Either Init() or InitFromPersistent() must be called before
|
||||
// the principal is in a usable state.
|
||||
nsresult Init(const char *aCertID, nsIURI *aCodebase);
|
||||
nsresult InitFromPersistent(const char* aPrefName,
|
||||
const char* aToken,
|
||||
const char* aGrantedList,
|
||||
const char* aDeniedList,
|
||||
PRBool aIsCert = PR_FALSE,
|
||||
PRBool aTrusted = PR_FALSE);
|
||||
PRBool aIsCert,
|
||||
PRBool aTrusted);
|
||||
|
||||
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
|
||||
|
||||
void SetURI(nsIURI *aURI);
|
||||
nsresult SetCapability(const char *capability, void **annotation,
|
||||
AnnotationValue value);
|
||||
|
||||
|
@ -104,6 +104,8 @@ protected:
|
|||
nsCString commonName;
|
||||
};
|
||||
|
||||
nsresult SetCertificate(const char* aCertID, const char* aName);
|
||||
|
||||
// Keep this is a pointer, even though it may slightly increase the
|
||||
// cost of keeping a certificate, this is a good tradeoff though since
|
||||
// it is very rare that we actually have a certificate.
|
||||
|
@ -113,8 +115,8 @@ protected:
|
|||
|
||||
nsCOMPtr<nsIURI> mCodebase;
|
||||
nsCOMPtr<nsIURI> mDomain;
|
||||
PRUint8 mType;
|
||||
PRPackedBool mTrusted;
|
||||
PRPackedBool mInitialized;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
* Contributor(s):
|
||||
* Norris Boyd <nboyd@atg.com>
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
* Christopher A. Aillon <christopher@aillon.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
|
@ -37,14 +38,15 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_
|
||||
#define _NS_SCRIPT_SECURITY_MANAGER_H_
|
||||
#ifndef nsScriptSecurityManager_h__
|
||||
#define nsScriptSecurityManager_h__
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "jsapi.h"
|
||||
#include "jsdbgapi.h"
|
||||
#include "nsIXPCSecurityManager.h"
|
||||
#include "nsInterfaceHashtable.h"
|
||||
#include "nsHashtable.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIPrefService.h"
|
||||
|
@ -57,44 +59,86 @@
|
|||
class nsIDocShell;
|
||||
class nsString;
|
||||
class nsIClassInfo;
|
||||
class nsIIOService;
|
||||
class nsIXPConnect;
|
||||
class nsIStringBundle;
|
||||
class nsSystemPrincipal;
|
||||
struct ClassPolicy;
|
||||
|
||||
#if defined(DEBUG_mstoltz) || defined(DEBUG_caillon)
|
||||
#define DEBUG_CAPS_HACKER
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_CAPS_HACKER
|
||||
#define DEBUG_CAPS_CheckPropertyAccessImpl
|
||||
#define DEBUG_CAPS_LookupPolicy
|
||||
#define DEBUG_CAPS_CheckComponentPermissions
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#define DEBUG_CAPS_CanCreateWrapper
|
||||
#define DEBUG_CAPS_CanCreateInstance
|
||||
#define DEBUG_CAPS_CanGetService
|
||||
#endif
|
||||
|
||||
/////////////////////
|
||||
// nsIPrincipalKey //
|
||||
// PrincipalKey //
|
||||
/////////////////////
|
||||
|
||||
class nsIPrincipalKey : public nsHashKey
|
||||
class PrincipalKey : public PLDHashEntryHdr
|
||||
{
|
||||
public:
|
||||
nsIPrincipalKey(nsIPrincipal* key) {
|
||||
mKey = key;
|
||||
NS_IF_ADDREF(mKey);
|
||||
typedef const nsIPrincipal* KeyType;
|
||||
typedef const nsIPrincipal* KeyTypePointer;
|
||||
|
||||
PrincipalKey(const nsIPrincipal* key)
|
||||
: mKey(NS_CONST_CAST(nsIPrincipal*, key))
|
||||
{
|
||||
}
|
||||
|
||||
~nsIPrincipalKey(void) {
|
||||
NS_IF_RELEASE(mKey);
|
||||
PrincipalKey(const PrincipalKey& toCopy)
|
||||
: mKey(toCopy.mKey)
|
||||
{
|
||||
}
|
||||
|
||||
PRUint32 HashCode(void) const {
|
||||
PRUint32 hash;
|
||||
mKey->HashValue(&hash);
|
||||
return hash;
|
||||
~PrincipalKey()
|
||||
{
|
||||
}
|
||||
|
||||
PRBool Equals(const nsHashKey* aKey) const {
|
||||
KeyType GetKey() const
|
||||
{
|
||||
return mKey;
|
||||
}
|
||||
|
||||
KeyTypePointer GetKeyPointer() const
|
||||
{
|
||||
return mKey;
|
||||
}
|
||||
|
||||
PRBool KeyEquals(KeyTypePointer aKey) const
|
||||
{
|
||||
PRBool eq;
|
||||
mKey->Equals(((nsIPrincipalKey*) aKey)->mKey, &eq);
|
||||
mKey->Equals(NS_CONST_CAST(nsIPrincipal*, aKey),
|
||||
&eq);
|
||||
return eq;
|
||||
}
|
||||
|
||||
nsHashKey *Clone(void) const {
|
||||
return new nsIPrincipalKey(mKey);
|
||||
static KeyTypePointer KeyToPointer(KeyType aKey)
|
||||
{
|
||||
return aKey;
|
||||
}
|
||||
|
||||
protected:
|
||||
nsIPrincipal* mKey;
|
||||
static PLDHashNumber HashKey(KeyTypePointer aKey)
|
||||
{
|
||||
PRUint32 hash;
|
||||
NS_CONST_CAST(nsIPrincipal*, aKey)->GetHashValue(&hash);
|
||||
return PLDHashNumber(hash);
|
||||
}
|
||||
|
||||
enum { ALLOW_MEMMOVE = PR_TRUE };
|
||||
|
||||
private:
|
||||
nsCOMPtr<nsIPrincipal> mKey;
|
||||
};
|
||||
|
||||
////////////////////
|
||||
|
@ -214,9 +258,12 @@ class DomainPolicy : public PLDHashTable
|
|||
public:
|
||||
DomainPolicy() : mWildcardPolicy(nsnull),
|
||||
mRefCount(0)
|
||||
|
||||
{
|
||||
static PLDHashTableOps domainPolicyOps =
|
||||
}
|
||||
|
||||
PRBool Init()
|
||||
{
|
||||
static const PLDHashTableOps domainPolicyOps =
|
||||
{
|
||||
PL_DHashAllocTable,
|
||||
PL_DHashFreeTable,
|
||||
|
@ -229,8 +276,8 @@ public:
|
|||
InitClassPolicyEntry
|
||||
};
|
||||
|
||||
PL_DHashTableInit(this, &domainPolicyOps, nsnull,
|
||||
sizeof(ClassPolicy), 16);
|
||||
return PL_DHashTableInit(this, &domainPolicyOps, nsnull,
|
||||
sizeof(ClassPolicy), 16);
|
||||
}
|
||||
|
||||
~DomainPolicy()
|
||||
|
@ -394,7 +441,7 @@ private:
|
|||
nsresult
|
||||
CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
|
||||
#endif
|
||||
#ifdef DEBUG_mstoltz
|
||||
#ifdef DEBUG_CAPS_HACKER
|
||||
void
|
||||
PrintPolicyDB();
|
||||
#endif
|
||||
|
@ -405,8 +452,8 @@ private:
|
|||
inline void
|
||||
JSEnabledPrefChanged(nsISecurityPref* aSecurityPref);
|
||||
|
||||
static const char* sJSEnabledPrefName;
|
||||
static const char* sJSMailEnabledPrefName;
|
||||
static const char sJSEnabledPrefName[];
|
||||
static const char sJSMailEnabledPrefName[];
|
||||
|
||||
nsObjectHashtable* mOriginToPolicyMap;
|
||||
DomainPolicy* mDefaultPolicy;
|
||||
|
@ -414,20 +461,22 @@ private:
|
|||
|
||||
nsCOMPtr<nsIPrefBranch> mPrefBranch;
|
||||
nsCOMPtr<nsISecurityPref> mSecurityPref;
|
||||
nsIPrincipal* mSystemPrincipal;
|
||||
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
|
||||
nsCOMPtr<nsIPrincipal> mSystemCertificate;
|
||||
nsSupportsHashtable* mPrincipals;
|
||||
PRBool mIsJavaScriptEnabled;
|
||||
PRBool mIsMailJavaScriptEnabled;
|
||||
PRBool mIsWritingPrefs;
|
||||
nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
|
||||
nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
|
||||
PRBool mNameSetRegistered;
|
||||
PRBool mPolicyPrefsChanged;
|
||||
PRPackedBool mIsJavaScriptEnabled;
|
||||
PRPackedBool mIsMailJavaScriptEnabled;
|
||||
PRPackedBool mIsWritingPrefs;
|
||||
PRPackedBool mPolicyPrefsChanged;
|
||||
#ifdef XPC_IDISPATCH_SUPPORT
|
||||
PRBool mXPCDefaultGrantAll;
|
||||
static const char* sXPCDefaultGrantAllName;
|
||||
PRPackedBool mXPCDefaultGrantAll;
|
||||
static const char sXPCDefaultGrantAllName[];
|
||||
#endif
|
||||
|
||||
static nsIIOService *sIOService;
|
||||
static nsIXPConnect *sXPConnect;
|
||||
static nsIStringBundle *sStrBundle;
|
||||
};
|
||||
#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/
|
||||
|
||||
#endif // nsScriptSecurityManager_h__
|
||||
|
|
|
@ -38,10 +38,11 @@
|
|||
|
||||
/* The privileged system principal. */
|
||||
|
||||
#ifndef _NS_SYSTEM_PRINCIPAL_H_
|
||||
#define _NS_SYSTEM_PRINCIPAL_H_
|
||||
#ifndef nsSystemPrincipal_h__
|
||||
#define nsSystemPrincipal_h__
|
||||
|
||||
#include "nsBasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
|
||||
#define NS_SYSTEMPRINCIPAL_CLASSNAME "systemprincipal"
|
||||
#define NS_SYSTEMPRINCIPAL_CID \
|
||||
|
@ -50,42 +51,23 @@
|
|||
#define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1"
|
||||
|
||||
|
||||
class nsSystemPrincipal : public nsBasePrincipal {
|
||||
class nsSystemPrincipal : public nsIPrincipal
|
||||
{
|
||||
public:
|
||||
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_ISUPPORTS_INHERITED
|
||||
NS_DECL_NSIPRINCIPAL
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
|
||||
NS_IMETHOD ToString(char **result);
|
||||
|
||||
NS_IMETHOD ToUserVisibleString(char **result);
|
||||
|
||||
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
|
||||
|
||||
NS_IMETHOD HashValue(PRUint32 *result);
|
||||
|
||||
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
|
||||
|
||||
NS_IMETHOD SetCanEnableCapability(const char *capability,
|
||||
PRInt16 canEnable);
|
||||
|
||||
NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation,
|
||||
PRBool *result);
|
||||
|
||||
NS_IMETHOD EnableCapability(const char *capability, void * *annotation);
|
||||
|
||||
NS_IMETHOD RevertCapability(const char *capability, void * *annotation);
|
||||
|
||||
NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
|
||||
|
||||
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList);
|
||||
|
||||
NS_IMETHOD Init();
|
||||
nsresult Init();
|
||||
|
||||
nsSystemPrincipal();
|
||||
|
||||
protected:
|
||||
virtual ~nsSystemPrincipal(void);
|
||||
|
||||
nsJSPrincipals mJSPrincipals;
|
||||
// XXX Probably unnecessary. See bug 143559.
|
||||
NS_DECL_OWNINGTHREAD
|
||||
};
|
||||
|
||||
#endif // _NS_SYSTEM_PRINCIPAL_H_
|
||||
#endif // nsSystemPrincipal_h__
|
||||
|
|
|
@ -50,11 +50,8 @@ REQUIRES = xpcom \
|
|||
$(NULL)
|
||||
|
||||
CPPSRCS = \
|
||||
nsBasePrincipal.cpp \
|
||||
nsPrincipal.cpp \
|
||||
nsSystemPrincipal.cpp \
|
||||
nsCertificatePrincipal.cpp \
|
||||
nsCodebasePrincipal.cpp \
|
||||
nsAggregatePrincipal.cpp \
|
||||
nsJSPrincipals.cpp \
|
||||
nsScriptSecurityManager.cpp \
|
||||
nsSecurityManagerFactory.cpp \
|
||||
|
|
|
@ -1,479 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*describes principals which combine one or more principals*/
|
||||
#include "nsAggregatePrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
|
||||
static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID);
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE5_CI(nsAggregatePrincipal, nsIAggregatePrincipal,
|
||||
nsICertificatePrincipal, nsICodebasePrincipal,
|
||||
nsIPrincipal, nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER5(nsAggregatePrincipal, nsIAggregatePrincipal,
|
||||
nsICertificatePrincipal, nsICodebasePrincipal,
|
||||
nsIPrincipal, nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal)
|
||||
NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal)
|
||||
|
||||
//////////////////////////////////////////////////
|
||||
// Methods implementing nsICertificatePrincipal //
|
||||
//////////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCertificateID(char** aCertificateID)
|
||||
{
|
||||
if (!mCertificate)
|
||||
{
|
||||
*aCertificateID = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
|
||||
return certificate->GetCertificateID(aCertificateID);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCommonName(char** aCommonName)
|
||||
{
|
||||
if (!mCertificate)
|
||||
{
|
||||
*aCommonName = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
|
||||
return certificate->GetCommonName(aCommonName);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCommonName(const char* aCommonName)
|
||||
{
|
||||
if (!mCertificate)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
|
||||
return certificate->SetCommonName(aCommonName);
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////
|
||||
// Methods implementing nsICodebasePrincipal //
|
||||
///////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetURI(nsIURI** aURI)
|
||||
{
|
||||
if (!mCodebase)
|
||||
{
|
||||
*aURI = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
|
||||
return codebase->GetURI(aURI);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetOrigin(char** aOrigin)
|
||||
{
|
||||
if (!mCodebase)
|
||||
{
|
||||
*aOrigin = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
|
||||
return codebase->GetOrigin(aOrigin);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetSpec(char** aSpec)
|
||||
{
|
||||
if (!mCodebase)
|
||||
{
|
||||
*aSpec = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
|
||||
return codebase->GetSpec(aSpec);
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////
|
||||
// Methods implementing nsIAggregatePrincipal //
|
||||
////////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCertificate(nsIPrincipal** result)
|
||||
{
|
||||
*result = mCertificate;
|
||||
NS_IF_ADDREF(*result);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCodebase(nsIPrincipal** result)
|
||||
{
|
||||
*result = mCodebase;
|
||||
NS_IF_ADDREF(*result);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate)
|
||||
{
|
||||
nsresult rv;
|
||||
//-- Make sure this really is a certificate principal
|
||||
if (aCertificate)
|
||||
{
|
||||
nsCOMPtr<nsICertificatePrincipal> tempCertificate =
|
||||
do_QueryInterface(aCertificate, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
//-- If aCertificate is an aggregate, get its underlying certificate
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg =
|
||||
do_QueryInterface(aCertificate, &rv);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> underlying;
|
||||
rv = agg->GetCertificate(getter_AddRefs(underlying));
|
||||
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
|
||||
mCertificate = underlying.get();
|
||||
}
|
||||
else
|
||||
mCertificate = aCertificate;
|
||||
// New certificate, so forget cached security policy
|
||||
mCachedSecurityPolicy = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
|
||||
|
||||
//-- If newCodebase is an aggregate, get its underlying codebase
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg =
|
||||
do_QueryInterface(newCodebase, &rv);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
rv = agg->GetCodebase(getter_AddRefs(newCodebase));
|
||||
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
|
||||
}
|
||||
else
|
||||
{ //-- Make sure this really is a codebase principal
|
||||
nsCOMPtr<nsICodebasePrincipal> tempCodebase =
|
||||
do_QueryInterface(newCodebase, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
mCodebase = newCodebase;
|
||||
|
||||
//-- If this is the first codebase set, remember it.
|
||||
if (!mOriginalCodebase)
|
||||
mOriginalCodebase = newCodebase;
|
||||
else
|
||||
{
|
||||
mDomainChanged = PR_TRUE;
|
||||
// Codebase has changed, forget cached security policy
|
||||
mCachedSecurityPolicy = nsnull;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aOriginalCodebase);
|
||||
|
||||
*aOriginalCodebase = mOriginalCodebase;
|
||||
NS_IF_ADDREF(*aOriginalCodebase);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild)
|
||||
{
|
||||
//-- If a certificate is present, then that's the PrimaryChild principal.
|
||||
// Otherwise we use the codebase.
|
||||
if (mCertificate)
|
||||
*aPrimaryChild = mCertificate.get();
|
||||
else if (mCodebase)
|
||||
*aPrimaryChild = mCodebase.get();
|
||||
else
|
||||
{
|
||||
*aPrimaryChild = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IF_ADDREF(*aPrimaryChild);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Intersect(nsIPrincipal* other)
|
||||
{
|
||||
NS_ASSERTION(mCodebase, "Principal without codebase");
|
||||
|
||||
if (mCertificate)
|
||||
{
|
||||
PRBool sameCert = PR_FALSE;
|
||||
if (NS_FAILED(mCertificate->Equals(other, &sameCert)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (!sameCert)
|
||||
SetCertificate(nsnull);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetDomainChanged(PRBool aDomainChanged)
|
||||
{
|
||||
mDomainChanged = aDomainChanged;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetDomainChanged(PRBool* aDomainChanged)
|
||||
{
|
||||
*aDomainChanged = mDomainChanged;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCachedSecurityPolicy(void** aCachedSecurityPolicy)
|
||||
{
|
||||
*aCachedSecurityPolicy = mCachedSecurityPolicy;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCachedSecurityPolicy(void* aCachedSecurityPolicy)
|
||||
{
|
||||
mCachedSecurityPolicy = aCachedSecurityPolicy;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::ToString(char **result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->ToString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->ToUserVisibleString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
|
||||
{
|
||||
*result = PR_FALSE;
|
||||
if (this == other) {
|
||||
*result = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
if (!other)
|
||||
return NS_OK;
|
||||
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIAggregatePrincipal> otherAgg =
|
||||
do_QueryInterface(other, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_OK;
|
||||
//-- Two aggregates are equal if both codebase and certificate are equal
|
||||
PRBool certEqual = PR_TRUE;
|
||||
if (mCertificate)
|
||||
{
|
||||
rv = mCertificate->Equals(other, &certEqual);
|
||||
if(NS_FAILED(rv)) return rv;
|
||||
}
|
||||
PRBool cbEqual = PR_TRUE;
|
||||
if (mCodebase)
|
||||
{
|
||||
rv = mCodebase->Equals(other, &cbEqual);
|
||||
if(NS_FAILED(rv)) return rv;
|
||||
}
|
||||
if (mCertificate || mCodebase) // At least one must be present
|
||||
*result = certEqual && cbEqual;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::HashValue(PRUint32 *result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->HashValue(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::CanEnableCapability(const char *capability,
|
||||
PRInt16 *result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->CanEnableCapability(capability, result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCanEnableCapability(const char *capability,
|
||||
PRInt16 canEnable)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->SetCanEnableCapability(capability, canEnable);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
|
||||
PRBool *result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->IsCapabilityEnabled(capability, annotation, result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->EnableCapability(capability, annotation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->RevertCapability(capability, annotation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->DisableCapability(capability, annotation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->GetPreferences(aPrefName, aID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Read(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCertificate));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCodebase));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Write(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalObject(aStream, mCertificate, PR_TRUE);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIPrincipal), PR_TRUE);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
// Constructor, Destructor, initialization //
|
||||
/////////////////////////////////////////////
|
||||
|
||||
nsAggregatePrincipal::nsAggregatePrincipal() : mCachedSecurityPolicy(nsnull),
|
||||
mDomainChanged(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
nsAggregatePrincipal::~nsAggregatePrincipal()
|
||||
{
|
||||
}
|
|
@ -1,421 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.0 (the "NPL"); you may not use this file except in
|
||||
* compliance with the NPL. You may obtain a copy of the NPL at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the NPL is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
|
||||
* for the specific language governing rights and limitations under the
|
||||
* NPL.
|
||||
*
|
||||
* The Initial Developer of this code under the NPL is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 1999-2000 Netscape Communications Corporation. All Rights
|
||||
* Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Norris Boyd
|
||||
* Mitch Stoltz
|
||||
*/
|
||||
|
||||
#include "nscore.h"
|
||||
#include "nsBasePrincipal.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "plstr.h"
|
||||
#include "nsCRT.h"
|
||||
|
||||
//////////////////////////
|
||||
|
||||
nsBasePrincipal::nsBasePrincipal()
|
||||
: mCapabilities(nsnull)
|
||||
{
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(PRBool)
|
||||
deleteElement(void* aElement, void *aData)
|
||||
{
|
||||
nsHashtable *ht = (nsHashtable *) aElement;
|
||||
delete ht;
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
nsBasePrincipal::~nsBasePrincipal(void)
|
||||
{
|
||||
mAnnotations.EnumerateForwards(deleteElement, nsnull);
|
||||
delete mCapabilities;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
|
||||
{
|
||||
if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
|
||||
mJSPrincipals.nsIPrincipalPtr = this;
|
||||
// No need for a ADDREF since it is a self-reference
|
||||
}
|
||||
*jsprin = &mJSPrincipals;
|
||||
JSPRINCIPALS_HOLD(cx, *jsprin);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
const char
|
||||
nsBasePrincipal::Invalid[] = "Invalid";
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
|
||||
{
|
||||
if (!mCapabilities) {
|
||||
*result = nsIPrincipal::ENABLE_UNKNOWN;
|
||||
return NS_OK;
|
||||
}
|
||||
else // If this principal is marked invalid, can't enable any capabilities
|
||||
{
|
||||
nsCStringKey invalidKey(Invalid);
|
||||
if (mCapabilities->Exists(&invalidKey))
|
||||
{
|
||||
*result = nsIPrincipal::ENABLE_DENIED;
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
|
||||
const char *start = capability;
|
||||
*result = nsIPrincipal::ENABLE_GRANTED;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities->Get(&key));
|
||||
if (value == 0)
|
||||
value = nsIPrincipal::ENABLE_UNKNOWN;
|
||||
if (value < *result)
|
||||
*result = value;
|
||||
if (!space)
|
||||
return NS_OK;
|
||||
start = space + 1;
|
||||
}
|
||||
/* NOTREACHED */
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::SetCanEnableCapability(const char *capability,
|
||||
PRInt16 canEnable)
|
||||
{
|
||||
if (!mCapabilities) {
|
||||
mCapabilities = new nsHashtable(7);
|
||||
if (!mCapabilities)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
else // If this principal is marked invalid, can't enable any capabilities
|
||||
{
|
||||
nsCStringKey invalidKey(Invalid);
|
||||
if (mCapabilities->Exists(&invalidKey))
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (PL_strcmp(capability, Invalid) == 0)
|
||||
mCapabilities->Reset();
|
||||
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
mCapabilities->Put(&key, (void *) canEnable);
|
||||
if (!space)
|
||||
return NS_OK;
|
||||
start = space + 1;
|
||||
}
|
||||
/* NOTREACHED */
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
|
||||
PRBool *result)
|
||||
{
|
||||
*result = PR_FALSE;
|
||||
nsHashtable *ht = (nsHashtable *) annotation;
|
||||
if (!ht) {
|
||||
return NS_OK;
|
||||
}
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
*result = (ht->Get(&key) == (void *) AnnotationEnabled);
|
||||
if (!*result) {
|
||||
// If any single capability is not enabled, then return false.
|
||||
return NS_OK;
|
||||
}
|
||||
if (!space)
|
||||
return NS_OK;
|
||||
start = space + 1;
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::EnableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
return SetCapability(capability, annotation, AnnotationEnabled);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::DisableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
return SetCapability(capability, annotation, AnnotationDisabled);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::RevertCapability(const char *capability, void **annotation)
|
||||
{
|
||||
if (*annotation) {
|
||||
nsHashtable *ht = (nsHashtable *) *annotation;
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
ht->Remove(&key);
|
||||
if (!space)
|
||||
return NS_OK;
|
||||
start = space + 1;
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::SetCapability(const char *capability, void **annotation,
|
||||
AnnotationValue value)
|
||||
{
|
||||
if (*annotation == nsnull) {
|
||||
*annotation = new nsHashtable(5);
|
||||
if (!*annotation)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
// This object owns its annotations. Save them so we can release
|
||||
// them when we destroy this object.
|
||||
mAnnotations.AppendElement(*annotation);
|
||||
}
|
||||
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
nsHashtable *ht = (nsHashtable *) *annotation;
|
||||
ht->Put(&key, (void *) value);
|
||||
if (!space)
|
||||
return NS_OK;
|
||||
start = space + 1;
|
||||
}
|
||||
/* NOTREACHED */
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
int nsBasePrincipal::mCapabilitiesOrdinal = 0;
|
||||
|
||||
nsresult
|
||||
nsBasePrincipal::InitFromPersistent(const char* aPrefName, const char* aID,
|
||||
const char* aGrantedList, const char* aDeniedList)
|
||||
{
|
||||
//-- Empty the capability table
|
||||
if (mCapabilities)
|
||||
mCapabilities->Reset();
|
||||
|
||||
//-- Save the preference name
|
||||
mPrefName = aPrefName;
|
||||
|
||||
const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890");
|
||||
if (ordinalBegin) {
|
||||
int n = atoi(ordinalBegin);
|
||||
if (mCapabilitiesOrdinal <= n)
|
||||
mCapabilitiesOrdinal = n+1;
|
||||
}
|
||||
|
||||
//-- Store the capabilities
|
||||
if (aGrantedList)
|
||||
if(NS_FAILED(SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (aDeniedList)
|
||||
if(NS_FAILED(SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED)))
|
||||
return NS_ERROR_FAILURE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
struct CapabilityList
|
||||
{
|
||||
nsCString* granted;
|
||||
nsCString* denied;
|
||||
};
|
||||
|
||||
PR_STATIC_CALLBACK(PRBool)
|
||||
AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
|
||||
{
|
||||
CapabilityList* capList = (CapabilityList*)capListPtr;
|
||||
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData);
|
||||
nsCStringKey* key = (nsCStringKey *)aKey;
|
||||
if (value == nsIPrincipal::ENABLE_GRANTED)
|
||||
{
|
||||
capList->granted->Append(key->GetString(), key->GetStringLength());
|
||||
capList->granted->Append(' ');
|
||||
}
|
||||
else if (value == nsIPrincipal::ENABLE_DENIED)
|
||||
{
|
||||
capList->denied->Append(key->GetString(), key->GetStringLength());
|
||||
capList->denied->Append(' ');
|
||||
}
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
//-- Preference name
|
||||
*aPrefName = ToNewCString(mPrefName);
|
||||
if (!aPrefName)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
//-- ID
|
||||
if (NS_FAILED(ToString(aID)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
//-- Capabilities
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
if (mCapabilities) {
|
||||
nsCAutoString grantedListStr;
|
||||
nsCAutoString deniedListStr;
|
||||
CapabilityList* capList = new CapabilityList();
|
||||
capList->granted = &grantedListStr;
|
||||
capList->denied = &deniedListStr;
|
||||
mCapabilities->Enumerate(AppendCapability, (void*)capList);
|
||||
if (!grantedListStr.IsEmpty())
|
||||
{
|
||||
grantedListStr.Truncate(grantedListStr.Length()-1);
|
||||
*aGrantedList = ToNewCString(grantedListStr);
|
||||
if (!*aGrantedList) return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
if (!deniedListStr.IsEmpty())
|
||||
{
|
||||
deniedListStr.Truncate(deniedListStr.Length()-1);
|
||||
*aDeniedList = ToNewCString(deniedListStr);
|
||||
if (!*aDeniedList) return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(nsresult)
|
||||
ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey,
|
||||
void** aData)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCStringKey* key = new nsCStringKey(aStream, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
PRUint32 value;
|
||||
rv = aStream->Read32(&value);
|
||||
if (NS_FAILED(rv)) {
|
||||
delete key;
|
||||
return rv;
|
||||
}
|
||||
|
||||
*aKey = key;
|
||||
*aData = (void*) value;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(void)
|
||||
FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey,
|
||||
void* aData)
|
||||
{
|
||||
if (aKey)
|
||||
delete NS_STATIC_CAST(nsCStringKey*, aKey);
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsBasePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
PRUint32 annotationCount;
|
||||
rv = aStream->Read32(&annotationCount);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
|
||||
nsHashtable *ht = new nsHashtable(aStream,
|
||||
ReadAnnotationEntry,
|
||||
FreeAnnotationEntry,
|
||||
&rv);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv) || ht == nsnull,
|
||||
"failure but non-null return from nsHashtable ctor!");
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) {
|
||||
delete ht;
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
PRBool hasCapabilities;
|
||||
rv = aStream->ReadBoolean(&hasCapabilities);
|
||||
if (NS_SUCCEEDED(rv) && hasCapabilities) {
|
||||
mCapabilities = new nsHashtable(aStream,
|
||||
ReadAnnotationEntry,
|
||||
FreeAnnotationEntry,
|
||||
&rv);
|
||||
}
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalCString(aStream, mPrefName);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(nsresult)
|
||||
WriteScalarValue(nsIObjectOutputStream* aStream, void* aData)
|
||||
{
|
||||
PRUint32 value = NS_PTR_TO_INT32(aData);
|
||||
|
||||
return aStream->Write32(value);
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsBasePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
PRUint32 annotationCount = PRUint32(mAnnotations.Count());
|
||||
rv = aStream->Write32(annotationCount);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
|
||||
nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]);
|
||||
rv = ht->Write(aStream, WriteScalarValue);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
}
|
||||
|
||||
PRBool hasCapabilities = (mCapabilities != nsnull);
|
||||
rv = aStream->WriteBoolean(hasCapabilities);
|
||||
if (NS_SUCCEEDED(rv) && hasCapabilities)
|
||||
rv = mCapabilities->Write(aStream, WriteScalarValue);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mPrefName.get());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
|
@ -1,227 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*describes principals for use in signed scripts*/
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "prmem.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsCRT.h"
|
||||
|
||||
static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE3_CI(nsCertificatePrincipal,
|
||||
nsICertificatePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER3(nsCertificatePrincipal,
|
||||
nsICertificatePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal)
|
||||
NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal)
|
||||
|
||||
//////////////////////////////////////////////////
|
||||
// Methods implementing nsICertificatePrincipal //
|
||||
//////////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetCertificateID(char** aCertificateID)
|
||||
{
|
||||
*aCertificateID = ToNewCString(mCertificateID);
|
||||
return *aCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetCommonName(char** aCommonName)
|
||||
{
|
||||
*aCommonName = ToNewCString(mCommonName);
|
||||
return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::SetCommonName(const char* aCommonName)
|
||||
{
|
||||
mCommonName = aCommonName;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::CanEnableCapability(const char *capability,
|
||||
PRInt16 *result)
|
||||
{
|
||||
if(NS_FAILED(nsBasePrincipal::CanEnableCapability(capability, result)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
|
||||
*result = ENABLE_WITH_USER_PERMISSION;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::ToString(char **result)
|
||||
{
|
||||
return GetCertificateID(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
return GetCommonName(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
if (mPrefName.IsEmpty()) {
|
||||
mPrefName.Assign("capability.principal.certificate.p");
|
||||
mPrefName.AppendInt(mCapabilitiesOrdinal++);
|
||||
mPrefName.Append(".id");
|
||||
}
|
||||
return nsBasePrincipal::GetPreferences(aPrefName, aID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
|
||||
{
|
||||
*result = PR_FALSE;
|
||||
if (this == other) {
|
||||
*result = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
if (!other)
|
||||
return NS_OK;
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsICertificatePrincipal> otherCertificate =
|
||||
do_QueryInterface(other, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_OK;
|
||||
//-- Compare cert ID's
|
||||
char* otherID;
|
||||
rv = otherCertificate->GetCertificateID(&otherID);
|
||||
if (NS_FAILED(rv))
|
||||
{
|
||||
PR_FREEIF(otherID);
|
||||
return rv;
|
||||
}
|
||||
*result = mCertificateID.Equals(otherID);
|
||||
PR_FREEIF(otherID);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::HashValue(PRUint32 *result)
|
||||
{
|
||||
char* str;
|
||||
if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE;
|
||||
*result = nsCRT::HashCode(str, nsnull);
|
||||
nsCRT::free(str);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Read(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = aStream->ReadCString(mCertificateID);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalCString(aStream, mCommonName);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Write(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = aStream->WriteStringZ(mCertificateID.get());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mCommonName.get());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
// Constructor, Destructor, initialization //
|
||||
/////////////////////////////////////////////
|
||||
nsresult
|
||||
nsCertificatePrincipal::InitFromPersistent(const char* aPrefName, const char* aCertID,
|
||||
const char* aGrantedList, const char* aDeniedList)
|
||||
{
|
||||
if (NS_FAILED(Init(aCertID)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
return nsBasePrincipal::InitFromPersistent(aPrefName, aCertID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Init(const char* aCertificateID)
|
||||
{
|
||||
mCertificateID = aCertificateID;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCertificatePrincipal::nsCertificatePrincipal()
|
||||
{
|
||||
}
|
||||
|
||||
nsCertificatePrincipal::~nsCertificatePrincipal()
|
||||
{
|
||||
}
|
|
@ -1,310 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* Describes principals by their orginating uris */
|
||||
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsIComponentManager.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsIURL.h"
|
||||
#include "nsIJARURI.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIPrefBranch.h"
|
||||
#include "nsIPrefService.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE3_CI(nsCodebasePrincipal,
|
||||
nsICodebasePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER3(nsCodebasePrincipal,
|
||||
nsICodebasePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal)
|
||||
NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal)
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::ToString(char **result)
|
||||
{
|
||||
*result = nsnull;
|
||||
PRBool isFile = PR_TRUE;
|
||||
if(NS_FAILED(mURI->SchemeIs("file", &isFile)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
if (isFile)
|
||||
{
|
||||
nsCOMPtr<nsIURL> url(do_QueryInterface(mURI));
|
||||
if (url)
|
||||
{
|
||||
nsCAutoString directory;
|
||||
nsresult rv = url->GetDirectory(directory);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
nsCAutoString fileName;
|
||||
rv = url->GetFileName(fileName);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
*result =
|
||||
ToNewCString(NS_LITERAL_CSTRING("file://") + directory + fileName);
|
||||
if (!*result)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
return GetOrigin(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
return ToString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
if (mPrefName.IsEmpty())
|
||||
{
|
||||
mPrefName.Assign("capability.principal.codebase.p");
|
||||
mPrefName.AppendInt(mCapabilitiesOrdinal++);
|
||||
mPrefName.Append(".id");
|
||||
}
|
||||
return nsBasePrincipal::GetPreferences(aPrefName, aID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::HashValue(PRUint32 *result)
|
||||
{
|
||||
nsXPIDLCString spec;
|
||||
if (NS_FAILED(GetSpec(getter_Copies(spec))))
|
||||
return NS_ERROR_FAILURE;
|
||||
*result = nsCRT::HashCode(spec, nsnull);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::CanEnableCapability(const char *capability,
|
||||
PRInt16 *result)
|
||||
{
|
||||
// Either this principal must be preconfigured as a trusted source
|
||||
// (mTrusted), or else the codebase principal pref must be enabled
|
||||
if (!mTrusted)
|
||||
{
|
||||
static char pref[] = "signed.applets.codebase_principal_support";
|
||||
nsCOMPtr<nsIPrefBranch> prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID));
|
||||
if (!prefBranch)
|
||||
return NS_ERROR_FAILURE;
|
||||
PRBool enabled;
|
||||
if (NS_FAILED(prefBranch->GetBoolPref(pref, &enabled)) || !enabled)
|
||||
{
|
||||
// Deny unless subject is executing from file: or resource:
|
||||
PRBool isFile = PR_FALSE;
|
||||
PRBool isRes = PR_FALSE;
|
||||
|
||||
if (NS_FAILED(mURI->SchemeIs("file", &isFile)) ||
|
||||
NS_FAILED(mURI->SchemeIs("resource", &isRes)) ||
|
||||
(!isFile && !isRes))
|
||||
{
|
||||
*result = nsIPrincipal::ENABLE_DENIED;
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
nsBasePrincipal::CanEnableCapability(capability, result);
|
||||
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
|
||||
*result = ENABLE_WITH_USER_PERMISSION;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////
|
||||
// Methods implementing nsICodebasePrincipal //
|
||||
///////////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetURI(nsIURI **uri)
|
||||
{
|
||||
*uri = mURI;
|
||||
NS_ADDREF(*uri);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetOrigin(char **origin)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCAutoString hostPort;
|
||||
if (NS_SUCCEEDED(mURI->GetHostPort(hostPort)))
|
||||
{
|
||||
nsCAutoString scheme;
|
||||
rv = mURI->GetScheme(scheme);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*origin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Some URIs (e.g., nsSimpleURI) don't support host. Just
|
||||
// get the full spec.
|
||||
nsCAutoString spec;
|
||||
rv = mURI->GetSpec(spec);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*origin = ToNewCString(spec);
|
||||
}
|
||||
|
||||
return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetSpec(char **spec)
|
||||
{
|
||||
nsCAutoString buf;
|
||||
nsresult rv = mURI->GetSpec(buf);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
*spec = ToNewCString(buf);
|
||||
return *spec ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::Equals(nsIPrincipal *aOther, PRBool *result)
|
||||
{
|
||||
if (this == aOther)
|
||||
{
|
||||
*result = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
*result = PR_FALSE;
|
||||
if (!aOther)
|
||||
return NS_OK;
|
||||
|
||||
// Get a URI from the other principal
|
||||
nsCOMPtr<nsICodebasePrincipal> otherCodebase(
|
||||
do_QueryInterface(aOther));
|
||||
if (!otherCodebase)
|
||||
{
|
||||
// Other principal is not a codebase, so return false
|
||||
return NS_OK;
|
||||
}
|
||||
nsCOMPtr<nsIURI> otherURI;
|
||||
otherCodebase->GetURI(getter_AddRefs(otherURI));
|
||||
|
||||
NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE);
|
||||
return nsScriptSecurityManager::GetScriptSecurityManager()
|
||||
->SecurityCompareURIs(mURI, otherURI, result);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Read(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return aStream->ReadObject(PR_TRUE, getter_AddRefs(mURI));
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Write(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return aStream->WriteCompoundObject(mURI, NS_GET_IID(nsIURI), PR_TRUE);
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
// Constructor, Destructor, initialization //
|
||||
/////////////////////////////////////////////
|
||||
|
||||
nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsCodebasePrincipal::Init(nsIURI *uri)
|
||||
{
|
||||
nsCAutoString codebase;
|
||||
if (uri == nsnull || NS_FAILED(uri->GetSpec(codebase)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (NS_FAILED(mJSPrincipals.Init(ToNewCString(codebase))))
|
||||
return NS_ERROR_FAILURE;
|
||||
// JSPrincipals::Init adopts its input
|
||||
mURI = uri;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// This method overrides nsBasePrincipal::InitFromPersistent
|
||||
nsresult
|
||||
nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr,
|
||||
const char* aGrantedList, const char* aDeniedList,
|
||||
PRBool aTrusted)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aURLStr), nsnull);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Malformed URI in security.principal preference.");
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE;
|
||||
// XXX: Add check for trusted = SSL only here?
|
||||
mTrusted = aTrusted;
|
||||
|
||||
return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
nsCodebasePrincipal::~nsCodebasePrincipal()
|
||||
{
|
||||
}
|
|
@ -35,7 +35,10 @@
|
|||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#include "nsCodebasePrincipal.h"
|
||||
|
||||
#include "nsString.h"
|
||||
#include "nsIObjectOutputStream.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "plstr.h"
|
||||
#include "nsXPIDLString.h"
|
||||
|
@ -138,7 +141,7 @@ nsTranscodeJSPrincipals(JSXDRState *xdr, JSPrincipals **jsprinp)
|
|||
nsMemory::Free(olddata);
|
||||
::JS_XDRMemSetData(xdr, data, size);
|
||||
|
||||
prin->GetJSPrincipals(jsprinp);
|
||||
prin->GetJsPrincipals(jsprinp);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -183,9 +186,18 @@ nsJSPrincipals::nsJSPrincipals()
|
|||
}
|
||||
|
||||
nsresult
|
||||
nsJSPrincipals::Init(char *aCodebase)
|
||||
nsJSPrincipals::Init(nsIPrincipal *aPrincipal, const char *aCodebase)
|
||||
{
|
||||
codebase = aCodebase;
|
||||
if (nsIPrincipalPtr) {
|
||||
NS_ERROR("Init called twice!");
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
|
||||
nsIPrincipalPtr = aPrincipal;
|
||||
codebase = PL_strdup(aCodebase);
|
||||
if (!codebase)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -58,13 +58,6 @@ PRInt32 nsPrincipal::sCapabilitiesOrdinal = 0;
|
|||
const char nsPrincipal::sInvalid[] = "Invalid";
|
||||
|
||||
|
||||
nsPrincipal::nsPrincipal()
|
||||
: mCapabilities(7),
|
||||
mSecurityPolicy(nsnull)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE2_CI(nsPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
@ -95,12 +88,44 @@ nsPrincipal::Release()
|
|||
return count;
|
||||
}
|
||||
|
||||
nsPrincipal::nsPrincipal(nsIURI *aURI)
|
||||
: mSecurityPolicy(nsnull),
|
||||
mCodebase(aURI)
|
||||
nsPrincipal::nsPrincipal()
|
||||
: mCapabilities(7),
|
||||
mSecurityPolicy(nsnull),
|
||||
mTrusted(PR_FALSE),
|
||||
mInitialized(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsPrincipal::Init(const char *aCertID, nsIURI *aCodebase)
|
||||
{
|
||||
NS_ENSURE_STATE(!mInitialized);
|
||||
NS_ENSURE_ARG_POINTER(aCertID || aCodebase); // better have one of these.
|
||||
|
||||
mInitialized = PR_TRUE;
|
||||
|
||||
mCodebase = aCodebase;
|
||||
|
||||
nsresult rv;
|
||||
if (aCertID) {
|
||||
rv = SetCertificate(aCertID, nsnull);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
rv = mJSPrincipals.Init(this, aCertID);
|
||||
}
|
||||
}
|
||||
else {
|
||||
nsCAutoString spec;
|
||||
rv = mCodebase->GetSpec(spec);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
rv = mJSPrincipals.Init(this, spec.get());
|
||||
}
|
||||
}
|
||||
|
||||
NS_WARN_IF_FALSE(NS_SUCCEEDED(rv), "nsPrincipal::Init() failed");
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
||||
PR_STATIC_CALLBACK(PRBool)
|
||||
deleteElement(void* aElement, void *aData)
|
||||
|
@ -118,10 +143,7 @@ nsPrincipal::~nsPrincipal(void)
|
|||
NS_IMETHODIMP
|
||||
nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
|
||||
{
|
||||
if (!mJSPrincipals.nsIPrincipalPtr) {
|
||||
// Don't addref here, since we are referencing each other.
|
||||
mJSPrincipals.nsIPrincipalPtr = this;
|
||||
}
|
||||
NS_PRECONDITION(mJSPrincipals.nsIPrincipalPtr, "mJSPrincipals is uninitalized!");
|
||||
|
||||
*jsprin = &mJSPrincipals;
|
||||
|
||||
|
@ -135,8 +157,13 @@ nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
|
|||
NS_IMETHODIMP
|
||||
nsPrincipal::GetOrigin(char **aOrigin)
|
||||
{
|
||||
*aOrigin = nsnull;
|
||||
|
||||
nsIURI* uri = mDomain ? mDomain : mCodebase;
|
||||
NS_ASSERTION(uri, "No Domain or Codebase");
|
||||
if (!uri) {
|
||||
NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCAutoString hostPort;
|
||||
|
||||
|
@ -202,9 +229,8 @@ nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult)
|
|||
|
||||
nsXPIDLCString otherCertID;
|
||||
aOther->GetCertificateID(getter_Copies(otherCertID));
|
||||
if (!otherCertID.Equals(mCert->certificateID)) {
|
||||
return NS_OK;
|
||||
}
|
||||
*aResult = otherCertID.Equals(mCert->certificateID);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// Codebases are equal if they have the same origin.
|
||||
|
@ -409,30 +435,25 @@ nsPrincipal::GetURI(nsIURI** aURI)
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
void
|
||||
nsPrincipal::SetURI(nsIURI* aURI)
|
||||
{
|
||||
mCodebase = aURI;
|
||||
mDomain = nsnull;
|
||||
// Codebase has changed, forget cached security policy
|
||||
mSecurityPolicy = nsnull;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetCertificateID(const char* aID)
|
||||
|
||||
nsresult
|
||||
nsPrincipal::SetCertificate(const char* aID, const char* aName)
|
||||
{
|
||||
if (!aID) {
|
||||
mCert = nsnull;
|
||||
return NS_OK;
|
||||
NS_ENSURE_STATE(!mCert);
|
||||
|
||||
if (!aID && !aName) {
|
||||
return NS_ERROR_INVALID_POINTER;
|
||||
}
|
||||
|
||||
mCert = new Certificate(aID, aName);
|
||||
if (!mCert) {
|
||||
mCert = new Certificate(aID, "");
|
||||
if (!mCert) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
@ -526,31 +547,30 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
|
|||
"mCapabilities was already initialized?");
|
||||
NS_PRECONDITION(mAnnotations.Count() == 0,
|
||||
"mAnnotations was already initialized?");
|
||||
NS_PRECONDITION(!mInitialized, "We were already initialized?");
|
||||
|
||||
mInitialized = PR_TRUE;
|
||||
|
||||
nsresult rv;
|
||||
if (aIsCert) {
|
||||
SetCertificateID(aToken);
|
||||
rv = SetCertificate(aToken, nsnull);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
else {
|
||||
nsresult rv = NS_NewURI(getter_AddRefs(mCodebase), aToken, nsnull);
|
||||
rv = NS_NewURI(getter_AddRefs(mCodebase), aToken, nsnull);
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_ERROR("Malformed URI in capability.principal preference.");
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCAutoString token;
|
||||
rv = mCodebase->GetSpec(token);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = mJSPrincipals.Init(PL_strdup(token.get()));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
mTrusted = aTrusted;
|
||||
}
|
||||
|
||||
rv = mJSPrincipals.Init(this, aToken);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
//-- Save the preference name
|
||||
mPrefName = aPrefName;
|
||||
|
||||
|
@ -563,7 +583,7 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
|
|||
}
|
||||
|
||||
//-- Store the capabilities
|
||||
nsresult rv = NS_OK;
|
||||
rv = NS_OK;
|
||||
if (aGrantedList) {
|
||||
rv = SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED);
|
||||
}
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -43,9 +43,7 @@
|
|||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsAggregatePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsPrincipal.h"
|
||||
#include "nsSystemPrincipal.h"
|
||||
#include "nsIScriptNameSpaceManager.h"
|
||||
#include "nsIScriptExternalNameSet.h"
|
||||
|
@ -235,7 +233,7 @@ netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
|
|||
// NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
|
||||
|
||||
rv = securityManager->SetCanEnableCapability(principalID,
|
||||
nsBasePrincipal::Invalid,
|
||||
nsPrincipal::sInvalid,
|
||||
nsIPrincipal::ENABLE_GRANTED);
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE;
|
||||
|
@ -310,17 +308,13 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
|
|||
|
||||
|
||||
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
|
||||
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
|
||||
nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
|
||||
|
||||
|
||||
NS_DECL_CLASSINFO(nsAggregatePrincipal)
|
||||
NS_DECL_CLASSINFO(nsCertificatePrincipal)
|
||||
NS_DECL_CLASSINFO(nsCodebasePrincipal)
|
||||
NS_DECL_CLASSINFO(nsPrincipal)
|
||||
NS_DECL_CLASSINFO(nsSystemPrincipal)
|
||||
|
||||
|
||||
|
@ -388,42 +382,16 @@ static const nsModuleComponentInfo capsComponentInfo[] =
|
|||
nsIClassInfo::MAIN_THREAD_ONLY
|
||||
},
|
||||
|
||||
{ NS_AGGREGATEPRINCIPAL_CLASSNAME,
|
||||
NS_AGGREGATEPRINCIPAL_CID,
|
||||
NS_AGGREGATEPRINCIPAL_CONTRACTID,
|
||||
nsAggregatePrincipalConstructor,
|
||||
{ NS_PRINCIPAL_CLASSNAME,
|
||||
NS_PRINCIPAL_CID,
|
||||
NS_PRINCIPAL_CONTRACTID,
|
||||
nsPrincipalConstructor,
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal),
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
|
||||
nsnull,
|
||||
&NS_CLASSINFO_NAME(nsAggregatePrincipal),
|
||||
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
|
||||
},
|
||||
|
||||
{ NS_CERTIFICATEPRINCIPAL_CLASSNAME,
|
||||
NS_CERTIFICATEPRINCIPAL_CID,
|
||||
NS_CERTIFICATEPRINCIPAL_CONTRACTID,
|
||||
nsCertificatePrincipalConstructor,
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal),
|
||||
nsnull,
|
||||
&NS_CLASSINFO_NAME(nsCertificatePrincipal),
|
||||
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
|
||||
},
|
||||
|
||||
{ NS_CODEBASEPRINCIPAL_CLASSNAME,
|
||||
NS_CODEBASEPRINCIPAL_CID,
|
||||
NS_CODEBASEPRINCIPAL_CONTRACTID,
|
||||
nsCodebasePrincipalConstructor,
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal),
|
||||
nsnull,
|
||||
&NS_CLASSINFO_NAME(nsCodebasePrincipal),
|
||||
&NS_CLASSINFO_NAME(nsPrincipal),
|
||||
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
|
||||
},
|
||||
|
||||
|
|
|
@ -47,40 +47,53 @@
|
|||
#include "nsXPIDLString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsString.h"
|
||||
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, nsIPrincipal, nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, nsIPrincipal, nsISerializable)
|
||||
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal)
|
||||
NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal)
|
||||
NS_IMETHODIMP_(nsrefcnt)
|
||||
nsSystemPrincipal::AddRef()
|
||||
{
|
||||
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
|
||||
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
|
||||
NS_LOG_ADDREF(this, count, "nsSystemPrincipal", sizeof(*this));
|
||||
return count;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP_(nsrefcnt)
|
||||
nsSystemPrincipal::Release()
|
||||
{
|
||||
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
|
||||
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
|
||||
NS_LOG_RELEASE(this, count, "nsSystemPrincipal");
|
||||
if (count == 0) {
|
||||
NS_DELETEXPCOM(this);
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::ToString(char **result)
|
||||
{
|
||||
nsAutoString buf;
|
||||
buf.Assign(NS_LITERAL_STRING("[System]"));
|
||||
|
||||
*result = ToNewCString(buf);
|
||||
return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
return ToString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
// The system principal should never be streamed out
|
||||
*aPrefName = nsnull;
|
||||
*aID = nsnull;
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -92,7 +105,7 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result)
|
|||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::HashValue(PRUint32 *result)
|
||||
nsSystemPrincipal::GetHashValue(PRUint32 *result)
|
||||
{
|
||||
*result = NS_PTR_TO_INT32(this);
|
||||
return NS_OK;
|
||||
|
@ -127,12 +140,14 @@ nsSystemPrincipal::IsCapabilityEnabled(const char *capability,
|
|||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::EnableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
*annotation = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::RevertCapability(const char *capability, void **annotation)
|
||||
{
|
||||
*annotation = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -141,9 +156,88 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation)
|
|||
{
|
||||
// Can't disable the capabilities of the system principal.
|
||||
// XXX might be handy to be able to do so!
|
||||
*annotation = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetURI(nsIURI** aURI)
|
||||
{
|
||||
*aURI = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetOrigin(char** aOrigin)
|
||||
{
|
||||
*aOrigin = ToNewCString(NS_LITERAL_CSTRING("[System]"));
|
||||
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetCertificateID(char** aID)
|
||||
{
|
||||
*aID = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetCommonName(char** aName)
|
||||
{
|
||||
*aName = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetCommonName(const char* aName)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetHasCertificate(PRBool* aResult)
|
||||
{
|
||||
*aResult = PR_FALSE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetDomain(nsIURI** aDomain)
|
||||
{
|
||||
*aDomain = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetDomain(nsIURI* aDomain)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
|
||||
{
|
||||
*aSecurityPolicy = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
|
||||
{
|
||||
NS_PRECONDITION(mJSPrincipals.nsIPrincipalPtr, "mJSPrincipals is uninitalized!");
|
||||
|
||||
*jsprin = &mJSPrincipals;
|
||||
JSPRINCIPALS_HOLD(cx, *jsprin);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
@ -170,15 +264,10 @@ nsSystemPrincipal::nsSystemPrincipal()
|
|||
{
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsresult
|
||||
nsSystemPrincipal::Init()
|
||||
{
|
||||
char *codebase = nsCRT::strdup("[System Principal]");
|
||||
if (!codebase)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
if (NS_FAILED(mJSPrincipals.Init(codebase)))
|
||||
return NS_ERROR_FAILURE;
|
||||
return NS_OK;
|
||||
return mJSPrincipals.Init(this, "[System Principal]");
|
||||
}
|
||||
|
||||
nsSystemPrincipal::~nsSystemPrincipal(void)
|
||||
|
|
|
@ -250,6 +250,11 @@ public:
|
|||
return sIOService;
|
||||
};
|
||||
|
||||
static nsIScriptSecurityManager* GetSecurityManager()
|
||||
{
|
||||
return sSecurityManager;
|
||||
}
|
||||
|
||||
static nsresult GenerateStateKey(nsIContent* aContent,
|
||||
nsIStatefulFrame::SpecialStateID aID,
|
||||
nsACString& aKey);
|
||||
|
|
|
@ -130,10 +130,9 @@ public:
|
|||
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal) = 0;
|
||||
|
||||
/**
|
||||
* Update principal responsible for this document to the intersection
|
||||
* of its previous value and aPrincipal.
|
||||
* Set the principal responsible for this document.
|
||||
*/
|
||||
NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal) = 0;
|
||||
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal) = 0;
|
||||
|
||||
/**
|
||||
* Return the LoadGroup for the document. May return null.
|
||||
|
|
|
@ -60,13 +60,13 @@
|
|||
#include "nsHTMLAtoms.h"
|
||||
#include "nsIDOMWindowInternal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsICookieService.h"
|
||||
#include "nsIPrompt.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIServiceManagerUtils.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsICharsetConverterManager.h"
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsParserUtils.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsEscape.h"
|
||||
|
@ -355,23 +355,18 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
|
|||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase =
|
||||
do_QueryInterface(originalPrincipal, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
nsCOMPtr<nsIPrincipal> systemPrincipal;
|
||||
nsContentUtils::GetSecurityManager()->
|
||||
GetSystemPrincipal(getter_AddRefs(systemPrincipal));
|
||||
NS_ASSERTION(systemPrincipal, "No system principal");
|
||||
|
||||
if (docPrincipal == systemPrincipal) {
|
||||
// Document's principal is not a codebase, so we can't set cookies
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
rv = docPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIScriptGlobalObject> globalObj;
|
||||
|
|
|
@ -87,7 +87,7 @@
|
|||
#include "nsNetUtil.h" // for NS_MakeAbsoluteURI
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIPrivateDOMImplementation.h"
|
||||
|
||||
#include "nsIDOMWindowInternal.h"
|
||||
|
@ -840,21 +840,9 @@ nsDocument::GetPrincipal(nsIPrincipal **aPrincipal)
|
|||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocument::AddPrincipal(nsIPrincipal *aNewPrincipal)
|
||||
nsDocument::SetPrincipal(nsIPrincipal *aNewPrincipal)
|
||||
{
|
||||
nsresult rv;
|
||||
if (!mPrincipal) {
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = GetPrincipal(getter_AddRefs(principal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
rv = agg->Intersect(aNewPrincipal);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
}
|
||||
mPrincipal = aNewPrincipal;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
|
@ -276,10 +276,9 @@ public:
|
|||
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal);
|
||||
|
||||
/**
|
||||
* Update principal responsible for this document to the intersection
|
||||
* of its previous value and aPrincipal, and return its new value.
|
||||
* Set the principal responsible for this document.
|
||||
*/
|
||||
NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal);
|
||||
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal);
|
||||
|
||||
/**
|
||||
* Get the Content-Type of this document.
|
||||
|
|
|
@ -59,7 +59,6 @@
|
|||
#include "nsIWebShell.h"
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
|
||||
#include "nsIURI.h"
|
||||
#include "nsIURL.h"
|
||||
|
@ -203,12 +202,8 @@ nsFrameLoader::LoadFrame()
|
|||
// If we were called from script, get the referring URL from the script
|
||||
|
||||
if (principal) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal));
|
||||
|
||||
if (codebase) {
|
||||
rv = codebase->GetURI(getter_AddRefs(referrer));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
rv = principal->GetURI(getter_AddRefs(referrer));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Pass the script principal to the docshell
|
||||
|
||||
|
|
|
@ -74,7 +74,7 @@
|
|||
#include "nsINameSpaceManager.h"
|
||||
#include "nsContentList.h"
|
||||
#include "nsDOMError.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIDOMMutationEvent.h"
|
||||
#include "nsMutationEvent.h"
|
||||
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
#include "nsIAtom.h"
|
||||
#include "nsIDocument.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsISupportsArray.h"
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsReadableUtils.h"
|
||||
|
|
|
@ -42,10 +42,10 @@
|
|||
#include "nsINodeInfo.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "plhash.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
class nsNodeInfo;
|
||||
class nsIPrincipal;
|
||||
class nsIURI;
|
||||
|
||||
|
||||
class nsNodeInfoManager : public nsINodeInfoManager
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
#include "nsParserCIID.h"
|
||||
#include "nsIHTMLFragmentContentSink.h"
|
||||
#include "nsIEnumerator.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptContext.h"
|
||||
#include "nsIHTMLDocument.h"
|
||||
|
|
|
@ -52,6 +52,38 @@ static NS_DEFINE_CID(kCharsetConverterManagerCID, NS_ICHARSETCONVERTERMANAGER_CI
|
|||
//
|
||||
//////////////////////////////////////////////////////////////
|
||||
|
||||
static already_AddRefed<nsIPrincipal>
|
||||
IntersectPrincipalCerts(nsIPrincipal *aOld, nsIPrincipal *aNew)
|
||||
{
|
||||
NS_PRECONDITION(aOld, "Null old principal!");
|
||||
NS_PRECONDITION(aNew, "Null new principal!");
|
||||
|
||||
nsIPrincipal *principal = aOld;
|
||||
|
||||
PRBool hasCert;
|
||||
aOld->GetHasCertificate(&hasCert);
|
||||
if (hasCert) {
|
||||
PRBool equal;
|
||||
aOld->Equals(aNew, &equal);
|
||||
if (!equal) {
|
||||
nsCOMPtr<nsIURI> uri, domain;
|
||||
aOld->GetURI(getter_AddRefs(uri));
|
||||
aOld->GetDomain(getter_AddRefs(domain));
|
||||
|
||||
nsContentUtils::GetSecurityManager()->GetCodebasePrincipal(uri, &principal);
|
||||
if (principal && domain) {
|
||||
principal->SetDomain(domain);
|
||||
}
|
||||
|
||||
return principal;
|
||||
}
|
||||
}
|
||||
|
||||
NS_ADDREF(principal);
|
||||
|
||||
return principal;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////
|
||||
// Per-request data structure
|
||||
//////////////////////////////////////////////////////////////
|
||||
|
@ -412,17 +444,14 @@ nsScriptLoader::ProcessScriptElement(nsIDOMHTMLScriptElement *aElement,
|
|||
}
|
||||
|
||||
// Check that the containing page is allowed to load this URI.
|
||||
nsCOMPtr<nsIScriptSecurityManager> securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
|
||||
if (NS_FAILED(rv)) {
|
||||
return FireErrorNotification(rv, aElement, aObserver);
|
||||
}
|
||||
nsCOMPtr<nsIURI> docURI;
|
||||
mDocument->GetDocumentURL(getter_AddRefs(docURI));
|
||||
if (!docURI) {
|
||||
return FireErrorNotification(NS_ERROR_UNEXPECTED, aElement, aObserver);
|
||||
}
|
||||
rv = securityManager->CheckLoadURI(docURI, scriptURI,
|
||||
nsIScriptSecurityManager::ALLOW_CHROME);
|
||||
rv = nsContentUtils::GetSecurityManager()->
|
||||
CheckLoadURI(docURI, scriptURI, nsIScriptSecurityManager::ALLOW_CHROME);
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
return FireErrorNotification(rv, aElement, aObserver);
|
||||
}
|
||||
|
@ -874,18 +903,22 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
|
|||
if (channel) {
|
||||
nsCOMPtr<nsISupports> owner;
|
||||
channel->GetOwner(getter_AddRefs(owner));
|
||||
nsCOMPtr<nsIPrincipal> prin;
|
||||
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(owner);
|
||||
|
||||
if (owner) {
|
||||
prin = do_QueryInterface(owner, &rv);
|
||||
}
|
||||
if (principal) {
|
||||
nsCOMPtr<nsIPrincipal> docPrincipal;
|
||||
rv = mDocument->GetPrincipal(getter_AddRefs(docPrincipal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCOMPtr<nsIPrincipal> newPrincipal =
|
||||
IntersectPrincipalCerts(docPrincipal, principal);
|
||||
|
||||
rv = mDocument->AddPrincipal(prin);
|
||||
if (NS_FAILED(rv)) {
|
||||
mPendingRequests.RemoveObject(request);
|
||||
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
|
||||
ProcessPendingReqests();
|
||||
return NS_OK;
|
||||
mDocument->SetPrincipal(newPrincipal);
|
||||
} else {
|
||||
mPendingRequests.RemoveObject(request);
|
||||
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
|
||||
ProcessPendingReqests();
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,7 +42,6 @@
|
|||
#include "nsIEventListenerManager.h"
|
||||
#include "jsapi.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIDOMEventReceiver.h"
|
||||
#include "nsIDOM3EventTarget.h"
|
||||
#include "nsHashtable.h"
|
||||
|
|
|
@ -104,8 +104,6 @@
|
|||
#include "nsVoidArray.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsTextFragment.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptGlobalObjectOwner.h"
|
||||
|
|
|
@ -85,8 +85,7 @@
|
|||
#include "nsIXPConnect.h"
|
||||
#include "nsContentList.h"
|
||||
#include "nsDOMError.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScrollableView.h"
|
||||
|
||||
|
@ -1896,11 +1895,10 @@ nsHTMLDocument::GetDomainURI(nsIURI **aURI)
|
|||
if (NS_FAILED(GetPrincipal(getter_AddRefs(principal))))
|
||||
return;
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
|
||||
if (!codebase)
|
||||
return;
|
||||
|
||||
codebase->GetURI(aURI);
|
||||
principal->GetDomain(aURI);
|
||||
if (!*aURI) {
|
||||
principal->GetURI(aURI);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -1972,27 +1970,10 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain)
|
|||
if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
// Get codebase principal
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIScriptSecurityManager> securityManager =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
nsCOMPtr<nsIPrincipal> newCodebase;
|
||||
rv = securityManager->GetCodebasePrincipal(newURI,
|
||||
getter_AddRefs(newCodebase));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
rv = agg->SetCodebase(newCodebase);
|
||||
nsresult rv = mPrincipal->SetDomain(newURI);
|
||||
|
||||
// Bug 13871: Frameset spoofing - note that document.domain was set
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
agg->SetDomainChanged(PR_TRUE);
|
||||
mDomainWasSet = PR_TRUE;
|
||||
}
|
||||
|
||||
|
@ -2254,23 +2235,16 @@ nsHTMLDocument::GetCookie(nsAString& aCookie)
|
|||
if (service) {
|
||||
// Get a URI from the document principal. We use the original
|
||||
// codebase in case the codebase was changed by SetDomain
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
if (!codebaseURI) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
|
||||
do_QueryInterface(originalPrincipal, &rv));
|
||||
if (NS_FAILED(rv)) {
|
||||
// Document's principal is not a codebase, so can't get cookies
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsXPIDLCString cookie;
|
||||
rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie));
|
||||
if (NS_SUCCEEDED(rv) && cookie)
|
||||
|
@ -2306,25 +2280,16 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie)
|
|||
}
|
||||
}
|
||||
|
||||
// Get a URI from the document principal. We use the original
|
||||
// codebase in case the codebase was changed by SetDomain
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
if (!codebaseURI) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
|
||||
do_QueryInterface(originalPrincipal, &rv));
|
||||
if (NS_FAILED(rv)) {
|
||||
// Document's principal is not a codebase, so can't set cookies
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = NS_ERROR_OUT_OF_MEMORY;
|
||||
char* cookie = ToNewCString(aCookie);
|
||||
if (cookie) {
|
||||
|
@ -2680,19 +2645,12 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
|
|||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// why is the above code duplicated below???
|
||||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (subject) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
|
||||
if (codebase) {
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
rv = codebase->GetURI(getter_AddRefs(subjectURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
subject->GetURI(getter_AddRefs(subjectURI));
|
||||
|
||||
if (subjectURI) {
|
||||
mDocumentURL = subjectURI;
|
||||
|
||||
mPrincipal = subject;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -99,8 +99,6 @@
|
|||
#include "nsIDOMWindowInternal.h"
|
||||
#include "nsIChannel.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsXBLAtoms.h"
|
||||
#include "nsXMLPrettyPrinter.h"
|
||||
|
||||
|
@ -718,6 +716,7 @@ nsXMLContentSink::ProcessBASETag(nsIContent* aContent)
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
|
|
@ -76,9 +76,8 @@
|
|||
#include "nsICharsetAlias.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsDOMError.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsLayoutCID.h"
|
||||
#include "nsDOMAttribute.h"
|
||||
#include "nsGUIEvent.h"
|
||||
|
@ -332,21 +331,7 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
|
|||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> newCodebase;
|
||||
rv = secMan->GetCodebasePrincipal(newLocation,
|
||||
getter_AddRefs(newCodebase));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
|
||||
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
rv = agg->SetCodebase(newCodebase);
|
||||
|
||||
return rv;
|
||||
return secMan->GetCodebasePrincipal(newLocation, getter_AddRefs(mPrincipal));
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
|
|
@ -68,7 +68,7 @@
|
|||
#include "nsDOMError.h"
|
||||
#include "nsIBoxObject.h"
|
||||
#include "nsIChromeRegistry.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIContentSink.h" // for NS_CONTENT_ID_COUNTER_BASE
|
||||
#include "nsIScrollableView.h"
|
||||
#include "nsIContentViewer.h"
|
||||
|
@ -684,9 +684,9 @@ nsXULDocument::GetPrincipal(nsIPrincipal **aPrincipal)
|
|||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsXULDocument::AddPrincipal(nsIPrincipal *aPrincipal)
|
||||
nsXULDocument::SetPrincipal(nsIPrincipal *aPrincipal)
|
||||
{
|
||||
NS_NOTREACHED("AddPrincipal");
|
||||
NS_NOTREACHED("SetPrincipal");
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ public:
|
|||
|
||||
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal);
|
||||
|
||||
NS_IMETHOD AddPrincipal(nsIPrincipal *aPrincipal);
|
||||
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal);
|
||||
|
||||
NS_IMETHOD SetContentType(const nsAString& aContentType);
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
#include "nsIHttpEventSink.h"
|
||||
#include "nsIUploadChannel.h"
|
||||
#include "nsISecurityEventSink.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsDocumentCharsetInfoCID.h"
|
||||
#include "nsICanvasFrame.h"
|
||||
#include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...)
|
||||
|
@ -106,7 +106,6 @@
|
|||
#include "nsIWyciwygChannel.h"
|
||||
|
||||
// The following are for bug #13871: Prevent frameset spoofing
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIHTMLDocument.h"
|
||||
|
||||
// For reporting errors with the console service.
|
||||
|
@ -957,11 +956,8 @@ PRBool ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem, nsIDocShellTreeItem*
|
|||
rv = targetDocument->GetPrincipal(getter_AddRefs(targetPrincipal));
|
||||
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipal, rv);
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> targetCodebasePrincipal(do_QueryInterface(targetPrincipal));
|
||||
NS_ENSURE_TRUE(targetCodebasePrincipal, PR_TRUE);
|
||||
|
||||
nsCOMPtr<nsIURI> targetPrincipalURI;
|
||||
rv = targetCodebasePrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
|
||||
rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
|
||||
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE);
|
||||
|
||||
// Find out if document.domain was set for HTML documents
|
||||
|
|
|
@ -73,7 +73,6 @@
|
|||
#include "nsIWidget.h"
|
||||
#include "nsIBaseWindow.h"
|
||||
#include "nsICharsetConverterManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIContent.h"
|
||||
#include "nsIWebBrowserPrint.h"
|
||||
#include "nsIContentViewerEdit.h"
|
||||
|
@ -4648,12 +4647,13 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl,
|
|||
if (sSecMan) {
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
nsCOMPtr<nsICodebasePrincipal> codebasePrin(do_QueryInterface(principal));
|
||||
if (codebasePrin) {
|
||||
if (principal) {
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
codebasePrin->GetURI(getter_AddRefs(subjectURI));
|
||||
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
|
||||
domReturnPrivate->SetOpenerScriptURL(subjectURI);
|
||||
principal->GetURI(getter_AddRefs(subjectURI));
|
||||
if (subjectURI) {
|
||||
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
|
||||
domReturnPrivate->SetOpenerScriptURL(subjectURI);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -704,7 +704,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
|
|||
JSPrincipals *jsprin;
|
||||
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
|
||||
if (aPrincipal) {
|
||||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
aPrincipal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIScriptGlobalObject> global;
|
||||
|
@ -717,7 +717,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
|
|||
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
principal->GetJSPrincipals(&jsprin);
|
||||
principal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
|
||||
|
||||
|
@ -882,7 +882,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
|
|||
JSPrincipals *jsprin;
|
||||
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
|
||||
if (aPrincipal) {
|
||||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
aPrincipal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIScriptGlobalObject> global;
|
||||
|
@ -895,7 +895,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
|
|||
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
principal->GetJSPrincipals(&jsprin);
|
||||
principal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
|
||||
|
||||
|
@ -995,7 +995,7 @@ nsJSContext::CompileScript(const PRUnichar* aText,
|
|||
aScopeObject = ::JS_GetGlobalObject(mContext);
|
||||
|
||||
JSPrincipals *jsprin;
|
||||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
aPrincipal->GetJsPrincipals(&jsprin);
|
||||
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
|
||||
|
||||
PRBool ok = PR_FALSE;
|
||||
|
@ -1169,7 +1169,7 @@ nsJSContext::CompileEventHandler(void *aTarget, nsIAtom *aName,
|
|||
getter_AddRefs(prin));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
prin->GetJSPrincipals(&jsprin);
|
||||
prin->GetJsPrincipals(&jsprin);
|
||||
NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE);
|
||||
}
|
||||
|
||||
|
@ -1222,7 +1222,7 @@ nsJSContext::CompileFunction(void* aTarget,
|
|||
nsCOMPtr<nsIPrincipal> prin;
|
||||
if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(prin))))
|
||||
return NS_ERROR_FAILURE;
|
||||
prin->GetJSPrincipals(&jsprin);
|
||||
prin->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -58,7 +58,6 @@
|
|||
#include "nsEscape.h"
|
||||
#include "nsJSUtils.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIDOMWindow.h"
|
||||
#include "nsIDOMDocument.h"
|
||||
#include "nsIDocument.h"
|
||||
|
|
|
@ -55,7 +55,6 @@
|
|||
#include "nsIScriptGlobalObjectOwner.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIInterfaceRequestor.h"
|
||||
#include "nsIInterfaceRequestorUtils.h"
|
||||
#include "nsIStringStream.h"
|
||||
|
@ -230,32 +229,21 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel)
|
|||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
PRBool equals = PR_FALSE;
|
||||
if ((NS_FAILED(objectPrincipal->Equals(principal, &equals)) || !equals)) {
|
||||
// If the principals aren't equal
|
||||
|
||||
nsCOMPtr<nsIPrincipal> systemPrincipal;
|
||||
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
|
||||
if (principal.get() != systemPrincipal.get()) {
|
||||
// and the script to be run does not have the system principal
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal>
|
||||
objectCodebase(do_QueryInterface(objectPrincipal));
|
||||
nsXPIDLCString objectOrigin;
|
||||
rv = objectCodebase->GetOrigin(getter_Copies(objectOrigin));
|
||||
if (PL_strcmp("about:blank", objectOrigin) != 0) {
|
||||
// and the target window is not about:blank, then
|
||||
// don't run the script. Print a message to the console and
|
||||
// return undefined.
|
||||
|
||||
nsCOMPtr<nsIConsoleService>
|
||||
console(do_GetService("@mozilla.org/consoleservice;1"));
|
||||
if (console) {
|
||||
console->LogStringMessage(
|
||||
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
|
||||
}
|
||||
return NS_ERROR_DOM_RETVAL_UNDEFINED;
|
||||
nsCOMPtr<nsIPrincipal> systemPrincipal;
|
||||
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
|
||||
if (principal != systemPrincipal) {
|
||||
rv = securityManager->CheckSameOriginPrincipal(principal,
|
||||
objectPrincipal);
|
||||
if (NS_FAILED(rv)) {
|
||||
nsCOMPtr<nsIConsoleService> console =
|
||||
do_GetService("@mozilla.org/consoleservice;1");
|
||||
if (console) {
|
||||
// XXX Localize me!
|
||||
console->LogStringMessage(
|
||||
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
|
||||
}
|
||||
|
||||
return NS_ERROR_DOM_RETVAL_UNDEFINED;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -300,9 +288,9 @@ nsresult nsJSThunk::BringUpConsole(nsIDOMWindow *aDomWindow)
|
|||
nsresult rv;
|
||||
|
||||
// First, get the Window Mediator service.
|
||||
nsCOMPtr<nsIWindowMediator> windowMediator;
|
||||
nsCOMPtr<nsIWindowMediator> windowMediator =
|
||||
do_GetService(kWindowMediatorCID, &rv);
|
||||
|
||||
windowMediator = do_GetService(kWindowMediatorCID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
// Next, find out whether there's a console already open.
|
||||
|
|
|
@ -404,7 +404,7 @@ MozAxAutoPushJSContext::MozAxAutoPushJSContext(JSContext *cx,
|
|||
if (NS_SUCCEEDED(mPushResult))
|
||||
{
|
||||
JSPrincipals* jsprinc;
|
||||
principal->GetJSPrincipals(&jsprinc);
|
||||
principal->GetJsPrincipals(&jsprinc);
|
||||
|
||||
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
|
||||
jsprinc, "", 0, "", 1);
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
// XPConnect includes
|
||||
#include "nsIXPConnect.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
// XPCOM includes
|
||||
#include "nsIServiceManager.h"
|
||||
|
@ -813,10 +813,7 @@ nsSchemaLoader::GetResolvedURI(const nsAString& aSchemaURI,
|
|||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
|
||||
if (codebase) {
|
||||
codebase->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
principal->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
|
||||
rv = NS_NewURI(aURI, aSchemaURI, nsnull, baseURI);
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
#include "nsIDOMNodeList.h"
|
||||
#include "nsIDOMAttr.h"
|
||||
#include "nsIDOMNamedNodeMap.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURL.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
|
@ -260,13 +260,7 @@ nsWebScriptsAccess::GetCodebaseURI(nsIURI** aCodebase)
|
|||
rv = mSecurityManager->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal, &rv));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = codebase->GetURI(aCodebase);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_OK;
|
||||
return principal->GetURI(aCodebase);
|
||||
}
|
||||
|
||||
nsresult
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
#include "nsIURI.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIVariant.h"
|
||||
#include "nsString.h"
|
||||
#include "nsSOAPUtils.h"
|
||||
|
@ -57,7 +57,6 @@
|
|||
#include "nsIWebScriptsAccessService.h"
|
||||
#include "nsMemory.h"
|
||||
#include "nsIDocument.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
|
||||
nsHTTPSOAPTransport::nsHTTPSOAPTransport()
|
||||
{
|
||||
|
@ -93,9 +92,9 @@ static NS_NAMED_LITERAL_STRING(kAnyURISchemaType, "anyURI");
|
|||
|
||||
/**
|
||||
* This method will replace the target document's
|
||||
* codebase pricipal with the subject codebase to
|
||||
* override cross domain checks. So use caution
|
||||
* because this might lead to serious security breech
|
||||
* codebase principal with the subject codebase to
|
||||
* override cross-domain checks. So use caution
|
||||
* because this might lead to a serious security breach
|
||||
* if misused.
|
||||
* @param aDocument - The target/response document.
|
||||
*/
|
||||
|
@ -121,25 +120,8 @@ nsresult ChangePrincipal(nsIDOMDocument* aDocument)
|
|||
if (NS_FAILED(rv)) {
|
||||
nsCOMPtr<nsIPrincipal> subjectPrincipal;
|
||||
rv = secMgr->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> subjectAgg =
|
||||
do_QueryInterface(subjectPrincipal, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> subjectCodebase;
|
||||
rv = subjectAgg->GetOriginalCodebase(getter_AddRefs(subjectCodebase));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> targetPrincipal;
|
||||
rv = targetDoc->GetPrincipal(getter_AddRefs(targetPrincipal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> targetAgg =
|
||||
do_QueryInterface(targetPrincipal, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = targetAgg->SetCodebase(subjectCodebase);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
targetDoc->SetPrincipal(subjectPrincipal);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -216,24 +198,20 @@ static nsresult GetTransportURI(nsISOAPCall * aCall, nsAString & aURI)
|
|||
"SOAP_INVOKE_VERIFY_PRINCIPAL",
|
||||
"Source-verified message cannot be sent without principal.");
|
||||
}
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal,&rc);
|
||||
if (NS_FAILED(rc))
|
||||
return rc;
|
||||
|
||||
if (!codebase) {
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
principal->GetURI(getter_AddRefs(uri));
|
||||
if (!uri) {
|
||||
return SOAP_EXCEPTION(NS_ERROR_FAILURE,
|
||||
"SOAP_INVOKE_VERIFY_CODEBASE",
|
||||
"Source-verified message cannot be sent without codebase.");
|
||||
"SOAP_INVOKE_VERIFY_URI",
|
||||
"Source-verified message cannot be sent without URI.");
|
||||
}
|
||||
|
||||
char* str;
|
||||
|
||||
rc = codebase->GetSpec(&str);
|
||||
nsCAutoString spec;
|
||||
rc = uri->GetSpec(spec);
|
||||
if (NS_FAILED(rc))
|
||||
return rc;
|
||||
CopyASCIItoUCS2(nsDependentCString(str), sourceURI);
|
||||
nsMemory::Free(str);
|
||||
|
||||
CopyASCIItoUCS2(spec, sourceURI);
|
||||
}
|
||||
|
||||
// Adding a header to tell the server that it must understand and verify the source of the call
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
// XPConnect includes
|
||||
#include "nsIXPConnect.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
// XPCOM includes
|
||||
#include "nsIServiceManager.h"
|
||||
|
@ -218,10 +218,7 @@ nsWSDLLoader::GetResolvedURI(const nsAString& aWSDLURI, const char* aMethod,
|
|||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
|
||||
if (codebase) {
|
||||
codebase->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
principal->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
|
||||
rv = NS_NewURI(aURI, aWSDLURI, nsnull, baseURI);
|
||||
|
|
|
@ -50,7 +50,6 @@
|
|||
|
||||
#include "nsIJSContextStack.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
|
||||
nsDOMSerializer::nsDOMSerializer()
|
||||
|
@ -156,11 +155,8 @@ nsresult CheckSameOrigin(nsIDOMNode *aRoot)
|
|||
|
||||
doc->GetPrincipal(getter_AddRefs(principal));
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase_principal =
|
||||
do_QueryInterface(principal);
|
||||
|
||||
if (codebase_principal) {
|
||||
codebase_principal->GetURI(getter_AddRefs(root_uri));
|
||||
if (principal) {
|
||||
principal->GetURI(getter_AddRefs(root_uri));
|
||||
}
|
||||
|
||||
if (root_uri) {
|
||||
|
|
|
@ -210,7 +210,7 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports,
|
|||
if (!hasScript)
|
||||
{
|
||||
JSPrincipals* jsprinc;
|
||||
principal->GetJSPrincipals(&jsprinc);
|
||||
principal->GetJsPrincipals(&jsprinc);
|
||||
|
||||
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
|
||||
jsprinc, "", 0, "", 1);
|
||||
|
|
|
@ -269,7 +269,7 @@ EvalInSandbox(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
|
|||
NS_FAILED(secman->GetCodebasePrincipal(iURL,
|
||||
getter_AddRefs(principal))) ||
|
||||
!principal ||
|
||||
NS_FAILED(principal->GetJSPrincipals(&jsPrincipals)) ||
|
||||
NS_FAILED(principal->GetJsPrincipals(&jsPrincipals)) ||
|
||||
!jsPrincipals) {
|
||||
JS_ReportError(cx, "Can't get principals for evalInSandbox");
|
||||
return JS_FALSE;
|
||||
|
@ -997,7 +997,7 @@ mozJSComponentLoader::GlobalForLocation(const char *aLocation,
|
|||
nsCOMPtr<nsIScriptObjectPrincipal> backstagePass =
|
||||
new BackstagePass(mSystemPrincipal);
|
||||
|
||||
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
|
||||
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
|
||||
if (NS_FAILED(rv) || !jsPrincipals)
|
||||
return nsnull;
|
||||
|
||||
|
|
|
@ -299,7 +299,7 @@ mozJSSubScriptLoader::LoadSubScript (const PRUnichar * /*url*/
|
|||
/* we can't hold onto jsPrincipals as a module var because the
|
||||
* JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the
|
||||
* destructor */
|
||||
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
|
||||
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
|
||||
if (NS_FAILED(rv) || !jsPrincipals) {
|
||||
delete[] buf;
|
||||
return rv;
|
||||
|
|
|
@ -76,7 +76,6 @@
|
|||
#include "nsLayoutAtoms.h"
|
||||
#include "nsIChromeEventHandler.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsIScrollable.h"
|
||||
#include "nsINameSpaceManager.h"
|
||||
|
|
|
@ -76,7 +76,6 @@
|
|||
#include "nsLayoutAtoms.h"
|
||||
#include "nsIChromeEventHandler.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsIScrollable.h"
|
||||
#include "nsINameSpaceManager.h"
|
||||
|
|
|
@ -22,12 +22,11 @@
|
|||
#include "nsMimeTypes.h"
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIFileURL.h"
|
||||
#include "nsIJAR.h"
|
||||
|
||||
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
|
||||
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
@ -419,24 +418,19 @@ nsJARChannel::GetOwner(nsISupports **result)
|
|||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
if (cert) {
|
||||
// Get the codebase principal
|
||||
nsXPIDLCString certID;
|
||||
rv = cert->GetCertificateID(getter_Copies(certID));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(kScriptSecurityManagerCID, &rv);
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> codebase;
|
||||
rv = secMan->GetCodebasePrincipal(mJarBaseURI,
|
||||
getter_AddRefs(codebase));
|
||||
rv = secMan->GetCertificatePrincipal(certID, mJarBaseURI,
|
||||
getter_AddRefs(cert));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
// Join the certificate and the codebase
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = agg->SetCodebase(codebase);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
mOwner = do_QueryInterface(agg, &rv);
|
||||
mOwner = do_QueryInterface(cert, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
NS_ADDREF(*result = mOwner);
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
#include "nsString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIStringBundle.h"
|
||||
#include "prefapi.h"
|
||||
#include "prmem.h"
|
||||
|
@ -68,8 +68,6 @@ struct PrefCallbackData {
|
|||
};
|
||||
|
||||
|
||||
static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
|
||||
|
||||
// Prototypes
|
||||
PR_STATIC_CALLBACK(PLDHashOperator)
|
||||
pref_enumChild(PLDHashTable *table, PLDHashEntryHdr *heh,
|
||||
|
@ -843,7 +841,8 @@ nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **
|
|||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(kSecurityManagerCID, &rv);
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
|
|
@ -45,7 +45,6 @@
|
|||
#include "nsIServiceManager.h"
|
||||
#include "nsIJSContextStack.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIScriptContext.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptObjectPrincipal.h"
|
||||
|
@ -70,9 +69,7 @@ static nsresult getScriptCodebase(JSContext* cx, nsIURI* *result)
|
|||
nsCOMPtr<nsIPrincipal> principal;
|
||||
scriptObjectPrincipal->GetPrincipal(getter_AddRefs(principal));
|
||||
if (principal) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebasePrincipal = do_QueryInterface(principal);
|
||||
if (codebasePrincipal)
|
||||
return codebasePrincipal->GetURI(result);
|
||||
return principal->GetURI(result);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -352,7 +352,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
|
|||
rv = ssm->GetCodebasePrincipal(codebaseURI, getter_AddRefs(principal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
JSPrincipals* jsprincipals;
|
||||
principal->GetJSPrincipals(&jsprincipals);
|
||||
principal->GetJsPrincipals(&jsprincipals);
|
||||
return jsprincipals;
|
||||
}
|
||||
}
|
||||
|
@ -362,7 +362,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
|
|||
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(credentials);
|
||||
if (principal) {
|
||||
JSPrincipals* jsprincipals;
|
||||
principal->GetJSPrincipals(&jsprincipals);
|
||||
principal->GetJsPrincipals(&jsprincipals);
|
||||
return jsprincipals;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -53,12 +53,7 @@
|
|||
|
||||
// For GetOrigin()
|
||||
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "nsSystemPrincipal.h"
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsIScriptObjectPrincipal.h"
|
||||
|
@ -135,39 +130,27 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen)
|
|||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(m_pPrincipal);
|
||||
if (!codebase)
|
||||
nsXPIDLCString origin;
|
||||
m_pPrincipal->GetOrigin(getter_Copies(origin));
|
||||
|
||||
PRInt32 originlen = origin.Length();
|
||||
if (origin.IsEmpty() || originlen > buflen - 1) {
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
char* origin=nsnull;
|
||||
codebase->GetOrigin(&origin);
|
||||
|
||||
if (origin) {
|
||||
PRInt32 originlen = (PRInt32) strlen(origin);
|
||||
if (!buf || buflen<=originlen) {
|
||||
if (origin) {
|
||||
nsCRT::free(origin);
|
||||
}
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
// Copy the string into to user supplied buffer. Is there a better
|
||||
// way to do this?
|
||||
|
||||
memcpy(buf,origin,originlen);
|
||||
buf[originlen]=nsnull; // Gotta terminate it.
|
||||
nsCRT::free(origin);
|
||||
} else {
|
||||
*buf = nsnull;
|
||||
}
|
||||
|
||||
// Copy the string into to user supplied buffer. Is there a better
|
||||
// way to do this?
|
||||
|
||||
memcpy(buf, origin, originlen);
|
||||
buf[originlen] = nsnull; // Gotta terminate it.
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_METHOD
|
||||
nsCSecurityContext::GetCertificateID(char* buf, int buflen)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> principal = NULL;
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
|
||||
// Get the Script Security Manager.
|
||||
|
||||
|
@ -176,28 +159,22 @@ nsCSecurityContext::GetCertificateID(char* buf, int buflen)
|
|||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv) || !secMan) return NS_ERROR_FAILURE;
|
||||
|
||||
|
||||
secMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
nsCOMPtr<nsICertificatePrincipal> cprincipal = do_QueryInterface(principal);
|
||||
if (!cprincipal)
|
||||
if (!principal) {
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
char* certificate = nsnull;
|
||||
cprincipal->GetCertificateID(&certificate);
|
||||
|
||||
if (certificate) {
|
||||
PRInt32 certlen = (PRInt32) strlen(certificate);
|
||||
if( buflen<=certlen ) {
|
||||
nsCRT::free(certificate);
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
memcpy(buf,certificate,certlen);
|
||||
buf[certlen]=nsnull;
|
||||
nsCRT::free(certificate);
|
||||
} else {
|
||||
*buf = nsnull;
|
||||
}
|
||||
|
||||
nsXPIDLCString certificate;
|
||||
principal->GetCertificateID(getter_Copies(certificate));
|
||||
|
||||
PRInt32 certlen = certificate.Length();
|
||||
if (buflen <= certlen) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
memcpy(buf, certificate.get(), certlen);
|
||||
buf[certlen] = nsnull;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -68,14 +68,10 @@
|
|||
#include "nspr.h"
|
||||
#include "plstr.h"
|
||||
#include "nsCOMPtr.h"
|
||||
//#include "nsJSPrincipals.h"
|
||||
//#include "nsSystemPrincipal.h"
|
||||
//#include "nsCodebasePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
|
||||
//#include "nsScriptSecurityManager.h"
|
||||
|
||||
extern "C" int XP_PROGRESS_STARTING_JAVA;
|
||||
extern "C" int XP_PROGRESS_STARTING_JAVA_DONE;
|
||||
|
@ -956,7 +952,7 @@ nsJVMManager::IsAllPermissionGranted(
|
|||
{
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
nsIPrincipal* pIPrincipal = NULL;
|
||||
nsCOMPtr<nsIPrincipal> pIPrincipal;
|
||||
|
||||
// Get the Script Security Manager.
|
||||
|
||||
|
@ -968,18 +964,12 @@ nsJVMManager::IsAllPermissionGranted(
|
|||
// The fingerprint is a one way hash of this certificate. It is used
|
||||
// as the key to store the principal in the principal database.
|
||||
|
||||
rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal);
|
||||
rv = secMan->GetCertificatePrincipal(lastFP, nsnull,
|
||||
getter_AddRefs(pIPrincipal));
|
||||
if (NS_FAILED(rv)) return PR_FALSE;
|
||||
|
||||
// Get the nsICertificatePrincipal interface so that we can set the
|
||||
// common name. The common name is a user meaningful string.
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> pICertificate = do_QueryInterface(pIPrincipal, &rv);
|
||||
if (NS_FAILED(rv) || !pICertificate) return PR_FALSE;
|
||||
|
||||
// Set the common name.
|
||||
|
||||
rv = pICertificate->SetCommonName(lastCN);
|
||||
rv = pIPrincipal->SetCommonName(lastCN);
|
||||
|
||||
PRInt16 ret;
|
||||
|
||||
|
|
|
@ -22,12 +22,11 @@
|
|||
#include "nsMimeTypes.h"
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIFileURL.h"
|
||||
#include "nsIJAR.h"
|
||||
|
||||
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
|
||||
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
@ -419,24 +418,19 @@ nsJARChannel::GetOwner(nsISupports **result)
|
|||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
if (cert) {
|
||||
// Get the codebase principal
|
||||
nsXPIDLCString certID;
|
||||
rv = cert->GetCertificateID(getter_Copies(certID));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(kScriptSecurityManagerCID, &rv);
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> codebase;
|
||||
rv = secMan->GetCodebasePrincipal(mJarBaseURI,
|
||||
getter_AddRefs(codebase));
|
||||
rv = secMan->GetCertificatePrincipal(certID, mJarBaseURI,
|
||||
getter_AddRefs(cert));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
// Join the certificate and the codebase
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = agg->SetCodebase(codebase);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
mOwner = do_QueryInterface(agg, &rv);
|
||||
mOwner = do_QueryInterface(cert, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
NS_ADDREF(*result = mOwner);
|
||||
|
|
|
@ -47,12 +47,12 @@
|
|||
#include "nsIPrompt.h"
|
||||
#include "nsIFilePicker.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsIGenKeypairInfoDlg.h"
|
||||
#include "nsIDOMCryptoDialogs.h"
|
||||
#include "jsapi.h"
|
||||
#include "jsdbgapi.h"
|
||||
#include <ctype.h>
|
||||
#include "nsReadableUtils.h"
|
||||
#include "pk11func.h"
|
||||
|
@ -1788,7 +1788,7 @@ nsCryptoRunnable::Run()
|
|||
nsNSSShutDownPreventionLock locker;
|
||||
JSPrincipals *principals;
|
||||
|
||||
nsresult rv = m_args->m_principals->GetJSPrincipals(&principals);
|
||||
nsresult rv = m_args->m_principals->GetJsPrincipals(&principals);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@
|
|||
#include "nsIWindowWatcher.h"
|
||||
#include "nsIPrompt.h"
|
||||
#include "nsProxiedService.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsIDateTimeFormat.h"
|
||||
#include "prtypes.h"
|
||||
|
@ -1458,17 +1458,19 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
|
|||
rv2 = pCert->GetSha1Fingerprint(fingerprint);
|
||||
NS_LossyConvertUCS2toASCII fingerprintStr(fingerprint);
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), aPrincipal);
|
||||
if (NS_FAILED(rv2) || !*aPrincipal) return rv2;
|
||||
nsCOMPtr<nsIPrincipal> certPrincipal;
|
||||
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), nsnull,
|
||||
getter_AddRefs(certPrincipal));
|
||||
if (NS_FAILED(rv2) || !certPrincipal) return rv2;
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certPrincipal = do_QueryInterface(*aPrincipal, &rv2);
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
nsAutoString orgName;
|
||||
rv2 = pCert->GetOrganization(orgName);
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
NS_LossyConvertUCS2toASCII orgNameStr(orgName);
|
||||
rv2 = certPrincipal->SetCommonName(orgNameStr.get());
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
|
||||
*aPrincipal = certPrincipal;
|
||||
}
|
||||
|
||||
if (p7_info) {
|
||||
|
|
|
@ -42,6 +42,10 @@
|
|||
#include "nsIServiceManager.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
#include "nsIInputStream.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsPICertNotification.h"
|
||||
|
||||
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
|
|
|
@ -36,11 +36,12 @@
|
|||
#include "nsCOMPtr.h"
|
||||
#include "nsIStreamListener.h"
|
||||
#include "nsString.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsPICertNotification.h"
|
||||
|
||||
class nsISignatureVerifier;
|
||||
class nsIPrincipal;
|
||||
class nsIURI;
|
||||
class nsPICertNotification;
|
||||
|
||||
|
||||
class CertReader : public nsIStreamListener
|
||||
{
|
||||
|
|
|
@ -55,7 +55,6 @@
|
|||
|
||||
#include "nsIJAR.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
|
||||
static NS_DEFINE_CID(kSoftwareUpdateCID, NS_SoftwareUpdate_CID);
|
||||
static NS_DEFINE_CID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
|
||||
|
@ -82,8 +81,9 @@ nsresult VerifySigning(nsIZipReader* hZip, nsIPrincipal* aPrincipal)
|
|||
if (!aPrincipal)
|
||||
return NS_OK; // not signed, but not an error
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
|
||||
if (!cp)
|
||||
PRBool hasCert;
|
||||
aPrincipal->GetHasCertificate(&hasCert);
|
||||
if (!hasCert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIJAR> jar(do_QueryInterface(hZip));
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/*
|
||||
* The contents of this file are subject to the Netscape Public
|
||||
* License Version 1.1 (the "License"); you may not use this file
|
||||
|
@ -27,7 +27,6 @@
|
|||
#include "nsDebug.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsIEventQueueService.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
|
||||
static NS_DEFINE_IID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
|
||||
|
||||
|
@ -93,15 +92,24 @@ PRBool nsXPITriggerItem::IsRelativeURL()
|
|||
void
|
||||
nsXPITriggerItem::SetPrincipal(nsIPrincipal* aPrincipal)
|
||||
{
|
||||
mPrincipal = aPrincipal;
|
||||
mPrincipal = aPrincipal;
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
|
||||
if (cp) {
|
||||
nsXPIDLCString cName;
|
||||
cp->GetCommonName(getter_Copies(cName));
|
||||
mCertName = NS_ConvertUTF8toUCS2(cName);
|
||||
}
|
||||
// aPrincipal can be null for various failure cases.
|
||||
// see bug 213894 for an example.
|
||||
// nsXPInstallManager::OnCertAvailable can be called with a null principal
|
||||
// and it can also force a null principal.
|
||||
if (!aPrincipal)
|
||||
return;
|
||||
|
||||
PRBool hasCert;
|
||||
aPrincipal->GetHasCertificate(&hasCert);
|
||||
if (hasCert) {
|
||||
nsXPIDLCString cName;
|
||||
aPrincipal->GetCommonName(getter_Copies(cName));
|
||||
mCertName = NS_ConvertUTF8toUCS2(cName);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// nsXPITriggerInfo
|
||||
//
|
||||
|
|
Загрузка…
Ссылка в новой задаче