Bug 1597704 - Move is OriginPotentially Trustworthy into Principal r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D53830 --HG-- extra : moz-landing-system : lando
2019-12-05 16:04:53 +00:00 · 2019-12-05 16:04:53 +00:00 · 7809758d00
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@ -24,6 +24,7 @@
 #include "mozilla/dom/BlobURLProtocolHandler.h"
 #include "mozilla/dom/ChromeUtils.h"
 #include "mozilla/dom/ToJSValue.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"

 #include "json/json.h"
 #include "nsSerializationHelper.h"
@ -500,6 +501,21 @@ BasePrincipal::IsURIInPrefList(const char* aPref, bool* aResult) {
  return NS_OK;
 }

+NS_IMETHODIMP
+BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
+  MOZ_ASSERT(NS_IsMainThread());
+  *aResult = false;
+
+  nsCOMPtr<nsIURI> uri;
+  nsresult rv = GetURI(getter_AddRefs(uri));
+  if (NS_FAILED(rv) || !uri) {
+    return NS_OK;
+  }
+
+  *aResult = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 BasePrincipal::GetAboutModuleFlags(uint32_t* flags) {
  *flags = 0;
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@ -133,6 +133,7 @@ class BasePrincipal : public nsJSPrincipals {
  NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override;
  NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;
  NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override;
+  NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;

  nsresult ToJSON(nsACString& aJSON);
  static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
--- a/caps/NullPrincipal.cpp
+++ b/caps/NullPrincipal.cpp
@ -136,6 +136,11 @@ NullPrincipal::GetURI(nsIURI** aURI) {
  uri.forget(aURI);
  return NS_OK;
 }
+NS_IMETHODIMP
+NullPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
+  *aResult = false;
+  return NS_OK;
+}

 NS_IMETHODIMP
 NullPrincipal::GetDomain(nsIURI** aDomain) {
--- a/caps/NullPrincipal.h
+++ b/caps/NullPrincipal.h
@ -51,6 +51,7 @@ class NullPrincipal final : public BasePrincipal {
  NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
  uint32_t GetHashValue() override;
  NS_IMETHOD GetURI(nsIURI** aURI) override;
+  NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
  NS_IMETHOD GetDomain(nsIURI** aDomain) override;
  NS_IMETHOD SetDomain(nsIURI* aDomain) override;
  NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
--- a/caps/SystemPrincipal.cpp
+++ b/caps/SystemPrincipal.cpp
@ -51,6 +51,12 @@ SystemPrincipal::GetURI(nsIURI** aURI) {
  return NS_OK;
 }

+NS_IMETHODIMP
+SystemPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
+  *aResult = true;
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 SystemPrincipal::GetDomain(nsIURI** aDomain) {
  *aDomain = nullptr;
--- a/caps/SystemPrincipal.h
+++ b/caps/SystemPrincipal.h
@ -44,6 +44,7 @@ class SystemPrincipal final : public BasePrincipal {
  NS_IMETHOD SetDomain(nsIURI* aDomain) override;
  NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
  NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
+  NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;

  virtual nsresult GetScriptLocation(nsACString& aStr) override;

--- a/caps/nsIPrincipal.idl
+++ b/caps/nsIPrincipal.idl
@ -237,6 +237,18 @@ interface nsIPrincipal : nsISerializable
    */
    bool IsURIInPrefList(in string pref);

+    /**
+     * Implementation of
+     * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
+     *
+     * The value returned by this method feeds into the the Secure Context
+     * algorithm that determins the value of Window.isSecureContext and
+     * WorkerGlobalScope.isSecureContext.
+     *
+     * This method returns false instead of throwing upon errors.
+     */ 
+    readonly attribute bool IsOriginPotentiallyTrustworthy;
+
    /**
     * Returns the Flags of the Principals 
     * associated AboutModule, in case there is one.
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -8886,18 +8886,9 @@ bool nsContentUtils::HttpsStateIsModern(Document* aDocument) {

  MOZ_ASSERT(principal->GetIsContentPrincipal());

-  nsCOMPtr<nsIContentSecurityManager> csm =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-  NS_WARNING_ASSERTION(csm, "csm is null");
-  if (csm) {
-    bool isTrustworthyOrigin = false;
-    csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
-    if (isTrustworthyOrigin) {
-      return true;
-    }
-  }
-
-  return false;
+  bool isTrustworthyOrigin = false;
+  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
+  return isTrustworthyOrigin;
 }

 /* static */
@ -8927,15 +8918,9 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
    return false;
  }

-  nsCOMPtr<nsIContentSecurityManager> csm =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-  NS_WARNING_ASSERTION(csm, "csm is null");
-  if (csm) {
-    bool isTrustworthyOrigin = false;
-    csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
-    return isTrustworthyOrigin;
-  }
-  return true;
+  bool isTrustworthyOrigin = false;
+  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
+  return isTrustworthyOrigin;
 }

 /* static */
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@ -1699,18 +1699,9 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument,
    }
  }

-  nsCOMPtr<nsIContentSecurityManager> csm =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-  NS_WARNING_ASSERTION(csm, "csm is null");
-  if (csm) {
-    bool isTrustworthyOrigin = false;
-    csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
-    if (isTrustworthyOrigin) {
-      return true;
-    }
-  }
-
-  return false;
+  bool isTrustworthyOrigin = false;
+  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
+  return isTrustworthyOrigin;
 }

 // We need certain special behavior for remote XUL whitelisted domains, but we
--- a/dom/interfaces/security/nsIContentSecurityManager.idl
+++ b/dom/interfaces/security/nsIContentSecurityManager.idl
@ -42,15 +42,4 @@ interface nsIContentSecurityManager : nsISupports
   nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
                                          in nsIStreamListener aStreamListener);

-  /**
-   * Implementation of
-   * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
-   *
-   * The value returned by this method feeds into the the Secure Context
-   * algorithm that determins the value of Window.isSecureContext and
-   * WorkerGlobalScope.isSecureContext.
-   *
-   * This method returns false instead of throwing upon errors.
-   */
-  boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
 };
--- a/dom/presentation/PresentationRequest.cpp
+++ b/dom/presentation/PresentationRequest.cpp
@ -509,14 +509,8 @@ bool PresentationRequest::IsPrioriAuthenticatedURL(const nsAString& aUrl) {
    return false;
  }

-  nsCOMPtr<nsIContentSecurityManager> csm =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-  if (NS_WARN_IF(!csm)) {
-    return false;
-  }
-
  bool isTrustworthyOrigin = false;
-  csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
+  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
  return isTrustworthyOrigin;
 }

--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@ -1059,30 +1059,3 @@ nsContentSecurityManager::PerformSecurityCheck(
  inAndOutListener.forget(outStreamListener);
  return NS_OK;
 }
-
-NS_IMETHODIMP
-nsContentSecurityManager::IsOriginPotentiallyTrustworthy(
-    nsIPrincipal* aPrincipal, bool* aIsTrustWorthy) {
-  MOZ_ASSERT(NS_IsMainThread());
-  NS_ENSURE_ARG_POINTER(aPrincipal);
-  NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
-
-  if (aPrincipal->IsSystemPrincipal()) {
-    *aIsTrustWorthy = true;
-    return NS_OK;
-  }
-  *aIsTrustWorthy = false;
-  if (aPrincipal->GetIsNullPrincipal()) {
-    return NS_OK;
-  }
-
-  MOZ_ASSERT(aPrincipal->GetIsContentPrincipal(),
-             "Nobody is expected to call us with an nsIExpandedPrincipal");
-
-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
-  NS_ENSURE_SUCCESS(rv, rv);
-  *aIsTrustWorthy = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
-
-  return NS_OK;
-}
--- a/dom/security/test/gtest/TestSecureContext.cpp
+++ b/dom/security/test/gtest/TestSecureContext.cpp
@ -70,8 +70,7 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
    rv = nsScriptSecurityManager::GetScriptSecurityManager()
             ->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
    bool isPotentiallyTrustworthy = false;
-    rv = csManager->IsOriginPotentiallyTrustworthy(prin,
-                                                   &isPotentiallyTrustworthy);
+    rv = prin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
    ASSERT_EQ(NS_OK, rv);
    ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
  }
@ -82,14 +81,10 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithSystemPrincipal)
  RefPtr<nsScriptSecurityManager> ssManager =
      nsScriptSecurityManager::GetScriptSecurityManager();
  ASSERT_TRUE(!!ssManager);
-  nsCOMPtr<nsIContentSecurityManager> csManager =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-  ASSERT_TRUE(!!csManager);
-
  nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal();
  bool isPotentiallyTrustworthy;
-  nsresult rv = csManager->IsOriginPotentiallyTrustworthy(
-      sysPrin, &isPotentiallyTrustworthy);
+  nsresult rv =
+      sysPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
  ASSERT_EQ(rv, NS_OK);
  ASSERT_TRUE(isPotentiallyTrustworthy);
 }
@ -99,15 +94,12 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithNullPrincipal)
  RefPtr<nsScriptSecurityManager> ssManager =
      nsScriptSecurityManager::GetScriptSecurityManager();
  ASSERT_TRUE(!!ssManager);
-  nsCOMPtr<nsIContentSecurityManager> csManager =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-  ASSERT_TRUE(!!csManager);

  RefPtr<NullPrincipal> nullPrin =
      NullPrincipal::CreateWithoutOriginAttributes();
  bool isPotentiallyTrustworthy;
-  nsresult rv = csManager->IsOriginPotentiallyTrustworthy(
-      nullPrin, &isPotentiallyTrustworthy);
+  nsresult rv =
+      nullPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
  ASSERT_EQ(rv, NS_OK);
  ASSERT_TRUE(!isPotentiallyTrustworthy);
 }
--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@ -49,18 +49,12 @@ add_task(async function test_isOriginPotentiallyTrustworthy() {
  ]) {
    let uri = NetUtil.newURI(uriSpec);
    let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
-    Assert.equal(
-      gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
-      expectedResult
-    );
+    Assert.equal(principal.IsOriginPotentiallyTrustworthy, expectedResult);
  }
  // And now let's test whether .onion sites are properly treated when
  // whitelisted, see bug 1382359.
  Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
  let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
  let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
-  Assert.equal(
-    gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
-    true
-  );
+  Assert.equal(principal.IsOriginPotentiallyTrustworthy, true);
 });
--- a/toolkit/components/clearsitedata/ClearSiteData.cpp
+++ b/toolkit/components/clearsitedata/ClearSiteData.cpp
@ -162,11 +162,8 @@ void ClearSiteData::ClearDataFromChannel(nsIHttpChannel* aChannel) {
    return;
  }

-  nsCOMPtr<nsIContentSecurityManager> csm =
-      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
-
  bool secure;
-  rv = csm->IsOriginPotentiallyTrustworthy(principal, &secure);
+  rv = principal->GetIsOriginPotentiallyTrustworthy(&secure);
  if (NS_WARN_IF(NS_FAILED(rv)) || !secure) {
    return;
  }
--- a/toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js
@ -6,16 +6,13 @@

 add_task(
  function test_isOriginPotentiallyTrustworthnsIContentSecurityManagery() {
-    let contentSecManager = Cc[
-      "@mozilla.org/contentsecuritymanager;1"
-    ].getService(Ci.nsIContentSecurityManager);
    let uri = NetUtil.newURI("moz-extension://foobar/something.html");
    let principal = Services.scriptSecurityManager.createContentPrincipal(
      uri,
      {}
    );
    Assert.equal(
-      contentSecManager.isOriginPotentiallyTrustworthy(principal),
+      principal.IsOriginPotentiallyTrustworthy,
      true,
      "it is potentially trustworthy"
    );
--- a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
+++ b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
@ -100,7 +100,7 @@ this.InsecurePasswordUtils = {
      if (uri.schemeIs("http")) {
        isFormSubmitHTTP = true;
        if (
-          gContentSecurityManager.isOriginPotentiallyTrustworthy(principal) ||
+          principal.IsOriginPotentiallyTrustworthy ||
          // Ignore sites with local IP addresses pointing to local forms.
          (this._isPrincipalForLocalIPAddress(
            aForm.rootElement.nodePrincipal