diff --git a/caps/idl/nsIPrincipal.idl b/caps/idl/nsIPrincipal.idl index d949eaf2bae..91f940b00d0 100644 --- a/caps/idl/nsIPrincipal.idl +++ b/caps/idl/nsIPrincipal.idl @@ -51,7 +51,7 @@ interface nsIURI; [ptr] native JSContext(JSContext); [ptr] native JSPrincipals(JSPrincipals); -[scriptable, uuid(fb9ddeb9-26f9-46b8-85d5-3978aaee05aa)] +[scriptable, uuid(635c413b-47c3-4ee1-87c8-e7919cc65f5a)] interface nsIPrincipal : nsISerializable { /** @@ -71,12 +71,14 @@ interface nsIPrincipal : nsISerializable * fingerprint or the origin. subjectName is a name that identifies the * entity this principal represents (may be empty). grantedList and * deniedList are space-separated lists of capabilities which were - * explicitly granted or denied by a pref. + * explicitly granted or denied by a pref. isTrusted is a boolean that + * indicates whether this is a codebaseTrusted certificate. */ [noscript] void getPreferences(out string prefBranch, out string id, out string subjectName, out string grantedList, - out string deniedList); + out string deniedList, + out boolean isTrusted); /** * Returns whether the other principal is equivalent to this principal. diff --git a/caps/src/nsNullPrincipal.cpp b/caps/src/nsNullPrincipal.cpp index fa19758e7c3..69795823d4d 100644 --- a/caps/src/nsNullPrincipal.cpp +++ b/caps/src/nsNullPrincipal.cpp @@ -139,7 +139,8 @@ nsNullPrincipal::Init() NS_IMETHODIMP nsNullPrincipal::GetPreferences(char** aPrefName, char** aID, char** aSubjectName, - char** aGrantedList, char** aDeniedList) + char** aGrantedList, char** aDeniedList, + PRBool* aIsTrusted) { // The null principal should never be written to preferences. *aPrefName = nsnull; @@ -147,6 +148,7 @@ nsNullPrincipal::GetPreferences(char** aPrefName, char** aID, *aSubjectName = nsnull; *aGrantedList = nsnull; *aDeniedList = nsnull; + *aIsTrusted = PR_FALSE; return NS_ERROR_FAILURE; } diff --git a/caps/src/nsPrincipal.cpp b/caps/src/nsPrincipal.cpp index 1469ce54f80..afc5c760c2c 100755 --- a/caps/src/nsPrincipal.cpp +++ b/caps/src/nsPrincipal.cpp @@ -730,7 +730,8 @@ AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr) NS_IMETHODIMP nsPrincipal::GetPreferences(char** aPrefName, char** aID, char** aSubjectName, - char** aGrantedList, char** aDeniedList) + char** aGrantedList, char** aDeniedList, + PRBool* aIsTrusted) { if (mPrefName.IsEmpty()) { if (mCert) { @@ -749,6 +750,7 @@ nsPrincipal::GetPreferences(char** aPrefName, char** aID, *aSubjectName = nsnull; *aGrantedList = nsnull; *aDeniedList = nsnull; + *aIsTrusted = mTrusted; char *prefName = nsnull; char *id = nsnull; diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp index 4081e0c198c..1abd4729a4f 100644 --- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -1853,13 +1853,17 @@ nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFinger nsXPIDLCString subjectName; nsXPIDLCString granted; nsXPIDLCString denied; + PRBool isTrusted; rv = fromTable->GetPreferences(getter_Copies(prefName), getter_Copies(id), getter_Copies(subjectName), getter_Copies(granted), - getter_Copies(denied)); + getter_Copies(denied), + &isTrusted); // XXXbz assert something about subjectName and aSubjectName here? if (NS_SUCCEEDED(rv)) { + NS_ASSERTION(!isTrusted, "Shouldn't have isTrusted true here"); + certificate = new nsPrincipal(); if (!certificate) return NS_ERROR_OUT_OF_MEMORY; @@ -1869,8 +1873,10 @@ nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFinger granted, denied, aCertificate, PR_TRUE, PR_FALSE); - if (NS_SUCCEEDED(rv)) - certificate->SetURI(aURI); + if (NS_FAILED(rv)) + return rv; + + certificate->SetURI(aURI); } } } @@ -1922,10 +1928,15 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI, //-- Check to see if we already have this principal. nsCOMPtr fromTable; mPrincipals.Get(principal, getter_AddRefs(fromTable)); - if (fromTable) - principal = fromTable; - else //-- Check to see if we have a more general principal + if (!fromTable) { + //-- Check to see if we have a more general principal + + // XXXbz if only GetOrigin returned a URI! Or better yet if the + // HashKey function on principals were smarter. As it is, we can + // have cases where two principals will have different hashkeys but + // test equal via KeyEquals, which is absolutely silly. That's + // what we're working around here. nsXPIDLCString originUrl; rv = principal->GetOrigin(getter_Copies(originUrl)); if (NS_FAILED(rv)) return rv; @@ -1936,8 +1947,44 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI, rv = CreateCodebasePrincipal(newURI, getter_AddRefs(principal2)); if (NS_FAILED(rv)) return rv; mPrincipals.Get(principal2, getter_AddRefs(fromTable)); - if (fromTable) - principal = fromTable; + } + + if (fromTable) { + // We found an existing codebase principal. But it might have a + // generic codebase for this origin on it. Install our particular + // codebase. + // XXXbz this is kinda similar to the code in + // GetCertificatePrincipal, but just ever so slightly different. + // Oh, well. + nsXPIDLCString prefName; + nsXPIDLCString id; + nsXPIDLCString subjectName; + nsXPIDLCString granted; + nsXPIDLCString denied; + PRBool isTrusted; + rv = fromTable->GetPreferences(getter_Copies(prefName), + getter_Copies(id), + getter_Copies(subjectName), + getter_Copies(granted), + getter_Copies(denied), + &isTrusted); + if (NS_SUCCEEDED(rv)) { + nsRefPtr codebase = new nsPrincipal(); + if (!codebase) + return NS_ERROR_OUT_OF_MEMORY; + + rv = codebase->InitFromPersistent(prefName, id, + subjectName, EmptyCString(), + granted, denied, + nsnull, PR_FALSE, + isTrusted); + if (NS_FAILED(rv)) + return rv; + + codebase->SetURI(aURI); + principal = codebase; + } + } } @@ -2235,11 +2282,13 @@ nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave) nsXPIDLCString subjectName; nsXPIDLCString grantedList; nsXPIDLCString deniedList; + PRBool isTrusted; nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName), getter_Copies(id), getter_Copies(subjectName), getter_Copies(grantedList), - getter_Copies(deniedList)); + getter_Copies(deniedList), + &isTrusted); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; nsCAutoString grantedPrefName; diff --git a/caps/src/nsSystemPrincipal.cpp b/caps/src/nsSystemPrincipal.cpp index f3bb1185349..47bbfb1afac 100644 --- a/caps/src/nsSystemPrincipal.cpp +++ b/caps/src/nsSystemPrincipal.cpp @@ -87,7 +87,8 @@ nsSystemPrincipal::Release() NS_IMETHODIMP nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID, char** aSubjectName, - char** aGrantedList, char** aDeniedList) + char** aGrantedList, char** aDeniedList, + PRBool* aIsTrusted) { // The system principal should never be streamed out *aPrefName = nsnull; @@ -95,6 +96,7 @@ nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID, *aSubjectName = nsnull; *aGrantedList = nsnull; *aDeniedList = nsnull; + *aIsTrusted = PR_FALSE; return NS_ERROR_FAILURE; }