зеркало из https://github.com/mozilla/pjs.git
Bug 83536.
Merge script principal implementations into one class. Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks. Also fixes bugs 211174 and 211263 r=jst@netscape.com sr=bzbarsky@mit.edu moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
This commit is contained in:
Родитель
ef99140d6d
Коммит
9c22160a4b
|
@ -32,9 +32,6 @@ GRE_MODULE = 1
|
|||
XPIDLSRCS = \
|
||||
nsIScriptSecurityManager.idl \
|
||||
nsIPrincipal.idl \
|
||||
nsICodebasePrincipal.idl \
|
||||
nsICertificatePrincipal.idl \
|
||||
nsIAggregatePrincipal.idl \
|
||||
nsISignatureVerifier.idl \
|
||||
nsISecurityCheckedComponent.idl \
|
||||
$(NULL)
|
||||
|
|
|
@ -14,12 +14,14 @@
|
|||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2003
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitchell Stoltz <mstoltz@netscape.com>
|
||||
* Christopher A. Aillon <christopher@aillon.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
|
@ -44,41 +46,109 @@
|
|||
struct JSPrincipals;
|
||||
%}
|
||||
|
||||
interface nsIURI;
|
||||
|
||||
[ptr] native JSPrincipals(JSPrincipals);
|
||||
|
||||
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
|
||||
interface nsIPrincipal : nsISerializable {
|
||||
|
||||
// Values of capabilities for each principal. Order is
|
||||
// significant: if an operation is performed on a set
|
||||
// of capabilities, the minimum is computed.
|
||||
interface nsIPrincipal : nsISerializable
|
||||
{
|
||||
/**
|
||||
* Values of capabilities for each principal. Order is
|
||||
* significant: if an operation is performed on a set
|
||||
* of capabilities, the minimum is computed.
|
||||
*/
|
||||
const short ENABLE_DENIED = 1;
|
||||
const short ENABLE_UNKNOWN = 2;
|
||||
const short ENABLE_WITH_USER_PERMISSION = 3;
|
||||
const short ENABLE_GRANTED = 4;
|
||||
|
||||
string ToString();
|
||||
|
||||
string ToUserVisibleString();
|
||||
|
||||
void GetPreferences(out string prefName, out string id,
|
||||
/**
|
||||
* Returns the security preferences associated with this principal.
|
||||
* prefBranch will be set to the pref branch to which these preferences
|
||||
* pertain. id is a pseudo-unique identifier, pertaining to either the
|
||||
* certificateID or the origin. grantedList and deniedList are
|
||||
* space-separated lists of capabilities which were explicitly granted
|
||||
* or denied by a pref.
|
||||
*/
|
||||
void getPreferences(out string prefBranch, out string id,
|
||||
out string grantedList, out string deniedList);
|
||||
|
||||
boolean Equals(in nsIPrincipal other);
|
||||
/**
|
||||
* Returns whether the other principal is equivalent to this principal.
|
||||
* Principals are considered equal if they are the same principal,
|
||||
* they have the same origin, or have the same certificate ID
|
||||
*/
|
||||
boolean equals(in nsIPrincipal other);
|
||||
|
||||
unsigned long HashValue();
|
||||
/**
|
||||
* Returns a hash value for the principal.
|
||||
*/
|
||||
readonly attribute unsigned long hashValue;
|
||||
|
||||
JSPrincipals GetJSPrincipals();
|
||||
/**
|
||||
* Returns the JS equivalent of the principal.
|
||||
* @see JSPrincipals.h
|
||||
*/
|
||||
readonly attribute JSPrincipals jsPrincipals;
|
||||
|
||||
short CanEnableCapability(in string capability);
|
||||
/**
|
||||
* The domain security policy of the principal.
|
||||
*/
|
||||
// XXXcaa should this be here? The script security manager is the only
|
||||
// thing that should care about this. Wouldn't storing this data in one
|
||||
// of the hashtables in nsScriptSecurityManager be better?
|
||||
attribute voidPtr securityPolicy;
|
||||
|
||||
void SetCanEnableCapability(in string capability, in short canEnable);
|
||||
// XXXcaa probably should be turned into {get|set}CapabilityFlags
|
||||
short canEnableCapability(in string capability);
|
||||
void setCanEnableCapability(in string capability, in short canEnable);
|
||||
boolean isCapabilityEnabled(in string capability, in voidPtr annotation);
|
||||
void enableCapability(in string capability, inout voidPtr annotation);
|
||||
void revertCapability(in string capability, inout voidPtr annotation);
|
||||
void disableCapability(in string capability, inout voidPtr annotation);
|
||||
|
||||
boolean IsCapabilityEnabled(in string capability, in voidPtr annotation);
|
||||
|
||||
void EnableCapability(in string capability, inout voidPtr annotation);
|
||||
/**
|
||||
* The codebase URI to which this principal pertains. This is
|
||||
* generally the document URI. Setting this will reset the domain
|
||||
* to null.
|
||||
*/
|
||||
attribute nsIURI URI;
|
||||
|
||||
void RevertCapability(in string capability, inout voidPtr annotation);
|
||||
/**
|
||||
* The domain URI to which this principal pertains.
|
||||
* This is congruent with HTMLDocument.domain, and may be null.
|
||||
* Setting this has no effect on the URI.
|
||||
*/
|
||||
attribute nsIURI domain;
|
||||
|
||||
void DisableCapability(in string capability, inout voidPtr annotation);
|
||||
/**
|
||||
* The origin of this principal's domain, if non-null, or its
|
||||
* codebase URI otherwise. An origin is defined as:
|
||||
* scheme + host + port.
|
||||
*/
|
||||
// XXXcaa this should probably be turned into an nsIURI.
|
||||
// The system principal's origin should be some caps namespace
|
||||
// with a chrome URI. All of chrome should probably be the same.
|
||||
readonly attribute string origin;
|
||||
|
||||
/**
|
||||
* Whether this principal is associated with a certificate.
|
||||
*/
|
||||
readonly attribute boolean hasCertificate;
|
||||
|
||||
/**
|
||||
* The fingerprint ID of this principal's certificate.
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
// XXXcaa kaie says this may not be unique. We should probably
|
||||
// consider using something else for this....
|
||||
attribute string certificateID;
|
||||
|
||||
/**
|
||||
* The common name for the certificate.
|
||||
* This pertains to the certificate authority organization.
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
attribute string commonName;
|
||||
};
|
||||
|
|
|
@ -134,23 +134,22 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
|||
* executing script. Will return null if there is no script
|
||||
* currently executing.
|
||||
*/
|
||||
nsIPrincipal getSubjectPrincipal();
|
||||
[noscript] nsIPrincipal getSubjectPrincipal();
|
||||
|
||||
/**
|
||||
* Return the all-powerful system principal.
|
||||
*/
|
||||
nsIPrincipal getSystemPrincipal();
|
||||
[noscript] nsIPrincipal getSystemPrincipal();
|
||||
|
||||
/**
|
||||
* Return a principal that can be QI'd to nsICertificatePrincipal.
|
||||
* Return a principal with the specified certificate ID.
|
||||
*/
|
||||
nsIPrincipal getCertificatePrincipal(in string CertID);
|
||||
[noscript] nsIPrincipal getCertificatePrincipal(in string CertID);
|
||||
|
||||
/**
|
||||
* Return a principal that can be QI'd to nsICodebasePrincipal and
|
||||
* has the same origin as aURI.
|
||||
* Return a principal that has the same origin as aURI.
|
||||
*/
|
||||
nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
|
||||
[noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
|
||||
|
||||
///////////////// Capabilities API /////////////////////
|
||||
/**
|
||||
|
@ -159,13 +158,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
|||
* necessary. Returns nsIPrincipal::ENABLE_GRANTED or
|
||||
* nsIPrincipal::ENABLE_DENIED based on user's choice.
|
||||
*/
|
||||
void requestCapability(in nsIPrincipal principal, in string capability,
|
||||
out short result);
|
||||
[noscript] short requestCapability(in nsIPrincipal principal,
|
||||
in string capability);
|
||||
|
||||
/**
|
||||
* Return true if the currently executing script has 'capability' enabled.
|
||||
*/
|
||||
boolean IsCapabilityEnabled(in string capability);
|
||||
boolean isCapabilityEnabled(in string capability);
|
||||
|
||||
/**
|
||||
* Enable 'capability' in the innermost frame of the currently executing
|
||||
|
|
|
@ -29,14 +29,8 @@ include $(DEPTH)/config/autoconf.mk
|
|||
MODULE = caps
|
||||
|
||||
EXPORTS = \
|
||||
nsBasePrincipal.h \
|
||||
nsSystemPrincipal.h \
|
||||
nsCertificatePrincipal.h \
|
||||
nsCodebasePrincipal.h \
|
||||
nsAggregatePrincipal.h \
|
||||
nsJSPrincipals.h \
|
||||
nsScriptSecurityManager.h \
|
||||
$(NULL)
|
||||
nsJSPrincipals.h \
|
||||
$(NULL)
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
|
|
|
@ -36,8 +36,9 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* describes principals by their orginating uris*/
|
||||
#ifndef _NS_JSPRINCIPALS_H_
|
||||
#define _NS_JSPRINCIPALS_H_
|
||||
|
||||
#ifndef nsJSPrincipals_h__
|
||||
#define nsJSPrincipals_h__
|
||||
#include "jsapi.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
|
@ -47,8 +48,8 @@ struct nsJSPrincipals : JSPrincipals {
|
|||
nsresult Init(char *prin);
|
||||
~nsJSPrincipals(void);
|
||||
|
||||
nsIPrincipal *nsIPrincipalPtr;
|
||||
nsIPrincipal *nsIPrincipalPtr; // [WEAK] it owns us.
|
||||
};
|
||||
|
||||
#endif /* _NS_JSPRINCIPALS_H_ */
|
||||
#endif /* nsJSPrincipals_h__ */
|
||||
|
||||
|
|
|
@ -0,0 +1,128 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2003
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Christopher A. Aillon <christopher@aillon.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef nsPrincipal_h__
|
||||
#define nsPrincipal_h__
|
||||
|
||||
#include "nsAutoPtr.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsVoidArray.h"
|
||||
#include "nsHashtable.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
|
||||
class nsIObjectInputStream;
|
||||
class nsIObjectOutputStream;
|
||||
|
||||
class nsPrincipal : public nsIPrincipal
|
||||
{
|
||||
public:
|
||||
nsPrincipal();
|
||||
nsPrincipal(nsIURI *aURI);
|
||||
|
||||
protected:
|
||||
virtual ~nsPrincipal();
|
||||
|
||||
public:
|
||||
// Our refcount is managed by mJSPrincipals. Use this macro to avoid
|
||||
// an extra refcount member.
|
||||
NS_DECL_ISUPPORTS_INHERITED
|
||||
protected:
|
||||
// XXXcaa Probably unnecessary. See bug 143559.
|
||||
NS_DECL_OWNINGTHREAD
|
||||
public:
|
||||
|
||||
NS_DECL_NSIPRINCIPAL
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
|
||||
nsresult InitFromPersistent(const char* aPrefName,
|
||||
const char* aToken,
|
||||
const char* aGrantedList,
|
||||
const char* aDeniedList,
|
||||
PRBool aIsCert = PR_FALSE,
|
||||
PRBool aTrusted = PR_FALSE);
|
||||
|
||||
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
|
||||
|
||||
nsresult SetCapability(const char *capability, void **annotation,
|
||||
AnnotationValue value);
|
||||
|
||||
static const char sInvalid[];
|
||||
|
||||
protected:
|
||||
nsJSPrincipals mJSPrincipals;
|
||||
nsVoidArray mAnnotations;
|
||||
nsHashtable mCapabilities;
|
||||
nsCString mPrefName;
|
||||
static PRInt32 sCapabilitiesOrdinal;
|
||||
|
||||
// XXXcaa This is a semi-hack. The best solution here is to keep
|
||||
// a reference to an interface here, except there is no interface
|
||||
// that we can use yet.
|
||||
struct Certificate
|
||||
{
|
||||
Certificate(const char* aCertID, const char* aName)
|
||||
: certificateID(aCertID),
|
||||
commonName(aName)
|
||||
{
|
||||
};
|
||||
nsCString certificateID;
|
||||
nsCString commonName;
|
||||
};
|
||||
|
||||
// Keep this is a pointer, even though it may slightly increase the
|
||||
// cost of keeping a certificate, this is a good tradeoff though since
|
||||
// it is very rare that we actually have a certificate.
|
||||
nsAutoPtr<Certificate> mCert;
|
||||
|
||||
void* mSecurityPolicy;
|
||||
|
||||
nsCOMPtr<nsIURI> mCodebase;
|
||||
nsCOMPtr<nsIURI> mDomain;
|
||||
PRUint8 mType;
|
||||
PRPackedBool mTrusted;
|
||||
};
|
||||
|
||||
|
||||
#define NS_PRINCIPAL_CLASSNAME "principal"
|
||||
#define NS_PRINCIPAL_CONTRACTID "@mozilla.org/principal;1"
|
||||
#define NS_PRINCIPAL_CID \
|
||||
{ 0x36102b6b, 0x7b62, 0x451a, \
|
||||
{ 0xa1, 0xc8, 0xa0, 0xd4, 0x56, 0xc9, 0x2d, 0xc5 }}
|
||||
|
||||
|
||||
#endif // nsPrincipal_h__
|
|
@ -22,6 +22,7 @@
|
|||
* Contributor(s):
|
||||
* Norris Boyd <nboyd@atg.com>
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
* Christopher A. Aillon <christopher@aillon.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
|
@ -37,14 +38,15 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_
|
||||
#define _NS_SCRIPT_SECURITY_MANAGER_H_
|
||||
#ifndef nsScriptSecurityManager_h__
|
||||
#define nsScriptSecurityManager_h__
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "jsapi.h"
|
||||
#include "jsdbgapi.h"
|
||||
#include "nsIXPCSecurityManager.h"
|
||||
#include "nsInterfaceHashtable.h"
|
||||
#include "nsHashtable.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIPrefService.h"
|
||||
|
@ -57,42 +59,85 @@
|
|||
class nsIDocShell;
|
||||
class nsString;
|
||||
class nsIClassInfo;
|
||||
class nsIIOService;
|
||||
class nsIXPConnect;
|
||||
class nsSystemPrincipal;
|
||||
struct ClassPolicy;
|
||||
|
||||
#if defined(DEBUG_mstoltz) || defined(DEBUG_caillon)
|
||||
#define DEBUG_CAPS_HACKER
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_CAPS_HACKER
|
||||
#define DEBUG_CAPS_CheckPropertyAccessImpl
|
||||
#define DEBUG_CAPS_LookupPolicy
|
||||
#define DEBUG_CAPS_CheckComponentPermissions
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#define DEBUG_CAPS_CanCreateWrapper
|
||||
#define DEBUG_CAPS_CanCreateInstance
|
||||
#define DEBUG_CAPS_CanGetService
|
||||
#endif
|
||||
|
||||
/////////////////////
|
||||
// nsIPrincipalKey //
|
||||
// PrincipalKey //
|
||||
/////////////////////
|
||||
|
||||
class nsIPrincipalKey : public nsHashKey {
|
||||
class NS_COM PrincipalKey : public PLDHashEntryHdr
|
||||
{
|
||||
public:
|
||||
nsIPrincipalKey(nsIPrincipal* key) {
|
||||
mKey = key;
|
||||
NS_IF_ADDREF(mKey);
|
||||
typedef const nsIPrincipal* KeyType;
|
||||
typedef const nsIPrincipal* KeyTypePointer;
|
||||
|
||||
PrincipalKey(const nsIPrincipal* key)
|
||||
: mKey(NS_CONST_CAST(nsIPrincipal*, key))
|
||||
{
|
||||
}
|
||||
|
||||
~nsIPrincipalKey(void) {
|
||||
NS_IF_RELEASE(mKey);
|
||||
|
||||
PrincipalKey(const PrincipalKey& toCopy)
|
||||
: mKey(toCopy.mKey)
|
||||
{
|
||||
}
|
||||
|
||||
~PrincipalKey()
|
||||
{
|
||||
}
|
||||
|
||||
PRUint32 HashCode(void) const {
|
||||
PRUint32 hash;
|
||||
mKey->HashValue(&hash);
|
||||
return hash;
|
||||
|
||||
KeyType GetKey() const
|
||||
{
|
||||
return mKey;
|
||||
}
|
||||
|
||||
PRBool Equals(const nsHashKey* aKey) const {
|
||||
|
||||
KeyTypePointer GetKeyPointer() const
|
||||
{
|
||||
return mKey;
|
||||
}
|
||||
|
||||
PRBool KeyEquals(KeyTypePointer aKey) const
|
||||
{
|
||||
PRBool eq;
|
||||
mKey->Equals(((nsIPrincipalKey*) aKey)->mKey, &eq);
|
||||
mKey->Equals(NS_CONST_CAST(nsIPrincipal*, aKey),
|
||||
&eq);
|
||||
return eq;
|
||||
}
|
||||
|
||||
nsHashKey *Clone(void) const {
|
||||
return new nsIPrincipalKey(mKey);
|
||||
|
||||
static KeyTypePointer KeyToPointer(KeyType aKey)
|
||||
{
|
||||
return aKey;
|
||||
}
|
||||
|
||||
protected:
|
||||
nsIPrincipal* mKey;
|
||||
static PLDHashNumber HashKey(KeyTypePointer aKey)
|
||||
{
|
||||
PRUint32 hash;
|
||||
NS_CONST_CAST(nsIPrincipal*, aKey)->GetHashValue(&hash);
|
||||
return PLDHashNumber(hash);
|
||||
}
|
||||
|
||||
enum { ALLOW_MEMMOVE = PR_TRUE };
|
||||
|
||||
private:
|
||||
nsCOMPtr<nsIPrincipal> mKey;
|
||||
};
|
||||
|
||||
////////////////////
|
||||
|
@ -213,9 +258,12 @@ class DomainPolicy : public PLDHashTable
|
|||
public:
|
||||
DomainPolicy() : mWildcardPolicy(nsnull),
|
||||
mRefCount(0)
|
||||
|
||||
{
|
||||
static PLDHashTableOps domainPolicyOps =
|
||||
}
|
||||
|
||||
PRBool Init()
|
||||
{
|
||||
static const PLDHashTableOps domainPolicyOps =
|
||||
{
|
||||
PL_DHashAllocTable,
|
||||
PL_DHashFreeTable,
|
||||
|
@ -228,8 +276,8 @@ public:
|
|||
InitClassPolicyEntry
|
||||
};
|
||||
|
||||
PL_DHashTableInit(this, &domainPolicyOps, nsnull,
|
||||
sizeof(ClassPolicy), 16);
|
||||
return PL_DHashTableInit(this, &domainPolicyOps, nsnull,
|
||||
sizeof(ClassPolicy), 16);
|
||||
}
|
||||
|
||||
~DomainPolicy()
|
||||
|
@ -397,7 +445,7 @@ private:
|
|||
nsresult
|
||||
CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
|
||||
#endif
|
||||
#ifdef DEBUG_mstoltz
|
||||
#ifdef DEBUG_CAPS_HACKER
|
||||
void
|
||||
PrintPolicyDB();
|
||||
#endif
|
||||
|
@ -408,8 +456,8 @@ private:
|
|||
inline void
|
||||
JSEnabledPrefChanged(nsISecurityPref* aSecurityPref);
|
||||
|
||||
static const char* sJSEnabledPrefName;
|
||||
static const char* sJSMailEnabledPrefName;
|
||||
static const char sJSEnabledPrefName[];
|
||||
static const char sJSMailEnabledPrefName[];
|
||||
|
||||
nsObjectHashtable* mOriginToPolicyMap;
|
||||
DomainPolicy* mDefaultPolicy;
|
||||
|
@ -417,20 +465,21 @@ private:
|
|||
|
||||
nsCOMPtr<nsIPrefBranch> mPrefBranch;
|
||||
nsCOMPtr<nsISecurityPref> mSecurityPref;
|
||||
nsIPrincipal* mSystemPrincipal;
|
||||
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
|
||||
nsCOMPtr<nsIPrincipal> mSystemCertificate;
|
||||
nsSupportsHashtable* mPrincipals;
|
||||
PRBool mIsJavaScriptEnabled;
|
||||
PRBool mIsMailJavaScriptEnabled;
|
||||
PRBool mIsWritingPrefs;
|
||||
nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
|
||||
nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
|
||||
PRBool mNameSetRegistered;
|
||||
PRBool mPolicyPrefsChanged;
|
||||
PRPackedBool mIsJavaScriptEnabled;
|
||||
PRPackedBool mIsMailJavaScriptEnabled;
|
||||
PRPackedBool mIsWritingPrefs;
|
||||
PRPackedBool mPolicyPrefsChanged;
|
||||
#ifdef XPC_IDISPATCH_SUPPORT
|
||||
PRBool mXPCDefaultGrantAll;
|
||||
static const char* sXPCDefaultGrantAllName;
|
||||
PRPackedBool mXPCDefaultGrantAll;
|
||||
static const char sXPCDefaultGrantAllName[];
|
||||
#endif
|
||||
|
||||
static nsIIOService* sIOService;
|
||||
static nsIXPConnect* sXPConnect;
|
||||
};
|
||||
|
||||
#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/
|
||||
|
||||
#endif // nsScriptSecurityManager_h__
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
|
@ -38,10 +38,11 @@
|
|||
|
||||
/* The privileged system principal. */
|
||||
|
||||
#ifndef _NS_SYSTEM_PRINCIPAL_H_
|
||||
#define _NS_SYSTEM_PRINCIPAL_H_
|
||||
#ifndef nsSystemPrincipal_h__
|
||||
#define nsSystemPrincipal_h__
|
||||
|
||||
#include "nsBasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
|
||||
#define NS_SYSTEMPRINCIPAL_CLASSNAME "systemprincipal"
|
||||
#define NS_SYSTEMPRINCIPAL_CID \
|
||||
|
@ -50,42 +51,23 @@
|
|||
#define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1"
|
||||
|
||||
|
||||
class nsSystemPrincipal : public nsBasePrincipal {
|
||||
class nsSystemPrincipal : public nsIPrincipal
|
||||
{
|
||||
public:
|
||||
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_ISUPPORTS_INHERITED
|
||||
NS_DECL_NSIPRINCIPAL
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
|
||||
NS_IMETHOD ToString(char **result);
|
||||
|
||||
NS_IMETHOD ToUserVisibleString(char **result);
|
||||
|
||||
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
|
||||
|
||||
NS_IMETHOD HashValue(PRUint32 *result);
|
||||
|
||||
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
|
||||
|
||||
NS_IMETHOD SetCanEnableCapability(const char *capability,
|
||||
PRInt16 canEnable);
|
||||
|
||||
NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation,
|
||||
PRBool *result);
|
||||
|
||||
NS_IMETHOD EnableCapability(const char *capability, void * *annotation);
|
||||
|
||||
NS_IMETHOD RevertCapability(const char *capability, void * *annotation);
|
||||
|
||||
NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
|
||||
|
||||
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList);
|
||||
|
||||
NS_IMETHOD Init();
|
||||
nsresult Init();
|
||||
|
||||
nsSystemPrincipal();
|
||||
|
||||
protected:
|
||||
virtual ~nsSystemPrincipal(void);
|
||||
|
||||
nsJSPrincipals mJSPrincipals;
|
||||
// XXX Probably unnecessary. See bug 143559.
|
||||
NS_DECL_OWNINGTHREAD
|
||||
};
|
||||
|
||||
#endif // _NS_SYSTEM_PRINCIPAL_H_
|
||||
#endif // nsSystemPrincipal_h__
|
||||
|
|
|
@ -50,11 +50,8 @@ REQUIRES = xpcom \
|
|||
$(NULL)
|
||||
|
||||
CPPSRCS = \
|
||||
nsBasePrincipal.cpp \
|
||||
nsPrincipal.cpp \
|
||||
nsSystemPrincipal.cpp \
|
||||
nsCertificatePrincipal.cpp \
|
||||
nsCodebasePrincipal.cpp \
|
||||
nsAggregatePrincipal.cpp \
|
||||
nsJSPrincipals.cpp \
|
||||
nsScriptSecurityManager.cpp \
|
||||
nsSecurityManagerFactory.cpp \
|
||||
|
|
|
@ -1,479 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*describes principals which combine one or more principals*/
|
||||
#include "nsAggregatePrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
|
||||
static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID);
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE5_CI(nsAggregatePrincipal, nsIAggregatePrincipal,
|
||||
nsICertificatePrincipal, nsICodebasePrincipal,
|
||||
nsIPrincipal, nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER5(nsAggregatePrincipal, nsIAggregatePrincipal,
|
||||
nsICertificatePrincipal, nsICodebasePrincipal,
|
||||
nsIPrincipal, nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal);
|
||||
NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal);
|
||||
|
||||
//////////////////////////////////////////////////
|
||||
// Methods implementing nsICertificatePrincipal //
|
||||
//////////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCertificateID(char** aCertificateID)
|
||||
{
|
||||
if (!mCertificate)
|
||||
{
|
||||
*aCertificateID = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
|
||||
return certificate->GetCertificateID(aCertificateID);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCommonName(char** aCommonName)
|
||||
{
|
||||
if (!mCertificate)
|
||||
{
|
||||
*aCommonName = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
|
||||
return certificate->GetCommonName(aCommonName);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCommonName(const char* aCommonName)
|
||||
{
|
||||
if (!mCertificate)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
|
||||
return certificate->SetCommonName(aCommonName);
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////
|
||||
// Methods implementing nsICodebasePrincipal //
|
||||
///////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetURI(nsIURI** aURI)
|
||||
{
|
||||
if (!mCodebase)
|
||||
{
|
||||
*aURI = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
|
||||
return codebase->GetURI(aURI);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetOrigin(char** aOrigin)
|
||||
{
|
||||
if (!mCodebase)
|
||||
{
|
||||
*aOrigin = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
|
||||
return codebase->GetOrigin(aOrigin);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetSpec(char** aSpec)
|
||||
{
|
||||
if (!mCodebase)
|
||||
{
|
||||
*aSpec = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
|
||||
return codebase->GetSpec(aSpec);
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////
|
||||
// Methods implementing nsIAggregatePrincipal //
|
||||
////////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCertificate(nsIPrincipal** result)
|
||||
{
|
||||
*result = mCertificate;
|
||||
NS_IF_ADDREF(*result);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCodebase(nsIPrincipal** result)
|
||||
{
|
||||
*result = mCodebase;
|
||||
NS_IF_ADDREF(*result);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate)
|
||||
{
|
||||
nsresult rv;
|
||||
//-- Make sure this really is a certificate principal
|
||||
if (aCertificate)
|
||||
{
|
||||
nsCOMPtr<nsICertificatePrincipal> tempCertificate =
|
||||
do_QueryInterface(aCertificate, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
//-- If aCertificate is an aggregate, get its underlying certificate
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg =
|
||||
do_QueryInterface(aCertificate, &rv);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> underlying;
|
||||
rv = agg->GetCertificate(getter_AddRefs(underlying));
|
||||
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
|
||||
mCertificate = underlying.get();
|
||||
}
|
||||
else
|
||||
mCertificate = aCertificate;
|
||||
// New certificate, so forget cached security policy
|
||||
mCachedSecurityPolicy = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
|
||||
|
||||
//-- If newCodebase is an aggregate, get its underlying codebase
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg =
|
||||
do_QueryInterface(newCodebase, &rv);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
{
|
||||
rv = agg->GetCodebase(getter_AddRefs(newCodebase));
|
||||
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
|
||||
}
|
||||
else
|
||||
{ //-- Make sure this really is a codebase principal
|
||||
nsCOMPtr<nsICodebasePrincipal> tempCodebase =
|
||||
do_QueryInterface(newCodebase, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
mCodebase = newCodebase;
|
||||
|
||||
//-- If this is the first codebase set, remember it.
|
||||
if (!mOriginalCodebase)
|
||||
mOriginalCodebase = newCodebase;
|
||||
else
|
||||
{
|
||||
mDomainChanged = PR_TRUE;
|
||||
// Codebase has changed, forget cached security policy
|
||||
mCachedSecurityPolicy = nsnull;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aOriginalCodebase);
|
||||
|
||||
*aOriginalCodebase = mOriginalCodebase;
|
||||
NS_IF_ADDREF(*aOriginalCodebase);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild)
|
||||
{
|
||||
//-- If a certificate is present, then that's the PrimaryChild principal.
|
||||
// Otherwise we use the codebase.
|
||||
if (mCertificate)
|
||||
*aPrimaryChild = mCertificate.get();
|
||||
else if (mCodebase)
|
||||
*aPrimaryChild = mCodebase.get();
|
||||
else
|
||||
{
|
||||
*aPrimaryChild = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IF_ADDREF(*aPrimaryChild);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Intersect(nsIPrincipal* other)
|
||||
{
|
||||
NS_ASSERTION(mCodebase, "Principal without codebase");
|
||||
|
||||
if (mCertificate)
|
||||
{
|
||||
PRBool sameCert = PR_FALSE;
|
||||
if (NS_FAILED(mCertificate->Equals(other, &sameCert)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (!sameCert)
|
||||
SetCertificate(nsnull);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetDomainChanged(PRBool aDomainChanged)
|
||||
{
|
||||
mDomainChanged = aDomainChanged;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetDomainChanged(PRBool* aDomainChanged)
|
||||
{
|
||||
*aDomainChanged = mDomainChanged;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetCachedSecurityPolicy(void** aCachedSecurityPolicy)
|
||||
{
|
||||
*aCachedSecurityPolicy = mCachedSecurityPolicy;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCachedSecurityPolicy(void* aCachedSecurityPolicy)
|
||||
{
|
||||
mCachedSecurityPolicy = aCachedSecurityPolicy;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::ToString(char **result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->ToString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->ToUserVisibleString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
|
||||
{
|
||||
*result = PR_FALSE;
|
||||
if (this == other) {
|
||||
*result = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
if (!other)
|
||||
return NS_OK;
|
||||
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIAggregatePrincipal> otherAgg =
|
||||
do_QueryInterface(other, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_OK;
|
||||
//-- Two aggregates are equal if both codebase and certificate are equal
|
||||
PRBool certEqual = PR_TRUE;
|
||||
if (mCertificate)
|
||||
{
|
||||
rv = mCertificate->Equals(other, &certEqual);
|
||||
if(NS_FAILED(rv)) return rv;
|
||||
}
|
||||
PRBool cbEqual = PR_TRUE;
|
||||
if (mCodebase)
|
||||
{
|
||||
rv = mCodebase->Equals(other, &cbEqual);
|
||||
if(NS_FAILED(rv)) return rv;
|
||||
}
|
||||
if (mCertificate || mCodebase) // At least one must be present
|
||||
*result = certEqual && cbEqual;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::HashValue(PRUint32 *result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->HashValue(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::CanEnableCapability(const char *capability,
|
||||
PRInt16 *result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->CanEnableCapability(capability, result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::SetCanEnableCapability(const char *capability,
|
||||
PRInt16 canEnable)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->SetCanEnableCapability(capability, canEnable);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
|
||||
PRBool *result)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->IsCapabilityEnabled(capability, annotation, result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->EnableCapability(capability, annotation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->RevertCapability(capability, annotation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->DisableCapability(capability, annotation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> PrimaryChild;
|
||||
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
|
||||
return NS_ERROR_FAILURE;
|
||||
return PrimaryChild->GetPreferences(aPrefName, aID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Read(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCertificate));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCodebase));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Write(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalObject(aStream, mCertificate, PR_TRUE);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIPrincipal), PR_TRUE);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
// Constructor, Destructor, initialization //
|
||||
/////////////////////////////////////////////
|
||||
|
||||
nsAggregatePrincipal::nsAggregatePrincipal() : mCachedSecurityPolicy(nsnull),
|
||||
mDomainChanged(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
nsAggregatePrincipal::~nsAggregatePrincipal()
|
||||
{
|
||||
}
|
|
@ -1,227 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1998-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Mitch Stoltz <mstoltz@netscape.com>
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*describes principals for use in signed scripts*/
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "prmem.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsCRT.h"
|
||||
|
||||
static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE3_CI(nsCertificatePrincipal,
|
||||
nsICertificatePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER3(nsCertificatePrincipal,
|
||||
nsICertificatePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal);
|
||||
NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal);
|
||||
|
||||
//////////////////////////////////////////////////
|
||||
// Methods implementing nsICertificatePrincipal //
|
||||
//////////////////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetCertificateID(char** aCertificateID)
|
||||
{
|
||||
*aCertificateID = ToNewCString(mCertificateID);
|
||||
return *aCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetCommonName(char** aCommonName)
|
||||
{
|
||||
*aCommonName = ToNewCString(mCommonName);
|
||||
return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::SetCommonName(const char* aCommonName)
|
||||
{
|
||||
mCommonName = aCommonName;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::CanEnableCapability(const char *capability,
|
||||
PRInt16 *result)
|
||||
{
|
||||
if(NS_FAILED(nsBasePrincipal::CanEnableCapability(capability, result)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
|
||||
*result = ENABLE_WITH_USER_PERMISSION;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::ToString(char **result)
|
||||
{
|
||||
return GetCertificateID(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
return GetCommonName(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
if (mPrefName.IsEmpty()) {
|
||||
mPrefName.Assign("capability.principal.certificate.p");
|
||||
mPrefName.AppendInt(mCapabilitiesOrdinal++);
|
||||
mPrefName.Append(".id");
|
||||
}
|
||||
return nsBasePrincipal::GetPreferences(aPrefName, aID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
|
||||
{
|
||||
*result = PR_FALSE;
|
||||
if (this == other) {
|
||||
*result = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
if (!other)
|
||||
return NS_OK;
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsICertificatePrincipal> otherCertificate =
|
||||
do_QueryInterface(other, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_OK;
|
||||
//-- Compare cert ID's
|
||||
char* otherID;
|
||||
rv = otherCertificate->GetCertificateID(&otherID);
|
||||
if (NS_FAILED(rv))
|
||||
{
|
||||
PR_FREEIF(otherID);
|
||||
return rv;
|
||||
}
|
||||
*result = mCertificateID.Equals(otherID);
|
||||
PR_FREEIF(otherID);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::HashValue(PRUint32 *result)
|
||||
{
|
||||
char* str;
|
||||
if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE;
|
||||
*result = nsCRT::HashCode(str, nsnull);
|
||||
nsCRT::free(str);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Read(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = aStream->ReadCString(mCertificateID);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_ReadOptionalCString(aStream, mCommonName);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Write(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = aStream->WriteStringZ(mCertificateID.get());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mCommonName.get());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
// Constructor, Destructor, initialization //
|
||||
/////////////////////////////////////////////
|
||||
nsresult
|
||||
nsCertificatePrincipal::InitFromPersistent(const char* aPrefName, const char* aCertID,
|
||||
const char* aGrantedList, const char* aDeniedList)
|
||||
{
|
||||
if (NS_FAILED(Init(aCertID)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
return nsBasePrincipal::InitFromPersistent(aPrefName, aCertID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Init(const char* aCertificateID)
|
||||
{
|
||||
mCertificateID = aCertificateID;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCertificatePrincipal::nsCertificatePrincipal()
|
||||
{
|
||||
}
|
||||
|
||||
nsCertificatePrincipal::~nsCertificatePrincipal()
|
||||
{
|
||||
}
|
|
@ -1,311 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.1 (the "License"); you may not use this file except in
|
||||
* compliance with the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1999-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the NPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* Describes principals by their orginating uris */
|
||||
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsIComponentManager.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsIURL.h"
|
||||
#include "nsIJARURI.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIPrefBranch.h"
|
||||
#include "nsIPrefService.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE3_CI(nsCodebasePrincipal,
|
||||
nsICodebasePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER3(nsCodebasePrincipal,
|
||||
nsICodebasePrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal);
|
||||
NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal);
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::ToString(char **result)
|
||||
{
|
||||
*result = nsnull;
|
||||
PRBool isFile = PR_TRUE;
|
||||
if(NS_FAILED(mURI->SchemeIs("file", &isFile)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
if (isFile)
|
||||
{
|
||||
nsCOMPtr<nsIURL> url(do_QueryInterface(mURI));
|
||||
if (url)
|
||||
{
|
||||
nsCAutoString directory;
|
||||
nsresult rv = url->GetDirectory(directory);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
nsCAutoString fileName;
|
||||
rv = url->GetFileName(fileName);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
*result =
|
||||
ToNewCString(NS_LITERAL_CSTRING("file://") + directory + fileName);
|
||||
if (!*result)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
return GetOrigin(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
return ToString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
if (mPrefName.IsEmpty())
|
||||
{
|
||||
mPrefName.Assign("capability.principal.codebase.p");
|
||||
mPrefName.AppendInt(mCapabilitiesOrdinal++);
|
||||
mPrefName.Append(".id");
|
||||
}
|
||||
return nsBasePrincipal::GetPreferences(aPrefName, aID,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::HashValue(PRUint32 *result)
|
||||
{
|
||||
nsXPIDLCString spec;
|
||||
if (NS_FAILED(GetSpec(getter_Copies(spec))))
|
||||
return NS_ERROR_FAILURE;
|
||||
*result = nsCRT::HashCode(spec, nsnull);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::CanEnableCapability(const char *capability,
|
||||
PRInt16 *result)
|
||||
{
|
||||
// Either this principal must be preconfigured as a trusted source
|
||||
// (mTrusted), or else the codebase principal pref must be enabled
|
||||
if (!mTrusted)
|
||||
{
|
||||
static char pref[] = "signed.applets.codebase_principal_support";
|
||||
nsCOMPtr<nsIPrefBranch> prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID));
|
||||
if (!prefBranch)
|
||||
return NS_ERROR_FAILURE;
|
||||
PRBool enabled;
|
||||
if (NS_FAILED(prefBranch->GetBoolPref(pref, &enabled)) || !enabled)
|
||||
{
|
||||
// Deny unless subject is executing from file: or resource:
|
||||
PRBool isFile = PR_FALSE;
|
||||
PRBool isRes = PR_FALSE;
|
||||
|
||||
if (NS_FAILED(mURI->SchemeIs("file", &isFile)) ||
|
||||
NS_FAILED(mURI->SchemeIs("resource", &isRes)) ||
|
||||
(!isFile && !isRes))
|
||||
{
|
||||
*result = nsIPrincipal::ENABLE_DENIED;
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
nsBasePrincipal::CanEnableCapability(capability, result);
|
||||
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
|
||||
*result = ENABLE_WITH_USER_PERMISSION;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////
|
||||
// Methods implementing nsICodebasePrincipal //
|
||||
///////////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetURI(nsIURI **uri)
|
||||
{
|
||||
*uri = mURI;
|
||||
NS_ADDREF(*uri);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetOrigin(char **origin)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCAutoString hostPort;
|
||||
if (NS_SUCCEEDED(mURI->GetHostPort(hostPort)))
|
||||
{
|
||||
nsCAutoString scheme;
|
||||
rv = mURI->GetScheme(scheme);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*origin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Some URIs (e.g., nsSimpleURI) don't support host. Just
|
||||
// get the full spec.
|
||||
nsCAutoString spec;
|
||||
rv = mURI->GetSpec(spec);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*origin = ToNewCString(spec);
|
||||
}
|
||||
|
||||
return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::GetSpec(char **spec)
|
||||
{
|
||||
nsCAutoString buf;
|
||||
nsresult rv = mURI->GetSpec(buf);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
*spec = ToNewCString(buf);
|
||||
return *spec ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::Equals(nsIPrincipal *aOther, PRBool *result)
|
||||
{
|
||||
if (this == aOther)
|
||||
{
|
||||
*result = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
*result = PR_FALSE;
|
||||
if (!aOther)
|
||||
return NS_OK;
|
||||
|
||||
// Get a URI from the other principal
|
||||
nsCOMPtr<nsICodebasePrincipal> otherCodebase(
|
||||
do_QueryInterface(aOther));
|
||||
if (!otherCodebase)
|
||||
{
|
||||
// Other principal is not a codebase, so return false
|
||||
return NS_OK;
|
||||
}
|
||||
nsCOMPtr<nsIURI> otherURI;
|
||||
otherCodebase->GetURI(getter_AddRefs(otherURI));
|
||||
|
||||
NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE);
|
||||
return nsScriptSecurityManager::SecurityCompareURIs(mURI,
|
||||
otherURI,
|
||||
result);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Read(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return aStream->ReadObject(PR_TRUE, getter_AddRefs(mURI));
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
rv = nsBasePrincipal::Write(aStream);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
return aStream->WriteCompoundObject(mURI, NS_GET_IID(nsIURI), PR_TRUE);
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
// Constructor, Destructor, initialization //
|
||||
/////////////////////////////////////////////
|
||||
|
||||
nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsCodebasePrincipal::Init(nsIURI *uri)
|
||||
{
|
||||
nsCAutoString codebase;
|
||||
if (uri == nsnull || NS_FAILED(uri->GetSpec(codebase)))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (NS_FAILED(mJSPrincipals.Init(ToNewCString(codebase))))
|
||||
return NS_ERROR_FAILURE;
|
||||
// JSPrincipals::Init adopts its input
|
||||
mURI = uri;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// This method overrides nsBasePrincipal::InitFromPersistent
|
||||
nsresult
|
||||
nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr,
|
||||
const char* aGrantedList, const char* aDeniedList,
|
||||
PRBool aTrusted)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aURLStr), nsnull);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Malformed URI in security.principal preference.");
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE;
|
||||
// XXX: Add check for trusted = SSL only here?
|
||||
mTrusted = aTrusted;
|
||||
|
||||
return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr,
|
||||
aGrantedList, aDeniedList);
|
||||
}
|
||||
|
||||
nsCodebasePrincipal::~nsCodebasePrincipal()
|
||||
{
|
||||
}
|
|
@ -35,7 +35,10 @@
|
|||
* the terms of any one of the NPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#include "nsCodebasePrincipal.h"
|
||||
|
||||
#include "nsString.h"
|
||||
#include "nsIObjectOutputStream.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "plstr.h"
|
||||
#include "nsXPIDLString.h"
|
||||
|
@ -138,7 +141,7 @@ nsTranscodeJSPrincipals(JSXDRState *xdr, JSPrincipals **jsprinp)
|
|||
nsMemory::Free(olddata);
|
||||
::JS_XDRMemSetData(xdr, data, size);
|
||||
|
||||
prin->GetJSPrincipals(jsprinp);
|
||||
prin->GetJsPrincipals(jsprinp);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -185,6 +188,12 @@ nsJSPrincipals::nsJSPrincipals()
|
|||
nsresult
|
||||
nsJSPrincipals::Init(char *aCodebase)
|
||||
{
|
||||
if (codebase)
|
||||
{
|
||||
NS_ERROR("Init called twice!");
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
|
||||
codebase = aCodebase;
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,796 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2003
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Christopher A. Aillon <christopher@aillon.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nscore.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "plstr.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "nsVoidArray.h"
|
||||
#include "nsHashtable.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
#include "nsIObjectOutputStream.h"
|
||||
|
||||
#include "nsPrincipal.h"
|
||||
|
||||
|
||||
// Static member variables
|
||||
PRInt32 nsPrincipal::sCapabilitiesOrdinal = 0;
|
||||
const char nsPrincipal::sInvalid[] = "Invalid";
|
||||
|
||||
|
||||
nsPrincipal::nsPrincipal()
|
||||
: mCapabilities(7)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE2_CI(nsPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER2(nsPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NS_IMETHODIMP_(nsrefcnt)
|
||||
nsPrincipal::AddRef()
|
||||
{
|
||||
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
|
||||
// XXXcaa does this need to be threadsafe? See bug 143559.
|
||||
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
|
||||
NS_LOG_ADDREF(this, count, "nsPrincipal", sizeof(*this));
|
||||
return count;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP_(nsrefcnt)
|
||||
nsPrincipal::Release()
|
||||
{
|
||||
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
|
||||
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
|
||||
NS_LOG_RELEASE(this, count, "nsPrincipal");
|
||||
if (count == 0) {
|
||||
NS_DELETEXPCOM(this);
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
nsPrincipal::nsPrincipal(nsIURI *aURI)
|
||||
: mSecurityPolicy(nsnull),
|
||||
mCodebase(aURI)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
PR_STATIC_CALLBACK(PRBool)
|
||||
deleteElement(void* aElement, void *aData)
|
||||
{
|
||||
nsHashtable *ht = (nsHashtable *) aElement;
|
||||
delete ht;
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
nsPrincipal::~nsPrincipal(void)
|
||||
{
|
||||
mAnnotations.EnumerateForwards(deleteElement, nsnull);
|
||||
delete mCert;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
|
||||
{
|
||||
if (!mJSPrincipals.nsIPrincipalPtr) {
|
||||
// Don't addref here, since we are referencing each other.
|
||||
mJSPrincipals.nsIPrincipalPtr = this;
|
||||
}
|
||||
|
||||
*jsprin = &mJSPrincipals;
|
||||
|
||||
// JSPRINCIPALS_HOLD does not use its first argument.
|
||||
// Just use a dummy cx to save the codesize.
|
||||
JSPRINCIPALS_HOLD(cx, *jsprin);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetOrigin(char **aOrigin)
|
||||
{
|
||||
nsIURI* uri = mDomain ? mDomain : mCodebase;
|
||||
NS_ASSERTION(uri, "No Domain or Codebase");
|
||||
|
||||
nsCAutoString hostPort;
|
||||
nsresult rv = uri->GetHostPort(hostPort);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCAutoString scheme;
|
||||
rv = uri->GetScheme(scheme);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
|
||||
}
|
||||
else {
|
||||
// Some URIs (e.g., nsSimpleURI) don't support host. Just
|
||||
// get the full spec.
|
||||
nsCAutoString spec;
|
||||
rv = uri->GetSpec(spec);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*aOrigin = ToNewCString(spec);
|
||||
}
|
||||
|
||||
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
|
||||
{
|
||||
*aSecurityPolicy = mSecurityPolicy;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
|
||||
{
|
||||
mSecurityPolicy = aSecurityPolicy;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult)
|
||||
{
|
||||
*aResult = PR_FALSE;
|
||||
|
||||
if (!aOther) {
|
||||
NS_WARNING("Need a principal to compare this to!");
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (this != aOther) {
|
||||
if (mCert) {
|
||||
PRBool otherHasCert;
|
||||
aOther->GetHasCertificate(&otherHasCert);
|
||||
if (!otherHasCert) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsXPIDLCString otherCertID;
|
||||
aOther->GetCertificateID(getter_Copies(otherCertID));
|
||||
if (!otherCertID.Equals(mCert->certificateID)) {
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
|
||||
// Codebases are equal if they have the same origin.
|
||||
nsIURI *origin = mDomain ? mDomain : mCodebase;
|
||||
nsCOMPtr<nsIURI> otherOrigin;
|
||||
aOther->GetDomain(getter_AddRefs(otherOrigin));
|
||||
if (!otherOrigin) {
|
||||
aOther->GetURI(getter_AddRefs(otherOrigin));
|
||||
}
|
||||
|
||||
return nsScriptSecurityManager::SecurityCompareURIs(origin,
|
||||
otherOrigin,
|
||||
aResult);
|
||||
}
|
||||
|
||||
*aResult = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
|
||||
{
|
||||
// If this principal is marked invalid, can't enable any capabilities
|
||||
nsCStringKey invalidKey(sInvalid);
|
||||
if (mCapabilities.Exists(&invalidKey)) {
|
||||
*result = nsIPrincipal::ENABLE_DENIED;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
const char *start = capability;
|
||||
*result = nsIPrincipal::ENABLE_GRANTED;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
PRInt32 len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities.Get(&key));
|
||||
if (value == 0) {
|
||||
value = nsIPrincipal::ENABLE_UNKNOWN;
|
||||
}
|
||||
|
||||
if (value < *result) {
|
||||
*result = value;
|
||||
}
|
||||
|
||||
if (!space) {
|
||||
break;
|
||||
}
|
||||
|
||||
start = space + 1;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetCanEnableCapability(const char *capability,
|
||||
PRInt16 canEnable)
|
||||
{
|
||||
// If this principal is marked invalid, can't enable any capabilities
|
||||
|
||||
nsCStringKey invalidKey(sInvalid);
|
||||
if (mCapabilities.Exists(&invalidKey)) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (PL_strcmp(capability, sInvalid) == 0) {
|
||||
mCapabilities.Reset();
|
||||
}
|
||||
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
mCapabilities.Put(&key, NS_INT32_TO_PTR(canEnable));
|
||||
if (!space) {
|
||||
break;
|
||||
}
|
||||
|
||||
start = space + 1;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
|
||||
PRBool *result)
|
||||
{
|
||||
*result = PR_FALSE;
|
||||
nsHashtable *ht = (nsHashtable *) annotation;
|
||||
if (!ht) {
|
||||
return NS_OK;
|
||||
}
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
*result = (ht->Get(&key) == (void *) AnnotationEnabled);
|
||||
if (!*result) {
|
||||
// If any single capability is not enabled, then return false.
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (!space) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
start = space + 1;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::EnableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
return SetCapability(capability, annotation, AnnotationEnabled);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::DisableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
return SetCapability(capability, annotation, AnnotationDisabled);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::RevertCapability(const char *capability, void **annotation)
|
||||
{
|
||||
if (*annotation) {
|
||||
nsHashtable *ht = (nsHashtable *) *annotation;
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
ht->Remove(&key);
|
||||
if (!space) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
start = space + 1;
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsPrincipal::SetCapability(const char *capability, void **annotation,
|
||||
AnnotationValue value)
|
||||
{
|
||||
if (*annotation == nsnull) {
|
||||
*annotation = new nsHashtable(5);
|
||||
if (!*annotation) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
// This object owns its annotations. Save them so we can release
|
||||
// them when we destroy this object.
|
||||
mAnnotations.AppendElement(*annotation);
|
||||
}
|
||||
|
||||
const char *start = capability;
|
||||
for(;;) {
|
||||
const char *space = PL_strchr(start, ' ');
|
||||
int len = space ? space - start : strlen(start);
|
||||
nsCAutoString capString(start, len);
|
||||
nsCStringKey key(capString);
|
||||
nsHashtable *ht = (nsHashtable *) *annotation;
|
||||
ht->Put(&key, (void *) value);
|
||||
if (!space) {
|
||||
break;
|
||||
}
|
||||
|
||||
start = space + 1;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetHasCertificate(PRBool* aResult)
|
||||
{
|
||||
*aResult = (mCert != nsnull);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetURI(nsIURI** aURI)
|
||||
{
|
||||
NS_IF_ADDREF(*aURI = mCodebase);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetURI(nsIURI* aURI)
|
||||
{
|
||||
mCodebase = aURI;
|
||||
mDomain = nsnull;
|
||||
// Codebase has changed, forget cached security policy
|
||||
mSecurityPolicy = nsnull;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetCertificateID(const char* aID)
|
||||
{
|
||||
if (!aID) {
|
||||
mCert = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (!mCert) {
|
||||
mCert = new Certificate(aID, "");
|
||||
if (!mCert) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetCertificateID(char** aID)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert);
|
||||
|
||||
*aID = ToNewCString(mCert->certificateID);
|
||||
if (!*aID) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetCommonName(char** aName)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert);
|
||||
|
||||
*aName = ToNewCString(mCert->commonName);
|
||||
if (!*aName) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetCommonName(const char* aName)
|
||||
{
|
||||
if (!mCert) {
|
||||
NS_ERROR("You must first initialize the certificate with an ID");
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
mCert->commonName = aName;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetHashValue(PRUint32* aValue)
|
||||
{
|
||||
NS_PRECONDITION(mCert || mCodebase, "Need a cert or codebase");
|
||||
|
||||
// If there is a certificate, it takes precendence over the codebase.
|
||||
if (mCert) {
|
||||
*aValue = nsCRT::HashCode(mCert->certificateID.get(), nsnull);
|
||||
}
|
||||
else {
|
||||
nsCAutoString str;
|
||||
mCodebase->GetSpec(str);
|
||||
*aValue = nsCRT::HashCode(str.get(), nsnull);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetDomain(nsIURI** aDomain)
|
||||
{
|
||||
NS_IF_ADDREF(*aDomain = mDomain);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::SetDomain(nsIURI* aDomain)
|
||||
{
|
||||
mDomain = aDomain;
|
||||
// Domain has changed, forget cached security policy
|
||||
mSecurityPolicy = nsnull;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsPrincipal::InitFromPersistent(const char* aPrefName,
|
||||
const char* aToken,
|
||||
const char* aGrantedList,
|
||||
const char* aDeniedList,
|
||||
PRBool aIsCert,
|
||||
PRBool aTrusted)
|
||||
{
|
||||
NS_PRECONDITION(mCapabilities.Count() == 0,
|
||||
"mCapabilities was already initialized?");
|
||||
NS_PRECONDITION(mAnnotations.Count() == 0,
|
||||
"mAnnotations was already initialized?");
|
||||
|
||||
if (aIsCert) {
|
||||
SetCertificateID(aToken);
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
nsresult rv = NS_NewURI(getter_AddRefs(uri), aToken, nsnull);
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_ERROR("Malformed URI in capability.principal preference.");
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCAutoString token;
|
||||
rv = uri->GetSpec(token);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = mJSPrincipals.Init(PL_strdup(token.get()));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
mTrusted = aTrusted;
|
||||
}
|
||||
|
||||
//-- Save the preference name
|
||||
mPrefName = aPrefName;
|
||||
|
||||
const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890");
|
||||
if (ordinalBegin) {
|
||||
PRIntn n = atoi(ordinalBegin);
|
||||
if (sCapabilitiesOrdinal <= n) {
|
||||
sCapabilitiesOrdinal = n + 1;
|
||||
}
|
||||
}
|
||||
|
||||
//-- Store the capabilities
|
||||
nsresult rv = NS_OK;
|
||||
if (aGrantedList) {
|
||||
rv = SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED);
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(rv) && aDeniedList) {
|
||||
rv = SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED);
|
||||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
struct CapabilityList
|
||||
{
|
||||
nsCString* granted;
|
||||
nsCString* denied;
|
||||
};
|
||||
|
||||
PR_STATIC_CALLBACK(PRBool)
|
||||
AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
|
||||
{
|
||||
CapabilityList* capList = (CapabilityList*)capListPtr;
|
||||
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData);
|
||||
nsCStringKey* key = (nsCStringKey *)aKey;
|
||||
if (value == nsIPrincipal::ENABLE_GRANTED) {
|
||||
capList->granted->Append(key->GetString(), key->GetStringLength());
|
||||
capList->granted->Append(' ');
|
||||
}
|
||||
else if (value == nsIPrincipal::ENABLE_DENIED) {
|
||||
capList->denied->Append(key->GetString(), key->GetStringLength());
|
||||
capList->denied->Append(' ');
|
||||
}
|
||||
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
if (mPrefName.IsEmpty()) {
|
||||
if (mCert) {
|
||||
mPrefName.Assign("capability.principal.certificate.p");
|
||||
}
|
||||
else {
|
||||
mPrefName.Assign("capability.principal.codebase.p");
|
||||
}
|
||||
|
||||
mPrefName.AppendInt(sCapabilitiesOrdinal++);
|
||||
mPrefName.Append(".id");
|
||||
}
|
||||
|
||||
*aPrefName = nsnull;
|
||||
*aID = nsnull;
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
|
||||
char *prefName = nsnull;
|
||||
char *id = nsnull;
|
||||
char *granted = nsnull;
|
||||
char *denied = nsnull;
|
||||
|
||||
//-- Preference name
|
||||
prefName = ToNewCString(mPrefName);
|
||||
if (!prefName) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
//-- ID
|
||||
nsresult rv;
|
||||
if (mCert) {
|
||||
rv = GetCertificateID(&id);
|
||||
}
|
||||
else {
|
||||
rv = GetOrigin(&id);
|
||||
}
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
nsMemory::Free(prefName);
|
||||
return rv;
|
||||
}
|
||||
|
||||
//-- Capabilities
|
||||
nsCAutoString grantedListStr, deniedListStr;
|
||||
CapabilityList capList = CapabilityList();
|
||||
capList.granted = &grantedListStr;
|
||||
capList.denied = &deniedListStr;
|
||||
mCapabilities.Enumerate(AppendCapability, (void*)&capList);
|
||||
|
||||
if (!grantedListStr.IsEmpty()) {
|
||||
grantedListStr.Truncate(grantedListStr.Length() - 1);
|
||||
granted = ToNewCString(grantedListStr);
|
||||
if (!granted) {
|
||||
nsMemory::Free(prefName);
|
||||
nsMemory::Free(id);
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
if (!deniedListStr.IsEmpty()) {
|
||||
deniedListStr.Truncate(deniedListStr.Length() - 1);
|
||||
denied = ToNewCString(deniedListStr);
|
||||
if (!denied) {
|
||||
nsMemory::Free(prefName);
|
||||
nsMemory::Free(id);
|
||||
if (granted) {
|
||||
nsMemory::Free(granted);
|
||||
}
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
*aPrefName = prefName;
|
||||
*aID = id;
|
||||
*aGrantedList = granted;
|
||||
*aDeniedList = denied;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(nsresult)
|
||||
ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey,
|
||||
void** aData)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCStringKey* key = new nsCStringKey(aStream, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
PRUint32 value;
|
||||
rv = aStream->Read32(&value);
|
||||
if (NS_FAILED(rv)) {
|
||||
delete key;
|
||||
return rv;
|
||||
}
|
||||
|
||||
*aKey = key;
|
||||
*aData = (void*) value;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(void)
|
||||
FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey,
|
||||
void* aData)
|
||||
{
|
||||
delete aKey;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
PRUint32 annotationCount;
|
||||
nsresult rv = aStream->Read32(&annotationCount);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
|
||||
nsHashtable *ht = new nsHashtable(aStream,
|
||||
ReadAnnotationEntry,
|
||||
FreeAnnotationEntry,
|
||||
&rv);
|
||||
if (!ht) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
delete ht;
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) {
|
||||
delete ht;
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
PRBool hasCapabilities;
|
||||
rv = aStream->ReadBoolean(&hasCapabilities);
|
||||
if (NS_SUCCEEDED(rv) && hasCapabilities) {
|
||||
mCapabilities = nsHashtable(aStream,
|
||||
ReadAnnotationEntry,
|
||||
FreeAnnotationEntry,
|
||||
&rv);
|
||||
}
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = NS_ReadOptionalCString(aStream, mPrefName);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
PR_STATIC_CALLBACK(nsresult)
|
||||
WriteScalarValue(nsIObjectOutputStream* aStream, void* aData)
|
||||
{
|
||||
PRUint32 value = NS_PTR_TO_INT32(aData);
|
||||
|
||||
return aStream->Write32(value);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
PRUint32 annotationCount = PRUint32(mAnnotations.Count());
|
||||
nsresult rv = aStream->Write32(annotationCount);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
|
||||
nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]);
|
||||
rv = ht->Write(aStream, WriteScalarValue);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
PRBool hasCapabilities = (mCapabilities.Count() > 0);
|
||||
rv = aStream->WriteBoolean(hasCapabilities);
|
||||
if (NS_SUCCEEDED(rv) && hasCapabilities) {
|
||||
rv = mCapabilities.Write(aStream, WriteScalarValue);
|
||||
}
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mPrefName.get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -43,9 +43,7 @@
|
|||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsAggregatePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsPrincipal.h"
|
||||
#include "nsSystemPrincipal.h"
|
||||
#include "nsIScriptNameSpaceManager.h"
|
||||
#include "nsIScriptExternalNameSet.h"
|
||||
|
@ -234,8 +232,8 @@ netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
|
|||
|
||||
// NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
|
||||
|
||||
rv = securityManager->SetCanEnableCapability(principalID,
|
||||
nsBasePrincipal::Invalid,
|
||||
rv = securityManager->SetCanEnableCapability(principalID,
|
||||
nsPrincipal::sInvalid,
|
||||
nsIPrincipal::ENABLE_GRANTED);
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE;
|
||||
|
@ -310,17 +308,13 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
|
|||
|
||||
|
||||
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
|
||||
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
|
||||
nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
|
||||
|
||||
|
||||
NS_DECL_CLASSINFO(nsAggregatePrincipal)
|
||||
NS_DECL_CLASSINFO(nsCertificatePrincipal)
|
||||
NS_DECL_CLASSINFO(nsCodebasePrincipal)
|
||||
NS_DECL_CLASSINFO(nsPrincipal)
|
||||
NS_DECL_CLASSINFO(nsSystemPrincipal)
|
||||
|
||||
|
||||
|
@ -388,42 +382,16 @@ static const nsModuleComponentInfo capsComponentInfo[] =
|
|||
nsIClassInfo::MAIN_THREAD_ONLY
|
||||
},
|
||||
|
||||
{ NS_AGGREGATEPRINCIPAL_CLASSNAME,
|
||||
NS_AGGREGATEPRINCIPAL_CID,
|
||||
NS_AGGREGATEPRINCIPAL_CONTRACTID,
|
||||
nsAggregatePrincipalConstructor,
|
||||
{ NS_PRINCIPAL_CLASSNAME,
|
||||
NS_PRINCIPAL_CID,
|
||||
NS_PRINCIPAL_CONTRACTID,
|
||||
nsPrincipalConstructor,
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal),
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
|
||||
nsnull,
|
||||
&NS_CLASSINFO_NAME(nsAggregatePrincipal),
|
||||
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
|
||||
},
|
||||
|
||||
{ NS_CERTIFICATEPRINCIPAL_CLASSNAME,
|
||||
NS_CERTIFICATEPRINCIPAL_CID,
|
||||
NS_CERTIFICATEPRINCIPAL_CONTRACTID,
|
||||
nsCertificatePrincipalConstructor,
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal),
|
||||
nsnull,
|
||||
&NS_CLASSINFO_NAME(nsCertificatePrincipal),
|
||||
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
|
||||
},
|
||||
|
||||
{ NS_CODEBASEPRINCIPAL_CLASSNAME,
|
||||
NS_CODEBASEPRINCIPAL_CID,
|
||||
NS_CODEBASEPRINCIPAL_CONTRACTID,
|
||||
nsCodebasePrincipalConstructor,
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal),
|
||||
nsnull,
|
||||
&NS_CLASSINFO_NAME(nsCodebasePrincipal),
|
||||
&NS_CLASSINFO_NAME(nsPrincipal),
|
||||
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
|
||||
},
|
||||
|
||||
|
|
|
@ -47,40 +47,53 @@
|
|||
#include "nsXPIDLString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsString.h"
|
||||
|
||||
|
||||
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, nsIPrincipal, nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, nsIPrincipal, nsISerializable)
|
||||
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal,
|
||||
nsIPrincipal,
|
||||
nsISerializable)
|
||||
|
||||
NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal);
|
||||
NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal);
|
||||
NS_IMETHODIMP_(nsrefcnt)
|
||||
nsSystemPrincipal::AddRef()
|
||||
{
|
||||
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
|
||||
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
|
||||
NS_LOG_ADDREF(this, count, "nsSystemPrincipal", sizeof(*this));
|
||||
return count;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP_(nsrefcnt)
|
||||
nsSystemPrincipal::Release()
|
||||
{
|
||||
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
|
||||
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
|
||||
NS_LOG_RELEASE(this, count, "nsSystemPrincipal");
|
||||
if (count == 0) {
|
||||
NS_DELETEXPCOM(this);
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
|
||||
///////////////////////////////////////
|
||||
// Methods implementing nsIPrincipal //
|
||||
///////////////////////////////////////
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::ToString(char **result)
|
||||
{
|
||||
nsAutoString buf;
|
||||
buf.Assign(NS_LITERAL_STRING("[System]"));
|
||||
|
||||
*result = ToNewCString(buf);
|
||||
return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::ToUserVisibleString(char **result)
|
||||
{
|
||||
return ToString(result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
{
|
||||
// The system principal should never be streamed out
|
||||
*aPrefName = nsnull;
|
||||
*aID = nsnull;
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -92,7 +105,7 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result)
|
|||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::HashValue(PRUint32 *result)
|
||||
nsSystemPrincipal::GetHashValue(PRUint32 *result)
|
||||
{
|
||||
*result = NS_PTR_TO_INT32(this);
|
||||
return NS_OK;
|
||||
|
@ -127,12 +140,14 @@ nsSystemPrincipal::IsCapabilityEnabled(const char *capability,
|
|||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::EnableCapability(const char *capability, void **annotation)
|
||||
{
|
||||
*annotation = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::RevertCapability(const char *capability, void **annotation)
|
||||
{
|
||||
*annotation = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -141,9 +156,104 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation)
|
|||
{
|
||||
// Can't disable the capabilities of the system principal.
|
||||
// XXX might be handy to be able to do so!
|
||||
*annotation = nsnull;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetURI(nsIURI** aURI)
|
||||
{
|
||||
*aURI = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetURI(nsIURI* aURI)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetOrigin(char** aOrigin)
|
||||
{
|
||||
*aOrigin = ToNewCString(NS_LITERAL_CSTRING("[System]"));
|
||||
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetCertificateID(const char* aID)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetCertificateID(char** aID)
|
||||
{
|
||||
*aID = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetCommonName(char** aName)
|
||||
{
|
||||
*aName = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetCommonName(const char* aName)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetHasCertificate(PRBool* aResult)
|
||||
{
|
||||
*aResult = PR_FALSE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetDomain(nsIURI** aDomain)
|
||||
{
|
||||
*aDomain = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetDomain(nsIURI* aDomain)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
|
||||
{
|
||||
*aSecurityPolicy = nsnull;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
|
||||
{
|
||||
if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
|
||||
mJSPrincipals.nsIPrincipalPtr = this;
|
||||
// No need for a ADDREF since it is a self-reference
|
||||
}
|
||||
|
||||
*jsprin = &mJSPrincipals;
|
||||
JSPRINCIPALS_HOLD(cx, *jsprin);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
//////////////////////////////////////////
|
||||
// Methods implementing nsISerializable //
|
||||
//////////////////////////////////////////
|
||||
|
@ -170,7 +280,7 @@ nsSystemPrincipal::nsSystemPrincipal()
|
|||
{
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsresult
|
||||
nsSystemPrincipal::Init()
|
||||
{
|
||||
char *codebase = nsCRT::strdup("[System Principal]");
|
||||
|
|
|
@ -87,7 +87,7 @@
|
|||
#include "nsNetUtil.h" // for NS_MakeAbsoluteURI
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIPrivateDOMImplementation.h"
|
||||
|
||||
#include "nsIDOMWindowInternal.h"
|
||||
|
@ -848,18 +848,22 @@ nsDocument::GetPrincipal(nsIPrincipal **aPrincipal)
|
|||
NS_IMETHODIMP
|
||||
nsDocument::AddPrincipal(nsIPrincipal *aNewPrincipal)
|
||||
{
|
||||
nsresult rv;
|
||||
NS_PRECONDITION(aNewPrincipal, "Null principal!");
|
||||
|
||||
if (!mPrincipal) {
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = GetPrincipal(getter_AddRefs(principal));
|
||||
nsresult rv = GetPrincipal(getter_AddRefs(principal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
rv = agg->Intersect(aNewPrincipal);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
PRBool hasCert;
|
||||
mPrincipal->GetHasCertificate(&hasCert);
|
||||
if (hasCert) {
|
||||
PRBool equal;
|
||||
mPrincipal->Equals(aNewPrincipal, &equal);
|
||||
if (!equal) {
|
||||
mPrincipal->SetCertificateID(nsnull);
|
||||
}
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
|
|
@ -59,7 +59,6 @@
|
|||
#include "nsIWebShell.h"
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
|
||||
#include "nsIURI.h"
|
||||
#include "nsNetUtil.h"
|
||||
|
@ -191,12 +190,8 @@ nsFrameLoader::LoadFrame()
|
|||
// If we were called from script, get the referring URL from the script
|
||||
|
||||
if (principal) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal));
|
||||
|
||||
if (codebase) {
|
||||
rv = codebase->GetURI(getter_AddRefs(referrer));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
rv = principal->GetURI(getter_AddRefs(referrer));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Pass the script principal to the docshell
|
||||
|
||||
|
|
|
@ -74,7 +74,7 @@
|
|||
#include "nsINameSpaceManager.h"
|
||||
#include "nsContentList.h"
|
||||
#include "nsDOMError.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIDOMMutationEvent.h"
|
||||
#include "nsMutationEvent.h"
|
||||
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
#include "nsIAtom.h"
|
||||
#include "nsIDocument.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsISupportsArray.h"
|
||||
#include "nsContentUtils.h"
|
||||
|
||||
|
|
|
@ -42,10 +42,10 @@
|
|||
#include "nsINodeInfo.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "plhash.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
class nsNodeInfo;
|
||||
class nsIPrincipal;
|
||||
class nsIURI;
|
||||
|
||||
|
||||
class nsNodeInfoManager : public nsINodeInfoManager
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
#include "nsParserCIID.h"
|
||||
#include "nsIHTMLFragmentContentSink.h"
|
||||
#include "nsIEnumerator.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptContext.h"
|
||||
#include "nsIHTMLDocument.h"
|
||||
|
|
|
@ -868,18 +868,16 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
|
|||
if (channel) {
|
||||
nsCOMPtr<nsISupports> owner;
|
||||
channel->GetOwner(getter_AddRefs(owner));
|
||||
nsCOMPtr<nsIPrincipal> prin;
|
||||
|
||||
if (owner) {
|
||||
prin = do_QueryInterface(owner, &rv);
|
||||
}
|
||||
|
||||
rv = mDocument->AddPrincipal(prin);
|
||||
if (NS_FAILED(rv)) {
|
||||
mPendingRequests.RemoveObject(request);
|
||||
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
|
||||
ProcessPendingReqests();
|
||||
return NS_OK;
|
||||
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(owner);
|
||||
|
||||
if (principal) {
|
||||
rv = mDocument->AddPrincipal(principal);
|
||||
if (NS_FAILED(rv)) {
|
||||
mPendingRequests.RemoveObject(request);
|
||||
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
|
||||
ProcessPendingReqests();
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,7 +42,6 @@
|
|||
#include "nsIEventListenerManager.h"
|
||||
#include "jsapi.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIDOMEventReceiver.h"
|
||||
#include "nsIDOM3EventTarget.h"
|
||||
#include "nsHashtable.h"
|
||||
|
|
|
@ -116,8 +116,6 @@
|
|||
#include "nsVoidArray.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsTextFragment.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptGlobalObjectOwner.h"
|
||||
|
@ -5181,25 +5179,16 @@ HTMLContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
|
|||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
docPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase =
|
||||
do_QueryInterface(originalPrincipal, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
if (!codebaseURI) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
char *cookie = ToNewUTF8String(aValue);
|
||||
nsCOMPtr<nsIScriptGlobalObject> globalObj;
|
||||
nsCOMPtr<nsIPrompt> prompt;
|
||||
|
|
|
@ -85,8 +85,7 @@
|
|||
#include "nsIXPConnect.h"
|
||||
#include "nsContentList.h"
|
||||
#include "nsDOMError.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScrollableView.h"
|
||||
|
||||
|
@ -1896,11 +1895,10 @@ nsHTMLDocument::GetDomainURI(nsIURI **aURI)
|
|||
if (NS_FAILED(GetPrincipal(getter_AddRefs(principal))))
|
||||
return;
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
|
||||
if (!codebase)
|
||||
return;
|
||||
|
||||
codebase->GetURI(aURI);
|
||||
principal->GetDomain(aURI);
|
||||
if (!*aURI) {
|
||||
principal->GetURI(aURI);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -1972,27 +1970,10 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain)
|
|||
if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString)))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
// Get codebase principal
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIScriptSecurityManager> securityManager =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
nsCOMPtr<nsIPrincipal> newCodebase;
|
||||
rv = securityManager->GetCodebasePrincipal(newURI,
|
||||
getter_AddRefs(newCodebase));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
rv = agg->SetCodebase(newCodebase);
|
||||
nsresult rv = mPrincipal->SetDomain(newURI);
|
||||
|
||||
// Bug 13871: Frameset spoofing - note that document.domain was set
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
agg->SetDomainChanged(PR_TRUE);
|
||||
mDomainWasSet = PR_TRUE;
|
||||
}
|
||||
|
||||
|
@ -2257,23 +2238,16 @@ nsHTMLDocument::GetCookie(nsAString& aCookie)
|
|||
if (service) {
|
||||
// Get a URI from the document principal. We use the original
|
||||
// codebase in case the codebase was changed by SetDomain
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
if (!codebaseURI) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
|
||||
do_QueryInterface(originalPrincipal, &rv));
|
||||
if (NS_FAILED(rv)) {
|
||||
// Document's principal is not a codebase, so can't get cookies
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsXPIDLCString cookie;
|
||||
rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie));
|
||||
if (NS_SUCCEEDED(rv) && cookie)
|
||||
|
@ -2309,25 +2283,16 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie)
|
|||
}
|
||||
}
|
||||
|
||||
// Get a URI from the document principal. We use the original
|
||||
// codebase in case the codebase was changed by SetDomain
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
if (!codebaseURI) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
|
||||
do_QueryInterface(originalPrincipal, &rv));
|
||||
if (NS_FAILED(rv)) {
|
||||
// Document's principal is not a codebase, so can't set cookies
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = NS_ERROR_OUT_OF_MEMORY;
|
||||
char* cookie = ToNewCString(aCookie);
|
||||
if (cookie) {
|
||||
|
@ -2703,19 +2668,12 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
|
|||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// why is the above code duplicated below???
|
||||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (subject) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
|
||||
if (codebase) {
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
rv = codebase->GetURI(getter_AddRefs(subjectURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
subject->GetURI(getter_AddRefs(subjectURI));
|
||||
|
||||
if (subjectURI) {
|
||||
mDocumentURL = subjectURI;
|
||||
|
||||
mPrincipal = subject;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -98,8 +98,6 @@
|
|||
#include "nsIChannel.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsXBLAtoms.h"
|
||||
#include "nsXMLPrettyPrinter.h"
|
||||
|
||||
|
@ -1082,25 +1080,19 @@ nsXMLContentSink::ProcessHeaderData(nsIAtom* aHeader,const nsAString& aValue,nsI
|
|||
// We use the original codebase in case the codebase was changed by SetDomain
|
||||
nsCOMPtr<nsIPrincipal> docPrincipal;
|
||||
rv = mDocument->GetPrincipal(getter_AddRefs(docPrincipal));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
if (!docPrincipal) return NS_OK;
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
|
||||
// Document principal should always be an aggregate
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> originalPrincipal;
|
||||
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
|
||||
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
|
||||
do_QueryInterface(originalPrincipal, &rv));
|
||||
if (NS_FAILED(rv)) {
|
||||
// Document's principal is not a codebase (may be system), so can't set cookies
|
||||
return NS_OK;
|
||||
if (NS_FAILED(rv) || !docPrincipal) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
docPrincipal->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
if (!codebaseURI) {
|
||||
// Document's principal is not a codebase (may be system), so
|
||||
// can't set cookies
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIScriptGlobalObject> globalObj;
|
||||
nsCOMPtr<nsIPrompt> prompt;
|
||||
|
|
|
@ -76,9 +76,8 @@
|
|||
#include "nsICharsetAlias.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsDOMError.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsLayoutCID.h"
|
||||
#include "nsDOMAttribute.h"
|
||||
#include "nsGUIEvent.h"
|
||||
|
@ -330,21 +329,7 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
|
|||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> newCodebase;
|
||||
rv = secMan->GetCodebasePrincipal(newLocation,
|
||||
getter_AddRefs(newCodebase));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
|
||||
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
rv = agg->SetCodebase(newCodebase);
|
||||
|
||||
return rv;
|
||||
return mPrincipal->SetURI(newLocation);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
|
|
@ -68,7 +68,7 @@
|
|||
#include "nsDOMError.h"
|
||||
#include "nsIBoxObject.h"
|
||||
#include "nsIChromeRegistry.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIContentSink.h" // for NS_CONTENT_ID_COUNTER_BASE
|
||||
#include "nsIScrollableView.h"
|
||||
#include "nsIContentViewer.h"
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
#include "nsIHttpEventSink.h"
|
||||
#include "nsIUploadChannel.h"
|
||||
#include "nsISecurityEventSink.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsDocumentCharsetInfoCID.h"
|
||||
#include "nsICanvasFrame.h"
|
||||
#include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...)
|
||||
|
@ -105,7 +105,6 @@
|
|||
#include "nsIWyciwygChannel.h"
|
||||
|
||||
// The following are for bug #13871: Prevent frameset spoofing
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIHTMLDocument.h"
|
||||
|
||||
// For reporting errors with the console service.
|
||||
|
@ -955,11 +954,8 @@ PRBool ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem, nsIDocShellTreeItem*
|
|||
rv = targetDocument->GetPrincipal(getter_AddRefs(targetPrincipal));
|
||||
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipal, rv);
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> targetCodebasePrincipal(do_QueryInterface(targetPrincipal));
|
||||
NS_ENSURE_TRUE(targetCodebasePrincipal, PR_TRUE);
|
||||
|
||||
nsCOMPtr<nsIURI> targetPrincipalURI;
|
||||
rv = targetCodebasePrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
|
||||
rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
|
||||
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE);
|
||||
|
||||
// Find out if document.domain was set for HTML documents
|
||||
|
|
|
@ -73,7 +73,6 @@
|
|||
#include "nsIWidget.h"
|
||||
#include "nsIBaseWindow.h"
|
||||
#include "nsICharsetConverterManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIContent.h"
|
||||
#include "nsIWebBrowserPrint.h"
|
||||
#include "nsIContentViewerEdit.h"
|
||||
|
@ -4668,12 +4667,13 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl,
|
|||
if (sSecMan) {
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
nsCOMPtr<nsICodebasePrincipal> codebasePrin(do_QueryInterface(principal));
|
||||
if (codebasePrin) {
|
||||
if (principal) {
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
codebasePrin->GetURI(getter_AddRefs(subjectURI));
|
||||
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
|
||||
domReturnPrivate->SetOpenerScriptURL(subjectURI);
|
||||
principal->GetURI(getter_AddRefs(subjectURI));
|
||||
if (subjectURI) {
|
||||
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
|
||||
domReturnPrivate->SetOpenerScriptURL(subjectURI);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -628,7 +628,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
|
|||
JSPrincipals *jsprin;
|
||||
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
|
||||
if (aPrincipal) {
|
||||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
aPrincipal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIScriptGlobalObject> global;
|
||||
|
@ -641,7 +641,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
|
|||
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
principal->GetJSPrincipals(&jsprin);
|
||||
principal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
|
||||
|
||||
|
@ -806,7 +806,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
|
|||
JSPrincipals *jsprin;
|
||||
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
|
||||
if (aPrincipal) {
|
||||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
aPrincipal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIScriptGlobalObject> global;
|
||||
|
@ -819,7 +819,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
|
|||
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
principal->GetJSPrincipals(&jsprin);
|
||||
principal->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
|
||||
|
||||
|
@ -919,7 +919,7 @@ nsJSContext::CompileScript(const PRUnichar* aText,
|
|||
aScopeObject = ::JS_GetGlobalObject(mContext);
|
||||
|
||||
JSPrincipals *jsprin;
|
||||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
aPrincipal->GetJsPrincipals(&jsprin);
|
||||
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
|
||||
|
||||
PRBool ok = PR_FALSE;
|
||||
|
@ -1093,7 +1093,7 @@ nsJSContext::CompileEventHandler(void *aTarget, nsIAtom *aName,
|
|||
getter_AddRefs(prin));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
prin->GetJSPrincipals(&jsprin);
|
||||
prin->GetJsPrincipals(&jsprin);
|
||||
NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE);
|
||||
}
|
||||
|
||||
|
@ -1146,7 +1146,7 @@ nsJSContext::CompileFunction(void* aTarget,
|
|||
nsCOMPtr<nsIPrincipal> prin;
|
||||
if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(prin))))
|
||||
return NS_ERROR_FAILURE;
|
||||
prin->GetJSPrincipals(&jsprin);
|
||||
prin->GetJsPrincipals(&jsprin);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -58,7 +58,6 @@
|
|||
#include "nsEscape.h"
|
||||
#include "nsJSUtils.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIDOMWindow.h"
|
||||
#include "nsIDOMDocument.h"
|
||||
#include "nsIDocument.h"
|
||||
|
|
|
@ -55,7 +55,6 @@
|
|||
#include "nsIScriptGlobalObjectOwner.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIInterfaceRequestor.h"
|
||||
#include "nsIInterfaceRequestorUtils.h"
|
||||
#include "nsIStringStream.h"
|
||||
|
@ -230,32 +229,21 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel)
|
|||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
PRBool equals = PR_FALSE;
|
||||
if ((NS_FAILED(objectPrincipal->Equals(principal, &equals)) || !equals)) {
|
||||
// If the principals aren't equal
|
||||
|
||||
nsCOMPtr<nsIPrincipal> systemPrincipal;
|
||||
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
|
||||
if (principal.get() != systemPrincipal.get()) {
|
||||
// and the script to be run does not have the system principal
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal>
|
||||
objectCodebase(do_QueryInterface(objectPrincipal));
|
||||
nsXPIDLCString objectOrigin;
|
||||
rv = objectCodebase->GetOrigin(getter_Copies(objectOrigin));
|
||||
if (PL_strcmp("about:blank", objectOrigin) != 0) {
|
||||
// and the target window is not about:blank, then
|
||||
// don't run the script. Print a message to the console and
|
||||
// return undefined.
|
||||
|
||||
nsCOMPtr<nsIConsoleService>
|
||||
console(do_GetService("@mozilla.org/consoleservice;1"));
|
||||
if (console) {
|
||||
console->LogStringMessage(
|
||||
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
|
||||
}
|
||||
return NS_ERROR_DOM_RETVAL_UNDEFINED;
|
||||
nsCOMPtr<nsIPrincipal> systemPrincipal;
|
||||
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
|
||||
if (principal != systemPrincipal) {
|
||||
rv = securityManager->CheckSameOriginPrincipal(principal,
|
||||
objectPrincipal);
|
||||
if (NS_FAILED(rv)) {
|
||||
nsCOMPtr<nsIConsoleService> console =
|
||||
do_GetService("@mozilla.org/consoleservice;1");
|
||||
if (console) {
|
||||
// XXX Localize me!
|
||||
console->LogStringMessage(
|
||||
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
|
||||
}
|
||||
|
||||
return NS_ERROR_DOM_RETVAL_UNDEFINED;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -300,9 +288,9 @@ nsresult nsJSThunk::BringUpConsole(nsIDOMWindow *aDomWindow)
|
|||
nsresult rv;
|
||||
|
||||
// First, get the Window Mediator service.
|
||||
nsCOMPtr<nsIWindowMediator> windowMediator;
|
||||
nsCOMPtr<nsIWindowMediator> windowMediator =
|
||||
do_GetService(kWindowMediatorCID, &rv);
|
||||
|
||||
windowMediator = do_GetService(kWindowMediatorCID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
// Next, find out whether there's a console already open.
|
||||
|
|
|
@ -404,7 +404,7 @@ MozAxAutoPushJSContext::MozAxAutoPushJSContext(JSContext *cx,
|
|||
if (NS_SUCCEEDED(mPushResult))
|
||||
{
|
||||
JSPrincipals* jsprinc;
|
||||
principal->GetJSPrincipals(&jsprinc);
|
||||
principal->GetJsPrincipals(&jsprinc);
|
||||
|
||||
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
|
||||
jsprinc, "", 0, "", 1);
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
// XPConnect includes
|
||||
#include "nsIXPConnect.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
// XPCOM includes
|
||||
#include "nsIServiceManager.h"
|
||||
|
@ -813,10 +813,7 @@ nsSchemaLoader::GetResolvedURI(const nsAString& aSchemaURI,
|
|||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
|
||||
if (codebase) {
|
||||
codebase->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
principal->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
|
||||
rv = NS_NewURI(aURI, aSchemaURI, nsnull, baseURI);
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
#include "nsIDOMNodeList.h"
|
||||
#include "nsIDOMAttr.h"
|
||||
#include "nsIDOMNamedNodeMap.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURL.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
|
@ -260,13 +260,7 @@ nsWebScriptsAccess::GetCodebaseURI(nsIURI** aCodebase)
|
|||
rv = mSecurityManager->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal, &rv));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = codebase->GetURI(aCodebase);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_OK;
|
||||
return principal->GetURI(aCodebase);
|
||||
}
|
||||
|
||||
nsresult
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
#include "nsIURI.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIVariant.h"
|
||||
#include "nsString.h"
|
||||
#include "nsSOAPUtils.h"
|
||||
|
@ -57,7 +57,6 @@
|
|||
#include "nsIWebScriptsAccessService.h"
|
||||
#include "nsMemory.h"
|
||||
#include "nsIDocument.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
|
||||
nsHTTPSOAPTransport::nsHTTPSOAPTransport()
|
||||
{
|
||||
|
@ -123,23 +122,15 @@ nsresult ChangePrincipal(nsIDOMDocument* aDocument)
|
|||
rv = secMgr->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> subjectAgg =
|
||||
do_QueryInterface(subjectPrincipal, &rv);
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
rv = subjectPrincipal->GetURI(getter_AddRefs(subjectURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> subjectCodebase;
|
||||
rv = subjectAgg->GetOriginalCodebase(getter_AddRefs(subjectCodebase));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
||||
nsCOMPtr<nsIPrincipal> targetPrincipal;
|
||||
rv = targetDoc->GetPrincipal(getter_AddRefs(targetPrincipal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIAggregatePrincipal> targetAgg =
|
||||
do_QueryInterface(targetPrincipal, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = targetAgg->SetCodebase(subjectCodebase);
|
||||
rv = targetPrincipal->SetURI(subjectURI);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -216,24 +207,20 @@ static nsresult GetTransportURI(nsISOAPCall * aCall, nsAString & aURI)
|
|||
"SOAP_INVOKE_VERIFY_PRINCIPAL",
|
||||
"Source-verified message cannot be sent without principal.");
|
||||
}
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal,&rc);
|
||||
if (NS_FAILED(rc))
|
||||
return rc;
|
||||
|
||||
if (!codebase) {
|
||||
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
principal->GetURI(getter_AddRefs(uri));
|
||||
if (!uri) {
|
||||
return SOAP_EXCEPTION(NS_ERROR_FAILURE,
|
||||
"SOAP_INVOKE_VERIFY_CODEBASE",
|
||||
"Source-verified message cannot be sent without codebase.");
|
||||
"SOAP_INVOKE_VERIFY_URI",
|
||||
"Source-verified message cannot be sent without URI.");
|
||||
}
|
||||
|
||||
char* str;
|
||||
|
||||
rc = codebase->GetSpec(&str);
|
||||
nsCAutoString spec;
|
||||
rc = uri->GetSpec(spec);
|
||||
if (NS_FAILED(rc))
|
||||
return rc;
|
||||
CopyASCIItoUCS2(nsDependentCString(str), sourceURI);
|
||||
nsMemory::Free(str);
|
||||
|
||||
CopyASCIItoUCS2(spec, sourceURI);
|
||||
}
|
||||
|
||||
// Adding a header to tell the server that it must understand and verify the source of the call
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
// XPConnect includes
|
||||
#include "nsIXPConnect.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
// XPCOM includes
|
||||
#include "nsIServiceManager.h"
|
||||
|
@ -218,10 +218,7 @@ nsWSDLLoader::GetResolvedURI(const nsAString& aWSDLURI, const char* aMethod,
|
|||
nsCOMPtr<nsIPrincipal> principal;
|
||||
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
|
||||
if (codebase) {
|
||||
codebase->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
principal->GetURI(getter_AddRefs(baseURI));
|
||||
}
|
||||
|
||||
rv = NS_NewURI(aURI, aWSDLURI, nsnull, baseURI);
|
||||
|
|
|
@ -50,7 +50,6 @@
|
|||
|
||||
#include "nsIJSContextStack.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
|
||||
nsDOMSerializer::nsDOMSerializer()
|
||||
|
@ -156,11 +155,8 @@ nsresult CheckSameOrigin(nsIDOMNode *aRoot)
|
|||
|
||||
doc->GetPrincipal(getter_AddRefs(principal));
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase_principal =
|
||||
do_QueryInterface(principal);
|
||||
|
||||
if (codebase_principal) {
|
||||
codebase_principal->GetURI(getter_AddRefs(root_uri));
|
||||
if (principal) {
|
||||
principal->GetURI(getter_AddRefs(root_uri));
|
||||
}
|
||||
|
||||
if (root_uri) {
|
||||
|
|
|
@ -210,7 +210,7 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports,
|
|||
if (!hasScript)
|
||||
{
|
||||
JSPrincipals* jsprinc;
|
||||
principal->GetJSPrincipals(&jsprinc);
|
||||
principal->GetJsPrincipals(&jsprinc);
|
||||
|
||||
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
|
||||
jsprinc, "", 0, "", 1);
|
||||
|
|
|
@ -268,7 +268,7 @@ EvalInSandbox(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
|
|||
NS_FAILED(secman->GetCodebasePrincipal(iURL,
|
||||
getter_AddRefs(principal))) ||
|
||||
!principal ||
|
||||
NS_FAILED(principal->GetJSPrincipals(&jsPrincipals)) ||
|
||||
NS_FAILED(principal->GetJsPrincipals(&jsPrincipals)) ||
|
||||
!jsPrincipals) {
|
||||
JS_ReportError(cx, "Can't get principals for evalInSandbox");
|
||||
return JS_FALSE;
|
||||
|
@ -996,7 +996,7 @@ mozJSComponentLoader::GlobalForLocation(const char *aLocation,
|
|||
nsCOMPtr<nsIScriptObjectPrincipal> backstagePass =
|
||||
new BackstagePass(mSystemPrincipal);
|
||||
|
||||
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
|
||||
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
|
||||
if (NS_FAILED(rv) || !jsPrincipals)
|
||||
return nsnull;
|
||||
|
||||
|
|
|
@ -299,7 +299,7 @@ mozJSSubScriptLoader::LoadSubScript (const PRUnichar * /*url*/
|
|||
/* we can't hold onto jsPrincipals as a module var because the
|
||||
* JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the
|
||||
* destructor */
|
||||
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
|
||||
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
|
||||
if (NS_FAILED(rv) || !jsPrincipals) {
|
||||
delete[] buf;
|
||||
return rv;
|
||||
|
|
|
@ -76,7 +76,6 @@
|
|||
#include "nsLayoutAtoms.h"
|
||||
#include "nsIChromeEventHandler.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsIScrollable.h"
|
||||
#include "nsINameSpaceManager.h"
|
||||
|
|
|
@ -76,7 +76,6 @@
|
|||
#include "nsLayoutAtoms.h"
|
||||
#include "nsIChromeEventHandler.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsIScrollable.h"
|
||||
#include "nsINameSpaceManager.h"
|
||||
|
|
|
@ -22,12 +22,11 @@
|
|||
#include "nsMimeTypes.h"
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIFileURL.h"
|
||||
#include "nsIJAR.h"
|
||||
|
||||
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
|
||||
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
@ -424,22 +423,28 @@ nsJARChannel::GetOwner(nsISupports **result)
|
|||
if (cert) {
|
||||
// Get the codebase principal
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(kScriptSecurityManagerCID, &rv);
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> codebase;
|
||||
rv = secMan->GetCodebasePrincipal(mJarBaseURI,
|
||||
getter_AddRefs(codebase));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
codebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
nsCOMPtr<nsIURI> domainURI;
|
||||
codebase->GetDomain(getter_AddRefs(domainURI));
|
||||
|
||||
// Join the certificate and the codebase
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
|
||||
rv = cert->SetURI(codebaseURI);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = agg->SetCodebase(codebase);
|
||||
rv = cert->SetDomain(domainURI);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
mOwner = do_QueryInterface(agg, &rv);
|
||||
mOwner = do_QueryInterface(cert, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
NS_ADDREF(*result = mOwner);
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
#include "nsString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIStringBundle.h"
|
||||
#include "prefapi.h"
|
||||
#include "prmem.h"
|
||||
|
@ -68,8 +68,6 @@ struct PrefCallbackData {
|
|||
};
|
||||
|
||||
|
||||
static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
|
||||
|
||||
// Prototypes
|
||||
extern PrefResult pref_UnlockPref(const char *key);
|
||||
PR_STATIC_CALLBACK(PLDHashOperator)
|
||||
|
@ -897,7 +895,7 @@ nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **
|
|||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(kSecurityManagerCID, &rv);
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
PRBool enabled;
|
||||
|
||||
if (NS_FAILED(rv))
|
||||
|
|
|
@ -45,7 +45,6 @@
|
|||
#include "nsIServiceManager.h"
|
||||
#include "nsIJSContextStack.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICodebasePrincipal.h"
|
||||
#include "nsIScriptContext.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptObjectPrincipal.h"
|
||||
|
@ -70,9 +69,7 @@ static nsresult getScriptCodebase(JSContext* cx, nsIURI* *result)
|
|||
nsCOMPtr<nsIPrincipal> principal;
|
||||
scriptObjectPrincipal->GetPrincipal(getter_AddRefs(principal));
|
||||
if (principal) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebasePrincipal = do_QueryInterface(principal);
|
||||
if (codebasePrincipal)
|
||||
return codebasePrincipal->GetURI(result);
|
||||
return principal->GetURI(result);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -358,7 +358,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
|
|||
rv = ssm->GetCodebasePrincipal(codebaseURI, getter_AddRefs(principal));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
JSPrincipals* jsprincipals;
|
||||
principal->GetJSPrincipals(&jsprincipals);
|
||||
principal->GetJsPrincipals(&jsprincipals);
|
||||
return jsprincipals;
|
||||
}
|
||||
}
|
||||
|
@ -368,7 +368,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
|
|||
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(credentials);
|
||||
if (principal) {
|
||||
JSPrincipals* jsprincipals;
|
||||
principal->GetJSPrincipals(&jsprincipals);
|
||||
principal->GetJsPrincipals(&jsprincipals);
|
||||
return jsprincipals;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -54,14 +54,11 @@
|
|||
// For GetOrigin()
|
||||
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "nsSystemPrincipal.h"
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsIScriptObjectPrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsCRT.h"
|
||||
|
||||
#include "nsTraceRefcnt.h"
|
||||
|
@ -162,39 +159,27 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen)
|
|||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(m_pPrincipal);
|
||||
if (!codebase)
|
||||
nsXPIDLCString origin;
|
||||
m_pPrincipal->GetOrigin(getter_Copies(origin));
|
||||
|
||||
if (origin.IsEmpty()) {
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
char* origin=nsnull;
|
||||
codebase->GetOrigin(&origin);
|
||||
|
||||
if (origin) {
|
||||
PRInt32 originlen = (PRInt32) strlen(origin);
|
||||
if (!buf || buflen<=originlen) {
|
||||
if (origin) {
|
||||
nsCRT::free(origin);
|
||||
}
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
// Copy the string into to user supplied buffer. Is there a better
|
||||
// way to do this?
|
||||
|
||||
memcpy(buf,origin,originlen);
|
||||
buf[originlen]=nsnull; // Gotta terminate it.
|
||||
nsCRT::free(origin);
|
||||
} else {
|
||||
*buf = nsnull;
|
||||
}
|
||||
|
||||
// Copy the string into to user supplied buffer. Is there a better
|
||||
// way to do this?
|
||||
|
||||
PRInt32 originlen = origin.Length();
|
||||
memcpy(buf, origin, originlen);
|
||||
buf[originlen] = nsnull; // Gotta terminate it.
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_METHOD
|
||||
nsCSecurityContext::GetCertificateID(char* buf, int buflen)
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> principal = NULL;
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
|
||||
// Get the Script Security Manager.
|
||||
|
||||
|
@ -203,28 +188,19 @@ nsCSecurityContext::GetCertificateID(char* buf, int buflen)
|
|||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv) || !secMan) return NS_ERROR_FAILURE;
|
||||
|
||||
|
||||
secMan->GetSubjectPrincipal(getter_AddRefs(principal));
|
||||
nsCOMPtr<nsICertificatePrincipal> cprincipal = do_QueryInterface(principal);
|
||||
if (!cprincipal)
|
||||
|
||||
nsXPIDLCString certificate;
|
||||
principal->GetCertificateID(getter_Copies(certificate));
|
||||
|
||||
PRInt32 certlen = certificate.Length();
|
||||
if (buflen <= certlen) {
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
char* certificate = nsnull;
|
||||
cprincipal->GetCertificateID(&certificate);
|
||||
|
||||
if (certificate) {
|
||||
PRInt32 certlen = (PRInt32) strlen(certificate);
|
||||
if( buflen<=certlen ) {
|
||||
nsCRT::free(certificate);
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
memcpy(buf,certificate,certlen);
|
||||
buf[certlen]=nsnull;
|
||||
nsCRT::free(certificate);
|
||||
} else {
|
||||
*buf = nsnull;
|
||||
}
|
||||
|
||||
memcpy(buf, certificate.get(), certlen);
|
||||
buf[certlen] = nsnull;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -68,14 +68,10 @@
|
|||
#include "nspr.h"
|
||||
#include "plstr.h"
|
||||
#include "nsCOMPtr.h"
|
||||
//#include "nsJSPrincipals.h"
|
||||
//#include "nsSystemPrincipal.h"
|
||||
//#include "nsCodebasePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
|
||||
//#include "nsScriptSecurityManager.h"
|
||||
|
||||
extern "C" int XP_PROGRESS_STARTING_JAVA;
|
||||
extern "C" int XP_PROGRESS_STARTING_JAVA_DONE;
|
||||
|
@ -971,15 +967,8 @@ nsJVMManager::IsAllPermissionGranted(
|
|||
rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal);
|
||||
if (NS_FAILED(rv)) return PR_FALSE;
|
||||
|
||||
// Get the nsICertificatePrincipal interface so that we can set the
|
||||
// common name. The common name is a user meaningful string.
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> pICertificate = do_QueryInterface(pIPrincipal, &rv);
|
||||
if (NS_FAILED(rv) || !pICertificate) return PR_FALSE;
|
||||
|
||||
// Set the common name.
|
||||
|
||||
rv = pICertificate->SetCommonName(lastCN);
|
||||
rv = pIPrincipal->SetCommonName(lastCN);
|
||||
|
||||
PRInt16 ret;
|
||||
|
||||
|
|
|
@ -22,12 +22,11 @@
|
|||
#include "nsMimeTypes.h"
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIAggregatePrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIFileURL.h"
|
||||
#include "nsIJAR.h"
|
||||
|
||||
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
|
||||
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
@ -424,22 +423,28 @@ nsJARChannel::GetOwner(nsISupports **result)
|
|||
if (cert) {
|
||||
// Get the codebase principal
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(kScriptSecurityManagerCID, &rv);
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> codebase;
|
||||
rv = secMan->GetCodebasePrincipal(mJarBaseURI,
|
||||
getter_AddRefs(codebase));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
codebase->GetURI(getter_AddRefs(codebaseURI));
|
||||
|
||||
nsCOMPtr<nsIURI> domainURI;
|
||||
codebase->GetDomain(getter_AddRefs(domainURI));
|
||||
|
||||
// Join the certificate and the codebase
|
||||
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
|
||||
rv = cert->SetURI(codebaseURI);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
rv = agg->SetCodebase(codebase);
|
||||
rv = cert->SetDomain(domainURI);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
mOwner = do_QueryInterface(agg, &rv);
|
||||
mOwner = do_QueryInterface(cert, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
NS_ADDREF(*result = mOwner);
|
||||
|
|
|
@ -47,12 +47,12 @@
|
|||
#include "nsIPrompt.h"
|
||||
#include "nsIFilePicker.h"
|
||||
#include "nsJSPrincipals.h"
|
||||
#include "nsScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsIGenKeypairInfoDlg.h"
|
||||
#include "nsIDOMCryptoDialogs.h"
|
||||
#include "jsapi.h"
|
||||
#include "jsdbgapi.h"
|
||||
#include <ctype.h>
|
||||
#include "nsReadableUtils.h"
|
||||
#include "pk11func.h"
|
||||
|
@ -1788,7 +1788,7 @@ nsCryptoRunnable::Run()
|
|||
nsNSSShutDownPreventionLock locker;
|
||||
JSPrincipals *principals;
|
||||
|
||||
nsresult rv = m_args->m_principals->GetJSPrincipals(&principals);
|
||||
nsresult rv = m_args->m_principals->GetJsPrincipals(&principals);
|
||||
if (NS_FAILED(rv))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
|
|
@ -28,7 +28,6 @@
|
|||
#include "nsIDOMPkcs11.h"
|
||||
#include "nsString.h"
|
||||
#include "jsapi.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
#define NS_CRYPTO_CLASSNAME "Crypto JavaScript Class"
|
||||
#define NS_CRYPTO_CID \
|
||||
|
@ -43,6 +42,7 @@
|
|||
class nsIPSMComponent;
|
||||
class nsIDOMScriptObjectFactory;
|
||||
class nsIEventQueue;
|
||||
class nsIPrincipal;
|
||||
|
||||
|
||||
class nsCRMFObject : public nsIDOMCRMFObject
|
||||
|
|
|
@ -58,7 +58,6 @@
|
|||
#include "nsIWindowWatcher.h"
|
||||
#include "nsIPrompt.h"
|
||||
#include "nsProxiedService.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsIDateTimeFormat.h"
|
||||
#include "prtypes.h"
|
||||
|
@ -1461,13 +1460,11 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
|
|||
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), aPrincipal);
|
||||
if (NS_FAILED(rv2) || !*aPrincipal) return rv2;
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certPrincipal = do_QueryInterface(*aPrincipal, &rv2);
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
nsAutoString orgName;
|
||||
rv2 = pCert->GetOrganization(orgName);
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
NS_LossyConvertUCS2toASCII orgNameStr(orgName);
|
||||
rv2 = certPrincipal->SetCommonName(orgNameStr.get());
|
||||
rv2 = (*aPrincipal)->SetCommonName(orgNameStr.get());
|
||||
if (NS_FAILED(rv2)) return rv2;
|
||||
}
|
||||
|
||||
|
|
|
@ -42,6 +42,10 @@
|
|||
#include "nsIServiceManager.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
#include "nsIInputStream.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsPICertNotification.h"
|
||||
|
||||
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
|
|
|
@ -36,11 +36,12 @@
|
|||
#include "nsCOMPtr.h"
|
||||
#include "nsIStreamListener.h"
|
||||
#include "nsString.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsPICertNotification.h"
|
||||
|
||||
class nsISignatureVerifier;
|
||||
class nsIPrincipal;
|
||||
class nsIURI;
|
||||
class nsPICertNotification;
|
||||
|
||||
|
||||
class CertReader : public nsIStreamListener
|
||||
{
|
||||
|
|
|
@ -55,7 +55,6 @@
|
|||
|
||||
#include "nsIJAR.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
|
||||
static NS_DEFINE_CID(kSoftwareUpdateCID, NS_SoftwareUpdate_CID);
|
||||
static NS_DEFINE_CID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
|
||||
|
@ -82,8 +81,9 @@ nsresult VerifySigning(nsIZipReader* hZip, nsIPrincipal* aPrincipal)
|
|||
if (!aPrincipal)
|
||||
return NS_OK; // not signed, but not an error
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
|
||||
if (!cp)
|
||||
PRBool hasCert;
|
||||
aPrincipal->GetHasCertificate(&hasCert);
|
||||
if (!hasCert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIJAR> jar(do_QueryInterface(hZip));
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/*
|
||||
* The contents of this file are subject to the Netscape Public
|
||||
* License Version 1.1 (the "License"); you may not use this file
|
||||
|
@ -27,7 +27,6 @@
|
|||
#include "nsDebug.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsIEventQueueService.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
|
||||
static NS_DEFINE_IID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
|
||||
|
||||
|
@ -93,15 +92,17 @@ PRBool nsXPITriggerItem::IsRelativeURL()
|
|||
void
|
||||
nsXPITriggerItem::SetPrincipal(nsIPrincipal* aPrincipal)
|
||||
{
|
||||
mPrincipal = aPrincipal;
|
||||
mPrincipal = aPrincipal;
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
|
||||
if (cp) {
|
||||
nsXPIDLCString cName;
|
||||
cp->GetCommonName(getter_Copies(cName));
|
||||
mCertName = NS_ConvertUTF8toUCS2(cName);
|
||||
}
|
||||
PRBool hasCert;
|
||||
aPrincipal->GetHasCertificate(&hasCert);
|
||||
if (hasCert) {
|
||||
nsXPIDLCString cName;
|
||||
aPrincipal->GetCommonName(getter_Copies(cName));
|
||||
mCertName = NS_ConvertUTF8toUCS2(cName);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// nsXPITriggerInfo
|
||||
//
|
||||
|
|
Загрузка…
Ссылка в новой задаче