diff --git a/mozilla/caps/idl/nsIAggregatePrincipal.idl b/mozilla/caps/idl/nsIAggregatePrincipal.idl index cddc6fee73f..a6b3c4858d2 100644 --- a/mozilla/caps/idl/nsIAggregatePrincipal.idl +++ b/mozilla/caps/idl/nsIAggregatePrincipal.idl @@ -34,6 +34,7 @@ interface nsIAggregatePrincipal : nsISupports { attribute nsIPrincipal certificate; attribute nsIPrincipal codebase; + readonly attribute nsIPrincipal primaryChild; void intersect(in nsIPrincipal other); }; diff --git a/mozilla/caps/include/nsAggregatePrincipal.h b/mozilla/caps/include/nsAggregatePrincipal.h index 0051885e41e..14115995e74 100644 --- a/mozilla/caps/include/nsAggregatePrincipal.h +++ b/mozilla/caps/include/nsAggregatePrincipal.h @@ -47,8 +47,8 @@ public: NS_DEFINE_STATIC_CID_ACCESSOR(NS_AGGREGATEPRINCIPAL_CID) NS_DECL_ISUPPORTS NS_DECL_NSIAGGREGATEPRINCIPAL - NS_FORWARD_NSICERTIFICATEPRINCIPAL(mCertificate->) - NS_FORWARD_NSICODEBASEPRINCIPAL(mCodebase->) + NS_DECL_NSICERTIFICATEPRINCIPAL + NS_DECL_NSICODEBASEPRINCIPAL NS_IMETHOD ToString(char **result); @@ -89,21 +89,8 @@ public: virtual ~nsAggregatePrincipal(void); protected: - /* mCertificate and mCodebase have the same lifetime - as the nsCOMPtrs mCertificatePrincipal and - mCodebasePrincipal, so they are not refcounted. - */ - nsCOMPtr mCertificatePrincipal; - nsICertificatePrincipal* mCertificate; - nsCOMPtr mCodebasePrincipal; - nsICodebasePrincipal* mCodebase; - - /* This is the member principal (normally the certificate) - which will handle the privilege checking and persistence - behavior of the aggregate. - */ - nsCOMPtr mMasterPrincipal; - + nsCOMPtr mCertificate; + nsCOMPtr mCodebase; }; #endif // _NS_AGGREGATE_PRINCIPAL_H_ diff --git a/mozilla/caps/src/nsAggregatePrincipal.cpp b/mozilla/caps/src/nsAggregatePrincipal.cpp index 40e9a09eb68..49a487307b4 100644 --- a/mozilla/caps/src/nsAggregatePrincipal.cpp +++ b/mozilla/caps/src/nsAggregatePrincipal.cpp @@ -24,8 +24,9 @@ /*describes principals which combine one or more principals*/ #include "nsAggregatePrincipal.h" +#include "nsIURI.h" ////////////////////// -static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID); +static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID); NS_IMPL_QUERY_INTERFACE4(nsAggregatePrincipal, nsIAggregatePrincipal, nsICertificatePrincipal, nsICodebasePrincipal, nsIPrincipal) @@ -33,13 +34,95 @@ NS_IMPL_QUERY_INTERFACE4(nsAggregatePrincipal, nsIAggregatePrincipal, NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal); NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal); +////////////////////////////////////////////////// +// Methods implementing nsICertificatePrincipal // +////////////////////////////////////////////////// +NS_IMETHODIMP +nsAggregatePrincipal::GetIssuerName(char** aIssuerName) +{ + if (!mCertificate) + { + aIssuerName = nsnull; + return NS_ERROR_FAILURE; + } + + nsCOMPtr certificate = do_QueryInterface(mCertificate); + return certificate->GetIssuerName(aIssuerName); +} + +NS_IMETHODIMP +nsAggregatePrincipal::GetSerialNumber(char** aSerialNumber) +{ + if (!mCertificate) + { + *aSerialNumber = nsnull; + return NS_ERROR_FAILURE; + } + + nsCOMPtr certificate = do_QueryInterface(mCertificate); + return certificate->GetSerialNumber(aSerialNumber); +} + +NS_IMETHODIMP +nsAggregatePrincipal::GetCompanyName(char** aCompanyName) +{ + if (!mCertificate) + { + *aCompanyName = nsnull; + return NS_ERROR_FAILURE; + } + + nsCOMPtr certificate = do_QueryInterface(mCertificate); + return certificate->GetCompanyName(aCompanyName); +} + +/////////////////////////////////////////////// +// Methods implementing nsICodebasePrincipal // +/////////////////////////////////////////////// +NS_IMETHODIMP +nsAggregatePrincipal::GetURI(nsIURI** aURI) +{ + if (!mCodebase) + { + *aURI = nsnull; + return NS_ERROR_FAILURE; + } + + nsCOMPtr codebase = do_QueryInterface(mCodebase); + return codebase->GetURI(aURI); +} + +NS_IMETHODIMP +nsAggregatePrincipal::GetOrigin(char** aOrigin) +{ + if (!mCodebase) + { + *aOrigin = nsnull; + return NS_ERROR_FAILURE; + } + + nsCOMPtr codebase = do_QueryInterface(mCodebase); + return codebase->GetOrigin(aOrigin); +} + +NS_IMETHODIMP +nsAggregatePrincipal::SameOrigin(nsIPrincipal* other, PRBool* result) +{ + if (!mCodebase) + return NS_ERROR_FAILURE; + + nsCOMPtr codebase = do_QueryInterface(mCodebase); + return codebase->SameOrigin(other, result); +} + + //////////////////////////////////////////////// // Methods implementing nsIAggregatePrincipal // //////////////////////////////////////////////// NS_IMETHODIMP nsAggregatePrincipal::GetCertificate(nsIPrincipal** result) { - *result = mCertificatePrincipal; + *result = mCertificate; NS_IF_ADDREF(*result); return NS_OK; } @@ -47,7 +130,7 @@ nsAggregatePrincipal::GetCertificate(nsIPrincipal** result) NS_IMETHODIMP nsAggregatePrincipal::GetCodebase(nsIPrincipal** result) { - *result = mCodebasePrincipal; + *result = mCodebase; NS_IF_ADDREF(*result); return NS_OK; } @@ -55,36 +138,56 @@ nsAggregatePrincipal::GetCodebase(nsIPrincipal** result) NS_IMETHODIMP nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate) { - if(!aCertificate) + nsresult rv; + //-- Make sure this really is a certificate principal + if (aCertificate) { - mCertificate = nsnull; - mCertificatePrincipal = nsnull; - mMasterPrincipal = mCodebasePrincipal; - return NS_OK; + nsCOMPtr tempCertificate = + do_QueryInterface(aCertificate, &rv); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; } - if (NS_FAILED(aCertificate->QueryInterface(NS_GET_IID(nsICertificatePrincipal), - (void**)&mCertificate))) - return NS_ERROR_FAILURE; - mCertificatePrincipal = aCertificate; - mMasterPrincipal = aCertificate; + + //-- If aCertificate is an aggregate, get its underlying certificate + nsCOMPtr agg = + do_QueryInterface(aCertificate, &rv); + if (NS_SUCCEEDED(rv)) + { + nsCOMPtr underlying; + rv = agg->GetCertificate(getter_AddRefs(underlying)); + if (NS_FAILED(rv)) return NS_ERROR_FAILURE; + mCertificate = underlying.get(); + } + else + mCertificate = aCertificate; return NS_OK; } NS_IMETHODIMP nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase) { - if(!aCodebase) + nsresult rv; + //-- Make sure this really is a codebase principal + if (aCodebase) { - mCodebase = nsnull; - mCodebasePrincipal = nsnull; - return NS_OK; + nsCOMPtr tempCodebase = + do_QueryInterface(aCodebase, &rv); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; } - if (NS_FAILED(aCodebase->QueryInterface(NS_GET_IID(nsICodebasePrincipal), - (void**)&mCodebase))) - return NS_ERROR_FAILURE; - mCodebasePrincipal = aCodebase; - if (!mCertificatePrincipal) - mMasterPrincipal = aCodebase; + + //-- If aCodebase is an aggregate, get its underlying codebase + nsCOMPtr agg = + do_QueryInterface(aCodebase, &rv); + if (NS_SUCCEEDED(rv)) + { + nsCOMPtr underlying; + rv = agg->GetCodebase(getter_AddRefs(underlying)); + if (NS_FAILED(rv)) return NS_ERROR_FAILURE; + mCodebase = underlying.get(); + } + else + mCodebase = aCodebase; return NS_OK; } @@ -94,7 +197,7 @@ nsAggregatePrincipal::Intersect(nsIPrincipal* other) NS_ASSERTION(mCodebase, "Principal without codebase"); PRBool sameCert = PR_FALSE; - if (NS_FAILED(mCertificatePrincipal->Equals(other, &sameCert))) + if (NS_FAILED(mCertificate->Equals(other, &sameCert))) return NS_ERROR_FAILURE; if (!sameCert) SetCertificate(nsnull); @@ -107,13 +210,19 @@ nsAggregatePrincipal::Intersect(nsIPrincipal* other) NS_IMETHODIMP nsAggregatePrincipal::ToString(char **result) { - return mMasterPrincipal->ToString(result); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->ToString(result); } NS_IMETHODIMP nsAggregatePrincipal::ToUserVisibleString(char **result) { - return mMasterPrincipal->ToUserVisibleString(result); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->ToUserVisibleString(result); } NS_IMETHODIMP @@ -138,9 +247,9 @@ nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result) //-- Two aggregates are equal if both codebase and certificate are equal *result = PR_FALSE; PRBool certEqual, cbEqual; - rv = mCertificatePrincipal->Equals(other, &certEqual); + rv = mCertificate->Equals(other, &certEqual); if(NS_FAILED(rv)) return rv; - rv = mCodebasePrincipal->Equals(other, &cbEqual); + rv = mCodebase->Equals(other, &cbEqual); if(NS_FAILED(rv)) return rv; *result = certEqual && cbEqual; return NS_OK; @@ -149,60 +258,102 @@ nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result) NS_IMETHODIMP nsAggregatePrincipal::HashValue(PRUint32 *result) { - return mMasterPrincipal->HashValue(result); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->HashValue(result); } NS_IMETHODIMP nsAggregatePrincipal::CanEnableCapability(const char *capability, PRInt16 *result) { - return mMasterPrincipal->CanEnableCapability(capability, result); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->CanEnableCapability(capability, result); } NS_IMETHODIMP nsAggregatePrincipal::SetCanEnableCapability(const char *capability, PRInt16 canEnable) { - return mMasterPrincipal->SetCanEnableCapability(capability, canEnable); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->SetCanEnableCapability(capability, canEnable); } NS_IMETHODIMP nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation, PRBool *result) { - return mMasterPrincipal->IsCapabilityEnabled(capability, annotation, result); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->IsCapabilityEnabled(capability, annotation, result); } NS_IMETHODIMP nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation) { - return mMasterPrincipal->EnableCapability(capability, annotation); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->EnableCapability(capability, annotation); } NS_IMETHODIMP nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation) { - return mMasterPrincipal->RevertCapability(capability, annotation); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->RevertCapability(capability, annotation); } NS_IMETHODIMP nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation) { - return mMasterPrincipal->DisableCapability(capability, annotation); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->DisableCapability(capability, annotation); } NS_IMETHODIMP nsAggregatePrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs) { - return mMasterPrincipal->Save(aPrincipals, prefs); + nsCOMPtr PrimaryChild; + if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) + return NS_ERROR_FAILURE; + return PrimaryChild->Save(aPrincipals, prefs); +} + +NS_IMETHODIMP +nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild) +{ + //-- If a certificate is present, then that's the PrimaryChild principal. + // Otherwise we use the codebase. + if (mCertificate) + *aPrimaryChild = mCertificate.get(); + else if (mCodebase) + *aPrimaryChild = mCodebase.get(); + else + { + *aPrimaryChild = nsnull; + return NS_ERROR_FAILURE; + } + + NS_IF_ADDREF(*aPrimaryChild); + return NS_OK; } ///////////////////////////////////////////// // Constructor, Destructor, initialization // ///////////////////////////////////////////// -nsAggregatePrincipal::nsAggregatePrincipal() : mCertificate(nsnull), - mCodebase(nsnull) +nsAggregatePrincipal::nsAggregatePrincipal() { NS_INIT_ISUPPORTS(); } diff --git a/mozilla/caps/src/nsBasePrincipal.cpp b/mozilla/caps/src/nsBasePrincipal.cpp index 2f646235036..36072696dbf 100644 --- a/mozilla/caps/src/nsBasePrincipal.cpp +++ b/mozilla/caps/src/nsBasePrincipal.cpp @@ -278,3 +278,5 @@ nsBasePrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref *aPref) Recycle(streamableForm); return rv; } + + diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 5a0c2ca96c3..944fda77392 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -19,6 +19,7 @@ * * Contributor(s): * Norris Boyd + * Mitch Stoltz * Steve Morse */ #include "nsScriptSecurityManager.h" @@ -584,16 +585,24 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI, nsCOMPtr principal = do_QueryInterface((nsBasePrincipal*)codebase, &rv); NS_RELEASE(codebase); - if (NS_FAILED(rv)) - return rv; + if (NS_FAILED(rv)) return rv; if (mPrincipals) { // Check to see if we already have this principal. nsIPrincipalKey key(principal); - nsCOMPtr p2 = (nsIPrincipal *) mPrincipals->Get(&key); - if (p2) - principal = p2; + nsCOMPtr fromTable = (nsIPrincipal *) mPrincipals->Get(&key); + if (fromTable) + principal = fromTable; } + + //-- Bundle this codebase principal into an aggregate principal + nsAggregatePrincipal* agg = new nsAggregatePrincipal(); + if (!agg) return NS_ERROR_OUT_OF_MEMORY; + rv = agg->SetCodebase(principal); + if (NS_FAILED(rv)) return rv; + principal = do_QueryInterface((nsBasePrincipal*)agg, &rv); + if (NS_FAILED(rv)) return rv; + *result = principal; NS_ADDREF(*result); return NS_OK; diff --git a/mozilla/content/html/document/src/nsHTMLDocument.cpp b/mozilla/content/html/document/src/nsHTMLDocument.cpp index 09b450bcf8a..f771beafc7a 100644 --- a/mozilla/content/html/document/src/nsHTMLDocument.cpp +++ b/mozilla/content/html/document/src/nsHTMLDocument.cpp @@ -66,6 +66,7 @@ #include "nsContentList.h" #include "nsDOMError.h" #include "nsICodebasePrincipal.h" +#include "nsIAggregatePrincipal.h" #include "nsIScriptSecurityManager.h" #include "nsJSUtils.h" #include "nsDOMPropEnums.h" @@ -1445,6 +1446,7 @@ NS_IMETHODIMP nsHTMLDocument::SetDomain(const nsString& aDomain) { // Check new domain + nsAutoString current; if (NS_FAILED(GetDomain(current))) return NS_ERROR_FAILURE; @@ -1462,7 +1464,7 @@ nsHTMLDocument::SetDomain(const nsString& aDomain) // Error: illegal domain return NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN; } - + // Create new URI nsCOMPtr uri; if (NS_FAILED(GetDomainURI(getter_AddRefs(uri)))) @@ -1487,7 +1489,15 @@ nsHTMLDocument::SetDomain(const nsString& aDomain) NS_SCRIPTSECURITYMANAGER_PROGID, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - return securityManager->GetCodebasePrincipal(newURI, &mPrincipal); + nsCOMPtr newCodebase; + rv = securityManager->GetCodebasePrincipal(newURI, getter_AddRefs(newCodebase)); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + nsCOMPtr agg = do_QueryInterface(mPrincipal, &rv); + NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate."); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + return agg->SetCodebase(newCodebase); } NS_IMETHODIMP diff --git a/mozilla/layout/html/document/src/nsHTMLDocument.cpp b/mozilla/layout/html/document/src/nsHTMLDocument.cpp index 09b450bcf8a..f771beafc7a 100644 --- a/mozilla/layout/html/document/src/nsHTMLDocument.cpp +++ b/mozilla/layout/html/document/src/nsHTMLDocument.cpp @@ -66,6 +66,7 @@ #include "nsContentList.h" #include "nsDOMError.h" #include "nsICodebasePrincipal.h" +#include "nsIAggregatePrincipal.h" #include "nsIScriptSecurityManager.h" #include "nsJSUtils.h" #include "nsDOMPropEnums.h" @@ -1445,6 +1446,7 @@ NS_IMETHODIMP nsHTMLDocument::SetDomain(const nsString& aDomain) { // Check new domain + nsAutoString current; if (NS_FAILED(GetDomain(current))) return NS_ERROR_FAILURE; @@ -1462,7 +1464,7 @@ nsHTMLDocument::SetDomain(const nsString& aDomain) // Error: illegal domain return NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN; } - + // Create new URI nsCOMPtr uri; if (NS_FAILED(GetDomainURI(getter_AddRefs(uri)))) @@ -1487,7 +1489,15 @@ nsHTMLDocument::SetDomain(const nsString& aDomain) NS_SCRIPTSECURITYMANAGER_PROGID, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - return securityManager->GetCodebasePrincipal(newURI, &mPrincipal); + nsCOMPtr newCodebase; + rv = securityManager->GetCodebasePrincipal(newURI, getter_AddRefs(newCodebase)); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + nsCOMPtr agg = do_QueryInterface(mPrincipal, &rv); + NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate."); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + return agg->SetCodebase(newCodebase); } NS_IMETHODIMP