add a principal manager to caps api. everything is now xpidled so

i removed the public directory from the module.
2024-11-25 22:01:30 +00:00 · 1999-08-01 21:26:02 +00:00 · 1999-08-01 21:26:02 +00:00 · 0d16b83058
commit 0d16b83058
parent 507a7c53b6
38 changed files with 1559 additions and 1262 deletions
--- a/build/mac/NGLayoutBuildList.pm
+++ b/build/mac/NGLayoutBuildList.pm
@ -397,7 +397,6 @@ sub BuildClientDist()
 	_InstallFromManifest(":mozilla:js:src:xpconnect:public:MANIFEST",				"$distdirectory:xpconnect:");

 	#CAPS
-	_InstallFromManifest(":mozilla:caps:public:MANIFEST",							"$distdirectory:caps:");
 	_InstallFromManifest(":mozilla:caps:include:MANIFEST",							"$distdirectory:caps:");
 	_InstallFromManifest(":mozilla:caps:idl:MANIFEST",							"$distdirectory:idl:");

--- a/caps/Makefile.in
+++ b/caps/Makefile.in
@ -21,7 +21,7 @@ VPATH		= @srcdir@

 include $(DEPTH)/config/autoconf.mk

-DIRS = idl public include src
+DIRS = idl include src

 include $(topsrcdir)/config/rules.mk

--- a/caps/idl/MANIFEST
+++ b/caps/idl/MANIFEST
@ -1,5 +1,9 @@
-nsIPrincipal.idl
-nsIScriptSecurityManager.idl
 nsICapsSecurityCallbacks.idl
+nsIPrincipal.idl
+nsIPrincipalArray.idl
+nsIPrincipalManager.idl
 nsIPrivilege.idl
+nsIPrivilegeManager.idl
+nsIScriptSecurityManager.idl
+nsICapsManager.idl
 nsITarget.idl
--- a/caps/idl/Makefile.in
+++ b/caps/idl/Makefile.in
@ -28,7 +28,11 @@ XPIDLSRCS =                          \
        nsIScriptSecurityManager.idl \
        nsICapsSecurityCallbacks.idl \
        nsIPrincipal.idl             \
+        nsIPrincipalArray.idl        \
+        nsIPrincipalManager.idl      \
        nsIPrivilege.idl             \
+        nsIPrivilegeManager.idl      \
+        nsICapsManager.idl           \
        nsITarget.idl                \
        $(NULL)

--- a/caps/idl/makefile.win
+++ b/caps/idl/makefile.win
@ -23,7 +23,11 @@ XPIDLSRCS=                                \
           .\nsIScriptSecurityManager.idl \
           .\nsICapsSecurityCallbacks.idl \
           .\nsIPrincipal.idl             \
+           .\nsIPrincipalArray.idl        \
+           .\nsIPrincipalManager.idl      \
           .\nsIPrivilege.idl             \
+           .\nsIPrivilegeManager.idl      \
+           .\nsICapsManager.idl           \
           .\nsITarget.idl                \
            $(NULL)

--- a/caps/idl/nsICapsManager.idl
+++ b/caps/idl/nsICapsManager.idl
@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+
+#include "nsISupports.idl"
+#include "nsIPrincipal.idl"
+#include "nsIPrincipalArray.idl"
+#include "nsIPrincipalManager.idl"
+#include "nsIPrivilegeManager.idl"
+#include "nsITarget.idl"
+#include "nsICapsSecurityCallbacks.idl"
+
+interface nsIScriptContext;
+
+[uuid(7cb78236-47b0-11d3-ba17-0060b0f199a2)]
+interface nsICapsManager : nsISupports {
+
+	void GetPrincipalManager(out nsIPrincipalManager prinMan);
+
+	void GetPrivilegeManager(out nsIPrivilegeManager privMan);
+
+	void CreateCodebasePrincipal([const] in string codebaseURL, out nsIPrincipal prin);
+%{C++
+	NS_IMETHOD
+	CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin) = 0;
+%}
+
+	void GetPermission(in nsIPrincipal prin, in nsITarget target, out short privilegeState);
+
+	void SetPermission(in nsIPrincipal prin, in nsITarget target, in short privilegeState);
+
+	void AskPermission(in nsIPrincipal prin, in nsITarget target, out short privilegeState);
+
+	void Initialize(out boolean result);
+
+	void InitializeFrameWalker(in nsICapsSecurityCallbacks aInterface);
+
+	void EnablePrivilege(in nsIScriptContext cx, [const] in string targetName, in long callerDepth, out boolean result);
+
+	void IsPrivilegeEnabled(in nsIScriptContext cx, [const] in string targetName, in long callerDepth, out boolean result);
+
+	void RevertPrivilege(in nsIScriptContext cx, [const] in string targetName, in long callerDepth, out boolean result);
+
+	void DisablePrivilege(in nsIScriptContext cx, [const] in string targetName, in long callerDepth, out boolean result);
+
+	void IsAllowed(in voidStar annotation, [const] in string target, out boolean result);
+
+};
+
+%{C++
+#define NS_CCAPSMANAGER_CID                          \
+{ /* fd347500-307f-11d2-97f0-00805f8a28d0 */         \
+    0xfd347500,                                      \
+    0x307f,                                          \
+    0x11d2,                                          \
+    {0x97, 0xf0, 0x00, 0x80, 0x5f, 0x8a, 0x28, 0xd0} \
+}
+%}
--- a/caps/idl/nsIPrincipal.idl
+++ b/caps/idl/nsIPrincipal.idl
@ -20,7 +20,7 @@

 [uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
 interface nsIPrincipal : nsISupports {
-	const short PrincipalType_Unknown=-1;
+	const short PrincipalType_Unknown=0;
 	const short PrincipalType_CodebaseExact=1;
 	const short PrincipalType_CodebaseRegex=2;
 	const short PrincipalType_Certificate=3;
@ -44,7 +44,7 @@ interface nsICodebasePrincipal : nsIPrincipal {

 [uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
 interface nsICertificatePrincipal : nsIPrincipal {
-	void GetPublicKey(out string publicKey, out unsigned long publicKeySize);
+	void GetPublicKey(out string publicKey);
 	void GetCompanyName(out string ppCompanyName);
 	void GetCertificateAuthority(out string ppCertAuthority);
 	void GetSerialNumber(out string ppSerialNumber);
--- a/caps/idl/nsIPrincipalArray.idl
+++ b/caps/idl/nsIPrincipalArray.idl
@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+#include "nsISupports.idl"
+#include "nsIPrincipal.idl"
+
+[uuid(f118c9cc-452c-11d3-ba17-0060b0f199a2)]
+interface nsIPrincipalArray : nsISupports
+{
+	const short SetComparisonType_ProperSubset = -1;
+	const short SetComparisonType_Equal = 0;
+	const short SetComparisonType_NoSubset = 1;
+
+	void ComparePrincipalArray(in nsIPrincipalArray other, out short comparisonType);
+
+	void IntersectPrincipalArray(in nsIPrincipalArray other, out nsIPrincipalArray result);
+
+	void FreePrincipalArray();
+
+	void AddPrincipalArrayElement(in nsIPrincipal principal);
+
+	void GetPrincipalArrayElement(in unsigned long index, out nsIPrincipal result);
+
+	void SetPrincipalArrayElement(in unsigned long index, in nsIPrincipal principal);
+
+	void GetPrincipalArraySize(out unsigned long result);
+};
--- a/caps/idl/nsIPrincipalManager.idl
+++ b/caps/idl/nsIPrincipalManager.idl
@ -0,0 +1,46 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+#include "nsISupports.idl"
+#include "nsIPrincipal.idl"
+#include "nsITarget.idl"
+#include "nsIPrincipalArray.idl"
+
+interface nsIScriptContext;
+
+//#define NS_ALL_PRIVILEGES ((nsITarget *)NULL)
+
+
+[uuid(dc7d0bb0-25e1-11d2-8160-006008119d7a)]
+interface nsIPrincipalManager : nsISupports
+{
+	void CreateCodebasePrincipal([const] in string codebaseURL, out nsIPrincipal prin);
+
+%{C++
+	NS_IMETHOD
+	CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin) = 0;
+%}
+
+	void RegisterPrincipal(in nsIPrincipal prin);
+
+	void CanExtendTrust(in nsIPrincipalArray fromPrinArray, in nsIPrincipalArray toPrinArray, out boolean result);
+
+	void NewPrincipalArray(in unsigned long count, out nsIPrincipalArray result);
+
+	void CheckMatchPrincipal(in nsIScriptContext cx, in nsIPrincipal principal, in long callerDepth, out boolean result);
+
+};
--- a/caps/idl/nsIPrivilegeManager.idl
+++ b/caps/idl/nsIPrivilegeManager.idl
@ -0,0 +1,46 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+#include "nsISupports.idl"
+#include "nsIPrincipal.idl"
+#include "nsITarget.idl"
+#include "nsIPrincipalArray.idl"
+
+interface nsIScriptContext;
+
+[uuid(43019898-4782-11d3-ba17-0060b0f199a2)]
+interface nsIPrivilegeManager : nsISupports
+{
+	void IsPrivilegeEnabled(in nsIScriptContext cx, in nsITarget target, in long callerDepth, out boolean result);
+
+	void EnablePrivilege(in nsIScriptContext cx, in nsITarget target, in nsIPrincipal prin, in long callerDeph, out boolean result);
+
+	void RevertPrivilege(in nsIScriptContext cx, in nsITarget target, in long callerDepth, out boolean result);
+
+	void DisablePrivilege(in nsIScriptContext cx, in nsITarget target, in long callerDepth, out boolean result);
+
+	void CheckPrivilegeGranted(in nsIScriptContext cx, in nsITarget target, in long callerDepth, in voidStar data, out boolean result);
+
+	void GetPrincipalPrivilege(in nsITarget target, in nsIPrincipal prin, in voidStar data, out nsIPrivilege priv);
+
+	void RemovePrincipalsPrivilege(in string prinName, in string targetName, out boolean result);
+
+	void AskPermission(in nsIPrincipal useThisPrin, in nsITarget target, in voidStar data, out boolean result);
+
+	void SetPermission(in nsIPrincipal useThisPrin, in nsITarget target, in nsIPrivilege newPrivilege);
+
+};
--- a/caps/include/MANIFEST
+++ b/caps/include/MANIFEST
@ -6,7 +6,8 @@ nsCCapsManagerFactory.h
 nsCertificatePrincipal.h
 nsCodebasePrincipal.h
 nsLoadZig.h
-nsPrincipalTools.h
+nsPrincipalArray.h
+nsPrincipalManager.h
 nsPrivilege.h
 nsPrivilegeManager.h
 nsPrivilegeTable.h
--- a/caps/include/Makefile.in
+++ b/caps/include/Makefile.in
@ -32,7 +32,8 @@ EXPORTS =                        \
        nsCertificatePrincipal.h \
        nsCodebasePrincipal.h    \
        nsLoadZig.h              \
-        nsPrincipalTools.h       \
+        nsPrincipalArray.h       \
+        nsPrincipalManager.h     \
        nsPrivilege.h            \
        nsPrivilegeManager.h     \
        nsPrivilegeTable.h       \
--- a/caps/include/makefile.win
+++ b/caps/include/makefile.win
@ -37,7 +37,8 @@ EXPORTS=                           \
        nsCertificatePrincipal.h   \
        nsCodebasePrincipal.h      \
        nsLoadZig.h                \
-        nsPrincipalTools.h         \
+        nsPrincipalArray.h         \
+        nsPrincipalManager.h       \
        nsPrivilege.h              \
        nsPrivilegeManager.h       \
        nsPrivilegeTable.h         \
--- a/caps/include/nsCCapsManager.h
+++ b/caps/include/nsCCapsManager.h
@ -20,11 +20,14 @@
 #define _NS_CCAPS_MANAGER_H_

 #include "nsIPrincipal.h"
+#include "nsIPrincipalManager.h"
+#include "nsIPrivilegeManager.h"
 #include "nsIPrivilege.h"
 #include "nsISupports.h"
 #include "nsICapsManager.h"
 #include "nsAgg.h"
 #include "nsPrivilegeManager.h"
+#include "nsPrincipalManager.h"

 /**
 * nsCCapsManager implements the nsICapsManager 
@ -44,203 +47,72 @@ NS_DECL_AGGREGATED
 ////////////////////////////////////////////////////////////////////////////
 // from nsICapsManager:

+NS_IMETHOD
+GetPrincipalManager(nsIPrincipalManager * * prinMan);
+
+NS_IMETHOD
+GetPrivilegeManager(nsIPrivilegeManager * * privMan);
+
 NS_IMETHOD
 CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal** prin);

 NS_IMETHOD
 CreateCertificatePrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin);

-/**
- * Creates a CodeSourcePrincipal, which has both nsICodebasePrincipal 
- * and nsICertPrincipal
- *
- * @param certByteData     - The ceritificate's byte array data including the chain.
- * @param certByteDataSize - the length of certificate byte array.
- * @param codebaseURL - the codebase URL
- */
-/*
-NS_IMETHOD
-CreateCodeSourcePrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, const char *codebaseURL, nsIPrincipal** prin);
-*/
-
-/**
- * Returns the permission for given principal and target
- *
- * @param prin   - is either certificate principal or codebase principal
- * @param target - is NS_ALL_PRIVILEGES.
- * @param state  - the return value is passed in this parameter.
- */
 NS_IMETHOD
 GetPermission(nsIPrincipal * prin, nsITarget * target, PRInt16 * privilegeState);

-/**
- * Set the permission state for given principal and target. This wouldn't 
- * prompt the end user with UI.
- *
- * @param prin   - is either certificate principal or codebase principal
- * @param target - is NS_ALL_PRIVILEGES.
- * @param state  - is permisson state that should be set for the given prin
- *                 and target parameters.
- */
 NS_IMETHOD
-SetPermission(nsIPrincipal * prin, nsITarget* target, PRInt16 * privilegeState);
+SetPermission(nsIPrincipal * prin, nsITarget* target, PRInt16 privilegeState);

-/**
- * Prompts the user if they want to grant permission for the given principal and 
- * for the given target. 
- *
- * @param prin   - is either certificate principal or codebase principal
- * @param target - is NS_ALL_PRIVILEGES.
- * @param result - is the permission user has given for the given principal and 
- *                 target
- */
 NS_IMETHOD
 AskPermission(nsIPrincipal * prin, nsITarget * target, PRInt16 * privilegeState);

-
-
-/* 
- * All of the following methods are used by JS (the code located
- * in lib/libmocha area).
- */
-
-/**
- * Initializes the capabilities subsytem (ie setting the system principal, initializing
- * privilege Manager, creating the capsManager factory etc 
- *
- * @param result - is true if principal was successfully registered with the system
- */
 NS_IMETHOD
 Initialize(PRBool * result);

 NS_IMETHOD
 InitializeFrameWalker(nsICapsSecurityCallbacks * aInterface);

-/**
- * Registers the given Principal with the system.
- *
- * @param prin   - is either certificate principal or codebase principal
- * @param result - is true if principal was successfully registered with the system
- */
 NS_IMETHOD
 RegisterPrincipal(nsIPrincipal * prin);

-/**
- * Prompts the user if they want to grant permission for the principal located
- * at the given stack depth for the given target. 
- *
- * @param context      - is the parameter JS needs to determinte the principal 
- * @param targetName   - is the name of the target.
- * @param callerDepth  - is the depth of JS stack frame, which JS uses to determinte the 
- *                       principal 
- * @param result - is true if user has given permission for the given principal and 
- *                 target
- */
 NS_IMETHOD
-EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
-
-/**
- * Returns if the user granted permission for the principal located at the given 
- * stack depth for the given target. 
- *
- * @param context     - is the parameter JS needs to determinte the principal 
- * @param targetName  - is the name of the target.
- * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the 
- *                      principal 
- * @param result - is true if user has given permission for the given principal and 
- *                 target
- */
-NS_IMETHOD
-IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
-
-/**
- * Reverts the permission (granted/denied) user gave for the principal located
- * at the given stack depth for the given target. 
- *
- * @param context      - is the parameter JS needs to determinte the principal 
- * @param targetName   - is the name of the target.
- * @param callerDepth  - is the depth of JS stack frame, which JS uses to determinte the 
- *                       principal 
- * @param result - is true if user has given permission for the given principal and 
- *                 target
- */
-NS_IMETHOD
-RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
-
-/**
- * Disable permissions for the principal located at the given stack depth for the 
- * given target. 
- *
- * @param context      - is the parameter JS needs to determinte the principal 
- * @param targetName   - is the name of the target.
- * @param callerDepth  - is the depth of JS stack frame, which JS uses to determinte the 
- *                       principal 
- * @param result - is true if user has given permission for the given principal and 
- *                 target
- */
-NS_IMETHOD
-DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
-
-
-/* XXX: Some of the arguments for the following interfaces may change.
- * This is a first cut. I need to talk to joki. We should get rid of void* parameters.
- */
-NS_IMETHOD
-ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType);
+EnablePrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *result);

 NS_IMETHOD
-IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result);
+IsPrivilegeEnabled(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *result);

 NS_IMETHOD
-CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result);
+RevertPrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *result);

 NS_IMETHOD
-CreateMixedPrincipalArray(void *zig, char* name, const char* codebase, void** result);
+DisablePrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *result);
+
+//NS_IMETHOD
+//CreateMixedPrincipalArray(void * zig, const char * name, const char* codebase, nsIPrincipalArray * * result);

 NS_IMETHOD
-NewPrincipalArray(PRUint32 count, void* *result);
-
-NS_IMETHOD
-FreePrincipalArray(void *prinArray);
-
-NS_IMETHOD
-GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal * * result);
-
-NS_IMETHOD
-SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal * principal);
-
-NS_IMETHOD
-GetPrincipalArraySize(void *prinArrayArg, PRUint32 *result);
-
-/* The following interfaces will replace all of the following old calls.
- *
- * nsCapsGetPermission(struct nsPrivilege *privilege)
- * nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsITarget *target)
- *
- */
-NS_IMETHOD
-IsAllowed(void *annotation, char* target, PRBool *result);
-
-////////////////////////////////////////////////////////////////////////////
-// from nsCCapsManager:
+IsAllowed(void * annotation, const char * target, PRBool * result);

 nsCCapsManager(nsISupports *aOuter);
 virtual ~nsCCapsManager(void);

 void
-CreateNSPrincipalArray(nsPrincipalArray* prinArray, nsPrincipalArray* *pPrincipalArray);
-/*
+CreateNSPrincipalArray(nsIPrincipalArray * prinArray, nsIPrincipalArray * * pPrincipalArray);
+
 NS_METHOD
-GetNSPrincipal(nsIPrincipal * pNSIPrincipal, nsIPrincipal ** ppNSPRincipal);
-*/
-NS_METHOD
-GetNSPrincipalArray(nsPrincipalArray* prinArray, nsPrincipalArray* *pPrincipalArray);
+GetNSPrincipalArray(nsIPrincipalArray * prinArray, nsIPrincipalArray * * pPrincipalArray);

 void
 SetSystemPrivilegeManager();

+void
+SetSystemPrincipalManager();
+
 protected:
-    nsPrivilegeManager * privilegeManager;  
+	nsIPrivilegeManager * privilegeManager;
+	nsIPrincipalManager * principalManager;
 };

-#endif // nsCCapsManager_h___
+#endif // nsCCapsManager_h___
--- a/caps/include/nsCaps.h
+++ b/caps/include/nsCaps.h
@ -26,8 +26,7 @@ class nsTarget;
 class nsIPrincipal;
 class nsIPrivilege;
 class nsPrivilegeTable;
-
-struct nsPrivilegeManager;
+class nsPrivilegeManager;
 struct NSJSJavaFrameWrapper;

 /* wrappers for nsPrivilegeManager object */
@ -52,12 +51,6 @@ nsCapsDisablePrivilege(void* context, class nsITarget * target, PRInt32 callerDe
 PR_EXTERN(void*) 
 nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth);

-PR_EXTERN(PRInt16) 
-nsCapsComparePrincipalArray(void* prin1Array, void* prin2Array);
-
-PR_EXTERN(void*) 
-nsCapsIntersectPrincipalArray(void* prin1Array, void* prin2Array);
-
 PR_EXTERN(PRBool) 
 nsCapsCanExtendTrust(void* from, void* to);

@ -80,19 +73,6 @@ nsCapsPrincipalGetVendor(nsIPrincipal * principal);
 PR_EXTERN(void *) 
 nsCapsNewPrincipalArray(PRUint32 count);

-PR_EXTERN(void) 
-nsCapsFreePrincipalArray(void * prinArray);
-
-PR_EXTERN(void *) 
-nsCapsGetPrincipalArrayElement(void * prinArray, PRUint32 index);
-
-PR_EXTERN(void) 
-nsCapsSetPrincipalArrayElement(void * prinArray, PRUint32 index, void *element);
-
-PR_EXTERN(PRUint32) 
-nsCapsGetPrincipalArraySize(void * prinArray);
-
-
 /* wrappers for nsITarget object */
 PR_EXTERN(class nsITarget *) 
 nsCapsFindTarget(char * name);
--- a/caps/include/nsCertificatePrincipal.h
+++ b/caps/include/nsCertificatePrincipal.h
@ -26,7 +26,7 @@ public:
 	NS_DECL_ISUPPORTS

 	NS_IMETHOD
-	GetPublicKey(char ** pk, PRUint32 * pkSize);
+	GetPublicKey(char ** pk);

 	NS_IMETHOD
 	GetCompanyName(char ** cn);
@ -58,14 +58,13 @@ public:
 	NS_IMETHOD
 	Equals(nsIPrincipal * other, PRBool * result);

-	nsCertificatePrincipal(PRInt16 * type, const unsigned char ** certChain,
-					 PRUint32 * certChainLengths, PRUint32 noOfCerts, nsresult * result);
+	nsCertificatePrincipal(PRInt16 type, const char * key);
+	nsCertificatePrincipal(PRInt16 type, const unsigned char ** certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts);
 	virtual ~nsCertificatePrincipal(void);

 protected:
 	PRInt16 itsType;
-	char * itsKey;
-	PRUint32 itsKeyLength;
+	const char * itsKey;
 	nsVector * itsCertificateArray;
 	char * itsCompanyName;
 	char * itsCertificateAuthority;
--- a/caps/include/nsCodebasePrincipal.h
+++ b/caps/include/nsCodebasePrincipal.h
@ -50,12 +50,12 @@ public:
 	NS_IMETHOD
 	Equals(nsIPrincipal * other, PRBool * result);

-	nsCodebasePrincipal(PRInt16 * type, const char *codebaseURL);
+	nsCodebasePrincipal(PRInt16 type, const char *codebaseURL);
 	virtual ~nsCodebasePrincipal(void);

 protected:
-	const char * codeBaseURL;
-	PRInt16  * itsType;
+	const char * itsCodeBaseURL;
+	PRInt16 itsType;
 };

 #endif // _NS_CODEBASE_PRINCIPAL_H_
--- a/caps/include/nsPrincipalArray.h
+++ b/caps/include/nsPrincipalArray.h
@ -0,0 +1,69 @@
+#ifndef _NS_PRINCIPAL_ARRAY_H_
+#define _NS_PRINCIPAL_ARRAY_H_
+
+#include "nsIPrincipalArray.h"
+#include "nsIPrincipal.h"
+#include "nsVector.h"
+#include "nsHashtable.h"
+
+
+class nsPrincipalArray : public nsIPrincipalArray {
+public:
+
+NS_DECL_ISUPPORTS
+
+nsPrincipalArray(void);
+nsPrincipalArray(PRUint32 count);
+~nsPrincipalArray();
+
+NS_IMETHOD
+ComparePrincipalArray(nsIPrincipalArray * other, PRInt16 * comparisonType);
+
+NS_IMETHOD
+IntersectPrincipalArray(nsIPrincipalArray * other , nsIPrincipalArray * * result);
+
+NS_IMETHOD
+FreePrincipalArray();
+
+NS_IMETHOD
+AddPrincipalArrayElement(nsIPrincipal * principal);
+
+NS_IMETHOD
+GetPrincipalArrayElement(PRUint32 index, nsIPrincipal * * result);
+
+NS_IMETHOD
+SetPrincipalArrayElement(PRUint32 index, nsIPrincipal * principal);
+
+NS_IMETHOD
+GetPrincipalArraySize(PRUint32 * result);
+
+private:
+nsVector * itsArray;
+};
+
+class PrincipalKey: public nsHashKey {
+public:
+	nsIPrincipal * itsPrincipal;
+
+	PrincipalKey(nsIPrincipal * prin) {
+		itsPrincipal = prin;
+	}
+
+	PRUint32 HashValue(void) const {
+		PRUint32 * code = 0;
+		itsPrincipal->HashCode(code);
+		return *code;
+	}
+
+	PRBool Equals(const nsHashKey * aKey) const {
+		PRBool result = PR_FALSE;
+		itsPrincipal->Equals(((const PrincipalKey *) aKey)->itsPrincipal,& result);
+		return result;
+	}
+
+	nsHashKey * Clone(void) const {
+		return new PrincipalKey(itsPrincipal);
+	}
+};
+
+#endif /* _NS_PRINCIPAL_TOOLS_H_ */
--- a/caps/include/nsPrincipalManager.h
+++ b/caps/include/nsPrincipalManager.h
@ -0,0 +1,102 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+
+#ifndef _NS_PRINCIPAL_MANAGER_H_
+#define _NS_PRINCIPAL_MANAGER_H_
+
+#include "nsIPrincipalManager.h"
+#include "nsPrivilegeManager.h"
+
+PRBool nsPrincipalManagerInitialize(void);
+
+class nsPrincipalManager : public nsIPrincipalManager {
+
+public:
+
+	NS_DECL_ISUPPORTS
+
+	NS_IMETHOD
+	CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal * * prin);
+
+	NS_IMETHOD
+	CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin);
+
+	NS_IMETHOD
+	RegisterPrincipal(nsIPrincipal * prin);
+
+	NS_IMETHOD
+	CanExtendTrust(nsIPrincipalArray * fromPrinArray, nsIPrincipalArray * toPrinArray, PRBool * result);
+
+	NS_IMETHOD
+	NewPrincipalArray(PRUint32 count, nsIPrincipalArray * * result);
+
+	NS_IMETHOD
+	CheckMatchPrincipal(nsIScriptContext * context, nsIPrincipal * principal, PRInt32 callerDepth, PRBool * result);
+
+	static nsIPrincipalArray *
+	GetMyPrincipals(PRInt32 callerDepth);
+
+	static nsIPrincipalArray *
+	GetMyPrincipals(nsIScriptContext * context, PRInt32 callerDepth);
+
+	nsIPrincipal * 
+	GetPrincipalFromString(char * prinName);
+	
+	static nsIPrincipal * 
+	GetSystemPrincipal(void);
+
+	static PRBool 
+	HasSystemPrincipal(nsIPrincipalArray * prinArray);
+
+	static nsIPrincipal * 
+	GetUnsignedPrincipal(void);
+
+	static nsIPrincipal * 
+	GetUnknownPrincipal(void);
+
+	static nsPrincipalManager * 
+	GetPrincipalManager(void);
+
+	const char * 
+	GetAllPrincipalsString(void);
+
+	void 
+	AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin);
+
+	void
+	RemoveFromPrincipalNameToPrincipalTable(nsIPrincipal * prin);
+
+	void
+	SetSystemPrincipal(nsIPrincipal * prin);
+
+	nsIPrincipalArray * 
+	GetClassPrincipalsFromStack(PRInt32 callerDepth);
+
+	nsIPrincipalArray * 
+	GetClassPrincipalsFromStack(nsIScriptContext * context, PRInt32 callerDepth);
+
+	nsPrincipalManager(void);
+	virtual ~nsPrincipalManager(void);
+
+private:
+	nsHashtable * itsPrinNameToPrincipalTable;
+	static PRBool theInited;
+
+};
+
+#endif /* _NS_PRINCIPAL_MANAGER_H_*/
--- a/caps/include/nsPrincipalTools.h
+++ b/caps/include/nsPrincipalTools.h
@ -1,34 +0,0 @@
-#ifndef _NS_PRINCIPAL_TOOLS_H_
-#define _NS_PRINCIPAL_TOOLS_H_
-
-#include "nsIPrincipal.h"
-#include "nsHashtable.h"
-
-typedef  nsVector nsPrincipalArray;
-
-class PrincipalKey: public nsHashKey {
-public:
-	nsIPrincipal * itsPrincipal;
-
-	PrincipalKey(nsIPrincipal * prin) {
-		itsPrincipal = prin;
-	}
-
-	PRUint32 HashValue(void) const {
-		PRUint32 * code = 0;
-		itsPrincipal->HashCode(code);
-		return *code;
-	}
-
-	PRBool Equals(const nsHashKey * aKey) const {
-		PRBool result = PR_FALSE;
-		itsPrincipal->Equals(((const PrincipalKey *) aKey)->itsPrincipal,& result);
-		return result;
-	}
-
-	nsHashKey * Clone(void) const {
-		return new PrincipalKey(itsPrincipal);
-	}
-};
-
-#endif /* _NS_PRINCIPAL_TOOLS_H_ */
--- a/caps/include/nsPrivilegeManager.h
+++ b/caps/include/nsPrivilegeManager.h
@ -27,7 +27,8 @@
 #include "nsCaps.h"
 #include "nsTarget.h"
 #include "nsIPrincipal.h"
-#include "nsPrincipalTools.h"
+#include "nsIPrincipalArray.h"
+#include "nsIPrivilegeManager.h"
 #include "nsIPrivilege.h"
 #include "nsPrivilegeTable.h"
 #include "nsSystemPrivilegeTable.h"
@ -41,13 +42,11 @@ PR_END_EXTERN_C

 PRBool nsPrivilegeManagerInitialize(void);

-struct nsPrivilegeManager {
+class nsPrivilegeManager : public nsIPrivilegeManager {

 public:

-enum { SetComparisonType_ProperSubset=-1 };
-enum { SetComparisonType_Equal=0 };
-enum { SetComparisonType_NoSubset=1 };
+NS_DECL_ISUPPORTS

 nsPrivilegeManager(void);
 virtual ~nsPrivilegeManager(void);
@ -64,6 +63,110 @@ FindPrivilege(char * privStr);
 static nsIPrivilege *
 Add(nsIPrivilege * privilege1, nsIPrivilege * privilege2);

+PRBool 
+IsPrivilegeEnabled(nsITarget *target, PRInt32 callerDepth);
+
+NS_IMETHOD 
+IsPrivilegeEnabled(nsIScriptContext * context, nsITarget * target, PRInt32 callerDepth, PRBool * result);
+
+PRBool 
+EnablePrivilege(nsITarget * target, PRInt32 callerDepth);
+
+PRBool 
+EnablePrivilege(nsIScriptContext * context, nsITarget * target, PRInt32 callerDepth);
+
+PRBool 
+EnablePrivilege(nsITarget * target, nsIPrincipal * preferredPrincipal, PRInt32 callerDepth);
+
+NS_IMETHOD
+EnablePrivilege(nsIScriptContext * context, nsITarget * target, nsIPrincipal * preferredPrincipal, PRInt32 callerDepth, PRBool * result);
+
+PRBool 
+RevertPrivilege(nsITarget * target, PRInt32 callerDepth);
+
+NS_IMETHOD
+RevertPrivilege(nsIScriptContext * context, nsITarget *target, PRInt32 callerDepth, PRBool * result);
+
+PRBool 
+DisablePrivilege(nsITarget *target, PRInt32 callerDepth);
+
+NS_IMETHOD
+DisablePrivilege(nsIScriptContext * context, nsITarget *target, PRInt32 callerDepth, PRBool * result);
+
+PRBool
+EnablePrincipalPrivilegeHelper(nsITarget *target, PRInt32 callerDepth, 
+								nsIPrincipal * preferredPrin, void * data,
+								nsITarget *impersonator);
+
+PRBool 
+EnablePrincipalPrivilegeHelper(nsIScriptContext * context, nsITarget *target, PRInt32 callerDepth, 
+								nsIPrincipal * preferredPrin, void * data, 
+								nsITarget *impersonator);
+
+nsPrivilegeTable * 
+EnableScopePrivilegeHelper(nsITarget *target, PRInt32 callerDepth, 
+							void *data, PRBool helpingSetScopePrivilege, 
+							nsIPrincipal * prefPrin);
+
+nsPrivilegeTable *
+EnableScopePrivilegeHelper(nsIScriptContext * context, nsITarget *target, PRInt32 callerDepth, void *data, 
+							PRBool helpingSetScopePrivilege, nsIPrincipal * prefPrin);
+
+NS_IMETHOD
+AskPermission(nsIPrincipal * useThisPrin, nsITarget* target, void* data, PRBool * result);
+
+NS_IMETHOD
+SetPermission(nsIPrincipal * useThisPrin, nsITarget * target, nsIPrivilege * newPrivilege);
+
+void 
+UpdatePrivilegeTable(nsITarget *target, nsPrivilegeTable * privTable, nsIPrivilege * newPrivilege);
+
+PRBool 
+CheckPrivilegeGranted(nsITarget *target, PRInt32 callerDepth);
+
+PRBool 
+CheckPrivilegeGranted(nsIScriptContext * context, nsITarget *target, PRInt32 callerDepth);
+
+PRBool 
+CheckPrivilegeGranted(nsITarget * target, nsIPrincipal * principal, void *data);
+
+PRBool 
+CheckPrivilegeGranted(nsITarget * target, PRInt32 callerDepth, void * data);
+
+NS_IMETHOD
+CheckPrivilegeGranted(nsIScriptContext * context, nsITarget * target, PRInt32 callerDepth, void * data, PRBool * result);
+
+NS_IMETHOD
+GetPrincipalPrivilege(nsITarget * target, nsIPrincipal * prin, void * data, nsIPrivilege * * result);
+
+static nsPrivilegeManager * 
+GetPrivilegeManager(void);
+
+char * 
+CheckPrivilegeEnabled(nsTargetArray * targetArray, PRInt32 callerDepth, void *data);
+
+char * 
+CheckPrivilegeEnabled(nsIScriptContext * context, nsTargetArray * targetArray, PRInt32 callerDepth, void *data);
+
+void 
+GetTargetsWithPrivileges(char *prinName, char** forever, char** session, char **denied);
+
+nsPrivilegeTable * 
+GetPrivilegeTableFromStack(PRInt32 callerDepth, PRBool createIfNull);
+
+nsPrivilegeTable * 
+GetPrivilegeTableFromStack(nsIScriptContext * context, PRInt32 callerDepth, PRBool createIfNull);
+
+NS_IMETHODIMP
+RemovePrincipalsPrivilege(const char * prinName, const char * targetName, PRBool * result);
+
+void 
+Remove(nsIPrincipal *prin, nsITarget *target);
+
+/* Helper functions for ADMIN UI */
+PRBool 
+RemovePrincipal(char *prinName);
+
 void 
 RegisterSystemPrincipal(nsIPrincipal * principal);

@ -73,175 +176,15 @@ RegisterPrincipal(nsIPrincipal * principal);
 PRBool 
 UnregisterPrincipal(nsIPrincipal * principal);

-PRBool 
-IsPrivilegeEnabled(nsITarget *target, PRInt32 callerDepth);
-
-PRBool 
-IsPrivilegeEnabled(void* context, nsITarget *target, 
-					PRInt32 callerDepth);
-
-PRBool 
-EnablePrivilege(nsITarget * target, PRInt32 callerDepth);
-
-PRBool 
-EnablePrivilege(void * context, nsITarget * target, PRInt32 callerDepth);
-
-PRBool 
-EnablePrivilege(nsITarget * target, nsIPrincipal * preferredPrincipal, 
-				PRInt32 callerDepth);
-
-PRBool 
-EnablePrivilege(void* context, nsITarget *target, nsIPrincipal * preferredPrincipal, 
-				PRInt32 callerDepth);
-
-PRBool 
-RevertPrivilege(nsITarget * target, PRInt32 callerDepth);
-
-PRBool 
-RevertPrivilege(void* context, nsITarget *target, PRInt32 callerDepth);
-
-PRBool 
-DisablePrivilege(nsITarget *target, PRInt32 callerDepth);
-
-PRBool 
-DisablePrivilege(void * context, nsITarget *target, PRInt32 callerDepth);
-
-PRBool
-EnablePrincipalPrivilegeHelper(nsITarget *target, PRInt32 callerDepth, 
-								nsIPrincipal * preferredPrin, void * data,
-								nsITarget *impersonator);
-
-PRBool 
-EnablePrincipalPrivilegeHelper(void* context, nsITarget *target, 
-								PRInt32 callerDepth, 
-								nsIPrincipal * preferredPrin, 
-								void * data, 
-								nsITarget *impersonator);
-
-nsPrivilegeTable * 
-EnableScopePrivilegeHelper(nsITarget *target, 
-							PRInt32 callerDepth, 
-							void *data, 
-							PRBool helpingSetScopePrivilege, 
-							nsIPrincipal * prefPrin);
-
-nsPrivilegeTable *
-EnableScopePrivilegeHelper(void* context, nsITarget *target, 
-							PRInt32 callerDepth, void *data, 
-							PRBool helpingSetScopePrivilege, 
-							nsIPrincipal * prefPrin);
-
-PRBool 
-AskPermission(nsIPrincipal * useThisPrin, nsITarget* target, void* data);
-
-void 
-SetPermission(nsIPrincipal * useThisPrin, nsITarget * target, nsIPrivilege * newPrivilege);
-
 void 
 RegisterPrincipalAndSetPrivileges(nsIPrincipal * principal, nsITarget * target, nsIPrivilege * newPrivilege);

-void 
-UpdatePrivilegeTable(nsITarget *target, nsPrivilegeTable * privTable, nsIPrivilege * newPrivilege);
-
-PRBool 
-CheckPrivilegeGranted(nsITarget *target, PRInt32 callerDepth);
-
-PRBool 
-CheckPrivilegeGranted(void* context, nsITarget *target, PRInt32 callerDepth);
-
-PRBool 
-CheckPrivilegeGranted(nsITarget * target, nsIPrincipal * principal, void *data);
-
-PRBool 
-CheckPrivilegeGranted(nsITarget * target, PRInt32 callerDepth, void * data);
-
-PRBool 
-CheckPrivilegeGranted(void * context, nsITarget * target, PRInt32 callerDepth, void * data);
-
-nsIPrivilege *
-GetPrincipalPrivilege(nsITarget * target, nsIPrincipal * prin, void * data);
-
-static nsPrivilegeManager * 
-GetPrivilegeManager(void);
-
-static nsPrincipalArray * 
-GetMyPrincipals(PRInt32 callerDepth);
-
-static nsPrincipalArray * 
-GetMyPrincipals(void* context, PRInt32 callerDepth);
-
-static nsIPrincipal * 
-GetSystemPrincipal(void);
-
-static PRBool 
-HasSystemPrincipal(nsPrincipalArray * prinArray);
-
-static nsIPrincipal * 
-GetUnsignedPrincipal(void);
-
-static nsIPrincipal * 
-GetUnknownPrincipal(void);
-
-PRInt16 
-ComparePrincipalArray(nsPrincipalArray * prin1Array, nsPrincipalArray * prin2Array);
-
-nsPrincipalArray * 
-IntersectPrincipalArray(nsPrincipalArray * pa1, nsPrincipalArray * pa2);
-
-PRBool 
-CanExtendTrust(nsPrincipalArray * pa1, nsPrincipalArray * pa2);
-
-PRBool 
-CheckMatchPrincipal(nsIPrincipal * principal, PRInt32 callerDepth);
-
-PRBool 
-CheckMatchPrincipal(void* context, nsIPrincipal * principal, PRInt32 callerDepth);
-
-/* Helper functions for ADMIN UI */
-const char * 
-GetAllPrincipalsString(void);
-
-nsIPrincipal * 
-GetPrincipalFromString(char *prinName);
-
-void 
-GetTargetsWithPrivileges(char *prinName, char** forever, char** session, char **denied);
-
-PRBool 
-RemovePrincipal(char *prinName);
-
-PRBool 
-RemovePrincipalsPrivilege(char *prinName, char *targetName);
-
-void 
-Remove(nsIPrincipal *prin, nsITarget *target);
-
-/* The following are old native methods */
-char * 
-CheckPrivilegeEnabled(nsTargetArray * targetArray, PRInt32 callerDepth, void *data);
-
-char * 
-CheckPrivilegeEnabled(void* context, nsTargetArray * targetArray, PRInt32 callerDepth, void *data);
-
-nsPrincipalArray * 
-GetClassPrincipalsFromStack(PRInt32 callerDepth);
-
-nsPrincipalArray * 
-GetClassPrincipalsFromStack(void* context, PRInt32 callerDepth);
-
-nsPrivilegeTable * 
-GetPrivilegeTableFromStack(PRInt32 callerDepth, PRBool createIfNull);
-
-nsPrivilegeTable * 
-GetPrivilegeTableFromStack(void* context, PRInt32 callerDepth, PRBool createIfNull);
-
 /* End of native methods */

 private:

 nsHashtable * itsPrinToPrivTable;
 nsHashtable * itsPrinToMacroTargetPrivTable;
-nsHashtable * itsPrinNameToPrincipalTable;

 static PRBool theSecurityInited;

@ -251,18 +194,15 @@ static PRBool theInited;

 /* Private Methods */

-void 
-AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin);
-
 PRBool 
-EnablePrivilegePrivate(void* context, nsITarget *target, nsIPrincipal *preferredPrincipal, 
+EnablePrivilegePrivate(nsIScriptContext * context, nsITarget *target, nsIPrincipal *preferredPrincipal, 
 						PRInt32 callerDepth);

 PRInt16 
-GetPrincipalPrivilege(nsITarget * target, nsPrincipalArray * callerPrinArray, void * data);
+GetPrincipalPrivilege(nsITarget * target, nsIPrincipalArray * callerPrinArray, void * data);

 PRBool 
-IsPermissionGranted(nsITarget *target, nsPrincipalArray* callerPrinArray, void *data);
+IsPermissionGranted(nsITarget *target, nsIPrincipalArray * callerPrinArray, void *data);


  /* The following methods are used to save and load the persistent store */
@ -271,7 +211,6 @@ Save(nsIPrincipal * prin, nsITarget * target, nsIPrivilege * newPrivilege);

 void 
 Load(void);
-
 };


--- a/caps/include/nsTarget.h
+++ b/caps/include/nsTarget.h
@ -22,6 +22,7 @@
 #include "nsHashtable.h"
 #include "nsVector.h"
 #include "nsIPrincipal.h"
+#include "nsIPrincipalArray.h"
 #include "nsIPrivilege.h"
 #include "nsITarget.h"
 #include "nsUserDialogHelper.h"
@ -81,7 +82,7 @@ public:

 	nsIPrivilege * CheckPrivilegeEnabled(nsTargetArray * targetArray);

-	nsIPrivilege * CheckPrivilegeEnabled(nsIPrincipal *p, void * data);
+	nsIPrivilege * CheckPrivilegeEnabled(nsIPrincipal * p, void * data);

 	NS_IMETHOD RegisterTarget(void * context, nsITarget * * target);

--- a/caps/macbuild/Caps.mcp
+++ b/caps/macbuild/Caps.mcp
--- a/caps/macbuild/CapsIDL.mcp
+++ b/caps/macbuild/CapsIDL.mcp
--- a/caps/makefile.win
+++ b/caps/makefile.win
@ -37,7 +37,7 @@ DEPTH=..
 #// DIRS          - There are subdirectories to process
 #//
 #//------------------------------------------------------------------------
-DIRS= idl public include src
+DIRS= idl include src

 #//------------------------------------------------------------------------
 #//
--- a/caps/src/Makefile.in
+++ b/caps/src/Makefile.in
@ -34,6 +34,8 @@ CPPSRCS =                                 \
        nsCCapsManagerFactory.cpp         \
        nsCertificatePrincipal.cpp        \
        nsCodebasePrincipal.cpp           \
+        nsPrincipalArray.cpp              \
+        nsPrincipalManager.cpp            \
        nsPrivilege.cpp                   \
        nsPrivilegeManager.cpp            \
        nsPrivilegeTable.cpp              \
--- a/caps/src/admin.cpp
+++ b/caps/src/admin.cpp
@ -23,6 +23,7 @@
 #include "prlog.h"
 #include "admin.h"
 #include "nsPrivilegeManager.h"
+#include "nsPrincipalManager.h"
 #ifdef __cplusplus
 extern "C" {
 #endif /* __cplusplus */
@ -37,8 +38,7 @@ extern "C" {
 PR_PUBLIC_API(const char *)
 java_netscape_security_getPrincipals(const char *charSetName)
 {
-    nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-    const char *prins = nsPrivManager->GetAllPrincipalsString();
+    const char * prins = nsPrincipalManager::GetPrincipalManager()->GetAllPrincipalsString();
    PRBool test_admin_api = PR_FALSE;
    if (test_admin_api) {
      char *a1;
@ -52,26 +52,24 @@ java_netscape_security_getPrincipals(const char *charSetName)
 }

 PR_PUBLIC_API(PRBool)
-java_netscape_security_removePrincipal(const char *charSetName, char *prinName)
+java_netscape_security_removePrincipal(const char * charSetName, char * prinName)
 {
-    nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-    return nsPrivManager->RemovePrincipal(prinName);
+	return nsPrivilegeManager::GetPrivilegeManager()->RemovePrincipal(prinName);
 }

 PR_PUBLIC_API(void)
-java_netscape_security_getPrivilegeDescs(const char *charSetName, char *prinName,
-                                         char** forever, char** session, char **denied)
+java_netscape_security_getPrivilegeDescs(const char * charSetName, char * prinName, char * * forever, char * * session, char * * denied)
 {
-    nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-    nsPrivManager->GetTargetsWithPrivileges(prinName, forever, session, denied);
+	nsPrivilegeManager::GetPrivilegeManager()->GetTargetsWithPrivileges(prinName, forever, session, denied);
 }

 PR_PUBLIC_API(PRBool)
-java_netscape_security_removePrivilege(const char *charSetName, char *prinName, 
-                                       char *targetName)
+java_netscape_security_removePrivilege(const char * charSetName, char * prinName, char * targetName)
 {
-    nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-    return nsPrivManager->RemovePrincipalsPrivilege(prinName, targetName);
+	PRBool result;
+	nsPrivilegeManager::GetPrivilegeManager()->RemovePrincipalsPrivilege(prinName, targetName,& result);
+	return result;
+
 }


--- a/caps/src/makefile.win
+++ b/caps/src/makefile.win
@ -61,6 +61,8 @@ CPP_OBJS=                                   \
    .\$(OBJDIR)\nsCCapsManagerFactory.obj   \
    .\$(OBJDIR)\nsCertificatePrincipal.obj  \
    .\$(OBJDIR)\nsCodebasePrincipal.obj     \
+    .\$(OBJDIR)\nsPrincipalArray.obj        \
+    .\$(OBJDIR)\nsPrincipalManager.obj      \
    .\$(OBJDIR)\nsPrivilege.obj             \
    .\$(OBJDIR)\nsPrivilegeManager.obj      \
    .\$(OBJDIR)\nsPrivilegeTable.obj        \
--- a/caps/src/nsCCapsManager.cpp
+++ b/caps/src/nsCCapsManager.cpp
@ -19,6 +19,7 @@
 #include "nsCCapsManager.h"
 #include "nsCodebasePrincipal.h"
 #include "nsCertificatePrincipal.h"
+#include "nsPrincipalArray.h"
 #include "nsCaps.h"
 #include "nsICapsSecurityCallbacks.h"
 #include "nsLoadZig.h"
@ -57,48 +58,33 @@ nsCCapsManager::AggregatedQueryInterface(const nsIID& aIID, void** aInstancePtr)
 ////////////////////////////////////////////////////////////////////////////
 // from nsICapsManager:

-NS_METHOD
-nsCCapsManager::CreateCodebasePrincipal(const char *codebaseURL, 
-                                        nsIPrincipal** prin)
+NS_IMETHODIMP
+nsCCapsManager::GetPrincipalManager(nsIPrincipalManager * * prinMan)
 {
-   nsresult result = NS_OK;
-   nsCodebasePrincipal *pNSCCodebasePrincipal = 
-       new nsCodebasePrincipal((PRInt16 *)nsIPrincipal::PrincipalType_CodebaseExact, codebaseURL);
-   if (pNSCCodebasePrincipal == NULL)
-   {
-      return NS_ERROR_OUT_OF_MEMORY;
-   }
-   pNSCCodebasePrincipal->AddRef();
-   *prin = (nsIPrincipal *)pNSCCodebasePrincipal;
-   return result;
+	* prinMan = principalManager;
+	return NS_OK;
 }

-NS_METHOD
-nsCCapsManager::CreateCertificatePrincipal(const unsigned char **certChain, 
-                                    PRUint32 *certChainLengths, 
-                                    PRUint32 noOfCerts, 
-                                    nsIPrincipal** prin)
+NS_IMETHODIMP
+nsCCapsManager::GetPrivilegeManager(nsIPrivilegeManager * * privMan)
 {
-   nsresult result = NS_OK;
-   nsCertificatePrincipal *pNSCCertPrincipal = 
-       new nsCertificatePrincipal((PRInt16 *)nsIPrincipal::PrincipalType_Certificate,
-       							 certChain, certChainLengths, noOfCerts, &result);
-   if (pNSCCertPrincipal == NULL)
-   {
-      return NS_ERROR_OUT_OF_MEMORY;
-   }
-   pNSCCertPrincipal->AddRef();
-   *prin = (nsIPrincipal *)pNSCCertPrincipal;
-   return NS_OK;
+	* privMan = privilegeManager;
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCCapsManager::CreateCodebasePrincipal(const char * codebaseURL, nsIPrincipal * * prin)
+{
+	return nsPrincipalManager::GetPrincipalManager()->CreateCodebasePrincipal(codebaseURL, prin);
+}
+
+NS_IMETHODIMP
+nsCCapsManager::CreateCertificatePrincipal(const unsigned char **certChain, PRUint32 * certChainLengths, 
+											PRUint32 noOfCerts, nsIPrincipal** prin)
+{
+	return nsPrincipalManager::GetPrincipalManager()->CreateCertificatePrincipal(certChain,certChainLengths,noOfCerts,prin);
 }

-/**
-* Returns the permission for given principal and target
-*
-* @param prin   - is either certificate principal or codebase principal
-* @param target - is NS_ALL_PRIVILEGES.
-* @param state  - the return value is passed in this parameter.
-*/
 NS_METHOD
 nsCCapsManager::GetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 * privilegeState)
 {
@ -107,24 +93,16 @@ nsCCapsManager::GetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRI
 	nsresult result = NS_OK;
 	if( target == NULL ) return NS_OK;
 	if (privilegeManager != NULL) {
-		nsIPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
+		nsIPrivilege * privilege;
+		privilegeManager->GetPrincipalPrivilege(target, prin, NULL, & privilege);
 // ARIEL WORK ON THIS SHIT
 //		* privilegeState = this->ConvertPrivilegeToPermission(privilege);
 	}
 	return NS_OK;
 }

-/**
-* Set the permission state for given principal and target. This wouldn't 
-* prompt the end user with UI.
-*
-* @param prin   - is either certificate principal or codebase principal
-* @param target - is NS_ALL_PRIVILEGES.
-* @param state  - is permisson state that should be set for the given prin
-*                 and target parameters.
-*/
 NS_METHOD
-nsCCapsManager::SetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 * privilegeState)
+nsCCapsManager::SetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 privilegeState)
 {
 	nsITarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
 	if(target == NULL ) return NS_OK;
@ -136,26 +114,19 @@ nsCCapsManager::SetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRI
 	return NS_OK;
 }

-/**
-* Prompts the user if they want to grant permission for the given principal and 
-* for the given target. 
-*
-* @param prin   - is either certificate principal or codebase principal
-* @param target - is NS_ALL_PRIVILEGES.
-* @param result - is the permission user has given for the given principal and 
-*                 target
-*/
 NS_METHOD
 nsCCapsManager::AskPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 * privilegeState)
 {
-	nsITarget *target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
+	nsITarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
 	if( target == NULL ) {
-	   * privilegeState = nsIPrivilege::PrivilegeState_Blank;
-	   return NS_OK;
+		* privilegeState = nsIPrivilege::PrivilegeState_Blank;
+		return NS_OK;
 	}
 	if (privilegeManager != NULL) {
-	   privilegeManager->AskPermission(prin, target, NULL);
-	   nsIPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
+		PRBool perm;
+		privilegeManager->AskPermission(prin, target, NULL, & perm);
+		nsIPrivilege * privilege;
+		privilegeManager->GetPrincipalPrivilege(target, prin, NULL,& privilege);
  //	   * privilegeState = ConvertPrivilegeToPermission(privilege);
 	}
 	return NS_OK;
@ -170,15 +141,10 @@ nsCCapsManager::AskPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRI
 NS_METHOD
 nsCCapsManager::Initialize(PRBool * result)
 {
-	*result = nsCapsInitialize();
+	* result = nsCapsInitialize();
 	return NS_OK;
 }

-/**
-	* Initializes the capabilities frame walking code.
-	*
-	* @param aInterface - interface for calling frame walking code.
-	*/
 NS_METHOD
 nsCCapsManager::InitializeFrameWalker(nsICapsSecurityCallbacks* aInterface)
 {
@ -186,16 +152,10 @@ nsCCapsManager::InitializeFrameWalker(nsICapsSecurityCallbacks* aInterface)
 	return NS_OK;
 }

-/**
- * Registers the given Principal with the system.
- *
- * @param prin   - is either certificate principal or codebase principal
- * @param result - is true if principal was successfully registered with the system
- */
 NS_METHOD
 nsCCapsManager::RegisterPrincipal(nsIPrincipal * prin)
 {
-	if (privilegeManager != NULL) privilegeManager->RegisterPrincipal(prin);
+//	if (principalManager != NULL) privilegeManager->RegisterPrincipal(prin);
 	return NS_OK;
 }

@ -211,18 +171,18 @@ nsCCapsManager::RegisterPrincipal(nsIPrincipal * prin)
 *                  target
 */
 NS_METHOD
-nsCCapsManager::EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
+nsCCapsManager::EnablePrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool * ret_val)
 {
-   nsITarget *target = nsTarget::FindTarget((char*)targetName);
-   nsresult result = NS_OK;
-   if( target == NULL )
-   {
-      *ret_val = PR_FALSE;
-      return NS_OK;
-   }
-   if (privilegeManager != NULL)
-      *ret_val = privilegeManager->EnablePrivilege(context, target, callerDepth);
-   return NS_OK;
+	nsITarget *target = nsTarget::FindTarget((char*)targetName);
+	nsresult result = NS_OK;
+	if( target == NULL )
+	{
+		* ret_val = PR_FALSE;
+		return NS_OK;
+	}
+//	if (privilegeManager != NULL)
+//		ret_val = privilegeManager->EnablePrivilege(context, target, NULL, callerDepth, ret_val);
+	return NS_OK;
 }

 /**
@ -237,35 +197,22 @@ nsCCapsManager::EnablePrivilege(void* context, const char* targetName, PRInt32 c
 *                 target
 */
 NS_METHOD
-nsCCapsManager::IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
+nsCCapsManager::IsPrivilegeEnabled(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
 {
-   nsITarget *target = nsTarget::FindTarget((char*)targetName);
-   nsresult result = NS_OK;
-   if( target == NULL )
-   {
-      *ret_val = PR_FALSE;
-      return NS_OK;
-   }
-   if (privilegeManager != NULL)
-   {
-      *ret_val = privilegeManager->IsPrivilegeEnabled(context, target, callerDepth);
-   }
-   return NS_OK;
+	nsITarget *target = nsTarget::FindTarget((char*)targetName);
+	nsresult result = NS_OK;
+	if( target == NULL )
+	{
+		* ret_val = PR_FALSE;
+		return NS_OK;
+	}
+	if (privilegeManager != NULL)
+		privilegeManager->IsPrivilegeEnabled(context, target, callerDepth, ret_val);
+	return NS_OK;
 }

-/**
- * Reverts the permission (granted/denied) user gave for the principal located
- * at the given stack depth for the given target. 
- *
- * @param context      - is the parameter JS needs to determinte the principal 
- * @param targetName   - is the name of the target.
- * @param callerDepth  - is the depth of JS stack frame, which JS uses to determinte the 
- *                       principal 
- * @param ret_val - is true if user has given permission for the given principal and 
- *                 target
- */
 NS_METHOD
-nsCCapsManager::RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
+nsCCapsManager::RevertPrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
 {
 	nsITarget *target = nsTarget::FindTarget((char*)targetName);
 	nsresult result = NS_OK;
@ -274,23 +221,12 @@ nsCCapsManager::RevertPrivilege(void* context, const char* targetName, PRInt32 c
 		return NS_OK;
 	}
 	if (privilegeManager != NULL)
-		* ret_val = privilegeManager->RevertPrivilege(context, target, callerDepth);
+		privilegeManager->RevertPrivilege(context, target, callerDepth,ret_val);
 	return NS_OK;
 }

-/**
- * Disable permissions for the principal located at the given stack depth for the 
- * given target. 
- *
- * @param context      - is the parameter JS needs to determinte the principal 
- * @param targetName   - is the name of the target.
- * @param callerDepth  - is the depth of JS stack frame, which JS uses to determinte the 
- *                       principal 
- * @param ret_val - is true if user has given permission for the given principal and 
- *                 target
- */
 NS_METHOD
-nsCCapsManager::DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
+nsCCapsManager::DisablePrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
 {
 	nsITarget *target = nsTarget::FindTarget((char*)targetName);
 	nsresult result = NS_OK;
@ -299,72 +235,10 @@ nsCCapsManager::DisablePrivilege(void* context, const char* targetName, PRInt32
 		return NS_OK;
 	}
 	if (privilegeManager != NULL)
-		* ret_val = privilegeManager->DisablePrivilege(context, target, callerDepth);
+		privilegeManager->DisablePrivilege(context, target, callerDepth,ret_val);
 	return NS_OK;
 }

-/* XXX: Some of the arguments for the following interfaces may change.
- * This is a first cut. I need to talk to joki. We should get rid of void* parameters.
- */
-NS_METHOD
-nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType)
-{
-	nsresult result = NS_OK;
-	* comparisonType = nsPrivilegeManager::SetComparisonType_NoSubset;
-	if (privilegeManager != NULL) {
-		nsPrincipalArray * newPrin1Array=NULL;
-		nsPrincipalArray * newPrin2Array=NULL;
-		result = GetNSPrincipalArray((nsPrincipalArray*) prin1Array, &newPrin1Array);
-		if (result != NS_OK) return result;
-		result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array);
-		if (result != NS_OK) return result;
-		* comparisonType = privilegeManager->ComparePrincipalArray(newPrin1Array, newPrin2Array);
-		nsCapsFreePrincipalArray(newPrin1Array);
-		nsCapsFreePrincipalArray(newPrin2Array);
-	}
-	return NS_OK;
-}
-
-NS_METHOD
-nsCCapsManager::IntersectPrincipalArray(void * prin1Array, void * prin2Array, void * * ret_val)
-{
-	nsresult result = NS_OK;
-	*ret_val = NULL;
-	if (privilegeManager != NULL) {
-		nsPrincipalArray *newPrin1Array=NULL;
-		nsPrincipalArray *newPrin2Array=NULL;
-		nsPrincipalArray *intersectPrinArray=NULL;
-		result = this->GetNSPrincipalArray((nsPrincipalArray*) prin1Array, &newPrin1Array);
-		if (result != NS_OK) return result;
-		result = this->GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array);
-		if (result != NS_OK) return result;
-		intersectPrinArray = privilegeManager->IntersectPrincipalArray(newPrin1Array, newPrin2Array);
-		this->CreateNSPrincipalArray(intersectPrinArray, (nsPrincipalArray**)ret_val);
-		nsCapsFreePrincipalArray(newPrin1Array);
-		nsCapsFreePrincipalArray(newPrin2Array);
-	}
-	return NS_OK;
-}
-
-NS_METHOD
-nsCCapsManager::CanExtendTrust(void * fromPrinArray, void * toPrinArray, PRBool * ret_val)
-{
-	nsresult result = NS_OK;
-	if (privilegeManager != NULL) {
-		nsPrincipalArray *newPrin1Array=NULL;
-		nsPrincipalArray *newPrin2Array=NULL;
-		result = this->GetNSPrincipalArray((nsPrincipalArray*) fromPrinArray, &newPrin1Array);
-		if (result != NS_OK) return result;
-		result = this->GetNSPrincipalArray((nsPrincipalArray*) toPrinArray, &newPrin2Array);
-		if (result != NS_OK) return result;
-		*ret_val = privilegeManager->CanExtendTrust(newPrin1Array, newPrin2Array);
-		nsCapsFreePrincipalArray(newPrin1Array);
-		nsCapsFreePrincipalArray(newPrin2Array);
-	}
-	return NS_OK;
-}
-
-
 /* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */
 /**************
 //Principals must be created by type, the nsPrincipal data member is deprecated
@ -386,21 +260,15 @@ nsCCapsManager::NewPrincipal(PRInt16 *principalType, void* key, PRUint32 key_len
 //XXX: nsPrincipal struct if deprecated, access as nsIPrincipal
 //do not use IsCodebaseExact, Tostring, or any other of the principal specific objects from here

-NS_METHOD
-nsCCapsManager::NewPrincipalArray(PRUint32 count, void* *ret_val)
-{
-  *ret_val = nsCapsNewPrincipalArray(count);
-  return NS_OK;
-}
-
 /*
 * CreateMixedPrincipalArray take codebase and  ZIG file information and returns a
 * pointer to an array of nsIPrincipal objects.
+
 */
+ /*
 NS_METHOD
-nsCCapsManager::CreateMixedPrincipalArray(void *aZig, char* name, const char* codebase, void** result)
+nsCCapsManager::CreateMixedPrincipalArray(void *aZig, const char * name, const char* codebase, nsIPrincipalArray * * result)
 {
-	/*
 	*result = NULL;
 	PRBool hasCodebase;
 	int i;
@ -443,58 +311,18 @@ nsCCapsManager::CreateMixedPrincipalArray(void *aZig, char* name, const char* co
 		RegisterPrincipal(principal, NULL);
 		SetPrincipalArrayElement(*result, i++, principal);
 	}
-	*/
 	return NS_OK;
 }
-
-NS_METHOD
-nsCCapsManager::FreePrincipalArray(void *prinArray)
-{
-    nsCapsFreePrincipalArray(prinArray);
-    return NS_OK;
-}
-
-NS_METHOD
-nsCCapsManager::GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *ret_val)
-{
-	//method is deprecated, Principals must be accessed and indexed as nsIPrincipals, not by data member
-	/*
- nsIPrincipal* pNSIPrincipal;
- nsPrincipal *pNSPrincipal = (nsPrincipal *)nsCapsGetPrincipalArrayElement(prinArrayArg, index);
- (pNSPrincipal->isCodebase()) ?
-     pNSIPrincipal = (nsIPrincipal*)new nsCodebasePrincipal(pNSPrincipal)
-	 :
-     pNSIPrincipal = (nsIPrincipal*)new nsCertificatePrincipal(pNSPrincipal);
- }
-
- *ret_val = pNSIPrincipal;
- */
- *ret_val = NULL;
-  return NS_OK;
-}
-
-NS_METHOD
-nsCCapsManager::SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal)
-{
-  nsCapsSetPrincipalArrayElement(prinArrayArg, index, principal);
-  return NS_OK;
-}
-
-NS_METHOD
-nsCCapsManager::GetPrincipalArraySize(void *prinArrayArg, PRUint32 *ret_val)
-{
-  *ret_val = nsCapsGetPrincipalArraySize(prinArrayArg);
-  return NS_OK;
-}
+*/

 /* The following interfaces will replace all of the following old calls.
 * nsCapsGetPermission(struct nsPrivilege *privilege)
 * nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsITarget *target)
 */
 NS_METHOD
-nsCCapsManager::IsAllowed(void *annotation, char* targetName, PRBool *ret_val)
+nsCCapsManager::IsAllowed(void *annotation, const char * targetName, PRBool * ret_val)
 {
-	nsITarget *target = nsTarget::FindTarget(targetName);
+	nsITarget *target = nsTarget::FindTarget((char *)targetName);
 	nsresult result = NS_OK;
 	if( target == NULL ) {
 		*ret_val = PR_FALSE;
@ -511,15 +339,11 @@ nsCCapsManager::IsAllowed(void *annotation, char* targetName, PRBool *ret_val)
 	return NS_OK;
 }

-
-////////////////////////////////////////////////////////////////////////////
-// from nsCCapsManager:
-
-nsCCapsManager::nsCCapsManager(nsISupports *aOuter):privilegeManager(NULL) 
+nsCCapsManager::nsCCapsManager(nsISupports * aOuter):privilegeManager(NULL) 
 {
 	NS_INIT_AGGREGATED(aOuter);
-	PRBool result;
-	privilegeManager = (Initialize(&result) == NS_OK) ? new nsPrivilegeManager(): NULL;
+//	PRBool result;
+//	privilegeManager = (Initialize(& result) == NS_OK) ? new nsPrivilegeManager(): NULL;
 }

 nsCCapsManager::~nsCCapsManager()
@ -527,8 +351,8 @@ nsCCapsManager::~nsCCapsManager()
 }

 void
-nsCCapsManager::CreateNSPrincipalArray(nsPrincipalArray* prinArray, 
-                                       nsPrincipalArray* *pPrincipalArray)
+nsCCapsManager::CreateNSPrincipalArray(nsIPrincipalArray* prinArray, 
+                                       nsIPrincipalArray* *pPrincipalArray)
 {
 	//prin arrays will either be removed, or updated to use the nsIPrincipal Object
 /*
@ -552,11 +376,13 @@ nsCCapsManager::CreateNSPrincipalArray(nsPrincipalArray* prinArray,
 *pPrincipalArray = newPrinArray;
 */
 }
+/*
 NS_METHOD
 nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray, 
                                    nsPrincipalArray* *pPrincipalArray)
 {
-/*
+
+
 nsIPrincipal* pNSIPrincipal;
 nsIPrincipal *pNSPrincipal  = NULL;
 nsresult result = NS_OK;
@ -577,9 +403,9 @@ nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray,
 }
 *pPrincipalArray = newPrinArray;
 return result;
- */
 return NS_OK;
 }
+*/
 /*
 NS_METHOD
 nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPrincipal)
@ -705,9 +531,19 @@ nsCCapsManager::ConvertPermissionToPrivilege(nsPermission state)
 void
 nsCCapsManager::SetSystemPrivilegeManager()
 {
-	nsPrivilegeManager *pNSPrivilegeManager = nsPrivilegeManager::GetPrivilegeManager();
+	nsIPrivilegeManager * pNSPrivilegeManager = (nsIPrivilegeManager *)nsPrivilegeManager::GetPrivilegeManager();
 	if ((privilegeManager  != NULL ) && (privilegeManager != pNSPrivilegeManager)) {
 		delete privilegeManager;
 		privilegeManager = pNSPrivilegeManager;
 	}
 }
+
+void
+nsCCapsManager::SetSystemPrincipalManager()
+{
+	nsIPrincipalManager * prinMan = (nsIPrincipalManager *)nsPrincipalManager::GetPrincipalManager();
+	if ((principalManager != NULL ) && (principalManager != prinMan)) {
+		delete principalManager;
+		principalManager = prinMan;
+	}
+}
--- a/caps/src/nsCaps.cpp
+++ b/caps/src/nsCaps.cpp
@ -22,6 +22,7 @@
 #include "prmon.h"
 #include "prlog.h"
 #include "nsCaps.h"
+#include "nsPrincipalManager.h"
 #include "nsPrivilegeManager.h"
 #include "nsIPrincipal.h"
 #include "nsCertificatePrincipal.h"
@ -66,11 +67,11 @@ nsCapsInitialize()
 //	sysPrin = CreateSystemPrincipal("java40.jar", "java/lang/Object.class");
 #endif
 */
-	if (sysPrin == NULL) {
-		nsresult res;
-		sysPrin = new nsCertificatePrincipal((PRInt16 *)nsIPrincipal::PrincipalType_Certificate,(const unsigned char **) "52:54:45:4e:4e:45:54:49", 
-									(unsigned int *)strlen("52:54:45:4e:4e:45:54:49"),1,& res);
-  }
+//	if (sysPrin == NULL) {
+//		nsresult res;
+//		sysPrin = new nsCertificatePrincipal((PRInt16 *)nsIPrincipal::PrincipalType_Certificate,(const unsigned char **) "52:54:45:4e:4e:45:54:49", 
+//									(unsigned int *)strlen("52:54:45:4e:4e:45:54:49"),1,& res);
+//  }
  nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
  if (nsPrivManager == NULL) {
    nsPrivilegeManagerInitialize();
@ -107,61 +108,78 @@ nsCapsRegisterPrincipal(class nsIPrincipal *principal)
 PR_IMPLEMENT(PRBool) 
 nsCapsEnablePrivilege(void * context, class nsITarget * target, PRInt32 callerDepth)
 {
-	nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? PR_FALSE : nsPrivManager->EnablePrivilege(context, target, callerDepth);
+	if (nsPrivilegeManager::GetPrivilegeManager() == NULL) return PR_FALSE;
+	else {
+		PRBool result;
+		nsPrivilegeManager::GetPrivilegeManager()->EnablePrivilege((nsIScriptContext *)context, target, NULL, callerDepth,& result);
+		return result;
+	}
 }

 PR_IMPLEMENT(PRBool) 
 nsCapsIsPrivilegeEnabled(void* context, class nsITarget *target, PRInt32 callerDepth)
 {
-	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? PR_FALSE : nsPrivManager->IsPrivilegeEnabled(context, target, callerDepth);
+	if (nsPrivilegeManager::GetPrivilegeManager() == NULL) return PR_FALSE;
+	else {
+		PRBool result;
+		nsPrivilegeManager::GetPrivilegeManager()->IsPrivilegeEnabled((nsIScriptContext *)context, target, callerDepth,& result);
+		return result;
+	}
 }

 PR_IMPLEMENT(PRBool) 
 nsCapsRevertPrivilege(void* context, class nsITarget * target, PRInt32 callerDepth)
 {
-	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL ) ? PR_FALSE : nsPrivManager->RevertPrivilege(context, target, callerDepth);
+	if (nsPrivilegeManager::GetPrivilegeManager() == NULL ) return PR_FALSE;
+	else {
+		PRBool result;
+		nsPrivilegeManager::GetPrivilegeManager()->RevertPrivilege((nsIScriptContext *)context, target, callerDepth,& result);
+		return result;
+	}
 }

 PR_IMPLEMENT(PRBool) 
 nsCapsDisablePrivilege(void* context, class nsITarget * target, PRInt32 callerDepth)
 {
-	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? PR_FALSE : nsPrivManager->DisablePrivilege(context, target, callerDepth);
+	if (nsPrivilegeManager::GetPrivilegeManager() == NULL) return PR_FALSE;
+	else {
+		PRBool result;
+		nsPrivilegeManager::GetPrivilegeManager()->DisablePrivilege((nsIScriptContext *)context, target, callerDepth,& result);
+		return result;
+	}
 }

 PR_IMPLEMENT(void*) 
 nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth)
 {
-	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? NULL 
-	: (void *)nsPrivManager->GetClassPrincipalsFromStack(context, callerDepth);
+	nsPrincipalManager * nsPrinManager = nsPrincipalManager::GetPrincipalManager();
+	return (nsPrinManager == NULL) ? NULL 
+	: (void *)nsPrinManager->GetClassPrincipalsFromStack((nsIScriptContext *)context, callerDepth);
 }

-PR_IMPLEMENT(PRInt16) 
-nsCapsComparePrincipalArray(void * prin1Array, void * prin2Array)
-{
-	nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? nsPrivilegeManager::SetComparisonType_NoSubset 
-	: nsPrivManager->ComparePrincipalArray((nsPrincipalArray*)prin1Array, (nsPrincipalArray*)prin2Array);
-}
+//PR_IMPLEMENT(PRInt16) 
+//nsCapsComparePrincipalArray(void * prin1Array, void * prin2Array)
+//{
+//	nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
+//	return (nsPrivManager == NULL) ? nsPrivilegeManager::SetComparisonType_NoSubset 
+//	: nsPrivManager->ComparePrincipalArray((nsPrincipalArray*)prin1Array, (nsPrincipalArray*)prin2Array);
+//}

-PR_IMPLEMENT(void*) 
-nsCapsIntersectPrincipalArray(void* prin1Array, void* prin2Array)
-{
-	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? NULL 
-	: nsPrivManager->IntersectPrincipalArray((nsPrincipalArray*)prin1Array, (nsPrincipalArray*)prin2Array);
-}
+//PR_IMPLEMENT(void*) 
+//nsCapsIntersectPrincipalArray(void* prin1Array, void* prin2Array)
+//{
+//	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
+//	return (nsPrivManager == NULL) ? NULL 
+//	: nsPrivManager->IntersectPrincipalArray((nsPrincipalArray*)prin1Array, (nsPrincipalArray*)prin2Array);
+//}

 PR_IMPLEMENT(PRBool) 
 nsCapsCanExtendTrust(void* from, void* to)
 {
-	nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
-	return (nsPrivManager == NULL) ? PR_FALSE
-	: nsPrivManager->CanExtendTrust((nsPrincipalArray *)from, (nsPrincipalArray *)to);
+	nsPrincipalManager * nsPrinManager = nsPrincipalManager::GetPrincipalManager();
+	PRBool result = PR_FALSE;
+	if (nsPrinManager != NULL) nsPrinManager->CanExtendTrust((nsIPrincipalArray *)from, (nsIPrincipalArray *)to,& result);
+	return result;
 }

 /* wrappers for nsPrincipal object */
@ -200,46 +218,6 @@ nsCapsPrincipalGetVendor(class nsIPrincipal *principal)
 	return NULL;
 }
 */
-PR_EXTERN(void *) 
-nsCapsNewPrincipalArray(PRUint32 count)
-{
-	nsPrincipalArray *prinArray = new nsPrincipalArray();
-	prinArray->SetSize(count, 1);
-	return prinArray;
-}
-
-PR_EXTERN(void) 
-nsCapsFreePrincipalArray(void *prinArrayArg)
-{
-	nsPrincipalArray *prinArray = (nsPrincipalArray *)prinArrayArg;
-	if (prinArray) {
-		prinArray->RemoveAll();
-		delete prinArray;
-	}
-}
-
-PR_EXTERN(void *) 
-nsCapsGetPrincipalArrayElement(void *prinArrayArg, PRUint32 index)
-{
-	nsPrincipalArray *prinArray = (nsPrincipalArray *)prinArrayArg;
-	return (prinArray == NULL) ? NULL : prinArray->Get(index);
-}
-
-PR_EXTERN(void) 
-nsCapsSetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, void *element)
-{
-	nsPrincipalArray *prinArray = (nsPrincipalArray *)prinArrayArg;
-	if (prinArray == NULL) return;
-	prinArray->Set(index, element);
-}
-
-PR_EXTERN(PRUint32) 
-nsCapsGetPrincipalArraySize(void *prinArrayArg) 
-{
-  nsPrincipalArray *prinArray = (nsPrincipalArray *)prinArrayArg;
-  return (prinArray == NULL) ? 0 : prinArray->GetSize();
-}
-
 /* wrappers for nsTarget object */
 PR_IMPLEMENT(class nsITarget *) 
 nsCapsFindTarget(char * name)
--- a/caps/src/nsCertificatePrincipal.cpp
+++ b/caps/src/nsCertificatePrincipal.cpp
@ -23,10 +23,9 @@ static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
 NS_IMPL_ISUPPORTS(nsCertificatePrincipal, kICertificatePrincipalIID);

 NS_IMETHODIMP
-nsCertificatePrincipal::GetPublicKey(char ** publicKey, PRUint32 * publicKeyLength)
+nsCertificatePrincipal::GetPublicKey(char ** publicKey)
 {
-	publicKey = & this->itsKey;
-	publicKeyLength = & this->itsKeyLength;
+	* publicKey = (char *)this->itsKey;
 	return (itsKey == NULL) ? NS_ERROR_ILLEGAL_VALUE : NS_OK;
 }

@ -98,10 +97,16 @@ nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
 	return NS_OK;
 }

-nsCertificatePrincipal::nsCertificatePrincipal(PRInt16 * type, const unsigned char **certChain, 
-								PRUint32 *certChainLengths, PRUint32 noOfCerts, nsresult *result)
+nsCertificatePrincipal::nsCertificatePrincipal(PRInt16 type, const char * key)
 {
-	this->itsType = * type;
+	this->itsType = type;
+	this->itsKey = key;
+}
+
+nsCertificatePrincipal::nsCertificatePrincipal(PRInt16 type, const unsigned char **certChain, 
+								PRUint32 *certChainLengths, PRUint32 noOfCerts)
+{
+	this->itsType = type;
 	/*
   m_pNSPrincipal = new nsPrincipal(nsPrincipalType_CertChain, certChain, 
                                    certChainLengths, noOfCerts);
--- a/caps/src/nsCodebasePrincipal.cpp
+++ b/caps/src/nsCodebasePrincipal.cpp
@ -26,28 +26,28 @@ NS_IMPL_ISUPPORTS(nsCodebasePrincipal, kICodebasePrincipalIID);
 NS_IMETHODIMP
 nsCodebasePrincipal::GetURL(char **cburl)
 {
-	cburl = (char **)&codeBaseURL;
+	* cburl = (char *)itsCodeBaseURL;
 	return NS_OK;
 }

 NS_IMETHODIMP
 nsCodebasePrincipal::IsCodebaseExact(PRBool * result)
 {
-	* result = (this->itsType == (PRInt16 *)nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE;
+	* result = (this->itsType == nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE;
 	return NS_OK;
 }

 NS_IMETHODIMP
 nsCodebasePrincipal::IsCodebaseRegex(PRBool * result)
 {
-	* result = (itsType == (PRInt16 *)nsIPrincipal::PrincipalType_CodebaseRegex) ? PR_TRUE : PR_FALSE;
+	* result = (itsType == nsIPrincipal::PrincipalType_CodebaseRegex) ? PR_TRUE : PR_FALSE;
 	return NS_OK;
 }

 NS_IMETHODIMP
 nsCodebasePrincipal::GetType(PRInt16 * type)
 {
-	type = itsType;
+	* type = itsType;
 	return NS_OK;
 }

@ -63,7 +63,7 @@ nsCodebasePrincipal::IsSecure(PRBool * result)
 }

 NS_IMETHODIMP
-nsCodebasePrincipal::ToString(char **result)
+nsCodebasePrincipal::ToString(char * * result)
 {
 	return NS_OK;
 }
@ -78,15 +78,23 @@ nsCodebasePrincipal::HashCode(PRUint32 * code)
 NS_IMETHODIMP
 nsCodebasePrincipal::Equals(nsIPrincipal * other, PRBool * result)
 {
-	PRInt16 * oType = 0;
-	other->GetType(oType);
-	*result = (itsType == oType) ? PR_TRUE : PR_FALSE;	
+	PRInt16 oType = 0;
+//	char ** oCodeBase;
+	other->GetType(& oType);
+	* result = (itsType == oType) ? PR_TRUE : PR_FALSE;	
+//XXXariel fix this
+//	if (* result) {
+//		nsICodebasePrincipal * cbother = (nsCodebasePrincipal)other;
+//		cbother->GetURL(& oCodeBase);
+//	}
+//	* result = (itsCodebase == oCodeBase) ? PR_TRUE : PR_FALSE;	
 	return NS_OK;
 }
-nsCodebasePrincipal::nsCodebasePrincipal(PRInt16 * type, const char * codeBaseURL)
+
+nsCodebasePrincipal::nsCodebasePrincipal(PRInt16 type, const char * codeBaseURL)
 {
-	this->itsType=type;
-	this->codeBaseURL=codeBaseURL;
+	this->itsType = type;
+	this->itsCodeBaseURL = codeBaseURL;
 }

 nsCodebasePrincipal::~nsCodebasePrincipal(void)
--- a/caps/src/nsPrincipalArray.cpp
+++ b/caps/src/nsPrincipalArray.cpp
@ -0,0 +1,141 @@
+#include "nsPrincipalArray.h"
+
+static NS_DEFINE_IID(kIPrincipalArrayIID, NS_IPRINCIPALARRAY_IID);
+
+NS_IMPL_ISUPPORTS(nsPrincipalArray, kIPrincipalArrayIID);
+nsPrincipalArray::nsPrincipalArray(void)
+{
+	nsPrincipalArray(0);
+}
+
+nsPrincipalArray::nsPrincipalArray(PRUint32 count)
+{
+	nsVector * itsArray = new nsVector();
+	itsArray->SetSize(count, 1);
+}
+nsPrincipalArray::~nsPrincipalArray(void)
+{
+	this->FreePrincipalArray();
+}
+
+NS_IMETHODIMP
+nsPrincipalArray::SetPrincipalArrayElement(PRUint32 index, nsIPrincipal * principal)
+{
+	if (itsArray != NULL) this->itsArray->Set(index, principal);
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalArray::GetPrincipalArraySize(PRUint32 * size)
+{
+	* size = (itsArray == NULL) ? 0 : itsArray->GetSize();
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalArray::FreePrincipalArray()
+{
+	if (itsArray) {
+		itsArray->RemoveAll();
+		delete itsArray;
+	}
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalArray::AddPrincipalArrayElement(nsIPrincipal * principal)
+{
+	if(!itsArray) itsArray = new nsVector();
+	itsArray->Add(principal);
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalArray::GetPrincipalArrayElement(PRUint32 index, nsIPrincipal * * result)
+{
+	* result = (itsArray == NULL) ? NULL : (nsIPrincipal *) itsArray->Get(index);
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalArray::ComparePrincipalArray(nsIPrincipalArray * other, PRInt16 * comparisonType)
+{
+	nsHashtable * p2Hashtable = new nsHashtable();
+	PRBool value;
+	nsIPrincipal * prin;
+	PRUint32 i;
+	other->GetPrincipalArraySize(& i);
+	for (i; i-- > 0;) {
+		other->GetPrincipalArrayElement(i,& prin);
+		PrincipalKey prinKey(prin);
+		p2Hashtable->Put(& prinKey, (void *)PR_TRUE);
+	}
+	this->GetPrincipalArraySize(& i);
+	for (i; i-- > 0;) {
+		this->GetPrincipalArrayElement(i,& prin);
+		PrincipalKey prinKey(prin);
+		value = (PRBool)p2Hashtable->Get(&prinKey);
+		if (!value)
+		{
+			* comparisonType = nsPrincipalArray::SetComparisonType_NoSubset;
+			return NS_OK;
+		}
+		if (value == PR_TRUE) p2Hashtable->Put(&prinKey, (void *)PR_FALSE);
+	}
+	other->GetPrincipalArraySize(& i);
+	for (i; i-- > 0;) {
+		other->GetPrincipalArrayElement(i,& prin);
+		PrincipalKey prinKey(prin);
+		value = (PRBool)p2Hashtable->Get(&prinKey);
+		if (value == PR_TRUE)
+		{
+			* comparisonType = nsPrincipalArray::SetComparisonType_ProperSubset;
+			return NS_OK;
+		}
+	}
+	* comparisonType = nsPrincipalArray::SetComparisonType_Equal;
+	return NS_OK;
+}
+
+NS_METHOD
+nsPrincipalArray::IntersectPrincipalArray(nsIPrincipalArray * other, nsIPrincipalArray * * result)
+{
+	PRUint32 thisLength = 0, otherLength = 0;
+	this->GetPrincipalArraySize(& thisLength);
+	other->GetPrincipalArraySize(& otherLength);
+	nsVector * in = new nsVector();
+	PRUint32 count = 0;
+	nsIPrincipal * prin1, * prin2;
+	PRUint32 i = 0, j=0;
+	in->SetSize(thisLength, 1);
+	PRUint32 inLength = in->GetSize();
+	for (i=0; i < thisLength; i++) {
+		for (j=0; j < otherLength; j++) {
+			this->GetPrincipalArrayElement(i,& prin1);
+			other->GetPrincipalArrayElement(j,& prin2);
+			PRBool eq;
+			prin1->Equals(prin2, & eq);
+			if (eq) {
+				in->Set(i, (void *)PR_TRUE);
+				count++;
+				break;
+			} else {
+				in->Set(i, (void *)PR_FALSE);
+			}
+		}
+	}
+	* result = new nsPrincipalArray(count);
+	PRBool doesIntersect;
+	PR_ASSERT(inLength == thisLength);
+	PR_ASSERT(inLength == inLength);
+	for (i=0; i < inLength; i++) {
+		doesIntersect = (PRBool)in->Get(i);
+		if (doesIntersect) {
+			PR_ASSERT(j < count);
+			this->GetPrincipalArrayElement(i,& prin1);
+			(* result)->SetPrincipalArrayElement(j, prin1);
+			j++;
+		}
+	}
+	return NS_OK;
+}
--- a/caps/src/nsPrincipalManager.cpp
+++ b/caps/src/nsPrincipalManager.cpp
@ -0,0 +1,316 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+
+#include "prmem.h"
+#include "prmon.h"
+#include "prlog.h"
+#include "prprf.h"
+#include "plbase64.h"
+#include "plstr.h"
+#include "nsPrincipalManager.h"
+#include "nsPrincipalArray.h"
+#include "nsCaps.h"
+#include "nsCertificatePrincipal.h"
+#include "nsCodebasePrincipal.h"
+
+#define UNSIGNED_PRINCIPAL_KEY "4a:52:4f:53:4b:49:4e:44"
+#define UNKNOWN_PRINCIPAL_KEY "52:4f:53:4b:49:4e:44:4a"
+
+static nsIPrincipal * theSystemPrincipal = NULL;
+static nsIPrincipal * theUnsignedPrincipal = NULL;
+static nsIPrincipal * theUnknownPrincipal = NULL;
+static nsIPrincipalArray * theUnknownPrincipalArray = NULL;
+static nsIPrincipalArray * theUnsignedPrincipalArray = NULL;
+char * gListOfPrincipals;
+
+
+static PRBool GetPrincipalString(nsHashKey * aKey, void * aData, void * closure);
+static nsPrincipalManager * thePrincipalManager = NULL;
+
+static NS_DEFINE_IID(kIPrincipalManagerIID, NS_IPRINCIPALMANAGER_IID);
+
+NS_IMPL_ISUPPORTS(nsPrincipalManager, kIPrincipalManagerIID);
+
+nsIPrincipal * 
+nsPrincipalManager::GetSystemPrincipal(void)
+{
+	return theSystemPrincipal;
+}
+nsIPrincipal * 
+nsPrincipalManager::GetUnsignedPrincipal(void)
+{
+	return theUnsignedPrincipal;
+}
+
+nsIPrincipal * 
+nsPrincipalManager::GetUnknownPrincipal(void)
+{
+	return theUnknownPrincipal;
+}
+
+PRBool 
+nsPrincipalManager::HasSystemPrincipal(nsIPrincipalArray * prinArray)
+{
+	nsIPrincipal * sysPrin = nsPrincipalManager::GetSystemPrincipal();
+	nsIPrincipal * prin;
+	if (sysPrin == NULL) return PR_FALSE;
+	PRUint32 i;
+	prinArray->GetPrincipalArraySize(& i);
+	for (i; i-- > 0;) {
+		prinArray->GetPrincipalArrayElement(i,& prin);
+		PRBool result;
+		sysPrin->Equals(prin, & result);
+		if (result) return PR_TRUE;
+	}
+	return PR_FALSE;
+}
+
+NS_IMETHODIMP
+nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIPrincipal * * prin) {
+	* prin = new nsCodebasePrincipal(nsIPrincipal::PrincipalType_CodebaseExact, codebaseURL);
+	if (prin == NULL) return NS_ERROR_OUT_OF_MEMORY;
+	(* prin)->AddRef();
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalManager::CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin)
+{
+	* prin = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate,
+											 certChain, certChainLengths, noOfCerts);
+	if (!prin) return NS_ERROR_OUT_OF_MEMORY;
+	(* prin)->AddRef();
+	return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsPrincipalManager::CanExtendTrust(nsIPrincipalArray * from, nsIPrincipalArray * to, PRBool * result)
+{
+	if ((from == NULL) || (to == NULL)) {
+		* result = PR_FALSE;
+		return NS_OK;
+	}
+	nsIPrincipalArray * intersect;
+	from->IntersectPrincipalArray(to,& intersect);
+	PRUint32 intersectSize = 0, fromSize = 0;
+	intersect->GetPrincipalArraySize(& intersectSize);
+	from->GetPrincipalArraySize(& fromSize);
+	if (intersectSize == fromSize) {
+		* result = PR_TRUE;
+		return NS_OK;
+	}
+	if (intersectSize == 0 || (intersectSize != (fromSize - 1))) return PR_FALSE;
+	nsIPrincipal * prin;
+	PRUint32 i;
+	for (i=0; i < intersectSize; i++) {
+		intersect->GetPrincipalArrayElement(i, & prin);
+		PRInt16 prinType = nsIPrincipal::PrincipalType_Unknown;
+		prin->GetType(& prinType);
+		if (prinType == nsIPrincipal::PrincipalType_CodebaseExact ||
+			prinType == nsIPrincipal::PrincipalType_CodebaseRegex) {
+			* result = PR_FALSE;
+			return NS_OK;
+		}
+	}
+	PRUint32 codebaseCount = 0;
+	for (i=0; i < fromSize; i++) {
+		from->GetPrincipalArrayElement(i, & prin);
+		PRInt16 prinType = nsIPrincipal::PrincipalType_Unknown;
+		prin->GetType(& prinType);
+		if (prinType == nsIPrincipal::PrincipalType_CodebaseExact ||
+			prinType == nsIPrincipal::PrincipalType_CodebaseRegex)
+			codebaseCount++;
+	}
+	* result = (codebaseCount == 1) ? PR_TRUE : PR_FALSE;
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalManager::CheckMatchPrincipal(nsIScriptContext * context, nsIPrincipal * prin, PRInt32 callerDepth, PRBool * result)
+{
+	nsIPrincipalArray * prinArray = new nsPrincipalArray();
+	prinArray->AddPrincipalArrayElement(prin);
+	nsIPrincipalArray * classPrinArray = this->GetClassPrincipalsFromStack(context, callerDepth);
+	PRInt16 compType = 0;
+	prinArray->ComparePrincipalArray(classPrinArray,& compType);
+	* result = (compType != nsPrincipalArray::SetComparisonType_NoSubset) ? PR_TRUE : PR_FALSE;
+	return NS_OK;
+}
+nsIPrincipalArray *
+nsPrincipalManager::GetClassPrincipalsFromStack(PRInt32 callerDepth)
+{
+	return this->GetClassPrincipalsFromStack(NULL, callerDepth);
+}
+
+nsIPrincipalArray *
+nsPrincipalManager::GetClassPrincipalsFromStack(nsIScriptContext * context, PRInt32 callerDepth)
+{
+	nsIPrincipalArray * principalArray = theUnknownPrincipalArray;
+	int depth = 0;
+	struct NSJSJavaFrameWrapper * wrapper = NULL;
+	if (nsCapsNewNSJSJavaFrameWrapperCallback == NULL) return NULL;
+	wrapper = (* nsCapsNewNSJSJavaFrameWrapperCallback)((void *)context);
+	if (wrapper == NULL) return NULL;
+	for ((* nsCapsGetStartFrameCallback)(wrapper);(!(* nsCapsIsEndOfFrameCallback)(wrapper));) {
+		if ((* nsCapsIsValidFrameCallback)(wrapper)) {
+			if (depth >= callerDepth) {
+				principalArray = (nsIPrincipalArray *) (* nsCapsGetPrincipalArrayCallback)(wrapper);
+				break;
+			}
+		}
+		if (!(* nsCapsGetNextFrameCallback)(wrapper, &depth)) break;
+	}
+	(* nsCapsFreeNSJSJavaFrameWrapperCallback)(wrapper);
+	return principalArray;
+}
+
+nsIPrincipalArray *
+nsPrincipalManager::GetMyPrincipals(PRInt32 callerDepth)
+{
+	return nsPrincipalManager::GetMyPrincipals(NULL, callerDepth);
+}
+
+nsIPrincipalArray *
+nsPrincipalManager::GetMyPrincipals(nsIScriptContext * context, PRInt32 callerDepth)
+{
+	return (thePrincipalManager == NULL) 
+	? NULL : thePrincipalManager->GetClassPrincipalsFromStack(context, callerDepth);
+}
+
+
+
+nsIPrincipal * 
+nsPrincipalManager::GetPrincipalFromString(char * prinName)
+{
+	StringKey prinNameKey(prinName);
+	nsCaps_lock();
+	nsIPrincipal * prin = (nsIPrincipal *)itsPrinNameToPrincipalTable->Get(& prinNameKey);
+	nsCaps_unlock();
+	return prin;
+}
+
+void 
+nsPrincipalManager::AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin)
+{
+	char * prinName;
+	prin->ToString(& prinName);
+	if (prinName == NULL) return;
+	StringKey prinNameKey(prinName);
+	nsCaps_lock();
+	if (itsPrinNameToPrincipalTable->Get(& prinNameKey) == NULL)
+		itsPrinNameToPrincipalTable->Put(& prinNameKey, prin);
+	nsCaps_unlock();
+
+}
+
+void 
+nsPrincipalManager::RemoveFromPrincipalNameToPrincipalTable(nsIPrincipal * prin) 
+{
+	char * prinName;
+	prin->ToString(& prinName);
+	StringKey prinNameKey(prinName);
+	nsCaps_lock();
+	itsPrinNameToPrincipalTable->Remove(& prinNameKey);
+	nsCaps_unlock();
+}
+
+static PRBool 
+GetPrincipalString(nsHashKey * aKey, void * aData, void * closure) 
+{
+	/* Admin UI */
+	/* XXX: Ignore empty strings */
+	const char *string = ((StringKey *) aKey)->itsString;
+	gListOfPrincipals = (!gListOfPrincipals)
+	? PR_sprintf_append(gListOfPrincipals, "\"%s\"", string)
+	: PR_sprintf_append(gListOfPrincipals, ",\"%s\"", string);
+	return PR_TRUE;
+}
+
+const char * 
+nsPrincipalManager::GetAllPrincipalsString(void)
+{
+	/* Admin UI */
+	char *principalStrings=NULL;
+	if (itsPrinNameToPrincipalTable == NULL) return NULL;
+	nsCaps_lock();
+	gListOfPrincipals = NULL;
+	itsPrinNameToPrincipalTable->Enumerate(GetPrincipalString);
+	if (gListOfPrincipals) {
+	  principalStrings = PL_strdup(gListOfPrincipals);
+	  PR_Free(gListOfPrincipals);
+	}
+	gListOfPrincipals = NULL;
+	nsCaps_unlock();
+	return principalStrings;
+}
+
+nsPrincipalManager * 
+nsPrincipalManager::GetPrincipalManager(void)
+{
+	return thePrincipalManager;
+}
+
+void
+nsPrincipalManager::SetSystemPrincipal(nsIPrincipal * prin)
+{
+	theSystemPrincipal = prin;
+}
+
+NS_IMETHODIMP
+nsPrincipalManager::RegisterPrincipal(nsIPrincipal * prin)
+{
+	return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPrincipalManager::NewPrincipalArray(PRUint32 count, nsIPrincipalArray * * result)
+{
+	* result = (nsIPrincipalArray *) new nsPrincipalArray(count);
+	return NS_OK;
+}
+
+
+
+nsPrincipalManager::nsPrincipalManager(void)
+{
+	nsCaps_lock();
+	itsPrinNameToPrincipalTable = new nsHashtable();
+	nsCaps_unlock();
+}
+
+nsPrincipalManager::~nsPrincipalManager(void) {
+	nsCaps_lock();
+	if (itsPrinNameToPrincipalTable) delete itsPrinNameToPrincipalTable;
+	nsCaps_unlock();
+}
+
+PRBool 
+nsPrincipalManagerInitialize(void) 
+{
+	theUnsignedPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNSIGNED_PRINCIPAL_KEY);
+	theUnsignedPrincipalArray = new nsPrincipalArray();
+	theUnsignedPrincipalArray->AddPrincipalArrayElement(theUnsignedPrincipal);
+	theUnknownPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNKNOWN_PRINCIPAL_KEY);
+	theUnknownPrincipalArray = new nsPrincipalArray();
+	theUnknownPrincipalArray->AddPrincipalArrayElement(theUnknownPrincipal);
+	thePrincipalManager = new nsPrincipalManager();
+	return PR_TRUE;
+}
+
+PRBool nsPrincipalManager::theInited = nsPrincipalManagerInitialize();
--- a/caps/src/nsPrivilegeManager.cpp
+++ b/caps/src/nsPrivilegeManager.cpp
--- a/caps/src/nsTarget.cpp
+++ b/caps/src/nsTarget.cpp
@ -19,6 +19,7 @@
 #include "prlog.h"
 #include "nsTarget.h"
 #include "nsPrivilegeManager.h"
+#include "nsPrincipalManager.h"
 #include "nsUserTarget.h"
 #include "nsUserDialogHelper.h"
 #include "xp.h"
@ -705,9 +706,11 @@ nsTarget::RegisterTarget(void * context, nsITarget * * targetResult)
 		targetResult = & targ;
 		return NS_OK;
 	}
-	nsPrivilegeManager * mgr = nsPrivilegeManager::GetPrivilegeManager();
-	if ((mgr != NULL) && (context != NULL) && 
-		(!mgr->CheckMatchPrincipal(context, itsPrincipal, 1))) {
+	nsPrivilegeManager * privMgr = nsPrivilegeManager::GetPrivilegeManager();
+	nsPrincipalManager * prinMgr = nsPrincipalManager::GetPrincipalManager();
+	PRBool cmp = PR_FALSE;
+	prinMgr->CheckMatchPrincipal((nsIScriptContext *)context, itsPrincipal, 1,& cmp);
+	if ((privMgr != NULL) && (context != NULL) && !cmp) {
 		nsCaps_unlock();
 		targetResult = NULL;
 		return NS_OK;
@ -719,7 +722,7 @@ nsTarget::RegisterTarget(void * context, nsITarget * * targetResult)
 	theTargetRegistry->Put(&targKey, this); // hash table will "canonicalize" name
 	if (!theSystemTargetRegistry) theSystemTargetRegistry = new nsHashtable();
 	PRBool eq;
-	itsPrincipal->Equals(nsPrivilegeManager::GetSystemPrincipal(),&eq);
+	itsPrincipal->Equals(nsPrincipalManager::GetSystemPrincipal(),& eq);
 	if (eq) {
 		IntegerKey ikey(PL_HashString(itsName));
 		theSystemTargetRegistry->Put(&ikey, this); 
@ -753,7 +756,7 @@ nsITarget *
 nsTarget::FindTarget(char * name, nsIPrincipal * prin)
 {
 	PRBool eq;
-	prin->Equals(nsPrivilegeManager::GetSystemPrincipal(),&eq);
+	prin->Equals(nsPrincipalManager::GetSystemPrincipal(),&eq);
 	if (eq) return nsTarget::FindTarget(name);
 	/* name and principal combination uniquely identfies a target */
 	nsITarget * targ = new nsTarget((char *)name, prin, 
@ -769,13 +772,13 @@ nsTarget::FindTarget(char * name, nsIPrincipal * prin)
 //WHAT THE HELL IS VOID * DATA????????????????????????????????????????????????????
 // these methods are already done by the privilege manager, get them outa here
 nsIPrivilege * 
-nsTarget::CheckPrivilegeEnabled(nsPrincipalArray * prinArray, void * data)
+nsTarget::CheckPrivilegeEnabled(nsTargetArray * prinArray, void * data)
 {
 	return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
 }

 nsIPrivilege * 
-nsTarget::CheckPrivilegeEnabled(nsPrincipalArray* prinArray)
+nsTarget::CheckPrivilegeEnabled(nsTargetArray * prinArray)
 {
 	return this->CheckPrivilegeEnabled(prinArray, NULL);
 }
--- a/dom/src/base/nsJSSecurityManager.cpp
+++ b/dom/src/base/nsJSSecurityManager.cpp
@ -17,7 +17,7 @@
 */

 #include "nsJSSecurityManager.h"
-#include "nsICapsManager.h"
+#include "nsCCapsManager.h"
 #include "nsIServiceManager.h"
 #ifdef OJI
 #include "jvmmgr.h"
@ -50,8 +50,8 @@ nsJSSecurityManager::nsJSSecurityManager()

 nsJSSecurityManager::~nsJSSecurityManager()
 {
-  nsServiceManager::ReleaseService(kPrefServiceCID, mPrefs);
-  NS_IF_RELEASE(mCapsManager);
+	nsServiceManager::ReleaseService(kPrefServiceCID, mPrefs);
+	NS_IF_RELEASE(mCapsManager);
 }

 NS_IMETHODIMP
@ -84,18 +84,16 @@ NS_IMPL_RELEASE(nsJSSecurityManager)
 NS_IMETHODIMP
 nsJSSecurityManager::Init() 
 {
-  return nsServiceManager::GetService(kPrefServiceCID, nsIPref::GetIID(), (nsISupports**)&mPrefs);
+	return nsServiceManager::GetService(kPrefServiceCID, nsIPref::GetIID(), (nsISupports**)&mPrefs);
 }

 NS_IMETHODIMP
-nsJSSecurityManager::CheckScriptAccess(nsIScriptContext* aContext, void* aObj, 
-                                       const char* aProp, PRBool* aResult)
+nsJSSecurityManager::CheckScriptAccess(nsIScriptContext* aContext, void* aObj, const char* aProp, PRBool* aResult)
 {
 #ifdef SECURITY_ENABLED
  *aResult = PR_FALSE;
  JSContext* cx = (JSContext*)aContext->GetNativeContext();
  PRInt32 secLevel = CheckForPrivilege(cx, (char*)aProp, nsnull);
-
  switch (secLevel) {
    case SCRIPT_SECURITY_ALL_ACCESS:
      *aResult = PR_TRUE;
@ -118,12 +116,8 @@ nsJSSecurityManager::CheckScriptAccess(nsIScriptContext* aContext, void* aObj,
 void
 nsJSSecurityManager::InitCaps(void)
 {
-  if (nsnull == mCapsManager) {
-    return;
-  }
-
-  nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID,
-                                              (nsISupports**)&mCapsManager);
+  if (nsnull == mCapsManager) return;
+  nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID, (nsISupports**)& mCapsManager);
  if ((NS_OK == res) && (nsnull != mCapsManager)) {
    mCapsManager->InitializeFrameWalker(this);
  }
@ -496,7 +490,7 @@ nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget)
  nsPrivilegeTable * annotation;
  JSStackFrame *fp;
  void *annotationRef;
-  void *principalArray = nsnull;
+  nsIPrincipalArray * principalArray = nsnull;
 #ifdef OJI
  JSStackFrame *pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack();
  JSStackFrame *pFrameToEndLooking   = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
@ -522,40 +516,30 @@ nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget)
  //NS_ASSERTION(aTarget < sizeof(targetStrings)/sizeof(targetStrings[0]), "");

  /* Find annotation */
-  annotationRef = nsnull;
-  principalArray = nsnull;
-  fp = pFrameToStartLooking;
-  while ((fp = JS_FrameIterator(aCx, &fp)) != pFrameToEndLooking) {
-    void *current;
-    if (JS_GetFrameScript(aCx, fp) == nsnull)
-        continue;
-    current = JS_GetFramePrincipalArray(aCx, fp);
-    if (current == nsnull) {
-        return PR_FALSE;
-    }
-    annotationRef = (void *) JS_GetFrameAnnotation(aCx, fp);
-    if (annotationRef) {
-      if (nsnull != principalArray) {
-        PRBool canExtend;
-        mCapsManager->CanExtendTrust(current, principalArray, &canExtend);
-        if (!canExtend) {
-            return PR_FALSE;
-        }
-        break;
-      }
-    }
-    if (nsnull != principalArray) {
-      mCapsManager->IntersectPrincipalArray(principalArray, current, &principalArray);
-    }
-    else {
-      principalArray =  current;
-    }
-  }
-
-  if (annotationRef) {
-    annotation = (nsPrivilegeTable *)annotationRef;
-  } 
-  else {
+	annotationRef = nsnull;
+	principalArray = nsnull;
+	fp = pFrameToStartLooking;
+	while ((fp = JS_FrameIterator(aCx, &fp)) != pFrameToEndLooking) {
+		nsIPrincipalArray * current;
+		if (JS_GetFrameScript(aCx, fp) == nsnull) continue;
+		current = (nsIPrincipalArray *)JS_GetFramePrincipalArray(aCx, fp);
+		if (current == nsnull) return PR_FALSE;
+		annotationRef = (void *) JS_GetFrameAnnotation(aCx, fp);
+		if (annotationRef) {
+			if (principalArray != nsnull) {
+				PRBool canExtend;
+				nsIPrincipalManager * prinMan;
+				mCapsManager->GetPrincipalManager(& prinMan);
+				prinMan->CanExtendTrust(current, principalArray, & canExtend);
+				if (!canExtend) return PR_FALSE;
+				break;
+			}
+		}
+		if (principalArray != nsnull) current->IntersectPrincipalArray(principalArray,& principalArray);
+		else principalArray =  current;
+	}
+	if (annotationRef) annotation = (nsPrivilegeTable *)annotationRef;
+	else {
 #ifdef OJI
  /*
   * Call from Java into JS. Just call the Java routine for checking
@ -1004,8 +988,8 @@ nsJSSecurityManager::SetDocumentDomain(JSContext *aCx, JSPrincipals *aPrincipals
    return NS_ERROR_FAILURE;
  }
  if (data->principalsArrayRef != nsnull) {
-    mCapsManager->FreePrincipalArray((void*)(data->principalsArrayRef));
-    data->principalsArrayRef = nsnull;
+	((nsIPrincipalArray *)data->principalsArrayRef)->FreePrincipalArray();
+	data->principalsArrayRef = nsnull;
  }
  *aReturn = PR_TRUE;
  return NS_OK;
@ -1266,12 +1250,10 @@ DestroyJSPrincipals(JSContext *aCx, JSPrincipals *aPrincipals)
    }
    if (data->principalsArrayRef != nsnull) {
      /* XXX: raman: Should we free up the principals that are in that array also? */
-      nsICapsManager* capsMan;
-      nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID,
-                                                  (nsISupports**)&capsMan);
-
+      nsICapsManager * capsMan;
+      nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID, (nsISupports**)&capsMan);
      if ((NS_OK == res) && (nsnull != capsMan)) {
-        capsMan->FreePrincipalArray((void*)(data->principalsArrayRef));
+		((nsIPrincipalArray *)data->principalsArrayRef)->FreePrincipalArray();
        NS_RELEASE(capsMan);
      }
    }
@ -1287,8 +1269,7 @@ DestroyJSPrincipals(JSContext *aCx, JSPrincipals *aPrincipals)

    if (data->zip)
      //ns_zip_close(data->zip);
-    if (data->url)
-      NS_RELEASE(data->url);
+    if (data->url) NS_RELEASE(data->url);
    PR_Free(data);
  }
 }
@ -1300,18 +1281,16 @@ GetPrincipalArray(JSContext *aCx, struct JSPrincipals *aPrincipals)
  nsJSPrincipalsData *data = (nsJSPrincipalsData *)aPrincipals;

  //Get array of principals 
-  if (data->principalsArrayRef == nsnull) {
-    nsICapsManager* capsMan;
-    nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID,
-                                                (nsISupports**)&capsMan);
-
-    if ((NS_OK == res) && (nsnull != capsMan)) {
-      capsMan->CreateMixedPrincipalArray(nsnull, nsnull, 
-                                         aPrincipals->codebase,
-                                         (void**)&(data->principalsArrayRef));
-      NS_RELEASE(capsMan);
-    }
-  }
+	if (data->principalsArrayRef == nsnull) {
+		nsICapsManager * capsMan;
+		nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID, (nsISupports**)& capsMan);
+		if ((NS_OK == res) && (nsnull != capsMan)) {
+			nsIPrincipalManager * prinMan;
+			capsMan->GetPrincipalManager(& prinMan);
+//			prinMan->CreateMixedPrincipalArray(nsnull, nsnull, aPrincipals->codebase, (nsIPrincipalArray * *)&(data->principalsArrayRef));
+			NS_RELEASE(capsMan);
+		}
+	}

  return data->principalsArrayRef;
 }
@ -1329,20 +1308,20 @@ GlobalPrivilegesEnabled(JSContext *aCx, JSPrincipals *aPrincipals)
 void
 nsJSSecurityManager::PrintPrincipalsToConsole(JSContext *aCx, JSPrincipals *aPrincipals)
 {
-  void *principalsArray;
-  nsIPrincipal *principal;
+	nsIPrincipalArray * principalsArray;
+	nsIPrincipal *principal;
 //cd ..  char *vendor;
  PRUint32 i, count;
  static char emptyStr[] = "<empty>\n";
-  principalsArray = aPrincipals->getPrincipalArray(aCx, aPrincipals);
+  principalsArray = (nsIPrincipalArray *)aPrincipals->getPrincipalArray(aCx, aPrincipals);
  if (principalsArray == nsnull) {
    PrintToConsole(emptyStr);
    return;
  }
  PrintToConsole("[\n");
-  mCapsManager->GetPrincipalArraySize(principalsArray, &count);
-  for (i = 0; i < count; i++) {
-    mCapsManager->GetPrincipalArrayElement(principalsArray, i, &principal);
+	principalsArray->GetPrincipalArraySize(& count);
+	for (i = 0; i < count; i++) {
+		principalsArray->GetPrincipalArrayElement(i, & principal);
 //    mCapsManager->GetVendor(principal, &vendor);
 //    if (vendor == nsnull) {
 //      JS_ReportOutOfMemory(aCx);
@ -1362,9 +1341,9 @@ nsJSSecurityManager::InvalidateCertPrincipals(JSContext *aCx, JSPrincipals *aPri
  if (data->principalsArrayRef) {
    PrintToConsole("Invalidating certificate principals in ");
    PrintPrincipalsToConsole(aCx, aPrincipals);
-    mCapsManager->FreePrincipalArray((void*)(data->principalsArrayRef));
-    data->principalsArrayRef = nsnull;
-  }
+		((nsIPrincipalArray *)data->principalsArrayRef)->FreePrincipalArray();
+		data->principalsArrayRef = nsnull;
+	}
  data->signedness = HAS_UNSIGNED_SCRIPTS;
 }

@ -1397,6 +1376,9 @@ nsJSSecurityManager::FindOriginURL(JSContext *aCx, JSObject *aGlobal)
 PRBool
 nsJSSecurityManager::CanExtendTrust(JSContext *aCx, void *aFrom, void *aTo)
 {
+// this code is already taken care of by nsPrivilegeManager, there is no need for the
+//JSContext object, this needs to be reviewed and modified, i don't think this method
+//should exist at all in this class
  if (aFrom == nsnull || aTo == nsnull) {
    return PR_FALSE;
  }
@ -1404,25 +1386,26 @@ nsJSSecurityManager::CanExtendTrust(JSContext *aCx, void *aFrom, void *aTo)
    return PR_TRUE;
  }

-  PRBool canExtend;
-  mCapsManager->CanExtendTrust(aFrom, aTo, &canExtend);
-
-  return canExtend;
+	PRBool canExtend;
+	nsIPrincipalManager * prinMan;
+	mCapsManager->GetPrincipalManager(& prinMan);
+	prinMan->CanExtendTrust((nsIPrincipalArray *)aFrom,(nsIPrincipalArray *) aTo, &canExtend);
+	return canExtend;
 }

 PRUint32
 nsJSSecurityManager::GetPrincipalsCount(JSContext *aCx, JSPrincipals *aPrincipals)
 {
-    void *principalArray;
+// again, why???????
+// these methods are handled by nsIPrincipalArray, get rid of duplicates
+    nsIPrincipalArray * principalArray;
    PRUint32 count;

-    principalArray = aPrincipals->getPrincipalArray(aCx, aPrincipals);
-    if (nsnull == principalArray) {
-      return 0;
-    }
-
-    mCapsManager->GetPrincipalArraySize(principalArray, &count);
-    return count;
+	principalArray = (nsIPrincipalArray *)aPrincipals->getPrincipalArray(aCx, aPrincipals);
+	// this check is already done in nsPrincipalArray
+//    if (nsnull == principalArray) return 0;
+	principalArray->GetPrincipalArraySize(& count);
+	return count;
 }

 char *
@ -1847,8 +1830,7 @@ nsJSSecurityManager::CheckEarlyAccess(JSContext* aCx, JSPrincipals *aPrincipals)
 * "principals". Return true iff the intersection is nonnsnull.
 */
 PRBool
-nsJSSecurityManager::IntersectPrincipals(JSContext *aCx, JSPrincipals *aPrincipals,
-                     JSPrincipals *aNewPrincipals)
+nsJSSecurityManager::IntersectPrincipals(JSContext *aCx, JSPrincipals *aPrincipals, JSPrincipals *aNewPrincipals)
 {
  nsJSPrincipalsData* data = (nsJSPrincipalsData*)aPrincipals;
  nsJSPrincipalsData* newData = (nsJSPrincipalsData*)aNewPrincipals;
@ -1872,23 +1854,19 @@ nsJSSecurityManager::IntersectPrincipals(JSContext *aCx, JSPrincipals *aPrincipa
    return PR_TRUE;
  }
  // Compute the intersection.
-  void* principalArray = aPrincipals->getPrincipalArray(aCx, aPrincipals);
-  void* newPrincipalArray = aNewPrincipals->getPrincipalArray(aCx, aNewPrincipals);
-
+	nsIPrincipalArray * principalArray = (nsIPrincipalArray *)aPrincipals->getPrincipalArray(aCx, aPrincipals);
+	nsIPrincipalArray * newPrincipalArray = (nsIPrincipalArray *)aNewPrincipals->getPrincipalArray(aCx, aNewPrincipals);
  if (principalArray == nsnull || newPrincipalArray == nsnull) {
    InvalidateCertPrincipals(aCx, aPrincipals);
    return PR_TRUE;
  }

-  void* intersectArray;
-  mCapsManager->IntersectPrincipalArray(principalArray, 
-                                         newPrincipalArray, 
-                                         &intersectArray);
-
-  if (nsnull == intersectArray) {
-    InvalidateCertPrincipals(aCx, aPrincipals);
-    return PR_TRUE;
-  }
+	nsIPrincipalArray * intersectArray;
+	principalArray->IntersectPrincipalArray(newPrincipalArray, & intersectArray);
+	if (nsnull == intersectArray) {
+		InvalidateCertPrincipals(aCx, aPrincipals);
+		return PR_TRUE;
+	}

  data->principalsArrayRef = intersectArray;
  return PR_TRUE;
@ -1907,13 +1885,12 @@ nsJSSecurityManager::PrincipalsEqual(JSContext *aCx, JSPrincipals *aPrinA, JSPri
    if (dataA->signedness != dataB->signedness)
        return PR_FALSE;

-    void* arrayA = aPrinA->getPrincipalArray(aCx, aPrinA);
-    void* arrayB = aPrinB->getPrincipalArray(aCx, aPrinB);
+	nsIPrincipalArray * arrayA = (nsIPrincipalArray *)aPrinA->getPrincipalArray(aCx, aPrinA);
+	nsIPrincipalArray * arrayB = (nsIPrincipalArray *)aPrinB->getPrincipalArray(aCx, aPrinB);

-    PRInt16 comparisonType;
-    mCapsManager->ComparePrincipalArray(arrayA, arrayB, & comparisonType);
-
-    return (PRBool)(nsPrivilegeManager::SetComparisonType_Equal == comparisonType);
+	PRInt16 comparisonType;
+	arrayA->ComparePrincipalArray(arrayB, & comparisonType);
+	return (PRBool)(nsIPrincipalArray::SetComparisonType_Equal == comparisonType);
 }

 /*******************************************************************************
@ -1955,24 +1932,20 @@ nsJSSecurityManager::NewJSFrameIterator(void *aContext)
 PRBool
 nsJSSecurityManager::NextJSJavaFrame(struct nsJSFrameIterator *aIterator)
 {
-    void *current;
-    void *previous;
-
-    if (aIterator->fp == 0) {
-        return PR_FALSE;
-    }
-
-    current = JS_GetFramePrincipalArray(aIterator->cx, aIterator->fp);
+	nsIPrincipalArray * current;
+	nsIPrincipalArray * previous;
+    if (aIterator->fp == 0) return PR_FALSE;
+    current = (nsIPrincipalArray *)JS_GetFramePrincipalArray(aIterator->cx, aIterator->fp);
    if (current == nsnull) {
        if (JS_GetFrameScript(aIterator->cx, aIterator->fp))
            aIterator->sawEmptyPrincipals = PR_TRUE;
    } else {
-        void* arrayIntersect;
+        nsIPrincipalArray * arrayIntersect;
        if (aIterator->intersect) {
-            previous = aIterator->intersect;
-            mCapsManager->IntersectPrincipalArray(current, previous, &arrayIntersect);
+            previous = (nsIPrincipalArray *)aIterator->intersect;
+            current->IntersectPrincipalArray(previous,& arrayIntersect);
            /* XXX: raman: should we do a free the previous principal Array */
-            mCapsManager->FreePrincipalArray((void*)(aIterator->intersect));
+            ((nsIPrincipalArray *)aIterator->intersect)->FreePrincipalArray();
        }
        aIterator->intersect = current;
    }
@ -1985,14 +1958,13 @@ nsJSSecurityManager::NextJSFrame(struct nsJSFrameIterator **aIterator)
 {
  nsJSFrameIterator *iterator = *aIterator;
  PRBool result = NextJSJavaFrame(iterator);
-  if (!result) {
-    if (iterator->intersect) {
-        mCapsManager->FreePrincipalArray((void*)(iterator->intersect));
-    }
-    PR_Free(iterator);
-    *aIterator = nsnull;
-  }
-  return result;
+	if (!result) {
+		if (iterator->intersect) 
+			((nsIPrincipalArray *)(* aIterator)->intersect)->FreePrincipalArray();
+		PR_Free(iterator);
+		* aIterator = nsnull;
+	}
+	return result;
 }

 /**
--- a/dom/src/base/nsJSSecurityManager.h
+++ b/dom/src/base/nsJSSecurityManager.h
@ -24,8 +24,7 @@
 #include "nsIXPCSecurityManager.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsICapsSecurityCallbacks.h"
-
-class nsICapsManager;
+#include "nsICapsManager.h"
 class nsIPref;

 typedef struct nsJSFrameIterator {
@ -181,7 +180,7 @@ private:
 	
 	//Local vars
 	nsIPref* mPrefs;
-	nsICapsManager* mCapsManager;
+	nsICapsManager * mCapsManager;
 };

 //XXX temporarily bit flags for determining what we want to parse from the URL