Bug#34746,34853,40077: Implementation for new method for checking permission to run java.

2024-10-14 05:45:37 +00:00 · 2000-08-13 14:05:18 +00:00 · 2000-08-13 14:05:18 +00:00 · 1c64747083
commit 1c64747083
parent 63d650ea5d
1 changed files with 76 additions and 0 deletions
--- a/modules/oji/src/nsJVMManager.cpp
+++ b/modules/oji/src/nsJVMManager.cpp
@ -47,6 +47,16 @@
 #include "nsIPref.h"
 #include "lcglue.h"

+#include "nspr.h"
+#include "plstr.h"
+#include "nsCOMPtr.h"
+#include "nsJSPrincipals.h"
+#include "nsSystemPrincipal.h"
+#include "nsCodebasePrincipal.h"
+#include "nsCertificatePrincipal.h"
+#include "nsIScriptSecurityManager.h"
+//#include "nsScriptSecurityManager.h"
+
 extern "C" int XP_PROGRESS_STARTING_JAVA;
 extern "C" int XP_PROGRESS_STARTING_JAVA_DONE;
 extern "C" int XP_JAVA_NO_CLASSES;
@ -785,6 +795,72 @@ nsJVMManager::IsLiveConnectEnabled(void)
 	return PR_TRUE;
 }

+/*
+ * Find out if a given signer has been granted all permissions. This
+ * is a precondition to loading a signed applet in trusted mode.
+ * The certificate from which the fingerprint and commonname have
+ * be derived, should have been verified before this method is 
+ * called.
+ */
+
+NS_METHOD
+nsJVMManager::IsAllPermissionGranted(
+    const char * lastFP,
+    const char * lastCN, 
+    const char * rootFP,
+    const char * rootCN, 
+    PRBool * isGranted)
+{
+    nsresult rv      = NS_OK;
+    PRBool   success = PR_FALSE;
+
+    nsIPrincipal* pIPrincipal = NULL;
+  
+    // Get the Script Security Manager.
+
+    NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
+                  NS_SCRIPTSECURITYMANAGER_PROGID, &rv)
+    if (NS_FAILED(rv) || !secMan) return FALSE;
+
+
+    /*
+     * WARNING: we need to add code here to check if the certificate is
+     * trust worthy. Without this, the user may be granting rights to a
+     * misrepresented signer.
+     */
+
+
+    /*
+     * END WARNING.
+     */
+
+    // Ask the Script Security Manager to make a Certificate Principal.
+    // The fingerprint is a one way hash of this certificate. It is used
+    // as the key to store the principal in the principal database.
+
+    rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal);
+    if (NS_FAILED(rv)) return PR_FALSE;
+
+    // Get the nsICertificatePrincipal interface so that we can set the
+    // common name. The common name is a user meaningful string.
+    
+    nsCOMPtr<nsICertificatePrincipal> pICertificate = do_QueryInterface(pIPrincipal, &rv);
+    if (NS_FAILED(rv) || !pICertificate) return PR_FALSE;
+
+    // Set the common name.
+
+    rv = pICertificate->SetCommonName(lastCN);
+
+    PRInt16 ret;
+
+    secMan->RequestCapability(pIPrincipal,"AllPermission",&ret);
+
+    PR_ASSERT(isGranted);
+    *isGranted = (ret!=0);
+
+    return PR_TRUE;
+}
+
 ////////////////////////////////////////////////////////////////////////////////

 nsresult