* Fix the following bugs by tightening the default security policy.

17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com

caps/idl/nsICertificatePrincipal.idl

@@ -28,7 +28,7 @@
 %}
 
 [uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
-interface nsICertificatePrincipal : nsIPrincipal {
+interface nsICertificatePrincipal : nsISupports {
 	void GetPublicKey(out string publicKey);
 	void GetCompanyName(out string ppCompanyName);
 	void GetCertificateAuthority(out string ppCertAuthority);

caps/idl/nsICodebasePrincipal.idl

@@ -29,8 +29,10 @@ interface nsIURI;
 %}
 
 [uuid(829fe440-25e1-11d2-8160-006008119d7a)]
-interface nsICodebasePrincipal : nsIPrincipal {
+interface nsICodebasePrincipal : nsISupports {
+
 	readonly attribute nsIURI URI;
+
 	boolean SameOrigin(in nsIPrincipal other);
 };
 

caps/idl/nsIPrincipal.idl

@@ -32,10 +32,31 @@ struct JSPrincipals;
 
 [uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
 interface nsIPrincipal : nsISupports {
+
+	const short ENABLE_UNKNOWN               = 0;
+	const short ENABLE_GRANTED				 = 1;
+	const short ENABLE_DENIED				 = 2;
+	const short ENABLE_WITH_USER_PERMISSION  = 3;
+
 	void ToString(out string result);
+
 	void Equals(in nsIPrincipal other, out boolean result);
+
+	unsigned long HashValue();
+
 	void GetJSPrincipals(out JSPrincipals jsprin);
-	void CanAccess(in string capability, out boolean result);
+
+    short CanEnableCapability(in string capability);
+
+    void SetCanEnableCapability(in string capability, in short canEnable);
+
+    boolean IsCapabilityEnabled(in string capability, in voidStar annotation);
+	
+	void EnableCapability(in string capability, inout voidStar annotation);
+
+    void RevertCapability(in string capability, inout voidStar annotation);
+
+    void DisableCapability(in string capability, inout voidStar annotation);
 };
 
 

caps/idl/nsIScriptSecurityManager.idl

@@ -56,13 +56,6 @@ interface nsIScriptSecurityManager : nsISupports
 
     boolean CanExecuteFunction(in voidStar jsFunction);
 
-    boolean CanEnableCapability(in nsIPrincipal principal, 
-								in string capability);
-
-    void SetCanEnableCapability(in nsIPrincipal principal, 
-								in string capability,
-                                in boolean canEnable);
-
     boolean IsCapabilityEnabled(in string capability);
 	
 	void EnableCapability(in string capability);

caps/include/MANIFEST

@@ -1,3 +1,4 @@
+nsBasePrincipal.h
 nsCertificatePrincipal.h
 nsCodebasePrincipal.h
 nsJSPrincipals.h

caps/include/Makefile.in

@@ -29,6 +29,7 @@ include $(DEPTH)/config/autoconf.mk
 MODULE		= caps
 
 EXPORTS		= \
+		nsBasePrincipal.h \
 		nsSystemPrincipal.h \
 		nsCertificatePrincipal.h \
 		nsCodebasePrincipal.h \

caps/include/makefile.win

@@ -33,6 +33,7 @@
 MODULE=caps 
 DEPTH=..\..
 EXPORTS=                           \
+        nsBasePrincipal.h          \
         nsCertificatePrincipal.h   \
         nsCodebasePrincipal.h      \
         nsJSPrincipals.h           \

caps/include/nsBasePrincipal.h

@@ -0,0 +1,99 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+
+/* Shared implementation code for principals. */
+
+#ifndef _NS_BASE_PRINCIPAL_H_
+#define _NS_BASE_PRINCIPAL_H_
+
+#include "jsapi.h"
+#include "nsJSPrincipals.h"
+#include "nsVoidArray.h"
+#include "nsHashtable.h"
+
+class nsBasePrincipal: public nsIPrincipal {
+public:
+          
+    nsBasePrincipal();
+    
+    virtual ~nsBasePrincipal(void);
+
+    NS_IMETHOD
+    GetJSPrincipals(JSPrincipals **jsprin);
+
+    NS_IMETHOD 
+    CanEnableCapability(const char *capability, PRInt16 *result);
+
+    NS_IMETHOD 
+    SetCanEnableCapability(const char *capability, PRInt16 canEnable);
+
+    NS_IMETHOD 
+    IsCapabilityEnabled(const char *capability, void *annotation, 
+                        PRBool *result);
+
+    NS_IMETHOD 
+    EnableCapability(const char *capability, void **annotation);
+
+    NS_IMETHOD 
+    RevertCapability(const char *capability, void **annotation);
+
+    NS_IMETHOD 
+    DisableCapability(const char *capability, void **annotation);
+    
+protected:
+    enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
+
+    NS_IMETHOD 
+    SetCapability(const char *capability, void **annotation, 
+                  AnnotationValue value);
+
+    nsJSPrincipals mJSPrincipals;
+    nsVoidArray mAnnotations;
+    nsHashtable *mCapabilities;
+};
+
+// special AddRef/Release to unify reference counts between XPCOM 
+//  and JSPrincipals
+
+#define NSBASEPRINCIPALS_ADDREF(className)                                  \
+NS_IMETHODIMP_(nsrefcnt)                                                    \
+className::AddRef(void)                                                     \
+{                                                                           \
+    NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt");              \
+    NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");\
+    ++mJSPrincipals.refcount;                                               \
+    NS_LOG_ADDREF(this, mJSPrincipals.refcount, #className, sizeof(*this)); \
+    return mJSPrincipals.refcount;                                          \
+}
+
+#define NSBASEPRINCIPALS_RELEASE(className)                                 \
+NS_IMETHODIMP_(nsrefcnt)                                                    \
+className::Release(void)                                                    \
+{                                                                           \
+    NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt");              \
+    NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");            \
+    --mJSPrincipals.refcount;                                               \
+    NS_LOG_RELEASE(this, mJSPrincipals.refcount, "nsCodebasePrincipal");    \
+    if (mJSPrincipals.refcount == 0) {                                      \
+        NS_DELETEXPCOM(this);                                               \
+        return 0;                                                           \
+    }                                                                       \
+    return mJSPrincipals.refcount;                                          \
+}
+
+#endif // _NS_BASE_PRINCIPAL_H_

caps/include/nsCertificatePrincipal.h

@@ -14,29 +14,42 @@
  *
  * The Initial Developer of the Original Code is Netscape
  * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Copyright (C) 1998 Netscape Communications Corporation.  All 
  * Rights Reserved.
  *
- * Contributor(s): 
+ * Contributor(s):
  */
-/*describes principals for use with signed scripts*/
+
+/* describes principals for use with signed scripts */
+
 #ifndef _NS_CERTIFICATE_PRINCIPAL_H_
 #define _NS_CERTIFICATE_PRINCIPAL_H_
 #include "jsapi.h"
 #include "nsICertificatePrincipal.h"
+#include "nsBasePrincipal.h"
 
 #define NS_CERTIFICATEPRINCIPALMANAGER_CID \
 { 0x7ee2a4c0, 0x4b91, 0x11d3, \
 { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
 
-class nsCertificatePrincipal : public nsICertificatePrincipal {
+class nsCertificatePrincipal : public nsICertificatePrincipal, nsBasePrincipal {
 public:
 
     NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPALMANAGER_CID)
     NS_DECL_ISUPPORTS
-    NS_DECL_NSIPRINCIPAL
     NS_DECL_NSICERTIFICATEPRINCIPAL
 
+    NS_IMETHOD ToString(char **result);
+
+    NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
+
+    NS_IMETHOD HashValue(PRUint32 *result);
+
+    NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
+
+    NS_IMETHOD SetCanEnableCapability(const char *capability, 
+                                      PRInt16 canEnable);
+
 	nsCertificatePrincipal(PRInt16 type, const char * key);
 	nsCertificatePrincipal(PRInt16 type, const unsigned char ** certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts);
 	virtual ~nsCertificatePrincipal(void);

caps/include/nsCodebasePrincipal.h

@@ -19,28 +19,37 @@
  *
  * Contributor(s): 
  */
-/* describes principals by their orginating uris*/
+
+/* describes principals by their orginating URIs */
+
 #ifndef _NS_CODEBASE_PRINCIPAL_H_
 #define _NS_CODEBASE_PRINCIPAL_H_
 
 #include "jsapi.h"
+#include "nsBasePrincipal.h"
 #include "nsICodebasePrincipal.h"
 #include "nsIURI.h"
-#include "nsJSPrincipals.h"
 
 #define NS_CODEBASEPRINCIPAL_CID \
 { 0x7ee2a400, 0x0b91, 0xaad3, \
 { 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
 
-class nsCodebasePrincipal : public nsICodebasePrincipal {
+class nsCodebasePrincipal : public nsBasePrincipal, nsICodebasePrincipal {
 public:
     
     NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
         
     NS_DECL_ISUPPORTS
-    NS_DECL_NSIPRINCIPAL
     NS_DECL_NSICODEBASEPRINCIPAL
     
+    NS_IMETHOD ToString(char **result);
+
+    NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
+
+    NS_IMETHOD HashValue(PRUint32 *result);
+
+    NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
+
     nsCodebasePrincipal();
     
     NS_IMETHOD
@@ -50,7 +59,6 @@ public:
     
 protected:
     nsIURI *mURI;
-    nsJSPrincipals mJSPrincipals;
 };
 
 #endif // _NS_CODEBASE_PRINCIPAL_H_

caps/include/nsScriptSecurityManager.h

@@ -24,12 +24,11 @@
 
 #include "nsIScriptSecurityManager.h"
 #include "nsIPrincipal.h"
-#include "nsIURI.h"
 #include "jsapi.h"
-#include "jsdbgapi.h"
-#include "nsIScriptContext.h"
 #include "nsIXPCSecurityManager.h"
-#include "nsIScriptExternalNameSet.h"
+#include "nsHashtable.h"
+
+enum { DOMPROP_MAX=892 };
 
 #define NS_SCRIPTSECURITYMANAGER_CID \
 { 0x7ee2a4c0, 0x4b93, 0x17d3, \
@@ -51,6 +50,12 @@ public:
     static nsScriptSecurityManager *
     GetScriptSecurityManager();
     
+    enum PolicyType {
+        POLICY_TYPE_NONE = 0,
+        POLICY_TYPE_DEFAULT = 1,
+        POLICY_TYPE_PERDOMAIN = 2
+    };
+
 private:
     NS_IMETHOD
     GetSubjectPrincipal(JSContext *aCx, nsIPrincipal **result);
@@ -62,10 +67,11 @@ private:
     CheckPermissions(JSContext *aCx, JSObject *aObj, const char *aCapability, 
                      PRBool* result);
     PRInt32 
-    GetSecurityLevel(JSContext *cx, char *prop_name, int priv_code);
+    GetSecurityLevel(JSContext *cx, char *prop_name, PolicyType type, 
+                     PRBool isWrite, char **capability);
 
     char *
-    AddSecPolicyPrefix(JSContext *cx, char *pref_str);
+    AddSecPolicyPrefix(JSContext *cx, char *pref_str, PolicyType type);
 
     char *
     GetSitePolicy(const char *org);
@@ -73,19 +79,12 @@ private:
     NS_IMETHOD
     CheckXPCPermissions(JSContext *cx);
 
+    NS_IMETHOD
+    InitFromPrefs();
+
     nsIPrincipal *mSystemPrincipal;
+    nsSupportsHashtable *mPrincipals;
+    PolicyType domPropertyPolicyTypes[DOMPROP_MAX];
 };
 
-class nsSecurityNameSet : public nsIScriptExternalNameSet 
-{
-public:
-    nsSecurityNameSet();
-    virtual ~nsSecurityNameSet();
-    
-    NS_DECL_ISUPPORTS
-    NS_IMETHOD InitializeClasses(nsIScriptContext* aScriptContext);
-    NS_IMETHOD AddNameSet(nsIScriptContext* aScriptContext);
-};
-
-
 #endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/

caps/include/nsSystemPrincipal.h

@@ -19,38 +19,49 @@
  *
  * Contributor(s): 
  */
+
 /* The privileged system principal. */
+
 #ifndef _NS_SYSTEM_PRINCIPAL_H_
 #define _NS_SYSTEM_PRINCIPAL_H_
 
-#include "jsapi.h"
-#include "nsIPrincipal.h"
-#include "nsIURI.h"
-#include "nsJSPrincipals.h"
+#include "nsBasePrincipal.h"
 
 // TODO: get new cid
 #define NS_SYSTEMPRINCIPAL_CID \
 { 0x7ee2a400, 0x0c99, 0xaad3, \
 { 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
 
-class nsSystemPrincipal : public nsIPrincipal {
+class nsSystemPrincipal : public nsBasePrincipal {
 public:
     
-    //NS_DEFINE_STATIC_CID_ACCESSOR(NS_PRINCIPAL_CID)
-        
     NS_DECL_ISUPPORTS
-    NS_DECL_NSIPRINCIPAL
     
+    NS_IMETHOD ToString(char **result);
+
+    NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
+
+    NS_IMETHOD HashValue(PRUint32 *result);
+
+    NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
+
+    NS_IMETHOD SetCanEnableCapability(const char *capability, 
+                                      PRInt16 canEnable);
+
+    NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation, 
+                                   PRBool *result);
+
+    NS_IMETHOD EnableCapability(const char *capability, void * *annotation);
+
+    NS_IMETHOD RevertCapability(const char *capability, void * *annotation);
+
+    NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
+
     nsSystemPrincipal();
     
-    NS_IMETHOD
-    Init();
+    NS_IMETHOD Init();
 
     virtual ~nsSystemPrincipal(void);
-
-private:
-    nsJSPrincipals mJSPrincipals;
-
 };
 
 #endif // _NS_SYSTEM_PRINCIPAL_H_

caps/src/Makefile.in

@@ -31,6 +31,7 @@ LIBRARY_NAME	= caps
 IS_COMPONENT	= 1
 
 CPPSRCS		= \
+		nsBasePrincipal.cpp \
 		nsSystemPrincipal.cpp \
 		nsCertificatePrincipal.cpp \
 		nsCodebasePrincipal.cpp \

caps/src/makefile.win

@@ -56,6 +56,7 @@ C_OBJS=                                     \
      $(NULL)
 
 CPP_OBJS=                                    \
+    .\$(OBJDIR)\nsBasePrincipal.obj          \
     .\$(OBJDIR)\nsCertificatePrincipal.obj   \
     .\$(OBJDIR)\nsCodebasePrincipal.obj      \
     .\$(OBJDIR)\nsJSPrincipals.obj           \

caps/src/nsBasePrincipal.cpp

@@ -0,0 +1,136 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.0 (the "NPL"); you may not use this file except in
+ * compliance with the NPL.  You may obtain a copy of the NPL at
+ * http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the NPL is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+ * for the specific language governing rights and limitations under the
+ * NPL.
+ *
+ * The Initial Developer of this code under the NPL is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
+ * Reserved.
+ */
+
+#include "nsBasePrincipal.h"
+#include "nsString.h"
+
+//////////////////////////
+
+
+nsBasePrincipal::nsBasePrincipal()
+    : mCapabilities(nsnull)
+{
+}
+
+PR_STATIC_CALLBACK(PRBool)
+deleteElement(void* aElement, void *aData)
+{
+    nsHashtable *ht = (nsHashtable *) aElement;
+    delete ht;
+    return PR_TRUE;
+}
+
+nsBasePrincipal::~nsBasePrincipal(void)
+{
+    mAnnotations.EnumerateForwards(deleteElement, nsnull);
+    delete mCapabilities;
+}
+
+NS_IMETHODIMP
+nsBasePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
+{
+    if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
+        mJSPrincipals.nsIPrincipalPtr = this;
+        // No need for a ADDREF since it is a self-reference
+    }
+    *jsprin = &mJSPrincipals;
+    JSPRINCIPALS_HOLD(cx, *jsprin);
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
+{
+    if (!mCapabilities) {
+        *result = nsIPrincipal::ENABLE_UNKNOWN;
+        return NS_OK;
+    }
+    nsStringKey key(capability);
+    *result = (PRInt16) mCapabilities->Get(&key);
+    if (!*result)
+        *result = nsIPrincipal::ENABLE_UNKNOWN;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsBasePrincipal::SetCanEnableCapability(const char *capability, 
+                                        PRInt16 canEnable)
+{
+    if (!mCapabilities) {
+        mCapabilities = new nsHashtable(7);
+        if (!mCapabilities)
+            return NS_ERROR_OUT_OF_MEMORY;
+    }
+    nsStringKey key(capability);
+    mCapabilities->Put(&key, (void *) canEnable);
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsBasePrincipal::IsCapabilityEnabled(const char *capability, void *annotation, 
+                                     PRBool *result)
+{
+    *result = PR_FALSE;
+    nsHashtable *ht = (nsHashtable *) annotation;
+    if (ht) {
+        nsStringKey key(capability);
+        *result = (ht->Get(&key) == (void *) AnnotationEnabled);
+    } 
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsBasePrincipal::EnableCapability(const char *capability, void **annotation) 
+{
+    return SetCapability(capability, annotation, AnnotationEnabled);
+}
+
+NS_IMETHODIMP 
+nsBasePrincipal::DisableCapability(const char *capability, void **annotation) 
+{
+    return SetCapability(capability, annotation, AnnotationDisabled);
+}
+
+NS_IMETHODIMP 
+nsBasePrincipal::RevertCapability(const char *capability, void **annotation) 
+{
+    if (*annotation) {
+        nsHashtable *ht = (nsHashtable *) *annotation;
+        nsStringKey key(capability);
+        ht->Remove(&key);
+    }
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsBasePrincipal::SetCapability(const char *capability, void **annotation,
+                               AnnotationValue value) 
+{
+    if (*annotation == nsnull) {
+        *annotation = new nsHashtable(5);
+        if (!*annotation)
+            return NS_ERROR_OUT_OF_MEMORY;
+        // This object owns its annotations. Save them so we can release
+        // them when we destroy this object.
+        mAnnotations.AppendElement(*annotation);
+    }
+    nsHashtable *ht = (nsHashtable *) *annotation;
+    nsStringKey key(capability);
+    ht->Put(&key, (void *) value);
+    return NS_OK;
+}

caps/src/nsCertificatePrincipal.cpp

@@ -24,16 +24,30 @@
 
 static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
 
-NS_IMPL_ISUPPORTS(nsCertificatePrincipal, kICertificatePrincipalIID);
+NS_IMPL_QUERY_INTERFACE2(nsCertificatePrincipal, nsICertificatePrincipal, nsIPrincipal)
 
-NS_IMETHODIMP
-nsCertificatePrincipal::CanAccess(const char *capability, PRBool *result)
+NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal);
+NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal);
+
+NS_IMETHODIMP 
+nsCertificatePrincipal::CanEnableCapability(const char *capability,
+                                            PRInt16 *result)
 {
-    // Later: query database for this capability
-    *result = PR_FALSE;
+    // XXX: query database as to whether this principal has this capability enabled
+    *result = nsIPrincipal::ENABLE_DENIED;
     return NS_OK;
 }
 
+NS_IMETHODIMP 
+nsCertificatePrincipal::SetCanEnableCapability(const char *capability, 
+                                               PRInt16 canEnable)
+{
+    // XXX: modify database as to whether this principal has this capability enabled
+    return NS_ERROR_FAILURE;
+}
+
+
+// Unclear if we need any of these methods, and if so, where they should live.
 NS_IMETHODIMP
 nsCertificatePrincipal::GetPublicKey(char ** publicKey)
 {
@@ -77,24 +91,22 @@ nsCertificatePrincipal::GetFingerPrint(char * * fingerPrint)
 }
 
 
-NS_IMETHODIMP
-nsCertificatePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
-{
-//  *jsprin = NS_STATIC_CAST(JSPrincipals *,this);
-  return NS_OK;
-}
-
-
 NS_IMETHODIMP 
 nsCertificatePrincipal::ToString(char **result)
 {
-	return NS_OK;
+    return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP
 nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
 {
-	return NS_OK;
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsCertificatePrincipal::HashValue(PRUint32 *result)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 nsCertificatePrincipal::nsCertificatePrincipal(PRInt16 type, const char * key)
@@ -107,16 +119,6 @@ nsCertificatePrincipal::nsCertificatePrincipal(PRInt16 type, const unsigned char
 								PRUint32 *certChainLengths, PRUint32 noOfCerts)
 {
 	this->itsType = type;
-	/*
-   m_pNSPrincipal = new nsPrincipal(nsPrincipalType_CertChain, certChain, 
-                                    certChainLengths, noOfCerts);
-   if(m_pNSPrincipal == NULL)
-   {
-      *result = NS_ERROR_OUT_OF_MEMORY;
-      return;
-   }
-   *result = NS_OK;
-   */
 }
 
 nsCertificatePrincipal::~nsCertificatePrincipal(void)

caps/src/nsCodebasePrincipal.cpp

@@ -27,51 +27,39 @@
 #include "nsIServiceManager.h"
 #include "nsIURL.h"
 #include "nsCOMPtr.h"
+#include "nsIPref.h"
+#include "nsXPIDLString.h"
 
 NS_IMPL_QUERY_INTERFACE2(nsCodebasePrincipal, nsICodebasePrincipal, nsIPrincipal)
 
-// special AddRef/Release to unify reference counts between XPCOM 
-//  and JSPrincipals
+NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal);
+NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal);
 
-NS_IMETHODIMP_(nsrefcnt)
-nsCodebasePrincipal::AddRef(void)
-{
-    NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt");
-    NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
-    ++mJSPrincipals.refcount;
-    NS_LOG_ADDREF(this, mJSPrincipals.refcount, "nsCodebasePrincipal", sizeof(*this));
-    return mJSPrincipals.refcount;
-}
-
-NS_IMETHODIMP_(nsrefcnt)
-nsCodebasePrincipal::Release(void)
-{
-    NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt");
-    NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
-    --mJSPrincipals.refcount;
-    NS_LOG_RELEASE(this, mJSPrincipals.refcount, "nsCodebasePrincipal");
-    if (mJSPrincipals.refcount == 0) {
-#ifdef DEBUG_norris
-        char *spec;
-        mURI->GetSpec(&spec);
-        fprintf(stderr, "Releasing principal for %s\n", spec);
-        delete spec;
-#endif
-        NS_DELETEXPCOM(this);
-        return 0;
-    }  
-    return mJSPrincipals.refcount;
-}
-
-
-////////////////////////////////////
-// Methods implementing nsIPrincipal
-////////////////////////////////////
+///////////////////////////////////////
+// Methods implementing nsIPrincipal //
+///////////////////////////////////////
 
 NS_IMETHODIMP
 nsCodebasePrincipal::ToString(char **result)
 {
-    // NB TODO
+    nsAutoString buf;
+    buf += "[Codebase ";
+    nsXPIDLCString spec;
+    if (NS_FAILED(mURI->GetSpec(getter_Copies(spec))))
+        return NS_ERROR_FAILURE;
+    buf += spec;
+    buf += "]";
+    *result = buf.ToNewCString();
+    return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+NS_IMETHODIMP
+nsCodebasePrincipal::HashValue(PRUint32 *result)
+{
+    nsXPIDLCString spec;
+    if (NS_FAILED(mURI->GetSpec(getter_Copies(spec))))
+        return NS_ERROR_FAILURE;
+    *result = nsCRT::HashValue(spec);
     return NS_OK;
 }
 
@@ -101,30 +89,32 @@ nsCodebasePrincipal::Equals(nsIPrincipal *other, PRBool *result)
     return NS_OK;
 }
 
-NS_IMETHODIMP
-nsCodebasePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
+NS_IMETHODIMP 
+nsCodebasePrincipal::CanEnableCapability(const char *capability, 
+                                         PRInt16 *result)
 {
-    if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
-        mJSPrincipals.nsIPrincipalPtr = this;
-        // No need for a ADDREF since it is a self-reference
+    // check to see if the codebase principal pref is enabled.
+    static char pref[] = "signed.applets.codebase_principal_support";
+    nsresult rv;
+	NS_WITH_SERVICE(nsIPref, prefs, "component://netscape/preferences", &rv);
+	if (NS_FAILED(rv))
+		return NS_ERROR_FAILURE;
+	PRBool enabled;
+    if (NS_FAILED(prefs->GetBoolPref(pref, &enabled)) || !enabled) {
+        // XXX check to see if subject is executing from file: and then 
+        // fall through to return ENABLE_WITH_USER_PERMISSION
+        *result = nsIPrincipal::ENABLE_DENIED;
+        return NS_OK;
     }
-    *jsprin = &mJSPrincipals;
-    JSPRINCIPALS_HOLD(cx, *jsprin);
+    rv = nsBasePrincipal::CanEnableCapability(capability, result);
+    if (*result == nsIPrincipal::ENABLE_UNKNOWN)
+        *result = ENABLE_WITH_USER_PERMISSION;
     return NS_OK;
 }
 
-NS_IMETHODIMP
-nsCodebasePrincipal::CanAccess(const char *capability, PRBool *result)
-{
-    // Codebases have no special privileges.
-    *result = PR_FALSE;
-    return NS_OK;
-}
-
-
-////////////////////////////////////////////
-// Methods implementing nsICodebasePrincipal
-////////////////////////////////////////////
+///////////////////////////////////////////////
+// Methods implementing nsICodebasePrincipal //
+///////////////////////////////////////////////
 
 NS_IMETHODIMP
 nsCodebasePrincipal::GetURI(nsIURI **uri) 
@@ -134,8 +124,6 @@ nsCodebasePrincipal::GetURI(nsIURI **uri)
     return NS_OK;
 }
 
-
-
 NS_IMETHODIMP
 nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result)
 {
@@ -190,9 +178,9 @@ nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result)
     return NS_OK;
 }
 
-//////////////////////////////////////////
-// Constructor, Destructor, initialization
-//////////////////////////////////////////
+/////////////////////////////////////////////
+// Constructor, Destructor, initialization //
+/////////////////////////////////////////////
 
 nsCodebasePrincipal::nsCodebasePrincipal()
 {

caps/src/nsSystemPrincipal.cpp

@@ -39,8 +39,9 @@ NS_IMPL_ISUPPORTS(nsSystemPrincipal, NS_GET_IID(nsIPrincipal));
 NS_IMETHODIMP
 nsSystemPrincipal::ToString(char **result)
 {
-    // NB TODO
-    return NS_OK;
+    nsAutoString buf("[System]");
+    *result = buf.ToNewCString();
+    return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
 }
 
 NS_IMETHODIMP
@@ -51,26 +52,56 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result)
 }
 
 NS_IMETHODIMP
-nsSystemPrincipal::GetJSPrincipals(JSPrincipals **jsprin)
+nsSystemPrincipal::HashValue(PRUint32 *result)
 {
-    if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
-        mJSPrincipals.nsIPrincipalPtr = this;
-        NS_ADDREF(mJSPrincipals.nsIPrincipalPtr);
-        // matching release in nsDestroyJSPrincipals
-    }
-    *jsprin = &mJSPrincipals;
-    JSPRINCIPALS_HOLD(cx, *jsprin);
+    *result = (PRUint32) this;
     return NS_OK;
 }
 
-NS_IMETHODIMP
-nsSystemPrincipal::CanAccess(const char *capability, PRBool *result)
+NS_IMETHODIMP 
+nsSystemPrincipal::CanEnableCapability(const char *capability, 
+                                       PRInt16 *result)
+{
+    // System principal can enable all capabilities.
+    *result = nsIPrincipal::ENABLE_GRANTED;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::SetCanEnableCapability(const char *capability, 
+                                          PRInt16 canEnable)
+{
+    return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::IsCapabilityEnabled(const char *capability, 
+                                       void *annotation, 
+                                       PRBool *result)
 {
-    // The system principal has all privileges.
     *result = PR_TRUE;
     return NS_OK;
 }
 
+NS_IMETHODIMP 
+nsSystemPrincipal::EnableCapability(const char *capability, void **annotation)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::RevertCapability(const char *capability, void **annotation)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSystemPrincipal::DisableCapability(const char *capability, void **annotation) 
+{
+    // Can't disable the capabilities of the system principal.
+    // XXX might be handy to be able to do so!
+    return NS_ERROR_FAILURE;
+}
 
 //////////////////////////////////////////
 // Constructor, Destructor, initialization