Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-04 04:58:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Adding nsAggregatePrincipal support. r=norris

Browse Source
This commit is contained in:
norris%netscape.com 2000-03-21 04:05:35 +00:00
parent b3e16d2c05
commit 7d053b70b0
21 changed files with 550 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
caps/idl/Makefile.in
View File

@ -33,6 +33,7 @@ XPIDLSRCS = \
nsIPrincipal.idl \
nsICodebasePrincipal.idl \
nsICertificatePrincipal.idl \
nsIAggregatePrincipal.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

1
caps/idl/makefile.win
View File

@ -28,6 +28,7 @@ XPIDLSRCS= \
.\nsIPrincipal.idl \
.\nsICertificatePrincipal.idl \
.\nsICodebasePrincipal.idl \
.\nsIAggregatePrincipal.idl \
$(NULL)
include <$(DEPTH)\config\rules.mak>

39
caps/idl/nsIAggregatePrincipal.idl Normal file
View File

@ -0,0 +1,39 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Mitch Stoltz <mstoltz@netscape.com>
*/
/* Defines an interface for aggregate principals. */
%{C++
#define NS_AGGREGATEPRINCIPAL_PROGID "component://netscape/aggregateprincipal"
#define NS_AGGREGATEPRINCIPAL_CLASSNAME "aggregateprincipal"
%}
#include "nsIPrincipal.idl"
[uuid(1c30a682-1dd2-11b2-ba9b-86a86f300cbc)]
interface nsIAggregatePrincipal : nsISupports {
attribute nsIPrincipal certificate;
attribute nsIPrincipal codebase;
void intersect(in nsIPrincipal other);
};

3
caps/idl/nsICertificatePrincipal.idl
View File

@ -31,8 +31,7 @@
[uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
interface nsICertificatePrincipal : nsISupports {
//-- The Get functions for these attributes DO NOT COPY.
readonly attribute string issuerName;
readonly attribute string serialNumber;
readonly attribute string companyName;
};

6
caps/idl/nsIPrincipal.idl
View File

@ -26,12 +26,14 @@
#include "nsISupports.idl"
%{C++
class nsSupportsHashtable;
struct JSPrincipals;
%}
interface nsIPref;
[ptr] native JSPrincipals(JSPrincipals);
[ptr] native nsSupportsHashtable(nsSupportsHashtable);
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
interface nsIPrincipal : nsISupports {
@ -66,9 +68,7 @@ interface nsIPrincipal : nsISupports {
void DisableCapability(in string capability, inout voidStar annotation);
string ToStreamableForm();
void WriteToPrefs(in nsIPref prefs);
void Save(in nsSupportsHashtable aPrincipals, in nsIPref prefs);
};

4
caps/idl/nsIScriptSecurityManager.idl
View File

@ -56,9 +56,9 @@ interface nsIScriptSecurityManager : nsISupports
/**
* Return a principal that can be QI'd to nsICertificatePrincipal.
*/
nsIPrincipal GetCertificatePrincipal(in string aIssuer, in string aSerialNumber);
nsIPrincipal GetCertificatePrincipal(in string aIssuer, in string aSerialNumber,
in string companyName);
///////////////// Security Checks //////////////////
/**

1
caps/include/MANIFEST
View File

@ -1,3 +1,4 @@
nsAggregatePrincipal.h
nsBasePrincipal.h
nsCertificatePrincipal.h
nsCodebasePrincipal.h

1
caps/include/Makefile.in
View File

@ -33,6 +33,7 @@ EXPORTS = \
nsSystemPrincipal.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsAggregatePrincipal.h \
nsJSPrincipals.h \
nsScriptSecurityManager.h \
$(NULL)

1
caps/include/makefile.win
View File

@ -36,6 +36,7 @@ EXPORTS= \
nsBasePrincipal.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsAggregatePrincipal.h \
nsJSPrincipals.h \
nsScriptSecurityManager.h \
nsSystemPrincipal.h \

109
caps/include/nsAggregatePrincipal.h Normal file
View File

@ -0,0 +1,109 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Norris Boyd
* Mitch Stoltz
*/
/* describes aggregate principals which combine the
behavior of one or more other principals */
#ifndef _NS_AGGREGATE_PRINCIPAL_H_
#define _NS_AGGREGATE_PRINCIPAL_H_
#include "nsIAggregatePrincipal.h"
#include "nsICertificatePrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsBasePrincipal.h"
#include "nsCOMPtr.h"
#define NS_AGGREGATEPRINCIPAL_CID \
{ 0x867cf414, 0x1dd2, 0x11b2, \
{ 0x82, 0x66, 0xca, 0x64, 0x3b, 0xbc, 0x35, 0x64 }}
/* 867cf414-1dd2-11b2-8266-ca643bbc3564 */
class nsAggregatePrincipal : public nsIAggregatePrincipal,
public nsICertificatePrincipal,
public nsICodebasePrincipal,
public nsBasePrincipal
{
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_AGGREGATEPRINCIPAL_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSIAGGREGATEPRINCIPAL
NS_FORWARD_NSICERTIFICATEPRINCIPAL(mCertificate->)
NS_FORWARD_NSICODEBASEPRINCIPAL(mCodebase->)
NS_IMETHOD
ToString(char **result);
NS_IMETHOD
ToUserVisibleString(char **result);
NS_IMETHOD
Equals(nsIPrincipal *other, PRBool *result);
NS_IMETHOD
HashValue(PRUint32 *result);
NS_IMETHOD
CanEnableCapability(const char *capability, PRInt16 *result);
NS_IMETHOD
SetCanEnableCapability(const char *capability, PRInt16 canEnable);
NS_IMETHOD
IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result);
NS_IMETHOD
EnableCapability(const char *capability, void **annotation);
NS_IMETHOD
RevertCapability(const char *capability, void **annotation);
NS_IMETHOD
DisableCapability(const char *capability, void **annotation);
NS_IMETHOD
Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs);
nsAggregatePrincipal();
virtual ~nsAggregatePrincipal(void);
protected:
/* mCertificate and mCodebase have the same lifetime
as the nsCOMPtrs mCertificatePrincipal and
mCodebasePrincipal, so they are not refcounted.
*/
nsCOMPtr<nsIPrincipal> mCertificatePrincipal;
nsICertificatePrincipal* mCertificate;
nsCOMPtr<nsIPrincipal> mCodebasePrincipal;
nsICodebasePrincipal* mCodebase;
/* This is the member principal (normally the certificate)
which will handle the privilege checking and persistence
behavior of the aggregate.
*/
nsCOMPtr<nsIPrincipal> mMasterPrincipal;
};
#endif // _NS_AGGREGATE_PRINCIPAL_H_

7
caps/include/nsBasePrincipal.h
View File

@ -62,15 +62,12 @@ public:
InitFromPersistent(const char *name, const char *data);
NS_IMETHOD
WriteToPrefs(nsIPref *prefs);
NS_IMETHOD
ToStreamableForm(char **result);
Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs);
protected:
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
NS_IMETHOD
NS_IMETHOD
SetCapability(const char *capability, void **annotation,
AnnotationValue value);

14
caps/include/nsCertificatePrincipal.h
View File

@ -19,6 +19,7 @@
*
* Contributor(s):
* Norris Boyd
* Mitch Stoltz
*/
/* describes principals for use with signed scripts */
@ -29,11 +30,14 @@
#include "nsICertificatePrincipal.h"
#include "nsBasePrincipal.h"
class nsIURI;
#define NS_CERTIFICATEPRINCIPALMANAGER_CID \
{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsCertificatePrincipal : public nsICertificatePrincipal, public nsBasePrincipal {
class nsCertificatePrincipal : public nsICertificatePrincipal, public nsBasePrincipal
{
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPALMANAGER_CID)
@ -52,15 +56,17 @@ public:
NS_IMETHOD InitFromPersistent(const char *name, const char* data);
NS_IMETHOD Init(const char* aIssuerName, const char* aSerialNumber);
NS_IMETHOD Init(const char* aIssuerName, const char* aSerialNumber,
const char* aCompanyName);
nsCertificatePrincipal();
virtual ~nsCertificatePrincipal(void);
protected:
const char* mIssuerName;
const char* mSerialNumber;
char* mIssuerName;
char* mSerialNumber;
char* mCompanyName;
};
#endif // _NS_CERTIFICATE_PRINCIPAL_H_

35
caps/include/nsScriptSecurityManager.h
View File

@ -34,6 +34,41 @@
class nsIPref;
/////////////////////
// nsIPrincipalKey //
/////////////////////
class nsIPrincipalKey : public nsHashKey {
public:
nsIPrincipalKey(nsIPrincipal* key) {
mKey = key;
NS_IF_ADDREF(mKey);
}
~nsIPrincipalKey(void) {
NS_IF_RELEASE(mKey);
}
PRUint32 HashValue(void) const {
PRUint32 hash;
mKey->HashValue(&hash);
return hash;
}
PRBool Equals(const nsHashKey *aKey) const {
PRBool eq;
mKey->Equals(((nsIPrincipalKey *) aKey)->mKey, &eq);
return eq;
}
nsHashKey *Clone(void) const {
return new nsIPrincipalKey(mKey);
}
protected:
nsIPrincipal* mKey;
};
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}

6
caps/include/nsSystemPrincipal.h
View File

@ -60,12 +60,12 @@ public:
NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
NS_IMETHOD ToStreamableForm(char **result);
nsSystemPrincipal();
NS_IMETHOD Save(nsSupportsHashtable* aPrincipals, nsIPref* aPrefs);
NS_IMETHOD Init();
nsSystemPrincipal();
virtual ~nsSystemPrincipal(void);
};

1
caps/src/Makefile.in
View File

@ -35,6 +35,7 @@ CPPSRCS = \
nsSystemPrincipal.cpp \
nsCertificatePrincipal.cpp \
nsCodebasePrincipal.cpp \
nsAggregatePrincipal.cpp \
nsJSPrincipals.cpp \
nsScriptSecurityManager.cpp \
nsSecurityManagerFactory.cpp \

1
caps/src/makefile.win
View File

@ -59,6 +59,7 @@ CPP_OBJS= \
.\$(OBJDIR)\nsBasePrincipal.obj \
.\$(OBJDIR)\nsCertificatePrincipal.obj \
.\$(OBJDIR)\nsCodebasePrincipal.obj \
.\$(OBJDIR)\nsAggregatePrincipal.obj \
.\$(OBJDIR)\nsJSPrincipals.obj \
.\$(OBJDIR)\nsScriptSecurityManager.obj \
.\$(OBJDIR)\nsSecurityManagerFactory.obj \

212
caps/src/nsAggregatePrincipal.cpp Normal file
View File

@ -0,0 +1,212 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Norris Boyd
* Mitch Stoltz <mstoltz@netscape.com>
*/
/*describes principals which combine one or more principals*/
#include "nsAggregatePrincipal.h"
static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
NS_IMPL_QUERY_INTERFACE4(nsAggregatePrincipal, nsIAggregatePrincipal,
nsICertificatePrincipal, nsICodebasePrincipal, nsIPrincipal)
NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal);
NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal);
////////////////////////////////////////////////
// Methods implementing nsIAggregatePrincipal //
////////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetCertificate(nsIPrincipal** result)
{
*result = mCertificatePrincipal;
NS_IF_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCodebase(nsIPrincipal** result)
{
*result = mCodebasePrincipal;
NS_IF_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate)
{
if(!aCertificate)
{
mCertificate = nsnull;
mCertificatePrincipal = nsnull;
mMasterPrincipal = mCodebasePrincipal;
return NS_OK;
}
if (NS_FAILED(aCertificate->QueryInterface(NS_GET_IID(nsICertificatePrincipal),
(void**)&mCertificate)))
return NS_ERROR_FAILURE;
mCertificatePrincipal = aCertificate;
mMasterPrincipal = aCertificate;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
{
if(!aCodebase)
{
mCodebase = nsnull;
mCodebasePrincipal = nsnull;
return NS_OK;
}
if (NS_FAILED(aCodebase->QueryInterface(NS_GET_IID(nsICodebasePrincipal),
(void**)&mCodebase)))
return NS_ERROR_FAILURE;
mCodebasePrincipal = aCodebase;
if (!mCertificatePrincipal)
mMasterPrincipal = aCodebase;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::Intersect(nsIPrincipal* other)
{
NS_ASSERTION(mCodebase, "Principal without codebase");
PRBool sameCert = PR_FALSE;
if (NS_FAILED(mCertificatePrincipal->Equals(other, &sameCert)))
return NS_ERROR_FAILURE;
if (!sameCert)
SetCertificate(nsnull);
return NS_OK;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::ToString(char **result)
{
return mMasterPrincipal->ToString(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::ToUserVisibleString(char **result)
{
return mMasterPrincipal->ToUserVisibleString(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
if (!other) {
*result = PR_FALSE;
return NS_OK;
}
nsresult rv;
nsCOMPtr<nsIAggregatePrincipal> otherAgg =
do_QueryInterface(other, &rv);
if (NS_FAILED(rv))
{
*result = PR_FALSE;
return NS_OK;
}
//-- Two aggregates are equal if both codebase and certificate are equal
*result = PR_FALSE;
PRBool certEqual, cbEqual;
rv = mCertificatePrincipal->Equals(other, &certEqual);
if(NS_FAILED(rv)) return rv;
rv = mCodebasePrincipal->Equals(other, &cbEqual);
if(NS_FAILED(rv)) return rv;
*result = certEqual && cbEqual;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::HashValue(PRUint32 *result)
{
return mMasterPrincipal->HashValue(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
return mMasterPrincipal->CanEnableCapability(capability, result);
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{
return mMasterPrincipal->SetCanEnableCapability(capability, canEnable);
}
NS_IMETHODIMP
nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result)
{
return mMasterPrincipal->IsCapabilityEnabled(capability, annotation, result);
}
NS_IMETHODIMP
nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation)
{
return mMasterPrincipal->EnableCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation)
{
return mMasterPrincipal->RevertCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation)
{
return mMasterPrincipal->DisableCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs)
{
return mMasterPrincipal->Save(aPrincipals, prefs);
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsAggregatePrincipal::nsAggregatePrincipal() : mCertificate(nsnull),
mCodebase(nsnull)
{
NS_INIT_ISUPPORTS();
}
nsAggregatePrincipal::~nsAggregatePrincipal()
{
}

35
caps/src/nsBasePrincipal.cpp
View File

@ -17,9 +17,11 @@
*
* Contributor(s):
* Norris Boyd
* Mitch Stoltz
*/
#include "nsBasePrincipal.h"
#include "nsScriptSecurityManager.h"
#include "nsString.h"
#include "plstr.h"
#include "nsIPref.h"
@ -249,11 +251,24 @@ AppendCapability(nsHashKey *aKey, void *aData, void *aStr)
NS_IMETHODIMP
nsBasePrincipal::WriteToPrefs(nsIPref *aPref)
nsBasePrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref *aPref)
{
//-- Save in hashtable
nsIPrincipalKey key(this);
// This is a little sneaky. "supports" below is a void *, which won't
// be refcounted, but is matched with a key that is the same object,
// which will be refcounted.
aPrincipals->Put(&key, this);
//-- Save to preferences
char *streamableForm;
if (NS_FAILED(ToStreamableForm(&streamableForm)))
if (NS_FAILED(ToString(&streamableForm)))
return NS_ERROR_FAILURE;
if (mCapabilities) {
nsCAutoString result(streamableForm);
mCapabilities->Enumerate(AppendCapability, (void*)&result);
streamableForm = result.ToNewCString();
}
if (!mPrefName) {
nsCAutoString s("security.principal.X");
s += mCapabilitiesOrdinal++;
@ -263,19 +278,3 @@ nsBasePrincipal::WriteToPrefs(nsIPref *aPref)
Recycle(streamableForm);
return rv;
}
NS_IMETHODIMP
nsBasePrincipal::ToStreamableForm(char **aResult)
{
if (NS_FAILED(ToString(aResult)))
return NS_ERROR_FAILURE;
if (mCapabilities) {
nsCAutoString result(*aResult);
mCapabilities->Enumerate(AppendCapability, (void*)&result);
Recycle(*aResult);
*aResult = result.ToNewCString();
}
return *aResult ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}

76
caps/src/nsCertificatePrincipal.cpp
View File

@ -19,10 +19,12 @@
*
* Contributor(s):
* Norris Boyd
* Mitch Stoltz <mstoltz@netscape.com>
*/
/*describes principals for use in signed scripts*/
#include "nsCertificatePrincipal.h"
#include "prmem.h"
#include "nsCOMPtr.h"
static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
@ -32,6 +34,34 @@ NS_IMPL_QUERY_INTERFACE2(nsCertificatePrincipal, nsICertificatePrincipal, nsIPri
NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal);
NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal);
//////////////////////////////////////////////////
// Methods implementing nsICertificatePrincipal //
//////////////////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::GetIssuerName(char ** issuerName)
{
*issuerName = nsCRT::strdup(mIssuerName);
return *issuerName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetSerialNumber(char ** serialNumber)
{
*serialNumber = nsCRT::strdup(mSerialNumber);
return *serialNumber ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetCompanyName(char ** companyName)
{
*companyName = nsCRT::strdup(mCompanyName);
return * companyName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
@ -43,20 +73,6 @@ nsCertificatePrincipal::CanEnableCapability(const char *capability,
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetIssuerName(char ** issuerName)
{
*issuerName = (char*)mIssuerName;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetSerialNumber(char ** serialNumber)
{
*serialNumber = (char*)mSerialNumber;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::ToString(char **result)
{
@ -73,8 +89,7 @@ nsCertificatePrincipal::ToString(char **result)
NS_IMETHODIMP
nsCertificatePrincipal::ToUserVisibleString(char **result)
{
// XXX TODO: need company name rather than issuer and serial number here.
return ToString(result);
return GetCompanyName(result);
}
NS_IMETHODIMP
@ -96,12 +111,16 @@ nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
*result = PR_FALSE;
return NS_OK;
}
//-- Compare issuer name and serial number;
// these comprise the unique id of the cert
char* otherIssuer;
otherCertificate->GetIssuerName(&otherIssuer);
char* otherSerial;
otherCertificate->GetSerialNumber(&otherSerial);
*result = ( (PL_strcmp(mIssuerName, otherIssuer) == 0) &&
(PL_strcmp(mSerialNumber, otherSerial) == 0) );
PR_FREEIF(otherIssuer);
PR_FREEIF(otherSerial);
return NS_OK;
}
@ -115,6 +134,9 @@ nsCertificatePrincipal::HashValue(PRUint32 *result)
return NS_OK;
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::InitFromPersistent(const char *name, const char* data)
{
@ -140,7 +162,7 @@ nsCertificatePrincipal::InitFromPersistent(const char *name, const char* data)
*wordEnd = '\0';
const char* serial = data;
if (NS_FAILED(Init(issuer, serial)))
if (NS_FAILED(Init(issuer, serial, nsnull)))
return NS_ERROR_FAILURE;
if (wordEnd[1] != '\0') {
@ -151,23 +173,27 @@ nsCertificatePrincipal::InitFromPersistent(const char *name, const char* data)
}
NS_IMETHODIMP
nsCertificatePrincipal::Init(const char* aIssuerName, const char* aSerialNumber)
nsCertificatePrincipal::Init(const char* aIssuerName, const char* aSerialNumber,
const char* aCompanyName)
{
mIssuerName = nsCRT::strdup(aIssuerName);
mSerialNumber = nsCRT::strdup(aSerialNumber);
if (!mIssuerName || !mSerialNumber) return NS_ERROR_OUT_OF_MEMORY;
mCompanyName = nsCRT::strdup(aCompanyName);
if (!mIssuerName || !mSerialNumber ||
!mCompanyName) return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}
nsCertificatePrincipal::nsCertificatePrincipal()
nsCertificatePrincipal::nsCertificatePrincipal() : mIssuerName(nsnull),
mSerialNumber(nsnull),
mCompanyName(nsnull)
{
NS_INIT_ISUPPORTS();
}
nsCertificatePrincipal::~nsCertificatePrincipal(void)
nsCertificatePrincipal::~nsCertificatePrincipal()
{
if (mIssuerName)
nsCRT::free((char*)mIssuerName);
if (mSerialNumber)
nsCRT::free((char*)mSerialNumber);
PR_FREEIF(mIssuerName);
PR_FREEIF(mSerialNumber);
PR_FREEIF(mCompanyName);
}

130
caps/src/nsScriptSecurityManager.cpp
View File

@ -26,6 +26,7 @@
#include "nsIScriptObjectOwner.h"
#include "nsIPref.h"
#include "nsIURL.h"
#include "nsIJARURI.h"
#include "nspr.h"
#include "plstr.h"
#include "nsCOMPtr.h"
@ -33,6 +34,7 @@
#include "nsSystemPrincipal.h"
#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsAggregatePrincipal.h"
#include "nsCRT.h"
#include "nsXPIDLString.h"
#include "nsIJSContextStack.h"
@ -84,42 +86,6 @@ GetCurrentContext() {
static nsDOMProp
findDomProp(const char *propName, int n);
/////////////////////
// nsIPrincipalKey //
/////////////////////
class nsIPrincipalKey : public nsHashKey {
public:
nsIPrincipalKey(nsIPrincipal* key) {
mKey = key;
NS_IF_ADDREF(mKey);
}
~nsIPrincipalKey(void) {
NS_IF_RELEASE(mKey);
}
PRUint32 HashValue(void) const {
PRUint32 hash;
mKey->HashValue(&hash);
return hash;
}
PRBool Equals(const nsHashKey *aKey) const {
PRBool eq;
mKey->Equals(((nsIPrincipalKey *) aKey)->mKey, &eq);
return eq;
}
nsHashKey *Clone(void) const {
return new nsIPrincipalKey(mKey);
}
protected:
nsIPrincipal* mKey;
};
///////////////////////
// nsSecurityNameSet //
///////////////////////
@ -485,7 +451,9 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI,
nsXPIDLCString scheme;
if (NS_FAILED(aURI->GetScheme(getter_Copies(scheme))))
return NS_ERROR_FAILURE;
if (nsCRT::strcasecmp(scheme, fromScheme) == 0) {
if (nsCRT::strcasecmp(scheme, fromScheme) == 0)
{
// every scheme can access another URI from the same scheme
return NS_OK;
}
@ -495,28 +463,28 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI,
const char *name;
Action action;
} protocolList[] = {
"about", AboutProtocol,
"data", AllowProtocol,
"file", DenyProtocol,
"ftp", AllowProtocol,
"http", AllowProtocol,
"https", AllowProtocol,
"jar", AllowProtocol,
"keyword", DenyProtocol,
"res", DenyProtocol,
"resource", DenyProtocol,
"datetime", DenyProtocol,
"finger", AllowProtocol,
"chrome", DenyProtocol,
"javascript", AllowProtocol,
"mailto", AllowProtocol,
"imap", DenyProtocol,
"mailbox", DenyProtocol,
"pop3", DenyProtocol,
"news", AllowProtocol,
{ "about", AboutProtocol },
{ "data", AllowProtocol },
{ "file", DenyProtocol },
{ "ftp", AllowProtocol },
{ "http", AllowProtocol },
{ "https", AllowProtocol },
{ "jar", AllowProtocol },
{ "keyword", DenyProtocol },
{ "res", DenyProtocol },
{ "resource", DenyProtocol },
{ "datetime", DenyProtocol },
{ "finger", AllowProtocol },
{ "chrome", DenyProtocol },
{ "javascript", AllowProtocol },
{ "mailto", AllowProtocol },
{ "imap", DenyProtocol },
{ "mailbox", DenyProtocol },
{ "pop3", DenyProtocol },
{ "news", AllowProtocol },
};
for (int i=0; i < sizeof(protocolList)/sizeof(protocolList[0]); i++) {
for (unsigned i=0; i < sizeof(protocolList)/sizeof(protocolList[0]); i++) {
if (nsCRT::strcasecmp(scheme, protocolList[i].name) == 0) {
switch (protocolList[i].action) {
case AllowProtocol:
@ -575,31 +543,40 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
NS_IMETHODIMP
nsScriptSecurityManager::GetCertificatePrincipal(const char* aIssuerName,
const char* aSerialNumber,
const char* aCompanyName,
nsIPrincipal **result)
{
nsresult rv;
//-- Create a certificate principal
nsCertificatePrincipal *certificate = new nsCertificatePrincipal();
if (!certificate)
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(certificate);
if (NS_FAILED(certificate->Init(aIssuerName, aSerialNumber)))
if (NS_FAILED(certificate->Init(aIssuerName, aSerialNumber, aCompanyName)))
{
NS_RELEASE(certificate);
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsIPrincipal> principal =
do_QueryInterface((nsBasePrincipal*)certificate, &rv);
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface((nsBasePrincipal*)certificate, &rv);
NS_RELEASE(certificate);
if (NS_FAILED(rv))
return rv;
if (NS_FAILED(rv)) return rv;
if (mPrincipals) {
// Check to see if we already have this principal.
nsIPrincipalKey key(principal);
nsCOMPtr<nsIPrincipal> p2 = (nsIPrincipal *) mPrincipals->Get(&key);
if (p2)
principal = p2;
nsCOMPtr<nsIPrincipal> fromTable = (nsIPrincipal *) mPrincipals->Get(&key);
if (fromTable)
principal = fromTable;
}
//-- Bundle this certificate principal into an aggregate principal
nsAggregatePrincipal* agg = new nsAggregatePrincipal();
if (!agg) return NS_ERROR_OUT_OF_MEMORY;
rv = agg->SetCertificate(principal);
if (NS_FAILED(rv)) return rv;
principal = do_QueryInterface((nsBasePrincipal*)agg, &rv);
if (NS_FAILED(rv)) return rv;
*result = principal;
NS_ADDREF(*result);
return NS_OK;
@ -636,7 +613,6 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CanExecuteScripts(nsIPrincipal *principal,
PRBool *result)
@ -944,26 +920,22 @@ nsScriptSecurityManager::EnableCapability(const char *capability)
canEnable = nsIPrincipal::ENABLE_DENIED;
PR_FREEIF(message);
if (remember) {
//-- Save principal to prefs and to mPrincipals
if (NS_FAILED(principal->SetCanEnableCapability(capability, canEnable)))
return NS_ERROR_FAILURE;
mIsWritingPrefs = PR_TRUE;
if (NS_FAILED(principal->WriteToPrefs(mPrefs))) {
mIsWritingPrefs = PR_FALSE;
return NS_ERROR_FAILURE;
}
mIsWritingPrefs = PR_FALSE;
if (NS_FAILED(mPrefs->SavePrefFile()))
return NS_ERROR_FAILURE;
nsIPrincipalKey key(principal);
if (!mPrincipals) {
mPrincipals = new nsSupportsHashtable(31);
if (!mPrincipals)
return NS_ERROR_OUT_OF_MEMORY;
}
// This is a little sneaky. "supports" below is a void *, which won't
// be refcounted, but is matched with a key that is the same object,
// which will be refcounted.
mPrincipals->Put(&key, principal);
mIsWritingPrefs = PR_TRUE;
if (NS_FAILED(principal->Save(mPrincipals, mPrefs))) {
mIsWritingPrefs = PR_FALSE;
return NS_ERROR_FAILURE;
}
mIsWritingPrefs = PR_FALSE;
if (NS_FAILED(mPrefs->SavePrefFile()))
return NS_ERROR_FAILURE;
}
}
if (canEnable != nsIPrincipal::ENABLE_GRANTED) {

15
caps/src/nsSystemPrincipal.cpp
View File

@ -37,9 +37,9 @@ NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal);
NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal);
////////////////////////////////////
// Methods implementing nsIPrincipal
////////////////////////////////////
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsSystemPrincipal::ToString(char **result)
@ -115,15 +115,16 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation)
}
NS_IMETHODIMP
nsSystemPrincipal::ToStreamableForm(char **aResult)
nsSystemPrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref* prefs)
{
// The system principal should never be streamed out
return NS_ERROR_FAILURE;
}
//////////////////////////////////////////
// Constructor, Destructor, initialization
//////////////////////////////////////////
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsSystemPrincipal::nsSystemPrincipal()
{