Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst

caps/include/nsPrincipal.h

@@ -138,6 +138,7 @@ protected:
 
   nsCOMPtr<nsIURI> mCodebase;
   nsCOMPtr<nsIURI> mDomain;
+  nsCOMPtr<nsIURI> mOrigin;
   PRPackedBool mTrusted;
   PRPackedBool mInitialized;
 };

caps/src/nsPrincipal.cpp

@@ -115,6 +115,9 @@ nsPrincipal::Init(const nsACString& aCertFingerprint,
 
   mCodebase = aCodebase;
 
+  // Invalidate our cached origin
+  mOrigin = nsnull;
+
   nsresult rv;
   if (!aCertFingerprint.IsEmpty()) {
     rv = SetCertificate(aCertFingerprint, aSubjectName, aPrettyName, aCert);
@@ -165,8 +168,14 @@ nsPrincipal::GetOrigin(char **aOrigin)
 {
   *aOrigin = nsnull;
 
-  nsIURI* uri = mDomain ? mDomain : mCodebase;
-  if (!uri) {
+  if (!mOrigin) {
+    nsIURI* uri = mDomain ? mDomain : mCodebase;
+    if (uri) {
+      mOrigin = NS_GetInnermostURI(uri);
+    }
+  }
+  
+  if (!mOrigin) {
     NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
     return NS_ERROR_FAILURE;
   }
@@ -178,14 +187,14 @@ nsPrincipal::GetOrigin(char **aOrigin)
   // XXX this should be removed in favor of the solution in
   // bug 160042.
   PRBool isChrome;
-  nsresult rv = uri->SchemeIs("chrome", &isChrome);
+  nsresult rv = mOrigin->SchemeIs("chrome", &isChrome);
   if (NS_SUCCEEDED(rv) && !isChrome) {
-    rv = uri->GetHostPort(hostPort);
+    rv = mOrigin->GetHostPort(hostPort);
   }
 
   if (NS_SUCCEEDED(rv) && !isChrome) {
     nsCAutoString scheme;
-    rv = uri->GetScheme(scheme);
+    rv = mOrigin->GetScheme(scheme);
     NS_ENSURE_SUCCESS(rv, rv);
     *aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
   }
@@ -193,7 +202,7 @@ nsPrincipal::GetOrigin(char **aOrigin)
     // Some URIs (e.g., nsSimpleURI) don't support host. Just
     // get the full spec.
     nsCAutoString spec;
-    rv = uri->GetSpec(spec);
+    rv = mOrigin->GetSpec(spec);
     NS_ENSURE_SUCCESS(rv, rv);
     *aOrigin = ToNewCString(spec);
   }
@@ -527,6 +536,9 @@ void
 nsPrincipal::SetURI(nsIURI* aURI)
 {
   mCodebase = aURI;
+
+  // Invalidate our cached origin
+  mOrigin = nsnull;
 }
 
 
@@ -625,6 +637,9 @@ nsPrincipal::SetDomain(nsIURI* aDomain)
   // Domain has changed, forget cached security policy
   SetSecurityPolicy(nsnull);
 
+  // Invalidate our cached origin
+  mOrigin = nsnull;
+
   return NS_OK;
 }
 
@@ -663,6 +678,9 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
     }
 
     mTrusted = aTrusted;
+
+    // Invalidate our cached origin
+    mOrigin = nsnull;
   }
 
   rv = mJSPrincipals.Init(this, aToken.get());

caps/src/nsScriptSecurityManager.cpp

@@ -898,6 +898,11 @@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal(nsIPrincipal* aSubject
     // fails, just deny access -- better safe than sorry.
     // XXXbz when this gets removed, also remove the asymmetry between
     // aSourceURI and aTargetURI in SecurityCompareURIs.    
+    // XXXbz once this is removed, we can probably just make
+    // nsPrincipal::Equals call CheckSameOriginPrincipal(), which will also
+    // make sure it hits the domain check above.  At the same time as we remove
+    // this we should also be able to remove the about:blank hackery in
+    // nsPrincipal::Subsumes.
     PRBool nullSubject = PR_FALSE;
     // Subject URI could be null here.... 
     if (subjectURI) {
@@ -990,13 +995,6 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
         const char *colon = nsnull;
         char *p = start;
 
-        //-- skip (nested) jar schemes to reach the "real" URI
-        // FIXME: bug 327241 -- that's not what we do in SecurityCompareURIs!
-        // We should do something more like that, except I guess this is faster
-        // than QI followed by getter, etc... :(
-        while (*p == 'j' && *(++p) == 'a' && *(++p) == 'r' && *(++p) == ':')
-            start = ++p;
-        
         //-- search domain (stop at the end of the string or at the 3rd slash)
         for (PRUint32 slashes=0; *p; p++)
         {