Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=2 sw=2 et tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "ContentPrincipal.h"
8
9
#include "mozIThirdPartyUtil.h"
10
#include "nsContentUtils.h"
11
#include "nscore.h"
12
#include "nsScriptSecurityManager.h"
13
#include "nsString.h"
14
#include "nsReadableUtils.h"
15
#include "pratom.h"
16
#include "nsIURI.h"
17
#include "nsIURL.h"
18
#include "nsIStandardURL.h"
19
#include "nsIURIWithSpecialOrigin.h"
20
#include "nsIURIMutator.h"
21
#include "nsJSPrincipals.h"
22
#include "nsIEffectiveTLDService.h"
23
#include "nsIClassInfoImpl.h"
24
#include "nsIObjectInputStream.h"
25
#include "nsIObjectOutputStream.h"
26
#include "nsIProtocolHandler.h"
27
#include "nsError.h"
28
#include "nsIContentSecurityPolicy.h"
29
#include "nsNetCID.h"
30
#include "js/Wrapper.h"
31
32
#include "mozilla/dom/BlobURLProtocolHandler.h"
33
#include "mozilla/dom/ScriptSettings.h"
34
#include "mozilla/ClearOnShutdown.h"
35
#include "mozilla/ExtensionPolicyService.h"
36
#include "mozilla/Preferences.h"
37
#include "mozilla/HashFunctions.h"
38
39
#include "nsSerializationHelper.h"
40
#include "json/json.h"
41
42
using namespace mozilla;
43
44
static inline ExtensionPolicyService& EPS() {
45
return ExtensionPolicyService::GetSingleton();
46
}
47
48
NS_IMPL_CLASSINFO(ContentPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
49
NS_PRINCIPAL_CID)
50
NS_IMPL_QUERY_INTERFACE_CI(ContentPrincipal, nsIPrincipal, nsISerializable)
51
NS_IMPL_CI_INTERFACE_GETTER(ContentPrincipal, nsIPrincipal, nsISerializable)
52
53
ContentPrincipal::ContentPrincipal() : BasePrincipal(eContentPrincipal) {}
54
55
ContentPrincipal::~ContentPrincipal() {}
56
57
nsresult ContentPrincipal::Init(nsIURI* aURI,
58
const OriginAttributes& aOriginAttributes,
59
const nsACString& aOriginNoSuffix) {
60
NS_ENSURE_ARG(aURI);
61
62
// Assert that the URI we get here isn't any of the schemes that we know we
63
// should not get here. These schemes always either inherit their principal
64
// or fall back to a null principal. These are schemes which return
65
// URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
66
// GetProtocolFlags function.
67
bool hasFlag;
68
Unused << hasFlag; // silence possible compiler warnings.
69
MOZ_DIAGNOSTIC_ASSERT(
70
NS_SUCCEEDED(NS_URIChainHasFlags(
71
aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &hasFlag)) &&
72
!hasFlag);
73
74
mURI = aURI;
75
FinishInit(aOriginNoSuffix, aOriginAttributes);
76
77
return NS_OK;
78
}
79
80
nsresult ContentPrincipal::Init(ContentPrincipal* aOther,
81
const OriginAttributes& aOriginAttributes) {
82
NS_ENSURE_ARG(aOther);
83
84
mURI = aOther->mURI;
85
FinishInit(aOther, aOriginAttributes);
86
87
mDomain = aOther->mDomain;
88
mAddon = aOther->mAddon;
89
return NS_OK;
90
}
91
92
nsresult ContentPrincipal::GetScriptLocation(nsACString& aStr) {
93
return mURI->GetSpec(aStr);
94
}
95
96
/* static */
97
nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
98
nsIURI* aURI, nsACString& aOriginNoSuffix) {
99
if (!aURI) {
100
return NS_ERROR_FAILURE;
101
}
102
103
nsCOMPtr<nsIURI> origin = NS_GetInnermostURI(aURI);
104
if (!origin) {
105
return NS_ERROR_FAILURE;
106
}
107
108
MOZ_ASSERT(!NS_IsAboutBlank(origin),
109
"The inner URI for about:blank must be moz-safe-about:blank");
110
111
// Handle non-strict file:// uris.
112
if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
113
NS_URIIsLocalFile(origin)) {
114
// If strict file origin policy is not in effect, all local files are
115
// considered to be same-origin, so return a known dummy origin here.
116
aOriginNoSuffix.AssignLiteral("file://UNIVERSAL_FILE_URI_ORIGIN");
117
return NS_OK;
118
}
119
120
nsresult rv;
121
// NB: This is only compiled for Thunderbird/Suite.
122
#if IS_ORIGIN_IS_FULL_SPEC_DEFINED
123
bool fullSpec = false;
124
rv = NS_URIChainHasFlags(origin, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC,
125
&fullSpec);
126
NS_ENSURE_SUCCESS(rv, rv);
127
if (fullSpec) {
128
return origin->GetAsciiSpec(aOriginNoSuffix);
129
}
130
#endif
131
132
// We want the invariant that prinA.origin == prinB.origin i.f.f.
133
// prinA.equals(prinB). However, this requires that we impose certain
134
// constraints on the behavior and origin semantics of principals, and in
135
// particular, forbid creating origin strings for principals whose equality
136
// constraints are not expressible as strings (i.e. object equality).
137
// Moreover, we want to forbid URIs containing the magic "^" we use as a
138
// separating character for origin attributes.
139
//
140
// These constraints can generally be achieved by restricting .origin to
141
// nsIStandardURL-based URIs, but there are a few other URI schemes that we
142
// need to handle.
143
if (origin->SchemeIs("about") ||
144
(origin->SchemeIs("moz-safe-about") &&
145
// We generally consider two about:foo origins to be same-origin, but
146
// about:blank is special since it can be generated from different
147
// sources. We check for moz-safe-about:blank since origin is an
148
// innermost URI.
149
!StringBeginsWith(origin->GetSpecOrDefault(),
150
NS_LITERAL_CSTRING("moz-safe-about:blank")))) {
151
rv = origin->GetAsciiSpec(aOriginNoSuffix);
152
NS_ENSURE_SUCCESS(rv, rv);
153
154
int32_t pos = aOriginNoSuffix.FindChar('?');
155
int32_t hashPos = aOriginNoSuffix.FindChar('#');
156
157
if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
158
pos = hashPos;
159
}
160
161
if (pos != kNotFound) {
162
aOriginNoSuffix.Truncate(pos);
163
}
164
165
// These URIs could technically contain a '^', but they never should.
166
if (NS_WARN_IF(aOriginNoSuffix.FindChar('^', 0) != -1)) {
167
aOriginNoSuffix.Truncate();
168
return NS_ERROR_FAILURE;
169
}
170
return NS_OK;
171
}
172
173
// This URL can be a blobURL. In this case, we should use the 'parent'
174
// principal instead.
175
nsCOMPtr<nsIPrincipal> blobPrincipal;
176
if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
177
origin, getter_AddRefs(blobPrincipal))) {
178
MOZ_ASSERT(blobPrincipal);
179
return blobPrincipal->GetOriginNoSuffix(aOriginNoSuffix);
180
}
181
182
// If we reached this branch, we can only create an origin if we have a
183
// nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
184
// an instance of an nsIStandardURL nsIStandardURLs have the good property
185
// of escaping the '^' character in their specs, which means that we can be
186
// sure that the caret character (which is reserved for delimiting the end
187
// of the spec, and the beginning of the origin attributes) is not present
188
// in the origin string
189
nsCOMPtr<nsIStandardURL> standardURL = do_QueryInterface(origin);
190
if (!standardURL) {
191
return NS_ERROR_FAILURE;
192
}
193
194
// See whether we have a useful hostPort. If we do, use that.
195
nsAutoCString hostPort;
196
if (!origin->SchemeIs("chrome")) {
197
rv = origin->GetAsciiHostPort(hostPort);
198
NS_ENSURE_SUCCESS(rv, rv);
199
}
200
if (!hostPort.IsEmpty()) {
201
rv = origin->GetScheme(aOriginNoSuffix);
202
NS_ENSURE_SUCCESS(rv, rv);
203
aOriginNoSuffix.AppendLiteral("://");
204
aOriginNoSuffix.Append(hostPort);
205
return NS_OK;
206
}
207
208
rv = aURI->GetAsciiSpec(aOriginNoSuffix);
209
NS_ENSURE_SUCCESS(rv, rv);
210
211
// The origin, when taken from the spec, should not contain the ref part of
212
// the URL.
213
214
int32_t pos = aOriginNoSuffix.FindChar('?');
215
int32_t hashPos = aOriginNoSuffix.FindChar('#');
216
217
if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
218
pos = hashPos;
219
}
220
221
if (pos != kNotFound) {
222
aOriginNoSuffix.Truncate(pos);
223
}
224
225
return NS_OK;
226
}
227
228
bool ContentPrincipal::SubsumesInternal(
229
nsIPrincipal* aOther,
230
BasePrincipal::DocumentDomainConsideration aConsideration) {
231
MOZ_ASSERT(aOther);
232
233
// For ContentPrincipal, Subsumes is equivalent to Equals.
234
if (aOther == this) {
235
return true;
236
}
237
238
// If either the subject or the object has changed its principal by
239
// explicitly setting document.domain then the other must also have
240
// done so in order to be considered the same origin. This prevents
241
// DNS spoofing based on document.domain (154930)
242
nsresult rv;
243
if (aConsideration == ConsiderDocumentDomain) {
244
// Get .domain on each principal.
245
nsCOMPtr<nsIURI> thisDomain, otherDomain;
246
GetDomain(getter_AddRefs(thisDomain));
247
aOther->GetDomain(getter_AddRefs(otherDomain));
248
249
// If either has .domain set, we have equality i.f.f. the domains match.
250
// Otherwise, we fall through to the non-document-domain-considering case.
251
if (thisDomain || otherDomain) {
252
bool isMatch =
253
nsScriptSecurityManager::SecurityCompareURIs(thisDomain, otherDomain);
254
#ifdef DEBUG
255
if (isMatch) {
256
nsAutoCString thisSiteOrigin, otherSiteOrigin;
257
MOZ_ALWAYS_SUCCEEDS(GetSiteOrigin(thisSiteOrigin));
258
MOZ_ALWAYS_SUCCEEDS(aOther->GetSiteOrigin(otherSiteOrigin));
259
MOZ_ASSERT(
260
thisSiteOrigin == otherSiteOrigin,
261
"SubsumesConsideringDomain passed with mismatched siteOrigin!");
262
}
263
#endif
264
return isMatch;
265
}
266
}
267
268
// Compare uris.
269
bool isSameOrigin = false;
270
rv = aOther->IsSameOrigin(mURI, false, &isSameOrigin);
271
NS_ENSURE_SUCCESS(rv, false);
272
return isSameOrigin;
273
}
274
275
NS_IMETHODIMP
276
ContentPrincipal::GetURI(nsIURI** aURI) {
277
NS_ADDREF(*aURI = mURI);
278
return NS_OK;
279
}
280
281
bool ContentPrincipal::MayLoadInternal(nsIURI* aURI) {
282
MOZ_ASSERT(aURI);
283
284
#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
285
nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
286
do_QueryInterface(aURI);
287
if (uriWithSpecialOrigin) {
288
nsCOMPtr<nsIURI> origin;
289
nsresult rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
290
if (NS_WARN_IF(NS_FAILED(rv))) {
291
return false;
292
}
293
MOZ_ASSERT(origin);
294
OriginAttributes attrs;
295
RefPtr<BasePrincipal> principal =
296
BasePrincipal::CreateContentPrincipal(origin, attrs);
297
return nsIPrincipal::Subsumes(principal);
298
}
299
#endif
300
301
nsCOMPtr<nsIPrincipal> blobPrincipal;
302
if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
303
aURI, getter_AddRefs(blobPrincipal))) {
304
MOZ_ASSERT(blobPrincipal);
305
return nsIPrincipal::Subsumes(blobPrincipal);
306
}
307
308
// If this principal is associated with an addon, check whether that addon
309
// has been given permission to load from this domain.
310
if (AddonAllowsLoad(aURI)) {
311
return true;
312
}
313
314
if (nsScriptSecurityManager::SecurityCompareURIs(mURI, aURI)) {
315
return true;
316
}
317
318
// If strict file origin policy is in effect, local files will always fail
319
// SecurityCompareURIs unless they are identical. Explicitly check file origin
320
// policy, in that case.
321
if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
322
NS_URIIsLocalFile(aURI) && NS_RelaxStrictFileOriginPolicy(aURI, mURI)) {
323
return true;
324
}
325
326
return false;
327
}
328
329
uint32_t ContentPrincipal::GetHashValue() {
330
MOZ_ASSERT(mURI, "Need a principal URI");
331
332
nsCOMPtr<nsIURI> uri;
333
GetDomain(getter_AddRefs(uri));
334
if (!uri) {
335
GetURI(getter_AddRefs(uri));
336
};
337
return NS_SecurityHashURI(uri);
338
}
339
340
NS_IMETHODIMP
341
ContentPrincipal::GetDomain(nsIURI** aDomain) {
342
if (!mDomain) {
343
*aDomain = nullptr;
344
return NS_OK;
345
}
346
347
NS_ADDREF(*aDomain = mDomain);
348
return NS_OK;
349
}
350
351
NS_IMETHODIMP
352
ContentPrincipal::SetDomain(nsIURI* aDomain) {
353
MOZ_ASSERT(aDomain);
354
355
mDomain = aDomain;
356
SetHasExplicitDomain();
357
358
// Set the changed-document-domain flag on compartments containing realms
359
// using this principal.
360
auto cb = [](JSContext*, void*, JS::Handle<JS::Realm*> aRealm) {
361
JS::Compartment* comp = JS::GetCompartmentForRealm(aRealm);
362
xpc::SetCompartmentChangedDocumentDomain(comp);
363
};
364
JSPrincipals* principals =
365
nsJSPrincipals::get(static_cast<nsIPrincipal*>(this));
366
AutoSafeJSContext cx;
367
JS::IterateRealmsWithPrincipals(cx, principals, nullptr, cb);
368
369
return NS_OK;
370
}
371
372
static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aURI,
373
bool* aHandled, nsACString& aBaseDomain) {
374
*aHandled = false;
375
376
// Special handling for a file URI.
377
if (NS_URIIsLocalFile(aURI)) {
378
// If strict file origin policy is not in effect, all local files are
379
// considered to be same-origin, so return a known dummy domain here.
380
if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
381
*aHandled = true;
382
aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
383
return NS_OK;
384
}
385
386
// Otherwise, we return the file path.
387
nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
388
389
if (url) {
390
*aHandled = true;
391
return url->GetFilePath(aBaseDomain);
392
}
393
}
394
395
bool hasNoRelativeFlag;
396
nsresult rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_NORELATIVE,
397
&hasNoRelativeFlag);
398
if (NS_WARN_IF(NS_FAILED(rv))) {
399
return rv;
400
}
401
402
if (hasNoRelativeFlag) {
403
*aHandled = true;
404
return aURI->GetSpec(aBaseDomain);
405
}
406
407
if (aURI->SchemeIs("indexeddb")) {
408
*aHandled = true;
409
return aURI->GetSpec(aBaseDomain);
410
}
411
412
return NS_OK;
413
}
414
415
NS_IMETHODIMP
416
ContentPrincipal::GetBaseDomain(nsACString& aBaseDomain) {
417
// Handle some special URIs first.
418
bool handled;
419
nsresult rv = GetSpecialBaseDomain(mURI, &handled, aBaseDomain);
420
NS_ENSURE_SUCCESS(rv, rv);
421
422
if (handled) {
423
return NS_OK;
424
}
425
426
// For everything else, we ask the TLD service via the ThirdPartyUtil.
427
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
428
do_GetService(THIRDPARTYUTIL_CONTRACTID);
429
if (!thirdPartyUtil) {
430
return NS_ERROR_FAILURE;
431
}
432
433
return thirdPartyUtil->GetBaseDomain(mURI, aBaseDomain);
434
}
435
436
NS_IMETHODIMP
437
ContentPrincipal::GetSiteOrigin(nsACString& aSiteOrigin) {
438
// Handle some special URIs first.
439
nsAutoCString baseDomain;
440
bool handled;
441
nsresult rv = GetSpecialBaseDomain(mURI, &handled, baseDomain);
442
NS_ENSURE_SUCCESS(rv, rv);
443
444
if (handled) {
445
// This is a special URI ("file:", "about:", "view-source:", etc). Just
446
// return the origin.
447
return GetOrigin(aSiteOrigin);
448
}
449
450
// For everything else, we ask the TLD service. Note that, unlike in
451
// GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
452
// host is an IP address that returns the raw address and we can't use it with
453
// SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
454
// See bug 1491728.
455
nsCOMPtr<nsIEffectiveTLDService> tldService =
456
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
457
if (!tldService) {
458
return NS_ERROR_FAILURE;
459
}
460
461
bool gotBaseDomain = false;
462
rv = tldService->GetBaseDomain(mURI, 0, baseDomain);
463
if (NS_SUCCEEDED(rv)) {
464
gotBaseDomain = true;
465
} else {
466
// If this is an IP address or something like "localhost", we just continue
467
// with gotBaseDomain = false.
468
if (rv != NS_ERROR_HOST_IS_IP_ADDRESS &&
469
rv != NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
470
return rv;
471
}
472
}
473
474
// NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
475
// the port, so an extra `SetPort` call has to be made.
476
nsCOMPtr<nsIURI> siteUri;
477
NS_MutateURI mutator(mURI);
478
mutator.SetUserPass(EmptyCString()).SetPort(-1);
479
if (gotBaseDomain) {
480
mutator.SetHost(baseDomain);
481
}
482
rv = mutator.Finalize(siteUri);
483
MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteUri");
484
NS_ENSURE_SUCCESS(rv, rv);
485
486
rv = GenerateOriginNoSuffixFromURI(siteUri, aSiteOrigin);
487
MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteOriginNoSuffix");
488
NS_ENSURE_SUCCESS(rv, rv);
489
490
nsAutoCString suffix;
491
rv = GetOriginSuffix(suffix);
492
MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create suffix");
493
NS_ENSURE_SUCCESS(rv, rv);
494
495
aSiteOrigin.Append(suffix);
496
return NS_OK;
497
}
498
499
nsresult ContentPrincipal::GetSiteIdentifier(SiteIdentifier& aSite) {
500
nsCString siteOrigin;
501
nsresult rv = GetSiteOrigin(siteOrigin);
502
NS_ENSURE_SUCCESS(rv, rv);
503
504
RefPtr<BasePrincipal> principal = CreateContentPrincipal(siteOrigin);
505
if (!principal) {
506
NS_WARNING("could not instantiate content principal");
507
return NS_ERROR_FAILURE;
508
}
509
510
aSite.Init(principal);
511
return NS_OK;
512
}
513
514
WebExtensionPolicy* ContentPrincipal::AddonPolicy() {
515
if (!mAddon.isSome()) {
516
NS_ENSURE_TRUE(mURI, nullptr);
517
518
if (mURI->SchemeIs("moz-extension")) {
519
mAddon.emplace(EPS().GetByURL(mURI.get()));
520
} else {
521
mAddon.emplace(nullptr);
522
}
523
}
524
525
return mAddon.value();
526
}
527
528
NS_IMETHODIMP
529
ContentPrincipal::GetAddonId(nsAString& aAddonId) {
530
auto policy = AddonPolicy();
531
if (policy) {
532
policy->GetId(aAddonId);
533
} else {
534
aAddonId.Truncate();
535
}
536
return NS_OK;
537
}
538
539
NS_IMETHODIMP
540
ContentPrincipal::Read(nsIObjectInputStream* aStream) {
541
nsCOMPtr<nsISupports> supports;
542
nsCOMPtr<nsIURI> principalURI;
543
nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
544
if (NS_FAILED(rv)) {
545
return rv;
546
}
547
548
principalURI = do_QueryInterface(supports);
549
// Enforce re-parsing about: URIs so that if they change, we continue to use
550
// their new principals correctly.
551
if (principalURI->SchemeIs("about")) {
552
nsAutoCString spec;
553
principalURI->GetSpec(spec);
554
NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(principalURI), spec),
555
NS_ERROR_FAILURE);
556
}
557
558
nsCOMPtr<nsIURI> domain;
559
rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
560
if (NS_FAILED(rv)) {
561
return rv;
562
}
563
564
domain = do_QueryInterface(supports);
565
566
nsAutoCString suffix;
567
rv = aStream->ReadCString(suffix);
568
NS_ENSURE_SUCCESS(rv, rv);
569
570
OriginAttributes attrs;
571
bool ok = attrs.PopulateFromSuffix(suffix);
572
NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
573
574
// Since Bug 965637 we do not serialize the CSP within the
575
// Principal anymore. Nevertheless there might still be
576
// serialized Principals that do have a serialized CSP.
577
// For now, we just read the CSP here but do not actually
578
// consume it. Please note that we deliberately ignore
579
// the return value to avoid CSP deserialization problems.
580
// After Bug 1508939 we will have a new serialization for
581
// Principals which allows us to update the code here.
582
// Additionally, the format for serialized CSPs changed
583
// within Bug 965637 which also can cause failures within
584
// the CSP deserialization code.
585
Unused << NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
586
587
nsAutoCString originNoSuffix;
588
rv = GenerateOriginNoSuffixFromURI(principalURI, originNoSuffix);
589
NS_ENSURE_SUCCESS(rv, rv);
590
591
rv = Init(principalURI, attrs, originNoSuffix);
592
NS_ENSURE_SUCCESS(rv, rv);
593
594
// Note: we don't call SetDomain here because we don't need the wrapper
595
// recomputation code there (we just created this principal).
596
mDomain = domain;
597
if (mDomain) {
598
SetHasExplicitDomain();
599
}
600
601
return NS_OK;
602
}
603
604
NS_IMETHODIMP
605
ContentPrincipal::Write(nsIObjectOutputStream* aStream) {
606
// Read is used still for legacy principals
607
MOZ_RELEASE_ASSERT(false, "Old style serialization is removed");
608
return NS_OK;
609
}
610
611
nsresult ContentPrincipal::PopulateJSONObject(Json::Value& aObject) {
612
nsAutoCString principalURI;
613
nsresult rv = mURI->GetSpec(principalURI);
614
NS_ENSURE_SUCCESS(rv, rv);
615
616
// We turn each int enum field into a JSON string key of the object
617
// aObject is the inner JSON object that has stringified enum keys
618
// An example aObject might be:
619
//
620
// eURI eSuffix
621
// | |
622
// {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
623
// | | | |
624
// ----------------------------- |
625
// | | |
626
// Key ----------------------
627
// |
628
// Value
629
aObject[std::to_string(eURI)] = principalURI.get();
630
631
if (mDomain) {
632
nsAutoCString domainStr;
633
rv = mDomain->GetSpec(domainStr);
634
NS_ENSURE_SUCCESS(rv, rv);
635
aObject[std::to_string(eDomain)] = domainStr.get();
636
}
637
638
nsAutoCString suffix;
639
OriginAttributesRef().CreateSuffix(suffix);
640
if (suffix.Length() > 0) {
641
aObject[std::to_string(eSuffix)] = suffix.get();
642
}
643
644
return NS_OK;
645
}
646
647
already_AddRefed<BasePrincipal> ContentPrincipal::FromProperties(
648
nsTArray<ContentPrincipal::KeyVal>& aFields) {
649
MOZ_ASSERT(aFields.Length() == eMax + 1, "Must have all the keys");
650
nsresult rv;
651
nsCOMPtr<nsIURI> principalURI;
652
nsCOMPtr<nsIURI> domain;
653
nsCOMPtr<nsIContentSecurityPolicy> csp;
654
OriginAttributes attrs;
655
656
// The odd structure here is to make the code to not compile
657
// if all the switch enum cases haven't been codified
658
for (const auto& field : aFields) {
659
switch (field.key) {
660
case ContentPrincipal::eURI:
661
if (!field.valueWasSerialized) {
662
MOZ_ASSERT(
663
false,
664
"Content principals require a principal URI in serialized JSON");
665
return nullptr;
666
}
667
rv = NS_NewURI(getter_AddRefs(principalURI), field.value.get());
668
NS_ENSURE_SUCCESS(rv, nullptr);
669
670
{
671
// Enforce re-parsing about: URIs so that if they change, we
672
// continue to use their new principals correctly.
673
if (principalURI->SchemeIs("about")) {
674
nsAutoCString spec;
675
principalURI->GetSpec(spec);
676
if (NS_FAILED(NS_NewURI(getter_AddRefs(principalURI), spec))) {
677
return nullptr;
678
}
679
}
680
}
681
break;
682
case ContentPrincipal::eDomain:
683
if (field.valueWasSerialized) {
684
rv = NS_NewURI(getter_AddRefs(domain), field.value.get());
685
NS_ENSURE_SUCCESS(rv, nullptr);
686
}
687
break;
688
case ContentPrincipal::eSuffix:
689
if (field.valueWasSerialized) {
690
bool ok = attrs.PopulateFromSuffix(field.value);
691
if (!ok) {
692
return nullptr;
693
}
694
}
695
break;
696
}
697
}
698
nsAutoCString originNoSuffix;
699
rv = ContentPrincipal::GenerateOriginNoSuffixFromURI(principalURI,
700
originNoSuffix);
701
if (NS_FAILED(rv)) {
702
return nullptr;
703
}
704
705
RefPtr<ContentPrincipal> principal = new ContentPrincipal();
706
rv = principal->Init(principalURI, attrs, originNoSuffix);
707
if (NS_FAILED(rv)) {
708
return nullptr;
709
}
710
711
principal->mDomain = domain;
712
if (principal->mDomain) {
713
principal->SetHasExplicitDomain();
714
}
715
716
return principal.forget();
717
}