search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1822393 - set MOZ_UPDATE_CHANNEL for firefox-android builds. r=glandium,geckoview...
[gecko.git] / caps / ContentPrincipal.cpp
blob265d3ced2bee339821b8e52a4862c24272403a07
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "ContentPrincipal.h"
8
9 #include "mozIThirdPartyUtil.h"
10 #include "nsContentUtils.h"
11 #include "nscore.h"
12 #include "nsScriptSecurityManager.h"
13 #include "nsString.h"
14 #include "nsReadableUtils.h"
15 #include "pratom.h"
16 #include "nsIURI.h"
17 #include "nsIURL.h"
18 #include "nsIStandardURL.h"
19 #include "nsIURIWithSpecialOrigin.h"
20 #include "nsIURIMutator.h"
21 #include "nsJSPrincipals.h"
22 #include "nsIEffectiveTLDService.h"
23 #include "nsIClassInfoImpl.h"
24 #include "nsIObjectInputStream.h"
25 #include "nsIObjectOutputStream.h"
26 #include "nsIProtocolHandler.h"
27 #include "nsError.h"
28 #include "nsIContentSecurityPolicy.h"
29 #include "nsNetCID.h"
30 #include "js/RealmIterators.h"
31 #include "js/Wrapper.h"
32
33 #include "mozilla/dom/BlobURLProtocolHandler.h"
34 #include "mozilla/dom/ScriptSettings.h"
35 #include "mozilla/ClearOnShutdown.h"
36 #include "mozilla/ExtensionPolicyService.h"
37 #include "mozilla/Preferences.h"
38 #include "mozilla/HashFunctions.h"
39
40 #include "nsSerializationHelper.h"
41
42 #include "js/JSON.h"
43 #include "ContentPrincipalJSONHandler.h"
44
45 using namespace mozilla;
46
47 NS_IMPL_CLASSINFO(ContentPrincipal, nullptr, 0, NS_PRINCIPAL_CID)
48 NS_IMPL_QUERY_INTERFACE_CI(ContentPrincipal, nsIPrincipal)
49 NS_IMPL_CI_INTERFACE_GETTER(ContentPrincipal, nsIPrincipal)
50
51 ContentPrincipal::ContentPrincipal(nsIURI* aURI,
52 const OriginAttributes& aOriginAttributes,
53 const nsACString& aOriginNoSuffix,
54 nsIURI* aInitialDomain)
55 : BasePrincipal(eContentPrincipal, aOriginNoSuffix, aOriginAttributes),
56 mURI(aURI),
57 mDomain(aInitialDomain) {
58 if (mDomain) {
59 // We're just creating the principal, so no need to re-compute wrappers.
60 SetHasExplicitDomain();
61 }
62
63 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
64 // Assert that the URI we get here isn't any of the schemes that we know we
65 // should not get here. These schemes always either inherit their principal
66 // or fall back to a null principal. These are schemes which return
67 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
68 // GetProtocolFlags function.
69 bool hasFlag = false;
70 MOZ_DIAGNOSTIC_ASSERT(
71 NS_SUCCEEDED(NS_URIChainHasFlags(
72 aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &hasFlag)) &&
73 !hasFlag);
74 #endif
75 }
76
77 ContentPrincipal::ContentPrincipal(ContentPrincipal* aOther,
78 const OriginAttributes& aOriginAttributes)
79 : BasePrincipal(aOther, aOriginAttributes),
80 mURI(aOther->mURI),
81 mDomain(aOther->mDomain),
82 mAddon(aOther->mAddon) {}
83
84 ContentPrincipal::~ContentPrincipal() = default;
85
86 nsresult ContentPrincipal::GetScriptLocation(nsACString& aStr) {
87 return mURI->GetSpec(aStr);
88 }
89
90 /* static */
91 nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
92 nsIURI* aURI, nsACString& aOriginNoSuffix) {
93 if (!aURI) {
94 return NS_ERROR_FAILURE;
95 }
96
97 nsCOMPtr<nsIURI> origin = NS_GetInnermostURI(aURI);
98 if (!origin) {
99 return NS_ERROR_FAILURE;
100 }
101
102 MOZ_ASSERT(!NS_IsAboutBlank(origin),
103 "The inner URI for about:blank must be moz-safe-about:blank");
104
105 // Handle non-strict file:// uris.
106 if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
107 NS_URIIsLocalFile(origin)) {
108 // If strict file origin policy is not in effect, all local files are
109 // considered to be same-origin, so return a known dummy origin here.
110 aOriginNoSuffix.AssignLiteral("file://UNIVERSAL_FILE_URI_ORIGIN");
111 return NS_OK;
112 }
113
114 nsresult rv;
115 // NB: This is only compiled for Thunderbird/Suite.
116 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
117 bool fullSpec = false;
118 rv = NS_URIChainHasFlags(origin, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC,
119 &fullSpec);
120 NS_ENSURE_SUCCESS(rv, rv);
121 if (fullSpec) {
122 return origin->GetAsciiSpec(aOriginNoSuffix);
123 }
124 #endif
125
126 // We want the invariant that prinA.origin == prinB.origin i.f.f.
127 // prinA.equals(prinB). However, this requires that we impose certain
128 // constraints on the behavior and origin semantics of principals, and in
129 // particular, forbid creating origin strings for principals whose equality
130 // constraints are not expressible as strings (i.e. object equality).
131 // Moreover, we want to forbid URIs containing the magic "^" we use as a
132 // separating character for origin attributes.
133 //
134 // These constraints can generally be achieved by restricting .origin to
135 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
136 // need to handle.
137 if (origin->SchemeIs("about") ||
138 (origin->SchemeIs("moz-safe-about") &&
139 // We generally consider two about:foo origins to be same-origin, but
140 // about:blank is special since it can be generated from different
141 // sources. We check for moz-safe-about:blank since origin is an
142 // innermost URI.
143 !StringBeginsWith(origin->GetSpecOrDefault(),
144 "moz-safe-about:blank"_ns))) {
145 rv = origin->GetAsciiSpec(aOriginNoSuffix);
146 NS_ENSURE_SUCCESS(rv, rv);
147
148 int32_t pos = aOriginNoSuffix.FindChar('?');
149 int32_t hashPos = aOriginNoSuffix.FindChar('#');
150
151 if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
152 pos = hashPos;
153 }
154
155 if (pos != kNotFound) {
156 aOriginNoSuffix.Truncate(pos);
157 }
158
159 // These URIs could technically contain a '^', but they never should.
160 if (NS_WARN_IF(aOriginNoSuffix.FindChar('^', 0) != -1)) {
161 aOriginNoSuffix.Truncate();
162 return NS_ERROR_FAILURE;
163 }
164 return NS_OK;
165 }
166
167 // This URL can be a blobURL. In this case, we should use the 'parent'
168 // principal instead.
169 nsCOMPtr<nsIPrincipal> blobPrincipal;
170 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
171 origin, getter_AddRefs(blobPrincipal))) {
172 MOZ_ASSERT(blobPrincipal);
173 return blobPrincipal->GetOriginNoSuffix(aOriginNoSuffix);
174 }
175
176 // If we reached this branch, we can only create an origin if we have a
177 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
178 // an instance of an nsIStandardURL nsIStandardURLs have the good property
179 // of escaping the '^' character in their specs, which means that we can be
180 // sure that the caret character (which is reserved for delimiting the end
181 // of the spec, and the beginning of the origin attributes) is not present
182 // in the origin string
183 nsCOMPtr<nsIStandardURL> standardURL = do_QueryInterface(origin);
184 if (!standardURL) {
185 return NS_ERROR_FAILURE;
186 }
187
188 // See whether we have a useful hostPort. If we do, use that.
189 nsAutoCString hostPort;
190 if (!origin->SchemeIs("chrome")) {
191 rv = origin->GetAsciiHostPort(hostPort);
192 NS_ENSURE_SUCCESS(rv, rv);
193 }
194 if (!hostPort.IsEmpty()) {
195 rv = origin->GetScheme(aOriginNoSuffix);
196 NS_ENSURE_SUCCESS(rv, rv);
197 aOriginNoSuffix.AppendLiteral("://");
198 aOriginNoSuffix.Append(hostPort);
199 return NS_OK;
200 }
201
202 rv = aURI->GetAsciiSpec(aOriginNoSuffix);
203 NS_ENSURE_SUCCESS(rv, rv);
204
205 // The origin, when taken from the spec, should not contain the ref part of
206 // the URL.
207
208 int32_t pos = aOriginNoSuffix.FindChar('?');
209 int32_t hashPos = aOriginNoSuffix.FindChar('#');
210
211 if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
212 pos = hashPos;
213 }
214
215 if (pos != kNotFound) {
216 aOriginNoSuffix.Truncate(pos);
217 }
218
219 return NS_OK;
220 }
221
222 bool ContentPrincipal::SubsumesInternal(
223 nsIPrincipal* aOther,
224 BasePrincipal::DocumentDomainConsideration aConsideration) {
225 MOZ_ASSERT(aOther);
226
227 // For ContentPrincipal, Subsumes is equivalent to Equals.
228 if (aOther == this) {
229 return true;
230 }
231
232 // If either the subject or the object has changed its principal by
233 // explicitly setting document.domain then the other must also have
234 // done so in order to be considered the same origin. This prevents
235 // DNS spoofing based on document.domain (154930)
236 if (aConsideration == ConsiderDocumentDomain) {
237 // Get .domain on each principal.
238 nsCOMPtr<nsIURI> thisDomain, otherDomain;
239 GetDomain(getter_AddRefs(thisDomain));
240 aOther->GetDomain(getter_AddRefs(otherDomain));
241
242 // If either has .domain set, we have equality i.f.f. the domains match.
243 // Otherwise, we fall through to the non-document-domain-considering case.
244 if (thisDomain || otherDomain) {
245 bool isMatch =
246 nsScriptSecurityManager::SecurityCompareURIs(thisDomain, otherDomain);
247 #ifdef DEBUG
248 if (isMatch) {
249 nsAutoCString thisSiteOrigin, otherSiteOrigin;
250 MOZ_ALWAYS_SUCCEEDS(GetSiteOrigin(thisSiteOrigin));
251 MOZ_ALWAYS_SUCCEEDS(aOther->GetSiteOrigin(otherSiteOrigin));
252 MOZ_ASSERT(
253 thisSiteOrigin == otherSiteOrigin,
254 "SubsumesConsideringDomain passed with mismatched siteOrigin!");
255 }
256 #endif
257 return isMatch;
258 }
259 }
260
261 // Do a fast check (including origin attributes) or a slow uri comparison.
262 return FastEquals(aOther) || aOther->IsSameOrigin(mURI);
263 }
264
265 NS_IMETHODIMP
266 ContentPrincipal::GetURI(nsIURI** aURI) {
267 *aURI = do_AddRef(mURI).take();
268 return NS_OK;
269 }
270
271 bool ContentPrincipal::MayLoadInternal(nsIURI* aURI) {
272 MOZ_ASSERT(aURI);
273
274 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
275 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
276 do_QueryInterface(aURI);
277 if (uriWithSpecialOrigin) {
278 nsCOMPtr<nsIURI> origin;
279 nsresult rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
280 if (NS_WARN_IF(NS_FAILED(rv))) {
281 return false;
282 }
283 MOZ_ASSERT(origin);
284 OriginAttributes attrs;
285 RefPtr<BasePrincipal> principal =
286 BasePrincipal::CreateContentPrincipal(origin, attrs);
287 return nsIPrincipal::Subsumes(principal);
288 }
289 #endif
290
291 nsCOMPtr<nsIPrincipal> blobPrincipal;
292 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
293 aURI, getter_AddRefs(blobPrincipal))) {
294 MOZ_ASSERT(blobPrincipal);
295 return nsIPrincipal::Subsumes(blobPrincipal);
296 }
297
298 // If this principal is associated with an addon, check whether that addon
299 // has been given permission to load from this domain.
300 if (AddonAllowsLoad(aURI)) {
301 return true;
302 }
303
304 if (nsScriptSecurityManager::SecurityCompareURIs(mURI, aURI)) {
305 return true;
306 }
307
308 // If strict file origin policy is in effect, local files will always fail
309 // SecurityCompareURIs unless they are identical. Explicitly check file origin
310 // policy, in that case.
311 if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
312 NS_URIIsLocalFile(aURI) && NS_RelaxStrictFileOriginPolicy(aURI, mURI)) {
313 return true;
314 }
315
316 return false;
317 }
318
319 uint32_t ContentPrincipal::GetHashValue() {
320 MOZ_ASSERT(mURI, "Need a principal URI");
321
322 nsCOMPtr<nsIURI> uri;
323 GetDomain(getter_AddRefs(uri));
324 if (!uri) {
325 GetURI(getter_AddRefs(uri));
326 };
327 return NS_SecurityHashURI(uri);
328 }
329
330 NS_IMETHODIMP
331 ContentPrincipal::GetDomain(nsIURI** aDomain) {
332 if (!GetHasExplicitDomain()) {
333 *aDomain = nullptr;
334 return NS_OK;
335 }
336
337 mozilla::MutexAutoLock lock(mMutex);
338 NS_ADDREF(*aDomain = mDomain);
339 return NS_OK;
340 }
341
342 NS_IMETHODIMP
343 ContentPrincipal::SetDomain(nsIURI* aDomain) {
344 AssertIsOnMainThread();
345 MOZ_ASSERT(aDomain);
346
347 {
348 mozilla::MutexAutoLock lock(mMutex);
349 mDomain = aDomain;
350 SetHasExplicitDomain();
351 }
352
353 // Set the changed-document-domain flag on compartments containing realms
354 // using this principal.
355 auto cb = [](JSContext*, void*, JS::Realm* aRealm,
356 const JS::AutoRequireNoGC& nogc) {
357 JS::Compartment* comp = JS::GetCompartmentForRealm(aRealm);
358 xpc::SetCompartmentChangedDocumentDomain(comp);
359 };
360 JSPrincipals* principals =
361 nsJSPrincipals::get(static_cast<nsIPrincipal*>(this));
362
363 dom::AutoJSAPI jsapi;
364 jsapi.Init();
365 JS::IterateRealmsWithPrincipals(jsapi.cx(), principals, nullptr, cb);
366
367 return NS_OK;
368 }
369
370 static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aURI,
371 bool* aHandled, nsACString& aBaseDomain) {
372 *aHandled = false;
373
374 // Special handling for a file URI.
375 if (NS_URIIsLocalFile(aURI)) {
376 // If strict file origin policy is not in effect, all local files are
377 // considered to be same-origin, so return a known dummy domain here.
378 if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
379 *aHandled = true;
380 aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
381 return NS_OK;
382 }
383
384 // Otherwise, we return the file path.
385 nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
386
387 if (url) {
388 *aHandled = true;
389 return url->GetFilePath(aBaseDomain);
390 }
391 }
392
393 bool hasNoRelativeFlag;
394 nsresult rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_NORELATIVE,
395 &hasNoRelativeFlag);
396 if (NS_WARN_IF(NS_FAILED(rv))) {
397 return rv;
398 }
399
400 // In case of FTP we want to get base domain via TLD service even if FTP
401 // protocol handler is disabled and the scheme is handled by external protocol
402 // handler which returns URI_NORELATIVE flag.
403 if (hasNoRelativeFlag && !aURI->SchemeIs("ftp")) {
404 *aHandled = true;
405 return aURI->GetSpec(aBaseDomain);
406 }
407
408 if (aURI->SchemeIs("indexeddb")) {
409 *aHandled = true;
410 return aURI->GetSpec(aBaseDomain);
411 }
412
413 return NS_OK;
414 }
415
416 NS_IMETHODIMP
417 ContentPrincipal::GetBaseDomain(nsACString& aBaseDomain) {
418 // Handle some special URIs first.
419 bool handled;
420 nsresult rv = GetSpecialBaseDomain(mURI, &handled, aBaseDomain);
421 NS_ENSURE_SUCCESS(rv, rv);
422
423 if (handled) {
424 return NS_OK;
425 }
426
427 // For everything else, we ask the TLD service via the ThirdPartyUtil.
428 nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
429 do_GetService(THIRDPARTYUTIL_CONTRACTID);
430 if (!thirdPartyUtil) {
431 return NS_ERROR_FAILURE;
432 }
433
434 return thirdPartyUtil->GetBaseDomain(mURI, aBaseDomain);
435 }
436
437 NS_IMETHODIMP
438 ContentPrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) {
439 nsresult rv = GetOriginNoSuffix(aSiteOrigin);
440 NS_ENSURE_SUCCESS(rv, rv);
441
442 // It is possible for two principals with the same origin to have different
443 // mURI values. In order to ensure that two principals with matching origins
444 // also have matching siteOrigins, we derive the siteOrigin entirely from the
445 // origin string and do not rely on mURI at all here.
446 nsCOMPtr<nsIURI> origin;
447 rv = NS_NewURI(getter_AddRefs(origin), aSiteOrigin);
448 if (NS_FAILED(rv)) {
449 // We got an error parsing the origin as a URI? siteOrigin == origin
450 // aSiteOrigin was already filled with `OriginNoSuffix`
451 return rv;
452 }
453
454 // Handle some special URIs first.
455 nsAutoCString baseDomain;
456 bool handled;
457 rv = GetSpecialBaseDomain(origin, &handled, baseDomain);
458 NS_ENSURE_SUCCESS(rv, rv);
459
460 if (handled) {
461 // This is a special URI ("file:", "about:", "view-source:", etc). Just
462 // return the origin.
463 return NS_OK;
464 }
465
466 // For everything else, we ask the TLD service. Note that, unlike in
467 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
468 // host is an IP address that returns the raw address and we can't use it with
469 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
470 // See bug 1491728.
471 nsCOMPtr<nsIEffectiveTLDService> tldService =
472 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
473 if (!tldService) {
474 return NS_ERROR_FAILURE;
475 }
476
477 bool gotBaseDomain = false;
478 rv = tldService->GetBaseDomain(origin, 0, baseDomain);
479 if (NS_SUCCEEDED(rv)) {
480 gotBaseDomain = true;
481 } else {
482 // If this is an IP address or something like "localhost", we just continue
483 // with gotBaseDomain = false.
484 if (rv != NS_ERROR_HOST_IS_IP_ADDRESS &&
485 rv != NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS &&
486 rv != NS_ERROR_INVALID_ARG) {
487 return rv;
488 }
489 }
490
491 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
492 // the port, so an extra `SetPort` call has to be made.
493 nsCOMPtr<nsIURI> siteUri;
494 NS_MutateURI mutator(origin);
495 mutator.SetUserPass(""_ns).SetPort(-1);
496 if (gotBaseDomain) {
497 mutator.SetHost(baseDomain);
498 }
499 rv = mutator.Finalize(siteUri);
500 MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteUri");
501 NS_ENSURE_SUCCESS(rv, rv);
502
503 aSiteOrigin.Truncate();
504 rv = GenerateOriginNoSuffixFromURI(siteUri, aSiteOrigin);
505 MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteOriginNoSuffix");
506 return rv;
507 }
508
509 nsresult ContentPrincipal::GetSiteIdentifier(SiteIdentifier& aSite) {
510 nsCString siteOrigin;
511 nsresult rv = GetSiteOrigin(siteOrigin);
512 NS_ENSURE_SUCCESS(rv, rv);
513
514 RefPtr<BasePrincipal> principal = CreateContentPrincipal(siteOrigin);
515 if (!principal) {
516 NS_WARNING("could not instantiate content principal");
517 return NS_ERROR_FAILURE;
518 }
519
520 aSite.Init(principal);
521 return NS_OK;
522 }
523
524 RefPtr<extensions::WebExtensionPolicyCore> ContentPrincipal::AddonPolicyCore() {
525 mozilla::MutexAutoLock lock(mMutex);
526 if (!mAddon.isSome()) {
527 NS_ENSURE_TRUE(mURI, nullptr);
528
529 RefPtr<extensions::WebExtensionPolicyCore> core;
530 if (mURI->SchemeIs("moz-extension")) {
531 nsCString host;
532 NS_ENSURE_SUCCESS(mURI->GetHost(host), nullptr);
533 core = ExtensionPolicyService::GetCoreByHost(host);
534 }
535
536 mAddon.emplace(core);
537 }
538 return *mAddon;
539 }
540
541 NS_IMETHODIMP
542 ContentPrincipal::GetAddonId(nsAString& aAddonId) {
543 if (RefPtr<extensions::WebExtensionPolicyCore> policy = AddonPolicyCore()) {
544 policy->Id()->ToString(aAddonId);
545 } else {
546 aAddonId.Truncate();
547 }
548 return NS_OK;
549 }
550
551 NS_IMETHODIMP
552 ContentPrincipal::Deserializer::Read(nsIObjectInputStream* aStream) {
553 MOZ_ASSERT(!mPrincipal);
554
555 nsCOMPtr<nsISupports> supports;
556 nsCOMPtr<nsIURI> principalURI;
557 nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
558 if (NS_FAILED(rv)) {
559 return rv;
560 }
561
562 principalURI = do_QueryInterface(supports);
563 // Enforce re-parsing about: URIs so that if they change, we continue to use
564 // their new principals correctly.
565 if (principalURI->SchemeIs("about")) {
566 nsAutoCString spec;
567 principalURI->GetSpec(spec);
568 NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(principalURI), spec),
569 NS_ERROR_FAILURE);
570 }
571
572 nsCOMPtr<nsIURI> domain;
573 rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
574 if (NS_FAILED(rv)) {
575 return rv;
576 }
577
578 domain = do_QueryInterface(supports);
579
580 nsAutoCString suffix;
581 rv = aStream->ReadCString(suffix);
582 NS_ENSURE_SUCCESS(rv, rv);
583
584 OriginAttributes attrs;
585 bool ok = attrs.PopulateFromSuffix(suffix);
586 NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
587
588 // Since Bug 965637 we do not serialize the CSP within the
589 // Principal anymore. Nevertheless there might still be
590 // serialized Principals that do have a serialized CSP.
591 // For now, we just read the CSP here but do not actually
592 // consume it. Please note that we deliberately ignore
593 // the return value to avoid CSP deserialization problems.
594 // After Bug 1508939 we will have a new serialization for
595 // Principals which allows us to update the code here.
596 // Additionally, the format for serialized CSPs changed
597 // within Bug 965637 which also can cause failures within
598 // the CSP deserialization code.
599 Unused << NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
600
601 nsAutoCString originNoSuffix;
602 rv = GenerateOriginNoSuffixFromURI(principalURI, originNoSuffix);
603 NS_ENSURE_SUCCESS(rv, rv);
604
605 mPrincipal =
606 new ContentPrincipal(principalURI, attrs, originNoSuffix, domain);
607 return NS_OK;
608 }
609
610 nsresult ContentPrincipal::WriteJSONInnerProperties(JSONWriter& aWriter) {
611 nsAutoCString principalURI;
612 nsresult rv = mURI->GetSpec(principalURI);
613 NS_ENSURE_SUCCESS(rv, rv);
614
615 // We turn each int enum field into a JSON string key of the object, aWriter
616 // is set up to be inside of the inner object that has stringified enum keys
617 // An example inner object might be:
618 //
619 // eURI eSuffix
620 // | |
621 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
622 // | | | |
623 // ----------------------------- |
624 // | | |
625 // Key ----------------------
626 // |
627 // Value
628 WriteJSONProperty<eURI>(aWriter, principalURI);
629
630 if (GetHasExplicitDomain()) {
631 nsAutoCString domainStr;
632 {
633 MutexAutoLock lock(mMutex);
634 rv = mDomain->GetSpec(domainStr);
635 NS_ENSURE_SUCCESS(rv, rv);
636 }
637 WriteJSONProperty<eDomain>(aWriter, domainStr);
638 }
639
640 nsAutoCString suffix;
641 OriginAttributesRef().CreateSuffix(suffix);
642 if (suffix.Length() > 0) {
643 WriteJSONProperty<eSuffix>(aWriter, suffix);
644 }
645
646 return NS_OK;
647 }
648
649 bool ContentPrincipalJSONHandler::startObject() {
650 switch (mState) {
651 case State::Init:
652 mState = State::StartObject;
653 break;
654 default:
655 NS_WARNING("Unexpected object value");
656 mState = State::Error;
657 return false;
658 }
659
660 return true;
661 }
662
663 bool ContentPrincipalJSONHandler::propertyName(const JS::Latin1Char* name,
664 size_t length) {
665 switch (mState) {
666 case State::StartObject:
667 case State::AfterPropertyValue: {
668 if (length != 1) {
669 NS_WARNING(
670 nsPrintfCString("Unexpected property name length: %zu", length)
671 .get());
672 mState = State::Error;
673 return false;
674 }
675
676 char key = char(name[0]);
677 switch (key) {
678 case ContentPrincipal::URIKey:
679 mState = State::URIKey;
680 break;
681 case ContentPrincipal::DomainKey:
682 mState = State::DomainKey;
683 break;
684 case ContentPrincipal::SuffixKey:
685 mState = State::SuffixKey;
686 break;
687 default:
688 NS_WARNING(
689 nsPrintfCString("Unexpected property name: '%c'", key).get());
690 mState = State::Error;
691 return false;
692 }
693 break;
694 }
695 default:
696 NS_WARNING("Unexpected property name");
697 mState = State::Error;
698 return false;
699 }
700
701 return true;
702 }
703
704 bool ContentPrincipalJSONHandler::endObject() {
705 switch (mState) {
706 case State::AfterPropertyValue: {
707 MOZ_ASSERT(mPrincipalURI);
708 // NOTE: mDomain is optional.
709
710 nsAutoCString originNoSuffix;
711 nsresult rv = ContentPrincipal::GenerateOriginNoSuffixFromURI(
712 mPrincipalURI, originNoSuffix);
713 if (NS_FAILED(rv)) {
714 mState = State::Error;
715 return false;
716 }
717
718 mPrincipal =
719 new ContentPrincipal(mPrincipalURI, mAttrs, originNoSuffix, mDomain);
720 MOZ_ASSERT(mPrincipal);
721
722 mState = State::EndObject;
723 break;
724 }
725 default:
726 NS_WARNING("Unexpected end of object");
727 mState = State::Error;
728 return false;
729 }
730
731 return true;
732 }
733
734 bool ContentPrincipalJSONHandler::stringValue(const JS::Latin1Char* str,
735 size_t length) {
736 switch (mState) {
737 case State::URIKey: {
738 nsDependentCSubstring spec(reinterpret_cast<const char*>(str), length);
739
740 nsresult rv = NS_NewURI(getter_AddRefs(mPrincipalURI), spec);
741 if (NS_FAILED(rv)) {
742 mState = State::Error;
743 return false;
744 }
745
746 {
747 // Enforce re-parsing about: URIs so that if they change, we
748 // continue to use their new principals correctly.
749 if (mPrincipalURI->SchemeIs("about")) {
750 nsAutoCString spec;
751 mPrincipalURI->GetSpec(spec);
752 rv = NS_NewURI(getter_AddRefs(mPrincipalURI), spec);
753 if (NS_FAILED(rv)) {
754 mState = State::Error;
755 return false;
756 }
757 }
758 }
759
760 mState = State::AfterPropertyValue;
761 break;
762 }
763 case State::DomainKey: {
764 nsDependentCSubstring spec(reinterpret_cast<const char*>(str), length);
765
766 nsresult rv = NS_NewURI(getter_AddRefs(mDomain), spec);
767 if (NS_FAILED(rv)) {
768 mState = State::Error;
769 return false;
770 }
771
772 mState = State::AfterPropertyValue;
773 break;
774 }
775 case State::SuffixKey: {
776 nsDependentCSubstring attrs(reinterpret_cast<const char*>(str), length);
777 if (!mAttrs.PopulateFromSuffix(attrs)) {
778 mState = State::Error;
779 return false;
780 }
781
782 mState = State::AfterPropertyValue;
783 break;
784 }
785 default:
786 NS_WARNING("Unexpected string value");
787 mState = State::Error;
788 return false;
789 }
790
791 return true;
792 }