mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 789224 - Separate certificate principals out from CAPS. r=dveditz
There's no longer any reason why "certificate principals" need to be principals at all. I tried to rip them out entirely, but it looks like they're still used vestigially at XPI install time to display author information. But there's no reason that they have to be porkbarreled into the security-critical objects that we pass around all over the place. So let's make them their own deal. I was tempted to call them "certificate holders", but that would involve renaming methods and cause more compat fuss than necessary. --HG-- rename : caps/idl/nsISignatureVerifier.idl => security/manager/ssl/public/nsISignatureVerifier.idl
This commit is contained in:
parent
66202aeb25
commit
dc33cae831
@ -16,7 +16,6 @@ GRE_MODULE = 1
|
||||
XPIDLSRCS = \
|
||||
nsIScriptSecurityManager.idl \
|
||||
nsIPrincipal.idl \
|
||||
nsISignatureVerifier.idl \
|
||||
nsISecurityCheckedComponent.idl \
|
||||
$(NULL)
|
||||
|
||||
|
@ -26,8 +26,8 @@ interface nsIPrincipal : nsISerializable
|
||||
{
|
||||
/**
|
||||
* Returns whether the other principal is equivalent to this principal.
|
||||
* Principals are considered equal if they are the same principal,
|
||||
* they have the same origin, or have the same certificate fingerprint ID
|
||||
* Principals are considered equal if they are the same principal, or
|
||||
* they have the same origin.
|
||||
*/
|
||||
boolean equals(in nsIPrincipal other);
|
||||
|
||||
@ -78,34 +78,10 @@ interface nsIPrincipal : nsISerializable
|
||||
// with a chrome URI. All of chrome should probably be the same.
|
||||
readonly attribute string origin;
|
||||
|
||||
/**
|
||||
* Whether this principal is associated with a certificate.
|
||||
*/
|
||||
readonly attribute boolean hasCertificate;
|
||||
|
||||
/**
|
||||
* The fingerprint ID of this principal's certificate.
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
// XXXcaa kaie says this may not be unique. We should probably
|
||||
// consider using something else for this....
|
||||
readonly attribute AUTF8String fingerprint;
|
||||
|
||||
/**
|
||||
* The pretty name for the certificate. This sort of (but not really)
|
||||
* identifies the subject of the certificate (the entity that stands behind
|
||||
* the certificate). Note that this may be empty; prefer to get the
|
||||
* certificate itself and get this information from it, since that may
|
||||
* provide more information.
|
||||
*
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
readonly attribute AUTF8String prettyName;
|
||||
|
||||
/**
|
||||
* Returns whether the other principal is equal to or weaker than this
|
||||
* principal. Principals are equal if they are the same object, they
|
||||
* have the same origin, or they have the same certificate ID.
|
||||
* principal. Principals are equal if they are the same object or they
|
||||
* have the same origin.
|
||||
*
|
||||
* Thus a principal always subsumes itself.
|
||||
*
|
||||
@ -115,18 +91,6 @@ interface nsIPrincipal : nsISerializable
|
||||
* privileged, security context) is not equal to any other principal
|
||||
* (including other null principals), and therefore does not subsume
|
||||
* anything but itself.
|
||||
*
|
||||
* Both codebase and certificate principals are subsumed by the system
|
||||
* principal, but no codebase or certificate principal yet subsumes any
|
||||
* other codebase or certificate principal. This may change in a future
|
||||
* release; note that nsIPrincipal is unfrozen, not slated to be frozen.
|
||||
*
|
||||
* XXXbz except see bug 147145!
|
||||
*
|
||||
* Note for the future: Perhaps we should consider a certificate principal
|
||||
* for a given URI subsuming a codebase principal for the same URI? Not
|
||||
* sure what the immediate benefit would be, but I think the setup could
|
||||
* make some code (e.g. MaybeDowngradeToCodebase) clearer.
|
||||
*/
|
||||
boolean subsumes(in nsIPrincipal other);
|
||||
|
||||
@ -169,23 +133,6 @@ interface nsIPrincipal : nsISerializable
|
||||
void checkMayLoad(in nsIURI uri, in boolean report,
|
||||
in boolean allowIfInheritsPrincipal);
|
||||
|
||||
/**
|
||||
* The subject name for the certificate. This actually identifies the
|
||||
* subject of the certificate. This may well not be a string that would
|
||||
* mean much to a typical user on its own (e.g. it may have a number of
|
||||
* different names all concatenated together with some information on what
|
||||
* they mean in between).
|
||||
*
|
||||
* Throws if there is no certificate associated with this principal.
|
||||
*/
|
||||
readonly attribute AUTF8String subjectName;
|
||||
|
||||
/**
|
||||
* The certificate associated with this principal, if any. If there isn't
|
||||
* one, this will return null. Getting this attribute never throws.
|
||||
*/
|
||||
readonly attribute nsISupports certificate;
|
||||
|
||||
/**
|
||||
* A Content Security Policy associated with this principal.
|
||||
*/
|
||||
|
@ -135,21 +135,6 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
||||
*/
|
||||
nsIPrincipal getSystemPrincipal();
|
||||
|
||||
/**
|
||||
* Return a principal with the specified certificate fingerprint, subject
|
||||
* name (the full name or concatenated set of names of the entity
|
||||
* represented by the certificate), pretty name, certificate, and
|
||||
* codebase URI. The certificate fingerprint and subject name MUST be
|
||||
* nonempty; otherwise an error will be thrown. Similarly, aCert must
|
||||
* not be null.
|
||||
*/
|
||||
[noscript] nsIPrincipal
|
||||
getCertificatePrincipal(in AUTF8String aCertFingerprint,
|
||||
in AUTF8String aSubjectName,
|
||||
in AUTF8String aPrettyName,
|
||||
in nsISupports aCert,
|
||||
in nsIURI aURI);
|
||||
|
||||
/**
|
||||
* Return a principal that has the same origin as aURI.
|
||||
* This principals should not be used for any data/permission check, it will
|
||||
|
@ -34,62 +34,18 @@ public:
|
||||
NS_IMETHOD_(nsrefcnt) Release(void);
|
||||
NS_IMETHOD GetSecurityPolicy(void** aSecurityPolicy);
|
||||
NS_IMETHOD SetSecurityPolicy(void* aSecurityPolicy);
|
||||
NS_IMETHOD GetHasCertificate(bool* aHasCertificate);
|
||||
NS_IMETHOD GetFingerprint(nsACString& aFingerprint);
|
||||
NS_IMETHOD GetPrettyName(nsACString& aPrettyName);
|
||||
NS_IMETHOD GetSubjectName(nsACString& aSubjectName);
|
||||
NS_IMETHOD GetCertificate(nsISupports** aCertificate);
|
||||
NS_IMETHOD GetCsp(nsIContentSecurityPolicy** aCsp);
|
||||
NS_IMETHOD SetCsp(nsIContentSecurityPolicy* aCsp);
|
||||
public:
|
||||
|
||||
// Call this to ensure that this principal has a subject name, a pretty name,
|
||||
// and a cert pointer. This method will throw if there is already a
|
||||
// different subject name or if this principal has no certificate.
|
||||
nsresult EnsureCertData(const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert);
|
||||
|
||||
static const char sInvalid[];
|
||||
|
||||
protected:
|
||||
|
||||
// XXXcaa This is a semi-hack. The best solution here is to keep
|
||||
// a reference to an interface here, except there is no interface
|
||||
// that we can use yet.
|
||||
struct Certificate
|
||||
{
|
||||
Certificate(const nsACString& aFingerprint, const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName, nsISupports* aCert)
|
||||
: fingerprint(aFingerprint),
|
||||
subjectName(aSubjectName),
|
||||
prettyName(aPrettyName),
|
||||
cert(aCert)
|
||||
{
|
||||
}
|
||||
nsCString fingerprint;
|
||||
nsCString subjectName;
|
||||
nsCString prettyName;
|
||||
nsCOMPtr<nsISupports> cert;
|
||||
};
|
||||
|
||||
nsresult SetCertificate(const nsACString& aFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert);
|
||||
|
||||
// Checks whether this principal's certificate equals aOther's.
|
||||
bool CertificateEquals(nsIPrincipal *aOther);
|
||||
|
||||
#ifdef DEBUG
|
||||
virtual void dumpImpl() = 0;
|
||||
#endif
|
||||
|
||||
// Keep this is a pointer, even though it may slightly increase the
|
||||
// cost of keeping a certificate, this is a good tradeoff though since
|
||||
// it is very rare that we actually have a certificate.
|
||||
nsAutoPtr<Certificate> mCert;
|
||||
|
||||
DomainPolicy* mSecurityPolicy;
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> mCSP;
|
||||
@ -122,11 +78,7 @@ public:
|
||||
nsPrincipal();
|
||||
|
||||
// Init() must be called before the principal is in a usable state.
|
||||
nsresult Init(const nsACString& aCertFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert,
|
||||
nsIURI* aCodebase,
|
||||
nsresult Init(nsIURI* aCodebase,
|
||||
uint32_t aAppId,
|
||||
bool aInMozBrowser);
|
||||
|
||||
|
@ -443,18 +443,6 @@ private:
|
||||
CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId, bool aInMozBrowser,
|
||||
nsIPrincipal** result);
|
||||
|
||||
// This is just like the API method, but it doesn't check that the subject
|
||||
// name is non-empty or aCertificate is non-null, and it doesn't change the
|
||||
// certificate in the table (if any) in any way if aModifyTable is false.
|
||||
nsresult
|
||||
DoGetCertificatePrincipal(const nsACString& aCertFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCertificate,
|
||||
nsIURI* aURI,
|
||||
bool aModifyTable,
|
||||
nsIPrincipal **result);
|
||||
|
||||
// Returns null if a principal cannot be found. Note that rv can be NS_OK
|
||||
// when this happens -- this means that there was no script for the
|
||||
// context. Callers MUST pass in a non-null rv here.
|
||||
@ -557,7 +545,6 @@ private:
|
||||
nsObjectHashtable* mCapabilities;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
|
||||
nsCOMPtr<nsIPrincipal> mSystemCertificate;
|
||||
bool mPrefInitialized;
|
||||
bool mIsJavaScriptEnabled;
|
||||
bool mIsWritingPrefs;
|
||||
|
@ -212,25 +212,6 @@ nsNullPrincipal::GetOrigin(char** aOrigin)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetHasCertificate(bool* aResult)
|
||||
{
|
||||
*aResult = false;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetFingerprint(nsACString& aID)
|
||||
{
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetPrettyName(nsACString& aName)
|
||||
{
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::Subsumes(nsIPrincipal *aOther, bool *aResult)
|
||||
{
|
||||
@ -276,19 +257,6 @@ nsNullPrincipal::CheckMayLoad(nsIURI* aURI, bool aReport, bool aAllowIfInheritsP
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetSubjectName(nsACString& aName)
|
||||
{
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetCertificate(nsISupports** aCertificate)
|
||||
{
|
||||
*aCertificate = nullptr;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetExtendedOrigin(nsACString& aExtendedOrigin)
|
||||
{
|
||||
|
@ -116,105 +116,6 @@ nsBasePrincipal::SetSecurityPolicy(void* aSecurityPolicy)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
bool
|
||||
nsBasePrincipal::CertificateEquals(nsIPrincipal *aOther)
|
||||
{
|
||||
bool otherHasCert;
|
||||
aOther->GetHasCertificate(&otherHasCert);
|
||||
if (otherHasCert != (mCert != nullptr)) {
|
||||
// One has a cert while the other doesn't. Not equal.
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!mCert)
|
||||
return true;
|
||||
|
||||
nsAutoCString str;
|
||||
aOther->GetFingerprint(str);
|
||||
if (!str.Equals(mCert->fingerprint))
|
||||
return false;
|
||||
|
||||
// If either subject name is empty, just let the result stand, but if they're
|
||||
// both non-empty, only claim equality if they're equal.
|
||||
if (!mCert->subjectName.IsEmpty()) {
|
||||
// Check the other principal's subject name
|
||||
aOther->GetSubjectName(str);
|
||||
return str.Equals(mCert->subjectName) || str.IsEmpty();
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetHasCertificate(bool* aResult)
|
||||
{
|
||||
*aResult = (mCert != nullptr);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsBasePrincipal::SetCertificate(const nsACString& aFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert)
|
||||
{
|
||||
NS_ENSURE_STATE(!mCert);
|
||||
|
||||
if (aFingerprint.IsEmpty()) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
mCert = new Certificate(aFingerprint, aSubjectName, aPrettyName, aCert);
|
||||
if (!mCert) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetFingerprint(nsACString& aFingerprint)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert);
|
||||
|
||||
aFingerprint = mCert->fingerprint;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetPrettyName(nsACString& aName)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert);
|
||||
|
||||
aName = mCert->prettyName;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetSubjectName(nsACString& aName)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert);
|
||||
|
||||
aName = mCert->subjectName;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetCertificate(nsISupports** aCertificate)
|
||||
{
|
||||
if (mCert) {
|
||||
NS_IF_ADDREF(*aCertificate = mCert->cert);
|
||||
}
|
||||
else {
|
||||
*aCertificate = nullptr;
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsBasePrincipal::GetCsp(nsIContentSecurityPolicy** aCsp)
|
||||
{
|
||||
@ -234,24 +135,6 @@ nsBasePrincipal::SetCsp(nsIContentSecurityPolicy* aCsp)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsBasePrincipal::EnsureCertData(const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert);
|
||||
|
||||
if (!mCert->subjectName.IsEmpty() &&
|
||||
!mCert->subjectName.Equals(aSubjectName)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
mCert->subjectName = aSubjectName;
|
||||
mCert->prettyName = aPrettyName;
|
||||
mCert->cert = aCert;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
void nsPrincipal::dumpImpl()
|
||||
{
|
||||
@ -284,16 +167,12 @@ nsPrincipal::~nsPrincipal()
|
||||
{ }
|
||||
|
||||
nsresult
|
||||
nsPrincipal::Init(const nsACString& aCertFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert,
|
||||
nsIURI *aCodebase,
|
||||
nsPrincipal::Init(nsIURI *aCodebase,
|
||||
uint32_t aAppId,
|
||||
bool aInMozBrowser)
|
||||
{
|
||||
NS_ENSURE_STATE(!mInitialized);
|
||||
NS_ENSURE_ARG(!aCertFingerprint.IsEmpty() || aCodebase); // better have one of these.
|
||||
NS_ENSURE_ARG(aCodebase);
|
||||
|
||||
mInitialized = true;
|
||||
|
||||
@ -303,20 +182,13 @@ nsPrincipal::Init(const nsACString& aCertFingerprint,
|
||||
mAppId = aAppId;
|
||||
mInMozBrowser = aInMozBrowser;
|
||||
|
||||
if (aCertFingerprint.IsEmpty())
|
||||
return NS_OK;
|
||||
|
||||
return SetCertificate(aCertFingerprint, aSubjectName, aPrettyName, aCert);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void
|
||||
nsPrincipal::GetScriptLocation(nsACString &aStr)
|
||||
{
|
||||
if (mCert) {
|
||||
aStr.Assign(mCert->fingerprint);
|
||||
} else {
|
||||
mCodebase->GetSpec(aStr);
|
||||
}
|
||||
mCodebase->GetSpec(aStr);
|
||||
}
|
||||
|
||||
/* static */ nsresult
|
||||
@ -398,29 +270,6 @@ nsPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
|
||||
}
|
||||
|
||||
if (this != aOther) {
|
||||
if (!CertificateEquals(aOther)) {
|
||||
*aResult = false;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (mCert) {
|
||||
// If either principal has no URI, it's the saved principal from
|
||||
// preferences; in that case, test true. Do NOT test true if the two
|
||||
// principals have URIs with different codebases.
|
||||
nsCOMPtr<nsIURI> otherURI;
|
||||
nsresult rv = aOther->GetURI(getter_AddRefs(otherURI));
|
||||
if (NS_FAILED(rv)) {
|
||||
*aResult = false;
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (!otherURI || !mCodebase) {
|
||||
*aResult = true;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// Fall through to the codebase comparison.
|
||||
}
|
||||
|
||||
// Codebases are equal if they have the same origin.
|
||||
*aResult =
|
||||
@ -442,9 +291,6 @@ nsPrincipal::EqualsIgnoringDomain(nsIPrincipal *aOther, bool *aResult)
|
||||
}
|
||||
|
||||
*aResult = false;
|
||||
if (!CertificateEquals(aOther)) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> otherURI;
|
||||
nsresult rv = aOther->GetURI(getter_AddRefs(otherURI));
|
||||
@ -604,16 +450,9 @@ nsPrincipal::SetURI(nsIURI* aURI)
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::GetHashValue(uint32_t* aValue)
|
||||
{
|
||||
NS_PRECONDITION(mCert || mCodebase, "Need a cert or codebase");
|
||||
|
||||
// If there is a certificate, it takes precendence over the codebase.
|
||||
if (mCert) {
|
||||
*aValue = HashString(mCert->fingerprint);
|
||||
}
|
||||
else {
|
||||
*aValue = nsScriptSecurityManager::HashPrincipalByOrigin(this);
|
||||
}
|
||||
NS_PRECONDITION(mCodebase, "Need a codebase");
|
||||
|
||||
*aValue = nsScriptSecurityManager::HashPrincipalByOrigin(this);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -705,40 +544,8 @@ nsPrincipal::GetUnknownAppId(bool* aUnknownAppId)
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::Read(nsIObjectInputStream* aStream)
|
||||
{
|
||||
bool haveCert;
|
||||
nsresult rv = aStream->ReadBoolean(&haveCert);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCString fingerprint;
|
||||
nsCString subjectName;
|
||||
nsCString prettyName;
|
||||
nsCOMPtr<nsISupports> cert;
|
||||
if (haveCert) {
|
||||
rv = NS_ReadOptionalCString(aStream, fingerprint);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = NS_ReadOptionalCString(aStream, subjectName);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = NS_ReadOptionalCString(aStream, prettyName);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->ReadObject(true, getter_AddRefs(cert));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> codebase;
|
||||
rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(codebase));
|
||||
nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(codebase));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@ -757,7 +564,7 @@ nsPrincipal::Read(nsIObjectInputStream* aStream)
|
||||
rv = aStream->ReadBoolean(&inMozBrowser);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = Init(fingerprint, subjectName, prettyName, cert, codebase, appId, inMozBrowser);
|
||||
rv = Init(codebase, appId, inMozBrowser);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
SetDomain(domain);
|
||||
@ -768,44 +575,14 @@ nsPrincipal::Read(nsIObjectInputStream* aStream)
|
||||
NS_IMETHODIMP
|
||||
nsPrincipal::Write(nsIObjectOutputStream* aStream)
|
||||
{
|
||||
NS_ENSURE_STATE(mCert || mCodebase);
|
||||
NS_ENSURE_STATE(mCodebase);
|
||||
|
||||
nsresult rv = aStream->WriteBoolean(mCert != nullptr);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (mCert) {
|
||||
NS_ENSURE_STATE(mCert->cert);
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mCert->fingerprint.get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mCert->subjectName.get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = NS_WriteOptionalStringZ(aStream, mCert->prettyName.get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteCompoundObject(mCert->cert, NS_GET_IID(nsISupports),
|
||||
true);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
// mSecurityPolicy is an optimization; it'll get looked up again as needed.
|
||||
// Don't bother saving and restoring it, esp. since it might change if
|
||||
// preferences change.
|
||||
|
||||
rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIURI),
|
||||
true);
|
||||
nsresult rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIURI),
|
||||
true);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@ -1078,12 +855,8 @@ nsExpandedPrincipal::GetUnknownAppId(bool* aUnknownAppId)
|
||||
void
|
||||
nsExpandedPrincipal::GetScriptLocation(nsACString& aStr)
|
||||
{
|
||||
if (mCert) {
|
||||
aStr.Assign(mCert->fingerprint);
|
||||
} else {
|
||||
// Is that a good idea to list it's principals?
|
||||
aStr.Assign(EXPANDED_PRINCIPAL_SPEC);
|
||||
}
|
||||
// Is that a good idea to list it's principals?
|
||||
aStr.Assign(EXPANDED_PRINCIPAL_SPEC);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
|
@ -1852,52 +1852,6 @@ nsScriptSecurityManager::SubjectPrincipalIsSystem(bool* aIsSystem)
|
||||
return mSystemPrincipal->Equals(subject, aIsSystem);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsScriptSecurityManager::GetCertificatePrincipal(const nsACString& aCertFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCertificate,
|
||||
nsIURI* aURI,
|
||||
nsIPrincipal **result)
|
||||
{
|
||||
*result = nullptr;
|
||||
|
||||
NS_ENSURE_ARG(!aCertFingerprint.IsEmpty() &&
|
||||
!aSubjectName.IsEmpty() &&
|
||||
aCertificate);
|
||||
|
||||
return DoGetCertificatePrincipal(aCertFingerprint, aSubjectName,
|
||||
aPrettyName, aCertificate, aURI, true,
|
||||
result);
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCertificate,
|
||||
nsIURI* aURI,
|
||||
bool aModifyTable,
|
||||
nsIPrincipal **result)
|
||||
{
|
||||
NS_ENSURE_ARG(!aCertFingerprint.IsEmpty());
|
||||
|
||||
// Create a certificate principal out of the certificate ID
|
||||
// and URI given to us. We will use this principal to test
|
||||
// equality when doing our hashtable lookups below.
|
||||
nsRefPtr<nsPrincipal> certificate = new nsPrincipal();
|
||||
if (!certificate)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
nsresult rv = certificate->Init(aCertFingerprint, aSubjectName,
|
||||
aPrettyName, aCertificate, aURI,
|
||||
UNKNOWN_APP_ID, false);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
NS_ADDREF(*result = certificate);
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId,
|
||||
bool aInMozBrowser,
|
||||
@ -1924,9 +1878,7 @@ nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId,
|
||||
if (!codebase)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
nsresult rv = codebase->Init(EmptyCString(), EmptyCString(),
|
||||
EmptyCString(), nullptr, aURI, aAppId,
|
||||
aInMozBrowser);
|
||||
nsresult rv = codebase->Init(aURI, aAppId, aInMozBrowser);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
|
@ -124,38 +124,6 @@ nsSystemPrincipal::GetOrigin(char** aOrigin)
|
||||
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetFingerprint(nsACString& aID)
|
||||
{
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetPrettyName(nsACString& aName)
|
||||
{
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetSubjectName(nsACString& aName)
|
||||
{
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetCertificate(nsISupports** aCertificate)
|
||||
{
|
||||
*aCertificate = nullptr;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetHasCertificate(bool* aResult)
|
||||
{
|
||||
*aResult = false;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetCsp(nsIContentSecurityPolicy** aCsp)
|
||||
{
|
||||
|
@ -742,18 +742,6 @@ FullTrustSecMan::GetSystemPrincipal(nsIPrincipal **_retval)
|
||||
return *_retval ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
FullTrustSecMan::GetCertificatePrincipal(const nsACString & aCertFingerprint,
|
||||
const nsACString & aSubjectName,
|
||||
const nsACString & aPrettyName,
|
||||
nsISupports *aCert,
|
||||
nsIURI *aURI,
|
||||
nsIPrincipal **_retval)
|
||||
{
|
||||
NS_IF_ADDREF(*_retval = mSystemPrincipal);
|
||||
return *_retval ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
FullTrustSecMan::GetSimpleCodebasePrincipal(nsIURI *aURI,
|
||||
nsIPrincipal **_retval)
|
||||
|
@ -1380,18 +1380,6 @@ FullTrustSecMan::GetSystemPrincipal(nsIPrincipal **_retval)
|
||||
return *_retval ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
/* [noscript] nsIPrincipal getCertificatePrincipal (in AUTF8String aCertFingerprint, in AUTF8String aSubjectName, in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI); */
|
||||
NS_IMETHODIMP
|
||||
FullTrustSecMan::GetCertificatePrincipal(const nsACString & aCertFingerprint,
|
||||
const nsACString & aSubjectName,
|
||||
const nsACString & aPrettyName,
|
||||
nsISupports *aCert, nsIURI *aURI,
|
||||
nsIPrincipal **_retval)
|
||||
{
|
||||
NS_IF_ADDREF(*_retval = mSystemPrincipal);
|
||||
return *_retval ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
/* [noscript] nsIPrincipal getSimpleCodebasePrincipal (in nsIURI aURI); */
|
||||
NS_IMETHODIMP
|
||||
FullTrustSecMan::GetSimpleCodebasePrincipal(nsIURI *aURI, nsIPrincipal **_retval)
|
||||
|
@ -9,7 +9,7 @@
|
||||
interface nsIUTF8StringEnumerator;
|
||||
interface nsIInputStream;
|
||||
interface nsIFile;
|
||||
interface nsIPrincipal;
|
||||
interface nsICertificatePrincipal;
|
||||
|
||||
[scriptable, uuid(e1c028bc-c478-11da-95a8-00e08161165f)]
|
||||
interface nsIZipEntry : nsISupports
|
||||
@ -53,7 +53,7 @@ interface nsIZipEntry : nsISupports
|
||||
readonly attribute boolean isSynthetic;
|
||||
};
|
||||
|
||||
[scriptable, uuid(8fbf5023-3827-4fbc-a464-5db546e7f747)]
|
||||
[scriptable, uuid(38d6d07a-8a58-4fe7-be8b-ef6472fa83ff)]
|
||||
interface nsIZipReader : nsISupports
|
||||
{
|
||||
/**
|
||||
@ -177,7 +177,7 @@ interface nsIZipReader : nsISupports
|
||||
* stored in the jar, verifyExternalFile (not yet implemented) must
|
||||
* be called before getPrincipal.
|
||||
*/
|
||||
nsIPrincipal getCertificatePrincipal(in AUTF8String aEntryName);
|
||||
nsICertificatePrincipal getCertificatePrincipal(in AUTF8String aEntryName);
|
||||
|
||||
readonly attribute uint32_t manifestEntriesCount;
|
||||
};
|
||||
|
@ -339,7 +339,7 @@ nsJAR::GetInputStreamWithSpec(const nsACString& aJarDirSpec,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsJAR::GetCertificatePrincipal(const nsACString &aFilename, nsIPrincipal** aPrincipal)
|
||||
nsJAR::GetCertificatePrincipal(const nsACString &aFilename, nsICertificatePrincipal** aPrincipal)
|
||||
{
|
||||
//-- Parameter check
|
||||
if (!aPrincipal)
|
||||
|
@ -24,7 +24,7 @@
|
||||
#include "nsHashtable.h"
|
||||
#include "nsIZipReader.h"
|
||||
#include "nsZipArchive.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsISignatureVerifier.h"
|
||||
#include "nsIObserverService.h"
|
||||
#include "nsWeakReference.h"
|
||||
@ -100,7 +100,7 @@ class nsJAR : public nsIZipReader
|
||||
nsRefPtr<nsZipArchive> mZip; // The underlying zip archive
|
||||
nsObjectHashtable mManifestData; // Stores metadata for each entry
|
||||
bool mParsedManifest; // True if manifest has been parsed
|
||||
nsCOMPtr<nsIPrincipal> mPrincipal; // The entity which signed this file
|
||||
nsCOMPtr<nsICertificatePrincipal> mPrincipal; // The entity which signed this file
|
||||
int16_t mGlobalStatus; // Global signature verification status
|
||||
PRIntervalTime mReleaseTime; // used by nsZipReaderCache for flushing entries
|
||||
nsZipReaderCache* mCache; // if cached, this points to the cache it's contained in
|
||||
|
@ -67,6 +67,8 @@ XPIDLSRCS = \
|
||||
nsIKeyModule.idl \
|
||||
nsIProtectedAuthThread.idl \
|
||||
nsIDataSignatureVerifier.idl \
|
||||
nsISignatureVerifier.idl \
|
||||
nsICertificatePrincipal.idl \
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZ_XUL
|
||||
|
33
security/manager/ssl/public/nsICertificatePrincipal.idl
Normal file
33
security/manager/ssl/public/nsICertificatePrincipal.idl
Normal file
@ -0,0 +1,33 @@
|
||||
/* -*- Mode: IDL; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
/*
|
||||
* Historically, principals, certificates, and signed JARs were all linked
|
||||
* together in one big mess. When that mess was cleaned up, it turned out that
|
||||
* the principals used to store certificate information didn't overlap at all
|
||||
* with the principals used for security policy. So this interface was created
|
||||
* so that real principals wouldn't have to carry around all that baggage.
|
||||
*
|
||||
* The name here is totally a misnomer. This isn't a principal at all, and would
|
||||
* better be called nsICertificateHolder or something. But that would require
|
||||
* renaming some APIs, so let's just let this be for now.
|
||||
*/
|
||||
|
||||
[scriptable, uuid(7cd4af5a-64d3-44a8-9700-804a42a6109a)]
|
||||
interface nsICertificatePrincipal : nsISupports
|
||||
{
|
||||
readonly attribute AUTF8String fingerprint;
|
||||
readonly attribute AUTF8String prettyName;
|
||||
readonly attribute AUTF8String subjectName;
|
||||
readonly attribute nsISupports certificate;
|
||||
readonly attribute boolean hasCertificate; // For compat; always true.
|
||||
|
||||
bool equals(in nsICertificatePrincipal aOther);
|
||||
};
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
@ -4,20 +4,24 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
/* An interface for verifying signatures */
|
||||
#include "nsIPrincipal.idl"
|
||||
|
||||
[uuid(dea87f65-e91e-4119-aa13-aaa2be80cac2)]
|
||||
#include "nsISupports.idl"
|
||||
|
||||
// NB: This isn't actually a principal at all. The naming is just historical.
|
||||
interface nsICertificatePrincipal;
|
||||
|
||||
[uuid(22870b07-b5ef-481b-9f7f-d41787d4e617)]
|
||||
interface nsISignatureVerifier : nsISupports
|
||||
{
|
||||
/* Sig Verification Error Codes */
|
||||
const long VERIFY_OK = 0;
|
||||
const long VERIFY_ERROR_UNKNOWN_CA = -8172; /* -8172 is the error code returned by PSM */
|
||||
|
||||
nsIPrincipal verifySignature(in string aSignature,
|
||||
in unsigned long aSignatureLen,
|
||||
in string plaintext,
|
||||
in unsigned long plaintextLen,
|
||||
out long errorCode);
|
||||
nsICertificatePrincipal verifySignature(in string aSignature,
|
||||
in unsigned long aSignatureLen,
|
||||
in string plaintext,
|
||||
in unsigned long plaintextLen,
|
||||
out long errorCode);
|
||||
};
|
||||
|
||||
|
@ -72,6 +72,7 @@ CPPSRCS = \
|
||||
nsNSSCertificateFakeTransport.cpp \
|
||||
PSMRunnable.cpp \
|
||||
nsNSSVersion.cpp \
|
||||
nsCertificatePrincipal.cpp \
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZ_XUL
|
||||
|
67
security/manager/ssl/src/nsCertificatePrincipal.cpp
Normal file
67
security/manager/ssl/src/nsCertificatePrincipal.cpp
Normal file
@ -0,0 +1,67 @@
|
||||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "nsCertificatePrincipal.h"
|
||||
|
||||
NS_IMPL_ISUPPORTS1(nsCertificatePrincipal, nsICertificatePrincipal)
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetFingerprint(nsACString& aFingerprint)
|
||||
{
|
||||
aFingerprint = mFingerprint;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetSubjectName(nsACString& aSubjectName)
|
||||
{
|
||||
aSubjectName = mSubjectName;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetPrettyName(nsACString& aPrettyName)
|
||||
{
|
||||
aPrettyName = mPrettyName;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetCertificate(nsISupports** aCert)
|
||||
{
|
||||
nsCOMPtr<nsISupports> cert = mCert;
|
||||
cert.forget(aCert);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::GetHasCertificate(bool* rv)
|
||||
{
|
||||
*rv = true;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertificatePrincipal::Equals(nsICertificatePrincipal* aOther, bool* rv)
|
||||
{
|
||||
nsAutoCString str;
|
||||
aOther->GetFingerprint(str);
|
||||
if (!str.Equals(mFingerprint)) {
|
||||
*rv = false;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// If either subject name is empty, just let the result stand, but if they're
|
||||
// both non-empty, only claim equality if they're equal.
|
||||
if (!mSubjectName.IsEmpty()) {
|
||||
// Check the other principal's subject name
|
||||
aOther->GetSubjectName(str);
|
||||
*rv = str.Equals(mSubjectName) || str.IsEmpty();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
*rv = true;
|
||||
return NS_OK;
|
||||
}
|
38
security/manager/ssl/src/nsCertificatePrincipal.h
Normal file
38
security/manager/ssl/src/nsCertificatePrincipal.h
Normal file
@ -0,0 +1,38 @@
|
||||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifndef __NS_CERTIFICATEPRINCIPAL_H
|
||||
#define __NS_CERTIFICATEPRINCIPAL_H
|
||||
|
||||
#include "nsICertificatePrincipal.h"
|
||||
#include "nsString.h"
|
||||
#include "nsCOMPtr.h"
|
||||
|
||||
class nsCertificatePrincipal : public nsICertificatePrincipal
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSICERTIFICATEPRINCIPAL
|
||||
|
||||
nsCertificatePrincipal(const nsACString& aFingerprint,
|
||||
const nsACString& aSubjectName,
|
||||
const nsACString& aPrettyName,
|
||||
nsISupports* aCert)
|
||||
: mFingerprint(aFingerprint)
|
||||
, mSubjectName(aSubjectName)
|
||||
, mPrettyName(aPrettyName)
|
||||
, mCert(aCert)
|
||||
{}
|
||||
|
||||
virtual ~nsCertificatePrincipal() {};
|
||||
|
||||
private:
|
||||
nsCString mFingerprint;
|
||||
nsCString mSubjectName;
|
||||
nsCString mPrettyName;
|
||||
nsCOMPtr<nsISupports> mCert;
|
||||
};
|
||||
|
||||
#endif /* __NS_CERTIFICATEPRINCIPAL_H */
|
@ -42,7 +42,7 @@
|
||||
|
||||
#include "nsIWindowWatcher.h"
|
||||
#include "nsIPrompt.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsIDateTimeFormat.h"
|
||||
#include "prtypes.h"
|
||||
@ -2053,7 +2053,7 @@ NS_IMETHODIMP
|
||||
nsNSSComponent::VerifySignature(const char* aRSABuf, uint32_t aRSABufLen,
|
||||
const char* aPlaintext, uint32_t aPlaintextLen,
|
||||
int32_t* aErrorCode,
|
||||
nsIPrincipal** aPrincipal)
|
||||
nsICertificatePrincipal** aPrincipal)
|
||||
{
|
||||
if (!aPrincipal || !aErrorCode) {
|
||||
return NS_ERROR_NULL_POINTER;
|
||||
@ -2152,16 +2152,12 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, uint32_t aRSABufLen,
|
||||
break;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> certPrincipal;
|
||||
rv2 = mScriptSecurityManager->
|
||||
GetCertificatePrincipal(NS_ConvertUTF16toUTF8(fingerprint),
|
||||
NS_ConvertUTF16toUTF8(subjectName),
|
||||
NS_ConvertUTF16toUTF8(orgName),
|
||||
pCert, nullptr, getter_AddRefs(certPrincipal));
|
||||
if (NS_FAILED(rv2) || !certPrincipal) {
|
||||
break;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICertificatePrincipal> certPrincipal =
|
||||
new nsCertificatePrincipal(NS_ConvertUTF16toUTF8(fingerprint),
|
||||
NS_ConvertUTF16toUTF8(subjectName),
|
||||
NS_ConvertUTF16toUTF8(orgName),
|
||||
pCert);
|
||||
|
||||
certPrincipal.swap(*aPrincipal);
|
||||
} while (0);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user