The Tor Browser: netwerk/cookie/nsCookieService.cpp@6474c204b198 (annotated)

netwerk/cookie/nsCookieService.cpp@6474c204b198 (annotated)

netwerk/cookie/nsCookieService.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
child 4: fc2d59ddac77
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set sw=2 ts=8 et tw=80 : */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "mozilla/Attributes.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Likely.h"
 #ifdef MOZ_LOGGING
 // this next define has to appear before the include of prlog.h
 #define FORCE_PR_LOG // Allow logging in the release build
 #endif
 #include "mozilla/net/CookieServiceChild.h"
 #include "mozilla/net/NeckoCommon.h"
 #include "nsCookieService.h"
 #include "nsIServiceManager.h"
 #include "nsIIOService.h"
 #include "nsIPrefBranch.h"
 #include "nsIPrefService.h"
 #include "nsICookiePermission.h"
 #include "nsIURI.h"
 #include "nsIURL.h"
 #include "nsIChannel.h"
 #include "nsIFile.h"
 #include "nsIObserverService.h"
 #include "nsILineInputStream.h"
 #include "nsIEffectiveTLDService.h"
 #include "nsIIDNService.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsTArray.h"
 #include "nsCOMArray.h"
 #include "nsIMutableArray.h"
 #include "nsArrayEnumerator.h"
 #include "nsEnumeratorUtils.h"
 #include "nsAutoPtr.h"
 #include "nsReadableUtils.h"
 #include "nsCRT.h"
 #include "prprf.h"
 #include "nsNetUtil.h"
 #include "nsNetCID.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsNetCID.h"
 #include "mozilla/storage.h"
 #include "mozilla/AutoRestore.h"
 #include "mozilla/FileUtils.h"
 #include "mozilla/Telemetry.h"
 #include "nsIAppsService.h"
 #include "mozIApplication.h"
 #include "nsIConsoleService.h"
 using namespace mozilla;
 using namespace mozilla::net;
 // Create key from baseDomain that will access the default cookie namespace.
 // TODO: When we figure out what the API will look like for nsICookieManager{2}
 // on content processes (see bug 777620), change to use the appropriate app
 // namespace.  For now those IDLs aren't supported on child processes.
 #define DEFAULT_APP_KEY(baseDomain) \
         nsCookieKey(baseDomain, NECKO_NO_APP_ID, false)
 /******************************************************************************
  * nsCookieService impl:
  * useful types & constants
  ******************************************************************************/
 static nsCookieService *gCookieService;
 // XXX_hack. See bug 178993.
 // This is a hack to hide HttpOnly cookies from older browsers
 static const char kHttpOnlyPrefix[] = "#HttpOnly_";
 #define COOKIES_FILE "cookies.sqlite"
 #define COOKIES_SCHEMA_VERSION 5
 // parameter indexes; see EnsureReadDomain, EnsureReadComplete and
 // ReadCookieDBListener::HandleResult
 #define IDX_NAME 0
 #define IDX_VALUE 1
 #define IDX_HOST 2
 #define IDX_PATH 3
 #define IDX_EXPIRY 4
 #define IDX_LAST_ACCESSED 5
 #define IDX_CREATION_TIME 6
 #define IDX_SECURE 7
 #define IDX_HTTPONLY 8
 #define IDX_BASE_DOMAIN 9
 #define IDX_APP_ID 10
 #define IDX_BROWSER_ELEM 11
 static const int64_t kCookieStaleThreshold = 60 * PR_USEC_PER_SEC; // 1 minute in microseconds
 static const int64_t kCookiePurgeAge =
   int64_t(30 * 24 * 60 * 60) * PR_USEC_PER_SEC; // 30 days in microseconds
 static const char kOldCookieFileName[] = "cookies.txt";
 #undef  LIMIT
 #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default))
 #undef  ADD_TEN_PERCENT
 #define ADD_TEN_PERCENT(i) static_cast<uint32_t>((i) + (i)/10)
 // default limits for the cookie list. these can be tuned by the
 // network.cookie.maxNumber and network.cookie.maxPerHost prefs respectively.
 static const uint32_t kMaxNumberOfCookies = 3000;
 static const uint32_t kMaxCookiesPerHost  = 150;
 static const uint32_t kMaxBytesPerCookie  = 4096;
 static const uint32_t kMaxBytesPerPath    = 1024;
 // behavior pref constants
 static const uint32_t BEHAVIOR_ACCEPT        = 0; // allow all cookies
 static const uint32_t BEHAVIOR_REJECTFOREIGN = 1; // reject all third-party cookies
 static const uint32_t BEHAVIOR_REJECT        = 2; // reject all cookies
 static const uint32_t BEHAVIOR_LIMITFOREIGN  = 3; // reject third-party cookies unless the
                                                   // eTLD already has at least one cookie
 // pref string constants
 static const char kPrefCookieBehavior[]     = "network.cookie.cookieBehavior";
 static const char kPrefMaxNumberOfCookies[] = "network.cookie.maxNumber";
 static const char kPrefMaxCookiesPerHost[]  = "network.cookie.maxPerHost";
 static const char kPrefCookiePurgeAge[]     = "network.cookie.purgeAge";
 static const char kPrefThirdPartySession[]  = "network.cookie.thirdparty.sessionOnly";
 static void
 bindCookieParameters(mozIStorageBindingParamsArray *aParamsArray,
                      const nsCookieKey &aKey,
                      const nsCookie *aCookie);
 // struct for temporarily storing cookie attributes during header parsing
 struct nsCookieAttributes
 {
   nsAutoCString name;
   nsAutoCString value;
   nsAutoCString host;
   nsAutoCString path;
   nsAutoCString expires;
   nsAutoCString maxage;
   int64_t expiryTime;
   bool isSession;
   bool isSecure;
   bool isHttpOnly;
 };
 // stores the nsCookieEntry entryclass and an index into the cookie array
 // within that entryclass, for purposes of storing an iteration state that
 // points to a certain cookie.
 struct nsListIter
 {
   // default (non-initializing) constructor.
   nsListIter()
   {
   }
   // explicit constructor to a given iterator state with entryclass 'aEntry'
   // and index 'aIndex'.
   explicit
   nsListIter(nsCookieEntry *aEntry, nsCookieEntry::IndexType aIndex)
    : entry(aEntry)
    , index(aIndex)
   {
   }
   // get the nsCookie * the iterator currently points to.
   nsCookie * Cookie() const
   {
     return entry->GetCookies()[index];
   }
   nsCookieEntry            *entry;
   nsCookieEntry::IndexType  index;
 };
 /******************************************************************************
  * Cookie logging handlers
  * used for logging in nsCookieService
  ******************************************************************************/
 // logging handlers
 #ifdef MOZ_LOGGING
 // in order to do logging, the following environment variables need to be set:
 //
 //    set NSPR_LOG_MODULES=cookie:3 -- shows rejected cookies
 //    set NSPR_LOG_MODULES=cookie:4 -- shows accepted and rejected cookies
 //    set NSPR_LOG_FILE=cookie.log
 //
 #include "prlog.h"
 #endif
 // define logging macros for convenience
 #define SET_COOKIE true
 #define GET_COOKIE false
 #ifdef PR_LOGGING
 static PRLogModuleInfo *
 GetCookieLog()
 {
   static PRLogModuleInfo *sCookieLog;
   if (!sCookieLog)
     sCookieLog = PR_NewLogModule("cookie");
   return sCookieLog;
 }
 #define COOKIE_LOGFAILURE(a, b, c, d)    LogFailure(a, b, c, d)
 #define COOKIE_LOGSUCCESS(a, b, c, d, e) LogSuccess(a, b, c, d, e)
 #define COOKIE_LOGEVICTED(a, details)          \
   PR_BEGIN_MACRO                               \
   if (PR_LOG_TEST(GetCookieLog(), PR_LOG_DEBUG))  \
       LogEvicted(a, details);                  \
   PR_END_MACRO
 #define COOKIE_LOGSTRING(lvl, fmt)   \
   PR_BEGIN_MACRO                     \
     PR_LOG(GetCookieLog(), lvl, fmt);  \
     PR_LOG(GetCookieLog(), lvl, ("\n")); \
   PR_END_MACRO
 static void
 LogFailure(bool aSetCookie, nsIURI *aHostURI, const char *aCookieString, const char *aReason)
 {
   // if logging isn't enabled, return now to save cycles
   if (!PR_LOG_TEST(GetCookieLog(), PR_LOG_WARNING))
     return;
   nsAutoCString spec;
   if (aHostURI)
     aHostURI->GetAsciiSpec(spec);
   PR_LOG(GetCookieLog(), PR_LOG_WARNING,
     ("===== %s =====\n", aSetCookie ? "COOKIE NOT ACCEPTED" : "COOKIE NOT SENT"));
   PR_LOG(GetCookieLog(), PR_LOG_WARNING,("request URL: %s\n", spec.get()));
   if (aSetCookie)
     PR_LOG(GetCookieLog(), PR_LOG_WARNING,("cookie string: %s\n", aCookieString));
   PRExplodedTime explodedTime;
   PR_ExplodeTime(PR_Now(), PR_GMTParameters, &explodedTime);
   char timeString[40];
   PR_FormatTimeUSEnglish(timeString, 40, "%c GMT", &explodedTime);
   PR_LOG(GetCookieLog(), PR_LOG_WARNING,("current time: %s", timeString));
   PR_LOG(GetCookieLog(), PR_LOG_WARNING,("rejected because %s\n", aReason));
   PR_LOG(GetCookieLog(), PR_LOG_WARNING,("\n"));
 }
 static void
 LogCookie(nsCookie *aCookie)
 {
   PRExplodedTime explodedTime;
   PR_ExplodeTime(PR_Now(), PR_GMTParameters, &explodedTime);
   char timeString[40];
   PR_FormatTimeUSEnglish(timeString, 40, "%c GMT", &explodedTime);
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("current time: %s", timeString));
   if (aCookie) {
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("----------------\n"));
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("name: %s\n", aCookie->Name().get()));
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("value: %s\n", aCookie->Value().get()));
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("%s: %s\n", aCookie->IsDomain() ? "domain" : "host", aCookie->Host().get()));
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("path: %s\n", aCookie->Path().get()));
     PR_ExplodeTime(aCookie->Expiry() * int64_t(PR_USEC_PER_SEC),
                    PR_GMTParameters, &explodedTime);
     PR_FormatTimeUSEnglish(timeString, 40, "%c GMT", &explodedTime);
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,
       ("expires: %s%s", timeString, aCookie->IsSession() ? " (at end of session)" : ""));
     PR_ExplodeTime(aCookie->CreationTime(), PR_GMTParameters, &explodedTime);
     PR_FormatTimeUSEnglish(timeString, 40, "%c GMT", &explodedTime);
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("created: %s", timeString));
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("is secure: %s\n", aCookie->IsSecure() ? "true" : "false"));
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("is httpOnly: %s\n", aCookie->IsHttpOnly() ? "true" : "false"));
   }
 }
 static void
 LogSuccess(bool aSetCookie, nsIURI *aHostURI, const char *aCookieString, nsCookie *aCookie, bool aReplacing)
 {
   // if logging isn't enabled, return now to save cycles
   if (!PR_LOG_TEST(GetCookieLog(), PR_LOG_DEBUG)) {
     return;
   }
   nsAutoCString spec;
   if (aHostURI)
     aHostURI->GetAsciiSpec(spec);
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,
     ("===== %s =====\n", aSetCookie ? "COOKIE ACCEPTED" : "COOKIE SENT"));
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("request URL: %s\n", spec.get()));
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("cookie string: %s\n", aCookieString));
   if (aSetCookie)
     PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("replaces existing cookie: %s\n", aReplacing ? "true" : "false"));
   LogCookie(aCookie);
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("\n"));
 }
 static void
 LogEvicted(nsCookie *aCookie, const char* details)
 {
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("===== COOKIE EVICTED =====\n"));
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("%s\n", details));
   LogCookie(aCookie);
   PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("\n"));
 }
 // inline wrappers to make passing in nsAFlatCStrings easier
 static inline void
 LogFailure(bool aSetCookie, nsIURI *aHostURI, const nsAFlatCString &aCookieString, const char *aReason)
 {
   LogFailure(aSetCookie, aHostURI, aCookieString.get(), aReason);
 }
 static inline void
 LogSuccess(bool aSetCookie, nsIURI *aHostURI, const nsAFlatCString &aCookieString, nsCookie *aCookie, bool aReplacing)
 {
   LogSuccess(aSetCookie, aHostURI, aCookieString.get(), aCookie, aReplacing);
 }
 #else
 #define COOKIE_LOGFAILURE(a, b, c, d)    PR_BEGIN_MACRO /* nothing */ PR_END_MACRO
 #define COOKIE_LOGSUCCESS(a, b, c, d, e) PR_BEGIN_MACRO /* nothing */ PR_END_MACRO
 #define COOKIE_LOGEVICTED(a, b)          PR_BEGIN_MACRO /* nothing */ PR_END_MACRO
 #define COOKIE_LOGSTRING(a, b)           PR_BEGIN_MACRO /* nothing */ PR_END_MACRO
 #endif
 #ifdef DEBUG
 #define NS_ASSERT_SUCCESS(res)                                               \
   PR_BEGIN_MACRO                                                             \
   nsresult __rv = res; /* Do not evaluate |res| more than once! */           \
   if (NS_FAILED(__rv)) {                                                     \
     char *msg = PR_smprintf("NS_ASSERT_SUCCESS(%s) failed with result 0x%X", \
                             #res, __rv);                                     \
     NS_ASSERTION(NS_SUCCEEDED(__rv), msg);                                   \
     PR_smprintf_free(msg);                                                   \
   }                                                                          \
   PR_END_MACRO
 #else
 #define NS_ASSERT_SUCCESS(res) PR_BEGIN_MACRO /* nothing */ PR_END_MACRO
 #endif
 /******************************************************************************
  * DBListenerErrorHandler impl:
  * Parent class for our async storage listeners that handles the logging of
  * errors.
  ******************************************************************************/
 class DBListenerErrorHandler : public mozIStorageStatementCallback
 {
 protected:
   DBListenerErrorHandler(DBState* dbState) : mDBState(dbState) { }
   nsRefPtr<DBState> mDBState;
   virtual const char *GetOpType() = 0;
 public:
   NS_IMETHOD HandleError(mozIStorageError* aError)
   {
     int32_t result = -1;
     aError->GetResult(&result);
 #ifdef PR_LOGGING
     nsAutoCString message;
     aError->GetMessage(message);
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("DBListenerErrorHandler::HandleError(): Error %d occurred while "
        "performing operation '%s' with message '%s'; rebuilding database.",
        result, GetOpType(), message.get()));
 #endif
     // Rebuild the database.
     gCookieService->HandleCorruptDB(mDBState);
     return NS_OK;
   }
 };
 /******************************************************************************
  * InsertCookieDBListener impl:
  * mozIStorageStatementCallback used to track asynchronous insertion operations.
  ******************************************************************************/
 class InsertCookieDBListener MOZ_FINAL : public DBListenerErrorHandler
 {
 protected:
   virtual const char *GetOpType() { return "INSERT"; }
 public:
   NS_DECL_ISUPPORTS
   InsertCookieDBListener(DBState* dbState) : DBListenerErrorHandler(dbState) { }
   NS_IMETHOD HandleResult(mozIStorageResultSet*)
   {
     NS_NOTREACHED("Unexpected call to InsertCookieDBListener::HandleResult");
     return NS_OK;
   }
   NS_IMETHOD HandleCompletion(uint16_t aReason)
   {
     // If we were rebuilding the db and we succeeded, make our corruptFlag say
     // so.
     if (mDBState->corruptFlag == DBState::REBUILDING &&
         aReason == mozIStorageStatementCallback::REASON_FINISHED) {
       COOKIE_LOGSTRING(PR_LOG_DEBUG,
         ("InsertCookieDBListener::HandleCompletion(): rebuild complete"));
       mDBState->corruptFlag = DBState::OK;
     }
     return NS_OK;
   }
 };
 NS_IMPL_ISUPPORTS(InsertCookieDBListener, mozIStorageStatementCallback)
 /******************************************************************************
  * UpdateCookieDBListener impl:
  * mozIStorageStatementCallback used to track asynchronous update operations.
  ******************************************************************************/
 class UpdateCookieDBListener MOZ_FINAL : public DBListenerErrorHandler
 {
 protected:
   virtual const char *GetOpType() { return "UPDATE"; }
 public:
   NS_DECL_ISUPPORTS
   UpdateCookieDBListener(DBState* dbState) : DBListenerErrorHandler(dbState) { }
   NS_IMETHOD HandleResult(mozIStorageResultSet*)
   {
     NS_NOTREACHED("Unexpected call to UpdateCookieDBListener::HandleResult");
     return NS_OK;
   }
   NS_IMETHOD HandleCompletion(uint16_t aReason)
   {
     return NS_OK;
   }
 };
 NS_IMPL_ISUPPORTS(UpdateCookieDBListener, mozIStorageStatementCallback)
 /******************************************************************************
  * RemoveCookieDBListener impl:
  * mozIStorageStatementCallback used to track asynchronous removal operations.
  ******************************************************************************/
 class RemoveCookieDBListener MOZ_FINAL : public DBListenerErrorHandler
 {
 protected:
   virtual const char *GetOpType() { return "REMOVE"; }
 public:
   NS_DECL_ISUPPORTS
   RemoveCookieDBListener(DBState* dbState) : DBListenerErrorHandler(dbState) { }
   NS_IMETHOD HandleResult(mozIStorageResultSet*)
   {
     NS_NOTREACHED("Unexpected call to RemoveCookieDBListener::HandleResult");
     return NS_OK;
   }
   NS_IMETHOD HandleCompletion(uint16_t aReason)
   {
     return NS_OK;
   }
 };
 NS_IMPL_ISUPPORTS(RemoveCookieDBListener, mozIStorageStatementCallback)
 /******************************************************************************
  * ReadCookieDBListener impl:
  * mozIStorageStatementCallback used to track asynchronous removal operations.
  ******************************************************************************/
 class ReadCookieDBListener MOZ_FINAL : public DBListenerErrorHandler
 {
 protected:
   virtual const char *GetOpType() { return "READ"; }
   bool mCanceled;
 public:
   NS_DECL_ISUPPORTS
   ReadCookieDBListener(DBState* dbState)
     : DBListenerErrorHandler(dbState)
     , mCanceled(false)
   {
   }
   void Cancel() { mCanceled = true; }
   NS_IMETHOD HandleResult(mozIStorageResultSet *aResult)
   {
     nsCOMPtr<mozIStorageRow> row;
     while (1) {
       DebugOnly<nsresult> rv = aResult->GetNextRow(getter_AddRefs(row));
       NS_ASSERT_SUCCESS(rv);
       if (!row)
         break;
       CookieDomainTuple *tuple = mDBState->hostArray.AppendElement();
       row->GetUTF8String(IDX_BASE_DOMAIN, tuple->key.mBaseDomain);
       tuple->key.mAppId = static_cast<uint32_t>(row->AsInt32(IDX_APP_ID));
       tuple->key.mInBrowserElement = static_cast<bool>(row->AsInt32(IDX_BROWSER_ELEM));
       tuple->cookie = gCookieService->GetCookieFromRow(row);
     }
     return NS_OK;
   }
   NS_IMETHOD HandleCompletion(uint16_t aReason)
   {
     // Process the completion of the read operation. If we have been canceled,
     // we cannot assume that the cookieservice still has an open connection
     // or that it even refers to the same database, so we must return early.
     // Conversely, the cookieservice guarantees that if we have not been
     // canceled, the database connection is still alive and we can safely
     // operate on it.
     if (mCanceled) {
       // We may receive a REASON_FINISHED after being canceled;
       // tweak the reason accordingly.
       aReason = mozIStorageStatementCallback::REASON_CANCELED;
     }
     switch (aReason) {
     case mozIStorageStatementCallback::REASON_FINISHED:
       gCookieService->AsyncReadComplete();
       break;
     case mozIStorageStatementCallback::REASON_CANCELED:
       // Nothing more to do here. The partially read data has already been
       // thrown away.
       COOKIE_LOGSTRING(PR_LOG_DEBUG, ("Read canceled"));
       break;
     case mozIStorageStatementCallback::REASON_ERROR:
       // Nothing more to do here. DBListenerErrorHandler::HandleError()
       // can handle it.
       COOKIE_LOGSTRING(PR_LOG_DEBUG, ("Read error"));
       break;
     default:
       NS_NOTREACHED("invalid reason");
     }
     return NS_OK;
   }
 };
 NS_IMPL_ISUPPORTS(ReadCookieDBListener, mozIStorageStatementCallback)
 /******************************************************************************
  * CloseCookieDBListener imp:
  * Static mozIStorageCompletionCallback used to notify when the database is
  * successfully closed.
  ******************************************************************************/
 class CloseCookieDBListener MOZ_FINAL :  public mozIStorageCompletionCallback
 {
 public:
   CloseCookieDBListener(DBState* dbState) : mDBState(dbState) { }
   nsRefPtr<DBState> mDBState;
   NS_DECL_ISUPPORTS
   NS_IMETHOD Complete(nsresult, nsISupports*)
   {
     gCookieService->HandleDBClosed(mDBState);
     return NS_OK;
   }
 };
 NS_IMPL_ISUPPORTS(CloseCookieDBListener, mozIStorageCompletionCallback)
 namespace {
 class AppClearDataObserver MOZ_FINAL : public nsIObserver {
 public:
   NS_DECL_ISUPPORTS
   // nsIObserver implementation.
   NS_IMETHODIMP
   Observe(nsISupports *aSubject, const char *aTopic, const char16_t *data)
   {
     MOZ_ASSERT(!nsCRT::strcmp(aTopic, TOPIC_WEB_APP_CLEAR_DATA));
     uint32_t appId = NECKO_UNKNOWN_APP_ID;
     bool browserOnly = false;
     nsresult rv = NS_GetAppInfoFromClearDataNotification(aSubject, &appId,
                                                          &browserOnly);
     NS_ENSURE_SUCCESS(rv, rv);
     nsCOMPtr<nsICookieManager2> cookieManager
       = do_GetService(NS_COOKIEMANAGER_CONTRACTID);
     MOZ_ASSERT(cookieManager);
     return cookieManager->RemoveCookiesForApp(appId, browserOnly);
   }
 };
 NS_IMPL_ISUPPORTS(AppClearDataObserver, nsIObserver)
 } // anonymous namespace
 size_t
 nsCookieKey::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const
 {
   return mBaseDomain.SizeOfExcludingThisIfUnshared(aMallocSizeOf);
 }
 size_t
 nsCookieEntry::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const
 {
   size_t amount = nsCookieKey::SizeOfExcludingThis(aMallocSizeOf);
   amount += mCookies.SizeOfExcludingThis(aMallocSizeOf);
   for (uint32_t i = 0; i < mCookies.Length(); ++i) {
     amount += mCookies[i]->SizeOfIncludingThis(aMallocSizeOf);
   }
   return amount;
 }
 static size_t
 HostTableEntrySizeOfExcludingThis(nsCookieEntry *aEntry,
                                   MallocSizeOf aMallocSizeOf,
                                   void *arg)
 {
   return aEntry->SizeOfExcludingThis(aMallocSizeOf);
 }
 size_t
 CookieDomainTuple::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const
 {
   size_t amount = 0;
   amount += key.SizeOfExcludingThis(aMallocSizeOf);
   amount += cookie->SizeOfIncludingThis(aMallocSizeOf);
   return amount;
 }
 static size_t
 ReadSetEntrySizeOfExcludingThis(nsCookieKey *aEntry,
                                 MallocSizeOf aMallocSizeOf,
                                 void *)
 {
   return aEntry->SizeOfExcludingThis(aMallocSizeOf);
 }
 size_t
 DBState::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const
 {
   size_t amount = 0;
   amount += aMallocSizeOf(this);
   amount += hostTable.SizeOfExcludingThis(HostTableEntrySizeOfExcludingThis,
                                           aMallocSizeOf);
   amount += hostArray.SizeOfExcludingThis(aMallocSizeOf);
   for (uint32_t i = 0; i < hostArray.Length(); ++i) {
     amount += hostArray[i].SizeOfExcludingThis(aMallocSizeOf);
   }
   amount += readSet.SizeOfExcludingThis(ReadSetEntrySizeOfExcludingThis,
                                         aMallocSizeOf);
   return amount;
 }
 /******************************************************************************
  * nsCookieService impl:
  * singleton instance ctor/dtor methods
  ******************************************************************************/
 nsICookieService*
 nsCookieService::GetXPCOMSingleton()
 {
   if (IsNeckoChild())
     return CookieServiceChild::GetSingleton();
   return GetSingleton();
 }
 nsCookieService*
 nsCookieService::GetSingleton()
 {
   NS_ASSERTION(!IsNeckoChild(), "not a parent process");
   if (gCookieService) {
     NS_ADDREF(gCookieService);
     return gCookieService;
   }
   // Create a new singleton nsCookieService.
   // We AddRef only once since XPCOM has rules about the ordering of module
   // teardowns - by the time our module destructor is called, it's too late to
   // Release our members (e.g. nsIObserverService and nsIPrefBranch), since GC
   // cycles have already been completed and would result in serious leaks.
   // See bug 209571.
   gCookieService = new nsCookieService();
   if (gCookieService) {
     NS_ADDREF(gCookieService);
     if (NS_FAILED(gCookieService->Init())) {
       NS_RELEASE(gCookieService);
     }
   }
   return gCookieService;
 }
 /* static */ void
 nsCookieService::AppClearDataObserverInit()
 {
   nsCOMPtr<nsIObserverService> observerService = do_GetService("@mozilla.org/observer-service;1");
   nsCOMPtr<nsIObserver> obs = new AppClearDataObserver();
   observerService->AddObserver(obs, TOPIC_WEB_APP_CLEAR_DATA,
                                /* holdsWeak= */ false);
 }
 /******************************************************************************
  * nsCookieService impl:
  * public methods
  ******************************************************************************/
 NS_IMPL_ISUPPORTS(nsCookieService,
                   nsICookieService,
                   nsICookieManager,
                   nsICookieManager2,
                   nsIObserver,
                   nsISupportsWeakReference,
                   nsIMemoryReporter)
 nsCookieService::nsCookieService()
  : mDBState(nullptr)
  , mCookieBehavior(BEHAVIOR_ACCEPT)
  , mThirdPartySession(false)
  , mMaxNumberOfCookies(kMaxNumberOfCookies)
  , mMaxCookiesPerHost(kMaxCookiesPerHost)
  , mCookiePurgeAge(kCookiePurgeAge)
 {
 }
 nsresult
 nsCookieService::Init()
 {
   nsresult rv;
   mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
   mIDNService = do_GetService(NS_IDNSERVICE_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
   mThirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID);
   NS_ENSURE_SUCCESS(rv, rv);
   // init our pref and observer
   nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
   if (prefBranch) {
     prefBranch->AddObserver(kPrefCookieBehavior,     this, true);
     prefBranch->AddObserver(kPrefMaxNumberOfCookies, this, true);
     prefBranch->AddObserver(kPrefMaxCookiesPerHost,  this, true);
     prefBranch->AddObserver(kPrefCookiePurgeAge,     this, true);
     prefBranch->AddObserver(kPrefThirdPartySession,  this, true);
     PrefChanged(prefBranch);
   }
   mStorageService = do_GetService("@mozilla.org/storage/service;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
   // Init our default, and possibly private DBStates.
   InitDBStates();
   RegisterWeakMemoryReporter(this);
   mObserverService = mozilla::services::GetObserverService();
   NS_ENSURE_STATE(mObserverService);
   mObserverService->AddObserver(this, "profile-before-change", true);
   mObserverService->AddObserver(this, "profile-do-change", true);
   mObserverService->AddObserver(this, "last-pb-context-exited", true);
   mPermissionService = do_GetService(NS_COOKIEPERMISSION_CONTRACTID);
   if (!mPermissionService) {
     NS_WARNING("nsICookiePermission implementation not available - some features won't work!");
     COOKIE_LOGSTRING(PR_LOG_WARNING, ("Init(): nsICookiePermission implementation not available"));
   }
   return NS_OK;
 }
 void
 nsCookieService::InitDBStates()
 {
   NS_ASSERTION(!mDBState, "already have a DBState");
   NS_ASSERTION(!mDefaultDBState, "already have a default DBState");
   NS_ASSERTION(!mPrivateDBState, "already have a private DBState");
   // Create a new default DBState and set our current one.
   mDefaultDBState = new DBState();
   mDBState = mDefaultDBState;
   mPrivateDBState = new DBState();
   // Get our cookie file.
   nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
     getter_AddRefs(mDefaultDBState->cookieFile));
   if (NS_FAILED(rv)) {
     // We've already set up our DBStates appropriately; nothing more to do.
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("InitDBStates(): couldn't get cookie file"));
     return;
   }
   mDefaultDBState->cookieFile->AppendNative(NS_LITERAL_CSTRING(COOKIES_FILE));
   // Attempt to open and read the database. If TryInitDB() returns RESULT_RETRY,
   // do so.
   OpenDBResult result = TryInitDB(false);
   if (result == RESULT_RETRY) {
     // Database may be corrupt. Synchronously close the connection, clean up the
     // default DBState, and try again.
     COOKIE_LOGSTRING(PR_LOG_WARNING, ("InitDBStates(): retrying TryInitDB()"));
     CleanupCachedStatements();
     CleanupDefaultDBConnection();
     result = TryInitDB(true);
     if (result == RESULT_RETRY) {
       // We're done. Change the code to failure so we clean up below.
       result = RESULT_FAILURE;
     }
   }
   if (result == RESULT_FAILURE) {
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("InitDBStates(): TryInitDB() failed, closing connection"));
     // Connection failure is unrecoverable. Clean up our connection. We can run
     // fine without persistent storage -- e.g. if there's no profile.
     CleanupCachedStatements();
     CleanupDefaultDBConnection();
   }
 }
 /* Attempt to open and read the database. If 'aRecreateDB' is true, try to
  * move the existing database file out of the way and create a new one.
  *
  * @returns RESULT_OK if opening or creating the database succeeded;
  *          RESULT_RETRY if the database cannot be opened, is corrupt, or some
  *          other failure occurred that might be resolved by recreating the
  *          database; or RESULT_FAILED if there was an unrecoverable error and
  *          we must run without a database.
  *
  * If RESULT_RETRY or RESULT_FAILED is returned, the caller should perform
  * cleanup of the default DBState.
  */
 OpenDBResult
 nsCookieService::TryInitDB(bool aRecreateDB)
 {
   NS_ASSERTION(!mDefaultDBState->dbConn, "nonnull dbConn");
   NS_ASSERTION(!mDefaultDBState->stmtInsert, "nonnull stmtInsert");
   NS_ASSERTION(!mDefaultDBState->insertListener, "nonnull insertListener");
   NS_ASSERTION(!mDefaultDBState->syncConn, "nonnull syncConn");
   // Ditch an existing db, if we've been told to (i.e. it's corrupt). We don't
   // want to delete it outright, since it may be useful for debugging purposes,
   // so we move it out of the way.
   nsresult rv;
   if (aRecreateDB) {
     nsCOMPtr<nsIFile> backupFile;
     mDefaultDBState->cookieFile->Clone(getter_AddRefs(backupFile));
     rv = backupFile->MoveToNative(nullptr,
       NS_LITERAL_CSTRING(COOKIES_FILE ".bak"));
     NS_ENSURE_SUCCESS(rv, RESULT_FAILURE);
   }
   // This block provides scope for the Telemetry AutoTimer
   {
     Telemetry::AutoTimer<Telemetry::MOZ_SQLITE_COOKIES_OPEN_READAHEAD_MS>
       telemetry;
     ReadAheadFile(mDefaultDBState->cookieFile);
     // open a connection to the cookie database, and only cache our connection
     // and statements upon success. The connection is opened unshared to eliminate
     // cache contention between the main and background threads.
     rv = mStorageService->OpenUnsharedDatabase(mDefaultDBState->cookieFile,
       getter_AddRefs(mDefaultDBState->dbConn));
     NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   }
   // Set up our listeners.
   mDefaultDBState->insertListener = new InsertCookieDBListener(mDefaultDBState);
   mDefaultDBState->updateListener = new UpdateCookieDBListener(mDefaultDBState);
   mDefaultDBState->removeListener = new RemoveCookieDBListener(mDefaultDBState);
   mDefaultDBState->closeListener = new CloseCookieDBListener(mDefaultDBState);
   // Grow cookie db in 512KB increments
   mDefaultDBState->dbConn->SetGrowthIncrement(512 * 1024, EmptyCString());
   bool tableExists = false;
   mDefaultDBState->dbConn->TableExists(NS_LITERAL_CSTRING("moz_cookies"),
     &tableExists);
   if (!tableExists) {
     rv = CreateTable();
     NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   } else {
     // table already exists; check the schema version before reading
     int32_t dbSchemaVersion;
     rv = mDefaultDBState->dbConn->GetSchemaVersion(&dbSchemaVersion);
     NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
     // Start a transaction for the whole migration block.
     mozStorageTransaction transaction(mDefaultDBState->dbConn, true);
     switch (dbSchemaVersion) {
     // Upgrading.
     // Every time you increment the database schema, you need to implement
     // the upgrading code from the previous version to the new one. If migration
     // fails for any reason, it's a bug -- so we return RESULT_RETRY such that
     // the original database will be saved, in the hopes that we might one day
     // see it and fix it.
     case 1:
       {
         // Add the lastAccessed column to the table.
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "ALTER TABLE moz_cookies ADD lastAccessed INTEGER"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
       }
       // Fall through to the next upgrade.
     case 2:
       {
         // Add the baseDomain column and index to the table.
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "ALTER TABLE moz_cookies ADD baseDomain TEXT"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Compute the baseDomains for the table. This must be done eagerly
         // otherwise we won't be able to synchronously read in individual
         // domains on demand.
         const int64_t SCHEMA2_IDX_ID  =  0;
         const int64_t SCHEMA2_IDX_HOST = 1;
         nsCOMPtr<mozIStorageStatement> select;
         rv = mDefaultDBState->dbConn->CreateStatement(NS_LITERAL_CSTRING(
           "SELECT id, host FROM moz_cookies"), getter_AddRefs(select));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         nsCOMPtr<mozIStorageStatement> update;
         rv = mDefaultDBState->dbConn->CreateStatement(NS_LITERAL_CSTRING(
           "UPDATE moz_cookies SET baseDomain = :baseDomain WHERE id = :id"),
           getter_AddRefs(update));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         nsCString baseDomain, host;
         bool hasResult;
         while (1) {
           rv = select->ExecuteStep(&hasResult);
           NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
           if (!hasResult)
             break;
           int64_t id = select->AsInt64(SCHEMA2_IDX_ID);
           select->GetUTF8String(SCHEMA2_IDX_HOST, host);
           rv = GetBaseDomainFromHost(host, baseDomain);
           NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
           mozStorageStatementScoper scoper(update);
           rv = update->BindUTF8StringByName(NS_LITERAL_CSTRING("baseDomain"),
                                             baseDomain);
           NS_ASSERT_SUCCESS(rv);
           rv = update->BindInt64ByName(NS_LITERAL_CSTRING("id"),
                                        id);
           NS_ASSERT_SUCCESS(rv);
           rv = update->ExecuteStep(&hasResult);
           NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         }
         // Create an index on baseDomain.
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "CREATE INDEX moz_basedomain ON moz_cookies (baseDomain)"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
       }
       // Fall through to the next upgrade.
     case 3:
       {
         // Add the creationTime column to the table, and create a unique index
         // on (name, host, path). Before we do this, we have to purge the table
         // of expired cookies such that we know that the (name, host, path)
         // index is truly unique -- otherwise we can't create the index. Note
         // that we can't just execute a statement to delete all rows where the
         // expiry column is in the past -- doing so would rely on the clock
         // (both now and when previous cookies were set) being monotonic.
         // Select the whole table, and order by the fields we're interested in.
         // This means we can simply do a linear traversal of the results and
         // check for duplicates as we go.
         const int64_t SCHEMA3_IDX_ID =   0;
         const int64_t SCHEMA3_IDX_NAME = 1;
         const int64_t SCHEMA3_IDX_HOST = 2;
         const int64_t SCHEMA3_IDX_PATH = 3;
         nsCOMPtr<mozIStorageStatement> select;
         rv = mDefaultDBState->dbConn->CreateStatement(NS_LITERAL_CSTRING(
           "SELECT id, name, host, path FROM moz_cookies "
             "ORDER BY name ASC, host ASC, path ASC, expiry ASC"),
           getter_AddRefs(select));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         nsCOMPtr<mozIStorageStatement> deleteExpired;
         rv = mDefaultDBState->dbConn->CreateStatement(NS_LITERAL_CSTRING(
           "DELETE FROM moz_cookies WHERE id = :id"),
           getter_AddRefs(deleteExpired));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Read the first row.
         bool hasResult;
         rv = select->ExecuteStep(&hasResult);
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         if (hasResult) {
           nsCString name1, host1, path1;
           int64_t id1 = select->AsInt64(SCHEMA3_IDX_ID);
           select->GetUTF8String(SCHEMA3_IDX_NAME, name1);
           select->GetUTF8String(SCHEMA3_IDX_HOST, host1);
           select->GetUTF8String(SCHEMA3_IDX_PATH, path1);
           nsCString name2, host2, path2;
           while (1) {
             // Read the second row.
             rv = select->ExecuteStep(&hasResult);
             NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
             if (!hasResult)
               break;
             int64_t id2 = select->AsInt64(SCHEMA3_IDX_ID);
             select->GetUTF8String(SCHEMA3_IDX_NAME, name2);
             select->GetUTF8String(SCHEMA3_IDX_HOST, host2);
             select->GetUTF8String(SCHEMA3_IDX_PATH, path2);
             // If the two rows match in (name, host, path), we know the earlier
             // row has an earlier expiry time. Delete it.
             if (name1 == name2 && host1 == host2 && path1 == path2) {
               mozStorageStatementScoper scoper(deleteExpired);
               rv = deleteExpired->BindInt64ByName(NS_LITERAL_CSTRING("id"),
                 id1);
               NS_ASSERT_SUCCESS(rv);
               rv = deleteExpired->ExecuteStep(&hasResult);
               NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
             }
             // Make the second row the first for the next iteration.
             name1 = name2;
             host1 = host2;
             path1 = path2;
             id1 = id2;
           }
         }
         // Add the creationTime column to the table.
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "ALTER TABLE moz_cookies ADD creationTime INTEGER"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Copy the id of each row into the new creationTime column.
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "UPDATE moz_cookies SET creationTime = "
             "(SELECT id WHERE id = moz_cookies.id)"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Create a unique index on (name, host, path) to allow fast lookup.
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "CREATE UNIQUE INDEX moz_uniqueid "
           "ON moz_cookies (name, host, path)"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
       }
       // Fall through to the next upgrade.
     case 4:
       {
         // We need to add appId/inBrowserElement, plus change a constraint on
         // the table (unique entries now include appId/inBrowserElement):
         // this requires creating a new table and copying the data to it.  We
         // then rename the new table to the old name.
         //
         // Why we made this change: appId/inBrowserElement allow "cookie jars"
         // for Firefox OS. We create a separate cookie namespace per {appId,
         // inBrowserElement}.  When upgrading, we convert existing cookies
         // (which imply we're on desktop/mobile) to use {0, false}, as that is
         // the only namespace used by a non-Firefox-OS implementation.
         // Rename existing table
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "ALTER TABLE moz_cookies RENAME TO moz_cookies_old"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Drop existing index (CreateTable will create new one for new table)
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "DROP INDEX moz_basedomain"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Create new table (with new fields and new unique constraint)
         rv = CreateTable();
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Copy data from old table, using appId/inBrowser=0 for existing rows
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "INSERT INTO moz_cookies "
           "(baseDomain, appId, inBrowserElement, name, value, host, path, expiry,"
           " lastAccessed, creationTime, isSecure, isHttpOnly) "
           "SELECT baseDomain, 0, 0, name, value, host, path, expiry,"
           " lastAccessed, creationTime, isSecure, isHttpOnly "
           "FROM moz_cookies_old"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         // Drop old table
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "DROP TABLE moz_cookies_old"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         COOKIE_LOGSTRING(PR_LOG_DEBUG,
           ("Upgraded database to schema version 5"));
       }
       // No more upgrades. Update the schema version.
       rv = mDefaultDBState->dbConn->SetSchemaVersion(COOKIES_SCHEMA_VERSION);
       NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
     case COOKIES_SCHEMA_VERSION:
       break;
     case 0:
       {
         NS_WARNING("couldn't get schema version!");
         // the table may be usable; someone might've just clobbered the schema
         // version. we can treat this case like a downgrade using the codepath
         // below, by verifying the columns we care about are all there. for now,
         // re-set the schema version in the db, in case the checks succeed (if
         // they don't, we're dropping the table anyway).
         rv = mDefaultDBState->dbConn->SetSchemaVersion(COOKIES_SCHEMA_VERSION);
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
       }
       // fall through to downgrade check
     // downgrading.
     // if columns have been added to the table, we can still use the ones we
     // understand safely. if columns have been deleted or altered, just
     // blow away the table and start from scratch! if you change the way
     // a column is interpreted, make sure you also change its name so this
     // check will catch it.
     default:
       {
         // check if all the expected columns exist
         nsCOMPtr<mozIStorageStatement> stmt;
         rv = mDefaultDBState->dbConn->CreateStatement(NS_LITERAL_CSTRING(
           "SELECT "
             "id, "
             "baseDomain, "
             "appId, "
             "inBrowserElement, "
             "name, "
             "value, "
             "host, "
             "path, "
             "expiry, "
             "lastAccessed, "
             "creationTime, "
             "isSecure, "
             "isHttpOnly "
           "FROM moz_cookies"), getter_AddRefs(stmt));
         if (NS_SUCCEEDED(rv))
           break;
         // our columns aren't there - drop the table!
         rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
           "DROP TABLE moz_cookies"));
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
         rv = CreateTable();
         NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
       }
       break;
     }
   }
   // make operations on the table asynchronous, for performance
   mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
     "PRAGMA synchronous = OFF"));
   // Use write-ahead-logging for performance. We cap the autocheckpoint limit at
   // 16 pages (around 500KB).
   mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
     MOZ_STORAGE_UNIQUIFY_QUERY_STR "PRAGMA journal_mode = WAL"));
   mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
     "PRAGMA wal_autocheckpoint = 16"));
   // cache frequently used statements (for insertion, deletion, and updating)
   rv = mDefaultDBState->dbConn->CreateAsyncStatement(NS_LITERAL_CSTRING(
     "INSERT INTO moz_cookies ("
       "baseDomain, "
       "appId, "
       "inBrowserElement, "
       "name, "
       "value, "
       "host, "
       "path, "
       "expiry, "
       "lastAccessed, "
       "creationTime, "
       "isSecure, "
       "isHttpOnly"
     ") VALUES ("
       ":baseDomain, "
       ":appId, "
       ":inBrowserElement, "
       ":name, "
       ":value, "
       ":host, "
       ":path, "
       ":expiry, "
       ":lastAccessed, "
       ":creationTime, "
       ":isSecure, "
       ":isHttpOnly"
     ")"),
     getter_AddRefs(mDefaultDBState->stmtInsert));
   NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   rv = mDefaultDBState->dbConn->CreateAsyncStatement(NS_LITERAL_CSTRING(
     "DELETE FROM moz_cookies "
     "WHERE name = :name AND host = :host AND path = :path"),
     getter_AddRefs(mDefaultDBState->stmtDelete));
   NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   rv = mDefaultDBState->dbConn->CreateAsyncStatement(NS_LITERAL_CSTRING(
     "UPDATE moz_cookies SET lastAccessed = :lastAccessed "
     "WHERE name = :name AND host = :host AND path = :path"),
     getter_AddRefs(mDefaultDBState->stmtUpdate));
   NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   // if we deleted a corrupt db, don't attempt to import - return now
   if (aRecreateDB)
     return RESULT_OK;
   // check whether to import or just read in the db
   if (tableExists)
     return Read();
   nsCOMPtr<nsIFile> oldCookieFile;
   rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
     getter_AddRefs(oldCookieFile));
   if (NS_FAILED(rv)) return RESULT_OK;
   // Import cookies, and clean up the old file regardless of success or failure.
   // Note that we have to switch out our DBState temporarily, in case we're in
   // private browsing mode; otherwise ImportCookies() won't be happy.
   DBState* initialState = mDBState;
   mDBState = mDefaultDBState;
   oldCookieFile->AppendNative(NS_LITERAL_CSTRING(kOldCookieFileName));
   ImportCookies(oldCookieFile);
   oldCookieFile->Remove(false);
   mDBState = initialState;
   return RESULT_OK;
 }
 // Sets the schema version and creates the moz_cookies table.
 nsresult
 nsCookieService::CreateTable()
 {
   // Set the schema version, before creating the table.
   nsresult rv = mDefaultDBState->dbConn->SetSchemaVersion(
     COOKIES_SCHEMA_VERSION);
   if (NS_FAILED(rv)) return rv;
   // Create the table.  We default appId/inBrowserElement to 0: this is so if
   // users revert to an older Firefox version that doesn't know about these
   // fields, any cookies set will still work once they upgrade back.
   rv = mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
     "CREATE TABLE moz_cookies ("
       "id INTEGER PRIMARY KEY, "
       "baseDomain TEXT, "
       "appId INTEGER DEFAULT 0, "
       "inBrowserElement INTEGER DEFAULT 0, "
       "name TEXT, "
       "value TEXT, "
       "host TEXT, "
       "path TEXT, "
       "expiry INTEGER, "
       "lastAccessed INTEGER, "
       "creationTime INTEGER, "
       "isSecure INTEGER, "
       "isHttpOnly INTEGER, "
       "CONSTRAINT moz_uniqueid UNIQUE (name, host, path, appId, inBrowserElement)"
     ")"));
   if (NS_FAILED(rv)) return rv;
   // Create an index on baseDomain.
   return mDefaultDBState->dbConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
     "CREATE INDEX moz_basedomain ON moz_cookies (baseDomain, "
                                                 "appId, "
                                                 "inBrowserElement)"));
 }
 void
 nsCookieService::CloseDBStates()
 {
   // Null out our private and pointer DBStates regardless.
   mPrivateDBState = nullptr;
   mDBState = nullptr;
   // If we don't have a default DBState, we're done.
   if (!mDefaultDBState)
     return;
   // Cleanup cached statements before we can close anything.
   CleanupCachedStatements();
   if (mDefaultDBState->dbConn) {
     // Cancel any pending read. No further results will be received by our
     // read listener.
     if (mDefaultDBState->pendingRead) {
       CancelAsyncRead(true);
     }
     // Asynchronously close the connection. We will null it below.
     mDefaultDBState->dbConn->AsyncClose(mDefaultDBState->closeListener);
   }
   CleanupDefaultDBConnection();
   mDefaultDBState = nullptr;
 }
 // Null out the statements.
 // This must be done before closing the connection.
 void
 nsCookieService::CleanupCachedStatements()
 {
   mDefaultDBState->stmtInsert = nullptr;
   mDefaultDBState->stmtDelete = nullptr;
   mDefaultDBState->stmtUpdate = nullptr;
 }
 // Null out the listeners, and the database connection itself. This
 // will not null out the statements, cancel a pending read or
 // asynchronously close the connection -- these must be done
 // beforehand if necessary.
 void
 nsCookieService::CleanupDefaultDBConnection()
 {
   MOZ_ASSERT(!mDefaultDBState->stmtInsert, "stmtInsert has been cleaned up");
   MOZ_ASSERT(!mDefaultDBState->stmtDelete, "stmtDelete has been cleaned up");
   MOZ_ASSERT(!mDefaultDBState->stmtUpdate, "stmtUpdate has been cleaned up");
   // Null out the database connections. If 'dbConn' has not been used for any
   // asynchronous operations yet, this will synchronously close it; otherwise,
   // it's expected that the caller has performed an AsyncClose prior.
   mDefaultDBState->dbConn = nullptr;
   mDefaultDBState->syncConn = nullptr;
   // Manually null out our listeners. This is necessary because they hold a
   // strong ref to the DBState itself. They'll stay alive until whatever
   // statements are still executing complete.
   mDefaultDBState->readListener = nullptr;
   mDefaultDBState->insertListener = nullptr;
   mDefaultDBState->updateListener = nullptr;
   mDefaultDBState->removeListener = nullptr;
   mDefaultDBState->closeListener = nullptr;
 }
 void
 nsCookieService::HandleDBClosed(DBState* aDBState)
 {
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("HandleDBClosed(): DBState %x closed", aDBState));
   switch (aDBState->corruptFlag) {
   case DBState::OK: {
     // Database is healthy. Notify of closure.
     mObserverService->NotifyObservers(nullptr, "cookie-db-closed", nullptr);
     break;
   }
   case DBState::CLOSING_FOR_REBUILD: {
     // Our close finished. Start the rebuild, and notify of db closure later.
     RebuildCorruptDB(aDBState);
     break;
   }
   case DBState::REBUILDING: {
     // We encountered an error during rebuild, closed the database, and now
     // here we are. We already have a 'cookies.sqlite.bak' from the original
     // dead database; we don't want to overwrite it, so let's move this one to
     // 'cookies.sqlite.bak-rebuild'.
     nsCOMPtr<nsIFile> backupFile;
     aDBState->cookieFile->Clone(getter_AddRefs(backupFile));
     nsresult rv = backupFile->MoveToNative(nullptr,
       NS_LITERAL_CSTRING(COOKIES_FILE ".bak-rebuild"));
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("HandleDBClosed(): DBState %x encountered error rebuilding db; move to "
        "'cookies.sqlite.bak-rebuild' gave rv 0x%x", aDBState, rv));
     mObserverService->NotifyObservers(nullptr, "cookie-db-closed", nullptr);
     break;
   }
   }
 }
 void
 nsCookieService::HandleCorruptDB(DBState* aDBState)
 {
   if (mDefaultDBState != aDBState) {
     // We've either closed the state or we've switched profiles. It's getting
     // a bit late to rebuild -- bail instead.
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("HandleCorruptDB(): DBState %x is already closed, aborting", aDBState));
     return;
   }
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("HandleCorruptDB(): DBState %x has corruptFlag %u", aDBState,
       aDBState->corruptFlag));
   // Mark the database corrupt, so the close listener can begin reconstructing
   // it.
   switch (mDefaultDBState->corruptFlag) {
   case DBState::OK: {
     // Move to 'closing' state.
     mDefaultDBState->corruptFlag = DBState::CLOSING_FOR_REBUILD;
     // Cancel any pending read and close the database. If we do have an
     // in-flight read we want to throw away all the results so far -- we have no
     // idea how consistent the database is. Note that we may have already
     // canceled the read but not emptied our readSet; do so now.
     mDefaultDBState->readSet.Clear();
     if (mDefaultDBState->pendingRead) {
       CancelAsyncRead(true);
       mDefaultDBState->syncConn = nullptr;
     }
     CleanupCachedStatements();
     mDefaultDBState->dbConn->AsyncClose(mDefaultDBState->closeListener);
     CleanupDefaultDBConnection();
     break;
   }
   case DBState::CLOSING_FOR_REBUILD: {
     // We had an error while waiting for close completion. That's OK, just
     // ignore it -- we're rebuilding anyway.
     return;
   }
   case DBState::REBUILDING: {
     // We had an error while rebuilding the DB. Game over. Close the database
     // and let the close handler do nothing; then we'll move it out of the way.
     CleanupCachedStatements();
     if (mDefaultDBState->dbConn) {
       mDefaultDBState->dbConn->AsyncClose(mDefaultDBState->closeListener);
     }
     CleanupDefaultDBConnection();
     break;
   }
   }
 }
 static PLDHashOperator
 RebuildDBCallback(nsCookieEntry *aEntry,
                   void          *aArg)
 {
   mozIStorageBindingParamsArray* paramsArray =
     static_cast<mozIStorageBindingParamsArray*>(aArg);
   const nsCookieEntry::ArrayType &cookies = aEntry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     nsCookie* cookie = cookies[i];
     if (!cookie->IsSession()) {
       bindCookieParameters(paramsArray, aEntry, cookie);
     }
   }
   return PL_DHASH_NEXT;
 }
 void
 nsCookieService::RebuildCorruptDB(DBState* aDBState)
 {
   NS_ASSERTION(!aDBState->dbConn, "shouldn't have an open db connection");
   NS_ASSERTION(aDBState->corruptFlag == DBState::CLOSING_FOR_REBUILD,
     "should be in CLOSING_FOR_REBUILD state");
   aDBState->corruptFlag = DBState::REBUILDING;
   if (mDefaultDBState != aDBState) {
     // We've either closed the state or we've switched profiles. It's getting
     // a bit late to rebuild -- bail instead. In any case, we were waiting
     // on rebuild completion to notify of the db closure, which won't happen --
     // do so now.
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("RebuildCorruptDB(): DBState %x is stale, aborting", aDBState));
     mObserverService->NotifyObservers(nullptr, "cookie-db-closed", nullptr);
     return;
   }
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("RebuildCorruptDB(): creating new database"));
   // The database has been closed, and we're ready to rebuild. Open a
   // connection.
   OpenDBResult result = TryInitDB(true);
   if (result != RESULT_OK) {
     // We're done. Reset our DB connection and statements, and notify of
     // closure.
     COOKIE_LOGSTRING(PR_LOG_WARNING,
       ("RebuildCorruptDB(): TryInitDB() failed with result %u", result));
     CleanupCachedStatements();
     CleanupDefaultDBConnection();
     mDefaultDBState->corruptFlag = DBState::OK;
     mObserverService->NotifyObservers(nullptr, "cookie-db-closed", nullptr);
     return;
   }
   // Notify observers that we're beginning the rebuild.
   mObserverService->NotifyObservers(nullptr, "cookie-db-rebuilding", nullptr);
   // Enumerate the hash, and add cookies to the params array.
   mozIStorageAsyncStatement* stmt = aDBState->stmtInsert;
   nsCOMPtr<mozIStorageBindingParamsArray> paramsArray;
   stmt->NewBindingParamsArray(getter_AddRefs(paramsArray));
   aDBState->hostTable.EnumerateEntries(RebuildDBCallback, paramsArray.get());
   // Make sure we've got something to write. If we don't, we're done.
   uint32_t length;
   paramsArray->GetLength(&length);
   if (length == 0) {
     COOKIE_LOGSTRING(PR_LOG_DEBUG,
       ("RebuildCorruptDB(): nothing to write, rebuild complete"));
     mDefaultDBState->corruptFlag = DBState::OK;
     return;
   }
   // Execute the statement. If any errors crop up, we won't try again.
   DebugOnly<nsresult> rv = stmt->BindParameters(paramsArray);
   NS_ASSERT_SUCCESS(rv);
   nsCOMPtr<mozIStoragePendingStatement> handle;
   rv = stmt->ExecuteAsync(aDBState->insertListener, getter_AddRefs(handle));
   NS_ASSERT_SUCCESS(rv);
 }
 nsCookieService::~nsCookieService()
 {
   CloseDBStates();
   UnregisterWeakMemoryReporter(this);
   gCookieService = nullptr;
 }
 NS_IMETHODIMP
 nsCookieService::Observe(nsISupports     *aSubject,
                          const char      *aTopic,
                          const char16_t *aData)
 {
   // check the topic
   if (!strcmp(aTopic, "profile-before-change")) {
     // The profile is about to change,
     // or is going away because the application is shutting down.
     if (mDBState && mDBState->dbConn &&
         !nsCRT::strcmp(aData, MOZ_UTF16("shutdown-cleanse"))) {
       // Clear the cookie db if we're in the default DBState.
       RemoveAll();
     }
     // Close the default DB connection and null out our DBStates before
     // changing.
     CloseDBStates();
   } else if (!strcmp(aTopic, "profile-do-change")) {
     NS_ASSERTION(!mDefaultDBState, "shouldn't have a default DBState");
     NS_ASSERTION(!mPrivateDBState, "shouldn't have a private DBState");
     // the profile has already changed; init the db from the new location.
     // if we are in the private browsing state, however, we do not want to read
     // data into it - we should instead put it into the default state, so it's
     // ready for us if and when we switch back to it.
     InitDBStates();
   } else if (!strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID)) {
     nsCOMPtr<nsIPrefBranch> prefBranch = do_QueryInterface(aSubject);
     if (prefBranch)
       PrefChanged(prefBranch);
   } else if (!strcmp(aTopic, "last-pb-context-exited")) {
     // Flush all the cookies stored by private browsing contexts
     mPrivateDBState = new DBState();
   }
   return NS_OK;
 }
 NS_IMETHODIMP
 nsCookieService::GetCookieString(nsIURI     *aHostURI,
                                  nsIChannel *aChannel,
                                  char       **aCookie)
 {
   return GetCookieStringCommon(aHostURI, aChannel, false, aCookie);
 }
 NS_IMETHODIMP
 nsCookieService::GetCookieStringFromHttp(nsIURI     *aHostURI,
                                          nsIURI     *aFirstURI,
                                          nsIChannel *aChannel,
                                          char       **aCookie)
 {
   return GetCookieStringCommon(aHostURI, aChannel, true, aCookie);
 }
 nsresult
 nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
                                        nsIChannel *aChannel,
                                        bool aHttpBound,
                                        char** aCookie)
 {
   NS_ENSURE_ARG(aHostURI);
   NS_ENSURE_ARG(aCookie);
   // Determine whether the request is foreign. Failure is acceptable.
   bool isForeign = true;
   mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
   // Get app info, if channel is present.  Else assume default namespace.
   uint32_t appId = NECKO_NO_APP_ID;
   bool inBrowserElement = false;
   if (aChannel) {
     NS_GetAppInfo(aChannel, &appId, &inBrowserElement);
   }
   bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
   nsAutoCString result;
   GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId,
                           inBrowserElement, isPrivate, result);
   *aCookie = result.IsEmpty() ? nullptr : ToNewCString(result);
   return NS_OK;
 }
 NS_IMETHODIMP
 nsCookieService::SetCookieString(nsIURI     *aHostURI,
                                  nsIPrompt  *aPrompt,
                                  const char *aCookieHeader,
                                  nsIChannel *aChannel)
 {
   // The aPrompt argument is deprecated and unused.  Avoid introducing new
   // code that uses this argument by warning if the value is non-null.
   MOZ_ASSERT(!aPrompt);
   if (aPrompt) {
     nsCOMPtr<nsIConsoleService> aConsoleService =
         do_GetService("@mozilla.org/consoleservice;1");
     if (aConsoleService) {
       aConsoleService->LogStringMessage(
         MOZ_UTF16("Non-null prompt ignored by nsCookieService."));
     }
   }
   return SetCookieStringCommon(aHostURI, aCookieHeader, nullptr, aChannel,
                                false);
 }
 NS_IMETHODIMP
 nsCookieService::SetCookieStringFromHttp(nsIURI     *aHostURI,
                                          nsIURI     *aFirstURI,
                                          nsIPrompt  *aPrompt,
                                          const char *aCookieHeader,
                                          const char *aServerTime,
                                          nsIChannel *aChannel)
 {
   // The aPrompt argument is deprecated and unused.  Avoid introducing new
   // code that uses this argument by warning if the value is non-null.
   MOZ_ASSERT(!aPrompt);
   if (aPrompt) {
     nsCOMPtr<nsIConsoleService> aConsoleService =
         do_GetService("@mozilla.org/consoleservice;1");
     if (aConsoleService) {
       aConsoleService->LogStringMessage(
         MOZ_UTF16("Non-null prompt ignored by nsCookieService."));
     }
   }
   return SetCookieStringCommon(aHostURI, aCookieHeader, aServerTime, aChannel,
                                true);
 }
 nsresult
 nsCookieService::SetCookieStringCommon(nsIURI *aHostURI,
                                        const char *aCookieHeader,
                                        const char *aServerTime,
                                        nsIChannel *aChannel,
                                        bool aFromHttp)
 {
   NS_ENSURE_ARG(aHostURI);
   NS_ENSURE_ARG(aCookieHeader);
   // Determine whether the request is foreign. Failure is acceptable.
   bool isForeign = true;
   mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
   // Get app info, if channel is present.  Else assume default namespace.
   uint32_t appId = NECKO_NO_APP_ID;
   bool inBrowserElement = false;
   if (aChannel) {
     NS_GetAppInfo(aChannel, &appId, &inBrowserElement);
   }
   bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
   nsDependentCString cookieString(aCookieHeader);
   nsDependentCString serverTime(aServerTime ? aServerTime : "");
   SetCookieStringInternal(aHostURI, isForeign, cookieString,
                           serverTime, aFromHttp, appId, inBrowserElement,
                           isPrivate, aChannel);
   return NS_OK;
 }
 void
 nsCookieService::SetCookieStringInternal(nsIURI             *aHostURI,
                                          bool                aIsForeign,
                                          nsDependentCString &aCookieHeader,
                                          const nsCString    &aServerTime,
                                          bool                aFromHttp,
                                          uint32_t            aAppId,
                                          bool                aInBrowserElement,
                                          bool                aIsPrivate,
                                          nsIChannel         *aChannel)
 {
   NS_ASSERTION(aHostURI, "null host!");
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return;
   }
   AutoRestore<DBState*> savePrevDBState(mDBState);
   mDBState = aIsPrivate ? mPrivateDBState : mDefaultDBState;
   // get the base domain for the host URI.
   // e.g. for "www.bbc.co.uk", this would be "bbc.co.uk".
   // file:// URI's (i.e. with an empty host) are allowed, but any other
   // scheme must have a non-empty host. A trailing dot in the host
   // is acceptable.
   bool requireHostMatch;
   nsAutoCString baseDomain;
   nsresult rv = GetBaseDomain(aHostURI, baseDomain, requireHostMatch);
   if (NS_FAILED(rv)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
                       "couldn't get base domain from URI");
     return;
   }
   nsCookieKey key(baseDomain, aAppId, aInBrowserElement);
   // check default prefs
   CookieStatus cookieStatus = CheckPrefs(aHostURI, aIsForeign, requireHostMatch,
                                          aCookieHeader.get());
   // fire a notification if third party or if cookie was rejected
   // (but not if there was an error)
   switch (cookieStatus) {
   case STATUS_REJECTED:
     NotifyRejected(aHostURI);
     if (aIsForeign) {
       NotifyThirdParty(aHostURI, false, aChannel);
     }
     return; // Stop here
   case STATUS_REJECTED_WITH_ERROR:
     return;
   case STATUS_ACCEPTED: // Fallthrough
   case STATUS_ACCEPT_SESSION:
     if (aIsForeign) {
       NotifyThirdParty(aHostURI, true, aChannel);
     }
     break;
   default:
     break;
   }
   // parse server local time. this is not just done here for efficiency
   // reasons - if there's an error parsing it, and we need to default it
   // to the current time, we must do it here since the current time in
   // SetCookieInternal() will change for each cookie processed (e.g. if the
   // user is prompted).
   PRTime tempServerTime;
   int64_t serverTime;
   PRStatus result = PR_ParseTimeString(aServerTime.get(), true,
                                        &tempServerTime);
   if (result == PR_SUCCESS) {
     serverTime = tempServerTime / int64_t(PR_USEC_PER_SEC);
   } else {
     serverTime = PR_Now() / PR_USEC_PER_SEC;
   }
   // process each cookie in the header
   while (SetCookieInternal(aHostURI, key, requireHostMatch, cookieStatus,
                            aCookieHeader, serverTime, aFromHttp, aChannel)) {
     // document.cookie can only set one cookie at a time
     if (!aFromHttp)
       break;
   }
 }
 // notify observers that a cookie was rejected due to the users' prefs.
 void
 nsCookieService::NotifyRejected(nsIURI *aHostURI)
 {
   if (mObserverService) {
     mObserverService->NotifyObservers(aHostURI, "cookie-rejected", nullptr);
   }
 }
 // notify observers that a third-party cookie was accepted/rejected
 // if the cookie issuer is unknown, it defaults to "?"
 void
 nsCookieService::NotifyThirdParty(nsIURI *aHostURI, bool aIsAccepted, nsIChannel *aChannel)
 {
   if (!mObserverService) {
     return;
   }
   const char* topic;
   if (mDBState != mPrivateDBState) {
     // Regular (non-private) browsing
     if (aIsAccepted) {
       topic = "third-party-cookie-accepted";
     } else {
       topic = "third-party-cookie-rejected";
     }
   } else {
     // Private browsing
     if (aIsAccepted) {
       topic = "private-third-party-cookie-accepted";
     } else {
       topic = "private-third-party-cookie-rejected";
     }
   }
   do {
     // Attempt to find the host of aChannel.
     if (!aChannel) {
       break;
     }
     nsCOMPtr<nsIURI> channelURI;
     nsresult rv = aChannel->GetURI(getter_AddRefs(channelURI));
     if (NS_FAILED(rv)) {
       break;
     }
     nsAutoCString referringHost;
     rv = channelURI->GetHost(referringHost);
     if (NS_FAILED(rv)) {
       break;
     }
     nsAutoString referringHostUTF16 = NS_ConvertUTF8toUTF16(referringHost);
     mObserverService->NotifyObservers(aHostURI,
                                       topic,
                                       referringHostUTF16.get());
     return;
   } while (0);
   // This can fail for a number of reasons, in which kind we fallback to "?"
   mObserverService->NotifyObservers(aHostURI,
                                     topic,
                                     MOZ_UTF16("?"));
 }
 // notify observers that the cookie list changed. there are five possible
 // values for aData:
 // "deleted" means a cookie was deleted. aSubject is the deleted cookie.
 // "added"   means a cookie was added. aSubject is the added cookie.
 // "changed" means a cookie was altered. aSubject is the new cookie.
 // "cleared" means the entire cookie list was cleared. aSubject is null.
 // "batch-deleted" means a set of cookies was purged. aSubject is the list of
 // cookies.
 void
 nsCookieService::NotifyChanged(nsISupports     *aSubject,
                                const char16_t *aData)
 {
   const char* topic = mDBState == mPrivateDBState ?
       "private-cookie-changed" : "cookie-changed";
   if (mObserverService)
     mObserverService->NotifyObservers(aSubject, topic, aData);
 }
 already_AddRefed<nsIArray>
 nsCookieService::CreatePurgeList(nsICookie2* aCookie)
 {
   nsCOMPtr<nsIMutableArray> removedList =
     do_CreateInstance(NS_ARRAY_CONTRACTID);
   removedList->AppendElement(aCookie, false);
   return removedList.forget();
 }
 /******************************************************************************
  * nsCookieService:
  * pref observer impl
  ******************************************************************************/
 void
 nsCookieService::PrefChanged(nsIPrefBranch *aPrefBranch)
 {
   int32_t val;
   if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookieBehavior, &val)))
     mCookieBehavior = (uint8_t) LIMIT(val, 0, 3, 0);
   if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefMaxNumberOfCookies, &val)))
     mMaxNumberOfCookies = (uint16_t) LIMIT(val, 1, 0xFFFF, kMaxNumberOfCookies);
   if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefMaxCookiesPerHost, &val)))
     mMaxCookiesPerHost = (uint16_t) LIMIT(val, 1, 0xFFFF, kMaxCookiesPerHost);
   if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookiePurgeAge, &val))) {
     mCookiePurgeAge =
       int64_t(LIMIT(val, 0, INT32_MAX, INT32_MAX)) * PR_USEC_PER_SEC;
   }
   bool boolval;
   if (NS_SUCCEEDED(aPrefBranch->GetBoolPref(kPrefThirdPartySession, &boolval)))
     mThirdPartySession = boolval;
 }
 /******************************************************************************
  * nsICookieManager impl:
  * nsICookieManager
  ******************************************************************************/
 NS_IMETHODIMP
 nsCookieService::RemoveAll()
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   RemoveAllFromMemory();
   // clear the cookie file
   if (mDBState->dbConn) {
     NS_ASSERTION(mDBState == mDefaultDBState, "not in default DB state");
     // Cancel any pending read. No further results will be received by our
     // read listener.
     if (mDefaultDBState->pendingRead) {
       CancelAsyncRead(true);
     }
     nsCOMPtr<mozIStorageAsyncStatement> stmt;
     nsresult rv = mDefaultDBState->dbConn->CreateAsyncStatement(NS_LITERAL_CSTRING(
       "DELETE FROM moz_cookies"), getter_AddRefs(stmt));
     if (NS_SUCCEEDED(rv)) {
       nsCOMPtr<mozIStoragePendingStatement> handle;
       rv = stmt->ExecuteAsync(mDefaultDBState->removeListener,
         getter_AddRefs(handle));
       NS_ASSERT_SUCCESS(rv);
     } else {
       // Recreate the database.
       COOKIE_LOGSTRING(PR_LOG_DEBUG,
         ("RemoveAll(): corruption detected with rv 0x%x", rv));
       HandleCorruptDB(mDefaultDBState);
     }
   }
   NotifyChanged(nullptr, MOZ_UTF16("cleared"));
   return NS_OK;
 }
 static PLDHashOperator
 COMArrayCallback(nsCookieEntry *aEntry,
                  void          *aArg)
 {
   nsCOMArray<nsICookie> *data = static_cast<nsCOMArray<nsICookie> *>(aArg);
   const nsCookieEntry::ArrayType &cookies = aEntry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     data->AppendObject(cookies[i]);
   }
   return PL_DHASH_NEXT;
 }
 NS_IMETHODIMP
 nsCookieService::GetEnumerator(nsISimpleEnumerator **aEnumerator)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   EnsureReadComplete();
   nsCOMArray<nsICookie> cookieList(mDBState->cookieCount);
   mDBState->hostTable.EnumerateEntries(COMArrayCallback, &cookieList);
   return NS_NewArrayEnumerator(aEnumerator, cookieList);
 }
 NS_IMETHODIMP
 nsCookieService::Add(const nsACString &aHost,
                      const nsACString &aPath,
                      const nsACString &aName,
                      const nsACString &aValue,
                      bool              aIsSecure,
                      bool              aIsHttpOnly,
                      bool              aIsSession,
                      int64_t           aExpiry)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   // first, normalize the hostname, and fail if it contains illegal characters.
   nsAutoCString host(aHost);
   nsresult rv = NormalizeHost(host);
   NS_ENSURE_SUCCESS(rv, rv);
   // get the base domain for the host URI.
   // e.g. for "www.bbc.co.uk", this would be "bbc.co.uk".
   nsAutoCString baseDomain;
   rv = GetBaseDomainFromHost(host, baseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
   int64_t currentTimeInUsec = PR_Now();
   nsRefPtr<nsCookie> cookie =
     nsCookie::Create(aName, aValue, host, aPath,
                      aExpiry,
                      currentTimeInUsec,
                      nsCookie::GenerateUniqueCreationTime(currentTimeInUsec),
                      aIsSession,
                      aIsSecure,
                      aIsHttpOnly);
   if (!cookie) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
   AddInternal(DEFAULT_APP_KEY(baseDomain), cookie, currentTimeInUsec, nullptr, nullptr, true);
   return NS_OK;
 }
 nsresult
 nsCookieService::Remove(const nsACString& aHost, uint32_t aAppId,
                         bool aInBrowserElement, const nsACString& aName,
                         const nsACString& aPath, bool aBlocked)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   // first, normalize the hostname, and fail if it contains illegal characters.
   nsAutoCString host(aHost);
   nsresult rv = NormalizeHost(host);
   NS_ENSURE_SUCCESS(rv, rv);
   nsAutoCString baseDomain;
   rv = GetBaseDomainFromHost(host, baseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
   nsListIter matchIter;
   nsRefPtr<nsCookie> cookie;
   if (FindCookie(nsCookieKey(baseDomain, aAppId, aInBrowserElement),
                  host,
                  PromiseFlatCString(aName),
                  PromiseFlatCString(aPath),
                  matchIter)) {
     cookie = matchIter.Cookie();
     RemoveCookieFromList(matchIter);
   }
   // check if we need to add the host to the permissions blacklist.
   if (aBlocked && mPermissionService) {
     // strip off the domain dot, if necessary
     if (!host.IsEmpty() && host.First() == '.')
       host.Cut(0, 1);
     host.Insert(NS_LITERAL_CSTRING("http://"), 0);
     nsCOMPtr<nsIURI> uri;
     NS_NewURI(getter_AddRefs(uri), host);
     if (uri)
       mPermissionService->SetAccess(uri, nsICookiePermission::ACCESS_DENY);
   }
   if (cookie) {
     // Everything's done. Notify observers.
     NotifyChanged(cookie, MOZ_UTF16("deleted"));
   }
   return NS_OK;
 }
 NS_IMETHODIMP
 nsCookieService::Remove(const nsACString &aHost,
                         const nsACString &aName,
                         const nsACString &aPath,
                         bool             aBlocked)
 {
   return Remove(aHost, NECKO_NO_APP_ID, false, aName, aPath, aBlocked);
 }
 /******************************************************************************
  * nsCookieService impl:
  * private file I/O functions
  ******************************************************************************/
 // Begin an asynchronous read from the database.
 OpenDBResult
 nsCookieService::Read()
 {
   // Set up a statement for the read. Note that our query specifies that
   // 'baseDomain' not be nullptr -- see below for why.
   nsCOMPtr<mozIStorageAsyncStatement> stmtRead;
   nsresult rv = mDefaultDBState->dbConn->CreateAsyncStatement(NS_LITERAL_CSTRING(
     "SELECT "
       "name, "
       "value, "
       "host, "
       "path, "
       "expiry, "
       "lastAccessed, "
       "creationTime, "
       "isSecure, "
       "isHttpOnly, "
       "baseDomain, "
       "appId,  "
       "inBrowserElement "
     "FROM moz_cookies "
     "WHERE baseDomain NOTNULL"), getter_AddRefs(stmtRead));
   NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   // Set up a statement to delete any rows with a nullptr 'baseDomain'
   // column. This takes care of any cookies set by browsers that don't
   // understand the 'baseDomain' column, where the database schema version
   // is from one that does. (This would occur when downgrading.)
   nsCOMPtr<mozIStorageAsyncStatement> stmtDeleteNull;
   rv = mDefaultDBState->dbConn->CreateAsyncStatement(NS_LITERAL_CSTRING(
     "DELETE FROM moz_cookies WHERE baseDomain ISNULL"),
     getter_AddRefs(stmtDeleteNull));
   NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   // Start a new connection for sync reads, to reduce contention with the
   // background thread. We need to do this before we kick off write statements,
   // since they can lock the database and prevent connections from being opened.
   rv = mStorageService->OpenUnsharedDatabase(mDefaultDBState->cookieFile,
     getter_AddRefs(mDefaultDBState->syncConn));
   NS_ENSURE_SUCCESS(rv, RESULT_RETRY);
   // Init our readSet hash and execute the statements. Note that, after this
   // point, we cannot fail without altering the cleanup code in InitDBStates()
   // to handle closing of the now-asynchronous connection.
   mDefaultDBState->hostArray.SetCapacity(kMaxNumberOfCookies);
   mDefaultDBState->readListener = new ReadCookieDBListener(mDefaultDBState);
   rv = stmtRead->ExecuteAsync(mDefaultDBState->readListener,
     getter_AddRefs(mDefaultDBState->pendingRead));
   NS_ASSERT_SUCCESS(rv);
   nsCOMPtr<mozIStoragePendingStatement> handle;
   rv = stmtDeleteNull->ExecuteAsync(mDefaultDBState->removeListener,
     getter_AddRefs(handle));
   NS_ASSERT_SUCCESS(rv);
   return RESULT_OK;
 }
 // Extract data from a single result row and create an nsCookie.
 // This is templated since 'T' is different for sync vs async results.
 template<class T> nsCookie*
 nsCookieService::GetCookieFromRow(T &aRow)
 {
   // Skip reading 'baseDomain' -- up to the caller.
   nsCString name, value, host, path;
   DebugOnly<nsresult> rv = aRow->GetUTF8String(IDX_NAME, name);
   NS_ASSERT_SUCCESS(rv);
   rv = aRow->GetUTF8String(IDX_VALUE, value);
   NS_ASSERT_SUCCESS(rv);
   rv = aRow->GetUTF8String(IDX_HOST, host);
   NS_ASSERT_SUCCESS(rv);
   rv = aRow->GetUTF8String(IDX_PATH, path);
   NS_ASSERT_SUCCESS(rv);
   int64_t expiry = aRow->AsInt64(IDX_EXPIRY);
   int64_t lastAccessed = aRow->AsInt64(IDX_LAST_ACCESSED);
   int64_t creationTime = aRow->AsInt64(IDX_CREATION_TIME);
   bool isSecure = 0 != aRow->AsInt32(IDX_SECURE);
   bool isHttpOnly = 0 != aRow->AsInt32(IDX_HTTPONLY);
   // Create a new nsCookie and assign the data.
   return nsCookie::Create(name, value, host, path,
                           expiry,
                           lastAccessed,
                           creationTime,
                           false,
                           isSecure,
                           isHttpOnly);
 }
 void
 nsCookieService::AsyncReadComplete()
 {
   // We may be in the private browsing DB state, with a pending read on the
   // default DB state. (This would occur if we started up in private browsing
   // mode.) As long as we do all our operations on the default state, we're OK.
   NS_ASSERTION(mDefaultDBState, "no default DBState");
   NS_ASSERTION(mDefaultDBState->pendingRead, "no pending read");
   NS_ASSERTION(mDefaultDBState->readListener, "no read listener");
   // Merge the data read on the background thread with the data synchronously
   // read on the main thread. Note that transactions on the cookie table may
   // have occurred on the main thread since, making the background data stale.
   for (uint32_t i = 0; i < mDefaultDBState->hostArray.Length(); ++i) {
     const CookieDomainTuple &tuple = mDefaultDBState->hostArray[i];
     // Tiebreak: if the given base domain has already been read in, ignore
     // the background data. Note that readSet may contain domains that were
     // queried but found not to be in the db -- that's harmless.
     if (mDefaultDBState->readSet.GetEntry(tuple.key))
       continue;
     AddCookieToList(tuple.key, tuple.cookie, mDefaultDBState, nullptr, false);
   }
   mDefaultDBState->stmtReadDomain = nullptr;
   mDefaultDBState->pendingRead = nullptr;
   mDefaultDBState->readListener = nullptr;
   mDefaultDBState->syncConn = nullptr;
   mDefaultDBState->hostArray.Clear();
   mDefaultDBState->readSet.Clear();
   COOKIE_LOGSTRING(PR_LOG_DEBUG, ("Read(): %ld cookies read",
                                   mDefaultDBState->cookieCount));
   mObserverService->NotifyObservers(nullptr, "cookie-db-read", nullptr);
 }
 void
 nsCookieService::CancelAsyncRead(bool aPurgeReadSet)
 {
   // We may be in the private browsing DB state, with a pending read on the
   // default DB state. (This would occur if we started up in private browsing
   // mode.) As long as we do all our operations on the default state, we're OK.
   NS_ASSERTION(mDefaultDBState, "no default DBState");
   NS_ASSERTION(mDefaultDBState->pendingRead, "no pending read");
   NS_ASSERTION(mDefaultDBState->readListener, "no read listener");
   // Cancel the pending read, kill the read listener, and empty the array
   // of data already read in on the background thread.
   mDefaultDBState->readListener->Cancel();
   DebugOnly<nsresult> rv = mDefaultDBState->pendingRead->Cancel();
   NS_ASSERT_SUCCESS(rv);
   mDefaultDBState->stmtReadDomain = nullptr;
   mDefaultDBState->pendingRead = nullptr;
   mDefaultDBState->readListener = nullptr;
   mDefaultDBState->hostArray.Clear();
   // Only clear the 'readSet' table if we no longer need to know what set of
   // data is already accounted for.
   if (aPurgeReadSet)
     mDefaultDBState->readSet.Clear();
 }
 void
 nsCookieService::EnsureReadDomain(const nsCookieKey &aKey)
 {
   NS_ASSERTION(!mDBState->dbConn || mDBState == mDefaultDBState,
     "not in default db state");
   // Fast path 1: nothing to read, or we've already finished reading.
   if (MOZ_LIKELY(!mDBState->dbConn || !mDefaultDBState->pendingRead))
     return;
   // Fast path 2: already read in this particular domain.
   if (MOZ_LIKELY(mDefaultDBState->readSet.GetEntry(aKey)))
     return;
   // Read in the data synchronously.
   // see IDX_NAME, etc. for parameter indexes
   nsresult rv;
   if (!mDefaultDBState->stmtReadDomain) {
     // Cache the statement, since it's likely to be used again.
     rv = mDefaultDBState->syncConn->CreateStatement(NS_LITERAL_CSTRING(
       "SELECT "
         "name, "
         "value, "
         "host, "
         "path, "
         "expiry, "
         "lastAccessed, "
         "creationTime, "
         "isSecure, "
         "isHttpOnly "
       "FROM moz_cookies "
       "WHERE baseDomain = :baseDomain "
       "  AND appId = :appId "
       "  AND inBrowserElement = :inBrowserElement"),
       getter_AddRefs(mDefaultDBState->stmtReadDomain));
     if (NS_FAILED(rv)) {
       // Recreate the database.
       COOKIE_LOGSTRING(PR_LOG_DEBUG,
         ("EnsureReadDomain(): corruption detected when creating statement "
          "with rv 0x%x", rv));
       HandleCorruptDB(mDefaultDBState);
       return;
     }
   }
   NS_ASSERTION(mDefaultDBState->syncConn, "should have a sync db connection");
   mozStorageStatementScoper scoper(mDefaultDBState->stmtReadDomain);
   rv = mDefaultDBState->stmtReadDomain->BindUTF8StringByName(
     NS_LITERAL_CSTRING("baseDomain"), aKey.mBaseDomain);
   NS_ASSERT_SUCCESS(rv);
   rv = mDefaultDBState->stmtReadDomain->BindInt32ByName(
     NS_LITERAL_CSTRING("appId"), aKey.mAppId);
   NS_ASSERT_SUCCESS(rv);
   rv = mDefaultDBState->stmtReadDomain->BindInt32ByName(
     NS_LITERAL_CSTRING("inBrowserElement"), aKey.mInBrowserElement ? 1 : 0);
   NS_ASSERT_SUCCESS(rv);
   bool hasResult;
   nsCString name, value, host, path;
   nsAutoTArray<nsRefPtr<nsCookie>, kMaxCookiesPerHost> array;
   while (1) {
     rv = mDefaultDBState->stmtReadDomain->ExecuteStep(&hasResult);
     if (NS_FAILED(rv)) {
       // Recreate the database.
       COOKIE_LOGSTRING(PR_LOG_DEBUG,
         ("EnsureReadDomain(): corruption detected when reading result "
          "with rv 0x%x", rv));
       HandleCorruptDB(mDefaultDBState);
       return;
     }
     if (!hasResult)
       break;
     array.AppendElement(GetCookieFromRow(mDefaultDBState->stmtReadDomain));
   }
   // Add the cookies to the table in a single operation. This makes sure that
   // either all the cookies get added, or in the case of corruption, none.
   for (uint32_t i = 0; i < array.Length(); ++i) {
     AddCookieToList(aKey, array[i], mDefaultDBState, nullptr, false);
   }
   // Add it to the hashset of read entries, so we don't read it again.
   mDefaultDBState->readSet.PutEntry(aKey);
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("EnsureReadDomain(): %ld cookies read for base domain %s, "
      " appId=%u, inBrowser=%d", array.Length(), aKey.mBaseDomain.get(),
      (unsigned)aKey.mAppId, (int)aKey.mInBrowserElement));
 }
 void
 nsCookieService::EnsureReadComplete()
 {
   NS_ASSERTION(!mDBState->dbConn || mDBState == mDefaultDBState,
     "not in default db state");
   // Fast path 1: nothing to read, or we've already finished reading.
   if (MOZ_LIKELY(!mDBState->dbConn || !mDefaultDBState->pendingRead))
     return;
   // Cancel the pending read, so we don't get any more results.
   CancelAsyncRead(false);
   // Read in the data synchronously.
   // see IDX_NAME, etc. for parameter indexes
   nsCOMPtr<mozIStorageStatement> stmt;
   nsresult rv = mDefaultDBState->syncConn->CreateStatement(NS_LITERAL_CSTRING(
     "SELECT "
       "name, "
       "value, "
       "host, "
       "path, "
       "expiry, "
       "lastAccessed, "
       "creationTime, "
       "isSecure, "
       "isHttpOnly, "
       "baseDomain, "
       "appId,  "
       "inBrowserElement "
     "FROM moz_cookies "
     "WHERE baseDomain NOTNULL"), getter_AddRefs(stmt));
   if (NS_FAILED(rv)) {
     // Recreate the database.
     COOKIE_LOGSTRING(PR_LOG_DEBUG,
       ("EnsureReadComplete(): corruption detected when creating statement "
        "with rv 0x%x", rv));
     HandleCorruptDB(mDefaultDBState);
     return;
   }
   nsCString baseDomain, name, value, host, path;
   uint32_t appId;
   bool inBrowserElement, hasResult;
   nsAutoTArray<CookieDomainTuple, kMaxNumberOfCookies> array;
   while (1) {
     rv = stmt->ExecuteStep(&hasResult);
     if (NS_FAILED(rv)) {
       // Recreate the database.
       COOKIE_LOGSTRING(PR_LOG_DEBUG,
         ("EnsureReadComplete(): corruption detected when reading result "
          "with rv 0x%x", rv));
       HandleCorruptDB(mDefaultDBState);
       return;
     }
     if (!hasResult)
       break;
     // Make sure we haven't already read the data.
     stmt->GetUTF8String(IDX_BASE_DOMAIN, baseDomain);
     appId = static_cast<uint32_t>(stmt->AsInt32(IDX_APP_ID));
     inBrowserElement = static_cast<bool>(stmt->AsInt32(IDX_BROWSER_ELEM));
     nsCookieKey key(baseDomain, appId, inBrowserElement);
     if (mDefaultDBState->readSet.GetEntry(key))
       continue;
     CookieDomainTuple* tuple = array.AppendElement();
     tuple->key = key;
     tuple->cookie = GetCookieFromRow(stmt);
   }
   // Add the cookies to the table in a single operation. This makes sure that
   // either all the cookies get added, or in the case of corruption, none.
   for (uint32_t i = 0; i < array.Length(); ++i) {
     CookieDomainTuple& tuple = array[i];
     AddCookieToList(tuple.key, tuple.cookie, mDefaultDBState, nullptr,
       false);
   }
   mDefaultDBState->syncConn = nullptr;
   mDefaultDBState->readSet.Clear();
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("EnsureReadComplete(): %ld cookies read", array.Length()));
 }
 NS_IMETHODIMP
 nsCookieService::ImportCookies(nsIFile *aCookieFile)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   // Make sure we're in the default DB state. We don't want people importing
   // cookies into a private browsing session!
   if (mDBState != mDefaultDBState) {
     NS_WARNING("Trying to import cookies in a private browsing session!");
     return NS_ERROR_NOT_AVAILABLE;
   }
   nsresult rv;
   nsCOMPtr<nsIInputStream> fileInputStream;
   rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), aCookieFile);
   if (NS_FAILED(rv)) return rv;
   nsCOMPtr<nsILineInputStream> lineInputStream = do_QueryInterface(fileInputStream, &rv);
   if (NS_FAILED(rv)) return rv;
   // First, ensure we've read in everything from the database, if we have one.
   EnsureReadComplete();
   static const char kTrue[] = "TRUE";
   nsAutoCString buffer, baseDomain;
   bool isMore = true;
   int32_t hostIndex, isDomainIndex, pathIndex, secureIndex, expiresIndex, nameIndex, cookieIndex;
   nsASingleFragmentCString::char_iterator iter;
   int32_t numInts;
   int64_t expires;
   bool isDomain, isHttpOnly = false;
   uint32_t originalCookieCount = mDefaultDBState->cookieCount;
   int64_t currentTimeInUsec = PR_Now();
   int64_t currentTime = currentTimeInUsec / PR_USEC_PER_SEC;
   // we use lastAccessedCounter to keep cookies in recently-used order,
   // so we start by initializing to currentTime (somewhat arbitrary)
   int64_t lastAccessedCounter = currentTimeInUsec;
   /* file format is:
    *
    * host \t isDomain \t path \t secure \t expires \t name \t cookie
    *
    * if this format isn't respected we move onto the next line in the file.
    * isDomain is "TRUE" or "FALSE" (default to "FALSE")
    * isSecure is "TRUE" or "FALSE" (default to "TRUE")
    * expires is a int64_t integer
    * note 1: cookie can contain tabs.
    * note 2: cookies will be stored in order of lastAccessed time:
    *         most-recently used come first; least-recently-used come last.
    */
   /*
    * ...but due to bug 178933, we hide HttpOnly cookies from older code
    * in a comment, so they don't expose HttpOnly cookies to JS.
    *
    * The format for HttpOnly cookies is
    *
    * #HttpOnly_host \t isDomain \t path \t secure \t expires \t name \t cookie
    *
    */
   // We will likely be adding a bunch of cookies to the DB, so we use async
   // batching with storage to make this super fast.
   nsCOMPtr<mozIStorageBindingParamsArray> paramsArray;
   if (originalCookieCount == 0 && mDefaultDBState->dbConn) {
     mDefaultDBState->stmtInsert->NewBindingParamsArray(getter_AddRefs(paramsArray));
   }
   while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) {
     if (StringBeginsWith(buffer, NS_LITERAL_CSTRING(kHttpOnlyPrefix))) {
       isHttpOnly = true;
       hostIndex = sizeof(kHttpOnlyPrefix) - 1;
     } else if (buffer.IsEmpty() || buffer.First() == '#') {
       continue;
     } else {
       isHttpOnly = false;
       hostIndex = 0;
     }
     // this is a cheap, cheesy way of parsing a tab-delimited line into
     // string indexes, which can be lopped off into substrings. just for
     // purposes of obfuscation, it also checks that each token was found.
     // todo: use iterators?
     if ((isDomainIndex = buffer.FindChar('\t', hostIndex)     + 1) == 0 ||
         (pathIndex     = buffer.FindChar('\t', isDomainIndex) + 1) == 0 ||
         (secureIndex   = buffer.FindChar('\t', pathIndex)     + 1) == 0 ||
         (expiresIndex  = buffer.FindChar('\t', secureIndex)   + 1) == 0 ||
         (nameIndex     = buffer.FindChar('\t', expiresIndex)  + 1) == 0 ||
         (cookieIndex   = buffer.FindChar('\t', nameIndex)     + 1) == 0) {
       continue;
     }
     // check the expirytime first - if it's expired, ignore
     // nullstomp the trailing tab, to avoid copying the string
     buffer.BeginWriting(iter);
     *(iter += nameIndex - 1) = char(0);
     numInts = PR_sscanf(buffer.get() + expiresIndex, "%lld", &expires);
     if (numInts != 1 || expires < currentTime) {
       continue;
     }
     isDomain = Substring(buffer, isDomainIndex, pathIndex - isDomainIndex - 1).EqualsLiteral(kTrue);
     const nsASingleFragmentCString &host = Substring(buffer, hostIndex, isDomainIndex - hostIndex - 1);
     // check for bad legacy cookies (domain not starting with a dot, or containing a port),
     // and discard
     if ((isDomain && !host.IsEmpty() && host.First() != '.') ||
         host.FindChar(':') != kNotFound) {
       continue;
     }
     // compute the baseDomain from the host
     rv = GetBaseDomainFromHost(host, baseDomain);
     if (NS_FAILED(rv))
       continue;
     // pre-existing cookies have appId=0, inBrowser=false
     nsCookieKey key = DEFAULT_APP_KEY(baseDomain);
     // Create a new nsCookie and assign the data. We don't know the cookie
     // creation time, so just use the current time to generate a unique one.
     nsRefPtr<nsCookie> newCookie =
       nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1),
                        Substring(buffer, cookieIndex, buffer.Length() - cookieIndex),
                        host,
                        Substring(buffer, pathIndex, secureIndex - pathIndex - 1),
                        expires,
                        lastAccessedCounter,
                        nsCookie::GenerateUniqueCreationTime(currentTimeInUsec),
                        false,
                        Substring(buffer, secureIndex, expiresIndex - secureIndex - 1).EqualsLiteral(kTrue),
                        isHttpOnly);
     if (!newCookie) {
       return NS_ERROR_OUT_OF_MEMORY;
     }
     // trick: preserve the most-recently-used cookie ordering,
     // by successively decrementing the lastAccessed time
     lastAccessedCounter--;
     if (originalCookieCount == 0) {
       AddCookieToList(key, newCookie, mDefaultDBState, paramsArray);
     }
     else {
       AddInternal(key, newCookie, currentTimeInUsec,
                   nullptr, nullptr, true);
     }
   }
   // If we need to write to disk, do so now.
   if (paramsArray) {
     uint32_t length;
     paramsArray->GetLength(&length);
     if (length) {
       rv = mDefaultDBState->stmtInsert->BindParameters(paramsArray);
       NS_ASSERT_SUCCESS(rv);
       nsCOMPtr<mozIStoragePendingStatement> handle;
       rv = mDefaultDBState->stmtInsert->ExecuteAsync(
         mDefaultDBState->insertListener, getter_AddRefs(handle));
       NS_ASSERT_SUCCESS(rv);
     }
   }
   COOKIE_LOGSTRING(PR_LOG_DEBUG, ("ImportCookies(): %ld cookies imported",
     mDefaultDBState->cookieCount));
   return NS_OK;
 }
 /******************************************************************************
  * nsCookieService impl:
  * private GetCookie/SetCookie helpers
  ******************************************************************************/
 // helper function for GetCookieList
 static inline bool ispathdelimiter(char c) { return c == '/' || c == '?' || c == '#' || c == ';'; }
 // Comparator class for sorting cookies before sending to a server.
 class CompareCookiesForSending
 {
 public:
   bool Equals(const nsCookie* aCookie1, const nsCookie* aCookie2) const
   {
     return aCookie1->CreationTime() == aCookie2->CreationTime() &&
            aCookie2->Path().Length() == aCookie1->Path().Length();
   }
   bool LessThan(const nsCookie* aCookie1, const nsCookie* aCookie2) const
   {
     // compare by cookie path length in accordance with RFC2109
     int32_t result = aCookie2->Path().Length() - aCookie1->Path().Length();
     if (result != 0)
       return result < 0;
     // when path lengths match, older cookies should be listed first.  this is
     // required for backwards compatibility since some websites erroneously
     // depend on receiving cookies in the order in which they were sent to the
     // browser!  see bug 236772.
     return aCookie1->CreationTime() < aCookie2->CreationTime();
   }
 };
 void
 nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
                                          bool aIsForeign,
                                          bool aHttpBound,
                                          uint32_t aAppId,
                                          bool aInBrowserElement,
                                          bool aIsPrivate,
                                          nsCString &aCookieString)
 {
   NS_ASSERTION(aHostURI, "null host!");
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return;
   }
   AutoRestore<DBState*> savePrevDBState(mDBState);
   mDBState = aIsPrivate ? mPrivateDBState : mDefaultDBState;
   // get the base domain, host, and path from the URI.
   // e.g. for "www.bbc.co.uk", the base domain would be "bbc.co.uk".
   // file:// URI's (i.e. with an empty host) are allowed, but any other
   // scheme must have a non-empty host. A trailing dot in the host
   // is acceptable.
   bool requireHostMatch;
   nsAutoCString baseDomain, hostFromURI, pathFromURI;
   nsresult rv = GetBaseDomain(aHostURI, baseDomain, requireHostMatch);
   if (NS_SUCCEEDED(rv))
     rv = aHostURI->GetAsciiHost(hostFromURI);
   if (NS_SUCCEEDED(rv))
     rv = aHostURI->GetPath(pathFromURI);
   if (NS_FAILED(rv)) {
     COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, "invalid host/path from URI");
     return;
   }
   // check default prefs
   CookieStatus cookieStatus = CheckPrefs(aHostURI, aIsForeign, requireHostMatch,
                                          nullptr);
   // for GetCookie(), we don't fire rejection notifications.
   switch (cookieStatus) {
   case STATUS_REJECTED:
   case STATUS_REJECTED_WITH_ERROR:
     return;
   default:
     break;
   }
   // check if aHostURI is using an https secure protocol.
   // if it isn't, then we can't send a secure cookie over the connection.
   // if SchemeIs fails, assume an insecure connection, to be on the safe side
   bool isSecure;
   if (NS_FAILED(aHostURI->SchemeIs("https", &isSecure))) {
     isSecure = false;
   }
   nsCookie *cookie;
   nsAutoTArray<nsCookie*, 8> foundCookieList;
   int64_t currentTimeInUsec = PR_Now();
   int64_t currentTime = currentTimeInUsec / PR_USEC_PER_SEC;
   bool stale = false;
   nsCookieKey key(baseDomain, aAppId, aInBrowserElement);
   EnsureReadDomain(key);
   // perform the hash lookup
   nsCookieEntry *entry = mDBState->hostTable.GetEntry(key);
   if (!entry)
     return;
   // iterate the cookies!
   const nsCookieEntry::ArrayType &cookies = entry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     cookie = cookies[i];
     // check the host, since the base domain lookup is conservative.
     // first, check for an exact host or domain cookie match, e.g. "google.com"
     // or ".google.com"; second a subdomain match, e.g.
     // host = "mail.google.com", cookie domain = ".google.com".
     if (cookie->RawHost() != hostFromURI &&
         !(cookie->IsDomain() && StringEndsWith(hostFromURI, cookie->Host())))
       continue;
     // if the cookie is secure and the host scheme isn't, we can't send it
     if (cookie->IsSecure() && !isSecure)
       continue;
     // if the cookie is httpOnly and it's not going directly to the HTTP
     // connection, don't send it
     if (cookie->IsHttpOnly() && !aHttpBound)
       continue;
     // calculate cookie path length, excluding trailing '/'
     uint32_t cookiePathLen = cookie->Path().Length();
     if (cookiePathLen > 0 && cookie->Path().Last() == '/')
       --cookiePathLen;
     // if the nsIURI path is shorter than the cookie path, don't send it back
     if (!StringBeginsWith(pathFromURI, Substring(cookie->Path(), 0, cookiePathLen)))
       continue;
     if (pathFromURI.Length() > cookiePathLen &&
         !ispathdelimiter(pathFromURI.CharAt(cookiePathLen))) {
       /*
        * |ispathdelimiter| tests four cases: '/', '?', '#', and ';'.
        * '/' is the "standard" case; the '?' test allows a site at host/abc?def
        * to receive a cookie that has a path attribute of abc.  this seems
        * strange but at least one major site (citibank, bug 156725) depends
        * on it.  The test for # and ; are put in to proactively avoid problems
        * with other sites - these are the only other chars allowed in the path.
        */
       continue;
     }
     // check if the cookie has expired
     if (cookie->Expiry() <= currentTime) {
       continue;
     }
     // all checks passed - add to list and check if lastAccessed stamp needs updating
     foundCookieList.AppendElement(cookie);
     if (currentTimeInUsec - cookie->LastAccessed() > kCookieStaleThreshold)
       stale = true;
   }
   int32_t count = foundCookieList.Length();
   if (count == 0)
     return;
   // update lastAccessed timestamps. we only do this if the timestamp is stale
   // by a certain amount, to avoid thrashing the db during pageload.
   if (stale) {
     // Create an array of parameters to bind to our update statement. Batching
     // is OK here since we're updating cookies with no interleaved operations.
     nsCOMPtr<mozIStorageBindingParamsArray> paramsArray;
     mozIStorageAsyncStatement* stmt = mDBState->stmtUpdate;
     if (mDBState->dbConn) {
       stmt->NewBindingParamsArray(getter_AddRefs(paramsArray));
     }
     for (int32_t i = 0; i < count; ++i) {
       cookie = foundCookieList.ElementAt(i);
       if (currentTimeInUsec - cookie->LastAccessed() > kCookieStaleThreshold)
         UpdateCookieInList(cookie, currentTimeInUsec, paramsArray);
     }
     // Update the database now if necessary.
     if (paramsArray) {
       uint32_t length;
       paramsArray->GetLength(&length);
       if (length) {
         DebugOnly<nsresult> rv = stmt->BindParameters(paramsArray);
         NS_ASSERT_SUCCESS(rv);
         nsCOMPtr<mozIStoragePendingStatement> handle;
         rv = stmt->ExecuteAsync(mDBState->updateListener,
           getter_AddRefs(handle));
         NS_ASSERT_SUCCESS(rv);
       }
     }
   }
   // return cookies in order of path length; longest to shortest.
   // this is required per RFC2109.  if cookies match in length,
   // then sort by creation time (see bug 236772).
   foundCookieList.Sort(CompareCookiesForSending());
   for (int32_t i = 0; i < count; ++i) {
     cookie = foundCookieList.ElementAt(i);
     // check if we have anything to write
     if (!cookie->Name().IsEmpty() || !cookie->Value().IsEmpty()) {
       // if we've already added a cookie to the return list, append a "; " so
       // that subsequent cookies are delimited in the final list.
       if (!aCookieString.IsEmpty()) {
         aCookieString.AppendLiteral("; ");
       }
       if (!cookie->Name().IsEmpty()) {
         // we have a name and value - write both
         aCookieString += cookie->Name() + NS_LITERAL_CSTRING("=") + cookie->Value();
       } else {
         // just write value
         aCookieString += cookie->Value();
       }
     }
   }
   if (!aCookieString.IsEmpty())
     COOKIE_LOGSUCCESS(GET_COOKIE, aHostURI, aCookieString, nullptr, false);
 }
 // processes a single cookie, and returns true if there are more cookies
 // to be processed
 bool
 nsCookieService::SetCookieInternal(nsIURI                        *aHostURI,
                                    const nsCookieKey             &aKey,
                                    bool                           aRequireHostMatch,
                                    CookieStatus                   aStatus,
                                    nsDependentCString            &aCookieHeader,
                                    int64_t                        aServerTime,
                                    bool                           aFromHttp,
                                    nsIChannel                    *aChannel)
 {
   NS_ASSERTION(aHostURI, "null host!");
   // create a stack-based nsCookieAttributes, to store all the
   // attributes parsed from the cookie
   nsCookieAttributes cookieAttributes;
   // init expiryTime such that session cookies won't prematurely expire
   cookieAttributes.expiryTime = INT64_MAX;
   // aCookieHeader is an in/out param to point to the next cookie, if
   // there is one. Save the present value for logging purposes
   nsDependentCString savedCookieHeader(aCookieHeader);
   // newCookie says whether there are multiple cookies in the header;
   // so we can handle them separately.
   bool newCookie = ParseAttributes(aCookieHeader, cookieAttributes);
   int64_t currentTimeInUsec = PR_Now();
   // calculate expiry time of cookie.
   cookieAttributes.isSession = GetExpiry(cookieAttributes, aServerTime,
                                          currentTimeInUsec / PR_USEC_PER_SEC);
   if (aStatus == STATUS_ACCEPT_SESSION) {
     // force lifetime to session. note that the expiration time, if set above,
     // will still apply.
     cookieAttributes.isSession = true;
   }
   // reject cookie if it's over the size limit, per RFC2109
   if ((cookieAttributes.name.Length() + cookieAttributes.value.Length()) > kMaxBytesPerCookie) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie too big (> 4kb)");
     return newCookie;
   }
   if (cookieAttributes.name.FindChar('\t') != kNotFound) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character");
     return newCookie;
   }
   // domain & path checks
   if (!CheckDomain(cookieAttributes, aHostURI, aKey.mBaseDomain, aRequireHostMatch)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the domain tests");
     return newCookie;
   }
   if (!CheckPath(cookieAttributes, aHostURI)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the path tests");
     return newCookie;
   }
   // create a new nsCookie and copy attributes
   nsRefPtr<nsCookie> cookie =
     nsCookie::Create(cookieAttributes.name,
                      cookieAttributes.value,
                      cookieAttributes.host,
                      cookieAttributes.path,
                      cookieAttributes.expiryTime,
                      currentTimeInUsec,
                      nsCookie::GenerateUniqueCreationTime(currentTimeInUsec),
                      cookieAttributes.isSession,
                      cookieAttributes.isSecure,
                      cookieAttributes.isHttpOnly);
   if (!cookie)
     return newCookie;
   // check permissions from site permission list, or ask the user,
   // to determine if we can set the cookie
   if (mPermissionService) {
     bool permission;
     mPermissionService->CanSetCookie(aHostURI,
                                      aChannel,
                                      static_cast<nsICookie2*>(static_cast<nsCookie*>(cookie)),
                                      &cookieAttributes.isSession,
                                      &cookieAttributes.expiryTime,
                                      &permission);
     if (!permission) {
       COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie rejected by permission manager");
       NotifyRejected(aHostURI);
       return newCookie;
     }
     // update isSession and expiry attributes, in case they changed
     cookie->SetIsSession(cookieAttributes.isSession);
     cookie->SetExpiry(cookieAttributes.expiryTime);
   }
   // add the cookie to the list. AddInternal() takes care of logging.
   // we get the current time again here, since it may have changed during prompting
   AddInternal(aKey, cookie, PR_Now(), aHostURI, savedCookieHeader.get(),
               aFromHttp);
   return newCookie;
 }
 // this is a backend function for adding a cookie to the list, via SetCookie.
 // also used in the cookie manager, for profile migration from IE.
 // it either replaces an existing cookie; or adds the cookie to the hashtable,
 // and deletes a cookie (if maximum number of cookies has been
 // reached). also performs list maintenance by removing expired cookies.
 void
 nsCookieService::AddInternal(const nsCookieKey             &aKey,
                              nsCookie                      *aCookie,
                              int64_t                        aCurrentTimeInUsec,
                              nsIURI                        *aHostURI,
                              const char                    *aCookieHeader,
                              bool                           aFromHttp)
 {
   int64_t currentTime = aCurrentTimeInUsec / PR_USEC_PER_SEC;
   // if the new cookie is httponly, make sure we're not coming from script
   if (!aFromHttp && aCookie->IsHttpOnly()) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
       "cookie is httponly; coming from script");
     return;
   }
   nsListIter matchIter;
   bool foundCookie = FindCookie(aKey, aCookie->Host(),
     aCookie->Name(), aCookie->Path(), matchIter);
   nsRefPtr<nsCookie> oldCookie;
   nsCOMPtr<nsIArray> purgedList;
   if (foundCookie) {
     oldCookie = matchIter.Cookie();
     // Check if the old cookie is stale (i.e. has already expired). If so, we
     // need to be careful about the semantics of removing it and adding the new
     // cookie: we want the behavior wrt adding the new cookie to be the same as
     // if it didn't exist, but we still want to fire a removal notification.
     if (oldCookie->Expiry() <= currentTime) {
       if (aCookie->Expiry() <= currentTime) {
         // The new cookie has expired and the old one is stale. Nothing to do.
         COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
           "cookie has already expired");
         return;
       }
       // Remove the stale cookie. We save notification for later, once all list
       // modifications are complete.
       RemoveCookieFromList(matchIter);
       COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
         "stale cookie was purged");
       purgedList = CreatePurgeList(oldCookie);
       // We've done all we need to wrt removing and notifying the stale cookie.
       // From here on out, we pretend pretend it didn't exist, so that we
       // preserve expected notification semantics when adding the new cookie.
       foundCookie = false;
     } else {
       // If the old cookie is httponly, make sure we're not coming from script.
       if (!aFromHttp && oldCookie->IsHttpOnly()) {
         COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
           "previously stored cookie is httponly; coming from script");
         return;
       }
       // Remove the old cookie.
       RemoveCookieFromList(matchIter);
       // If the new cookie has expired -- i.e. the intent was simply to delete
       // the old cookie -- then we're done.
       if (aCookie->Expiry() <= currentTime) {
         COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
           "previously stored cookie was deleted");
         NotifyChanged(oldCookie, MOZ_UTF16("deleted"));
         return;
       }
       // Preserve creation time of cookie for ordering purposes.
       aCookie->SetCreationTime(oldCookie->CreationTime());
     }
   } else {
     // check if cookie has already expired
     if (aCookie->Expiry() <= currentTime) {
       COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
         "cookie has already expired");
       return;
     }
     // check if we have to delete an old cookie.
     nsCookieEntry *entry = mDBState->hostTable.GetEntry(aKey);
     if (entry && entry->GetCookies().Length() >= mMaxCookiesPerHost) {
       nsListIter iter;
       FindStaleCookie(entry, currentTime, iter);
       oldCookie = iter.Cookie();
       // remove the oldest cookie from the domain
       RemoveCookieFromList(iter);
       COOKIE_LOGEVICTED(oldCookie, "Too many cookies for this domain");
       purgedList = CreatePurgeList(oldCookie);
     } else if (mDBState->cookieCount >= ADD_TEN_PERCENT(mMaxNumberOfCookies)) {
       int64_t maxAge = aCurrentTimeInUsec - mDBState->cookieOldestTime;
       int64_t purgeAge = ADD_TEN_PERCENT(mCookiePurgeAge);
       if (maxAge >= purgeAge) {
         // we're over both size and age limits by 10%; time to purge the table!
         // do this by:
         // 1) removing expired cookies;
         // 2) evicting the balance of old cookies until we reach the size limit.
         // note that the cookieOldestTime indicator can be pessimistic - if it's
         // older than the actual oldest cookie, we'll just purge more eagerly.
         purgedList = PurgeCookies(aCurrentTimeInUsec);
       }
     }
   }
   // Add the cookie to the db. We do not supply a params array for batching
   // because this might result in removals and additions being out of order.
   AddCookieToList(aKey, aCookie, mDBState, nullptr);
   COOKIE_LOGSUCCESS(SET_COOKIE, aHostURI, aCookieHeader, aCookie, foundCookie);
   // Now that list mutations are complete, notify observers. We do it here
   // because observers may themselves attempt to mutate the list.
   if (purgedList) {
     NotifyChanged(purgedList, MOZ_UTF16("batch-deleted"));
   }
   NotifyChanged(aCookie, foundCookie ? MOZ_UTF16("changed")
                                      : MOZ_UTF16("added"));
 }
 /******************************************************************************
  * nsCookieService impl:
  * private cookie header parsing functions
  ******************************************************************************/
 // The following comment block elucidates the function of ParseAttributes.
 /******************************************************************************
  ** Augmented BNF, modified from RFC2109 Section 4.2.2 and RFC2616 Section 2.1
  ** please note: this BNF deviates from both specifications, and reflects this
  ** implementation. <bnf> indicates a reference to the defined grammar "bnf".
  ** Differences from RFC2109/2616 and explanations:
 . implied *LWS
          The grammar described by this specification is word-based. Except
          where noted otherwise, linear white space (<LWS>) can be included
          between any two adjacent words (token or quoted-string), and
          between adjacent words and separators, without changing the
          interpretation of a field.
        <LWS> according to spec is SP|HT|CR|LF, but here, we allow only SP | HT.
 . We use CR | LF as cookie separators, not ',' per spec, since ',' is in
        common use inside values.
 . tokens and values have looser restrictions on allowed characters than
        spec. This is also due to certain characters being in common use inside
        values. We allow only '=' to separate token/value pairs, and ';' to
        terminate tokens or values. <LWS> is allowed within tokens and values
        (see bug 206022).
 . where appropriate, full <OCTET>s are allowed, where the spec dictates to
        reject control chars or non-ASCII chars. This is erring on the loose
        side, since there's probably no good reason to enforce this strictness.
 . cookie <NAME> is optional, where spec requires it. This is a fairly
        trivial case, but allows the flexibility of setting only a cookie <VALUE>
        with a blank <NAME> and is required by some sites (see bug 169091).
 . Attribute "HttpOnly", not covered in the RFCs, is supported
        (see bug 178993).
  ** Begin BNF:
     token         = 1*<any allowed-chars except separators>
     value         = 1*<any allowed-chars except value-sep>
     separators    = ";" | "="
     value-sep     = ";"
     cookie-sep    = CR | LF
     allowed-chars = <any OCTET except NUL or cookie-sep>
     OCTET         = <any 8-bit sequence of data>
     LWS           = SP | HT
     NUL           = <US-ASCII NUL, null control character (0)>
     CR            = <US-ASCII CR, carriage return (13)>
     LF            = <US-ASCII LF, linefeed (10)>
     SP            = <US-ASCII SP, space (32)>
     HT            = <US-ASCII HT, horizontal-tab (9)>
     set-cookie    = "Set-Cookie:" cookies
     cookies       = cookie *( cookie-sep cookie )
     cookie        = [NAME "="] VALUE *(";" cookie-av)    ; cookie NAME/VALUE must come first
     NAME          = token                                ; cookie name
     VALUE         = value                                ; cookie value
     cookie-av     = token ["=" value]
     valid values for cookie-av (checked post-parsing) are:
     cookie-av     = "Path"    "=" value
                   | "Domain"  "=" value
                   | "Expires" "=" value
                   | "Max-Age" "=" value
                   | "Comment" "=" value
                   | "Version" "=" value
                   | "Secure"
                   | "HttpOnly"
 ******************************************************************************/
 // helper functions for GetTokenValue
 static inline bool iswhitespace     (char c) { return c == ' '  || c == '\t'; }
 static inline bool isterminator     (char c) { return c == '\n' || c == '\r'; }
 static inline bool isvalueseparator (char c) { return isterminator(c) || c == ';'; }
 static inline bool istokenseparator (char c) { return isvalueseparator(c) || c == '='; }
 // Parse a single token/value pair.
 // Returns true if a cookie terminator is found, so caller can parse new cookie.
 bool
 nsCookieService::GetTokenValue(nsASingleFragmentCString::const_char_iterator &aIter,
                                nsASingleFragmentCString::const_char_iterator &aEndIter,
                                nsDependentCSubstring                         &aTokenString,
                                nsDependentCSubstring                         &aTokenValue,
                                bool                                          &aEqualsFound)
 {
   nsASingleFragmentCString::const_char_iterator start, lastSpace;
   // initialize value string to clear garbage
   aTokenValue.Rebind(aIter, aIter);
   // find <token>, including any <LWS> between the end-of-token and the
   // token separator. we'll remove trailing <LWS> next
   while (aIter != aEndIter && iswhitespace(*aIter))
     ++aIter;
   start = aIter;
   while (aIter != aEndIter && !istokenseparator(*aIter))
     ++aIter;
   // remove trailing <LWS>; first check we're not at the beginning
   lastSpace = aIter;
   if (lastSpace != start) {
     while (--lastSpace != start && iswhitespace(*lastSpace))
       continue;
     ++lastSpace;
   }
   aTokenString.Rebind(start, lastSpace);
   aEqualsFound = (*aIter == '=');
   if (aEqualsFound) {
     // find <value>
     while (++aIter != aEndIter && iswhitespace(*aIter))
       continue;
     start = aIter;
     // process <token>
     // just look for ';' to terminate ('=' allowed)
     while (aIter != aEndIter && !isvalueseparator(*aIter))
       ++aIter;
     // remove trailing <LWS>; first check we're not at the beginning
     if (aIter != start) {
       lastSpace = aIter;
       while (--lastSpace != start && iswhitespace(*lastSpace))
         continue;
       aTokenValue.Rebind(start, ++lastSpace);
     }
   }
   // aIter is on ';', or terminator, or EOS
   if (aIter != aEndIter) {
     // if on terminator, increment past & return true to process new cookie
     if (isterminator(*aIter)) {
       ++aIter;
       return true;
     }
     // fall-through: aIter is on ';', increment and return false
     ++aIter;
   }
   return false;
 }
 // Parses attributes from cookie header. expires/max-age attributes aren't folded into the
 // cookie struct here, because we don't know which one to use until we've parsed the header.
 bool
 nsCookieService::ParseAttributes(nsDependentCString &aCookieHeader,
                                  nsCookieAttributes &aCookieAttributes)
 {
   static const char kPath[]    = "path";
   static const char kDomain[]  = "domain";
   static const char kExpires[] = "expires";
   static const char kMaxage[]  = "max-age";
   static const char kSecure[]  = "secure";
   static const char kHttpOnly[]  = "httponly";
   nsASingleFragmentCString::const_char_iterator tempBegin, tempEnd;
   nsASingleFragmentCString::const_char_iterator cookieStart, cookieEnd;
   aCookieHeader.BeginReading(cookieStart);
   aCookieHeader.EndReading(cookieEnd);
   aCookieAttributes.isSecure = false;
   aCookieAttributes.isHttpOnly = false;
   nsDependentCSubstring tokenString(cookieStart, cookieStart);
   nsDependentCSubstring tokenValue (cookieStart, cookieStart);
   bool newCookie, equalsFound;
   // extract cookie <NAME> & <VALUE> (first attribute), and copy the strings.
   // if we find multiple cookies, return for processing
   // note: if there's no '=', we assume token is <VALUE>. this is required by
   //       some sites (see bug 169091).
   // XXX fix the parser to parse according to <VALUE> grammar for this case
   newCookie = GetTokenValue(cookieStart, cookieEnd, tokenString, tokenValue, equalsFound);
   if (equalsFound) {
     aCookieAttributes.name = tokenString;
     aCookieAttributes.value = tokenValue;
   } else {
     aCookieAttributes.value = tokenString;
   }
   // extract remaining attributes
   while (cookieStart != cookieEnd && !newCookie) {
     newCookie = GetTokenValue(cookieStart, cookieEnd, tokenString, tokenValue, equalsFound);
     if (!tokenValue.IsEmpty()) {
       tokenValue.BeginReading(tempBegin);
       tokenValue.EndReading(tempEnd);
     }
     // decide which attribute we have, and copy the string
     if (tokenString.LowerCaseEqualsLiteral(kPath))
       aCookieAttributes.path = tokenValue;
     else if (tokenString.LowerCaseEqualsLiteral(kDomain))
       aCookieAttributes.host = tokenValue;
     else if (tokenString.LowerCaseEqualsLiteral(kExpires))
       aCookieAttributes.expires = tokenValue;
     else if (tokenString.LowerCaseEqualsLiteral(kMaxage))
       aCookieAttributes.maxage = tokenValue;
     // ignore any tokenValue for isSecure; just set the boolean
     else if (tokenString.LowerCaseEqualsLiteral(kSecure))
       aCookieAttributes.isSecure = true;
     // ignore any tokenValue for isHttpOnly (see bug 178993);
     // just set the boolean
     else if (tokenString.LowerCaseEqualsLiteral(kHttpOnly))
       aCookieAttributes.isHttpOnly = true;
   }
   // rebind aCookieHeader, in case we need to process another cookie
   aCookieHeader.Rebind(cookieStart, cookieEnd);
   return newCookie;
 }
 /******************************************************************************
  * nsCookieService impl:
  * private domain & permission compliance enforcement functions
  ******************************************************************************/
 // Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
 // dot may be present. If aHostURI is an IP address, an alias such as
 // 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
 // be the exact host, and aRequireHostMatch will be true to indicate that
 // substring matches should not be performed.
 nsresult
 nsCookieService::GetBaseDomain(nsIURI    *aHostURI,
                                nsCString &aBaseDomain,
                                bool      &aRequireHostMatch)
 {
   // get the base domain. this will fail if the host contains a leading dot,
   // more than one trailing dot, or is otherwise malformed.
   nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
   aRequireHostMatch = rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
                       rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS;
   if (aRequireHostMatch) {
     // aHostURI is either an IP address, an alias such as 'localhost', an eTLD
     // such as 'co.uk', or the empty string. use the host as a key in such
     // cases.
     rv = aHostURI->GetAsciiHost(aBaseDomain);
   }
   NS_ENSURE_SUCCESS(rv, rv);
   // aHost (and thus aBaseDomain) may be the string '.'. If so, fail.
   if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
     return NS_ERROR_INVALID_ARG;
   // block any URIs without a host that aren't file:// URIs.
   if (aBaseDomain.IsEmpty()) {
     bool isFileURI = false;
     aHostURI->SchemeIs("file", &isFileURI);
     if (!isFileURI)
       return NS_ERROR_INVALID_ARG;
   }
   return NS_OK;
 }
 // Get the base domain for aHost; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". This is done differently than GetBaseDomain(): it is assumed
 // that aHost is already normalized, and it may contain a leading dot
 // (indicating that it represents a domain). A trailing dot may be present.
 // If aHost is an IP address, an alias such as 'localhost', an eTLD such as
 // 'co.uk', or the empty string, aBaseDomain will be the exact host, and a
 // leading dot will be treated as an error.
 nsresult
 nsCookieService::GetBaseDomainFromHost(const nsACString &aHost,
                                        nsCString        &aBaseDomain)
 {
   // aHost must not be the string '.'.
   if (aHost.Length() == 1 && aHost.Last() == '.')
     return NS_ERROR_INVALID_ARG;
   // aHost may contain a leading dot; if so, strip it now.
   bool domain = !aHost.IsEmpty() && aHost.First() == '.';
   // get the base domain. this will fail if the host contains a leading dot,
   // more than one trailing dot, or is otherwise malformed.
   nsresult rv = mTLDService->GetBaseDomainFromHost(Substring(aHost, domain), 0, aBaseDomain);
   if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
       rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
     // aHost is either an IP address, an alias such as 'localhost', an eTLD
     // such as 'co.uk', or the empty string. use the host as a key in such
     // cases; however, we reject any such hosts with a leading dot, since it
     // doesn't make sense for them to be domain cookies.
     if (domain)
       return NS_ERROR_INVALID_ARG;
     aBaseDomain = aHost;
     return NS_OK;
   }
   return rv;
 }
 // Normalizes the given hostname, component by component. ASCII/ACE
 // components are lower-cased, and UTF-8 components are normalized per
 // RFC 3454 and converted to ACE.
 nsresult
 nsCookieService::NormalizeHost(nsCString &aHost)
 {
   if (!IsASCII(aHost)) {
     nsAutoCString host;
     nsresult rv = mIDNService->ConvertUTF8toACE(aHost, host);
     if (NS_FAILED(rv))
       return rv;
     aHost = host;
   }
   ToLowerCase(aHost);
   return NS_OK;
 }
 // returns true if 'a' is equal to or a subdomain of 'b',
 // assuming no leading dots are present.
 static inline bool IsSubdomainOf(const nsCString &a, const nsCString &b)
 {
   if (a == b)
     return true;
   if (a.Length() > b.Length())
     return a[a.Length() - b.Length() - 1] == '.' && StringEndsWith(a, b);
   return false;
 }
 CookieStatus
 nsCookieService::CheckPrefs(nsIURI          *aHostURI,
                             bool             aIsForeign,
                             bool             aRequireHostMatch,
                             const char      *aCookieHeader)
 {
   nsresult rv;
   // don't let ftp sites get/set cookies (could be a security issue)
   bool ftp;
   if (NS_SUCCEEDED(aHostURI->SchemeIs("ftp", &ftp)) && ftp) {
     COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "ftp sites cannot read cookies");
     return STATUS_REJECTED_WITH_ERROR;
   }
   // check the permission list first; if we find an entry, it overrides
   // default prefs. see bug 184059.
   if (mPermissionService) {
     nsCookieAccess access;
     // Not passing an nsIChannel here is probably OK; our implementation
     // doesn't do anything with it anyway.
     rv = mPermissionService->CanAccess(aHostURI, nullptr, &access);
     // if we found an entry, use it
     if (NS_SUCCEEDED(rv)) {
       switch (access) {
       case nsICookiePermission::ACCESS_DENY:
         COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                           aCookieHeader, "cookies are blocked for this site");
         return STATUS_REJECTED;
       case nsICookiePermission::ACCESS_ALLOW:
         return STATUS_ACCEPTED;
       case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
         if (aIsForeign) {
           COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                             aCookieHeader, "third party cookies are blocked "
                             "for this site");
           return STATUS_REJECTED;
         }
         return STATUS_ACCEPTED;
       case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
         if (!aIsForeign)
           return STATUS_ACCEPTED;
         uint32_t priorCookieCount = 0;
         nsAutoCString hostFromURI;
         aHostURI->GetHost(hostFromURI);
         CountCookiesFromHost(hostFromURI, &priorCookieCount);
         if (priorCookieCount == 0) {
           COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                             aCookieHeader, "third party cookies are blocked "
                             "for this site");
           return STATUS_REJECTED;
         }
         return STATUS_ACCEPTED;
       }
     }
   }
   // check default prefs
   if (mCookieBehavior == BEHAVIOR_REJECT) {
     COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "cookies are disabled");
     return STATUS_REJECTED;
   }
   // check if cookie is foreign
   if (aIsForeign) {
     if (mCookieBehavior == BEHAVIOR_ACCEPT && mThirdPartySession)
       return STATUS_ACCEPT_SESSION;
     if (mCookieBehavior == BEHAVIOR_REJECTFOREIGN) {
       COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "context is third party");
       return STATUS_REJECTED;
     }
     if (mCookieBehavior == BEHAVIOR_LIMITFOREIGN) {
       uint32_t priorCookieCount = 0;
       nsAutoCString hostFromURI;
       aHostURI->GetHost(hostFromURI);
       CountCookiesFromHost(hostFromURI, &priorCookieCount);
       if (priorCookieCount == 0) {
         COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "context is third party");
         return STATUS_REJECTED;
       }
       if (mThirdPartySession)
         return STATUS_ACCEPT_SESSION;
     }
   }
   // if nothing has complained, accept cookie
   return STATUS_ACCEPTED;
 }
 // processes domain attribute, and returns true if host has permission to set for this domain.
 bool
 nsCookieService::CheckDomain(nsCookieAttributes &aCookieAttributes,
                              nsIURI             *aHostURI,
                              const nsCString    &aBaseDomain,
                              bool                aRequireHostMatch)
 {
   // get host from aHostURI
   nsAutoCString hostFromURI;
   aHostURI->GetAsciiHost(hostFromURI);
   // if a domain is given, check the host has permission
   if (!aCookieAttributes.host.IsEmpty()) {
     // Tolerate leading '.' characters, but not if it's otherwise an empty host.
     if (aCookieAttributes.host.Length() > 1 &&
         aCookieAttributes.host.First() == '.') {
       aCookieAttributes.host.Cut(0, 1);
     }
     // switch to lowercase now, to avoid case-insensitive compares everywhere
     ToLowerCase(aCookieAttributes.host);
     // check whether the host is either an IP address, an alias such as
     // 'localhost', an eTLD such as 'co.uk', or the empty string. in these
     // cases, require an exact string match for the domain, and leave the cookie
     // as a non-domain one. bug 105917 originally noted the requirement to deal
     // with IP addresses.
     if (aRequireHostMatch)
       return hostFromURI.Equals(aCookieAttributes.host);
     // ensure the proposed domain is derived from the base domain; and also
     // that the host domain is derived from the proposed domain (per RFC2109).
     if (IsSubdomainOf(aCookieAttributes.host, aBaseDomain) &&
         IsSubdomainOf(hostFromURI, aCookieAttributes.host)) {
       // prepend a dot to indicate a domain cookie
       aCookieAttributes.host.Insert(NS_LITERAL_CSTRING("."), 0);
       return true;
     }
     /*
      * note: RFC2109 section 4.3.2 requires that we check the following:
      * that the portion of host not in domain does not contain a dot.
      * this prevents hosts of the form x.y.co.nz from setting cookies in the
      * entire .co.nz domain. however, it's only a only a partial solution and
      * it breaks sites (IE doesn't enforce it), so we don't perform this check.
      */
     return false;
   }
   // no domain specified, use hostFromURI
   aCookieAttributes.host = hostFromURI;
   return true;
 }
 bool
 nsCookieService::CheckPath(nsCookieAttributes &aCookieAttributes,
                            nsIURI             *aHostURI)
 {
   // if a path is given, check the host has permission
   if (aCookieAttributes.path.IsEmpty() || aCookieAttributes.path.First() != '/') {
     // strip down everything after the last slash to get the path,
     // ignoring slashes in the query string part.
     // if we can QI to nsIURL, that'll take care of the query string portion.
     // otherwise, it's not an nsIURL and can't have a query string, so just find the last slash.
     nsCOMPtr<nsIURL> hostURL = do_QueryInterface(aHostURI);
     if (hostURL) {
       hostURL->GetDirectory(aCookieAttributes.path);
     } else {
       aHostURI->GetPath(aCookieAttributes.path);
       int32_t slash = aCookieAttributes.path.RFindChar('/');
       if (slash != kNotFound) {
         aCookieAttributes.path.Truncate(slash + 1);
       }
     }
 #if 0
   } else {
     /**
      * The following test is part of the RFC2109 spec.  Loosely speaking, it says that a site
      * cannot set a cookie for a path that it is not on.  See bug 155083.  However this patch
      * broke several sites -- nordea (bug 155768) and citibank (bug 156725).  So this test has
      * been disabled, unless we can evangelize these sites.
      */
     // get path from aHostURI
     nsAutoCString pathFromURI;
     if (NS_FAILED(aHostURI->GetPath(pathFromURI)) ||
         !StringBeginsWith(pathFromURI, aCookieAttributes.path)) {
       return false;
     }
 #endif
   }
   if (aCookieAttributes.path.Length() > kMaxBytesPerPath ||
       aCookieAttributes.path.FindChar('\t') != kNotFound )
     return false;
   return true;
 }
 bool
 nsCookieService::GetExpiry(nsCookieAttributes &aCookieAttributes,
                            int64_t             aServerTime,
                            int64_t             aCurrentTime)
 {
   /* Determine when the cookie should expire. This is done by taking the difference between
    * the server time and the time the server wants the cookie to expire, and adding that
    * difference to the client time. This localizes the client time regardless of whether or
    * not the TZ environment variable was set on the client.
    *
    * Note: We need to consider accounting for network lag here, per RFC.
    */
   int64_t delta;
   // check for max-age attribute first; this overrides expires attribute
   if (!aCookieAttributes.maxage.IsEmpty()) {
     // obtain numeric value of maxageAttribute
     int64_t maxage;
     int32_t numInts = PR_sscanf(aCookieAttributes.maxage.get(), "%lld", &maxage);
     // default to session cookie if the conversion failed
     if (numInts != 1) {
       return true;
     }
     delta = maxage;
   // check for expires attribute
   } else if (!aCookieAttributes.expires.IsEmpty()) {
     PRTime expires;
     // parse expiry time
     if (PR_ParseTimeString(aCookieAttributes.expires.get(), true, &expires) != PR_SUCCESS) {
       return true;
     }
     delta = expires / int64_t(PR_USEC_PER_SEC) - aServerTime;
   // default to session cookie if no attributes found
   } else {
     return true;
   }
   // if this addition overflows, expiryTime will be less than currentTime
   // and the cookie will be expired - that's okay.
   aCookieAttributes.expiryTime = aCurrentTime + delta;
   return false;
 }
 /******************************************************************************
  * nsCookieService impl:
  * private cookielist management functions
  ******************************************************************************/
 void
 nsCookieService::RemoveAllFromMemory()
 {
   // clearing the hashtable will call each nsCookieEntry's dtor,
   // which releases all their respective children.
   mDBState->hostTable.Clear();
   mDBState->cookieCount = 0;
   mDBState->cookieOldestTime = INT64_MAX;
 }
 // stores temporary data for enumerating over the hash entries,
 // since enumeration is done using callback functions
 struct nsPurgeData
 {
   typedef nsTArray<nsListIter> ArrayType;
   nsPurgeData(int64_t aCurrentTime,
               int64_t aPurgeTime,
               ArrayType &aPurgeList,
               nsIMutableArray *aRemovedList,
               mozIStorageBindingParamsArray *aParamsArray)
    : currentTime(aCurrentTime)
    , purgeTime(aPurgeTime)
    , oldestTime(INT64_MAX)
    , purgeList(aPurgeList)
    , removedList(aRemovedList)
    , paramsArray(aParamsArray)
   {
   }
   // the current time, in seconds
   int64_t currentTime;
   // lastAccessed time older than which cookies are eligible for purge
   int64_t purgeTime;
   // lastAccessed time of the oldest cookie found during purge, to update our indicator
   int64_t oldestTime;
   // list of cookies over the age limit, for purging
   ArrayType &purgeList;
   // list of all cookies we've removed, for notification
   nsIMutableArray *removedList;
   // The array of parameters to be bound to the statement for deletion later.
   mozIStorageBindingParamsArray *paramsArray;
 };
 // comparator class for lastaccessed times of cookies.
 class CompareCookiesByAge {
 public:
   bool Equals(const nsListIter &a, const nsListIter &b) const
   {
     return a.Cookie()->LastAccessed() == b.Cookie()->LastAccessed() &&
            a.Cookie()->CreationTime() == b.Cookie()->CreationTime();
   }
   bool LessThan(const nsListIter &a, const nsListIter &b) const
   {
     // compare by lastAccessed time, and tiebreak by creationTime.
     int64_t result = a.Cookie()->LastAccessed() - b.Cookie()->LastAccessed();
     if (result != 0)
       return result < 0;
     return a.Cookie()->CreationTime() < b.Cookie()->CreationTime();
   }
 };
 // comparator class for sorting cookies by entry and index.
 class CompareCookiesByIndex {
 public:
   bool Equals(const nsListIter &a, const nsListIter &b) const
   {
     NS_ASSERTION(a.entry != b.entry || a.index != b.index,
       "cookie indexes should never be equal");
     return false;
   }
   bool LessThan(const nsListIter &a, const nsListIter &b) const
   {
     // compare by entryclass pointer, then by index.
     if (a.entry != b.entry)
       return a.entry < b.entry;
     return a.index < b.index;
   }
 };
 PLDHashOperator
 purgeCookiesCallback(nsCookieEntry *aEntry,
                      void          *aArg)
 {
   nsPurgeData &data = *static_cast<nsPurgeData*>(aArg);
   const nsCookieEntry::ArrayType &cookies = aEntry->GetCookies();
   mozIStorageBindingParamsArray *array = data.paramsArray;
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ) {
     nsListIter iter(aEntry, i);
     nsCookie *cookie = cookies[i];
     // check if the cookie has expired
     if (cookie->Expiry() <= data.currentTime) {
       data.removedList->AppendElement(cookie, false);
       COOKIE_LOGEVICTED(cookie, "Cookie expired");
       // remove from list; do not increment our iterator
       gCookieService->RemoveCookieFromList(iter, array);
     } else {
       // check if the cookie is over the age limit
       if (cookie->LastAccessed() <= data.purgeTime) {
         data.purgeList.AppendElement(iter);
       } else if (cookie->LastAccessed() < data.oldestTime) {
         // reset our indicator
         data.oldestTime = cookie->LastAccessed();
       }
       ++i;
     }
   }
   return PL_DHASH_NEXT;
 }
 // purges expired and old cookies in a batch operation.
 already_AddRefed<nsIArray>
 nsCookieService::PurgeCookies(int64_t aCurrentTimeInUsec)
 {
   NS_ASSERTION(mDBState->hostTable.Count() > 0, "table is empty");
   EnsureReadComplete();
 #ifdef PR_LOGGING
   uint32_t initialCookieCount = mDBState->cookieCount;
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("PurgeCookies(): beginning purge with %ld cookies and %lld oldest age",
      mDBState->cookieCount, aCurrentTimeInUsec - mDBState->cookieOldestTime));
 #endif
   nsAutoTArray<nsListIter, kMaxNumberOfCookies> purgeList;
   nsCOMPtr<nsIMutableArray> removedList = do_CreateInstance(NS_ARRAY_CONTRACTID);
   // Create a params array to batch the removals. This is OK here because
   // all the removals are in order, and there are no interleaved additions.
   mozIStorageAsyncStatement *stmt = mDBState->stmtDelete;
   nsCOMPtr<mozIStorageBindingParamsArray> paramsArray;
   if (mDBState->dbConn) {
     stmt->NewBindingParamsArray(getter_AddRefs(paramsArray));
   }
   nsPurgeData data(aCurrentTimeInUsec / PR_USEC_PER_SEC,
     aCurrentTimeInUsec - mCookiePurgeAge, purgeList, removedList, paramsArray);
   mDBState->hostTable.EnumerateEntries(purgeCookiesCallback, &data);
 #ifdef PR_LOGGING
   uint32_t postExpiryCookieCount = mDBState->cookieCount;
 #endif
   // now we have a list of iterators for cookies over the age limit.
   // sort them by age, and then we'll see how many to remove...
   purgeList.Sort(CompareCookiesByAge());
   // only remove old cookies until we reach the max cookie limit, no more.
   uint32_t excess = mDBState->cookieCount > mMaxNumberOfCookies ?
     mDBState->cookieCount - mMaxNumberOfCookies : 0;
   if (purgeList.Length() > excess) {
     // We're not purging everything in the list, so update our indicator.
     data.oldestTime = purgeList[excess].Cookie()->LastAccessed();
     purgeList.SetLength(excess);
   }
   // sort the list again, this time grouping cookies with a common entryclass
   // together, and with ascending index. this allows us to iterate backwards
   // over the list removing cookies, without having to adjust indexes as we go.
   purgeList.Sort(CompareCookiesByIndex());
   for (nsPurgeData::ArrayType::index_type i = purgeList.Length(); i--; ) {
     nsCookie *cookie = purgeList[i].Cookie();
     removedList->AppendElement(cookie, false);
     COOKIE_LOGEVICTED(cookie, "Cookie too old");
     RemoveCookieFromList(purgeList[i], paramsArray);
   }
   // Update the database if we have entries to purge.
   if (paramsArray) {
     uint32_t length;
     paramsArray->GetLength(&length);
     if (length) {
       DebugOnly<nsresult> rv = stmt->BindParameters(paramsArray);
       NS_ASSERT_SUCCESS(rv);
       nsCOMPtr<mozIStoragePendingStatement> handle;
       rv = stmt->ExecuteAsync(mDBState->removeListener, getter_AddRefs(handle));
       NS_ASSERT_SUCCESS(rv);
     }
   }
   // reset the oldest time indicator
   mDBState->cookieOldestTime = data.oldestTime;
   COOKIE_LOGSTRING(PR_LOG_DEBUG,
     ("PurgeCookies(): %ld expired; %ld purged; %ld remain; %lld oldest age",
      initialCookieCount - postExpiryCookieCount,
      postExpiryCookieCount - mDBState->cookieCount,
      mDBState->cookieCount,
      aCurrentTimeInUsec - mDBState->cookieOldestTime));
   return removedList.forget();
 }
 // find whether a given cookie has been previously set. this is provided by the
 // nsICookieManager2 interface.
 NS_IMETHODIMP
 nsCookieService::CookieExists(nsICookie2 *aCookie,
                               bool       *aFoundCookie)
 {
   NS_ENSURE_ARG_POINTER(aCookie);
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   nsAutoCString host, name, path;
   nsresult rv = aCookie->GetHost(host);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = aCookie->GetName(name);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = aCookie->GetPath(path);
   NS_ENSURE_SUCCESS(rv, rv);
   nsAutoCString baseDomain;
   rv = GetBaseDomainFromHost(host, baseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
   nsListIter iter;
   *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), host, name, path, iter);
   return NS_OK;
 }
 // For a given base domain, find either an expired cookie or the oldest cookie
 // by lastAccessed time.
 void
 nsCookieService::FindStaleCookie(nsCookieEntry *aEntry,
                                  int64_t aCurrentTime,
                                  nsListIter &aIter)
 {
   aIter.entry = nullptr;
   int64_t oldestTime = 0;
   const nsCookieEntry::ArrayType &cookies = aEntry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     nsCookie *cookie = cookies[i];
     // If we found an expired cookie, we're done.
     if (cookie->Expiry() <= aCurrentTime) {
       aIter.entry = aEntry;
       aIter.index = i;
       return;
     }
     // Check if we've found the oldest cookie so far.
     if (!aIter.entry || oldestTime > cookie->LastAccessed()) {
       oldestTime = cookie->LastAccessed();
       aIter.entry = aEntry;
       aIter.index = i;
     }
   }
 }
 // count the number of cookies stored by a particular host. this is provided by the
 // nsICookieManager2 interface.
 NS_IMETHODIMP
 nsCookieService::CountCookiesFromHost(const nsACString &aHost,
                                       uint32_t         *aCountFromHost)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   // first, normalize the hostname, and fail if it contains illegal characters.
   nsAutoCString host(aHost);
   nsresult rv = NormalizeHost(host);
   NS_ENSURE_SUCCESS(rv, rv);
   nsAutoCString baseDomain;
   rv = GetBaseDomainFromHost(host, baseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
   nsCookieKey key = DEFAULT_APP_KEY(baseDomain);
   EnsureReadDomain(key);
   // Return a count of all cookies, including expired.
   nsCookieEntry *entry = mDBState->hostTable.GetEntry(key);
   *aCountFromHost = entry ? entry->GetCookies().Length() : 0;
   return NS_OK;
 }
 // get an enumerator of cookies stored by a particular host. this is provided by the
 // nsICookieManager2 interface.
 NS_IMETHODIMP
 nsCookieService::GetCookiesFromHost(const nsACString     &aHost,
                                     nsISimpleEnumerator **aEnumerator)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   // first, normalize the hostname, and fail if it contains illegal characters.
   nsAutoCString host(aHost);
   nsresult rv = NormalizeHost(host);
   NS_ENSURE_SUCCESS(rv, rv);
   nsAutoCString baseDomain;
   rv = GetBaseDomainFromHost(host, baseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
   nsCookieKey key = DEFAULT_APP_KEY(baseDomain);
   EnsureReadDomain(key);
   nsCookieEntry *entry = mDBState->hostTable.GetEntry(key);
   if (!entry)
     return NS_NewEmptyEnumerator(aEnumerator);
   nsCOMArray<nsICookie> cookieList(mMaxCookiesPerHost);
   const nsCookieEntry::ArrayType &cookies = entry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     cookieList.AppendObject(cookies[i]);
   }
   return NS_NewArrayEnumerator(aEnumerator, cookieList);
 }
 namespace {
 /**
  * This structure is used as a in/out parameter when enumerating the cookies
  * for an app.
  * It will contain the app id and onlyBrowserElement flag information as input
  * and will contain the array of matching cookies as output.
  */
 struct GetCookiesForAppStruct {
   uint32_t              appId;
   bool                  onlyBrowserElement;
   nsCOMArray<nsICookie> cookies;
   GetCookiesForAppStruct() MOZ_DELETE;
   GetCookiesForAppStruct(uint32_t aAppId, bool aOnlyBrowserElement)
     : appId(aAppId)
     , onlyBrowserElement(aOnlyBrowserElement)
   {}
 };
 } // anonymous namespace
 /* static */ PLDHashOperator
 nsCookieService::GetCookiesForApp(nsCookieEntry* entry, void* arg)
 {
   GetCookiesForAppStruct* data = static_cast<GetCookiesForAppStruct*>(arg);
   if (entry->mAppId != data->appId ||
       (data->onlyBrowserElement && !entry->mInBrowserElement)) {
     return PL_DHASH_NEXT;
   }
   const nsCookieEntry::ArrayType& cookies = entry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     data->cookies.AppendObject(cookies[i]);
   }
   return PL_DHASH_NEXT;
 }
 NS_IMETHODIMP
 nsCookieService::GetCookiesForApp(uint32_t aAppId, bool aOnlyBrowserElement,
                                   nsISimpleEnumerator** aEnumerator)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
   NS_ENSURE_TRUE(aAppId != NECKO_UNKNOWN_APP_ID, NS_ERROR_INVALID_ARG);
   GetCookiesForAppStruct data(aAppId, aOnlyBrowserElement);
   mDBState->hostTable.EnumerateEntries(GetCookiesForApp, &data);
   return NS_NewArrayEnumerator(aEnumerator, data.cookies);
 }
 NS_IMETHODIMP
 nsCookieService::RemoveCookiesForApp(uint32_t aAppId, bool aOnlyBrowserElement)
 {
   nsCOMPtr<nsISimpleEnumerator> enumerator;
   nsresult rv = GetCookiesForApp(aAppId, aOnlyBrowserElement,
                                  getter_AddRefs(enumerator));
   NS_ENSURE_SUCCESS(rv, rv);
   bool hasMore;
   while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMore)) && hasMore) {
     nsCOMPtr<nsISupports> supports;
     nsCOMPtr<nsICookie> cookie;
     rv = enumerator->GetNext(getter_AddRefs(supports));
     NS_ENSURE_SUCCESS(rv, rv);
     cookie = do_QueryInterface(supports);
     nsAutoCString host;
     cookie->GetHost(host);
     nsAutoCString name;
     cookie->GetName(name);
     nsAutoCString path;
     cookie->GetPath(path);
     // nsICookie do not carry the appId/inBrowserElement information.
     // That means we have to guess. This is easy for appId but not for
     // inBrowserElement flag.
     // A simple solution is to always ask to remove the cookie with
     // inBrowserElement = true and only ask for the other one to be removed if
     // we happen to be in the case of !aOnlyBrowserElement.
     // Anyway, with this solution, we will likely be looking for unexistant
     // cookies.
     //
     // NOTE: we could make this better by getting nsCookieEntry objects instead
     // of plain nsICookie.
     Remove(host, aAppId, true, name, path, false);
     if (!aOnlyBrowserElement) {
       Remove(host, aAppId, false, name, path, false);
     }
   }
   return NS_OK;
 }
 // find an exact cookie specified by host, name, and path that hasn't expired.
 bool
 nsCookieService::FindCookie(const nsCookieKey    &aKey,
                             const nsAFlatCString &aHost,
                             const nsAFlatCString &aName,
                             const nsAFlatCString &aPath,
                             nsListIter           &aIter)
 {
   EnsureReadDomain(aKey);
   nsCookieEntry *entry = mDBState->hostTable.GetEntry(aKey);
   if (!entry)
     return false;
   const nsCookieEntry::ArrayType &cookies = entry->GetCookies();
   for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
     nsCookie *cookie = cookies[i];
     if (aHost.Equals(cookie->Host()) &&
         aPath.Equals(cookie->Path()) &&
         aName.Equals(cookie->Name())) {
       aIter = nsListIter(entry, i);
       return true;
     }
   }
   return false;
 }
 // remove a cookie from the hashtable, and update the iterator state.
 void
 nsCookieService::RemoveCookieFromList(const nsListIter              &aIter,
                                       mozIStorageBindingParamsArray *aParamsArray)
 {
   // if it's a non-session cookie, remove it from the db
   if (!aIter.Cookie()->IsSession() && mDBState->dbConn) {
     // Use the asynchronous binding methods to ensure that we do not acquire
     // the database lock.
     mozIStorageAsyncStatement *stmt = mDBState->stmtDelete;
     nsCOMPtr<mozIStorageBindingParamsArray> paramsArray(aParamsArray);
     if (!paramsArray) {
       stmt->NewBindingParamsArray(getter_AddRefs(paramsArray));
     }
     nsCOMPtr<mozIStorageBindingParams> params;
     paramsArray->NewBindingParams(getter_AddRefs(params));
     DebugOnly<nsresult> rv =
       params->BindUTF8StringByName(NS_LITERAL_CSTRING("name"),
                                    aIter.Cookie()->Name());
     NS_ASSERT_SUCCESS(rv);
     rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("host"),
                                       aIter.Cookie()->Host());
     NS_ASSERT_SUCCESS(rv);
     rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("path"),
                                       aIter.Cookie()->Path());
     NS_ASSERT_SUCCESS(rv);
     rv = paramsArray->AddParams(params);
     NS_ASSERT_SUCCESS(rv);
     // If we weren't given a params array, we'll need to remove it ourselves.
     if (!aParamsArray) {
       rv = stmt->BindParameters(paramsArray);
       NS_ASSERT_SUCCESS(rv);
       nsCOMPtr<mozIStoragePendingStatement> handle;
       rv = stmt->ExecuteAsync(mDBState->removeListener, getter_AddRefs(handle));
       NS_ASSERT_SUCCESS(rv);
     }
   }
   if (aIter.entry->GetCookies().Length() == 1) {
     // we're removing the last element in the array - so just remove the entry
     // from the hash. note that the entryclass' dtor will take care of
     // releasing this last element for us!
     mDBState->hostTable.RawRemoveEntry(aIter.entry);
   } else {
     // just remove the element from the list
     aIter.entry->GetCookies().RemoveElementAt(aIter.index);
   }
   --mDBState->cookieCount;
 }
 void
 bindCookieParameters(mozIStorageBindingParamsArray *aParamsArray,
                      const nsCookieKey &aKey,
                      const nsCookie *aCookie)
 {
   NS_ASSERTION(aParamsArray, "Null params array passed to bindCookieParameters!");
   NS_ASSERTION(aCookie, "Null cookie passed to bindCookieParameters!");
   // Use the asynchronous binding methods to ensure that we do not acquire the
   // database lock.
   nsCOMPtr<mozIStorageBindingParams> params;
   DebugOnly<nsresult> rv =
     aParamsArray->NewBindingParams(getter_AddRefs(params));
   NS_ASSERT_SUCCESS(rv);
   // Bind our values to params
   rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("baseDomain"),
                                     aKey.mBaseDomain);
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt32ByName(NS_LITERAL_CSTRING("appId"),
                                aKey.mAppId);
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt32ByName(NS_LITERAL_CSTRING("inBrowserElement"),
                                aKey.mInBrowserElement ? 1 : 0);
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("name"),
                                     aCookie->Name());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("value"),
                                     aCookie->Value());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("host"),
                                     aCookie->Host());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("path"),
                                     aCookie->Path());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt64ByName(NS_LITERAL_CSTRING("expiry"),
                                aCookie->Expiry());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt64ByName(NS_LITERAL_CSTRING("lastAccessed"),
                                aCookie->LastAccessed());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt64ByName(NS_LITERAL_CSTRING("creationTime"),
                                aCookie->CreationTime());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt32ByName(NS_LITERAL_CSTRING("isSecure"),
                                aCookie->IsSecure());
   NS_ASSERT_SUCCESS(rv);
   rv = params->BindInt32ByName(NS_LITERAL_CSTRING("isHttpOnly"),
                                aCookie->IsHttpOnly());
   NS_ASSERT_SUCCESS(rv);
   // Bind the params to the array.
   rv = aParamsArray->AddParams(params);
   NS_ASSERT_SUCCESS(rv);
 }
 void
 nsCookieService::AddCookieToList(const nsCookieKey             &aKey,
                                  nsCookie                      *aCookie,
                                  DBState                       *aDBState,
                                  mozIStorageBindingParamsArray *aParamsArray,
                                  bool                           aWriteToDB)
 {
   NS_ASSERTION(!(aDBState->dbConn && !aWriteToDB && aParamsArray),
                "Not writing to the DB but have a params array?");
   NS_ASSERTION(!(!aDBState->dbConn && aParamsArray),
                "Do not have a DB connection but have a params array?");
   nsCookieEntry *entry = aDBState->hostTable.PutEntry(aKey);
   NS_ASSERTION(entry, "can't insert element into a null entry!");
   entry->GetCookies().AppendElement(aCookie);
   ++aDBState->cookieCount;
   // keep track of the oldest cookie, for when it comes time to purge
   if (aCookie->LastAccessed() < aDBState->cookieOldestTime)
     aDBState->cookieOldestTime = aCookie->LastAccessed();
   // if it's a non-session cookie and hasn't just been read from the db, write it out.
   if (aWriteToDB && !aCookie->IsSession() && aDBState->dbConn) {
     mozIStorageAsyncStatement *stmt = aDBState->stmtInsert;
     nsCOMPtr<mozIStorageBindingParamsArray> paramsArray(aParamsArray);
     if (!paramsArray) {
       stmt->NewBindingParamsArray(getter_AddRefs(paramsArray));
     }
     bindCookieParameters(paramsArray, aKey, aCookie);
     // If we were supplied an array to store parameters, we shouldn't call
     // executeAsync - someone up the stack will do this for us.
     if (!aParamsArray) {
       DebugOnly<nsresult> rv = stmt->BindParameters(paramsArray);
       NS_ASSERT_SUCCESS(rv);
       nsCOMPtr<mozIStoragePendingStatement> handle;
       rv = stmt->ExecuteAsync(mDBState->insertListener, getter_AddRefs(handle));
       NS_ASSERT_SUCCESS(rv);
     }
   }
 }
 void
 nsCookieService::UpdateCookieInList(nsCookie                      *aCookie,
                                     int64_t                        aLastAccessed,
                                     mozIStorageBindingParamsArray *aParamsArray)
 {
   NS_ASSERTION(aCookie, "Passing a null cookie to UpdateCookieInList!");
   // udpate the lastAccessed timestamp
   aCookie->SetLastAccessed(aLastAccessed);
   // if it's a non-session cookie, update it in the db too
   if (!aCookie->IsSession() && aParamsArray) {
     // Create our params holder.
     nsCOMPtr<mozIStorageBindingParams> params;
     aParamsArray->NewBindingParams(getter_AddRefs(params));
     // Bind our parameters.
     DebugOnly<nsresult> rv =
       params->BindInt64ByName(NS_LITERAL_CSTRING("lastAccessed"),
                               aLastAccessed);
     NS_ASSERT_SUCCESS(rv);
     rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("name"),
                                       aCookie->Name());
     NS_ASSERT_SUCCESS(rv);
     rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("host"),
                                       aCookie->Host());
     NS_ASSERT_SUCCESS(rv);
     rv = params->BindUTF8StringByName(NS_LITERAL_CSTRING("path"),
                                       aCookie->Path());
     NS_ASSERT_SUCCESS(rv);
     // Add our bound parameters to the array.
     rv = aParamsArray->AddParams(params);
     NS_ASSERT_SUCCESS(rv);
   }
 }
 size_t
 nsCookieService::SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const
 {
   size_t n = aMallocSizeOf(this);
   if (mDefaultDBState) {
     n += mDefaultDBState->SizeOfIncludingThis(aMallocSizeOf);
   }
   if (mPrivateDBState) {
     n += mPrivateDBState->SizeOfIncludingThis(aMallocSizeOf);
   }
   return n;
 }
 MOZ_DEFINE_MALLOC_SIZE_OF(CookieServiceMallocSizeOf)
 NS_IMETHODIMP
 nsCookieService::CollectReports(nsIHandleReportCallback* aHandleReport,
                                 nsISupports* aData)
 {
   return MOZ_COLLECT_REPORT(
     "explicit/cookie-service", KIND_HEAP, UNITS_BYTES,
     SizeOfIncludingThis(CookieServiceMallocSizeOf),
     "Memory used by the cookie service.");
 }

The Tor Browser / annotate

netwerk/cookie/nsCookieService.cpp@6474c204b198 (annotated)

netwerk/cookie/nsCookieService.cpp