michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
michael@0: /* vim: set ts=4 et sw=4 tw=80: */
michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: #include "DomainPolicy.h"
michael@0: #include "nsScriptSecurityManager.h"
michael@0: 
michael@0: namespace mozilla {
michael@0: 
michael@0: NS_IMPL_ISUPPORTS(DomainPolicy, nsIDomainPolicy)
michael@0: 
michael@0: DomainPolicy::DomainPolicy() : mBlacklist(new DomainSet())
michael@0:                              , mSuperBlacklist(new DomainSet())
michael@0:                              , mWhitelist(new DomainSet())
michael@0:                              , mSuperWhitelist(new DomainSet())
michael@0: {}
michael@0: 
michael@0: DomainPolicy::~DomainPolicy()
michael@0: {
michael@0:     // The SSM holds a strong ref to the DomainPolicy until Deactivate() is
michael@0:     // invoked, so we should never hit the destructor until that happens.
michael@0:     MOZ_ASSERT(!mBlacklist && !mSuperBlacklist &&
michael@0:                !mWhitelist && !mSuperWhitelist);
michael@0: }
michael@0: 
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainPolicy::GetBlacklist(nsIDomainSet** aSet)
michael@0: {
michael@0:     nsCOMPtr<nsIDomainSet> set = mBlacklist;
michael@0:     set.forget(aSet);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainPolicy::GetSuperBlacklist(nsIDomainSet** aSet)
michael@0: {
michael@0:     nsCOMPtr<nsIDomainSet> set = mSuperBlacklist;
michael@0:     set.forget(aSet);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainPolicy::GetWhitelist(nsIDomainSet** aSet)
michael@0: {
michael@0:     nsCOMPtr<nsIDomainSet> set = mWhitelist;
michael@0:     set.forget(aSet);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainPolicy::GetSuperWhitelist(nsIDomainSet** aSet)
michael@0: {
michael@0:     nsCOMPtr<nsIDomainSet> set = mSuperWhitelist;
michael@0:     set.forget(aSet);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainPolicy::Deactivate()
michael@0: {
michael@0:     // Clear the hashtables first to free up memory, since script might
michael@0:     // hold the doomed sets alive indefinitely.
michael@0:     mBlacklist->Clear();
michael@0:     mSuperBlacklist->Clear();
michael@0:     mWhitelist->Clear();
michael@0:     mSuperWhitelist->Clear();
michael@0: 
michael@0:     // Null them out.
michael@0:     mBlacklist = nullptr;
michael@0:     mSuperBlacklist = nullptr;
michael@0:     mWhitelist = nullptr;
michael@0:     mSuperWhitelist = nullptr;
michael@0: 
michael@0:     // Inform the SSM.
michael@0:     nsScriptSecurityManager::GetScriptSecurityManager()->DeactivateDomainPolicy();
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: static already_AddRefed<nsIURI>
michael@0: GetCanonicalClone(nsIURI* aURI)
michael@0: {
michael@0:     nsCOMPtr<nsIURI> clone;
michael@0:     nsresult rv = aURI->Clone(getter_AddRefs(clone));
michael@0:     NS_ENSURE_SUCCESS(rv, nullptr);
michael@0:     rv = clone->SetUserPass(EmptyCString());
michael@0:     NS_ENSURE_SUCCESS(rv, nullptr);
michael@0:     rv = clone->SetPath(EmptyCString());
michael@0:     NS_ENSURE_SUCCESS(rv, nullptr);
michael@0:     return clone.forget();
michael@0: }
michael@0: 
michael@0: NS_IMPL_ISUPPORTS(DomainSet, nsIDomainSet)
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainSet::Add(nsIURI* aDomain)
michael@0: {
michael@0:     nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
michael@0:     NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
michael@0:     mHashTable.PutEntry(clone);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainSet::Remove(nsIURI* aDomain)
michael@0: {
michael@0:     nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
michael@0:     NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
michael@0:     mHashTable.RemoveEntry(clone);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainSet::Clear()
michael@0: {
michael@0:     mHashTable.Clear();
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainSet::Contains(nsIURI* aDomain, bool* aContains)
michael@0: {
michael@0:     *aContains = false;
michael@0:     nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
michael@0:     NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
michael@0:     *aContains = mHashTable.Contains(clone);
michael@0:     return NS_OK;
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: DomainSet::ContainsSuperDomain(nsIURI* aDomain, bool* aContains)
michael@0: {
michael@0:     *aContains = false;
michael@0:     nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
michael@0:     NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
michael@0:     nsAutoCString domain;
michael@0:     nsresult rv = clone->GetHost(domain);
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0:     while (true) {
michael@0:         // Check the current domain.
michael@0:         if (mHashTable.Contains(clone)) {
michael@0:             *aContains = true;
michael@0:             return NS_OK;
michael@0:         }
michael@0: 
michael@0:         // Chop off everything before the first dot, or break if there are no
michael@0:         // dots left.
michael@0:         int32_t index = domain.Find(".");
michael@0:         if (index == kNotFound)
michael@0:             break;
michael@0:         domain.Assign(Substring(domain, index + 1));
michael@0:         rv = clone->SetHost(domain);
michael@0:         NS_ENSURE_SUCCESS(rv, rv);
michael@0:     }
michael@0: 
michael@0:     // No match.
michael@0:     return NS_OK;
michael@0: 
michael@0: }
michael@0: 
michael@0: } /* namespace mozilla */