Bug 1547707 - Add in origin attributes to ExpandedPrincipal serializa…

…tion. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D33613 --HG-- extra : moz-landing-system : lando
dothq · Jun 5, 2019 · 54d3497 · 54d3497
1 parent 29cb8e9
commit 54d3497
Show file tree

Hide file tree

Showing 3 changed files with 139 additions and 3 deletions.
diff --git a/caps/ExpandedPrincipal.cpp b/caps/ExpandedPrincipal.cpp
@@ -310,13 +310,20 @@ nsresult ExpandedPrincipal::PopulateJSONObject(Json::Value& aObject) {
   }
   aObject[std::to_string(eSpecs)] = principalList.get();
 
+  nsAutoCString suffix;
+  OriginAttributesRef().CreateSuffix(suffix);
+  if (suffix.Length() > 0) {
+    aObject[std::to_string(eSuffix)] = suffix.get();
+  }
+
   return NS_OK;
 }
 
 already_AddRefed<BasePrincipal> ExpandedPrincipal::FromProperties(
     nsTArray<ExpandedPrincipal::KeyVal>& aFields) {
   MOZ_ASSERT(aFields.Length() == eMax + 1, "Must have all the keys");
   nsTArray<nsCOMPtr<nsIPrincipal>> allowList;
+  OriginAttributes attrs;
   // The odd structure here is to make the code to not compile
   // if all the switch enum cases haven't been codified
   for (const auto& field : aFields) {
@@ -338,15 +345,21 @@ already_AddRefed<BasePrincipal> ExpandedPrincipal::FromProperties(
           allowList.AppendElement(principal);
         }
         break;
+      case ExpandedPrincipal::eSuffix:
+        if (field.valueWasSerialized) {
+          bool ok = attrs.PopulateFromSuffix(field.value);
+          if (!ok) {
+            return nullptr;
+          }
+        }
+        break;
     }
   }
 
   if (allowList.Length() == 0) {
     return nullptr;
   }
 
-  // TODO Bug 1547707 support OA serialization
-  OriginAttributes attrs;
   RefPtr<ExpandedPrincipal> expandedPrincipal =
       ExpandedPrincipal::Create(allowList, attrs);
 

diff --git a/caps/ExpandedPrincipal.h b/caps/ExpandedPrincipal.h
@@ -62,7 +62,7 @@ class ExpandedPrincipal : public nsIExpandedPrincipal,
 
   virtual nsresult PopulateJSONObject(Json::Value& aObject) override;
   // Serializable keys are the valid enum fields the serialization supports
-  enum SerializableKeys { eSpecs = 0, eMax = eSpecs };
+  enum SerializableKeys { eSpecs = 0, eSuffix, eMax = eSuffix };
   // KeyVal is a lightweight storage that passes
   // SerializableKeys and values after JSON parsing in the BasePrincipal to
   // FromProperties

diff --git a/caps/tests/gtest/TestPrincipalSerialization.cpp b/caps/tests/gtest/TestPrincipalSerialization.cpp
@@ -91,3 +91,126 @@ TEST(PrincipalSerialization, TwoKeys)
 }
 
 #endif  // ifndef MOZ_DEBUG
+
+TEST(PrincipalSerialization, ExpandedPrincipal)
+{
+  // Check basic Expandedprincipal works without OA
+  nsCOMPtr<nsIScriptSecurityManager> ssm =
+      nsScriptSecurityManager::GetScriptSecurityManager();
+
+  uint32_t length = 2;
+  nsTArray<nsCOMPtr<nsIPrincipal> > allowedDomains(length);
+  allowedDomains.SetLength(length);
+
+  nsAutoCString spec("https://mozilla.com");
+  nsCOMPtr<nsIPrincipal> principal;
+  nsresult rv =
+      ssm->CreateCodebasePrincipalFromOrigin(spec, getter_AddRefs(principal));
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_EQ(BasePrincipal::Cast(principal)->Kind(),
+            BasePrincipal::eCodebasePrincipal);
+  allowedDomains[0] = principal;
+
+  nsAutoCString spec2("https://mozilla.org");
+  nsCOMPtr<nsIPrincipal> principal2;
+  rv =
+      ssm->CreateCodebasePrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_EQ(BasePrincipal::Cast(principal2)->Kind(),
+            BasePrincipal::eCodebasePrincipal);
+  allowedDomains[1] = principal2;
+
+  OriginAttributes attrs;
+  RefPtr<ExpandedPrincipal> result =
+      ExpandedPrincipal::Create(allowedDomains, attrs);
+  ASSERT_EQ(BasePrincipal::Cast(result)->Kind(),
+            BasePrincipal::eExpandedPrincipal);
+
+  nsAutoCString JSON;
+  rv = BasePrincipal::Cast(result)->ToJSON(JSON);
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_TRUE(JSON.EqualsLiteral(
+      "{\"2\":{\"0\":\"eyIxIjp7IjAiOiJodHRwczovL21vemlsbGEuY29tLyJ9fQ==,"
+      "eyIxIjp7IjAiOiJodHRwczovL21vemlsbGEub3JnLyJ9fQ==\"}}"));
+
+  nsCOMPtr<nsIPrincipal> returnedPrincipal = BasePrincipal::FromJSON(JSON);
+  auto outPrincipal = BasePrincipal::Cast(returnedPrincipal);
+  ASSERT_EQ(outPrincipal->Kind(), BasePrincipal::eExpandedPrincipal);
+
+  ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal));
+  ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal2));
+
+  nsAutoCString specDev("https://mozilla.dev");
+  nsCOMPtr<nsIPrincipal> principalDev;
+  rv = ssm->CreateCodebasePrincipalFromOrigin(specDev,
+                                              getter_AddRefs(principalDev));
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_EQ(BasePrincipal::Cast(principalDev)->Kind(),
+            BasePrincipal::eCodebasePrincipal);
+
+  ASSERT_FALSE(outPrincipal->FastSubsumesIgnoringFPD(principalDev));
+}
+
+TEST(PrincipalSerialization, ExpandedPrincipalOA)
+{
+  // Check Expandedprincipal works with top level OA
+  nsCOMPtr<nsIScriptSecurityManager> ssm =
+      nsScriptSecurityManager::GetScriptSecurityManager();
+
+  uint32_t length = 2;
+  nsTArray<nsCOMPtr<nsIPrincipal> > allowedDomains(length);
+  allowedDomains.SetLength(length);
+
+  nsAutoCString spec("https://mozilla.com");
+  nsCOMPtr<nsIPrincipal> principal;
+  nsresult rv =
+      ssm->CreateCodebasePrincipalFromOrigin(spec, getter_AddRefs(principal));
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_EQ(BasePrincipal::Cast(principal)->Kind(),
+            BasePrincipal::eCodebasePrincipal);
+  allowedDomains[0] = principal;
+
+  nsAutoCString spec2("https://mozilla.org");
+  nsCOMPtr<nsIPrincipal> principal2;
+  rv =
+      ssm->CreateCodebasePrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_EQ(BasePrincipal::Cast(principal2)->Kind(),
+            BasePrincipal::eCodebasePrincipal);
+  allowedDomains[1] = principal2;
+
+  OriginAttributes attrs;
+  nsAutoCString suffix("^userContextId=1");
+  bool ok = attrs.PopulateFromSuffix(suffix);
+  ASSERT_TRUE(ok);
+
+  RefPtr<ExpandedPrincipal> result =
+      ExpandedPrincipal::Create(allowedDomains, attrs);
+  ASSERT_EQ(BasePrincipal::Cast(result)->Kind(),
+            BasePrincipal::eExpandedPrincipal);
+
+  nsAutoCString JSON;
+  rv = BasePrincipal::Cast(result)->ToJSON(JSON);
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_TRUE(JSON.EqualsLiteral(
+      "{\"2\":{\"0\":\"eyIxIjp7IjAiOiJodHRwczovL21vemlsbGEuY29tLyJ9fQ==,"
+      "eyIxIjp7IjAiOiJodHRwczovL21vemlsbGEub3JnLyJ9fQ==\",\"1\":\"^"
+      "userContextId=1\"}}"));
+
+  nsCOMPtr<nsIPrincipal> returnedPrincipal = BasePrincipal::FromJSON(JSON);
+  auto outPrincipal = BasePrincipal::Cast(returnedPrincipal);
+  ASSERT_EQ(outPrincipal->Kind(), BasePrincipal::eExpandedPrincipal);
+
+  ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal));
+  ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal2));
+
+  nsAutoCString specDev("https://mozilla.dev");
+  nsCOMPtr<nsIPrincipal> principalDev;
+  rv = ssm->CreateCodebasePrincipalFromOrigin(specDev,
+                                              getter_AddRefs(principalDev));
+  ASSERT_EQ(rv, NS_OK);
+  ASSERT_EQ(BasePrincipal::Cast(principalDev)->Kind(),
+            BasePrincipal::eCodebasePrincipal);
+
+  ASSERT_FALSE(outPrincipal->FastSubsumesIgnoringFPD(principalDev));
+}