SecurityOrigin.cpp   [plain text]

/*
 * Copyright (C) 2007 Apple Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1.  Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 * 2.  Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
 *     its contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "config.h"
#include "SecurityOrigin.h"

#include "Document.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameTree.h"
#include "KURL.h"
#include "PlatformString.h"

namespace WebCore {

static bool isDefaultPortForProtocol(unsigned short port, String protocol)
{
    if (protocol.isEmpty())
        return false;

    static HashMap<String, unsigned> defaultPorts;
    if (defaultPorts.isEmpty()) {
        defaultPorts.set("http", 80);
        defaultPorts.set("https", 443);
        defaultPorts.set("ftp", 21);
        defaultPorts.set("ftps", 990);
    }
    return defaultPorts.get(protocol) == port;
}

SecurityOrigin::SecurityOrigin(const String& protocol, const String& host, unsigned short port)
    : m_protocol(protocol.isNull() ? "" : protocol.lower())
    , m_host(host.isNull() ? "" : host.lower())
    , m_port(port)
    , m_portSet(port)
    , m_noAccess(false)
    , m_domainWasSetInDOM(false)
{
    // These protocols do not create security origins; the owner frame provides the origin
    if (m_protocol == "about" || m_protocol == "javascript")
        m_protocol = "";

    // data: URLs are not allowed access to anything other than themselves.
    if (m_protocol == "data")
        m_noAccess = true;


    if (isDefaultPortForProtocol(m_port, m_protocol)) {
        m_port = 0;
        m_portSet = false;
    }   
}

bool SecurityOrigin::isEmpty() const
{
    return m_protocol.isEmpty();
}

PassRefPtr<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, unsigned short port, SecurityOrigin* ownerFrameOrigin)
{
    RefPtr<SecurityOrigin> origin = new SecurityOrigin(protocol, host, port);

    // If we do not obtain a meaningful origin from the URL, then we try to find one
    // via the frame hierarchy.
    // We alias the SecurityOrigins to match Firefox, see Bug 15313
    // http://bugs.webkit.org/show_bug.cgi?id=15313
    if (origin->isEmpty() && ownerFrameOrigin)
        return ownerFrameOrigin;

    return origin.release();
}

PassRefPtr<SecurityOrigin> SecurityOrigin::createForFrame(Frame* frame)
{
    if (!frame)
        return create("", "", 0, 0);

    FrameLoader* loader = frame->loader();
    KURL url = loader->url();

    Frame* ownerFrame = frame->tree()->parent();
    if (!ownerFrame)
        ownerFrame = loader->opener();

    SecurityOrigin* ownerFrameOrigin = 0;
    if (ownerFrame && ownerFrame->document())
        ownerFrameOrigin = ownerFrame->document()->securityOrigin();

    return create(url.protocol(), url.host(), url.port(), ownerFrameOrigin);
}

PassRefPtr<SecurityOrigin> SecurityOrigin::copy()
{
    return create(m_protocol.copy(), m_host.copy(), m_port, 0);
}


void SecurityOrigin::setDomainFromDOM(const String& newDomain)
{
    m_domainWasSetInDOM = true;
    m_host = newDomain.lower();
}

bool SecurityOrigin::canAccess(const SecurityOrigin* other, Reason& reason) const
{  
    if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
        return true;

    if (m_noAccess || other->m_noAccess) {
        reason = SecurityOrigin::GenericMismatch;
        return false;
    }

    // Here are three cases where we should permit access:
    //
    // 1) Neither document has set document.domain.  In this case, we insist
    //    that the scheme, host, and port of the URLs match.
    //
    // 2) Both documents have set document.domain.  In this case, we insist
    //    that the documents have set document.domain to the same value and
    //    that the scheme of the URLs match.
    //
    // 3) As a special case if only one of the documents has set document.domain but
    //    there is a host and port match we deny access but signal this to the client. 
    //    In this case Window::allowsAccessFrom() will recheck against the lexical global
    //    object and allow access if that check passes.
    //
    // This matches the behavior of Firefox 2 and Internet Explorer 6.
    //
    // Internet Explorer 7 and Opera 9 are more strict in that they require
    // the port numbers to match when both pages have document.domain set.
    //
    // FIXME: Evaluate whether we can tighten this policy to require matched
    //        port numbers.
    //
    // Opera 9 allows access when only one page has set document.domain, but
    // this is a security vulnerability.

    if (m_protocol == other->m_protocol) {
        if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) {
            if (m_host == other->m_host && m_port == other->m_port)
                return true;
        } else if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) {
            if (m_host == other->m_host)
                return true;
        } else {
            if (m_host == other->m_host && m_port == other->m_port) {
                reason = DomainSetInDOMMismatch;
                return false;
            }
        }
    }
    
    reason = SecurityOrigin::GenericMismatch;
    return false;
}

bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
{ 
    // New window created by the application
    if (isEmpty())
        return true;

    if (FrameLoader::shouldTreatSchemeAsLocal(m_protocol))
        return true;

    return equalIgnoringCase(m_host, String(url.host())) && equalIgnoringCase(m_protocol, String(url.protocol())) && m_port == url.port();
}

String SecurityOrigin::toString() const
{
    return m_protocol + ":" + m_host + ":" + String::number(m_port);
}

static const char SeparatorCharacter = '_';

PassRefPtr<SecurityOrigin> SecurityOrigin::createFromIdentifier(const String& stringIdentifier)
{ 
    // Make sure there's a first separator
    int separator1 = stringIdentifier.find(SeparatorCharacter);
    if (separator1 == -1)
        return create("", "", 0, 0);
        
    // Make sure there's a second separator
    int separator2 = stringIdentifier.find(SeparatorCharacter, separator1 + 1);
    if (separator2 == -1)
        return create("", "", 0, 0);
        
    // Make sure there's not a third separator
    if (stringIdentifier.reverseFind(SeparatorCharacter) != separator2)
        return create("", "", 0, 0);
        
    // Make sure the port section is a valid port number or doesn't exist
    bool portOkay;
    int port = stringIdentifier.right(stringIdentifier.length() - separator2 - 1).toInt(&portOkay);
    if (!portOkay && separator2 + 1 == static_cast<int>(stringIdentifier.length()))
        return create("", "", 0, 0);
    
    if (port < 0 || port > 65535)
        return create("", "", 0, 0);
        
    // Split out the 3 sections of data
    String protocol = stringIdentifier.substring(0, separator1);
    String host = stringIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
    return create(protocol, host, port, 0);
}
    
    
String SecurityOrigin::stringIdentifier() const 
{
    static String separatorString = String(&SeparatorCharacter, 1);
    return m_protocol + separatorString + m_host + separatorString + String::number(m_port); 
}

} // namespace WebCore