/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/net/HttpAuthUtils.h"
#include "mozilla/Tokenizer.h"
#include "nsIPrefService.h"
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsUnicharUtils.h"
namespace mozilla {
namespace net {
namespace auth {
namespace detail {
bool MatchesBaseURI(const nsACString& matchScheme, const nsACString& matchHost,
int32_t matchPort, nsDependentCSubstring const& url) {
// check if scheme://host:port matches baseURI
// parse the base URI
mozilla::Tokenizer t(url);
mozilla::Tokenizer::Token token;
t.SkipWhites();
// We don't know if the url to check against starts with scheme
// or a host name. Start recording here.
t.Record();
mozilla::Unused << t.Next(token);
// The ipv6 literals MUST be enclosed with [] in the preference.
bool ipv6 = false;
if (token.Equals(mozilla::Tokenizer::Token::Char('['))) {
nsDependentCSubstring ipv6BareLiteral;
if (!t.ReadUntil(mozilla::Tokenizer::Token::Char(']'), ipv6BareLiteral)) {
// Broken ipv6 literal
return false;
}
nsDependentCSubstring ipv6Literal;
t.Claim(ipv6Literal, mozilla::Tokenizer::INCLUDE_LAST);
if (!matchHost.Equals(ipv6Literal,
nsCaseInsensitiveUTF8StringComparator()) &&
!matchHost.Equals(ipv6BareLiteral,
nsCaseInsensitiveUTF8StringComparator())) {
return false;
}
ipv6 = true;
} else if (t.CheckChar(':') && t.CheckChar('/') && t.CheckChar('/')) {
if (!matchScheme.Equals(token.Fragment())) {
return false;
}
// Re-start recording the hostname from the point after scheme://.
t.Record();
}
while (t.Next(token)) {
bool eof = token.Equals(mozilla::Tokenizer::Token::EndOfFile());
bool port = token.Equals(mozilla::Tokenizer::Token::Char(':'));
if (eof || port) {
if (!ipv6) { // Match already performed above.
nsDependentCSubstring hostName;
t.Claim(hostName);
// An empty hostname means to accept everything for the schema
if (!hostName.IsEmpty()) {
/*
host: bar.com foo.bar.com foobar.com foo.bar.com bar.com
pref: bar.com bar.com bar.com .bar.com .bar.com
result: accept accept reject accept reject
*/
if (!StringEndsWith(matchHost, hostName,
nsCaseInsensitiveUTF8StringComparator())) {
return false;
}
if (matchHost.Length() > hostName.Length() &&
matchHost[matchHost.Length() - hostName.Length() - 1] != '.' &&
hostName[0] != '.') {
return false;
}
}
}
if (port) {
uint16_t portNumber;
if (!t.ReadInteger(&portNumber)) {
// Missing port number
return false;
}
if (matchPort != portNumber) {
return false;
}
if (!t.CheckEOF()) {
return false;
}
}
} else if (ipv6) {
// After an ipv6 literal there can only be EOF or :port. Everything else
// must be treated as non-match/broken input.
return false;
}
}
// All negative checks has passed positively.
return true;
}
} // namespace detail
bool URIMatchesPrefPattern(nsIURI* uri, const char* pref) {
nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
if (!prefs) {
return false;
}
nsAutoCString scheme, host;
int32_t port;
if (NS_FAILED(uri->GetScheme(scheme))) {
return false;
}
if (NS_FAILED(uri->GetAsciiHost(host))) {
return false;
}
port = NS_GetRealPort(uri);
if (port == -1) {
return false;
}
nsAutoCString hostList;
if (NS_FAILED(prefs->GetCharPref(pref, hostList))) {
return false;
}
// pseudo-BNF
// ----------
//
// url-list base-url ( base-url "," LWS )*
// base-url ( scheme-part | host-part | scheme-part host-part )
// scheme-part scheme "://"
// host-part host [":" port]
//
// for example:
// "https://, http://office.foo.com"
//
mozilla::Tokenizer t(hostList);
while (!t.CheckEOF()) {
t.SkipWhites();
nsDependentCSubstring url;
mozilla::Unused << t.ReadUntil(mozilla::Tokenizer::Token::Char(','), url);
if (url.IsEmpty()) {
continue;
}
if (detail::MatchesBaseURI(scheme, host, port, url)) {
return true;
}
}
return false;
}
} // namespace auth
} // namespace net
} // namespace mozilla