Home | History | Annotate | Download | only in weborigin 
      1 /*
      2  * Copyright (C) 2007 Apple Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  *
      8  * 1.  Redistributions of source code must retain the above copyright
      9  *     notice, this list of conditions and the following disclaimer.
     10  * 2.  Redistributions in binary form must reproduce the above copyright
     11  *     notice, this list of conditions and the following disclaimer in the
     12  *     documentation and/or other materials provided with the distribution.
     13  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
     14  *     its contributors may be used to endorse or promote products derived
     15  *     from this software without specific prior written permission.
     16  *
     17  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
     18  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
     20  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
     21  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     22  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
     24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     27  */
     28 
     29 #include "config.h"
     30 #include "platform/weborigin/DatabaseIdentifier.h"
     31 
     32 #include "platform/weborigin/KURL.h"
     33 #include "platform/weborigin/KnownPorts.h"
     34 #include "platform/weborigin/SchemeRegistry.h"
     35 #include "platform/weborigin/SecurityOriginCache.h"
     36 #include "platform/weborigin/SecurityPolicy.h"
     37 #include "wtf/HexNumber.h"
     38 #include "wtf/MainThread.h"
     39 #include "wtf/StdLibExtras.h"
     40 #include "wtf/text/StringBuilder.h"
     41 
     42 namespace WebCore {
     43 
     44 const int maxAllowedPort = 65535;
     45 
     46 static const char separatorCharacter = '_';
     47 
     48 PassRefPtr<SecurityOrigin> createSecurityOriginFromDatabaseIdentifier(const String& databaseIdentifier)
     49 {
     50     if (!databaseIdentifier.containsOnlyASCII())
     51         return SecurityOrigin::createUnique();
     52 
     53     // Make sure there's a first separator
     54     size_t separator1 = databaseIdentifier.find(separatorCharacter);
     55     if (separator1 == kNotFound)
     56         return SecurityOrigin::createUnique();
     57 
     58     // Make sure there's a second separator
     59     size_t separator2 = databaseIdentifier.reverseFind(separatorCharacter);
     60     if (separator2 == kNotFound)
     61         return SecurityOrigin::createUnique();
     62 
     63     // Ensure there were at least 2 separator characters. Some hostnames on intranets have
     64     // underscores in them, so we'll assume that any additional underscores are part of the host.
     65     if (separator1 == separator2)
     66         return SecurityOrigin::createUnique();
     67 
     68     // Make sure the port section is a valid port number or doesn't exist
     69     bool portOkay;
     70     int port = databaseIdentifier.right(databaseIdentifier.length() - separator2 - 1).toInt(&portOkay);
     71     bool portAbsent = (separator2 == databaseIdentifier.length() - 1);
     72     if (!(portOkay || portAbsent))
     73         return SecurityOrigin::createUnique();
     74 
     75     if (port < 0 || port > maxAllowedPort)
     76         return SecurityOrigin::createUnique();
     77 
     78     // Split out the 3 sections of data
     79     String protocol = databaseIdentifier.substring(0, separator1);
     80     String host = databaseIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
     81 
     82     // Make sure the components match their canonical representation so we are sure we're round tripping correctly.
     83     KURL url(KURL(), protocol + "://" + host + ":" + String::number(port) + "/");
     84     if (!url.isValid() || url.protocol() != protocol || url.host() != host)
     85         return SecurityOrigin::createUnique();
     86 
     87     return SecurityOrigin::create(url);
     88 }
     89 
     90 String createDatabaseIdentifierFromSecurityOrigin(const SecurityOrigin* securityOrigin)
     91 {
     92     // Historically, we've used the following (somewhat non-sensical) string
     93     // for the databaseIdentifier of local files. We used to compute this
     94     // string because of a bug in how we handled the scheme for file URLs.
     95     // Now that we've fixed that bug, we still need to produce this string
     96     // to avoid breaking existing persistent state.
     97     if (securityOrigin->needsDatabaseIdentifierQuirkForFiles())
     98         return "file__0";
     99 
    100     String separatorString(&separatorCharacter, 1);
    101 
    102     return securityOrigin->protocol() + separatorString + securityOrigin->host() + separatorString + String::number(securityOrigin->port());
    103 }
    104 
    105 } // namespace WebCore
    106