From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dom/media/IdpSandbox.sys.mjs | 284 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
 create mode 100644 dom/media/IdpSandbox.sys.mjs

(limited to 'dom/media/IdpSandbox.sys.mjs')

diff --git a/dom/media/IdpSandbox.sys.mjs b/dom/media/IdpSandbox.sys.mjs
new file mode 100644
index 0000000000..bd864b2fab
--- /dev/null
+++ b/dom/media/IdpSandbox.sys.mjs
@@ -0,0 +1,284 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+
+/** This little class ensures that redirects maintain an https:// origin */
+function RedirectHttpsOnly() {}
+
+RedirectHttpsOnly.prototype = {
+  asyncOnChannelRedirect(oldChannel, newChannel, flags, callback) {
+    if (newChannel.URI.scheme !== "https") {
+      callback.onRedirectVerifyCallback(Cr.NS_ERROR_ABORT);
+    } else {
+      callback.onRedirectVerifyCallback(Cr.NS_OK);
+    }
+  },
+
+  getInterface(iid) {
+    return this.QueryInterface(iid);
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIChannelEventSink"]),
+};
+
+/** This class loads a resource into a single string. ResourceLoader.load() is
+ * the entry point. */
+function ResourceLoader(res, rej) {
+  this.resolve = res;
+  this.reject = rej;
+  this.data = "";
+}
+
+/** Loads the identified https:// URL. */
+ResourceLoader.load = function (uri, doc) {
+  return new Promise((resolve, reject) => {
+    let listener = new ResourceLoader(resolve, reject);
+    let ioChannel = NetUtil.newChannel({
+      uri,
+      loadingNode: doc,
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_INTERNAL_SCRIPT,
+    });
+
+    ioChannel.loadGroup = doc.documentLoadGroup.QueryInterface(Ci.nsILoadGroup);
+    ioChannel.notificationCallbacks = new RedirectHttpsOnly();
+    ioChannel.asyncOpen(listener);
+  });
+};
+
+ResourceLoader.prototype = {
+  onDataAvailable(request, input, offset, count) {
+    let stream = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+      Ci.nsIScriptableInputStream
+    );
+    stream.init(input);
+    this.data += stream.read(count);
+  },
+
+  onStartRequest(request) {},
+
+  onStopRequest(request, status) {
+    if (Components.isSuccessCode(status)) {
+      var statusCode = request.QueryInterface(Ci.nsIHttpChannel).responseStatus;
+      if (statusCode === 200) {
+        this.resolve({ request, data: this.data });
+      } else {
+        this.reject(new Error("Non-200 response from server: " + statusCode));
+      }
+    } else {
+      this.reject(new Error("Load failed: " + status));
+    }
+  },
+
+  getInterface(iid) {
+    return this.QueryInterface(iid);
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIStreamListener"]),
+};
+
+/**
+ * A simple implementation of the WorkerLocation interface.
+ */
+function createLocationFromURI(uri) {
+  return {
+    href: uri.spec,
+    protocol: uri.scheme + ":",
+    host: uri.host + (uri.port >= 0 ? ":" + uri.port : ""),
+    port: uri.port,
+    hostname: uri.host,
+    pathname: uri.pathQueryRef.replace(/[#\?].*/, ""),
+    search: uri.pathQueryRef.replace(/^[^\?]*/, "").replace(/#.*/, ""),
+    hash: uri.hasRef ? "#" + uri.ref : "",
+    origin: uri.prePath,
+    toString() {
+      return uri.spec;
+    },
+  };
+}
+
+/**
+ * A javascript sandbox for running an IdP.
+ *
+ * @param domain (string) the domain of the IdP
+ * @param protocol (string?) the protocol of the IdP [default: 'default']
+ * @param win (obj) the current window
+ * @throws if the domain or protocol aren't valid
+ */
+export function IdpSandbox(domain, protocol, win) {
+  this.source = IdpSandbox.createIdpUri(domain, protocol || "default");
+  this.active = null;
+  this.sandbox = null;
+  this.window = win;
+}
+
+IdpSandbox.checkDomain = function (domain) {
+  if (!domain || typeof domain !== "string") {
+    throw new Error(
+      "Invalid domain for identity provider: " +
+        "must be a non-zero length string"
+    );
+  }
+};
+
+/**
+ * Checks that the IdP protocol is superficially sane.  In particular, we don't
+ * want someone adding relative paths (e.g., '../../myuri'), which could be used
+ * to move outside of /.well-known/ and into space that they control.
+ */
+IdpSandbox.checkProtocol = function (protocol) {
+  let message = "Invalid protocol for identity provider: ";
+  if (!protocol || typeof protocol !== "string") {
+    throw new Error(message + "must be a non-zero length string");
+  }
+  if (decodeURIComponent(protocol).match(/[\/\\]/)) {
+    throw new Error(message + "must not include '/' or '\\'");
+  }
+};
+
+/**
+ * Turns a domain and protocol into a URI.  This does some aggressive checking
+ * to make sure that we aren't being fooled somehow.  Throws on fooling.
+ */
+IdpSandbox.createIdpUri = function (domain, protocol) {
+  IdpSandbox.checkDomain(domain);
+  IdpSandbox.checkProtocol(protocol);
+
+  let message = "Invalid IdP parameters: ";
+  try {
+    let wkIdp = "https://" + domain + "/.well-known/idp-proxy/" + protocol;
+    let uri = Services.io.newURI(wkIdp);
+
+    if (uri.hostPort !== domain) {
+      throw new Error(message + "domain is invalid");
+    }
+    if (uri.pathQueryRef.indexOf("/.well-known/idp-proxy/") !== 0) {
+      throw new Error(message + "must produce a /.well-known/idp-proxy/ URI");
+    }
+
+    return uri;
+  } catch (e) {
+    if (
+      typeof e.result !== "undefined" &&
+      e.result === Cr.NS_ERROR_MALFORMED_URI
+    ) {
+      throw new Error(message + "must produce a valid URI");
+    }
+    throw e;
+  }
+};
+
+IdpSandbox.prototype = {
+  isSame(domain, protocol) {
+    return this.source.spec === IdpSandbox.createIdpUri(domain, protocol).spec;
+  },
+
+  start() {
+    if (!this.active) {
+      this.active = ResourceLoader.load(this.source, this.window.document).then(
+        result => this._createSandbox(result)
+      );
+    }
+    return this.active;
+  },
+
+  // Provides the sandbox with some useful facilities.  Initially, this is only
+  // a minimal set; it is far easier to add more as the need arises, than to
+  // take them back if we discover a mistake.
+  _populateSandbox(uri) {
+    this.sandbox.location = Cu.cloneInto(
+      createLocationFromURI(uri),
+      this.sandbox,
+      { cloneFunctions: true }
+    );
+  },
+
+  _createSandbox(result) {
+    let principal = Services.scriptSecurityManager.getChannelResultPrincipal(
+      result.request
+    );
+
+    this.sandbox = Cu.Sandbox(principal, {
+      sandboxName: "IdP-" + this.source.host,
+      wantComponents: false,
+      wantExportHelpers: false,
+      wantGlobalProperties: [
+        "indexedDB",
+        "XMLHttpRequest",
+        "TextEncoder",
+        "TextDecoder",
+        "URL",
+        "URLSearchParams",
+        "atob",
+        "btoa",
+        "Blob",
+        "crypto",
+        "rtcIdentityProvider",
+        "fetch",
+      ],
+    });
+    let registrar = this.sandbox.rtcIdentityProvider;
+    if (!Cu.isXrayWrapper(registrar)) {
+      throw new Error("IdP setup failed");
+    }
+
+    // have to use the ultimate URI, not the starting one to avoid
+    // that origin stealing from the one that redirected to it
+    this._populateSandbox(result.request.URI);
+    try {
+      Cu.evalInSandbox(
+        result.data,
+        this.sandbox,
+        "latest",
+        result.request.URI.spec,
+        1
+      );
+    } catch (e) {
+      // These can be passed straight on, because they are explicitly labelled
+      // as being IdP errors by the IdP and we drop line numbers as a result.
+      if (e.name === "IdpError" || e.name === "IdpLoginError") {
+        throw e;
+      }
+      this._logError(e);
+      throw new Error("Error in IdP, check console for details");
+    }
+
+    if (!registrar.hasIdp) {
+      throw new Error("IdP failed to call rtcIdentityProvider.register()");
+    }
+    return registrar;
+  },
+
+  // Capture all the details from the error and log them to the console.  This
+  // can't rethrow anything else because that could leak information about the
+  // internal workings of the IdP across origins.
+  _logError(e) {
+    let winID = this.window.windowGlobalChild.innerWindowId;
+    let scriptError = Cc["@mozilla.org/scripterror;1"].createInstance(
+      Ci.nsIScriptError
+    );
+    scriptError.initWithWindowID(
+      e.message,
+      e.fileName,
+      null,
+      e.lineNumber,
+      e.columnNumber,
+      Ci.nsIScriptError.errorFlag,
+      "content javascript",
+      winID
+    );
+    Services.console.logMessage(scriptError);
+  },
+
+  stop() {
+    if (this.sandbox) {
+      Cu.nukeSandbox(this.sandbox);
+    }
+    this.sandbox = null;
+    this.active = null;
+  },
+
+  toString() {
+    return this.source.spec;
+  },
+};
-- 
cgit v1.2.3