[webcrypto] Only allow crypto.subtle.* to be used from "secure origins".

Source/platform/weborigin/SecurityOrigin.cpp

 /*
  * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 20 matching lines @@
 
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/KnownPorts.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOriginCache.h"
 #include "platform/weborigin/SecurityPolicy.h"
 #include "wtf/HexNumber.h"
 #include "wtf/MainThread.h"
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/StringBuilder.h"
+#include <url/url_canon_ip.h>

[abarth-chromium, 2014/06/10 17:09:11]

#include "url/url_canon_ip.h"

You should probably also change Source/platform/DEPS to +url so that we're being
honest about our dependencies.

[eroman, 2014/06/10 18:47:26]

Done.

 
 namespace WebCore {
 
 const int InvalidPort = 0;
 const int MaxAllowedPort = 65535;
 
 static SecurityOriginCache* s_originCache = 0;
 
 static bool schemeRequiresAuthority(const KURL& url)
 {
@@ skipping 317 matching lines @@
 
     if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol))
         return m_protocol == protocol || SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
     if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
         return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
     return true;
 }
 
+bool SecurityOrigin::canAccessFeatureRequiringSecureOrigin() const
+{
+    ASSERT(m_protocol != "data");
+    return isLocal() || isLocalhost() || SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol);

[abarth-chromium, 2014/06/10 17:09:11]

We should move isLocalhost() to the end because it's the slowest.

[eroman, 2014/06/10 18:47:26]

Good point! Done.

Similarly, I moved the secure scheme check first, since that being true will be
the normal codepath.

+}
+
 SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const
 {
     if (m_universalAccess)
         return AlwaysAllow;
     if (isUnique())
         return AlwaysDeny;
     return Ask;
 }
 
 void SecurityOrigin::grantLoadLocalResources()
@@ skipping 14 matching lines @@
 {
     ASSERT(isLocal());
     m_enforceFilePathSeparation = true;
 }
 
 bool SecurityOrigin::isLocal() const
 {
     return SchemeRegistry::shouldTreatURLSchemeAsLocal(m_protocol);
 }
 
+bool SecurityOrigin::isLocalhost() const
+{
+    if (m_host == "localhost")
+        return true;
+
+    if (m_host == "[::1]")
+        return true;
+
+    // Test if m_host matches 127.0.0.1/8
+    ASSERT(m_host.containsOnlyASCII());
+    CString hostAscii = m_host.ascii();
+    Vector<uint8, 4> ipNumber;
+    ipNumber.resize(4);
+
+    int numComponents;
+    url::Component hostComponent(0, hostAscii.length());
+    url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
+        hostAscii.data(), hostComponent, &(ipNumber)[0], &numComponents);
+    if (family != url::CanonHostInfo::IPV4)
+        return false;
+    return ipNumber[0] == 127;
+}
+
 String SecurityOrigin::toString() const
 {
     if (isUnique())
         return "null";
     if (m_protocol == "file" && m_enforceFilePathSeparation)
         return "null";
     return toRawString();
 }
 
 AtomicString SecurityOrigin::toAtomicString() const
@@ skipping 69 matching lines @@
 }
 
 const String& SecurityOrigin::urlWithUniqueSecurityOrigin()
 {
     ASSERT(isMainThread());
     DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, ("data:,"));
     return uniqueSecurityOriginURL;
 }
 
 } // namespace WebCore