WARNING: Most of this content (with the exception of the Mozilla 1.9 XPCOM reference) is very old, and can be expected to be out of date and possibly obsolete. For better XUL documentation, please visit the XUL hub at the Mozilla Developer Center.

nsIPrincipal

IID:635c413b-47c3-4ee1-87c8-e7919cc65f5a
Inherits From:nsISerializable

This interface is implemented by the following components:

Constants

Values of capabilities for each principal. Order is significant: if an operation is performed on a set of capabilities, the minimum is computed.
PRInt16 ENABLE_DENIED = 1
PRInt16 ENABLE_UNKNOWN = 2
PRInt16 ENABLE_WITH_USER_PERMISSION = 3
PRInt16 ENABLE_GRANTED = 4

Properties

readonly nsISupports certificate

The certificate associated with this principal, if any. If there isn't one, this will return null. Getting this attribute never throws.

nsIURI domain

The domain URI to which this principal pertains. This is congruent with HTMLDocument.domain, and may be null. Setting this has no effect on the URI.

readonly AUTF8String fingerprint

The fingerprint ID of this principal's certificate. Throws if there is no certificate associated with this principal.

readonly PRBool hasCertificate

Whether this principal is associated with a certificate.

readonly PRUint32 hashValue

Returns a hash value for the principal.

readonly char* origin

The origin of this principal's domain, if non-null, or its codebase URI otherwise. An origin is defined as: scheme + host + port.

readonly AUTF8String prettyName

The pretty name for the certificate. This sort of (but not really) identifies the subject of the certificate (the entity that stands behind the certificate). Note that this may be empty; prefer to get the certificate itself and get this information from it, since that may provide more information.

Throws if there is no certificate associated with this principal.

voidPtr* securityPolicy

The domain security policy of the principal.

readonly AUTF8String subjectName

The subject name for the certificate. This actually identifies the subject of the certificate. This may well not be a string that would mean much to a typical user on its own (e.g. it may have a number of different names all concatenated together with some information on what they mean in between).

Throws if there is no certificate associated with this principal.

readonly nsIURI URI

The codebase URI to which this principal pertains. This is generally the document URI.

Methods

[noscript] PRInt16 canEnableCapability ( char* capability ) [noscript] void disableCapability ( char* capability , inout voidPtr* annotation ) [noscript] void enableCapability ( char* capability , inout voidPtr* annotation ) PRBool equals ( nsIPrincipal other ) [noscript] JSPrincipals* getJSPrincipals ( JSContext* cx ) [noscript] void getPreferences ( out char* prefBranch , out char* id , out char* subjectName , out char* grantedList , out char* deniedList , out PRBool isTrusted ) [noscript] PRBool isCapabilityEnabled ( char* capability , voidPtr* annotation ) [noscript] void revertCapability ( char* capability , inout voidPtr* annotation ) [noscript] void setCanEnableCapability ( char* capability , PRInt16 canEnable ) [noscript] PRBool subsumes ( nsIPrincipal other )

PRInt16 canEnableCapability ( char* capability )

Arguments:
capability

void disableCapability ( char* capability , inout voidPtr* annotation )

Arguments:
capability
annotation

void enableCapability ( char* capability , inout voidPtr* annotation )

Arguments:
capability
annotation

PRBool equals ( nsIPrincipal other )

Returns whether the other principal is equivalent to this principal. Principals are considered equal if they are the same principal, they have the same origin, or have the same certificate fingerprint ID

Arguments:
other

JSPrincipals* getJSPrincipals ( JSContext* cx )

Returns the JS equivalent of the principal.

Arguments:
cx

void getPreferences ( out char* prefBranch , out char* id , out char* subjectName , out char* grantedList , out char* deniedList , out PRBool isTrusted )

Returns the security preferences associated with this principal. prefBranch will be set to the pref branch to which these preferences pertain. id is a pseudo-unique identifier, pertaining to either the fingerprint or the origin. subjectName is a name that identifies the entity this principal represents (may be empty). grantedList and deniedList are space-separated lists of capabilities which were explicitly granted or denied by a pref. isTrusted is a boolean that indicates whether this is a codebaseTrusted certificate.

Arguments:
prefBranch
id
subjectName
grantedList
deniedList
isTrusted

PRBool isCapabilityEnabled ( char* capability , voidPtr* annotation )

Arguments:
capability
annotation

void revertCapability ( char* capability , inout voidPtr* annotation )

Arguments:
capability
annotation

void setCanEnableCapability ( char* capability , PRInt16 canEnable )

Arguments:
capability
canEnable

PRBool subsumes ( nsIPrincipal other )

Returns whether the other principal is equal to or weaker than this principal. Principals are equal if they are the same object, they have the same origin, or they have the same certificate ID.

Thus a principal always subsumes itself.

The system principal subsumes itself and all other principals.

A null principal (corresponding to an unknown, hence assumed minimally privileged, security context) is not equal to any other principal (including other null principals), and therefore does not subsume anything but itself.

Both codebase and certificate principals are subsumed by the system principal, but no codebase or certificate principal yet subsumes any other codebase or certificate principal. This may change in a future release; note that nsIPrincipal is unfrozen, not slated to be frozen.

XXXbz except see bug 147145!

Note for the future: Perhaps we should consider a certificate principal for a given URI subsuming a codebase principal for the same URI? Not sure what the immediate benefit would be, but I think the setup could make some code (e.g. MaybeDowngradeToCodebase) clearer.

Arguments:
other

References

This interface is the type of the following properties:

imgIRequest.imagePrincipal

This interface is passed as an argument to the following methods:

nsIDOMParser.init, nsIDocumentLoaderFactory.createBlankDocument, nsIJAR.getCertificatePrincipal, nsIPrincipal.equals, nsIPrincipal.subsumes, nsIScriptSecurityManager.canExecuteScripts, nsIScriptSecurityManager.checkLoadURIStrWithPrincipal, nsIScriptSecurityManager.checkLoadURIWithPrincipal, nsIScriptSecurityManager.checkSameOriginPrincipal, nsIScriptSecurityManager.isSystemPrincipal, nsIScriptSecurityManager.requestCapability, nsIXPConnect.createSandbox, nsPICertNotification.onCertAvailable

This interface is returned from the following methods:

nsIJVMManager.isAppletTrusted, nsIScriptSecurityManager.getCertificatePrincipal, nsIScriptSecurityManager.getChannelPrincipal, nsIScriptSecurityManager.getCodebasePrincipal, nsIScriptSecurityManager.getCxSubjectPrincipal, nsIScriptSecurityManager.getObjectPrincipal, nsIScriptSecurityManager.getPrincipalFromContext, nsIScriptSecurityManager.getSubjectPrincipal, nsIScriptSecurityManager.getSystemPrincipal, nsISignatureVerifier.verifySignature

Reference documentation is generated from Mozilla's source.