The Tor Browser: netwerk/base/src/BackgroundFileSaver.cpp@b8a032363ba2 (annotated)

netwerk/base/src/BackgroundFileSaver.cpp@b8a032363ba2 (annotated)

netwerk/base/src/BackgroundFileSaver.cpp

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "pk11pub.h"
 #include "prlog.h"
 #include "ScopedNSSTypes.h"
 #include "secoidt.h"
 #include "nsIAsyncInputStream.h"
 #include "nsIFile.h"
 #include "nsIMutableArray.h"
 #include "nsIPipe.h"
 #include "nsIX509Cert.h"
 #include "nsIX509CertDB.h"
 #include "nsIX509CertList.h"
 #include "nsCOMArray.h"
 #include "nsNetUtil.h"
 #include "nsThreadUtils.h"
 #include "BackgroundFileSaver.h"
 #include "mozilla/Telemetry.h"
 #ifdef XP_WIN
 #include <windows.h>
 #include <softpub.h>
 #include <wintrust.h>
 #endif // XP_WIN
 namespace mozilla {
 namespace net {
 // NSPR_LOG_MODULES=BackgroundFileSaver:5
 #if defined(PR_LOGGING)
 PRLogModuleInfo *BackgroundFileSaver::prlog = nullptr;
 #define LOG(args) PR_LOG(BackgroundFileSaver::prlog, PR_LOG_DEBUG, args)
 #define LOG_ENABLED() PR_LOG_TEST(BackgroundFileSaver::prlog, 4)
 #else
 #define LOG(args)
 #define LOG_ENABLED() (false)
 #endif
 ////////////////////////////////////////////////////////////////////////////////
 //// Globals
 /**
  * Buffer size for writing to the output file or reading from the input file.
  */
 #define BUFFERED_IO_SIZE (1024 * 32)
 /**
  * When this upper limit is reached, the original request is suspended.
  */
 #define REQUEST_SUSPEND_AT (1024 * 1024 * 4)
 /**
  * When this lower limit is reached, the original request is resumed.
  */
 #define REQUEST_RESUME_AT (1024 * 1024 * 2)
 ////////////////////////////////////////////////////////////////////////////////
 //// NotifyTargetChangeRunnable
 /**
  * Runnable object used to notify the control thread that file contents will now
  * be saved to the specified file.
  */
 class NotifyTargetChangeRunnable MOZ_FINAL : public nsRunnable
 {
 public:
   NotifyTargetChangeRunnable(BackgroundFileSaver *aSaver, nsIFile *aTarget)
   : mSaver(aSaver)
   , mTarget(aTarget)
   {
   }
   NS_IMETHODIMP Run()
   {
     return mSaver->NotifyTargetChange(mTarget);
   }
 private:
   nsRefPtr<BackgroundFileSaver> mSaver;
   nsCOMPtr<nsIFile> mTarget;
 };
 ////////////////////////////////////////////////////////////////////////////////
 //// BackgroundFileSaver
 uint32_t BackgroundFileSaver::sThreadCount = 0;
 uint32_t BackgroundFileSaver::sTelemetryMaxThreadCount = 0;
 BackgroundFileSaver::BackgroundFileSaver()
 : mControlThread(nullptr)
 , mWorkerThread(nullptr)
 , mPipeOutputStream(nullptr)
 , mPipeInputStream(nullptr)
 , mObserver(nullptr)
 , mLock("BackgroundFileSaver.mLock")
 , mWorkerThreadAttentionRequested(false)
 , mFinishRequested(false)
 , mComplete(false)
 , mStatus(NS_OK)
 , mAppend(false)
 , mInitialTarget(nullptr)
 , mInitialTargetKeepPartial(false)
 , mRenamedTarget(nullptr)
 , mRenamedTargetKeepPartial(false)
 , mAsyncCopyContext(nullptr)
 , mSha256Enabled(false)
 , mSignatureInfoEnabled(false)
 , mActualTarget(nullptr)
 , mActualTargetKeepPartial(false)
 , mDigestContext(nullptr)
 {
 #if defined(PR_LOGGING)
   if (!prlog)
     prlog = PR_NewLogModule("BackgroundFileSaver");
 #endif
   LOG(("Created BackgroundFileSaver [this = %p]", this));
 }
 BackgroundFileSaver::~BackgroundFileSaver()
 {
   LOG(("Destroying BackgroundFileSaver [this = %p]", this));
   nsNSSShutDownPreventionLock lock;
   if (isAlreadyShutDown()) {
     return;
   }
   destructorSafeDestroyNSSReference();
   shutdown(calledFromObject);
 }
 void
 BackgroundFileSaver::destructorSafeDestroyNSSReference()
 {
   if (mDigestContext) {
     mozilla::psm::PK11_DestroyContext_true(mDigestContext.forget());
     mDigestContext = nullptr;
   }
 }
 void
 BackgroundFileSaver::virtualDestroyNSSReference()
 {
   destructorSafeDestroyNSSReference();
 }
 // Called on the control thread.
 nsresult
 BackgroundFileSaver::Init()
 {
   MOZ_ASSERT(NS_IsMainThread(), "This should be called on the main thread");
   nsresult rv;
   rv = NS_NewPipe2(getter_AddRefs(mPipeInputStream),
                    getter_AddRefs(mPipeOutputStream), true, true, 0,
                    HasInfiniteBuffer() ? UINT32_MAX : 0);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = NS_GetCurrentThread(getter_AddRefs(mControlThread));
   NS_ENSURE_SUCCESS(rv, rv);
   rv = NS_NewThread(getter_AddRefs(mWorkerThread));
   NS_ENSURE_SUCCESS(rv, rv);
   sThreadCount++;
   if (sThreadCount > sTelemetryMaxThreadCount) {
     sTelemetryMaxThreadCount = sThreadCount;
   }
   return NS_OK;
 }
 // Called on the control thread.
 NS_IMETHODIMP
 BackgroundFileSaver::GetObserver(nsIBackgroundFileSaverObserver **aObserver)
 {
   NS_ENSURE_ARG_POINTER(aObserver);
   *aObserver = mObserver;
   NS_IF_ADDREF(*aObserver);
   return NS_OK;
 }
 // Called on the control thread.
 NS_IMETHODIMP
 BackgroundFileSaver::SetObserver(nsIBackgroundFileSaverObserver *aObserver)
 {
   mObserver = aObserver;
   return NS_OK;
 }
 // Called on the control thread.
 NS_IMETHODIMP
 BackgroundFileSaver::EnableAppend()
 {
   MOZ_ASSERT(NS_IsMainThread(), "This should be called on the main thread");
   MutexAutoLock lock(mLock);
   mAppend = true;
   return NS_OK;
 }
 // Called on the control thread.
 NS_IMETHODIMP
 BackgroundFileSaver::SetTarget(nsIFile *aTarget, bool aKeepPartial)
 {
   NS_ENSURE_ARG(aTarget);
   {
     MutexAutoLock lock(mLock);
     if (!mInitialTarget) {
       aTarget->Clone(getter_AddRefs(mInitialTarget));
       mInitialTargetKeepPartial = aKeepPartial;
     } else {
       aTarget->Clone(getter_AddRefs(mRenamedTarget));
       mRenamedTargetKeepPartial = aKeepPartial;
     }
   }
   // After the worker thread wakes up because attention is requested, it will
   // rename or create the target file as requested, and start copying data.
   return GetWorkerThreadAttention(true);
 }
 // Called on the control thread.
 NS_IMETHODIMP
 BackgroundFileSaver::Finish(nsresult aStatus)
 {
   nsresult rv;
   // This will cause the NS_AsyncCopy operation, if it's in progress, to consume
   // all the data that is still in the pipe, and then finish.
   rv = mPipeOutputStream->Close();
   NS_ENSURE_SUCCESS(rv, rv);
   // Ensure that, when we get attention from the worker thread, if no pending
   // rename operation is waiting, the operation will complete.
   {
     MutexAutoLock lock(mLock);
     mFinishRequested = true;
     if (NS_SUCCEEDED(mStatus)) {
       mStatus = aStatus;
     }
   }
   // After the worker thread wakes up because attention is requested, it will
   // process the completion conditions, detect that completion is requested, and
   // notify the main thread of the completion.  If this function was called with
   // a success code, we wait for the copy to finish before processing the
   // completion conditions, otherwise we interrupt the copy immediately.
   return GetWorkerThreadAttention(NS_FAILED(aStatus));
 }
 NS_IMETHODIMP
 BackgroundFileSaver::EnableSha256()
 {
   MOZ_ASSERT(NS_IsMainThread(),
              "Can't enable sha256 or initialize NSS off the main thread");
   // Ensure Personal Security Manager is initialized. This is required for
   // PK11_* operations to work.
   nsresult rv;
   nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
   mSha256Enabled = true;
   return NS_OK;
 }
 NS_IMETHODIMP
 BackgroundFileSaver::GetSha256Hash(nsACString& aHash)
 {
   MOZ_ASSERT(NS_IsMainThread(), "Can't inspect sha256 off the main thread");
   // We acquire a lock because mSha256 is written on the worker thread.
   MutexAutoLock lock(mLock);
   if (mSha256.IsEmpty()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   aHash = mSha256;
   return NS_OK;
 }
 NS_IMETHODIMP
 BackgroundFileSaver::EnableSignatureInfo()
 {
   MOZ_ASSERT(NS_IsMainThread(),
              "Can't enable signature extraction off the main thread");
   // Ensure Personal Security Manager is initialized.
   nsresult rv;
   nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
   mSignatureInfoEnabled = true;
   return NS_OK;
 }
 NS_IMETHODIMP
 BackgroundFileSaver::GetSignatureInfo(nsIArray** aSignatureInfo)
 {
   MOZ_ASSERT(NS_IsMainThread(), "Can't inspect signature off the main thread");
   // We acquire a lock because mSignatureInfo is written on the worker thread.
   MutexAutoLock lock(mLock);
   if (!mComplete || !mSignatureInfoEnabled) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   nsCOMPtr<nsIMutableArray> sigArray = do_CreateInstance(NS_ARRAY_CONTRACTID);
   for (int i = 0; i < mSignatureInfo.Count(); ++i) {
     sigArray->AppendElement(mSignatureInfo[i], false);
   }
   *aSignatureInfo = sigArray;
   NS_IF_ADDREF(*aSignatureInfo);
   return NS_OK;
 }
 // Called on the control thread.
 nsresult
 BackgroundFileSaver::GetWorkerThreadAttention(bool aShouldInterruptCopy)
 {
   nsresult rv;
   MutexAutoLock lock(mLock);
   // We only require attention one time.  If this function is called two times
   // before the worker thread wakes up, and the first has aShouldInterruptCopy
   // false and the second true, we won't forcibly interrupt the copy from the
   // control thread.  However, that never happens, because calling Finish with a
   // success code is the only case that may result in aShouldInterruptCopy being
   // false.  In that case, we won't call this function again, because consumers
   // should not invoke other methods on the control thread after calling Finish.
   // And in any case, Finish already closes one end of the pipe, causing the
   // copy to finish properly on its own.
   if (mWorkerThreadAttentionRequested) {
     return NS_OK;
   }
   if (!mAsyncCopyContext) {
     // Copy is not in progress, post an event to handle the change manually.
     nsCOMPtr<nsIRunnable> event =
       NS_NewRunnableMethod(this, &BackgroundFileSaver::ProcessAttention);
     NS_ENSURE_TRUE(event, NS_ERROR_FAILURE);
     rv = mWorkerThread->Dispatch(event, NS_DISPATCH_NORMAL);
     NS_ENSURE_SUCCESS(rv, rv);
   } else if (aShouldInterruptCopy) {
     // Interrupt the copy.  The copy will be resumed, if needed, by the
     // ProcessAttention function, invoked by the AsyncCopyCallback function.
     NS_CancelAsyncCopy(mAsyncCopyContext, NS_ERROR_ABORT);
   }
   // Indicate that attention has been requested successfully, there is no need
   // to post another event until the worker thread processes the current one.
   mWorkerThreadAttentionRequested = true;
   return NS_OK;
 }
 // Called on the worker thread.
 // static
 void
 BackgroundFileSaver::AsyncCopyCallback(void *aClosure, nsresult aStatus)
 {
   BackgroundFileSaver *self = (BackgroundFileSaver *)aClosure;
   {
     MutexAutoLock lock(self->mLock);
     // Now that the copy was interrupted or terminated, any notification from
     // the control thread requires an event to be posted to the worker thread.
     self->mAsyncCopyContext = nullptr;
     // When detecting failures, ignore the status code we use to interrupt.
     if (NS_FAILED(aStatus) && aStatus != NS_ERROR_ABORT &&
         NS_SUCCEEDED(self->mStatus)) {
       self->mStatus = aStatus;
     }
   }
   (void)self->ProcessAttention();
   // We called NS_ADDREF_THIS when NS_AsyncCopy started, to keep the object
   // alive even if other references disappeared.  At this point, we've finished
   // using the object and can safely release our reference.
   NS_RELEASE(self);
 }
 // Called on the worker thread.
 nsresult
 BackgroundFileSaver::ProcessAttention()
 {
   nsresult rv;
   // This function is called whenever the attention of the worker thread has
   // been requested.  This may happen in these cases:
   // * We are about to start the copy for the first time.  In this case, we are
   //   called from an event posted on the worker thread from the control thread
   //   by GetWorkerThreadAttention, and mAsyncCopyContext is null.
   // * We have interrupted the copy for some reason.  In this case, we are
   //   called by AsyncCopyCallback, and mAsyncCopyContext is null.
   // * We are currently executing ProcessStateChange, and attention is requested
   //   by the control thread, for example because SetTarget or Finish have been
   //   called.  In this case, we are called from from an event posted through
   //   GetWorkerThreadAttention.  While mAsyncCopyContext was always null when
   //   the event was posted, at this point mAsyncCopyContext may not be null
   //   anymore, because ProcessStateChange may have started the copy before the
   //   event that called this function was processed on the worker thread.
   // If mAsyncCopyContext is not null, we interrupt the copy and re-enter
   // through AsyncCopyCallback.  This allows us to check if, for instance, we
   // should rename the target file.  We will then restart the copy if needed.
   if (mAsyncCopyContext) {
     NS_CancelAsyncCopy(mAsyncCopyContext, NS_ERROR_ABORT);
     return NS_OK;
   }
   // Use the current shared state to determine the next operation to execute.
   rv = ProcessStateChange();
   if (NS_FAILED(rv)) {
     // If something failed while processing, terminate the operation now.
     {
       MutexAutoLock lock(mLock);
       if (NS_SUCCEEDED(mStatus)) {
         mStatus = rv;
       }
     }
     // Ensure we notify completion now that the operation failed.
     CheckCompletion();
   }
   return NS_OK;
 }
 // Called on the worker thread.
 nsresult
 BackgroundFileSaver::ProcessStateChange()
 {
   nsresult rv;
   // We might have been notified because the operation is complete, verify.
   if (CheckCompletion()) {
     return NS_OK;
   }
   // Get a copy of the current shared state for the worker thread.
   nsCOMPtr<nsIFile> initialTarget;
   bool initialTargetKeepPartial;
   nsCOMPtr<nsIFile> renamedTarget;
   bool renamedTargetKeepPartial;
   bool sha256Enabled;
   bool append;
   {
     MutexAutoLock lock(mLock);
     initialTarget = mInitialTarget;
     initialTargetKeepPartial = mInitialTargetKeepPartial;
     renamedTarget = mRenamedTarget;
     renamedTargetKeepPartial = mRenamedTargetKeepPartial;
     sha256Enabled = mSha256Enabled;
     append = mAppend;
     // From now on, another attention event needs to be posted if state changes.
     mWorkerThreadAttentionRequested = false;
   }
   // The initial target can only be null if it has never been assigned.  In this
   // case, there is nothing to do since we never created any output file.
   if (!initialTarget) {
     return NS_OK;
   }
   // Determine if we are processing the attention request for the first time.
   bool isContinuation = !!mActualTarget;
   if (!isContinuation) {
     // Assign the target file for the first time.
     mActualTarget = initialTarget;
     mActualTargetKeepPartial = initialTargetKeepPartial;
   }
   // Verify whether we have actually been instructed to use a different file.
   // This may happen the first time this function is executed, if SetTarget was
   // called two times before the worker thread processed the attention request.
   bool equalToCurrent = false;
   if (renamedTarget) {
     rv = mActualTarget->Equals(renamedTarget, &equalToCurrent);
     NS_ENSURE_SUCCESS(rv, rv);
     if (!equalToCurrent)
     {
       // If we were asked to rename the file but the initial file did not exist,
       // we simply create the file in the renamed location.  We avoid this check
       // if we have already started writing the output file ourselves.
       bool exists = true;
       if (!isContinuation) {
         rv = mActualTarget->Exists(&exists);
         NS_ENSURE_SUCCESS(rv, rv);
       }
       if (exists) {
         // We are moving the previous target file to a different location.
         nsCOMPtr<nsIFile> renamedTargetParentDir;
         rv = renamedTarget->GetParent(getter_AddRefs(renamedTargetParentDir));
         NS_ENSURE_SUCCESS(rv, rv);
         nsAutoString renamedTargetName;
         rv = renamedTarget->GetLeafName(renamedTargetName);
         NS_ENSURE_SUCCESS(rv, rv);
         // We must delete any existing target file before moving the current
         // one.
         rv = renamedTarget->Exists(&exists);
         NS_ENSURE_SUCCESS(rv, rv);
         if (exists) {
           rv = renamedTarget->Remove(false);
           NS_ENSURE_SUCCESS(rv, rv);
         }
         // Move the file.  If this fails, we still reference the original file
         // in mActualTarget, so that it is deleted if requested.  If this
         // succeeds, the nsIFile instance referenced by mActualTarget mutates
         // and starts pointing to the new file, but we'll discard the reference.
         rv = mActualTarget->MoveTo(renamedTargetParentDir, renamedTargetName);
         NS_ENSURE_SUCCESS(rv, rv);
       }
       // Now we can update the actual target file name.
       mActualTarget = renamedTarget;
       mActualTargetKeepPartial = renamedTargetKeepPartial;
     }
   }
   // Notify if the target file name actually changed.
   if (!equalToCurrent) {
     // We must clone the nsIFile instance because mActualTarget is not
     // immutable, it may change if the target is renamed later.
     nsCOMPtr<nsIFile> actualTargetToNotify;
     rv = mActualTarget->Clone(getter_AddRefs(actualTargetToNotify));
     NS_ENSURE_SUCCESS(rv, rv);
     nsRefPtr<NotifyTargetChangeRunnable> event =
       new NotifyTargetChangeRunnable(this, actualTargetToNotify);
     NS_ENSURE_TRUE(event, NS_ERROR_FAILURE);
     rv = mControlThread->Dispatch(event, NS_DISPATCH_NORMAL);
     NS_ENSURE_SUCCESS(rv, rv);
   }
   if (isContinuation) {
     // The pending rename operation might be the last task before finishing. We
     // may return here only if we have already created the target file.
     if (CheckCompletion()) {
       return NS_OK;
     }
     // Even if the operation did not complete, the pipe input stream may be
     // empty and may have been closed already.  We detect this case using the
     // Available property, because it never returns an error if there is more
     // data to be consumed.  If the pipe input stream is closed, we just exit
     // and wait for more calls like SetTarget or Finish to be invoked on the
     // control thread.  However, we still truncate the file or create the
     // initial digest context if we are expected to do that.
     uint64_t available;
     rv = mPipeInputStream->Available(&available);
     if (NS_FAILED(rv)) {
       return NS_OK;
     }
   }
   // Create the digest context if requested and NSS hasn't been shut down.
   if (sha256Enabled && !mDigestContext) {
     nsNSSShutDownPreventionLock lock;
     if (!isAlreadyShutDown()) {
       mDigestContext =
         PK11_CreateDigestContext(static_cast<SECOidTag>(SEC_OID_SHA256));
       NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY);
     }
   }
   // When we are requested to append to an existing file, we should read the
   // existing data and ensure we include it as part of the final hash.
   if (mDigestContext && append && !isContinuation) {
     nsCOMPtr<nsIInputStream> inputStream;
     rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream),
                                     mActualTarget,
                                     PR_RDONLY | nsIFile::OS_READAHEAD);
     if (rv != NS_ERROR_FILE_NOT_FOUND) {
       NS_ENSURE_SUCCESS(rv, rv);
       char buffer[BUFFERED_IO_SIZE];
       while (true) {
         uint32_t count;
         rv = inputStream->Read(buffer, BUFFERED_IO_SIZE, &count);
         NS_ENSURE_SUCCESS(rv, rv);
         if (count == 0) {
           // We reached the end of the file.
           break;
         }
         nsNSSShutDownPreventionLock lock;
         if (isAlreadyShutDown()) {
           return NS_ERROR_NOT_AVAILABLE;
         }
         nsresult rv = MapSECStatus(PK11_DigestOp(mDigestContext,
                                                  uint8_t_ptr_cast(buffer),
                                                  count));
         NS_ENSURE_SUCCESS(rv, rv);
       }
       rv = inputStream->Close();
       NS_ENSURE_SUCCESS(rv, rv);
     }
   }
   // We will append to the initial target file only if it was requested by the
   // caller, but we'll always append on subsequent accesses to the target file.
   int32_t creationIoFlags;
   if (isContinuation) {
     creationIoFlags = PR_APPEND;
   } else {
     creationIoFlags = (append ? PR_APPEND : PR_TRUNCATE) | PR_CREATE_FILE;
   }
   // Create the target file, or append to it if we already started writing it.
   nsCOMPtr<nsIOutputStream> outputStream;
   rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream),
                                    mActualTarget,
                                    PR_WRONLY | creationIoFlags, 0644);
   NS_ENSURE_SUCCESS(rv, rv);
   outputStream = NS_BufferOutputStream(outputStream, BUFFERED_IO_SIZE);
   if (!outputStream) {
     return NS_ERROR_FAILURE;
   }
   // Wrap the output stream so that it feeds the digest context if needed.
   if (mDigestContext) {
     // No need to acquire the NSS lock here, DigestOutputStream must acquire it
     // in any case before each asynchronous write. Constructing the
     // DigestOutputStream cannot fail. Passing mDigestContext to
     // DigestOutputStream is safe, because BackgroundFileSaver always outlives
     // the outputStream. BackgroundFileSaver is reference-counted before the
     // call to AsyncCopy, and mDigestContext is never destroyed before
     // AsyncCopyCallback.
     outputStream = new DigestOutputStream(outputStream, mDigestContext);
   }
   // Start copying our input to the target file.  No errors can be raised past
   // this point if the copy starts, since they should be handled by the thread.
   {
     MutexAutoLock lock(mLock);
     rv = NS_AsyncCopy(mPipeInputStream, outputStream, mWorkerThread,
                       NS_ASYNCCOPY_VIA_READSEGMENTS, 4096, AsyncCopyCallback,
                       this, false, true, getter_AddRefs(mAsyncCopyContext),
                       GetProgressCallback());
     if (NS_FAILED(rv)) {
       NS_WARNING("NS_AsyncCopy failed.");
       mAsyncCopyContext = nullptr;
       return rv;
     }
   }
   // If the operation succeeded, we must ensure that we keep this object alive
   // for the entire duration of the copy, since only the raw pointer will be
   // provided as the argument of the AsyncCopyCallback function.  We can add the
   // reference now, after NS_AsyncCopy returned, because it always starts
   // processing asynchronously, and there is no risk that the callback is
   // invoked before we reach this point.  If the operation failed instead, then
   // AsyncCopyCallback will never be called.
   NS_ADDREF_THIS();
   return NS_OK;
 }
 // Called on the worker thread.
 bool
 BackgroundFileSaver::CheckCompletion()
 {
   nsresult rv;
   MOZ_ASSERT(!mAsyncCopyContext,
              "Should not be copying when checking completion conditions.");
   bool failed = true;
   {
     MutexAutoLock lock(mLock);
     if (mComplete) {
       return true;
     }
     // If an error occurred, we don't need to do the checks in this code block,
     // and the operation can be completed immediately with a failure code.
     if (NS_SUCCEEDED(mStatus)) {
       failed = false;
       // We did not incur in an error, so we must determine if we can stop now.
       // If the Finish method has not been called, we can just continue now.
       if (!mFinishRequested) {
         return false;
       }
       // We can only stop when all the operations requested by the control
       // thread have been processed.  First, we check whether we have processed
       // the first SetTarget call, if any.  Then, we check whether we have
       // processed any rename requested by subsequent SetTarget calls.
       if ((mInitialTarget && !mActualTarget) ||
           (mRenamedTarget && mRenamedTarget != mActualTarget)) {
         return false;
       }
       // If we still have data to write to the output file, allow the copy
       // operation to resume.  The Available getter may return an error if one
       // of the pipe's streams has been already closed.
       uint64_t available;
       rv = mPipeInputStream->Available(&available);
       if (NS_SUCCEEDED(rv) && available != 0) {
         return false;
       }
     }
     mComplete = true;
   }
   // Ensure we notify completion now that the operation finished.
   // Do a best-effort attempt to remove the file if required.
   if (failed && mActualTarget && !mActualTargetKeepPartial) {
     (void)mActualTarget->Remove(false);
   }
   // Finish computing the hash
   if (!failed && mDigestContext) {
     nsNSSShutDownPreventionLock lock;
     if (!isAlreadyShutDown()) {
       Digest d;
       rv = d.End(SEC_OID_SHA256, mDigestContext);
       if (NS_SUCCEEDED(rv)) {
         MutexAutoLock lock(mLock);
         mSha256 = nsDependentCSubstring(char_ptr_cast(d.get().data),
                                         d.get().len);
       }
     }
   }
   // Compute the signature of the binary. ExtractSignatureInfo doesn't do
   // anything on non-Windows platforms except return an empty nsIArray.
   if (!failed && mActualTarget) {
     nsString filePath;
     mActualTarget->GetTarget(filePath);
     nsresult rv = ExtractSignatureInfo(filePath);
     if (NS_FAILED(rv)) {
       LOG(("Unable to extract signature information [this = %p].", this));
     } else {
       LOG(("Signature extraction success! [this = %p]", this));
     }
   }
   // Post an event to notify that the operation completed.
   nsCOMPtr<nsIRunnable> event =
     NS_NewRunnableMethod(this, &BackgroundFileSaver::NotifySaveComplete);
   if (!event ||
       NS_FAILED(mControlThread->Dispatch(event, NS_DISPATCH_NORMAL))) {
     NS_WARNING("Unable to post completion event to the control thread.");
   }
   return true;
 }
 // Called on the control thread.
 nsresult
 BackgroundFileSaver::NotifyTargetChange(nsIFile *aTarget)
 {
   if (mObserver) {
     (void)mObserver->OnTargetChange(this, aTarget);
   }
   return NS_OK;
 }
 // Called on the control thread.
 nsresult
 BackgroundFileSaver::NotifySaveComplete()
 {
   MOZ_ASSERT(NS_IsMainThread(), "This should be called on the main thread");
   nsresult status;
   {
     MutexAutoLock lock(mLock);
     status = mStatus;
   }
   if (mObserver) {
     (void)mObserver->OnSaveComplete(this, status);
   }
   // At this point, the worker thread will not process any more events, and we
   // can shut it down.  Shutting down a thread may re-enter the event loop on
   // this thread.  This is not a problem in this case, since this function is
   // called by a top-level event itself, and we have already invoked the
   // completion observer callback.  Re-entering the loop can only delay the
   // final release and destruction of this saver object, since we are keeping a
   // reference to it through the event object.
   mWorkerThread->Shutdown();
   sThreadCount--;
   // When there are no more active downloads, we consider the download session
   // finished. We record the maximum number of concurrent downloads reached
   // during the session in a telemetry histogram, and we reset the maximum
   // thread counter for the next download session
   if (sThreadCount == 0) {
     Telemetry::Accumulate(Telemetry::BACKGROUNDFILESAVER_THREAD_COUNT,
                           sTelemetryMaxThreadCount);
     sTelemetryMaxThreadCount = 0;
   }
   return NS_OK;
 }
 nsresult
 BackgroundFileSaver::ExtractSignatureInfo(const nsAString& filePath)
 {
   MOZ_ASSERT(!NS_IsMainThread(), "Cannot extract signature on main thread");
   nsNSSShutDownPreventionLock nssLock;
   if (isAlreadyShutDown()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   {
     MutexAutoLock lock(mLock);
     if (!mSignatureInfoEnabled) {
       return NS_OK;
     }
   }
   nsresult rv;
   nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 #ifdef XP_WIN
   // Setup the file to check.
   WINTRUST_FILE_INFO fileToCheck = {0};
   fileToCheck.cbStruct = sizeof(WINTRUST_FILE_INFO);
   fileToCheck.pcwszFilePath = filePath.Data();
   fileToCheck.hFile = nullptr;
   fileToCheck.pgKnownSubject = nullptr;
   // We want to check it is signed and trusted.
   WINTRUST_DATA trustData = {0};
   trustData.cbStruct = sizeof(trustData);
   trustData.pPolicyCallbackData = nullptr;
   trustData.pSIPClientData = nullptr;
   trustData.dwUIChoice = WTD_UI_NONE;
   trustData.fdwRevocationChecks = WTD_REVOKE_NONE;
   trustData.dwUnionChoice = WTD_CHOICE_FILE;
   trustData.dwStateAction = WTD_STATEACTION_VERIFY;
   trustData.hWVTStateData = nullptr;
   trustData.pwszURLReference = nullptr;
   // Disallow revocation checks over the network
   trustData.dwProvFlags = WTD_CACHE_ONLY_URL_RETRIEVAL;
   // no UI
   trustData.dwUIContext = 0;
   trustData.pFile = &fileToCheck;
   // The WINTRUST_ACTION_GENERIC_VERIFY_V2 policy verifies that the certificate
   // chains up to a trusted root CA and has appropriate permissions to sign
   // code.
   GUID policyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
   // Check if the file is signed by something that is trusted. If the file is
   // not signed, this is a no-op.
   LONG ret = WinVerifyTrust(nullptr, &policyGUID, &trustData);
   CRYPT_PROVIDER_DATA* cryptoProviderData = nullptr;
   // According to the Windows documentation, we should check against 0 instead
   // of ERROR_SUCCESS, which is an HRESULT.
   if (ret == 0) {
     cryptoProviderData = WTHelperProvDataFromStateData(trustData.hWVTStateData);
   }
   if (cryptoProviderData) {
     // Lock because signature information is read on the main thread.
     MutexAutoLock lock(mLock);
     LOG(("Downloaded trusted and signed file [this = %p].", this));
     // A binary may have multiple signers. Each signer may have multiple certs
     // in the chain.
     for (DWORD i = 0; i < cryptoProviderData->csSigners; ++i) {
       const CERT_CHAIN_CONTEXT* certChainContext =
         cryptoProviderData->pasSigners[i].pChainContext;
       if (!certChainContext) {
         break;
       }
       for (DWORD j = 0; j < certChainContext->cChain; ++j) {
         const CERT_SIMPLE_CHAIN* certSimpleChain =
           certChainContext->rgpChain[j];
         if (!certSimpleChain) {
           break;
         }
         nsCOMPtr<nsIX509CertList> nssCertList =
           do_CreateInstance(NS_X509CERTLIST_CONTRACTID);
         if (!nssCertList) {
           break;
         }
         bool extractionSuccess = true;
         for (DWORD k = 0; k < certSimpleChain->cElement; ++k) {
           CERT_CHAIN_ELEMENT* certChainElement = certSimpleChain->rgpElement[k];
           if (certChainElement->pCertContext->dwCertEncodingType !=
             X509_ASN_ENCODING) {
               continue;
           }
           nsCOMPtr<nsIX509Cert> nssCert = nullptr;
           rv = certDB->ConstructX509(
             reinterpret_cast<char *>(
               certChainElement->pCertContext->pbCertEncoded),
             certChainElement->pCertContext->cbCertEncoded,
             getter_AddRefs(nssCert));
           if (!nssCert) {
             extractionSuccess = false;
             LOG(("Couldn't create NSS cert [this = %p]", this));
             break;
           }
           nssCertList->AddCert(nssCert);
           nsString subjectName;
           nssCert->GetSubjectName(subjectName);
           LOG(("Adding cert %s [this = %p]",
                NS_ConvertUTF16toUTF8(subjectName).get(), this));
         }
         if (extractionSuccess) {
           mSignatureInfo.AppendObject(nssCertList);
         }
       }
     }
     // Free the provider data if cryptoProviderData is not null.
     trustData.dwStateAction = WTD_STATEACTION_CLOSE;
     WinVerifyTrust(nullptr, &policyGUID, &trustData);
   } else {
     LOG(("Downloaded unsigned or untrusted file [this = %p].", this));
   }
 #endif
   return NS_OK;
 }
 ////////////////////////////////////////////////////////////////////////////////
 //// BackgroundFileSaverOutputStream
 NS_IMPL_ISUPPORTS(BackgroundFileSaverOutputStream,
                   nsIBackgroundFileSaver,
                   nsIOutputStream,
                   nsIAsyncOutputStream,
                   nsIOutputStreamCallback)
 BackgroundFileSaverOutputStream::BackgroundFileSaverOutputStream()
 : BackgroundFileSaver()
 , mAsyncWaitCallback(nullptr)
 {
 }
 BackgroundFileSaverOutputStream::~BackgroundFileSaverOutputStream()
 {
 }
 bool
 BackgroundFileSaverOutputStream::HasInfiniteBuffer()
 {
   return false;
 }
 nsAsyncCopyProgressFun
 BackgroundFileSaverOutputStream::GetProgressCallback()
 {
   return nullptr;
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::Close()
 {
   return mPipeOutputStream->Close();
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::Flush()
 {
   return mPipeOutputStream->Flush();
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::Write(const char *aBuf, uint32_t aCount,
                                        uint32_t *_retval)
 {
   return mPipeOutputStream->Write(aBuf, aCount, _retval);
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::WriteFrom(nsIInputStream *aFromStream,
                                            uint32_t aCount, uint32_t *_retval)
 {
   return mPipeOutputStream->WriteFrom(aFromStream, aCount, _retval);
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::WriteSegments(nsReadSegmentFun aReader,
                                                void *aClosure, uint32_t aCount,
                                                uint32_t *_retval)
 {
   return mPipeOutputStream->WriteSegments(aReader, aClosure, aCount, _retval);
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::IsNonBlocking(bool *_retval)
 {
   return mPipeOutputStream->IsNonBlocking(_retval);
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::CloseWithStatus(nsresult reason)
 {
   return mPipeOutputStream->CloseWithStatus(reason);
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::AsyncWait(nsIOutputStreamCallback *aCallback,
                                            uint32_t aFlags,
                                            uint32_t aRequestedCount,
                                            nsIEventTarget *aEventTarget)
 {
   NS_ENSURE_STATE(!mAsyncWaitCallback);
   mAsyncWaitCallback = aCallback;
   return mPipeOutputStream->AsyncWait(this, aFlags, aRequestedCount,
                                       aEventTarget);
 }
 NS_IMETHODIMP
 BackgroundFileSaverOutputStream::OnOutputStreamReady(
                                  nsIAsyncOutputStream *aStream)
 {
   NS_ENSURE_STATE(mAsyncWaitCallback);
   nsCOMPtr<nsIOutputStreamCallback> asyncWaitCallback = nullptr;
   asyncWaitCallback.swap(mAsyncWaitCallback);
   return asyncWaitCallback->OnOutputStreamReady(this);
 }
 ////////////////////////////////////////////////////////////////////////////////
 //// BackgroundFileSaverStreamListener
 NS_IMPL_ISUPPORTS(BackgroundFileSaverStreamListener,
                   nsIBackgroundFileSaver,
                   nsIRequestObserver,
                   nsIStreamListener)
 BackgroundFileSaverStreamListener::BackgroundFileSaverStreamListener()
 : BackgroundFileSaver()
 , mSuspensionLock("BackgroundFileSaverStreamListener.mSuspensionLock")
 , mReceivedTooMuchData(false)
 , mRequest(nullptr)
 , mRequestSuspended(false)
 {
 }
 BackgroundFileSaverStreamListener::~BackgroundFileSaverStreamListener()
 {
 }
 bool
 BackgroundFileSaverStreamListener::HasInfiniteBuffer()
 {
   return true;
 }
 nsAsyncCopyProgressFun
 BackgroundFileSaverStreamListener::GetProgressCallback()
 {
   return AsyncCopyProgressCallback;
 }
 NS_IMETHODIMP
 BackgroundFileSaverStreamListener::OnStartRequest(nsIRequest *aRequest,
                                                   nsISupports *aContext)
 {
   NS_ENSURE_ARG(aRequest);
   return NS_OK;
 }
 NS_IMETHODIMP
 BackgroundFileSaverStreamListener::OnStopRequest(nsIRequest *aRequest,
                                                  nsISupports *aContext,
                                                  nsresult aStatusCode)
 {
   // If an error occurred, cancel the operation immediately.  On success, wait
   // until the caller has determined whether the file should be renamed.
   if (NS_FAILED(aStatusCode)) {
     Finish(aStatusCode);
   }
   return NS_OK;
 }
 NS_IMETHODIMP
 BackgroundFileSaverStreamListener::OnDataAvailable(nsIRequest *aRequest,
                                                    nsISupports *aContext,
                                                    nsIInputStream *aInputStream,
                                                    uint64_t aOffset,
                                                    uint32_t aCount)
 {
   nsresult rv;
   NS_ENSURE_ARG(aRequest);
   // Read the requested data.  Since the pipe has an infinite buffer, we don't
   // expect any write error to occur here.
   uint32_t writeCount;
   rv = mPipeOutputStream->WriteFrom(aInputStream, aCount, &writeCount);
   NS_ENSURE_SUCCESS(rv, rv);
   // If reading from the input stream fails for any reason, the pipe will return
   // a success code, but without reading all the data.  Since we should be able
   // to read the requested data when OnDataAvailable is called, raise an error.
   if (writeCount < aCount) {
     NS_WARNING("Reading from the input stream should not have failed.");
     return NS_ERROR_UNEXPECTED;
   }
   bool stateChanged = false;
   {
     MutexAutoLock lock(mSuspensionLock);
     if (!mReceivedTooMuchData) {
       uint64_t available;
       nsresult rv = mPipeInputStream->Available(&available);
       if (NS_SUCCEEDED(rv) && available > REQUEST_SUSPEND_AT) {
         mReceivedTooMuchData = true;
         mRequest = aRequest;
         stateChanged = true;
       }
     }
   }
   if (stateChanged) {
     NotifySuspendOrResume();
   }
   return NS_OK;
 }
 // Called on the worker thread.
 // static
 void
 BackgroundFileSaverStreamListener::AsyncCopyProgressCallback(void *aClosure,
                                                              uint32_t aCount)
 {
   BackgroundFileSaverStreamListener *self =
     (BackgroundFileSaverStreamListener *)aClosure;
   // Wait if the control thread is in the process of suspending or resuming.
   MutexAutoLock lock(self->mSuspensionLock);
   // This function is called when some bytes are consumed by NS_AsyncCopy.  Each
   // time this happens, verify if a suspended request should be resumed, because
   // we have now consumed enough data.
   if (self->mReceivedTooMuchData) {
     uint64_t available;
     nsresult rv = self->mPipeInputStream->Available(&available);
     if (NS_FAILED(rv) || available < REQUEST_RESUME_AT) {
       self->mReceivedTooMuchData = false;
       // Post an event to verify if the request should be resumed.
       nsCOMPtr<nsIRunnable> event = NS_NewRunnableMethod(self,
         &BackgroundFileSaverStreamListener::NotifySuspendOrResume);
       if (!event || NS_FAILED(self->mControlThread->Dispatch(event,
                                                     NS_DISPATCH_NORMAL))) {
         NS_WARNING("Unable to post resume event to the control thread.");
       }
     }
   }
 }
 // Called on the control thread.
 nsresult
 BackgroundFileSaverStreamListener::NotifySuspendOrResume()
 {
   // Prevent the worker thread from changing state while processing.
   MutexAutoLock lock(mSuspensionLock);
   if (mReceivedTooMuchData) {
     if (!mRequestSuspended) {
       // Try to suspend the request.  If this fails, don't try to resume later.
       if (NS_SUCCEEDED(mRequest->Suspend())) {
         mRequestSuspended = true;
       } else {
         NS_WARNING("Unable to suspend the request.");
       }
     }
   } else {
     if (mRequestSuspended) {
       // Resume the request only if we succeeded in suspending it.
       if (NS_SUCCEEDED(mRequest->Resume())) {
         mRequestSuspended = false;
       } else {
         NS_WARNING("Unable to resume the request.");
       }
     }
   }
   return NS_OK;
 }
 ////////////////////////////////////////////////////////////////////////////////
 //// DigestOutputStream
 NS_IMPL_ISUPPORTS(DigestOutputStream,
                   nsIOutputStream)
 DigestOutputStream::DigestOutputStream(nsIOutputStream* aStream,
                                        PK11Context* aContext) :
   mOutputStream(aStream)
   , mDigestContext(aContext)
 {
   MOZ_ASSERT(mDigestContext, "Can't have null digest context");
   MOZ_ASSERT(mOutputStream, "Can't have null output stream");
 }
 DigestOutputStream::~DigestOutputStream()
 {
   shutdown(calledFromObject);
 }
 NS_IMETHODIMP
 DigestOutputStream::Close()
 {
   return mOutputStream->Close();
 }
 NS_IMETHODIMP
 DigestOutputStream::Flush()
 {
   return mOutputStream->Flush();
 }
 NS_IMETHODIMP
 DigestOutputStream::Write(const char* aBuf, uint32_t aCount, uint32_t* retval)
 {
   nsNSSShutDownPreventionLock lock;
   if (isAlreadyShutDown()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   nsresult rv = MapSECStatus(PK11_DigestOp(mDigestContext,
                                            uint8_t_ptr_cast(aBuf), aCount));
   NS_ENSURE_SUCCESS(rv, rv);
   return mOutputStream->Write(aBuf, aCount, retval);
 }
 NS_IMETHODIMP
 DigestOutputStream::WriteFrom(nsIInputStream* aFromStream,
                               uint32_t aCount, uint32_t* retval)
 {
   // Not supported. We could read the stream to a buf, call DigestOp on the
   // result, seek back and pass the stream on, but it's not worth it since our
   // application (NS_AsyncCopy) doesn't invoke this on the sink.
   MOZ_CRASH("DigestOutputStream::WriteFrom not implemented");
 }
 NS_IMETHODIMP
 DigestOutputStream::WriteSegments(nsReadSegmentFun aReader,
                                   void *aClosure, uint32_t aCount,
                                   uint32_t *retval)
 {
   MOZ_CRASH("DigestOutputStream::WriteSegments not implemented");
 }
 NS_IMETHODIMP
 DigestOutputStream::IsNonBlocking(bool *retval)
 {
   return mOutputStream->IsNonBlocking(retval);
 }
 } // namespace net
 } // namespace mozilla

The Tor Browser / annotate

netwerk/base/src/BackgroundFileSaver.cpp@b8a032363ba2 (annotated)

netwerk/base/src/BackgroundFileSaver.cpp