/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /** * This file defines two implementations of the nsIBackgroundFileSaver * interface. See the "test_backgroundfilesaver.js" file for usage examples. */ #ifndef BackgroundFileSaver_h__ #define BackgroundFileSaver_h__ #include "ScopedNSSTypes.h" #include "mozilla/Mutex.h" #include "nsCOMArray.h" #include "nsCOMPtr.h" #include "nsIAsyncOutputStream.h" #include "nsIBackgroundFileSaver.h" #include "nsIStreamListener.h" #include "nsNSSShutDown.h" #include "nsStreamUtils.h" #include "nsString.h" class nsIAsyncInputStream; class nsIThread; class nsIX509CertList; namespace mozilla { namespace net { class DigestOutputStream; //////////////////////////////////////////////////////////////////////////////// //// BackgroundFileSaver class BackgroundFileSaver : public nsIBackgroundFileSaver, public nsNSSShutDownObject { public: NS_DECL_NSIBACKGROUNDFILESAVER BackgroundFileSaver(); /** * Initializes the pipe and the worker thread on XPCOM construction. * * This is called automatically by the XPCOM infrastructure, and if this * fails, the factory will delete this object without returning a reference. */ nsresult Init(); /** * Used by nsNSSShutDownList to manage nsNSSShutDownObjects. */ void virtualDestroyNSSReference() override; /** * Number of worker threads that are currently running. */ static uint32_t sThreadCount; /** * Maximum number of worker threads reached during the current download session, * used for telemetry. * * When there are no more worker threads running, we consider the download * session finished, and this counter is reset. */ static uint32_t sTelemetryMaxThreadCount; protected: virtual ~BackgroundFileSaver(); /** * Helper function for managing NSS objects (mDigestContext). */ void destructorSafeDestroyNSSReference(); /** * Thread that constructed this object. */ nsCOMPtr<nsIThread> mControlThread; /** * Thread to which the actual input/output is delegated. */ nsCOMPtr<nsIThread> mWorkerThread; /** * Stream that receives data from derived classes. The received data will be * available to the worker thread through mPipeInputStream. This is an * instance of nsPipeOutputStream, not BackgroundFileSaverOutputStream. */ nsCOMPtr<nsIAsyncOutputStream> mPipeOutputStream; /** * Used during initialization, determines if the pipe is created with an * infinite buffer. An infinite buffer is required if the derived class * implements nsIStreamListener, because this interface requires all the * provided data to be consumed synchronously. */ virtual bool HasInfiniteBuffer() = 0; /** * Used by derived classes if they need to be called back while copying. */ virtual nsAsyncCopyProgressFun GetProgressCallback() = 0; /** * Stream used by the worker thread to read the data to be saved. */ nsCOMPtr<nsIAsyncInputStream> mPipeInputStream; private: friend class NotifyTargetChangeRunnable; /** * Matches the nsIBackgroundFileSaver::observer property. * * @remarks This is a strong reference so that JavaScript callers don't need * to worry about keeping another reference to the observer. */ nsCOMPtr<nsIBackgroundFileSaverObserver> mObserver; ////////////////////////////////////////////////////////////////////////////// //// Shared state between control and worker threads /** * Protects the shared state between control and worker threads. This mutex * is always locked for a very short time, never during input/output. */ mozilla::Mutex mLock; /** * True if the worker thread is already waiting to process a change in state. */ bool mWorkerThreadAttentionRequested; /** * True if the operation should finish as soon as possibile. */ bool mFinishRequested; /** * True if the operation completed, with either success or failure. */ bool mComplete; /** * Holds the current file saver status. This is a success status while the * object is working correctly, and remains such if the operation completes * successfully. This becomes an error status when an error occurs on the * worker thread, or when the operation is canceled. */ nsresult mStatus; /** * True if we should append data to the initial target file, instead of * overwriting it. */ bool mAppend; /** * This is set by the first SetTarget call on the control thread, and contains * the target file name that will be used by the worker thread, as soon as it * is possible to update mActualTarget and open the file. This is null if no * target was ever assigned to this object. */ nsCOMPtr<nsIFile> mInitialTarget; /** * This is set by the first SetTarget call on the control thread, and * indicates whether mInitialTarget should be kept as partially completed, * rather than deleted, if the operation fails or is canceled. */ bool mInitialTargetKeepPartial; /** * This is set by subsequent SetTarget calls on the control thread, and * contains the new target file name to which the worker thread will move the * target file, as soon as it can be done. This is null if SetTarget was * called only once, or no target was ever assigned to this object. * * The target file can be renamed multiple times, though only the most recent * rename is guaranteed to be processed by the worker thread. */ nsCOMPtr<nsIFile> mRenamedTarget; /** * This is set by subsequent SetTarget calls on the control thread, and * indicates whether mRenamedTarget should be kept as partially completed, * rather than deleted, if the operation fails or is canceled. */ bool mRenamedTargetKeepPartial; /** * While NS_AsyncCopy is in progress, allows canceling it. Null otherwise. * This is read by both threads but only written by the worker thread. */ nsCOMPtr<nsISupports> mAsyncCopyContext; /** * The SHA 256 hash in raw bytes of the downloaded file. This is written * by the worker thread but can be read on the main thread. */ nsCString mSha256; /** * Whether or not to compute the hash. Must be set on the main thread before * setTarget is called. */ bool mSha256Enabled; /** * Store the signature info. */ nsCOMArray<nsIX509CertList> mSignatureInfo; /** * Whether or not to extract the signature. Must be set on the main thread * before setTarget is called. */ bool mSignatureInfoEnabled; ////////////////////////////////////////////////////////////////////////////// //// State handled exclusively by the worker thread /** * Current target file associated to the input and output streams. */ nsCOMPtr<nsIFile> mActualTarget; /** * Indicates whether mActualTarget should be kept as partially completed, * rather than deleted, if the operation fails or is canceled. */ bool mActualTargetKeepPartial; /** * Used to calculate the file hash. This keeps state across file renames and * is lazily initialized in ProcessStateChange. */ UniquePK11Context mDigestContext; ////////////////////////////////////////////////////////////////////////////// //// Private methods /** * Called when NS_AsyncCopy completes. * * @param aClosure * Populated with a raw pointer to the BackgroundFileSaver object. * @param aStatus * Success or failure status specified when the copy was interrupted. */ static void AsyncCopyCallback(void *aClosure, nsresult aStatus); /** * Called on the control thread after state changes, to ensure that the worker * thread will process the state change appropriately. * * @param aShouldInterruptCopy * If true, the current NS_AsyncCopy, if any, is canceled. */ nsresult GetWorkerThreadAttention(bool aShouldInterruptCopy); /** * Event called on the worker thread to begin processing a state change. */ nsresult ProcessAttention(); /** * Called by ProcessAttention to execute the operations corresponding to the * state change. If this results in an error, ProcessAttention will force the * entire operation to be aborted. */ nsresult ProcessStateChange(); /** * Returns true if completion conditions are met on the worker thread. The * first time this happens, posts the completion event to the control thread. */ bool CheckCompletion(); /** * Event called on the control thread to indicate that file contents will now * be saved to the specified file. */ nsresult NotifyTargetChange(nsIFile *aTarget); /** * Event called on the control thread to send the final notification. */ nsresult NotifySaveComplete(); /** * Verifies the signature of the binary at the specified file path and stores * the signature data in mSignatureInfo. We extract only X.509 certificates, * since that is what Google's Safebrowsing protocol specifies. */ nsresult ExtractSignatureInfo(const nsAString& filePath); }; //////////////////////////////////////////////////////////////////////////////// //// BackgroundFileSaverOutputStream class BackgroundFileSaverOutputStream : public BackgroundFileSaver , public nsIAsyncOutputStream , public nsIOutputStreamCallback { public: NS_DECL_THREADSAFE_ISUPPORTS NS_DECL_NSIOUTPUTSTREAM NS_DECL_NSIASYNCOUTPUTSTREAM NS_DECL_NSIOUTPUTSTREAMCALLBACK BackgroundFileSaverOutputStream(); protected: virtual bool HasInfiniteBuffer() override; virtual nsAsyncCopyProgressFun GetProgressCallback() override; private: ~BackgroundFileSaverOutputStream(); /** * Original callback provided to our AsyncWait wrapper. */ nsCOMPtr<nsIOutputStreamCallback> mAsyncWaitCallback; }; //////////////////////////////////////////////////////////////////////////////// //// BackgroundFileSaverStreamListener. This class is instantiated by // nsExternalHelperAppService, DownloadCore.jsm, and possibly others. class BackgroundFileSaverStreamListener final : public BackgroundFileSaver , public nsIStreamListener { public: NS_DECL_THREADSAFE_ISUPPORTS NS_DECL_NSIREQUESTOBSERVER NS_DECL_NSISTREAMLISTENER BackgroundFileSaverStreamListener(); protected: virtual bool HasInfiniteBuffer() override; virtual nsAsyncCopyProgressFun GetProgressCallback() override; private: ~BackgroundFileSaverStreamListener(); /** * Protects the state related to whether the request should be suspended. */ mozilla::Mutex mSuspensionLock; /** * Whether we should suspend the request because we received too much data. */ bool mReceivedTooMuchData; /** * Request for which we received too much data. This is populated when * mReceivedTooMuchData becomes true for the first time. */ nsCOMPtr<nsIRequest> mRequest; /** * Whether mRequest is currently suspended. */ bool mRequestSuspended; /** * Called while NS_AsyncCopy is copying data. */ static void AsyncCopyProgressCallback(void *aClosure, uint32_t aCount); /** * Called on the control thread to suspend or resume the request. */ nsresult NotifySuspendOrResume(); }; // A wrapper around nsIOutputStream, so that we can compute hashes on the // stream without copying and without polluting pristine NSS code with XPCOM // interfaces. class DigestOutputStream : public nsNSSShutDownObject, public nsIOutputStream { public: NS_DECL_THREADSAFE_ISUPPORTS NS_DECL_NSIOUTPUTSTREAM // Constructor. Neither parameter may be null. The caller owns both. DigestOutputStream(nsIOutputStream* outputStream, PK11Context* aContext); // We don't own any NSS objects here, so no need to clean up void virtualDestroyNSSReference() override { } private: ~DigestOutputStream(); // Calls to write are passed to this stream. nsCOMPtr<nsIOutputStream> mOutputStream; // Digest context used to compute the hash, owned by the caller. PK11Context* mDigestContext; // Don't accidentally copy construct. DigestOutputStream(const DigestOutputStream& d); }; } // namespace net } // namespace mozilla #endif