summaryrefslogtreecommitdiffstats
path: root/dom/security/ContentVerifier.h
blob: e0c94019762c15f21dd255b3fa7ab7febd4b5c65 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef mozilla_dom_ContentVerifier_h
#define mozilla_dom_ContentVerifier_h

#include "nsCOMPtr.h"
#include "nsIContentSignatureVerifier.h"
#include "nsIObserver.h"
#include "nsIStreamListener.h"
#include "nsString.h"
#include "nsTArray.h"

/**
 * Mediator intercepting OnStartRequest in nsHttpChannel, blocks until all
 * data is read from the input stream, verifies the content signature and
 * releases the request to the next listener if the verification is successful.
 * If the verification fails or anything else goes wrong, a
 * NS_ERROR_INVALID_SIGNATURE is thrown.
 */
class ContentVerifier : public nsIStreamListener
                      , public nsIContentSignatureReceiverCallback
{
public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSISTREAMLISTENER
  NS_DECL_NSIREQUESTOBSERVER
  NS_DECL_NSICONTENTSIGNATURERECEIVERCALLBACK

  explicit ContentVerifier(nsIStreamListener* aMediatedListener,
                           nsISupports* aMediatedContext)
    : mNextListener(aMediatedListener)
    , mContextCreated(false)
    , mContentRead(false) {}

  nsresult Init(const nsACString& aContentSignatureHeader, nsIRequest* aRequest,
                nsISupports* aContext);

protected:
  virtual ~ContentVerifier() {}

private:
  void FinishSignature();

  // buffered content to verify
  FallibleTArray<nsCString> mContent;
  // content and next listener for nsIStreamListener
  nsCOMPtr<nsIStreamListener> mNextListener;
  // the verifier
  nsCOMPtr<nsIContentSignatureVerifier> mVerifier;
  // holding a pointer to the content request and context to resume/cancel it
  nsCOMPtr<nsIRequest> mContentRequest;
  nsCOMPtr<nsISupports> mContentContext;
  // Semaphors to indicate that the verifying context was created, the entire
  // content was read resp. The context gets created by ContentSignatureVerifier
  // and mContextCreated is set in the ContextCreated callback. The content is
  // read, i.e. mContentRead is set, when the content OnStopRequest is called.
  bool mContextCreated;
  bool mContentRead;
};

#endif /* mozilla_dom_ContentVerifier_h */