Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "BackgroundFileSaver.h"
8
9
#include "ScopedNSSTypes.h"
10
#include "mozilla/Casting.h"
11
#include "mozilla/Logging.h"
12
#include "mozilla/Telemetry.h"
13
#include "nsCOMArray.h"
14
#include "nsDependentSubstring.h"
15
#include "nsIAsyncInputStream.h"
16
#include "nsIFile.h"
17
#include "nsIMutableArray.h"
18
#include "nsIPipe.h"
19
#include "nsIX509Cert.h"
20
#include "nsIX509CertDB.h"
21
#include "nsIX509CertList.h"
22
#include "nsNetUtil.h"
23
#include "nsThreadUtils.h"
24
#include "pk11pub.h"
25
#include "secoidt.h"
26
27
#ifdef XP_WIN
28
# include <windows.h>
29
# include <softpub.h>
30
# include <wintrust.h>
31
#endif // XP_WIN
32
33
namespace mozilla {
34
namespace net {
35
36
// MOZ_LOG=BackgroundFileSaver:5
37
static LazyLogModule prlog("BackgroundFileSaver");
38
#define LOG(args) MOZ_LOG(prlog, mozilla::LogLevel::Debug, args)
39
#define LOG_ENABLED() MOZ_LOG_TEST(prlog, mozilla::LogLevel::Debug)
40
41
////////////////////////////////////////////////////////////////////////////////
42
//// Globals
43
44
/**
45
* Buffer size for writing to the output file or reading from the input file.
46
*/
47
#define BUFFERED_IO_SIZE (1024 * 32)
48
49
/**
50
* When this upper limit is reached, the original request is suspended.
51
*/
52
#define REQUEST_SUSPEND_AT (1024 * 1024 * 4)
53
54
/**
55
* When this lower limit is reached, the original request is resumed.
56
*/
57
#define REQUEST_RESUME_AT (1024 * 1024 * 2)
58
59
////////////////////////////////////////////////////////////////////////////////
60
//// NotifyTargetChangeRunnable
61
62
/**
63
* Runnable object used to notify the control thread that file contents will now
64
* be saved to the specified file.
65
*/
66
class NotifyTargetChangeRunnable final : public Runnable {
67
public:
68
NotifyTargetChangeRunnable(BackgroundFileSaver* aSaver, nsIFile* aTarget)
69
: Runnable("net::NotifyTargetChangeRunnable"),
70
mSaver(aSaver),
71
mTarget(aTarget) {}
72
73
NS_IMETHOD Run() override { return mSaver->NotifyTargetChange(mTarget); }
74
75
private:
76
RefPtr<BackgroundFileSaver> mSaver;
77
nsCOMPtr<nsIFile> mTarget;
78
};
79
80
////////////////////////////////////////////////////////////////////////////////
81
//// BackgroundFileSaver
82
83
uint32_t BackgroundFileSaver::sThreadCount = 0;
84
uint32_t BackgroundFileSaver::sTelemetryMaxThreadCount = 0;
85
86
BackgroundFileSaver::BackgroundFileSaver()
87
: mControlEventTarget(nullptr),
88
mWorkerThread(nullptr),
89
mPipeOutputStream(nullptr),
90
mPipeInputStream(nullptr),
91
mObserver(nullptr),
92
mLock("BackgroundFileSaver.mLock"),
93
mWorkerThreadAttentionRequested(false),
94
mFinishRequested(false),
95
mComplete(false),
96
mStatus(NS_OK),
97
mAppend(false),
98
mInitialTarget(nullptr),
99
mInitialTargetKeepPartial(false),
100
mRenamedTarget(nullptr),
101
mRenamedTargetKeepPartial(false),
102
mAsyncCopyContext(nullptr),
103
mSha256Enabled(false),
104
mSignatureInfoEnabled(false),
105
mActualTarget(nullptr),
106
mActualTargetKeepPartial(false),
107
mDigestContext(nullptr) {
108
LOG(("Created BackgroundFileSaver [this = %p]", this));
109
}
110
111
BackgroundFileSaver::~BackgroundFileSaver() {
112
LOG(("Destroying BackgroundFileSaver [this = %p]", this));
113
}
114
115
// Called on the control thread.
116
nsresult BackgroundFileSaver::Init() {
117
MOZ_ASSERT(NS_IsMainThread(), "This should be called on the main thread");
118
119
nsresult rv;
120
121
rv = NS_NewPipe2(getter_AddRefs(mPipeInputStream),
122
getter_AddRefs(mPipeOutputStream), true, true, 0,
123
HasInfiniteBuffer() ? UINT32_MAX : 0);
124
NS_ENSURE_SUCCESS(rv, rv);
125
126
mControlEventTarget = GetCurrentThreadEventTarget();
127
NS_ENSURE_TRUE(mControlEventTarget, NS_ERROR_NOT_INITIALIZED);
128
129
rv = NS_NewNamedThread("BgFileSaver", getter_AddRefs(mWorkerThread));
130
NS_ENSURE_SUCCESS(rv, rv);
131
132
sThreadCount++;
133
if (sThreadCount > sTelemetryMaxThreadCount) {
134
sTelemetryMaxThreadCount = sThreadCount;
135
}
136
137
return NS_OK;
138
}
139
140
// Called on the control thread.
141
NS_IMETHODIMP
142
BackgroundFileSaver::GetObserver(nsIBackgroundFileSaverObserver** aObserver) {
143
NS_ENSURE_ARG_POINTER(aObserver);
144
*aObserver = mObserver;
145
NS_IF_ADDREF(*aObserver);
146
return NS_OK;
147
}
148
149
// Called on the control thread.
150
NS_IMETHODIMP
151
BackgroundFileSaver::SetObserver(nsIBackgroundFileSaverObserver* aObserver) {
152
mObserver = aObserver;
153
return NS_OK;
154
}
155
156
// Called on the control thread.
157
NS_IMETHODIMP
158
BackgroundFileSaver::EnableAppend() {
159
MOZ_ASSERT(NS_IsMainThread(), "This should be called on the main thread");
160
161
MutexAutoLock lock(mLock);
162
mAppend = true;
163
164
return NS_OK;
165
}
166
167
// Called on the control thread.
168
NS_IMETHODIMP
169
BackgroundFileSaver::SetTarget(nsIFile* aTarget, bool aKeepPartial) {
170
NS_ENSURE_ARG(aTarget);
171
{
172
MutexAutoLock lock(mLock);
173
if (!mInitialTarget) {
174
aTarget->Clone(getter_AddRefs(mInitialTarget));
175
mInitialTargetKeepPartial = aKeepPartial;
176
} else {
177
aTarget->Clone(getter_AddRefs(mRenamedTarget));
178
mRenamedTargetKeepPartial = aKeepPartial;
179
}
180
}
181
182
// After the worker thread wakes up because attention is requested, it will
183
// rename or create the target file as requested, and start copying data.
184
return GetWorkerThreadAttention(true);
185
}
186
187
// Called on the control thread.
188
NS_IMETHODIMP
189
BackgroundFileSaver::Finish(nsresult aStatus) {
190
nsresult rv;
191
192
// This will cause the NS_AsyncCopy operation, if it's in progress, to consume
193
// all the data that is still in the pipe, and then finish.
194
rv = mPipeOutputStream->Close();
195
NS_ENSURE_SUCCESS(rv, rv);
196
197
// Ensure that, when we get attention from the worker thread, if no pending
198
// rename operation is waiting, the operation will complete.
199
{
200
MutexAutoLock lock(mLock);
201
mFinishRequested = true;
202
if (NS_SUCCEEDED(mStatus)) {
203
mStatus = aStatus;
204
}
205
}
206
207
// After the worker thread wakes up because attention is requested, it will
208
// process the completion conditions, detect that completion is requested, and
209
// notify the main thread of the completion. If this function was called with
210
// a success code, we wait for the copy to finish before processing the
211
// completion conditions, otherwise we interrupt the copy immediately.
212
return GetWorkerThreadAttention(NS_FAILED(aStatus));
213
}
214
215
NS_IMETHODIMP
216
BackgroundFileSaver::EnableSha256() {
217
MOZ_ASSERT(NS_IsMainThread(),
218
"Can't enable sha256 or initialize NSS off the main thread");
219
// Ensure Personal Security Manager is initialized. This is required for
220
// PK11_* operations to work.
221
nsresult rv;
222
nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
223
NS_ENSURE_SUCCESS(rv, rv);
224
mSha256Enabled = true;
225
return NS_OK;
226
}
227
228
NS_IMETHODIMP
229
BackgroundFileSaver::GetSha256Hash(nsACString& aHash) {
230
MOZ_ASSERT(NS_IsMainThread(), "Can't inspect sha256 off the main thread");
231
// We acquire a lock because mSha256 is written on the worker thread.
232
MutexAutoLock lock(mLock);
233
if (mSha256.IsEmpty()) {
234
return NS_ERROR_NOT_AVAILABLE;
235
}
236
aHash = mSha256;
237
return NS_OK;
238
}
239
240
NS_IMETHODIMP
241
BackgroundFileSaver::EnableSignatureInfo() {
242
MOZ_ASSERT(NS_IsMainThread(),
243
"Can't enable signature extraction off the main thread");
244
// Ensure Personal Security Manager is initialized.
245
nsresult rv;
246
nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
247
NS_ENSURE_SUCCESS(rv, rv);
248
mSignatureInfoEnabled = true;
249
return NS_OK;
250
}
251
252
NS_IMETHODIMP
253
BackgroundFileSaver::GetSignatureInfo(nsIArray** aSignatureInfo) {
254
MOZ_ASSERT(NS_IsMainThread(), "Can't inspect signature off the main thread");
255
// We acquire a lock because mSignatureInfo is written on the worker thread.
256
MutexAutoLock lock(mLock);
257
if (!mComplete || !mSignatureInfoEnabled) {
258
return NS_ERROR_NOT_AVAILABLE;
259
}
260
nsCOMPtr<nsIMutableArray> sigArray = do_CreateInstance(NS_ARRAY_CONTRACTID);
261
for (int i = 0; i < mSignatureInfo.Count(); ++i) {
262
sigArray->AppendElement(mSignatureInfo[i]);
263
}
264
*aSignatureInfo = sigArray;
265
NS_IF_ADDREF(*aSignatureInfo);
266
return NS_OK;
267
}
268
269
// Called on the control thread.
270
nsresult BackgroundFileSaver::GetWorkerThreadAttention(
271
bool aShouldInterruptCopy) {
272
nsresult rv;
273
274
MutexAutoLock lock(mLock);
275
276
// We only require attention one time. If this function is called two times
277
// before the worker thread wakes up, and the first has aShouldInterruptCopy
278
// false and the second true, we won't forcibly interrupt the copy from the
279
// control thread. However, that never happens, because calling Finish with a
280
// success code is the only case that may result in aShouldInterruptCopy being
281
// false. In that case, we won't call this function again, because consumers
282
// should not invoke other methods on the control thread after calling Finish.
283
// And in any case, Finish already closes one end of the pipe, causing the
284
// copy to finish properly on its own.
285
if (mWorkerThreadAttentionRequested) {
286
return NS_OK;
287
}
288
289
if (!mAsyncCopyContext) {
290
// Copy is not in progress, post an event to handle the change manually.
291
rv = mWorkerThread->Dispatch(
292
NewRunnableMethod("net::BackgroundFileSaver::ProcessAttention", this,
293
&BackgroundFileSaver::ProcessAttention),
294
NS_DISPATCH_NORMAL);
295
NS_ENSURE_SUCCESS(rv, rv);
296
} else if (aShouldInterruptCopy) {
297
// Interrupt the copy. The copy will be resumed, if needed, by the
298
// ProcessAttention function, invoked by the AsyncCopyCallback function.
299
NS_CancelAsyncCopy(mAsyncCopyContext, NS_ERROR_ABORT);
300
}
301
302
// Indicate that attention has been requested successfully, there is no need
303
// to post another event until the worker thread processes the current one.
304
mWorkerThreadAttentionRequested = true;
305
306
return NS_OK;
307
}
308
309
// Called on the worker thread.
310
// static
311
void BackgroundFileSaver::AsyncCopyCallback(void* aClosure, nsresult aStatus) {
312
// We called NS_ADDREF_THIS when NS_AsyncCopy started, to keep the object
313
// alive even if other references disappeared. At the end of this method,
314
// we've finished using the object and can safely release our reference.
315
RefPtr<BackgroundFileSaver> self =
316
dont_AddRef((BackgroundFileSaver*)aClosure);
317
{
318
MutexAutoLock lock(self->mLock);
319
320
// Now that the copy was interrupted or terminated, any notification from
321
// the control thread requires an event to be posted to the worker thread.
322
self->mAsyncCopyContext = nullptr;
323
324
// When detecting failures, ignore the status code we use to interrupt.
325
if (NS_FAILED(aStatus) && aStatus != NS_ERROR_ABORT &&
326
NS_SUCCEEDED(self->mStatus)) {
327
self->mStatus = aStatus;
328
}
329
}
330
331
(void)self->ProcessAttention();
332
}
333
334
// Called on the worker thread.
335
nsresult BackgroundFileSaver::ProcessAttention() {
336
nsresult rv;
337
338
// This function is called whenever the attention of the worker thread has
339
// been requested. This may happen in these cases:
340
// * We are about to start the copy for the first time. In this case, we are
341
// called from an event posted on the worker thread from the control thread
342
// by GetWorkerThreadAttention, and mAsyncCopyContext is null.
343
// * We have interrupted the copy for some reason. In this case, we are
344
// called by AsyncCopyCallback, and mAsyncCopyContext is null.
345
// * We are currently executing ProcessStateChange, and attention is requested
346
// by the control thread, for example because SetTarget or Finish have been
347
// called. In this case, we are called from from an event posted through
348
// GetWorkerThreadAttention. While mAsyncCopyContext was always null when
349
// the event was posted, at this point mAsyncCopyContext may not be null
350
// anymore, because ProcessStateChange may have started the copy before the
351
// event that called this function was processed on the worker thread.
352
// If mAsyncCopyContext is not null, we interrupt the copy and re-enter
353
// through AsyncCopyCallback. This allows us to check if, for instance, we
354
// should rename the target file. We will then restart the copy if needed.
355
if (mAsyncCopyContext) {
356
NS_CancelAsyncCopy(mAsyncCopyContext, NS_ERROR_ABORT);
357
return NS_OK;
358
}
359
// Use the current shared state to determine the next operation to execute.
360
rv = ProcessStateChange();
361
if (NS_FAILED(rv)) {
362
// If something failed while processing, terminate the operation now.
363
{
364
MutexAutoLock lock(mLock);
365
366
if (NS_SUCCEEDED(mStatus)) {
367
mStatus = rv;
368
}
369
}
370
// Ensure we notify completion now that the operation failed.
371
CheckCompletion();
372
}
373
374
return NS_OK;
375
}
376
377
// Called on the worker thread.
378
nsresult BackgroundFileSaver::ProcessStateChange() {
379
nsresult rv;
380
381
// We might have been notified because the operation is complete, verify.
382
if (CheckCompletion()) {
383
return NS_OK;
384
}
385
386
// Get a copy of the current shared state for the worker thread.
387
nsCOMPtr<nsIFile> initialTarget;
388
bool initialTargetKeepPartial;
389
nsCOMPtr<nsIFile> renamedTarget;
390
bool renamedTargetKeepPartial;
391
bool sha256Enabled;
392
bool append;
393
{
394
MutexAutoLock lock(mLock);
395
396
initialTarget = mInitialTarget;
397
initialTargetKeepPartial = mInitialTargetKeepPartial;
398
renamedTarget = mRenamedTarget;
399
renamedTargetKeepPartial = mRenamedTargetKeepPartial;
400
sha256Enabled = mSha256Enabled;
401
append = mAppend;
402
403
// From now on, another attention event needs to be posted if state changes.
404
mWorkerThreadAttentionRequested = false;
405
}
406
407
// The initial target can only be null if it has never been assigned. In this
408
// case, there is nothing to do since we never created any output file.
409
if (!initialTarget) {
410
return NS_OK;
411
}
412
413
// Determine if we are processing the attention request for the first time.
414
bool isContinuation = !!mActualTarget;
415
if (!isContinuation) {
416
// Assign the target file for the first time.
417
mActualTarget = initialTarget;
418
mActualTargetKeepPartial = initialTargetKeepPartial;
419
}
420
421
// Verify whether we have actually been instructed to use a different file.
422
// This may happen the first time this function is executed, if SetTarget was
423
// called two times before the worker thread processed the attention request.
424
bool equalToCurrent = false;
425
if (renamedTarget) {
426
rv = mActualTarget->Equals(renamedTarget, &equalToCurrent);
427
NS_ENSURE_SUCCESS(rv, rv);
428
if (!equalToCurrent) {
429
// If we were asked to rename the file but the initial file did not exist,
430
// we simply create the file in the renamed location. We avoid this check
431
// if we have already started writing the output file ourselves.
432
bool exists = true;
433
if (!isContinuation) {
434
rv = mActualTarget->Exists(&exists);
435
NS_ENSURE_SUCCESS(rv, rv);
436
}
437
if (exists) {
438
// We are moving the previous target file to a different location.
439
nsCOMPtr<nsIFile> renamedTargetParentDir;
440
rv = renamedTarget->GetParent(getter_AddRefs(renamedTargetParentDir));
441
NS_ENSURE_SUCCESS(rv, rv);
442
443
nsAutoString renamedTargetName;
444
rv = renamedTarget->GetLeafName(renamedTargetName);
445
NS_ENSURE_SUCCESS(rv, rv);
446
447
// We must delete any existing target file before moving the current
448
// one.
449
rv = renamedTarget->Exists(&exists);
450
NS_ENSURE_SUCCESS(rv, rv);
451
if (exists) {
452
rv = renamedTarget->Remove(false);
453
NS_ENSURE_SUCCESS(rv, rv);
454
}
455
456
// Move the file. If this fails, we still reference the original file
457
// in mActualTarget, so that it is deleted if requested. If this
458
// succeeds, the nsIFile instance referenced by mActualTarget mutates
459
// and starts pointing to the new file, but we'll discard the reference.
460
rv = mActualTarget->MoveTo(renamedTargetParentDir, renamedTargetName);
461
NS_ENSURE_SUCCESS(rv, rv);
462
}
463
464
// We should not only update the mActualTarget with renameTarget when
465
// they point to the different files.
466
// In this way, if mActualTarget and renamedTarget point to the same file
467
// with different addresses, "CheckCompletion()" will return false
468
// forever.
469
}
470
471
// Update mActualTarget with renameTarget,
472
// even if they point to the same file.
473
mActualTarget = renamedTarget;
474
mActualTargetKeepPartial = renamedTargetKeepPartial;
475
}
476
477
// Notify if the target file name actually changed.
478
if (!equalToCurrent) {
479
// We must clone the nsIFile instance because mActualTarget is not
480
// immutable, it may change if the target is renamed later.
481
nsCOMPtr<nsIFile> actualTargetToNotify;
482
rv = mActualTarget->Clone(getter_AddRefs(actualTargetToNotify));
483
NS_ENSURE_SUCCESS(rv, rv);
484
485
RefPtr<NotifyTargetChangeRunnable> event =
486
new NotifyTargetChangeRunnable(this, actualTargetToNotify);
487
NS_ENSURE_TRUE(event, NS_ERROR_FAILURE);
488
489
rv = mControlEventTarget->Dispatch(event, NS_DISPATCH_NORMAL);
490
NS_ENSURE_SUCCESS(rv, rv);
491
}
492
493
if (isContinuation) {
494
// The pending rename operation might be the last task before finishing. We
495
// may return here only if we have already created the target file.
496
if (CheckCompletion()) {
497
return NS_OK;
498
}
499
500
// Even if the operation did not complete, the pipe input stream may be
501
// empty and may have been closed already. We detect this case using the
502
// Available property, because it never returns an error if there is more
503
// data to be consumed. If the pipe input stream is closed, we just exit
504
// and wait for more calls like SetTarget or Finish to be invoked on the
505
// control thread. However, we still truncate the file or create the
506
// initial digest context if we are expected to do that.
507
uint64_t available;
508
rv = mPipeInputStream->Available(&available);
509
if (NS_FAILED(rv)) {
510
return NS_OK;
511
}
512
}
513
514
// Create the digest context if requested and NSS hasn't been shut down.
515
if (sha256Enabled && !mDigestContext) {
516
mDigestContext =
517
UniquePK11Context(PK11_CreateDigestContext(SEC_OID_SHA256));
518
NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY);
519
}
520
521
// When we are requested to append to an existing file, we should read the
522
// existing data and ensure we include it as part of the final hash.
523
if (mDigestContext && append && !isContinuation) {
524
nsCOMPtr<nsIInputStream> inputStream;
525
rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream), mActualTarget,
526
PR_RDONLY | nsIFile::OS_READAHEAD);
527
if (rv != NS_ERROR_FILE_NOT_FOUND) {
528
NS_ENSURE_SUCCESS(rv, rv);
529
530
char buffer[BUFFERED_IO_SIZE];
531
while (true) {
532
uint32_t count;
533
rv = inputStream->Read(buffer, BUFFERED_IO_SIZE, &count);
534
NS_ENSURE_SUCCESS(rv, rv);
535
536
if (count == 0) {
537
// We reached the end of the file.
538
break;
539
}
540
541
nsresult rv = MapSECStatus(
542
PK11_DigestOp(mDigestContext.get(),
543
BitwiseCast<unsigned char*, char*>(buffer), count));
544
NS_ENSURE_SUCCESS(rv, rv);
545
}
546
547
rv = inputStream->Close();
548
NS_ENSURE_SUCCESS(rv, rv);
549
}
550
}
551
552
// We will append to the initial target file only if it was requested by the
553
// caller, but we'll always append on subsequent accesses to the target file.
554
int32_t creationIoFlags;
555
if (isContinuation) {
556
creationIoFlags = PR_APPEND;
557
} else {
558
creationIoFlags = (append ? PR_APPEND : PR_TRUNCATE) | PR_CREATE_FILE;
559
}
560
561
// Create the target file, or append to it if we already started writing it.
562
// The 0600 permissions are used while the file is being downloaded, and for
563
// interrupted downloads. Those may be located in the system temporary
564
// directory, as well as the target directory, and generally have a ".part"
565
// extension. Those part files should never be group or world-writable even
566
// if the umask allows it.
567
nsCOMPtr<nsIOutputStream> outputStream;
568
rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream), mActualTarget,
569
PR_WRONLY | creationIoFlags, 0600);
570
NS_ENSURE_SUCCESS(rv, rv);
571
572
nsCOMPtr<nsIOutputStream> bufferedStream;
573
rv = NS_NewBufferedOutputStream(getter_AddRefs(bufferedStream),
574
outputStream.forget(), BUFFERED_IO_SIZE);
575
NS_ENSURE_SUCCESS(rv, rv);
576
outputStream = bufferedStream;
577
578
// Wrap the output stream so that it feeds the digest context if needed.
579
if (mDigestContext) {
580
// Constructing the DigestOutputStream cannot fail. Passing mDigestContext
581
// to DigestOutputStream is safe, because BackgroundFileSaver always
582
// outlives the outputStream. BackgroundFileSaver is reference-counted
583
// before the call to AsyncCopy, and mDigestContext is never destroyed
584
// before AsyncCopyCallback.
585
outputStream = new DigestOutputStream(outputStream, mDigestContext.get());
586
}
587
588
// Start copying our input to the target file. No errors can be raised past
589
// this point if the copy starts, since they should be handled by the thread.
590
{
591
MutexAutoLock lock(mLock);
592
593
rv = NS_AsyncCopy(mPipeInputStream, outputStream, mWorkerThread,
594
NS_ASYNCCOPY_VIA_READSEGMENTS, 4096, AsyncCopyCallback,
595
this, false, true, getter_AddRefs(mAsyncCopyContext),
596
GetProgressCallback());
597
if (NS_FAILED(rv)) {
598
NS_WARNING("NS_AsyncCopy failed.");
599
mAsyncCopyContext = nullptr;
600
return rv;
601
}
602
}
603
604
// If the operation succeeded, we must ensure that we keep this object alive
605
// for the entire duration of the copy, since only the raw pointer will be
606
// provided as the argument of the AsyncCopyCallback function. We can add the
607
// reference now, after NS_AsyncCopy returned, because it always starts
608
// processing asynchronously, and there is no risk that the callback is
609
// invoked before we reach this point. If the operation failed instead, then
610
// AsyncCopyCallback will never be called.
611
NS_ADDREF_THIS();
612
613
return NS_OK;
614
}
615
616
// Called on the worker thread.
617
bool BackgroundFileSaver::CheckCompletion() {
618
nsresult rv;
619
620
MOZ_ASSERT(!mAsyncCopyContext,
621
"Should not be copying when checking completion conditions.");
622
623
bool failed = true;
624
{
625
MutexAutoLock lock(mLock);
626
627
if (mComplete) {
628
return true;
629
}
630
631
// If an error occurred, we don't need to do the checks in this code block,
632
// and the operation can be completed immediately with a failure code.
633
if (NS_SUCCEEDED(mStatus)) {
634
failed = false;
635
636
// We did not incur in an error, so we must determine if we can stop now.
637
// If the Finish method has not been called, we can just continue now.
638
if (!mFinishRequested) {
639
return false;
640
}
641
642
// We can only stop when all the operations requested by the control
643
// thread have been processed. First, we check whether we have processed
644
// the first SetTarget call, if any. Then, we check whether we have
645
// processed any rename requested by subsequent SetTarget calls.
646
if ((mInitialTarget && !mActualTarget) ||
647
(mRenamedTarget && mRenamedTarget != mActualTarget)) {
648
return false;
649
}
650
651
// If we still have data to write to the output file, allow the copy
652
// operation to resume. The Available getter may return an error if one
653
// of the pipe's streams has been already closed.
654
uint64_t available;
655
rv = mPipeInputStream->Available(&available);
656
if (NS_SUCCEEDED(rv) && available != 0) {
657
return false;
658
}
659
}
660
661
mComplete = true;
662
}
663
664
// Ensure we notify completion now that the operation finished.
665
// Do a best-effort attempt to remove the file if required.
666
if (failed && mActualTarget && !mActualTargetKeepPartial) {
667
(void)mActualTarget->Remove(false);
668
}
669
670
// Finish computing the hash
671
if (!failed && mDigestContext) {
672
Digest d;
673
rv = d.End(SEC_OID_SHA256, mDigestContext);
674
if (NS_SUCCEEDED(rv)) {
675
MutexAutoLock lock(mLock);
676
mSha256 = nsDependentCSubstring(
677
BitwiseCast<char*, unsigned char*>(d.get().data), d.get().len);
678
}
679
}
680
681
// Compute the signature of the binary. ExtractSignatureInfo doesn't do
682
// anything on non-Windows platforms except return an empty nsIArray.
683
if (!failed && mActualTarget) {
684
nsString filePath;
685
mActualTarget->GetTarget(filePath);
686
nsresult rv = ExtractSignatureInfo(filePath);
687
if (NS_FAILED(rv)) {
688
LOG(("Unable to extract signature information [this = %p].", this));
689
} else {
690
LOG(("Signature extraction success! [this = %p]", this));
691
}
692
}
693
694
// Post an event to notify that the operation completed.
695
if (NS_FAILED(mControlEventTarget->Dispatch(
696
NewRunnableMethod("BackgroundFileSaver::NotifySaveComplete", this,
697
&BackgroundFileSaver::NotifySaveComplete),
698
NS_DISPATCH_NORMAL))) {
699
NS_WARNING("Unable to post completion event to the control thread.");
700
}
701
702
return true;
703
}
704
705
// Called on the control thread.
706
nsresult BackgroundFileSaver::NotifyTargetChange(nsIFile* aTarget) {
707
if (mObserver) {
708
(void)mObserver->OnTargetChange(this, aTarget);
709
}
710
711
return NS_OK;
712
}
713
714
// Called on the control thread.
715
nsresult BackgroundFileSaver::NotifySaveComplete() {
716
MOZ_ASSERT(NS_IsMainThread(), "This should be called on the main thread");
717
718
nsresult status;
719
{
720
MutexAutoLock lock(mLock);
721
status = mStatus;
722
}
723
724
if (mObserver) {
725
(void)mObserver->OnSaveComplete(this, status);
726
// If mObserver keeps alive an enclosure that captures `this`, we'll have a
727
// cycle that won't be caught by the cycle-collector, so we need to break it
728
// when we're done here (see bug 1444265).
729
mObserver = nullptr;
730
}
731
732
// At this point, the worker thread will not process any more events, and we
733
// can shut it down. Shutting down a thread may re-enter the event loop on
734
// this thread. This is not a problem in this case, since this function is
735
// called by a top-level event itself, and we have already invoked the
736
// completion observer callback. Re-entering the loop can only delay the
737
// final release and destruction of this saver object, since we are keeping a
738
// reference to it through the event object.
739
mWorkerThread->Shutdown();
740
741
sThreadCount--;
742
743
// When there are no more active downloads, we consider the download session
744
// finished. We record the maximum number of concurrent downloads reached
745
// during the session in a telemetry histogram, and we reset the maximum
746
// thread counter for the next download session
747
if (sThreadCount == 0) {
748
Telemetry::Accumulate(Telemetry::BACKGROUNDFILESAVER_THREAD_COUNT,
749
sTelemetryMaxThreadCount);
750
sTelemetryMaxThreadCount = 0;
751
}
752
753
return NS_OK;
754
}
755
756
nsresult BackgroundFileSaver::ExtractSignatureInfo(const nsAString& filePath) {
757
MOZ_ASSERT(!NS_IsMainThread(), "Cannot extract signature on main thread");
758
{
759
MutexAutoLock lock(mLock);
760
if (!mSignatureInfoEnabled) {
761
return NS_OK;
762
}
763
}
764
nsresult rv;
765
nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID, &rv);
766
NS_ENSURE_SUCCESS(rv, rv);
767
#ifdef XP_WIN
768
// Setup the file to check.
769
WINTRUST_FILE_INFO fileToCheck = {0};
770
fileToCheck.cbStruct = sizeof(WINTRUST_FILE_INFO);
771
fileToCheck.pcwszFilePath = filePath.Data();
772
fileToCheck.hFile = nullptr;
773
fileToCheck.pgKnownSubject = nullptr;
774
775
// We want to check it is signed and trusted.
776
WINTRUST_DATA trustData = {0};
777
trustData.cbStruct = sizeof(trustData);
778
trustData.pPolicyCallbackData = nullptr;
779
trustData.pSIPClientData = nullptr;
780
trustData.dwUIChoice = WTD_UI_NONE;
781
trustData.fdwRevocationChecks = WTD_REVOKE_NONE;
782
trustData.dwUnionChoice = WTD_CHOICE_FILE;
783
trustData.dwStateAction = WTD_STATEACTION_VERIFY;
784
trustData.hWVTStateData = nullptr;
785
trustData.pwszURLReference = nullptr;
786
// Disallow revocation checks over the network
787
trustData.dwProvFlags = WTD_CACHE_ONLY_URL_RETRIEVAL;
788
// no UI
789
trustData.dwUIContext = 0;
790
trustData.pFile = &fileToCheck;
791
792
// The WINTRUST_ACTION_GENERIC_VERIFY_V2 policy verifies that the certificate
793
// chains up to a trusted root CA and has appropriate permissions to sign
794
// code.
795
GUID policyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
796
// Check if the file is signed by something that is trusted. If the file is
797
// not signed, this is a no-op.
798
LONG ret = WinVerifyTrust(nullptr, &policyGUID, &trustData);
799
CRYPT_PROVIDER_DATA* cryptoProviderData = nullptr;
800
// According to the Windows documentation, we should check against 0 instead
801
// of ERROR_SUCCESS, which is an HRESULT.
802
if (ret == 0) {
803
cryptoProviderData = WTHelperProvDataFromStateData(trustData.hWVTStateData);
804
}
805
if (cryptoProviderData) {
806
// Lock because signature information is read on the main thread.
807
MutexAutoLock lock(mLock);
808
LOG(("Downloaded trusted and signed file [this = %p].", this));
809
// A binary may have multiple signers. Each signer may have multiple certs
810
// in the chain.
811
for (DWORD i = 0; i < cryptoProviderData->csSigners; ++i) {
812
const CERT_CHAIN_CONTEXT* certChainContext =
813
cryptoProviderData->pasSigners[i].pChainContext;
814
if (!certChainContext) {
815
break;
816
}
817
for (DWORD j = 0; j < certChainContext->cChain; ++j) {
818
const CERT_SIMPLE_CHAIN* certSimpleChain =
819
certChainContext->rgpChain[j];
820
if (!certSimpleChain) {
821
break;
822
}
823
nsCOMPtr<nsIX509CertList> nssCertList =
824
do_CreateInstance(NS_X509CERTLIST_CONTRACTID);
825
if (!nssCertList) {
826
break;
827
}
828
bool extractionSuccess = true;
829
for (DWORD k = 0; k < certSimpleChain->cElement; ++k) {
830
CERT_CHAIN_ELEMENT* certChainElement = certSimpleChain->rgpElement[k];
831
if (certChainElement->pCertContext->dwCertEncodingType !=
832
X509_ASN_ENCODING) {
833
continue;
834
}
835
nsCOMPtr<nsIX509Cert> nssCert = nullptr;
836
nsDependentCSubstring certDER(
837
reinterpret_cast<char*>(
838
certChainElement->pCertContext->pbCertEncoded),
839
certChainElement->pCertContext->cbCertEncoded);
840
rv = certDB->ConstructX509(certDER, getter_AddRefs(nssCert));
841
if (!nssCert) {
842
extractionSuccess = false;
843
LOG(("Couldn't create NSS cert [this = %p]", this));
844
break;
845
}
846
rv = nssCertList->AddCert(nssCert);
847
if (NS_FAILED(rv)) {
848
extractionSuccess = false;
849
LOG(("Couldn't add NSS cert to cert list [this = %p]", this));
850
break;
851
}
852
nsString subjectName;
853
nssCert->GetSubjectName(subjectName);
854
LOG(("Adding cert %s [this = %p]",
855
NS_ConvertUTF16toUTF8(subjectName).get(), this));
856
}
857
if (extractionSuccess) {
858
mSignatureInfo.AppendObject(nssCertList);
859
}
860
}
861
}
862
// Free the provider data if cryptoProviderData is not null.
863
trustData.dwStateAction = WTD_STATEACTION_CLOSE;
864
WinVerifyTrust(nullptr, &policyGUID, &trustData);
865
} else {
866
LOG(("Downloaded unsigned or untrusted file [this = %p].", this));
867
}
868
#endif
869
return NS_OK;
870
}
871
872
////////////////////////////////////////////////////////////////////////////////
873
//// BackgroundFileSaverOutputStream
874
875
NS_IMPL_ISUPPORTS(BackgroundFileSaverOutputStream, nsIBackgroundFileSaver,
876
nsIOutputStream, nsIAsyncOutputStream,
877
nsIOutputStreamCallback)
878
879
BackgroundFileSaverOutputStream::BackgroundFileSaverOutputStream()
880
: BackgroundFileSaver(), mAsyncWaitCallback(nullptr) {}
881
882
bool BackgroundFileSaverOutputStream::HasInfiniteBuffer() { return false; }
883
884
nsAsyncCopyProgressFun BackgroundFileSaverOutputStream::GetProgressCallback() {
885
return nullptr;
886
}
887
888
NS_IMETHODIMP
889
BackgroundFileSaverOutputStream::Close() { return mPipeOutputStream->Close(); }
890
891
NS_IMETHODIMP
892
BackgroundFileSaverOutputStream::Flush() { return mPipeOutputStream->Flush(); }
893
894
NS_IMETHODIMP
895
BackgroundFileSaverOutputStream::Write(const char* aBuf, uint32_t aCount,
896
uint32_t* _retval) {
897
return mPipeOutputStream->Write(aBuf, aCount, _retval);
898
}
899
900
NS_IMETHODIMP
901
BackgroundFileSaverOutputStream::WriteFrom(nsIInputStream* aFromStream,
902
uint32_t aCount, uint32_t* _retval) {
903
return mPipeOutputStream->WriteFrom(aFromStream, aCount, _retval);
904
}
905
906
NS_IMETHODIMP
907
BackgroundFileSaverOutputStream::WriteSegments(nsReadSegmentFun aReader,
908
void* aClosure, uint32_t aCount,
909
uint32_t* _retval) {
910
return mPipeOutputStream->WriteSegments(aReader, aClosure, aCount, _retval);
911
}
912
913
NS_IMETHODIMP
914
BackgroundFileSaverOutputStream::IsNonBlocking(bool* _retval) {
915
return mPipeOutputStream->IsNonBlocking(_retval);
916
}
917
918
NS_IMETHODIMP
919
BackgroundFileSaverOutputStream::CloseWithStatus(nsresult reason) {
920
return mPipeOutputStream->CloseWithStatus(reason);
921
}
922
923
NS_IMETHODIMP
924
BackgroundFileSaverOutputStream::AsyncWait(nsIOutputStreamCallback* aCallback,
925
uint32_t aFlags,
926
uint32_t aRequestedCount,
927
nsIEventTarget* aEventTarget) {
928
NS_ENSURE_STATE(!mAsyncWaitCallback);
929
930
mAsyncWaitCallback = aCallback;
931
932
return mPipeOutputStream->AsyncWait(this, aFlags, aRequestedCount,
933
aEventTarget);
934
}
935
936
NS_IMETHODIMP
937
BackgroundFileSaverOutputStream::OnOutputStreamReady(
938
nsIAsyncOutputStream* aStream) {
939
NS_ENSURE_STATE(mAsyncWaitCallback);
940
941
nsCOMPtr<nsIOutputStreamCallback> asyncWaitCallback = nullptr;
942
asyncWaitCallback.swap(mAsyncWaitCallback);
943
944
return asyncWaitCallback->OnOutputStreamReady(this);
945
}
946
947
////////////////////////////////////////////////////////////////////////////////
948
//// BackgroundFileSaverStreamListener
949
950
NS_IMPL_ISUPPORTS(BackgroundFileSaverStreamListener, nsIBackgroundFileSaver,
951
nsIRequestObserver, nsIStreamListener)
952
953
BackgroundFileSaverStreamListener::BackgroundFileSaverStreamListener()
954
: BackgroundFileSaver(),
955
mSuspensionLock("BackgroundFileSaverStreamListener.mSuspensionLock"),
956
mReceivedTooMuchData(false),
957
mRequest(nullptr),
958
mRequestSuspended(false) {}
959
960
bool BackgroundFileSaverStreamListener::HasInfiniteBuffer() { return true; }
961
962
nsAsyncCopyProgressFun
963
BackgroundFileSaverStreamListener::GetProgressCallback() {
964
return AsyncCopyProgressCallback;
965
}
966
967
NS_IMETHODIMP
968
BackgroundFileSaverStreamListener::OnStartRequest(nsIRequest* aRequest) {
969
NS_ENSURE_ARG(aRequest);
970
971
return NS_OK;
972
}
973
974
NS_IMETHODIMP
975
BackgroundFileSaverStreamListener::OnStopRequest(nsIRequest* aRequest,
976
nsresult aStatusCode) {
977
// If an error occurred, cancel the operation immediately. On success, wait
978
// until the caller has determined whether the file should be renamed.
979
if (NS_FAILED(aStatusCode)) {
980
Finish(aStatusCode);
981
}
982
983
return NS_OK;
984
}
985
986
NS_IMETHODIMP
987
BackgroundFileSaverStreamListener::OnDataAvailable(nsIRequest* aRequest,
988
nsIInputStream* aInputStream,
989
uint64_t aOffset,
990
uint32_t aCount) {
991
nsresult rv;
992
993
NS_ENSURE_ARG(aRequest);
994
995
// Read the requested data. Since the pipe has an infinite buffer, we don't
996
// expect any write error to occur here.
997
uint32_t writeCount;
998
rv = mPipeOutputStream->WriteFrom(aInputStream, aCount, &writeCount);
999
NS_ENSURE_SUCCESS(rv, rv);
1000
1001
// If reading from the input stream fails for any reason, the pipe will return
1002
// a success code, but without reading all the data. Since we should be able
1003
// to read the requested data when OnDataAvailable is called, raise an error.
1004
if (writeCount < aCount) {
1005
NS_WARNING("Reading from the input stream should not have failed.");
1006
return NS_ERROR_UNEXPECTED;
1007
}
1008
1009
bool stateChanged = false;
1010
{
1011
MutexAutoLock lock(mSuspensionLock);
1012
1013
if (!mReceivedTooMuchData) {
1014
uint64_t available;
1015
nsresult rv = mPipeInputStream->Available(&available);
1016
if (NS_SUCCEEDED(rv) && available > REQUEST_SUSPEND_AT) {
1017
mReceivedTooMuchData = true;
1018
mRequest = aRequest;
1019
stateChanged = true;
1020
}
1021
}
1022
}
1023
1024
if (stateChanged) {
1025
NotifySuspendOrResume();
1026
}
1027
1028
return NS_OK;
1029
}
1030
1031
// Called on the worker thread.
1032
// static
1033
void BackgroundFileSaverStreamListener::AsyncCopyProgressCallback(
1034
void* aClosure, uint32_t aCount) {
1035
BackgroundFileSaverStreamListener* self =
1036
(BackgroundFileSaverStreamListener*)aClosure;
1037
1038
// Wait if the control thread is in the process of suspending or resuming.
1039
MutexAutoLock lock(self->mSuspensionLock);
1040
1041
// This function is called when some bytes are consumed by NS_AsyncCopy. Each
1042
// time this happens, verify if a suspended request should be resumed, because
1043
// we have now consumed enough data.
1044
if (self->mReceivedTooMuchData) {
1045
uint64_t available;
1046
nsresult rv = self->mPipeInputStream->Available(&available);
1047
if (NS_FAILED(rv) || available < REQUEST_RESUME_AT) {
1048
self->mReceivedTooMuchData = false;
1049
1050
// Post an event to verify if the request should be resumed.
1051
if (NS_FAILED(self->mControlEventTarget->Dispatch(
1052
NewRunnableMethod(
1053
"BackgroundFileSaverStreamListener::NotifySuspendOrResume",
1054
self,
1055
&BackgroundFileSaverStreamListener::NotifySuspendOrResume),
1056
NS_DISPATCH_NORMAL))) {
1057
NS_WARNING("Unable to post resume event to the control thread.");
1058
}
1059
}
1060
}
1061
}
1062
1063
// Called on the control thread.
1064
nsresult BackgroundFileSaverStreamListener::NotifySuspendOrResume() {
1065
// Prevent the worker thread from changing state while processing.
1066
MutexAutoLock lock(mSuspensionLock);
1067
1068
if (mReceivedTooMuchData) {
1069
if (!mRequestSuspended) {
1070
// Try to suspend the request. If this fails, don't try to resume later.
1071
if (NS_SUCCEEDED(mRequest->Suspend())) {
1072
mRequestSuspended = true;
1073
} else {
1074
NS_WARNING("Unable to suspend the request.");
1075
}
1076
}
1077
} else {
1078
if (mRequestSuspended) {
1079
// Resume the request only if we succeeded in suspending it.
1080
if (NS_SUCCEEDED(mRequest->Resume())) {
1081
mRequestSuspended = false;
1082
} else {
1083
NS_WARNING("Unable to resume the request.");
1084
}
1085
}
1086
}
1087
1088
return NS_OK;
1089
}
1090
1091
////////////////////////////////////////////////////////////////////////////////
1092
//// DigestOutputStream
1093
NS_IMPL_ISUPPORTS(DigestOutputStream, nsIOutputStream)
1094
1095
DigestOutputStream::DigestOutputStream(nsIOutputStream* aStream,
1096
PK11Context* aContext)
1097
: mOutputStream(aStream), mDigestContext(aContext) {
1098
MOZ_ASSERT(mDigestContext, "Can't have null digest context");
1099
MOZ_ASSERT(mOutputStream, "Can't have null output stream");
1100
}
1101
1102
NS_IMETHODIMP
1103
DigestOutputStream::Close() { return mOutputStream->Close(); }
1104
1105
NS_IMETHODIMP
1106
DigestOutputStream::Flush() { return mOutputStream->Flush(); }
1107
1108
NS_IMETHODIMP
1109
DigestOutputStream::Write(const char* aBuf, uint32_t aCount, uint32_t* retval) {
1110
nsresult rv = MapSECStatus(PK11_DigestOp(
1111
mDigestContext, BitwiseCast<const unsigned char*, const char*>(aBuf),
1112
aCount));
1113
NS_ENSURE_SUCCESS(rv, rv);
1114
1115
return mOutputStream->Write(aBuf, aCount, retval);
1116
}
1117
1118
NS_IMETHODIMP
1119
DigestOutputStream::WriteFrom(nsIInputStream* aFromStream, uint32_t aCount,
1120
uint32_t* retval) {
1121
// Not supported. We could read the stream to a buf, call DigestOp on the
1122
// result, seek back and pass the stream on, but it's not worth it since our
1123
// application (NS_AsyncCopy) doesn't invoke this on the sink.
1124
MOZ_CRASH("DigestOutputStream::WriteFrom not implemented");
1125
}
1126
1127
NS_IMETHODIMP
1128
DigestOutputStream::WriteSegments(nsReadSegmentFun aReader, void* aClosure,
1129
uint32_t aCount, uint32_t* retval) {
1130
MOZ_CRASH("DigestOutputStream::WriteSegments not implemented");
1131
}
1132
1133
NS_IMETHODIMP
1134
DigestOutputStream::IsNonBlocking(bool* retval) {
1135
return mOutputStream->IsNonBlocking(retval);
1136
}
1137
1138
#undef LOG_ENABLED
1139
1140
} // namespace net
1141
} // namespace mozilla