1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "mozilla/dom/cache/PrincipalVerifier.h"
10 #include "mozilla/dom/ContentParent.h"
11 #include "mozilla/dom/QMResult.h"
12 #include "mozilla/dom/cache/ManagerId.h"
13 #include "mozilla/dom/quota/ResultExtensions.h"
14 #include "mozilla/ipc/BackgroundParent.h"
15 #include "mozilla/ipc/PBackgroundParent.h"
16 #include "mozilla/ipc/BackgroundUtils.h"
17 #include "mozilla/BasePrincipal.h"
18 #include "CacheCommon.h"
20 #include "nsContentUtils.h"
21 #include "nsIPrincipal.h"
22 #include "nsNetUtil.h"
24 namespace mozilla::dom::cache
{
26 using mozilla::ipc::AssertIsOnBackgroundThread
;
27 using mozilla::ipc::BackgroundParent
;
28 using mozilla::ipc::PBackgroundParent
;
29 using mozilla::ipc::PrincipalInfo
;
30 using mozilla::ipc::PrincipalInfoToPrincipal
;
33 already_AddRefed
<PrincipalVerifier
> PrincipalVerifier::CreateAndDispatch(
34 Listener
& aListener
, PBackgroundParent
* aActor
,
35 const PrincipalInfo
& aPrincipalInfo
) {
36 // We must get the ContentParent actor from the PBackgroundParent. This
37 // only works on the PBackground thread.
38 AssertIsOnBackgroundThread();
40 RefPtr
<PrincipalVerifier
> verifier
=
41 new PrincipalVerifier(aListener
, aActor
, aPrincipalInfo
);
43 MOZ_ALWAYS_SUCCEEDS(NS_DispatchToMainThread(verifier
));
45 return verifier
.forget();
48 void PrincipalVerifier::AddListener(Listener
& aListener
) {
49 AssertIsOnBackgroundThread();
50 MOZ_ASSERT(!mListenerList
.Contains(&aListener
));
51 mListenerList
.AppendElement(WrapNotNullUnchecked(&aListener
));
54 void PrincipalVerifier::RemoveListener(Listener
& aListener
) {
55 AssertIsOnBackgroundThread();
56 MOZ_ALWAYS_TRUE(mListenerList
.RemoveElement(&aListener
));
59 PrincipalVerifier::PrincipalVerifier(Listener
& aListener
,
60 PBackgroundParent
* aActor
,
61 const PrincipalInfo
& aPrincipalInfo
)
62 : Runnable("dom::cache::PrincipalVerifier"),
63 mHandle(BackgroundParent::GetContentParentHandle(aActor
)),
64 mPrincipalInfo(aPrincipalInfo
),
65 mInitiatingEventTarget(GetCurrentSerialEventTarget()),
67 AssertIsOnBackgroundThread();
68 MOZ_DIAGNOSTIC_ASSERT(mInitiatingEventTarget
);
70 AddListener(aListener
);
73 PrincipalVerifier::~PrincipalVerifier() {
74 // Since the PrincipalVerifier is a Runnable that executes on multiple
75 // threads, its a race to see which thread de-refs us last. Therefore
76 // we cannot guarantee which thread we destruct on.
78 MOZ_DIAGNOSTIC_ASSERT(mListenerList
.IsEmpty());
82 PrincipalVerifier::Run() {
83 // Executed twice. First, on the main thread and then back on the
84 // originating thread.
86 if (NS_IsMainThread()) {
91 CompleteOnInitiatingThread();
95 void PrincipalVerifier::VerifyOnMainThread() {
96 MOZ_ASSERT(NS_IsMainThread());
99 const auto& principal
, PrincipalInfoToPrincipal(mPrincipalInfo
), QM_VOID
,
100 [this](const nsresult result
) { DispatchToInitiatingThread(result
); });
102 // We disallow null principal on the client side, but double-check here.
103 if (NS_WARN_IF(principal
->GetIsNullPrincipal())) {
104 DispatchToInitiatingThread(NS_ERROR_FAILURE
);
108 // Verify if a child process uses system principal, which is not allowed
109 // to prevent system principal is spoofed.
110 if (NS_WARN_IF(mHandle
&& principal
->IsSystemPrincipal())) {
111 DispatchToInitiatingThread(NS_ERROR_FAILURE
);
117 // Sanity check principal origin by using it to construct a URI and security
118 // checking it. Don't do this for the system principal, though, as its origin
119 // is a synthetic [System Principal] string.
120 if (!principal
->IsSystemPrincipal()) {
121 nsAutoCString origin
;
122 rv
= principal
->GetOriginNoSuffix(origin
);
123 if (NS_WARN_IF(NS_FAILED(rv
))) {
124 DispatchToInitiatingThread(rv
);
127 nsCOMPtr
<nsIURI
> uri
;
128 rv
= NS_NewURI(getter_AddRefs(uri
), origin
);
129 if (NS_WARN_IF(NS_FAILED(rv
))) {
130 DispatchToInitiatingThread(rv
);
133 rv
= principal
->CheckMayLoad(uri
, false);
134 if (NS_WARN_IF(NS_FAILED(rv
))) {
135 DispatchToInitiatingThread(rv
);
141 auto managerIdOrErr
= ManagerId::Create(principal
);
142 if (NS_WARN_IF(managerIdOrErr
.isErr())) {
143 DispatchToInitiatingThread(managerIdOrErr
.unwrapErr());
146 mManagerId
= managerIdOrErr
.unwrap();
148 DispatchToInitiatingThread(NS_OK
);
151 void PrincipalVerifier::CompleteOnInitiatingThread() {
152 AssertIsOnBackgroundThread();
154 for (const auto& listener
: mListenerList
.ForwardRange()) {
155 listener
->OnPrincipalVerified(mResult
, mManagerId
);
158 // The listener must clear its reference in OnPrincipalVerified()
159 MOZ_DIAGNOSTIC_ASSERT(mListenerList
.IsEmpty());
162 void PrincipalVerifier::DispatchToInitiatingThread(nsresult aRv
) {
163 MOZ_ASSERT(NS_IsMainThread());
167 // The Cache ShutdownObserver does not track all principal verifiers, so we
168 // cannot ensure this always succeeds. Instead, simply warn on failures.
169 // This will result in a new CacheStorage object delaying operations until
170 // shutdown completes and the browser goes away. This is as graceful as
172 QM_WARNONLY_TRY(QM_TO_RESULT(
173 mInitiatingEventTarget
->Dispatch(this, nsIThread::DISPATCH_NORMAL
)));
176 } // namespace mozilla::dom::cache