Bug 1120487 - Implement shim before moving security checks into AsyncOpen; adding wrapper (r=sicking,jduell)

netwerk/base/moz.build

@@ -91,6 +91,7 @@ XPIDL_SOURCES += [
     'nsIRequestObserverProxy.idl',
     'nsIResponseHeadProvider.idl',
     'nsIResumableChannel.idl',
+    'nsISecCheckWrapChannel.idl',
     'nsISecretDecoderRing.idl',
     'nsISecureBrowserUI.idl',
     'nsISecurityEventSink.idl',
@@ -213,6 +214,7 @@ UNIFIED_SOURCES += [
     'nsProtocolProxyService.cpp',
     'nsProxyInfo.cpp',
     'nsRequestObserverProxy.cpp',
+    'nsSecCheckWrapChannel.cpp',
     'nsSerializationHelper.cpp',
     'nsServerSocket.cpp',
     'nsSimpleNestedURI.cpp',

netwerk/base/nsISecCheckWrapChannel.idl

@@ -0,0 +1,24 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIChannel;
+
+/**
+ * nsISecCheckWrapChannel
+ * Describes an XPCOM component used to wrap channels for performing
+ * security checks. Channels wrapped inside this class can use
+ * this interface to query the wrapped inner channel.
+ */
+
+[scriptable, uuid(9446c5d5-c9fb-4a6e-acf9-ca4fc666efe0)]
+interface nsISecCheckWrapChannel : nsISupports
+{
+  /**
+   * Returns the wrapped channel inside this class.
+   */
+  readonly attribute nsIChannel innerChannel;
+
+};

netwerk/base/nsSecCheckWrapChannel.cpp

@@ -0,0 +1,108 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecCheckWrapChannel.h"
+#include "nsHttpChannel.h"
+#include "nsCOMPtr.h"
+
+#ifdef PR_LOGGING
+static PRLogModuleInfo*
+GetChannelWrapperLog()
+{
+  static PRLogModuleInfo* gChannelWrapperPRLog;
+  if (!gChannelWrapperPRLog) {
+    gChannelWrapperPRLog = PR_NewLogModule("ChannelWrapper");
+  }
+  return gChannelWrapperPRLog;
+}
+#endif
+
+#define CHANNELWRAPPERLOG(args) PR_LOG(GetChannelWrapperLog(), 4, args)
+
+NS_IMPL_ADDREF(nsSecCheckWrapChannelBase)
+NS_IMPL_RELEASE(nsSecCheckWrapChannelBase)
+
+NS_INTERFACE_MAP_BEGIN(nsSecCheckWrapChannelBase)
+  NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIHttpChannel, mHttpChannel)
+  NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIHttpChannelInternal, mHttpChannelInternal)
+  NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIHttpChannel)
+  NS_INTERFACE_MAP_ENTRY(nsIRequest)
+  NS_INTERFACE_MAP_ENTRY(nsIChannel)
+  NS_INTERFACE_MAP_ENTRY(nsISecCheckWrapChannel)
+NS_INTERFACE_MAP_END
+
+//---------------------------------------------------------
+// nsSecCheckWrapChannelBase implementation
+//---------------------------------------------------------
+
+nsSecCheckWrapChannelBase::nsSecCheckWrapChannelBase(nsIChannel* aChannel)
+ : mChannel(aChannel)
+ , mHttpChannel(do_QueryInterface(aChannel))
+ , mHttpChannelInternal(do_QueryInterface(aChannel))
+ , mRequest(do_QueryInterface(aChannel))
+{
+  MOZ_ASSERT(mChannel, "can not create a channel wrapper without a channel");
+}
+
+nsSecCheckWrapChannelBase::~nsSecCheckWrapChannelBase()
+{
+}
+
+//---------------------------------------------------------
+// nsISecCheckWrapChannel implementation
+//---------------------------------------------------------
+
+NS_IMETHODIMP
+nsSecCheckWrapChannelBase::GetInnerChannel(nsIChannel **aInnerChannel)
+{
+  NS_IF_ADDREF(*aInnerChannel = mChannel);
+  return NS_OK;
+}
+
+//---------------------------------------------------------
+// nsSecCheckWrapChannel implementation
+//---------------------------------------------------------
+
+nsSecCheckWrapChannel::nsSecCheckWrapChannel(nsIChannel* aChannel,
+                                             nsILoadInfo* aLoadInfo)
+ : nsSecCheckWrapChannelBase(aChannel)
+ , mLoadInfo(aLoadInfo)
+{
+#ifdef PR_LOGGING
+  {
+    nsCOMPtr<nsIURI> uri;
+    mChannel->GetURI(getter_AddRefs(uri));
+    nsAutoCString spec;
+    if (uri) {
+      uri->GetSpec(spec);
+    }
+    CHANNELWRAPPERLOG(("nsSecCheckWrapChannel::nsSecCheckWrapChannel [%p] (%s)",this, spec.get()));
+  }
+#endif
+}
+
+nsSecCheckWrapChannel::~nsSecCheckWrapChannel()
+{
+}
+
+//---------------------------------------------------------
+// nsIChannel implementation
+//---------------------------------------------------------
+
+NS_IMETHODIMP
+nsSecCheckWrapChannel::GetLoadInfo(nsILoadInfo** aLoadInfo)
+{
+  CHANNELWRAPPERLOG(("nsSecCheckWrapChannel::GetLoadInfo() [%p]",this));
+  NS_IF_ADDREF(*aLoadInfo = mLoadInfo);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecCheckWrapChannel::SetLoadInfo(nsILoadInfo* aLoadInfo)
+{
+  CHANNELWRAPPERLOG(("nsSecCheckWrapChannel::SetLoadInfo() [%p]", this));
+  mLoadInfo = aLoadInfo;
+  return NS_OK;
+}

netwerk/base/nsSecCheckWrapChannel.h

@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecCheckWrapChannel_h__
+#define nsSecCheckWrapChannel_h__
+
+#include "nsIHttpChannel.h"
+#include "nsIHttpChannelInternal.h"
+#include "nsISecCheckWrapChannel.h"
+#include "nsIWyciwygChannel.h"
+#include "mozilla/LoadInfo.h"
+
+/*
+ * The nsSecCheckWrapChannelBase wraps channels that do *not*
+ *  * provide a newChannel2() implementation
+ *  * provide get/setLoadInfo functions
+ *
+ * In order to perform security checks for channels
+ *   a) before opening the channel, and
+ *   b) after redirects
+ * we are attaching a loadinfo object to every channel which
+ * provides information about the content-type of the channel,
+ * who initiated the load, etc.
+ *
+ * Addon created channels might *not* provide that loadInfo object for
+ * some transition time before we mark the NewChannel-API as deprecated.
+ * We do not want to break those addons hence we wrap such channels
+ * using the provided wrapper in this class.
+ *
+ * Please note that the wrapper only forwards calls for
+ *  * nsIRequest
+ *  * nsIChannel
+ *  * nsIHttpChannel
+ *  * nsIHttpChannelInternal
+ *
+ * In case any addon needs to query the inner channel this class
+ * provides a readonly function to query the wrapped channel.
+ *
+ */
+
+class nsSecCheckWrapChannelBase : public nsIHttpChannel
+                                , public nsIHttpChannelInternal
+                                , public nsISecCheckWrapChannel
+{
+public:
+  NS_FORWARD_NSIHTTPCHANNEL(mHttpChannel->)
+  NS_FORWARD_NSIHTTPCHANNELINTERNAL(mHttpChannelInternal->)
+  NS_FORWARD_NSICHANNEL(mChannel->)
+  NS_FORWARD_NSIREQUEST(mRequest->)
+  NS_DECL_NSISECCHECKWRAPCHANNEL
+  NS_DECL_ISUPPORTS
+
+  explicit nsSecCheckWrapChannelBase(nsIChannel* aChannel);
+
+protected:
+  virtual ~nsSecCheckWrapChannelBase();
+
+  nsCOMPtr<nsIChannel>             mChannel;
+  // We do a QI in the constructor to set the following pointers.
+  nsCOMPtr<nsIHttpChannel>         mHttpChannel;
+  nsCOMPtr<nsIHttpChannelInternal> mHttpChannelInternal;
+  nsCOMPtr<nsIRequest>             mRequest;
+};
+
+/* We define a separate class here to make it clear that we're
+ * overriding Get/SetLoadInfo, rather that using the forwarded
+ * implementations provided by NS_FORWARD_NSICHANNEL"
+ */
+class nsSecCheckWrapChannel : public nsSecCheckWrapChannelBase
+{
+public:
+  NS_IMETHOD GetLoadInfo(nsILoadInfo **aLoadInfo);
+  NS_IMETHOD SetLoadInfo(nsILoadInfo *aLoadInfo);
+
+  nsSecCheckWrapChannel(nsIChannel* aChannel, nsILoadInfo* aLoadInfo);
+
+protected:
+  virtual ~nsSecCheckWrapChannel();
+
+  nsCOMPtr<nsILoadInfo> mLoadInfo;
+};
+
+#endif // nsSecCheckWrapChannel_h__