Bug 1178526 - Create docshell with packageId from TabContext. r=sicking.

2015-10-29 00:52:40 +08:00 · 2015-10-29 00:52:40 +08:00 · daec939f23
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -13714,6 +13714,13 @@ nsDocShell::SetIsBrowserInsideApp(uint32_t aContainingAppId)
  return NS_OK;
 }

+NS_IMETHODIMP
+nsDocShell::SetIsSignedPackage(const nsAString& aSignedPkg)
+{
+  mSignedPkg = aSignedPkg;
+  return NS_OK;
+}
+
 /* [infallible] */ NS_IMETHODIMP
 nsDocShell::GetIsBrowserElement(bool* aIsBrowser)
 {
@ -13821,6 +13828,9 @@ nsDocShell::GetOriginAttributes()
    attrs.mInBrowser = true;
  }

+  // Bug 1209162 will address the inheritance of each attributes.
+  attrs.mSignedPkg = mSignedPkg;
+
  return attrs;
 }

--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@ -1005,6 +1005,10 @@ protected:

  nsString GetInheritedPaymentRequestId();

+  // The packageId for a signed packaged iff this docShell is created
+  // for a signed package.
+  nsString mSignedPkg;
+
 private:
  nsCString mForcedCharset;
  nsCString mParentCharset;
--- a/docshell/base/nsIDocShell.idl
+++ b/docshell/base/nsIDocShell.idl
@ -43,7 +43,7 @@ interface nsITabParent;

 typedef unsigned long nsLoadFlags;

-[scriptable, builtinclass, uuid(41b1cf17-b37b-4a62-9df8-5f67cfecab3f)]
+[scriptable, builtinclass, uuid(63adb599-6dc9-4746-972e-c22e9018020b)]
 interface nsIDocShell : nsIDocShellTreeItem
 {
  /**
@ -824,6 +824,12 @@ interface nsIDocShell : nsIDocShellTreeItem
    */
   void setIsBrowserInsideApp(in unsigned long containingAppId);

+   /**
+    * Indicate that this docshell corresponds to a signed package with
+    * the given packageId.
+    */
+   void setIsSignedPackage(in AString packageId);
+
  /**
   * Returns the id of the app associated with this docshell.  If this docshell
   * is an <iframe mozbrowser> inside an <iframe mozapp>, we return the app's
--- a/dom/ipc/TabChild.cpp
+++ b/dom/ipc/TabChild.cpp
@ -830,6 +830,7 @@ TabChild::NotifyTabContextUpdated()
        } else {
          docShell->SetIsApp(OwnAppId());
        }
+        docShell->SetIsSignedPackage(OriginAttributesRef().mSignedPkg);
    }
 }

--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@ -144,7 +144,12 @@ NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
        continue;
      }
    }
+    if (!aSerialized.mOriginAttributes.mSignedPkg.IsEmpty() &&
+        aSerialized.mOriginAttributes.mSignedPkg != tabContext.OriginAttributesRef().mSignedPkg) {
+      continue;
+    }
    aAttrs = OriginAttributes(appId, inBrowserElement);
+    aAttrs.mSignedPkg = tabContext.OriginAttributesRef().mSignedPkg;
    return nullptr;
  }

@ -295,7 +300,7 @@ NeckoParent::AllocPCookieServiceParent()
  return new CookieServiceParent();
 }

-bool 
+bool
 NeckoParent::DeallocPCookieServiceParent(PCookieServiceParent* cs)
 {
  delete cs;
@ -454,7 +459,7 @@ NeckoParent::AllocPTCPSocketParent(const nsString& /* host */,
 {
  // We actually don't need host/port to construct a TCPSocketParent since
  // TCPSocketParent will maintain an internal nsIDOMTCPSocket instance which
-  // can be delegated to get the host/port. 
+  // can be delegated to get the host/port.
  TCPSocketParent* p = new TCPSocketParent();
  p->AddIPDLReference();
  return p;
--- a/netwerk/test/mochitests/mochitest.ini
+++ b/netwerk/test/mochitests/mochitest.ini
@ -25,6 +25,8 @@ skip-if = e10s
 skip-if = e10s
 [test_signed_web_packaged_app.html]
 skip-if = e10s || buildapp != 'browser'
+[test_signed_web_packaged_app_origin.html]
+skip-if = e10s || buildapp != 'browser'
 [test_web_packaged_app.html]
 [test_loadinfo_redirectchain.html]
 skip-if = buildapp == 'b2g' #no ssl support
--- a/netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
+++ b/netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
@ -0,0 +1,94 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title> Web packaged app </title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script class="testbody" type="application/javascript;version=1.7">
+
+// The test is mainly to verify whether the packageId is populated
+// to the child side when loading a signed packaged content.
+// Since we have to have chrome priviledge to test if the node principal
+// has the expected origin attributes, we have to load and run a script
+// in content to get the nodePrincipal and send back to the opener
+// to check the origin.
+
+var Cc = SpecialPowers.Cc;
+var Ci = SpecialPowers.Ci;
+var Cu = SpecialPowers.Cu;
+var Cr = SpecialPowers.Cr;
+
+SpecialPowers.pushPrefEnv(
+  { "set": [["network.http.enable-packaged-apps", true],
+            ["network.http.signed-packages.enabled", true],
+            ["dom.mozBrowserFramesEnabled", true]] },
+  () => SpecialPowers.pushPermissions([
+    { "type": "browser", "allow": 1, "context": document }
+  ], function() {
+    runTest();
+  }));
+
+SimpleTest.waitForExplicitFinish();
+
+function runTest() {
+  var iframe = document.createElement("iframe");
+
+  // 1. We open a remote browser and navigate to a regular content first.
+  iframe.setAttribute('mozbrowser', 'true');
+  iframe.setAttribute('remote', 'true');
+  iframe.setAttribute("src", "http://example.org:80");
+
+  iframe.addEventListener("mozbrowserloadend", function loadend(e) {
+    iframe.removeEventListener("mozbrowserloadend", loadend);
+    ok(true, "Got mozbrowserloadend");
+
+    // 2. Then we navigate to a signed packaged content.
+    iframe.setAttribute("src", "http://mochi.test:8888/tests/netwerk/test/mochitests/signed_web_packaged_app.sjs!//index.html");
+
+    iframe.addEventListener("mozbrowserloadend", function loadend(e) {
+      iframe.removeEventListener("mozbrowserloadend", loadend);
+
+        // 3. Inject a script with chrome priviledge to content to get the nodePrincipal.
+        //    We communicate via message manager with event 'my-e10s-extension-message'.
+        var mm = SpecialPowers.wrap(iframe)
+                              .QueryInterface(Ci.nsIFrameLoaderOwner)
+                              .frameLoader
+                              .messageManager;
+
+        var fsl = mm.QueryInterface(Ci.nsIFrameScriptLoader);
+
+        mm.addMessageListener("get-node-principal-origin", function(message) {
+          let contentOrigin = message.objects.origin;
+          // The expected signedPkg is defined in 'signed_web_packaged_app.sjs'.
+          let kExpectedOrigin =
+            'http://mochi.test:8888^inBrowser=1&signedPkg=09bc9714-7ab6-4320-9d20-fde4c237522c';
+          is(contentOrigin, kExpectedOrigin, 'content origin check: ' + contentOrigin);
+          SimpleTest.finish();
+        });
+
+        // The script we are going to inject to the content.
+        let frameScript =
+`
+function getNodePrincipalOrigin() {
+  sendAsyncMessage("get-node-principal-origin", {}, { origin: content.document.nodePrincipal.origin });
+}
+`;
+        fsl.loadFrameScript("data:,(" + frameScript + ")()", true);
+    });
+  });
+
+  document.body.appendChild(iframe);
+}
+
+</script>
+</pre>
+</body>
+</html>