Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 1485 insertions, 0 deletions

diff --git a/dom/push/PushService.sys.mjs b/dom/push/PushService.sys.mjs
new file mode 100644
index 0000000000..6be3da7f28
--- /dev/null
+++ b/dom/push/PushService.sys.mjs
@@ -0,0 +1,1485 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs";
+
+import { clearTimeout, setTimeout } from "resource://gre/modules/Timer.sys.mjs";
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
+
+export var PushServiceWebSocket;
+export var PushServiceHttp2;
+
+const lazy = {};
+
+XPCOMUtils.defineLazyServiceGetter(
+  lazy,
+  "gPushNotifier",
+  "@mozilla.org/push/Notifier;1",
+  "nsIPushNotifier"
+);
+ChromeUtils.defineESModuleGetters(lazy, {
+  PushCrypto: "resource://gre/modules/PushCrypto.sys.mjs",
+  pushBroadcastService: "resource://gre/modules/PushBroadcastService.sys.mjs",
+});
+
+const CONNECTION_PROTOCOLS = (function () {
+  if ("android" != AppConstants.MOZ_WIDGET_TOOLKIT) {
+    ({ PushServiceWebSocket } = ChromeUtils.importESModule(
+      "resource://gre/modules/PushServiceWebSocket.sys.mjs"
+    ));
+    ({ PushServiceHttp2 } = ChromeUtils.importESModule(
+      "resource://gre/modules/PushServiceHttp2.sys.mjs"
+    ));
+    return [PushServiceWebSocket, PushServiceHttp2];
+  }
+  return [];
+})();
+
+XPCOMUtils.defineLazyGetter(lazy, "console", () => {
+  let { ConsoleAPI } = ChromeUtils.importESModule(
+    "resource://gre/modules/Console.sys.mjs"
+  );
+  return new ConsoleAPI({
+    maxLogLevelPref: "dom.push.loglevel",
+    prefix: "PushService",
+  });
+});
+
+const prefs = Services.prefs.getBranch("dom.push.");
+
+const PUSH_SERVICE_UNINIT = 0;
+const PUSH_SERVICE_INIT = 1; // No serverURI
+const PUSH_SERVICE_ACTIVATING = 2; // activating db
+const PUSH_SERVICE_CONNECTION_DISABLE = 3;
+const PUSH_SERVICE_ACTIVE_OFFLINE = 4;
+const PUSH_SERVICE_RUNNING = 5;
+
+/**
+ * State is change only in couple of functions:
+ *   init - change state to PUSH_SERVICE_INIT if state was PUSH_SERVICE_UNINIT
+ *   changeServerURL - change state to PUSH_SERVICE_ACTIVATING if serverURL
+ *                     present or PUSH_SERVICE_INIT if not present.
+ *   changeStateConnectionEnabledEvent - it is call on pref change or during
+ *                                       the service activation and it can
+ *                                       change state to
+ *                                       PUSH_SERVICE_CONNECTION_DISABLE
+ *   changeStateOfflineEvent - it is called when offline state changes or during
+ *                             the service activation and it change state to
+ *                             PUSH_SERVICE_ACTIVE_OFFLINE or
+ *                             PUSH_SERVICE_RUNNING.
+ *   uninit - change state to PUSH_SERVICE_UNINIT.
+ **/
+
+// This is for starting and stopping service.
+const STARTING_SERVICE_EVENT = 0;
+const CHANGING_SERVICE_EVENT = 1;
+const STOPPING_SERVICE_EVENT = 2;
+const UNINIT_EVENT = 3;
+
+// Returns the backend for the given server URI.
+function getServiceForServerURI(uri) {
+  // Insecure server URLs are allowed for development and testing.
+  let allowInsecure = prefs.getBoolPref(
+    "testing.allowInsecureServerURL",
+    false
+  );
+  if (AppConstants.MOZ_WIDGET_TOOLKIT == "android") {
+    if (uri.scheme == "https" || (allowInsecure && uri.scheme == "http")) {
+      return CONNECTION_PROTOCOLS;
+    }
+    return null;
+  }
+  if (uri.scheme == "wss" || (allowInsecure && uri.scheme == "ws")) {
+    return PushServiceWebSocket;
+  }
+  if (uri.scheme == "https" || (allowInsecure && uri.scheme == "http")) {
+    return PushServiceHttp2;
+  }
+  return null;
+}
+
+/**
+ * Annotates an error with an XPCOM result code. We use this helper
+ * instead of `Components.Exception` because the latter can assert in
+ * `nsXPCComponents_Exception::HasInstance` when inspected at shutdown.
+ */
+function errorWithResult(message, result = Cr.NS_ERROR_FAILURE) {
+  let error = new Error(message);
+  error.result = result;
+  return error;
+}
+
+/**
+ * The implementation of the push system. It uses WebSockets
+ * (PushServiceWebSocket) to communicate with the server and PushDB (IndexedDB)
+ * for persistence.
+ */
+export var PushService = {
+  _service: null,
+  _state: PUSH_SERVICE_UNINIT,
+  _db: null,
+  _options: null,
+  _visibleNotifications: new Map(),
+
+  // Callback that is called after attempting to
+  // reduce the quota for a record. Used for testing purposes.
+  _updateQuotaTestCallback: null,
+
+  // Set of timeout ID of tasks to reduce quota.
+  _updateQuotaTimeouts: new Set(),
+
+  // When serverURI changes (this is used for testing), db is cleaned up and a
+  // a new db is started. This events must be sequential.
+  _stateChangeProcessQueue: null,
+  _stateChangeProcessEnqueue(op) {
+    if (!this._stateChangeProcessQueue) {
+      this._stateChangeProcessQueue = Promise.resolve();
+    }
+
+    this._stateChangeProcessQueue = this._stateChangeProcessQueue
+      .then(op)
+      .catch(error => {
+        lazy.console.error(
+          "stateChangeProcessEnqueue: Error transitioning state",
+          error
+        );
+        return this._shutdownService();
+      })
+      .catch(error => {
+        lazy.console.error(
+          "stateChangeProcessEnqueue: Error shutting down service",
+          error
+        );
+      });
+    return this._stateChangeProcessQueue;
+  },
+
+  // Pending request. If a worker try to register for the same scope again, do
+  // not send a new registration request. Therefore we need queue of pending
+  // register requests. This is the list of scopes which pending registration.
+  _pendingRegisterRequest: {},
+  _notifyActivated: null,
+  _activated: null,
+  _checkActivated() {
+    if (this._state < PUSH_SERVICE_ACTIVATING) {
+      return Promise.reject(new Error("Push service not active"));
+    }
+    if (this._state > PUSH_SERVICE_ACTIVATING) {
+      return Promise.resolve();
+    }
+    if (!this._activated) {
+      this._activated = new Promise((resolve, reject) => {
+        this._notifyActivated = { resolve, reject };
+      });
+    }
+    return this._activated;
+  },
+
+  _makePendingKey(aPageRecord) {
+    return aPageRecord.scope + "|" + aPageRecord.originAttributes;
+  },
+
+  _lookupOrPutPendingRequest(aPageRecord) {
+    let key = this._makePendingKey(aPageRecord);
+    if (this._pendingRegisterRequest[key]) {
+      return this._pendingRegisterRequest[key];
+    }
+
+    return (this._pendingRegisterRequest[key] =
+      this._registerWithServer(aPageRecord));
+  },
+
+  _deletePendingRequest(aPageRecord) {
+    let key = this._makePendingKey(aPageRecord);
+    if (this._pendingRegisterRequest[key]) {
+      delete this._pendingRegisterRequest[key];
+    }
+  },
+
+  _setState(aNewState) {
+    lazy.console.debug(
+      "setState()",
+      "new state",
+      aNewState,
+      "old state",
+      this._state
+    );
+
+    if (this._state == aNewState) {
+      return;
+    }
+
+    if (this._state == PUSH_SERVICE_ACTIVATING) {
+      // It is not important what is the new state as soon as we leave
+      // PUSH_SERVICE_ACTIVATING
+      if (this._notifyActivated) {
+        if (aNewState < PUSH_SERVICE_ACTIVATING) {
+          this._notifyActivated.reject(new Error("Push service not active"));
+        } else {
+          this._notifyActivated.resolve();
+        }
+      }
+      this._notifyActivated = null;
+      this._activated = null;
+    }
+    this._state = aNewState;
+  },
+
+  async _changeStateOfflineEvent(offline, calledFromConnEnabledEvent) {
+    lazy.console.debug("changeStateOfflineEvent()", offline);
+
+    if (
+      this._state < PUSH_SERVICE_ACTIVE_OFFLINE &&
+      this._state != PUSH_SERVICE_ACTIVATING &&
+      !calledFromConnEnabledEvent
+    ) {
+      return;
+    }
+
+    if (offline) {
+      if (this._state == PUSH_SERVICE_RUNNING) {
+        this._service.disconnect();
+      }
+      this._setState(PUSH_SERVICE_ACTIVE_OFFLINE);
+      return;
+    }
+
+    if (this._state == PUSH_SERVICE_RUNNING) {
+      // PushService was not in the offline state, but got notification to
+      // go online (a offline notification has not been sent).
+      // Disconnect first.
+      this._service.disconnect();
+    }
+
+    let broadcastListeners = await lazy.pushBroadcastService.getListeners();
+
+    // In principle, a listener could be added to the
+    // pushBroadcastService here, after we have gotten listeners and
+    // before we're RUNNING, but this can't happen in practice because
+    // the only caller that can add listeners is PushBroadcastService,
+    // and it waits on the same promise we are before it can add
+    // listeners. If PushBroadcastService gets woken first, it will
+    // update the value that is eventually returned from
+    // getListeners.
+    this._setState(PUSH_SERVICE_RUNNING);
+
+    this._service.connect(broadcastListeners);
+  },
+
+  _changeStateConnectionEnabledEvent(enabled) {
+    lazy.console.debug("changeStateConnectionEnabledEvent()", enabled);
+
+    if (
+      this._state < PUSH_SERVICE_CONNECTION_DISABLE &&
+      this._state != PUSH_SERVICE_ACTIVATING
+    ) {
+      return Promise.resolve();
+    }
+
+    if (enabled) {
+      return this._changeStateOfflineEvent(Services.io.offline, true);
+    }
+
+    if (this._state == PUSH_SERVICE_RUNNING) {
+      this._service.disconnect();
+    }
+    this._setState(PUSH_SERVICE_CONNECTION_DISABLE);
+    return Promise.resolve();
+  },
+
+  // Used for testing.
+  changeTestServer(url, options = {}) {
+    lazy.console.debug("changeTestServer()");
+
+    return this._stateChangeProcessEnqueue(_ => {
+      if (this._state < PUSH_SERVICE_ACTIVATING) {
+        lazy.console.debug("changeTestServer: PushService not activated?");
+        return Promise.resolve();
+      }
+
+      return this._changeServerURL(url, CHANGING_SERVICE_EVENT, options);
+    });
+  },
+
+  observe: function observe(aSubject, aTopic, aData) {
+    switch (aTopic) {
+      /*
+       * We need to call uninit() on shutdown to clean up things that modules
+       * aren't very good at automatically cleaning up, so we don't get shutdown
+       * leaks on browser shutdown.
+       */
+      case "quit-application":
+        this.uninit();
+        break;
+      case "network:offline-status-changed":
+        this._stateChangeProcessEnqueue(_ =>
+          this._changeStateOfflineEvent(aData === "offline", false)
+        );
+        break;
+
+      case "nsPref:changed":
+        if (aData == "serverURL") {
+          lazy.console.debug(
+            "observe: dom.push.serverURL changed for websocket",
+            prefs.getStringPref("serverURL")
+          );
+          this._stateChangeProcessEnqueue(_ =>
+            this._changeServerURL(
+              prefs.getStringPref("serverURL"),
+              CHANGING_SERVICE_EVENT
+            )
+          );
+        } else if (aData == "connection.enabled") {
+          this._stateChangeProcessEnqueue(_ =>
+            this._changeStateConnectionEnabledEvent(
+              prefs.getBoolPref("connection.enabled")
+            )
+          );
+        }
+        break;
+
+      case "idle-daily":
+        this._dropExpiredRegistrations().catch(error => {
+          lazy.console.error(
+            "Failed to drop expired registrations on idle",
+            error
+          );
+        });
+        break;
+
+      case "perm-changed":
+        this._onPermissionChange(aSubject, aData).catch(error => {
+          lazy.console.error(
+            "onPermissionChange: Error updating registrations:",
+            error
+          );
+        });
+        break;
+
+      case "clear-origin-attributes-data":
+        this._clearOriginData(aData).catch(error => {
+          lazy.console.error(
+            "clearOriginData: Error clearing origin data:",
+            error
+          );
+        });
+        break;
+    }
+  },
+
+  _clearOriginData(data) {
+    lazy.console.log("clearOriginData()");
+
+    if (!data) {
+      return Promise.resolve();
+    }
+
+    let pattern = JSON.parse(data);
+    return this._dropRegistrationsIf(record =>
+      record.matchesOriginAttributes(pattern)
+    );
+  },
+
+  /**
+   * Sends an unregister request to the server in the background. If the
+   * service is not connected, this function is a no-op.
+   *
+   * @param {PushRecord} record The record to unregister.
+   * @param {Number} reason An `nsIPushErrorReporter` unsubscribe reason,
+   *  indicating why this record was removed.
+   */
+  _backgroundUnregister(record, reason) {
+    lazy.console.debug("backgroundUnregister()");
+
+    if (!this._service.isConnected() || !record) {
+      return;
+    }
+
+    lazy.console.debug("backgroundUnregister: Notifying server", record);
+    this._sendUnregister(record, reason)
+      .then(() => {
+        lazy.gPushNotifier.notifySubscriptionModified(
+          record.scope,
+          record.principal
+        );
+      })
+      .catch(e => {
+        lazy.console.error("backgroundUnregister: Error notifying server", e);
+      });
+  },
+
+  _findService(serverURL) {
+    lazy.console.debug("findService()");
+
+    if (!serverURL) {
+      lazy.console.warn("findService: No dom.push.serverURL found");
+      return [];
+    }
+
+    let uri;
+    try {
+      uri = Services.io.newURI(serverURL);
+    } catch (e) {
+      lazy.console.warn(
+        "findService: Error creating valid URI from",
+        "dom.push.serverURL",
+        serverURL
+      );
+      return [];
+    }
+
+    let service = getServiceForServerURI(uri);
+    return [service, uri];
+  },
+
+  _changeServerURL(serverURI, event, options = {}) {
+    lazy.console.debug("changeServerURL()");
+
+    switch (event) {
+      case UNINIT_EVENT:
+        return this._stopService(event);
+
+      case STARTING_SERVICE_EVENT: {
+        let [service, uri] = this._findService(serverURI);
+        if (!service) {
+          this._setState(PUSH_SERVICE_INIT);
+          return Promise.resolve();
+        }
+        return this._startService(service, uri, options).then(_ =>
+          this._changeStateConnectionEnabledEvent(
+            prefs.getBoolPref("connection.enabled")
+          )
+        );
+      }
+      case CHANGING_SERVICE_EVENT:
+        let [service, uri] = this._findService(serverURI);
+        if (service) {
+          if (this._state == PUSH_SERVICE_INIT) {
+            this._setState(PUSH_SERVICE_ACTIVATING);
+            // The service has not been running - start it.
+            return this._startService(service, uri, options).then(_ =>
+              this._changeStateConnectionEnabledEvent(
+                prefs.getBoolPref("connection.enabled")
+              )
+            );
+          }
+          this._setState(PUSH_SERVICE_ACTIVATING);
+          // If we already had running service - stop service, start the new
+          // one and check connection.enabled and offline state(offline state
+          // check is called in changeStateConnectionEnabledEvent function)
+          return this._stopService(CHANGING_SERVICE_EVENT)
+            .then(_ => this._startService(service, uri, options))
+            .then(_ =>
+              this._changeStateConnectionEnabledEvent(
+                prefs.getBoolPref("connection.enabled")
+              )
+            );
+        }
+        if (this._state == PUSH_SERVICE_INIT) {
+          return Promise.resolve();
+        }
+        // The new serverUri is empty or misconfigured - stop service.
+        this._setState(PUSH_SERVICE_INIT);
+        return this._stopService(STOPPING_SERVICE_EVENT);
+
+      default:
+        lazy.console.error("Unexpected event in _changeServerURL", event);
+        return Promise.reject(new Error(`Unexpected event ${event}`));
+    }
+  },
+
+  /**
+   * PushService initialization is divided into 4 parts:
+   * init() - start listening for quit-application and serverURL changes.
+   *          state is change to PUSH_SERVICE_INIT
+   * startService() - if serverURL is present this function is called. It starts
+   *                  listening for broadcasted messages, starts db and
+   *                  PushService connection (WebSocket).
+   *                  state is change to PUSH_SERVICE_ACTIVATING.
+   * startObservers() - start other observers.
+   * changeStateConnectionEnabledEvent  - checks prefs and offline state.
+   *                                      It changes state to:
+   *                                        PUSH_SERVICE_RUNNING,
+   *                                        PUSH_SERVICE_ACTIVE_OFFLINE or
+   *                                        PUSH_SERVICE_CONNECTION_DISABLE.
+   */
+  async init(options = {}) {
+    lazy.console.debug("init()");
+
+    if (this._state > PUSH_SERVICE_UNINIT) {
+      return;
+    }
+
+    this._setState(PUSH_SERVICE_ACTIVATING);
+
+    prefs.addObserver("serverURL", this);
+    Services.obs.addObserver(this, "quit-application");
+
+    if (options.serverURI) {
+      // this is use for xpcshell test.
+
+      await this._stateChangeProcessEnqueue(_ =>
+        this._changeServerURL(
+          options.serverURI,
+          STARTING_SERVICE_EVENT,
+          options
+        )
+      );
+    } else {
+      // This is only used for testing. Different tests require connecting to
+      // slightly different URLs.
+      await this._stateChangeProcessEnqueue(_ =>
+        this._changeServerURL(
+          prefs.getStringPref("serverURL"),
+          STARTING_SERVICE_EVENT
+        )
+      );
+    }
+  },
+
+  _startObservers() {
+    lazy.console.debug("startObservers()");
+
+    if (this._state != PUSH_SERVICE_ACTIVATING) {
+      return;
+    }
+
+    Services.obs.addObserver(this, "clear-origin-attributes-data");
+
+    // The offline-status-changed event is used to know
+    // when to (dis)connect. It may not fire if the underlying OS changes
+    // networks; in such a case we rely on timeout.
+    Services.obs.addObserver(this, "network:offline-status-changed");
+
+    // Used to monitor if the user wishes to disable Push.
+    prefs.addObserver("connection.enabled", this);
+
+    // Prunes expired registrations and notifies dormant service workers.
+    Services.obs.addObserver(this, "idle-daily");
+
+    // Prunes registrations for sites for which the user revokes push
+    // permissions.
+    Services.obs.addObserver(this, "perm-changed");
+  },
+
+  _startService(service, serverURI, options) {
+    lazy.console.debug("startService()");
+
+    if (this._state != PUSH_SERVICE_ACTIVATING) {
+      return Promise.reject();
+    }
+
+    this._service = service;
+
+    this._db = options.db;
+    if (!this._db) {
+      this._db = this._service.newPushDB();
+    }
+
+    return this._service.init(options, this, serverURI).then(() => {
+      this._startObservers();
+      return this._dropExpiredRegistrations();
+    });
+  },
+
+  /**
+   * PushService uninitialization is divided into 3 parts:
+   * stopObservers() - stot observers started in startObservers.
+   * stopService() - It stops listening for broadcasted messages, stops db and
+   *                 PushService connection (WebSocket).
+   *                 state is changed to PUSH_SERVICE_INIT.
+   * uninit() - stop listening for quit-application and serverURL changes.
+   *            state is change to PUSH_SERVICE_UNINIT
+   */
+  _stopService(event) {
+    lazy.console.debug("stopService()");
+
+    if (this._state < PUSH_SERVICE_ACTIVATING) {
+      return Promise.resolve();
+    }
+
+    this._stopObservers();
+
+    this._service.disconnect();
+    this._service.uninit();
+    this._service = null;
+
+    this._updateQuotaTimeouts.forEach(timeoutID => clearTimeout(timeoutID));
+    this._updateQuotaTimeouts.clear();
+
+    if (!this._db) {
+      return Promise.resolve();
+    }
+    if (event == UNINIT_EVENT) {
+      // If it is uninitialized just close db.
+      this._db.close();
+      this._db = null;
+      return Promise.resolve();
+    }
+
+    return this.dropUnexpiredRegistrations().then(
+      _ => {
+        this._db.close();
+        this._db = null;
+      },
+      err => {
+        this._db.close();
+        this._db = null;
+      }
+    );
+  },
+
+  _stopObservers() {
+    lazy.console.debug("stopObservers()");
+
+    if (this._state < PUSH_SERVICE_ACTIVATING) {
+      return;
+    }
+
+    prefs.removeObserver("connection.enabled", this);
+
+    Services.obs.removeObserver(this, "network:offline-status-changed");
+    Services.obs.removeObserver(this, "clear-origin-attributes-data");
+    Services.obs.removeObserver(this, "idle-daily");
+    Services.obs.removeObserver(this, "perm-changed");
+  },
+
+  _shutdownService() {
+    let promiseChangeURL = this._changeServerURL("", UNINIT_EVENT);
+    this._setState(PUSH_SERVICE_UNINIT);
+    lazy.console.debug("shutdownService: shutdown complete!");
+    return promiseChangeURL;
+  },
+
+  async uninit() {
+    lazy.console.debug("uninit()");
+
+    if (this._state == PUSH_SERVICE_UNINIT) {
+      return;
+    }
+
+    prefs.removeObserver("serverURL", this);
+    Services.obs.removeObserver(this, "quit-application");
+
+    await this._stateChangeProcessEnqueue(_ => this._shutdownService());
+  },
+
+  /**
+   * Drops all active registrations and notifies the associated service
+   * workers. This function is called when the user switches Push servers,
+   * or when the server invalidates all existing registrations.
+   *
+   * We ignore expired registrations because they're already handled in other
+   * code paths. Registrations that expired after exceeding their quotas are
+   * evicted at startup, or on the next `idle-daily` event. Registrations that
+   * expired because the user revoked the notification permission are evicted
+   * once the permission is reinstated.
+   */
+  dropUnexpiredRegistrations() {
+    return this._db.clearIf(record => {
+      if (record.isExpired()) {
+        return false;
+      }
+      this._notifySubscriptionChangeObservers(record);
+      return true;
+    });
+  },
+
+  _notifySubscriptionChangeObservers(record) {
+    if (!record) {
+      return;
+    }
+    lazy.gPushNotifier.notifySubscriptionChange(record.scope, record.principal);
+  },
+
+  /**
+   * Drops a registration and notifies the associated service worker. If the
+   * registration does not exist, this function is a no-op.
+   *
+   * @param {String} keyID The registration ID to remove.
+   * @returns {Promise} Resolves once the worker has been notified.
+   */
+  dropRegistrationAndNotifyApp(aKeyID) {
+    return this._db
+      .delete(aKeyID)
+      .then(record => this._notifySubscriptionChangeObservers(record));
+  },
+
+  /**
+   * Replaces an existing registration and notifies the associated service
+   * worker.
+   *
+   * @param {String} aOldKey The registration ID to replace.
+   * @param {PushRecord} aNewRecord The new record.
+   * @returns {Promise} Resolves once the worker has been notified.
+   */
+  updateRegistrationAndNotifyApp(aOldKey, aNewRecord) {
+    return this.updateRecordAndNotifyApp(aOldKey, _ => aNewRecord);
+  },
+  /**
+   * Updates a registration and notifies the associated service worker.
+   *
+   * @param {String} keyID The registration ID to update.
+   * @param {Function} updateFunc Returns the updated record.
+   * @returns {Promise} Resolves with the updated record once the worker
+   *  has been notified.
+   */
+  updateRecordAndNotifyApp(aKeyID, aUpdateFunc) {
+    return this._db.update(aKeyID, aUpdateFunc).then(record => {
+      this._notifySubscriptionChangeObservers(record);
+      return record;
+    });
+  },
+
+  ensureCrypto(record) {
+    if (
+      record.hasAuthenticationSecret() &&
+      record.p256dhPublicKey &&
+      record.p256dhPrivateKey
+    ) {
+      return Promise.resolve(record);
+    }
+
+    let keygen = Promise.resolve([]);
+    if (!record.p256dhPublicKey || !record.p256dhPrivateKey) {
+      keygen = lazy.PushCrypto.generateKeys();
+    }
+    // We do not have a encryption key. so we need to generate it. This
+    // is only going to happen on db upgrade from version 4 to higher.
+    return keygen.then(
+      ([pubKey, privKey]) => {
+        return this.updateRecordAndNotifyApp(record.keyID, record => {
+          if (!record.p256dhPublicKey || !record.p256dhPrivateKey) {
+            record.p256dhPublicKey = pubKey;
+            record.p256dhPrivateKey = privKey;
+          }
+          if (!record.hasAuthenticationSecret()) {
+            record.authenticationSecret =
+              lazy.PushCrypto.generateAuthenticationSecret();
+          }
+          return record;
+        });
+      },
+      error => {
+        return this.dropRegistrationAndNotifyApp(record.keyID).then(() =>
+          Promise.reject(error)
+        );
+      }
+    );
+  },
+
+  /**
+   * Dispatches an incoming message to a service worker, recalculating the
+   * quota for the associated push registration. If the quota is exceeded,
+   * the registration and message will be dropped, and the worker will not
+   * be notified.
+   *
+   * @param {String} keyID The push registration ID.
+   * @param {String} messageID The message ID, used to report service worker
+   *  delivery failures. For Web Push messages, this is the version. If empty,
+   *  failures will not be reported.
+   * @param {Object} headers The encryption headers.
+   * @param {ArrayBuffer|Uint8Array} data The encrypted message data.
+   * @param {Function} updateFunc A function that receives the existing
+   *  registration record as its argument, and returns a new record. If the
+   *  function returns `null` or `undefined`, the record will not be updated.
+   *  `PushServiceWebSocket` uses this to drop incoming updates with older
+   *  versions.
+   * @returns {Promise} Resolves with an `nsIPushErrorReporter` ack status
+   *  code, indicating whether the message was delivered successfully.
+   */
+  receivedPushMessage(keyID, messageID, headers, data, updateFunc) {
+    lazy.console.debug("receivedPushMessage()");
+
+    return this._updateRecordAfterPush(keyID, updateFunc)
+      .then(record => {
+        if (record.quotaApplies()) {
+          // Update quota after the delay, at which point
+          // we check for visible notifications.
+          let timeoutID = setTimeout(_ => {
+            this._updateQuota(keyID);
+            if (!this._updateQuotaTimeouts.delete(timeoutID)) {
+              lazy.console.debug(
+                "receivedPushMessage: quota update timeout missing?"
+              );
+            }
+          }, prefs.getIntPref("quotaUpdateDelay"));
+          this._updateQuotaTimeouts.add(timeoutID);
+        }
+        return this._decryptAndNotifyApp(record, messageID, headers, data);
+      })
+      .catch(error => {
+        lazy.console.error("receivedPushMessage: Error notifying app", error);
+        return Ci.nsIPushErrorReporter.ACK_NOT_DELIVERED;
+      });
+  },
+
+  /**
+   * Dispatches a broadcast notification to the BroadcastService.
+   *
+   * @param {Object} message The reply received by PushServiceWebSocket
+   * @param {Object} context Additional information about the context in which the
+   *  notification was received.
+   */
+  receivedBroadcastMessage(message, context) {
+    lazy.pushBroadcastService
+      .receivedBroadcastMessage(message.broadcasts, context)
+      .catch(e => {
+        lazy.console.error(e);
+      });
+  },
+
+  /**
+   * Updates a registration record after receiving a push message.
+   *
+   * @param {String} keyID The push registration ID.
+   * @param {Function} updateFunc The function passed to `receivedPushMessage`.
+   * @returns {Promise} Resolves with the updated record, or rejects if the
+   *  record was not updated.
+   */
+  _updateRecordAfterPush(keyID, updateFunc) {
+    return this.getByKeyID(keyID)
+      .then(record => {
+        if (!record) {
+          throw new Error("No record for key ID " + keyID);
+        }
+        return record
+          .getLastVisit()
+          .then(lastVisit => {
+            // As a special case, don't notify the service worker if the user
+            // cleared their history.
+            if (!isFinite(lastVisit)) {
+              throw new Error("Ignoring message sent to unvisited origin");
+            }
+            return lastVisit;
+          })
+          .then(lastVisit => {
+            // Update the record, resetting the quota if the user has visited the
+            // site since the last push.
+            return this._db.update(keyID, record => {
+              let newRecord = updateFunc(record);
+              if (!newRecord) {
+                return null;
+              }
+              // Because `unregister` is advisory only, we can still receive messages
+              // for stale Simple Push registrations from the server. To work around
+              // this, we check if the record has expired before *and* after updating
+              // the quota.
+              if (newRecord.isExpired()) {
+                return null;
+              }
+              newRecord.receivedPush(lastVisit);
+              return newRecord;
+            });
+          });
+      })
+      .then(record => {
+        lazy.gPushNotifier.notifySubscriptionModified(
+          record.scope,
+          record.principal
+        );
+        return record;
+      });
+  },
+
+  /**
+   * Decrypts an incoming message and notifies the associated service worker.
+   *
+   * @param {PushRecord} record The receiving registration.
+   * @param {String} messageID The message ID.
+   * @param {Object} headers The encryption headers.
+   * @param {ArrayBuffer|Uint8Array} data The encrypted message data.
+   * @returns {Promise} Resolves with an ack status code.
+   */
+  _decryptAndNotifyApp(record, messageID, headers, data) {
+    return lazy.PushCrypto.decrypt(
+      record.p256dhPrivateKey,
+      record.p256dhPublicKey,
+      record.authenticationSecret,
+      headers,
+      data
+    ).then(
+      message => this._notifyApp(record, messageID, message),
+      error => {
+        lazy.console.warn(
+          "decryptAndNotifyApp: Error decrypting message",
+          record.scope,
+          messageID,
+          error
+        );
+
+        let message = error.format(record.scope);
+        lazy.gPushNotifier.notifyError(
+          record.scope,
+          record.principal,
+          message,
+          Ci.nsIScriptError.errorFlag
+        );
+        return Ci.nsIPushErrorReporter.ACK_DECRYPTION_ERROR;
+      }
+    );
+  },
+
+  _updateQuota(keyID) {
+    lazy.console.debug("updateQuota()");
+
+    this._db
+      .update(keyID, record => {
+        // Record may have expired from an earlier quota update.
+        if (record.isExpired()) {
+          lazy.console.debug(
+            "updateQuota: Trying to update quota for expired record",
+            record
+          );
+          return null;
+        }
+        // If there are visible notifications, don't apply the quota penalty
+        // for the message.
+        if (record.uri && !this._visibleNotifications.has(record.uri.prePath)) {
+          record.reduceQuota();
+        }
+        return record;
+      })
+      .then(record => {
+        if (record.isExpired()) {
+          // Drop the registration in the background. If the user returns to the
+          // site, the service worker will be notified on the next `idle-daily`
+          // event.
+          this._backgroundUnregister(
+            record,
+            Ci.nsIPushErrorReporter.UNSUBSCRIBE_QUOTA_EXCEEDED
+          );
+        } else {
+          lazy.gPushNotifier.notifySubscriptionModified(
+            record.scope,
+            record.principal
+          );
+        }
+        if (this._updateQuotaTestCallback) {
+          // Callback so that test may be notified when the quota update is complete.
+          this._updateQuotaTestCallback();
+        }
+      })
+      .catch(error => {
+        lazy.console.debug(
+          "updateQuota: Error while trying to update quota",
+          error
+        );
+      });
+  },
+
+  notificationForOriginShown(origin) {
+    lazy.console.debug("notificationForOriginShown()", origin);
+    let count;
+    if (this._visibleNotifications.has(origin)) {
+      count = this._visibleNotifications.get(origin);
+    } else {
+      count = 0;
+    }
+    this._visibleNotifications.set(origin, count + 1);
+  },
+
+  notificationForOriginClosed(origin) {
+    lazy.console.debug("notificationForOriginClosed()", origin);
+    let count;
+    if (this._visibleNotifications.has(origin)) {
+      count = this._visibleNotifications.get(origin);
+    } else {
+      lazy.console.debug(
+        "notificationForOriginClosed: closing notification that has not been shown?"
+      );
+      return;
+    }
+    if (count > 1) {
+      this._visibleNotifications.set(origin, count - 1);
+    } else {
+      this._visibleNotifications.delete(origin);
+    }
+  },
+
+  reportDeliveryError(messageID, reason) {
+    lazy.console.debug("reportDeliveryError()", messageID, reason);
+    if (this._state == PUSH_SERVICE_RUNNING && this._service.isConnected()) {
+      // Only report errors if we're initialized and connected.
+      this._service.reportDeliveryError(messageID, reason);
+    }
+  },
+
+  _notifyApp(aPushRecord, messageID, message) {
+    if (
+      !aPushRecord ||
+      !aPushRecord.scope ||
+      aPushRecord.originAttributes === undefined
+    ) {
+      lazy.console.error("notifyApp: Invalid record", aPushRecord);
+      return Ci.nsIPushErrorReporter.ACK_NOT_DELIVERED;
+    }
+
+    lazy.console.debug("notifyApp()", aPushRecord.scope);
+
+    // If permission has been revoked, trash the message.
+    if (!aPushRecord.hasPermission()) {
+      lazy.console.warn("notifyApp: Missing push permission", aPushRecord);
+      return Ci.nsIPushErrorReporter.ACK_NOT_DELIVERED;
+    }
+
+    let payload = ArrayBuffer.isView(message)
+      ? new Uint8Array(message.buffer)
+      : message;
+
+    if (aPushRecord.quotaApplies()) {
+      // Don't record telemetry for chrome push messages.
+      Services.telemetry.getHistogramById("PUSH_API_NOTIFY").add();
+    }
+
+    if (payload) {
+      lazy.gPushNotifier.notifyPushWithData(
+        aPushRecord.scope,
+        aPushRecord.principal,
+        messageID,
+        payload
+      );
+    } else {
+      lazy.gPushNotifier.notifyPush(
+        aPushRecord.scope,
+        aPushRecord.principal,
+        messageID
+      );
+    }
+
+    return Ci.nsIPushErrorReporter.ACK_DELIVERED;
+  },
+
+  getByKeyID(aKeyID) {
+    return this._db.getByKeyID(aKeyID);
+  },
+
+  getAllUnexpired() {
+    return this._db.getAllUnexpired();
+  },
+
+  _sendRequest(action, ...params) {
+    if (this._state == PUSH_SERVICE_CONNECTION_DISABLE) {
+      return Promise.reject(new Error("Push service disabled"));
+    }
+    if (this._state == PUSH_SERVICE_ACTIVE_OFFLINE) {
+      return Promise.reject(new Error("Push service offline"));
+    }
+    // Ensure the backend is ready. `getByPageRecord` already checks this, but
+    // we need to check again here in case the service was restarted in the
+    // meantime.
+    return this._checkActivated().then(_ => {
+      switch (action) {
+        case "register":
+          return this._service.register(...params);
+        case "unregister":
+          return this._service.unregister(...params);
+      }
+      return Promise.reject(new Error("Unknown request type: " + action));
+    });
+  },
+
+  /**
+   * Called on message from the child process. aPageRecord is an object sent by
+   * the push manager, identifying the sending page and other fields.
+   */
+  _registerWithServer(aPageRecord) {
+    lazy.console.debug("registerWithServer()", aPageRecord);
+
+    return this._sendRequest("register", aPageRecord)
+      .then(
+        record => this._onRegisterSuccess(record),
+        err => this._onRegisterError(err)
+      )
+      .then(
+        record => {
+          this._deletePendingRequest(aPageRecord);
+          lazy.gPushNotifier.notifySubscriptionModified(
+            record.scope,
+            record.principal
+          );
+          return record.toSubscription();
+        },
+        err => {
+          this._deletePendingRequest(aPageRecord);
+          throw err;
+        }
+      );
+  },
+
+  _sendUnregister(aRecord, aReason) {
+    return this._sendRequest("unregister", aRecord, aReason);
+  },
+
+  /**
+   * Exceptions thrown in _onRegisterSuccess are caught by the promise obtained
+   * from _service.request, causing the promise to be rejected instead.
+   */
+  _onRegisterSuccess(aRecord) {
+    lazy.console.debug("_onRegisterSuccess()");
+
+    return this._db.put(aRecord).catch(error => {
+      // Unable to save. Destroy the subscription in the background.
+      this._backgroundUnregister(
+        aRecord,
+        Ci.nsIPushErrorReporter.UNSUBSCRIBE_MANUAL
+      );
+      throw error;
+    });
+  },
+
+  /**
+   * Exceptions thrown in _onRegisterError are caught by the promise obtained
+   * from _service.request, causing the promise to be rejected instead.
+   */
+  _onRegisterError(reply) {
+    lazy.console.debug("_onRegisterError()");
+
+    if (!reply.error) {
+      lazy.console.warn(
+        "onRegisterError: Called without valid error message!",
+        reply
+      );
+      throw new Error("Registration error");
+    }
+    throw reply.error;
+  },
+
+  notificationsCleared() {
+    this._visibleNotifications.clear();
+  },
+
+  _getByPageRecord(pageRecord) {
+    return this._checkActivated().then(_ =>
+      this._db.getByIdentifiers(pageRecord)
+    );
+  },
+
+  register(aPageRecord) {
+    lazy.console.debug("register()", aPageRecord);
+
+    let keyPromise;
+    if (aPageRecord.appServerKey && aPageRecord.appServerKey.length) {
+      let keyView = new Uint8Array(aPageRecord.appServerKey);
+      keyPromise = lazy.PushCrypto.validateAppServerKey(keyView).catch(
+        error => {
+          // Normalize Web Crypto exceptions. `nsIPushService` will forward the
+          // error result to the DOM API implementation in `PushManager.cpp` or
+          // `Push.js`, which will convert it to the correct `DOMException`.
+          throw errorWithResult(
+            "Invalid app server key",
+            Cr.NS_ERROR_DOM_PUSH_INVALID_KEY_ERR
+          );
+        }
+      );
+    } else {
+      keyPromise = Promise.resolve(null);
+    }
+
+    return Promise.all([keyPromise, this._getByPageRecord(aPageRecord)]).then(
+      ([appServerKey, record]) => {
+        aPageRecord.appServerKey = appServerKey;
+        if (!record) {
+          return this._lookupOrPutPendingRequest(aPageRecord);
+        }
+        if (!record.matchesAppServerKey(appServerKey)) {
+          throw errorWithResult(
+            "Mismatched app server key",
+            Cr.NS_ERROR_DOM_PUSH_MISMATCHED_KEY_ERR
+          );
+        }
+        if (record.isExpired()) {
+          return record
+            .quotaChanged()
+            .then(isChanged => {
+              if (isChanged) {
+                // If the user revisited the site, drop the expired push
+                // registration and re-register.
+                return this.dropRegistrationAndNotifyApp(record.keyID);
+              }
+              throw new Error("Push subscription expired");
+            })
+            .then(_ => this._lookupOrPutPendingRequest(aPageRecord));
+        }
+        return record.toSubscription();
+      }
+    );
+  },
+
+  /*
+   * Called only by the PushBroadcastService on the receipt of a new
+   * subscription. Don't call this directly. Go through PushBroadcastService.
+   */
+  async subscribeBroadcast(broadcastId, version) {
+    if (this._state != PUSH_SERVICE_RUNNING) {
+      // Ignore any request to subscribe before we send a hello.
+      // We'll send all the broadcast listeners as part of the hello
+      // anyhow.
+      return;
+    }
+
+    await this._service.sendSubscribeBroadcast(broadcastId, version);
+  },
+
+  /**
+   * Called on message from the child process.
+   *
+   * Why is the record being deleted from the local database before the server
+   * is told?
+   *
+   * Unregistration is for the benefit of the app and the AppServer
+   * so that the AppServer does not keep pinging a channel the UserAgent isn't
+   * watching The important part of the transaction in this case is left to the
+   * app, to tell its server of the unregistration.  Even if the request to the
+   * PushServer were to fail, it would not affect correctness of the protocol,
+   * and the server GC would just clean up the channelID/subscription
+   * eventually.  Since the appserver doesn't ping it, no data is lost.
+   *
+   * If rather we were to unregister at the server and update the database only
+   * on success: If the server receives the unregister, and deletes the
+   * channelID/subscription, but the response is lost because of network
+   * failure, the application is never informed. In addition the application may
+   * retry the unregister when it fails due to timeout (websocket) or any other
+   * reason at which point the server will say it does not know of this
+   * unregistration.  We'll have to make the registration/unregistration phases
+   * have retries and attempts to resend messages from the server, and have the
+   * client acknowledge. On a server, data is cheap, reliable notification is
+   * not.
+   */
+  unregister(aPageRecord) {
+    lazy.console.debug("unregister()", aPageRecord);
+
+    return this._getByPageRecord(aPageRecord).then(record => {
+      if (record === null) {
+        return false;
+      }
+
+      let reason = Ci.nsIPushErrorReporter.UNSUBSCRIBE_MANUAL;
+      return Promise.all([
+        this._sendUnregister(record, reason),
+        this._db.delete(record.keyID).then(rec => {
+          if (rec) {
+            lazy.gPushNotifier.notifySubscriptionModified(
+              rec.scope,
+              rec.principal
+            );
+          }
+        }),
+      ]).then(([success]) => success);
+    });
+  },
+
+  clear(info) {
+    return this._checkActivated()
+      .then(_ => {
+        return this._dropRegistrationsIf(
+          record =>
+            info.domain == "*" ||
+            (record.uri &&
+              Services.eTLD.hasRootDomain(record.uri.prePath, info.domain))
+        );
+      })
+      .catch(e => {
+        lazy.console.warn(
+          "clear: Error dropping subscriptions for domain",
+          info.domain,
+          e
+        );
+        return Promise.resolve();
+      });
+  },
+
+  registration(aPageRecord) {
+    lazy.console.debug("registration()");
+
+    return this._getByPageRecord(aPageRecord).then(record => {
+      if (!record) {
+        return null;
+      }
+      if (record.isExpired()) {
+        return record.quotaChanged().then(isChanged => {
+          if (isChanged) {
+            return this.dropRegistrationAndNotifyApp(record.keyID).then(
+              _ => null
+            );
+          }
+          return null;
+        });
+      }
+      return record.toSubscription();
+    });
+  },
+
+  _dropExpiredRegistrations() {
+    lazy.console.debug("dropExpiredRegistrations()");
+
+    return this._db.getAllExpired().then(records => {
+      return Promise.all(
+        records.map(record =>
+          record
+            .quotaChanged()
+            .then(isChanged => {
+              if (isChanged) {
+                // If the user revisited the site, drop the expired push
+                // registration and notify the associated service worker.
+                this.dropRegistrationAndNotifyApp(record.keyID);
+              }
+            })
+            .catch(error => {
+              lazy.console.error(
+                "dropExpiredRegistrations: Error dropping registration",
+                record.keyID,
+                error
+              );
+            })
+        )
+      );
+    });
+  },
+
+  _onPermissionChange(subject, data) {
+    lazy.console.debug("onPermissionChange()");
+
+    if (data == "cleared") {
+      return this._clearPermissions();
+    }
+
+    let permission = subject.QueryInterface(Ci.nsIPermission);
+    if (permission.type != "desktop-notification") {
+      return Promise.resolve();
+    }
+
+    return this._updatePermission(permission, data);
+  },
+
+  _clearPermissions() {
+    lazy.console.debug("clearPermissions()");
+
+    return this._db.clearIf(record => {
+      if (!record.quotaApplies()) {
+        // Only drop registrations that are subject to quota.
+        return false;
+      }
+      this._backgroundUnregister(
+        record,
+        Ci.nsIPushErrorReporter.UNSUBSCRIBE_PERMISSION_REVOKED
+      );
+      return true;
+    });
+  },
+
+  _updatePermission(permission, type) {
+    lazy.console.debug("updatePermission()");
+
+    let isAllow = permission.capability == Ci.nsIPermissionManager.ALLOW_ACTION;
+    let isChange = type == "added" || type == "changed";
+
+    if (isAllow && isChange) {
+      // Permission set to "allow". Drop all expired registrations for this
+      // site, notify the associated service workers, and reset the quota
+      // for active registrations.
+      return this._forEachPrincipal(permission.principal, (record, cursor) =>
+        this._permissionAllowed(record, cursor)
+      );
+    } else if (isChange || (isAllow && type == "deleted")) {
+      // Permission set to "block" or "always ask," or "allow" permission
+      // removed. Expire all registrations for this site.
+      return this._forEachPrincipal(permission.principal, (record, cursor) =>
+        this._permissionDenied(record, cursor)
+      );
+    }
+
+    return Promise.resolve();
+  },
+
+  _forEachPrincipal(principal, callback) {
+    return this._db.forEachOrigin(
+      principal.URI.prePath,
+      ChromeUtils.originAttributesToSuffix(principal.originAttributes),
+      callback
+    );
+  },
+
+  /**
+   * The update function called for each registration record if the push
+   * permission is revoked. We only expire the record so we can notify the
+   * service worker as soon as the permission is reinstated. If we just
+   * deleted the record, the worker wouldn't be notified until the next visit
+   * to the site.
+   *
+   * @param {PushRecord} record The record to expire.
+   * @param {IDBCursor} cursor The IndexedDB cursor.
+   */
+  _permissionDenied(record, cursor) {
+    lazy.console.debug("permissionDenied()");
+
+    if (!record.quotaApplies() || record.isExpired()) {
+      // Ignore already-expired records.
+      return;
+    }
+    // Drop the registration in the background.
+    this._backgroundUnregister(
+      record,
+      Ci.nsIPushErrorReporter.UNSUBSCRIBE_PERMISSION_REVOKED
+    );
+    record.setQuota(0);
+    cursor.update(record);
+  },
+
+  /**
+   * The update function called for each registration record if the push
+   * permission is granted. If the record has expired, it will be dropped;
+   * otherwise, its quota will be reset to the default value.
+   *
+   * @param {PushRecord} record The record to update.
+   * @param {IDBCursor} cursor The IndexedDB cursor.
+   */
+  _permissionAllowed(record, cursor) {
+    lazy.console.debug("permissionAllowed()");
+
+    if (!record.quotaApplies()) {
+      return;
+    }
+    if (record.isExpired()) {
+      // If the registration has expired, drop and notify the worker
+      // unconditionally.
+      this._notifySubscriptionChangeObservers(record);
+      cursor.delete();
+      return;
+    }
+    record.resetQuota();
+    cursor.update(record);
+  },
+
+  /**
+   * Drops all matching registrations from the database. Notifies the
+   * associated service workers if permission is granted, and removes
+   * unexpired registrations from the server.
+   *
+   * @param {Function} predicate A function called for each record.
+   * @returns {Promise} Resolves once the registrations have been dropped.
+   */
+  _dropRegistrationsIf(predicate) {
+    return this._db.clearIf(record => {
+      if (!predicate(record)) {
+        return false;
+      }
+      if (record.hasPermission()) {
+        // "Clear Recent History" and the Forget button remove permissions
+        // before clearing registrations, but it's possible for the worker to
+        // resubscribe if the "dom.push.testing.ignorePermission" pref is set.
+        this._notifySubscriptionChangeObservers(record);
+      }
+      if (!record.isExpired()) {
+        // Only unregister active registrations, since we already told the
+        // server about expired ones.
+        this._backgroundUnregister(
+          record,
+          Ci.nsIPushErrorReporter.UNSUBSCRIBE_MANUAL
+        );
+      }
+      return true;
+    });
+  },
+};