2017-10-27 01:08:41 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2016-02-09 18:43:00 +03:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2016-02-09 18:43:00 +03:00
|
|
|
|
|
|
|
|
#include "mozilla/dom/U2F.h"
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
#include "mozilla/dom/WebCryptoCommon.h"
|
2017-11-28 12:21:07 +03:00
|
|
|
#include "mozilla/ipc/PBackgroundChild.h"
|
|
|
|
|
#include "mozilla/ipc/BackgroundChild.h"
|
2017-12-05 21:05:06 +03:00
|
|
|
#include "mozilla/dom/WebAuthnTransactionChild.h"
|
2018-02-22 12:53:49 +03:00
|
|
|
#include "mozilla/dom/WebAuthnUtil.h"
|
2016-02-09 18:43:00 +03:00
|
|
|
#include "nsContentUtils.h"
|
2017-09-29 02:45:28 +03:00
|
|
|
#include "nsIEffectiveTLDService.h"
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
#include "nsNetUtil.h"
|
2016-04-15 19:29:12 +03:00
|
|
|
#include "nsURLParsers.h"
|
2017-11-28 12:21:07 +03:00
|
|
|
|
|
|
|
|
using namespace mozilla::ipc;
|
2016-04-15 19:29:12 +03:00
|
|
|
|
2017-09-29 02:45:28 +03:00
|
|
|
// Forward decl because of nsHTMLDocument.h's complex dependency on /layout/style
|
|
|
|
|
class nsHTMLDocument {
|
|
|
|
|
public:
|
|
|
|
|
bool IsRegistrableDomainSuffixOfOrEqualTo(const nsAString& aHostSuffixString,
|
|
|
|
|
const nsACString& aOrigHost);
|
|
|
|
|
};
|
|
|
|
|
|
2016-02-09 18:43:00 +03:00
|
|
|
namespace mozilla {
|
|
|
|
|
namespace dom {
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
static mozilla::LazyLogModule gU2FLog("u2fmanager");
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2016-04-19 00:49:07 +03:00
|
|
|
NS_NAMED_LITERAL_STRING(kFinishEnrollment, "navigator.id.finishEnrollment");
|
|
|
|
|
NS_NAMED_LITERAL_STRING(kGetAssertion, "navigator.id.getAssertion");
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2018-02-07 02:59:00 +03:00
|
|
|
// Bug #1436078 - Permit Google Accounts. Remove in Bug #1436085 in Jan 2023.
|
|
|
|
|
NS_NAMED_LITERAL_STRING(kGoogleAccountsAppId1,
|
|
|
|
|
"https://www.gstatic.com/securitykey/origins.json");
|
|
|
|
|
NS_NAMED_LITERAL_STRING(kGoogleAccountsAppId2,
|
|
|
|
|
"https://www.gstatic.com/securitykey/a/google.com/origins.json");
|
|
|
|
|
|
2016-02-09 18:43:00 +03:00
|
|
|
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(U2F)
|
|
|
|
|
NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
|
|
|
|
|
NS_INTERFACE_MAP_ENTRY(nsISupports)
|
2017-11-28 12:21:07 +03:00
|
|
|
NS_INTERFACE_MAP_ENTRY(nsIDOMEventListener)
|
2016-02-09 18:43:00 +03:00
|
|
|
NS_INTERFACE_MAP_END
|
|
|
|
|
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTING_ADDREF(U2F)
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTING_RELEASE(U2F)
|
|
|
|
|
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(U2F, mParent)
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
/***********************************************************************
|
|
|
|
|
* Utility Functions
|
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
|
|
|
|
static ErrorCode
|
|
|
|
|
ConvertNSResultToErrorCode(const nsresult& aError)
|
|
|
|
|
{
|
|
|
|
|
if (aError == NS_ERROR_DOM_TIMEOUT_ERR) {
|
|
|
|
|
return ErrorCode::TIMEOUT;
|
|
|
|
|
}
|
|
|
|
|
/* Emitted by U2F{Soft,HID}TokenManager when we really mean ineligible */
|
Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
Summary:
FIDO U2F's specification says that when the wrong security key responds to a
signature, or when an already-registered key exists, that the UA should return
error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things
for WebAuthn and now we don't. This changes the soft token to return that at
the appropriate times, and updates the expectations of U2F.cpp that it should
use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE.
Also, note that WebAuthn's specification says that if any authenticator returns
"InvalidStateError" that it should be propagated, as it indicates that the
authenticator obtained user consent and failed to complete its job [1].
This change to the Soft Token affects the WebAuthn tests, but in a good way.
Reading the WebAuthn spec, we should not be returning NotAllowedError when there
is consent from the user via the token (which the softtoken always deliveres).
As such, this adjusts the affected WebAuthn tests, and adds a couple useful
checks to test_webauthn_get_assertion.html for future purposes.
[1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new
credential", Step 20, Note 2: "If any authenticator returns an error status
equivalent to "InvalidStateError"..."
Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4
Reviewers: ttaubert
Bug #: 1460767
Differential Revision: https://phabricator.services.mozilla.com/D1269
--HG--
extra : transplant_source : M%5B%93%81%29%7E%B2%E8%24%05%A6%96%8BUN%C9%FB%3E%B3h
2018-05-11 02:36:18 +03:00
|
|
|
if (aError == NS_ERROR_DOM_INVALID_STATE_ERR) {
|
2017-11-28 12:21:07 +03:00
|
|
|
return ErrorCode::DEVICE_INELIGIBLE;
|
|
|
|
|
}
|
|
|
|
|
return ErrorCode::OTHER_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
static uint32_t
|
|
|
|
|
AdjustedTimeoutMillis(const Optional<Nullable<int32_t>>& opt_aSeconds)
|
|
|
|
|
{
|
|
|
|
|
uint32_t adjustedTimeoutMillis = 30000u;
|
|
|
|
|
if (opt_aSeconds.WasPassed() && !opt_aSeconds.Value().IsNull()) {
|
|
|
|
|
adjustedTimeoutMillis = opt_aSeconds.Value().Value() * 1000u;
|
|
|
|
|
adjustedTimeoutMillis = std::max(15000u, adjustedTimeoutMillis);
|
|
|
|
|
adjustedTimeoutMillis = std::min(120000u, adjustedTimeoutMillis);
|
|
|
|
|
}
|
|
|
|
|
return adjustedTimeoutMillis;
|
|
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2016-04-19 00:49:07 +03:00
|
|
|
static nsresult
|
|
|
|
|
AssembleClientData(const nsAString& aOrigin, const nsAString& aTyp,
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
const nsAString& aChallenge,
|
|
|
|
|
/* out */ nsString& aClientData)
|
2016-02-09 18:43:00 +03:00
|
|
|
{
|
2016-10-13 06:56:56 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
2017-01-09 23:22:49 +03:00
|
|
|
U2FClientData clientDataObject;
|
2016-04-19 00:49:07 +03:00
|
|
|
clientDataObject.mTyp.Construct(aTyp); // "Typ" from the U2F specification
|
|
|
|
|
clientDataObject.mChallenge.Construct(aChallenge);
|
|
|
|
|
clientDataObject.mOrigin.Construct(aOrigin);
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
if (NS_WARN_IF(!clientDataObject.ToJSON(aClientData))) {
|
2017-09-09 10:09:21 +03:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
static void
|
|
|
|
|
RegisteredKeysToScopedCredentialList(const nsAString& aAppId,
|
|
|
|
|
const nsTArray<RegisteredKey>& aKeys,
|
2018-01-09 09:27:35 +03:00
|
|
|
nsTArray<WebAuthnScopedCredential>& aList)
|
2017-09-09 10:09:21 +03:00
|
|
|
{
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
for (const RegisteredKey& key : aKeys) {
|
|
|
|
|
// Check for required attributes
|
|
|
|
|
if (!key.mVersion.WasPassed() || !key.mKeyHandle.WasPassed() ||
|
|
|
|
|
key.mVersion.Value() != kRequiredU2FVersion) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// If this key's mAppId doesn't match the invocation, we can't handle it.
|
|
|
|
|
if (key.mAppId.WasPassed() && !key.mAppId.Value().Equals(aAppId)) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
CryptoBuffer keyHandle;
|
|
|
|
|
nsresult rv = keyHandle.FromJwkBase64(key.mKeyHandle.Value());
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
2018-01-09 09:27:35 +03:00
|
|
|
WebAuthnScopedCredential c;
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
c.id() = keyHandle;
|
|
|
|
|
aList.AppendElement(c);
|
2017-09-09 10:09:21 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
/***********************************************************************
|
|
|
|
|
* U2F JavaScript API Implementation
|
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
U2F::~U2F()
|
2016-02-09 18:43:00 +03:00
|
|
|
{
|
2017-11-28 12:21:07 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
|
|
|
|
if (mTransaction.isSome()) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mChild) {
|
2017-12-05 21:05:06 +03:00
|
|
|
RefPtr<WebAuthnTransactionChild> c;
|
2017-11-28 12:21:07 +03:00
|
|
|
mChild.swap(c);
|
2017-12-05 21:05:06 +03:00
|
|
|
c->Disconnect();
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
2016-10-13 06:56:56 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
U2F::Init(ErrorResult& aRv)
|
2017-09-09 10:09:21 +03:00
|
|
|
{
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
MOZ_ASSERT(mParent);
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsCOMPtr<nsIDocument> doc = mParent->GetDoc();
|
|
|
|
|
MOZ_ASSERT(doc);
|
|
|
|
|
if (!doc) {
|
|
|
|
|
aRv.Throw(NS_ERROR_FAILURE);
|
|
|
|
|
return;
|
2017-09-09 10:09:21 +03:00
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsIPrincipal* principal = doc->NodePrincipal();
|
|
|
|
|
aRv = nsContentUtils::GetUTFOrigin(principal, mOrigin);
|
|
|
|
|
if (NS_WARN_IF(aRv.Failed())) {
|
2016-02-09 18:43:00 +03:00
|
|
|
return;
|
|
|
|
|
}
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for prefs and scheme,
and generally made these cleaner.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
2017-09-05 22:32:42 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
if (NS_WARN_IF(mOrigin.IsEmpty())) {
|
|
|
|
|
aRv.Throw(NS_ERROR_FAILURE);
|
2017-09-09 10:09:21 +03:00
|
|
|
return;
|
|
|
|
|
}
|
2016-04-19 00:49:07 +03:00
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
/* virtual */ JSObject*
|
|
|
|
|
U2F::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
|
2016-04-19 00:49:07 +03:00
|
|
|
{
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
return U2FBinding::Wrap(aCx, this, aGivenProto);
|
2016-10-13 06:56:56 +03:00
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
template<typename T, typename C>
|
|
|
|
|
void
|
|
|
|
|
U2F::ExecuteCallback(T& aResp, nsMainThreadPtrHandle<C>& aCb)
|
|
|
|
|
{
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
MOZ_ASSERT(aCb);
|
|
|
|
|
|
|
|
|
|
// Assert that mTransaction was cleared before before we were called to allow
|
|
|
|
|
// reentrancy from microtask checkpoints.
|
|
|
|
|
MOZ_ASSERT(mTransaction.isNothing());
|
|
|
|
|
|
|
|
|
|
ErrorResult error;
|
|
|
|
|
aCb->Call(aResp, error);
|
|
|
|
|
NS_WARNING_ASSERTION(!error.Failed(), "dom::U2F::Promise callback failed");
|
|
|
|
|
error.SuppressException(); // Useful exceptions already emitted
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-13 06:56:56 +03:00
|
|
|
void
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
U2F::Register(const nsAString& aAppId,
|
|
|
|
|
const Sequence<RegisterRequest>& aRegisterRequests,
|
|
|
|
|
const Sequence<RegisteredKey>& aRegisteredKeys,
|
|
|
|
|
U2FRegisterCallback& aCallback,
|
|
|
|
|
const Optional<Nullable<int32_t>>& opt_aTimeoutSeconds,
|
|
|
|
|
ErrorResult& aRv)
|
2016-10-13 06:56:56 +03:00
|
|
|
{
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (mTransaction.isSome()) {
|
|
|
|
|
CancelTransaction(NS_ERROR_ABORT);
|
|
|
|
|
}
|
2017-10-06 15:45:27 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
nsMainThreadPtrHandle<U2FRegisterCallback> callback(
|
|
|
|
|
new nsMainThreadPtrHolder<U2FRegisterCallback>("U2F::Register::callback",
|
|
|
|
|
&aCallback));
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Ensure we have a callback.
|
|
|
|
|
if (NS_WARN_IF(!callback)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-10-13 06:56:56 +03:00
|
|
|
|
|
|
|
|
// Evaluate the AppID
|
2018-02-22 12:53:49 +03:00
|
|
|
nsString adjustedAppId(aAppId);
|
|
|
|
|
if (!EvaluateAppID(mParent, mOrigin, U2FOperation::Register, adjustedAppId)) {
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
RegisterResponse response;
|
2018-02-22 12:53:49 +03:00
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
return;
|
2017-09-09 10:09:21 +03:00
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsAutoString clientDataJSON;
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Pick the first valid RegisterRequest; we can only work with one.
|
2018-05-30 17:06:09 +03:00
|
|
|
CryptoBuffer challenge;
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
for (const RegisterRequest& req : aRegisterRequests) {
|
|
|
|
|
if (!req.mChallenge.WasPassed() || !req.mVersion.WasPassed() ||
|
|
|
|
|
req.mVersion.Value() != kRequiredU2FVersion) {
|
2016-04-19 00:49:07 +03:00
|
|
|
continue;
|
2016-02-09 18:43:00 +03:00
|
|
|
}
|
2018-05-30 17:06:09 +03:00
|
|
|
if (!challenge.Assign(NS_ConvertUTF16toUTF8(req.mChallenge.Value()))) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsresult rv = AssembleClientData(mOrigin, kFinishEnrollment,
|
|
|
|
|
req.mChallenge.Value(), clientDataJSON);
|
2016-02-09 18:43:00 +03:00
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
2016-10-13 06:56:56 +03:00
|
|
|
continue;
|
2016-02-09 18:43:00 +03:00
|
|
|
}
|
2016-10-13 06:56:56 +03:00
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Did we not get a valid RegisterRequest? Abort.
|
|
|
|
|
if (clientDataJSON.IsEmpty()) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-04-19 00:49:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Build the exclusion list, if any
|
2018-01-09 09:27:35 +03:00
|
|
|
nsTArray<WebAuthnScopedCredential> excludeList;
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
RegisteredKeysToScopedCredentialList(adjustedAppId, aRegisteredKeys,
|
|
|
|
|
excludeList);
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (!MaybeCreateBackgroundActor()) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ListenForVisibilityEvents();
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
NS_ConvertUTF16toUTF8 clientData(clientDataJSON);
|
2017-12-08 18:55:52 +03:00
|
|
|
uint32_t adjustedTimeoutMillis = AdjustedTimeoutMillis(opt_aTimeoutSeconds);
|
|
|
|
|
|
2018-03-11 20:47:14 +03:00
|
|
|
WebAuthnMakeCredentialInfo info(mOrigin,
|
2018-05-30 17:06:09 +03:00
|
|
|
adjustedAppId,
|
|
|
|
|
challenge,
|
|
|
|
|
clientData,
|
2017-11-29 15:58:33 +03:00
|
|
|
adjustedTimeoutMillis,
|
|
|
|
|
excludeList,
|
2018-05-30 17:06:09 +03:00
|
|
|
null_t() /* no extra info for U2F */);
|
2017-11-28 12:21:07 +03:00
|
|
|
|
|
|
|
|
MOZ_ASSERT(mTransaction.isNothing());
|
2018-06-01 18:59:07 +03:00
|
|
|
mTransaction = Some(U2FTransaction(AsVariant(callback)));
|
2017-11-28 12:21:07 +03:00
|
|
|
mChild->SendRequestRegister(mTransaction.ref().mId, info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-12-05 21:05:06 +03:00
|
|
|
U2F::FinishMakeCredential(const uint64_t& aTransactionId,
|
2018-02-12 23:08:54 +03:00
|
|
|
const WebAuthnMakeCredentialResult& aResult)
|
2017-11-28 12:21:07 +03:00
|
|
|
{
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
|
|
|
|
// Check for a valid transaction.
|
|
|
|
|
if (mTransaction.isNothing() || mTransaction.ref().mId != aTransactionId) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
if (NS_WARN_IF(!mTransaction.ref().HasRegisterCallback())) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
// A CTAP2 response.
|
|
|
|
|
if (aResult.RegistrationData().Length() == 0) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
CryptoBuffer clientDataBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!clientDataBuf.Assign(aResult.ClientDataJSON()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoBuffer regBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!regBuf.Assign(aResult.RegistrationData()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nsString clientDataBase64;
|
|
|
|
|
nsString registrationDataBase64;
|
|
|
|
|
nsresult rvClientData = clientDataBuf.ToJwkBase64(clientDataBase64);
|
|
|
|
|
nsresult rvRegistrationData = regBuf.ToJwkBase64(registrationDataBase64);
|
|
|
|
|
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rvClientData)) ||
|
|
|
|
|
NS_WARN_IF(NS_FAILED(rvRegistrationData))) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Assemble a response object to return
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mVersion.Construct(kRequiredU2FVersion);
|
|
|
|
|
response.mClientData.Construct(clientDataBase64);
|
|
|
|
|
response.mRegistrationData.Construct(registrationDataBase64);
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OK));
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Keep the callback pointer alive.
|
|
|
|
|
nsMainThreadPtrHandle<U2FRegisterCallback> callback(
|
|
|
|
|
mTransaction.ref().GetRegisterCallback());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
ClearTransaction();
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-04-19 00:49:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
U2F::Sign(const nsAString& aAppId,
|
|
|
|
|
const nsAString& aChallenge,
|
|
|
|
|
const Sequence<RegisteredKey>& aRegisteredKeys,
|
|
|
|
|
U2FSignCallback& aCallback,
|
|
|
|
|
const Optional<Nullable<int32_t>>& opt_aTimeoutSeconds,
|
|
|
|
|
ErrorResult& aRv)
|
2016-04-19 00:49:07 +03:00
|
|
|
{
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
2017-09-09 10:09:21 +03:00
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (mTransaction.isSome()) {
|
|
|
|
|
CancelTransaction(NS_ERROR_ABORT);
|
|
|
|
|
}
|
2017-10-06 15:45:27 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
nsMainThreadPtrHandle<U2FSignCallback> callback(
|
|
|
|
|
new nsMainThreadPtrHolder<U2FSignCallback>("U2F::Sign::callback",
|
|
|
|
|
&aCallback));
|
2016-10-08 03:28:52 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Ensure we have a callback.
|
|
|
|
|
if (NS_WARN_IF(!callback)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Evaluate the AppID
|
2018-02-22 12:53:49 +03:00
|
|
|
nsString adjustedAppId(aAppId);
|
|
|
|
|
if (!EvaluateAppID(mParent, mOrigin, U2FOperation::Sign, adjustedAppId)) {
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
SignResponse response;
|
2018-02-22 12:53:49 +03:00
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-10-08 03:28:52 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Produce the AppParam from the current AppID
|
|
|
|
|
nsCString cAppId = NS_ConvertUTF16toUTF8(adjustedAppId);
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsAutoString clientDataJSON;
|
|
|
|
|
nsresult rv = AssembleClientData(mOrigin, kGetAssertion, aChallenge,
|
|
|
|
|
clientDataJSON);
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-10-08 03:28:52 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
CryptoBuffer challenge;
|
|
|
|
|
if (!challenge.Assign(NS_ConvertUTF16toUTF8(aChallenge))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
// Build the key list, if any
|
|
|
|
|
nsTArray<WebAuthnScopedCredential> permittedList;
|
|
|
|
|
RegisteredKeysToScopedCredentialList(adjustedAppId, aRegisteredKeys,
|
|
|
|
|
permittedList);
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (!MaybeCreateBackgroundActor()) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ListenForVisibilityEvents();
|
|
|
|
|
|
|
|
|
|
// Always blank for U2F
|
|
|
|
|
nsTArray<WebAuthnExtension> extensions;
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
NS_ConvertUTF16toUTF8 clientData(clientDataJSON);
|
2017-12-08 18:55:52 +03:00
|
|
|
uint32_t adjustedTimeoutMillis = AdjustedTimeoutMillis(opt_aTimeoutSeconds);
|
|
|
|
|
|
2018-03-11 20:47:14 +03:00
|
|
|
WebAuthnGetAssertionInfo info(mOrigin,
|
2018-05-30 17:06:09 +03:00
|
|
|
adjustedAppId,
|
|
|
|
|
challenge,
|
|
|
|
|
clientData,
|
2017-11-29 15:58:33 +03:00
|
|
|
adjustedTimeoutMillis,
|
|
|
|
|
permittedList,
|
2018-05-30 17:06:09 +03:00
|
|
|
null_t() /* no extra info for U2F */);
|
2017-11-28 12:21:07 +03:00
|
|
|
|
|
|
|
|
MOZ_ASSERT(mTransaction.isNothing());
|
2018-06-01 18:59:07 +03:00
|
|
|
mTransaction = Some(U2FTransaction(AsVariant(callback)));
|
2017-11-28 12:21:07 +03:00
|
|
|
mChild->SendRequestSign(mTransaction.ref().mId, info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-12-05 21:05:06 +03:00
|
|
|
U2F::FinishGetAssertion(const uint64_t& aTransactionId,
|
2018-02-12 23:08:54 +03:00
|
|
|
const WebAuthnGetAssertionResult& aResult)
|
2017-11-28 12:21:07 +03:00
|
|
|
{
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
|
|
|
|
// Check for a valid transaction.
|
|
|
|
|
if (mTransaction.isNothing() || mTransaction.ref().mId != aTransactionId) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
if (NS_WARN_IF(!mTransaction.ref().HasSignCallback())) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
// A CTAP2 response.
|
|
|
|
|
if (aResult.SignatureData().Length() == 0) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
CryptoBuffer clientDataBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!clientDataBuf.Assign(aResult.ClientDataJSON()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoBuffer credBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!credBuf.Assign(aResult.KeyHandle()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoBuffer sigBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!sigBuf.Assign(aResult.SignatureData()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Assemble a response object to return
|
|
|
|
|
nsString clientDataBase64;
|
|
|
|
|
nsString signatureDataBase64;
|
|
|
|
|
nsString keyHandleBase64;
|
|
|
|
|
nsresult rvClientData = clientDataBuf.ToJwkBase64(clientDataBase64);
|
|
|
|
|
nsresult rvSignatureData = sigBuf.ToJwkBase64(signatureDataBase64);
|
|
|
|
|
nsresult rvKeyHandle = credBuf.ToJwkBase64(keyHandleBase64);
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rvClientData)) ||
|
|
|
|
|
NS_WARN_IF(NS_FAILED(rvSignatureData) ||
|
|
|
|
|
NS_WARN_IF(NS_FAILED(rvKeyHandle)))) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mKeyHandle.Construct(keyHandleBase64);
|
|
|
|
|
response.mClientData.Construct(clientDataBase64);
|
|
|
|
|
response.mSignatureData.Construct(signatureDataBase64);
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OK));
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Keep the callback pointer alive.
|
|
|
|
|
nsMainThreadPtrHandle<U2FSignCallback> callback(
|
|
|
|
|
mTransaction.ref().GetSignCallback());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
ClearTransaction();
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
U2F::ClearTransaction()
|
|
|
|
|
{
|
|
|
|
|
if (!NS_WARN_IF(mTransaction.isNothing())) {
|
|
|
|
|
StopListeningForVisibilityEvents();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mTransaction.reset();
|
2016-04-19 00:49:07 +03:00
|
|
|
}
|
|
|
|
|
|
2017-09-19 17:55:38 +03:00
|
|
|
void
|
2017-11-28 12:21:07 +03:00
|
|
|
U2F::RejectTransaction(const nsresult& aError)
|
|
|
|
|
{
|
2017-12-08 18:55:52 +03:00
|
|
|
if (NS_WARN_IF(mTransaction.isNothing())) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
StopListeningForVisibilityEvents();
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Clear out mTransaction before calling ExecuteCallback() below to allow
|
|
|
|
|
// reentrancy from microtask checkpoints.
|
2018-05-30 22:15:35 +03:00
|
|
|
Maybe<U2FTransaction> maybeTransaction(std::move(mTransaction));
|
2017-12-08 18:55:52 +03:00
|
|
|
MOZ_ASSERT(mTransaction.isNothing() && maybeTransaction.isSome());
|
|
|
|
|
|
|
|
|
|
U2FTransaction& transaction = maybeTransaction.ref();
|
|
|
|
|
ErrorCode code = ConvertNSResultToErrorCode(aError);
|
|
|
|
|
|
|
|
|
|
if (transaction.HasRegisterCallback()) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(code));
|
|
|
|
|
ExecuteCallback(response, transaction.GetRegisterCallback());
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
if (transaction.HasSignCallback()) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(code));
|
|
|
|
|
ExecuteCallback(response, transaction.GetSignCallback());
|
|
|
|
|
}
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
U2F::CancelTransaction(const nsresult& aError)
|
|
|
|
|
{
|
|
|
|
|
if (!NS_WARN_IF(!mChild || mTransaction.isNothing())) {
|
|
|
|
|
mChild->SendRequestCancel(mTransaction.ref().mId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RejectTransaction(aError);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
U2F::RequestAborted(const uint64_t& aTransactionId, const nsresult& aError)
|
2017-09-19 17:55:38 +03:00
|
|
|
{
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (mTransaction.isSome() && mTransaction.ref().mId == aTransactionId) {
|
|
|
|
|
RejectTransaction(aError);
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2016-02-09 18:43:00 +03:00
|
|
|
} // namespace dom
|
|
|
|
|
} // namespace mozilla
|
