• file
• revisions
• annotate
• diff
• comparison
• raw

toolkit/identity/jwcrypto.jsm@129ffea94266 (annotated)

toolkit/identity/jwcrypto.jsm

Sat, 03 Jan 2015 20:18:00 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Sat, 03 Jan 2015 20:18:00 +0100

branch

TOR_BUG_3246

changeset 7

129ffea94266

permissions

-rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

michael@0	1	/* -*- Mode: js2; js2-basic-offset: 2; indent-tabs-mode: nil; -*- */
michael@0	2	/* vim: set ft=javascript ts=2 et sw=2 tw=80: */
michael@0	3	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	4	* License, v. 2.0. If a copy of the MPL was not distributed with this file,
michael@0	5	* You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	6
michael@0	7	"use strict";
michael@0	8
michael@0	9
michael@0	10	const Cu = Components.utils;
michael@0	11	const Ci = Components.interfaces;
michael@0	12	const Cc = Components.classes;
michael@0	13	const Cr = Components.results;
michael@0	14
michael@0	15	Cu.import("resource://gre/modules/XPCOMUtils.jsm");
michael@0	16	Cu.import("resource://gre/modules/Services.jsm");
michael@0	17	Cu.import("resource://gre/modules/identity/LogUtils.jsm");
michael@0	18
michael@0	19	XPCOMUtils.defineLazyServiceGetter(this,
michael@0	20	"IdentityCryptoService",
michael@0	21	"@mozilla.org/identity/crypto-service;1",
michael@0	22	"nsIIdentityCryptoService");
michael@0	23
michael@0	24	this.EXPORTED_SYMBOLS = ["jwcrypto"];
michael@0	25
michael@0	26	const ALGORITHMS = { RS256: "RS256", DS160: "DS160" };
michael@0	27	const DURATION_MS = 1000 * 60 * 2; // 2 minutes default assertion lifetime
michael@0	28
michael@0	29	function log(...aMessageArgs) {
michael@0	30	Logger.log.apply(Logger, ["jwcrypto"].concat(aMessageArgs));
michael@0	31	}
michael@0	32
michael@0	33	function generateKeyPair(aAlgorithmName, aCallback) {
michael@0	34	log("Generate key pair; alg =", aAlgorithmName);
michael@0	35
michael@0	36	IdentityCryptoService.generateKeyPair(aAlgorithmName, function(rv, aKeyPair) {
michael@0	37	if (!Components.isSuccessCode(rv)) {
michael@0	38	return aCallback("key generation failed");
michael@0	39	}
michael@0	40
michael@0	41	var publicKey;
michael@0	42
michael@0	43	switch (aKeyPair.keyType) {
michael@0	44	case ALGORITHMS.RS256:
michael@0	45	publicKey = {
michael@0	46	algorithm: "RS",
michael@0	47	exponent: aKeyPair.hexRSAPublicKeyExponent,
michael@0	48	modulus: aKeyPair.hexRSAPublicKeyModulus
michael@0	49	};
michael@0	50	break;
michael@0	51
michael@0	52	case ALGORITHMS.DS160:
michael@0	53	publicKey = {
michael@0	54	algorithm: "DS",
michael@0	55	y: aKeyPair.hexDSAPublicValue,
michael@0	56	p: aKeyPair.hexDSAPrime,
michael@0	57	q: aKeyPair.hexDSASubPrime,
michael@0	58	g: aKeyPair.hexDSAGenerator
michael@0	59	};
michael@0	60	break;
michael@0	61
michael@0	62	default:
michael@0	63	return aCallback("unknown key type");
michael@0	64	}
michael@0	65
michael@0	66	let keyWrapper = {
michael@0	67	serializedPublicKey: JSON.stringify(publicKey),
michael@0	68	_kp: aKeyPair
michael@0	69	};
michael@0	70
michael@0	71	return aCallback(null, keyWrapper);
michael@0	72	});
michael@0	73	}
michael@0	74
michael@0	75	function sign(aPayload, aKeypair, aCallback) {
michael@0	76	aKeypair._kp.sign(aPayload, function(rv, signature) {
michael@0	77	if (!Components.isSuccessCode(rv)) {
michael@0	78	log("ERROR: signer.sign failed");
michael@0	79	return aCallback("Sign failed");
michael@0	80	}
michael@0	81	log("signer.sign: success");
michael@0	82	return aCallback(null, signature);
michael@0	83	});
michael@0	84	}
michael@0	85
michael@0	86	function jwcryptoClass()
michael@0	87	{
michael@0	88	}
michael@0	89
michael@0	90	jwcryptoClass.prototype = {
michael@0	91	/*
michael@0	92	* Determine the expiration of the assertion. Returns expiry date
michael@0	93	* in milliseconds as integer.
michael@0	94	*
michael@0	95	* @param localtimeOffsetMsec (optional)
michael@0	96	* The number of milliseconds that must be added to the local clock
michael@0	97	* for it to agree with the server. For example, if the local clock
michael@0	98	* if two minutes fast, localtimeOffsetMsec would be -120000
michael@0	99	*
michael@0	100	* @param now (options)
michael@0	101	* Current date in milliseconds. Useful for mocking clock
michael@0	102	* skew in testing.
michael@0	103	*/
michael@0	104	getExpiration: function(duration=DURATION_MS, localtimeOffsetMsec=0, now=Date.now()) {
michael@0	105	return now + localtimeOffsetMsec + duration;
michael@0	106	},
michael@0	107
michael@0	108	isCertValid: function(aCert, aCallback) {
michael@0	109	// XXX check expiration, bug 769850
michael@0	110	aCallback(true);
michael@0	111	},
michael@0	112
michael@0	113	generateKeyPair: function(aAlgorithmName, aCallback) {
michael@0	114	log("generating");
michael@0	115	generateKeyPair(aAlgorithmName, aCallback);
michael@0	116	},
michael@0	117
michael@0	118	/*
michael@0	119	* Generate an assertion and return it through the provided callback.
michael@0	120	*
michael@0	121	* @param aCert
michael@0	122	* Identity certificate
michael@0	123	*
michael@0	124	* @param aKeyPair
michael@0	125	* KeyPair object
michael@0	126	*
michael@0	127	* @param aAudience
michael@0	128	* Audience of the assertion
michael@0	129	*
michael@0	130	* @param aOptions (optional)
michael@0	131	* Can include:
michael@0	132	* {
michael@0	133	* localtimeOffsetMsec: <clock offset in milliseconds>,
michael@0	134	* now: <current date in milliseconds>
michael@0	135	* duration: <validity duration for this assertion in milliseconds>
michael@0	136	* }
michael@0	137	*
michael@0	138	* localtimeOffsetMsec is the number of milliseconds that need to be
michael@0	139	* added to the local clock time to make it concur with the server.
michael@0	140	* For example, if the local clock is two minutes fast, the offset in
michael@0	141	* milliseconds would be -120000.
michael@0	142	*
michael@0	143	* @param aCallback
michael@0	144	* Function to invoke with resulting assertion. Assertion
michael@0	145	* will be string or null on failure.
michael@0	146	*/
michael@0	147	generateAssertion: function(aCert, aKeyPair, aAudience, aOptions, aCallback) {
michael@0	148	if (typeof aOptions == "function") {
michael@0	149	aCallback = aOptions;
michael@0	150	aOptions = { };
michael@0	151	}
michael@0	152
michael@0	153	// for now, we hack the algorithm name
michael@0	154	// XXX bug 769851
michael@0	155	var header = {"alg": "DS128"};
michael@0	156	var headerBytes = IdentityCryptoService.base64UrlEncode(
michael@0	157	JSON.stringify(header));
michael@0	158
michael@0	159	var payload = {
michael@0	160	exp: this.getExpiration(
michael@0	161	aOptions.duration, aOptions.localtimeOffsetMsec, aOptions.now),
michael@0	162	aud: aAudience
michael@0	163	};
michael@0	164	var payloadBytes = IdentityCryptoService.base64UrlEncode(
michael@0	165	JSON.stringify(payload));
michael@0	166
michael@0	167	log("payload bytes", payload, payloadBytes);
michael@0	168	sign(headerBytes + "." + payloadBytes, aKeyPair, function(err, signature) {
michael@0	169	if (err)
michael@0	170	return aCallback(err);
michael@0	171
michael@0	172	var signedAssertion = headerBytes + "." + payloadBytes + "." + signature;
michael@0	173	return aCallback(null, aCert + "~" + signedAssertion);
michael@0	174	});
michael@0	175	}
michael@0	176
michael@0	177	};
michael@0	178
michael@0	179	this.jwcrypto = new jwcryptoClass();
michael@0	180	this.jwcrypto.ALGORITHMS = ALGORITHMS;