1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/identity/jwcrypto.jsm Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,180 @@
1.4 +/* -*- Mode: js2; js2-basic-offset: 2; indent-tabs-mode: nil; -*- */
1.5 +/* vim: set ft=javascript ts=2 et sw=2 tw=80: */
1.6 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this file,
1.8 + * You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +"use strict";
1.11 +
1.12 +
1.13 +const Cu = Components.utils;
1.14 +const Ci = Components.interfaces;
1.15 +const Cc = Components.classes;
1.16 +const Cr = Components.results;
1.17 +
1.18 +Cu.import("resource://gre/modules/XPCOMUtils.jsm");
1.19 +Cu.import("resource://gre/modules/Services.jsm");
1.20 +Cu.import("resource://gre/modules/identity/LogUtils.jsm");
1.21 +
1.22 +XPCOMUtils.defineLazyServiceGetter(this,
1.23 + "IdentityCryptoService",
1.24 + "@mozilla.org/identity/crypto-service;1",
1.25 + "nsIIdentityCryptoService");
1.26 +
1.27 +this.EXPORTED_SYMBOLS = ["jwcrypto"];
1.28 +
1.29 +const ALGORITHMS = { RS256: "RS256", DS160: "DS160" };
1.30 +const DURATION_MS = 1000 * 60 * 2; // 2 minutes default assertion lifetime
1.31 +
1.32 +function log(...aMessageArgs) {
1.33 + Logger.log.apply(Logger, ["jwcrypto"].concat(aMessageArgs));
1.34 +}
1.35 +
1.36 +function generateKeyPair(aAlgorithmName, aCallback) {
1.37 + log("Generate key pair; alg =", aAlgorithmName);
1.38 +
1.39 + IdentityCryptoService.generateKeyPair(aAlgorithmName, function(rv, aKeyPair) {
1.40 + if (!Components.isSuccessCode(rv)) {
1.41 + return aCallback("key generation failed");
1.42 + }
1.43 +
1.44 + var publicKey;
1.45 +
1.46 + switch (aKeyPair.keyType) {
1.47 + case ALGORITHMS.RS256:
1.48 + publicKey = {
1.49 + algorithm: "RS",
1.50 + exponent: aKeyPair.hexRSAPublicKeyExponent,
1.51 + modulus: aKeyPair.hexRSAPublicKeyModulus
1.52 + };
1.53 + break;
1.54 +
1.55 + case ALGORITHMS.DS160:
1.56 + publicKey = {
1.57 + algorithm: "DS",
1.58 + y: aKeyPair.hexDSAPublicValue,
1.59 + p: aKeyPair.hexDSAPrime,
1.60 + q: aKeyPair.hexDSASubPrime,
1.61 + g: aKeyPair.hexDSAGenerator
1.62 + };
1.63 + break;
1.64 +
1.65 + default:
1.66 + return aCallback("unknown key type");
1.67 + }
1.68 +
1.69 + let keyWrapper = {
1.70 + serializedPublicKey: JSON.stringify(publicKey),
1.71 + _kp: aKeyPair
1.72 + };
1.73 +
1.74 + return aCallback(null, keyWrapper);
1.75 + });
1.76 +}
1.77 +
1.78 +function sign(aPayload, aKeypair, aCallback) {
1.79 + aKeypair._kp.sign(aPayload, function(rv, signature) {
1.80 + if (!Components.isSuccessCode(rv)) {
1.81 + log("ERROR: signer.sign failed");
1.82 + return aCallback("Sign failed");
1.83 + }
1.84 + log("signer.sign: success");
1.85 + return aCallback(null, signature);
1.86 + });
1.87 +}
1.88 +
1.89 +function jwcryptoClass()
1.90 +{
1.91 +}
1.92 +
1.93 +jwcryptoClass.prototype = {
1.94 + /*
1.95 + * Determine the expiration of the assertion. Returns expiry date
1.96 + * in milliseconds as integer.
1.97 + *
1.98 + * @param localtimeOffsetMsec (optional)
1.99 + * The number of milliseconds that must be added to the local clock
1.100 + * for it to agree with the server. For example, if the local clock
1.101 + * if two minutes fast, localtimeOffsetMsec would be -120000
1.102 + *
1.103 + * @param now (options)
1.104 + * Current date in milliseconds. Useful for mocking clock
1.105 + * skew in testing.
1.106 + */
1.107 + getExpiration: function(duration=DURATION_MS, localtimeOffsetMsec=0, now=Date.now()) {
1.108 + return now + localtimeOffsetMsec + duration;
1.109 + },
1.110 +
1.111 + isCertValid: function(aCert, aCallback) {
1.112 + // XXX check expiration, bug 769850
1.113 + aCallback(true);
1.114 + },
1.115 +
1.116 + generateKeyPair: function(aAlgorithmName, aCallback) {
1.117 + log("generating");
1.118 + generateKeyPair(aAlgorithmName, aCallback);
1.119 + },
1.120 +
1.121 + /*
1.122 + * Generate an assertion and return it through the provided callback.
1.123 + *
1.124 + * @param aCert
1.125 + * Identity certificate
1.126 + *
1.127 + * @param aKeyPair
1.128 + * KeyPair object
1.129 + *
1.130 + * @param aAudience
1.131 + * Audience of the assertion
1.132 + *
1.133 + * @param aOptions (optional)
1.134 + * Can include:
1.135 + * {
1.136 + * localtimeOffsetMsec: <clock offset in milliseconds>,
1.137 + * now: <current date in milliseconds>
1.138 + * duration: <validity duration for this assertion in milliseconds>
1.139 + * }
1.140 + *
1.141 + * localtimeOffsetMsec is the number of milliseconds that need to be
1.142 + * added to the local clock time to make it concur with the server.
1.143 + * For example, if the local clock is two minutes fast, the offset in
1.144 + * milliseconds would be -120000.
1.145 + *
1.146 + * @param aCallback
1.147 + * Function to invoke with resulting assertion. Assertion
1.148 + * will be string or null on failure.
1.149 + */
1.150 + generateAssertion: function(aCert, aKeyPair, aAudience, aOptions, aCallback) {
1.151 + if (typeof aOptions == "function") {
1.152 + aCallback = aOptions;
1.153 + aOptions = { };
1.154 + }
1.155 +
1.156 + // for now, we hack the algorithm name
1.157 + // XXX bug 769851
1.158 + var header = {"alg": "DS128"};
1.159 + var headerBytes = IdentityCryptoService.base64UrlEncode(
1.160 + JSON.stringify(header));
1.161 +
1.162 + var payload = {
1.163 + exp: this.getExpiration(
1.164 + aOptions.duration, aOptions.localtimeOffsetMsec, aOptions.now),
1.165 + aud: aAudience
1.166 + };
1.167 + var payloadBytes = IdentityCryptoService.base64UrlEncode(
1.168 + JSON.stringify(payload));
1.169 +
1.170 + log("payload bytes", payload, payloadBytes);
1.171 + sign(headerBytes + "." + payloadBytes, aKeyPair, function(err, signature) {
1.172 + if (err)
1.173 + return aCallback(err);
1.174 +
1.175 + var signedAssertion = headerBytes + "." + payloadBytes + "." + signature;
1.176 + return aCallback(null, aCert + "~" + signedAssertion);
1.177 + });
1.178 + }
1.179 +
1.180 +};
1.181 +
1.182 +this.jwcrypto = new jwcryptoClass();
1.183 +this.jwcrypto.ALGORITHMS = ALGORITHMS;
