613 lines
18 KiB
JavaScript
613 lines
18 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/* Copyright © 2014, Deutsche Telekom, Inc. */
|
|
|
|
"use strict";
|
|
|
|
/* globals dump, Components, XPCOMUtils, DOMRequestIpcHelper, cpmm, SE */
|
|
|
|
const DEBUG = false;
|
|
function debug(s) {
|
|
if (DEBUG) {
|
|
dump("-*- SecureElement DOM: " + s + "\n");
|
|
}
|
|
}
|
|
|
|
const Ci = Components.interfaces;
|
|
const Cu = Components.utils;
|
|
|
|
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
|
Cu.import("resource://gre/modules/Services.jsm");
|
|
Cu.import("resource://gre/modules/DOMRequestHelper.jsm");
|
|
|
|
XPCOMUtils.defineLazyServiceGetter(this, "cpmm",
|
|
"@mozilla.org/childprocessmessagemanager;1",
|
|
"nsISyncMessageSender");
|
|
|
|
XPCOMUtils.defineLazyGetter(this, "SE", function() {
|
|
let obj = {};
|
|
Cu.import("resource://gre/modules/se_consts.js", obj);
|
|
return obj;
|
|
});
|
|
|
|
// Extend / Inherit from Error object
|
|
function SEError(name, message) {
|
|
this.name = name || SE.ERROR_GENERIC;
|
|
this.message = message || "";
|
|
}
|
|
|
|
SEError.prototype = {
|
|
__proto__: Error.prototype,
|
|
};
|
|
|
|
function PromiseHelpersSubclass(win) {
|
|
this._window = win;
|
|
}
|
|
|
|
PromiseHelpersSubclass.prototype = {
|
|
__proto__: DOMRequestIpcHelper.prototype,
|
|
|
|
_window: null,
|
|
|
|
_context: [],
|
|
|
|
createSEPromise: function createSEPromise(callback, /* optional */ ctx) {
|
|
let ctxCallback = (resolverId) => {
|
|
if (ctx) {
|
|
this._context[resolverId] = ctx;
|
|
}
|
|
|
|
callback(resolverId);
|
|
};
|
|
|
|
return this.createPromiseWithId((aResolverId) => {
|
|
ctxCallback(aResolverId);
|
|
});
|
|
},
|
|
|
|
takePromise: function takePromise(resolverId) {
|
|
let resolver = this.takePromiseResolver(resolverId);
|
|
if (!resolver) {
|
|
return;
|
|
}
|
|
|
|
// Get the context associated with this resolverId
|
|
let context = this._context[resolverId];
|
|
delete this._context[resolverId];
|
|
|
|
return {resolver: resolver, context: context};
|
|
},
|
|
|
|
rejectWithSEError: function rejectWithSEError(name, message) {
|
|
let error = new SEError(name, message);
|
|
debug("rejectWithSEError - " + error.toString());
|
|
|
|
return this._window.Promise.reject(Cu.cloneInto(error, this._window));
|
|
}
|
|
};
|
|
|
|
// Helper wrapper class to do promises related chores
|
|
var PromiseHelpers;
|
|
|
|
/**
|
|
* Instance of 'SEReaderImpl' class is the connector to a secure element.
|
|
* A reader may or may not have a secure element present, since some
|
|
* secure elements are removable in nature (eg:- 'uicc'). These
|
|
* Readers can be physical devices or virtual devices.
|
|
*/
|
|
function SEReaderImpl() {}
|
|
|
|
SEReaderImpl.prototype = {
|
|
_window: null,
|
|
|
|
_sessions: [],
|
|
|
|
type: null,
|
|
_isSEPresent: false,
|
|
|
|
classID: Components.ID("{1c7bdba3-cd35-4f8b-a546-55b3232457d5}"),
|
|
contractID: "@mozilla.org/secureelement/reader;1",
|
|
QueryInterface: XPCOMUtils.generateQI([]),
|
|
|
|
// Chrome-only function
|
|
onSessionClose: function onSessionClose(sessionCtx) {
|
|
let index = this._sessions.indexOf(sessionCtx);
|
|
if (index != -1) {
|
|
this._sessions.splice(index, 1);
|
|
}
|
|
},
|
|
|
|
initialize: function initialize(win, type, isPresent) {
|
|
this._window = win;
|
|
this.type = type;
|
|
this._isSEPresent = isPresent;
|
|
},
|
|
|
|
_checkPresence: function _checkPresence() {
|
|
if (!this._isSEPresent) {
|
|
throw new Error(SE.ERROR_NOTPRESENT);
|
|
}
|
|
},
|
|
|
|
openSession: function openSession() {
|
|
this._checkPresence();
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
let sessionImpl = new SESessionImpl();
|
|
sessionImpl.initialize(this._window, this);
|
|
this._window.SESession._create(this._window, sessionImpl);
|
|
this._sessions.push(sessionImpl);
|
|
PromiseHelpers.takePromiseResolver(resolverId)
|
|
.resolve(sessionImpl.__DOM_IMPL__);
|
|
});
|
|
},
|
|
|
|
closeAll: function closeAll() {
|
|
this._checkPresence();
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
let promises = [];
|
|
for (let session of this._sessions) {
|
|
if (!session.isClosed) {
|
|
promises.push(session.closeAll());
|
|
}
|
|
}
|
|
|
|
let resolver = PromiseHelpers.takePromiseResolver(resolverId);
|
|
// Wait till all the promises are resolved
|
|
Promise.all(promises).then(() => {
|
|
this._sessions = [];
|
|
resolver.resolve();
|
|
}, (reason) => {
|
|
let error = new SEError(SE.ERROR_BADSTATE,
|
|
"Unable to close all channels associated with this reader");
|
|
resolver.reject(Cu.cloneInto(error, this._window));
|
|
});
|
|
});
|
|
},
|
|
|
|
updateSEPresence: function updateSEPresence(isSEPresent) {
|
|
if (!isSEPresent) {
|
|
this.invalidate();
|
|
return;
|
|
}
|
|
|
|
this._isSEPresent = isSEPresent;
|
|
},
|
|
|
|
invalidate: function invalidate() {
|
|
debug("Invalidating SE reader: " + this.type);
|
|
this._isSEPresent = false;
|
|
this._sessions.forEach(s => s.invalidate());
|
|
this._sessions = [];
|
|
},
|
|
|
|
get isSEPresent() {
|
|
return this._isSEPresent;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Instance of 'SESessionImpl' object represent a connection session
|
|
* to one of the secure elements available on the device.
|
|
* These objects can be used to get a communication channel with an application
|
|
* hosted by the Secure Element.
|
|
*/
|
|
function SESessionImpl() {}
|
|
|
|
SESessionImpl.prototype = {
|
|
_window: null,
|
|
|
|
_channels: [],
|
|
|
|
_isClosed: false,
|
|
|
|
_reader: null,
|
|
|
|
classID: Components.ID("{2b1809f8-17bd-4947-abd7-bdef1498561c}"),
|
|
contractID: "@mozilla.org/secureelement/session;1",
|
|
QueryInterface: XPCOMUtils.generateQI([]),
|
|
|
|
// Chrome-only function
|
|
onChannelOpen: function onChannelOpen(channelCtx) {
|
|
this._channels.push(channelCtx);
|
|
},
|
|
|
|
// Chrome-only function
|
|
onChannelClose: function onChannelClose(channelCtx) {
|
|
let index = this._channels.indexOf(channelCtx);
|
|
if (index != -1) {
|
|
this._channels.splice(index, 1);
|
|
}
|
|
},
|
|
|
|
initialize: function initialize(win, readerCtx) {
|
|
this._window = win;
|
|
this._reader = readerCtx;
|
|
},
|
|
|
|
openLogicalChannel: function openLogicalChannel(aid) {
|
|
if (this._isClosed) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_BADSTATE,
|
|
"Session Already Closed!");
|
|
}
|
|
|
|
let aidLen = aid ? aid.length : 0;
|
|
if (aidLen < SE.MIN_AID_LEN || aidLen > SE.MAX_AID_LEN) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_ILLEGALPARAMETER,
|
|
"Invalid AID length - " + aidLen);
|
|
}
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
/**
|
|
* @params for 'SE:OpenChannel'
|
|
*
|
|
* resolverId : ID that identifies this IPC request.
|
|
* aid : AID that identifies the applet on SecureElement
|
|
* type : Reader type ('uicc' / 'eSE')
|
|
* appId : Current appId obtained from 'Principal' obj
|
|
*/
|
|
cpmm.sendAsyncMessage("SE:OpenChannel", {
|
|
resolverId: resolverId,
|
|
aid: aid,
|
|
type: this.reader.type,
|
|
appId: this._window.document.nodePrincipal.appId
|
|
});
|
|
}, this);
|
|
},
|
|
|
|
closeAll: function closeAll() {
|
|
if (this._isClosed) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_BADSTATE,
|
|
"Session Already Closed!");
|
|
}
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
let promises = [];
|
|
for (let channel of this._channels) {
|
|
if (!channel.isClosed) {
|
|
promises.push(channel.close());
|
|
}
|
|
}
|
|
|
|
let resolver = PromiseHelpers.takePromiseResolver(resolverId);
|
|
Promise.all(promises).then(() => {
|
|
this._isClosed = true;
|
|
this._channels = [];
|
|
// Notify parent of this session instance's closure, so that its
|
|
// instance entry can be removed from the parent as well.
|
|
this._reader.onSessionClose(this.__DOM_IMPL__);
|
|
resolver.resolve();
|
|
}, (reason) => {
|
|
resolver.reject(new Error(SE.ERROR_BADSTATE +
|
|
"Unable to close all channels associated with this session"));
|
|
});
|
|
});
|
|
},
|
|
|
|
invalidate: function invlidate() {
|
|
this._isClosed = true;
|
|
this._channels.forEach(ch => ch.invalidate());
|
|
this._channels = [];
|
|
},
|
|
|
|
get reader() {
|
|
return this._reader.__DOM_IMPL__;
|
|
},
|
|
|
|
get isClosed() {
|
|
return this._isClosed;
|
|
},
|
|
};
|
|
|
|
/**
|
|
* Instance of 'SEChannelImpl' object represent an ISO/IEC 7816-4 specification
|
|
* channel opened to a secure element. It can be either a logical channel
|
|
* or basic channel.
|
|
*/
|
|
function SEChannelImpl() {}
|
|
|
|
SEChannelImpl.prototype = {
|
|
_window: null,
|
|
|
|
_channelToken: null,
|
|
|
|
_isClosed: false,
|
|
|
|
_session: null,
|
|
|
|
openResponse: [],
|
|
|
|
type: null,
|
|
|
|
classID: Components.ID("{181ebcf4-5164-4e28-99f2-877ec6fa83b9}"),
|
|
contractID: "@mozilla.org/secureelement/channel;1",
|
|
QueryInterface: XPCOMUtils.generateQI([]),
|
|
|
|
// Chrome-only function
|
|
onClose: function onClose() {
|
|
this._isClosed = true;
|
|
// Notify the parent
|
|
this._session.onChannelClose(this.__DOM_IMPL__);
|
|
},
|
|
|
|
initialize: function initialize(win, channelToken, isBasicChannel,
|
|
openResponse, sessionCtx) {
|
|
this._window = win;
|
|
// Update the 'channel token' that identifies and represents this
|
|
// instance of the object
|
|
this._channelToken = channelToken;
|
|
// Update 'session' obj
|
|
this._session = sessionCtx;
|
|
this.openResponse = Cu.cloneInto(new Uint8Array(openResponse), win);
|
|
this.type = isBasicChannel ? "basic" : "logical";
|
|
},
|
|
|
|
transmit: function transmit(command) {
|
|
// TODO remove this once it will be possible to have a non-optional dict
|
|
// in the WebIDL
|
|
if (!command) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_ILLEGALPARAMETER,
|
|
"SECommand dict must be defined");
|
|
}
|
|
|
|
if (this._isClosed) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_BADSTATE,
|
|
"Channel Already Closed!");
|
|
}
|
|
|
|
let dataLen = command.data ? command.data.length : 0;
|
|
if (dataLen > SE.MAX_APDU_LEN) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_ILLEGALPARAMETER,
|
|
" Command data length exceeds max limit - 255. " +
|
|
" Extended APDU is not supported!");
|
|
}
|
|
|
|
if ((command.cla & 0x80 === 0) && ((command.cla & 0x60) !== 0x20)) {
|
|
if (command.ins === SE.INS_MANAGE_CHANNEL) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_SECURITY,
|
|
"MANAGE CHANNEL command not permitted");
|
|
}
|
|
if ((command.ins === SE.INS_SELECT) && (command.p1 == 0x04)) {
|
|
// SELECT by DF Name (p1=04) is not allowed
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_SECURITY,
|
|
"SELECT command not permitted");
|
|
}
|
|
debug("Attempting to transmit an ISO command");
|
|
} else {
|
|
debug("Attempting to transmit GlobalPlatform command");
|
|
}
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
/**
|
|
* @params for 'SE:TransmitAPDU'
|
|
*
|
|
* resolverId : Id that identifies this IPC request.
|
|
* apdu : Object containing APDU data
|
|
* channelToken: Token that identifies the current channel over which
|
|
'c-apdu' is being sent.
|
|
* appId : Current appId obtained from 'Principal' obj
|
|
*/
|
|
cpmm.sendAsyncMessage("SE:TransmitAPDU", {
|
|
resolverId: resolverId,
|
|
apdu: command,
|
|
channelToken: this._channelToken,
|
|
appId: this._window.document.nodePrincipal.appId
|
|
});
|
|
}, this);
|
|
},
|
|
|
|
close: function close() {
|
|
if (this._isClosed) {
|
|
return PromiseHelpers.rejectWithSEError(SE.ERROR_BADSTATE,
|
|
"Channel Already Closed!");
|
|
}
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
/**
|
|
* @params for 'SE:CloseChannel'
|
|
*
|
|
* resolverId : Id that identifies this IPC request.
|
|
* channelToken: Token that identifies the current channel over which
|
|
'c-apdu' is being sent.
|
|
* appId : Current appId obtained from 'Principal' obj
|
|
*/
|
|
cpmm.sendAsyncMessage("SE:CloseChannel", {
|
|
resolverId: resolverId,
|
|
channelToken: this._channelToken,
|
|
appId: this._window.document.nodePrincipal.appId
|
|
});
|
|
}, this);
|
|
},
|
|
|
|
invalidate: function invalidate() {
|
|
this._isClosed = true;
|
|
},
|
|
|
|
get session() {
|
|
return this._session.__DOM_IMPL__;
|
|
},
|
|
|
|
get isClosed() {
|
|
return this._isClosed;
|
|
},
|
|
};
|
|
|
|
function SEResponseImpl() {}
|
|
|
|
SEResponseImpl.prototype = {
|
|
sw1: 0x00,
|
|
|
|
sw2: 0x00,
|
|
|
|
data: null,
|
|
|
|
_channel: null,
|
|
|
|
classID: Components.ID("{58bc6c7b-686c-47cc-8867-578a6ed23f4e}"),
|
|
contractID: "@mozilla.org/secureelement/response;1",
|
|
QueryInterface: XPCOMUtils.generateQI([]),
|
|
|
|
initialize: function initialize(sw1, sw2, response, channelCtx) {
|
|
// Update the status bytes
|
|
this.sw1 = sw1;
|
|
this.sw2 = sw2;
|
|
this.data = response ? response.slice(0) : null;
|
|
// Update the channel obj
|
|
this._channel = channelCtx;
|
|
},
|
|
|
|
get channel() {
|
|
return this._channel.__DOM_IMPL__;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* SEManagerImpl
|
|
*/
|
|
function SEManagerImpl() {}
|
|
|
|
SEManagerImpl.prototype = {
|
|
__proto__: DOMRequestIpcHelper.prototype,
|
|
|
|
_window: null,
|
|
|
|
classID: Components.ID("{4a8b6ec0-4674-11e4-916c-0800200c9a66}"),
|
|
contractID: "@mozilla.org/secureelement/manager;1",
|
|
QueryInterface: XPCOMUtils.generateQI([
|
|
Ci.nsIDOMGlobalPropertyInitializer,
|
|
Ci.nsISupportsWeakReference,
|
|
Ci.nsIObserver
|
|
]),
|
|
|
|
_readers: [],
|
|
|
|
init: function init(win) {
|
|
this._window = win;
|
|
PromiseHelpers = new PromiseHelpersSubclass(this._window);
|
|
|
|
// Add the messages to be listened to.
|
|
const messages = ["SE:GetSEReadersResolved",
|
|
"SE:OpenChannelResolved",
|
|
"SE:CloseChannelResolved",
|
|
"SE:TransmitAPDUResolved",
|
|
"SE:GetSEReadersRejected",
|
|
"SE:OpenChannelRejected",
|
|
"SE:CloseChannelRejected",
|
|
"SE:TransmitAPDURejected",
|
|
"SE:ReaderPresenceChanged"];
|
|
|
|
this.initDOMRequestHelper(win, messages);
|
|
},
|
|
|
|
// This function will be called from DOMRequestIPCHelper.
|
|
uninit: function uninit() {
|
|
// All requests that are still pending need to be invalidated
|
|
// because the context is no longer valid.
|
|
this.forEachPromiseResolver((k) => {
|
|
this.takePromiseResolver(k).reject("Window Context got destroyed!");
|
|
});
|
|
PromiseHelpers = null;
|
|
this._window = null;
|
|
},
|
|
|
|
getSEReaders: function getSEReaders() {
|
|
// invalidate previous readers on new request
|
|
if (this._readers.length) {
|
|
this._readers.forEach(r => r.invalidate());
|
|
this._readers = [];
|
|
}
|
|
|
|
return PromiseHelpers.createSEPromise((resolverId) => {
|
|
cpmm.sendAsyncMessage("SE:GetSEReaders", {
|
|
resolverId: resolverId,
|
|
appId: this._window.document.nodePrincipal.appId
|
|
});
|
|
});
|
|
},
|
|
|
|
receiveMessage: function receiveMessage(message) {
|
|
DEBUG && debug("Message received: " + JSON.stringify(message));
|
|
|
|
let result = message.data.result;
|
|
let resolver = null;
|
|
let context = null;
|
|
|
|
let promiseResolver = PromiseHelpers.takePromise(result.resolverId);
|
|
if (promiseResolver) {
|
|
resolver = promiseResolver.resolver;
|
|
// This 'context' is the instance that originated this IPC message.
|
|
context = promiseResolver.context;
|
|
}
|
|
|
|
switch (message.name) {
|
|
case "SE:GetSEReadersResolved":
|
|
let readers = new this._window.Array();
|
|
result.readers.forEach(reader => {
|
|
let readerImpl = new SEReaderImpl();
|
|
readerImpl.initialize(this._window, reader.type, reader.isPresent);
|
|
this._window.SEReader._create(this._window, readerImpl);
|
|
|
|
this._readers.push(readerImpl);
|
|
readers.push(readerImpl.__DOM_IMPL__);
|
|
});
|
|
resolver.resolve(readers);
|
|
break;
|
|
case "SE:OpenChannelResolved":
|
|
let channelImpl = new SEChannelImpl();
|
|
channelImpl.initialize(this._window,
|
|
result.channelToken,
|
|
result.isBasicChannel,
|
|
result.openResponse,
|
|
context);
|
|
this._window.SEChannel._create(this._window, channelImpl);
|
|
if (context) {
|
|
// Notify context's handler with SEChannel instance
|
|
context.onChannelOpen(channelImpl);
|
|
}
|
|
resolver.resolve(channelImpl.__DOM_IMPL__);
|
|
break;
|
|
case "SE:TransmitAPDUResolved":
|
|
let responseImpl = new SEResponseImpl();
|
|
responseImpl.initialize(result.sw1,
|
|
result.sw2,
|
|
result.response,
|
|
context);
|
|
this._window.SEResponse._create(this._window, responseImpl);
|
|
resolver.resolve(responseImpl.__DOM_IMPL__);
|
|
break;
|
|
case "SE:CloseChannelResolved":
|
|
if (context) {
|
|
// Notify context's onClose handler
|
|
context.onClose();
|
|
}
|
|
resolver.resolve();
|
|
break;
|
|
case "SE:GetSEReadersRejected":
|
|
case "SE:OpenChannelRejected":
|
|
case "SE:CloseChannelRejected":
|
|
case "SE:TransmitAPDURejected":
|
|
let error = new SEError(result.error, result.reason);
|
|
resolver.reject(Cu.cloneInto(error, this._window));
|
|
break;
|
|
case "SE:ReaderPresenceChanged":
|
|
debug("Reader " + result.type + " present: " + result.isPresent);
|
|
let reader = this._readers.find(r => r.type === result.type);
|
|
if (reader) {
|
|
reader.updateSEPresence(result.isPresent);
|
|
}
|
|
break;
|
|
default:
|
|
debug("Could not find a handler for " + message.name);
|
|
resolver.reject(Cu.cloneInto(new SEError(), this._window));
|
|
break;
|
|
}
|
|
}
|
|
};
|
|
|
|
this.NSGetFactory = XPCOMUtils.generateNSGetFactory([
|
|
SEResponseImpl, SEChannelImpl, SESessionImpl, SEReaderImpl, SEManagerImpl
|
|
]);
|