Check-in [a7016d7084]
Overview
SHA1:a7016d70847c6590fa7d8f98dcd5426b12229ceb
Date: 2016-03-01 03:10:25
User: rkeene
Comment:ChromeOS: Updated to forget PINs that have not been used recently
Timelines: family | ancestors | descendants | both | trunk
Downloads: Tarball | ZIP archive
Other Links: files | file ages | folders | manifest
Tags And Properties
Context
2016-03-08
21:02
[188c4d598f] ChromeOS: Added support for informing the user if we are a certificate provider or not (user: rkeene, tags: trunk)
2016-03-01
03:10
[a7016d7084] ChromeOS: Updated to forget PINs that have not been used recently (user: rkeene, tags: trunk)
00:53
[aeca5bf8e3] ChromeOS: Release 7 (user: rkeene, tags: trunk)
Changes

Modified build/chrome/cackey.js from [3273b79cbc] to [6f10afa9df].

    32     32    */
    33     33   var cackeyMessagesToRetry = [];
    34     34   
    35     35   /*
    36     36    * Stored PIN for a given certificate
    37     37    */
    38     38   var cackeyCertificateToPINMap = {};
           39  +var cackeyCertificateToPINMapLastUsedRunner = false;
    39     40   
    40     41   /*
    41     42    * Callbacks to perform after PCSC comes online
    42     43    */
    43     44   cackeyCallbackAfterInit = [];
    44     45   
    45     46   /*
................................................................................
   105    106   
   106    107   	payload = message.signedData;
   107    108   
   108    109   	chromeCallback(payload);
   109    110   
   110    111   	return;
   111    112   }
          113  +
          114  +/*
          115  + * Update the time a PIN was last used for a certificate
          116  + */
          117  +function cackeyCertificateToPINMapUpdateLastUsed(id) {
          118  +	if (id != null) {
          119  +		cackeyCertificateToPINMap[id].lastUsed = (new Date()).getTime();
          120  +	}
          121  +
          122  +	if (!cackeyCertificateToPINMapLastUsedRunner) {
          123  +		cackeyCertificateToPINMapLastUsedRunner = true;
          124  +
          125  +		setTimeout(function() {
          126  +			var currentTime;
          127  +			var certificates, certificate;
          128  +			var idx;
          129  +
          130  +			currentTime = (new Date()).getTime();
          131  +
          132  +			certificates = Object.keys(cackeyCertificateToPINMap);
          133  +
          134  +			console.log("Looking for PINs to clear");
          135  +
          136  +			for (idx = 0; idx < certificates.length; idx++) {
          137  +				certificate = certificates[idx];
          138  +
          139  +				if ((cackeyCertificateToPINMap[certificate].lastUsed + 900000) > currentTime) {
          140  +					continue;
          141  +				}
          142  +
          143  +				console.log("Deleteting " + certificate);
          144  +
          145  +				delete cackeyCertificateToPINMap[certificate];
          146  +			}
          147  +
          148  +			certificates = Object.keys(cackeyCertificateToPINMap);
          149  +
          150  +			cackeyCertificateToPINMapLastUsedRunner = false;
          151  +
          152  +			if (certificates.length == 0) {
          153  +				return;
          154  +			}
          155  +
          156  +			cackeyCertificateToPINMapUpdateLastUsed(null);
          157  +		}, 900000);
          158  +	}
          159  +}
   112    160   
   113    161   /*
   114    162    * Handle an incoming message from the NaCl side and pass it off to
   115    163    * one of the handlers above for actual formatting and passing to
   116    164    * the callback
   117    165    *
   118    166    * If an error occured, invoke the callback with no arguments.
................................................................................
   244    292   							tmpMessageEvent.data.status = "error";
   245    293   							tmpMessageEvent.data.error = "PIN window closed without a PIN being provided";
   246    294   
   247    295   							cackeyMessageIncoming(tmpMessageEvent);
   248    296   						} else {
   249    297   							tmpMessageEvent.data.originalrequest.pin = pinWindowPINValue;
   250    298   
   251         -							cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)] = pinWindowPINValue;
          299  +							cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)] = {}
          300  +							cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)].pin = pinWindowPINValue;
          301  +
          302  +							cackeyCertificateToPINMapUpdateLastUsed(cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate));
   252    303   
   253    304   							chromeCallback = null;
   254    305   							if (tmpMessageEvent.data.id) {
   255    306   								if (cackeyOutstandingCallbacks) {
   256    307   									chromeCallback = cackeyOutstandingCallbacks[tmpMessageEvent.data.id];
   257    308   								}
   258    309   							}
................................................................................
   405    456   		'id': callbackId,
   406    457   		'certificate': signRequest.certificate,
   407    458   		'data': digest.buffer
   408    459   	};
   409    460   
   410    461   	certificateId = cackeyCertificateToPINID(command.certificate);
   411    462   
   412         -	if (cackeyCertificateToPINMap[certificateId]) {
   413         -		command.pin = cackeyCertificateToPINMap[certificateId];
          463  +	if (cackeyCertificateToPINMap[certificateId] && cackeyCertificateToPINMap[certificateId].pin) {
          464  +		command.pin = cackeyCertificateToPINMap[certificateId].pin;
          465  +
          466  +		cackeyCertificateToPINMapUpdateLastUsed(certificateId);
   414    467   	}
   415    468   
   416    469   	cackeyInitPCSC(function() {
   417    470   		cackeyHandle.postMessage(command);
   418    471   
   419    472   		cackeyOutstandingCallbackCounter = callbackId;
   420    473   		cackeyOutstandingCallbacks[callbackId] = chromeCallback;