Overview
Comment: | Merged in trunk |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | ssh-agent-ui |
Files: | files | file ages | folders |
SHA1: |
8a375324e966de01d89048be253014c7 |
User & Date: | rkeene on 2019-06-06 21:56:46 |
Other Links: | branch diff | manifest | tags |
Context
2019-06-06
| ||
21:56 | Merged in trunk Leaf check-in: 8a375324e9 user: rkeene tags: ssh-agent-ui | |
2019-06-05
| ||
21:38 | Added a toggle for disabling the Chrome PIN dialog check-in: 2a4f67952b user: rkeene tags: trunk | |
18:12 | Work on getting an SSH agent UI going check-in: 4ce30d9e04 user: rkeene tags: ssh-agent-ui | |
Changes
Modified build/chrome/cackey.js from [d291048f9c] to [21d583c591].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | /* * CACKey ChromeOS chrome.certificateProvider Implementation */ function onCertificatesRejected(rejectedCerts) { // If certificates were rejected by the API, log an error, for example. console.error(rejectedCerts.length + ' certificates were rejected.'); return; } /* * Handle for the CACKey NaCl Target */ var cackeyHandle = null; var cackeyPCSCHandle = null; var cackeyPCSCHandleUsable = false; var cackeyPCSCHandleLastUsed = (new Date()).getTime(); | > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | /* * CACKey ChromeOS chrome.certificateProvider Implementation */ function onCertificatesRejected(rejectedCerts) { // If certificates were rejected by the API, log an error, for example. console.error(rejectedCerts.length + ' certificates were rejected.'); return; } /* * Optional features for CACKey */ var cackeyFeatures = { customPINPrompt: true, useChromePINDialog: true }; /* * Handle for the CACKey NaCl Target */ var cackeyHandle = null; var cackeyPCSCHandle = null; var cackeyPCSCHandleUsable = false; var cackeyPCSCHandleLastUsed = (new Date()).getTime(); |
︙ | ︙ | |||
175 176 177 178 179 180 181 182 183 184 185 186 187 188 | return; } cackeyCertificateToPINMapUpdateLastUsed(null); }, 900000); } } /* * Handle an incoming message from the NaCl side and pass it off to * one of the handlers above for actual formatting and passing to * the callback * * If an error occured, invoke the callback with no arguments. | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 | return; } cackeyCertificateToPINMapUpdateLastUsed(null); }, 900000); } } /* * Handle redispatching requests after receiving a PIN */ function cackeyPINPromptCompleted(pinValue) { var tmpMessageEvent; for (messageIdx = 0; messageIdx < cackeyMessagesToRetry.length; messageIdx++) { tmpMessageEvent = cackeyMessagesToRetry[messageIdx]; if (pinValue == "") { if (goog.DEBUG) { console.log("[cackey] The PIN dialog was closed without gathering a PIN, treating it as a failure."); } tmpMessageEvent.data.status = "error"; tmpMessageEvent.data.error = "PIN window closed without a PIN being provided"; cackeyMessageIncoming(tmpMessageEvent); } else { tmpMessageEvent.data.originalrequest.pin = pinValue; cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)] = {} cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)].pin = pinValue; cackeyCertificateToPINMapUpdateLastUsed(cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)); chromeCallback = null; if (tmpMessageEvent.data.id) { if (cackeyOutstandingCallbacks) { chromeCallback = cackeyOutstandingCallbacks[tmpMessageEvent.data.id]; } } cackeyInitPCSC(function() { cackeyHandle.postMessage(tmpMessageEvent.data.originalrequest); }, function() { if (chromeCallback) { chromeCallback(); } if (tmpMessageEvent.data.id && cackeyOutstandingCallbacks[tmpMessageEvent.data.id]) { delete cackeyOutstandingCallbacks[tmpMessageEvent.data.id]; } }); } } /* * Delete the existing handle and create a new one */ delete cackeyMessagesToRetry; cackeyMessagesToRetry = []; } /* * Handle an incoming message from the NaCl side and pass it off to * one of the handlers above for actual formatting and passing to * the callback * * If an error occured, invoke the callback with no arguments. |
︙ | ︙ | |||
258 259 260 261 262 263 264 | /* * Set the handle to an invalid (but non-null) value until the window * is created in case we are invoked again soon. */ pinWindowPreviousHandle = "invalid"; | > | | | | | | | | | | | | | | | | | | | | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | > > > > > | > > > | < > > | < < < < < < < < < | < | < < < | < < | < < < < < < < < < < < < < < < < < < < < < < < < < < | | < < < < < < < < < < < < < < < < < < < < < < < < < < | 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 | /* * Set the handle to an invalid (but non-null) value until the window * is created in case we are invoked again soon. */ pinWindowPreviousHandle = "invalid"; if (messageEvent.data.originalrequest.signRequestId === null || cackeyFeatures.useChromePINDialog === false) { chrome.app.window.create("pin.html", { "id": "cackeyPINEntry", "resizable": false, "alwaysOnTop": true, "focused": true, "visibleOnAllWorkspaces": true, "innerBounds": { "width": 350, "minWidth": 350, "height": 135, "minHeight": 135 } }, function(pinWindow) { /* * Set the PIN value to blank */ pinWindowPINValue = ""; if (!pinWindow) { console.error("[cackey] No window was provided for PIN entry, this will not go well."); return; } pinWindowPreviousHandle = pinWindow; pinWindow.drawAttention(); pinWindow.focus(); /* * Register a handler to handle the window being closed without * having sent anything */ pinWindow.onClosed.addListener(function() { var messageIdx; var chromeCallback; var pinValue; pinWindowPreviousHandle = null; /* * We are done fetching the user PIN, clear the value */ pinValue = pinWindowPINValue; pinWindowPINValue = ""; cackeyPINPromptCompleted(pinValue); return; }) /* * Pass this message off to the other window so that it may resubmit the request. */ pinWindow.contentWindow.parentWindow = window; pinWindow.contentWindow.messageEvent = messageEvent; if (cackeyFeatures.customPINPrompt) { pinWindow.contentWindow.pinprompt = messageEvent.data.pinprompt; } return; }); } else { chrome.certificateProvider.requestPin({ signRequestId: messageEvent.data.originalrequest.signRequestId, requestType: "PIN" }, function(userInfo) { var destroyError; var pinValue = ""; try { chrome.certificateProvider.stopPinRequest({ signRequestId: messageEvent.data.originalrequest.signRequestId }, function() {}); } catch (destroyError) { /* Do nothing, we don't care if it fails really */ } pinWindowPreviousHandle = null; if (userInfo && userInfo.userInput) { pinValue = userInfo.userInput; } return(cackeyPINPromptCompleted(pinValue)); }); } /* * We return here instead of break to avoid deleting the callback * entry. */ return; case "success": |
︙ | ︙ | |||
484 485 486 487 488 489 490 491 492 493 494 495 496 497 | */ function cackeySignMessage(signRequest, chromeCallback) { var callbackId; var command; var certificateId; var digest, digestHeader; var promiseHandle = null, promiseResolve, promiseReject; if (!chromeCallback) { /* * If no callback supplied, arrange for a promise to be returned instead */ promiseHandle = new Promise(function(resolve, reject) { promiseResolve = resolve; | > > > > | 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 | */ function cackeySignMessage(signRequest, chromeCallback) { var callbackId; var command; var certificateId; var digest, digestHeader; var promiseHandle = null, promiseResolve, promiseReject; if (signRequest.signRequestId === undefined || signRequest.signRequestId === null) { signRequest.signRequestId = null; } if (!chromeCallback) { /* * If no callback supplied, arrange for a promise to be returned instead */ promiseHandle = new Promise(function(resolve, reject) { promiseResolve = resolve; |
︙ | ︙ | |||
543 544 545 546 547 548 549 550 551 552 553 554 555 556 | } callbackId = ++cackeyOutstandingCallbackCounter; command = { 'target': "cackey", 'command': "sign", 'id': callbackId, 'certificate': signRequest.certificate, 'data': digest.buffer }; certificateId = cackeyCertificateToPINID(command.certificate); | > | 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 | } callbackId = ++cackeyOutstandingCallbackCounter; command = { 'target': "cackey", 'command': "sign", 'signRequestId': signRequest.signRequestId, 'id': callbackId, 'certificate': signRequest.certificate, 'data': digest.buffer }; certificateId = cackeyCertificateToPINID(command.certificate); |
︙ | ︙ |
Modified build/chrome/manifest.json.in from [6924f71c75] to [49dbf65404].
1 2 3 4 | { "manifest_version": 2, "name": "CACKey", "short_name": "CACKey", | | < < < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | { "manifest_version": 2, "name": "CACKey", "short_name": "CACKey", "version": "@PACKAGE_VERSION@.11", "description": "US Department of Defense Common Access Card (CAC) and US NIST SP 800-73 Personal Identity Verification (PIV) card support.", "icons": { "128": "icon.png" }, "app": { "background": { "scripts": [ "google-pcsc.js", "jsrsasign.js", "options.js", "ssh-agent.js", "cackey.js" ], "persistent": false } }, "permissions": [ "certificateProvider", "storage", "alwaysOnTopWindows" ], "externally_connectable": { |
︙ | ︙ |
Modified build/chrome/ssh-agent.js from [7141592f34] to [f9156a50f9].
1 2 3 4 5 6 7 8 9 10 11 12 13 | /* * CACKey SSH Agent for ChromeOS */ cackeySSHAgentApprovedApps = [ "pnhechapfaindjhompbnflcldabbghjo", "okddffdblfhhnmhodogpojmfkjmhinfp" ]; /* * XXX:TODO: Expose UI for this */ cackeySSHAgentFeatures = { | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | /* * CACKey SSH Agent for ChromeOS */ cackeySSHAgentApprovedApps = [ "pnhechapfaindjhompbnflcldabbghjo", "okddffdblfhhnmhodogpojmfkjmhinfp" ]; /* * XXX:TODO: Expose UI for this */ cackeySSHAgentFeatures = { enabled: false, includeKeys: true, includeCerts: true, legacy: false }; /* * Feature support checking |
︙ | ︙ |