Overview
Comment: | ChromeOS: Updated to forget PINs that have not been used recently |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | a7016d70847c6590fa7d8f98dcd5426b12229ceb |
User & Date: | rkeene on 2016-03-01 03:10:25 |
Other Links: | manifest | tags |
Context
2016-03-08
| ||
21:02 | ChromeOS: Added support for informing the user if we are a certificate provider or not check-in: 188c4d598f user: rkeene tags: trunk | |
2016-03-01
| ||
03:10 | ChromeOS: Updated to forget PINs that have not been used recently check-in: a7016d7084 user: rkeene tags: trunk | |
00:53 | ChromeOS: Release 7 check-in: aeca5bf8e3 user: rkeene tags: trunk | |
Changes
Modified build/chrome/cackey.js from [3273b79cbc] to [6f10afa9df].
32 32 */ 33 33 var cackeyMessagesToRetry = []; 34 34 35 35 /* 36 36 * Stored PIN for a given certificate 37 37 */ 38 38 var cackeyCertificateToPINMap = {}; 39 +var cackeyCertificateToPINMapLastUsedRunner = false; 39 40 40 41 /* 41 42 * Callbacks to perform after PCSC comes online 42 43 */ 43 44 cackeyCallbackAfterInit = []; 44 45 45 46 /* ................................................................................ 105 106 106 107 payload = message.signedData; 107 108 108 109 chromeCallback(payload); 109 110 110 111 return; 111 112 } 113 + 114 +/* 115 + * Update the time a PIN was last used for a certificate 116 + */ 117 +function cackeyCertificateToPINMapUpdateLastUsed(id) { 118 + if (id != null) { 119 + cackeyCertificateToPINMap[id].lastUsed = (new Date()).getTime(); 120 + } 121 + 122 + if (!cackeyCertificateToPINMapLastUsedRunner) { 123 + cackeyCertificateToPINMapLastUsedRunner = true; 124 + 125 + setTimeout(function() { 126 + var currentTime; 127 + var certificates, certificate; 128 + var idx; 129 + 130 + currentTime = (new Date()).getTime(); 131 + 132 + certificates = Object.keys(cackeyCertificateToPINMap); 133 + 134 + console.log("Looking for PINs to clear"); 135 + 136 + for (idx = 0; idx < certificates.length; idx++) { 137 + certificate = certificates[idx]; 138 + 139 + if ((cackeyCertificateToPINMap[certificate].lastUsed + 900000) > currentTime) { 140 + continue; 141 + } 142 + 143 + console.log("Deleteting " + certificate); 144 + 145 + delete cackeyCertificateToPINMap[certificate]; 146 + } 147 + 148 + certificates = Object.keys(cackeyCertificateToPINMap); 149 + 150 + cackeyCertificateToPINMapLastUsedRunner = false; 151 + 152 + if (certificates.length == 0) { 153 + return; 154 + } 155 + 156 + cackeyCertificateToPINMapUpdateLastUsed(null); 157 + }, 900000); 158 + } 159 +} 112 160 113 161 /* 114 162 * Handle an incoming message from the NaCl side and pass it off to 115 163 * one of the handlers above for actual formatting and passing to 116 164 * the callback 117 165 * 118 166 * If an error occured, invoke the callback with no arguments. ................................................................................ 244 292 tmpMessageEvent.data.status = "error"; 245 293 tmpMessageEvent.data.error = "PIN window closed without a PIN being provided"; 246 294 247 295 cackeyMessageIncoming(tmpMessageEvent); 248 296 } else { 249 297 tmpMessageEvent.data.originalrequest.pin = pinWindowPINValue; 250 298 251 - cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)] = pinWindowPINValue; 299 + cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)] = {} 300 + cackeyCertificateToPINMap[cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)].pin = pinWindowPINValue; 301 + 302 + cackeyCertificateToPINMapUpdateLastUsed(cackeyCertificateToPINID(tmpMessageEvent.data.originalrequest.certificate)); 252 303 253 304 chromeCallback = null; 254 305 if (tmpMessageEvent.data.id) { 255 306 if (cackeyOutstandingCallbacks) { 256 307 chromeCallback = cackeyOutstandingCallbacks[tmpMessageEvent.data.id]; 257 308 } 258 309 } ................................................................................ 405 456 'id': callbackId, 406 457 'certificate': signRequest.certificate, 407 458 'data': digest.buffer 408 459 }; 409 460 410 461 certificateId = cackeyCertificateToPINID(command.certificate); 411 462 412 - if (cackeyCertificateToPINMap[certificateId]) { 413 - command.pin = cackeyCertificateToPINMap[certificateId]; 463 + if (cackeyCertificateToPINMap[certificateId] && cackeyCertificateToPINMap[certificateId].pin) { 464 + command.pin = cackeyCertificateToPINMap[certificateId].pin; 465 + 466 + cackeyCertificateToPINMapUpdateLastUsed(certificateId); 414 467 } 415 468 416 469 cackeyInitPCSC(function() { 417 470 cackeyHandle.postMessage(command); 418 471 419 472 cackeyOutstandingCallbackCounter = callbackId; 420 473 cackeyOutstandingCallbacks[callbackId] = chromeCallback;