Fix race and remove unused features in cryptotoken extension

chrome/browser/resources/cryptotoken/signer.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview Handles web page requests for gnubby sign requests.
  */
 
 'use strict';
 
 var signRequestQueue = new OriginKeyedRequestQueue();
 
 /**
  * Handles a sign request.
  * @param {!SignHelperFactory} factory Factory to create a sign helper.
  * @param {MessageSender} sender The sender of the message.
  * @param {Object} request The web page's sign request.
- * @param {boolean} enforceAppIdValid Whether to enforce that the app id in the
- *     request matches the sender's origin.
  * @param {Function} sendResponse Called back with the result of the sign.
  * @param {boolean} toleratesMultipleResponses Whether the sendResponse
  *     callback can be called more than once, e.g. for progress updates.
  * @return {Closeable} Request handler that should be closed when the browser
  *     message channel is closed.
  */
-function handleSignRequest(factory, sender, request, enforceAppIdValid,
-    sendResponse, toleratesMultipleResponses) {
+function handleSignRequest(factory, sender, request, sendResponse,
+    toleratesMultipleResponses) {
   var sentResponse = false;
   function sendResponseOnce(r) {
     if (queuedSignRequest) {
       queuedSignRequest.close();
       queuedSignRequest = null;
     }
     if (!sentResponse) {
       sentResponse = true;
       try {
         // If the page has gone away or the connection has otherwise gone,
@@ skipping 17 matching lines @@
     for (var k in challenge) {
       responseData[k] = challenge[k];
     }
     responseData['browserData'] = B64_encode(UTIL_StringToBytes(browserData));
     responseData['signatureData'] = info;
     var response = formatWebPageResponse(GnubbyMsgTypes.SIGN_WEB_REPLY,
         GnubbyCodeTypes.OK, responseData);
     sendResponseOnce(response);
   }
 
-  function sendNotification(code) {
-    console.log(UTIL_fmt('notification, code=' + code));
-    // Can the callback handle progress updates? If so, send one.
-    if (toleratesMultipleResponses) {
-      var response = formatWebPageResponse(
-          GnubbyMsgTypes.SIGN_WEB_NOTIFICATION, code);
-      if (request['requestId']) {
-        response['requestId'] = request['requestId'];
-      }
-      sendResponse(response);
-    }
-  }
-
   var origin = getOriginFromUrl(/** @type {string} */ (sender.url));
   if (!origin) {
     sendErrorResponse(GnubbyCodeTypes.BAD_REQUEST);
     return null;
   }
   // More closure type inference fail.
   var nonNullOrigin = /** @type {string} */ (origin);
 
   if (!isValidSignRequest(request)) {
     sendErrorResponse(GnubbyCodeTypes.BAD_REQUEST);
     return null;
   }
 
   var signData = request['signData'];
   // A valid sign data has at least one challenge, so get the first appId from
   // the first challenge.
   var firstAppId = signData[0]['appId'];
   var timeoutMillis = Signer.DEFAULT_TIMEOUT_MILLIS;
   if (request['timeout']) {
     // Request timeout is in seconds.
     timeoutMillis = request['timeout'] * 1000;
   }
   var timer = new CountdownTimer(timeoutMillis);
   var logMsgUrl = request['logMsgUrl'];
 
   // Queue sign requests from the same origin, to protect against simultaneous
   // sign-out on many tabs resulting in repeated sign-in requests.
   var queuedSignRequest = new QueuedSignRequest(signData, factory, timer,
-      nonNullOrigin, enforceAppIdValid, sendErrorResponse, sendSuccessResponse,
-      sendNotification, sender.tlsChannelId, logMsgUrl);
+      nonNullOrigin, sendErrorResponse, sendSuccessResponse,
+      sender.tlsChannelId, logMsgUrl);
   var requestToken = signRequestQueue.queueRequest(firstAppId, nonNullOrigin,
       queuedSignRequest.begin.bind(queuedSignRequest), timer);
   queuedSignRequest.setToken(requestToken);
   return queuedSignRequest;
 }
 
 /**
  * Returns whether the request appears to be a valid sign request.
  * @param {Object} request the request.
  * @return {boolean} whether the request appears valid.
  */
 function isValidSignRequest(request) {
   if (!request.hasOwnProperty('signData'))
     return false;
   var signData = request['signData'];
   // If a sign request contains an empty array of challenges, it could never
   // be fulfilled. Fail.
   if (!signData.length)
     return false;
   return isValidSignData(signData);
 }
 
 /**
  * Adapter class representing a queued sign request.
  * @param {!SignData} signData Signature data
  * @param {!SignHelperFactory} factory Factory for SignHelper instances
  * @param {Countdown} timer Timeout timer
  * @param {string} origin Signature origin
- * @param {boolean} enforceAppIdValid If to enforce appId validity
  * @param {function(number)} errorCb Error callback
  * @param {function(SignChallenge, string, string)} successCb Success callback
- * @param {(function(number)|undefined)} opt_progressCb Progress callback
  * @param {string|undefined} opt_tlsChannelId TLS Channel Id
  * @param {string|undefined} opt_logMsgUrl Url to post log messages to
  * @constructor
  * @implements {Closeable}
  */
-function QueuedSignRequest(signData, factory, timer, origin, enforceAppIdValid,
-    errorCb, successCb, opt_progressCb, opt_tlsChannelId, opt_logMsgUrl) {
+function QueuedSignRequest(signData, factory, timer, origin, errorCb, successCb,
+    opt_tlsChannelId, opt_logMsgUrl) {
   /** @private {!SignData} */
   this.signData_ = signData;
   /** @private {!SignHelperFactory} */
   this.factory_ = factory;
   /** @private {Countdown} */
   this.timer_ = timer;
   /** @private {string} */
   this.origin_ = origin;
-  /** @private {boolean} */
-  this.enforceAppIdValid_ = enforceAppIdValid;
   /** @private {function(number)} */
   this.errorCb_ = errorCb;
   /** @private {function(SignChallenge, string, string)} */
   this.successCb_ = successCb;
-  /** @private {(function(number)|undefined)} */
-  this.progressCb_ = opt_progressCb;
   /** @private {string|undefined} */
   this.tlsChannelId_ = opt_tlsChannelId;
   /** @private {string|undefined} */
   this.logMsgUrl_ = opt_logMsgUrl;
   /** @private {boolean} */
   this.begun_ = false;
   /** @private {boolean} */
   this.closed_ = false;
 }
 
@@ skipping 18 matching lines @@
 };
 
 /**
  * Called when this sign request may begin work.
  * @param {QueuedRequestToken} token Token for this sign request.
  */
 QueuedSignRequest.prototype.begin = function(token) {
   this.begun_ = true;
   this.setToken(token);
   this.signer_ = new Signer(this.factory_, this.timer_, this.origin_,
-      this.enforceAppIdValid_, this.signerFailed_.bind(this),
-      this.signerSucceeded_.bind(this), this.progressCb_,
+      this.signerFailed_.bind(this), this.signerSucceeded_.bind(this),
       this.tlsChannelId_, this.logMsgUrl_);
   if (!this.signer_.setChallenges(this.signData_)) {
     token.complete();
     this.errorCb_(GnubbyCodeTypes.BAD_REQUEST);
   }
 };
 
 /**
  * Called when this request's signer fails.
  * @param {number} code The failure code reported by the signer.
@@ skipping 15 matching lines @@
     function(challenge, info, browserData) {
   this.token_.complete();
   this.successCb_(challenge, info, browserData);
 };
 
 /**
  * Creates an object to track signing with a gnubby.
  * @param {!SignHelperFactory} helperFactory Factory to create a sign helper.
  * @param {Countdown} timer Timer for sign request.
  * @param {string} origin The origin making the request.
- * @param {boolean} enforceAppIdValid Whether to enforce that the appId in the
- *     request matches the sender's origin.
  * @param {function(number)} errorCb Called when the sign operation fails.
  * @param {function(SignChallenge, string, string)} successCb Called when the
  *     sign operation succeeds.
- * @param {(function(number)|undefined)} opt_progressCb Called with progress
- *     updates to the sign request.
  * @param {string=} opt_tlsChannelId the TLS channel ID, if any, of the origin
  *     making the request.
  * @param {string=} opt_logMsgUrl The url to post log messages to.
  * @constructor
  */
-function Signer(helperFactory, timer, origin, enforceAppIdValid,
-    errorCb, successCb, opt_progressCb, opt_tlsChannelId, opt_logMsgUrl) {
+function Signer(helperFactory, timer, origin, errorCb, successCb,
+    opt_tlsChannelId, opt_logMsgUrl) {
   /** @private {Countdown} */
   this.timer_ = timer;
   /** @private {string} */
   this.origin_ = origin;
-  /** @private {boolean} */
-  this.enforceAppIdValid_ = enforceAppIdValid;
   /** @private {function(number)} */
   this.errorCb_ = errorCb;
   /** @private {function(SignChallenge, string, string)} */
   this.successCb_ = successCb;
-  /** @private {(function(number)|undefined)} */
-  this.progressCb_ = opt_progressCb;
   /** @private {string|undefined} */
   this.tlsChannelId_ = opt_tlsChannelId;
   /** @private {string|undefined} */
   this.logMsgUrl_ = opt_logMsgUrl;
 
   /** @private {boolean} */
   this.challengesSet_ = false;
   /** @private {Array.<SignHelperChallenge>} */
   this.pendingChallenges_ = [];
   /** @private {boolean} */
   this.done_ = false;
 
   /** @private {Object.<string, string>} */
   this.browserData_ = {};
   /** @private {Object.<string, SignChallenge>} */
   this.serverChallenges_ = {};
   // Allow http appIds for http origins. (Broken, but the caller deserves
   // what they get.)
   /** @private {boolean} */
   this.allowHttp_ = this.origin_ ? this.origin_.indexOf('http://') == 0 : false;
 
   // Protect against helper failure with a watchdog.
   this.createWatchdog_(timer);
   /** @private {SignHelper} */
   this.helper_ = helperFactory.createHelper(
       timer, this.helperError_.bind(this), this.helperSuccess_.bind(this),
-          this.helperProgress_.bind(this), this.logMsgUrl_);
+          this.logMsgUrl_);
 }
 
 /**
  * Creates a timer with an expiry greater than the expiration time of the given
  * timer.
  * @param {Countdown} timer Timeout timer
  * @private
  */
 Signer.prototype.createWatchdog_ = function(timer) {
   var millis = timer.millisecondsUntilExpired();
@@ skipping 13 matching lines @@
  * @return {boolean} Whether the challenges could be set.
  */
 Signer.prototype.setChallenges = function(signData) {
   if (this.challengesSet_ || this.done_)
     return false;
   /** @private {SignData} */
   this.signData_ = signData;
   /** @private {boolean} */
   this.challengesSet_ = true;
 
-  // If app id enforcing isn't in effect, go ahead and start the helper with
-  // all of the incoming challenges.
-  var success = true;
-  if (!this.enforceAppIdValid_) {
-    success = this.addChallenges(signData, true /* finalChallenges */);
-  }
-
   this.checkAppIds_();
-  return success;
+  return true;
 };
 
 /**
  * Adds new challenges to the challenges being signed.
  * @param {SignData} signData Challenges to add.
  * @param {boolean} finalChallenges Whether these are the final challenges.
  * @return {boolean} Whether the challenge could be added.
  */
 Signer.prototype.addChallenges = function(signData, finalChallenges) {
   var newChallenges = this.encodeSignChallenges_(signData);
@@ skipping 55 matching lines @@
   /** @private {number} */
   this.validAppIds_ = 0;
   for (var i = 0, appIdRequestsPair; i < this.orderedRequests_.length; i++) {
     var appIdRequestsPair = this.orderedRequests_[i];
     var appId = appIdRequestsPair[0];
     var requests = appIdRequestsPair[1];
     if (appId == this.origin_) {
       // Trivially allowed.
       this.fetchedAppIds_++;
       this.validAppIds_++;
-      // Only add challenges if in enforcing mode, i.e. they weren't added
-      // earlier.
-      if (this.enforceAppIdValid_) {
-        this.addChallenges(requests,
-            this.fetchedAppIds_ == this.orderedRequests_.length);
-      }
+      this.addChallenges(requests,
+          this.fetchedAppIds_ == this.orderedRequests_.length);
     } else {
       var start = new Date();
       fetchAllowedOriginsForAppId(appId, this.allowHttp_,
           this.fetchedAllowedOriginsForAppId_.bind(this, appId, start,
               requests));
     }
   }
 };
 
 /**
@@ skipping 18 matching lines @@
       fetchAllowedOriginsForAppId(appId, this.allowHttp_,
           this.fetchedAllowedOriginsForAppId_.bind(this, appId, start,
               challenges));
     }
     return;
   }
   this.fetchedAppIds_++;
   var finalChallenges = (this.fetchedAppIds_ == this.orderedRequests_.length);
   if (isValidAppIdForOrigin(appId, this.origin_, allowedOrigins)) {
     this.validAppIds_++;
-    // Only add challenges if in enforcing mode, i.e. they weren't added
-    // earlier.
-    if (this.enforceAppIdValid_) {
-      this.addChallenges(challenges, finalChallenges);
-    }
+    this.addChallenges(challenges, finalChallenges);
   } else {
     logInvalidOriginForAppId(this.origin_, appId, this.logMsgUrl_);
-    // If in enforcing mode and this is the final request, sign the valid
-    // challenges.
-    if (this.enforceAppIdValid_ && finalChallenges) {
+    // If this is the final request, sign the valid challenges.
+    if (finalChallenges) {
       if (!this.helper_.doSign(this.pendingChallenges_)) {
         this.notifyError_(GnubbyCodeTypes.BAD_REQUEST);
         return;
       }
     }
   }
-  if (this.enforceAppIdValid_ && finalChallenges && !this.validAppIds_) {
+  if (finalChallenges && !this.validAppIds_) {
     // If all app ids are invalid, notify the caller, otherwise implicitly
     // allow the helper to report whether any of the valid challenges succeeded.
     this.notifyError_(GnubbyCodeTypes.BAD_APP_ID);
   }
 };
 
 /**
  * Called when the timeout expires on this signer.
  * @private
  */
@@ skipping 31 matching lines @@
  */
 Signer.prototype.notifySuccess_ = function(challenge, info, browserData) {
   if (this.done_)
     return;
   this.close();
   this.done_ = true;
   this.successCb_(challenge, info, browserData);
 };
 
 /**
- * Notifies the caller of progress with the error code.
- * @param {number} code Status code
- * @private
- */
-Signer.prototype.notifyProgress_ = function(code) {
-  if (this.done_)
-    return;
-  if (code != this.lastProgressUpdate_) {
-    this.lastProgressUpdate_ = code;
-    // If there is no progress callback, treat it like an error and clean up.
-    if (this.progressCb_) {
-      this.progressCb_(code);
-    } else {
-      this.notifyError_(code);
-    }
-  }
-};
-
-/**
  * Maps a sign helper's error code namespace to the page's error code namespace.
  * @param {number} code Error code from DeviceStatusCodes namespace.
  * @param {boolean} anyGnubbies Whether any gnubbies were found.
  * @return {number} A GnubbyCodeTypes error code.
  * @private
  */
 Signer.mapError_ = function(code, anyGnubbies) {
   var reportedError;
   switch (code) {
     case DeviceStatusCodes.WRONG_DATA_STATUS:
@@ skipping 30 matching lines @@
   var reportedError = Signer.mapError_(code, anyGnubbies);
   console.log(UTIL_fmt('helper reported ' + code.toString(16) +
       ', returning ' + reportedError));
   this.notifyError_(reportedError);
 };
 
 /**
  * Called by helper upon success.
  * @param {SignHelperChallenge} challenge The challenge that was signed.
  * @param {string} info The sign result.
+ * @param {string=} opt_source The source, if any, if the signature.
  * @private
  */
-Signer.prototype.helperSuccess_ = function(challenge, info) {
+Signer.prototype.helperSuccess_ = function(challenge, info, opt_source) {
   // Got a good reply, kill timer.
   this.clearTimeout_();
 
+  if (this.logMsgUrl_ && opt_source) {
+    var logMsg = 'signed&source=' + opt_source;
+    logMessage(logMsg, this.logMsgUrl_);
+  }
+
   var key = challenge['keyHandle'] + challenge['challengeHash'];
   var browserData = this.browserData_[key];
   // Notify with server-provided challenge, not the encoded one: the
   // server-provided challenge contains additional fields it relies on.
   var serverChallenge = this.serverChallenges_[key];
   this.notifySuccess_(serverChallenge, info, browserData);
 };
 
 /**
- * Called by helper to notify progress.
- * @param {number} code Status code
- * @param {boolean} anyGnubbies If any gnubbies were found
- * @private
- */
-Signer.prototype.helperProgress_ = function(code, anyGnubbies) {
-  var reportedError = Signer.mapError_(code, anyGnubbies);
-  console.log(UTIL_fmt('helper notified ' + code.toString(16) +
-      ', returning ' + reportedError));
-  this.notifyProgress_(reportedError);
-};
-
-/**
  * Clears the timeout for this signer.
  * @private
  */
 Signer.prototype.clearTimeout_ = function() {
   if (this.watchdogTimer_) {
     this.watchdogTimer_.clearTimeout();
     this.watchdogTimer_ = undefined;
   }
 };