Update cryptotoken to 0.8.63

chrome/browser/resources/cryptotoken/signer.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview Handles web page requests for gnubby sign requests.
  *
  */
 
 'use strict';
@@ skipping 126 matching lines @@
   }
   // More closure type inference fail.
   var nonNullOrigin = /** @type {string} */ (origin);
 
   if (!isValidSignRequest(request, signChallengesName)) {
     errorCb(ErrorCodes.BAD_REQUEST);
     return null;
   }
 
   var signChallenges = request[signChallengesName];
-  // A valid sign data has at least one challenge, so get the first appId from
-  // the first challenge.
-  var firstAppId = signChallenges[0]['appId'];
+  var appId;
+  if (request['appId']) {
+    appId = request['appId'];
+  } else {
+    // A valid sign data has at least one challenge, so get the appId from
+    // the first challenge.
+    appId = signChallenges[0]['appId'];
+  }
+  // Sanity check
+  if (!appId) {
+    console.warn(UTIL_fmt('empty sign appId?'));
+    errorCb(ErrorCodes.BAD_REQUEST);
+    return null;
+  }
   var timer = createTimerForRequest(
       FACTORY_REGISTRY.getCountdownFactory(), request);
   var logMsgUrl = request['logMsgUrl'];
 
   // Queue sign requests from the same origin, to protect against simultaneous
   // sign-out on many tabs resulting in repeated sign-in requests.
   var queuedSignRequest = new QueuedSignRequest(signChallenges,
-      timer, nonNullOrigin, errorCb, successCb, sender.tlsChannelId,
+      timer, nonNullOrigin, errorCb, successCb, appId, sender.tlsChannelId,
       logMsgUrl);
-  var requestToken = signRequestQueue.queueRequest(firstAppId, nonNullOrigin,
+  var requestToken = signRequestQueue.queueRequest(appId, nonNullOrigin,
       queuedSignRequest.begin.bind(queuedSignRequest), timer);
   queuedSignRequest.setToken(requestToken);
   return queuedSignRequest;
 }
 
 /**
  * Returns whether the request appears to be a valid sign request.
  * @param {Object} request The request.
  * @param {string} signChallengesName The name of the sign challenges value in
  *     the request.
  * @return {boolean} Whether the request appears valid.
  */
 function isValidSignRequest(request, signChallengesName) {
   if (!request.hasOwnProperty(signChallengesName))
     return false;
   var signChallenges = request[signChallengesName];
   // If a sign request contains an empty array of challenges, it could never
   // be fulfilled. Fail.
   if (!signChallenges.length)
     return false;
-  return isValidSignChallengeArray(signChallenges);
+  var hasAppId = request.hasOwnProperty('appId');
+  return isValidSignChallengeArray(signChallenges, !hasAppId);
 }
 
 /**
  * Adapter class representing a queued sign request.
  * @param {!Array.<SignChallenge>} signChallenges The sign challenges.
  * @param {Countdown} timer Timeout timer
  * @param {string} origin Signature origin
  * @param {function(ErrorCodes)} errorCb Error callback
  * @param {function(SignChallenge, string, string)} successCb Success callback
+ * @param {string|undefined} opt_appId The app id for the entire request.
  * @param {string|undefined} opt_tlsChannelId TLS Channel Id
  * @param {string|undefined} opt_logMsgUrl Url to post log messages to
  * @constructor
  * @implements {Closeable}
  */
 function QueuedSignRequest(signChallenges, timer, origin, errorCb,
-    successCb, opt_tlsChannelId, opt_logMsgUrl) {
+    successCb, opt_appId, opt_tlsChannelId, opt_logMsgUrl) {
   /** @private {!Array.<SignChallenge>} */
   this.signChallenges_ = signChallenges;
   /** @private {Countdown} */
   this.timer_ = timer;
   /** @private {string} */
   this.origin_ = origin;
   /** @private {function(ErrorCodes)} */
   this.errorCb_ = errorCb;
   /** @private {function(SignChallenge, string, string)} */
   this.successCb_ = successCb;
   /** @private {string|undefined} */
+  this.appId_ = opt_appId;
+  /** @private {string|undefined} */
   this.tlsChannelId_ = opt_tlsChannelId;
   /** @private {string|undefined} */
   this.logMsgUrl_ = opt_logMsgUrl;
   /** @private {boolean} */
   this.begun_ = false;
   /** @private {boolean} */
   this.closed_ = false;
 }
 
 /** Closes this sign request. */
@@ skipping 19 matching lines @@
 /**
  * Called when this sign request may begin work.
  * @param {QueuedRequestToken} token Token for this sign request.
  */
 QueuedSignRequest.prototype.begin = function(token) {
   this.begun_ = true;
   this.setToken(token);
   this.signer_ = new Signer(this.timer_, this.origin_,
       this.signerFailed_.bind(this), this.signerSucceeded_.bind(this),
       this.tlsChannelId_, this.logMsgUrl_);
-  if (!this.signer_.setChallenges(this.signChallenges_)) {
+  if (!this.signer_.setChallenges(this.signChallenges_, this.appId_)) {
     token.complete();
     this.errorCb_(ErrorCodes.BAD_REQUEST);
   }
 };
 
 /**
  * Called when this request's signer fails.
  * @param {ErrorCodes} code The failure code reported by the signer.
  * @private
  */
@@ skipping 55 matching lines @@
   // what they get.)
   /** @private {boolean} */
   this.allowHttp_ = this.origin_ ? this.origin_.indexOf('http://') == 0 : false;
   /** @private {Closeable} */
   this.handler_ = null;
 }
 
 /**
  * Sets the challenges to be signed.
  * @param {Array.<SignChallenge>} signChallenges The challenges to set.
+ * @param {string=} opt_appId The app id for the entire request.
  * @return {boolean} Whether the challenges could be set.
  */
-Signer.prototype.setChallenges = function(signChallenges) {
+Signer.prototype.setChallenges = function(signChallenges, opt_appId) {
   if (this.challengesSet_ || this.done_)
     return false;
   /** @private {Array.<SignChallenge>} */
   this.signChallenges_ = signChallenges;
+  /** @private {string|undefined} */
+  this.appId_ = opt_appId;
   /** @private {boolean} */
   this.challengesSet_ = true;
 
   this.checkAppIds_();
   return true;
 };
 
 /**
  * Checks the app ids of incoming requests.
  * @private
  */
 Signer.prototype.checkAppIds_ = function() {
   var appIds = getDistinctAppIds(this.signChallenges_);
+  if (this.appId_) {
+    appIds = UTIL_unionArrays([this.appId_], appIds);
+  }
   if (!appIds || !appIds.length) {
     this.notifyError_(ErrorCodes.BAD_REQUEST);
     return;
   }
   FACTORY_REGISTRY.getOriginChecker().canClaimAppIds(this.origin_, appIds)
       .then(this.originChecked_.bind(this, appIds));
 };
 
 /**
  * Called with the result of checking the origin. When the origin is allowed
@@ skipping 45 matching lines @@
     var serverChallenge = challenge['challenge'];
     var keyHandle = challenge['keyHandle'];
 
     var browserData =
         makeSignBrowserData(serverChallenge, this.origin_, this.tlsChannelId_);
     this.browserData_[keyHandle] = browserData;
     this.serverChallenges_[keyHandle] = challenge;
   }
 
   var encodedChallenges = encodeSignChallenges(this.signChallenges_,
-      this.getChallengeHash_.bind(this));
+      this.appId_, this.getChallengeHash_.bind(this));
 
   var timeoutSeconds = this.timer_.millisecondsUntilExpired() / 1000.0;
   var request = makeSignHelperRequest(encodedChallenges, timeoutSeconds,
       this.logMsgUrl_);
   this.handler_ =
       FACTORY_REGISTRY.getRequestHelper()
           .getHandler(/** @type {HelperRequest} */ (request));
   if (!this.handler_)
     return false;
   return this.handler_.run(this.helperComplete_.bind(this));
@@ skipping 76 matching lines @@
 
     var key = reply.responseData['keyHandle'];
     var browserData = this.browserData_[key];
     // Notify with server-provided challenge, not the encoded one: the
     // server-provided challenge contains additional fields it relies on.
     var serverChallenge = this.serverChallenges_[key];
     this.notifySuccess_(serverChallenge, reply.responseData.signatureData,
         browserData);
   }
 };