Update cryptotoken to 0.8.63

chrome/browser/resources/cryptotoken/webrequest.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview Does common handling for requests coming from web pages and
  * routes them to the provided handler.
  */
 
 /**
  * Gets the scheme + origin from a web url.
  * @param {string} url Input url
  * @return {?string} Scheme and origin part if url parses
  */
 function getOriginFromUrl(url) {
   var re = new RegExp('^(https?://)[^/]*/?');
   var originarray = re.exec(url);
   if (originarray == null) return originarray;
   var origin = originarray[0];
   while (origin.charAt(origin.length - 1) == '/') {
     origin = origin.substring(0, origin.length - 1);
   }
   if (origin == 'http:' || origin == 'https:')
     return null;
   return origin;
 }
 
 /**
+ * Returns whether the registered key appears to be valid.
+ * @param {Object} registeredKey The registered key object.
+ * @param {boolean} appIdRequired Whether the appId property is required on
+ *     each challenge.
+ * @return {boolean} Whether the object appears valid.
+ */
+function isValidRegisteredKey(registeredKey, appIdRequired) {
+  if (appIdRequired && !registeredKey.hasOwnProperty('appId')) {
+    return false;
+  }
+  if (!registeredKey.hasOwnProperty('keyHandle'))
+    return false;
+  if (registeredKey['version']) {
+    if (registeredKey['version'] != 'U2F_V1' &&
+        registeredKey['version'] != 'U2F_V2') {
+      return false;
+    }
+  }
+  return true;
+}
+
+/**
+ * Returns whether the array of registered keys appears to be valid.
+ * @param {Array.<Object>} registeredKeys The array of registered keys.
+ * @param {boolean} appIdRequired Whether the appId property is required on
+ *     each challenge.
+ * @return {boolean} Whether the array appears valid.
+ */
+function isValidRegisteredKeyArray(registeredKeys, appIdRequired) {
+  return registeredKeys.every(function(key) {
+    return isValidRegisteredKey(key, appIdRequired);
+  });
+}
+
+/**
  * Returns whether the array of SignChallenges appears to be valid.
  * @param {Array.<SignChallenge>} signChallenges The array of sign challenges.
+ * @param {boolean} appIdRequired Whether the appId property is required on
+ *     each challenge.
  * @return {boolean} Whether the array appears valid.
  */
-function isValidSignChallengeArray(signChallenges) {
+function isValidSignChallengeArray(signChallenges, appIdRequired) {
   for (var i = 0; i < signChallenges.length; i++) {
     var incomingChallenge = signChallenges[i];
     if (!incomingChallenge.hasOwnProperty('challenge'))
       return false;
-    if (!incomingChallenge.hasOwnProperty('appId')) {
+    if (!isValidRegisteredKey(incomingChallenge, appIdRequired)) {
       return false;
     }
-    if (!incomingChallenge.hasOwnProperty('keyHandle'))
-      return false;
-    if (incomingChallenge['version']) {
-      if (incomingChallenge['version'] != 'U2F_V1' &&
-          incomingChallenge['version'] != 'U2F_V2') {
-        return false;
-      }
-    }
   }
   return true;
 }
 
 /** Posts the log message to the log url.
  * @param {string} logMsg the log message to post.
  * @param {string=} opt_logMsgUrl the url to post log messages to.
  */
 function logMessage(logMsg, opt_logMsgUrl) {
   console.log(UTIL_fmt('logMessage("' + logMsg + '")'));
 
   if (!opt_logMsgUrl) {
     return;
   }
   // Image fetching is not allowed per packaged app CSP.
   // But video and audio is.
   var audio = new Audio();
   audio.src = opt_logMsgUrl + logMsg;
 }
 
 /**
+ * @param {Object} request Request object
+ * @param {MessageSender} sender Sender frame
+ * @param {Function} sendResponse Response callback
+ * @return {?Closeable} Optional handler object that should be closed when port
+ *     closes
+ */
+function handleWebPageRequest(request, sender, sendResponse) {
+  switch (request.type) {
+    case GnubbyMsgTypes.ENROLL_WEB_REQUEST:
+      return handleWebEnrollRequest(sender, request, sendResponse);
+
+    case GnubbyMsgTypes.SIGN_WEB_REQUEST:
+      return handleWebSignRequest(sender, request, sendResponse);
+
+    case MessageTypes.U2F_REGISTER_REQUEST:
+      return handleU2fEnrollRequest(sender, request, sendResponse);
+
+    case MessageTypes.U2F_SIGN_REQUEST:
+      return handleU2fSignRequest(sender, request, sendResponse);
+
+    default:
+      sendResponse(
+          makeU2fErrorResponse(request, ErrorCodes.BAD_REQUEST, undefined,
+              MessageTypes.U2F_REGISTER_RESPONSE));
+      return null;
+  }
+}
+
+/**
  * Makes a response to a request.
  * @param {Object} request The request to make a response to.
  * @param {string} responseSuffix How to name the response's type.
  * @param {string=} opt_defaultType The default response type, if none is
  *     present in the request.
  * @return {Object} The response object.
  */
 function makeResponseForRequest(request, responseSuffix, opt_defaultType) {
   var type;
   if (request && request.type) {
@@ skipping 223 matching lines @@
  * @return {string} A string representation of the browser data object.
  */
 function makeSignBrowserData(serverChallenge, origin, opt_tlsChannelId) {
   return makeBrowserData(
       'navigator.id.getAssertion', serverChallenge, origin, opt_tlsChannelId);
 }
 
 /**
  * Encodes the sign data as an array of sign helper challenges.
  * @param {Array.<SignChallenge>} signChallenges The sign challenges to encode.
+ * @param {string=} opt_defaultAppId The app id to use for each challenge, if
+ *     the challenge contains none.
  * @param {function(string, string): string=} opt_challengeHashFunction
  *     A function that produces, from a key handle and a raw challenge, a hash
  *     of the raw challenge. If none is provided, a default hash function is
  *     used.
  * @return {!Array.<SignHelperChallenge>} The sign challenges, encoded.
  */
-function encodeSignChallenges(signChallenges, opt_challengeHashFunction) {
+function encodeSignChallenges(signChallenges, opt_defaultAppId,
+    opt_challengeHashFunction) {
   function encodedSha256(keyHandle, challenge) {
     return B64_encode(sha256HashOfString(challenge));
   }
   var challengeHashFn = opt_challengeHashFunction || encodedSha256;
   var encodedSignChallenges = [];
   if (signChallenges) {
     for (var i = 0; i < signChallenges.length; i++) {
       var challenge = signChallenges[i];
       var challengeHash =
           challengeHashFn(challenge['keyHandle'], challenge['challenge']);
+      var appId;
+      if (challenge.hasOwnProperty('appId')) {
+        appId = challenge['appId'];
+      } else {
+        appId = opt_defaultAppId;
+      }
       var encodedChallenge = {
         'challengeHash': challengeHash,
-        'appIdHash': B64_encode(sha256HashOfString(challenge['appId'])),
+        'appIdHash': B64_encode(sha256HashOfString(appId)),
         'keyHandle': challenge['keyHandle'],
         'version': (challenge['version'] || 'U2F_V1')
       };
       encodedSignChallenges.push(encodedChallenge);
     }
   }
   return encodedSignChallenges;
 }
 
 /**
  * Makes a sign helper request from an array of challenges.
  * @param {Array.<SignHelperChallenge>} challenges The sign challenges.
  * @param {number=} opt_timeoutSeconds Timeout value.
  * @param {string=} opt_logMsgUrl URL to log to.
  * @return {SignHelperRequest} The sign helper request.
  */
 function makeSignHelperRequest(challenges, opt_timeoutSeconds, opt_logMsgUrl) {
   var request = {
     'type': 'sign_helper_request',
     'signData': challenges,
     'timeout': opt_timeoutSeconds || 0,
     'timeoutSeconds': opt_timeoutSeconds || 0
   };
   if (opt_logMsgUrl !== undefined) {
     request.logMsgUrl = opt_logMsgUrl;
   }
   return request;
 }