Improved error reporting in cryptotoken

chrome/browser/resources/cryptotoken/enroller.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview Handles web page requests for gnubby enrollment.
  */
 
 'use strict';
 
 /**
  * Handles a web enroll request.
  * @param {MessageSender} sender The sender of the message.
  * @param {Object} request The web page's enroll request.
  * @param {Function} sendResponse Called back with the result of the enroll.
  * @return {Closeable} A handler object to be closed when the browser channel
  *     closes.
  */
 function handleWebEnrollRequest(sender, request, sendResponse) {
   var sentResponse = false;
-  var closeable;
+  var closeable = null;
 
-  function sendErrorResponse(u2fCode) {
+  function sendErrorResponse(error) {
     var response = makeWebErrorResponse(request,
-        mapErrorCodeToGnubbyCodeType(u2fCode, false /* forSign */));
+        mapErrorCodeToGnubbyCodeType(error.errorCode, false /* forSign */));
     sendResponseOnce(sentResponse, closeable, response, sendResponse);
   }
 
   function sendSuccessResponse(u2fVersion, info, browserData) {
     var enrollChallenges = request['enrollChallenges'];
     var enrollChallenge =
         findEnrollChallengeOfVersion(enrollChallenges, u2fVersion);
     if (!enrollChallenge) {
       sendErrorResponse(ErrorCodes.OTHER_ERROR);
       return;
     }
     var responseData =
         makeEnrollResponseData(enrollChallenge, u2fVersion,
             'enrollData', info, 'browserData', browserData);
     var response = makeWebSuccessResponse(request, responseData);
     sendResponseOnce(sentResponse, closeable, response, sendResponse);
   }
 
-  closeable =
-      validateAndBeginEnrollRequest(
+  var enroller =
+      validateEnrollRequest(
           sender, request, 'enrollChallenges', 'signData',
           sendErrorResponse, sendSuccessResponse);
+  if (enroller) {
+    var registerRequests = request['enrollChallenges'];
+    var signRequests = getSignRequestsFromEnrollRequest(request, 'signData');
+    closeable = /** @type {Closeable} */ (enroller);
+    enroller.doEnroll(registerRequests, signRequests, request['appId']);
+  }
   return closeable;
 }
 
 /**
  * Handles a U2F enroll request.
  * @param {MessageSender} sender The sender of the message.
  * @param {Object} request The web page's enroll request.
  * @param {Function} sendResponse Called back with the result of the enroll.
  * @return {Closeable} A handler object to be closed when the browser channel
  *     closes.
  */
 function handleU2fEnrollRequest(sender, request, sendResponse) {
   var sentResponse = false;
-  var closeable;
+  var closeable = null;
 
-  function sendErrorResponse(u2fCode) {
-    var response = makeU2fErrorResponse(request, u2fCode);
+  function sendErrorResponse(error) {
+    var response = makeU2fErrorResponse(request, error.errorCode,
+        error.errorMessage);
     sendResponseOnce(sentResponse, closeable, response, sendResponse);
   }
 
   function sendSuccessResponse(u2fVersion, info, browserData) {
     var enrollChallenges = request['registerRequests'];
     var enrollChallenge =
         findEnrollChallengeOfVersion(enrollChallenges, u2fVersion);
     if (!enrollChallenge) {
       sendErrorResponse(ErrorCodes.OTHER_ERROR);
       return;
     }
     var responseData =
         makeEnrollResponseData(enrollChallenge, u2fVersion,
             'registrationData', info, 'clientData', browserData);
     var response = makeU2fSuccessResponse(request, responseData);
     sendResponseOnce(sentResponse, closeable, response, sendResponse);
   }
 
-  closeable =
-      validateAndBeginEnrollRequest(
+  var enroller =
+      validateEnrollRequest(
           sender, request, 'registerRequests', 'signRequests',
           sendErrorResponse, sendSuccessResponse, 'registeredKeys');
+  if (enroller) {
+    var registerRequests = request['registerRequests'];
+    var signRequests = getSignRequestsFromEnrollRequest(request,
+        'signRequests', 'registeredKeys');
+    closeable = /** @type {Closeable} */ (enroller);
+    enroller.doEnroll(registerRequests, signRequests, request['appId']);
+  }
   return closeable;
 }
 
 /**
- * Validates an enroll request using the given parameters, and, if valid, begins
- * handling the enroll request. (The enroll request may be modified as a result
- * of handling it.)
+ * Validates an enroll request using the given parameters.
  * @param {MessageSender} sender The sender of the message.
  * @param {Object} request The web page's enroll request.
  * @param {string} enrollChallengesName The name of the enroll challenges value
  *     in the request.
  * @param {string} signChallengesName The name of the sign challenges value in
  *     the request.
- * @param {function(ErrorCodes)} errorCb Error callback.
+ * @param {function(U2fError)} errorCb Error callback.
  * @param {function(string, string, (string|undefined))} successCb Success
  *     callback.
  * @param {string=} opt_registeredKeysName The name of the registered keys
  *     value in the request.
- * @return {Closeable} Request handler that should be closed when the browser
- *     message channel is closed.
+ * @return {Enroller} Enroller object representing the request, if the request
+ *     is valid, or null if the request is invalid.
  */
-function validateAndBeginEnrollRequest(sender, request,
+function validateEnrollRequest(sender, request,
     enrollChallengesName, signChallengesName, errorCb, successCb,
     opt_registeredKeysName) {
   var origin = getOriginFromUrl(/** @type {string} */ (sender.url));
   if (!origin) {
-    errorCb(ErrorCodes.BAD_REQUEST);
+    errorCb({errorCode: ErrorCodes.BAD_REQUEST});
     return null;
   }
 
   if (!isValidEnrollRequest(request, enrollChallengesName,
       signChallengesName, opt_registeredKeysName)) {
-    errorCb(ErrorCodes.BAD_REQUEST);
+    errorCb({errorCode: ErrorCodes.BAD_REQUEST});
     return null;
   }
 
-  var enrollChallenges = request[enrollChallengesName];
-  var signChallenges;
-  if (opt_registeredKeysName &&
-      request.hasOwnProperty(opt_registeredKeysName)) {
-    // Convert registered keys to sign challenges by adding a challenge value.
-    signChallenges = request[opt_registeredKeysName];
-    for (var i = 0; i < signChallenges.length; i++) {
-      // The actual value doesn't matter, as long as it's a string.
-      signChallenges[i]['challenge'] = '';
-    }
-  } else {
-    signChallenges = request[signChallengesName];
-  }
-  var logMsgUrl = request['logMsgUrl'];
-
   var timer = createTimerForRequest(
       FACTORY_REGISTRY.getCountdownFactory(), request);
+  var logMsgUrl = request['logMsgUrl'];
   var enroller = new Enroller(timer, origin, errorCb, successCb,
       sender.tlsChannelId, logMsgUrl);
-  enroller.doEnroll(enrollChallenges, signChallenges, request['appId']);
-  return /** @type {Closeable} */ (enroller);
+  return enroller;
 }
 
 /**
  * Returns whether the request appears to be a valid enroll request.
  * @param {Object} request The request.
  * @param {string} enrollChallengesName The name of the enroll challenges value
  *     in the request.
  * @param {string} signChallengesName The name of the sign challenges value in
  *     the request.
  * @param {string=} opt_registeredKeysName The name of the registered keys
@@ skipping 111 matching lines @@
   }
   if (u2fVersion == 'U2F_V2') {
     // For U2F_V2, the challenge sent to the gnubby is modified to be the
     // hash of the browser data. Include the browser data.
     responseData[browserDataName] = browserData;
   }
   return responseData;
 }
 
 /**
+ * Gets the expanded sign challenges from an enroll request, potentially by
+ * modifying the request to contain a challenge value where one was omitted.
+ * (For enrolling, the server isn't interested in the value of a signature,
+ * only whether the presented key handle is already enrolled.)
+ * @param {Object} request The request.
+ * @param {string} signChallengesName The name of the sign challenges value in
+ *     the request.
+ * @param {string=} opt_registeredKeysName The name of the registered keys
+ *     value in the request.
+ * @return {Array.<SignChallenge>}
+ */
+function getSignRequestsFromEnrollRequest(request, signChallengesName,
+    opt_registeredKeysName) {
+  var signChallenges;
+  if (opt_registeredKeysName &&
+      request.hasOwnProperty(opt_registeredKeysName)) {
+    // Convert registered keys to sign challenges by adding a challenge value.
+    signChallenges = request[opt_registeredKeysName];
+    for (var i = 0; i < signChallenges.length; i++) {
+      // The actual value doesn't matter, as long as it's a string.
+      signChallenges[i]['challenge'] = '';
+    }
+  } else {
+    signChallenges = request[signChallengesName];
+  }
+  return signChallenges;
+}
+
+/**
  * Creates a new object to track enrolling with a gnubby.
  * @param {!Countdown} timer Timer for enroll request.
  * @param {string} origin The origin making the request.
- * @param {function(ErrorCodes)} errorCb Called upon enroll failure with an
- *     error code.
+ * @param {function(U2fError)} errorCb Called upon enroll failure.
  * @param {function(string, string, (string|undefined))} successCb Called upon
  *     enroll success with the version of the succeeding gnubby, the enroll
  *     data, and optionally the browser data associated with the enrollment.
  * @param {string=} opt_tlsChannelId the TLS channel ID, if any, of the origin
  *     making the request.
  * @param {string=} opt_logMsgUrl The url to post log messages to.
  * @constructor
  */
 function Enroller(timer, origin, errorCb, successCb, opt_tlsChannelId,
     opt_logMsgUrl) {
   /** @private {Countdown} */
   this.timer_ = timer;
   /** @private {string} */
   this.origin_ = origin;
-  /** @private {function(ErrorCodes)} */
+  /** @private {function(U2fError)} */
   this.errorCb_ = errorCb;
   /** @private {function(string, string, (string|undefined))} */
   this.successCb_ = successCb;
   /** @private {string|undefined} */
   this.tlsChannelId_ = opt_tlsChannelId;
   /** @private {string|undefined} */
   this.logMsgUrl_ = opt_logMsgUrl;
 
   /** @private {boolean} */
   this.done_ = false;
@@ skipping 46 matching lines @@
     enrollAppIds.push(opt_appId);
   }
   for (var i = 0; i < enrollChallenges.length; i++) {
     if (enrollChallenges[i].hasOwnProperty('appId')) {
       enrollAppIds.push(enrollChallenges[i]['appId']);
     }
   }
   // Sanity check
   if (!enrollAppIds.length) {
     console.warn(UTIL_fmt('empty enroll app ids?'));
-    this.notifyError_(ErrorCodes.BAD_REQUEST);
+    this.notifyError_({errorCode: ErrorCodes.BAD_REQUEST});
     return;
   }
   var self = this;
   this.checkAppIds_(enrollAppIds, signChallenges, function(result) {
     if (result) {
       self.handler_ = FACTORY_REGISTRY.getRequestHelper().getHandler(request);
       if (self.handler_) {
         var helperComplete =
             /** @type {function(HelperReply)} */
             (self.helperComplete_.bind(self));
         self.handler_.run(helperComplete);
       } else {
-        self.notifyError_(ErrorCodes.OTHER_ERROR);
+        self.notifyError_({errorCode: ErrorCodes.OTHER_ERROR});
       }
     } else {
-      self.notifyError_(ErrorCodes.BAD_REQUEST);
+      self.notifyError_({errorCode: ErrorCodes.BAD_REQUEST});
     }
   });
 };
 
 /**
  * Encodes the enroll challenge as an enroll helper challenge.
  * @param {EnrollChallenge} enrollChallenge The enroll challenge to encode.
  * @param {string=} opt_appId The app id for the entire request.
  * @return {EnrollHelperChallenge} The encoded challenge.
  * @private
@@ skipping 88 matching lines @@
  * Called with the result of checking the origin. When the origin is allowed
  * to claim the app ids, begins checking whether the app ids also list the
  * origin.
  * @param {!Array.<string>} appIds The app ids.
  * @param {function(boolean)} cb Called with the result of the check.
  * @param {boolean} result Whether the origin could claim the app ids.
  * @private
  */
 Enroller.prototype.originChecked_ = function(appIds, cb, result) {
   if (!result) {
-    this.notifyError_(ErrorCodes.BAD_REQUEST);
+    this.notifyError_({errorCode: ErrorCodes.BAD_REQUEST});
     return;
   }
   /** @private {!AppIdChecker} */
   this.appIdChecker_ = new AppIdChecker(FACTORY_REGISTRY.getTextFetcher(),
       this.timer_.clone(), this.origin_, appIds, this.allowHttp_,
       this.logMsgUrl_);
   this.appIdChecker_.doCheck().then(cb);
 };
 
 /** Closes this enroller. */
 Enroller.prototype.close = function() {
   if (this.appIdChecker_) {
     this.appIdChecker_.close();
   }
   if (this.handler_) {
     this.handler_.close();
     this.handler_ = null;
   }
 };
 
 /**
- * Notifies the caller with the error code.
- * @param {ErrorCodes} code Error code
+ * Notifies the caller with the error.
+ * @param {U2fError} error Error.
  * @private
  */
-Enroller.prototype.notifyError_ = function(code) {
+Enroller.prototype.notifyError_ = function(error) {
   if (this.done_)
     return;
   this.close();
   this.done_ = true;
-  this.errorCb_(code);
+  this.errorCb_(error);
 };
 
 /**
  * Notifies the caller of success with the provided response data.
  * @param {string} u2fVersion Protocol version
  * @param {string} info Response data
  * @param {string|undefined} opt_browserData Browser data used
  * @private
  */
 Enroller.prototype.notifySuccess_ =
     function(u2fVersion, info, opt_browserData) {
   if (this.done_)
     return;
   this.close();
   this.done_ = true;
   this.successCb_(u2fVersion, info, opt_browserData);
 };
 
 /**
  * Called by the helper upon completion.
  * @param {EnrollHelperReply} reply The result of the enroll request.
  * @private
  */
 Enroller.prototype.helperComplete_ = function(reply) {
   if (reply.code) {
-    var reportedError = mapDeviceStatusCodeToErrorCode(reply.code);
+    var reportedError = mapDeviceStatusCodeToU2fError(reply.code);
     console.log(UTIL_fmt('helper reported ' + reply.code.toString(16) +
-        ', returning ' + reportedError));
+        ', returning ' + reportedError.errorCode));
     this.notifyError_(reportedError);
   } else {
     console.log(UTIL_fmt('Gnubby enrollment succeeded!!!!!'));
     var browserData;
 
     if (reply.version == 'U2F_V2') {
       // For U2F_V2, the challenge sent to the gnubby is modified to be the hash
       // of the browser data. Include the browser data.
       browserData = this.browserData_[reply.version];
     }
 
     this.notifySuccess_(/** @type {string} */ (reply.version),
                         /** @type {string} */ (reply.enrollData),
                         browserData);
   }
 };