| blob | 5538ff7bc70ec8415c46a85d186d832c5229995b |
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 /**
6 * @fileoverview A single gnubby signer wraps the process of opening a gnubby,
7 * signing each challenge in an array of challenges until a success condition
8 * is satisfied, and finally yielding the gnubby upon success.
9 *
10 */
14 /**
15 * @typedef {{
16 * code: number,
17 * gnubby: (Gnubby|undefined),
18 * challenge: (SignHelperChallenge|undefined),
19 * info: (ArrayBuffer|undefined)
20 * }}
21 */
24 /**
25 * Creates a new sign handler with a gnubby. This handler will perform a sign
26 * operation using each challenge in an array of challenges until its success
27 * condition is satisified, or an error or timeout occurs. The success condition
28 * is defined differently depending whether this signer is used for enrolling
29 * or for signing:
30 *
31 * For enroll, success is defined as each challenge yielding wrong data. This
32 * means this gnubby is not currently enrolled for any of the appIds in any
33 * challenge.
34 *
35 * For sign, success is defined as any challenge yielding ok.
36 *
37 * The complete callback is called only when the signer reaches success or
38 * failure, i.e. when there is no need for this signer to continue trying new
39 * challenges.
40 *
41 * @param {GnubbyDeviceId} gnubbyId Which gnubby to open.
42 * @param {boolean} forEnroll Whether this signer is signing for an attempted
43 * enroll operation.
44 * @param {function(SingleSignerResult)}
45 * completeCb Called when this signer completes, i.e. no further results are
46 * possible.
47 * @param {Countdown} timer An advisory timer, beyond whose expiration the
48 * signer will not attempt any new operations, assuming the caller is no
49 * longer interested in the outcome.
50 * @param {string=} opt_logMsgUrl A URL to post log messages to.
51 * @constructor
52 */
54 opt_logMsgUrl) {
55 /** @private {GnubbyDeviceId} */
57 /** @private {SingleGnubbySigner.State} */
59 /** @private {boolean} */
61 /** @private {function(SingleSignerResult)} */
63 /** @private {Countdown} */
65 /** @private {string|undefined} */
68 /** @private {!Array.<!SignHelperChallenge>} */
70 /** @private {number} */
72 /** @private {boolean} */
75 /** @private {!Object.<string, number>} */
77 }
79 /** @enum {number} */
81 /** Initial state. */
83 /** The signer is attempting to open a gnubby. */
85 /** The signer's gnubby opened, but is busy. */
87 /** The signer has an open gnubby, but no challenges to sign. */
89 /** The signer is currently signing a challenge. */
91 /** The signer got a final outcome. */
93 /** The signer is closing its gnubby. */
95 /** The signer is closed. */
97 };
99 /**
100 * @return {GnubbyDeviceId} This device id of the gnubby for this signer.
101 */
104 };
106 /**
107 * Attempts to open this signer's gnubby, if it's not already open.
108 * (This is implicitly done by addChallenges.)
109 */
118 }
119 };
121 /**
122 * Closes this signer's gnubby, if it's held.
123 */
128 };
130 /**
131 * Called when this signer's gnubby is closed.
132 * @private
133 */
137 };
139 /**
140 * Begins signing the given challenges.
141 * @param {Array.<SignHelperChallenge>} challenges The challenges to sign.
142 * @return {boolean} Whether the challenges were accepted.
143 */
146 // Can't add new challenges once they've been set.
148 }
155 }
156 }
164 // The open has already commenced, so accept the challenges, but don't do
165 // anything.
169 // Challenges set: start signing.
172 // An empty list of challenges can be set during enroll, when the user
173 // has no existing enrolled gnubbies. It's unexpected during sign, but
174 // returning WRONG_DATA satisfies the caller in either case.
179 }
182 // Already signing, so don't kick off a new sign, but accept the added
183 // challenges.
187 }
189 };
191 /**
192 * How long to delay retrying a failed open.
193 */
196 /**
197 * How long to delay retrying a sign requiring touch.
198 */
201 /**
202 * @param {number} rc The result of the open operation.
203 * @param {Gnubby=} gnubby The opened gnubby, if open was successful (or busy).
204 * @private
205 */
209 // Open completed after close, perhaps? Ignore.
211 }
220 }
225 // If there's still time, retry the open.
235 }
239 }
242 // TODO: This won't be confused with success, but should it be
243 // part of the same namespace as the other error codes, which are
244 // always in DeviceStatusCodes.*?
246 }
247 };
249 /**
250 * Called with the result of a version command.
251 * @param {number} rc Result of version command.
252 * @param {ArrayBuffer=} opt_data Version.
253 * @private
254 */
259 }
263 };
265 /**
266 * @param {number} challengeIndex Index of challenge to sign
267 * @private
268 */
271 // Already closed? Nothing to do.
273 }
275 // If the timer is expired, that means we never got a success response.
276 // We could have gotten wrong data on a partial set of challenges, but this
277 // means we don't yet know the final outcome. In any event, we don't yet
278 // know the final outcome: return timeout.
281 }
285 }
292 }
299 // Cache hit: return wrong data again.
302 // Sign challenge for a different version of gnubby: return wrong data.
308 nowink);
309 }
310 };
312 /**
313 * Called with the result of a single sign operation.
314 * @param {number} challengeIndex the index of the challenge just attempted
315 * @param {number} code the result of the sign operation
316 * @param {ArrayBuffer=} opt_info Optional result data
317 * @private
318 */
325 // We're done, the caller's no longer interested.
327 }
329 // Cache wrong data or wrong length results, re-asking the gnubby to sign it
330 // won't produce different results.
337 }
338 }
339 }
348 // TODO: On a TIMEOUT_STATUS, sync first, then retry.
358 }
375 }
385 }
386 }
387 };
389 /**
390 * Switches to the error state, and notifies caller.
391 * @param {number} code Error code
392 * @param {boolean=} opt_warn Whether to warn in the console about the error.
393 * @private
394 */
401 // When a device yields WRONG_DATA to all sign challenges, and this is a
402 // sign request, we don't want to yield to the web page that it's not
403 // enrolled just yet: we want the user to tap the device first. We'll
404 // report the gnubby to the caller and let it close it instead of closing
405 // it here.
408 // Since this gnubby can no longer produce a useful result, go ahead and
409 // close it.
411 }
413 };
415 /**
416 * Switches to the success state, and notifies caller.
417 * @param {number} code Status code
418 * @param {SignHelperChallenge=} opt_challenge The challenge signed
419 * @param {ArrayBuffer=} opt_info Optional result data
420 * @private
421 */
430 }
433 }
434 }
436 // this.gnubby_ is now owned by completeCb_.
438 };