forked from mirrors/gecko-dev
		
	
		
			
				
	
	
		
			197 lines
		
	
	
	
		
			5.4 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			197 lines
		
	
	
	
		
			5.4 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| /* This Source Code Form is subject to the terms of the Mozilla Public
 | |
|  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 | |
|  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 | |
| 
 | |
| import { Log } from "resource://gre/modules/Log.sys.mjs";
 | |
| 
 | |
| import { RESTRequest } from "resource://services-common/rest.sys.mjs";
 | |
| import { CommonUtils } from "resource://services-common/utils.sys.mjs";
 | |
| import { Credentials } from "resource://gre/modules/Credentials.sys.mjs";
 | |
| 
 | |
| const lazy = {};
 | |
| 
 | |
| ChromeUtils.defineESModuleGetters(lazy, {
 | |
|   CryptoUtils: "resource://services-crypto/utils.sys.mjs",
 | |
| });
 | |
| 
 | |
| /**
 | |
|  * Single-use HAWK-authenticated HTTP requests to RESTish resources.
 | |
|  *
 | |
|  * @param uri
 | |
|  *        (String) URI for the RESTRequest constructor
 | |
|  *
 | |
|  * @param credentials
 | |
|  *        (Object) Optional credentials for computing HAWK authentication
 | |
|  *        header.
 | |
|  *
 | |
|  * @param payloadObj
 | |
|  *        (Object) Optional object to be converted to JSON payload
 | |
|  *
 | |
|  * @param extra
 | |
|  *        (Object) Optional extra params for HAWK header computation.
 | |
|  *        Valid properties are:
 | |
|  *
 | |
|  *          now:                 <current time in milliseconds>,
 | |
|  *          localtimeOffsetMsec: <local clock offset vs server>,
 | |
|  *          headers:             <An object with header/value pairs to be sent
 | |
|  *                                as headers on the request>
 | |
|  *
 | |
|  * extra.localtimeOffsetMsec is the value in milliseconds that must be added to
 | |
|  * the local clock to make it agree with the server's clock.  For instance, if
 | |
|  * the local clock is two minutes ahead of the server, the time offset in
 | |
|  * milliseconds will be -120000.
 | |
|  */
 | |
| 
 | |
| export var HAWKAuthenticatedRESTRequest = function HawkAuthenticatedRESTRequest(
 | |
|   uri,
 | |
|   credentials,
 | |
|   extra = {}
 | |
| ) {
 | |
|   RESTRequest.call(this, uri);
 | |
| 
 | |
|   this.credentials = credentials;
 | |
|   this.now = extra.now || Date.now();
 | |
|   this.localtimeOffsetMsec = extra.localtimeOffsetMsec || 0;
 | |
|   this._log.trace(
 | |
|     "local time, offset: " + this.now + ", " + this.localtimeOffsetMsec
 | |
|   );
 | |
|   this.extraHeaders = extra.headers || {};
 | |
| 
 | |
|   // Expose for testing
 | |
|   this._intl = getIntl();
 | |
| };
 | |
| 
 | |
| HAWKAuthenticatedRESTRequest.prototype = {
 | |
|   async dispatch(method, data) {
 | |
|     let contentType = "text/plain";
 | |
|     if (method == "POST" || method == "PUT" || method == "PATCH") {
 | |
|       contentType = "application/json";
 | |
|     }
 | |
|     if (this.credentials) {
 | |
|       let options = {
 | |
|         now: this.now,
 | |
|         localtimeOffsetMsec: this.localtimeOffsetMsec,
 | |
|         credentials: this.credentials,
 | |
|         payload: (data && JSON.stringify(data)) || "",
 | |
|         contentType,
 | |
|       };
 | |
|       let header = await lazy.CryptoUtils.computeHAWK(
 | |
|         this.uri,
 | |
|         method,
 | |
|         options
 | |
|       );
 | |
|       this.setHeader("Authorization", header.field);
 | |
|     }
 | |
| 
 | |
|     for (let header in this.extraHeaders) {
 | |
|       this.setHeader(header, this.extraHeaders[header]);
 | |
|     }
 | |
| 
 | |
|     this.setHeader("Content-Type", contentType);
 | |
| 
 | |
|     this.setHeader("Accept-Language", this._intl.accept_languages);
 | |
| 
 | |
|     return super.dispatch(method, data);
 | |
|   },
 | |
| };
 | |
| 
 | |
| Object.setPrototypeOf(
 | |
|   HAWKAuthenticatedRESTRequest.prototype,
 | |
|   RESTRequest.prototype
 | |
| );
 | |
| 
 | |
| /**
 | |
|  * Generic function to derive Hawk credentials.
 | |
|  *
 | |
|  * Hawk credentials are derived using shared secrets, which depend on the token
 | |
|  * in use.
 | |
|  *
 | |
|  * @param tokenHex
 | |
|  *        The current session token encoded in hex
 | |
|  * @param context
 | |
|  *        A context for the credentials. A protocol version will be prepended
 | |
|  *        to the context, see Credentials.keyWord for more information.
 | |
|  * @param size
 | |
|  *        The size in bytes of the expected derived buffer,
 | |
|  *        defaults to 3 * 32.
 | |
|  * @return credentials
 | |
|  *        Returns an object:
 | |
|  *        {
 | |
|  *          id: the Hawk id (from the first 32 bytes derived)
 | |
|  *          key: the Hawk key (from bytes 32 to 64)
 | |
|  *          extra: size - 64 extra bytes (if size > 64)
 | |
|  *        }
 | |
|  */
 | |
| export async function deriveHawkCredentials(tokenHex, context, size = 96) {
 | |
|   let token = CommonUtils.hexToBytes(tokenHex);
 | |
|   let out = await lazy.CryptoUtils.hkdfLegacy(
 | |
|     token,
 | |
|     undefined,
 | |
|     Credentials.keyWord(context),
 | |
|     size
 | |
|   );
 | |
| 
 | |
|   let result = {
 | |
|     key: out.slice(32, 64),
 | |
|     id: CommonUtils.bytesAsHex(out.slice(0, 32)),
 | |
|   };
 | |
|   if (size > 64) {
 | |
|     result.extra = out.slice(64);
 | |
|   }
 | |
| 
 | |
|   return result;
 | |
| }
 | |
| 
 | |
| // With hawk request, we send the user's accepted-languages with each request.
 | |
| // To keep the number of times we read this pref at a minimum, maintain the
 | |
| // preference in a stateful object that notices and updates itself when the
 | |
| // pref is changed.
 | |
| function Intl() {
 | |
|   // We won't actually query the pref until the first time we need it
 | |
|   this._accepted = "";
 | |
|   this._everRead = false;
 | |
|   this.init();
 | |
| }
 | |
| 
 | |
| Intl.prototype = {
 | |
|   init() {
 | |
|     Services.prefs.addObserver("intl.accept_languages", this);
 | |
|   },
 | |
| 
 | |
|   uninit() {
 | |
|     Services.prefs.removeObserver("intl.accept_languages", this);
 | |
|   },
 | |
| 
 | |
|   observe() {
 | |
|     this.readPref();
 | |
|   },
 | |
| 
 | |
|   readPref() {
 | |
|     this._everRead = true;
 | |
|     try {
 | |
|       this._accepted = Services.prefs.getComplexValue(
 | |
|         "intl.accept_languages",
 | |
|         Ci.nsIPrefLocalizedString
 | |
|       ).data;
 | |
|     } catch (err) {
 | |
|       let log = Log.repository.getLogger("Services.Common.RESTRequest");
 | |
|       log.error("Error reading intl.accept_languages pref", err);
 | |
|     }
 | |
|   },
 | |
| 
 | |
|   get accept_languages() {
 | |
|     if (!this._everRead) {
 | |
|       this.readPref();
 | |
|     }
 | |
|     return this._accepted;
 | |
|   },
 | |
| };
 | |
| 
 | |
| // Singleton getter for Intl, creating an instance only when we first need it.
 | |
| var intl = null;
 | |
| function getIntl() {
 | |
|   if (!intl) {
 | |
|     intl = new Intl();
 | |
|   }
 | |
|   return intl;
 | |
| }
 | 
