1 /* -*- Mode: js2; js2-basic-offset: 2; indent-tabs-mode: nil; -*- */
2 /* vim: set ft=javascript ts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
10 const Cu = Components.utils;
11 const Ci = Components.interfaces;
12 const Cc = Components.classes;
13 const Cr = Components.results;
15 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
16 Cu.import("resource://gre/modules/Services.jsm");
17 Cu.import("resource://gre/modules/identity/LogUtils.jsm");
19 XPCOMUtils.defineLazyServiceGetter(this,
20 "IdentityCryptoService",
21 "@mozilla.org/identity/crypto-service;1",
22 "nsIIdentityCryptoService");
24 this.EXPORTED_SYMBOLS = ["jwcrypto"];
26 const ALGORITHMS = { RS256: "RS256", DS160: "DS160" };
28 function log(...aMessageArgs) {
29 Logger.log.apply(Logger, ["jwcrypto"].concat(aMessageArgs));
32 function generateKeyPair(aAlgorithmName, aCallback) {
33 log("Generate key pair; alg =", aAlgorithmName);
35 IdentityCryptoService.generateKeyPair(aAlgorithmName, function(rv, aKeyPair) {
36 if (!Components.isSuccessCode(rv)) {
37 return aCallback("key generation failed");
42 switch (aKeyPair.keyType) {
43 case ALGORITHMS.RS256:
46 exponent: aKeyPair.hexRSAPublicKeyExponent,
47 modulus: aKeyPair.hexRSAPublicKeyModulus
51 case ALGORITHMS.DS160:
54 y: aKeyPair.hexDSAPublicValue,
55 p: aKeyPair.hexDSAPrime,
56 q: aKeyPair.hexDSASubPrime,
57 g: aKeyPair.hexDSAGenerator
62 return aCallback("unknown key type");
66 serializedPublicKey: JSON.stringify(publicKey),
70 return aCallback(null, keyWrapper);
74 function sign(aPayload, aKeypair, aCallback) {
75 aKeypair._kp.sign(aPayload, function(rv, signature) {
76 if (!Components.isSuccessCode(rv)) {
77 log("ERROR: signer.sign failed");
78 return aCallback("Sign failed");
80 log("signer.sign: success");
81 return aCallback(null, signature);
85 function jwcryptoClass()
89 jwcryptoClass.prototype = {
90 isCertValid: function(aCert, aCallback) {
91 // XXX check expiration, bug 769850
95 generateKeyPair: function(aAlgorithmName, aCallback) {
97 generateKeyPair(aAlgorithmName, aCallback);
100 generateAssertion: function(aCert, aKeyPair, aAudience, aCallback) {
101 // for now, we hack the algorithm name
103 var header = {"alg": "DS128"};
104 var headerBytes = IdentityCryptoService.base64UrlEncode(
105 JSON.stringify(header));
108 // expires in 2 minutes
109 // XXX clock skew needs exploration bug 769852
110 exp: Date.now() + (2 * 60 * 1000),
113 var payloadBytes = IdentityCryptoService.base64UrlEncode(
114 JSON.stringify(payload));
116 log("payload bytes", payload, payloadBytes);
117 sign(headerBytes + "." + payloadBytes, aKeyPair, function(err, signature) {
119 return aCallback(err);
121 var signedAssertion = headerBytes + "." + payloadBytes + "." + signature;
122 return aCallback(null, aCert + "~" + signedAssertion);
128 this.jwcrypto = new jwcryptoClass();
129 this.jwcrypto.ALGORITHMS = ALGORITHMS;