Add the ability to check slots
When authentication does not succeed, a website which is set up to work
with a specific PKCS#11 module might want to provide a diagnostic
message to the user to tell her what to do to fix the failed
authentication. Such a diagnostic could run with the following
pseudocode:
if user runs firefox:
try to load content script from PKCS#11-specific addon
if content script could not be loaded:
tell user to install addon
else:
use content script to ask addon backend for token information
if addon says PKCS#11 module could not be found:
tell user to install PKCS#11 module
if addon says no slots could be found:
tell user to install card reader and try again
if addon says no tokens could be found
tell user to insert card into reader and try again
PKCS#11 modules might export psuedo slots or tokens for various
module-specific purposes; so don't just say "there is a token" or "there
is a slot", instead tell the addon which tokens and slots are found, so
they can figure out the rest for themselves.
MozReview-Commit-ID: GtM5pB1F5b2
--- a/toolkit/components/extensions/ext-pkcs11mod.js
+++ b/toolkit/components/extensions/ext-pkcs11mod.js
@@ -42,12 +42,30 @@ this.pkcs11mod = class extends Extension
try {
let deleteModule = Components.classes["@mozilla.org/security/pkcs11;1"].getService(Components.interfaces.nsIPKCS11).deleteModule;
deleteModule(name);
return true;
} catch (e) {
return false;
}
},
+ async getSlots(name) {
+ try {
+ let module = moduledb.findModuleByName(name).QueryInterface(Components.interfaces.nsIPKCS11Module);
+ let rv = [];
+ let slots = module.listSlots();
+ while (slots.hasMoreElements()) {
+ let slot = slots.getNext().QueryInterface(Components.interfaces.nsIPKCS11Slot);
+ let token = slot.getToken();
+ let slotobj = {};
+ slotobj.name = slot.name;
+ slotobj.hasToken = (token != undefined);
+ rv.push(slotobj);
+ }
+ return rv;
+ } catch (e) {
+ return false;
+ }
+ },
},
};
}
};
--- a/toolkit/components/extensions/schemas/pkcs11mod.json
+++ b/toolkit/components/extensions/schemas/pkcs11mod.json
@@ -72,12 +72,24 @@
"description": "Remove an installed PKCS#11 module from firefox",
"async": true,
"parameters": [
{
"name": "name",
"type": "string"
}
]
+ },
+ {
+ "name": "getSlots",
+ "type": "function",
+ "description": "Enumerate a module's slots, each with their name and whether a token is present",
+ "async": true,
+ "parameters": [
+ {
+ "name": "name",
+ "type": "string"
+ }
+ ]
}
]
}
]