/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at
http://mozilla.org/MPL/2.0/. */
import { Log } from "resource://gre/modules/Log.sys.mjs";
import { RESTRequest } from "resource://services-common/rest.sys.mjs";
import { CommonUtils } from "resource://services-common/utils.sys.mjs";
import { Credentials } from "resource://gre/modules/Credentials.sys.mjs";
const lazy = {};
ChromeUtils.defineESModuleGetters(lazy, {
CryptoUtils: "resource://services-crypto/utils.sys.mjs",
});
/**
* Single-use HAWK-authenticated HTTP requests to RESTish resources.
*
* @param uri
* (String) URI for the RESTRequest constructor
*
* @param credentials
* (Object) Optional credentials for computing HAWK authentication
* header.
*
* @param payloadObj
* (Object) Optional object to be converted to JSON payload
*
* @param extra
* (Object) Optional extra params for HAWK header computation.
* Valid properties are:
*
* now: <current time in milliseconds>,
* localtimeOffsetMsec: <local clock offset vs server>,
* headers: <An object with header/value pairs to be sent
* as headers on the request>
*
* extra.localtimeOffsetMsec is the value in milliseconds that must be added to
* the local clock to make it agree with the server's clock. For instance, if
* the local clock is two minutes ahead of the server, the time offset in
* milliseconds will be -120000.
*/
export var HAWKAuthenticatedRESTRequest = function HawkAuthenticatedRESTRequest(
uri,
credentials,
extra = {}
) {
RESTRequest.call(this, uri);
this.credentials = credentials;
this.now = extra.now || Date.now();
this.localtimeOffsetMsec = extra.localtimeOffsetMsec || 0;
this._log.trace(
"local time, offset: " + this.now + ", " + this.localtimeOffsetMsec
);
this.extraHeaders = extra.headers || {};
// Expose for testing
this._intl = getIntl();
};
HAWKAuthenticatedRESTRequest.prototype = {
async dispatch(method, data) {
let contentType = "text/plain";
if (method == "POST" || method == "PUT" || method == "PATCH") {
contentType = "application/json";
}
if (this.credentials) {
let options = {
now: this.now,
localtimeOffsetMsec: this.localtimeOffsetMsec,
credentials: this.credentials,
payload: (data && JSON.stringify(data)) || "",
contentType,
};
let header = await lazy.CryptoUtils.computeHAWK(
this.uri,
method,
options
);
this.setHeader("Authorization", header.field);
}
for (let header in this.extraHeaders) {
this.setHeader(header, this.extraHeaders[header]);
}
this.setHeader("Content-Type", contentType);
this.setHeader("Accept-Language", this._intl.accept_languages);
return super.dispatch(method, data);
},
};
Object.setPrototypeOf(
HAWKAuthenticatedRESTRequest.prototype,
RESTRequest.prototype
);
/**
* Generic function to derive Hawk credentials.
*
* Hawk credentials are derived using shared secrets, which depend on the token
* in use.
*
* @param tokenHex
* The current session token encoded in hex
* @param context
* A context for the credentials. A protocol version will be prepended
* to the context, see Credentials.keyWord for more information.
* @param size
* The size in bytes of the expected derived buffer,
* defaults to 3 * 32.
* @return credentials
* Returns an object:
* {
* id: the Hawk id (from the first 32 bytes derived)
* key: the Hawk key (from bytes 32 to 64)
* extra: size - 64 extra bytes (if size > 64)
* }
*/
export async function deriveHawkCredentials(tokenHex, context, size = 96) {
let token = CommonUtils.hexToBytes(tokenHex);
let out = await lazy.CryptoUtils.hkdfLegacy(
token,
undefined,
Credentials.keyWord(context),
size
);
let result = {
key: out.slice(32, 64),
id: CommonUtils.bytesAsHex(out.slice(0, 32)),
};
if (size > 64) {
result.extra = out.slice(64);
}
return result;
}
// With hawk request, we send the user's accepted-languages with each request.
// To keep the number of times we read this pref at a minimum, maintain the
// preference in a stateful object that notices and updates itself when the
// pref is changed.
function Intl() {
// We won't actually query the pref until the first time we need it
this._accepted = "";
this._everRead = false;
this.init();
}
Intl.prototype = {
init() {
Services.prefs.addObserver("intl.accept_languages", this);
},
uninit() {
Services.prefs.removeObserver("intl.accept_languages", this);
},
observe() {
this.readPref();
},
readPref() {
this._everRead = true;
try {
this._accepted = Services.prefs.getComplexValue(
"intl.accept_languages",
Ci.nsIPrefLocalizedString
).data;
} catch (err) {
let log = Log.repository.getLogger("Services.Common.RESTRequest");
log.error("Error reading intl.accept_languages pref", err);
}
},
get accept_languages() {
if (!this._everRead) {
this.readPref();
}
return this._accepted;
},
};
// Singleton getter for Intl, creating an instance only when we first need it.
var intl = null;
function getIntl() {
if (!intl) {
intl = new Intl();
}
return intl;
}
