1 files changed, 187 insertions, 0 deletions
diff --git a/browser/components/extensions/parent/ext-pkcs11.js b/browser/components/extensions/parent/ext-pkcs11.js
new file mode 100644
index 0000000000..696133bfc5
--- /dev/null
+++ b/browser/components/extensions/parent/ext-pkcs11.js
@@ -0,0 +1,187 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+ChromeUtils.defineESModuleGetters(this, {
+  NativeManifests: "resource://gre/modules/NativeManifests.sys.mjs",
+  ctypes: "resource://gre/modules/ctypes.sys.mjs",
+});
+
+XPCOMUtils.defineLazyServiceGetter(
+  this,
+  "pkcs11db",
+  "@mozilla.org/security/pkcs11moduledb;1",
+  "nsIPKCS11ModuleDB"
+);
+
+// eslint-disable-next-line mozilla/reject-importGlobalProperties
+Cu.importGlobalProperties(["PathUtils"]);
+
+var { DefaultMap } = ExtensionUtils;
+
+const findModuleByPath = function (path) {
+  for (let module of pkcs11db.listModules()) {
+    if (module && module.libName === path) {
+      return module;
+    }
+  }
+  return null;
+};
+
+this.pkcs11 = class extends ExtensionAPI {
+  getAPI(context) {
+    let manifestCache = new DefaultMap(async name => {
+      let hostInfo = await NativeManifests.lookupManifest(
+        "pkcs11",
+        name,
+        context
+      );
+      if (hostInfo) {
+        // We don't normalize the absolute path below because
+        // `Path.normalize` throws when the target file doesn't
+        // exist, and that might be the case on non Windows
+        // builds.
+        let absolutePath = PathUtils.isAbsolute(hostInfo.manifest.path)
+          ? hostInfo.manifest.path
+          : PathUtils.joinRelative(
+              PathUtils.parent(hostInfo.path),
+              hostInfo.manifest.path
+            );
+
+        if (AppConstants.platform === "win") {
+          // On Windows, `hostInfo.manifest.path` is expected to be a normalized
+          // absolute path. On other platforms, this path may be relative but we
+          // cannot use `PathUtils.normalize()` on non-absolute paths.
+          absolutePath = PathUtils.normalize(absolutePath);
+          hostInfo.manifest.path = absolutePath;
+        }
+
+        // PathUtils.filename throws if the path is not an absolute path.
+        // The result is expected to be the basename of the file (without
+        // the dir path and the extension) so it is fine to use an absolute
+        // path that may not be normalized (non-Windows platforms).
+        let manifestLib = PathUtils.filename(absolutePath);
+
+        if (AppConstants.platform !== "linux") {
+          manifestLib = manifestLib.toLowerCase(manifestLib);
+        }
+        if (
+          manifestLib !== ctypes.libraryName("nssckbi") &&
+          manifestLib !== ctypes.libraryName("osclientcerts") &&
+          manifestLib !== ctypes.libraryName("ipcclientcerts")
+        ) {
+          return hostInfo.manifest;
+        }
+      }
+      return Promise.reject({ message: `No such PKCS#11 module ${name}` });
+    });
+    return {
+      pkcs11: {
+        /**
+         * Verify whether a given PKCS#11 module is installed.
+         *
+         * @param {string} name The name of the module, as specified in
+         *                      the manifest file.
+         * @returns {Promise} A Promise that resolves to true if the package
+         *                    is installed, or false if it is not. May be
+         *                    rejected if the module could not be found.
+         */
+        async isModuleInstalled(name) {
+          let manifest = await manifestCache.get(name);
+          return findModuleByPath(manifest.path) !== null;
+        },
+        /**
+         * Install a PKCS#11 module
+         *
+         * @param {string} name The name of the module, as specified in
+         *                      the manifest file.
+         * @param {integer} [flags = 0] Any flags to be passed on to the
+         *                              nsIPKCS11ModuleDB.addModule method
+         * @returns {Promise} When the Promise resolves, the module will have
+         *                    been installed. When it is rejected, the module
+         *                    either is already installed or could not be
+         *                    installed for some reason.
+         */
+        async installModule(name, flags = 0) {
+          let manifest = await manifestCache.get(name);
+          if (!manifest.description) {
+            return Promise.reject({
+              message: `The description field in the manifest for PKCS#11 module ${name} must have a value`,
+            });
+          }
+          pkcs11db.addModule(manifest.description, manifest.path, flags, 0);
+        },
+        /**
+         * Uninstall a PKCS#11 module
+         *
+         * @param {string} name The name of the module, as specified in
+         *                      the manifest file.
+         * @returns {Promise}. When the Promise resolves, the module will have
+         *                     been uninstalled. When it is rejected, the
+         *                     module either was not installed or could not be
+         *                     uninstalled for some reason.
+         */
+        async uninstallModule(name) {
+          let manifest = await manifestCache.get(name);
+          let module = findModuleByPath(manifest.path);
+          if (!module) {
+            return Promise.reject({
+              message: `The PKCS#11 module ${name} is not loaded`,
+            });
+          }
+          pkcs11db.deleteModule(module.name);
+        },
+        /**
+         * Get a list of slots for a given PKCS#11 module, with
+         * information on the token (if any) in the slot.
+         *
+         * The PKCS#11 standard defines slots as an abstract concept
+         * that may or may not have at most one token. In practice, when
+         * using PKCS#11 for smartcards (the most likely use case of
+         * PKCS#11 for Firefox), a slot corresponds to a cardreader, and
+         * a token corresponds to a card.
+         *
+         * @param {string} name The name of the PKCS#11 module, as
+         *                 specified in the manifest file.
+         * @returns {Promise} A promise that resolves to an array of objects
+         *                    with two properties.  The `name` object contains
+         *                    the name of the slot; the `token` object is null
+         *                    if there is no token in the slot, or is an object
+         *                    describing various properties of the token if
+         *                    there is.
+         */
+        async getModuleSlots(name) {
+          let manifest = await manifestCache.get(name);
+          let module = findModuleByPath(manifest.path);
+          if (!module) {
+            return Promise.reject({
+              message: `The module ${name} is not installed`,
+            });
+          }
+          let rv = [];
+          for (let slot of module.listSlots()) {
+            let token = slot.getToken();
+            let slotobj = {
+              name: slot.name,
+              token: null,
+            };
+            if (slot.status != 1 /* SLOT_NOT_PRESENT */) {
+              slotobj.token = {
+                name: token.tokenName,
+                manufacturer: token.tokenManID,
+                HWVersion: token.tokenHWVersion,
+                FWVersion: token.tokenFWVersion,
+                serial: token.tokenSerialNumber,
+                isLoggedIn: token.isLoggedIn(),
+              };
+            }
+            rv.push(slotobj);
+          }
+          return rv;
+        },
+      },
+    };
+  }
+};