Revision ed08ef1a
Added by koszko almost 2 years ago
| common/signing.js | ||
|---|---|---|
| 10 | 10 |
* IMPORTS_START |
| 11 | 11 |
* IMPORT sha256 |
| 12 | 12 |
* IMPORT browser |
| 13 |
* IMPORT is_chrome
|
|
| 13 |
* IMPORT is_mozilla
|
|
| 14 | 14 |
* IMPORTS_END |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| ... | ... | |
| 30 | 30 |
* |
| 31 | 31 |
* The secret shared between execution contexts has to be available |
| 32 | 32 |
* synchronously. Under Mozilla, this is the extension's per-session id. Under |
| 33 |
* Chromium, this is the key that resides in the manifest. |
|
| 34 |
* |
|
| 35 |
* An idea to (under Chromium) instead store the secret in a file fetched |
|
| 36 |
* synchronously using XMLHttpRequest is being considered. |
|
| 33 |
* Chromium, this is a dummy web-accessible-resource name that resides in the |
|
| 34 |
* manifest and is supposed to be constructed by each user using a unique value |
|
| 35 |
* (this is done automatically by `build.sh'). |
|
| 37 | 36 |
*/ |
| 38 | 37 |
|
| 39 | 38 |
function get_secret() |
| 40 | 39 |
{
|
| 41 |
if (is_chrome) |
|
| 42 |
return browser.runtime.getManifest().key.substring(0, 50); |
|
| 43 |
else |
|
| 40 |
if (is_mozilla) |
|
| 44 | 41 |
return browser.runtime.getURL("dummy");
|
| 42 |
|
|
| 43 |
return chrome.runtime.getManifest().web_accessible_resources |
|
| 44 |
.map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1]; |
|
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
function extract_signed(signature, signed_data) |
Also available in: Unified diff
generate Chromium unique key automatically in `build.sh'