Allow an extension to configure Firefox security devices

jlam · November 30, 2017, 11:15pm

Hello Mr. Bertrand Perret,
First of all, thank you very very much for your correction since I was hitting a wall while try to work with this new environment.
I have followed your helps.
Trying the run from “Load Temporary Add-on” button in “about:debugging”.
I got a parsing error: “There was an error during installation: JSON.parse: bad escaped character at line 4 column 15 of the JSON data”.
So, I change the path to:
“path”: “c:\webext\mypkcs11\mypkcs11.dll”, it then passes that state and now getting into another error: "There was an error during installation: Extension is invalid"
I have no idea what it means by invalid, please help.

BTW the manifest is now:

{
“name”: “mypkcs11”,
“description”: “My test extension”,
“path”: “C:\webExt\mypkcs11\mypkcs11.dll”,
“type”: “pkcs11”,
“allowed_extensions”: [
"myextension@mycompany.com"
]
}

jlam · November 30, 2017, 11:29pm

Actually the path is double backslash "\ "
“path”: “C:\ \webExt\ \mypkcs11\ \mypkcs11.dll”,

freaktechnik · December 1, 2017, 12:00am

The string in the allowed_extensions array must match the ID you give your extension, which you have to do manually at least while your extension is not signed. If you don’t explicitly define an ID you will get one assigned once the extension is signed and would have to then adjust the manifest for the pkcs11 module. See https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/applications for documentation on how to set an ID in your manifest.json of the extension.
Ensure both manifests use the same ID.

P.S.: you can use ``` to start and end code blocks (like on GitHub), so multi line code gets easier to read and indentation is preserved.

Bertrand_Perret1 · December 1, 2017, 6:48am

Hello jlam,

Sorry, I forgot to tell you the following:

You need to set an ID in the very beginning of your manifest.json like this:

 "applications": {
    "gecko": {
      "id": "myextension@mycompany.fr",
      "strict_min_version": "57.0"
    }
  },

  ... other declarations in manifest.json

As freaktechnik told you, this ID must match the ID in the other manifest file.

Hope this helps.

Also, don’t forget you can’t insert comments in a json file, only data is accepted.

jlam · December 1, 2017, 5:40pm

Thanks a millions! Man this is very tricky.

jlam · December 1, 2017, 5:42pm

Hi Bertrand and Freaktechnik,

I finally passes the ID issues. I could not make it without you guys’s help!

Again very appreciated,

Johnny

jlam · December 1, 2017, 10:27pm

'
Have you got the pkcs11 API to work?

I assume that pkcs11 API is now in Nightly build 59.0a1.

When debugging my background.js with the content below:

try
{
browser.pkcs11.installModule(“mypkcs11”);
console.log(“module installed”);
}
catch(e)
{
console.log("module could not be installed "+e);
}

console showing:
module could not be installed TypeError: browser.pkcs11 is undefined ’

freaktechnik · December 1, 2017, 11:24pm

That sounds like you don’t have the “pkcs11” permission requested in your manifest.json, though the one you posted earlier in this thread did have the permission listed.

jlam · December 1, 2017, 11:45pm

Hi Freaktechnik,

Yes, you are correct! I have remove that statement while testing. Put a back it works!

I don’t know how to say thanks for all the helps from you guys.

I finally got my first WebExt to load my DLL!

Cheers!
Johny

Bertrand_Perret1 · December 2, 2017, 1:42pm

Hi jlam,

Glad to know that you could get it work.

Another point though:
since installModule is an asynchronous API, you could re-write your code
like the following:

var /*Promise*/ statusObj = browser.pkcs11.installModule("mypkcs11");

/* Only print success message within the 'then' statement, 
              error in 'catch' one */
statusObj.then(() => console.log("module installed (v2)")).catch(err => console.log("module could not be installed (v2)", err));

Regards.

jlam · December 4, 2017, 10:53pm

Hello Mr. Bertrand Perret,

Thanks for the code.
There is one issue with the mypkcs11.json:
At the statement:
‘“path”: “C:\webExt\mypkcs11\mypkcs11.dll”,’

What if my installer is installed into a dynamic location that may ending in ‘“D:\webExt\mypkcs11\mypkcs11.dll"’? A different drive (D:) that is not drive C: ?

Note that we in case the mypkcs11.dll is not stored under ‘“C:\webExt\mypkcs11".’

freaktechnik · December 4, 2017, 11:15pm

You’d have to generate the JSON on the fly then. Just set the path to wherever it is installed.

jlam · December 5, 2017, 5:33pm

Oh, got it, thank you for the instruction.

jlam · December 5, 2017, 7:05pm

Hi Martin and Bertrand,

I must go to you again for another help, and thanks in advance for your generosity!

I am preparing for mypkcs11.zip package to be signed by Firefox AMO. And man, is that true that the I have to go through the whole-9-yard of the below process?

Your API key (JWT issuer)
http://addons-server.readthedocs.io/en/latest/topics/api/auth.html#create-a-jwt-for-each-request

and

Access Credentials
http://addons-server.readthedocs.io/en/latest/topics/api/auth.html#access-credentials

Truly yours,
-jlam

freaktechnik · December 5, 2017, 8:38pm

You can also sign extensions via web interface on addons.mozilla.org

yohanndurant · February 9, 2018, 10:14am

I try your method
but it was not ok

manifest.json
{
“name”: “mypkcs11”,
"description”: “Installation du “,
“path”: “C:\Windows\System32\pcks11.dll”,
“type”: “pkcs11”,
“allowed_extensions”: [
"myextension@mycompany.fr”
]
}

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\PKCS11Modules]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\PKCS11Modules\mypkcs11]
@=“C:\ProgramData\Firefox\manifest.json”

manifest.json extension
{
“name”: “mypkcs11”,
“description”: “My pkcs11 extension”,
“version”: “1.0”,
“manifest_version”: 2,

“background”: {
“scripts”: [“background-script.js”]
},

“applications”: {
“gecko”: {
“id”: "myextension@mycompany.fr",
“strict_min_version”: “59.0”
}
},
“permissions”: [
“pkcs11”
]
}

background-script.js extensions

var /Promise/
statusObj = browser.pkcs11.installModule(‘mypkcs11’);
/* Only print success message within the ‘then’ statement,
error in ‘catch’ one */
statusObj.then(() = > console.log(‘module installed (v2)’)).catch (err = > console.log(‘module could not be installed (v2)’, err));

do you see wath is the problem
Thanks

freaktechnik · February 9, 2018, 10:22am

Are you sure it’s not pkcs11.dll?

Bertrand_Perret1 · February 9, 2018, 12:41pm

Hello,

Is the PKCS#11 dll a 32 bits one ?

What is the architecture of Windows ?

What is the architecture of the running Firefox ?

yohanndurant · February 9, 2018, 2:05pm

DLL 64 bits
Windows 7 SP1 64bits
Firefox 59b7 64bits

Bertrand_Perret1 · February 9, 2018, 2:31pm

OK.

So the registry key need to be set on the 64 bit hive too.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules\mypkcs11]
@=“C:\ProgramData\Firefox\manifest.json”

For strict_min_version, try one of this:

“strict_min_version”: “58.0*”

or “strict_min_version”: “58.*”