Allow an extension to configure Firefox security devices

jlam · December 1, 2017, 5:42pm

Hi Bertrand and Freaktechnik,

I finally passes the ID issues. I could not make it without you guys’s help!

Again very appreciated,

Johnny

jlam · December 1, 2017, 10:27pm

'
Have you got the pkcs11 API to work?

I assume that pkcs11 API is now in Nightly build 59.0a1.

When debugging my background.js with the content below:

try
{
browser.pkcs11.installModule(“mypkcs11”);
console.log(“module installed”);
}
catch(e)
{
console.log("module could not be installed "+e);
}

console showing:
module could not be installed TypeError: browser.pkcs11 is undefined ’

freaktechnik · December 1, 2017, 11:24pm

That sounds like you don’t have the “pkcs11” permission requested in your manifest.json, though the one you posted earlier in this thread did have the permission listed.

jlam · December 1, 2017, 11:45pm

Hi Freaktechnik,

Yes, you are correct! I have remove that statement while testing. Put a back it works!

I don’t know how to say thanks for all the helps from you guys.

I finally got my first WebExt to load my DLL!

Cheers!
Johny

Bertrand_Perret1 · December 2, 2017, 1:42pm

Hi jlam,

Glad to know that you could get it work.

Another point though:
since installModule is an asynchronous API, you could re-write your code
like the following:

var /*Promise*/ statusObj = browser.pkcs11.installModule("mypkcs11");

/* Only print success message within the 'then' statement, 
              error in 'catch' one */
statusObj.then(() => console.log("module installed (v2)")).catch(err => console.log("module could not be installed (v2)", err));

Regards.

jlam · December 4, 2017, 10:53pm

Hello Mr. Bertrand Perret,

Thanks for the code.
There is one issue with the mypkcs11.json:
At the statement:
‘“path”: “C:\webExt\mypkcs11\mypkcs11.dll”,’

What if my installer is installed into a dynamic location that may ending in ‘“D:\webExt\mypkcs11\mypkcs11.dll"’? A different drive (D:) that is not drive C: ?

Note that we in case the mypkcs11.dll is not stored under ‘“C:\webExt\mypkcs11".’

freaktechnik · December 4, 2017, 11:15pm

You’d have to generate the JSON on the fly then. Just set the path to wherever it is installed.

jlam · December 5, 2017, 5:33pm

Oh, got it, thank you for the instruction.

jlam · December 5, 2017, 7:05pm

Hi Martin and Bertrand,

I must go to you again for another help, and thanks in advance for your generosity!

I am preparing for mypkcs11.zip package to be signed by Firefox AMO. And man, is that true that the I have to go through the whole-9-yard of the below process?

Your API key (JWT issuer)
http://addons-server.readthedocs.io/en/latest/topics/api/auth.html#create-a-jwt-for-each-request

and

Access Credentials
http://addons-server.readthedocs.io/en/latest/topics/api/auth.html#access-credentials

Truly yours,
-jlam

freaktechnik · December 5, 2017, 8:38pm

You can also sign extensions via web interface on addons.mozilla.org

yohanndurant · February 9, 2018, 10:14am

I try your method
but it was not ok

manifest.json
{
“name”: “mypkcs11”,
"description”: “Installation du “,
“path”: “C:\Windows\System32\pcks11.dll”,
“type”: “pkcs11”,
“allowed_extensions”: [
"myextension@mycompany.fr”
]
}

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\PKCS11Modules]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\PKCS11Modules\mypkcs11]
@=“C:\ProgramData\Firefox\manifest.json”

manifest.json extension
{
“name”: “mypkcs11”,
“description”: “My pkcs11 extension”,
“version”: “1.0”,
“manifest_version”: 2,

“background”: {
“scripts”: [“background-script.js”]
},

“applications”: {
“gecko”: {
“id”: "myextension@mycompany.fr",
“strict_min_version”: “59.0”
}
},
“permissions”: [
“pkcs11”
]
}

background-script.js extensions

var /Promise/
statusObj = browser.pkcs11.installModule(‘mypkcs11’);
/* Only print success message within the ‘then’ statement,
error in ‘catch’ one */
statusObj.then(() = > console.log(‘module installed (v2)’)).catch (err = > console.log(‘module could not be installed (v2)’, err));

do you see wath is the problem
Thanks

freaktechnik · February 9, 2018, 10:22am

Are you sure it’s not pkcs11.dll?

Bertrand_Perret1 · February 9, 2018, 12:41pm

Hello,

Is the PKCS#11 dll a 32 bits one ?

What is the architecture of Windows ?

What is the architecture of the running Firefox ?

yohanndurant · February 9, 2018, 2:05pm

DLL 64 bits
Windows 7 SP1 64bits
Firefox 59b7 64bits

Bertrand_Perret1 · February 9, 2018, 2:31pm

OK.

So the registry key need to be set on the 64 bit hive too.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules\mypkcs11]
@=“C:\ProgramData\Firefox\manifest.json”

For strict_min_version, try one of this:

“strict_min_version”: “58.0*”

or “strict_min_version”: “58.*”

yohanndurant · February 9, 2018, 2:36pm

same pb

is not accepted

yohanndurant · February 9, 2018, 2:39pm

I put in registry hive 32 and 64 bits

Bertrand_Perret1 · February 9, 2018, 2:43pm

You will have to debug your extension in

about:debugging

yohanndurant · February 9, 2018, 3:01pm

Yes
Addon added in firefox
no error in debug but no install

var statusObj = browser.pkcs11.installModule(“mypkcs11”);
no add

Bertrand_Perret1 · February 9, 2018, 3:43pm

I have a “path” setting like this (which works for me): each path separator is escaped

"path": "C:\\Windows\\system32\\mypkcs11.dll",