chrome/browser/resources/cryptotoken/signer.js - platform/external/chromium_org - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 /**
  * @fileoverview Handles web page requests for gnubby sign requests.
  */

 'use strict';

 var signRequestQueue = new OriginKeyedRequestQueue();

 /**
  * Handles a sign request.
  * @param {!SignHelperFactory} factory Factory to create a sign helper.
  * @param {MessageSender} sender The sender of the message.
  * @param {Object} request The web page's sign request.
  * @param {Function} sendResponse Called back with the result of the sign.
  * @param {boolean} toleratesMultipleResponses Whether the sendResponse
  *     callback can be called more than once, e.g. for progress updates.
  * @return {Closeable} Request handler that should be closed when the browser
  *     message channel is closed.
  */
 function handleSignRequest(factory, sender, request, sendResponse,
     toleratesMultipleResponses) {
   var sentResponse = false;
   function sendResponseOnce(r) {
     if (queuedSignRequest) {
       queuedSignRequest.close();
       queuedSignRequest = null;
     }
     if (!sentResponse) {
       sentResponse = true;
       try {
         // If the page has gone away or the connection has otherwise gone,
         // sendResponse fails.
         sendResponse(r);
       } catch (exception) {
         console.warn('sendResponse failed: ' + exception);
       }
     } else {
       console.warn(UTIL_fmt('Tried to reply more than once! Juan, FIX ME'));
     }
   }

   function sendErrorResponse(code) {
     var response = formatWebPageResponse(GnubbyMsgTypes.SIGN_WEB_REPLY, code);
     sendResponseOnce(response);
   }

   function sendSuccessResponse(challenge, info, browserData) {
     var responseData = {};
     for (var k in challenge) {
       responseData[k] = challenge[k];
     }
     responseData['browserData'] = B64_encode(UTIL_StringToBytes(browserData));
     responseData['signatureData'] = info;
     var response = formatWebPageResponse(GnubbyMsgTypes.SIGN_WEB_REPLY,
         GnubbyCodeTypes.OK, responseData);
     sendResponseOnce(response);
   }

   var origin = getOriginFromUrl(/** @type {string} */ (sender.url));
   if (!origin) {
     sendErrorResponse(GnubbyCodeTypes.BAD_REQUEST);
     return null;
   }
   // More closure type inference fail.
   var nonNullOrigin = /** @type {string} */ (origin);

   if (!isValidSignRequest(request)) {
     sendErrorResponse(GnubbyCodeTypes.BAD_REQUEST);
     return null;
   }

   var signData = request['signData'];
   // A valid sign data has at least one challenge, so get the first appId from
   // the first challenge.
   var firstAppId = signData[0]['appId'];
   var timeoutMillis = Signer.DEFAULT_TIMEOUT_MILLIS;
   if (request['timeout']) {
     // Request timeout is in seconds.
     timeoutMillis = request['timeout'] * 1000;
   }
   var timer = new CountdownTimer(timeoutMillis);
   var logMsgUrl = request['logMsgUrl'];

   // Queue sign requests from the same origin, to protect against simultaneous
   // sign-out on many tabs resulting in repeated sign-in requests.
   var queuedSignRequest = new QueuedSignRequest(signData, factory, timer,
       nonNullOrigin, sendErrorResponse, sendSuccessResponse,
       sender.tlsChannelId, logMsgUrl);
   var requestToken = signRequestQueue.queueRequest(firstAppId, nonNullOrigin,
       queuedSignRequest.begin.bind(queuedSignRequest), timer);
   queuedSignRequest.setToken(requestToken);
   return queuedSignRequest;
 }

 /**
  * Returns whether the request appears to be a valid sign request.
  * @param {Object} request the request.
  * @return {boolean} whether the request appears valid.
  */
 function isValidSignRequest(request) {
   if (!request.hasOwnProperty('signData'))
     return false;
   var signData = request['signData'];
   // If a sign request contains an empty array of challenges, it could never
   // be fulfilled. Fail.
   if (!signData.length)
     return false;
   return isValidSignData(signData);
 }

 /**
  * Adapter class representing a queued sign request.
  * @param {!SignData} signData Signature data
  * @param {!SignHelperFactory} factory Factory for SignHelper instances
  * @param {Countdown} timer Timeout timer
  * @param {string} origin Signature origin
  * @param {function(number)} errorCb Error callback
  * @param {function(SignChallenge, string, string)} successCb Success callback
  * @param {string|undefined} opt_tlsChannelId TLS Channel Id
  * @param {string|undefined} opt_logMsgUrl Url to post log messages to
  * @constructor
  * @implements {Closeable}
  */
 function QueuedSignRequest(signData, factory, timer, origin, errorCb, successCb,
     opt_tlsChannelId, opt_logMsgUrl) {
   /** @private {!SignData} */
   this.signData_ = signData;
   /** @private {!SignHelperFactory} */
   this.factory_ = factory;
   /** @private {Countdown} */
   this.timer_ = timer;
   /** @private {string} */
   this.origin_ = origin;
   /** @private {function(number)} */
   this.errorCb_ = errorCb;
   /** @private {function(SignChallenge, string, string)} */
   this.successCb_ = successCb;
   /** @private {string|undefined} */
   this.tlsChannelId_ = opt_tlsChannelId;
   /** @private {string|undefined} */
   this.logMsgUrl_ = opt_logMsgUrl;
   /** @private {boolean} */
   this.begun_ = false;
   /** @private {boolean} */
   this.closed_ = false;
 }

 /** Closes this sign request. */
 QueuedSignRequest.prototype.close = function() {
   if (this.closed_) return;
   if (this.begun_ && this.signer_) {
     this.signer_.close();
   }
   if (this.token_) {
     this.token_.complete();
   }
   this.closed_ = true;
 };

 /**
  * @param {QueuedRequestToken} token Token for this sign request.
  */
 QueuedSignRequest.prototype.setToken = function(token) {
   /** @private {QueuedRequestToken} */
   this.token_ = token;
 };

 /**
  * Called when this sign request may begin work.
  * @param {QueuedRequestToken} token Token for this sign request.
  */
 QueuedSignRequest.prototype.begin = function(token) {
   this.begun_ = true;
   this.setToken(token);
   this.signer_ = new Signer(this.factory_, this.timer_, this.origin_,
       this.signerFailed_.bind(this), this.signerSucceeded_.bind(this),
       this.tlsChannelId_, this.logMsgUrl_);
   if (!this.signer_.setChallenges(this.signData_)) {
     token.complete();
     this.errorCb_(GnubbyCodeTypes.BAD_REQUEST);
   }
 };

 /**
  * Called when this request's signer fails.
  * @param {number} code The failure code reported by the signer.
  * @private
  */
 QueuedSignRequest.prototype.signerFailed_ = function(code) {
   this.token_.complete();
   this.errorCb_(code);
 };

 /**
  * Called when this request's signer succeeds.
  * @param {SignChallenge} challenge The challenge that was signed.
  * @param {string} info The sign result.
  * @param {string} browserData Browser data JSON
  * @private
  */
 QueuedSignRequest.prototype.signerSucceeded_ =
     function(challenge, info, browserData) {
   this.token_.complete();
   this.successCb_(challenge, info, browserData);
 };

 /**
  * Creates an object to track signing with a gnubby.
  * @param {!SignHelperFactory} helperFactory Factory to create a sign helper.
  * @param {Countdown} timer Timer for sign request.
  * @param {string} origin The origin making the request.
  * @param {function(number)} errorCb Called when the sign operation fails.
  * @param {function(SignChallenge, string, string)} successCb Called when the
  *     sign operation succeeds.
  * @param {string=} opt_tlsChannelId the TLS channel ID, if any, of the origin
  *     making the request.
  * @param {string=} opt_logMsgUrl The url to post log messages to.
  * @constructor
  */
 function Signer(helperFactory, timer, origin, errorCb, successCb,
     opt_tlsChannelId, opt_logMsgUrl) {
   /** @private {Countdown} */
   this.timer_ = timer;
   /** @private {string} */
   this.origin_ = origin;
   /** @private {function(number)} */
   this.errorCb_ = errorCb;
   /** @private {function(SignChallenge, string, string)} */
   this.successCb_ = successCb;
   /** @private {string|undefined} */
   this.tlsChannelId_ = opt_tlsChannelId;
   /** @private {string|undefined} */
   this.logMsgUrl_ = opt_logMsgUrl;

   /** @private {boolean} */
   this.challengesSet_ = false;
   /** @private {Array.<SignHelperChallenge>} */
   this.pendingChallenges_ = [];
   /** @private {boolean} */
   this.done_ = false;

   /** @private {Object.<string, string>} */
   this.browserData_ = {};
   /** @private {Object.<string, SignChallenge>} */
   this.serverChallenges_ = {};
   // Allow http appIds for http origins. (Broken, but the caller deserves
   // what they get.)
   /** @private {boolean} */
   this.allowHttp_ = this.origin_ ? this.origin_.indexOf('http://') == 0 : false;

   // Protect against helper failure with a watchdog.
   this.createWatchdog_(timer);
   /** @private {SignHelper} */
   this.helper_ = helperFactory.createHelper(
       timer, this.helperError_.bind(this), this.helperSuccess_.bind(this),
           this.logMsgUrl_);
 }

 /**
  * Creates a timer with an expiry greater than the expiration time of the given
  * timer.
  * @param {Countdown} timer Timeout timer
  * @private
  */
 Signer.prototype.createWatchdog_ = function(timer) {
   var millis = timer.millisecondsUntilExpired();
   millis += CountdownTimer.TIMER_INTERVAL_MILLIS;
   /** @private {Countdown|undefined} */
   this.watchdogTimer_ = new CountdownTimer(millis, this.timeout_.bind(this));
 };

 /**
  * Default timeout value in case the caller never provides a valid timeout.
  */
 Signer.DEFAULT_TIMEOUT_MILLIS = 30 * 1000;

 /**
  * Sets the challenges to be signed.
  * @param {SignData} signData The challenges to set.
  * @return {boolean} Whether the challenges could be set.
  */
 Signer.prototype.setChallenges = function(signData) {
   if (this.challengesSet_ || this.done_)
     return false;
   /** @private {SignData} */
   this.signData_ = signData;
   /** @private {boolean} */
   this.challengesSet_ = true;

   this.checkAppIds_();
   return true;
 };

 /**
  * Adds new challenges to the challenges being signed.
  * @param {SignData} signData Challenges to add.
  * @param {boolean} finalChallenges Whether these are the final challenges.
  * @return {boolean} Whether the challenge could be added.
  */
 Signer.prototype.addChallenges = function(signData, finalChallenges) {
   var newChallenges = this.encodeSignChallenges_(signData);
   for (var i = 0; i < newChallenges.length; i++) {
     this.pendingChallenges_.push(newChallenges[i]);
   }
   if (!finalChallenges) {
     return true;
   }
   return this.helper_.doSign(this.pendingChallenges_);
 };

 /**
  * Creates challenges for helper from challenges.
  * @param {Array.<SignChallenge>} challenges Challenges to add.
  * @return {Array.<SignHelperChallenge>} Encoded challenges
  * @private
  */
 Signer.prototype.encodeSignChallenges_ = function(challenges) {
   var newChallenges = [];
   for (var i = 0; i < challenges.length; i++) {
     var incomingChallenge = challenges[i];
     var serverChallenge = incomingChallenge['challenge'];
     var appId = incomingChallenge['appId'];
     var encodedKeyHandle = incomingChallenge['keyHandle'];
     var version = incomingChallenge['version'];

     var browserData =
         makeSignBrowserData(serverChallenge, this.origin_, this.tlsChannelId_);
     var encodedChallenge = makeChallenge(browserData, appId, encodedKeyHandle,
         version);

     var key = encodedKeyHandle + encodedChallenge['challengeHash'];
     this.browserData_[key] = browserData;
     this.serverChallenges_[key] = incomingChallenge;

     newChallenges.push(encodedChallenge);
   }
   return newChallenges;
 };

 /**
  * Checks the app ids of incoming requests, and, when this signer is enforcing
  * that app ids are valid, adds successful challenges to those being signed.
  * @private
  */
 Signer.prototype.checkAppIds_ = function() {
   // Check the incoming challenges' app ids.
   /** @private {Array.<[string, Array.<Request>]>} */
   this.orderedRequests_ = requestsByAppId(this.signData_);
   if (!this.orderedRequests_.length) {
     // Safety check: if the challenges are somehow empty, the helper will never
     // be fed any data, so the request could never be satisfied. You lose.
     this.notifyError_(GnubbyCodeTypes.BAD_REQUEST);
     return;
   }
   /** @private {number} */
   this.fetchedAppIds_ = 0;
   /** @private {number} */
   this.validAppIds_ = 0;
   for (var i = 0, appIdRequestsPair; i < this.orderedRequests_.length; i++) {
     var appIdRequestsPair = this.orderedRequests_[i];
     var appId = appIdRequestsPair[0];
     var requests = appIdRequestsPair[1];
     if (appId == this.origin_) {
       // Trivially allowed.
       this.fetchedAppIds_++;
       this.validAppIds_++;
       this.addChallenges(requests,
           this.fetchedAppIds_ == this.orderedRequests_.length);
     } else {
       var start = new Date();
       fetchAllowedOriginsForAppId(appId, this.allowHttp_,
           this.fetchedAllowedOriginsForAppId_.bind(this, appId, start,
               requests));
     }
   }
 };

 /**
  * Called with the result of an app id fetch.
  * @param {string} appId the app id that was fetched.
  * @param {Date} start the time the fetch request started.
  * @param {Array.<SignChallenge>} challenges Challenges for this app id.
  * @param {number} rc The HTTP response code for the app id fetch.
  * @param {!Array.<string>} allowedOrigins The origins allowed for this app id.
  * @private
  */
 Signer.prototype.fetchedAllowedOriginsForAppId_ = function(appId, start,
     challenges, rc, allowedOrigins) {
   var end = new Date();
   logFetchAppIdResult(appId, end - start, allowedOrigins, this.logMsgUrl_);
   if (rc != 200 && !(rc >= 400 && rc < 500)) {
     if (this.timer_.expired()) {
       // Act as though the helper timed out.
       this.helperError_(DeviceStatusCodes.TIMEOUT_STATUS, false);
     } else {
       start = new Date();
       fetchAllowedOriginsForAppId(appId, this.allowHttp_,
           this.fetchedAllowedOriginsForAppId_.bind(this, appId, start,
               challenges));
     }
     return;
   }
   this.fetchedAppIds_++;
   var finalChallenges = (this.fetchedAppIds_ == this.orderedRequests_.length);
   if (isValidAppIdForOrigin(appId, this.origin_, allowedOrigins)) {
     this.validAppIds_++;
     this.addChallenges(challenges, finalChallenges);
   } else {
     logInvalidOriginForAppId(this.origin_, appId, this.logMsgUrl_);
     // If this is the final request, sign the valid challenges.
     if (finalChallenges) {
       if (!this.helper_.doSign(this.pendingChallenges_)) {
         this.notifyError_(GnubbyCodeTypes.BAD_REQUEST);
         return;
       }
     }
   }
   if (finalChallenges && !this.validAppIds_) {
     // If all app ids are invalid, notify the caller, otherwise implicitly
     // allow the helper to report whether any of the valid challenges succeeded.
     this.notifyError_(GnubbyCodeTypes.BAD_APP_ID);
   }
 };

 /**
  * Called when the timeout expires on this signer.
  * @private
  */
 Signer.prototype.timeout_ = function() {
   this.watchdogTimer_ = undefined;
   // The web page gets grumpy if it doesn't get WAIT_TOUCH within a reasonable
   // time.
   this.notifyError_(GnubbyCodeTypes.WAIT_TOUCH);
 };

 /** Closes this signer. */
 Signer.prototype.close = function() {
   if (this.helper_) this.helper_.close();
 };

 /**
  * Notifies the caller of error with the given error code.
  * @param {number} code Error code
  * @private
  */
 Signer.prototype.notifyError_ = function(code) {
   if (this.done_)
     return;
   this.close();
   this.done_ = true;
   this.errorCb_(code);
 };

 /**
  * Notifies the caller of success.
  * @param {SignChallenge} challenge The challenge that was signed.
  * @param {string} info The sign result.
  * @param {string} browserData Browser data JSON
  * @private
  */
 Signer.prototype.notifySuccess_ = function(challenge, info, browserData) {
   if (this.done_)
     return;
   this.close();
   this.done_ = true;
   this.successCb_(challenge, info, browserData);
 };

 /**
  * Maps a sign helper's error code namespace to the page's error code namespace.
  * @param {number} code Error code from DeviceStatusCodes namespace.
  * @param {boolean} anyGnubbies Whether any gnubbies were found.
  * @return {number} A GnubbyCodeTypes error code.
  * @private
  */
 Signer.mapError_ = function(code, anyGnubbies) {
   var reportedError;
   switch (code) {
     case DeviceStatusCodes.WRONG_DATA_STATUS:
       reportedError = anyGnubbies ? GnubbyCodeTypes.NONE_PLUGGED_ENROLLED :
           GnubbyCodeTypes.NO_GNUBBIES;
       break;

     case DeviceStatusCodes.OK_STATUS:
       // If the error callback is called with OK, it means the signature was
       // empty, which we treat the same as...
     case DeviceStatusCodes.WAIT_TOUCH_STATUS:
       reportedError = GnubbyCodeTypes.WAIT_TOUCH;
       break;

     case DeviceStatusCodes.BUSY_STATUS:
       reportedError = GnubbyCodeTypes.BUSY;
       break;

     default:
       reportedError = GnubbyCodeTypes.UNKNOWN_ERROR;
       break;
   }
   return reportedError;
 };

 /**
  * Called by the helper upon error.
  * @param {number} code Error code
  * @param {boolean} anyGnubbies If any gnubbies were found
  * @private
  */
 Signer.prototype.helperError_ = function(code, anyGnubbies) {
   this.clearTimeout_();
   var reportedError = Signer.mapError_(code, anyGnubbies);
   console.log(UTIL_fmt('helper reported ' + code.toString(16) +
       ', returning ' + reportedError));
   this.notifyError_(reportedError);
 };

 /**
  * Called by helper upon success.
  * @param {SignHelperChallenge} challenge The challenge that was signed.
  * @param {string} info The sign result.
  * @param {string=} opt_source The source, if any, if the signature.
  * @private
  */
 Signer.prototype.helperSuccess_ = function(challenge, info, opt_source) {
   // Got a good reply, kill timer.
   this.clearTimeout_();

   if (this.logMsgUrl_ && opt_source) {
     var logMsg = 'signed&source=' + opt_source;
     logMessage(logMsg, this.logMsgUrl_);
   }

   var key = challenge['keyHandle'] + challenge['challengeHash'];
   var browserData = this.browserData_[key];
   // Notify with server-provided challenge, not the encoded one: the
   // server-provided challenge contains additional fields it relies on.
   var serverChallenge = this.serverChallenges_[key];
   this.notifySuccess_(serverChallenge, info, browserData);
 };

 /**
  * Clears the timeout for this signer.
  * @private
  */
 Signer.prototype.clearTimeout_ = function() {
   if (this.watchdogTimer_) {
     this.watchdogTimer_.clearTimeout();
     this.watchdogTimer_ = undefined;
   }
 };
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	/**
	* @fileoverview Handles web page requests for gnubby sign requests.
	*/

	'use strict';

	var signRequestQueue = new OriginKeyedRequestQueue();

	/**
	* Handles a sign request.
	* @param {!SignHelperFactory} factory Factory to create a sign helper.
	* @param {MessageSender} sender The sender of the message.
	* @param {Object} request The web page's sign request.
	* @param {Function} sendResponse Called back with the result of the sign.
	* @param {boolean} toleratesMultipleResponses Whether the sendResponse
	* callback can be called more than once, e.g. for progress updates.
	* @return {Closeable} Request handler that should be closed when the browser
	* message channel is closed.
	*/
	function handleSignRequest(factory, sender, request, sendResponse,
	toleratesMultipleResponses) {
	var sentResponse = false;
	function sendResponseOnce(r) {
	if (queuedSignRequest) {
	queuedSignRequest.close();
	queuedSignRequest = null;
	}
	if (!sentResponse) {
	sentResponse = true;
	try {
	// If the page has gone away or the connection has otherwise gone,
	// sendResponse fails.
	sendResponse(r);
	} catch (exception) {
	console.warn('sendResponse failed: ' + exception);
	}
	} else {
	console.warn(UTIL_fmt('Tried to reply more than once! Juan, FIX ME'));
	}
	}

	function sendErrorResponse(code) {
	var response = formatWebPageResponse(GnubbyMsgTypes.SIGN_WEB_REPLY, code);
	sendResponseOnce(response);
	}

	function sendSuccessResponse(challenge, info, browserData) {
	var responseData = {};
	for (var k in challenge) {
	responseData[k] = challenge[k];
	}
	responseData['browserData'] = B64_encode(UTIL_StringToBytes(browserData));
	responseData['signatureData'] = info;
	var response = formatWebPageResponse(GnubbyMsgTypes.SIGN_WEB_REPLY,
	GnubbyCodeTypes.OK, responseData);
	sendResponseOnce(response);
	}

	var origin = getOriginFromUrl(/** @type {string} */ (sender.url));
	if (!origin) {
	sendErrorResponse(GnubbyCodeTypes.BAD_REQUEST);
	return null;
	}
	// More closure type inference fail.
	var nonNullOrigin = /** @type {string} */ (origin);

	if (!isValidSignRequest(request)) {
	sendErrorResponse(GnubbyCodeTypes.BAD_REQUEST);
	return null;
	}

	var signData = request['signData'];
	// A valid sign data has at least one challenge, so get the first appId from
	// the first challenge.
	var firstAppId = signData[0]['appId'];
	var timeoutMillis = Signer.DEFAULT_TIMEOUT_MILLIS;
	if (request['timeout']) {
	// Request timeout is in seconds.
	timeoutMillis = request['timeout'] * 1000;
	}
	var timer = new CountdownTimer(timeoutMillis);
	var logMsgUrl = request['logMsgUrl'];

	// Queue sign requests from the same origin, to protect against simultaneous
	// sign-out on many tabs resulting in repeated sign-in requests.
	var queuedSignRequest = new QueuedSignRequest(signData, factory, timer,
	nonNullOrigin, sendErrorResponse, sendSuccessResponse,
	sender.tlsChannelId, logMsgUrl);
	var requestToken = signRequestQueue.queueRequest(firstAppId, nonNullOrigin,
	queuedSignRequest.begin.bind(queuedSignRequest), timer);
	queuedSignRequest.setToken(requestToken);
	return queuedSignRequest;
	}

	/**
	* Returns whether the request appears to be a valid sign request.
	* @param {Object} request the request.
	* @return {boolean} whether the request appears valid.
	*/
	function isValidSignRequest(request) {
	if (!request.hasOwnProperty('signData'))
	return false;
	var signData = request['signData'];
	// If a sign request contains an empty array of challenges, it could never
	// be fulfilled. Fail.
	if (!signData.length)
	return false;
	return isValidSignData(signData);
	}

	/**
	* Adapter class representing a queued sign request.
	* @param {!SignData} signData Signature data
	* @param {!SignHelperFactory} factory Factory for SignHelper instances
	* @param {Countdown} timer Timeout timer
	* @param {string} origin Signature origin
	* @param {function(number)} errorCb Error callback
	* @param {function(SignChallenge, string, string)} successCb Success callback
	* @param {string\|undefined} opt_tlsChannelId TLS Channel Id
	* @param {string\|undefined} opt_logMsgUrl Url to post log messages to
	* @constructor
	* @implements {Closeable}
	*/
	function QueuedSignRequest(signData, factory, timer, origin, errorCb, successCb,
	opt_tlsChannelId, opt_logMsgUrl) {
	/** @private {!SignData} */
	this.signData_ = signData;
	/** @private {!SignHelperFactory} */
	this.factory_ = factory;
	/** @private {Countdown} */
	this.timer_ = timer;
	/** @private {string} */
	this.origin_ = origin;
	/** @private {function(number)} */
	this.errorCb_ = errorCb;
	/** @private {function(SignChallenge, string, string)} */
	this.successCb_ = successCb;
	/** @private {string\|undefined} */
	this.tlsChannelId_ = opt_tlsChannelId;
	/** @private {string\|undefined} */
	this.logMsgUrl_ = opt_logMsgUrl;
	/** @private {boolean} */
	this.begun_ = false;
	/** @private {boolean} */
	this.closed_ = false;
	}

	/** Closes this sign request. */
	QueuedSignRequest.prototype.close = function() {
	if (this.closed_) return;
	if (this.begun_ && this.signer_) {
	this.signer_.close();
	}
	if (this.token_) {
	this.token_.complete();
	}
	this.closed_ = true;
	};

	/**
	* @param {QueuedRequestToken} token Token for this sign request.
	*/
	QueuedSignRequest.prototype.setToken = function(token) {
	/** @private {QueuedRequestToken} */
	this.token_ = token;
	};

	/**
	* Called when this sign request may begin work.
	* @param {QueuedRequestToken} token Token for this sign request.
	*/
	QueuedSignRequest.prototype.begin = function(token) {
	this.begun_ = true;
	this.setToken(token);
	this.signer_ = new Signer(this.factory_, this.timer_, this.origin_,
	this.signerFailed_.bind(this), this.signerSucceeded_.bind(this),
	this.tlsChannelId_, this.logMsgUrl_);
	if (!this.signer_.setChallenges(this.signData_)) {
	token.complete();
	this.errorCb_(GnubbyCodeTypes.BAD_REQUEST);
	}
	};

	/**
	* Called when this request's signer fails.
	* @param {number} code The failure code reported by the signer.
	* @private
	*/
	QueuedSignRequest.prototype.signerFailed_ = function(code) {
	this.token_.complete();
	this.errorCb_(code);
	};

	/**
	* Called when this request's signer succeeds.
	* @param {SignChallenge} challenge The challenge that was signed.
	* @param {string} info The sign result.
	* @param {string} browserData Browser data JSON
	* @private
	*/
	QueuedSignRequest.prototype.signerSucceeded_ =
	function(challenge, info, browserData) {
	this.token_.complete();
	this.successCb_(challenge, info, browserData);
	};

	/**
	* Creates an object to track signing with a gnubby.
	* @param {!SignHelperFactory} helperFactory Factory to create a sign helper.
	* @param {Countdown} timer Timer for sign request.
	* @param {string} origin The origin making the request.
	* @param {function(number)} errorCb Called when the sign operation fails.
	* @param {function(SignChallenge, string, string)} successCb Called when the
	* sign operation succeeds.
	* @param {string=} opt_tlsChannelId the TLS channel ID, if any, of the origin
	* making the request.
	* @param {string=} opt_logMsgUrl The url to post log messages to.
	* @constructor
	*/
	function Signer(helperFactory, timer, origin, errorCb, successCb,
	opt_tlsChannelId, opt_logMsgUrl) {
	/** @private {Countdown} */
	this.timer_ = timer;
	/** @private {string} */
	this.origin_ = origin;
	/** @private {function(number)} */
	this.errorCb_ = errorCb;
	/** @private {function(SignChallenge, string, string)} */
	this.successCb_ = successCb;
	/** @private {string\|undefined} */
	this.tlsChannelId_ = opt_tlsChannelId;
	/** @private {string\|undefined} */
	this.logMsgUrl_ = opt_logMsgUrl;

	/** @private {boolean} */
	this.challengesSet_ = false;
	/** @private {Array.<SignHelperChallenge>} */
	this.pendingChallenges_ = [];
	/** @private {boolean} */
	this.done_ = false;

	/** @private {Object.<string, string>} */
	this.browserData_ = {};
	/** @private {Object.<string, SignChallenge>} */
	this.serverChallenges_ = {};
	// Allow http appIds for http origins. (Broken, but the caller deserves
	// what they get.)
	/** @private {boolean} */
	this.allowHttp_ = this.origin_ ? this.origin_.indexOf('http://') == 0 : false;

	// Protect against helper failure with a watchdog.
	this.createWatchdog_(timer);
	/** @private {SignHelper} */
	this.helper_ = helperFactory.createHelper(
	timer, this.helperError_.bind(this), this.helperSuccess_.bind(this),
	this.logMsgUrl_);
	}

	/**
	* Creates a timer with an expiry greater than the expiration time of the given
	* timer.
	* @param {Countdown} timer Timeout timer
	* @private
	*/
	Signer.prototype.createWatchdog_ = function(timer) {
	var millis = timer.millisecondsUntilExpired();
	millis += CountdownTimer.TIMER_INTERVAL_MILLIS;
	/** @private {Countdown\|undefined} */
	this.watchdogTimer_ = new CountdownTimer(millis, this.timeout_.bind(this));
	};

	/**
	* Default timeout value in case the caller never provides a valid timeout.
	*/
	Signer.DEFAULT_TIMEOUT_MILLIS = 30 * 1000;

	/**
	* Sets the challenges to be signed.
	* @param {SignData} signData The challenges to set.
	* @return {boolean} Whether the challenges could be set.
	*/
	Signer.prototype.setChallenges = function(signData) {
	if (this.challengesSet_ \|\| this.done_)
	return false;
	/** @private {SignData} */
	this.signData_ = signData;
	/** @private {boolean} */
	this.challengesSet_ = true;

	this.checkAppIds_();
	return true;
	};

	/**
	* Adds new challenges to the challenges being signed.
	* @param {SignData} signData Challenges to add.
	* @param {boolean} finalChallenges Whether these are the final challenges.
	* @return {boolean} Whether the challenge could be added.
	*/
	Signer.prototype.addChallenges = function(signData, finalChallenges) {
	var newChallenges = this.encodeSignChallenges_(signData);
	for (var i = 0; i < newChallenges.length; i++) {
	this.pendingChallenges_.push(newChallenges[i]);
	}
	if (!finalChallenges) {
	return true;
	}
	return this.helper_.doSign(this.pendingChallenges_);
	};

	/**
	* Creates challenges for helper from challenges.
	* @param {Array.<SignChallenge>} challenges Challenges to add.
	* @return {Array.<SignHelperChallenge>} Encoded challenges
	* @private
	*/
	Signer.prototype.encodeSignChallenges_ = function(challenges) {
	var newChallenges = [];
	for (var i = 0; i < challenges.length; i++) {
	var incomingChallenge = challenges[i];
	var serverChallenge = incomingChallenge['challenge'];
	var appId = incomingChallenge['appId'];
	var encodedKeyHandle = incomingChallenge['keyHandle'];
	var version = incomingChallenge['version'];

	var browserData =
	makeSignBrowserData(serverChallenge, this.origin_, this.tlsChannelId_);
	var encodedChallenge = makeChallenge(browserData, appId, encodedKeyHandle,
	version);

	var key = encodedKeyHandle + encodedChallenge['challengeHash'];
	this.browserData_[key] = browserData;
	this.serverChallenges_[key] = incomingChallenge;

	newChallenges.push(encodedChallenge);
	}
	return newChallenges;
	};

	/**
	* Checks the app ids of incoming requests, and, when this signer is enforcing
	* that app ids are valid, adds successful challenges to those being signed.
	* @private
	*/
	Signer.prototype.checkAppIds_ = function() {
	// Check the incoming challenges' app ids.
	/** @private {Array.<[string, Array.<Request>]>} */
	this.orderedRequests_ = requestsByAppId(this.signData_);
	if (!this.orderedRequests_.length) {
	// Safety check: if the challenges are somehow empty, the helper will never
	// be fed any data, so the request could never be satisfied. You lose.
	this.notifyError_(GnubbyCodeTypes.BAD_REQUEST);
	return;
	}
	/** @private {number} */
	this.fetchedAppIds_ = 0;
	/** @private {number} */
	this.validAppIds_ = 0;
	for (var i = 0, appIdRequestsPair; i < this.orderedRequests_.length; i++) {
	var appIdRequestsPair = this.orderedRequests_[i];
	var appId = appIdRequestsPair[0];
	var requests = appIdRequestsPair[1];
	if (appId == this.origin_) {
	// Trivially allowed.
	this.fetchedAppIds_++;
	this.validAppIds_++;
	this.addChallenges(requests,
	this.fetchedAppIds_ == this.orderedRequests_.length);
	} else {
	var start = new Date();
	fetchAllowedOriginsForAppId(appId, this.allowHttp_,
	this.fetchedAllowedOriginsForAppId_.bind(this, appId, start,
	requests));
	}
	}
	};

	/**
	* Called with the result of an app id fetch.
	* @param {string} appId the app id that was fetched.
	* @param {Date} start the time the fetch request started.
	* @param {Array.<SignChallenge>} challenges Challenges for this app id.
	* @param {number} rc The HTTP response code for the app id fetch.
	* @param {!Array.<string>} allowedOrigins The origins allowed for this app id.
	* @private
	*/
	Signer.prototype.fetchedAllowedOriginsForAppId_ = function(appId, start,
	challenges, rc, allowedOrigins) {
	var end = new Date();
	logFetchAppIdResult(appId, end - start, allowedOrigins, this.logMsgUrl_);
	if (rc != 200 && !(rc >= 400 && rc < 500)) {
	if (this.timer_.expired()) {
	// Act as though the helper timed out.
	this.helperError_(DeviceStatusCodes.TIMEOUT_STATUS, false);
	} else {
	start = new Date();
	fetchAllowedOriginsForAppId(appId, this.allowHttp_,
	this.fetchedAllowedOriginsForAppId_.bind(this, appId, start,
	challenges));
	}
	return;
	}
	this.fetchedAppIds_++;
	var finalChallenges = (this.fetchedAppIds_ == this.orderedRequests_.length);
	if (isValidAppIdForOrigin(appId, this.origin_, allowedOrigins)) {
	this.validAppIds_++;
	this.addChallenges(challenges, finalChallenges);
	} else {
	logInvalidOriginForAppId(this.origin_, appId, this.logMsgUrl_);
	// If this is the final request, sign the valid challenges.
	if (finalChallenges) {
	if (!this.helper_.doSign(this.pendingChallenges_)) {
	this.notifyError_(GnubbyCodeTypes.BAD_REQUEST);
	return;
	}
	}
	}
	if (finalChallenges && !this.validAppIds_) {
	// If all app ids are invalid, notify the caller, otherwise implicitly
	// allow the helper to report whether any of the valid challenges succeeded.
	this.notifyError_(GnubbyCodeTypes.BAD_APP_ID);
	}
	};

	/**
	* Called when the timeout expires on this signer.
	* @private
	*/
	Signer.prototype.timeout_ = function() {
	this.watchdogTimer_ = undefined;
	// The web page gets grumpy if it doesn't get WAIT_TOUCH within a reasonable
	// time.
	this.notifyError_(GnubbyCodeTypes.WAIT_TOUCH);
	};

	/** Closes this signer. */
	Signer.prototype.close = function() {
	if (this.helper_) this.helper_.close();
	};

	/**
	* Notifies the caller of error with the given error code.
	* @param {number} code Error code
	* @private
	*/
	Signer.prototype.notifyError_ = function(code) {
	if (this.done_)
	return;
	this.close();
	this.done_ = true;
	this.errorCb_(code);
	};

	/**
	* Notifies the caller of success.
	* @param {SignChallenge} challenge The challenge that was signed.
	* @param {string} info The sign result.
	* @param {string} browserData Browser data JSON
	* @private
	*/
	Signer.prototype.notifySuccess_ = function(challenge, info, browserData) {
	if (this.done_)
	return;
	this.close();
	this.done_ = true;
	this.successCb_(challenge, info, browserData);
	};

	/**
	* Maps a sign helper's error code namespace to the page's error code namespace.
	* @param {number} code Error code from DeviceStatusCodes namespace.
	* @param {boolean} anyGnubbies Whether any gnubbies were found.
	* @return {number} A GnubbyCodeTypes error code.
	* @private
	*/
	Signer.mapError_ = function(code, anyGnubbies) {
	var reportedError;
	switch (code) {
	case DeviceStatusCodes.WRONG_DATA_STATUS:
	reportedError = anyGnubbies ? GnubbyCodeTypes.NONE_PLUGGED_ENROLLED :
	GnubbyCodeTypes.NO_GNUBBIES;
	break;

	case DeviceStatusCodes.OK_STATUS:
	// If the error callback is called with OK, it means the signature was
	// empty, which we treat the same as...
	case DeviceStatusCodes.WAIT_TOUCH_STATUS:
	reportedError = GnubbyCodeTypes.WAIT_TOUCH;
	break;

	case DeviceStatusCodes.BUSY_STATUS:
	reportedError = GnubbyCodeTypes.BUSY;
	break;

	default:
	reportedError = GnubbyCodeTypes.UNKNOWN_ERROR;
	break;
	}
	return reportedError;
	};

	/**
	* Called by the helper upon error.
	* @param {number} code Error code
	* @param {boolean} anyGnubbies If any gnubbies were found
	* @private
	*/
	Signer.prototype.helperError_ = function(code, anyGnubbies) {
	this.clearTimeout_();
	var reportedError = Signer.mapError_(code, anyGnubbies);
	console.log(UTIL_fmt('helper reported ' + code.toString(16) +
	', returning ' + reportedError));
	this.notifyError_(reportedError);
	};

	/**
	* Called by helper upon success.
	* @param {SignHelperChallenge} challenge The challenge that was signed.
	* @param {string} info The sign result.
	* @param {string=} opt_source The source, if any, if the signature.
	* @private
	*/
	Signer.prototype.helperSuccess_ = function(challenge, info, opt_source) {
	// Got a good reply, kill timer.
	this.clearTimeout_();

	if (this.logMsgUrl_ && opt_source) {
	var logMsg = 'signed&source=' + opt_source;
	logMessage(logMsg, this.logMsgUrl_);
	}

	var key = challenge['keyHandle'] + challenge['challengeHash'];
	var browserData = this.browserData_[key];
	// Notify with server-provided challenge, not the encoded one: the
	// server-provided challenge contains additional fields it relies on.
	var serverChallenge = this.serverChallenges_[key];
	this.notifySuccess_(serverChallenge, info, browserData);
	};

	/**
	* Clears the timeout for this signer.
	* @private
	*/
	Signer.prototype.clearTimeout_ = function() {
	if (this.watchdogTimer_) {
	this.watchdogTimer_.clearTimeout();
	this.watchdogTimer_ = undefined;
	}
	};