nsIX509CertDB, nsIPKCS11ModuleDB supported in WebExtensions accessible APIs

bertrand_perret · September 21, 2016, 3:51pm

Hello all,

We have an extension that updates the Firefox NSS database store with embedded certificate files .pem.

The extension aslo adds a PKCS#11 module to interact with a smartcard.

We use following XPCOM components to manage certificates:
…
const my_nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
const my_nsIPKCS11Module = Components.interfaces.nsIPKCS11Module;
const my_nsIX509Cert = Components.interfaces.nsIX509Cert;

var /* nsIX509CertDB / x509CertDB = null;
var / nsILocalFile */ certLocalFile = null;

…

Will there be support for these components/classes in WebExtensions APIs ?
If not, what will replace these functions in the future ?

Regards.

noitidart · September 24, 2016, 2:08pm

I didn’t want to leave you hanging on this question. It currently does not seem possible.

For a replacement, you can only support desktop (Android has no support), you can set up the environment and build an executable, then distribute that executable from a website. Then after the user downloads that, they have to place it along with a special json file you give them in a special directory. Then they can install your addon, and then you can use native messaging.

Will this approach work for you?

I am trying this approach, am having a difficult time setting up the environment, am learning compiling C++ at same time, OS X is a VM for me, so Im having a tough time getting XCode on there.

NilkasG · September 24, 2016, 4:29pm

I am (currently experimentally) using native messaging in an extension too.

What I do is pack a node js application with the nexe module. That way, one can write the native application completely in JavaScript too, and is still able to distribute a single binary.

It took me quite a bit of time to get this working, so if ether of you is interested in this, just ask and I will share my experience with it.

noitidart · September 24, 2016, 4:31pm

Oh wow that is extremely interesting. I had a need to create a new window and inlay a canvas, then create a canvas editor in javascript. Can that be done, cross platform, with node.js nexe?

NilkasG · September 24, 2016, 4:38pm

I’ sorry, but I don’t understand what you are trying to do (the way I understand your sentence it sounds doable in the browser).

But I think this would be quite off-topic here. If you want to I’d suggest you PM me or open a new topic.

noitidart · September 24, 2016, 4:40pm

Will PM you thanks!

bertrand_perret · September 25, 2016, 4:16pm

Hello,

thanks for your suggestions.

I have just read the following topic about ‘native messaging’:

noitidart, is this what you suggested in your first response ?

Could I send messages to a Firefox Extension, too ?

Regards.

NilkasG · September 27, 2016, 8:59am

Yes, we were talking about

Could I send messages to a Firefox Extension, too ?

Yes, Native messaging works in Firefox (50+). But the communication always has to be initiated by the extension, your native program can only reply.

bertrand_perret · June 22, 2017, 9:00am

Hello,

I’m coming back to talk about
certificates importation into Firefox.

These certificates are emitted from a third-party PKI and should be present in FF database.

Since the post is dating from September 2016, is there any new APIs
that would be implemented to do the job
directly from a background script ?

Otherwise, how do i achieve this job from a C/C++ native app ?

Regards.