Plugin whitelist request: Nexus Personal (not the same as BankID)

VERIFIED FIXED in Firefox 34

Status

Firefox Graveyard
Plugin Click-To-Activate Whitelist
VERIFIED FIXED
4 years ago
2 years ago

People

(Reporter: Samuel Erdtman, Assigned: Unfocused)

Tracking

Trunk
Firefox 34
Bug Flags:
firefox-backlog +

Details

(Whiteboard: application complete - accepted)

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
<<Please supply the following information for new plugin whitelist requests>>

Plugin name: Nexus Personal
Vendor: Technology Nexus AB
Point of contact: samuel@nexusgroup.com, martin.furuhed@nexusgroup.com
Current version: 4.24.1
Download URL: The application is not publicly available, please send Samuel or Martin an email to receive a copy.
Sample URL of plugin in use: The application is not publicly available, please send Samuel or Martin an email for a demo page

Plugin details: Installed as part of neXus Personal Security Client a smart-card middleware. Used by banks, clearinghouses, national id programs etc. over the world. (Nexus Personal has a historic relationship with Nexus Personal BankID, but since a few years the products has went separate ways.)

neXus is currently working on the replacement and intend to release the first version of the replacement after summer. We will keep the plugins during a transitioning period, but are in communication with our customers to quicken the transition. During 2015 the need for the plugins should have been removed. The solution will not include any new extension, the connection between browser and neXus Personal Security Client will be handled by standard web technologies.

<<For each affected operating system, please copy the plugin information from about:plugins in Firefox>>
== Mac OS X ==
Nexus Personal

    File: PersonalPlugin.bundle
    Path: /Applications/Personal.app/Contents/SharedSupport/PersonalPlugin.bundle
    Version: 4.24.1.10913
    State: Enabled
    Nexus Personal 4.24.1.10913

MIME Type	Description	Suffixes
application/x-personal-signer	Signer	
application/x-personal-regutil	Enrollment	
application/x-personal-signer2	Signer XML	
application/x-personal-version	Version	
application/x-personal-webadmin	Administration	
application/x-personal-logout	Logout	
application/x-personal-authentication	Authentication

== Windows ==
Nexus Personal

    File: np_prsnl.dll
    Version: 4.24.1.10913
    State: Enabled
    Nexus Personal Plug-Ins

MIME Type	Description	Suffixes
application/x-personal-signer	Signer	
application/x-personal-regutil	Enrolment	
application/x-personal-logout	Logout	
application/x-personal-version	Version	
application/x-personal-webadmin	WebAdmin	
application/x-personal-authentication	Authentication	
application/x-personal-signer2	Signer2	
application/x-personal-clm	CLM

== Linux ==
Nexus Personal

    File: libplugins.so
    Path: /usr/local/lib/personal/libplugins.so
    Version: 
    State: Enabled
    Nexus Personal Plug-Ins

MIME Type       Description     Suffixes
application/x-personal-regutil  Regutil 
application/x-personal-signer   Signer  
application/x-personal-signer2  Signer2 
application/x-personal-version  Version 
application/x-personal-authentication   Authentication  
application/x-personal-webadmin Webadmin        
application/x-personal-logout   Logout  
application/x-personal-clm      CLM



Are there any variations in the plugin file name, MIME types, description, or version from one release to the next?
Version number is increased.

Are there any known security issues in current or older versions of the plugin?
No.

Comment 1

4 years ago
The linux data is surprising: "libplugins.so" is not a normal NPAPI plugin name. It is symlinked from /usr/lib/mozilla/plugins under that name or a different name?

PersonalPlugin.bundle is also a bit surprising: is it linked from /Library/Internet Plug-Ins ?


When you say that it will be replaced by web technologies: we currently don't have a web API for smart cards. Are you saying that you are moving away from smart card technology? We are actively looking for partners who are interested in helping us spec and build a native interface layer for crypto hardware/smartcards.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(Samuel)
(Reporter)

Comment 2

4 years ago
Hi Benjamin,

The neXus Personal plugins are part of the neXus Personal application which is a complete application that could be used without the plugins, and the plugins are linked from there. 
Is there a problem with the plugin name not being as expected? If there is a problem could you point us to some resources with details on how to name plugins. These plugins have existed for quite some time by now so it might be that we are following some older paradigm. If could you give me some more details I would be happy to answer why files are placed in a certain place with certain names.
For linux libplugins is linked like this:
lrwxrwxrwx 1 root root     37 Jun 24 00:49 libplugins.so -> /usr/local/lib/personal/libplugins.so

We are aware that there is no web browser integration for smart cards, I cannot share the details for our solution publicly since it has not been released yet, I could in a private email conversation or a Skype call if it is necessary. 
I was initially hoping that WebCrypto could solve this gap but as that work progressed it did not move in that direction. Now it has been a while since I followed the details of WebCrypto so I do not know if there has been any change to that. If Mozilla has interest in working with smart cards in some way we would be very interested cooperating. I cannot share details on how we

Best Regards
Samuel Erdtman

(In reply to Benjamin Smedberg  [:bsmedberg] from comment #1)
> The linux data is surprising: "libplugins.so" is not a normal NPAPI plugin
> name. It is symlinked from /usr/lib/mozilla/plugins under that name or a
> different name?
> 
> PersonalPlugin.bundle is also a bit surprising: is it linked from
> /Library/Internet Plug-Ins ?
> 
> 
> When you say that it will be replaced by web technologies: we currently
> don't have a web API for smart cards. Are you saying that you are moving
> away from smart card technology? We are actively looking for partners who
> are interested in helping us spec and build a native interface layer for
> crypto hardware/smartcards.

Updated

3 years ago
Points: --- → 1
Flags: needinfo?(Samuel)
Whiteboard: application complete - accepted

Updated

3 years ago
Flags: firefox-backlog+
Assignee: benjamin → bmcbride
Status: NEW → ASSIGNED
Iteration: --- → 34.1
Added to Iteration 34.1
QA Whiteboard: [qa+]
Created attachment 8460694 [details] [diff] [review]
Patch v1
Attachment #8460694 - Flags: review?(gfritzsche)
Attachment #8460694 - Flags: review?(gfritzsche) → review?(georg.fritzsche)
Attachment #8460694 - Flags: review?(georg.fritzsche) → review+
QA Contact: bogdan.maris
https://hg.mozilla.org/integration/fx-team/rev/3ab31cfb6837
https://hg.mozilla.org/mozilla-central/rev/3ab31cfb6837
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 34
Samuel: This has landed in Nightly. Could you please do a QA pass using a Nightly build from http://nightly.mozilla.org/. Using a new Firefox profile (https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles) to ensure that the plugin activates without a popup and appears as "Always Activate" in the Add-ons Manager. Report back in this bug when QA is complete. Please try to complete QA by the end of the week.
Flags: needinfo?(Samuel)
(Reporter)

Comment 8

3 years ago
Hi Blair,

I cannot seem to get it to work, I downloaded firefox-34.0a1.en-US.mac.dmg from http://nightly.mozilla.org/ and created a new profile according to https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles (but with FirefoxNightly).

I still get the activate plugin prompt. Am I doing something wrong?

Image of my failure
https://dl.dropboxusercontent.com/u/10828630/Personal.png

Do you need additional information on what I did?

Best Regards
Samuel Erdtman
Product Manager

(In reply to Blair McBride [:Unfocused] from comment #7)
> Samuel: This has landed in Nightly. Could you please do a QA pass using a
> Nightly build from http://nightly.mozilla.org/. Using a new Firefox profile
> (https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-
> firefox-profiles) to ensure that the plugin activates without a popup and
> appears as "Always Activate" in the Add-ons Manager. Report back in this bug
> when QA is complete. Please try to complete QA by the end of the week.
Flags: needinfo?(Samuel)
Comment on attachment 8460694 [details] [diff] [review]
Patch v1

Review of attachment 8460694 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/app/profile/firefox.js
@@ +826,5 @@
>  #endif
>  
> +// Nexus Personal, bug 1024965
> +#ifdef XP_WIN
> +pref("plugins.state.np_prsnl", 2);

Hm, typos here too on all three platforms :(
Should be "plugin.state.*", not "plugins.state.*".
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Foiled by a typo :\

Backout: https://hg.mozilla.org/integration/fx-team/rev/54598200f301
Reland:  https://hg.mozilla.org/integration/fx-team/rev/f4ac52fb6c84
https://hg.mozilla.org/mozilla-central/rev/f4ac52fb6c84
Status: REOPENED → RESOLVED
Last Resolved: 3 years ago3 years ago
Resolution: --- → FIXED
Verified as fixed on Windows 7 64bit, Ubuntu 13.04 64bit and Mac OS X 10.9.4 using latest Nightly.
Used the demo account and other instructions received from Samuel via e-mail to verify that the plugin is whitelisted, Nexus Personal 4.24.2.10931 is set to 'Always Activate' by default in about:addons.
Status: RESOLVED → VERIFIED
QA Whiteboard: [qa+] → [qa!]
Samuel: Could you re-do QA on the latest Nightly build? Thanks!
Flags: needinfo?(Samuel)
(Reporter)

Comment 14

3 years ago
We have now tested the nightly build and it works. Thanks!
Flags: needinfo?(Samuel)
Benjamin: Guessing you'll want this in your spreadsheet.
Flags: needinfo?(benjamin)

Comment 16

3 years ago
Comment on attachment 8460694 [details] [diff] [review]
Patch v1

Approval Request Comment
[Feature/regressing bug #]: whitelist request
[User impact if declined]:
[Describe test coverage new/current, TBPL]:
[Risks and why]: very low
[String/UUID change made/needed]: none
Attachment #8460694 - Flags: approval-mozilla-beta?
Attachment #8460694 - Flags: approval-mozilla-aurora?
Flags: needinfo?(benjamin)
status-firefox32: --- → affected
status-firefox33: --- → affected
status-firefox34: --- → fixed
Attachment #8460694 - Flags: approval-mozilla-beta?
Attachment #8460694 - Flags: approval-mozilla-beta+
Attachment #8460694 - Flags: approval-mozilla-aurora?
Attachment #8460694 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/16bf6714c6a0
https://hg.mozilla.org/releases/mozilla-beta/rev/c2fc1e357ca0
status-firefox32: affected → fixed
status-firefox33: affected → fixed
QA Whiteboard: [qa!] → [qa+]
Verified as fixed on Windows 7 64bit, Ubuntu 13.04 64bit and Mac OS X 10.9.4 using latest Aurora and Firefox 32 beta 5.
Used the demo account and other instructions received from Samuel via e-mail to verify that the plugin is whitelisted, Nexus Personal 4.24.2.10931 is set to 'Always Activate' by default in about:addons.
QA Whiteboard: [qa+] → [qa!]
status-firefox32: fixed → verified
status-firefox33: fixed → verified
status-firefox34: fixed → verified
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.