Closed Bug 1207996 Opened 9 years ago Closed 8 years ago

[TV] Implement JPAKE authentication over TLS socket server

Categories

(Firefox OS Graveyard :: Gaia::TV::System, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::TV::System
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:2.6+, b2g-v2.6 fixed, b2g-master wontfix)

Status:
RESOLVED FIXED
Project Flags:
blocking-b2g 2.6+
Tracking Flags:
Tracking Status
b2g-v2.6 --- fixed
b2g-master --- wontfix

People

(Reporter: etsai, Assigned: etsai)

References

Details

(Whiteboard: [ft:conndevices][partner-blocker]Remote3)

Attachments

(1 file, 4 obsolete files)

Patch 1. JPAKE authentication over TLS socket server
47 bytes, text/x-github-pull-request
schien
: review+
jocheng
: approval-mozilla-b2g48+
Details | Review
This is a meta bug for TV remote control PIN code pairing
I've created a WIKI page for documenting the architecture of Remote Control. Please refer to [1] for the flowchart drafts of this pairing mechanism. [1] https://wiki.mozilla.org/Firefox_OS/Remote_Control#Pairing
Assignee: nobody → etsai
Target Milestone: --- → FxOS-S9 (16Oct)
Status: NEW → ASSIGNED
Modify for Gecko features
Component: Gaia::TV → Gaia::TV::System
Summary: [TV 2.5][meta] Provide PIN code pairing to connect TV as remote control → [TV 2.5] Provide PIN code pairing to connect TV as remote control
Hi Fabrice, please help to review this patch for pairing. The patch depends on https://bugzilla.mozilla.org/attachment.cgi?id=8673027 and gaia patches from :lchang at bug 1215075 and bug 1215076
Attachment #8675985 - Flags: review?(fabrice)
Gecko patch for PIN code pairing function, fix server IP in settings Hi Fabrice, please help to review this patch for pairing. The patch depends on https://bugzilla.mozilla.org/attachment.cgi?id=8673027 and gaia patches from :lchang at bug 1215075 and bug 1215076
Attachment #8675985 - Attachment is obsolete: true
Attachment #8675985 - Flags: review?(fabrice)
Attachment #8676013 - Flags: review?(fabrice)
Comment on attachment 8676013 [details] [diff] [review] 0001-Bug-1207996-Add-PIN-code-pairing.patch Review of attachment 8676013 [details] [diff] [review]: ----------------------------------------------------------------- Switch reviewer to schien
Attachment #8676013 - Flags: review?(fabrice) → review?(schien)
Whiteboard: [ft:conndevices][partner-blocker][partner-cherry-pick]Remote3
Target Milestone: FxOS-S9 (16Oct) → FxOS-S11 (13Nov)
Comment on attachment 8676013 [details] [diff] [review] 0001-Bug-1207996-Add-PIN-code-pairing.patch Review of attachment 8676013 [details] [diff] [review]: ----------------------------------------------------------------- Discussed with @etsai, this patch will be updated according to the modification in bug 1197749. Cancel r? for now. ::: b2g/components/RemoteControlService.jsm @@ +85,5 @@ > +function sendChromeEvent(action, details) > +{ > + details.action = action; > + SystemAppProxy._sendCustomEvent(REMOTE_CONTROL_EVENT, details); > +} Not need to create this short, one-time-only function.
Attachment #8676013 - Flags: review?(schien)
Update patch follow bug 1197749 and 1197751's coding style. Add description, remove one-shot function.
Attachment #8676013 - Attachment is obsolete: true
Attachment #8687849 - Flags: review?(schien)
After discuss with :lchang, handle event if and only if the request if valid.
Attachment #8687849 - Attachment is obsolete: true
Attachment #8687849 - Flags: review?(schien)
Attachment #8688188 - Flags: review?(schien)
Comment on attachment 8688188 [details] [diff] [review] 0001-Bug-1207996-Add-PIN-code-pairing.patch Review of attachment 8688188 [details] [diff] [review]: ----------------------------------------------------------------- The patch is not clearly divide all the pairing related logic from bug 1197749, which means I need to cross reference two patches while reviewing this patch. Please help create a clear patch to reduce review effort. Or, you can use the MozReview so that I can see full source code in one place. https://mozilla-version-control-tools.readthedocs.org/en/latest/mozreview.html ::: b2g/components/RemoteControlService.jsm @@ +359,4 @@ > }, > > _isValidUUID: function(uuid) { > + return (uuid in this._uuids); nit: indentation @@ +389,5 @@ > + if ( width > 0 ) > + { > + return new Array( width + (/\./.test( number ) ? 2 : 1) ).join( '0' ) + number; > + } > + return number + ""; // always return a string why not simply prepend '0's if the length of number.toString() is less than width? @@ +451,5 @@ > + // Send pairing.html to start pairing > + if (this._pairingRequired == false || > + (request.hasHeader("Cookie") && > + this._isValidUUID (decodeURIComponent(request.getHeader("Cookie")).substring(5)))) { > + return "/client.html"; This code looks duplicated in client.sjs. It means you have multiple call path to exam pairing token. Please rearrange this code to a better place. It's also weird to see UUID/pairing related function being exposed to sandbox. ::: b2g/remotecontrol/client.sjs @@ +464,5 @@ > function handleRequest(request, response) > { > + var requestIsValid = (isPairingRequired() == false || > + (request.hasHeader("Cookie") && > + isValidUUID (decodeURIComponent(request.getHeader("Cookie")).substring(5)))); nit: reform the statement to avoid compound expression and reduce the indentation level. for example: if (isPairingRequired()) { let cookie = request.hasHeader("Cookie") ? request.getHeader("Cookie") : undefined; if (!cookie || isValidUUID(decodeURIComponenet(cookie.substring(5))) { // ... redirect to pairing procedure. return; } } //... continue the normal procedure ::: b2g/remotecontrol/pairing.sjs @@ +42,5 @@ > +{ > + var queryString = decodeURIComponent(request.queryString.replace(/\+/g, "%20")); > + > + // Split JSON header "message=" and parse event > + var event = JSON.parse(queryString.substring(8)); Using substring is too hacky. You can use something like https://stackoverflow.com/a/2091331 to dealing with query string.
Attachment #8688188 - Flags: review?(schien)
Target Milestone: FxOS-S11 (13Nov) → 2.6 S2 - 12/4
blocking-b2g: --- → 2.5+
feature-b2g: --- → 2.5+
Target Milestone: 2.6 S2 - 12/4 → 2.6 S6 - 1/29
Remote COntrol descoped from 2.5
blocking-b2g: 2.5+ → 2.6?
feature-b2g: 2.5+ → 2.6?
Summary: [TV 2.5] Provide PIN code pairing to connect TV as remote control → [TV][2.6] Provide PIN code pairing to connect TV as remote control
feature-b2g: 2.6? → ---
Whiteboard: [ft:conndevices][partner-blocker][partner-cherry-pick]Remote3 → [ft:conndevices][partner-blocker]Remote3
Target Milestone: 2.6 S6 - 1/29 → ---
Hi Tori, Will there be any UX spec change due to new use case of remote control? Thanks!
Flags: needinfo?(tchen)
Yes, I will modify the UX spec soon.
Flags: needinfo?(tchen)
Hi Mike, Please check the latest spec for remote control here. This version(v1.1) was reviewed and approved by SC and Eric. Thanks! https://drive.google.com/folderview?id=0B4dMhI4hp32OY0tfN3JvenhySWs&usp=sharing
Flags: needinfo?(mlien)
(In reply to Tori Chen [:tori] from comment #13) > Hi Mike, > > Please check the latest spec for remote control here. This version(v1.1) was > reviewed and approved by SC and Eric. Thanks! > > https://drive.google.com/ > folderview?id=0B4dMhI4hp32OY0tfN3JvenhySWs&usp=sharing According to this UX spec, I'll start to create test plan (bug 1269580). BTW, do you know when will the new visual spec come out?
Flags: needinfo?(mlien) → needinfo?(tchen)
There is already visual spec here: https://drive.google.com/open?id=0B4K8q1qWmtAvalFxMHQ4Uktsb2c I'll ask Peko to update it based on new UX spec, but there shouldn't be too much different besides to removing TV part.
Flags: needinfo?(tchen)
blocking-b2g: 2.6? → 2.6+
Summary: [TV][2.6] Provide PIN code pairing to connect TV as remote control → [TV][2.6] Implement JPAKE authentication over TLS socket server
A minor change on spec after discussion with Eric this Monday. If user enter correct PIN code, show success message, redirect, and "clear" the pin code(V1.2, p12). https://drive.google.com/folderview?id=0B4dMhI4hp32OY0tfN3JvenhySWs&usp=sharing
Flags: needinfo?(mlien)
Flags: needinfo?(mlien)
Hi :schien, I would like invite you to give functional review on b2g. After that, I will open a sec-review bug for implementation review to ensure both gecko and fennec implementations are OK.
Attachment #8688188 - Attachment is obsolete: true
Attachment #8755295 - Flags: review?(schien)
Comment on attachment 8755295 [details] [review] Patch 1. JPAKE authentication over TLS socket server r+ with my comment addressed.
Attachment #8755295 - Flags: review?(schien) → review+
Summary: [TV][2.6] Implement JPAKE authentication over TLS socket server → [TV] Implement JPAKE authentication over TLS socket server
Comment on attachment 8755295 [details] [review] Patch 1. JPAKE authentication over TLS socket server NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings. [Approval Request Comment] Bug caused by (feature/regressing bug #): 1207996 User impact if declined: No function Testing completed: self-tested Risk to taking this patch (and alternatives if risky): low String or UUID changes made by this patch: N/A
Attachment #8755295 - Flags: approval-mozilla-b2g48?
Comment on attachment 8755295 [details] [review] Patch 1. JPAKE authentication over TLS socket server Approve for TV 2.6
Attachment #8755295 - Flags: approval-mozilla-b2g48? → approval-mozilla-b2g48+
Hi Gary, please help to merge to 2.6 branch, thanks!
Flags: needinfo?(xeonchen)
Since this bug is for TV, I suppose this is a 2.6 only bug.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: