easy_code_sign 0.1.0

data/plugin/native_host/test/native_host_test.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+require "minitest/autorun"
+require "json"
+
+# Add paths for testing
+$LOAD_PATH.unshift(File.expand_path("../../src", __dir__))
+$LOAD_PATH.unshift(File.expand_path("../../../lib", __dir__))
+
+require "protocol"
+
+class ProtocolTest < Minitest::Test
+  def test_sign_response_creates_correct_structure
+    result = {
+      signed_pdf_data: "base64data",
+      signer_name: "CN=Test User",
+      signed_at: Time.now,
+      timestamped: true
+    }
+
+    response = EasySign::Protocol.sign_response("req-123", result)
+
+    assert_equal "sign_response", response[:type]
+    assert_equal "req-123", response[:requestId]
+    assert_nil response[:error]
+    assert_equal "base64data", response[:payload][:signedPdfData]
+    assert_equal "CN=Test User", response[:payload][:signerName]
+    assert response[:payload][:timestamped]
+  end
+
+  def test_error_response_creates_correct_structure
+    response = EasySign::Protocol.error_response(
+      "req-456",
+      EasySign::Protocol::ErrorCodes::PIN_INCORRECT,
+      "Wrong PIN",
+      { retriesRemaining: 2 }
+    )
+
+    assert_equal "error", response[:type]
+    assert_equal "req-456", response[:requestId]
+    assert_nil response[:payload]
+    assert_equal "PIN_INCORRECT", response[:error][:code]
+    assert_equal "Wrong PIN", response[:error][:message]
+    assert_equal 2, response[:error][:details][:retriesRemaining]
+  end
+
+  def test_verify_response_creates_correct_structure
+    result = {
+      valid: true,
+      signer_name: "CN=Test User",
+      signature_valid: true,
+      integrity_valid: true,
+      certificate_valid: true,
+      chain_valid: true,
+      trusted: true,
+      timestamped: false,
+      errors: [],
+      warnings: []
+    }
+
+    response = EasySign::Protocol.verify_response("req-789", result)
+
+    assert_equal "verify_response", response[:type]
+    assert_equal "req-789", response[:requestId]
+    assert response[:payload][:valid]
+    assert response[:payload][:signatureValid]
+    assert_empty response[:payload][:errors]
+  end
+
+  def test_availability_response_creates_correct_structure
+    result = {
+      available: true,
+      token_present: true,
+      slots: [
+        { index: 0, token_label: "Token1", manufacturer: "SafeNet", serial: "12345" }
+      ]
+    }
+
+    response = EasySign::Protocol.availability_response("req-000", result)
+
+    assert_equal "availability_response", response[:type]
+    assert response[:payload][:available]
+    assert response[:payload][:tokenPresent]
+    assert_equal 1, response[:payload][:slots].length
+    assert_equal "Token1", response[:payload][:slots][0][:tokenLabel]
+  end
+end
+
+class MessageFormatTest < Minitest::Test
+  def test_native_message_encoding
+    message = { type: "test", requestId: "123" }
+    json = message.to_json
+    length = [json.bytesize].pack("V")
+
+    # Verify length prefix format
+    assert_equal 4, length.bytesize
+    assert_equal json.bytesize, length.unpack1("V")
+  end
+
+  def test_native_message_decoding
+    message = { type: "sign", requestId: "abc", payload: { pdfData: "test" } }
+    json = message.to_json
+    length_bytes = [json.bytesize].pack("V")
+
+    # Simulate reading
+    decoded_length = length_bytes.unpack1("V")
+    assert_equal json.bytesize, decoded_length
+
+    decoded = JSON.parse(json, symbolize_names: true)
+    assert_equal "sign", decoded[:type]
+    assert_equal "abc", decoded[:requestId]
+  end
+end

data/plugin/src/easy_sign/background.rb

@@ -0,0 +1,323 @@
+# frozen_string_literal: true
+# backtick_javascript: true
+
+require "native"
+require "easy_sign/messaging"
+
+# Background service worker for EasySign browser extension
+# Handles communication between content scripts and native messaging host
+module EasySign
+  class Background
+    NATIVE_HOST_NAME = "com.easysign.host"
+
+    def initialize
+      @native_port = nil
+      @pending_requests = {}
+      @current_signing_request = nil
+      setup_listeners
+      puts "EasySign background service worker initialized"
+    end
+
+    def setup_listeners
+      # Listen for messages from content scripts
+      `chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
+        #{handle_message(`message`, `sender`, `sendResponse`)}
+        return true; // Keep channel open for async response
+      })`
+
+      # Listen for connections (for popup communication)
+      `chrome.runtime.onConnect.addListener((port) => {
+        #{handle_port_connect(`port`)}
+      })`
+    end
+
+    def handle_message(message, sender, send_response)
+      type = message[:type] || `message.type`
+      request_id = message[:request_id] || `message.requestId` || `message.request_id`
+
+      case type
+      when Messaging::Types::SIGN_REQUEST
+        handle_sign_request(message, sender, send_response)
+      when Messaging::Types::VERIFY_REQUEST
+        handle_verify_request(message, sender, send_response)
+      when Messaging::Types::AVAILABILITY_REQUEST
+        handle_availability_request(send_response)
+      when Messaging::Types::CANCEL_REQUEST
+        handle_cancel_request(request_id, send_response)
+      else
+        send_error(send_response, request_id, Messaging::ErrorCodes::INTERNAL_ERROR,
+                   "Unknown message type: #{type}")
+      end
+    end
+
+    def handle_port_connect(port)
+      port_name = `port.name`
+
+      case port_name
+      when "popup"
+        setup_popup_port(port)
+      end
+    end
+
+    def setup_popup_port(port)
+      @popup_port = port
+
+      `port.onMessage.addListener((message) => {
+        #{handle_popup_message(`message`)}
+      })`
+
+      `port.onDisconnect.addListener(() => {
+        #{handle_popup_disconnect}
+      })`
+    end
+
+    def handle_popup_message(message)
+      type = message[:type] || `message.type`
+
+      case type
+      when Messaging::Types::PIN_SUBMITTED
+        pin = message[:pin] || `message.pin`
+        complete_signing_with_pin(pin)
+      when Messaging::Types::PIN_CANCELLED
+        cancel_current_signing
+      when Messaging::Types::POPUP_READY
+        send_signing_context_to_popup
+      end
+    end
+
+    def handle_popup_disconnect
+      @popup_port = nil
+      # If popup closes without submitting PIN, cancel the operation
+      cancel_current_signing if @current_signing_request
+    end
+
+    def handle_sign_request(message, sender, send_response)
+      payload = message[:payload] || `message.payload`
+
+      # Validate origin
+      origin = `sender.origin || sender.url`
+      unless origin_allowed?(origin)
+        send_error(send_response, message[:request_id],
+                   Messaging::ErrorCodes::ORIGIN_NOT_ALLOWED,
+                   "Origin not allowed: #{origin}")
+        return
+      end
+
+      # Store the request for completion after PIN entry
+      @current_signing_request = {
+        message: message,
+        sender: sender,
+        send_response: send_response,
+        payload: payload
+      }
+
+      # Open popup for PIN entry
+      open_pin_popup
+    end
+
+    def handle_verify_request(message, sender, send_response)
+      payload = message[:payload] || `message.payload`
+
+      # Verification doesn't need PIN, send directly to native host
+      ensure_native_connection do |error|
+        if error
+          send_error(send_response, message[:request_id],
+                     Messaging::ErrorCodes::NATIVE_HOST_NOT_FOUND, error)
+          return
+        end
+
+        native_message = {
+          type: "verify",
+          requestId: message[:request_id] || `message.requestId`,
+          payload: {
+            pdfData: payload[:pdf_data] || `payload.pdfData`,
+            checkTimestamp: payload[:check_timestamp] != false
+          }
+        }
+
+        send_to_native(native_message, send_response)
+      end
+    end
+
+    def handle_availability_request(send_response)
+      ensure_native_connection do |error|
+        if error
+          # Native host not available, but extension is
+          response = Messaging.create_response(
+            nil,
+            Messaging::Types::AVAILABILITY_RESPONSE,
+            { available: false, nativeHostInstalled: false, error: error }
+          )
+          `sendResponse(#{response.to_n})`
+          return
+        end
+
+        native_message = { type: "check_availability", requestId: Messaging.generate_request_id }
+        send_to_native(native_message, send_response)
+      end
+    end
+
+    def handle_cancel_request(request_id, send_response)
+      if @current_signing_request && @current_signing_request[:message][:request_id] == request_id
+        cancel_current_signing
+      end
+
+      response = Messaging.create_response(request_id, "cancel_response", { cancelled: true })
+      `sendResponse(#{response.to_n})`
+    end
+
+    def complete_signing_with_pin(pin)
+      return unless @current_signing_request
+
+      request = @current_signing_request
+      message = request[:message]
+      payload = request[:payload]
+      send_response = request[:send_response]
+
+      ensure_native_connection do |error|
+        if error
+          send_error(send_response, message[:request_id],
+                     Messaging::ErrorCodes::NATIVE_HOST_NOT_FOUND, error)
+          @current_signing_request = nil
+          return
+        end
+
+        native_message = {
+          type: "sign",
+          requestId: message[:request_id] || `message.requestId`,
+          payload: {
+            pdfData: payload[:pdf_data] || `payload.pdfData`,
+            pin: pin,
+            options: payload[:options] || `payload.options` || {}
+          }
+        }
+
+        send_to_native(native_message, send_response)
+        @current_signing_request = nil
+      end
+    end
+
+    def cancel_current_signing
+      return unless @current_signing_request
+
+      request = @current_signing_request
+      send_response = request[:send_response]
+      request_id = request[:message][:request_id]
+
+      send_error(send_response, request_id, Messaging::ErrorCodes::CANCELLED, "Operation cancelled by user")
+      @current_signing_request = nil
+    end
+
+    def send_signing_context_to_popup
+      return unless @popup_port && @current_signing_request
+
+      context = {
+        type: "signing_context",
+        origin: @current_signing_request[:sender] && `#{@current_signing_request[:sender]}.origin`,
+        options: @current_signing_request[:payload][:options] || {}
+      }
+
+      `#{@popup_port}.postMessage(#{context.to_n})`
+    end
+
+    def open_pin_popup
+      # Open extension popup programmatically
+      `chrome.action.openPopup().catch((e) => {
+        console.error('Failed to open popup:', e);
+        // Fallback: create a new window
+        chrome.windows.create({
+          url: 'popup/popup.html',
+          type: 'popup',
+          width: 400,
+          height: 300
+        });
+      })`
+    end
+
+    def ensure_native_connection(&block)
+      if @native_port
+        block.call(nil)
+        return
+      end
+
+      begin
+        @native_port = `chrome.runtime.connectNative(#{NATIVE_HOST_NAME})`
+
+        `#{@native_port}.onMessage.addListener((msg) => {
+          #{handle_native_message(`msg`)}
+        })`
+
+        `#{@native_port}.onDisconnect.addListener(() => {
+          #{handle_native_disconnect}
+        })`
+
+        # Small delay to ensure connection is established
+        `setTimeout(() => { #{block.call(nil)} }, 50)`
+      rescue => e
+        block.call("Failed to connect to native host: #{e.message}")
+      end
+    end
+
+    def send_to_native(message, send_response)
+      return unless @native_port
+
+      request_id = message[:requestId] || `message.requestId`
+      @pending_requests[request_id] = send_response
+
+      `#{@native_port}.postMessage(#{message.to_n})`
+
+      # Set timeout
+      `setTimeout(() => {
+        #{handle_request_timeout(request_id)}
+      }, #{Messaging::DEFAULT_TIMEOUT})`
+    end
+
+    def handle_native_message(message)
+      request_id = message[:requestId] || `message.requestId` || message[:request_id]
+      send_response = @pending_requests.delete(request_id)
+
+      return unless send_response
+
+      # Forward response to content script
+      `sendResponse(#{message.to_n})`
+    end
+
+    def handle_native_disconnect
+      error = `chrome.runtime.lastError?.message || 'Native host disconnected'`
+
+      @pending_requests.each do |request_id, send_response|
+        send_error(send_response, request_id, Messaging::ErrorCodes::NATIVE_HOST_NOT_FOUND, error)
+      end
+
+      @pending_requests.clear
+      @native_port = nil
+
+      # Cancel current signing request if any
+      cancel_current_signing
+    end
+
+    def handle_request_timeout(request_id)
+      send_response = @pending_requests.delete(request_id)
+      return unless send_response
+
+      send_error(send_response, request_id, Messaging::ErrorCodes::TIMEOUT, "Operation timed out")
+    end
+
+    def send_error(send_response, request_id, code, message)
+      response = Messaging.create_error(request_id, code, message)
+      `sendResponse(#{response.to_n})`
+    end
+
+    def origin_allowed?(origin)
+      # TODO: Make this configurable via extension options
+      # For now, allow localhost and https origins
+      return true if origin =~ /^https?:\/\/localhost/
+      return true if origin =~ /^https:\/\//
+
+      false
+    end
+  end
+end
+
+# Initialize background service worker
+EasySign::Background.new

data/plugin/src/easy_sign/content.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+# backtick_javascript: true
+
+require "native"
+require "easy_sign/messaging"
+
+# Content script for EasySign browser extension
+# Bridges communication between web page and extension background
+module EasySign
+  class ContentScript
+    def initialize
+      @pending_responses = {}
+      setup_page_listener
+      inject_api_script
+      puts "EasySign content script initialized"
+    end
+
+    def setup_page_listener
+      # Listen for messages from the page (inject.js)
+      `window.addEventListener('message', (event) => {
+        // Only accept messages from the same window
+        if (event.source !== window) return;
+
+        // Only accept messages targeted at the extension
+        if (!event.data || event.data.target !== #{Messaging::Targets::EXTENSION.to_n}) return;
+
+        #{handle_page_message(`event.data`, `event.origin`)}
+      })`
+    end
+
+    def handle_page_message(data, origin)
+      request_id = data[:request_id] || `data.requestId` || `data.request_id`
+      type = data[:type] || `data.type`
+
+      # Forward to background script
+      `chrome.runtime.sendMessage(#{data.to_n}, (response) => {
+        #{handle_background_response(`response`, request_id)}
+      })`
+    end
+
+    def handle_background_response(response, request_id)
+      # Check for chrome runtime errors
+      error = `chrome.runtime.lastError`
+      if error
+        response = Messaging.create_error(
+          request_id,
+          Messaging::ErrorCodes::INTERNAL_ERROR,
+          `error.message || 'Extension error'`
+        )
+      end
+
+      # Send response back to page
+      post_to_page(response)
+    end
+
+    def post_to_page(message)
+      page_message = (message || {}).merge(target: Messaging::Targets::PAGE)
+      `window.postMessage(#{page_message.to_n}, '*')`
+    end
+
+    def inject_api_script
+      # Inject the page-context script that exposes window.EasySign
+      `const script = document.createElement('script');
+       script.src = chrome.runtime.getURL('inject.js');
+       script.onload = function() {
+         this.remove();
+       };
+       (document.head || document.documentElement).appendChild(script);`
+    end
+  end
+end
+
+# Initialize content script
+EasySign::ContentScript.new