qzind / qz-print

Archive for legacy qz-print versions (1.8, 1.9). See https://github.com/qzind/tray for modern versions.
Other
141 stars 101 forks source link

Cannot generate certificate/keys in Safari #69

Closed klabarge closed 9 years ago

klabarge commented 9 years ago

I tested on both of the below versions with the same results.

Version 5.1.7 (7534.57.7)
Version 8.0.7 (10600.7.12)

When trying to generate both the CSR and the key pair, the browser hangs at "Generating key pair" and never completes.

Inspect element shows the error:

TypeError: 'undefined' is not an object (evaluating 'window.crypto.subtle.generateKey')

image

tresf commented 9 years ago

Related: http://stackoverflow.com/questions/31798241/safari-webcrypto-api-rsa-oaep-encryption

Per https://www.theseus.fi/bitstream/handle/10024/92960/Web_Cryptography_API_Luoma-aho.pdf?sequence=1, Apple's API hasn't matured yet, so they're using a different namespace. This should fix it:

// fix safari crypto namespace
if (window.crypto && !window.crypto.subtle && window.crypto.webkitSubtle) {
    window.crypto.subtle = window.crypto.webkitSubtle;
}
tresf commented 9 years ago

@klabarge can you re-test now that we've applied https://github.com/qzind/qz.io/commit/daf14d6c8dc53b1fef34fa8987c4eb5d122cffeb

klabarge commented 9 years ago

Same error is displayed after the change: image

tresf commented 9 years ago

AFAIk, crypto is only supported on Safari 8. Which Safari version are you testing against?

klabarge commented 9 years ago

Both versions 5 and 8 still hang on "Generating key pair..."

tresf commented 9 years ago

Right, but the error on 8 is no longer TypeError: 'undefined' is not an object (evaluating 'window.crypto.subtle.generateKey'), so that portion is fixed now. I'll have to put some more time into this. It appears it's at least getting further now.

tresf commented 9 years ago

Since there are no errors I have the feeling there's some callback or promise not getting returned from JavaScript.

@Lukas-W opinions welcome.

tresf commented 9 years ago

I'm pretty sure this is due to the download never happening, which is sad... Ultimately, downloading a JavaScript generated "Blob" file is unsupported in Safari. We'd have to farm this off to the server currently, which defeats the purpose of a private key.

https://bugs.webkit.org/show_bug.cgi?id=102914#c25

Edit: Probably a short-term solution (while we all wait for Apple to fix this functionality) is to display a warning for Safari being unsupported, or set a timeout value that displays a generic "please try another browser or clear your cache" warning.

@Lukas-W although this is in the wrong repo, I'll still wait for you to chime in before closing this out.

-Tres

tresf commented 9 years ago

@Lukas-W shall we just put a warning for Safari users? It seems Safari doesn't have the blob support which would be required for downloading the client-side private key.

tresf commented 9 years ago

Moved to https://github.com/qzind/qz.io/issues/32