I am aware that google native client uses pp::TCPSocket. does they also supports sys/socket.h.
I dont want to change the complete implemantation for socket. Hence want to clarify the things.
Yes, you can use sys/socket.h via the nacl_io library. See https://developer.chrome.com/native-client/devguide/coding/nacl_io.
Take a look at the examples/demo/nacl_io example in the sdk, it has a basic example of using connect/send/recv.
Note that TCP/UDP sockets are only available to Chrome Apps installed from the Chrome Web Store.
See https://developer.chrome.com/apps/app_network for information about using sockets within a Chrome App. This document explains how to use the JavaScript socket API. In Native Client, you'll use the BSD socket API, but you still need to specify the correct permissions in your App's manifest file.
Related
As Blazor let us build code for client side development, I was wondering whether there is any possibility to access native device APIs for cameras, contacts, etc.?
I have looked into a few documentation including this
https://learn.microsoft.com/en-us/aspnet/core/blazor/javascript-interop?view=aspnetcore-3.0
However, I could not find any answer
There no standard libraries shipped by MS, but there a lot of community libraries which wrap access to JS API in the browser:
Large list compiled here: https://github.com/AdrienTorris/awesome-blazor#libraries--extensions
Geolocation: https://github.com/AspNetMonsters/Blazor.Geolocation
Sensors: https://github.com/AspNetMonsters/Blazor.Sensors
Speech Synthesis API: https://github.com/jsakamoto/Toolbelt.Blazor.SpeechSynthesis
Storage: https://github.com/BlazorExtensions/Storage
Notifications API: https://github.com/BlazorExtensions/Notifications
Canvas: https://github.com/BlazorExtensions/Canvas
This is not all list of extensions created by community, so free to look at the existing options.
I am hoping this is not too off topic for a post here.
I have an asp.net webAPI service, which provides a number of routes to get near realtime data (ie within say 10 seconds), which required the client application to poll for changes.
I am investigating on which technology would be best to add an "opt in" push notification service, which just pushes "thin" payloads to tell the client application it is now time to call the existing REST route for an update. This way, the push payload is small, and does not contain any security sensitive data (it still gets this using the existing REST security infrastructure)
Cloud based messaging
Previously, I have been told that, for a Mobile application, I should use something like Firebase cloud messaging, or some other messaging service, however this does not seem like the right solution for "subscription based notifications" I am talking about here. I can certainly see this would be useful, if the client is on either iOS or Android device, and wanted messages/notifications/alarms (etc), which could also work when the application is not running, but this does not seem like the right thing to use of these notifications of changed data (which may be happening all the time, sometimes every 5 seconds). Also, I do not want to only target these mobile devices, but also, for example either a web or desktop application, which may also use the same REST service
Other technologies
I have seen mention of Web sockets, or, in the case of asp.net, the option to use SignalR (which will wrap the web sockets, with fallback). SignalR looks good, but my worry is the availability of client libraries for non web / Windows applications (eg iOS, Android). I am also looking at Rest Hooks. These look interesting, but I can't quite see what the actual "push mechanism" is; it almost looks like they need to POST to the subscriber using HTTP, which means the subscriber has to also act as a "server endpoint".
Just after any thoughts / best practices on this, or what others have used?
In particular, (the verification or otherwise), that for this use case, using cloud based messaging is not the right thing to use due to the frequency of these push notifications (ie something where my server gets to the application via another 3rd party service which pushes to the device/application)
Thanks in advance for any suggestions!
Signalr is an option
There are some libraries which you can use in iOS and android. I suggest you to read once https://visualstudiomagazine.com/articles/2013/11/01/how-to-use-signalr-in-ios-and-android-apps.aspx (its a bit older, but on the point)
Android Client: See How to use signalr in Android
Some alternatives :
Pusher (https://pusher.com/)
Android Client: https://pusher.com/docs/android_quick_start
iOS Client: https://pusher.com/docs/ios_quick_start
Socket.IO (https://socket.io/)
Details iOS Client: https://socket.io/blog/socket-io-on-ios/
Details Andriod Client: https://github.com/socketio/socket.io-client-java
To discuss:
Why you will only send a thin payload whith signalr? I see no benefit for that.
Why "using cloud based messaging is not the right thing"? I do not understand your arguments but I do not know how your application looks like.
Have anyone know anything of any webmail script which provide s/mime support? I'm using roundcube but it doesn't provide it yet.
If you want to send encrypted and/or signed messages using S/MIME format you may give a try to Fossa.me. It is not a standalone solution, but an extension to Google Chrome browser. Also, you will need to have a GMail account. However, runs in a browser like a script.
Disclaimer: I am developer of that extension and PKI services used by it.
Does windows store has an API?
For example when you open the "store" app, there is a "top free" list that will show the top 100 most popular free apps. Is the list coming from an HTTP endpoint somewhere on the internet?
There is no official API for accessing content in the Windows Store. I'm sure that the content is being pulled in from the web via and HTTP or HTTPS endpoint but using an undocumented service like this would likely not be recommended. It also doesn't look like there is a protocol activation schema documented for launching the store. The closest thing I can find is the MarketplaceDetailTask in Windows Phone. http://msdn.microsoft.com/en-us/library/windowsphone/develop/microsoft.phone.tasks.marketplacedetailtask(v=vs.105).aspx
The only other supported way of launching the store would be by using links to apps which cause the store to open.
I have a bit of a difficult situation in that I need a way for a client connected to an ASP.NET MVC site to sign and decrypt blobs with their private key, such that the server never sees the private key material. In the decryption case, these are encrypted session keys. It is acceptable that the server see the session key, just not the users private key.
That is, I need to present the user some content in a browser, have some javascript (or java applets, or silverlight, etc.) execute client side that communicates with a hardware token on the client, and returns the result to the server.
This is NOT client side authentication. I don't need to simply authenticate via IIS with a certificate. The hardware tokens are HID OmniKey USB readers.
My understanding of the options available are:
1. Mozilla Javascript Crypto - This seems to be the optimal route. It appears that Firefox exposes various smart card events and functionality to remote sites. I see how to sign text, but nothing about decrypting blobs (the largest goal). There seems to be methods for loading a PKCS#11 module, but the documentation seems to stop after that.
2. Silverlight with Elevated Trust - This is my second preferable route, because of familiarity with Silverlight and .NET. Silverlight 5 has the ability to P/Invoke, so I could always call the PC/SC modules, but this requires running Out of Browser, which I can't do. There seems to be some posts about running a Silverlight app In Browser with elevated trust, but this is a global setting, and so I don't want to diminish security for other applications.
3. ActiveX - An ActiveX component can interact with the PC/SC module, but this would be an Internet Explorer only solution. If forced to pick a required browser, I'd prefer Firefox or Chrome.
3. Firefox/Chrome Extension - My understanding is Firefox XPCOM is C++, and I can just directly call the PC/SC libraries, and the extension can interact with scripts/DOM on the remote site. I'm not sure how the remote site though can trigger a Firefox extension. In other words, how does the remote site tell the extension "ok, it's time to sign"? One such example of this route is XSign (though it doesn't use hardware tokens).
4. Java Applet - This might ultimately be the only way to do it. I've found a couple examples/guides, but I'm not familiar with Java. Java Applet for Signing with a Smart Card. In this case, it's just a simple applet that can communicate with the token, and post the results to the site.
Are there other options available? I believe option (1), Mozilla Javascript Crypto is the best approach, but the documentation is beyond sparse. Thanks for any guidance.
I have virtually examined all options. The last option (Java Applet) is the most appropriate for your case and easiest to implement. The downside is that JRE (Java Runtime Environment) should already be installed at client side and plays nice with the browser. User also has to grant permission to the applet to connect to his smart card at first run.
BTW if you want to use PKCS#7, you can use Bouncy Castle. It has no standard API in JDK.
PS: Don't use JavaScript for cryptography. Javascript Cryptography Considered Harmful.
Maybe you could consider just having the clients download a native application and install it (once). You can have them use that app to do the authentication and negotiate a session key with your server - the app could then launch a browser with the session key in the launch url. "Native" apps could probably be not that native - use java or .net (if you're windows only) or python etc.