[Web] Add u2f api from bitwardens repository to skip u2f when it is browser-provided

data/web/js/u2f-api.js

@@ -4,745 +4,776 @@
 //license that can be found in the LICENSE file or at
 //https://developers.google.com/open-source/licenses/bsd
 
+// ref: https://github.com/google/u2f-ref-code/blob/master/u2f-gae-demo/war/js/u2f-api.js
+
 /**
  * @fileoverview The U2F api.
  */
 'use strict';
 
-
-/**
- * Namespace for the U2F api.
- * @type {Object}
- */
-var u2f = u2f || {};
-
-/**
- * FIDO U2F Javascript API Version
- * @number
- */
-var js_api_version;
-
-/**
- * The U2F extension id
- * @const {string}
- */
-// The Chrome packaged app extension ID.
-// Uncomment this if you want to deploy a server instance that uses
-// the package Chrome app and does not require installing the U2F Chrome extension.
- u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
-// The U2F Chrome extension ID.
-// Uncomment this if you want to deploy a server instance that uses
-// the U2F Chrome extension to authenticate.
-// u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
-
-
-/**
- * Message types for messsages to/from the extension
- * @const
- * @enum {string}
- */
-u2f.MessageTypes = {
-    'U2F_REGISTER_REQUEST': 'u2f_register_request',
-    'U2F_REGISTER_RESPONSE': 'u2f_register_response',
-    'U2F_SIGN_REQUEST': 'u2f_sign_request',
-    'U2F_SIGN_RESPONSE': 'u2f_sign_response',
-    'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
-    'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
-};
-
-
 /**
- * Response status codes
- * @const
- * @enum {number}
+ * Modification:
+ * Wrap implementation so that we can exit if window.u2f is already supplied by the browser (see below).
  */
-u2f.ErrorCodes = {
-    'OK': 0,
-    'OTHER_ERROR': 1,
-    'BAD_REQUEST': 2,
-    'CONFIGURATION_UNSUPPORTED': 3,
-    'DEVICE_INELIGIBLE': 4,
-    'TIMEOUT': 5
-};
-
-
-/**
- * A message for registration requests
- * @typedef {{
- *   type: u2f.MessageTypes,
- *   appId: ?string,
- *   timeoutSeconds: ?number,
- *   requestId: ?number
- * }}
- */
-u2f.U2fRequest;
-
-
-/**
- * A message for registration responses
- * @typedef {{
- *   type: u2f.MessageTypes,
- *   responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
- *   requestId: ?number
- * }}
- */
-u2f.U2fResponse;
-
-
-/**
- * An error object for responses
- * @typedef {{
- *   errorCode: u2f.ErrorCodes,
- *   errorMessage: ?string
- * }}
- */
-u2f.Error;
-
-/**
- * Data object for a single sign request.
- * @typedef {enum {BLUETOOTH_RADIO, BLUETOOTH_LOW_ENERGY, USB, NFC}}
- */
-u2f.Transport;
-
-
-/**
- * Data object for a single sign request.
- * @typedef {Array<u2f.Transport>}
- */
-u2f.Transports;
-
-/**
- * Data object for a single sign request.
- * @typedef {{
- *   version: string,
- *   challenge: string,
- *   keyHandle: string,
- *   appId: string
- * }}
- */
-u2f.SignRequest;
-
-
-/**
- * Data object for a sign response.
- * @typedef {{
- *   keyHandle: string,
- *   signatureData: string,
- *   clientData: string
- * }}
- */
-u2f.SignResponse;
-
+(function (root) {
+    /**
+     * Modification:
+     * Only continue load this library if window.u2f is not already supplied by the browser.
+     */
+    var isFirefox = navigator.userAgent.indexOf('Firefox') !== -1 || navigator.userAgent.indexOf('Gecko/') !== -1;
+    var browserImplementsU2f = !!((typeof root.u2f !== 'undefined') && root.u2f.register);
 
-/**
- * Data object for a registration request.
- * @typedef {{
- *   version: string,
- *   challenge: string
- * }}
- */
-u2f.RegisterRequest;
-
-
-/**
- * Data object for a registration response.
- * @typedef {{
- *   version: string,
- *   keyHandle: string,
- *   transports: Transports,
- *   appId: string
- * }}
- */
-u2f.RegisterResponse;
-
-
-/**
- * Data object for a registered key.
- * @typedef {{
- *   version: string,
- *   keyHandle: string,
- *   transports: ?Transports,
- *   appId: ?string
- * }}
- */
-u2f.RegisteredKey;
-
-
-/**
- * Data object for a get API register response.
- * @typedef {{
- *   js_api_version: number
- * }}
- */
-u2f.GetJsApiVersionResponse;
-
-
-//Low level MessagePort API support
+    if (isFirefox && browserImplementsU2f) {
+        root.u2f.isSupported = true;
+        return;
+    }
 
-/**
- * Sets up a MessagePort to the U2F extension using the
- * available mechanisms.
- * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
- */
-u2f.getMessagePort = function(callback) {
-  if (typeof chrome != 'undefined' && chrome.runtime) {
-    // The actual message here does not matter, but we need to get a reply
-    // for the callback to run. Thus, send an empty signature request
-    // in order to get a failure response.
-    var msg = {
-        type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-        signRequests: []
+    /**
+     * Namespace for the U2F api.
+     * @type {Object}
+     */
+    var u2f = root.u2f || {};
+
+    /**
+     * Modification:
+     * Check if browser supports U2F API before this wrapper was added.
+     */
+    u2f.isSupported = !!(((typeof u2f !== 'undefined') && u2f.register) || ((typeof chrome !== 'undefined') && chrome.runtime));
+
+    /**
+     * FIDO U2F Javascript API Version
+     * @number
+     */
+    var js_api_version;
+
+    /**
+     * The U2F extension id
+     * @const {string}
+     */
+    // The Chrome packaged app extension ID.
+    // Uncomment this if you want to deploy a server instance that uses
+    // the package Chrome app and does not require installing the U2F Chrome extension.
+    u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
+    // The U2F Chrome extension ID.
+    // Uncomment this if you want to deploy a server instance that uses
+    // the U2F Chrome extension to authenticate.
+    // u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
+
+
+    /**
+     * Message types for messsages to/from the extension
+     * @const
+     * @enum {string}
+     */
+    u2f.MessageTypes = {
+        'U2F_REGISTER_REQUEST': 'u2f_register_request',
+        'U2F_REGISTER_RESPONSE': 'u2f_register_response',
+        'U2F_SIGN_REQUEST': 'u2f_sign_request',
+        'U2F_SIGN_RESPONSE': 'u2f_sign_response',
+        'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
+        'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
     };
-    chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
-      if (!chrome.runtime.lastError) {
-        // We are on a whitelisted origin and can talk directly
-        // with the extension.
-        u2f.getChromeRuntimePort_(callback);
-      } else {
-        // chrome.runtime was available, but we couldn't message
-        // the extension directly, use iframe
-        u2f.getIframePort_(callback);
-      }
-    });
-  } else if (u2f.isAndroidChrome_()) {
-    u2f.getAuthenticatorPort_(callback);
-  } else if (u2f.isIosChrome_()) {
-    u2f.getIosPort_(callback);
-  } else {
-    // chrome.runtime was not available at all, which is normal
-    // when this origin doesn't have access to any extensions.
-    u2f.getIframePort_(callback);
-  }
-};
-
-/**
- * Detect chrome running on android based on the browser's useragent.
- * @private
- */
-u2f.isAndroidChrome_ = function() {
-  var userAgent = navigator.userAgent;
-  return userAgent.indexOf('Chrome') != -1 &&
-  userAgent.indexOf('Android') != -1;
-};
-
-/**
- * Detect chrome running on iOS based on the browser's platform.
- * @private
- */
-u2f.isIosChrome_ = function() {
-  return ["iPhone", "iPad", "iPod"].indexOf(navigator.platform) > -1;
-};
 
-/**
- * Connects directly to the extension via chrome.runtime.connect.
- * @param {function(u2f.WrappedChromeRuntimePort_)} callback
- * @private
- */
-u2f.getChromeRuntimePort_ = function(callback) {
-  var port = chrome.runtime.connect(u2f.EXTENSION_ID,
-      {'includeTlsChannelId': true});
-  setTimeout(function() {
-    callback(new u2f.WrappedChromeRuntimePort_(port));
-  }, 0);
-};
 
-/**
- * Return a 'port' abstraction to the Authenticator app.
- * @param {function(u2f.WrappedAuthenticatorPort_)} callback
- * @private
- */
-u2f.getAuthenticatorPort_ = function(callback) {
-  setTimeout(function() {
-    callback(new u2f.WrappedAuthenticatorPort_());
-  }, 0);
-};
-
-/**
- * Return a 'port' abstraction to the iOS client app.
- * @param {function(u2f.WrappedIosPort_)} callback
- * @private
- */
-u2f.getIosPort_ = function(callback) {
-  setTimeout(function() {
-    callback(new u2f.WrappedIosPort_());
-  }, 0);
-};
+    /**
+     * Response status codes
+     * @const
+     * @enum {number}
+     */
+    u2f.ErrorCodes = {
+        'OK': 0,
+        'OTHER_ERROR': 1,
+        'BAD_REQUEST': 2,
+        'CONFIGURATION_UNSUPPORTED': 3,
+        'DEVICE_INELIGIBLE': 4,
+        'TIMEOUT': 5
+    };
 
-/**
- * A wrapper for chrome.runtime.Port that is compatible with MessagePort.
- * @param {Port} port
- * @constructor
- * @private
- */
-u2f.WrappedChromeRuntimePort_ = function(port) {
-  this.port_ = port;
-};
 
-/**
- * Format and return a sign request compliant with the JS API version supported by the extension.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {number} timeoutSeconds
- * @param {number} reqId
- * @return {Object}
- */
-u2f.formatSignRequest_ =
-  function(appId, challenge, registeredKeys, timeoutSeconds, reqId) {
-  if (js_api_version === undefined || js_api_version < 1.1) {
-    // Adapt request to the 1.0 JS API
-    var signRequests = [];
-    for (var i = 0; i < registeredKeys.length; i++) {
-      signRequests[i] = {
-          version: registeredKeys[i].version,
-          challenge: challenge,
-          keyHandle: registeredKeys[i].keyHandle,
-          appId: appId
-      };
-    }
-    return {
-      type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-      signRequests: signRequests,
-      timeoutSeconds: timeoutSeconds,
-      requestId: reqId
+    /**
+     * A message for registration requests
+     * @typedef {{
+     *   type: u2f.MessageTypes,
+     *   appId: ?string,
+     *   timeoutSeconds: ?number,
+     *   requestId: ?number
+     * }}
+     */
+    u2f.U2fRequest;
+
+
+    /**
+     * A message for registration responses
+     * @typedef {{
+     *   type: u2f.MessageTypes,
+     *   responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
+     *   requestId: ?number
+     * }}
+     */
+    u2f.U2fResponse;
+
+
+    /**
+     * An error object for responses
+     * @typedef {{
+     *   errorCode: u2f.ErrorCodes,
+     *   errorMessage: ?string
+     * }}
+     */
+    u2f.Error;
+
+    /**
+     * Data object for a single sign request.
+     * @typedef {enum {BLUETOOTH_RADIO, BLUETOOTH_LOW_ENERGY, USB, NFC}}
+     */
+    u2f.Transport;
+
+
+    /**
+     * Data object for a single sign request.
+     * @typedef {Array<u2f.Transport>}
+     */
+    u2f.Transports;
+
+    /**
+     * Data object for a single sign request.
+     * @typedef {{
+     *   version: string,
+     *   challenge: string,
+     *   keyHandle: string,
+     *   appId: string
+     * }}
+     */
+    u2f.SignRequest;
+
+
+    /**
+     * Data object for a sign response.
+     * @typedef {{
+     *   keyHandle: string,
+     *   signatureData: string,
+     *   clientData: string
+     * }}
+     */
+    u2f.SignResponse;
+
+
+    /**
+     * Data object for a registration request.
+     * @typedef {{
+     *   version: string,
+     *   challenge: string
+     * }}
+     */
+    u2f.RegisterRequest;
+
+
+    /**
+     * Data object for a registration response.
+     * @typedef {{
+     *   version: string,
+     *   keyHandle: string,
+     *   transports: Transports,
+     *   appId: string
+     * }}
+     */
+    u2f.RegisterResponse;
+
+
+    /**
+     * Data object for a registered key.
+     * @typedef {{
+     *   version: string,
+     *   keyHandle: string,
+     *   transports: ?Transports,
+     *   appId: ?string
+     * }}
+     */
+    u2f.RegisteredKey;
+
+
+    /**
+     * Data object for a get API register response.
+     * @typedef {{
+     *   js_api_version: number
+     * }}
+     */
+    u2f.GetJsApiVersionResponse;
+
+
+    //Low level MessagePort API support
+
+    /**
+     * Sets up a MessagePort to the U2F extension using the
+     * available mechanisms.
+     * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
+     */
+    u2f.getMessagePort = function (callback) {
+        if (typeof chrome != 'undefined' && chrome.runtime) {
+            // The actual message here does not matter, but we need to get a reply
+            // for the callback to run. Thus, send an empty signature request
+            // in order to get a failure response.
+            var msg = {
+                type: u2f.MessageTypes.U2F_SIGN_REQUEST,
+                signRequests: []
+            };
+            chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function () {
+                if (!chrome.runtime.lastError) {
+                    // We are on a whitelisted origin and can talk directly
+                    // with the extension.
+                    u2f.getChromeRuntimePort_(callback);
+                } else {
+                    // chrome.runtime was available, but we couldn't message
+                    // the extension directly, use iframe
+                    u2f.getIframePort_(callback);
+                }
+            });
+        } else if (u2f.isAndroidChrome_()) {
+            u2f.getAuthenticatorPort_(callback);
+        } else if (u2f.isIosChrome_()) {
+            u2f.getIosPort_(callback);
+        } else {
+            // chrome.runtime was not available at all, which is normal
+            // when this origin doesn't have access to any extensions.
+            u2f.getIframePort_(callback);
+        }
     };
-  }
-  // JS 1.1 API
-  return {
-    type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-    appId: appId,
-    challenge: challenge,
-    registeredKeys: registeredKeys,
-    timeoutSeconds: timeoutSeconds,
-    requestId: reqId
-  };
-};
 
-/**
- * Format and return a register request compliant with the JS API version supported by the extension..
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {Array<u2f.RegisterRequest>} signRequests
- * @param {number} timeoutSeconds
- * @param {number} reqId
- * @return {Object}
- */
-u2f.formatRegisterRequest_ =
-  function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
-  if (js_api_version === undefined || js_api_version < 1.1) {
-    // Adapt request to the 1.0 JS API
-    for (var i = 0; i < registerRequests.length; i++) {
-      registerRequests[i].appId = appId;
-    }
-    var signRequests = [];
-    for (var i = 0; i < registeredKeys.length; i++) {
-      signRequests[i] = {
-          version: registeredKeys[i].version,
-          challenge: registerRequests[0],
-          keyHandle: registeredKeys[i].keyHandle,
-          appId: appId
-      };
-    }
-    return {
-      type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-      signRequests: signRequests,
-      registerRequests: registerRequests,
-      timeoutSeconds: timeoutSeconds,
-      requestId: reqId
+    /**
+     * Detect chrome running on android based on the browser's useragent.
+     * @private
+     */
+    u2f.isAndroidChrome_ = function () {
+        var userAgent = navigator.userAgent;
+        return userAgent.indexOf('Chrome') != -1 &&
+            userAgent.indexOf('Android') != -1;
     };
-  }
-  // JS 1.1 API
-  return {
-    type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-    appId: appId,
-    registerRequests: registerRequests,
-    registeredKeys: registeredKeys,
-    timeoutSeconds: timeoutSeconds,
-    requestId: reqId
-  };
-};
 
+    /**
+     * Detect chrome running on iOS based on the browser's platform.
+     * @private
+     */
+    u2f.isIosChrome_ = function () {
+        return ["iPhone", "iPad", "iPod"].indexOf(navigator.platform) > -1;
+    };
 
-/**
- * Posts a message on the underlying channel.
- * @param {Object} message
- */
-u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
-  this.port_.postMessage(message);
-};
-
-
-/**
- * Emulates the HTML 5 addEventListener interface. Works only for the
- * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
-    function(eventName, handler) {
-  var name = eventName.toLowerCase();
-  if (name == 'message' || name == 'onmessage') {
-    this.port_.onMessage.addListener(function(message) {
-      // Emulate a minimal MessageEvent object
-      handler({'data': message});
-    });
-  } else {
-    console.error('WrappedChromeRuntimePort only supports onMessage');
-  }
-};
-
-/**
- * Wrap the Authenticator app with a MessagePort interface.
- * @constructor
- * @private
- */
-u2f.WrappedAuthenticatorPort_ = function() {
-  this.requestId_ = -1;
-  this.requestObject_ = null;
-}
-
-/**
- * Launch the Authenticator intent.
- * @param {Object} message
- */
-u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
-  var intentUrl =
-    u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-    ';S.request=' + encodeURIComponent(JSON.stringify(message)) +
-    ';end';
-  document.location = intentUrl;
-};
-
-/**
- * Tells what type of port this is.
- * @return {String} port type
- */
-u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() {
-  return "WrappedAuthenticatorPort_";
-};
-
-
-/**
- * Emulates the HTML 5 addEventListener interface.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) {
-  var name = eventName.toLowerCase();
-  if (name == 'message') {
-    var self = this;
-    /* Register a callback to that executes when
-     * chrome injects the response. */
-    window.addEventListener(
-        'message', self.onRequestUpdate_.bind(self, handler), false);
-  } else {
-    console.error('WrappedAuthenticatorPort only supports message');
-  }
-};
-
-/**
- * Callback invoked  when a response is received from the Authenticator.
- * @param function({data: Object}) callback
- * @param {Object} message message Object
- */
-u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
-    function(callback, message) {
-  var messageObject = JSON.parse(message.data);
-  var intentUrl = messageObject['intentURL'];
+    /**
+     * Connects directly to the extension via chrome.runtime.connect.
+     * @param {function(u2f.WrappedChromeRuntimePort_)} callback
+     * @private
+     */
+    u2f.getChromeRuntimePort_ = function (callback) {
+        var port = chrome.runtime.connect(u2f.EXTENSION_ID,
+            { 'includeTlsChannelId': true });
+        setTimeout(function () {
+            callback(new u2f.WrappedChromeRuntimePort_(port));
+        }, 0);
+    };
 
-  var errorCode = messageObject['errorCode'];
-  var responseObject = null;
-  if (messageObject.hasOwnProperty('data')) {
-    responseObject = /** @type {Object} */ (
-        JSON.parse(messageObject['data']));
-  }
+    /**
+     * Return a 'port' abstraction to the Authenticator app.
+     * @param {function(u2f.WrappedAuthenticatorPort_)} callback
+     * @private
+     */
+    u2f.getAuthenticatorPort_ = function (callback) {
+        setTimeout(function () {
+            callback(new u2f.WrappedAuthenticatorPort_());
+        }, 0);
+    };
 
-  callback({'data': responseObject});
-};
+    /**
+     * Return a 'port' abstraction to the iOS client app.
+     * @param {function(u2f.WrappedIosPort_)} callback
+     * @private
+     */
+    u2f.getIosPort_ = function (callback) {
+        setTimeout(function () {
+            callback(new u2f.WrappedIosPort_());
+        }, 0);
+    };
 
-/**
- * Base URL for intents to Authenticator.
- * @const
- * @private
- */
-u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
-  'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
+    /**
+     * A wrapper for chrome.runtime.Port that is compatible with MessagePort.
+     * @param {Port} port
+     * @constructor
+     * @private
+     */
+    u2f.WrappedChromeRuntimePort_ = function (port) {
+        this.port_ = port;
+    };
 
-/**
- * Wrap the iOS client app with a MessagePort interface.
- * @constructor
- * @private
- */
-u2f.WrappedIosPort_ = function() {};
+    /**
+     * Format and return a sign request compliant with the JS API version supported by the extension.
+     * @param {Array<u2f.SignRequest>} signRequests
+     * @param {number} timeoutSeconds
+     * @param {number} reqId
+     * @return {Object}
+     */
+    u2f.formatSignRequest_ =
+        function (appId, challenge, registeredKeys, timeoutSeconds, reqId) {
+            if (js_api_version === undefined || js_api_version < 1.1) {
+                // Adapt request to the 1.0 JS API
+                var signRequests = [];
+                for (var i = 0; i < registeredKeys.length; i++) {
+                    signRequests[i] = {
+                        version: registeredKeys[i].version,
+                        challenge: challenge,
+                        keyHandle: registeredKeys[i].keyHandle,
+                        appId: appId
+                    };
+                }
+                return {
+                    type: u2f.MessageTypes.U2F_SIGN_REQUEST,
+                    signRequests: signRequests,
+                    timeoutSeconds: timeoutSeconds,
+                    requestId: reqId
+                };
+            }
+            // JS 1.1 API
+            return {
+                type: u2f.MessageTypes.U2F_SIGN_REQUEST,
+                appId: appId,
+                challenge: challenge,
+                registeredKeys: registeredKeys,
+                timeoutSeconds: timeoutSeconds,
+                requestId: reqId
+            };
+        };
+
+    /**
+     * Format and return a register request compliant with the JS API version supported by the extension..
+     * @param {Array<u2f.SignRequest>} signRequests
+     * @param {Array<u2f.RegisterRequest>} signRequests
+     * @param {number} timeoutSeconds
+     * @param {number} reqId
+     * @return {Object}
+     */
+    u2f.formatRegisterRequest_ =
+        function (appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
+            if (js_api_version === undefined || js_api_version < 1.1) {
+                // Adapt request to the 1.0 JS API
+                for (var i = 0; i < registerRequests.length; i++) {
+                    registerRequests[i].appId = appId;
+                }
+                var signRequests = [];
+                for (var i = 0; i < registeredKeys.length; i++) {
+                    signRequests[i] = {
+                        version: registeredKeys[i].version,
+                        challenge: registerRequests[0],
+                        keyHandle: registeredKeys[i].keyHandle,
+                        appId: appId
+                    };
+                }
+                return {
+                    type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
+                    signRequests: signRequests,
+                    registerRequests: registerRequests,
+                    timeoutSeconds: timeoutSeconds,
+                    requestId: reqId
+                };
+            }
+            // JS 1.1 API
+            return {
+                type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
+                appId: appId,
+                registerRequests: registerRequests,
+                registeredKeys: registeredKeys,
+                timeoutSeconds: timeoutSeconds,
+                requestId: reqId
+            };
+        };
+
+
+    /**
+     * Posts a message on the underlying channel.
+     * @param {Object} message
+     */
+    u2f.WrappedChromeRuntimePort_.prototype.postMessage = function (message) {
+        this.port_.postMessage(message);
+    };
 
-/**
- * Launch the iOS client app request
- * @param {Object} message
- */
-u2f.WrappedIosPort_.prototype.postMessage = function(message) {
-  var str = JSON.stringify(message);
-  var url = "u2f://auth?" + encodeURI(str);
-  location.replace(url);
-};
 
-/**
- * Tells what type of port this is.
- * @return {String} port type
- */
-u2f.WrappedIosPort_.prototype.getPortType = function() {
-  return "WrappedIosPort_";
-};
+    /**
+     * Emulates the HTML 5 addEventListener interface. Works only for the
+     * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
+     * @param {string} eventName
+     * @param {function({data: Object})} handler
+     */
+    u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
+        function (eventName, handler) {
+            var name = eventName.toLowerCase();
+            if (name == 'message' || name == 'onmessage') {
+                this.port_.onMessage.addListener(function (message) {
+                    // Emulate a minimal MessageEvent object
+                    handler({ 'data': message });
+                });
+            } else {
+                console.error('WrappedChromeRuntimePort only supports onMessage');
+            }
+        };
+
+    /**
+     * Wrap the Authenticator app with a MessagePort interface.
+     * @constructor
+     * @private
+     */
+    u2f.WrappedAuthenticatorPort_ = function () {
+        this.requestId_ = -1;
+        this.requestObject_ = null;
+    }
 
-/**
- * Emulates the HTML 5 addEventListener interface.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) {
-  var name = eventName.toLowerCase();
-  if (name !== 'message') {
-    console.error('WrappedIosPort only supports message');
-  }
-};
+    /**
+     * Launch the Authenticator intent.
+     * @param {Object} message
+     */
+    u2f.WrappedAuthenticatorPort_.prototype.postMessage = function (message) {
+        var intentUrl =
+            u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
+            ';S.request=' + encodeURIComponent(JSON.stringify(message)) +
+            ';end';
+        document.location = intentUrl;
+    };
 
-/**
- * Sets up an embedded trampoline iframe, sourced from the extension.
- * @param {function(MessagePort)} callback
- * @private
- */
-u2f.getIframePort_ = function(callback) {
-  // Create the iframe
-  var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
-  var iframe = document.createElement('iframe');
-  iframe.src = iframeOrigin + '/u2f-comms.html';
-  iframe.setAttribute('style', 'display:none');
-  document.body.appendChild(iframe);
-
-  var channel = new MessageChannel();
-  var ready = function(message) {
-    if (message.data == 'ready') {
-      channel.port1.removeEventListener('message', ready);
-      callback(channel.port1);
-    } else {
-      console.error('First event on iframe port was not "ready"');
-    }
-  };
-  channel.port1.addEventListener('message', ready);
-  channel.port1.start();
+    /**
+     * Tells what type of port this is.
+     * @return {String} port type
+     */
+    u2f.WrappedAuthenticatorPort_.prototype.getPortType = function () {
+        return "WrappedAuthenticatorPort_";
+    };
 
-  iframe.addEventListener('load', function() {
-    // Deliver the port to the iframe and initialize
-    iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
-  });
-};
 
+    /**
+     * Emulates the HTML 5 addEventListener interface.
+     * @param {string} eventName
+     * @param {function({data: Object})} handler
+     */
+    u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function (eventName, handler) {
+        var name = eventName.toLowerCase();
+        if (name == 'message') {
+            var self = this;
+            /* Register a callback to that executes when
+             * chrome injects the response. */
+            window.addEventListener(
+                'message', self.onRequestUpdate_.bind(self, handler), false);
+        } else {
+            console.error('WrappedAuthenticatorPort only supports message');
+        }
+    };
 
-//High-level JS API
+    /**
+     * Callback invoked  when a response is received from the Authenticator.
+     * @param function({data: Object}) callback
+     * @param {Object} message message Object
+     */
+    u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
+        function (callback, message) {
+            var messageObject = JSON.parse(message.data);
+            var intentUrl = messageObject['intentURL'];
+
+            var errorCode = messageObject['errorCode'];
+            var responseObject = null;
+            if (messageObject.hasOwnProperty('data')) {
+                responseObject = /** @type {Object} */ (
+                    JSON.parse(messageObject['data']));
+            }
+
+            callback({ 'data': responseObject });
+        };
+
+    /**
+     * Base URL for intents to Authenticator.
+     * @const
+     * @private
+     */
+    u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
+        'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
+
+    /**
+     * Wrap the iOS client app with a MessagePort interface.
+     * @constructor
+     * @private
+     */
+    u2f.WrappedIosPort_ = function () { };
+
+    /**
+     * Launch the iOS client app request
+     * @param {Object} message
+     */
+    u2f.WrappedIosPort_.prototype.postMessage = function (message) {
+        var str = JSON.stringify(message);
+        var url = "u2f://auth?" + encodeURI(str);
+        location.replace(url);
+    };
 
-/**
- * Default extension response timeout in seconds.
- * @const
- */
-u2f.EXTENSION_TIMEOUT_SEC = 30;
+    /**
+     * Tells what type of port this is.
+     * @return {String} port type
+     */
+    u2f.WrappedIosPort_.prototype.getPortType = function () {
+        return "WrappedIosPort_";
+    };
 
-/**
- * A singleton instance for a MessagePort to the extension.
- * @type {MessagePort|u2f.WrappedChromeRuntimePort_}
- * @private
- */
-u2f.port_ = null;
+    /**
+     * Emulates the HTML 5 addEventListener interface.
+     * @param {string} eventName
+     * @param {function({data: Object})} handler
+     */
+    u2f.WrappedIosPort_.prototype.addEventListener = function (eventName, handler) {
+        var name = eventName.toLowerCase();
+        if (name !== 'message') {
+            console.error('WrappedIosPort only supports message');
+        }
+    };
 
-/**
- * Callbacks waiting for a port
- * @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
- * @private
- */
-u2f.waitingForPort_ = [];
+    /**
+     * Sets up an embedded trampoline iframe, sourced from the extension.
+     * @param {function(MessagePort)} callback
+     * @private
+     */
+    u2f.getIframePort_ = function (callback) {
+        // Create the iframe
+        var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
+        var iframe = document.createElement('iframe');
+        iframe.src = iframeOrigin + '/u2f-comms.html';
+        iframe.setAttribute('style', 'display:none');
+        document.body.appendChild(iframe);
+
+        var channel = new MessageChannel();
+        var ready = function (message) {
+            if (message.data == 'ready') {
+                channel.port1.removeEventListener('message', ready);
+                callback(channel.port1);
+            } else {
+                console.error('First event on iframe port was not "ready"');
+            }
+        };
+        channel.port1.addEventListener('message', ready);
+        channel.port1.start();
+
+        iframe.addEventListener('load', function () {
+            // Deliver the port to the iframe and initialize
+            iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
+        });
+    };
 
-/**
- * A counter for requestIds.
- * @type {number}
- * @private
- */
-u2f.reqCounter_ = 0;
 
-/**
- * A map from requestIds to client callbacks
- * @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
- *                       |function((u2f.Error|u2f.SignResponse)))>}
- * @private
- */
-u2f.callbackMap_ = {};
+    //High-level JS API
+
+    /**
+     * Default extension response timeout in seconds.
+     * @const
+     */
+    u2f.EXTENSION_TIMEOUT_SEC = 30;
+
+    /**
+     * A singleton instance for a MessagePort to the extension.
+     * @type {MessagePort|u2f.WrappedChromeRuntimePort_}
+     * @private
+     */
+    u2f.port_ = null;
+
+    /**
+     * Callbacks waiting for a port
+     * @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
+     * @private
+     */
+    u2f.waitingForPort_ = [];
+
+    /**
+     * A counter for requestIds.
+     * @type {number}
+     * @private
+     */
+    u2f.reqCounter_ = 0;
+
+    /**
+     * A map from requestIds to client callbacks
+     * @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
+     *                       |function((u2f.Error|u2f.SignResponse)))>}
+     * @private
+     */
+    u2f.callbackMap_ = {};
+
+    /**
+     * Creates or retrieves the MessagePort singleton to use.
+     * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
+     * @private
+     */
+    u2f.getPortSingleton_ = function (callback) {
+        if (u2f.port_) {
+            callback(u2f.port_);
+        } else {
+            if (u2f.waitingForPort_.length == 0) {
+                u2f.getMessagePort(function (port) {
+                    u2f.port_ = port;
+                    u2f.port_.addEventListener('message',
+            /** @type {function(Event)} */(u2f.responseHandler_));
+
+                    // Careful, here be async callbacks. Maybe.
+                    while (u2f.waitingForPort_.length)
+                        u2f.waitingForPort_.shift()(u2f.port_);
+                });
+            }
+            u2f.waitingForPort_.push(callback);
+        }
+    };
 
-/**
- * Creates or retrieves the MessagePort singleton to use.
- * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
- * @private
- */
-u2f.getPortSingleton_ = function(callback) {
-  if (u2f.port_) {
-    callback(u2f.port_);
-  } else {
-    if (u2f.waitingForPort_.length == 0) {
-      u2f.getMessagePort(function(port) {
-        u2f.port_ = port;
-        u2f.port_.addEventListener('message',
-            /** @type {function(Event)} */ (u2f.responseHandler_));
-
-        // Careful, here be async callbacks. Maybe.
-        while (u2f.waitingForPort_.length)
-          u2f.waitingForPort_.shift()(u2f.port_);
-      });
-    }
-    u2f.waitingForPort_.push(callback);
-  }
-};
+    /**
+     * Handles response messages from the extension.
+     * @param {MessageEvent.<u2f.Response>} message
+     * @private
+     */
+    u2f.responseHandler_ = function (message) {
+        var response = message.data;
+        var reqId = response['requestId'];
+        if (!reqId || !u2f.callbackMap_[reqId]) {
+            console.error('Unknown or missing requestId in response.');
+            return;
+        }
+        var cb = u2f.callbackMap_[reqId];
+        delete u2f.callbackMap_[reqId];
+        cb(response['responseData']);
+    };
 
-/**
- * Handles response messages from the extension.
- * @param {MessageEvent.<u2f.Response>} message
- * @private
- */
-u2f.responseHandler_ = function(message) {
-  var response = message.data;
-  var reqId = response['requestId'];
-  if (!reqId || !u2f.callbackMap_[reqId]) {
-    console.error('Unknown or missing requestId in response.');
-    return;
-  }
-  var cb = u2f.callbackMap_[reqId];
-  delete u2f.callbackMap_[reqId];
-  cb(response['responseData']);
-};
+    /**
+     * Dispatches an array of sign requests to available U2F tokens.
+     * If the JS API version supported by the extension is unknown, it first sends a
+     * message to the extension to find out the supported API version and then it sends
+     * the sign request.
+     * @param {string=} appId
+     * @param {string=} challenge
+     * @param {Array<u2f.RegisteredKey>} registeredKeys
+     * @param {function((u2f.Error|u2f.SignResponse))} callback
+     * @param {number=} opt_timeoutSeconds
+     */
+    u2f.sign = function (appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
+        if (js_api_version === undefined) {
+            // Send a message to get the extension to JS API version, then send the actual sign request.
+            u2f.getApiVersion(
+                function (response) {
+                    js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
+                    console.log("Extension JS API Version: ", js_api_version);
+                    u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
+                });
+        } else {
+            // We know the JS API version. Send the actual sign request in the supported API version.
+            u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
+        }
+    };
 
-/**
- * Dispatches an array of sign requests to available U2F tokens.
- * If the JS API version supported by the extension is unknown, it first sends a
- * message to the extension to find out the supported API version and then it sends
- * the sign request.
- * @param {string=} appId
- * @param {string=} challenge
- * @param {Array<u2f.RegisteredKey>} registeredKeys
- * @param {function((u2f.Error|u2f.SignResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
-  if (js_api_version === undefined) {
-    // Send a message to get the extension to JS API version, then send the actual sign request.
-    u2f.getApiVersion(
-        function (response) {
-          js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
-          console.log("Extension JS API Version: ", js_api_version);
-          u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
+    /**
+     * Dispatches an array of sign requests to available U2F tokens.
+     * @param {string=} appId
+     * @param {string=} challenge
+     * @param {Array<u2f.RegisteredKey>} registeredKeys
+     * @param {function((u2f.Error|u2f.SignResponse))} callback
+     * @param {number=} opt_timeoutSeconds
+     */
+    u2f.sendSignRequest = function (appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
+        u2f.getPortSingleton_(function (port) {
+            var reqId = ++u2f.reqCounter_;
+            u2f.callbackMap_[reqId] = callback;
+            var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
+                opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
+            var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
+            port.postMessage(req);
         });
-  } else {
-    // We know the JS API version. Send the actual sign request in the supported API version.
-    u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
-  }
-};
+    };
 
-/**
- * Dispatches an array of sign requests to available U2F tokens.
- * @param {string=} appId
- * @param {string=} challenge
- * @param {Array<u2f.RegisteredKey>} registeredKeys
- * @param {function((u2f.Error|u2f.SignResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
-  u2f.getPortSingleton_(function(port) {
-    var reqId = ++u2f.reqCounter_;
-    u2f.callbackMap_[reqId] = callback;
-    var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-        opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-    var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
-    port.postMessage(req);
-  });
-};
+    /**
+     * Dispatches register requests to available U2F tokens. An array of sign
+     * requests identifies already registered tokens.
+     * If the JS API version supported by the extension is unknown, it first sends a
+     * message to the extension to find out the supported API version and then it sends
+     * the register request.
+     * @param {string=} appId
+     * @param {Array<u2f.RegisterRequest>} registerRequests
+     * @param {Array<u2f.RegisteredKey>} registeredKeys
+     * @param {function((u2f.Error|u2f.RegisterResponse))} callback
+     * @param {number=} opt_timeoutSeconds
+     */
+    u2f.register = function (appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
+        if (js_api_version === undefined) {
+            // Send a message to get the extension to JS API version, then send the actual register request.
+            u2f.getApiVersion(
+                function (response) {
+                    js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
+                    console.log("Extension JS API Version: ", js_api_version);
+                    u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
+                        callback, opt_timeoutSeconds);
+                });
+        } else {
+            // We know the JS API version. Send the actual register request in the supported API version.
+            u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
+                callback, opt_timeoutSeconds);
+        }
+    };
 
-/**
- * Dispatches register requests to available U2F tokens. An array of sign
- * requests identifies already registered tokens.
- * If the JS API version supported by the extension is unknown, it first sends a
- * message to the extension to find out the supported API version and then it sends
- * the register request.
- * @param {string=} appId
- * @param {Array<u2f.RegisterRequest>} registerRequests
- * @param {Array<u2f.RegisteredKey>} registeredKeys
- * @param {function((u2f.Error|u2f.RegisterResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
-  if (js_api_version === undefined) {
-    // Send a message to get the extension to JS API version, then send the actual register request.
-    u2f.getApiVersion(
-        function (response) {
-          js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version'];
-          console.log("Extension JS API Version: ", js_api_version);
-          u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
-              callback, opt_timeoutSeconds);
+    /**
+     * Dispatches register requests to available U2F tokens. An array of sign
+     * requests identifies already registered tokens.
+     * @param {string=} appId
+     * @param {Array<u2f.RegisterRequest>} registerRequests
+     * @param {Array<u2f.RegisteredKey>} registeredKeys
+     * @param {function((u2f.Error|u2f.RegisterResponse))} callback
+     * @param {number=} opt_timeoutSeconds
+     */
+    u2f.sendRegisterRequest = function (appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
+        u2f.getPortSingleton_(function (port) {
+            var reqId = ++u2f.reqCounter_;
+            u2f.callbackMap_[reqId] = callback;
+            var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
+                opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
+            var req = u2f.formatRegisterRequest_(
+                appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
+            port.postMessage(req);
         });
-  } else {
-    // We know the JS API version. Send the actual register request in the supported API version.
-    u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
-        callback, opt_timeoutSeconds);
-  }
-};
-
-/**
- * Dispatches register requests to available U2F tokens. An array of sign
- * requests identifies already registered tokens.
- * @param {string=} appId
- * @param {Array<u2f.RegisterRequest>} registerRequests
- * @param {Array<u2f.RegisteredKey>} registeredKeys
- * @param {function((u2f.Error|u2f.RegisterResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
-  u2f.getPortSingleton_(function(port) {
-    var reqId = ++u2f.reqCounter_;
-    u2f.callbackMap_[reqId] = callback;
-    var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-        opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-    var req = u2f.formatRegisterRequest_(
-        appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
-    port.postMessage(req);
-  });
-};
+    };
 
 
-/**
- * Dispatches a message to the extension to find out the supported
- * JS API version.
- * If the user is on a mobile phone and is thus using Google Authenticator instead
- * of the Chrome extension, don't send the request and simply return 0.
- * @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.getApiVersion = function(callback, opt_timeoutSeconds) {
- u2f.getPortSingleton_(function(port) {
-   // If we are using Android Google Authenticator or iOS client app,
-   // do not fire an intent to ask which JS API version to use.
-   if (port.getPortType) {
-     var apiVersion;
-     switch (port.getPortType()) {
-       case 'WrappedIosPort_':
-       case 'WrappedAuthenticatorPort_':
-         apiVersion = 1.1;
-         break;
-
-       default:
-         apiVersion = 0;
-         break;
-     }
-     callback({ 'js_api_version': apiVersion });
-     return;
-   }
-    var reqId = ++u2f.reqCounter_;
-    u2f.callbackMap_[reqId] = callback;
-    var req = {
-      type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
-      timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
-          opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
-      requestId: reqId
+    /**
+     * Dispatches a message to the extension to find out the supported
+     * JS API version.
+     * If the user is on a mobile phone and is thus using Google Authenticator instead
+     * of the Chrome extension, don't send the request and simply return 0.
+     * @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
+     * @param {number=} opt_timeoutSeconds
+     */
+    u2f.getApiVersion = function (callback, opt_timeoutSeconds) {
+        u2f.getPortSingleton_(function (port) {
+            // If we are using Android Google Authenticator or iOS client app,
+            // do not fire an intent to ask which JS API version to use.
+            if (port.getPortType) {
+                var apiVersion;
+                switch (port.getPortType()) {
+                    case 'WrappedIosPort_':
+                    case 'WrappedAuthenticatorPort_':
+                        apiVersion = 1.1;
+                        break;
+
+                    default:
+                        apiVersion = 0;
+                        break;
+                }
+                callback({ 'js_api_version': apiVersion });
+                return;
+            }
+            var reqId = ++u2f.reqCounter_;
+            u2f.callbackMap_[reqId] = callback;
+            var req = {
+                type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
+                timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
+                    opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
+                requestId: reqId
+            };
+            port.postMessage(req);
+        });
     };
-    port.postMessage(req);
-  });
-};
+
+    /**
+     * Modification:
+     * Assign u2f back to window (root) scope.
+     */
+    root.u2f = u2f;
+}(this));