Bug 183167

Summary: Cannot store CryptoKey to IndexedDB in ServiceWorker
Product: WebKit Reporter: Stefan Sechelmann <stefan>
Component: Service WorkersAssignee: Nitin Mahendru <nitinmahendru>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, bfulgham, cdumez, jdknezek+webkit-bugzilla, jiewen_tan, joliccin, katherine_cheney, sihui_liu, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
URL: https://embed.plnkr.co/9BWkuIAmxX2EITOWI2yR/
See Also: https://bugs.webkit.org/show_bug.cgi?id=174541
https://bugs.webkit.org/show_bug.cgi?id=177350

Description Stefan Sechelmann 2018-02-27 11:52:14 PST
Attempting to store a WebCrypto CryptoKey in an object store of IndexedDB results in a DataCloneError: "Failed to store record in an IDBObjectStore: An object could not be cloned." See this test case for a demonstration: https://embed.plnkr.co/9BWkuIAmxX2EITOWI2yR/
Comment 1 Chris Dumez 2018-03-01 09:32:20 PST
Sounds like we do not support cloning / serializing CryptoKey objects. Likely not truly an IDB issue. Jiewen should probably take a look.
Comment 2 Chris Dumez 2018-03-01 09:33:15 PST
In particular, I suspect we did not implement this part of the spec:
https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface-clone
Comment 3 Chris Dumez 2018-03-01 09:43:19 PST
The test URL does not seem to work for me. I see it installing a service worker (not sure what this bug has to do with service workers). If I inspect the service worker, I see there is code using IndexedDB but it is not executed.
Comment 4 Jiewen Tan 2018-03-01 10:42:10 PST
We do support storing CryptoKey into IndexedDB. However, due to some legacy reasons, we wrap the objects before storing them into IndexedDB. Here is file: See SerializedCryptoKeyWrap.h. For any new implementations, I recommend we don't wrap CryptoKeys anymore. Since the wrapping APIs will be called in SerializedScriptValue.h, failing to implement those would fail IndexedDB interactions. An example to circumvent that is to implement dummy APIs, see SerializedCryptoKeyWrapGCrypt.cpp.

I am not sure if ServiceWorker needs to implement this dummy APIs though.
Comment 5 Stefan Sechelmann 2018-03-01 12:03:10 PST
The error occurs in service workers only. The example stores a set of objects including a WebCrypto key upon fetch. Please edit the source in the test to trigger the fetch. (and the error)
Comment 6 Joseph Liccini 2018-08-22 15:04:45 PDT
I also am running into this issue.

It is not specific to IndexedDB as noted.

It occurs with postMessage as well, so it is indeed related to the structured clone algorithm from within the Service Worker Global Scope context.

I am able to use the structured clone algorithm for CryptoKeys within the Window context, but not within the ServiceWorkerGlobalScope context.

You can get the same exception by trying to `postMessage` to a `Client` object from the service worker the `CryptoKey`.  And you will get the same 'DataClone' error.

But a `postMessage` on the `window` object via `window.navigator.serviceWorker.controller.postMessage` will not throw the exception.  In this case the structured clone succeeds.

I can prepare a Plunkr soon.

I am hypothesizing that a workaround would be for the service worker to only perform `read` operations into IndexedDB for the CryptoKey, and all write operations will have to happen on the Main thread.
Comment 7 Joseph Liccini 2018-08-23 11:22:27 PDT
Here is a Plunk with a Repro: https://embed.plnkr.co/s2I0U0/

Is it possible that SerializedScriptValue.h for CryptoKey objects runs a different implementation when in the main thread vs. Service Worker thread context?
Comment 8 Radar WebKit Bug Importer 2022-02-01 11:27:10 PST
<rdar://problem/88339459>
Comment 9 Jonathan Knezek 2024-01-29 14:42:13 PST
We are encountering this bug when trying to postMessage a CryptoKey between a window and service worker. A gist with a simple reproduction is available here: https://gist.github.com/jknezek-locktera/f355371af152b4469772ded0f20de314

Has there been any movement on this since... 2018?
Comment 10 Nitin Mahendru 2024-03-01 02:12:52 PST
Pull request: https://github.com/WebKit/WebKit/pull/25342
Comment 11 EWS 2024-03-14 06:27:49 PDT
Committed 276088@main (51ae1a6d501e): <https://commits.webkit.org/276088@main>

Reviewed commits have been landed. Closing PR #25342 and removing active labels.
Comment 12 Nitin Mahendru 2024-03-14 11:01:33 PDT
Re-opening for pull request https://github.com/WebKit/WebKit/pull/25871
Comment 13 EWS 2024-03-15 13:42:36 PDT
Committed 276197@main (fdb77ba046f0): <https://commits.webkit.org/276197@main>

Reviewed commits have been landed. Closing PR #25871 and removing active labels.