Bug 183167

Summary: Cannot store CryptoKey to IndexedDB in ServiceWorker
Product: WebKit Reporter: Stefan Sechelmann <stefan>
Component: Service WorkersAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: beidson, bfulgham, cdumez, jiewen_tan, joliccin, katherine_cheney, sihui_liu
Priority: P2    
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
URL: https://embed.plnkr.co/9BWkuIAmxX2EITOWI2yR/
See Also: https://bugs.webkit.org/show_bug.cgi?id=174541

Description Stefan Sechelmann 2018-02-27 11:52:14 PST
Attempting to store a WebCrypto CryptoKey in an object store of IndexedDB results in a DataCloneError: "Failed to store record in an IDBObjectStore: An object could not be cloned." See this test case for a demonstration: https://embed.plnkr.co/9BWkuIAmxX2EITOWI2yR/
Comment 1 Chris Dumez 2018-03-01 09:32:20 PST
Sounds like we do not support cloning / serializing CryptoKey objects. Likely not truly an IDB issue. Jiewen should probably take a look.
Comment 2 Chris Dumez 2018-03-01 09:33:15 PST
In particular, I suspect we did not implement this part of the spec:
https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface-clone
Comment 3 Chris Dumez 2018-03-01 09:43:19 PST
The test URL does not seem to work for me. I see it installing a service worker (not sure what this bug has to do with service workers). If I inspect the service worker, I see there is code using IndexedDB but it is not executed.
Comment 4 Jiewen Tan 2018-03-01 10:42:10 PST
We do support storing CryptoKey into IndexedDB. However, due to some legacy reasons, we wrap the objects before storing them into IndexedDB. Here is file: See SerializedCryptoKeyWrap.h. For any new implementations, I recommend we don't wrap CryptoKeys anymore. Since the wrapping APIs will be called in SerializedScriptValue.h, failing to implement those would fail IndexedDB interactions. An example to circumvent that is to implement dummy APIs, see SerializedCryptoKeyWrapGCrypt.cpp.

I am not sure if ServiceWorker needs to implement this dummy APIs though.
Comment 5 Stefan Sechelmann 2018-03-01 12:03:10 PST
The error occurs in service workers only. The example stores a set of objects including a WebCrypto key upon fetch. Please edit the source in the test to trigger the fetch. (and the error)
Comment 6 Joseph Liccini 2018-08-22 15:04:45 PDT
I also am running into this issue.

It is not specific to IndexedDB as noted.

It occurs with postMessage as well, so it is indeed related to the structured clone algorithm from within the Service Worker Global Scope context.

I am able to use the structured clone algorithm for CryptoKeys within the Window context, but not within the ServiceWorkerGlobalScope context.

You can get the same exception by trying to `postMessage` to a `Client` object from the service worker the `CryptoKey`.  And you will get the same 'DataClone' error.

But a `postMessage` on the `window` object via `window.navigator.serviceWorker.controller.postMessage` will not throw the exception.  In this case the structured clone succeeds.

I can prepare a Plunkr soon.

I am hypothesizing that a workaround would be for the service worker to only perform `read` operations into IndexedDB for the CryptoKey, and all write operations will have to happen on the Main thread.
Comment 7 Joseph Liccini 2018-08-23 11:22:27 PDT
Here is a Plunk with a Repro: https://embed.plnkr.co/s2I0U0/

Is it possible that SerializedScriptValue.h for CryptoKey objects runs a different implementation when in the main thread vs. Service Worker thread context?