OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // Use this API to make certificates, for example from a Smart Card, available | |
6 // to the platform which can then use these certificates for TLS client | |
7 // authentication. | |
8 namespace certificateProvider { | |
9 enum Hash { | |
10 MD5_SHA1, | |
11 SHA1, | |
12 SHA256, | |
13 SHA384, | |
14 SHA512 | |
15 }; | |
16 | |
17 dictionary CertificateInfo { | |
18 // Must be the DER encoding of a X.509 client certificate. | |
19 ArrayBuffer certificate; | |
20 | |
21 // Must be set to all hashes supported for this certificate. This extension | |
22 // will only be asked for signatures of digests calculated with one of these | |
23 // hash algorithms. | |
24 Hash[] supportedHashes; | |
25 }; | |
26 | |
27 dictionary SignRequest { | |
28 // The digest that must be signed. | |
29 ArrayBuffer digest; | |
30 | |
31 // Refers to the hash algorithm that was used to create |digest|. | |
32 Hash hash; | |
33 }; | |
34 | |
35 // Either |error| or |signature| and not both must be set. | |
36 dictionary SignatureDetails { | |
37 // If the signature of the digest could not be calculated, this field must | |
38 // be set. | |
39 DOMString? error; | |
40 | |
41 // If no error occurred, this field must be set to the signature of the | |
42 // digest using the private the of the requested client certificate. | |
43 // For an RSA key, the signature must be a PKCS#1 signature. The extension | |
44 // is responsible for prepending the DigestInfo prefix and adding PKCS#1 | |
45 // padding. | |
46 ArrayBuffer? signature; | |
47 }; | |
48 | |
49 callback DoneCallback = void (); | |
50 | |
51 interface Functions { | |
52 // Notifies Chrome that this extension serves the certificates listed in | |
53 // |certificates|. This list must only contain client certificates for | |
54 // which the extension can sign data with the according private key. | |
Ryan Sleevi
2015/07/10 12:07:56
// Notifies Chrome that this extension is capable
pneubeck (no reviews)
2015/07/10 12:23:52
Done.
| |
55 static void publishClientCertificates(CertificateInfo[] certificates, | |
56 DoneCallback callback); | |
57 | |
58 // Responses to a previous |onSignDigestRequested| event. |requestId| must | |
59 // match the id of such an event. For each id, this function must be called | |
60 // exactly once. | |
61 static void replyToSignRequest(long requestId, SignatureDetails reply); | |
62 }; | |
63 | |
64 interface Events { | |
65 // This event fires every time the browser navigates to a server that | |
66 // requests a client certificate provided by this extension using | |
67 // |publicClientCertificates|. To use a client certificate to authenticate | |
Ryan Sleevi
2015/07/10 12:07:56
Comment-wise, I think you want to reword this to i
pneubeck (no reviews)
2015/07/10 12:23:52
only added to your proposal:
s/algorithm/algorith
| |
68 // to that server, the extension has to sign the digest of some data as | |
69 // provided in |request| with the according private key. The signature must | |
70 // be handed to the browser using the function |replyToSignRequest|. | |
71 // After this event is fired until the signature is returned, the browser | |
72 // navigation is blocked. Long delays reduce the user's experience. | |
Ryan Sleevi
2015/07/10 12:07:56
I'd delete these two sentences entirely - we don't
pneubeck (no reviews)
2015/07/10 12:23:52
Done.
| |
73 static void onSignDigestRequested(long requestId, SignRequest request); | |
74 }; | |
75 }; | |
OLD | NEW |