Chromium Code Reviews Chromium Code Reviews
Issue 1232553003:
Add new certificateProvider extension API. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Use this API to expose certificates to the platform which can use these | 5 // Use this API to expose certificates to the platform which can use these |
| 6 // certificates for TLS authentications. | 6 // certificates for TLS authentications. |
| 7 namespace certificateProvider { | 7 namespace certificateProvider { |
| 8 enum Hash { | 8 enum Hash { |
| 9 MD5_SHA1, | 9 MD5_SHA1, |
| 10 SHA1, | 10 SHA1, |
| 11 SHA256, | 11 SHA256, |
| 12 SHA384, | 12 SHA384, |
| 13 SHA512 | 13 SHA512 |
| 14 }; | 14 }; |
| 15 | 15 |
| 16 dictionary CertificateInfo { | 16 dictionary CertificateInfo { |
| 17 // Must be the DER encoding of a X.509 client certificate. Currently, only | 17 // Must be the DER encoding of a X.509 certificate. Currently, only |
| 18 // certificates of RSA keys are supported. | 18 // certificates of RSA keys are supported. |
| 19 ArrayBuffer certificate; | 19 ArrayBuffer certificate; |
| 20 | 20 |
| 21 // Must be set to all hashes supported for this certificate. This extension | 21 // Must be set to all hashes supported for this certificate. This extension |
| 22 // will only be asked for signatures of digests calculated with one of these | 22 // will only be asked for signatures of digests calculated with one of these |
| 23 // hash algorithms. | 23 // hash algorithms. |
| 24 Hash[] supportedHashes; | 24 Hash[] supportedHashes; |
| 25 }; | 25 }; |
| 26 | 26 |
| 27 dictionary SignRequest { | 27 dictionary SignRequest { |
| 28 // The digest that must be signed. | 28 // The digest that must be signed. |
| 29 ArrayBuffer digest; | 29 ArrayBuffer digest; |
| 30 | 30 |
| 31 // Refers to the hash algorithm that was used to create |digest|. | 31 // Refers to the hash algorithm that was used to create |digest|. |
| 32 Hash hash; | 32 Hash hash; |
| 33 | 33 |
| 34 // The DER encoding of a X.509 client certificate. The extension must sign | 34 // The DER encoding of a X.509 certificate. The extension must sign |digest| |
| 35 // |digest| using the associated private key. | 35 // using the associated private key. |
| 36 ArrayBuffer certificate; | 36 ArrayBuffer certificate; |
| 37 }; | 37 }; |
| 38 | 38 |
| 39 // Either |error| or |signature| and not both must be set. | 39 callback DoneCallback = void (); |
| 40 dictionary SignatureDetails { | 40 callback ResultCallback = void (ArrayBuffer[] rejectedCertificates); |
|
bartfab (slow)
2015/09/03 17:30:53
Nit: Document who will call these two callbacks an
pneubeck (no reviews)
2015/09/07 17:21:33
Done.
| |
| 41 // If the signature of the digest could not be calculated, this field must | |
| 42 // be set. | |
| 43 DOMString? error; | |
| 44 | 41 |
| 45 // If no error occurred, this field must be set to the signature of the | 42 // If no error occurred, this function must be called with the signature of |
| 46 // digest using the private the of the requested client certificate. | 43 // the digest using the private of the requested certificate. |
|
bartfab (slow)
2015/09/03 17:30:53
Nit: s/private/private key/
pneubeck (no reviews)
2015/09/07 17:21:33
Done.
| |
| 47 // For an RSA key, the signature must be a PKCS#1 signature. The extension | 44 // For an RSA key, the signature must be a PKCS#1 signature. The extension |
| 48 // is responsible for prepending the DigestInfo prefix and adding PKCS#1 | 45 // is responsible for prepending the DigestInfo prefix and adding PKCS#1 |
| 49 // padding. If an MD5_SHA1 hash must be signed, the extension must not | 46 // padding. If an MD5_SHA1 hash must be signed, the extension must not |
| 50 // prepend a DigestInfo prefix but only add PKCS#1 padding. | 47 // prepend a DigestInfo prefix but only add PKCS#1 padding. |
| 51 ArrayBuffer? signature; | 48 // If an error occurred, this callback should be called without signature. |
| 52 }; | 49 callback SignCallback = |
| 53 | 50 void(optional ArrayBuffer signature, DoneCallback callback); |
|
bartfab (slow)
2015/09/03 17:30:54
Nit 1: Document |callback|. When will it be called
pneubeck (no reviews)
2015/09/07 17:21:33
Nit 1: Removed.
Nit 2: Done.
| |
| 54 callback DoneCallback = void (); | |
| 55 callback SignCallback = void(SignatureDetails reply, DoneCallback callback); | |
| 56 | 51 |
| 57 // Notifies Chrome that this extension is capable of responding to signing | 52 // Notifies Chrome that this extension is capable of responding to signing |
| 58 // requests for the certificates listed in |certificates|. The list must | 53 // requests for the certificates listed in |certificates|. The list must |
| 59 // only contain certificates for which the extension can sign data | 54 // only contain certificates for which the extension can sign data |
| 60 // using the associated private key. | 55 // using the associated private key. |
| 56 // If |certificates| contains invalid certificates, these will be ignored and | |
| 57 // be passed to |callback|. All valid certificates are still registered for | |
| 58 // the extension. | |
|
bartfab (slow)
2015/09/03 17:30:54
Will |callback| also be invoked if there are no in
pneubeck (no reviews)
2015/09/07 17:21:33
Done.
| |
| 61 callback CertificatesCallback = | 59 callback CertificatesCallback = |
| 62 void(CertificateInfo[] certificates, DoneCallback callback); | 60 void(CertificateInfo[] certificates, ResultCallback callback); |
| 63 | 61 |
| 64 interface Events { | 62 interface Events { |
| 65 // This event fires every time the browser requests the current list of | 63 // This event fires every time the browser requests the current list of |
| 66 // certificates provided by this extension. The extension must call | 64 // certificates provided by this extension. The extension must call |
| 67 // |callback| exactly once with the current list of certificates. | 65 // |callback| exactly once with the current list of certificates. |
| 68 static void onClientCertificatesRequested(CertificatesCallback callback); | 66 static void onCertificatesRequested(CertificatesCallback callback); |
| 69 | 67 |
| 70 // This event fires every time the browser needs to sign a message using a | 68 // This event fires every time the browser needs to sign a message using a |
| 71 // certificate provided by this extension using |publishClientCertificates|. | 69 // certificate provided by this extension in reply to an |
| 70 // |onCertificatesRequested| event. | |
| 72 // The extension must sign the data in |request| using the appropriate | 71 // The extension must sign the data in |request| using the appropriate |
| 73 // algorithm and private key and return it by calling |callback|. |callback| | 72 // algorithm and private key and return it by calling |callback|. |callback| |
| 74 // must be called exactly once. | 73 // must be called exactly once. |
| 75 static void onSignDigestRequested(SignRequest request, | 74 static void onSignDigestRequested(SignRequest request, |
| 76 SignCallback callback); | 75 SignCallback callback); |
| 77 }; | 76 }; |
| 78 }; | 77 }; |
| OLD | NEW |
