Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1289963003:
Add idl for new chrome.certificateProvider API. (Closed)
|
Created:
5 years, 4 months ago by pneubeck (no reviews) Modified:
5 years, 4 months ago CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org, Ryan Sleevi Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionAdd idl for new chrome.certificateProvider API.
BUG=514575
Committed: https://crrev.com/d9eaf1412fc24e83493eeb9444a5e51a58f3c91d
Cr-Commit-Position: refs/heads/master@{#343841}
Patch Set 1 #
Total comments: 9
Patch Set 2 : Add MD5_SHA1 back. #Messages
Total messages: 22 (6 generated)
This incorporates previous comments form https://codereview.chromium.org/1232553003/
pneubeck@chromium.org changed reviewers: + kalman@chromium.org
@Benjamin, ptal this idl was previously discussed here: https://codereview.chromium.org/1232553003 . However, I want to upload the idl separate from the implementation and reference it from the API proposal document here https://docs.google.com/document/d/1F745hKypdV854X1z9vCZhaz6MDYepXqiG8OxGVntM... Compared to the other CL: - the current certificate list is requested by Chrome with an event. - identifier numbers to associate callbacks with the requesting event are not exposed anymore (a custom_binding.js will have to take care of that). - ECDSA is not support for now. We can add that later
lgtm https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:12: SHA512 it would be nice to have a standard set of certificate types shared across the APIs that use them. not a big deal though.
pneubeck@chromium.org changed reviewers: + davidben@chromium.org
@David, please take another look at the idl. I incorporated comments from the other CL. https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:12: SHA512 On 2015/08/14 17:13:44, kalman wrote: > it would be nice to have a standard set of certificate types shared across the > APIs that use them. not a big deal though. Acknowledged.
https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:17: // Currently, only certificates of RSA keys are supported. Nit: Why is this comment wrapped differently from the others? https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:60: void(CertificateInfo[] certificates, DoneCallback callback); I might not be understanding this idl syntax, but what's the DoneCallback for? So, I'm guessing the extension implements something like: blah.onClientCertificatesRequested.addListener(function(cb) { queryCertificates().then(function(certs) { cb(certs, /* ??? */); }) }); What's the extra parameter do?
https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:8: enum Hash { Oh, noticed this from the other CL, but MD5_SHA1 actually is needed. That's the only "hash" that can be signed for TLS 1.0 and TLS 1.1. Only TLS 1.2 starts signing other hashes. (This is distinct from the hash on the signature in the certificate. This is what the leaf's private key signs.)
pneubeck@google.com changed reviewers: + pneubeck@google.com
https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:60: void(CertificateInfo[] certificates, DoneCallback callback); On 2015/08/17 15:38:03, David Benjamin wrote: > I might not be understanding this idl syntax, but what's the DoneCallback for? > > So, I'm guessing the extension implements something like: > > blah.onClientCertificatesRequested.addListener(function(cb) { > queryCertificates().then(function(certs) { > cb(certs, /* ??? */); > }) > }); > > What's the extra parameter do? Errors that are only detected in c++ must be returned asynchronously, through a callback.
https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:60: void(CertificateInfo[] certificates, DoneCallback callback); On 2015/08/17 15:42:56, pneubeck2 wrote: > On 2015/08/17 15:38:03, David Benjamin wrote: > > I might not be understanding this idl syntax, but what's the DoneCallback for? > > > > So, I'm guessing the extension implements something like: > > > > blah.onClientCertificatesRequested.addListener(function(cb) { > > queryCertificates().then(function(certs) { > > cb(certs, /* ??? */); > > }) > > }); > > > > What's the extra parameter do? > > Errors that are only detected in c++ must be returned asynchronously, through a > callback. But DoneCallback doesn't take any errors. I'm not sure I follow though. What errors were you thinking?
On 2015/08/17 16:46:11, David Benjamin wrote: > https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... > File chrome/common/extensions/api/certificate_provider.idl (right): > > https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... > chrome/common/extensions/api/certificate_provider.idl:60: void(CertificateInfo[] > certificates, DoneCallback callback); > On 2015/08/17 15:42:56, pneubeck2 wrote: > > On 2015/08/17 15:38:03, David Benjamin wrote: > > > I might not be understanding this idl syntax, but what's the DoneCallback > for? > > > > > > So, I'm guessing the extension implements something like: > > > > > > blah.onClientCertificatesRequested.addListener(function(cb) { > > > queryCertificates().then(function(certs) { > > > cb(certs, /* ??? */); > > > }) > > > }); > > > > > > What's the extra parameter do? > > > > Errors that are only detected in c++ must be returned asynchronously, through > a > > callback. > > But DoneCallback doesn't take any errors. I'm not sure I follow though. What > errors were you thinking? extnesion APIs return errors through a global, chrome.runtime.lastError. possible errors: the cert cannot be parsed. We only detect that in C++, thus asynchronously.
On 2015/08/17 16:53:45, pneubeck wrote: > On 2015/08/17 16:46:11, David Benjamin wrote: > > > https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... > > File chrome/common/extensions/api/certificate_provider.idl (right): > > > > > https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... > > chrome/common/extensions/api/certificate_provider.idl:60: > void(CertificateInfo[] > > certificates, DoneCallback callback); > > On 2015/08/17 15:42:56, pneubeck2 wrote: > > > On 2015/08/17 15:38:03, David Benjamin wrote: > > > > I might not be understanding this idl syntax, but what's the DoneCallback > > for? > > > > > > > > So, I'm guessing the extension implements something like: > > > > > > > > blah.onClientCertificatesRequested.addListener(function(cb) { > > > > queryCertificates().then(function(certs) { > > > > cb(certs, /* ??? */); > > > > }) > > > > }); > > > > > > > > What's the extra parameter do? > > > > > > Errors that are only detected in c++ must be returned asynchronously, > through > > a > > > callback. > > > > But DoneCallback doesn't take any errors. I'm not sure I follow though. What > > errors were you thinking? > > extnesion APIs return errors through a global, chrome.runtime.lastError. > possible errors: the cert cannot be parsed. We only detect that in C++, thus > asynchronously. I see. That seems a... rather unfriendly API, but okay. I'll defer to kalman there. I don't see other extensions APIs which take a DoneCallback in an event's callback.
Provider-style APIs need to be architected a bit differently. And yes chrome.runtime.lastError is an unfriendly API, one day we can fix it.
pneubeck@chromium.org changed reviewers: - pneubeck@google.com
https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... File chrome/common/extensions/api/certificate_provider.idl (right): https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:8: enum Hash { On 2015/08/17 15:42:52, David Benjamin wrote: > Oh, noticed this from the other CL, but MD5_SHA1 actually is needed. That's the > only "hash" that can be signed for TLS 1.0 and TLS 1.1. Only TLS 1.2 starts > signing other hashes. > > (This is distinct from the hash on the signature in the certificate. This is > what the leaf's private key signs.) Done. https://codereview.chromium.org/1289963003/diff/1/chrome/common/extensions/ap... chrome/common/extensions/api/certificate_provider.idl:17: // Currently, only certificates of RSA keys are supported. On 2015/08/17 15:38:03, David Benjamin wrote: > Nit: Why is this comment wrapped differently from the others? Done.
The CQ bit was checked by pneubeck@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from kalman@chromium.org Link to the patchset: https://codereview.chromium.org/1289963003/#ps20001 (title: "Add MD5_SHA1 back.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1289963003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1289963003/20001
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/d9eaf1412fc24e83493eeb9444a5e51a58f3c91d Cr-Commit-Position: refs/heads/master@{#343841} |
