OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // Use this API to expose certificates to the platform which can use these |
| 6 // certificates for TLS authentications. |
| 7 namespace certificateProvider { |
| 8 enum Hash { |
| 9 MD5_SHA1, |
| 10 SHA1, |
| 11 SHA256, |
| 12 SHA384, |
| 13 SHA512 |
| 14 }; |
| 15 |
| 16 dictionary CertificateInfo { |
| 17 // Must be the DER encoding of a X.509 client certificate. Currently, only |
| 18 // certificates of RSA keys are supported. |
| 19 ArrayBuffer certificate; |
| 20 |
| 21 // Must be set to all hashes supported for this certificate. This extension |
| 22 // will only be asked for signatures of digests calculated with one of these |
| 23 // hash algorithms. |
| 24 Hash[] supportedHashes; |
| 25 }; |
| 26 |
| 27 dictionary SignRequest { |
| 28 // The digest that must be signed. |
| 29 ArrayBuffer digest; |
| 30 |
| 31 // Refers to the hash algorithm that was used to create |digest|. |
| 32 Hash hash; |
| 33 |
| 34 // The DER encoding of a X.509 client certificate. The extension must sign |
| 35 // |digest| using the associated private key. |
| 36 ArrayBuffer certificate; |
| 37 }; |
| 38 |
| 39 // Either |error| or |signature| and not both must be set. |
| 40 dictionary SignatureDetails { |
| 41 // If the signature of the digest could not be calculated, this field must |
| 42 // be set. |
| 43 DOMString? error; |
| 44 |
| 45 // If no error occurred, this field must be set to the signature of the |
| 46 // digest using the private the of the requested client certificate. |
| 47 // For an RSA key, the signature must be a PKCS#1 signature. The extension |
| 48 // is responsible for prepending the DigestInfo prefix and adding PKCS#1 |
| 49 // padding. If an MD5_SHA1 hash must be signed, the extension must not |
| 50 // prepend a DigestInfo prefix but only add PKCS#1 padding. |
| 51 ArrayBuffer? signature; |
| 52 }; |
| 53 |
| 54 callback DoneCallback = void (); |
| 55 callback SignCallback = void(SignatureDetails reply, DoneCallback callback); |
| 56 |
| 57 // Notifies Chrome that this extension is capable of responding to signing |
| 58 // requests for the certificates listed in |certificates|. The list must |
| 59 // only contain certificates for which the extension can sign data |
| 60 // using the associated private key. |
| 61 callback CertificatesCallback = |
| 62 void(CertificateInfo[] certificates, DoneCallback callback); |
| 63 |
| 64 interface Events { |
| 65 // This event fires every time the browser requests the current list of |
| 66 // certificates provided by this extension. The extension must call |
| 67 // |callback| exactly once with the current list of certificates. |
| 68 static void onClientCertificatesRequested(CertificatesCallback callback); |
| 69 |
| 70 // This event fires every time the browser needs to sign a message using a |
| 71 // certificate provided by this extension using |publishClientCertificates|. |
| 72 // The extension must sign the data in |request| using the appropriate |
| 73 // algorithm and private key and return it by calling |callback|. |callback| |
| 74 // must be called exactly once. |
| 75 static void onSignDigestRequested(SignRequest request, |
| 76 SignCallback callback); |
| 77 }; |
| 78 }; |
OLD | NEW |