Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // Use the <code>chrome.enterprise.platformKeys</code> API to generate | |
| 6 // hardware-backed keys and to install certificates for these keys. The | |
| 7 // certificates will be available to the platform and can, for example, be used | |
| 8 // for TLS authentication and network access. | |
| 9 [platforms = ("chromeos")] | |
| 10 namespace enterprise.platformKeys { | |
| 11 [nocompile] dictionary Token { | |
| 12 // Uniquely identifies this Token. Static IDs are 'user' and 'device', | |
| 13 // referring to the platform's user-specific and the device-wide hardware | |
| 14 // token, respectively. Any other tokens (with other identifiers) might be | |
| 15 // returned by getTokens. | |
| 16 DOMString id; | |
| 17 | |
| 18 // Implements the WebCrypto's <code>SubtleCrypto</code> interface. The | |
| 19 // crypto operations are hardware-backed. | |
| 20 [instanceOf = SubtleCrypto] object subtleCrypto; | |
| 21 }; | |
| 22 | |
| 23 // Invoked by <code>getTokens</code> with the list of available Tokens. | |
| 24 callback GetTokensCallback = void(Token[] tokens); | |
| 25 | |
| 26 // Callback to which the certificates are passed. | |
| 27 // |certificates| The list of certificates, each in DER encoding of a X.509 | |
| 28 // certificate. | |
| 29 callback GetCertificatesCallback = void(ArrayBuffer[] certificates); | |
| 30 | |
| 31 // Invoked by importCertificate or removeCertificate when the respective | |
| 32 // operation is finished. | |
| 33 callback DoneCallback = void(); | |
| 34 | |
| 35 interface Functions { | |
| 36 // Returns the available Tokens. In a regular user's session the list will | |
| 37 // always contain the user's token with id 'user'. If a device-wide TPM | |
| 38 // token is available it will also contain the device-wide token with id | |
| 39 // 'device'. The device-wide token will be the same for all sessions on this | |
| 40 // device (device in the sense of e.g. a Chromebook). | |
| 41 [nocompile] static void getTokens(GetTokensCallback callback); | |
| 42 | |
| 43 // Returns the list of all client certificates available from the given | |
| 44 // token. Can be used to check for the existence and expiration of client | |
| 45 // certificates that are usable for a certain authentication. | |
| 46 // |tokenId| The id of a Token returned by <code>getTokens</code>. | |
| 47 // |callback| Called back with the list of the available certificates. | |
| 48 static void getCertificates(DOMString tokenId, | |
| 49 GetCertificatesCallback callback); | |
| 50 | |
| 51 // Imports |certificate| to the given token if the certified key is already | |
| 52 // stored in this token. | |
| 53 // After a successful certification request, this function should be used to | |
| 54 // store the obtained certificate and to make it available to the operating | |
| 55 // system and browser for authentication. | |
| 56 // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView), | |
| 57 // or at least (ArrayBuffer or Uint8Array). | |
| 58 // |tokenId| The id of a Token returned by <code>getTokens</code>. | |
| 59 // |certificate| The DER encoding of a X.509 certificate. | |
| 60 // |callback| Called back when this operation is finished. | |
| 61 static void importCertificate(DOMString tokenId, | |
| 62 ArrayBuffer certificate, | |
|
eroman
2014/05/19 23:27:45
Regarding this API...
* Seems like it would be
pneubeck (no reviews)
2014/05/20 09:29:21
ArrayBufferView itself can't be used (even with ad
Ryan Sleevi
2014/05/20 18:04:09
Are you looked at the old TypedArray spec?
This i
pneubeck (no reviews)
2014/05/21 15:01:40
Cool, that will be helpful to make it look like We
| |
| 63 optional DoneCallback callback); | |
| 64 | |
| 65 // Removes |certificate| from the given token if present. | |
| 66 // Should be used to remove obsolete certificates so that they are not | |
| 67 // considered during authentication and do not clutter the certificate | |
| 68 // choice. Should be used to free storage in the certificate store. | |
| 69 // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView), | |
|
eroman
2014/05/19 23:27:45
Ah, you mention my comment from above :)
If you ha
pneubeck (no reviews)
2014/05/20 09:29:21
Sadly it's very unclear how to realize the 'or' in
eroman
2014/05/20 20:16:51
I see. So the issue is that extensions use a diffe
pneubeck (no reviews)
2014/05/21 15:01:40
Yes, sadly we have many different IDL and json par
| |
| 70 // or at least (ArrayBuffer or Uint8Array). | |
| 71 // |tokenId| The id of a Token returned by <code>getTokens</code>. | |
| 72 // |certificate| The DER encoding of a X.509 certificate. | |
| 73 // |callback| Called back when this operation is finished. | |
| 74 static void removeCertificate(DOMString tokenId, | |
| 75 ArrayBuffer certificate, | |
| 76 optional DoneCallback callback); | |
| 77 }; | |
| 78 }; | |
| OLD | NEW |