OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 [ | 5 [ |
6 { | 6 { |
7 "namespace": "webRequest", | 7 "namespace": "webRequest", |
8 "description": "Use the <code>chrome.webRequest</code> API to observe and an alyze traffic and to intercept, block, or modify requests in-flight.", | 8 "description": "Use the <code>chrome.webRequest</code> API to observe and an alyze traffic and to intercept, block, or modify requests in-flight.", |
9 "properties": { | 9 "properties": { |
10 "MAX_HANDLER_BEHAVIOR_CHANGED_CALLS_PER_10_MINUTES": { | 10 "MAX_HANDLER_BEHAVIOR_CHANGED_CALLS_PER_10_MINUTES": { |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
143 "optional": true, | 143 "optional": true, |
144 "description": "An ArrayBuffer with a copy of the data." | 144 "description": "An ArrayBuffer with a copy of the data." |
145 }, | 145 }, |
146 "file": { | 146 "file": { |
147 "type": "string", | 147 "type": "string", |
148 "optional": true, | 148 "optional": true, |
149 "description": "A string with the file's path and name." | 149 "description": "A string with the file's path and name." |
150 } | 150 } |
151 }, | 151 }, |
152 "description": "Contains data uploaded in a URL request." | 152 "description": "Contains data uploaded in a URL request." |
153 }, | |
154 { | |
155 "id": "SSLVersions", | |
156 "type": "string", | |
157 "enum": ["UNKNOWN", "SSL 2.0", "SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2 ", "QUIC"] | |
elawrence
2016/08/10 14:46:47
Does it make sense to add "TLS 1.3" now, given tha
davidben
2016/08/10 19:42:14
Indeed a very early stages TLS 1.3 implementation
rolandshoemaker
2016/08/15 03:38:33
Acknowledged.
| |
158 }, | |
159 { | |
160 "id": "CipherNames", | |
161 "type": "string", | |
162 "enum": ["UNKNOWN", "NULL", "RC4_40", "RC4_128", "RC2_CBC_40", "IDEA_CBC ", "DES40_CBC", "DES_CBC", "3DES_EDE_CBC", "AES_128_CBC", "AES_256_CBC", "CAMELL IA_128_CBC", "CAMELLIA_256_CBC", "SEED_CBC", "AES_128_GCM", "AES_256_GCM", "CAME LLIA_128_GCM", "CAMELLIA_256_GCM", "CHACHA20_POLY1305"] | |
davidben
2016/08/10 19:42:14
(Most of these are things we do not and will never
| |
163 }, | |
164 { | |
165 "id": "KeyExchangeNames", | |
166 "type": "string", | |
167 "enum": ["UNKNOWN", "NULL", "RSA", "RSA_EXPORT", "DH_DSS_EXPORT", "DH_DS S", "DH_RSA_EXPORT", "DH_RSA", "DHE_DSS_EXPORT", "DHE_DSS", "DHE_RSA_EXPORT", "D HE_RSA", "DH_anon_EXPORT", "DH_anon", "ECDH_ECDSA", "ECDHE_ECDSA", "ECDH_RSA", " ECDHE_RSA", "ECDH_anon"] | |
davidben
2016/08/10 19:42:14
How will this work with TLS 1.3 which is expected
rolandshoemaker
2016/08/15 03:38:33
The 'CipherNames', 'KeyExchangeNames', and 'MACNam
davidben
2016/08/15 19:09:34
They're not really standard format. They're used i
alex.gaynor
2016/08/19 15:53:36
As one of the folks interested in this API, I thin
| |
168 }, | |
169 { | |
170 "id": "MACNames", | |
171 "type": "string", | |
172 "enum": ["UNKNOWN", "NULL", "HMAC-MD5", "HMAC-SHA1", "HMAC-SHA256", "HMA C-SHA384"] | |
davidben
2016/08/10 19:42:13
What is returned for modern ciphers like AEADs? Be
| |
173 }, | |
174 { | |
175 "id": "ValidationErrors", | |
176 "type": "string", | |
177 "enum": ["ERR_CERT_REVOKED", "ERR_CERT_INVALID", "ERR_SSL_PINNED_KEY_NOT _IN_CERT_CHAIN", "ERR_CERT_AUTHORITY_INVALID", "ERR_CERT_COMMON_NAME_INVALID", " ERR_CERT_NAME_CONSTRAINT_VIOLATION", "ERR_CERT_WEAK_SIGNATURE_ALGORITHM", "ERR_C ERT_WEAK_KEY", "ERR_CERT_DATE_INVALID", "ERR_CERT_VALIDITY_TOO_LONG", "ERR_CERT_ UNABLE_TO_CHECK_REVOCATION", "ERR_CERT_NO_REVOCATION_MECHANISM"] | |
178 }, | |
179 { | |
180 "id": "DistinguishedName", | |
181 "type": "object", | |
182 "properties": { | |
183 "commonName": { | |
184 "type": "string", | |
185 "optional": true, | |
186 "description": "Subject Common Name." | |
187 }, | |
188 "localityName": { | |
189 "type": "string", | |
190 "optional": true, | |
191 "description": "Subject Locality Name." | |
192 }, | |
193 "stateOrProvinceName": { | |
194 "type": "string", | |
195 "optional": true, | |
196 "description": "Subject State or Province Name." | |
197 }, | |
198 "countryName": { | |
199 "type": "string", | |
200 "optional": true, | |
201 "description": "Subject Country Name." | |
202 }, | |
203 "streetAddresses": { | |
204 "type": "array", | |
205 "items": { "type": "string" }, | |
206 "optional": true, | |
207 "description": "Subject Street Addresses." | |
208 }, | |
209 "organizationNames": { | |
210 "type": "array", | |
211 "items": { "type": "string" }, | |
212 "optional": true, | |
213 "description": "Subject Organization Names." | |
214 }, | |
215 "organizationUnitNames": { | |
216 "type": "array", | |
217 "items": { "type": "string" }, | |
218 "optional": true, | |
219 "description": "Subject Organization Unit." | |
220 }, | |
221 "domainComponents": { | |
222 "type": "array", | |
223 "items": { "type": "string" }, | |
224 "optional": true, | |
225 "description": "Additional domain components." | |
226 } | |
227 } | |
228 }, | |
229 { | |
230 "id": "Certificate", | |
231 "type": "object", | |
232 "properties": { | |
233 "raw": { | |
234 "type": "binary", | |
235 "optional": true, | |
236 "description": "ArrayBuffer containing the DER encoded certificate." | |
237 }, | |
238 "serialNumber": { | |
239 "type": "string", | |
240 "description": "The serial number of the certificate." | |
241 }, | |
242 "subject": { | |
243 "$ref": "DistinguishedName", | |
244 "description": "The subject of the certificate" | |
elawrence
2016/08/10 14:46:47
Other descriptions end with a period.
| |
245 }, | |
246 "issuer": { | |
247 "$ref": "DistinguishedName", | |
248 "optional": true, | |
249 "description": "The issuer subject of the certificate" | |
elawrence
2016/08/10 14:46:47
Other descriptions end with a period.
| |
250 }, | |
251 "expired": { | |
252 "type": "boolean", | |
253 "description": "True if the certificate is expired." | |
254 }, | |
255 "notBefore": { | |
256 "type": "number", | |
257 "description": "notBefore time of the certificate" | |
elawrence
2016/08/10 14:46:47
Other descriptions end with a period.
| |
258 }, | |
259 "notAfter": { | |
260 "type": "number", | |
261 "description": "notAfter time of the certificate" | |
elawrence
2016/08/10 14:46:47
Other descriptions end with a period.
| |
262 }, | |
263 "DNSNames": { | |
264 "type": "array", | |
265 "items": { "type": "string" }, | |
266 "optional": true, | |
267 "description": "Array of DNS names contained in the certificate." | |
268 }, | |
269 "IPAddresses": { | |
270 "type": "array", | |
271 "items": { "type": "string" }, | |
272 "optional": true, | |
273 "description": "Array of IP Addresses contained in the certificate." | |
274 } | |
275 } | |
276 }, | |
277 { | |
278 "id": "ConnectionInfo", | |
279 "type": "object", | |
280 "properties": { | |
281 "cipherName": { | |
282 "$ref": "CipherNames", | |
283 "description" :"Name of cipher used" | |
elawrence
2016/08/10 14:46:47
Other descriptions end with a period.
| |
284 }, | |
285 "keyExchangeName": { | |
286 "$ref": "KeyExchangeNames", | |
287 "description" :"Name of key exchange technique used." | |
288 }, | |
289 "macName": { | |
290 "$ref": "MACNames", | |
291 "optional": true, | |
292 "description" :"Name of MAC used." | |
293 }, | |
294 "deflateCompression": { | |
elawrence
2016/08/10 14:46:47
Is there any way to enable (unsafe) deflateCompres
davidben
2016/08/10 19:42:13
Nope. BoringSSL does not even implement it.
rolandshoemaker
2016/08/15 03:38:33
Acknowledged.
| |
295 "type": "boolean", | |
296 "optional": true, | |
297 "description": "True if deflate compression was used." | |
298 }, | |
299 "sslVersion": { | |
300 "$ref": "SSLVersions", | |
301 "description": "The version of TLS used" | |
302 }, | |
303 "versionFallback": { | |
304 "type": "boolean", | |
305 "optional": true, | |
306 "description": "True if TLS fallback occurred." | |
307 }, | |
308 "noRenegotiationExtension": { | |
309 "type": "boolean", | |
310 "optional": true, | |
311 "description": "True if the no renegotiation extension was sent." | |
312 } | |
313 } | |
314 }, | |
315 { | |
316 "id": "SSLInfo", | |
317 "type": "object", | |
318 "properties": { | |
319 "connectionInfo": { | |
320 "$ref": "ConnectionInfo", | |
321 "description": "Information about the ciphers and protocols used to establish the underlying connection." | |
322 }, | |
323 "sentChain": { | |
324 "type": "array", | |
325 "optional": true, | |
326 "description": "Array of Certificates that was sent by the server.", | |
elawrence
2016/08/10 14:46:47
Is this the list of exactly what the server sent?
rolandshoemaker
2016/08/15 03:38:33
This is pulled from SSLInfo.unverified_cert which
| |
327 "items": { | |
328 "$ref": "Certificate" | |
329 } | |
330 }, | |
331 "builtChain": { | |
332 "type": "object", | |
333 "optional": true, | |
334 "description": "An object containing information about the certifica te chain that was built from the sent certificates.", | |
335 "properties": { | |
336 "valid": { | |
337 "type": "boolean", | |
338 "description": "True if built chain is valid." | |
339 }, | |
340 "issuedByKnownRoot": { | |
341 "type": "boolean", | |
342 "description": "True if the leaf certificate issued by known roo t." | |
elawrence
2016/08/10 14:46:47
I think this is "True if the leaf certificate has
| |
343 }, | |
344 "extendedValidation": { | |
345 "type": "boolean", | |
346 "description": "True if the leaf certificate is EV." | |
347 }, | |
348 "revocationCheckingEnabled": { | |
349 "type": "boolean", | |
350 "description": "True if reovcation checking for certificates in the chain is enabled." | |
elawrence
2016/08/10 14:46:47
Typo: s/reovcation/revocation
| |
351 }, | |
352 "errors": { | |
353 "type": "array", | |
354 "description": "List of validation errors for the certificate ch ain.", | |
355 "optional": true, | |
356 "items": { | |
357 "$ref": "ValidationErrors" | |
davidben
2016/08/10 19:42:13
[Anything certificate-related like this should not
| |
358 } | |
359 }, | |
360 "nonUniqueName": { | |
361 "type": "boolean", | |
362 "optional": true, | |
363 "description": "True if a certificate in the chain contains non unique names." | |
364 }, | |
365 "sha1SignaturePresent": { | |
davidben
2016/08/10 19:42:13
This sort of thing is a temporary (albeit very ver
| |
366 "type": "boolean", | |
367 "optional": true, | |
368 "description": "True if a certificate in the chain uses a SHA1 s ignature." | |
elawrence
2016/08/10 14:46:47
Excluding the root, right?
| |
369 }, | |
370 "ctComplianceFailed": { | |
371 "type": "boolean", | |
372 "optional": true, | |
373 "description": "True if a certificate in the chain fails CT comp liance checks." | |
374 }, | |
375 "chain": { | |
376 "type": "array", | |
377 "description": "Array of Certificates built from the sent chain. ", | |
378 "items": { | |
379 "$ref": "Certificate" | |
380 } | |
381 } | |
382 } | |
383 } | |
384 } | |
153 } | 385 } |
154 ], | 386 ], |
155 "functions": [ | 387 "functions": [ |
156 { | 388 { |
157 "name": "handlerBehaviorChanged", | 389 "name": "handlerBehaviorChanged", |
158 "type": "function", | 390 "type": "function", |
159 "description": "Needs to be called when the behavior of the webRequest h andlers has changed to prevent incorrect handling due to caching. This function call is expensive. Don't call it often.", | 391 "description": "Needs to be called when the behavior of the webRequest h andlers has changed to prevent incorrect handling due to caching. This function call is expensive. Don't call it often.", |
160 "parameters": [ | 392 "parameters": [ |
161 {"type": "function", "name": "callback", "optional": true, "parameters ": []} | 393 {"type": "function", "name": "callback", "optional": true, "parameters ": []} |
162 ] | 394 ] |
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
518 "method": {"type": "string", "description": "Standard HTTP method. "}, | 750 "method": {"type": "string", "description": "Standard HTTP method. "}, |
519 "frameId": {"type": "integer", "description": "The value 0 indicat es that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (<code>type</code> is <code>main_frame</code> or <code>sub_frame</code>) , <code>frameId</code> indicates the ID of this frame, not the ID of the outer f rame. Frame IDs are unique within a tab."}, | 751 "frameId": {"type": "integer", "description": "The value 0 indicat es that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (<code>type</code> is <code>main_frame</code> or <code>sub_frame</code>) , <code>frameId</code> indicates the ID of this frame, not the ID of the outer f rame. Frame IDs are unique within a tab."}, |
520 "parentFrameId": {"type": "integer", "description": "ID of frame t hat wraps the frame which sent the request. Set to -1 if no parent frame exists. "}, | 752 "parentFrameId": {"type": "integer", "description": "ID of frame t hat wraps the frame which sent the request. Set to -1 if no parent frame exists. "}, |
521 "tabId": {"type": "integer", "description": "The ID of the tab in which the request takes place. Set to -1 if the request isn't related to a tab." }, | 753 "tabId": {"type": "integer", "description": "The ID of the tab in which the request takes place. Set to -1 if the request isn't related to a tab." }, |
522 "type": {"$ref": "ResourceType", "description": "How the requested resource will be used."}, | 754 "type": {"$ref": "ResourceType", "description": "How the requested resource will be used."}, |
523 "timeStamp": {"type": "number", "description": "The time when this signal is triggered, in milliseconds since the epoch."}, | 755 "timeStamp": {"type": "number", "description": "The time when this signal is triggered, in milliseconds since the epoch."}, |
524 "ip": {"type": "string", "optional": true, "description": "The ser ver IP address that the request was actually sent to. Note that it may be a lite ral IPv6 address."}, | 756 "ip": {"type": "string", "optional": true, "description": "The ser ver IP address that the request was actually sent to. Note that it may be a lite ral IPv6 address."}, |
525 "fromCache": {"type": "boolean", "description": "Indicates if this response was fetched from disk cache."}, | 757 "fromCache": {"type": "boolean", "description": "Indicates if this response was fetched from disk cache."}, |
526 "statusCode": {"type": "integer", "description": "Standard HTTP st atus code returned by the server."}, | 758 "statusCode": {"type": "integer", "description": "Standard HTTP st atus code returned by the server."}, |
527 "responseHeaders": {"$ref": "HttpHeaders", "optional": true, "desc ription": "The HTTP response headers that were received along with this response ."}, | 759 "responseHeaders": {"$ref": "HttpHeaders", "optional": true, "desc ription": "The HTTP response headers that were received along with this response ."}, |
528 "statusLine": {"type": "string", "description": "HTTP status line of the response or the 'HTTP/0.9 200 OK' string for HTTP/0.9 responses (i.e., re sponses that lack a status line) or an empty string if there are no headers."} | 760 "statusLine": {"type": "string", "description": "HTTP status line of the response or the 'HTTP/0.9 200 OK' string for HTTP/0.9 responses (i.e., re sponses that lack a status line) or an empty string if there are no headers."}, |
761 "sslInfo": {"$ref": "SSLInfo", "optional": true, "description": "O ptional information about the underlying SSL/TLS transport, if one was used."} | |
elawrence
2016/08/10 14:46:47
Is sslInfo the best name, given that the protocol
rolandshoemaker
2016/08/15 03:38:33
Good point, I originally thought about just using
| |
529 } | 762 } |
530 } | 763 } |
531 ], | 764 ], |
532 "extraParameters": [ | 765 "extraParameters": [ |
533 { | 766 { |
534 "$ref": "RequestFilter", | 767 "$ref": "RequestFilter", |
535 "name": "filter", | 768 "name": "filter", |
536 "description": "A set of filters that restricts the events that will be sent to this listener." | 769 "description": "A set of filters that restricts the events that will be sent to this listener." |
537 }, | 770 }, |
538 { | 771 { |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
573 { | 806 { |
574 "$ref": "RequestFilter", | 807 "$ref": "RequestFilter", |
575 "name": "filter", | 808 "name": "filter", |
576 "description": "A set of filters that restricts the events that will be sent to this listener." | 809 "description": "A set of filters that restricts the events that will be sent to this listener." |
577 } | 810 } |
578 ] | 811 ] |
579 } | 812 } |
580 ] | 813 ] |
581 } | 814 } |
582 ] | 815 ] |
OLD | NEW |