Chromium Code Reviews Chromium Code Reviews
Issue 312503004:
Make enterprise.platformKeys documentation public. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Use the <code>chrome.enterprise.platformKeys</code> API to generate | 5 // Use the <code>chrome.enterprise.platformKeys</code> API to generate |
| 6 // hardware-backed keys and to install certificates for these keys. The | 6 // hardware-backed keys and to install certificates for these keys. The |
| 7 // certificates will be available to the platform and can, for example, be used | 7 // certificates will be available to the platform and can, for example, be used |
| 8 // for TLS authentication and network access. | 8 // for TLS authentication and network access. |
| 9 [platforms = ("chromeos")] | 9 [platforms = ("chromeos")] |
| 10 namespace enterprise.platformKeys { | 10 namespace enterprise.platformKeys { |
| 11 [nocompile] dictionary Token { | 11 [nocompile, noinline_doc] dictionary Token { |
| 12 // Uniquely identifies this Token. Static IDs are 'user' and 'device', | 12 // Uniquely identifies this <code>Token</code>. Static IDs are |
| 13 // referring to the platform's user-specific and the device-wide hardware | 13 // <code>"user"</code> and <code>"device"</code>, referring to the |
| 14 // token, respectively. Any other tokens (with other identifiers) might be | 14 // platform's user-specific and the device-wide hardware token, |
| 15 // returned by getTokens. | 15 // respectively. Any other tokens (with other identifiers) might be returned |
| 16 // by $(ref:enterprise.platformKeys.getTokens). | |
| 16 DOMString id; | 17 DOMString id; |
| 17 | 18 |
| 18 // Implements the WebCrypto's <code>SubtleCrypto</code> interface. The | 19 // Implements the WebCrypto's |
| 19 // crypto operations are hardware-backed. | 20 // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">Subtl eCrypto</a> |
| 21 // interface. The cryptographic operations, including key generation, are | |
| 22 // hardware-backed. | |
|
not at google - send to devlin
2014/06/03 15:12:21
can you split this and the description for |id| in
pneubeck (no reviews)
2014/06/03 16:41:36
Done.
| |
| 23 // Only non-extractable RSASSA-PKCS1-V1_5 keys with | |
| 24 // <code>modulusLength</code> up to 2048 can be generated. Each key can be | |
| 25 // used for signing data at most once. | |
| 26 // Keys generated on a specific <code>Token</code> cannot be used with any | |
| 27 // other Tokens, nor can they be used with | |
| 28 // <code>window.crypto.subtle</code>. Equally, <code>Key</code> objects | |
| 29 // created with <code>window.crypto.subtle</code> cannot be used with this | |
| 30 // interface. | |
| 20 [instanceOf = SubtleCrypto] object subtleCrypto; | 31 [instanceOf = SubtleCrypto] object subtleCrypto; |
| 21 }; | 32 }; |
| 22 | 33 |
| 23 // Invoked by <code>getTokens</code> with the list of available Tokens. | 34 // Invoked by <code>getTokens</code> with the list of available Tokens. |
| 35 // |tokens|: The list of available tokens. | |
| 24 callback GetTokensCallback = void(Token[] tokens); | 36 callback GetTokensCallback = void(Token[] tokens); |
| 25 | 37 |
| 26 // Callback to which the certificates are passed. | 38 // Callback to which the certificates are passed. |
| 27 // |certificates| The list of certificates, each in DER encoding of a X.509 | 39 // |certificates|: The list of certificates, each in DER encoding of a X.509 |
| 28 // certificate. | 40 // certificate. |
| 29 callback GetCertificatesCallback = void(ArrayBuffer[] certificates); | 41 callback GetCertificatesCallback = void(ArrayBuffer[] certificates); |
| 30 | 42 |
| 31 // Invoked by importCertificate or removeCertificate when the respective | 43 // Invoked by importCertificate or removeCertificate when the respective |
| 32 // operation is finished. | 44 // operation is finished. |
| 33 callback DoneCallback = void(); | 45 callback DoneCallback = void(); |
| 34 | 46 |
| 35 interface Functions { | 47 interface Functions { |
| 36 // Returns the available Tokens. In a regular user's session the list will | 48 // Returns the available Tokens. In a regular user's session the list will |
| 37 // always contain the user's token with id 'user'. If a device-wide TPM | 49 // always contain the user's token with <code>id</code> <code>"user"</code>. |
| 38 // token is available it will also contain the device-wide token with id | 50 // If a device-wide TPM token is available it will also contain the |
| 39 // 'device'. The device-wide token will be the same for all sessions on this | 51 // device-wide token with <code>id</code> <code>"device"</code>. The |
| 40 // device (device in the sense of e.g. a Chromebook). | 52 // device-wide token will be the same for all sessions on this device |
| 53 // (device in the sense of e.g. a Chromebook). | |
| 41 [nocompile] static void getTokens(GetTokensCallback callback); | 54 [nocompile] static void getTokens(GetTokensCallback callback); |
| 42 | 55 |
| 43 // Returns the list of all client certificates available from the given | 56 // Returns the list of all client certificates available from the given |
| 44 // token. Can be used to check for the existence and expiration of client | 57 // token. Can be used to check for the existence and expiration of client |
| 45 // certificates that are usable for a certain authentication. | 58 // certificates that are usable for a certain authentication. |
| 46 // |tokenId| The id of a Token returned by <code>getTokens</code>. | 59 // |tokenId|: The id of a Token returned by <code>getTokens</code>. |
| 47 // |callback| Called back with the list of the available certificates. | 60 // |callback|: Called back with the list of the available certificates. |
| 48 static void getCertificates(DOMString tokenId, | 61 static void getCertificates(DOMString tokenId, |
| 49 GetCertificatesCallback callback); | 62 GetCertificatesCallback callback); |
| 50 | 63 |
| 51 // Imports |certificate| to the given token if the certified key is already | 64 // Imports <code>certificate</code> to the given token if the certified key |
| 52 // stored in this token. | 65 // is already stored in this token. |
| 53 // After a successful certification request, this function should be used to | 66 // After a successful certification request, this function should be used to |
| 54 // store the obtained certificate and to make it available to the operating | 67 // store the obtained certificate and to make it available to the operating |
| 55 // system and browser for authentication. | 68 // system and browser for authentication. |
| 56 // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView), | 69 // |tokenId|: The id of a Token returned by <code>getTokens</code>. |
| 57 // or at least (ArrayBuffer or Uint8Array). | 70 // |certificate|: The DER encoding of a X.509 certificate. |
| 58 // |tokenId| The id of a Token returned by <code>getTokens</code>. | 71 // |callback|: Called back when this operation is finished. |
| 59 // |certificate| The DER encoding of a X.509 certificate. | |
| 60 // |callback| Called back when this operation is finished. | |
| 61 static void importCertificate(DOMString tokenId, | 72 static void importCertificate(DOMString tokenId, |
| 62 ArrayBuffer certificate, | 73 ArrayBuffer certificate, |
| 63 optional DoneCallback callback); | 74 optional DoneCallback callback); |
| 64 | 75 |
| 65 // Removes |certificate| from the given token if present. | 76 // Removes <code>certificate</code> from the given token if present. |
| 66 // Should be used to remove obsolete certificates so that they are not | 77 // Should be used to remove obsolete certificates so that they are not |
| 67 // considered during authentication and do not clutter the certificate | 78 // considered during authentication and do not clutter the certificate |
| 68 // choice. Should be used to free storage in the certificate store. | 79 // choice. Should be used to free storage in the certificate store. |
| 69 // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView), | 80 // |tokenId|: The id of a Token returned by <code>getTokens</code>. |
| 70 // or at least (ArrayBuffer or Uint8Array). | 81 // |certificate|: The DER encoding of a X.509 certificate. |
| 71 // |tokenId| The id of a Token returned by <code>getTokens</code>. | 82 // |callback|: Called back when this operation is finished. |
| 72 // |certificate| The DER encoding of a X.509 certificate. | |
| 73 // |callback| Called back when this operation is finished. | |
| 74 static void removeCertificate(DOMString tokenId, | 83 static void removeCertificate(DOMString tokenId, |
| 75 ArrayBuffer certificate, | 84 ArrayBuffer certificate, |
| 76 optional DoneCallback callback); | 85 optional DoneCallback callback); |
| 77 }; | 86 }; |
| 78 }; | 87 }; |
| OLD | NEW |
