Chromium Code Reviews Chromium Code Reviews
Issue 312503004:
Make enterprise.platformKeys documentation public. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 <p class="note"> | |
| 2 <strong>Note: </strong> | |
| 3 This API is only available on Chrome OS and to | |
| 4 <a href="https://support.google.com/chrome/a/answer/1375694?hl=en">extensions pr e-installed by policy</a>. | |
| 5 </p> | |
| 6 | |
| 7 <h2 id="usage">Usage</h2> | |
| 8 | |
| 9 Typical usage of this API to enroll a client certificate follows these steps: | |
| 10 <ul> | |
| 11 <li>Get all available tokens using $(ref:enterprise.platformKeys.getTokens). | |
| 12 </li> | |
| 13 <li>Find the Token with <code>id</code> equal <code>"user"</code>. Use this | |
| 14 Token subsequently.</li> | |
| 15 <li>Generate a key pair using the <code>generateKey</code> Token method | |
| 16 (defined in SubtleCrypto). This will return handle to the key.</li> | |
| 17 <li>Export the public key using the <code>exportKey</code> Token method | |
| 18 (defined in SubtleCrypto). | |
| 19 <li>Create the signature of the certification request's data using the | |
| 20 <code>sign</code> Token method (defined in SubtleCrypto).</li> | |
| 21 <li>Complete the certification request and send it to the certification | |
| 22 authority.</li> | |
| 23 <li>If a certificate is received, import it using | |
| 24 $(ref:enterprise.platformKeys.importCertificate)</li> | |
| 25 </ul> | |
| 26 | |
| 27 <p> | |
| 28 Here's an example that shows the major API interaction except the building and s ending of the certification request: | |
| 29 </p> | |
| 30 | |
| 31 <pre> | |
|
not at google - send to devlin
2014/06/03 15:12:21
put a data-filename="background.js" attribute on t
pneubeck (no reviews)
2014/06/03 16:41:36
Done.
| |
| 32 function getUserToken(callback) { | |
| 33 chrome.enterprise.platformKeys.getTokens(function(tokens) { | |
| 34 for (var i = 0; i < tokens.length; i++) { | |
| 35 if (tokens[i].id == "user") { | |
| 36 callback(tokens[i]); | |
| 37 return; | |
| 38 } | |
| 39 } | |
| 40 callback(undefined); | |
| 41 }); | |
| 42 } | |
| 43 | |
| 44 function generateAndSign(userToken) { | |
| 45 var data = new Uint8Array([0, 5, 1, 2, 3, 4, 5, 6]); | |
| 46 var algorithm = { | |
| 47 name: "RSASSA-PKCS1-v1_5", | |
| 48 // RsaHashedKeyGenParams | |
| 49 modulusLength: 2048, | |
| 50 publicExponent: | |
| 51 new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 | |
| 52 hash: { | |
| 53 name: "SHA-1", | |
| 54 } | |
| 55 }; | |
| 56 var cachedKeyPair; | |
| 57 userToken.subtleCrypto.generateKey(algorithm, false, ["sign"]) | |
| 58 .then(function(keyPair) { | |
| 59 cachedKeyPair = keyPair; | |
| 60 return userToken.subtleCrypto.exportKey("spki", keyPair.publicKey); | |
| 61 }, | |
| 62 console.log.bind(console)) | |
| 63 .then(function(publicKeySpki) { | |
| 64 // Build the Certification Request using the public key. | |
| 65 return userToken.subtleCrypto.sign( | |
| 66 {name : "RSASSA-PKCS1-v1_5"}, cachedKeyPair.privateKey, data); | |
| 67 }, | |
| 68 console.log.bind(console)) | |
| 69 .then(function(signature) { | |
| 70 // Complete the Certification Request with |signature|. | |
| 71 // Send out the request to the CA, calling back | |
| 72 // onClientCertificateReceived. | |
| 73 }, | |
| 74 console.log.bind(console)); | |
| 75 } | |
| 76 | |
| 77 function onClientCertificateReceived(userToken, certificate) { | |
| 78 chrome.enterprise.platformKeys.importCertificate(userToken.id, certificate); | |
| 79 } | |
| 80 | |
| 81 getUserToken(generateAndSign); | |
| 82 </pre> | |
| OLD | NEW |
