Make enterprise.platformKeys documentation public.

chrome/common/extensions/api/enterprise_platform_keys.idl

Index: chrome/common/extensions/api/enterprise_platform_keys.idl
diff --git a/chrome/common/extensions/api/enterprise_platform_keys.idl b/chrome/common/extensions/api/enterprise_platform_keys.idl
index aac6e626ee6cc55c64bbdddb5dc667bffdf04fc7..46e2f99c3ab0cb6724643a0d6ff0f5a417c080db 100644
--- a/chrome/common/extensions/api/enterprise_platform_keys.idl
+++ b/chrome/common/extensions/api/enterprise_platform_keys.idl
@@ -8,23 +8,35 @@
 // for TLS authentication and network access.
 [platforms = ("chromeos")]
 namespace enterprise.platformKeys {
-  [nocompile] dictionary Token {
-    // Uniquely identifies this Token. Static IDs are 'user' and 'device',
-    // referring to the platform's user-specific and the device-wide hardware
-    // token, respectively. Any other tokens (with other identifiers) might be
-    // returned by getTokens.
+  [nocompile, noinline_doc] dictionary Token {
+    // Uniquely identifies this <code>Token</code>. Static IDs are
+    // <code>"user"</code> and <code>"device"</code>, referring to the
+    // platform's user-specific and the device-wide hardware token,
+    // respectively. Any other tokens (with other identifiers) might be returned
+    // by $(ref:enterprise.platformKeys.getTokens).
     DOMString id;
 
-    // Implements the WebCrypto's <code>SubtleCrypto</code> interface. The
-    // crypto operations are hardware-backed.
+    // Implements the WebCrypto's
+    // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">SubtleCrypto</a>
+    // interface. The cryptographic operations, including key generation, are
+    // hardware-backed.

[not at google - send to devlin, 2014/06/03 15:12:21]

can you split this and the description for |id| into a couple of paragraphs
each? the giant block of text looks a bit unwieldy.

[pneubeck (no reviews), 2014/06/03 16:41:36]

Done.

+    // Only non-extractable RSASSA-PKCS1-V1_5 keys with
+    // <code>modulusLength</code> up to 2048 can be generated. Each key can be
+    // used for signing data at most once.
+    // Keys generated on a specific <code>Token</code> cannot be used with any
+    // other Tokens, nor can they be used with
+    // <code>window.crypto.subtle</code>. Equally, <code>Key</code> objects
+    // created with <code>window.crypto.subtle</code> cannot be used with this
+    // interface.
     [instanceOf = SubtleCrypto] object subtleCrypto;
   };
 
   // Invoked by <code>getTokens</code> with the list of available Tokens.
+  // |tokens|: The list of available tokens.
   callback GetTokensCallback = void(Token[] tokens);
 
   // Callback to which the certificates are passed.
-  // |certificates| The list of certificates, each in DER encoding of a X.509
+  // |certificates|: The list of certificates, each in DER encoding of a X.509
   //     certificate.
   callback GetCertificatesCallback = void(ArrayBuffer[] certificates);
 
@@ -34,43 +46,40 @@ namespace enterprise.platformKeys {
 
   interface Functions {
     // Returns the available Tokens. In a regular user's session the list will
-    // always contain the user's token with id 'user'. If a device-wide TPM
-    // token is available it will also contain the device-wide token with id
-    // 'device'. The device-wide token will be the same for all sessions on this
-    // device (device in the sense of e.g. a Chromebook).
+    // always contain the user's token with <code>id</code> <code>"user"</code>.
+    // If a device-wide TPM token is available it will also contain the
+    // device-wide token with <code>id</code> <code>"device"</code>. The
+    // device-wide token will be the same for all sessions on this device
+    // (device in the sense of e.g. a Chromebook).
     [nocompile] static void getTokens(GetTokensCallback callback);
 
     // Returns the list of all client certificates available from the given
     // token. Can be used to check for the existence and expiration of client
     // certificates that are usable for a certain authentication.
-    // |tokenId| The id of a Token returned by <code>getTokens</code>.
-    // |callback| Called back with the list of the available certificates.
+    // |tokenId|: The id of a Token returned by <code>getTokens</code>.
+    // |callback|: Called back with the list of the available certificates.
     static void getCertificates(DOMString tokenId,
                                 GetCertificatesCallback callback);
 
-    // Imports |certificate| to the given token if the certified key is already
-    // stored in this token.
+    // Imports <code>certificate</code> to the given token if the certified key
+    // is already stored in this token.
     // After a successful certification request, this function should be used to
     // store the obtained certificate and to make it available to the operating
     // system and browser for authentication.
-    // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView),
-    // or at least (ArrayBuffer or Uint8Array).
-    // |tokenId| The id of a Token returned by <code>getTokens</code>.
-    // |certificate| The DER encoding of a X.509 certificate.
-    // |callback| Called back when this operation is finished.
+    // |tokenId|: The id of a Token returned by <code>getTokens</code>.
+    // |certificate|: The DER encoding of a X.509 certificate.
+    // |callback|: Called back when this operation is finished.
     static void importCertificate(DOMString tokenId,
                                   ArrayBuffer certificate,
                                   optional DoneCallback callback);
 
-    // Removes |certificate| from the given token if present.
+    // Removes <code>certificate</code> from the given token if present.
     // Should be used to remove obsolete certificates so that they are not
     // considered during authentication and do not clutter the certificate
     // choice. Should be used to free storage in the certificate store.
-    // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView),
-    // or at least (ArrayBuffer or Uint8Array).
-    // |tokenId| The id of a Token returned by <code>getTokens</code>.
-    // |certificate| The DER encoding of a X.509 certificate.
-    // |callback| Called back when this operation is finished.
+    // |tokenId|: The id of a Token returned by <code>getTokens</code>.
+    // |certificate|: The DER encoding of a X.509 certificate.
+    // |callback|: Called back when this operation is finished.
     static void removeCertificate(DOMString tokenId,
                                   ArrayBuffer certificate,
                                   optional DoneCallback callback);