OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // Use the <code>chrome.platformKeys</code> API to use client certificates | |
6 // managed by the platform. | |
7 [platforms = ("chromeos")] | |
not at google - send to devlin
2015/01/14 21:42:35
annotation not necessary
pneubeck (no reviews)
2015/01/15 14:32:06
Done.
| |
8 namespace platformKeys { | |
9 dictionary Match { | |
10 // The DER encoding of a X.509 certificate. | |
11 ArrayBuffer certificate; | |
12 | |
13 // The public | |
14 // <a href="http://www.w3.org/TR/WebCryptoAPI/#dfn-CryptoKey">CryptoKey</a> | |
15 // for $(ref:certificate) which can only be used with | |
16 // <code>chrome.certs.subtleCrypto</code>. | |
17 object publicKey; | |
18 | |
19 // The private | |
20 // <a href="http://www.w3.org/TR/WebCryptoAPI/#dfn-CryptoKey">CryptoKey</a> | |
21 // for $(ref:certificate) which can only | |
22 // be used with <code>chrome.certs.subtleCrypto</code>. Might be null if | |
23 // this extension does not have access to it. | |
24 object privateKey; | |
not at google - send to devlin
2015/01/14 21:42:35
make it an object? then
pneubeck (no reviews)
2015/01/15 14:32:06
Done.
| |
25 }; | |
26 | |
27 enum ClientCertificateType { | |
28 rsaSign, | |
29 dssSign, | |
30 ecdsaSign | |
31 }; | |
32 | |
33 // Analogous to TLS1.1's CertificateRequest. | |
34 // See http://tools.ietf.org/html/rfc4346#section-7.4.4 . | |
35 dictionary ClientCertificateRequest { | |
36 // This field is a list of the types of certificates requested, sorted in | |
37 // order of the server's preference. | |
38 ClientCertificateType[] certificateTypes; | |
39 | |
40 // List of distinguished names of certificate authorities allowed by the | |
41 // server. Each entry must be a DER-encoded X.509 DistinguishedName . | |
42 ArrayBuffer[] certificateAuthorities; | |
43 }; | |
44 | |
45 callback SelectCallback = void (Match[] certs); | |
46 | |
47 interface Functions { | |
48 // This function filters from a list of client certificates the ones that | |
49 // are known to the platform, match <code>request</code> and for which the | |
50 // extension has permission to access the certificate and its private key. | |
51 // If <code>interactive</code> is true, the user is presented a dialog where | |
52 // he can select from matching certificates and grant the extension access | |
53 // to the certificate. | |
54 // The selected/filtered client certificates will be passed to | |
55 // <code>callback</code>. | |
56 // | |
57 // |request|: Only certificates that match this request will be returned. | |
58 // |clientCerts|: If given, the function operates on that list. Otherwise, | |
59 // obtains the list of all certificates from the platform's certificate | |
60 // stores that are available to this extensions. | |
61 // |interactive|> If true, the filtered list is presented to the user to | |
62 // manually select a certificate and thereby granting the extension access | |
63 // to the certificate(s) and key(s). Only the selected certificate(s) will | |
64 // be returned. | |
65 // If is false, the list is reduced to all certificates that the extension | |
66 // has been granted access to (automatically or manually). | |
67 // |callback|: Will be called with the matching and, if | |
68 // <code>interactive</code> is true, selected certificates that this | |
69 // extension has access to. | |
70 [nocompile] static void selectClientCertificates( | |
71 boolean interactive, | |
72 ClientCertificateRequest request, | |
73 optional ArrayBuffer[] clientCerts, | |
not at google - send to devlin
2015/01/14 21:42:35
Better if these 3 arguments are reduced to a singl
pneubeck (no reviews)
2015/01/15 14:32:06
Done.
| |
74 SelectCallback callback); | |
75 | |
76 // An implementation of WebCrypto's | |
77 // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">Subtl eCrypto</a> | |
78 // that allows crypto operations on keys of client certificates that are | |
79 // available to this extension. | |
80 [nocompile] static object subtleCrypto(); | |
not at google - send to devlin
2015/01/14 21:42:35
What would it look like to use this method?
pneubeck (no reviews)
2015/01/15 09:23:52
actually, this should be a static member, but I th
pneubeck (no reviews)
2015/01/15 14:32:06
Is there an easy way to make it a member and not a
not at google - send to devlin
2015/01/15 21:48:56
It looks to me like you're wanting a global subtle
pneubeck (no reviews)
2015/01/19 08:54:00
Yes, I shouldn't have shortcut in my example thoug
| |
81 }; | |
82 }; | |
83 | |
OLD | NEW |