Index: chrome/common/extensions/api/platform_keys.idl |
diff --git a/chrome/common/extensions/api/platform_keys.idl b/chrome/common/extensions/api/platform_keys.idl |
new file mode 100644 |
index 0000000000000000000000000000000000000000..d4308c88e231ffc7f17bd782647792e0e1097cb4 |
--- /dev/null |
+++ b/chrome/common/extensions/api/platform_keys.idl |
@@ -0,0 +1,108 @@ |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+// Use the <code>chrome.platformKeys</code> API to use client certificates |
+// managed by the platform. |
+namespace platformKeys { |
+ dictionary Match { |
+ // The DER encoding of a X.509 certificate. |
+ ArrayBuffer certificate; |
+ |
+ // The |
+ // <a href="http://www.w3.org/TR/WebCryptoAPI/#key-algorithm-dictionary"> |
+ // KeyAlgorithm</a> of the certified key. This contains algorithm |
+ // parameters that are inherent to the key of the certificate (e.g. the key |
+ // length). Other parameters like the hash function used by the sign |
+ // function are not included. |
+ object keyAlgorithm; |
+ }; |
+ |
+ enum ClientCertificateType { |
+ rsaSign, |
+ dssSign, |
+ ecdsaSign |
+ }; |
+ |
+ // Analogous to TLS1.1's CertificateRequest. |
+ // See http://tools.ietf.org/html/rfc4346#section-7.4.4 . |
+ dictionary ClientCertificateRequest { |
+ // This field is a list of the types of certificates requested, sorted in |
+ // order of the server's preference. |
+ ClientCertificateType[] certificateTypes; |
+ |
+ // List of distinguished names of certificate authorities allowed by the |
+ // server. Each entry must be a DER-encoded X.509 DistinguishedName. |
+ ArrayBuffer[] certificateAuthorities; |
+ }; |
+ |
+ dictionary SelectDetails { |
+ // Only certificates that match this request will be returned. |
+ ClientCertificateRequest request; |
+ |
+ // If given, the <code>selectClientCertificates</code> operates on this |
+ // list. Otherwise, obtains the list of all certificates from the platform's |
+ // certificate stores that are available to this extensions. |
+ // Entries that the extension doesn't have permission for or which doesn't |
+ // match the request, are removed. |
+ ArrayBuffer[]? clientCerts; |
+ |
+ // If true, the filtered list is presented to the user to manually select a |
+ // certificate and thereby granting the extension access to the |
+ // certificate(s) and key(s). Only the selected certificate(s) will be |
+ // returned. If is false, the list is reduced to all certificates that the |
+ // extension has been granted access to (automatically or manually). |
+ boolean interactive; |
+ }; |
+ |
+ callback SelectCallback = void (Match[] certs); |
+ |
+ // The public and private |
+ // <a href="http://www.w3.org/TR/WebCryptoAPI/#dfn-CryptoKey">CryptoKey</a> |
+ // of a certificate which can only be used with |
+ // <code>chrome.certs.subtleCrypto</code>. <code>privateKey</code> Might be |
+ // null if this extension does not have access to it. |
+ callback GetKeyPairCallback = void (object publicKey, |
+ optional object privateKey); |
+ |
+ interface Functions { |
+ // This function filters from a list of client certificates the ones that |
+ // are known to the platform, match <code>request</code> and for which the |
+ // extension has permission to access the certificate and its private key. |
+ // If <code>interactive</code> is true, the user is presented a dialog where |
+ // he can select from matching certificates and grant the extension access |
+ // to the certificate. |
+ // The selected/filtered client certificates will be passed to |
+ // <code>callback</code>. |
+ // |callback|: Will be called with the matching and, if |
+ // <code>interactive</code> is true, selected certificates that this |
+ // extension has access to. |
+ [nocompile] static void selectClientCertificates( |
+ SelectDetails details, |
+ SelectCallback callback); |
+ |
+ // Passes the key pair of <code>certificate</code> for usage with |
+ // $(ref:platformKeys.subtleCrypto) to <code>callback</code>. |
+ // |certificate|: The certificate of a $(ref:Match) returned by |
+ // $ref(selectClientCertificates). |
+ // |params|: Determines signature/hash algorithm parameters additionally to |
+ // the parameters fixed by the key itself. The same parameters are |
+ // accepted as by WebCrypto's <code>importKey</code> function, e.g. |
+ // <code>RsaHashedImportParams</code> for a RSASSA-PKCS1-v1_5 key. |
+ // For RSASSA-PKCS1-v1_5 keys, additionally the parameters |
+ // <code>{ 'hash': { 'name': 'none' } }</code> are supported. The sign |
+ // function will then apply PKCS#1 v1.5 padding and but not hash the |
+ // given data. |
+ [nocompile] static void getKeyPair(ArrayBuffer certificate, |
+ object parameters, |
+ GetKeyPairCallback callback); |
+ |
+ // An implementation of WebCrypto's |
+ // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface"> |
+ // SubtleCrypto</a> |
+ // that allows crypto operations on keys of client certificates that are |
+ // available to this extension. |
+ [nocompile] static object subtleCrypto(); |
+ }; |
+}; |
+ |