Add the IDL for chrome.platformKeys.

chrome/common/extensions/api/platform_keys.idl

Index: chrome/common/extensions/api/platform_keys.idl
diff --git a/chrome/common/extensions/api/platform_keys.idl b/chrome/common/extensions/api/platform_keys.idl
new file mode 100644
index 0000000000000000000000000000000000000000..d4308c88e231ffc7f17bd782647792e0e1097cb4
--- /dev/null
+++ b/chrome/common/extensions/api/platform_keys.idl
@@ -0,0 +1,108 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Use the <code>chrome.platformKeys</code> API to use client certificates
+// managed by the platform.
+namespace platformKeys {
+  dictionary Match {
+     // The DER encoding of a X.509 certificate.
+     ArrayBuffer certificate;
+
+     // The
+     // <a href="http://www.w3.org/TR/WebCryptoAPI/#key-algorithm-dictionary">
+     // KeyAlgorithm</a> of the certified key. This contains algorithm
+     // parameters that are inherent to the key of the certificate (e.g. the key
+     // length). Other parameters like the hash function used by the sign
+     // function are not included.
+     object keyAlgorithm;
+  };
+
+  enum ClientCertificateType {
+    rsaSign,
+    dssSign,
+    ecdsaSign
+  };
+
+  // Analogous to TLS1.1's CertificateRequest.
+  // See http://tools.ietf.org/html/rfc4346#section-7.4.4 .
+  dictionary ClientCertificateRequest {
+    // This field is a list of the types of certificates requested, sorted in
+    // order of the server's preference.
+    ClientCertificateType[] certificateTypes;
+
+    // List of distinguished names of certificate authorities allowed by the
+    // server. Each entry must be a DER-encoded X.509 DistinguishedName.
+    ArrayBuffer[] certificateAuthorities;
+  };
+
+  dictionary SelectDetails {
+    // Only certificates that match this request will be returned.
+    ClientCertificateRequest request;
+
+    // If given, the <code>selectClientCertificates</code> operates on this
+    // list. Otherwise, obtains the list of all certificates from the platform's
+    // certificate stores that are available to this extensions.
+    // Entries that the extension doesn't have permission for or which doesn't
+    // match the request, are removed.
+    ArrayBuffer[]? clientCerts;
+
+    // If true, the filtered list is presented to the user to manually select a
+    // certificate and thereby granting the extension access to the
+    // certificate(s) and key(s). Only the selected certificate(s) will be
+    // returned. If is false, the list is reduced to all certificates that the
+    // extension has been granted access to (automatically or manually).
+    boolean interactive;
+  };
+
+  callback SelectCallback = void (Match[] certs);
+
+  // The public and private
+  // <a href="http://www.w3.org/TR/WebCryptoAPI/#dfn-CryptoKey">CryptoKey</a>
+  // of a certificate which can only be used with
+  // <code>chrome.certs.subtleCrypto</code>. <code>privateKey</code> Might be
+  // null if this extension does not have access to it.
+  callback GetKeyPairCallback = void (object publicKey, 
+                                      optional object privateKey);
+
+  interface Functions {
+    // This function filters from a list of client certificates the ones that
+    // are known to the platform, match <code>request</code> and for which the
+    // extension has permission to access the certificate and its private key.
+    // If <code>interactive</code> is true, the user is presented a dialog where
+    // he can select from matching certificates and grant the extension access
+    // to the certificate.
+    // The selected/filtered client certificates will be passed to
+    // <code>callback</code>.
+    // |callback|: Will be called with the matching and, if
+    //   <code>interactive</code> is true, selected certificates that this
+    //   extension has access to.
+    [nocompile] static void selectClientCertificates(
+        SelectDetails details,
+        SelectCallback callback);
+
+    // Passes the key pair of <code>certificate</code> for usage with
+    // $(ref:platformKeys.subtleCrypto) to <code>callback</code>.
+    // |certificate|: The certificate of a $(ref:Match) returned by
+    //     $ref(selectClientCertificates).
+    // |params|: Determines signature/hash algorithm parameters additionally to
+    //     the parameters fixed by the key itself. The same parameters are
+    //     accepted as by WebCrypto's <code>importKey</code> function, e.g.
+    //     <code>RsaHashedImportParams</code> for a RSASSA-PKCS1-v1_5 key.
+    //     For RSASSA-PKCS1-v1_5 keys, additionally the parameters
+    //     <code>{ 'hash': { 'name': 'none' } }</code> are supported. The sign
+    //     function will then apply PKCS#1 v1.5 padding and but not hash the
+    //     given data.
+    [nocompile] static void getKeyPair(ArrayBuffer certificate,
+                                       object parameters,
+                                       GetKeyPairCallback callback);
+
+    // An implementation of WebCrypto's
+    // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">
+    // SubtleCrypto</a>
+    // that allows crypto operations on keys of client certificates that are
+    // available to this extension.
+    [nocompile] static object subtleCrypto();
+  };
+};
+