Chromium Code Reviews Chromium Code Reviews
Issue 847163002:
Add the IDL for chrome.platformKeys. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/common/extensions/api/platform_keys.idl |
| diff --git a/chrome/common/extensions/api/platform_keys.idl b/chrome/common/extensions/api/platform_keys.idl |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..4c5da42d63696fec5807607bccc73fd788219386 |
| --- /dev/null |
| +++ b/chrome/common/extensions/api/platform_keys.idl |
| @@ -0,0 +1,83 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +// Use the <code>chrome.platformKeys</code> API to use client certificates |
| +// managed by the platform. |
| +[platforms = ("chromeos")] |
|
not at google - send to devlin
2015/01/14 21:42:35
annotation not necessary
pneubeck (no reviews)
2015/01/15 14:32:06
Done.
|
| +namespace platformKeys { |
| + dictionary Match { |
| + // The DER encoding of a X.509 certificate. |
| + ArrayBuffer certificate; |
| + |
| + // The public |
| + // <a href="http://www.w3.org/TR/WebCryptoAPI/#dfn-CryptoKey">CryptoKey</a> |
| + // for $(ref:certificate) which can only be used with |
| + // <code>chrome.certs.subtleCrypto</code>. |
| + object publicKey; |
| + |
| + // The private |
| + // <a href="http://www.w3.org/TR/WebCryptoAPI/#dfn-CryptoKey">CryptoKey</a> |
| + // for $(ref:certificate) which can only |
| + // be used with <code>chrome.certs.subtleCrypto</code>. Might be null if |
| + // this extension does not have access to it. |
| + object privateKey; |
|
not at google - send to devlin
2015/01/14 21:42:35
make it an object? then
pneubeck (no reviews)
2015/01/15 14:32:06
Done.
|
| + }; |
| + |
| + enum ClientCertificateType { |
| + rsaSign, |
| + dssSign, |
| + ecdsaSign |
| + }; |
| + |
| + // Analogous to TLS1.1's CertificateRequest. |
| + // See http://tools.ietf.org/html/rfc4346#section-7.4.4 . |
| + dictionary ClientCertificateRequest { |
| + // This field is a list of the types of certificates requested, sorted in |
| + // order of the server's preference. |
| + ClientCertificateType[] certificateTypes; |
| + |
| + // List of distinguished names of certificate authorities allowed by the |
| + // server. Each entry must be a DER-encoded X.509 DistinguishedName . |
| + ArrayBuffer[] certificateAuthorities; |
| + }; |
| + |
| + callback SelectCallback = void (Match[] certs); |
| + |
| + interface Functions { |
| + // This function filters from a list of client certificates the ones that |
| + // are known to the platform, match <code>request</code> and for which the |
| + // extension has permission to access the certificate and its private key. |
| + // If <code>interactive</code> is true, the user is presented a dialog where |
| + // he can select from matching certificates and grant the extension access |
| + // to the certificate. |
| + // The selected/filtered client certificates will be passed to |
| + // <code>callback</code>. |
| + // |
| + // |request|: Only certificates that match this request will be returned. |
| + // |clientCerts|: If given, the function operates on that list. Otherwise, |
| + // obtains the list of all certificates from the platform's certificate |
| + // stores that are available to this extensions. |
| + // |interactive|> If true, the filtered list is presented to the user to |
| + // manually select a certificate and thereby granting the extension access |
| + // to the certificate(s) and key(s). Only the selected certificate(s) will |
| + // be returned. |
| + // If is false, the list is reduced to all certificates that the extension |
| + // has been granted access to (automatically or manually). |
| + // |callback|: Will be called with the matching and, if |
| + // <code>interactive</code> is true, selected certificates that this |
| + // extension has access to. |
| + [nocompile] static void selectClientCertificates( |
| + boolean interactive, |
| + ClientCertificateRequest request, |
| + optional ArrayBuffer[] clientCerts, |
|
not at google - send to devlin
2015/01/14 21:42:35
Better if these 3 arguments are reduced to a singl
pneubeck (no reviews)
2015/01/15 14:32:06
Done.
|
| + SelectCallback callback); |
| + |
| + // An implementation of WebCrypto's |
| + // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">SubtleCrypto</a> |
| + // that allows crypto operations on keys of client certificates that are |
| + // available to this extension. |
| + [nocompile] static object subtleCrypto(); |
|
not at google - send to devlin
2015/01/14 21:42:35
What would it look like to use this method?
pneubeck (no reviews)
2015/01/15 09:23:52
actually, this should be a static member, but I th
pneubeck (no reviews)
2015/01/15 14:32:06
Is there an easy way to make it a member and not a
not at google - send to devlin
2015/01/15 21:48:56
It looks to me like you're wanting a global subtle
pneubeck (no reviews)
2015/01/19 08:54:00
Yes, I shouldn't have shortcut in my example thoug
|
| + }; |
| +}; |
| + |
