chrome/common/extensions/api/certificate_provider.idl

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 // Use this API to expose certificates to the platform which can use these
   6 // certificates for TLS authentications.
   7 namespace certificateProvider {
   8   enum Hash {
   9     MD5_SHA1,
  10     SHA1,
  11     SHA256,
  12     SHA384,
  13     SHA512
  14   };
  15
  16   dictionary CertificateInfo {
  17     // Must be the DER encoding of a X.509 client certificate. Currently, only
  18     // certificates of RSA keys are supported.
  19     ArrayBuffer certificate;
  20
  21     // Must be set to all hashes supported for this certificate. This extension
  22     // will only be asked for signatures of digests calculated with one of these
  23     // hash algorithms.
  24     Hash[] supportedHashes;
  25   };
  26
  27   dictionary SignRequest {
  28     // The digest that must be signed.
  29     ArrayBuffer digest;
  30
  31     // Refers to the hash algorithm that was used to create |digest|.
  32     Hash hash;
  33
  34     // The DER encoding of a X.509 client certificate. The extension must sign
  35     // |digest| using the associated private key.
  36     ArrayBuffer certificate;
  37   };
  38
  39   // Either |error| or |signature| and not both must be set.
  40   dictionary SignatureDetails {
  41     // If the signature of the digest could not be calculated, this field must
  42     // be set.
  43     DOMString? error;
  44
  45     // If no error occurred, this field must be set to the signature of the
  46     // digest using the private the of the requested client certificate.
  47     // For an RSA key, the signature must be a PKCS#1 signature. The extension
  48     // is responsible for prepending the DigestInfo prefix and adding PKCS#1
  49     // padding. If an MD5_SHA1 hash must be signed, the extension must not
  50     // prepend a DigestInfo prefix but only add PKCS#1 padding.
  51     ArrayBuffer? signature;
  52   };
  53
  54   callback DoneCallback = void ();
  55   callback SignCallback = void(SignatureDetails reply, DoneCallback callback);
  56
  57   // Notifies Chrome that this extension is capable of responding to signing
  58   // requests for the certificates listed in |certificates|. The list must
  59   // only contain certificates for which the extension can sign data
  60   // using the associated private key.
  61   callback CertificatesCallback =
  62       void(CertificateInfo[] certificates, DoneCallback callback);
  63
  64   interface Events {
  65     // This event fires every time the browser requests the current list of
  66     // certificates provided by this extension. The extension must call
  67     // |callback| exactly once with the current list of certificates.
  68     static void onClientCertificatesRequested(CertificatesCallback callback);
  69
  70     // This event fires every time the browser needs to sign a message using a
  71     // certificate provided by this extension using |publishClientCertificates|.
  72     // The extension must sign the data in |request| using the appropriate
  73     // algorithm and private key and return it by calling |callback|. |callback|
  74     // must be called exactly once.
  75     static void onSignDigestRequested(SignRequest request,
  76                                       SignCallback callback);
  77   };
  78 };