blob: 71bf64d6e8d993cafaf077c84f9fedc6df2ef9b9 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// <code>chrome.cryptotokenPrivate</code> API that provides hooks to Chrome to
// be used by cryptotoken component extension.
// <p>In the context of this API, an AppId is roughly an origin and is formally
// defined in
// <a href="https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.html">
// the FIDO spec</a></p>
namespace cryptotokenPrivate {
callback BooleanCallback = void(boolean result);
dictionary CanAppIdGetAttestationOptions {
// The AppId (see definition, above) that was used in the registration
// request and which has been authenticated by |canOriginAssertAppId|.
DOMString appId;
// The origin of the caller.
DOMString origin;
// Identifies the tab in which the registration is occuring so that any
// permissions prompt is correctly located.
long tabId;
};
interface Functions {
// Checks whether the origin is allowed to assert the appId, according to
// the same origin policy defined at
// http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/
// fido-appid-and-facets-ps-20141009.html
// |securityOrigin| is the origin as seen by the extension, and |appIdUrl|
// is the appId being asserted by the origin.
static void canOriginAssertAppId(DOMString securityOrigin,
DOMString appIdUrl,
BooleanCallback callback);
// Checks whether the given appId is specified in the
// SecurityKeyPermitAttestation policy. This causes a signal to be sent to
// the token that informs it that an individually-identifying attestation
// certificate may be used. Without that signal, the token is required to
// use its batch attestation certificate.
static void isAppIdHashInEnterpriseContext(ArrayBuffer appIdHash,
BooleanCallback callback);
// Checks whether the given appId may receive attestation data that
// identifies the token. If not, the attestation from the token must be
// substituted with a randomly generated certificate since webauthn and U2F
// require that some attestation be provided.
static void canAppIdGetAttestation(CanAppIdGetAttestationOptions options,
BooleanCallback callback);
};
};