chrome/common/extensions/api/certificate_provider.idl - chromium/src - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Use this API to expose certificates to the platform which can use these
 // certificates for TLS authentications.
 namespace certificateProvider {
   enum Hash {
     MD5_SHA1,
     SHA1,
     SHA256,
     SHA384,
     SHA512
   };

   // The type of code being requested by the extension with requestPin function.
   enum PinRequestType {
     PIN,
     PUK
   };

   // The types of errors that can be presented to the user through the
   // requestPin function.
   enum PinRequestErrorType {
     INVALID_PIN,
     INVALID_PUK,
     MAX_ATTEMPTS_EXCEEDED,
     UNKNOWN_ERROR
   };

   [noinline_doc] dictionary CertificateInfo {
     // Must be the DER encoding of a X.509 certificate. Currently, only
     // certificates of RSA keys are supported.
     ArrayBuffer certificate;

     // Must be set to all hashes supported for this certificate. This extension
     // will only be asked for signatures of digests calculated with one of these
     // hash algorithms. This should be in order of decreasing hash preference.
     Hash[] supportedHashes;
   };

   [noinline_doc] dictionary SignRequest {
     // The unique ID to be used by the extension should it need to call a method
     // that requires it, e.g. requestPin.
     long signRequestId;

     // The digest that must be signed.
     ArrayBuffer digest;

     // Refers to the hash algorithm that was used to create <code>digest</code>.
     Hash hash;

     // The DER encoding of a X.509 certificate. The extension must sign
     // <code>digest</code> using the associated private key.
     ArrayBuffer certificate;
   };

   dictionary RequestPinDetails {
     // The ID given by Chrome in SignRequest.
     long signRequestId;

     // The type of code requested. Default is PIN.
     PinRequestType? requestType;

     // The error template displayed to the user. This should be set if the
     // previous request failed, to notify the user of the failure reason.
     PinRequestErrorType? errorType;

     // The number of attempts left. This is provided so that any UI can present
     // this information to the user. Chrome is not expected to enforce this,
     // instead stopPinRequest should be called by the extension with
     // errorType = MAX_ATTEMPTS_EXCEEDED when the number of pin requests is
     // exceeded.
     long? attemptsLeft;
   };

   dictionary StopPinRequestDetails {
     // The ID given by Chrome in SignRequest.
     long signRequestId;

     // The error template. If present it is displayed to user. Intended to
     // contain the reason for stopping the flow if it was caused by an error,
     // e.g. MAX_ATTEMPTS_EXCEEDED.
     PinRequestErrorType? errorType;
   };

   dictionary PinResponseDetails {
     // The code provided by the user. Empty if user closed the dialog or some
     // other error occurred.
     DOMString? userInput;
   };

   callback RequestPinCallback = void (optional PinResponseDetails details);

   callback StopPinRequestCallback = void ();

   // The callback provided by the extension that Chrome uses to report back
   // rejected certificates. See <code>CertificatesCallback</code>.
   callback ResultCallback = void (ArrayBuffer[] rejectedCertificates);

   // If no error occurred, this function must be called with the signature of
   // the digest using the private key of the requested certificate.
   // For an RSA key, the signature must be a PKCS#1 signature. The extension
   // is responsible for prepending the DigestInfo prefix and adding PKCS#1
   // padding. If an <code>MD5_SHA1</code> hash is to be signed, the extension
   // must not prepend a DigestInfo prefix but only add PKCS#1 padding.
   // If an error occurred, this callback should be called without signature.
   callback SignCallback = void (optional ArrayBuffer signature);

   // Call this exactly once with the list of certificates that this extension is
   // providing. The list must only contain certificates for which the extension
   // can sign data using the associated private key. If the list contains
   // invalid certificates, these will be ignored. All valid certificates are
   // still registered for the extension. Chrome will call back with the list of
   // rejected certificates, which might be empty.
   callback CertificatesCallback =
       void (CertificateInfo[] certificates, ResultCallback callback);

   interface Events {
     // This event fires every time the browser requests the current list of
     // certificates provided by this extension. The extension must call
     // <code>reportCallback</code> exactly once with the current list of
     // certificates.
     static void onCertificatesRequested(CertificatesCallback reportCallback);

     // This event fires every time the browser needs to sign a message using a
     // certificate provided by this extension in reply to an
     // $(ref:onCertificatesRequested) event.
     // The extension must sign the data in <code>request</code> using the
     // appropriate algorithm and private key and return it by calling
     // <code>reportCallback</code>. <code>reportCallback</code> must be called
     // exactly once.
     // |request|: Contains the details about the sign request.
     static void onSignDigestRequested(SignRequest request,
                                       SignCallback reportCallback);
   };

   interface Functions {
     // Requests the PIN from the user. Only one ongoing request at a time is
     // allowed. The requests issued while another flow is ongoing are rejected.
     // It's the extension's responsibility to try again later if another flow is
     // in progress.
     // |details|: Contains the details about the requested dialog.
     // |callback|: Is called when the dialog is resolved with the user input, or
     // when the dialog request finishes unsuccessfully (e.g. the dialog was
     // canceled by the user or was not allowed to be shown).
     static void requestPin(RequestPinDetails details,
                            RequestPinCallback callback);

     // Stops the pin request started by the $(ref:requestPin) function.
     // |details|: Contains the details about the reason for stopping the
     // request flow.
     // |callback|: To be used by Chrome to send to the extension the status from
     // their request to close PIN dialog for user.
     static void stopPinRequest(StopPinRequestDetails details,
                                StopPinRequestCallback callback);
   };
 };
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Use this API to expose certificates to the platform which can use these
	// certificates for TLS authentications.
	namespace certificateProvider {
	enum Hash {
	MD5_SHA1,
	SHA1,
	SHA256,
	SHA384,
	SHA512
	};

	// The type of code being requested by the extension with requestPin function.
	enum PinRequestType {
	PIN,
	PUK
	};

	// The types of errors that can be presented to the user through the
	// requestPin function.
	enum PinRequestErrorType {
	INVALID_PIN,
	INVALID_PUK,
	MAX_ATTEMPTS_EXCEEDED,
	UNKNOWN_ERROR
	};

	[noinline_doc] dictionary CertificateInfo {
	// Must be the DER encoding of a X.509 certificate. Currently, only
	// certificates of RSA keys are supported.
	ArrayBuffer certificate;

	// Must be set to all hashes supported for this certificate. This extension
	// will only be asked for signatures of digests calculated with one of these
	// hash algorithms. This should be in order of decreasing hash preference.
	Hash[] supportedHashes;
	};

	[noinline_doc] dictionary SignRequest {
	// The unique ID to be used by the extension should it need to call a method
	// that requires it, e.g. requestPin.
	long signRequestId;

	// The digest that must be signed.
	ArrayBuffer digest;

	// Refers to the hash algorithm that was used to create <code>digest</code>.
	Hash hash;

	// The DER encoding of a X.509 certificate. The extension must sign
	// <code>digest</code> using the associated private key.
	ArrayBuffer certificate;
	};

	dictionary RequestPinDetails {
	// The ID given by Chrome in SignRequest.
	long signRequestId;

	// The type of code requested. Default is PIN.
	PinRequestType? requestType;

	// The error template displayed to the user. This should be set if the
	// previous request failed, to notify the user of the failure reason.
	PinRequestErrorType? errorType;

	// The number of attempts left. This is provided so that any UI can present
	// this information to the user. Chrome is not expected to enforce this,
	// instead stopPinRequest should be called by the extension with
	// errorType = MAX_ATTEMPTS_EXCEEDED when the number of pin requests is
	// exceeded.
	long? attemptsLeft;
	};

	dictionary StopPinRequestDetails {
	// The ID given by Chrome in SignRequest.
	long signRequestId;

	// The error template. If present it is displayed to user. Intended to
	// contain the reason for stopping the flow if it was caused by an error,
	// e.g. MAX_ATTEMPTS_EXCEEDED.
	PinRequestErrorType? errorType;
	};

	dictionary PinResponseDetails {
	// The code provided by the user. Empty if user closed the dialog or some
	// other error occurred.
	DOMString? userInput;
	};

	callback RequestPinCallback = void (optional PinResponseDetails details);

	callback StopPinRequestCallback = void ();

	// The callback provided by the extension that Chrome uses to report back
	// rejected certificates. See <code>CertificatesCallback</code>.
	callback ResultCallback = void (ArrayBuffer[] rejectedCertificates);

	// If no error occurred, this function must be called with the signature of
	// the digest using the private key of the requested certificate.
	// For an RSA key, the signature must be a PKCS#1 signature. The extension
	// is responsible for prepending the DigestInfo prefix and adding PKCS#1
	// padding. If an <code>MD5_SHA1</code> hash is to be signed, the extension
	// must not prepend a DigestInfo prefix but only add PKCS#1 padding.
	// If an error occurred, this callback should be called without signature.
	callback SignCallback = void (optional ArrayBuffer signature);

	// Call this exactly once with the list of certificates that this extension is
	// providing. The list must only contain certificates for which the extension
	// can sign data using the associated private key. If the list contains
	// invalid certificates, these will be ignored. All valid certificates are
	// still registered for the extension. Chrome will call back with the list of
	// rejected certificates, which might be empty.
	callback CertificatesCallback =
	void (CertificateInfo[] certificates, ResultCallback callback);

	interface Events {
	// This event fires every time the browser requests the current list of
	// certificates provided by this extension. The extension must call
	// <code>reportCallback</code> exactly once with the current list of
	// certificates.
	static void onCertificatesRequested(CertificatesCallback reportCallback);

	// This event fires every time the browser needs to sign a message using a
	// certificate provided by this extension in reply to an
	// $(ref:onCertificatesRequested) event.
	// The extension must sign the data in <code>request</code> using the
	// appropriate algorithm and private key and return it by calling
	// <code>reportCallback</code>. <code>reportCallback</code> must be called
	// exactly once.
	// \|request\|: Contains the details about the sign request.
	static void onSignDigestRequested(SignRequest request,
	SignCallback reportCallback);
	};

	interface Functions {
	// Requests the PIN from the user. Only one ongoing request at a time is
	// allowed. The requests issued while another flow is ongoing are rejected.
	// It's the extension's responsibility to try again later if another flow is
	// in progress.
	// \|details\|: Contains the details about the requested dialog.
	// \|callback\|: Is called when the dialog is resolved with the user input, or
	// when the dialog request finishes unsuccessfully (e.g. the dialog was
	// canceled by the user or was not allowed to be shown).
	static void requestPin(RequestPinDetails details,
	RequestPinCallback callback);

	// Stops the pin request started by the $(ref:requestPin) function.
	// \|details\|: Contains the details about the reason for stopping the
	// request flow.
	// \|callback\|: To be used by Chrome to send to the extension the status from
	// their request to close PIN dialog for user.
	static void stopPinRequest(StopPinRequestDetails details,
	StopPinRequestCallback callback);
	};
	};