blob: 6015b9e91672c15ff36f0ea40df4e4dab47a9cec [file] [log] [blame]
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module crosapi.mojom;
import "mojo/public/mojom/base/time.mojom";
// Maps to the C++ enum CertProvisioningWorkerState from
// cert_provisioning_common.h .
[Stable, Extensible]
enum CertProvisioningProcessState {
[Default] kInitState = 0,
kKeypairGenerated = 1,
kStartCsrResponseReceived = 2,
kVaChallengeFinished = 3,
kKeyRegistered = 4,
kKeypairMarked = 5,
kSignCsrFinished = 6,
kFinishCsrResponseReceived = 7,
kSucceeded = 8,
// The states below should never be sent, but it's good for diagnostic
// purposes to be able to recognize them if it still happens.
kInconsistentDataError = 9,
kFailed = 10,
kCanceled = 11,
};
[Stable]
struct CertProvisioningBackendServerError {
// The time of the error.
mojo_base.mojom.Time time;
// The code of the error. For the meaning of the codes see the
// DeviceManagementStatus enum in cloud_policy_constants.h. The codes are
// guaranteed to be stable.
int32 status_code = 0;
};
[Stable]
struct CertProvisioningProcessStatus {
// ID of the certificate provisioning process from the policy.
string cert_profile_id@0;
// Human-readable certificate profile name (UTF-8).
string cert_profile_name@1;
// The DER-encoded X.509 SubjectPublicKeyInfo (SPKI).
array<uint8> public_key@2;
// The last time when the process changed its state. Time of failure for
// failed processes.
mojo_base.mojom.Time last_update_time@3;
// In case the device had problems connecting to the DMServer, this field will
// contain the time of the last attempt and the reason of failure.
CertProvisioningBackendServerError? last_backend_server_error@4;
// Contains the current state for currently active processes or the last
// non-failure state for failed ones.
CertProvisioningProcessState state@5 =
CertProvisioningProcessState.kInitState;
// Contains "false" if the process is still running, contains "true" if the
// process failed. Successfully finished processes are not returned.
bool did_fail@6 = false;
// Contains “true” if the process was initiated by
// RequiredClientCertificateForDevice policy, contains “false” if by
// RequiredClientCertificateForUser.
bool is_device_wide@7 = false;
// Describes the reason for failure in case a worker enters the failed state.
[MinVersion=1]
string? failure_message@8;
};
// This interface is implemented by classes that want to register themself as
// certificate provisioning observers and receive notifications when
// CertProvisioningProcessStatus of at least one process significantly changes.
[Stable, Uuid="33dcc3c5-f9f6-4d28-be35-119b8f499d88"]
interface CertProvisioningObserver {
// Ash calls this to notify the observer about a new change.
OnStateChanged@0();
};
// This interface provides methods to get information about the status of the
// certificate provisioning feature and control it.
// It is implemented by Ash-Chrome.
[Stable, Uuid="ff60efaf-bb5c-4aff-903f-72abcb613df6"]
interface CertProvisioning {
// Adds an observer that will be notified about updates from the certificate
// provisioning feature.
AddObserver@0(
pending_remote<CertProvisioningObserver> observer);
// Returns the information about all currently active and recently failed cert
// provisioning processes.
GetStatus@1() =>
(array<CertProvisioningProcessStatus> result);
// Instructs Ash to immediately attempt the next planned step in provisioning
// of the certificate with `cert_profile_id`. Specifically, if the process is
// waiting for a notification from the server-side, this will make Ash reach
// out to the server-side and check for the current status. Otherwise it might
// do nothing.
UpdateOneProcess@2(string cert_profile_id);
};