chrome/common/extensions/api/enterprise_platform_keys.idl - platform/external/chromium_org - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Use the <code>chrome.enterprise.platformKeys</code> API to generate
 // hardware-backed keys and to install certificates for these keys. The
 // certificates will be available to the platform and can, for example, be used
 // for TLS authentication and network access.
 [platforms = ("chromeos")]
 namespace enterprise.platformKeys {
   [nocompile, noinline_doc] dictionary Token {
     // Uniquely identifies this <code>Token</code>.
     // <p>Static IDs are <code>"user"</code> and <code>"device"</code>,
     // referring to the platform's user-specific and the device-wide hardware
     // token, respectively. Any other tokens (with other identifiers) might be
     // returned by $(ref:enterprise.platformKeys.getTokens).</p>
     DOMString id;

     // Implements the WebCrypto's
     // <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">SubtleCrypto</a>
     // interface. The cryptographic operations, including key generation, are
     // hardware-backed.
     // <p>Only non-extractable RSASSA-PKCS1-V1_5 keys with
     // <code>modulusLength</code> up to 2048 can be generated. Each key can be
     // used for signing data at most once.</p>
     // <p>Keys generated on a specific <code>Token</code> cannot be used with
     // any other Tokens, nor can they be used with
     // <code>window.crypto.subtle</code>. Equally, <code>Key</code> objects
     // created with <code>window.crypto.subtle</code> cannot be used with this
     // interface.</p>
     [instanceOf = SubtleCrypto] object subtleCrypto;
   };

   // Invoked by <code>getTokens</code> with the list of available Tokens.
   // |tokens|: The list of available tokens.
   callback GetTokensCallback = void(Token[] tokens);

   // Callback to which the certificates are passed.
   // |certificates|: The list of certificates, each in DER encoding of a X.509
   //     certificate.
   callback GetCertificatesCallback = void(ArrayBuffer[] certificates);

   // Invoked by importCertificate or removeCertificate when the respective
   // operation is finished.
   callback DoneCallback = void();

   interface Functions {
     // Returns the available Tokens. In a regular user's session the list will
     // always contain the user's token with <code>id</code> <code>"user"</code>.
     // If a device-wide TPM token is available it will also contain the
     // device-wide token with <code>id</code> <code>"device"</code>. The
     // device-wide token will be the same for all sessions on this device
     // (device in the sense of e.g. a Chromebook).
     [nocompile] static void getTokens(GetTokensCallback callback);

     // Returns the list of all client certificates available from the given
     // token. Can be used to check for the existence and expiration of client
     // certificates that are usable for a certain authentication.
     // |tokenId|: The id of a Token returned by <code>getTokens</code>.
     // |callback|: Called back with the list of the available certificates.
     static void getCertificates(DOMString tokenId,
                                 GetCertificatesCallback callback);

     // Imports <code>certificate</code> to the given token if the certified key
     // is already stored in this token.
     // After a successful certification request, this function should be used to
     // store the obtained certificate and to make it available to the operating
     // system and browser for authentication.
     // |tokenId|: The id of a Token returned by <code>getTokens</code>.
     // |certificate|: The DER encoding of a X.509 certificate.
     // |callback|: Called back when this operation is finished.
     static void importCertificate(DOMString tokenId,
                                   ArrayBuffer certificate,
                                   optional DoneCallback callback);

     // Removes <code>certificate</code> from the given token if present.
     // Should be used to remove obsolete certificates so that they are not
     // considered during authentication and do not clutter the certificate
     // choice. Should be used to free storage in the certificate store.
     // |tokenId|: The id of a Token returned by <code>getTokens</code>.
     // |certificate|: The DER encoding of a X.509 certificate.
     // |callback|: Called back when this operation is finished.
     static void removeCertificate(DOMString tokenId,
                                   ArrayBuffer certificate,
                                   optional DoneCallback callback);
   };
 };
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Use the <code>chrome.enterprise.platformKeys</code> API to generate
	// hardware-backed keys and to install certificates for these keys. The
	// certificates will be available to the platform and can, for example, be used
	// for TLS authentication and network access.
	[platforms = ("chromeos")]
	namespace enterprise.platformKeys {
	[nocompile, noinline_doc] dictionary Token {
	// Uniquely identifies this <code>Token</code>.
	// <p>Static IDs are <code>"user"</code> and <code>"device"</code>,
	// referring to the platform's user-specific and the device-wide hardware
	// token, respectively. Any other tokens (with other identifiers) might be
	// returned by $(ref:enterprise.platformKeys.getTokens).</p>
	DOMString id;

	// Implements the WebCrypto's
	// <a href="http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface">SubtleCrypto</a>
	// interface. The cryptographic operations, including key generation, are
	// hardware-backed.
	// <p>Only non-extractable RSASSA-PKCS1-V1_5 keys with
	// <code>modulusLength</code> up to 2048 can be generated. Each key can be
	// used for signing data at most once.</p>
	// <p>Keys generated on a specific <code>Token</code> cannot be used with
	// any other Tokens, nor can they be used with
	// <code>window.crypto.subtle</code>. Equally, <code>Key</code> objects
	// created with <code>window.crypto.subtle</code> cannot be used with this
	// interface.</p>
	[instanceOf = SubtleCrypto] object subtleCrypto;
	};

	// Invoked by <code>getTokens</code> with the list of available Tokens.
	// \|tokens\|: The list of available tokens.
	callback GetTokensCallback = void(Token[] tokens);

	// Callback to which the certificates are passed.
	// \|certificates\|: The list of certificates, each in DER encoding of a X.509
	// certificate.
	callback GetCertificatesCallback = void(ArrayBuffer[] certificates);

	// Invoked by importCertificate or removeCertificate when the respective
	// operation is finished.
	callback DoneCallback = void();

	interface Functions {
	// Returns the available Tokens. In a regular user's session the list will
	// always contain the user's token with <code>id</code> <code>"user"</code>.
	// If a device-wide TPM token is available it will also contain the
	// device-wide token with <code>id</code> <code>"device"</code>. The
	// device-wide token will be the same for all sessions on this device
	// (device in the sense of e.g. a Chromebook).
	[nocompile] static void getTokens(GetTokensCallback callback);

	// Returns the list of all client certificates available from the given
	// token. Can be used to check for the existence and expiration of client
	// certificates that are usable for a certain authentication.
	// \|tokenId\|: The id of a Token returned by <code>getTokens</code>.
	// \|callback\|: Called back with the list of the available certificates.
	static void getCertificates(DOMString tokenId,
	GetCertificatesCallback callback);

	// Imports <code>certificate</code> to the given token if the certified key
	// is already stored in this token.
	// After a successful certification request, this function should be used to
	// store the obtained certificate and to make it available to the operating
	// system and browser for authentication.
	// \|tokenId\|: The id of a Token returned by <code>getTokens</code>.
	// \|certificate\|: The DER encoding of a X.509 certificate.
	// \|callback\|: Called back when this operation is finished.
	static void importCertificate(DOMString tokenId,
	ArrayBuffer certificate,
	optional DoneCallback callback);

	// Removes <code>certificate</code> from the given token if present.
	// Should be used to remove obsolete certificates so that they are not
	// considered during authentication and do not clutter the certificate
	// choice. Should be used to free storage in the certificate store.
	// \|tokenId\|: The id of a Token returned by <code>getTokens</code>.
	// \|certificate\|: The DER encoding of a X.509 certificate.
	// \|callback\|: Called back when this operation is finished.
	static void removeCertificate(DOMString tokenId,
	ArrayBuffer certificate,
	optional DoneCallback callback);
	};
	};