64 lines
3 KiB
Text
64 lines
3 KiB
Text
|
// Copyright 2014 The Chromium Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style license that can be
|
||
|
// found in the LICENSE file.
|
||
|
|
||
|
// <code>chrome.cryptotokenPrivate</code> API that provides hooks to Chrome to
|
||
|
// be used by cryptotoken component extension.
|
||
|
// <p>In the context of this API, an AppId is roughly an origin and is formally
|
||
|
// defined in
|
||
|
// <a href="https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.html">
|
||
|
// the FIDO spec</a></p>
|
||
|
namespace cryptotokenPrivate {
|
||
|
|
||
|
callback BooleanCallback = void(boolean result);
|
||
|
callback VoidCallback = void();
|
||
|
|
||
|
dictionary CanAppIdGetAttestationOptions {
|
||
|
// The AppId (see definition, above) that was used in the registration
|
||
|
// request and which has been authenticated by |canOriginAssertAppId|.
|
||
|
DOMString appId;
|
||
|
// The origin of the caller.
|
||
|
DOMString origin;
|
||
|
// Identifies the tab in which the registration is occuring so that any
|
||
|
// permissions prompt is correctly located.
|
||
|
long tabId;
|
||
|
};
|
||
|
|
||
|
interface Functions {
|
||
|
// Checks whether the origin is allowed to assert the appId, according to
|
||
|
// the same origin policy defined at
|
||
|
// http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/
|
||
|
// fido-appid-and-facets-ps-20141009.html
|
||
|
// |securityOrigin| is the origin as seen by the extension, and |appIdUrl|
|
||
|
// is the appId being asserted by the origin.
|
||
|
static void canOriginAssertAppId(DOMString securityOrigin,
|
||
|
DOMString appIdUrl,
|
||
|
BooleanCallback callback);
|
||
|
|
||
|
// Checks whether the given appId is specified in the
|
||
|
// SecurityKeyPermitAttestation policy. This causes a signal to be sent to
|
||
|
// the token that informs it that an individually-identifying attestation
|
||
|
// certificate may be used. Without that signal, the token is required to
|
||
|
// use its batch attestation certificate.
|
||
|
static void isAppIdHashInEnterpriseContext(ArrayBuffer appIdHash,
|
||
|
BooleanCallback callback);
|
||
|
|
||
|
// Checks whether the given appId may receive attestation data that
|
||
|
// identifies the token. If not, the attestation from the token must be
|
||
|
// substituted with a randomly generated certificate since webauthn and U2F
|
||
|
// require that some attestation be provided.
|
||
|
static void canAppIdGetAttestation(CanAppIdGetAttestationOptions options,
|
||
|
BooleanCallback callback);
|
||
|
|
||
|
// Increments the WebFeature::kU2FCryptotokenRegister UseCounter for the
|
||
|
// main frame associated with |tabId|.
|
||
|
static void recordRegisterRequest(long tabId, long frameId,
|
||
|
optional VoidCallback callback);
|
||
|
|
||
|
// Increments the WebFeature::kU2FCryptotokenSign UseCounter for the
|
||
|
// main frame associated with |tabId|.
|
||
|
static void recordSignRequest(long tabId, long frameId,
|
||
|
optional VoidCallback callback);
|
||
|
};
|
||
|
};
|