64 lines
		
	
	
	
		
			3 KiB
			
		
	
	
	
		
			Text
		
	
	
	
	
	
		
		
			
		
	
	
			64 lines
		
	
	
	
		
			3 KiB
			
		
	
	
	
		
			Text
		
	
	
	
	
	
|   | // Copyright 2014 The Chromium Authors. All rights reserved. | ||
|  | // Use of this source code is governed by a BSD-style license that can be | ||
|  | // found in the LICENSE file. | ||
|  | 
 | ||
|  | // <code>chrome.cryptotokenPrivate</code> API that provides hooks to Chrome to | ||
|  | // be used by cryptotoken component extension. | ||
|  | // <p>In the context of this API, an AppId is roughly an origin and is formally | ||
|  | // defined in | ||
|  | // <a href="https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.html"> | ||
|  | // the FIDO spec</a></p> | ||
|  | namespace cryptotokenPrivate { | ||
|  | 
 | ||
|  |   callback BooleanCallback = void(boolean result); | ||
|  |   callback VoidCallback = void(); | ||
|  | 
 | ||
|  |   dictionary CanAppIdGetAttestationOptions { | ||
|  |     // The AppId (see definition, above) that was used in the registration | ||
|  |     // request and which has been authenticated by |canOriginAssertAppId|. | ||
|  |     DOMString appId; | ||
|  |     // The origin of the caller. | ||
|  |     DOMString origin; | ||
|  |     // Identifies the tab in which the registration is occuring so that any | ||
|  |     // permissions prompt is correctly located. | ||
|  |     long tabId; | ||
|  |   }; | ||
|  | 
 | ||
|  |   interface Functions { | ||
|  |     // Checks whether the origin is allowed to assert the appId, according to | ||
|  |     // the same origin policy defined at | ||
|  |     // http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/ | ||
|  |     //     fido-appid-and-facets-ps-20141009.html | ||
|  |     // |securityOrigin| is the origin as seen by the extension, and |appIdUrl| | ||
|  |     // is the appId being asserted by the origin. | ||
|  |     static void canOriginAssertAppId(DOMString securityOrigin, | ||
|  |                                      DOMString appIdUrl, | ||
|  |                                      BooleanCallback callback); | ||
|  | 
 | ||
|  |     // Checks whether the given appId is specified in the | ||
|  |     // SecurityKeyPermitAttestation policy. This causes a signal to be sent to | ||
|  |     // the token that informs it that an individually-identifying attestation | ||
|  |     // certificate may be used. Without that signal, the token is required to | ||
|  |     // use its batch attestation certificate. | ||
|  |     static void isAppIdHashInEnterpriseContext(ArrayBuffer appIdHash, | ||
|  |                                                BooleanCallback callback); | ||
|  | 
 | ||
|  |     // Checks whether the given appId may receive attestation data that | ||
|  |     // identifies the token. If not, the attestation from the token must be | ||
|  |     // substituted with a randomly generated certificate since webauthn and U2F | ||
|  |     // require that some attestation be provided. | ||
|  |     static void canAppIdGetAttestation(CanAppIdGetAttestationOptions options, | ||
|  |                                        BooleanCallback callback); | ||
|  | 
 | ||
|  |     // Increments the WebFeature::kU2FCryptotokenRegister UseCounter for the | ||
|  |     // main frame associated with |tabId|. | ||
|  |     static void recordRegisterRequest(long tabId, long frameId, | ||
|  |                                       optional VoidCallback callback); | ||
|  | 
 | ||
|  |     // Increments the WebFeature::kU2FCryptotokenSign UseCounter for the | ||
|  |     // main frame associated with |tabId|. | ||
|  |     static void recordSignRequest(long tabId, long frameId, | ||
|  |                                   optional VoidCallback callback); | ||
|  |   }; | ||
|  | }; |