// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module crosapi.mojom;
import "services/network/public/mojom/network_param.mojom";
[Stable]
struct GetCertDatabaseInfoResult {
// Deprecated on 10/2021. Use `user_nss_database` from
// crosapi.BrowserInitParams instead.
// TODO(b/191958831): Delete the field when possible.
[RenamedFrom="software_nss_db_path"]
string DEPRECATED_software_nss_db_path@0;
bool should_load_chaps@1;
[MinVersion=1]
uint32 private_slot_id@2;
[MinVersion=1]
bool enable_system_slot@3;
[MinVersion=1]
uint32 system_slot_id@4;
};
[Stable]
struct CertInfo {
// Certificates are very complex, and different versions of Ash and Lacros
// may catch different invalid inputs. Because of that, we send DER-enconded
// certificates to make it explicit that a well-behaved sender may send an
// arbitrary byte string that doesn't necessarily parse with
// net::X509Certificate.
// Details: https://crrev.com/c/3827793/comments/45af4f77_d034b465.
array<uint8> cert@0;
// Supported algorithm numbers come from TLS. They are stable and are stored
// there as 16-bit integer.
array<uint16> supported_algorithms@1;
};
[Stable, Extensible]
enum CertDatabaseChangeType {
[Default] kUnknown,
kTrustStore,
kClientCertStore,
};
// This interface is implemented by Lacros-Chrome.
[Stable, Uuid="e48d9c66-98b4-4049-9b85-dc98c854d54c"]
interface AshCertDatabaseObserver {
// Ash calls this to notify Lacros about new changes to certificates.
OnCertsChangedInAsh@0([MinVersion=1] CertDatabaseChangeType change_type);
};
// This interface is implemented by Ash-Chrome.
[Stable, Uuid="e7f924bf-0e10-4aef-98d3-6e2f216dc914"]
interface CertDatabase {
// Waits until Ash-Chrome finishes certificate database initialization and
// returns necessary data for Lacros-Chrome to connect to it.
[MinVersion=1]
GetCertDatabaseInfo@0() => (GetCertDatabaseInfoResult? result);
// Lacros calls this to notify Ash about new changes to certificates.
[MinVersion=2]
OnCertsChangedInLacros@1([MinVersion=4] CertDatabaseChangeType change_type);
// Adds a new observer about certificate changes in Ash. The interface is not
// symmetrical because Lacros can assume that Ash always exists, but not the
// other way around.
[MinVersion=2]
AddAshCertDatabaseObserver@2(
pending_remote<AshCertDatabaseObserver> observer);
// Lacros calls this to notify Ash about new changes to certificates
// provided by extension.
[MinVersion=3]
SetCertsProvidedByExtension@3(
string extension_id,
array<CertInfo> cert_infos
);
// Lacros calls this to notify Ash about a new PKCS#12 file that was
// dual-written into NSS software slot and Chaps.
[MinVersion=5]
OnPkcs12CertDualWritten@4();
};
Codebase Browser
chromium