chromium/ui/webui/resources/cr_components/certificate_manager/certificate_manager_v2.mojom

// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Mojo module supporting the Certificate Manager V2 WebUI.
module certificate_manager_v2.mojom;

// Summary information about a certificate.
struct SummaryCertInfo {
  string sha256hash_hex;
  // Human-readable name for the certificate. May be empty.
  string display_name;
};

// Factory ensures that the Page and PageHandler interfaces are always created
// together without requiring an initialization call from the WebUI to the
// handler.
interface CertificateManagerPageHandlerFactory {
  // Create both the CertificateManagerPage and CertificateManagerPageHandler
  // at the same time.
  CreateCertificateManagerPageHandler(
    pending_remote<CertificateManagerPage> page,
    pending_receiver<CertificateManagerPageHandler> handler);
};

enum CertificateSource {
  // Note that the enum is defined to start from 1 so that if there is a bug in
  // the typescript or html and it "helpfully" gets silently converted to a 0,
  // it will cause a mojo message validation error rather than silently using
  // the first source.

  // Trusted certs from the Chrome Root Store.
  kChromeRootStore=1,

  // Client certificates from the platform store.
  kPlatformClientCert,

  // Trusted certs from enterprise policies.
  kEnterpriseTrustedCerts,

  // Intermediate certs from enterprise policies.
  kEnterpriseIntermediateCerts,

  // Distrusted certs from enterprise policies.
  kEnterpriseDistrustedCerts,

  // Trusted certs from platform (user-added).
  kPlatformUserTrustedCerts,

  // Intermediate certs from platform (user-added).
  kPlatformUserIntermediateCerts,

  // Distrusted certs from platform (user-added).
  kPlatformUserDistrustedCerts,

  // Enterprise provisioned client certificates. Only enabled on platforms
  // where that feature is available.
  [EnableIf=enable_provisioned_client_certs]
  kProvisionedClientCert,

  // Extension provided client certificates.
  [EnableIf=is_chromeos]
  kExtensionsClientCert,
};

struct CertManagementMetadata {
  // If true, user-added certs are imported from the system.
  bool include_system_trust_store;

  // Number of user-added certs that could be imported from the system.
  uint8 num_user_added_system_certs;

  // If true, an enterprise policy controls whether user-added certs are
  // imported from the system.
  bool is_include_system_trust_store_managed;

  // Number of certificates added via enterprise policy.
  uint8 num_policy_certs;
};

union ImportResult {
  // If present, the import failed and will contain an error message about why.
  string error;

  // TODO(crbug.com/40928765): add message for successful import. (On
  // successful import the certificate list should be refreshed to show the
  // newly imported certificate.)
};

// Calls from TS -> C++  (Renderer -> Browser).
interface CertificateManagerPageHandler {
  // Get the list of certificates from a given source.
  GetCertificates(CertificateSource source) => (array<SummaryCertInfo> certs);

  // Get Certificate verification metadata (e.g. enterprise policies)
  GetCertManagementMetadata() => (CertManagementMetadata metadata);

  // Open the view certificate dialog for a specific certificate.
  ViewCertificate(CertificateSource source, string sha256_hash_hex);

  // Export all the certificates from a given source.
  ExportCertificates(CertificateSource source);

  // Begin a certificate import process for the specified source. Will display
  // a file picker and import the chosen file. The result will indicate whether
  // there was an error and/or whether the certificate list should be refreshed
  // as a result of the import. The result may be null if no result needs to be
  // displayed, for example if the import was cancelled or if it was ignored
  // because an import operation was already in progress.
  // The name is a little misleading as in the case of client certificates it
  // actually imports both a certificate and a private key.
  ImportCertificate(CertificateSource source) => (ImportResult? result);

  // Show the platform's native certificate management UI.
  [EnableIf=native_cert_management]
  ShowNativeManageCertificates();

};

// Calls from C++ -> TS (Browser -> Renderer).
interface CertificateManagerPage {
  // Show dialog prompting user to enter a password to import a file.
  AskForImportPassword() => (string? password);
};