// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Mojo module supporting the Certificate Manager V2 WebUI.
module certificate_manager_v2.mojom;
// Summary information about a certificate.
struct SummaryCertInfo {
string sha256hash_hex;
// Human-readable name for the certificate. May be empty.
string display_name;
};
// Factory ensures that the Page and PageHandler interfaces are always created
// together without requiring an initialization call from the WebUI to the
// handler.
interface CertificateManagerPageHandlerFactory {
// Create both the CertificateManagerPage and CertificateManagerPageHandler
// at the same time.
CreateCertificateManagerPageHandler(
pending_remote<CertificateManagerPage> page,
pending_receiver<CertificateManagerPageHandler> handler);
};
enum CertificateSource {
// Note that the enum is defined to start from 1 so that if there is a bug in
// the typescript or html and it "helpfully" gets silently converted to a 0,
// it will cause a mojo message validation error rather than silently using
// the first source.
// Trusted certs from the Chrome Root Store.
kChromeRootStore=1,
// Client certificates from the platform store.
kPlatformClientCert,
// Trusted certs from enterprise policies.
kEnterpriseTrustedCerts,
// Intermediate certs from enterprise policies.
kEnterpriseIntermediateCerts,
// Distrusted certs from enterprise policies.
kEnterpriseDistrustedCerts,
// Trusted certs from platform (user-added).
kPlatformUserTrustedCerts,
// Intermediate certs from platform (user-added).
kPlatformUserIntermediateCerts,
// Distrusted certs from platform (user-added).
kPlatformUserDistrustedCerts,
// Enterprise provisioned client certificates. Only enabled on platforms
// where that feature is available.
[EnableIf=enable_provisioned_client_certs]
kProvisionedClientCert,
// Extension provided client certificates.
[EnableIf=is_chromeos]
kExtensionsClientCert,
};
struct CertManagementMetadata {
// If true, user-added certs are imported from the system.
bool include_system_trust_store;
// Number of user-added certs that could be imported from the system.
uint8 num_user_added_system_certs;
// If true, an enterprise policy controls whether user-added certs are
// imported from the system.
bool is_include_system_trust_store_managed;
// Number of certificates added via enterprise policy.
uint8 num_policy_certs;
};
union ImportResult {
// If present, the import failed and will contain an error message about why.
string error;
// TODO(crbug.com/40928765): add message for successful import. (On
// successful import the certificate list should be refreshed to show the
// newly imported certificate.)
};
// Calls from TS -> C++ (Renderer -> Browser).
interface CertificateManagerPageHandler {
// Get the list of certificates from a given source.
GetCertificates(CertificateSource source) => (array<SummaryCertInfo> certs);
// Get Certificate verification metadata (e.g. enterprise policies)
GetCertManagementMetadata() => (CertManagementMetadata metadata);
// Open the view certificate dialog for a specific certificate.
ViewCertificate(CertificateSource source, string sha256_hash_hex);
// Export all the certificates from a given source.
ExportCertificates(CertificateSource source);
// Begin a certificate import process for the specified source. Will display
// a file picker and import the chosen file. The result will indicate whether
// there was an error and/or whether the certificate list should be refreshed
// as a result of the import. The result may be null if no result needs to be
// displayed, for example if the import was cancelled or if it was ignored
// because an import operation was already in progress.
// The name is a little misleading as in the case of client certificates it
// actually imports both a certificate and a private key.
ImportCertificate(CertificateSource source) => (ImportResult? result);
// Show the platform's native certificate management UI.
[EnableIf=native_cert_management]
ShowNativeManageCertificates();
};
// Calls from C++ -> TS (Browser -> Renderer).
interface CertificateManagerPage {
// Show dialog prompting user to enter a password to import a file.
AskForImportPassword() => (string? password);
};