chromium/chrome/browser/ui/webui/connectors_internals/connectors_internals.mojom

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

module connectors_internals.mojom;

// Set of values to represent whether the key manager is supported and, if so,
// fully initialized or not.
enum KeyManagerInitializedValue {
  UNSUPPORTED = 0,
  KEY_LOADED = 1,
  NO_KEY = 2,
};

// Trust level of the signing key which is equivalent to the key provider type.
enum KeyTrustLevel {
  UNSPECIFIED = 0,
  HW = 1,
  OS = 2,
};

// Type of the signing key, equivalent to the algorithm used for its generation.
enum KeyType {
  UNKNOWN = 0,
  RSA = 1,
  EC = 2,
};

// Represents the possible permanent failures encountered in the key creation
// flow.
enum KeyManagerPermanentFailure {
  UNSPECIFIED = 0,
  CREATION_UPLOAD_CONFLICT = 1,
  INSUFFICIENT_PERMISSIONS = 2,
  OS_RESTRICTION = 3,
  INVALID_INSTALLATION = 4,
};

// Wrapper for an optional int32.
struct Int32Value {
  // The int32 value.
  int32 value;
};

union KeyUploadStatus {
  // HTTP response code of the sync key request.
  Int32Value sync_key_response_code;

  // Error message related to a client-side failure preventing the upload of a
  // key.
  string upload_client_error;
};

struct LoadedKeyInfo {
  // Loaded key's trust level (e.g. is it a TPM key or not).
  KeyTrustLevel trust_level;

  // Key's algorithm (e.g. RSA, EC).
  KeyType key_type;

  // Base64-encoded SHA-256 hash value for the loaded key's SPKI.
  string encoded_spki_hash;

  // Result of an attempt to upload the key. May be empty if the
  // key has not yet been uploaded.
  KeyUploadStatus? key_upload_status;
};

struct KeyInfo {
  // Whether the key manager has loaded a key successfully.
  KeyManagerInitializedValue is_key_manager_initialized;

  // Metadata about a key loaded by the key manager. Will only contain a value
  // if `is_key_manager_initialized` is `KEY_LOADED`.
  LoadedKeyInfo? loaded_key_info;

  // The permanent failure type, if any.
  KeyManagerPermanentFailure permanent_failure;
};

struct ConsentMetadata {
  // Whether signals can be collected based on the current user
  // and management context.
  bool can_collect_signals;

  // Whether the user has given explicit consent.
  bool consent_received;
};

struct DeviceTrustState {
  // Whether the connector is enabled or not.
  bool is_enabled;

  // Information around the levels the device trust connector is enabled for.
  array<string> policy_enabled_levels;

  // Information around the state of the device trust signing key.
  KeyInfo key_info;

  // Json string of the device signals.
  string signals_json;

  // Metadata around whether user consent is required for the given management
  // context, or if it was already given.
  ConsentMetadata? consent_metadata;
};

struct CertificateMetadata {
  // Hex-encoded certificate serial number's DER bytes.
  string serial_number;

  // Hex-encoded SHA-256 hash of the certificate's fingerprint.
  string fingerprint;

  // Creation date of the certificate.
  string creation_date_string;

  // Expiration date of the certificate.
  string expiration_date_string;

  // Display name of the certificate's subject.
  string subject_display_name;

  // Display name of the certificate's issuer.
  string issuer_display_name;
};

struct ClientIdentity {
  // Name of the identity.
  string identity_name;

  // Information about the identity's private key.
  LoadedKeyInfo? loaded_key_info;

  // Information about the identity's certificate.
  CertificateMetadata? certificate_metadata;
};

struct ClientCertificateState {
  // Information around the levels the client certificate provisioning policy
  // is enabled for.
  array<string> policy_enabled_levels;

  // Information about the current Profile's managed identity.
  ClientIdentity? managed_profile_identity;

  // Information about the browser's managed identity.
  ClientIdentity? managed_browser_identity;
};

// Browser interface for the page. Consists of calls for data and hooks for
// interactivity.
interface PageHandler {
  // Get state information about the Device Trust connector.
  GetDeviceTrustState() => (DeviceTrustState state);

  // Deletes the Device Trust key stored on the device. Will only work on
  // developer builds or early release channels.
  DeleteDeviceTrustKey() => ();

  // Get state information about managed client certificates.
  GetClientCertificateState() => (ClientCertificateState state);
};