// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module connectors_internals.mojom;
// Set of values to represent whether the key manager is supported and, if so,
// fully initialized or not.
enum KeyManagerInitializedValue {
UNSUPPORTED = 0,
KEY_LOADED = 1,
NO_KEY = 2,
};
// Trust level of the signing key which is equivalent to the key provider type.
enum KeyTrustLevel {
UNSPECIFIED = 0,
HW = 1,
OS = 2,
};
// Type of the signing key, equivalent to the algorithm used for its generation.
enum KeyType {
UNKNOWN = 0,
RSA = 1,
EC = 2,
};
// Represents the possible permanent failures encountered in the key creation
// flow.
enum KeyManagerPermanentFailure {
UNSPECIFIED = 0,
CREATION_UPLOAD_CONFLICT = 1,
INSUFFICIENT_PERMISSIONS = 2,
OS_RESTRICTION = 3,
INVALID_INSTALLATION = 4,
};
// Wrapper for an optional int32.
struct Int32Value {
// The int32 value.
int32 value;
};
union KeyUploadStatus {
// HTTP response code of the sync key request.
Int32Value sync_key_response_code;
// Error message related to a client-side failure preventing the upload of a
// key.
string upload_client_error;
};
struct LoadedKeyInfo {
// Loaded key's trust level (e.g. is it a TPM key or not).
KeyTrustLevel trust_level;
// Key's algorithm (e.g. RSA, EC).
KeyType key_type;
// Base64-encoded SHA-256 hash value for the loaded key's SPKI.
string encoded_spki_hash;
// Result of an attempt to upload the key. May be empty if the
// key has not yet been uploaded.
KeyUploadStatus? key_upload_status;
};
struct KeyInfo {
// Whether the key manager has loaded a key successfully.
KeyManagerInitializedValue is_key_manager_initialized;
// Metadata about a key loaded by the key manager. Will only contain a value
// if `is_key_manager_initialized` is `KEY_LOADED`.
LoadedKeyInfo? loaded_key_info;
// The permanent failure type, if any.
KeyManagerPermanentFailure permanent_failure;
};
struct ConsentMetadata {
// Whether signals can be collected based on the current user
// and management context.
bool can_collect_signals;
// Whether the user has given explicit consent.
bool consent_received;
};
struct DeviceTrustState {
// Whether the connector is enabled or not.
bool is_enabled;
// Information around the levels the device trust connector is enabled for.
array<string> policy_enabled_levels;
// Information around the state of the device trust signing key.
KeyInfo key_info;
// Json string of the device signals.
string signals_json;
// Metadata around whether user consent is required for the given management
// context, or if it was already given.
ConsentMetadata? consent_metadata;
};
struct CertificateMetadata {
// Hex-encoded certificate serial number's DER bytes.
string serial_number;
// Hex-encoded SHA-256 hash of the certificate's fingerprint.
string fingerprint;
// Creation date of the certificate.
string creation_date_string;
// Expiration date of the certificate.
string expiration_date_string;
// Display name of the certificate's subject.
string subject_display_name;
// Display name of the certificate's issuer.
string issuer_display_name;
};
struct ClientIdentity {
// Name of the identity.
string identity_name;
// Information about the identity's private key.
LoadedKeyInfo? loaded_key_info;
// Information about the identity's certificate.
CertificateMetadata? certificate_metadata;
};
struct ClientCertificateState {
// Information around the levels the client certificate provisioning policy
// is enabled for.
array<string> policy_enabled_levels;
// Information about the current Profile's managed identity.
ClientIdentity? managed_profile_identity;
// Information about the browser's managed identity.
ClientIdentity? managed_browser_identity;
};
// Browser interface for the page. Consists of calls for data and hooks for
// interactivity.
interface PageHandler {
// Get state information about the Device Trust connector.
GetDeviceTrustState() => (DeviceTrustState state);
// Deletes the Device Trust key stored on the device. Will only work on
// developer builds or early release channels.
DeleteDeviceTrustKey() => ();
// Get state information about managed client certificates.
GetClientCertificateState() => (ClientCertificateState state);
};