// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Internal API for platform keys and certificate management.
[ platforms = ("chromeos"),
  implemented_in = "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h" ]
namespace enterprise.platformKeysInternal {
  // Invoked by <code>getTokens</code>.
  // |tokenIds| The list of IDs of the avialable Tokens.
  callback GetTokensCallback = void(DOMString[] tokenIds);

  // Invoked by <code>generateKey</code>.
  // |publicKey| The Subject Public Key Info (see X.509) of the generated key
  //     in DER encoding.
  callback GenerateKeyCallback = void(ArrayBuffer publicKey);

  // Invoked by <code>sign</code>.
  // |signature| The signature, a octet string.
  callback SignCallback = void(ArrayBuffer signature);

  interface Functions {
    // Internal version of entrprise.platformKeys.getTokens. Returns a list of
    // token IDs instead of token objects.
    static void getTokens(GetTokensCallback callback);

    // Internal version of Token.generateKey, currently supporting only
    // RSASSA-PKCS1-v1_5.
    // |tokenId| The id of a Token returned by |getTokens|.
    // |modulusLength| The length, in bits, of the RSA modulus.
    // |callback| Called back with the Subject Public Key Info of the generated
    //     key.
    static void generateKey(DOMString tokenId,
                            long modulusLength,
                            GenerateKeyCallback callback);

    // Internal version of Token.sign.
    // |tokenId| The id of a Token returned by |getTokens|.
    // |publicKey| The Subject Public Key Info of a key previously generated by
    //     |generateKey| in DER encoding.
    // |hashAlgorithmName| The recognized algorithm name as specified by
    //     WebCrypto of the hash algorithm that will be used to digest |data|
    //     before signing. Currently supported are: SHA-{1,256,384,512}.
    //     TODO(pneubeck): use an enum once supported:
    //         http://www.crbug.com/385539 .
    // |data| The data to sign.
    // |callback| Called back with the signature of |data|.
    // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView),
    // or at least (ArrayBuffer or Uint8Array).
    static void sign(DOMString tokenId,
                     ArrayBuffer publicKey,
                     DOMString hashAlgorithmName,
                     ArrayBuffer data,
                     SignCallback callback);
  };
};