@wxt-dev/browser 0.0.327 → 0.0.328
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/src/gen/index.d.ts +43 -31
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@wxt-dev/browser",
|
|
3
3
|
"description": "Provides a cross-browser API for using extension APIs and types based on @types/chrome",
|
|
4
|
-
"version": "0.0.
|
|
4
|
+
"version": "0.0.328",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.mjs",
|
|
7
7
|
"types": "src/index.d.ts",
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"src"
|
|
20
20
|
],
|
|
21
21
|
"devDependencies": {
|
|
22
|
-
"@types/chrome": "0.0.
|
|
22
|
+
"@types/chrome": "0.0.328",
|
|
23
23
|
"fs-extra": "^11.3.0",
|
|
24
24
|
"nano-spawn": "^0.2.0",
|
|
25
25
|
"tsx": "4.19.4",
|
package/src/gen/index.d.ts
CHANGED
|
@@ -7815,73 +7815,80 @@ export namespace Browser {
|
|
|
7815
7815
|
export interface Match {
|
|
7816
7816
|
/** The DER encoding of a X.509 certificate. */
|
|
7817
7817
|
certificate: ArrayBuffer;
|
|
7818
|
-
/** The
|
|
7818
|
+
/** The KeyAlgorithm of the certified key. This contains algorithm parameters that are inherent to the key of the certificate (e.g. the key length). Other parameters like the hash function used by the sign function are not included. */
|
|
7819
7819
|
keyAlgorithm: KeyAlgorithm;
|
|
7820
7820
|
}
|
|
7821
7821
|
|
|
7822
|
-
export interface
|
|
7823
|
-
/** This field is a list of the types of certificates requested, sorted in order of the server's preference. Only certificates of a type contained in this list will be retrieved. If certificateTypes is the empty list, however, certificates of any type will be returned. */
|
|
7824
|
-
certificateTypes:
|
|
7822
|
+
export interface ClientCertificateRequest {
|
|
7823
|
+
/** This field is a list of the types of certificates requested, sorted in order of the server's preference. Only certificates of a type contained in this list will be retrieved. If `certificateTypes` is the empty list, however, certificates of any type will be returned. */
|
|
7824
|
+
certificateTypes: `${ClientCertificateType}`[];
|
|
7825
7825
|
/** List of distinguished names of certificate authorities allowed by the server. Each entry must be a DER-encoded X.509 DistinguishedName. */
|
|
7826
7826
|
certificateAuthorities: ArrayBuffer[];
|
|
7827
7827
|
}
|
|
7828
7828
|
|
|
7829
|
-
export
|
|
7829
|
+
export enum ClientCertificateType {
|
|
7830
|
+
ECDSA_SIGN = "ecdsaSign",
|
|
7831
|
+
RAS_SIGN = "rasSign",
|
|
7832
|
+
}
|
|
7833
|
+
|
|
7834
|
+
export interface SelectDetails {
|
|
7830
7835
|
/** Only certificates that match this request will be returned. */
|
|
7831
|
-
request:
|
|
7832
|
-
/**
|
|
7833
|
-
* Optional.
|
|
7834
|
-
* If given, the selectClientCertificates operates on this list. Otherwise, obtains the list of all certificates from the platform's certificate stores that are available to this extensions. Entries that the extension doesn't have permission for or which doesn't match the request, are removed.
|
|
7835
|
-
*/
|
|
7836
|
+
request: ClientCertificateRequest;
|
|
7837
|
+
/** If given, the `selectClientCertificates` operates on this list. Otherwise, obtains the list of all certificates from the platform's certificate stores that are available to this extensions. Entries that the extension doesn't have permission for or which doesn't match the request, are removed. */
|
|
7836
7838
|
clientCerts?: ArrayBuffer[] | undefined;
|
|
7837
7839
|
/** If true, the filtered list is presented to the user to manually select a certificate and thereby granting the extension access to the certificate(s) and key(s). Only the selected certificate(s) will be returned. If is false, the list is reduced to all certificates that the extension has been granted access to (automatically or manually). */
|
|
7838
7840
|
interactive: boolean;
|
|
7839
7841
|
}
|
|
7840
7842
|
|
|
7841
|
-
export interface
|
|
7843
|
+
export interface VerificationDetails {
|
|
7842
7844
|
/** Each chain entry must be the DER encoding of a X.509 certificate, the first entry must be the server certificate and each entry must certify the entry preceding it. */
|
|
7843
7845
|
serverCertificateChain: ArrayBuffer[];
|
|
7844
|
-
/** The hostname of the server to verify the certificate for, e.g. the server that presented the serverCertificateChain
|
|
7846
|
+
/** The hostname of the server to verify the certificate for, e.g. the server that presented the `serverCertificateChain`. */
|
|
7845
7847
|
hostname: string;
|
|
7846
7848
|
}
|
|
7847
7849
|
|
|
7848
|
-
export interface
|
|
7850
|
+
export interface VerificationResult {
|
|
7849
7851
|
/** The result of the trust verification: true if trust for the given verification details could be established and false if trust is rejected for any reason. */
|
|
7850
7852
|
trusted: boolean;
|
|
7851
7853
|
/**
|
|
7852
7854
|
* If the trust verification failed, this array contains the errors reported by the underlying network layer. Otherwise, this array is empty.
|
|
7855
|
+
*
|
|
7853
7856
|
* Note: This list is meant for debugging only and may not contain all relevant errors. The errors returned may change in future revisions of this API, and are not guaranteed to be forwards or backwards compatible.
|
|
7854
7857
|
*/
|
|
7855
7858
|
debug_errors: string[];
|
|
7856
7859
|
}
|
|
7857
7860
|
|
|
7858
7861
|
/**
|
|
7859
|
-
* This
|
|
7860
|
-
*
|
|
7862
|
+
* This method filters from a list of client certificates the ones that are known to the platform, match `request` and for which the extension has permission to access the certificate and its private key. If `interactive` is true, the user is presented a dialog where they can select from matching certificates and grant the extension access to the certificate. The selected/filtered client certificates will be passed to `callback`.
|
|
7863
|
+
*
|
|
7864
|
+
* Can return its result via Promise in Manifest V3 or later since Chrome 121.
|
|
7861
7865
|
*/
|
|
7866
|
+
export function selectClientCertificates(details: SelectDetails): Promise<Match[]>;
|
|
7862
7867
|
export function selectClientCertificates(
|
|
7863
|
-
details:
|
|
7868
|
+
details: SelectDetails,
|
|
7864
7869
|
callback: (matches: Match[]) => void,
|
|
7865
7870
|
): void;
|
|
7871
|
+
|
|
7866
7872
|
/**
|
|
7867
|
-
* Passes the key pair of certificate for usage with platformKeys.subtleCrypto to callback
|
|
7868
|
-
* @param certificate The certificate of a Match returned by selectClientCertificates.
|
|
7869
|
-
* @param parameters Determines signature/hash algorithm parameters additionally to the parameters fixed by the key itself. The same parameters are
|
|
7870
|
-
*
|
|
7871
|
-
*
|
|
7873
|
+
* Passes the key pair of `certificate` for usage with {@link platformKeys.subtleCrypto} to `callback`.
|
|
7874
|
+
* @param certificate The certificate of a {@link Match} returned by {@link selectClientCertificates}.
|
|
7875
|
+
* @param parameters Determines signature/hash algorithm parameters additionally to the parameters fixed by the key itself. The same parameters are accepted as by WebCrypto's importKey function, e.g. `RsaHashedImportParams` for a RSASSA-PKCS1-v1_5 key and `EcKeyImportParams` for EC key. Additionally for RSASSA-PKCS1-v1_5 keys, hashing algorithm name parameter can be specified with one of the following values: "none", "SHA-1", "SHA-256", "SHA-384", or "SHA-512", e.g. `{"hash": { "name": "none" } }`. The sign function will then apply PKCS#1 v1.5 padding but not hash the given data.
|
|
7876
|
+
*
|
|
7877
|
+
* Currently, this method only supports the "RSASSA-PKCS1-v1\_5" and "ECDSA" algorithms.
|
|
7872
7878
|
*/
|
|
7873
7879
|
export function getKeyPair(
|
|
7874
7880
|
certificate: ArrayBuffer,
|
|
7875
7881
|
parameters: { [key: string]: unknown },
|
|
7876
7882
|
callback: (publicKey: CryptoKey, privateKey: CryptoKey | null) => void,
|
|
7877
7883
|
): void;
|
|
7884
|
+
|
|
7878
7885
|
/**
|
|
7879
|
-
* Passes the key pair
|
|
7886
|
+
* Passes the key pair identified by `publicKeySpkiDer` for usage with {@link platformKeys.subtleCrypto} to `callback`.
|
|
7887
|
+
*
|
|
7880
7888
|
* @param publicKeySpkiDer A DER-encoded X.509 SubjectPublicKeyInfo, obtained e.g. by calling WebCrypto's exportKey function with format="spki".
|
|
7881
|
-
* @param parameters Provides signature and hash algorithm parameters, in addition to those fixed by the key itself. The same parameters are accepted as by WebCrypto's importKey function, e.g. RsaHashedImportParams for a RSASSA-PKCS1-
|
|
7882
|
-
*
|
|
7883
|
-
*
|
|
7884
|
-
* Optional parameter privateKey: Might be null if this extension does not have access to it.
|
|
7889
|
+
* @param parameters Provides signature and hash algorithm parameters, in addition to those fixed by the key itself. The same parameters are accepted as by WebCrypto's [importKey](https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-importKey) function, e.g. `RsaHashedImportParams` for a RSASSA-PKCS1-v1\_5 key. For RSASSA-PKCS1-v1\_5 keys, we need to also pass a "hash" parameter `{ "hash": { "name": string } }`. The "hash" parameter represents the name of the hashing algorithm to be used in the digest operation before a sign. It is possible to pass "none" as the hash name, in which case the sign function will apply PKCS#1 v1.5 padding and but not hash the given data.
|
|
7890
|
+
*
|
|
7891
|
+
* Currently, this method supports the "ECDSA" algorithm with named-curve P-256 and "RSASSA-PKCS1-v1\_5" algorithm with one of the hashing algorithms "none", "SHA-1", "SHA-256", "SHA-384", and "SHA-512".
|
|
7885
7892
|
* @since Chrome 85
|
|
7886
7893
|
*/
|
|
7887
7894
|
export function getKeyPairBySpki(
|
|
@@ -7889,14 +7896,19 @@ export namespace Browser {
|
|
|
7889
7896
|
parameters: { [key: string]: unknown },
|
|
7890
7897
|
callback: (publicKey: CryptoKey, privateKey: CryptoKey | null) => void,
|
|
7891
7898
|
): void;
|
|
7892
|
-
|
|
7893
|
-
|
|
7899
|
+
|
|
7900
|
+
/** An implementation of WebCrypto's SubtleCrypto that allows crypto operations on keys of client certificates that are available to this extension. */
|
|
7901
|
+
export function subtleCrypto(): SubtleCrypto | undefined;
|
|
7902
|
+
|
|
7894
7903
|
/**
|
|
7895
|
-
* Checks whether details.serverCertificateChain can be trusted for details.hostname according to the trust settings of the platform. Note: The actual behavior of the trust verification is not fully specified and might change in the future. The API implementation verifies certificate expiration, validates the certification path and checks trust by a known CA. The implementation is supposed to respect the EKU serverAuth and to support subject alternative names.
|
|
7904
|
+
* Checks whether `details.serverCertificateChain` can be trusted for `details.hostname` according to the trust settings of the platform. Note: The actual behavior of the trust verification is not fully specified and might change in the future. The API implementation verifies certificate expiration, validates the certification path and checks trust by a known CA. The implementation is supposed to respect the EKU serverAuth and to support subject alternative names.
|
|
7905
|
+
*
|
|
7906
|
+
* Can return its result via Promise in Manifest V3 or later since Chrome 121.
|
|
7896
7907
|
*/
|
|
7908
|
+
export function verifyTLSServerCertificate(details: VerificationDetails): Promise<VerificationResult>;
|
|
7897
7909
|
export function verifyTLSServerCertificate(
|
|
7898
|
-
details:
|
|
7899
|
-
callback: (result:
|
|
7910
|
+
details: VerificationDetails,
|
|
7911
|
+
callback: (result: VerificationResult) => void,
|
|
7900
7912
|
): void;
|
|
7901
7913
|
}
|
|
7902
7914
|
|