chrome-types 0.1.154 → 0.1.156

package/_all.d.ts

@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-// Generated on Tue Dec 13 2022 22:30:27 GMT+0000 (Coordinated Universal Time)
-// Built at b5f497b891fee3e82a12b18530e5f27a78db9399
+// Generated on Thu Dec 22 2022 22:27:41 GMT+0000 (Coordinated Universal Time)
+// Built at 12d52ff24d056467f2e20300c60e3a0db1038604
 
 // Includes all types, including MV2 + Platform Apps APIs.
 
@@ -12478,6 +12478,52 @@ declare namespace chrome {
       softwareBackedSubtleCrypto: SubtleCrypto;
     }
 
+    /**
+     * Whether to use the Enterprise User Key or the Enterprise Machine Key.
+     *
+     * @since Pending
+     */
+    export type Scope = "USER" | "MACHINE";
+
+    /**
+     * Type of key to generate.
+     *
+     * @since Pending
+     */
+    export type Algorithm = "RSA" | "ECDSA";
+
+    /**
+     * @since Pending
+     */
+    export interface RegisterKeyOptions {
+
+      /**
+       * Which algorithm the registered key should use.
+       */
+      algorithm: Algorithm;
+    }
+
+    /**
+     * @since Pending
+     */
+    export interface ChallengeKeyOptions {
+
+      /**
+       * A challenge as emitted by the Verified Access Web API.
+       */
+      challenge: ArrayBuffer;
+
+      /**
+       * If present, registers the challenged key with the specified `scope`'s token. The key can then be associated with a certificate and used like any other signing key. Subsequent calls to this function will then generate a new Enterprise Key in the specified `scope`.
+       */
+      registerKey?: RegisterKeyOptions;
+
+      /**
+       * Which Enterprise Key to challenge.
+       */
+      scope: Scope;
+    }
+
     /**
      * Returns the available Tokens. In a regular user's session the list will always contain the user's token with `id` `"user"`. If a system-wide TPM token is available, the returned list will also contain the system-wide token with `id` `"system"`. The system-wide token will be the same for all sessions on this device (device in the sense of e.g. a Chromebook).
      *
@@ -12543,12 +12589,36 @@ declare namespace chrome {
       callback?: () => void,
     ): void;
 
+    /**
+     * Similar to `challengeMachineKey` and `challengeUserKey`, but allows specifying the algorithm of a registered key. Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses.
+     *
+     * A successful verification by the Verified Access Web API is a strong signal that the current device is a legitimate Chrome OS device, the current device is managed by the domain specified during verification, the current signed-in user is managed by the domain specified during verification, and the current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. Any device identity emitted by the verification is tightly bound to the hardware of the current device. If `"user"` Scope is specified, the identity is also tighly bound to the current signed-in user.
+     *
+     * This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The challenged key does not reside in the `"system"` or `"user"` token and is not accessible by any other API.
+     *
+     * @param options Object containing the fields defined in {@link ChallengeKeyOptions}.
+     * @param callback Called back with the challenge response.
+     * @since Pending
+     */
+    export function challengeKey(
+
+      options: ChallengeKeyOptions,
+
+      /**
+       * @param response The challenge response.
+       */
+      callback: (
+        response: ArrayBuffer,
+      ) => void,
+    ): void;
+
     /**
      * Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses. A successful verification by the Verified Access Web API is a strong signal of all of the following: \* The current device is a legitimate Chrome OS device. \* The current device is managed by the domain specified during verification. \* The current signed-in user is managed by the domain specified during verification. \* The current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. \* Any device identity emitted by the verification is tightly bound to the hardware of the current device. This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The Enterprise Machine Key does not reside in the `"system"` token and is not accessible by any other API.
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise Machine Key is registered with the `"system"` token and relinquishes the Enterprise Machine Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise Machine Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -12573,6 +12643,7 @@ declare namespace chrome {
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -12593,6 +12664,7 @@ declare namespace chrome {
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise User Key is registered with the `"user"` token and relinquishes the Enterprise User Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise User Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeUserKey(
@@ -32726,7 +32798,7 @@ declare namespace chrome {
      *
      * Remote desktop extensions typically call this method after detecting attachment of a remote session to this host. Once this method returns without error, regular processing of WebAuthn requests is suspended, and events from this extension API are raised.
      *
-     * This method fails with an error if a different extension is already attached or if the extension has not subscribed to all of the events defined in this API.
+     * This method fails with an error if a different extension is already attached.
      *
      * The attached extension must call \`detach()\` once the remote desktop session has ended in order to resume regular WebAuthn request processing. Extensions automatically become detached if they are unloaded.
      *
@@ -32739,7 +32811,7 @@ declare namespace chrome {
      *
      * Remote desktop extensions typically call this method after detecting attachment of a remote session to this host. Once this method returns without error, regular processing of WebAuthn requests is suspended, and events from this extension API are raised.
      *
-     * This method fails with an error if a different extension is already attached or if the extension has not subscribed to all of the events defined in this API.
+     * This method fails with an error if a different extension is already attached.
      *
      * The attached extension must call \`detach()\` once the remote desktop session has ended in order to resume regular WebAuthn request processing. Extensions automatically become detached if they are unloaded.
      *
@@ -32755,7 +32827,7 @@ declare namespace chrome {
     /**
      * Removes this extension from being the active Web Authentication API request proxy.
      *
-     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns without error, regular processing of WebAuthn requests continues.
+     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns, the extension ceases to be the active Web Authentication API request proxy.
      *
      * Refer to the `onRemoteSessionStateChange` event for signaling a change of remote session attachment from a native application to to the (possibly suspended) extension.
      */
@@ -32764,7 +32836,7 @@ declare namespace chrome {
     /**
      * Removes this extension from being the active Web Authentication API request proxy.
      *
-     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns without error, regular processing of WebAuthn requests continues.
+     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns, the extension ceases to be the active Web Authentication API request proxy.
      *
      * Refer to the `onRemoteSessionStateChange` event for signaling a change of remote session attachment from a native application to to the (possibly suspended) extension.
      */

package/index.d.ts

@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-// Generated on Tue Dec 13 2022 22:30:21 GMT+0000 (Coordinated Universal Time)
-// Built at b5f497b891fee3e82a12b18530e5f27a78db9399
+// Generated on Thu Dec 22 2022 22:27:36 GMT+0000 (Coordinated Universal Time)
+// Built at 12d52ff24d056467f2e20300c60e3a0db1038604
 
 // Includes MV3+ APIs only.
 
@@ -8664,6 +8664,52 @@ declare namespace chrome {
       softwareBackedSubtleCrypto: SubtleCrypto;
     }
 
+    /**
+     * Whether to use the Enterprise User Key or the Enterprise Machine Key.
+     *
+     * @since Pending
+     */
+    export type Scope = "USER" | "MACHINE";
+
+    /**
+     * Type of key to generate.
+     *
+     * @since Pending
+     */
+    export type Algorithm = "RSA" | "ECDSA";
+
+    /**
+     * @since Pending
+     */
+    export interface RegisterKeyOptions {
+
+      /**
+       * Which algorithm the registered key should use.
+       */
+      algorithm: Algorithm;
+    }
+
+    /**
+     * @since Pending
+     */
+    export interface ChallengeKeyOptions {
+
+      /**
+       * A challenge as emitted by the Verified Access Web API.
+       */
+      challenge: ArrayBuffer;
+
+      /**
+       * If present, registers the challenged key with the specified `scope`'s token. The key can then be associated with a certificate and used like any other signing key. Subsequent calls to this function will then generate a new Enterprise Key in the specified `scope`.
+       */
+      registerKey?: RegisterKeyOptions;
+
+      /**
+       * Which Enterprise Key to challenge.
+       */
+      scope: Scope;
+    }
+
     /**
      * Returns the available Tokens. In a regular user's session the list will always contain the user's token with `id` `"user"`. If a system-wide TPM token is available, the returned list will also contain the system-wide token with `id` `"system"`. The system-wide token will be the same for all sessions on this device (device in the sense of e.g. a Chromebook).
      *
@@ -8729,12 +8775,36 @@ declare namespace chrome {
       callback?: () => void,
     ): void;
 
+    /**
+     * Similar to `challengeMachineKey` and `challengeUserKey`, but allows specifying the algorithm of a registered key. Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses.
+     *
+     * A successful verification by the Verified Access Web API is a strong signal that the current device is a legitimate Chrome OS device, the current device is managed by the domain specified during verification, the current signed-in user is managed by the domain specified during verification, and the current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. Any device identity emitted by the verification is tightly bound to the hardware of the current device. If `"user"` Scope is specified, the identity is also tighly bound to the current signed-in user.
+     *
+     * This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The challenged key does not reside in the `"system"` or `"user"` token and is not accessible by any other API.
+     *
+     * @param options Object containing the fields defined in {@link ChallengeKeyOptions}.
+     * @param callback Called back with the challenge response.
+     * @since Pending
+     */
+    export function challengeKey(
+
+      options: ChallengeKeyOptions,
+
+      /**
+       * @param response The challenge response.
+       */
+      callback: (
+        response: ArrayBuffer,
+      ) => void,
+    ): void;
+
     /**
      * Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses. A successful verification by the Verified Access Web API is a strong signal of all of the following: \* The current device is a legitimate Chrome OS device. \* The current device is managed by the domain specified during verification. \* The current signed-in user is managed by the domain specified during verification. \* The current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. \* Any device identity emitted by the verification is tightly bound to the hardware of the current device. This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The Enterprise Machine Key does not reside in the `"system"` token and is not accessible by any other API.
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise Machine Key is registered with the `"system"` token and relinquishes the Enterprise Machine Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise Machine Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -8759,6 +8829,7 @@ declare namespace chrome {
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -8779,6 +8850,7 @@ declare namespace chrome {
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise User Key is registered with the `"user"` token and relinquishes the Enterprise User Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise User Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeUserKey(
@@ -25934,7 +26006,7 @@ declare namespace chrome {
      *
      * Remote desktop extensions typically call this method after detecting attachment of a remote session to this host. Once this method returns without error, regular processing of WebAuthn requests is suspended, and events from this extension API are raised.
      *
-     * This method fails with an error if a different extension is already attached or if the extension has not subscribed to all of the events defined in this API.
+     * This method fails with an error if a different extension is already attached.
      *
      * The attached extension must call \`detach()\` once the remote desktop session has ended in order to resume regular WebAuthn request processing. Extensions automatically become detached if they are unloaded.
      *
@@ -25947,7 +26019,7 @@ declare namespace chrome {
      *
      * Remote desktop extensions typically call this method after detecting attachment of a remote session to this host. Once this method returns without error, regular processing of WebAuthn requests is suspended, and events from this extension API are raised.
      *
-     * This method fails with an error if a different extension is already attached or if the extension has not subscribed to all of the events defined in this API.
+     * This method fails with an error if a different extension is already attached.
      *
      * The attached extension must call \`detach()\` once the remote desktop session has ended in order to resume regular WebAuthn request processing. Extensions automatically become detached if they are unloaded.
      *
@@ -25963,7 +26035,7 @@ declare namespace chrome {
     /**
      * Removes this extension from being the active Web Authentication API request proxy.
      *
-     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns without error, regular processing of WebAuthn requests continues.
+     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns, the extension ceases to be the active Web Authentication API request proxy.
      *
      * Refer to the `onRemoteSessionStateChange` event for signaling a change of remote session attachment from a native application to to the (possibly suspended) extension.
      */
@@ -25972,7 +26044,7 @@ declare namespace chrome {
     /**
      * Removes this extension from being the active Web Authentication API request proxy.
      *
-     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns without error, regular processing of WebAuthn requests continues.
+     * This method is typically called when the extension detects that a remote desktop session was terminated. Once this method returns, the extension ceases to be the active Web Authentication API request proxy.
      *
      * Refer to the `onRemoteSessionStateChange` event for signaling a change of remote session attachment from a native application to to the (possibly suspended) extension.
      */

package/package.json

@@ -5,7 +5,7 @@
   "type": "module",
   "name": "chrome-types",
   "config": {
-    "build-hash": "587bd55b764a59f1"
+    "build-hash": "743591dce8b00784"
   },
   "repository": {
     "type": "git",
@@ -16,5 +16,5 @@
     "url": "https://github.com/GoogleChrome/chrome-types/issues"
   },
   "homepage": "https://github.com/GoogleChrome/chrome-types",
-  "version": "0.1.154"
+  "version": "0.1.156"
 }