如何使用 Chrome 扩展获取浏览器证书以对有效负载进行数字签名
我正在开发一个 chrome 扩展程序,以访问浏览器上的证书列表(包括我购买的 3 类证书)。
这是manifest.json
{
"manifest_version": 2,
"name": "Coding Train Extension 2",
"version": "0.001",
"permissions": ["storage", "activeTab", "scripting"],
"content_scripts": [
{
"matches":["<all_urls>"],
"js": ["content.js"]
}
],
"background":{
"scripts": ["background.js"]
},
"browser_action":{
"default_icon": "logo.png"
}
}
这是background.js
console.log("This is inside background...");
chrome.browserAction.onClicked.addListener(collectAvailableCertificates);
function collectAvailableCertificates() {
// Return all certificates that this Extension can currently provide.
// For example:
return [{
certificateChain: [new Uint8Array()],
supportedAlgorithms: ['RSASSA_PKCS1_v1_5_SHA256']
}];
}
在这个测试中,content.js 没有被太多使用。我在浏览器上有一个扩展程序的图标,点击它我就会触发background.js。 我正在尝试模拟 Chrome API 文档 https://developer 中提供的 API。 chrome.com/docs/extensions/reference/certificateProvider/
如何调用文档中看到的collectAvailableCertificates()、handleSignatureRequest(request)等方法是我所追求的。我的目标是使用这个购买的证书对 xml 有效负载进行数字签名。
I am working on a chrome extension to get access to the list of certificates on my browser (Including the class 3 certificate I purchased).
This is the manifest.json
{
"manifest_version": 2,
"name": "Coding Train Extension 2",
"version": "0.001",
"permissions": ["storage", "activeTab", "scripting"],
"content_scripts": [
{
"matches":["<all_urls>"],
"js": ["content.js"]
}
],
"background":{
"scripts": ["background.js"]
},
"browser_action":{
"default_icon": "logo.png"
}
}
This is the background.js
console.log("This is inside background...");
chrome.browserAction.onClicked.addListener(collectAvailableCertificates);
function collectAvailableCertificates() {
// Return all certificates that this Extension can currently provide.
// For example:
return [{
certificateChain: [new Uint8Array()],
supportedAlgorithms: ['RSASSA_PKCS1_v1_5_SHA256']
}];
}
In this test, the content.js is not being used much. I have an icon of the extension on browser and on its click I am triggering the background.js.
I am trying to emulate the APIs provided in the Chrome API documentation https://developer.chrome.com/docs/extensions/reference/certificateProvider/
How to call the methods like collectAvailableCertificates(), handleSignatureRequest(request) as seen in the document is what I am pursuing. My aim is to use this purchased certificate to digitally sign an xml payload.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
certificateProviderAPI 有着完全不同的目标。它仅适用于 Chrome 操作系统,作为管理网络请求的证书身份验证的一种方式 - 而不是证书的任何其他用途(您似乎打算在你的代码)。
它还不提供使用证书进行签名所需的任何加密技术,这超出了其范围(事实上,使用它的扩展预计会自行实现签名),如果您的证书是存储在那里。
所有这些 API 的作用是当 Web 服务器请求 HTTPS 客户端证书身份验证时,让浏览器知道哪些证书可用(通过扩展)。
仅此而已。某些 Chrome API 仅用于 Chrome 操作系统上的管理功能,而其他接口不可用。
有关 Chrome 操作系统限制的信息可在文档网站 最迟到2021年10月,但目前似乎没有体现出来,这是一个文档网站错误。而且它并没有被扩展到其他地方 - 这将在新增功能页面< /a>,但它在 2021 年 10 月再次确认它是一个“Chrome 操作系统 API”,此后再也没有提及过。
您应该查看 Web 加密 API,例如
SubtleCrypto.sign,但这意味着将您的私钥包含在扩展本身中。编辑:实际上,Chrome还有另一个相关的API,
chrome.platformKeys,这可能允许访问操作系统证书存储(如果这是您的情况 - 需要使用已安装的证书而不将其包含到扩展中)。它可用于从操作系统存储中请求公钥/私钥,并进一步使用其自己的 SubtleCrypto 版本来处理它们。
The
certificateProviderAPI has an entirely different goal in mind.It's only available for Chrome OS as a way to manage certificate authentication for web requests - and not any other use of certificates (you seem to be aiming to sign an arbitrary payload in your code).
It also does not provide any cryptography required to use a certificate for signing, that's outside its scope (in fact, the extension using it is expected to implement signatures themselves), nor will it give you access to the OS certificate store if your certificate is stored there.
All this API does it make the browser aware what certificates made are available (by the extension) when a web server requests HTTPS client certificate authentication.
Nothing less, nothing more. Some Chrome APIs exist only for management functions on Chrome OS where other interfaces are unavailable.
The information regarding Chrome OS restriction was available on the documentation website as late as Oct 2021, but does not seem to be reflected in the current one, which is a documentation website bug. And it's not like it's been extended to work elsewhere - that would be mentioned on the What's New page, but it again confirms in Oct 2021 that it's a "Chrome OS API" and has no mentions since.
You should be looking at Web crypto APIs instead, e.g.
SubtleCrypto.sign, but that would mean including your private key in the extension itself.EDIT: Actually, Chrome has another related API,
chrome.platformKeys, that may allow access to the OS certificate store (if that is your situation - needing to use an installed certificate without including it into the extension).It can be used to request the public/private key out of the OS store and further use its own version of
SubtleCryptoto work with them.