| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/component_updater/sth_set_component_installer.h" |
| 6 |
| 7 #include <string> |
| 8 #include <utility> |
| 9 #include <vector> |
| 10 |
| 11 #include "base/bind.h" |
| 12 #include "base/files/file_path.h" |
| 13 #include "base/files/file_util.h" |
| 14 #include "base/logging.h" |
| 15 #include "base/macros.h" |
| 16 #include "base/path_service.h" |
| 17 #include "base/values.h" |
| 18 #include "base/version.h" |
| 19 #include "components/component_updater/component_updater_paths.h" |
| 20 #include "components/safe_json/safe_json_parser.h" |
| 21 #include "content/public/browser/browser_thread.h" |
| 22 #include "crypto/sha2.h" |
| 23 #include "net/cert/ct_known_logs_static.h" |
| 24 #include "net/cert/ct_log_response_parser.h" |
| 25 #include "net/cert/signed_tree_head.h" |
| 26 |
| 27 using component_updater::ComponentUpdateService; |
| 28 |
| 29 namespace { |
| 30 const base::FilePath::CharType kSTHsDirName[] = FILE_PATH_LITERAL("sths"); |
| 31 |
| 32 // TODO(eranm): Make it work for all logs. |
| 33 const base::FilePath::CharType kPilotSTHsFileName[] = |
| 34 FILE_PATH_LITERAL("pilot.sth"); |
| 35 |
| 36 } // namespace |
| 37 |
| 38 namespace component_updater { |
| 39 |
| 40 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. |
| 41 // The extension id is: aplidfpohcjpojgnkjpkibbkcghkogef |
| 42 const uint8_t kPublicKeySHA256[32] = { |
| 43 0x0f, 0xb8, 0x35, 0xfe, 0x72, 0x9f, 0xe9, 0x6d, 0xa9, 0xfa, 0x81, |
| 44 0x1a, 0x26, 0x7a, 0xe6, 0x45, 0x22, 0x50, 0xc4, 0xd4, 0x01, 0xcc, |
| 45 0x33, 0x90, 0x1c, 0xe9, 0x44, 0x37, 0xc4, 0xa0, 0x2e, 0x02}; |
| 46 |
| 47 const char kSTHSetFetcherManifestName[] = "Signed Tree Heads"; |
| 48 |
| 49 STHSetComponentInstallerTraits::STHSetComponentInstallerTraits( |
| 50 scoped_ptr<net::ct::STHDistributor> sth_distributor) |
| 51 : sth_distributor_(std::move(sth_distributor)) { |
| 52 VLOG(1) << "XXX: STHSetComponentInstallerTraits::c'tor"; |
| 53 } |
| 54 |
| 55 STHSetComponentInstallerTraits::~STHSetComponentInstallerTraits() { |
| 56 VLOG(1) << "XXX: STHSetComponentInstallerTraits::d'tor"; |
| 57 } |
| 58 |
| 59 bool STHSetComponentInstallerTraits::CanAutoUpdate() const { |
| 60 return true; |
| 61 } |
| 62 |
| 63 bool STHSetComponentInstallerTraits::OnCustomInstall( |
| 64 const base::DictionaryValue& manifest, |
| 65 const base::FilePath& install_dir) { |
| 66 VLOG(1) << "Entering STHSetComponentInstallerTraits::OnCustomInstall."; |
| 67 |
| 68 return true; // Nothing custom here. |
| 69 } |
| 70 |
| 71 base::FilePath STHSetComponentInstallerTraits::GetInstalledPath( |
| 72 const base::FilePath& base) { |
| 73 return base.Append(FILE_PATH_LITERAL("_platform_specific")) |
| 74 .Append(FILE_PATH_LITERAL("all")) |
| 75 .Append(kSTHsDirName) |
| 76 .Append(kPilotSTHsFileName); |
| 77 } |
| 78 |
| 79 void STHSetComponentInstallerTraits::ComponentReady( |
| 80 const base::Version& version, |
| 81 const base::FilePath& install_dir, |
| 82 scoped_ptr<base::DictionaryValue> manifest) { |
| 83 VLOG(1) << "Component ready, version " << version.GetString() << " in " |
| 84 << install_dir.value(); |
| 85 |
| 86 if (!content::BrowserThread::PostBlockingPoolTask( |
| 87 FROM_HERE, |
| 88 base::Bind(&STHSetComponentInstallerTraits::LoadSTHsFromDisk, |
| 89 base::Unretained(this), GetInstalledPath(install_dir), |
| 90 version))) { |
| 91 NOTREACHED(); |
| 92 } |
| 93 } |
| 94 |
| 95 // Called during startup and installation before ComponentReady(). |
| 96 bool STHSetComponentInstallerTraits::VerifyInstallation( |
| 97 const base::DictionaryValue& manifest, |
| 98 const base::FilePath& install_dir) const { |
| 99 return base::PathExists(GetInstalledPath(install_dir)); |
| 100 } |
| 101 |
| 102 base::FilePath STHSetComponentInstallerTraits::GetBaseDirectory() const { |
| 103 base::FilePath result; |
| 104 PathService::Get(DIR_CERT_TRANS_TREE_STATES, &result); |
| 105 return result; |
| 106 } |
| 107 |
| 108 void STHSetComponentInstallerTraits::GetHash(std::vector<uint8_t>* hash) const { |
| 109 hash->assign(kPublicKeySHA256, |
| 110 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); |
| 111 } |
| 112 |
| 113 std::string STHSetComponentInstallerTraits::GetName() const { |
| 114 return kSTHSetFetcherManifestName; |
| 115 } |
| 116 |
| 117 void STHSetComponentInstallerTraits::LoadSTHsFromDisk( |
| 118 const base::FilePath& sths_file_path, |
| 119 const base::Version& version) { |
| 120 if (sths_file_path.empty()) |
| 121 return; |
| 122 |
| 123 VLOG(1) << "Reading STH from file: " << sths_file_path.value(); |
| 124 std::string json_sth; |
| 125 if (!base::ReadFileToString(sths_file_path, &json_sth)) { |
| 126 VLOG(1) << "Failed reading from " << sths_file_path.value(); |
| 127 return; |
| 128 } |
| 129 |
| 130 VLOG(1) << "STH: Successfully read: " << json_sth; |
| 131 safe_json::SafeJsonParser::Parse( |
| 132 json_sth, base::Bind(&STHSetComponentInstallerTraits::OnJsonParseSuccess, |
| 133 base::Unretained(this)), |
| 134 base::Bind(&STHSetComponentInstallerTraits::OnJsonParseError, |
| 135 base::Unretained(this))); |
| 136 } |
| 137 |
| 138 void STHSetComponentInstallerTraits::OnJsonParseSuccess( |
| 139 scoped_ptr<base::Value> parsed_json) { |
| 140 net::ct::SignedTreeHead signed_tree_head; |
| 141 if (!net::ct::FillSignedTreeHead(*(parsed_json.get()), &signed_tree_head)) { |
| 142 LOG(WARNING) << "Failed to fill in signed tree head."; |
| 143 return; |
| 144 } |
| 145 |
| 146 // TODO(eranm): Remove this hack |
| 147 // Pilot is the first log in the list. |
| 148 base::StringPiece pilot_key(kCTLogList[0].log_key, |
| 149 kCTLogList[0].log_key_length); |
| 150 std::string pilot_key_id = crypto::SHA256HashString(pilot_key); |
| 151 |
| 152 // The log id is not a part of the response, fill in manually. |
| 153 signed_tree_head.log_id = pilot_key_id; |
| 154 content::BrowserThread::PostTask( |
| 155 content::BrowserThread::IO, FROM_HERE, |
| 156 base::Bind(&net::ct::STHDistributor::NewSTHObserved, |
| 157 base::Unretained(sth_distributor_.get()), signed_tree_head)); |
| 158 } |
| 159 |
| 160 void STHSetComponentInstallerTraits::OnJsonParseError( |
| 161 const std::string& error) { |
| 162 VLOG(0) << "STH loading failed: " << error; |
| 163 } |
| 164 |
| 165 void RegisterSTHSetComponent( |
| 166 ComponentUpdateService* cus, |
| 167 const base::FilePath& user_data_dir, |
| 168 scoped_ptr<net::ct::STHDistributor> sth_distributor) { |
| 169 VLOG(1) << "Registering STH Set fetcher component."; |
| 170 |
| 171 scoped_ptr<ComponentInstallerTraits> traits( |
| 172 new STHSetComponentInstallerTraits(std::move(sth_distributor))); |
| 173 // |cus| will take ownership of |installer| during installer->Register(cus). |
| 174 DefaultComponentInstaller* installer = |
| 175 new DefaultComponentInstaller(std::move(traits)); |
| 176 installer->Register(cus, base::Closure()); |
| 177 } |
| 178 |
| 179 } // namespace component_updater |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master