| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/component_updater/sth_set_component_installer.h" | 5 #include "chrome/browser/component_updater/sth_set_component_installer.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/files/file_enumerator.h" | 10 #include "base/files/file_enumerator.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/path_service.h" | 14 #include "base/path_service.h" |
| 15 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
| 16 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "base/version.h" | 17 #include "base/version.h" |
| 18 #include "chrome/browser/net/sth_distributor_provider.h" |
| 18 #include "components/component_updater/component_updater_paths.h" | 19 #include "components/component_updater/component_updater_paths.h" |
| 19 #include "components/safe_json/safe_json_parser.h" | 20 #include "components/safe_json/safe_json_parser.h" |
| 20 #include "content/public/browser/browser_thread.h" | 21 #include "content/public/browser/browser_thread.h" |
| 21 #include "crypto/sha2.h" | 22 #include "crypto/sha2.h" |
| 22 #include "net/cert/ct_log_response_parser.h" | 23 #include "net/cert/ct_log_response_parser.h" |
| 23 #include "net/cert/signed_tree_head.h" | 24 #include "net/cert/signed_tree_head.h" |
| 24 #include "net/cert/sth_distributor.h" | 25 #include "net/cert/sth_distributor.h" |
| 25 #include "net/cert/sth_observer.h" | 26 #include "net/cert/sth_observer.h" |
| 26 | 27 |
| 27 using component_updater::ComponentUpdateService; | 28 using component_updater::ComponentUpdateService; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 42 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | 43 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. |
| 43 // The extension id is: ojjgnpkioondelmggbekfhllhdaimnho | 44 // The extension id is: ojjgnpkioondelmggbekfhllhdaimnho |
| 44 const uint8_t kPublicKeySHA256[32] = { | 45 const uint8_t kPublicKeySHA256[32] = { |
| 45 0xe9, 0x96, 0xdf, 0xa8, 0xee, 0xd3, 0x4b, 0xc6, 0x61, 0x4a, 0x57, | 46 0xe9, 0x96, 0xdf, 0xa8, 0xee, 0xd3, 0x4b, 0xc6, 0x61, 0x4a, 0x57, |
| 46 0xbb, 0x73, 0x08, 0xcd, 0x7e, 0x51, 0x9b, 0xcc, 0x69, 0x08, 0x41, | 47 0xbb, 0x73, 0x08, 0xcd, 0x7e, 0x51, 0x9b, 0xcc, 0x69, 0x08, 0x41, |
| 47 0xe1, 0x96, 0x9f, 0x7c, 0xb1, 0x73, 0xef, 0x16, 0x80, 0x0a}; | 48 0xe1, 0x96, 0x9f, 0x7c, 0xb1, 0x73, 0xef, 0x16, 0x80, 0x0a}; |
| 48 | 49 |
| 49 const char kSTHSetFetcherManifestName[] = "Signed Tree Heads"; | 50 const char kSTHSetFetcherManifestName[] = "Signed Tree Heads"; |
| 50 | 51 |
| 51 STHSetComponentInstallerTraits::STHSetComponentInstallerTraits( | 52 STHSetComponentInstallerTraits::STHSetComponentInstallerTraits( |
| 52 std::unique_ptr<net::ct::STHObserver> sth_observer) | 53 net::ct::STHObserver* sth_observer) |
| 53 : sth_observer_(std::move(sth_observer)) {} | 54 : sth_observer_(sth_observer) {} |
| 54 | 55 |
| 55 STHSetComponentInstallerTraits::~STHSetComponentInstallerTraits() {} | 56 STHSetComponentInstallerTraits::~STHSetComponentInstallerTraits() {} |
| 56 | 57 |
| 57 bool STHSetComponentInstallerTraits::CanAutoUpdate() const { | 58 bool STHSetComponentInstallerTraits::CanAutoUpdate() const { |
| 58 return true; | 59 return true; |
| 59 } | 60 } |
| 60 | 61 |
| 61 // Public data is delivered via this component, no need for encryption. | 62 // Public data is delivered via this component, no need for encryption. |
| 62 bool STHSetComponentInstallerTraits::RequiresNetworkEncryption() const { | 63 bool STHSetComponentInstallerTraits::RequiresNetworkEncryption() const { |
| 63 return false; | 64 return false; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 if (!net::ct::FillSignedTreeHead(*(parsed_json.get()), &signed_tree_head)) { | 162 if (!net::ct::FillSignedTreeHead(*(parsed_json.get()), &signed_tree_head)) { |
| 162 LOG(ERROR) << "Failed to fill in signed tree head."; | 163 LOG(ERROR) << "Failed to fill in signed tree head."; |
| 163 return; | 164 return; |
| 164 } | 165 } |
| 165 | 166 |
| 166 // The log id is not a part of the response, fill in manually. | 167 // The log id is not a part of the response, fill in manually. |
| 167 signed_tree_head.log_id = log_id; | 168 signed_tree_head.log_id = log_id; |
| 168 content::BrowserThread::PostTask( | 169 content::BrowserThread::PostTask( |
| 169 content::BrowserThread::IO, FROM_HERE, | 170 content::BrowserThread::IO, FROM_HERE, |
| 170 base::Bind(&net::ct::STHObserver::NewSTHObserved, | 171 base::Bind(&net::ct::STHObserver::NewSTHObserved, |
| 171 base::Unretained(sth_observer_.get()), signed_tree_head)); | 172 base::Unretained(sth_observer_), signed_tree_head)); |
| 172 } | 173 } |
| 173 | 174 |
| 174 void STHSetComponentInstallerTraits::OnJsonParseError( | 175 void STHSetComponentInstallerTraits::OnJsonParseError( |
| 175 const std::string& log_id, | 176 const std::string& log_id, |
| 176 const std::string& error) { | 177 const std::string& error) { |
| 177 DVLOG(1) << "STH loading failed: " << error | 178 DVLOG(1) << "STH loading failed: " << error |
| 178 << " for log: " << base::HexEncode(log_id.data(), log_id.length()); | 179 << " for log: " << base::HexEncode(log_id.data(), log_id.length()); |
| 179 } | 180 } |
| 180 | 181 |
| 181 void RegisterSTHSetComponent(ComponentUpdateService* cus, | 182 void RegisterSTHSetComponent(ComponentUpdateService* cus, |
| 182 const base::FilePath& user_data_dir) { | 183 const base::FilePath& user_data_dir) { |
| 183 DVLOG(1) << "Registering STH Set fetcher component."; | 184 DVLOG(1) << "Registering STH Set fetcher component."; |
| 184 | 185 |
| 185 // TODO(eranm): The next step in auditing CT logs (crbug.com/506227) is to | 186 net::ct::STHDistributor* distributor( |
| 186 // pass the distributor to the IOThread so it can be used in a per-profile | 187 chrome_browser_net::GetGlobalSTHDistributor()); |
| 187 // context for checking inclusion of SCTs. | 188 // The global STHDistributor should have been created by this point. |
| 188 std::unique_ptr<net::ct::STHDistributor> distributor( | 189 DCHECK(distributor != nullptr); |
| 189 new net::ct::STHDistributor()); | |
| 190 | 190 |
| 191 std::unique_ptr<ComponentInstallerTraits> traits( | 191 std::unique_ptr<ComponentInstallerTraits> traits( |
| 192 new STHSetComponentInstallerTraits(std::move(distributor))); | 192 new STHSetComponentInstallerTraits(distributor)); |
| 193 // |cus| will take ownership of |installer| during installer->Register(cus). | 193 // |cus| will take ownership of |installer| during installer->Register(cus). |
| 194 DefaultComponentInstaller* installer = | 194 DefaultComponentInstaller* installer = |
| 195 new DefaultComponentInstaller(std::move(traits)); | 195 new DefaultComponentInstaller(std::move(traits)); |
| 196 installer->Register(cus, base::Closure()); | 196 installer->Register(cus, base::Closure()); |
| 197 } | 197 } |
| 198 | 198 |
| 199 } // namespace component_updater | 199 } // namespace component_updater |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2014573002:
Certificate Transparency: Wire the TreeStateTracker up. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master