| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 5 #ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
| 6 #define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 6 #define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 // signed expected hashes of file content which can be used to check for | 22 // signed expected hashes of file content which can be used to check for |
| 23 // corruption of extension files on local disk. | 23 // corruption of extension files on local disk. |
| 24 class VerifiedContents { | 24 class VerifiedContents { |
| 25 public: | 25 public: |
| 26 // Note: the public_key must remain valid for the lifetime of this object. | 26 // Note: the public_key must remain valid for the lifetime of this object. |
| 27 VerifiedContents(const uint8_t* public_key, int public_key_size); | 27 VerifiedContents(const uint8_t* public_key, int public_key_size); |
| 28 ~VerifiedContents(); | 28 ~VerifiedContents(); |
| 29 | 29 |
| 30 // Returns true if we successfully parsed the verified_contents.json file at | 30 // Returns true if we successfully parsed the verified_contents.json file at |
| 31 // |path| and validated the enclosed signature. The | 31 // |path| and validated the enclosed signature. The |
| 32 // |ignore_invalid_signature| argument can be set to make this still succeed | 32 bool InitFrom(const base::FilePath& path); |
| 33 // if the contents of the file were parsed successfully but the signature did | |
| 34 // not validate. (Use with caution!) | |
| 35 bool InitFrom(const base::FilePath& path, bool ignore_invalid_signature); | |
| 36 | 33 |
| 37 int block_size() const { return block_size_; } | 34 int block_size() const { return block_size_; } |
| 38 const std::string& extension_id() const { return extension_id_; } | 35 const std::string& extension_id() const { return extension_id_; } |
| 39 const base::Version& version() const { return version_; } | 36 const base::Version& version() const { return version_; } |
| 40 | 37 |
| 41 bool HasTreeHashRoot(const base::FilePath& relative_path) const; | 38 bool HasTreeHashRoot(const base::FilePath& relative_path) const; |
| 42 | 39 |
| 43 bool TreeHashRootEquals(const base::FilePath& relative_path, | 40 bool TreeHashRootEquals(const base::FilePath& relative_path, |
| 44 const std::string& expected) const; | 41 const std::string& expected) const; |
| 45 | 42 |
| 46 // If InitFrom has not been called yet, or was used in "ignore invalid | 43 // If InitFrom has not been called yet, or was used in "ignore invalid |
| 47 // signature" mode, this can return false. | 44 // signature" mode, this can return false. |
| 48 bool valid_signature() { return valid_signature_; } | 45 bool valid_signature() { return valid_signature_; } |
| 49 | 46 |
| 50 private: | 47 private: |
| 51 // Returns the base64url-decoded "payload" field from the json at |path|, if | 48 // Returns the base64url-decoded "payload" field from the json at |path|, if |
| 52 // the signature was valid (or ignore_invalid_signature was set to true). | 49 // the signature was valid. |
| 53 bool GetPayload(const base::FilePath& path, | 50 bool GetPayload(const base::FilePath& path, std::string* payload); |
| 54 std::string* payload, | |
| 55 bool ignore_invalid_signature); | |
| 56 | 51 |
| 57 // The |protected_value| and |payload| arguments should be base64url encoded | 52 // The |protected_value| and |payload| arguments should be base64url encoded |
| 58 // strings, and |signature_bytes| should be a byte array. See comments in the | 53 // strings, and |signature_bytes| should be a byte array. See comments in the |
| 59 // .cc file on GetPayload for where these come from in the overall input | 54 // .cc file on GetPayload for where these come from in the overall input |
| 60 // file. | 55 // file. |
| 61 bool VerifySignature(const std::string& protected_value, | 56 bool VerifySignature(const std::string& protected_value, |
| 62 const std::string& payload, | 57 const std::string& payload, |
| 63 const std::string& signature_bytes); | 58 const std::string& signature_bytes); |
| 64 | 59 |
| 65 // The public key we should use for signature verification. | 60 // The public key we should use for signature verification. |
| (...skipping 21 matching lines...) Expand all Loading... |
| 87 // webstore reject the cases they can statically detect. See crbug.com/29941 | 82 // webstore reject the cases they can statically detect. See crbug.com/29941 |
| 88 typedef std::multimap<base::FilePath::StringType, std::string> RootHashes; | 83 typedef std::multimap<base::FilePath::StringType, std::string> RootHashes; |
| 89 RootHashes root_hashes_; | 84 RootHashes root_hashes_; |
| 90 | 85 |
| 91 DISALLOW_COPY_AND_ASSIGN(VerifiedContents); | 86 DISALLOW_COPY_AND_ASSIGN(VerifiedContents); |
| 92 }; | 87 }; |
| 93 | 88 |
| 94 } // namespace extensions | 89 } // namespace extensions |
| 95 | 90 |
| 96 #endif // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 91 #endif // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2751913009:
Remove some VerifiedContents methods' params that are always false. (Closed)
