OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 5 #ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
6 #define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 6 #define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 11 matching lines...) Expand all Loading... |
22 // signed expected hashes of file content which can be used to check for | 22 // signed expected hashes of file content which can be used to check for |
23 // corruption of extension files on local disk. | 23 // corruption of extension files on local disk. |
24 class VerifiedContents { | 24 class VerifiedContents { |
25 public: | 25 public: |
26 // Note: the public_key must remain valid for the lifetime of this object. | 26 // Note: the public_key must remain valid for the lifetime of this object. |
27 VerifiedContents(const uint8_t* public_key, int public_key_size); | 27 VerifiedContents(const uint8_t* public_key, int public_key_size); |
28 ~VerifiedContents(); | 28 ~VerifiedContents(); |
29 | 29 |
30 // Returns true if we successfully parsed the verified_contents.json file at | 30 // Returns true if we successfully parsed the verified_contents.json file at |
31 // |path| and validated the enclosed signature. The | 31 // |path| and validated the enclosed signature. The |
32 // |ignore_invalid_signature| argument can be set to make this still succeed | 32 bool InitFrom(const base::FilePath& path); |
33 // if the contents of the file were parsed successfully but the signature did | |
34 // not validate. (Use with caution!) | |
35 bool InitFrom(const base::FilePath& path, bool ignore_invalid_signature); | |
36 | 33 |
37 int block_size() const { return block_size_; } | 34 int block_size() const { return block_size_; } |
38 const std::string& extension_id() const { return extension_id_; } | 35 const std::string& extension_id() const { return extension_id_; } |
39 const base::Version& version() const { return version_; } | 36 const base::Version& version() const { return version_; } |
40 | 37 |
41 bool HasTreeHashRoot(const base::FilePath& relative_path) const; | 38 bool HasTreeHashRoot(const base::FilePath& relative_path) const; |
42 | 39 |
43 bool TreeHashRootEquals(const base::FilePath& relative_path, | 40 bool TreeHashRootEquals(const base::FilePath& relative_path, |
44 const std::string& expected) const; | 41 const std::string& expected) const; |
45 | 42 |
46 // If InitFrom has not been called yet, or was used in "ignore invalid | 43 // If InitFrom has not been called yet, or was used in "ignore invalid |
47 // signature" mode, this can return false. | 44 // signature" mode, this can return false. |
48 bool valid_signature() { return valid_signature_; } | 45 bool valid_signature() { return valid_signature_; } |
49 | 46 |
50 private: | 47 private: |
51 // Returns the base64url-decoded "payload" field from the json at |path|, if | 48 // Returns the base64url-decoded "payload" field from the json at |path|, if |
52 // the signature was valid (or ignore_invalid_signature was set to true). | 49 // the signature was valid. |
53 bool GetPayload(const base::FilePath& path, | 50 bool GetPayload(const base::FilePath& path, std::string* payload); |
54 std::string* payload, | |
55 bool ignore_invalid_signature); | |
56 | 51 |
57 // The |protected_value| and |payload| arguments should be base64url encoded | 52 // The |protected_value| and |payload| arguments should be base64url encoded |
58 // strings, and |signature_bytes| should be a byte array. See comments in the | 53 // strings, and |signature_bytes| should be a byte array. See comments in the |
59 // .cc file on GetPayload for where these come from in the overall input | 54 // .cc file on GetPayload for where these come from in the overall input |
60 // file. | 55 // file. |
61 bool VerifySignature(const std::string& protected_value, | 56 bool VerifySignature(const std::string& protected_value, |
62 const std::string& payload, | 57 const std::string& payload, |
63 const std::string& signature_bytes); | 58 const std::string& signature_bytes); |
64 | 59 |
65 // The public key we should use for signature verification. | 60 // The public key we should use for signature verification. |
(...skipping 21 matching lines...) Expand all Loading... |
87 // webstore reject the cases they can statically detect. See crbug.com/29941 | 82 // webstore reject the cases they can statically detect. See crbug.com/29941 |
88 typedef std::multimap<base::FilePath::StringType, std::string> RootHashes; | 83 typedef std::multimap<base::FilePath::StringType, std::string> RootHashes; |
89 RootHashes root_hashes_; | 84 RootHashes root_hashes_; |
90 | 85 |
91 DISALLOW_COPY_AND_ASSIGN(VerifiedContents); | 86 DISALLOW_COPY_AND_ASSIGN(VerifiedContents); |
92 }; | 87 }; |
93 | 88 |
94 } // namespace extensions | 89 } // namespace extensions |
95 | 90 |
96 #endif // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 91 #endif // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
OLD | NEW |