OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 5 #ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
6 #define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 6 #define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
15 #include "base/macros.h" | 15 #include "base/macros.h" |
16 #include "base/version.h" | 16 #include "base/version.h" |
17 | 17 |
18 namespace extensions { | 18 namespace extensions { |
19 | 19 |
20 // This class encapsulates the data in a "verified_contents.json" file | 20 // This class encapsulates the data in a "verified_contents.json" file |
21 // generated by the webstore for a .crx file. That data includes a set of | 21 // generated by the webstore for a .crx file. That data includes a set of |
22 // signed expected hashes of file content which can be used to check for | 22 // signed expected hashes of file content which can be used to check for |
23 // corruption of extension files on local disk. | 23 // corruption of extension files on local disk. |
24 class VerifiedContents { | 24 class VerifiedContents { |
25 public: | 25 public: |
26 // Note: the public_key must remain valid for the lifetime of this object. | 26 // Note: the public_key must remain valid for the lifetime of this object. |
27 VerifiedContents(const uint8_t* public_key, int public_key_size); | 27 VerifiedContents(const uint8_t* public_key, size_t public_key_size); |
28 ~VerifiedContents(); | 28 ~VerifiedContents(); |
29 | 29 |
30 // Returns true if we successfully parsed the verified_contents.json file at | 30 // Returns true if we successfully parsed the verified_contents.json file at |
31 // |path| and validated the enclosed signature. The | 31 // |path| and validated the enclosed signature. The |
32 bool InitFrom(const base::FilePath& path); | 32 bool InitFrom(const base::FilePath& path); |
33 | 33 |
34 int block_size() const { return block_size_; } | 34 int block_size() const { return block_size_; } |
35 const std::string& extension_id() const { return extension_id_; } | 35 const std::string& extension_id() const { return extension_id_; } |
36 const base::Version& version() const { return version_; } | 36 const base::Version& version() const { return version_; } |
37 | 37 |
(...skipping 14 matching lines...) Expand all Loading... |
52 // The |protected_value| and |payload| arguments should be base64url encoded | 52 // The |protected_value| and |payload| arguments should be base64url encoded |
53 // strings, and |signature_bytes| should be a byte array. See comments in the | 53 // strings, and |signature_bytes| should be a byte array. See comments in the |
54 // .cc file on GetPayload for where these come from in the overall input | 54 // .cc file on GetPayload for where these come from in the overall input |
55 // file. | 55 // file. |
56 bool VerifySignature(const std::string& protected_value, | 56 bool VerifySignature(const std::string& protected_value, |
57 const std::string& payload, | 57 const std::string& payload, |
58 const std::string& signature_bytes); | 58 const std::string& signature_bytes); |
59 | 59 |
60 // The public key we should use for signature verification. | 60 // The public key we should use for signature verification. |
61 const uint8_t* public_key_; | 61 const uint8_t* public_key_; |
62 const int public_key_size_; | 62 const size_t public_key_size_; |
63 | 63 |
64 // Indicates whether the signature was successfully validated or not. | 64 // Indicates whether the signature was successfully validated or not. |
65 bool valid_signature_; | 65 bool valid_signature_; |
66 | 66 |
67 // The block size used for computing the treehash root hashes. | 67 // The block size used for computing the treehash root hashes. |
68 int block_size_; | 68 int block_size_; |
69 | 69 |
70 // Information about which extension these signed hashes are for. | 70 // Information about which extension these signed hashes are for. |
71 std::string extension_id_; | 71 std::string extension_id_; |
72 base::Version version_; | 72 base::Version version_; |
73 | 73 |
74 // The expected treehash root hashes for each file, lower cased so we can do | 74 // The expected treehash root hashes for each file, lower cased so we can do |
75 // case-insensitive lookups. | 75 // case-insensitive lookups. |
76 // | 76 // |
77 // We use a multi-map here so that we can do fast lookups of paths from | 77 // We use a multi-map here so that we can do fast lookups of paths from |
78 // requests on case-insensitive systems (windows, mac) where the request path | 78 // requests on case-insensitive systems (windows, mac) where the request path |
79 // might not have the exact right capitalization, but not break | 79 // might not have the exact right capitalization, but not break |
80 // case-sensitive systems (linux, chromeos). TODO(asargent) - we should give | 80 // case-sensitive systems (linux, chromeos). TODO(asargent) - we should give |
81 // developers client-side warnings in each of those cases, and have the | 81 // developers client-side warnings in each of those cases, and have the |
82 // webstore reject the cases they can statically detect. See crbug.com/29941 | 82 // webstore reject the cases they can statically detect. See crbug.com/29941 |
83 typedef std::multimap<base::FilePath::StringType, std::string> RootHashes; | 83 typedef std::multimap<base::FilePath::StringType, std::string> RootHashes; |
84 RootHashes root_hashes_; | 84 RootHashes root_hashes_; |
85 | 85 |
86 DISALLOW_COPY_AND_ASSIGN(VerifiedContents); | 86 DISALLOW_COPY_AND_ASSIGN(VerifiedContents); |
87 }; | 87 }; |
88 | 88 |
89 } // namespace extensions | 89 } // namespace extensions |
90 | 90 |
91 #endif // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ | 91 #endif // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_ |
OLD | NEW |