OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/content_hash_reader.h" | 5 #include "extensions/browser/content_hash_reader.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
9 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
10 #include "base/metrics/histogram_macros.h" | 10 #include "base/metrics/histogram_macros.h" |
(...skipping 17 matching lines...) Expand all Loading... |
28 const base::Version& extension_version, | 28 const base::Version& extension_version, |
29 const base::FilePath& extension_root, | 29 const base::FilePath& extension_root, |
30 const base::FilePath& relative_path, | 30 const base::FilePath& relative_path, |
31 const ContentVerifierKey& key) | 31 const ContentVerifierKey& key) |
32 : extension_id_(extension_id), | 32 : extension_id_(extension_id), |
33 extension_version_(extension_version.GetString()), | 33 extension_version_(extension_version.GetString()), |
34 extension_root_(extension_root), | 34 extension_root_(extension_root), |
35 relative_path_(relative_path), | 35 relative_path_(relative_path), |
36 key_(key), | 36 key_(key), |
37 status_(NOT_INITIALIZED), | 37 status_(NOT_INITIALIZED), |
38 content_exists_(false), | |
39 have_verified_contents_(false), | 38 have_verified_contents_(false), |
40 have_computed_hashes_(false), | 39 have_computed_hashes_(false), |
41 block_size_(0) { | 40 file_missing_from_verified_contents_(false), |
42 } | 41 block_size_(0) {} |
43 | 42 |
44 ContentHashReader::~ContentHashReader() { | 43 ContentHashReader::~ContentHashReader() { |
45 } | 44 } |
46 | 45 |
47 bool ContentHashReader::Init() { | 46 bool ContentHashReader::Init() { |
48 base::ElapsedTimer timer; | 47 base::ElapsedTimer timer; |
49 DCHECK_EQ(status_, NOT_INITIALIZED); | 48 DCHECK_EQ(status_, NOT_INITIALIZED); |
50 status_ = FAILURE; | 49 status_ = FAILURE; |
51 base::FilePath verified_contents_path = | 50 base::FilePath verified_contents_path = |
52 file_util::GetVerifiedContentsPath(extension_root_); | 51 file_util::GetVerifiedContentsPath(extension_root_); |
53 | |
54 // Check that this is a valid resource to verify (i.e., it exists). | |
55 base::FilePath content_path = extension_root_.Append(relative_path_); | |
56 if (!base::PathExists(content_path) || base::DirectoryExists(content_path)) | |
57 return false; | |
58 | |
59 content_exists_ = true; | |
60 | |
61 if (!base::PathExists(verified_contents_path)) | 52 if (!base::PathExists(verified_contents_path)) |
62 return false; | 53 return false; |
63 | 54 |
64 VerifiedContents verified_contents(key_.data, key_.size); | 55 VerifiedContents verified_contents(key_.data, key_.size); |
65 if (!verified_contents.InitFrom(verified_contents_path) || | 56 if (!verified_contents.InitFrom(verified_contents_path) || |
66 !verified_contents.valid_signature() || | 57 !verified_contents.valid_signature() || |
67 verified_contents.version() != extension_version_ || | 58 verified_contents.version() != extension_version_ || |
68 verified_contents.extension_id() != extension_id_) { | 59 verified_contents.extension_id() != extension_id_) { |
69 return false; | 60 return false; |
70 } | 61 } |
71 | 62 |
72 have_verified_contents_ = true; | 63 have_verified_contents_ = true; |
73 | 64 |
74 base::FilePath computed_hashes_path = | 65 base::FilePath computed_hashes_path = |
75 file_util::GetComputedHashesPath(extension_root_); | 66 file_util::GetComputedHashesPath(extension_root_); |
76 if (!base::PathExists(computed_hashes_path)) | 67 if (!base::PathExists(computed_hashes_path)) |
77 return false; | 68 return false; |
78 | 69 |
79 ComputedHashes::Reader reader; | 70 ComputedHashes::Reader reader; |
80 if (!reader.InitFromFile(computed_hashes_path)) | 71 if (!reader.InitFromFile(computed_hashes_path)) |
81 return false; | 72 return false; |
82 | 73 |
83 have_computed_hashes_ = true; | 74 have_computed_hashes_ = true; |
84 | 75 |
| 76 if (!verified_contents.HasTreeHashRoot(relative_path_)) { |
| 77 // Extension is requesting a non-existent resource that does not have an |
| 78 // entry in verified_contents.json. This can happen when an extension sends |
| 79 // XHR to its non-existent resource. This should not result in content |
| 80 // verification failure. |
| 81 file_missing_from_verified_contents_ = true; |
| 82 return false; |
| 83 } |
| 84 |
85 if (!reader.GetHashes(relative_path_, &block_size_, &hashes_) || | 85 if (!reader.GetHashes(relative_path_, &block_size_, &hashes_) || |
86 block_size_ % crypto::kSHA256Length != 0) | 86 block_size_ % crypto::kSHA256Length != 0) |
87 return false; | 87 return false; |
88 | 88 |
89 std::string root = | 89 std::string root = |
90 ComputeTreeHashRoot(hashes_, block_size_ / crypto::kSHA256Length); | 90 ComputeTreeHashRoot(hashes_, block_size_ / crypto::kSHA256Length); |
91 if (!verified_contents.TreeHashRootEquals(relative_path_, root)) | 91 if (!verified_contents.TreeHashRootEquals(relative_path_, root)) |
92 return false; | 92 return false; |
93 | 93 |
94 status_ = SUCCESS; | 94 status_ = SUCCESS; |
(...skipping 19 matching lines...) Expand all Loading... |
114 DCHECK(block_index >= 0); | 114 DCHECK(block_index >= 0); |
115 | 115 |
116 if (static_cast<unsigned>(block_index) >= hashes_.size()) | 116 if (static_cast<unsigned>(block_index) >= hashes_.size()) |
117 return false; | 117 return false; |
118 *result = &hashes_[block_index]; | 118 *result = &hashes_[block_index]; |
119 | 119 |
120 return true; | 120 return true; |
121 } | 121 } |
122 | 122 |
123 } // namespace extensions | 123 } // namespace extensions |
OLD | NEW |