OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/verified_contents.h" | 5 #include "extensions/browser/verified_contents.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include "base/base64url.h" | 9 #include "base/base64url.h" |
10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
(...skipping 25 matching lines...) Expand all Loading... |
36 const char kRootHashKey[] = "root_hash"; | 36 const char kRootHashKey[] = "root_hash"; |
37 const char kSignatureKey[] = "signature"; | 37 const char kSignatureKey[] = "signature"; |
38 const char kSignaturesKey[] = "signatures"; | 38 const char kSignaturesKey[] = "signatures"; |
39 const char kSignedContentKey[] = "signed_content"; | 39 const char kSignedContentKey[] = "signed_content"; |
40 const char kTreeHashPerFile[] = "treehash per file"; | 40 const char kTreeHashPerFile[] = "treehash per file"; |
41 const char kTreeHash[] = "treehash"; | 41 const char kTreeHash[] = "treehash"; |
42 const char kWebstoreKId[] = "webstore"; | 42 const char kWebstoreKId[] = "webstore"; |
43 | 43 |
44 // Helper function to iterate over a list of dictionaries, returning the | 44 // Helper function to iterate over a list of dictionaries, returning the |
45 // dictionary that has |key| -> |value| in it, if any, or NULL. | 45 // dictionary that has |key| -> |value| in it, if any, or NULL. |
46 const DictionaryValue* FindDictionaryWithValue(const ListValue* list, | 46 DictionaryValue* FindDictionaryWithValue(const ListValue* list, |
47 const std::string& key, | 47 const std::string& key, |
48 const std::string& value) { | 48 const std::string& value) { |
49 for (const auto& i : *list) { | 49 for (const auto& i : *list) { |
50 const DictionaryValue* dictionary; | 50 DictionaryValue* dictionary; |
51 if (!i.GetAsDictionary(&dictionary)) | 51 if (!i->GetAsDictionary(&dictionary)) |
52 continue; | 52 continue; |
53 std::string found_value; | 53 std::string found_value; |
54 if (dictionary->GetString(key, &found_value) && found_value == value) | 54 if (dictionary->GetString(key, &found_value) && found_value == value) |
55 return dictionary; | 55 return dictionary; |
56 } | 56 } |
57 return NULL; | 57 return NULL; |
58 } | 58 } |
59 | 59 |
60 } // namespace | 60 } // namespace |
61 | 61 |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
241 // Find the "treehash per file" signed content, e.g. | 241 // Find the "treehash per file" signed content, e.g. |
242 // [ | 242 // [ |
243 // { | 243 // { |
244 // "description": "treehash per file", | 244 // "description": "treehash per file", |
245 // "signed_content": { | 245 // "signed_content": { |
246 // "signatures": [ ... ], | 246 // "signatures": [ ... ], |
247 // "payload": "..." | 247 // "payload": "..." |
248 // } | 248 // } |
249 // } | 249 // } |
250 // ] | 250 // ] |
251 const DictionaryValue* dictionary = | 251 DictionaryValue* dictionary = |
252 FindDictionaryWithValue(top_list, kDescriptionKey, kTreeHashPerFile); | 252 FindDictionaryWithValue(top_list, kDescriptionKey, kTreeHashPerFile); |
253 const DictionaryValue* signed_content = NULL; | 253 DictionaryValue* signed_content = NULL; |
254 if (!dictionary || | 254 if (!dictionary || |
255 !dictionary->GetDictionaryWithoutPathExpansion(kSignedContentKey, | 255 !dictionary->GetDictionaryWithoutPathExpansion(kSignedContentKey, |
256 &signed_content)) { | 256 &signed_content)) { |
257 return false; | 257 return false; |
258 } | 258 } |
259 | 259 |
260 const ListValue* signatures = NULL; | 260 ListValue* signatures = NULL; |
261 if (!signed_content->GetList(kSignaturesKey, &signatures)) | 261 if (!signed_content->GetList(kSignaturesKey, &signatures)) |
262 return false; | 262 return false; |
263 | 263 |
264 const DictionaryValue* signature_dict = | 264 DictionaryValue* signature_dict = |
265 FindDictionaryWithValue(signatures, kHeaderKidKey, kWebstoreKId); | 265 FindDictionaryWithValue(signatures, kHeaderKidKey, kWebstoreKId); |
266 if (!signature_dict) | 266 if (!signature_dict) |
267 return false; | 267 return false; |
268 | 268 |
269 std::string protected_value; | 269 std::string protected_value; |
270 std::string encoded_signature; | 270 std::string encoded_signature; |
271 std::string decoded_signature; | 271 std::string decoded_signature; |
272 if (!signature_dict->GetString(kProtectedKey, &protected_value) || | 272 if (!signature_dict->GetString(kProtectedKey, &protected_value) || |
273 !signature_dict->GetString(kSignatureKey, &encoded_signature) || | 273 !signature_dict->GetString(kSignatureKey, &encoded_signature) || |
274 !base::Base64UrlDecode(encoded_signature, | 274 !base::Base64UrlDecode(encoded_signature, |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
317 reinterpret_cast<const uint8_t*>(payload.data()), payload.size()); | 317 reinterpret_cast<const uint8_t*>(payload.data()), payload.size()); |
318 | 318 |
319 if (!signature_verifier.VerifyFinal()) { | 319 if (!signature_verifier.VerifyFinal()) { |
320 VLOG(1) << "Could not verify signature - VerifyFinal failure"; | 320 VLOG(1) << "Could not verify signature - VerifyFinal failure"; |
321 return false; | 321 return false; |
322 } | 322 } |
323 return true; | 323 return true; |
324 } | 324 } |
325 | 325 |
326 } // namespace extensions | 326 } // namespace extensions |
OLD | NEW |