Chromium Code Reviews Chromium Code Reviews
Issue 289533003:
A bunch of remaining parts of extension content verification (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: extensions/browser/content_hash_reader.cc |
| diff --git a/extensions/browser/content_hash_reader.cc b/extensions/browser/content_hash_reader.cc |
| index 9a327acd7b239b78950af2d7df574839ef3e1d3e..3c4cf0f9c9031868675403e397ddcbb1e7a876a9 100644 |
| --- a/extensions/browser/content_hash_reader.cc |
| +++ b/extensions/browser/content_hash_reader.cc |
| @@ -4,6 +4,22 @@ |
| #include "extensions/browser/content_hash_reader.h" |
| +#include "base/base64.h" |
| +#include "base/file_util.h" |
| +#include "base/json/json_reader.h" |
| +#include "base/strings/string_util.h" |
| +#include "base/values.h" |
| +#include "crypto/sha2.h" |
| +#include "extensions/browser/computed_hashes.h" |
| +#include "extensions/browser/content_hash_tree.h" |
| +#include "extensions/browser/verified_contents.h" |
| +#include "extensions/common/extension.h" |
| +#include "extensions/common/file_util.h" |
| + |
| +using base::DictionaryValue; |
| +using base::ListValue; |
| +using base::Value; |
| + |
| namespace extensions { |
| ContentHashReader::ContentHashReader(const std::string& extension_id, |
| @@ -15,27 +31,76 @@ ContentHashReader::ContentHashReader(const std::string& extension_id, |
| extension_version_(extension_version.GetString()), |
| extension_root_(extension_root), |
| relative_path_(relative_path), |
| - key_(key) { |
| + key_(key), |
| + status_(NOT_INITIALIZED), |
| + block_size_(0) { |
| } |
| ContentHashReader::~ContentHashReader() { |
| } |
| bool ContentHashReader::Init() { |
| + DCHECK_EQ(status_, NOT_INITIALIZED); |
| + status_ = FAILURE; |
| + base::FilePath verified_contents_path = |
| + file_util::GetVerifiedContentsPath(extension_root_); |
| + |
| + if (base::PathExists(verified_contents_path)) { |
| + verified_contents_.reset(new VerifiedContents(key_.data, key_.size)); |
| + // TODO(asargent) - we need to switch on signature validation. |
| + // (crbug.com/369895) |
| + if (!verified_contents_->InitFrom(verified_contents_path, |
| + true /* ignore invalid signature */)) { |
| + verified_contents_.reset(); |
| + } else { |
| + if (!verified_contents_->valid_signature()) { |
| + // Reminder to fix the TODO above. |
| + LOG(WARNING) << "Temporarily ignoring invalid signature!"; |
| + } |
| + if (verified_contents_->extension_id() != extension_id_ || |
| + !verified_contents_->version().Equals(extension_version_)) |
| + return false; |
| + } |
| + } |
| + |
| + ComputedHashes::Reader reader; |
| + if (!reader.InitFromFile(file_util::GetComputedHashesPath(extension_root_)) || |
| + !reader.GetHashes(relative_path_, &block_size_, &hashes_) || |
| + block_size_ % crypto::kSHA256Length != 0) |
| + return false; |
| + |
| + std::string root = |
| + ComputeTreeHashRoot(hashes_, block_size_ / crypto::kSHA256Length); |
| + const std::string* expected_root = NULL; |
| + if (verified_contents_.get()) |
| + expected_root = verified_contents_->GetTreeHashRoot(relative_path_); |
| + if (expected_root && *expected_root != root) |
| + return false; |
| + |
| + status_ = SUCCESS; |
| return true; |
| } |
| int ContentHashReader::block_count() const { |
| - return 0; |
| + DCHECK(status_ != NOT_INITIALIZED); |
| + return hashes_.size(); |
| } |
| int ContentHashReader::block_size() const { |
| - return 0; |
| + DCHECK(status_ != NOT_INITIALIZED); |
| + return block_size_; |
| } |
| bool ContentHashReader::GetHashForBlock(int block_index, |
| const std::string** result) const { |
| - return false; |
| + if (status_ != SUCCESS) |
| + return false; |
| + |
|
Ken Rockot(use gerrit already)
2014/05/15 00:51:25
nit: Maybe worth a DCHECK(block_index >= 0)
asargent_no_longer_on_chrome
2014/05/15 04:02:49
Done.
|
| + if (static_cast<unsigned>(block_index) >= hashes_.size()) |
| + return false; |
| + *result = &hashes_[block_index]; |
| + |
| + return true; |
| } |
| } // namespace extensions |
