OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" | |
6 | |
7 #include <memory> | |
8 #include <string> | |
9 #include <utility> | |
10 #include <vector> | |
11 | |
12 #include "base/bind.h" | |
13 #include "base/files/file_path.h" | |
14 #include "base/files/file_util.h" | |
15 #include "base/logging.h" | |
16 #include "base/macros.h" | |
17 #include "base/path_service.h" | |
18 #include "base/task_scheduler/post_task.h" | |
19 #include "base/threading/sequenced_worker_pool.h" | |
20 #include "base/version.h" | |
21 #include "components/component_updater/component_updater_paths.h" | |
22 #include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h" | |
23 #include "content/public/browser/browser_thread.h" | |
24 | |
25 using component_updater::ComponentUpdateService; | |
26 | |
27 namespace { | |
28 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = | |
29 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); | |
30 | |
31 // Prior implementations (< M46) of this installer would copy the whitelist | |
32 // file from the installed component directory to the top of the user data | |
33 // directory which is not necessary. Delete this unused file. | |
34 // todo(cmumford): Delete this function >= M50. | |
35 void DeleteWhitelistCopy(const base::FilePath& user_data_dir) { | |
36 base::DeleteFile(user_data_dir.Append(kCompressedEVWhitelistFileName), false); | |
37 } | |
38 | |
39 void LoadWhitelistFromDisk(const base::FilePath& whitelist_path, | |
40 const base::Version& version) { | |
41 if (whitelist_path.empty()) | |
42 return; | |
43 | |
44 VLOG(1) << "Reading EV whitelist from file: " << whitelist_path.value(); | |
45 std::string compressed_list; | |
46 if (!base::ReadFileToString(whitelist_path, &compressed_list)) { | |
47 VLOG(1) << "Failed reading from " << whitelist_path.value(); | |
48 return; | |
49 } | |
50 | |
51 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | |
52 new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list, | |
53 version)); | |
54 compressed_list.clear(); | |
55 if (!new_whitelist->IsValid()) { | |
56 VLOG(1) << "Failed uncompressing EV certs whitelist."; | |
57 return; | |
58 } | |
59 | |
60 VLOG(1) << "EV whitelist: Successfully loaded."; | |
61 packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist); | |
62 } | |
63 | |
64 } // namespace | |
65 | |
66 namespace component_updater { | |
67 | |
68 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | |
69 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp | |
70 const uint8_t kPublicKeySHA256[32] = { | |
71 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, | |
72 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, | |
73 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; | |
74 | |
75 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; | |
76 | |
77 bool EVWhitelistComponentInstallerTraits:: | |
78 SupportsGroupPolicyEnabledComponentUpdates() const { | |
79 return false; | |
80 } | |
81 | |
82 bool EVWhitelistComponentInstallerTraits::RequiresNetworkEncryption() const { | |
83 return false; | |
84 } | |
85 | |
86 update_client::CrxInstaller::Result | |
87 EVWhitelistComponentInstallerTraits::OnCustomInstall( | |
88 const base::DictionaryValue& manifest, | |
89 const base::FilePath& install_dir) { | |
90 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; | |
91 | |
92 return update_client::CrxInstaller::Result(0); // Nothing custom here. | |
93 } | |
94 | |
95 base::FilePath EVWhitelistComponentInstallerTraits::GetInstalledPath( | |
96 const base::FilePath& base) { | |
97 // EV whitelist is encoded the same way for all platforms | |
98 return base.Append(FILE_PATH_LITERAL("_platform_specific")) | |
99 .Append(FILE_PATH_LITERAL("all")) | |
100 .Append(kCompressedEVWhitelistFileName); | |
101 } | |
102 | |
103 void EVWhitelistComponentInstallerTraits::ComponentReady( | |
104 const base::Version& version, | |
105 const base::FilePath& install_dir, | |
106 std::unique_ptr<base::DictionaryValue> manifest) { | |
107 VLOG(1) << "Component ready, version " << version.GetString() << " in " | |
108 << install_dir.value(); | |
109 | |
110 base::PostTaskWithTraits(FROM_HERE, | |
111 {base::MayBlock(), base::TaskPriority::BACKGROUND}, | |
112 base::Bind(&LoadWhitelistFromDisk, | |
113 GetInstalledPath(install_dir), version)); | |
114 } | |
115 | |
116 // Called during startup and installation before ComponentReady(). | |
117 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( | |
118 const base::DictionaryValue& manifest, | |
119 const base::FilePath& install_dir) const { | |
120 return base::PathExists(GetInstalledPath(install_dir)); | |
121 } | |
122 | |
123 base::FilePath EVWhitelistComponentInstallerTraits::GetRelativeInstallDir() | |
124 const { | |
125 return base::FilePath(FILE_PATH_LITERAL("EVWhitelist")); | |
126 } | |
127 | |
128 void EVWhitelistComponentInstallerTraits::GetHash( | |
129 std::vector<uint8_t>* hash) const { | |
130 hash->assign(kPublicKeySHA256, | |
131 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); | |
132 } | |
133 | |
134 std::string EVWhitelistComponentInstallerTraits::GetName() const { | |
135 return kEVWhitelistManifestName; | |
136 } | |
137 | |
138 update_client::InstallerAttributes | |
139 EVWhitelistComponentInstallerTraits::GetInstallerAttributes() const { | |
140 return update_client::InstallerAttributes(); | |
141 } | |
142 | |
143 std::vector<std::string> EVWhitelistComponentInstallerTraits::GetMimeTypes() | |
144 const { | |
145 return std::vector<std::string>(); | |
146 } | |
147 | |
148 void RegisterEVWhitelistComponent(ComponentUpdateService* cus, | |
149 const base::FilePath& user_data_dir) { | |
150 VLOG(1) << "Registering EV whitelist component."; | |
151 | |
152 std::unique_ptr<ComponentInstallerTraits> traits( | |
153 new EVWhitelistComponentInstallerTraits()); | |
154 // |cus| will take ownership of |installer| during installer->Register(cus). | |
155 DefaultComponentInstaller* installer = | |
156 new DefaultComponentInstaller(std::move(traits)); | |
157 installer->Register(cus, base::Closure()); | |
158 | |
159 content::BrowserThread::PostAfterStartupTask( | |
160 FROM_HERE, content::BrowserThread::GetBlockingPool(), | |
161 base::Bind(&DeleteWhitelistCopy, user_data_dir)); | |
162 } | |
163 | |
164 } // namespace component_updater | |
OLD | NEW |