| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" | |
| 6 | |
| 7 #include <memory> | |
| 8 #include <string> | |
| 9 #include <utility> | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "base/bind.h" | |
| 13 #include "base/files/file_path.h" | |
| 14 #include "base/files/file_util.h" | |
| 15 #include "base/logging.h" | |
| 16 #include "base/macros.h" | |
| 17 #include "base/path_service.h" | |
| 18 #include "base/task_scheduler/post_task.h" | |
| 19 #include "base/threading/sequenced_worker_pool.h" | |
| 20 #include "base/version.h" | |
| 21 #include "components/component_updater/component_updater_paths.h" | |
| 22 #include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h" | |
| 23 #include "content/public/browser/browser_thread.h" | |
| 24 | |
| 25 using component_updater::ComponentUpdateService; | |
| 26 | |
| 27 namespace { | |
| 28 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = | |
| 29 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); | |
| 30 | |
| 31 // Prior implementations (< M46) of this installer would copy the whitelist | |
| 32 // file from the installed component directory to the top of the user data | |
| 33 // directory which is not necessary. Delete this unused file. | |
| 34 // todo(cmumford): Delete this function >= M50. | |
| 35 void DeleteWhitelistCopy(const base::FilePath& user_data_dir) { | |
| 36 base::DeleteFile(user_data_dir.Append(kCompressedEVWhitelistFileName), false); | |
| 37 } | |
| 38 | |
| 39 void LoadWhitelistFromDisk(const base::FilePath& whitelist_path, | |
| 40 const base::Version& version) { | |
| 41 if (whitelist_path.empty()) | |
| 42 return; | |
| 43 | |
| 44 VLOG(1) << "Reading EV whitelist from file: " << whitelist_path.value(); | |
| 45 std::string compressed_list; | |
| 46 if (!base::ReadFileToString(whitelist_path, &compressed_list)) { | |
| 47 VLOG(1) << "Failed reading from " << whitelist_path.value(); | |
| 48 return; | |
| 49 } | |
| 50 | |
| 51 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | |
| 52 new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list, | |
| 53 version)); | |
| 54 compressed_list.clear(); | |
| 55 if (!new_whitelist->IsValid()) { | |
| 56 VLOG(1) << "Failed uncompressing EV certs whitelist."; | |
| 57 return; | |
| 58 } | |
| 59 | |
| 60 VLOG(1) << "EV whitelist: Successfully loaded."; | |
| 61 packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist); | |
| 62 } | |
| 63 | |
| 64 } // namespace | |
| 65 | |
| 66 namespace component_updater { | |
| 67 | |
| 68 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | |
| 69 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp | |
| 70 const uint8_t kPublicKeySHA256[32] = { | |
| 71 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, | |
| 72 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, | |
| 73 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; | |
| 74 | |
| 75 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; | |
| 76 | |
| 77 bool EVWhitelistComponentInstallerTraits:: | |
| 78 SupportsGroupPolicyEnabledComponentUpdates() const { | |
| 79 return false; | |
| 80 } | |
| 81 | |
| 82 bool EVWhitelistComponentInstallerTraits::RequiresNetworkEncryption() const { | |
| 83 return false; | |
| 84 } | |
| 85 | |
| 86 update_client::CrxInstaller::Result | |
| 87 EVWhitelistComponentInstallerTraits::OnCustomInstall( | |
| 88 const base::DictionaryValue& manifest, | |
| 89 const base::FilePath& install_dir) { | |
| 90 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; | |
| 91 | |
| 92 return update_client::CrxInstaller::Result(0); // Nothing custom here. | |
| 93 } | |
| 94 | |
| 95 base::FilePath EVWhitelistComponentInstallerTraits::GetInstalledPath( | |
| 96 const base::FilePath& base) { | |
| 97 // EV whitelist is encoded the same way for all platforms | |
| 98 return base.Append(FILE_PATH_LITERAL("_platform_specific")) | |
| 99 .Append(FILE_PATH_LITERAL("all")) | |
| 100 .Append(kCompressedEVWhitelistFileName); | |
| 101 } | |
| 102 | |
| 103 void EVWhitelistComponentInstallerTraits::ComponentReady( | |
| 104 const base::Version& version, | |
| 105 const base::FilePath& install_dir, | |
| 106 std::unique_ptr<base::DictionaryValue> manifest) { | |
| 107 VLOG(1) << "Component ready, version " << version.GetString() << " in " | |
| 108 << install_dir.value(); | |
| 109 | |
| 110 base::PostTaskWithTraits(FROM_HERE, | |
| 111 {base::MayBlock(), base::TaskPriority::BACKGROUND}, | |
| 112 base::Bind(&LoadWhitelistFromDisk, | |
| 113 GetInstalledPath(install_dir), version)); | |
| 114 } | |
| 115 | |
| 116 // Called during startup and installation before ComponentReady(). | |
| 117 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( | |
| 118 const base::DictionaryValue& manifest, | |
| 119 const base::FilePath& install_dir) const { | |
| 120 return base::PathExists(GetInstalledPath(install_dir)); | |
| 121 } | |
| 122 | |
| 123 base::FilePath EVWhitelistComponentInstallerTraits::GetRelativeInstallDir() | |
| 124 const { | |
| 125 return base::FilePath(FILE_PATH_LITERAL("EVWhitelist")); | |
| 126 } | |
| 127 | |
| 128 void EVWhitelistComponentInstallerTraits::GetHash( | |
| 129 std::vector<uint8_t>* hash) const { | |
| 130 hash->assign(kPublicKeySHA256, | |
| 131 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); | |
| 132 } | |
| 133 | |
| 134 std::string EVWhitelistComponentInstallerTraits::GetName() const { | |
| 135 return kEVWhitelistManifestName; | |
| 136 } | |
| 137 | |
| 138 update_client::InstallerAttributes | |
| 139 EVWhitelistComponentInstallerTraits::GetInstallerAttributes() const { | |
| 140 return update_client::InstallerAttributes(); | |
| 141 } | |
| 142 | |
| 143 std::vector<std::string> EVWhitelistComponentInstallerTraits::GetMimeTypes() | |
| 144 const { | |
| 145 return std::vector<std::string>(); | |
| 146 } | |
| 147 | |
| 148 void RegisterEVWhitelistComponent(ComponentUpdateService* cus, | |
| 149 const base::FilePath& user_data_dir) { | |
| 150 VLOG(1) << "Registering EV whitelist component."; | |
| 151 | |
| 152 std::unique_ptr<ComponentInstallerTraits> traits( | |
| 153 new EVWhitelistComponentInstallerTraits()); | |
| 154 // |cus| will take ownership of |installer| during installer->Register(cus). | |
| 155 DefaultComponentInstaller* installer = | |
| 156 new DefaultComponentInstaller(std::move(traits)); | |
| 157 installer->Register(cus, base::Closure()); | |
| 158 | |
| 159 content::BrowserThread::PostAfterStartupTask( | |
| 160 FROM_HERE, content::BrowserThread::GetBlockingPool(), | |
| 161 base::Bind(&DeleteWhitelistCopy, user_data_dir)); | |
| 162 } | |
| 163 | |
| 164 } // namespace component_updater | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2937563002:
Remove the EV Certs Whitelist (Closed)
