chrome/browser/component_updater/component_unpacker.cc - Issue 449643002: Componentize component_updater: Move over a bunch of files to the component.

Side by Side Diff: chrome/browser/component_updater/component_unpacker.cc

Issue 449643002: Componentize component_updater: Move over a bunch of files to the component. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: add more checked casts Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « chrome/browser/component_updater/component_unpacker.h ('k') | chrome/browser/component_updater/component_updater_configurator.h » ('j') | components/component_updater/DEPS » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/browser/component_updater/component_unpacker.h"

6

7 #include <string>

8 #include <vector>

9

10 #include "base/bind.h"

11 #include "base/file_util.h"

12 #include "base/files/file_path.h"

13 #include "base/files/scoped_file.h"

14 #include "base/json/json_file_value_serializer.h"

15 #include "base/location.h"

16 #include "base/logging.h"

17 #include "base/strings/string_number_conversions.h"

18 #include "base/strings/stringprintf.h"

19 #include "base/values.h"

20 #include "chrome/browser/component_updater/component_patcher.h"

21 #include "chrome/browser/component_updater/component_patcher_operation.h"

22 #include "chrome/browser/component_updater/component_updater_service.h"

23 #include "crypto/secure_hash.h"

24 #include "crypto/signature_verifier.h"

25 #include "extensions/common/constants.h"

26 #include "extensions/common/crx_file.h"

27 #include "third_party/zlib/google/zip.h"

28

29 using crypto::SecureHash;

30

31 namespace component_updater {

32

33 namespace {

34

35 // This class makes sure that the CRX digital signature is valid

36 // and well formed.

37 class CRXValidator {

38 public:

39 explicit CRXValidator(FILE* crx_file) : valid_(false), is_delta_(false) {

40 extensions::CrxFile::Header header;

41 size_t len = fread(&header, 1, sizeof(header), crx_file);

42 if (len < sizeof(header))

43 return;

44

45 extensions::CrxFile::Error error;

46 scoped_ptr<extensions::CrxFile> crx(

47 extensions::CrxFile::Parse(header, &error));

48 if (!crx.get())

49 return;

50 is_delta_ = extensions::CrxFile::HeaderIsDelta(header);

51

52 std::vector<uint8> key(header.key_size);

53 len = fread(&key[0], sizeof(uint8), header.key_size, crx_file);

54 if (len < header.key_size)

55 return;

56

57 std::vector<uint8> signature(header.signature_size);

58 len = fread(&signature[0], sizeof(uint8), header.signature_size, crx_file);

59 if (len < header.signature_size)

60 return;

61

62 crypto::SignatureVerifier verifier;

63 if (!verifier.VerifyInit(extension_misc::kSignatureAlgorithm,

64 sizeof(extension_misc::kSignatureAlgorithm),

65 &signature[0],

66 signature.size(),

67 &key[0],

68 key.size())) {

69 // Signature verification initialization failed. This is most likely

70 // caused by a public key in the wrong format (should encode algorithm).

71 return;

72 }

73

74 const size_t kBufSize = 8 * 1024;

75 scoped_ptr<uint8[]> buf(new uint8[kBufSize]);

76 while ((len = fread(buf.get(), 1, kBufSize, crx_file)) > 0)

77 verifier.VerifyUpdate(buf.get(), len);

78

79 if (!verifier.VerifyFinal())

80 return;

81

82 public_key_.swap(key);

83 valid_ = true;

84 }

85

86 bool valid() const { return valid_; }

87

88 bool is_delta() const { return is_delta_; }

89

90 const std::vector<uint8>& public_key() const { return public_key_; }

91

92 private:

93 bool valid_;

94 bool is_delta_;

95 std::vector<uint8> public_key_;

96 };

97

98 } // namespace

99

100 ComponentUnpacker::ComponentUnpacker(

101 const std::vector<uint8>& pk_hash,

102 const base::FilePath& path,

103 const std::string& fingerprint,

104 ComponentInstaller* installer,

105 scoped_refptr<OutOfProcessPatcher> out_of_process_patcher,

106 scoped_refptr<base::SequencedTaskRunner> task_runner)

107 : pk_hash_(pk_hash),

108 path_(path),

109 is_delta_(false),

110 fingerprint_(fingerprint),

111 installer_(installer),

112 out_of_process_patcher_(out_of_process_patcher),

113 error_(kNone),

114 extended_error_(0),

115 task_runner_(task_runner) {

116 }

117

118 // TODO(cpu): add a specific attribute check to a component json that the

119 // extension unpacker will reject, so that a component cannot be installed

120 // as an extension.

121 scoped_ptr<base::DictionaryValue> ReadManifest(

122 const base::FilePath& unpack_path) {

123 base::FilePath manifest =

124 unpack_path.Append(FILE_PATH_LITERAL("manifest.json"));

125 if (!base::PathExists(manifest))

126 return scoped_ptr<base::DictionaryValue>();

127 JSONFileValueSerializer serializer(manifest);

128 std::string error;

129 scoped_ptr<base::Value> root(serializer.Deserialize(NULL, &error));

130 if (!root.get())

131 return scoped_ptr<base::DictionaryValue>();

132 if (!root->IsType(base::Value::TYPE_DICTIONARY))

133 return scoped_ptr<base::DictionaryValue>();

134 return scoped_ptr<base::DictionaryValue>(

135 static_cast<base::DictionaryValue*>(root.release())).Pass();

136 }

137

138 bool ComponentUnpacker::UnpackInternal() {

139 return Verify() && Unzip() && BeginPatching();

140 }

141

142 void ComponentUnpacker::Unpack(const Callback& callback) {

143 callback_ = callback;

144 if (!UnpackInternal())

145 Finish();

146 }

147

148 bool ComponentUnpacker::Verify() {

149 VLOG(1) << "Verifying component: " << path_.value();

150 if (pk_hash_.empty() \|\| path_.empty()) {

151 error_ = kInvalidParams;

152 return false;

153 }

154 // First, validate the CRX header and signature. As of today

155 // this is SHA1 with RSA 1024.

156 base::ScopedFILE file(base::OpenFile(path_, "rb"));

157 if (!file.get()) {

158 error_ = kInvalidFile;

159 return false;

160 }

161 CRXValidator validator(file.get());

162 file.reset();

163 if (!validator.valid()) {

164 error_ = kInvalidFile;

165 return false;

166 }

167 is_delta_ = validator.is_delta();

168

169 // File is valid and the digital signature matches. Now make sure

170 // the public key hash matches the expected hash. If they do we fully

171 // trust this CRX.

172 uint8 hash[32] = {};

173 scoped_ptr<SecureHash> sha256(SecureHash::Create(SecureHash::SHA256));

174 sha256->Update(&(validator.public_key()[0]), validator.public_key().size());

175 sha256->Finish(hash, arraysize(hash));

176

177 if (!std::equal(pk_hash_.begin(), pk_hash_.end(), hash)) {

178 VLOG(1) << "Hash mismatch: " << path_.value();

179 error_ = kInvalidId;

180 return false;

181 }

182 VLOG(1) << "Verification successful: " << path_.value();

183 return true;

184 }

185

186 bool ComponentUnpacker::Unzip() {

187 base::FilePath& destination = is_delta_ ? unpack_diff_path_ : unpack_path_;

188 VLOG(1) << "Unpacking in: " << destination.value();

189 if (!base::CreateNewTempDirectory(base::FilePath::StringType(),

190 &destination)) {

191 VLOG(1) << "Unable to create temporary directory for unpacking.";

192 error_ = kUnzipPathError;

193 return false;

194 }

195 if (!zip::Unzip(path_, destination)) {

196 VLOG(1) << "Unzipping failed.";

197 error_ = kUnzipFailed;

198 return false;

199 }

200 VLOG(1) << "Unpacked successfully";

201 return true;

202 }

203

204 bool ComponentUnpacker::BeginPatching() {

205 if (is_delta_) { // Package is a diff package.

206 // Use a different temp directory for the patch output files.

207 if (!base::CreateNewTempDirectory(base::FilePath::StringType(),

208 &unpack_path_)) {

209 error_ = kUnzipPathError;

210 return false;

211 }

212 patcher_ = new ComponentPatcher(unpack_diff_path_,

213 unpack_path_,

214 installer_,

215 out_of_process_patcher_,

216 task_runner_);

217 task_runner_->PostTask(

218 FROM_HERE,

219 base::Bind(&ComponentPatcher::Start,

220 patcher_,

221 base::Bind(&ComponentUnpacker::EndPatching,

222 scoped_refptr<ComponentUnpacker>(this))));

223 } else {

224 task_runner_->PostTask(FROM_HERE,

225 base::Bind(&ComponentUnpacker::EndPatching,

226 scoped_refptr<ComponentUnpacker>(this),

227 kNone,

228 0));

229 }

230 return true;

231 }

232

233 void ComponentUnpacker::EndPatching(Error error, int extended_error) {

234 error_ = error;

235 extended_error_ = extended_error;

236 patcher_ = NULL;

237 if (error_ != kNone) {

238 Finish();

239 return;

240 }

241 // Optimization: clean up patch files early, in case disk space is too low to

242 // install otherwise.

243 if (!unpack_diff_path_.empty()) {

244 base::DeleteFile(unpack_diff_path_, true);

245 unpack_diff_path_.clear();

246 }

247 Install();

248 Finish();

249 }

250

251 void ComponentUnpacker::Install() {

252 // Write the fingerprint to disk.

253 if (static_cast<int>(fingerprint_.size()) !=

254 base::WriteFile(

255 unpack_path_.Append(FILE_PATH_LITERAL("manifest.fingerprint")),

256 fingerprint_.c_str(),

257 fingerprint_.size())) {

258 error_ = kFingerprintWriteFailed;

259 return;

260 }

261 scoped_ptr<base::DictionaryValue> manifest(ReadManifest(unpack_path_));

262 if (!manifest.get()) {

263 error_ = kBadManifest;

264 return;

265 }

266 DCHECK(error_ == kNone);

267 if (!installer_->Install(*manifest, unpack_path_)) {

268 error_ = kInstallerError;

269 return;

270 }

271 }

272

273 void ComponentUnpacker::Finish() {

274 if (!unpack_diff_path_.empty())

275 base::DeleteFile(unpack_diff_path_, true);

276 if (!unpack_path_.empty())

277 base::DeleteFile(unpack_path_, true);

278 callback_.Run(error_, extended_error_);

279 }

280

281 ComponentUnpacker::~ComponentUnpacker() {

282 }

283

284 } // namespace component_updater

OLD	NEW