Chromium Code Reviews Chromium Code Reviews
Issue 465443002:
Certificate Transparency: Use component updater for EV whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" | |
| 6 | |
| 7 #include <string> | |
| 8 #include <vector> | |
| 9 | |
| 10 #include "base/bind.h" | |
| 11 #include "base/file_util.h" | |
| 12 #include "base/files/file_path.h" | |
| 13 #include "base/lazy_instance.h" | |
| 14 #include "base/logging.h" | |
| 15 #include "base/path_service.h" | |
| 16 #include "components/component_updater/component_updater_paths.h" | |
| 17 #include "content/public/browser/browser_thread.h" | |
| 18 #include "net/ssl/ssl_config_service.h" | |
| 19 | |
| 20 using component_updater::ComponentUpdateService; | |
| 21 | |
| 22 namespace { | |
| 23 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = | |
| 24 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); | |
| 25 } // namespace | |
| 26 | |
| 27 namespace component_updater { | |
| 28 | |
| 29 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | |
| 30 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp | |
| 31 const uint8 kPublicKeySHA256[32] = { | |
| 32 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, | |
| 33 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, | |
| 34 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; | |
| 35 | |
| 36 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; | |
| 37 | |
| 38 EVWhitelistComponentInstallerTraits::EVWhitelistComponentInstallerTraits() { | |
| 39 } | |
| 40 | |
| 41 bool EVWhitelistComponentInstallerTraits::CanAutoUpdate() const { | |
| 42 return true; | |
| 43 } | |
| 44 | |
| 45 bool EVWhitelistComponentInstallerTraits::OnCustomInstall( | |
| 46 const base::DictionaryValue& manifest, | |
| 47 const base::FilePath& install_dir) { | |
| 48 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; | |
| 49 | |
| 50 return true; // Nothing custom here. | |
| 51 } | |
| 52 | |
| 53 base::FilePath EVWhitelistComponentInstallerTraits::GetInstalledPath( | |
| 54 const base::FilePath& base) { | |
| 55 // EV whitelist is encoded the same way for all platforms | |
| 56 return base.Append(FILE_PATH_LITERAL("_platform_specific")) | |
| 57 .Append(FILE_PATH_LITERAL("all")) | |
| 58 .Append(kCompressedEVWhitelistFileName); | |
| 59 } | |
| 60 | |
| 61 void EVWhitelistComponentInstallerTraits::ComponentReady( | |
| 62 const base::Version& version, | |
| 63 const base::FilePath& path, | |
| 64 scoped_ptr<base::DictionaryValue> manifest) { | |
| 65 VLOG(1) << "Component ready, version " << version.GetString() << " in " | |
| 66 << path.value(); | |
| 67 | |
| 68 // TODO(eranm): Uncomment once https://codereview.chromium.org/462543002/ | |
| 69 // is in. | |
| 70 /* | |
| 71 const base::FilePath whitelist_file = GetInstalledPath(path); | |
| 72 base::Callback<void(void)> set_cb = | |
| 73 base::Bind(&net::ct::SetEVWhitelistFromFile, whitelist_file); | |
| 74 content::BrowserThread::PostBlockingPoolTask( | |
| 75 FROM_HERE, | |
| 76 set_cb); | |
| 77 */ | |
| 78 } | |
| 79 | |
| 80 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( | |
| 81 const base::FilePath& install_dir) const { | |
| 82 const base::FilePath expected_file = GetInstalledPath(install_dir); | |
| 83 VLOG(1) << "Verifying install: " << expected_file.value(); | |
| 84 if (!base::PathExists(expected_file)) { | |
| 85 VLOG(1) << "File missing."; | |
| 86 return false; | |
| 87 } | |
| 88 | |
| 89 std::string compressed_whitelist; | |
| 90 if (!base::ReadFileToString(expected_file, &compressed_whitelist)) { | |
| 91 VLOG(1) << "Failed reading the compressed EV hashes whitelist."; | |
| 92 return false; | |
| 93 } | |
| 94 | |
| 95 VLOG(1) << "Whitelist size: " << compressed_whitelist.size(); | |
| 96 | |
| 97 return compressed_whitelist.size() > 0; | |
|
Sorin Jianu
2014/08/12 00:37:52
Consider return !compressed_whitelist.empty()?
em
Eran Messeri
2014/08/12 09:52:07
Done.
| |
| 98 } | |
| 99 | |
| 100 base::FilePath EVWhitelistComponentInstallerTraits::GetBaseDirectory() const { | |
| 101 base::FilePath result; | |
| 102 PathService::Get(DIR_COMPONENT_EV_WHITELIST, &result); | |
| 103 return result; | |
| 104 } | |
| 105 | |
| 106 void EVWhitelistComponentInstallerTraits::GetHash( | |
| 107 std::vector<uint8>* hash) const { | |
| 108 hash->assign(kPublicKeySHA256, | |
| 109 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); | |
| 110 } | |
| 111 | |
| 112 std::string EVWhitelistComponentInstallerTraits::GetName() const { | |
| 113 return kEVWhitelistManifestName; | |
| 114 } | |
| 115 | |
| 116 void RegisterEVWhitelistComponent(ComponentUpdateService* cus) { | |
| 117 VLOG(1) << "Registering EV whitelist component."; | |
| 118 | |
| 119 scoped_ptr<ComponentInstallerTraits> traits( | |
| 120 new EVWhitelistComponentInstallerTraits()); | |
| 121 // |cus| will take ownership of |installer| during installer->Register(cus). | |
| 122 DefaultComponentInstaller* installer = | |
| 123 new DefaultComponentInstaller(traits.Pass()); | |
| 124 installer->Register(cus); | |
| 125 } | |
| 126 | |
| 127 } // namespace component_updater | |
| OLD | NEW |
