| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" | 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/path_service.h" | 15 #include "base/path_service.h" |
| 16 #include "chrome/browser/net/packed_ct_ev_whitelist.h" |
| 16 #include "components/component_updater/component_updater_paths.h" | 17 #include "components/component_updater/component_updater_paths.h" |
| 17 #include "content/public/browser/browser_thread.h" | 18 #include "content/public/browser/browser_thread.h" |
| 18 #include "net/ssl/ssl_config_service.h" | 19 #include "net/ssl/ssl_config_service.h" |
| 19 | 20 |
| 20 using component_updater::ComponentUpdateService; | 21 using component_updater::ComponentUpdateService; |
| 21 | 22 |
| 22 namespace { | 23 namespace { |
| 23 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = | 24 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = |
| 24 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); | 25 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); |
| 25 } // namespace | 26 } // namespace |
| 26 | 27 |
| 27 namespace component_updater { | 28 namespace component_updater { |
| 28 | 29 |
| 29 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | 30 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. |
| 30 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp | 31 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp |
| 31 const uint8_t kPublicKeySHA256[32] = { | 32 const uint8_t kPublicKeySHA256[32] = { |
| 32 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, | 33 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, |
| 33 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, | 34 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, |
| 34 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; | 35 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; |
| 35 | 36 |
| 36 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; | 37 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; |
| 37 | 38 |
| 38 EVWhitelistComponentInstallerTraits::EVWhitelistComponentInstallerTraits() { | 39 EVWhitelistComponentInstallerTraits::EVWhitelistComponentInstallerTraits( |
| 40 net::SSLConfigService* ssl_config_service) |
| 41 : ssl_config_service_(ssl_config_service) { |
| 42 } |
| 43 |
| 44 EVWhitelistComponentInstallerTraits::~EVWhitelistComponentInstallerTraits() { |
| 39 } | 45 } |
| 40 | 46 |
| 41 bool EVWhitelistComponentInstallerTraits::CanAutoUpdate() const { | 47 bool EVWhitelistComponentInstallerTraits::CanAutoUpdate() const { |
| 42 return true; | 48 return true; |
| 43 } | 49 } |
| 44 | 50 |
| 45 bool EVWhitelistComponentInstallerTraits::OnCustomInstall( | 51 bool EVWhitelistComponentInstallerTraits::OnCustomInstall( |
| 46 const base::DictionaryValue& manifest, | 52 const base::DictionaryValue& manifest, |
| 47 const base::FilePath& install_dir) { | 53 const base::FilePath& install_dir) { |
| 48 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; | 54 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; |
| 49 | 55 |
| 50 return true; // Nothing custom here. | 56 return true; // Nothing custom here. |
| 51 } | 57 } |
| 52 | 58 |
| 53 base::FilePath EVWhitelistComponentInstallerTraits::GetInstalledPath( | 59 base::FilePath EVWhitelistComponentInstallerTraits::GetInstalledPath( |
| 54 const base::FilePath& base) { | 60 const base::FilePath& base) { |
| 55 // EV whitelist is encoded the same way for all platforms | 61 // EV whitelist is encoded the same way for all platforms |
| 56 return base.Append(FILE_PATH_LITERAL("_platform_specific")) | 62 return base.Append(FILE_PATH_LITERAL("_platform_specific")) |
| 57 .Append(FILE_PATH_LITERAL("all")) | 63 .Append(FILE_PATH_LITERAL("all")) |
| 58 .Append(kCompressedEVWhitelistFileName); | 64 .Append(kCompressedEVWhitelistFileName); |
| 59 } | 65 } |
| 60 | 66 |
| 61 void EVWhitelistComponentInstallerTraits::ComponentReady( | 67 void EVWhitelistComponentInstallerTraits::ComponentReady( |
| 62 const base::Version& version, | 68 const base::Version& version, |
| 63 const base::FilePath& path, | 69 const base::FilePath& path, |
| 64 scoped_ptr<base::DictionaryValue> manifest) { | 70 scoped_ptr<base::DictionaryValue> manifest) { |
| 65 VLOG(1) << "Component ready, version " << version.GetString() << " in " | 71 VLOG(1) << "Component ready, version " << version.GetString() << " in " |
| 66 << path.value(); | 72 << path.value(); |
| 67 | 73 |
| 68 // TODO(eranm): Uncomment once https://codereview.chromium.org/462543002/ | |
| 69 // is in. | |
| 70 /* | |
| 71 const base::FilePath whitelist_file = GetInstalledPath(path); | 74 const base::FilePath whitelist_file = GetInstalledPath(path); |
| 72 base::Callback<void(void)> set_cb = | |
| 73 base::Bind(&net::ct::SetEVWhitelistFromFile, whitelist_file); | |
| 74 content::BrowserThread::PostBlockingPoolTask( | 75 content::BrowserThread::PostBlockingPoolTask( |
| 75 FROM_HERE, | 76 FROM_HERE, |
| 76 set_cb); | 77 base::Bind(&SetEVWhitelistFromFile, whitelist_file, ssl_config_service_)); |
| 77 */ | |
| 78 } | 78 } |
| 79 | 79 |
| 80 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( | 80 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( |
| 81 const base::FilePath& install_dir) const { | 81 const base::FilePath& install_dir) const { |
| 82 const base::FilePath expected_file = GetInstalledPath(install_dir); | 82 const base::FilePath expected_file = GetInstalledPath(install_dir); |
| 83 VLOG(1) << "Verifying install: " << expected_file.value(); | 83 VLOG(1) << "Verifying install: " << expected_file.value(); |
| 84 if (!base::PathExists(expected_file)) { | 84 if (!base::PathExists(expected_file)) { |
| 85 VLOG(1) << "File missing."; | 85 VLOG(1) << "File missing."; |
| 86 return false; | 86 return false; |
| 87 } | 87 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 106 void EVWhitelistComponentInstallerTraits::GetHash( | 106 void EVWhitelistComponentInstallerTraits::GetHash( |
| 107 std::vector<uint8_t>* hash) const { | 107 std::vector<uint8_t>* hash) const { |
| 108 hash->assign(kPublicKeySHA256, | 108 hash->assign(kPublicKeySHA256, |
| 109 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); | 109 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); |
| 110 } | 110 } |
| 111 | 111 |
| 112 std::string EVWhitelistComponentInstallerTraits::GetName() const { | 112 std::string EVWhitelistComponentInstallerTraits::GetName() const { |
| 113 return kEVWhitelistManifestName; | 113 return kEVWhitelistManifestName; |
| 114 } | 114 } |
| 115 | 115 |
| 116 void RegisterEVWhitelistComponent(ComponentUpdateService* cus) { | 116 void RegisterEVWhitelistComponent(ComponentUpdateService* cus, |
| 117 net::SSLConfigService* ssl_config_service) { |
| 117 VLOG(1) << "Registering EV whitelist component."; | 118 VLOG(1) << "Registering EV whitelist component."; |
| 118 | 119 |
| 119 scoped_ptr<ComponentInstallerTraits> traits( | 120 scoped_ptr<ComponentInstallerTraits> traits( |
| 120 new EVWhitelistComponentInstallerTraits()); | 121 new EVWhitelistComponentInstallerTraits(ssl_config_service)); |
| 121 // |cus| will take ownership of |installer| during installer->Register(cus). | 122 // |cus| will take ownership of |installer| during installer->Register(cus). |
| 122 DefaultComponentInstaller* installer = | 123 DefaultComponentInstaller* installer = |
| 123 new DefaultComponentInstaller(traits.Pass()); | 124 new DefaultComponentInstaller(traits.Pass()); |
| 124 installer->Register(cus); | 125 installer->Register(cus); |
| 125 } | 126 } |
| 126 | 127 |
| 127 } // namespace component_updater | 128 } // namespace component_updater |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 547603002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master