Chromium Code Reviews Chromium Code Reviews
Issue 585583003:
Fix case-sensitivity problems in extension content verification (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/verified_contents.h" | 5 #include "extensions/browser/verified_contents.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
| 9 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 179 std::string encoded_root_hash; | 179 std::string encoded_root_hash; |
| 180 std::string root_hash; | 180 std::string root_hash; |
| 181 if (!data->GetString(kPathKey, &file_path_string) || | 181 if (!data->GetString(kPathKey, &file_path_string) || |
| 182 !base::IsStringUTF8(file_path_string) || | 182 !base::IsStringUTF8(file_path_string) || |
| 183 !data->GetString(kRootHashKey, &encoded_root_hash) || | 183 !data->GetString(kRootHashKey, &encoded_root_hash) || |
| 184 !FixupBase64Encoding(&encoded_root_hash) || | 184 !FixupBase64Encoding(&encoded_root_hash) || |
| 185 !base::Base64Decode(encoded_root_hash, &root_hash)) | 185 !base::Base64Decode(encoded_root_hash, &root_hash)) |
| 186 return false; | 186 return false; |
| 187 base::FilePath file_path = | 187 base::FilePath file_path = |
| 188 base::FilePath::FromUTF8Unsafe(file_path_string); | 188 base::FilePath::FromUTF8Unsafe(file_path_string); |
| 189 root_hashes_[file_path] = std::string(); | 189 RootHashes::iterator i = root_hashes_.insert(std::make_pair( |
| 190 root_hashes_[file_path].swap(root_hash); | 190 base::StringToLowerASCII(file_path.value()), std::string())); |
| 191 i->second.swap(root_hash); | |
| 191 } | 192 } |
| 192 | 193 |
| 193 break; | 194 break; |
| 194 } | 195 } |
| 195 return true; | 196 return true; |
| 196 } | 197 } |
| 197 | 198 |
| 199 bool VerifiedContents::HasTreeHashRoot( | |
| 200 const base::FilePath& relative_path) const { | |
| 201 base::FilePath::StringType path = base::StringToLowerASCII( | |
| 202 relative_path.NormalizePathSeparatorsTo('/').value()); | |
| 203 return root_hashes_.find(path) != root_hashes_.end(); | |
| 204 } | |
| 205 | |
| 206 bool VerifiedContents::TreeHashRootEquals(const base::FilePath& relative_path, | |
| 207 const std::string& expected) const { | |
| 208 base::FilePath::StringType path = base::StringToLowerASCII( | |
| 209 relative_path.NormalizePathSeparatorsTo('/').value()); | |
| 210 for (RootHashes::const_iterator i = root_hashes_.find(path); | |
| 211 i != root_hashes_.end(); | |
| 212 ++i) { | |
| 213 if (expected == i->second) | |
| 214 return true; | |
| 215 } | |
| 216 return false; | |
| 217 } | |
| 218 | |
| 219 #if 0 | |
| 198 const std::string* VerifiedContents::GetTreeHashRoot( | 220 const std::string* VerifiedContents::GetTreeHashRoot( |
|
Ken Rockot(use gerrit already)
2014/09/26 18:48:13
Do you really want to keep this around for some re
asargent_no_longer_on_chrome
2014/09/26 18:51:55
No.
| |
| 199 const base::FilePath& relative_path) { | 221 const base::FilePath& relative_path) { |
| 200 std::map<base::FilePath, std::string>::const_iterator i = | 222 RootHashes::const_iterator i = |
| 201 root_hashes_.find(relative_path.NormalizePathSeparatorsTo('/')); | 223 root_hashes_.find(relative_path.NormalizePathSeparatorsTo('/')); |
| 202 if (i == root_hashes_.end()) | 224 if (i == root_hashes_.end()) |
| 203 return NULL; | 225 return NULL; |
| 204 return &i->second; | 226 return &i->second; |
| 205 } | 227 } |
| 228 #endif | |
| 206 | 229 |
| 207 // We're loosely following the "JSON Web Signature" draft spec for signing | 230 // We're loosely following the "JSON Web Signature" draft spec for signing |
| 208 // a JSON payload: | 231 // a JSON payload: |
| 209 // | 232 // |
| 210 // http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-26 | 233 // http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-26 |
| 211 // | 234 // |
| 212 // The idea is that you have some JSON that you want to sign, so you | 235 // The idea is that you have some JSON that you want to sign, so you |
| 213 // base64-encode that and put it as the "payload" field in a containing | 236 // base64-encode that and put it as the "payload" field in a containing |
| 214 // dictionary. There might be signatures of it done with multiple | 237 // dictionary. There might be signatures of it done with multiple |
| 215 // algorithms/parameters, so the payload is followed by a list of one or more | 238 // algorithms/parameters, so the payload is followed by a list of one or more |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 336 reinterpret_cast<const uint8*>(payload.data()), payload.size()); | 359 reinterpret_cast<const uint8*>(payload.data()), payload.size()); |
| 337 | 360 |
| 338 if (!signature_verifier.VerifyFinal()) { | 361 if (!signature_verifier.VerifyFinal()) { |
| 339 VLOG(1) << "Could not verify signature - VerifyFinal failure"; | 362 VLOG(1) << "Could not verify signature - VerifyFinal failure"; |
| 340 return false; | 363 return false; |
| 341 } | 364 } |
| 342 return true; | 365 return true; |
| 343 } | 366 } |
| 344 | 367 |
| 345 } // namespace extensions | 368 } // namespace extensions |
| OLD | NEW |
