Chromium Code Reviews Chromium Code Reviews
Issue 657613002:
Certificate Transparency: EV certificates whitelist support for ChromeOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ev_list_unpacking_redo| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" | 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/numerics/safe_conversions.h" | |
| 15 #include "base/path_service.h" | 16 #include "base/path_service.h" |
| 16 #include "chrome/browser/net/packed_ct_ev_whitelist.h" | 17 #include "chrome/browser/net/packed_ct_ev_whitelist.h" |
| 17 #include "components/component_updater/component_updater_paths.h" | 18 #include "components/component_updater/component_updater_paths.h" |
| 18 #include "content/public/browser/browser_thread.h" | 19 #include "content/public/browser/browser_thread.h" |
| 19 #include "net/ssl/ssl_config_service.h" | 20 #include "net/ssl/ssl_config_service.h" |
| 20 | 21 |
| 21 using component_updater::ComponentUpdateService; | 22 using component_updater::ComponentUpdateService; |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = | 25 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = |
| 25 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); | 26 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); |
| 27 | |
| 28 base::FilePath GetEVWhitelistFilePath(const base::FilePath& base_path) { | |
| 29 return base_path.Append(kCompressedEVWhitelistFileName); | |
| 30 } | |
| 31 | |
| 32 void UpdateNewWhitelistData(const base::FilePath& new_whitelist_file, | |
| 33 const base::FilePath& stored_whitelist_path) { | |
| 34 VLOG(1) << "Reading new EV whitelist from file: " | |
| 35 << new_whitelist_file.value(); | |
| 36 std::string compressed_list; | |
| 37 if (!base::ReadFileToString(new_whitelist_file, &compressed_list)) { | |
| 38 VLOG(1) << "Failed reading from " << new_whitelist_file.value(); | |
| 39 return; | |
| 40 } | |
| 41 | |
| 42 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | |
| 43 new PackedEVCertsWhitelist(compressed_list)); | |
| 44 if (!new_whitelist->IsValid()) { | |
| 45 VLOG(1) << "Failed uncompressing EV certs whitelist."; | |
| 46 return; | |
| 47 } | |
| 48 | |
| 49 int list_size = base::checked_cast<int>(compressed_list.size()); | |
|
Sorin Jianu
2014/11/07 17:30:44
const?
Also, is the cast to int needed? What happ
Eran Messeri
2014/11/10 22:54:56
Done
| |
| 50 if (base::WriteFile(stored_whitelist_path, compressed_list.data(), | |
| 51 list_size) != list_size) { | |
| 52 LOG(WARNING) << "Failed to save new EV whitelist to file."; | |
| 53 } | |
| 54 | |
| 55 SetNewEVCertsWhitelist(new_whitelist); | |
| 56 } | |
| 57 | |
| 58 void DoInitialLoadFromDisk(const base::FilePath& stored_whitelist_path) { | |
| 59 if (stored_whitelist_path.empty()) { | |
| 60 return; | |
| 61 } | |
| 62 | |
| 63 VLOG(1) << "Initial load: reading EV whitelist from file: " | |
| 64 << stored_whitelist_path.value(); | |
| 65 std::string compressed_list; | |
| 66 if (!base::ReadFileToString(stored_whitelist_path, &compressed_list)) { | |
| 67 VLOG(1) << "Failed reading from " << stored_whitelist_path.value(); | |
| 68 return; | |
| 69 } | |
| 70 | |
| 71 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | |
| 72 new PackedEVCertsWhitelist(compressed_list)); | |
| 73 if (!new_whitelist->IsValid()) { | |
| 74 VLOG(1) << "Failed uncompressing EV certs whitelist."; | |
| 75 return; | |
| 76 } | |
| 77 | |
| 78 VLOG(1) << "EV whitelist: Sucessfully loaded initial data."; | |
| 79 SetNewEVCertsWhitelist(new_whitelist); | |
| 80 } | |
| 81 | |
| 26 } // namespace | 82 } // namespace |
| 27 | 83 |
| 28 namespace component_updater { | 84 namespace component_updater { |
| 29 | 85 |
| 30 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | 86 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. |
| 31 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp | 87 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp |
| 32 const uint8_t kPublicKeySHA256[32] = { | 88 const uint8_t kPublicKeySHA256[32] = { |
| 33 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, | 89 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, |
| 34 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, | 90 0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa, |
| 35 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; | 91 0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef}; |
| 36 | 92 |
| 37 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; | 93 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist"; |
| 38 | 94 |
| 39 EVWhitelistComponentInstallerTraits::EVWhitelistComponentInstallerTraits() { | 95 EVWhitelistComponentInstallerTraits::EVWhitelistComponentInstallerTraits( |
| 96 const base::FilePath& base_path) | |
| 97 : ev_whitelist_path_(GetEVWhitelistFilePath(base_path)) { | |
| 40 } | 98 } |
| 41 | 99 |
| 42 bool EVWhitelistComponentInstallerTraits::CanAutoUpdate() const { | 100 bool EVWhitelistComponentInstallerTraits::CanAutoUpdate() const { |
| 43 return true; | 101 return true; |
| 44 } | 102 } |
| 45 | 103 |
| 46 bool EVWhitelistComponentInstallerTraits::OnCustomInstall( | 104 bool EVWhitelistComponentInstallerTraits::OnCustomInstall( |
| 47 const base::DictionaryValue& manifest, | 105 const base::DictionaryValue& manifest, |
| 48 const base::FilePath& install_dir) { | 106 const base::FilePath& install_dir) { |
| 49 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; | 107 VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall."; |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 61 | 119 |
| 62 void EVWhitelistComponentInstallerTraits::ComponentReady( | 120 void EVWhitelistComponentInstallerTraits::ComponentReady( |
| 63 const base::Version& version, | 121 const base::Version& version, |
| 64 const base::FilePath& path, | 122 const base::FilePath& path, |
| 65 scoped_ptr<base::DictionaryValue> manifest) { | 123 scoped_ptr<base::DictionaryValue> manifest) { |
| 66 VLOG(1) << "Component ready, version " << version.GetString() << " in " | 124 VLOG(1) << "Component ready, version " << version.GetString() << " in " |
| 67 << path.value(); | 125 << path.value(); |
| 68 | 126 |
| 69 const base::FilePath whitelist_file = GetInstalledPath(path); | 127 const base::FilePath whitelist_file = GetInstalledPath(path); |
| 70 content::BrowserThread::PostBlockingPoolTask( | 128 content::BrowserThread::PostBlockingPoolTask( |
| 71 FROM_HERE, base::Bind(&SetEVWhitelistFromFile, whitelist_file)); | 129 FROM_HERE, |
| 130 base::Bind(&UpdateNewWhitelistData, whitelist_file, ev_whitelist_path_)); | |
| 72 } | 131 } |
| 73 | 132 |
| 74 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( | 133 bool EVWhitelistComponentInstallerTraits::VerifyInstallation( |
| 75 const base::DictionaryValue& manifest, | 134 const base::DictionaryValue& manifest, |
| 76 const base::FilePath& install_dir) const { | 135 const base::FilePath& install_dir) const { |
| 77 const base::FilePath expected_file = GetInstalledPath(install_dir); | 136 const base::FilePath expected_file = GetInstalledPath(install_dir); |
| 78 VLOG(1) << "Verifying install: " << expected_file.value(); | 137 VLOG(1) << "Verifying install: " << expected_file.value(); |
| 79 if (!base::PathExists(expected_file)) { | 138 if (!base::PathExists(expected_file)) { |
| 80 VLOG(1) << "File missing."; | 139 VLOG(1) << "File missing."; |
| 81 return false; | 140 return false; |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 101 void EVWhitelistComponentInstallerTraits::GetHash( | 160 void EVWhitelistComponentInstallerTraits::GetHash( |
| 102 std::vector<uint8_t>* hash) const { | 161 std::vector<uint8_t>* hash) const { |
| 103 hash->assign(kPublicKeySHA256, | 162 hash->assign(kPublicKeySHA256, |
| 104 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); | 163 kPublicKeySHA256 + arraysize(kPublicKeySHA256)); |
| 105 } | 164 } |
| 106 | 165 |
| 107 std::string EVWhitelistComponentInstallerTraits::GetName() const { | 166 std::string EVWhitelistComponentInstallerTraits::GetName() const { |
| 108 return kEVWhitelistManifestName; | 167 return kEVWhitelistManifestName; |
| 109 } | 168 } |
| 110 | 169 |
| 111 void RegisterEVWhitelistComponent(ComponentUpdateService* cus) { | 170 void RegisterEVWhitelistComponent(ComponentUpdateService* cus, |
| 171 const base::FilePath& path) { | |
| 112 VLOG(1) << "Registering EV whitelist component."; | 172 VLOG(1) << "Registering EV whitelist component."; |
| 113 | 173 |
| 114 scoped_ptr<ComponentInstallerTraits> traits( | 174 scoped_ptr<ComponentInstallerTraits> traits( |
| 115 new EVWhitelistComponentInstallerTraits()); | 175 new EVWhitelistComponentInstallerTraits(path)); |
| 116 // |cus| will take ownership of |installer| during installer->Register(cus). | 176 // |cus| will take ownership of |installer| during installer->Register(cus). |
| 117 DefaultComponentInstaller* installer = | 177 DefaultComponentInstaller* installer = |
| 118 new DefaultComponentInstaller(traits.Pass()); | 178 new DefaultComponentInstaller(traits.Pass()); |
| 119 installer->Register(cus); | 179 installer->Register(cus); |
| 180 | |
| 181 if (!content::BrowserThread::PostTask( | |
| 182 content::BrowserThread::FILE, FROM_HERE, | |
|
Sorin Jianu
2014/11/07 17:30:44
Can we use a thread from the blocking pool for thi
Eran Messeri
2014/11/10 22:54:56
Done.
| |
| 183 base::Bind(&DoInitialLoadFromDisk, GetEVWhitelistFilePath(path)))) { | |
| 184 NOTREACHED(); | |
| 185 } | |
| 120 } | 186 } |
| 121 | 187 |
| 122 } // namespace component_updater | 188 } // namespace component_updater |
| OLD | NEW |
