| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" | 5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/numerics/safe_conversions.h" | 15 #include "base/numerics/safe_conversions.h" |
| 16 #include "base/path_service.h" | 16 #include "base/path_service.h" |
| 17 #include "chrome/browser/net/packed_ct_ev_whitelist.h" | |
| 18 #include "components/component_updater/component_updater_paths.h" | 17 #include "components/component_updater/component_updater_paths.h" |
| 18 #include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h" |
| 19 #include "content/public/browser/browser_thread.h" | 19 #include "content/public/browser/browser_thread.h" |
| 20 #include "net/ssl/ssl_config_service.h" | 20 #include "net/ssl/ssl_config_service.h" |
| 21 | 21 |
| 22 using component_updater::ComponentUpdateService; | 22 using component_updater::ComponentUpdateService; |
| 23 | 23 |
| 24 namespace { | 24 namespace { |
| 25 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = | 25 const base::FilePath::CharType kCompressedEVWhitelistFileName[] = |
| 26 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); | 26 FILE_PATH_LITERAL("ev_hashes_whitelist.bin"); |
| 27 | 27 |
| 28 base::FilePath GetEVWhitelistFilePath(const base::FilePath& base_path) { | 28 base::FilePath GetEVWhitelistFilePath(const base::FilePath& base_path) { |
| 29 return base_path.Append(kCompressedEVWhitelistFileName); | 29 return base_path.Append(kCompressedEVWhitelistFileName); |
| 30 } | 30 } |
| 31 | 31 |
| 32 void UpdateNewWhitelistData(const base::FilePath& new_whitelist_file, | 32 void UpdateNewWhitelistData(const base::FilePath& new_whitelist_file, |
| 33 const base::FilePath& stored_whitelist_path) { | 33 const base::FilePath& stored_whitelist_path) { |
| 34 VLOG(1) << "Reading new EV whitelist from file: " | 34 VLOG(1) << "Reading new EV whitelist from file: " |
| 35 << new_whitelist_file.value(); | 35 << new_whitelist_file.value(); |
| 36 std::string compressed_list; | 36 std::string compressed_list; |
| 37 if (!base::ReadFileToString(new_whitelist_file, &compressed_list)) { | 37 if (!base::ReadFileToString(new_whitelist_file, &compressed_list)) { |
| 38 VLOG(1) << "Failed reading from " << new_whitelist_file.value(); | 38 VLOG(1) << "Failed reading from " << new_whitelist_file.value(); |
| 39 return; | 39 return; |
| 40 } | 40 } |
| 41 | 41 |
| 42 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | 42 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( |
| 43 new PackedEVCertsWhitelist(compressed_list)); | 43 new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list)); |
| 44 if (!new_whitelist->IsValid()) { | 44 if (!new_whitelist->IsValid()) { |
| 45 VLOG(1) << "Failed uncompressing EV certs whitelist."; | 45 VLOG(1) << "Failed uncompressing EV certs whitelist."; |
| 46 return; | 46 return; |
| 47 } | 47 } |
| 48 | 48 |
| 49 if (base::IsValueInRangeForNumericType<int>(compressed_list.size())) { | 49 if (base::IsValueInRangeForNumericType<int>(compressed_list.size())) { |
| 50 const int list_size = base::checked_cast<int>(compressed_list.size()); | 50 const int list_size = base::checked_cast<int>(compressed_list.size()); |
| 51 if (base::WriteFile(stored_whitelist_path, compressed_list.data(), | 51 if (base::WriteFile(stored_whitelist_path, compressed_list.data(), |
| 52 list_size) != list_size) { | 52 list_size) != list_size) { |
| 53 LOG(WARNING) << "Failed to save new EV whitelist to file."; | 53 LOG(WARNING) << "Failed to save new EV whitelist to file."; |
| 54 } | 54 } |
| 55 } | 55 } |
| 56 | 56 |
| 57 SetEVCertsWhitelist(new_whitelist); | 57 packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist); |
| 58 } | 58 } |
| 59 | 59 |
| 60 void DoInitialLoadFromDisk(const base::FilePath& stored_whitelist_path) { | 60 void DoInitialLoadFromDisk(const base::FilePath& stored_whitelist_path) { |
| 61 if (stored_whitelist_path.empty()) { | 61 if (stored_whitelist_path.empty()) { |
| 62 return; | 62 return; |
| 63 } | 63 } |
| 64 | 64 |
| 65 VLOG(1) << "Initial load: reading EV whitelist from file: " | 65 VLOG(1) << "Initial load: reading EV whitelist from file: " |
| 66 << stored_whitelist_path.value(); | 66 << stored_whitelist_path.value(); |
| 67 std::string compressed_list; | 67 std::string compressed_list; |
| 68 if (!base::ReadFileToString(stored_whitelist_path, &compressed_list)) { | 68 if (!base::ReadFileToString(stored_whitelist_path, &compressed_list)) { |
| 69 VLOG(1) << "Failed reading from " << stored_whitelist_path.value(); | 69 VLOG(1) << "Failed reading from " << stored_whitelist_path.value(); |
| 70 return; | 70 return; |
| 71 } | 71 } |
| 72 | 72 |
| 73 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | 73 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( |
| 74 new PackedEVCertsWhitelist(compressed_list)); | 74 new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list)); |
| 75 if (!new_whitelist->IsValid()) { | 75 if (!new_whitelist->IsValid()) { |
| 76 VLOG(1) << "Failed uncompressing EV certs whitelist."; | 76 VLOG(1) << "Failed uncompressing EV certs whitelist."; |
| 77 return; | 77 return; |
| 78 } | 78 } |
| 79 | 79 |
| 80 VLOG(1) << "EV whitelist: Sucessfully loaded initial data."; | 80 VLOG(1) << "EV whitelist: Sucessfully loaded initial data."; |
| 81 SetEVCertsWhitelist(new_whitelist); | 81 packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist); |
| 82 } | 82 } |
| 83 | 83 |
| 84 } // namespace | 84 } // namespace |
| 85 | 85 |
| 86 namespace component_updater { | 86 namespace component_updater { |
| 87 | 87 |
| 88 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. | 88 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. |
| 89 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp | 89 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp |
| 90 const uint8_t kPublicKeySHA256[32] = { | 90 const uint8_t kPublicKeySHA256[32] = { |
| 91 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, | 91 0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25, |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 181 installer->Register(cus); | 181 installer->Register(cus); |
| 182 | 182 |
| 183 if (!content::BrowserThread::PostBlockingPoolTask( | 183 if (!content::BrowserThread::PostBlockingPoolTask( |
| 184 FROM_HERE, | 184 FROM_HERE, |
| 185 base::Bind(&DoInitialLoadFromDisk, GetEVWhitelistFilePath(path)))) { | 185 base::Bind(&DoInitialLoadFromDisk, GetEVWhitelistFilePath(path)))) { |
| 186 NOTREACHED(); | 186 NOTREACHED(); |
| 187 } | 187 } |
| 188 } | 188 } |
| 189 | 189 |
| 190 } // namespace component_updater | 190 } // namespace component_updater |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 811353002:
Move CT EV white list packaging API from chrome/ to components/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master