chrome/browser/component_updater/ev_whitelist_component_installer.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h"
   6
   7 #include <string>
   8 #include <vector>
   9
  10 #include "base/bind.h"
  11 #include "base/files/file_path.h"
  12 #include "base/files/file_util.h"
  13 #include "base/logging.h"
  14 #include "base/path_service.h"
  15 #include "base/version.h"
  16 #include "components/component_updater/component_updater_paths.h"
  17 #include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h"
  18 #include "content/public/browser/browser_thread.h"
  19
  20 using component_updater::ComponentUpdateService;
  21
  22 namespace {
  23 const base::FilePath::CharType kCompressedEVWhitelistFileName[] =
  24     FILE_PATH_LITERAL("ev_hashes_whitelist.bin");
  25
  26 // Prior implementations (< M46) of this installer would copy the whitelist
  27 // file from the installed component directory to the top of the user data
  28 // directory which is not necessary. Delete this unused file.
  29 // todo(cmumford): Delete this function >= M50.
  30 void DeleteWhitelistCopy(const base::FilePath& user_data_dir) {
  31   base::DeleteFile(user_data_dir.Append(kCompressedEVWhitelistFileName), false);
  32 }
  33
  34 void LoadWhitelistFromDisk(const base::FilePath& whitelist_path,
  35                            const base::Version& version) {
  36   if (whitelist_path.empty())
  37     return;
  38
  39   VLOG(1) << "Reading EV whitelist from file: " << whitelist_path.value();
  40   std::string compressed_list;
  41   if (!base::ReadFileToString(whitelist_path, &compressed_list)) {
  42     VLOG(1) << "Failed reading from " << whitelist_path.value();
  43     return;
  44   }
  45
  46   scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist(
  47       new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list,
  48                                                          version));
  49   compressed_list.clear();
  50   if (!new_whitelist->IsValid()) {
  51     VLOG(1) << "Failed uncompressing EV certs whitelist.";
  52     return;
  53   }
  54
  55   VLOG(0) << "EV whitelist: Sucessfully loaded.";
  56   packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist);
  57 }
  58
  59 }  // namespace
  60
  61 namespace component_updater {
  62
  63 // The SHA256 of the SubjectPublicKeyInfo used to sign the extension.
  64 // The extension id is: oafdbfcohdcjandcenmccfopbeklnicp
  65 const uint8_t kPublicKeySHA256[32] = {
  66     0xe0, 0x53, 0x15, 0x2e, 0x73, 0x29, 0x0d, 0x32, 0x4d, 0xc2, 0x25,
  67     0xef, 0x14, 0xab, 0xd8, 0x2f, 0x84, 0xf5, 0x85, 0x9e, 0xc0, 0xfa,
  68     0x94, 0xbc, 0x99, 0xc9, 0x5a, 0x27, 0x55, 0x19, 0x83, 0xef};
  69
  70 const char kEVWhitelistManifestName[] = "EV Certs CT whitelist";
  71
  72 bool EVWhitelistComponentInstallerTraits::CanAutoUpdate() const {
  73   return true;
  74 }
  75
  76 bool EVWhitelistComponentInstallerTraits::OnCustomInstall(
  77     const base::DictionaryValue& manifest,
  78     const base::FilePath& install_dir) {
  79   VLOG(1) << "Entering EVWhitelistComponentInstallerTraits::OnCustomInstall.";
  80
  81   return true;  // Nothing custom here.
  82 }
  83
  84 base::FilePath EVWhitelistComponentInstallerTraits::GetInstalledPath(
  85     const base::FilePath& base) {
  86   // EV whitelist is encoded the same way for all platforms
  87   return base.Append(FILE_PATH_LITERAL("_platform_specific"))
  88       .Append(FILE_PATH_LITERAL("all"))
  89       .Append(kCompressedEVWhitelistFileName);
  90 }
  91
  92 void EVWhitelistComponentInstallerTraits::ComponentReady(
  93     const base::Version& version,
  94     const base::FilePath& install_dir,
  95     scoped_ptr<base::DictionaryValue> manifest) {
  96   VLOG(0) << "Component ready, version " << version.GetString() << " in "
  97           << install_dir.value();
  98
  99   if (!content::BrowserThread::PostBlockingPoolTask(
 100           FROM_HERE, base::Bind(&LoadWhitelistFromDisk,
 101                                 GetInstalledPath(install_dir), version))) {
 102     NOTREACHED();
 103   }
 104 }
 105
 106 // Called during startup and installation before ComponentReady().
 107 bool EVWhitelistComponentInstallerTraits::VerifyInstallation(
 108     const base::DictionaryValue& manifest,
 109     const base::FilePath& install_dir) const {
 110   return base::PathExists(GetInstalledPath(install_dir));
 111 }
 112
 113 base::FilePath EVWhitelistComponentInstallerTraits::GetBaseDirectory() const {
 114   base::FilePath result;
 115   PathService::Get(DIR_COMPONENT_EV_WHITELIST, &result);
 116   return result;
 117 }
 118
 119 void EVWhitelistComponentInstallerTraits::GetHash(
 120     std::vector<uint8_t>* hash) const {
 121   hash->assign(kPublicKeySHA256,
 122                kPublicKeySHA256 + arraysize(kPublicKeySHA256));
 123 }
 124
 125 std::string EVWhitelistComponentInstallerTraits::GetName() const {
 126   return kEVWhitelistManifestName;
 127 }
 128
 129 void RegisterEVWhitelistComponent(ComponentUpdateService* cus,
 130                                   const base::FilePath& user_data_dir) {
 131   VLOG(1) << "Registering EV whitelist component.";
 132
 133   scoped_ptr<ComponentInstallerTraits> traits(
 134       new EVWhitelistComponentInstallerTraits());
 135   // |cus| will take ownership of |installer| during installer->Register(cus).
 136   DefaultComponentInstaller* installer =
 137       new DefaultComponentInstaller(traits.Pass());
 138   installer->Register(cus, base::Closure());
 139
 140   content::BrowserThread::PostAfterStartupTask(
 141       FROM_HERE, content::BrowserThread::GetBlockingPool(),
 142       base::Bind(&DeleteWhitelistCopy, user_data_dir));
 143 }
 144
 145 }  // namespace component_updater