Google Git
Sign in
chromium / chromium / src / b10aeebcea9a9a49e357138077acd4011815920c / . / chrome / browser / component_updater / sth_set_component_installer.cc
blob: 3a5bdb321845db407c64e85ad7fbb536cf31ab67 [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/component_updater/sth_set_component_installer.h"
#include <utility>
#include "base/bind.h"
#include "base/files/file_enumerator.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/json/json_reader.h"
#include "base/logging.h"
#include "base/memory/ref_counted.h"
#include "base/path_service.h"
#include "base/sequenced_task_runner.h"
#include "base/strings/string_number_conversions.h"
#include "base/task_scheduler/post_task.h"
#include "base/threading/scoped_blocking_call.h"
#include "base/threading/sequenced_task_runner_handle.h"
#include "base/values.h"
#include "base/version.h"
#include "chrome/browser/after_startup_task_utils.h"
#include "components/certificate_transparency/sth_observer.h"
#include "components/component_updater/component_updater_paths.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/network_service_instance.h"
#include "crypto/sha2.h"
#include "net/cert/ct_log_response_parser.h"
#include "net/cert/signed_tree_head.h"
#include "services/network/network_service.h"
#include "services/service_manager/public/cpp/service.h"
using component_updater::ComponentUpdateService;
namespace {
const base::FilePath::CharType kSTHsDirName[] = FILE_PATH_LITERAL("sths");
base::FilePath GetInstalledPath(const base::FilePath& base) {
return base.Append(FILE_PATH_LITERAL("_platform_specific"))
.Append(FILE_PATH_LITERAL("all"))
.Append(kSTHsDirName);
}
// Loads the STHs from |sths_path|, which contains a series of files that
// are the in the form "[log_id].sth", where [log_id] is the hex-encoded ID
// of the log, and the contents are JSON STH. Parsed STHs will be posted to
// |callback| on |origin_task_runner|.
void LoadSTHsFromDisk(
const base::FilePath& sths_path,
scoped_refptr<base::SequencedTaskRunner> origin_task_runner,
base::RepeatingCallback<void(const net::ct::SignedTreeHead&)> callback) {
base::FileEnumerator sth_file_enumerator(sths_path, false,
base::FileEnumerator::FILES,
FILE_PATH_LITERAL("*.sth"));
base::FilePath sth_file_path;
while (!(sth_file_path = sth_file_enumerator.Next()).empty()) {
DVLOG(1) << "Reading STH from file: " << sth_file_path.value();
const std::string log_id_hex =
sth_file_path.BaseName().RemoveExtension().MaybeAsASCII();
if (log_id_hex.empty()) {
DVLOG(1) << "Error extracting log_id from: "
<< sth_file_path.BaseName().LossyDisplayName();
continue;
}
std::vector<uint8_t> decoding_output;
if (!base::HexStringToBytes(log_id_hex, &decoding_output)) {
DVLOG(1) << "Failed to decode Log ID: " << log_id_hex;
continue;
}
const std::string log_id(
reinterpret_cast<const char*>(decoding_output.data()),
decoding_output.size());
std::string json_sth;
{
base::ScopedBlockingCall scoped_blocking_call(
base::BlockingType::MAY_BLOCK);
if (!base::ReadFileToString(sth_file_path, &json_sth)) {
DVLOG(1) << "Failed reading from " << sth_file_path.value();
continue;
}
}
DVLOG(1) << "STH: Successfully read: " << json_sth;
int error_code = 0;
std::string error_message;
std::unique_ptr<base::Value> parsed_json =
base::JSONReader::ReadAndReturnError(json_sth, base::JSON_PARSE_RFC,
&error_code, &error_message);
if (!parsed_json || error_code != base::JSONReader::JSON_NO_ERROR) {
DVLOG(1) << "STH loading failed: " << error_message << " for log: "
<< base::HexEncode(log_id.data(), log_id.length());
continue;
}
DVLOG(1) << "STH parsing success for log: "
<< base::HexEncode(log_id.data(), log_id.length());
net::ct::SignedTreeHead signed_tree_head;
if (!net::ct::FillSignedTreeHead(*parsed_json, &signed_tree_head)) {
LOG(ERROR) << "Failed to fill in signed tree head.";
continue;
}
// The log id is not a part of the response, fill in manually.
signed_tree_head.log_id = log_id;
origin_task_runner->PostTask(FROM_HERE,
base::BindOnce(callback, signed_tree_head));
}
}
} // namespace
namespace component_updater {
// The SHA256 of the SubjectPublicKeyInfo used to sign the extension.
// The extension id is: ojjgnpkioondelmggbekfhllhdaimnho
const uint8_t kSthSetPublicKeySHA256[32] = {
0xe9, 0x96, 0xdf, 0xa8, 0xee, 0xd3, 0x4b, 0xc6, 0x61, 0x4a, 0x57,
0xbb, 0x73, 0x08, 0xcd, 0x7e, 0x51, 0x9b, 0xcc, 0x69, 0x08, 0x41,
0xe1, 0x96, 0x9f, 0x7c, 0xb1, 0x73, 0xef, 0x16, 0x80, 0x0a};
const char kSTHSetFetcherManifestName[] = "Signed Tree Heads";
STHSetComponentInstallerPolicy::STHSetComponentInstallerPolicy()
: weak_ptr_factory_(this) {}
STHSetComponentInstallerPolicy::~STHSetComponentInstallerPolicy() = default;
void STHSetComponentInstallerPolicy::SetNetworkServiceForTesting(
network::mojom::NetworkService* network_service) {
DCHECK(network_service);
network_service_for_testing_ = network_service;
}
bool STHSetComponentInstallerPolicy::
SupportsGroupPolicyEnabledComponentUpdates() const {
return false;
}
void STHSetComponentInstallerPolicy::OnSTHLoaded(
const net::ct::SignedTreeHead& sth) {
// TODO(rsleevi): https://crbug.com/840444 - Ensure the network service
// is notified of the STHs if it crashes/restarts.
network::mojom::NetworkService* network_service =
network_service_for_testing_ ? network_service_for_testing_
: content::GetNetworkService();
network_service->UpdateSignedTreeHead(sth);
}
// Public data is delivered via this component, no need for encryption.
bool STHSetComponentInstallerPolicy::RequiresNetworkEncryption() const {
return false;
}
update_client::CrxInstaller::Result
STHSetComponentInstallerPolicy::OnCustomInstall(
const base::DictionaryValue& manifest,
const base::FilePath& install_dir) {
return update_client::CrxInstaller::Result(0); // Nothing custom here.
}
void STHSetComponentInstallerPolicy::OnCustomUninstall() {}
void STHSetComponentInstallerPolicy::ComponentReady(
const base::Version& version,
const base::FilePath& install_dir,
std::unique_ptr<base::DictionaryValue> manifest) {
// Load and parse the STH JSON on a background task runner, then
// dispatch back to the current task runner with all of the successfully
// parsed results.
auto background_runner = base::MakeRefCounted<AfterStartupTaskUtils::Runner>(
base::CreateTaskRunnerWithTraits(
{base::TaskPriority::BEST_EFFORT, base::MayBlock()}));
background_runner->PostTask(
FROM_HERE,
base::BindOnce(
&LoadSTHsFromDisk, GetInstalledPath(install_dir),
base::SequencedTaskRunnerHandle::Get(),
base::BindRepeating(&STHSetComponentInstallerPolicy::OnSTHLoaded,
weak_ptr_factory_.GetWeakPtr())));
}
// Called during startup and installation before ComponentReady().
bool STHSetComponentInstallerPolicy::VerifyInstallation(
const base::DictionaryValue& manifest,
const base::FilePath& install_dir) const {
return base::PathExists(GetInstalledPath(install_dir));
}
base::FilePath STHSetComponentInstallerPolicy::GetRelativeInstallDir() const {
return base::FilePath(FILE_PATH_LITERAL("CertificateTransparency"));
}
void STHSetComponentInstallerPolicy::GetHash(std::vector<uint8_t>* hash) const {
hash->assign(std::begin(kSthSetPublicKeySHA256),
std::end(kSthSetPublicKeySHA256));
}
std::string STHSetComponentInstallerPolicy::GetName() const {
return kSTHSetFetcherManifestName;
}
update_client::InstallerAttributes
STHSetComponentInstallerPolicy::GetInstallerAttributes() const {
return update_client::InstallerAttributes();
}
std::vector<std::string> STHSetComponentInstallerPolicy::GetMimeTypes() const {
return std::vector<std::string>();
}
void RegisterSTHSetComponent(ComponentUpdateService* cus,
const base::FilePath& user_data_dir) {
DVLOG(1) << "Registering STH Set fetcher component.";
auto installer = base::MakeRefCounted<ComponentInstaller>(
std::make_unique<STHSetComponentInstallerPolicy>());
installer->Register(cus, base::Closure());
}
} // namespace component_updater