File: verified_contents.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (119 lines) | stat: -rw-r--r-- 4,698 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_
#define EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_

#include <stdint.h>

#include <map>
#include <memory>
#include <string>
#include <string_view>
#include <vector>

#include "base/containers/span.h"
#include "base/files/file_path.h"
#include "base/memory/raw_span.h"
#include "base/version.h"
#include "extensions/browser/content_verifier/content_verifier_utils.h"
#include "extensions/common/extension_id.h"

namespace extensions {

using CanonicalRelativePath = content_verifier_utils::CanonicalRelativePath;

// This class encapsulates the data in a "verified_contents.json" file
// generated by the webstore for a .crx file. That data includes a set of
// signed expected hashes of file content which can be used to check for
// corruption of extension files on local disk.
class VerifiedContents {
 public:
  VerifiedContents(const VerifiedContents&) = delete;
  VerifiedContents& operator=(const VerifiedContents&) = delete;

  ~VerifiedContents();

  // Returns verified contents after successfully parsing verified_contents.json
  // file at `path` and validating the enclosed signature. Returns nullptr on
  // failure.
  // Note: `public_key` must remain valid for the lifetime of the returned
  // object.
  static std::unique_ptr<VerifiedContents> CreateFromFile(
      base::span<const uint8_t> public_key,
      const base::FilePath& path);

  // Returns verified contents after successfully parsing `contents` and
  // validating the enclosed signature. Returns nullptr on failure. Note:
  // `public_key` must remain valid for the lifetime of the returned object.
  static std::unique_ptr<VerifiedContents> Create(
      base::span<const uint8_t> public_key,
      std::string_view contents);

  int block_size() const { return block_size_; }
  const ExtensionId& extension_id() const { return extension_id_; }
  const base::Version& version() const { return version_; }

  bool HasTreeHashRoot(const base::FilePath& relative_path) const;

  bool TreeHashRootEquals(const base::FilePath& relative_path,
                          const std::string& expected) const;

  bool TreeHashRootEqualsForCanonicalPath(
      const CanonicalRelativePath& canonical_relative_path,
      const std::string& expected) const;

  // If InitFrom has not been called yet, or was used in "ignore invalid
  // signature" mode, this can return false.
  bool valid_signature() { return valid_signature_; }

 private:
  // Note: the public_key must remain valid for the lifetime of this object.
  explicit VerifiedContents(base::span<const uint8_t> public_key);

  // Returns the base64url-decoded "payload" field from the `contents`, if
  // the signature was valid.
  bool GetPayload(std::string_view contents, std::string* payload);

  // The `protected_value` and `payload` arguments should be base64url encoded
  // strings, and `signature_bytes` should be a byte array. See comments in the
  // .cc file on GetPayload for where these come from in the overall input
  // file.
  bool VerifySignature(const std::string& protected_value,
                       const std::string& payload,
                       const std::string& signature_bytes);

  // The public key we should use for signature verification.
  base::raw_span<const uint8_t, DanglingUntriaged> public_key_;

  // Indicates whether the signature was successfully validated or not.
  bool valid_signature_;

  // The block size used for computing the treehash root hashes.
  int block_size_;

  // Information about which extension these signed hashes are for.
  ExtensionId extension_id_;
  base::Version version_;

  // The expected treehash root hashes for each file.
  // For case-sensitive systems (linux/chromeos) the key is exact cased, but for
  // case-insensitive systems (win/macos) the key is lower cased to support
  // case-insensitive lookups.
  //
  // We use a multi-map here so that we can do fast lookups of paths from
  // requests on case-insensitive systems (windows, mac) where the request path
  // might not have the exact right capitalization. Note that this doesn't
  // affect case-sensitive systems (linux, chromeos) as we use the exact cased
  // keys.
  // TODO(crbug.com/40334716) - we should give developers client-side warnings
  // in each of those cases, and have the webstore reject the cases they can
  // statically detect.
  typedef std::multimap<CanonicalRelativePath, std::string> RootHashes;
  RootHashes root_hashes_;
};

}  // namespace extensions

#endif  // EXTENSIONS_BROWSER_VERIFIED_CONTENTS_H_