// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40285824): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "chrome/browser/component_updater/pki_metadata_component_installer.h" #include <memory> #include <string> #include <utility> #include "base/barrier_closure.h" #include "base/base64.h" #include "base/check.h" #include "base/containers/flat_map.h" #include "base/containers/span.h" #include "base/feature_list.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/logging.h" #include "base/memory/ref_counted.h" #include "base/no_destructor.h" #include "base/ranges/algorithm.h" #include "base/sequence_checker.h" #include "base/task/thread_pool.h" #include "base/threading/scoped_blocking_call.h" #include "base/time/time.h" #include "base/values.h" #include "chrome/browser/browser_features.h" #include "chrome/browser/net/key_pinning.pb.h" #include "content/public/browser/network_service_instance.h" #include "net/net_buildflags.h" #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom.h" #include "services/network/public/cpp/network_service_buildflags.h" #include "services/network/public/mojom/key_pinning.mojom.h" #include "services/network/public/mojom/network_service.mojom.h" #if BUILDFLAG(IS_CT_SUPPORTED) #include "components/certificate_transparency/certificate_transparency.pb.h" #include "components/certificate_transparency/certificate_transparency_config.pb.h" #include "services/network/public/mojom/ct_log_info.mojom.h" #endif #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) #include "mojo/public/cpp/base/big_buffer.h" #include "mojo/public/cpp/base/proto_wrapper.h" #include "mojo/public/cpp/base/proto_wrapper_passkeys.h" #endif ComponentUpdateService; namespace { // This is the last version of CT log lists that this version of Chrome will // accept. If a list is delivered with a compatibility version higher than this, // it will be ignored (though the emergency disable flag will still be followed // if it is set). This should never be decreased since that will cause CT // enforcement to eventually stop. This should also only be increased if Chrome // is compatible with the version it is being incremented to. const uint64_t kMaxSupportedCTCompatibilityVersion = …; // This is the last version of key pins lists that this version of Chrome will // accept. If a list is delivered with a compatibility version higher than this, // it will be ignored. This should never be decreased since that will cause key // pinning enforcement to eventually stop. This should also only be increased if // Chrome is compatible with the version it is being incremented to. const uint64_t kMaxSupportedKPCompatibilityVersion = …; // The SHA256 of the SubjectPublicKeyInfo used to sign the extension. // The extension id is: efniojlnjndmcbiieegkicadnoecjjef const uint8_t kPKIMetadataPublicKeySHA256[32] = …; const base::FilePath::CharType kCTConfigProtoFileName[] = …); const base::FilePath::CharType kKPConfigProtoFileName[] = …); #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) const base::FilePath::CharType kCRSProtoFileName[] = …); constexpr char kChromeRootStoreProto[] = …; #endif std::string LoadBinaryProtoFromDisk(const base::FilePath& pb_path) { … } } // namespace namespace component_updater { // PKIMetadataComponentInstallerService: // static PKIMetadataComponentInstallerService* PKIMetadataComponentInstallerService::GetInstance() { … } PKIMetadataComponentInstallerService::PKIMetadataComponentInstallerService() = default; void PKIMetadataComponentInstallerService::ConfigureChromeRootStore() { … } #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) void PKIMetadataComponentInstallerService::UpdateChromeRootStoreOnUI( std::optional<mojo_base::ProtoWrapper> chrome_root_store) { … } void PKIMetadataComponentInstallerService::NotifyChromeRootStoreConfigured() { … } bool PKIMetadataComponentInstallerService::WriteCRSDataForTesting( const base::FilePath& path, const std::string& contents) { … } #endif void PKIMetadataComponentInstallerService::ReconfigureAfterNetworkRestart() { … } void PKIMetadataComponentInstallerService::OnComponentReady( base::FilePath install_dir) { … } bool PKIMetadataComponentInstallerService::WriteCTDataForTesting( const base::FilePath& path, const std::string& contents) { … } void PKIMetadataComponentInstallerService::AddObserver(Observer* observer) { … } void PKIMetadataComponentInstallerService::RemoveObserver(Observer* observer) { … } void PKIMetadataComponentInstallerService::UpdateNetworkServiceCTListOnUI( const std::string& ct_config_bytes) { … } void PKIMetadataComponentInstallerService::UpdateNetworkServiceKPListOnUI( const std::string& kp_config_bytes) { … } void PKIMetadataComponentInstallerService::NotifyCTLogListConfigured() { … } // PKIMetadataComponentInstallerPolicy: PKIMetadataComponentInstallerPolicy::PKIMetadataComponentInstallerPolicy() = default; PKIMetadataComponentInstallerPolicy::~PKIMetadataComponentInstallerPolicy() = default; // static std::vector<std::vector<uint8_t>> PKIMetadataComponentInstallerPolicy::BytesArrayFromProtoBytes( google::protobuf::RepeatedPtrField<std::string> proto_bytes) { … } bool PKIMetadataComponentInstallerPolicy:: SupportsGroupPolicyEnabledComponentUpdates() const { … } bool PKIMetadataComponentInstallerPolicy::RequiresNetworkEncryption() const { … } update_client::CrxInstaller::Result PKIMetadataComponentInstallerPolicy::OnCustomInstall( const base::Value::Dict& /* manifest */, const base::FilePath& /* install_dir */) { … } void PKIMetadataComponentInstallerPolicy::OnCustomUninstall() { … } void PKIMetadataComponentInstallerPolicy::ComponentReady( const base::Version& version, const base::FilePath& install_dir, base::Value::Dict /* manifest */) { … } // Called during startup and installation before ComponentReady(). bool PKIMetadataComponentInstallerPolicy::VerifyInstallation( const base::Value::Dict& /* manifest */, const base::FilePath& install_dir) const { … } base::FilePath PKIMetadataComponentInstallerPolicy::GetRelativeInstallDir() const { … } void PKIMetadataComponentInstallerPolicy::GetHash( std::vector<uint8_t>* hash) const { … } std::string PKIMetadataComponentInstallerPolicy::GetName() const { … } update_client::InstallerAttributes PKIMetadataComponentInstallerPolicy::GetInstallerAttributes() const { … } void MaybeRegisterPKIMetadataComponent(ComponentUpdateService* cus) { … } } // namespace component_updater
Codebase Browser
chromium