Prevent developers from accidentally including their private keys in extensions.

This puts a warning on chrome://extensions in developer mode when an
unpacked extension includes a parsable .pem file, and fails an attempt
to pack such an extension.

This doesn't yet identify when an extension includes its own private
key because RSAPrivateKey currently requires loading from the
filesystem on Mac, and the utility process that first loads an
extension is prohibited from doing that.

BUG=130140

TEST=unit_tests --gtest_filter=Extension*;
Manually ran chrome and tried to load and pack an extension containing
a private key.


Review URL: https://chromiumcodereview.appspot.com/10451086

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140128 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index 40311440..665043d 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -213,6 +213,10 @@ class Extension : public base::RefCountedThreadSafe<Extension> {
     // anywhere in the filesystem, rather than being restricted to the
     // extension directory.
     FOLLOW_SYMLINKS_ANYWHERE = 1 << 5,
+
+    // |ERROR_ON_PRIVATE_KEY| means that private keys inside an
+    // extension should be errors rather than warnings.
+    ERROR_ON_PRIVATE_KEY = 1 << 6,
   };
 
   static scoped_refptr<Extension> Create(const FilePath& path,
@@ -592,6 +596,8 @@ class Extension : public base::RefCountedThreadSafe<Extension> {
   const ExtensionPermissionSet* required_permission_set() const {
     return required_permission_set_.get();
   }
+  // Appends |new_warnings| to install_warnings().
+  void AddInstallWarnings(const std::vector<std::string>& new_warnings);
   const std::vector<std::string>& install_warnings() const {
     return install_warnings_;
   }