diff options
| author | tc@google.com <tc@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-11 20:46:20 +0000 |
|---|---|---|
| committer | tc@google.com <tc@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-11 20:46:20 +0000 |
| commit | 77384a34070c268779dcf9d6aff3d1e80c6a4d25 (patch) | |
| tree | 3e27e87c7eda146a32a98bd371a5932d2bc7351a /chrome | |
| parent | 733251c42033fed1828bfdb38a84e66162b82c33 (diff) | |
| download | chromium_src-77384a34070c268779dcf9d6aff3d1e80c6a4d25.zip chromium_src-77384a34070c268779dcf9d6aff3d1e80c6a4d25.tar.gz chromium_src-77384a34070c268779dcf9d6aff3d1e80c6a4d25.tar.bz2 | |
Revert "BUG=12114"
This reverts commit r18189.
TBR=rafaelw
Review URL: http://codereview.chromium.org/125004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18193 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
34 files changed, 303 insertions, 473 deletions
diff --git a/chrome/browser/extensions/extension_creator.cc b/chrome/browser/extensions/extension_creator.cc index 9abd030..8c38e17 100755 --- a/chrome/browser/extensions/extension_creator.cc +++ b/chrome/browser/extensions/extension_creator.cc @@ -12,7 +12,6 @@ #include "base/file_util.h" #include "base/scoped_handle.h" #include "base/string_util.h" -#include "chrome/browser/extensions/extensions_service.h" #include "chrome/common/extensions/extension.h" #include "chrome/common/zip.h" #include "net/base/base64.h" @@ -21,6 +20,8 @@ namespace { const int kRSAKeySize = 1024; }; +const char ExtensionCreator::kExtensionHeaderMagic[] = "Cr24"; + bool ExtensionCreator::InitializeInput( const FilePath& extension_dir, const FilePath& private_key_path, @@ -166,14 +167,14 @@ bool ExtensionCreator::WriteCRX(const FilePath& zip_path, return false; } - ExtensionsService::ExtensionHeader header; - memcpy(&header.magic, ExtensionsService::kExtensionHeaderMagic, - ExtensionsService::kExtensionHeaderMagicSize); - header.version = ExtensionsService::kCurrentVersion; + ExtensionCreator::ExtensionHeader header; + memcpy(&header.magic, ExtensionCreator::kExtensionHeaderMagic, + ExtensionCreator::kExtensionHeaderMagicSize); + header.version = kCurrentVersion; header.key_size = public_key.size(); header.signature_size = signature.size(); - fwrite(&header, sizeof(ExtensionsService::ExtensionHeader), 1, + fwrite(&header, sizeof(ExtensionCreator::ExtensionHeader), 1, crx_handle.get()); fwrite(&public_key.front(), sizeof(uint8), public_key.size(), crx_handle.get()); diff --git a/chrome/browser/extensions/extension_creator.h b/chrome/browser/extensions/extension_creator.h index 129e152..febcecd 100755 --- a/chrome/browser/extensions/extension_creator.h +++ b/chrome/browser/extensions/extension_creator.h @@ -17,6 +17,28 @@ // generated randomly (and optionally written to |output_private_key_path|. class ExtensionCreator { public: + // The size of the magic character sequence at the beginning of each crx file, + // in bytes. This should be a multiple of 4. + static const size_t kExtensionHeaderMagicSize = 4; + + // The magic character sequence at the beginning of each crx file. + static const char kExtensionHeaderMagic[]; + + // The current version of the crx format. + static const uint32 kCurrentVersion = 2; + + // This header is the first data at the beginning of an extension. Its + // contents are purposely 32-bit aligned so that it can just be slurped into + // a struct without manual parsing. + struct ExtensionHeader { + char magic[kExtensionHeaderMagicSize]; + uint32 version; + size_t key_size; // The size of the public key, in bytes. + size_t signature_size; // The size of the signature, in bytes. + // An ASN.1-encoded PublicKeyInfo structure follows. + // The signature follows. + }; + ExtensionCreator() {} bool Run(const FilePath& extension_dir, diff --git a/chrome/browser/extensions/extension_shelf_model_unittest.cc b/chrome/browser/extensions/extension_shelf_model_unittest.cc index 82ce02e..230e2cc 100644 --- a/chrome/browser/extensions/extension_shelf_model_unittest.cc +++ b/chrome/browser/extensions/extension_shelf_model_unittest.cc @@ -15,7 +15,7 @@ namespace { // The extension we're using as our test case. -const char* kExtensionId = "fc6f6ba6693faf6773c13701019f2e7a12f0febe"; +const char* kExtensionId = "00123456789abcdef0123456789abcdef0123456"; }; // namespace diff --git a/chrome/browser/extensions/extension_uitest.cc b/chrome/browser/extensions/extension_uitest.cc index 12cac46..38a5bb6 100644 --- a/chrome/browser/extensions/extension_uitest.cc +++ b/chrome/browser/extensions/extension_uitest.cc @@ -103,7 +103,7 @@ TEST_F(SimpleApiCallExtensionTest, RunTest) { namespace keys = extension_automation_constants; TestWithURL(GURL( - "chrome-extension://fc6f6ba6693faf6773c13701019f2e7a12f0febe/test.html")); + "chrome-extension://77774444789ABCDEF0123456789ABCDEF0123456/test.html")); AutomationProxyForExternalTab* proxy = static_cast<AutomationProxyForExternalTab*>(automation()); ASSERT_GT(proxy->messages_received(), 0); @@ -270,7 +270,7 @@ class RoundtripApiCallExtensionTest #if defined(OS_WIN) TEST_F(RoundtripApiCallExtensionTest, RunTest) { TestWithURL(GURL( - "chrome-extension://e5ead92b2c6795c1d2b92df9c5cb37de5582471a/test.html")); + "chrome-extension://66664444789ABCDEF0123456789ABCDEF0123456/test.html")); RoundtripAutomationProxy* proxy = static_cast<RoundtripAutomationProxy*>(automation()); diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc index b6346b0..94c1dd5 100644 --- a/chrome/browser/extensions/extensions_service.cc +++ b/chrome/browser/extensions/extensions_service.cc @@ -6,7 +6,6 @@ #include "app/l10n_util.h" #include "base/command_line.h" -#include "base/crypto/signature_verifier.h" #include "base/file_util.h" #include "base/gfx/png_encoder.h" #include "base/scoped_handle.h" @@ -21,7 +20,6 @@ #include "chrome/browser/browser_list.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/chrome_thread.h" -#include "chrome/browser/extensions/extension_creator.h" #include "chrome/browser/extensions/extension_browser_event_router.h" #include "chrome/browser/extensions/extension_process_manager.h" #include "chrome/browser/profile.h" @@ -38,7 +36,6 @@ #include "chrome/common/url_constants.h" #include "grit/chromium_strings.h" #include "grit/generated_resources.h" -#include "net/base/base64.h" #include "third_party/skia/include/core/SkBitmap.h" #if defined(OS_WIN) @@ -49,8 +46,6 @@ // ExtensionsService. -const char ExtensionsService::kExtensionHeaderMagic[] = "Cr24"; - const char* ExtensionsService::kInstallDirectoryName = "Extensions"; const char* ExtensionsService::kCurrentVersionFileName = "Current Version"; const char* ExtensionsServiceBackend::kTempExtensionName = "TEMP_INSTALL"; @@ -87,17 +82,8 @@ const char kExternalInstallFile[] = "EXTERNAL_INSTALL"; // A temporary subdirectory where we unpack extensions. const char* kUnpackExtensionDir = "TEMP_UNPACK"; -// Unpacking errors -const char* kBadMagicNumberError = "Bad magic number"; -const char* kBadHeaderSizeError = "Excessively large key or signature"; -const char* kBadVersionNumberError = "Bad version number"; -const char* kInvalidExtensionHeaderError = "Invalid extension header"; -const char* kInvalidPublicKeyError = "Invalid public key"; -const char* kInvalidSignatureError = "Invalid signature"; -const char* kSignatureVerificationFailed = "Signature verification failed"; -const char* kSignatureVerificationInitFailed = - "Signature verification initialization failed. This is most likely " - "caused by a public key in the wrong format (should encode algorithm)."; +// The version of the extension package that this code understands. +const uint32 kExpectedVersion = 1; } // This class coordinates an extension unpack task which is run in a separate @@ -108,12 +94,11 @@ class ExtensionsServiceBackend::UnpackerClient public: UnpackerClient(ExtensionsServiceBackend* backend, const FilePath& extension_path, - const std::string& public_key, const std::string& expected_id, bool from_external) : backend_(backend), extension_path_(extension_path), - public_key_(public_key), expected_id_(expected_id), - from_external_(from_external), got_response_(false) { + expected_id_(expected_id), from_external_(from_external), + got_response_(false) { } // Starts the unpack task. We call back to the backend when the task is done, @@ -178,14 +163,6 @@ class ExtensionsServiceBackend::UnpackerClient void OnUnpackExtensionSucceededImpl( const DictionaryValue& manifest, const ExtensionUnpacker::DecodedImages& images) { - // Add our public key into the parsed manifest. We want it to be saved so - // that we can later refer to it (eg for generating ids, validating - // signatures, etc). - // The const_cast is hacky, but seems like the right thing here, rather than - // making a full copy just to make this change. - const_cast<DictionaryValue*>(&manifest)->SetString( - Extension::kPublicKeyKey, public_key_); - // The extension was unpacked to the temp dir inside our unpacking dir. FilePath extension_dir = temp_extension_path_.DirName().AppendASCII( ExtensionsServiceBackend::kTempExtensionName); @@ -222,9 +199,6 @@ class ExtensionsServiceBackend::UnpackerClient // The path to the crx file that we're installing. FilePath extension_path_; - // The public key of the extension we're installing. - std::string public_key_; - // The path to the copy of the crx file in the temporary directory where we're // unpacking it. FilePath temp_extension_path_; @@ -397,7 +371,7 @@ void ExtensionsService::OnExtensionsLoaded(ExtensionList* new_extensions) { } void ExtensionsService::OnExtensionInstalled(Extension* extension, - Extension::InstallType install_type) { + bool update) { UpdateExtensionPref(ASCIIToWide(extension->id()), kState, Value::CreateIntegerValue(Extension::ENABLED), false); UpdateExtensionPref(ASCIIToWide(extension->id()), kLocation, @@ -427,7 +401,7 @@ void ExtensionsService::OnExternalExtensionInstalled( Value::CreateIntegerValue(location), true); } -void ExtensionsService::OnExtensionOverinstallAttempted(const std::string& id) { +void ExtensionsService::OnExtensionVersionReinstalled(const std::string& id) { Extension* extension = GetExtensionByID(id); if (extension && extension->IsTheme()) { NotificationService::current()->Notify( @@ -648,21 +622,6 @@ void ExtensionsServiceBackend::LoadSingleExtension( } } -DictionaryValue* ExtensionsServiceBackend::ReadManifest(FilePath manifest_path, - std::string* error) { - JSONFileValueSerializer serializer(manifest_path); - scoped_ptr<Value> root(serializer.Deserialize(error)); - if (!root.get()) - return NULL; - - if (!root->IsType(Value::TYPE_DICTIONARY)) { - *error = Extension::kInvalidManifestError; - return NULL; - } - - return static_cast<DictionaryValue*>(root.release()); -} - Extension* ExtensionsServiceBackend::LoadExtension( const FilePath& extension_path, bool require_id) { FilePath manifest_path = @@ -672,15 +631,22 @@ Extension* ExtensionsServiceBackend::LoadExtension( return NULL; } + JSONFileValueSerializer serializer(manifest_path); std::string error; - scoped_ptr<DictionaryValue> root(ReadManifest(manifest_path, &error)); + scoped_ptr<Value> root(serializer.Deserialize(&error)); if (!root.get()) { ReportExtensionLoadError(extension_path, error); return NULL; } + if (!root->IsType(Value::TYPE_DICTIONARY)) { + ReportExtensionLoadError(extension_path, Extension::kInvalidManifestError); + return NULL; + } + scoped_ptr<Extension> extension(new Extension(extension_path)); - if (!extension->InitFromValue(*root.get(), require_id, &error)) { + if (!extension->InitFromValue(*static_cast<DictionaryValue*>(root.get()), + require_id, &error)) { ReportExtensionLoadError(extension_path, error); return NULL; } @@ -795,36 +761,28 @@ bool ExtensionsServiceBackend::ReadCurrentVersion(const FilePath& dir, return false; } -Extension::InstallType ExtensionsServiceBackend::CompareToInstalledVersion( - const std::string& id, +bool ExtensionsServiceBackend::CheckCurrentVersion( const std::string& new_version_str, - std::string *current_version_str) { - CHECK(current_version_str); - FilePath dir(install_directory_.AppendASCII(id.c_str())); - if (!ReadCurrentVersion(dir, current_version_str)) - return Extension::NEW_INSTALL; - + const std::string& current_version_str, + const FilePath& dest_dir) { scoped_ptr<Version> current_version( - Version::GetVersionFromString(*current_version_str)); + Version::GetVersionFromString(current_version_str)); scoped_ptr<Version> new_version( - Version::GetVersionFromString(new_version_str)); - int comp = new_version->CompareTo(*current_version); - if (comp > 0) - return Extension::UPGRADE; - else if (comp == 0) - return Extension::REINSTALL; - else - return Extension::DOWNGRADE; -} - -bool ExtensionsServiceBackend::NeedsReinstall(const std::string& id, - const std::string& current_version) { - // Verify that the directory actually exists. - // TODO(erikkay): A further step would be to verify that the extension - // has actually loaded successfully. - FilePath dir(install_directory_.AppendASCII(id.c_str())); - FilePath version_dir(dir.AppendASCII(current_version)); - return !file_util::PathExists(version_dir); + Version::GetVersionFromString(new_version_str)); + if (current_version->CompareTo(*new_version) >= 0) { + // Verify that the directory actually exists. If it doesn't we'll return + // true so that the install code will repair the broken installation. + // TODO(erikkay): A further step would be to verify that the extension + // has actually loaded successfully. + FilePath version_dir = dest_dir.AppendASCII(current_version_str); + if (file_util::PathExists(version_dir)) { + std::string id = WideToASCII(dest_dir.BaseName().ToWStringHack()); + StringToLowerASCII(&id); + ReportExtensionVersionReinstalled(id); + return false; + } + } + return true; } bool ExtensionsServiceBackend::InstallDirSafely(const FilePath& source_dir, @@ -911,107 +869,13 @@ void ExtensionsServiceBackend::InstallExtension( } void ExtensionsServiceBackend::InstallOrUpdateExtension( - const FilePath& extension_path, - const std::string& expected_id, + const FilePath& extension_path, const std::string& expected_id, bool from_external) { - std::string actual_public_key; - if (!ValidateSignature(extension_path, &actual_public_key)) - return; // Failures reported within ValidateSignature(). - - UnpackerClient* client = new UnpackerClient( - this, extension_path, actual_public_key, expected_id, from_external); + UnpackerClient* client = + new UnpackerClient(this, extension_path, expected_id, from_external); client->Start(); } -bool ExtensionsServiceBackend::ValidateSignature(const FilePath& extension_path, - std::string* key_out) { - ScopedStdioHandle file(file_util::OpenFile(extension_path, "rb")); - if (!file.get()) { - ReportExtensionInstallError(extension_path, "Could not open file."); - return NULL; - } - - // Read and verify the header. - ExtensionsService::ExtensionHeader header; - size_t len; - - // TODO(erikkay): Yuck. I'm not a big fan of this kind of code, but it - // appears that we don't have any endian/alignment aware serialization - // code in the code base. So for now, this assumes that we're running - // on a little endian machine with 4 byte alignment. - len = fread(&header, 1, sizeof(ExtensionsService::ExtensionHeader), - file.get()); - if (len < sizeof(ExtensionsService::ExtensionHeader)) { - ReportExtensionInstallError(extension_path, kInvalidExtensionHeaderError); - return false; - } - if (strncmp(ExtensionsService::kExtensionHeaderMagic, header.magic, - sizeof(header.magic))) { - ReportExtensionInstallError(extension_path, kBadMagicNumberError); - return false; - } - if (header.version != ExtensionsService::kCurrentVersion) { - ReportExtensionInstallError(extension_path, kBadVersionNumberError); - return false; - } - if (header.key_size > ExtensionsService::kMaxPublicKeySize || - header.signature_size > ExtensionsService::kMaxSignatureSize) { - ReportExtensionInstallError(extension_path, kBadHeaderSizeError); - return false; - } - - std::vector<uint8> key; - key.resize(header.key_size); - len = fread(&key.front(), sizeof(uint8), header.key_size, file.get()); - if (len < header.key_size) { - ReportExtensionInstallError(extension_path, kInvalidPublicKeyError); - return false; - } - - std::vector<uint8> signature; - signature.resize(header.signature_size); - len = fread(&signature.front(), sizeof(uint8), header.signature_size, - file.get()); - if (len < header.signature_size) { - ReportExtensionInstallError(extension_path, kInvalidSignatureError); - return false; - } - - // Note: this structure is an ASN.1 which encodes the algorithm used - // with its parameters. This is defined in PKCS #1 v2.1 (RFC 3447). - // It is encoding: { OID sha1WithRSAEncryption PARAMETERS NULL } - // TODO(aa): This needs to be factored away someplace common. - const uint8 signature_algorithm[15] = { - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00 - }; - - base::SignatureVerifier verifier; - if (!verifier.VerifyInit(signature_algorithm, - sizeof(signature_algorithm), - &signature.front(), - signature.size(), - &key.front(), - key.size())) { - ReportExtensionInstallError(extension_path, - kSignatureVerificationInitFailed); - return false; - } - - unsigned char buf[1 << 12]; - while ((len = fread(buf, 1, sizeof(buf), file.get())) > 0) - verifier.VerifyUpdate(buf, len); - - if (!verifier.VerifyFinal()) { - ReportExtensionInstallError(extension_path, kSignatureVerificationFailed); - return false; - } - - net::Base64Encode(std::string(reinterpret_cast<char*>(&key.front()), - key.size()), key_out); - return true; -} - void ExtensionsServiceBackend::OnExtensionUnpacked( const FilePath& extension_path, const FilePath& temp_extension_dir, @@ -1074,25 +938,11 @@ void ExtensionsServiceBackend::OnExtensionUnpacked( FilePath dest_dir = install_directory_.AppendASCII(extension.id()); std::string version = extension.VersionString(); std::string current_version; - Extension::InstallType install_type = - CompareToInstalledVersion(extension.id(), version, ¤t_version); - - // Do not allow downgrade. - if (install_type == Extension::DOWNGRADE) { - ReportExtensionInstallError(extension_path, - "Error: Attempt to downgrade extension from more recent version."); - return; - } - - if (install_type == Extension::REINSTALL) { - if (NeedsReinstall(extension.id(), current_version)) { - // Treat corrupted existing installation as new install case. - install_type = Extension::NEW_INSTALL; - } else { - // The client may use this as a signal (to switch themes, for instance). - ReportExtensionOverinstallAttempted(extension.id()); + bool was_update = false; + if (ReadCurrentVersion(dest_dir, ¤t_version)) { + if (!CheckCurrentVersion(version, current_version, dest_dir)) return; - } + was_update = true; } // Write our parsed manifest back to disk, to ensure it doesn't contain an @@ -1191,7 +1041,7 @@ void ExtensionsServiceBackend::OnExtensionUnpacked( frontend_loop_->PostTask(FROM_HERE, NewRunnableMethod( frontend_, &ExtensionsService::OnExtensionInstalled, extension, - install_type)); + was_update)); // Only one extension, but ReportExtensionsLoaded can handle multiple, // so we need to construct a list. @@ -1221,10 +1071,10 @@ void ExtensionsServiceBackend::ReportExtensionInstallError( ExtensionErrorReporter::GetInstance()->ReportError(message, alert_on_error_); } -void ExtensionsServiceBackend::ReportExtensionOverinstallAttempted( +void ExtensionsServiceBackend::ReportExtensionVersionReinstalled( const std::string& id) { frontend_loop_->PostTask(FROM_HERE, NewRunnableMethod( - frontend_, &ExtensionsService::OnExtensionOverinstallAttempted, id)); + frontend_, &ExtensionsService::OnExtensionVersionReinstalled, id)); } bool ExtensionsServiceBackend::ShouldSkipInstallingExtension( @@ -1410,14 +1260,10 @@ void ExtensionsServiceBackend::UninstallExtension( bool ExtensionsServiceBackend::ShouldInstall(const std::string& id, const std::string& version) { + FilePath dir(install_directory_.AppendASCII(id.c_str())); std::string current_version; - Extension::InstallType install_type = CompareToInstalledVersion(id, version, - ¤t_version); - - if (install_type == Extension::DOWNGRADE) - return false; - - return (install_type == Extension::UPGRADE || - install_type == Extension::NEW_INSTALL || - NeedsReinstall(id, current_version)); + if (ReadCurrentVersion(dir, ¤t_version)) { + return CheckCurrentVersion(version, current_version, dir); + } + return true; } diff --git a/chrome/browser/extensions/extensions_service.h b/chrome/browser/extensions/extensions_service.h index f22b15d..f72a63a 100644 --- a/chrome/browser/extensions/extensions_service.h +++ b/chrome/browser/extensions/extensions_service.h @@ -32,43 +32,10 @@ class UserScriptMaster; typedef std::vector<Extension*> ExtensionList; - // Manages installed and running Chromium extensions. class ExtensionsService : public base::RefCountedThreadSafe<ExtensionsService> { public: - - // TODO(port): Move Crx package definitions to ExtentionCreator. They are - // currently here because ExtensionCreator is excluded on linux & mac. - - // The size of the magic character sequence at the beginning of each crx - // file, in bytes. This should be a multiple of 4. - static const size_t kExtensionHeaderMagicSize = 4; - - // The maximum size the crx parser will tolerate for a public key. - static const size_t kMaxPublicKeySize = 1 << 16; - - // The maximum size the crx parser will tolerate for a signature. - static const size_t kMaxSignatureSize = 1 << 16; - - // The magic character sequence at the beginning of each crx file. - static const char kExtensionHeaderMagic[]; - - // The current version of the crx format. - static const uint32 kCurrentVersion = 2; - - // This header is the first data at the beginning of an extension. Its - // contents are purposely 32-bit aligned so that it can just be slurped into - // a struct without manual parsing. - struct ExtensionHeader { - char magic[kExtensionHeaderMagicSize]; - uint32 version; - size_t key_size; // The size of the public key, in bytes. - size_t signature_size; // The size of the signature, in bytes. - // An ASN.1-encoded PublicKeyInfo structure follows. - // The signature follows. - }; - ExtensionsService(Profile* profile, MessageLoop* frontend_loop, MessageLoop* backend_loop, @@ -141,16 +108,14 @@ class ExtensionsService void OnExtensionsLoaded(ExtensionList* extensions); // Called by the backend when an extensoin hsa been installed. - void OnExtensionInstalled(Extension* extension, - Extension::InstallType install_type); + void OnExtensionInstalled(Extension* extension, bool is_update); // Called by the backend when an external extension has been installed. void OnExternalExtensionInstalled( const std::string& id, Extension::Location location); - // Called by the backend when an attempt was made to reinstall the same - // version of an existing extension. - void OnExtensionOverinstallAttempted(const std::string& id); + // Called by the backend when an extension has been reinstalled. + void OnExtensionVersionReinstalled(const std::string& id); // The name of the directory inside the profile where extensions are // installed to. @@ -233,11 +198,6 @@ class ExtensionsServiceBackend class UnpackerClient; friend class UnpackerClient; - // Utility function to read an extension manifest and return it as a - // DictionaryValue. If it fails, NULL is returned and |error| contains an - // appropriate message. - DictionaryValue* ReadManifest(FilePath manifest_path, std::string* error); - // Load a single extension from |extension_path|, the top directory of // a specific extension where its manifest file lives. Extension* LoadExtension(const FilePath& extension_path, bool require_id); @@ -256,10 +216,6 @@ class ExtensionsServiceBackend const std::string& expected_id, bool from_external); - // Validates the signature of the extension in |extension_path|. Returns true - // and the public key (in |key|) if the signature validates, false otherwise. - bool ValidateSignature(const FilePath& extension_path, std::string* key_out); - // Finish installing an extension after it has been unpacked to // |temp_extension_dir| by our utility process. If |expected_id| is not // empty, it's verified against the extension's manifest before installation. @@ -284,9 +240,8 @@ class ExtensionsServiceBackend void ReportExtensionInstallError(const FilePath& extension_path, const std::string& error); - // Notify the frontend that an attempt was made (but not carried out) to - // install the same version of an existing extension. - void ReportExtensionOverinstallAttempted(const std::string& id); + // Notify the frontend that the extension had already been installed. + void ReportExtensionVersionReinstalled(const std::string& id); // Checks a set of strings (containing id's to ignore) in order to determine // if the extension should be installed. @@ -307,14 +262,11 @@ class ExtensionsServiceBackend // Reads the Current Version file from |dir| into |version_string|. bool ReadCurrentVersion(const FilePath& dir, std::string* version_string); - // Look for an existing installation of the extension |id| & return - // an InstallType that would result from installing |new_version_str|. - Extension::InstallType CompareToInstalledVersion(const std::string& id, - const std::string& new_version_str, std::string* current_version_str); - - // Does an existing installed extension need to be reinstalled. - bool NeedsReinstall(const std::string& id, - const std::string& current_version); + // Check that the version to be installed is greater than the current + // installed extension. + bool CheckCurrentVersion(const std::string& version, + const std::string& current_version, + const FilePath& dest_dir); // Install the extension dir by moving it from |source| to |dest| safely. bool InstallDirSafely(const FilePath& source, diff --git a/chrome/browser/extensions/extensions_service_unittest.cc b/chrome/browser/extensions/extensions_service_unittest.cc index 99999fb..ef41940 100644 --- a/chrome/browser/extensions/extensions_service_unittest.cc +++ b/chrome/browser/extensions/extensions_service_unittest.cc @@ -36,13 +36,13 @@ namespace { // Extension ids used during testing. const char* const all_zero = "0000000000000000000000000000000000000000"; const char* const zero_n_one = "0000000000000000000000000000000000000001"; -const char* const good0 = "fc6f6ba6693faf6773c13701019f2e7a12f0febe"; -const char* const good1 = "e5ead92b2c6795c1d2b92df9c5cb37de5582471a"; -const char* const good2 = "a37fed892f622823f4daaec4426a32fc7f6147dc"; -const char* const good_crx = "b3dd733cd71a98fa83f387455e12f5c5501c519e"; -const char* const page_action = "a4ca7d01469a010acb200568a0b8f4d9b3ac1f91"; -const char* const theme_crx = "80c45f5ae9e0f839d105c6a6d2461a036bc40a04"; -const char* const theme2_crx = "f9f6c52c01efdd5edd7c396b5f995a15fc7ad6d1"; +const char* const good0 = "00123456789abcdef0123456789abcdef0123456"; +const char* const good1 = "10123456789abcdef0123456789abcdef0123456"; +const char* const good2 = "20123456789abcdef0123456789abcdef0123456"; +const char* const good_crx = "00123456789abcdef0123456789abcdef0123456"; +const char* const page_action = "8a5e4cb023c61b431e9b603a97c293429ce057c8"; +const char* const theme_crx = "f0123456789abcdef0123456789abcdef0126456"; +const char* const theme2_crx = "f0123456789adddef0123456789abcdef0126456"; struct ExtensionsOrder { bool operator()(const Extension* a, const Extension* b) { @@ -235,7 +235,7 @@ TEST_F(ExtensionsServiceTest, LoadAllExtensionsFromDirectorySuccess) { } ASSERT_EQ(3u, loaded_.size()); - EXPECT_EQ(std::string(good0), loaded_[0]->id()); + EXPECT_EQ(std::string(good_crx), loaded_[0]->id()); EXPECT_EQ(std::string("My extension 1"), loaded_[0]->name()); EXPECT_EQ(std::string("The first extension that I made."), @@ -245,8 +245,8 @@ TEST_F(ExtensionsServiceTest, LoadAllExtensionsFromDirectorySuccess) { EXPECT_EQ(3u, service_->extensions()->size()); ValidatePrefKeyCount(3); - ValidatePref(good0, L"state", Extension::ENABLED); - ValidatePref(good0, L"location", Extension::INTERNAL); + ValidatePref(good_crx, L"state", Extension::ENABLED); + ValidatePref(good_crx, L"location", Extension::INTERNAL); ValidatePref(good1, L"state", Extension::ENABLED); ValidatePref(good1, L"location", Extension::INTERNAL); ValidatePref(good2, L"state", Extension::ENABLED); @@ -398,10 +398,6 @@ TEST_F(ExtensionsServiceTest, InstallExtension) { ValidatePref(page_action, L"state", Extension::ENABLED); ValidatePref(page_action, L"location", Extension::INTERNAL); - // Bad signature. - path = extensions_path.AppendASCII("bad_signature.crx"); - InstallExtension(path, false); - // 0-length extension file. path = extensions_path.AppendASCII("not_an_extension.crx"); InstallExtension(path, false); @@ -412,6 +408,16 @@ TEST_F(ExtensionsServiceTest, InstallExtension) { InstallExtension(path, false); ValidatePrefKeyCount(pref_count); + // Poorly formed JSON. + path = extensions_path.AppendASCII("bad_json.crx"); + InstallExtension(path, false); + ValidatePrefKeyCount(pref_count); + + // Incorrect zip hash. + path = extensions_path.AppendASCII("bad_hash.crx"); + InstallExtension(path, false); + ValidatePrefKeyCount(pref_count); + // TODO(erikkay): add more tests for many of the failure cases. // TODO(erikkay): add tests for upgrade cases. } @@ -553,56 +559,6 @@ TEST_F(ExtensionsServiceTest, Reinstall) { ValidatePref(good_crx, L"location", Extension::INTERNAL); } -// Test upgrading a signed extension. -TEST_F(ExtensionsServiceTest, UpgradeSignedGood) { - FilePath extensions_path; - ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &extensions_path)); - extensions_path = extensions_path.AppendASCII("extensions"); - - FilePath path = extensions_path.AppendASCII("good.crx"); - service_->InstallExtension(path); - loop_.RunAllPending(); - - ASSERT_TRUE(installed_); - ASSERT_EQ(1u, loaded_.size()); - ASSERT_EQ(0u, GetErrors().size()); - - // Upgrade to version 2.0 - path = extensions_path.AppendASCII("good2.crx"); - service_->InstallExtension(path); - loop_.RunAllPending(); - - ASSERT_TRUE(installed_); - ASSERT_EQ(2u, loaded_.size()); - ASSERT_EQ(0u, GetErrors().size()); -} - -// Test upgrading a signed extension with a bad signature. -TEST_F(ExtensionsServiceTest, UpgradeSignedBad) { - FilePath extensions_path; - ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &extensions_path)); - extensions_path = extensions_path.AppendASCII("extensions"); - - FilePath path = extensions_path.AppendASCII("good.crx"); - service_->InstallExtension(path); - loop_.RunAllPending(); - - ASSERT_TRUE(installed_); - ASSERT_EQ(1u, loaded_.size()); - ASSERT_EQ(0u, GetErrors().size()); - installed_ = NULL; - - // Try upgrading with a bad signature. This should fail during the unpack, - // because the key will not match the signature. - path = extensions_path.AppendASCII("good2_bad_signature.crx"); - service_->InstallExtension(path); - loop_.RunAllPending(); - - ASSERT_FALSE(installed_); - ASSERT_EQ(1u, loaded_.size()); - ASSERT_EQ(1u, GetErrors().size()); -} - // Tests uninstalling normal extensions TEST_F(ExtensionsServiceTest, UninstallExtension) { FilePath extensions_path; @@ -700,8 +656,6 @@ TEST_F(ExtensionsServiceTest, LoadExtension) { // Tests that we generate IDs when they are not specified in the manifest for // --load-extension. TEST_F(ExtensionsServiceTest, GenerateID) { - Extension::ResetGeneratedIdCounter(); - FilePath extensions_path; ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &extensions_path)); extensions_path = extensions_path.AppendASCII("extensions"); @@ -743,7 +697,7 @@ TEST_F(ExtensionsServiceTest, ExternalInstallRegistry) { RegKey key; std::wstring reg_path = ASCIIToWide(registry_path_); - reg_path += L"\\b3dd733cd71a98fa83f387455e12f5c5501c519e"; + reg_path += L"\\00123456789ABCDEF0123456789ABCDEF0123456"; ASSERT_TRUE(key.Create(HKEY_LOCAL_MACHINE, reg_path.c_str(), KEY_WRITE)); ASSERT_TRUE(key.WriteValue(L"path", source_path.ToWStringHack().c_str())); ASSERT_TRUE(key.WriteValue(L"version", L"1.0.0.0")); diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc index 73eb417..bf7d3a5 100644 --- a/chrome/common/extensions/extension.cc +++ b/chrome/common/extensions/extension.cc @@ -5,14 +5,10 @@ #include "chrome/common/extensions/extension.h" #include "app/resource_bundle.h" -#include "base/basictypes.h" #include "base/file_path.h" #include "base/file_util.h" #include "base/logging.h" #include "base/string_util.h" -#include "base/third_party/nss/blapi.h" -#include "base/third_party/nss/sha256.h" -#include "net/base/base64.h" #include "net/base/net_util.h" #include "chrome/common/extensions/extension_error_reporter.h" #include "chrome/common/extensions/extension_error_utils.h" @@ -37,8 +33,6 @@ namespace { const int kRSAKeySize = 1024; }; -int Extension::id_counter_ = 0; - const char Extension::kManifestFilename[] = "manifest.json"; const wchar_t* Extension::kBackgroundKey = L"background_page"; @@ -46,10 +40,10 @@ const wchar_t* Extension::kContentScriptsKey = L"content_scripts"; const wchar_t* Extension::kCssKey = L"css"; const wchar_t* Extension::kDescriptionKey = L"description"; const wchar_t* Extension::kIconPathKey = L"icon"; +const wchar_t* Extension::kIdKey = L"id"; const wchar_t* Extension::kJsKey = L"js"; const wchar_t* Extension::kMatchesKey = L"matches"; const wchar_t* Extension::kNameKey = L"name"; -const wchar_t* Extension::kPageActionIdKey = L"id"; const wchar_t* Extension::kPageActionsKey = L"page_actions"; const wchar_t* Extension::kPermissionsKey = L"permissions"; const wchar_t* Extension::kPluginsKey = L"plugins"; @@ -77,6 +71,7 @@ const char* Extension::kPageActionTypePermanent = "permanent"; static const wchar_t* kValidThemeKeys[] = { Extension::kDescriptionKey, Extension::kIconPathKey, + Extension::kIdKey, Extension::kNameKey, Extension::kPublicKeyKey, Extension::kSignatureKey, @@ -98,12 +93,12 @@ const char* Extension::kInvalidCssListError = "Required value 'content_scripts[*].css is invalid."; const char* Extension::kInvalidDescriptionError = "Invalid value for 'description'."; +const char* Extension::kInvalidIdError = + "Required value 'id' is missing or invalid."; const char* Extension::kInvalidJsError = "Invalid value for 'content_scripts[*].js[*]'."; const char* Extension::kInvalidJsListError = "Required value 'content_scripts[*].js is invalid."; -const char* Extension::kInvalidKeyError = - "Value 'key' is missing or invalid."; const char* Extension::kInvalidManifestError = "Manifest is missing or invalid."; const char* Extension::kInvalidMatchCountError = @@ -121,8 +116,6 @@ const char* Extension::kInvalidPageActionsListError = "Invalid value for 'page_actions'."; const char* Extension::kInvalidPageActionIconPathError = "Invalid value for 'page_actions[*].icon'."; -const char* Extension::kInvalidPageActionIdError = - "Required value 'id' is missing or invalid."; const char* Extension::kInvalidPageActionTooltipError = "Invalid value for 'page_actions[*].tooltip'."; const char* Extension::kInvalidPageActionTypeValueError = @@ -146,8 +139,6 @@ const char* Extension::kInvalidBackgroundError = "Invalid value for 'background'."; const char* Extension::kInvalidRunAtError = "Invalid value for 'content_scripts[*].run_at'."; -const char* Extension::kInvalidSignatureError = - "Value 'signature' is missing or invalid."; const char* Extension::kInvalidToolstripError = "Invalid value for 'toolstrips[*]'"; const char* Extension::kInvalidToolstripsError = @@ -176,8 +167,7 @@ const char* Extension::kExtensionRegistryPath = "Software\\Google\\Chrome\\Extensions"; #endif -// first 20 bytes of SHA256 hashed public key. -const size_t Extension::kIdSize = 20; +const size_t Extension::kIdSize = 20; // SHA1 (160 bits) == 20 bytes Extension::~Extension() { for (PageActionMap::iterator i = page_actions_.begin(); @@ -240,23 +230,6 @@ Extension::Location Extension::ExternalExtensionInstallType( return Extension::EXTERNAL_PREF; } -bool Extension::GenerateIdFromPublicKey(const std::string& input, - std::string* output) { - CHECK(output); - if (input.length() == 0) - return false; - - const uint8* ubuf = reinterpret_cast<const unsigned char*>(input.data()); - SHA256Context ctx; - SHA256_Begin(&ctx); - SHA256_Update(&ctx, ubuf, input.length()); - uint8 hash[Extension::kIdSize]; - SHA256_End(&ctx, hash, NULL, sizeof(hash)); - *output = StringToLowerASCII(HexEncode(hash, sizeof(hash))); - - return true; -} - // Helper method that loads a UserScript object from a dictionary in the // content_script list of the manifest. bool Extension::LoadUserScriptHelper(const DictionaryValue* content_script, @@ -394,8 +367,8 @@ PageAction* Extension::LoadPageActionHelper( // Read the page action |id|. std::string id; - if (!page_action->GetString(kPageActionIdKey, &id)) { - *error = ExtensionErrorUtils::FormatErrorMessage(kInvalidPageActionIdError, + if (!page_action->GetString(kIdKey, &id)) { + *error = ExtensionErrorUtils::FormatErrorMessage(kInvalidIdError, IntToString(definition_index)); return NULL; } @@ -519,14 +492,13 @@ Extension::Extension(const FilePath& path) { #endif } + // TODO(rafaelw): Move ParsePEMKeyBytes, ProducePEM & FormatPEMForOutput to a // util class in base: // http://code.google.com/p/chromium/issues/detail?id=13572 bool Extension::ParsePEMKeyBytes(const std::string& input, std::string* output) { - DCHECK(output); - if (!output) - return false; + CHECK(output); if (input.length() == 0) return false; @@ -592,23 +564,33 @@ bool Extension::FormatPEMForFileOutput(const std::string input, bool Extension::InitFromValue(const DictionaryValue& source, bool require_id, std::string* error) { - if (source.HasKey(kPublicKeyKey)) { - std::string public_key_bytes; - if (!source.GetString(kPublicKeyKey, &public_key_) || - !ParsePEMKeyBytes(public_key_, &public_key_bytes) || - !GenerateIdFromPublicKey(public_key_bytes, &id_)) { - *error = kInvalidKeyError; - return false; + // Initialize id. + if (source.HasKey(kIdKey)) { + if (!source.GetString(kIdKey, &id_)) { + *error = kInvalidIdError; + return false; + } + + // Normalize the string to lowercase, so it can be used as an URL component + // (where GURL will lowercase it). + StringToLowerASCII(&id_); + + // Verify that the id is legal. + if (!IdIsValid(id_)) { + *error = kInvalidIdError; + return false; } } else if (require_id) { - *error = kInvalidKeyError; + *error = kInvalidIdError; return false; } else { // Generate a random ID - id_ = StringPrintf("%x", NextGeneratedId()); + static int counter = 0; + id_ = StringPrintf("%x", counter); + ++counter; - // pad the string out to kIdSize*2 chars with zeroes. - id_.insert(0, Extension::kIdSize*2 - id_.length(), '0'); + // pad the string out to 40 chars with zeroes. + id_.insert(0, 40 - id_.length(), '0'); } // Initialize the URL. diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h index 658b57f..9a5bfbf 100644 --- a/chrome/common/extensions/extension.h +++ b/chrome/common/extensions/extension.h @@ -38,13 +38,6 @@ class Extension { KILLBIT, // Don't install/upgrade (applies to external extensions only). }; - enum InstallType { - DOWNGRADE, - REINSTALL, - UPGRADE, - NEW_INSTALL - }; - // An NPAPI plugin included in the extension. struct PluginInfo { FilePath path; // Path to the plugin. @@ -60,10 +53,10 @@ class Extension { static const wchar_t* kCssKey; static const wchar_t* kDescriptionKey; static const wchar_t* kIconPathKey; + static const wchar_t* kIdKey; static const wchar_t* kJsKey; static const wchar_t* kMatchesKey; static const wchar_t* kNameKey; - static const wchar_t* kPageActionIdKey; static const wchar_t* kPageActionsKey; static const wchar_t* kPermissionsKey; static const wchar_t* kPluginsKey; @@ -94,9 +87,9 @@ class Extension { static const char* kInvalidCssError; static const char* kInvalidCssListError; static const char* kInvalidDescriptionError; + static const char* kInvalidIdError; static const char* kInvalidJsError; static const char* kInvalidJsListError; - static const char* kInvalidKeyError; static const char* kInvalidManifestError; static const char* kInvalidMatchCountError; static const char* kInvalidMatchError; @@ -108,14 +101,12 @@ class Extension { static const char* kInvalidBackgroundError; static const char* kInvalidRunAtError; - static const char* kInvalidSignatureError; static const char* kInvalidToolstripError; static const char* kInvalidToolstripsError; static const char* kInvalidVersionError; static const char* kInvalidPageActionError; static const char* kInvalidPageActionsListError; static const char* kInvalidPageActionIconPathError; - static const char* kInvalidPageActionIdError; static const char* kInvalidPageActionTooltipError; static const char* kInvalidPageActionTypeValueError; static const char* kInvalidPermissionsError; @@ -142,11 +133,6 @@ class Extension { explicit Extension(const FilePath& path); virtual ~Extension(); - // Resets the id counter. This is only useful for unit tests. - static void ResetGeneratedIdCounter() { - id_counter_ = 0; - } - // Checks to see if the extension has a valid ID. static bool IdIsValid(const std::string& id); @@ -187,11 +173,6 @@ class Extension { // Does a simple base64 encoding of |input| into |output|. static bool ProducePEM(const std::string& input, std::string* output); - // Note: The result is coverted to lower-case because the browser enforces - // hosts to be lower-case in omni-bar. - static bool GenerateIdFromPublicKey(const std::string& input, - std::string* output); - // Expects base64 encoded |input| and formats into |output| including // the appropriate header & footer. static bool FormatPEMForFileOutput(const std::string input, @@ -212,7 +193,6 @@ class Extension { // String representation of the version number. const std::string VersionString() const; const std::string& name() const { return name_; } - const std::string& public_key() const { return public_key_; } const std::string& description() const { return description_; } const UserScriptList& content_scripts() const { return content_scripts_; } const PageActionMap& page_actions() const { return page_actions_; } @@ -242,14 +222,6 @@ class Extension { std::set<FilePath> GetBrowserImages(); private: - // Counter used to assign ids to extensions that are loaded using - // --load-extension. - static int id_counter_; - - // Returns the next counter id. Intentionally post-incrementing so that first - // value is 0. - static int NextGeneratedId() { return id_counter_++; } - // Helper method that loads a UserScript object from a // dictionary in the content_script list of the manifest. bool LoadUserScriptHelper(const DictionaryValue* content_script, @@ -309,9 +281,10 @@ class Extension { // Paths to HTML files to be displayed in the toolbar. std::vector<std::string> toolstrips_; - // The public key ('key' in the manifest) used to sign the contents of the - // crx package ('signature' in the manifest) - std::string public_key_; + // A SHA1 hash of the contents of the zip file. Note that this key is only + // present in the manifest that's prepended to the zip. The inner manifest + // will not have this key. + std::string zip_hash_; // A map of resource id's to relative file paths. scoped_ptr<DictionaryValue> theme_images_; diff --git a/chrome/common/extensions/extension_unittest.cc b/chrome/common/extensions/extension_unittest.cc index 661bcb6..7f0f288 100644 --- a/chrome/common/extensions/extension_unittest.cc +++ b/chrome/common/extensions/extension_unittest.cc @@ -43,6 +43,17 @@ TEST(ExtensionTest, InitFromValueInvalid) { scoped_ptr<DictionaryValue> input_value; + // Test missing and invalid ids + input_value.reset(static_cast<DictionaryValue*>(valid_value->DeepCopy())); + input_value->Remove(Extension::kIdKey, NULL); + EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error)); + EXPECT_EQ(Extension::kInvalidIdError, error); + + input_value.reset(static_cast<DictionaryValue*>(valid_value->DeepCopy())); + input_value->SetInteger(Extension::kIdKey, 42); + EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error)); + EXPECT_EQ(Extension::kInvalidIdError, error); + // Test missing and invalid versions input_value.reset(static_cast<DictionaryValue*>(valid_value->DeepCopy())); input_value->Remove(Extension::kVersionKey, NULL); @@ -193,22 +204,22 @@ TEST(ExtensionTest, InitFromValueValid) { #elif defined(OS_POSIX) FilePath path(FILE_PATH_LITERAL("/foo")); #endif - Extension::ResetGeneratedIdCounter(); - Extension extension(path); std::string error; DictionaryValue input_value; // Test minimal extension + input_value.SetString(Extension::kIdKey, + "00123456789ABCDEF0123456789ABCDEF0123456"); input_value.SetString(Extension::kVersionKey, "1.0.0.0"); input_value.SetString(Extension::kNameKey, "my extension"); - EXPECT_TRUE(extension.InitFromValue(input_value, false, &error)); + EXPECT_TRUE(extension.InitFromValue(input_value, true, &error)); EXPECT_EQ("", error); - EXPECT_EQ("0000000000000000000000000000000000000000", extension.id()); + EXPECT_EQ("00123456789abcdef0123456789abcdef0123456", extension.id()); EXPECT_EQ("1.0.0.0", extension.VersionString()); EXPECT_EQ("my extension", extension.name()); - EXPECT_EQ("chrome-extension://0000000000000000000000000000000000000000/", + EXPECT_EQ("chrome-extension://00123456789abcdef0123456789abcdef0123456/", extension.url().spec()); EXPECT_EQ(path.value(), extension.path().value()); } @@ -221,9 +232,11 @@ TEST(ExtensionTest, GetResourceURLAndPath) { #endif Extension extension(path); DictionaryValue input_value; + input_value.SetString(Extension::kIdKey, + "00123456789ABCDEF0123456789ABCDEF0123456"); input_value.SetString(Extension::kVersionKey, "1.0.0.0"); input_value.SetString(Extension::kNameKey, "my extension"); - EXPECT_TRUE(extension.InitFromValue(input_value, false, NULL)); + EXPECT_TRUE(extension.InitFromValue(input_value, true, NULL)); EXPECT_EQ(extension.url().spec() + "bar/baz.js", Extension::GetResourceURL(extension.url(), "bar/baz.js").spec()); diff --git a/chrome/common/extensions/extension_unpacker.cc b/chrome/common/extensions/extension_unpacker.cc index bae5a7d..b5bc919 100644 --- a/chrome/common/extensions/extension_unpacker.cc +++ b/chrome/common/extensions/extension_unpacker.cc @@ -8,6 +8,8 @@ #include "base/scoped_handle.h" #include "base/scoped_temp_dir.h" #include "base/string_util.h" +#include "base/third_party/nss/blapi.h" +#include "base/third_party/nss/sha256.h" #include "base/thread.h" #include "base/values.h" #include "net/base/file_stream.h" @@ -21,6 +23,8 @@ #include "webkit/glue/image_decoder.h" namespace { +const char kCurrentVersionFileName[] = "Current Version"; + // The name of a temporary directory to install an extension into for // validation before finalizing install. const char kTempExtensionName[] = "TEMP_INSTALL"; @@ -28,14 +32,27 @@ const char kTempExtensionName[] = "TEMP_INSTALL"; // The file to write our decoded images to, relative to the extension_path. const char kDecodedImagesFilename[] = "DECODED_IMAGES"; -// Errors -const char* kCouldNotCreateDirectoryError = - "Could not create directory for unzipping."; -const char* kCouldNotDecodeImageError = "Could not decode theme image."; -const char* kCouldNotUnzipExtension = "Could not unzip extension."; -const char* kPathNamesMustBeAbsoluteOrLocalError = - "Path names must not be absolute or contain '..'."; +// Chromium Extension magic number +// TODO(aa): This should use the one in ExtensionCreator once we transition this +// to ouptut the same format. +const char kExtensionFileMagic[] = "Cr24"; + +struct ExtensionHeader { + char magic[sizeof(kExtensionFileMagic) - 1]; + uint32 version; + size_t header_size; + size_t manifest_size; +}; + +const size_t kZipHashBytes = 32; // SHA-256 +const size_t kZipHashHexBytes = kZipHashBytes * 2; // Hex string is 2x size. +// A marker file to indicate that an extension was installed from an external +// source. +const char kExternalInstallFile[] = "EXTERNAL_INSTALL"; + +// The version of the extension package that this code understands. +const uint32 kExpectedVersion = 1; } // namespace static SkBitmap DecodeImage(const FilePath& path) { @@ -73,6 +90,74 @@ static bool PathContainsParentDirectory(const FilePath& path) { return false; } +// The extension file format is a header, followed by the manifest, followed +// by the zip file. The header is a magic number, a version, the size of the +// header, and the size of the manifest. These ints are 4 byte little endian. +DictionaryValue* ExtensionUnpacker::ReadPackageHeader() { + ScopedStdioHandle file(file_util::OpenFile(extension_path_, "rb")); + if (!file.get()) { + SetError("no such extension file"); + return NULL; + } + + // Read and verify the header. + ExtensionHeader header; + size_t len; + + // TODO(erikkay): Yuck. I'm not a big fan of this kind of code, but it + // appears that we don't have any endian/alignment aware serialization + // code in the code base. So for now, this assumes that we're running + // on a little endian machine with 4 byte alignment. + len = fread(&header, 1, sizeof(ExtensionHeader), file.get()); + if (len < sizeof(ExtensionHeader)) { + SetError("invalid extension header"); + return NULL; + } + if (strncmp(kExtensionFileMagic, header.magic, sizeof(header.magic))) { + SetError("bad magic number"); + return NULL; + } + if (header.version != kExpectedVersion) { + SetError("bad version number"); + return NULL; + } + if (header.header_size > sizeof(ExtensionHeader)) + fseek(file.get(), header.header_size - sizeof(ExtensionHeader), SEEK_CUR); + + char buf[1 << 16]; + std::string manifest_str; + size_t read_size = std::min(sizeof(buf), header.manifest_size); + size_t remainder = header.manifest_size; + while ((len = fread(buf, 1, read_size, file.get())) > 0) { + manifest_str.append(buf, len); + if (len <= remainder) + break; + remainder -= len; + read_size = std::min(sizeof(buf), remainder); + } + + // Verify the JSON + JSONStringValueSerializer json(manifest_str); + std::string error; + scoped_ptr<Value> val(json.Deserialize(&error)); + if (!val.get()) { + SetError(error); + return NULL; + } + if (!val->IsType(Value::TYPE_DICTIONARY)) { + SetError("manifest isn't a JSON dictionary"); + return NULL; + } + DictionaryValue* manifest = static_cast<DictionaryValue*>(val.get()); + + // TODO(erikkay): The manifest will also contain a signature of the hash + // (or perhaps the whole manifest) for authentication purposes. + + // The caller owns val (now cast to manifest). + val.release(); + return manifest; +} + DictionaryValue* ExtensionUnpacker::ReadManifest() { FilePath manifest_path = temp_install_dir_.AppendASCII(Extension::kManifestFilename); @@ -100,16 +185,34 @@ DictionaryValue* ExtensionUnpacker::ReadManifest() { bool ExtensionUnpacker::Run() { LOG(INFO) << "Installing extension " << extension_path_.value(); + // Read and verify the extension. + scoped_ptr<DictionaryValue> header_manifest(ReadPackageHeader()); + if (!header_manifest.get()) { + // ReadPackageHeader has already reported the extension error. + return false; + } + + // TODO(mpcomplete): it looks like this isn't actually necessary. We don't + // use header_extension, and we check that the unzipped manifest is valid. + Extension header_extension; + std::string error; + if (!header_extension.InitFromValue(*header_manifest, + true, // require ID + &error)) { + SetError(error); + return false; + } + // <profile>/Extensions/INSTALL_TEMP/<version> temp_install_dir_ = extension_path_.DirName().AppendASCII(kTempExtensionName); if (!file_util::CreateDirectory(temp_install_dir_)) { - SetError(kCouldNotCreateDirectoryError); + SetError("Couldn't create directory for unzipping."); return false; } if (!Unzip(extension_path_, temp_install_dir_)) { - SetError(kCouldNotUnzipExtension); + SetError("Couldn't unzip extension."); return false; } @@ -117,19 +220,16 @@ bool ExtensionUnpacker::Run() { parsed_manifest_.reset(ReadManifest()); if (!parsed_manifest_.get()) return false; // Error was already reported. - - // NOTE: Since the Unpacker doesn't have the extension's public_id, the - // InitFromValue is allowed to generate a temporary id for the extension. - // ANY CODE THAT FOLLOWS SHOULD NOT DEPEND ON THE CORRECT ID OF THIS - // EXTENSION. + + // Re-read the actual manifest into our extension struct. Extension extension; - std::string error; if (!extension.InitFromValue(*parsed_manifest_, - false, + true, // require ID &error)) { SetError(error); return false; } + // Decode any images that the browser needs to display. std::set<FilePath> image_paths = extension.GetBrowserImages(); for (std::set<FilePath>::iterator it = image_paths.begin(); @@ -171,13 +271,13 @@ bool ExtensionUnpacker::ReadImagesFromFile(const FilePath& extension_path, bool ExtensionUnpacker::AddDecodedImage(const FilePath& path) { // Make sure it's not referencing a file outside the extension's subdir. if (path.IsAbsolute() || PathContainsParentDirectory(path)) { - SetError(kPathNamesMustBeAbsoluteOrLocalError); + SetError("Path names must not be absolute or contain '..'."); return false; } SkBitmap image_bitmap = DecodeImage(temp_install_dir_.Append(path)); if (image_bitmap.isNull()) { - SetError(kCouldNotDecodeImageError); + SetError("Could not decode theme image."); return false; } diff --git a/chrome/common/extensions/extension_unpacker.h b/chrome/common/extensions/extension_unpacker.h index aeb72d9..65af750 100644 --- a/chrome/common/extensions/extension_unpacker.h +++ b/chrome/common/extensions/extension_unpacker.h @@ -48,6 +48,10 @@ class ExtensionUnpacker { const DecodedImages& decoded_images() { return decoded_images_; } private: + // Parse the header on the front of the extension file and return the manifest + // inside it. Caller takes ownership of return value. + DictionaryValue* ReadPackageHeader(); + // Parse the manifest.json file inside the extension (not in the header). // Caller takes ownership of return value. DictionaryValue* ReadManifest(); diff --git a/chrome/test/data/extensions/bad/missing_content_script/1/manifest.json b/chrome/test/data/extensions/bad/missing_content_script/1/manifest.json index b3b3858..9799306 100644 --- a/chrome/test/data/extensions/bad/missing_content_script/1/manifest.json +++ b/chrome/test/data/extensions/bad/missing_content_script/1/manifest.json @@ -1,6 +1,5 @@ { - "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsaVmPYFjlYABY7y8sEVB5i3/stDIXU8i3bBeQYeaXOg+Jr1vEhaSgKTy3zMY4m3+cnKI7Z/bMpYohS4pQTcwIXS1kEB6taCUUWgm2315zxSH+gUFRyfzBDlS8LZ9tRirFGj8o0R2YQobHgSPyf04Phq4AeMmGSygEJkfGO+Wt8wIDAQAB", - "signature":"kCUJQeO+FZ0hENaTT9bFW90HwiIppJEj/j88gOyXIL3z00ZOn/eck+M8O+HU7ad+U7BG5GK7xnuIvqzjAYK4ihfEYbExnbx3R79GWUWpHegELbp0PvhU9a+xIwTh48kzpKNgunzZGY0oONGvVeoNQXeTTO8z2i6RZfWD3/YdyBk=", + "id": "00123456789ABCDEF0123456789ABCDEF0123456", "version": "1.0.0.0", "name": "My extension 1", "description": "The first extension that I made.", diff --git a/chrome/test/data/extensions/bad_hash.crx b/chrome/test/data/extensions/bad_hash.crx Binary files differnew file mode 100644 index 0000000..8add85c --- /dev/null +++ b/chrome/test/data/extensions/bad_hash.crx diff --git a/chrome/test/data/extensions/bad_json.crx b/chrome/test/data/extensions/bad_json.crx Binary files differnew file mode 100644 index 0000000..f249711 --- /dev/null +++ b/chrome/test/data/extensions/bad_json.crx diff --git a/chrome/test/data/extensions/bad_magic.crx b/chrome/test/data/extensions/bad_magic.crx Binary files differindex 4323013..da66e12 100755..100644 --- a/chrome/test/data/extensions/bad_magic.crx +++ b/chrome/test/data/extensions/bad_magic.crx diff --git a/chrome/test/data/extensions/content_script_inject/manifest.json b/chrome/test/data/extensions/content_script_inject/manifest.json index 48e4496..8214fb6 100644 --- a/chrome/test/data/extensions/content_script_inject/manifest.json +++ b/chrome/test/data/extensions/content_script_inject/manifest.json @@ -1,4 +1,5 @@ { + "id": "00123456789ABCDEF0123456789ABCDEF0123456", "version": "1.0.0.0", "name": "User script inject", "content_scripts": [ diff --git a/chrome/test/data/extensions/good.crx b/chrome/test/data/extensions/good.crx Binary files differindex 1da98b0..d479794 100644 --- a/chrome/test/data/extensions/good.crx +++ b/chrome/test/data/extensions/good.crx diff --git a/chrome/test/data/extensions/good.pem b/chrome/test/data/extensions/good.pem deleted file mode 100755 index eb40bdaa..0000000 --- a/chrome/test/data/extensions/good.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICeQICAAAwDQYJKoZIhvcNAQEBBQAEggJiMIICXgICAAACgYC8c4fBSPZ6utYoZ -8NiWF/DSaimBhihjwgOsskyleFGaurhi3TDClTVSGPxNkgCzrz0wACML7M4aNjpd0 -5qupdbR2d294jkDuI7caxEGUucpP7GJRRHnm8Sx+y0ury28n8jbN0PnInKKWcxpIX -XmNQyC19HBuO3QIeUq9Dqc+7YFQIFAAABAAECgYEAIMTmIlIRqh27B6OjcgJ0BH1W -eigtOEqq2AN2wPkXByuoVDfvwcqWHdBMsLEDrJlOejC456eTvodc0JwSYrS3hLduh -efVnvyA+rnMyeUNXH3y1k8F7T8hjNOZSZQe5BwDfVTIpPl220GTmccQ5fqDr1zUQW -oQNrAQRsp5pZHziTECQNyRihwhjbaPcFbR/l6RJMJIntWe1ihrUWwg21/sIWQl7h0 -2TUi6nXdRfJHZ88Jg1zR5BTlXYUrXPBWg+ntbaNMCQNq5OyiZxeYG+N568SIrYfno -05zRzyg58IHZCAxcICOEwhwHlZ8cy0grjo371qRdB0MBQNoua1bYt5e0eV63qncCQ -LlbqYfYfsIzqsGbebu5F/4ZjzmQYQLYpTVMK29h/fGumnt8HdiH0zrphNkBI4NvZI -sZRNWaZA3D8R9wB+/QsrcCQQA2vJ5adck53MrRWrEX3QWC9kpm93bBWWagCEFkXnX -IjcPKIffGvvz8jbH6RGkd7w4PLbQeJfnE3S1s8MRi+NHXAkEAWYOtIWr0ZbYAIKGL -Hxk6eiJ7hKlARhYXzoTlf9LUFFRpvMuGo3S5BcB+WmtiPFXdUOyEHrS4IovqyzVod -auibQ== ------END PRIVATE KEY----- diff --git a/chrome/test/data/extensions/good/extension1/1/manifest.json b/chrome/test/data/extensions/good/extension1/1/manifest.json index e520422..f8888c5 100644 --- a/chrome/test/data/extensions/good/extension1/1/manifest.json +++ b/chrome/test/data/extensions/good/extension1/1/manifest.json @@ -1,6 +1,5 @@ { - "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsaVmPYFjlYABY7y8sEVB5i3/stDIXU8i3bBeQYeaXOg+Jr1vEhaSgKTy3zMY4m3+cnKI7Z/bMpYohS4pQTcwIXS1kEB6taCUUWgm2315zxSH+gUFRyfzBDlS8LZ9tRirFGj8o0R2YQobHgSPyf04Phq4AeMmGSygEJkfGO+Wt8wIDAQAB", - "signature":"kCUJQeO+FZ0hENaTT9bFW90HwiIppJEj/j88gOyXIL3z00ZOn/eck+M8O+HU7ad+U7BG5GK7xnuIvqzjAYK4ihfEYbExnbx3R79GWUWpHegELbp0PvhU9a+xIwTh48kzpKNgunzZGY0oONGvVeoNQXeTTO8z2i6RZfWD3/YdyBk=", + "id": "00123456789ABCDEF0123456789ABCDEF0123456", "version": "1.0.0.0", "name": "My extension 1", "description": "The first extension that I made.", diff --git a/chrome/test/data/extensions/good/extension2/2/manifest.json b/chrome/test/data/extensions/good/extension2/2/manifest.json index 62eea65..35f01c0 100644 --- a/chrome/test/data/extensions/good/extension2/2/manifest.json +++ b/chrome/test/data/extensions/good/extension2/2/manifest.json @@ -1,6 +1,5 @@ { - "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4RIIi/YbLZ6dRpdQnWfrQuo2vunkuPJpD9HNvZQ3J5aylSw7Y8ghzom793CbTJK1ZI254yZtkaWZJWOBhPKCaaRac+qfpRN1spl42vpyMn1OrGQm1pwZT6rDpCyIVIx/k2o4puMsQHNUIqxXPu3Oj+KSVdCIGOmabMhz765UjhwIDAQAB", - "signature":"kCUJQeO+FZ0hENaTT9bFW90HwiIppJEj/j88gOyXIL3z00ZOn/eck+M8O+HU7ad+U7BG5GK7xnuIvqzjAYK4ihfEYbExnbx3R79GWUWpHegELbp0PvhU9a+xIwTh48kzpKNgunzZGY0oONGvVeoNQXeTTO8z2i6RZfWD3/YdyBk=", + "id": "10123456789ABCDEF0123456789ABCDEF0123456", "version": "1.0.0.0", "name": "My extension 2", "plugins": [ diff --git a/chrome/test/data/extensions/good/extension3/1.0/manifest.json b/chrome/test/data/extensions/good/extension3/1.0/manifest.json index f162173..7927104 100644 --- a/chrome/test/data/extensions/good/extension3/1.0/manifest.json +++ b/chrome/test/data/extensions/good/extension3/1.0/manifest.json @@ -1,6 +1,5 @@ { - "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl3hT1ZDijpPbk8wo8TxRGlQSU1zWvQFnY8XewiRMrEjTndGIGUGxXVg7KlBJOQ0DqK+yS8jeK1xsDRre7IzqoA491AnGRydsHXWwGCNHzwtzFjfVGChoqvXdsAoikBzeEv0+ZL1sHid++gLqICDlapcko0/TzrWe+F6bTA7n5oQIDAQAB", - "signature":"kCUJQeO+FZ0hENaTT9bFW90HwiIppJEj/j88gOyXIL3z00ZOn/eck+M8O+HU7ad+U7BG5GK7xnuIvqzjAYK4ihfEYbExnbx3R79GWUWpHegELbp0PvhU9a+xIwTh48kzpKNgunzZGY0oONGvVeoNQXeTTO8z2i6RZfWD3/YdyBk=", + "id": "20123456789ABCDEF0123456789ABCDEF0123456", "version": "1.0", "name": "My extension 3" } diff --git a/chrome/test/data/extensions/good2.crx b/chrome/test/data/extensions/good2.crx Binary files differindex 26a1dfa..d475b5e 100755 --- a/chrome/test/data/extensions/good2.crx +++ b/chrome/test/data/extensions/good2.crx diff --git a/chrome/test/data/extensions/page_action.crx b/chrome/test/data/extensions/page_action.crx Binary files differindex 2a397c8..8b4ec7c 100644 --- a/chrome/test/data/extensions/page_action.crx +++ b/chrome/test/data/extensions/page_action.crx diff --git a/chrome/test/data/extensions/samples/buildbot/manifest.json b/chrome/test/data/extensions/samples/buildbot/manifest.json index 71e2326..c584f8d 100644 --- a/chrome/test/data/extensions/samples/buildbot/manifest.json +++ b/chrome/test/data/extensions/samples/buildbot/manifest.json @@ -1,5 +1,6 @@ { - "description": "Buildbot waterfall monitor", + "description": "Buildbot waterfall monitor", + "id": "7868865ECC233B0400ABE5D38D88355C03C4BB1A", "name": "buildbot", "toolstrips": [ "buildbot.html" diff --git a/chrome/test/data/extensions/samples/subscribe/manifest.json b/chrome/test/data/extensions/samples/subscribe/manifest.json index 3ec3cd8..fa98e31 100644 --- a/chrome/test/data/extensions/samples/subscribe/manifest.json +++ b/chrome/test/data/extensions/samples/subscribe/manifest.json @@ -9,7 +9,8 @@ ] } ], - "description": "Adds one-click subscription with Google Reader to your toolbar", + "description": "Adds one-click subscription with Google Reader to your toolbar", + "id": "8962A8B1A1063945CEDE08181EA28D2D65124E86", "name": "Subscribe in Reader", "permissions": [ "http://www.google.com/*" diff --git a/chrome/test/data/extensions/theme.crx b/chrome/test/data/extensions/theme.crx Binary files differindex e80391d..bed2237 100644 --- a/chrome/test/data/extensions/theme.crx +++ b/chrome/test/data/extensions/theme.crx diff --git a/chrome/test/data/extensions/theme2.crx b/chrome/test/data/extensions/theme2.crx Binary files differindex 313fc8d..66fd919 100644 --- a/chrome/test/data/extensions/theme2.crx +++ b/chrome/test/data/extensions/theme2.crx diff --git a/chrome/test/data/extensions/theme_with_extension.crx b/chrome/test/data/extensions/theme_with_extension.crx Binary files differindex cacbffd..beb12be 100644 --- a/chrome/test/data/extensions/theme_with_extension.crx +++ b/chrome/test/data/extensions/theme_with_extension.crx diff --git a/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension1.json b/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension1.json index 33dba7f..1cf00e7 100644 --- a/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension1.json +++ b/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension1.json @@ -1,5 +1,5 @@ { - "id": "fc6f6ba6693faf6773c13701019f2e7a12f0febe", + "id": "00123456789abcdef0123456789abcdef0123456", "version": "1.0.0.0", "name": "My extension 1", "description": "The first extension that I made.", diff --git a/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension2.json b/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension2.json index c6300a3..73d98ff 100644 --- a/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension2.json +++ b/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension2.json @@ -1,5 +1,5 @@ { - "id": "e5ead92b2c6795c1d2b92df9c5cb37de5582471a", + "id": "10123456789abcdef0123456789abcdef0123456", "version": "1.0.0.0", "name": "My extension 2", "description": "", diff --git a/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension3.json b/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension3.json index 1125f48..3fd8a09 100644 --- a/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension3.json +++ b/chrome/test/data/extensions/ui/create_extension_detail_value_expected_output/good-extension3.json @@ -1,5 +1,5 @@ { - "id": "a37fed892f622823f4daaec4426a32fc7f6147dc", + "id": "20123456789abcdef0123456789abcdef0123456", "version": "1.0", "name": "My extension 3", "description": "", diff --git a/chrome/test/data/extensions/uitest/roundtrip_api_call/manifest.json b/chrome/test/data/extensions/uitest/roundtrip_api_call/manifest.json index 5acde49..b071780 100644 --- a/chrome/test/data/extensions/uitest/roundtrip_api_call/manifest.json +++ b/chrome/test/data/extensions/uitest/roundtrip_api_call/manifest.json @@ -1,5 +1,5 @@ { - "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4RIIi/YbLZ6dRpdQnWfrQuo2vunkuPJpD9HNvZQ3J5aylSw7Y8ghzom793CbTJK1ZI254yZtkaWZJWOBhPKCaaRac+qfpRN1spl42vpyMn1OrGQm1pwZT6rDpCyIVIx/k2o4puMsQHNUIqxXPu3Oj+KSVdCIGOmabMhz765UjhwIDAQAB", + "id": "66664444789ABCDEF0123456789ABCDEF0123456", "version": "1.0.0.0", "name": "Roundtrip ApiCall Test Extension", "description": "An extension for an extension UITest." diff --git a/chrome/test/data/extensions/uitest/simple_api_call/manifest.json b/chrome/test/data/extensions/uitest/simple_api_call/manifest.json index b302c0e..b883fdf 100644 --- a/chrome/test/data/extensions/uitest/simple_api_call/manifest.json +++ b/chrome/test/data/extensions/uitest/simple_api_call/manifest.json @@ -1,5 +1,5 @@ { - "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsaVmPYFjlYABY7y8sEVB5i3/stDIXU8i3bBeQYeaXOg+Jr1vEhaSgKTy3zMY4m3+cnKI7Z/bMpYohS4pQTcwIXS1kEB6taCUUWgm2315zxSH+gUFRyfzBDlS8LZ9tRirFGj8o0R2YQobHgSPyf04Phq4AeMmGSygEJkfGO+Wt8wIDAQAB", + "id": "77774444789ABCDEF0123456789ABCDEF0123456", "version": "1.0.0.0", "name": "ApiCall Test Extension", "description": "An extension for an extension UITest." |