diff options
| author | asargent@chromium.org <asargent@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-09 15:11:03 +0000 |
|---|---|---|
| committer | asargent@chromium.org <asargent@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-09 15:11:03 +0000 |
| commit | 3dc81f218677e2468be0c09215b1eeedf1e35eba (patch) | |
| tree | 40d261604e0a48078221374a0deeef18a1235789 /extensions/test/data | |
| parent | c0af90aec0d1ccedb3ede85d85cf33d5b3fca4a3 (diff) | |
| download | chromium_src-3dc81f218677e2468be0c09215b1eeedf1e35eba.zip chromium_src-3dc81f218677e2468be0c09215b1eeedf1e35eba.tar.gz chromium_src-3dc81f218677e2468be0c09215b1eeedf1e35eba.tar.bz2 | |
Add a class for parsing extension content verification data
The webstore will be vending a "verified_contents.json" file for
extensions hosted there that contains a signed list of expected
block hashes for the files contained in an extension.
This new class handles parsing/validation of that data.
BUG=369895
R=rockot@chromium.org
Review URL: https://codereview.chromium.org/278593005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@269305 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'extensions/test/data')
5 files changed, 104 insertions, 0 deletions
diff --git a/extensions/test/data/content_verifier/README b/extensions/test/data/content_verifier/README new file mode 100644 index 0000000..b950a21 --- /dev/null +++ b/extensions/test/data/content_verifier/README @@ -0,0 +1,28 @@ + +The public/private key pairs were generated with the following commands: + +openssl genrsa -out private_key.pem 2048 +openssl rsa -in private_key.pem -pubout -out public_key.pem + + +The signature was generated by: + +1) Take the contents of payload.json and base64url encode them: +cat payload.json | tr -d \\n | base64 -w0 | tr _ / | tr \- + | tr -d '=' > payload_encoded.txt + +2) Put the contents of payload_encoded.txt into the "payload" field of +verified_contents.json. + +3) Copy the contents of the "protected" field from verified_contents.json into +protected.txt. + +4) Concatenate the "protected" and "payload" fields with a '.' separator. + +echo -n '.' | cat protected.txt - payload_encoded.txt > signature_input.txt + +5) Sign it + +tr -d \\n < signature_input.txt | openssl dgst -sha256 -sign private_key.pem -binary | base64 -w0 | tr _ / | tr \- + | tr -d '=' > signature.txt + +6) Put the contents of signature.txt into the "signature" field in +verified_contents.json. diff --git a/extensions/test/data/content_verifier/payload.json b/extensions/test/data/content_verifier/payload.json new file mode 100644 index 0000000..9995069 --- /dev/null +++ b/extensions/test/data/content_verifier/payload.json @@ -0,0 +1,25 @@ +{ + "content_hashes": [ + { + "block_size": 4096, + "hash_block_size": 4096, + "format": "treehash", + "files": [ + { + "path": "manifest.json", + "root_hash": "fafcb22089fb8920b383b5f7202508e7065aded1bbc3bbf2882724c5974919fb" + }, + { + "path": "background.js", + "root_hash": "b711e21b9290bcda0f3921f915b428f596f9809db78f7a0507446ef433a7ce2c" + }, + { + "path": "foo/bar.html", + "root_hash": "2f7ecb15b4ff866b7144bec07c664df584e95baca8cff662435a292c99f53595" + } + ] + } + ], + "item_id": "abcdefghijklmnopabcdefghijklmnop", + "item_version": "1.2.3" +} diff --git a/extensions/test/data/content_verifier/private_key.pem b/extensions/test/data/content_verifier/private_key.pem new file mode 100644 index 0000000..f88b394 --- /dev/null +++ b/extensions/test/data/content_verifier/private_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxlOasjnVYBOB3oiaJpsmOC9aUX+TbOva/y3w4gm/j7w4p2S3 +ytrCHhglLBRMqDHd0KdN1DiA7Eld8357naDx2hRv3/TBqbUsKmpwQV3Dlidoc7YT +lQrjmuR3gPNtIqpF3MtTWCdTvBdJd+rs5pXcuhcJPbS56JW1XuQ3MHr8GahtNG0c +GBDv01L9P1jwiufPa5CJYYI0XmcD73YNvGM7gv0Zh34odbxIw/T3Lv8YXLb46I0M +yhzkYAUBUt7nOsMrvPjczI3Jez6AhF4EorlLi3vC2kKp6hnSmGLHJ6+/Ehc8A56Q +P1DT2/ljPyo2Wre6sanLm2ALyU86Id42mMaXGQIDAQABAoIBAGhzl8HOG8bh/0AI +icdTZymoJtVNb4OqJEjJFVi28aDt7Jicvv+jfyECbnFsr4LV4JEHzEG9EIlhio23 +S7uVDEtjABjfey+6L2yXak/C5kOqtaRbfKy+c2kccqQDkLL1Ip5Kp7aB3+PsD9GM +dQBsZTfM8h0BlfgdAMzdPQPXgfawhAcwisLn+6oRmtJUvcsKoK/6UWblbB8L3NwN +Z1o8ufgI23N+RRCZHAhrvl0xnVO6SzYIaB1lhIbeSyxGDEcIpMValSPOYyWasAO+ +JiHmSajSlT2fRO58jOJTjNuDmPzXbTsEDsELnusvrjbwU4vo8DFmd3cGUwY249f5 +otbg3dECgYEA8ZhypG4BEwZB3auyGsZdSJ9NUgR2Gt7dlJxiIJhzedIgaSGj6J0N +Y/pTBUayHZZeeo1+3YXA/wtikIDyNxZtjzH74tTTW4I1lvyu1L5QpU141cUujwkJ +vJ7HKuda45oYbmuTnFi/vwy3+cwHDePPlXIDbgvSFmNkD4Q4mdPJsrsCgYEA0ia6 +hQxjmDHeB4vxAKsc7+t65EkmLz2s41q3GfhxjMnKmINURGxwvF6I8cCL6kUO1ljG +G0mZFd0Vapm5tyKqjPt95HiEl0yu60Mqj1T2utaHnPL8phhhrQUlLyQ7qnwOgu7A +REqHO2LU4M/b2U9i4PdzCNHRd2WMZL4fKyO30jsCgYAdiCADX3r8I1iryxATW8oN +VYOzEd6J/FIjl1YbW+dJrdjOYRFTHteDMBcz3udo3HeiDWfDllT4GCEtPsXc2/36 +cgazPIa1ed4pHawVT0o2Wpj5sIe3bkhlaRc5dFxU1AJGhRnfE64koV5fx4PZO86l +GvG2YvWETRPvHZ95ljzifwKBgE16XdXjpWxdJkCeBXJ7o6WIqbw0g9Fy6aTAszTt +9d80Hm9wK8c2O7IXIGIQ3QS4BSpdfFxfHAOFiPnORzwPmdV0ewuaqzek2/B8yNoj +NvvXUBQ7OY56+rfxZ64jq6PFLQx0vYnv+D+axmVD/Qf3TrsmP9EGmjVsyP/zYEZl +WsY1AoGBAMQpZGUjdxeSYbxZnmFkf4TXYE/QjW/bpOE35hsaUG5X4GEoAhXguxwA +PsQXrHQa4t9vevW8OnVLKNbm11WDHyEWnuzrGyUHrvIHSqSng6Z9mvjbr6HM3nwg +xafypreMHnRrx5DnbpkALERceG17toO9+N9l0KELMxdOXIqAiVQC +-----END RSA PRIVATE KEY----- diff --git a/extensions/test/data/content_verifier/public_key.pem b/extensions/test/data/content_verifier/public_key.pem new file mode 100644 index 0000000..2a568a1 --- /dev/null +++ b/extensions/test/data/content_verifier/public_key.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlOasjnVYBOB3oiaJpsm +OC9aUX+TbOva/y3w4gm/j7w4p2S3ytrCHhglLBRMqDHd0KdN1DiA7Eld8357naDx +2hRv3/TBqbUsKmpwQV3Dlidoc7YTlQrjmuR3gPNtIqpF3MtTWCdTvBdJd+rs5pXc +uhcJPbS56JW1XuQ3MHr8GahtNG0cGBDv01L9P1jwiufPa5CJYYI0XmcD73YNvGM7 +gv0Zh34odbxIw/T3Lv8YXLb46I0MyhzkYAUBUt7nOsMrvPjczI3Jez6AhF4EorlL +i3vC2kKp6hnSmGLHJ6+/Ehc8A56QP1DT2/ljPyo2Wre6sanLm2ALyU86Id42mMaX +GQIDAQAB +-----END PUBLIC KEY----- diff --git a/extensions/test/data/content_verifier/verified_contents.json b/extensions/test/data/content_verifier/verified_contents.json new file mode 100644 index 0000000..ba86f3b --- /dev/null +++ b/extensions/test/data/content_verifier/verified_contents.json @@ -0,0 +1,15 @@ +{ + "payload": "eyAgImNvbnRlbnRfaGFzaGVzIjogWyAgICB7ICAgICAgImJsb2NrX3NpemUiOiA0MDk2LCAgICAgICJoYXNoX2Jsb2NrX3NpemUiOiA0MDk2LCAgICAgICJmb3JtYXQiOiAidHJlZWhhc2giLCAgICAgICJmaWxlcyI6IFsgICAgICAgIHsgICAgICAgICAgInBhdGgiOiAibWFuaWZlc3QuanNvbiIsICAgICAgICAgICJyb290X2hhc2giOiAiZmFmY2IyMjA4OWZiODkyMGIzODNiNWY3MjAyNTA4ZTcwNjVhZGVkMWJiYzNiYmYyODgyNzI0YzU5NzQ5MTlmYiIgICAgICAgIH0sICAgICAgICB7ICAgICAgICAgICJwYXRoIjogImJhY2tncm91bmQuanMiLCAgICAgICAgICAicm9vdF9oYXNoIjogImI3MTFlMjFiOTI5MGJjZGEwZjM5MjFmOTE1YjQyOGY1OTZmOTgwOWRiNzhmN2EwNTA3NDQ2ZWY0MzNhN2NlMmMiICAgICAgICB9LCAgICAgICAgeyAgICAgICAgICAicGF0aCI6ICJmb28vYmFyLmh0bWwiLCAgICAgICAgICAicm9vdF9oYXNoIjogIjJmN2VjYjE1YjRmZjg2NmI3MTQ0YmVjMDdjNjY0ZGY1ODRlOTViYWNhOGNmZjY2MjQzNWEyOTJjOTlmNTM1OTUiICAgICAgICB9ICAgICAgXSAgICB9ICBdLCAgIml0ZW1faWQiOiAiYWJjZGVmZ2hpamtsbW5vcGFiY2RlZmdoaWprbG1ub3AiLCAgIml0ZW1fdmVyc2lvbiI6ICIxLjIuMyJ9", + "signatures": [ + { + "header": {"kid": "publisher"}, + "protected": "eyJhbGciOiJSUzI1NiJ9", + "signature": "whatever" + }, + { + "header": {"kid": "webstore"}, + "protected": "eyJhbGciOiJSUzI1NiJ9", + "signature": "cLCoy+XfCahsNbF0xT6WBk2hvGwPut8D9mdkkKIDc6+wQVQryLSP2dGFqgS1XDP54vY8OqM8/7GrdTfVPim6aG80fAPd0YY3Q8nnn9zG2Lhr7rkYMMTdXFzE1bYamxoc3N9WNFkeisvXPZC26QX/D3JOlEisVhXym6DZRk3sibaVGh+mDgZej6YCzPQjnboquQsOsImL9Br7f3HxiH41kjMlsqX+PHrcgzeTVW5VOyiJVIEhOE1QDtgRPOW+MopaDPVvXxTsO8/LDeYE306CxVzemMJcKKaC39c2uOIn55cQqjOtPq1aqss7qFCSqGtvuMwmjSYEgV/q3VX/nc7npA" + } + ] +} |