diff options
19 files changed, 124 insertions, 22 deletions
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn index a789bedf..d4c4510 100644 --- a/chrome/browser/BUILD.gn +++ b/chrome/browser/BUILD.gn @@ -94,6 +94,7 @@ static_library("browser") { "//components/network_time", "//components/omnibox", "//components/os_crypt", + "//components/packed_ct_ev_whitelist", "//components/password_manager/core/browser", "//components/password_manager/core/common", "//components/policy:policy_component", diff --git a/chrome/browser/component_updater/DEPS b/chrome/browser/component_updater/DEPS index 626a124..9b7a769 100644 --- a/chrome/browser/component_updater/DEPS +++ b/chrome/browser/component_updater/DEPS @@ -1,4 +1,5 @@ include_rules = [ + "+components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h", "+media/cdm/ppapi/supported_cdm_versions.h", "+ppapi/thunk", "+third_party/widevine" diff --git a/chrome/browser/component_updater/ev_whitelist_component_installer.cc b/chrome/browser/component_updater/ev_whitelist_component_installer.cc index bb5881c..42d987c 100644 --- a/chrome/browser/component_updater/ev_whitelist_component_installer.cc +++ b/chrome/browser/component_updater/ev_whitelist_component_installer.cc @@ -15,8 +15,8 @@ #include "base/numerics/safe_conversions.h" #include "base/path_service.h" #include "base/version.h" -#include "chrome/browser/net/packed_ct_ev_whitelist.h" #include "components/component_updater/component_updater_paths.h" +#include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h" #include "content/public/browser/browser_thread.h" #include "net/ssl/ssl_config_service.h" @@ -42,7 +42,8 @@ void UpdateNewWhitelistData(const base::FilePath& new_whitelist_file, } scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( - new PackedEVCertsWhitelist(compressed_list, version)); + new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list, + version)); if (!new_whitelist->IsValid()) { VLOG(1) << "Failed uncompressing EV certs whitelist."; return; @@ -56,7 +57,7 @@ void UpdateNewWhitelistData(const base::FilePath& new_whitelist_file, } } - SetEVCertsWhitelist(new_whitelist); + packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist); } void DoInitialLoadFromDisk(const base::FilePath& stored_whitelist_path) { @@ -77,14 +78,15 @@ void DoInitialLoadFromDisk(const base::FilePath& stored_whitelist_path) { // In practice very quickly the component updater will call ComponentReady // which will have a valid version. scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( - new PackedEVCertsWhitelist(compressed_list, Version())); + new packed_ct_ev_whitelist::PackedEVCertsWhitelist(compressed_list, + Version())); if (!new_whitelist->IsValid()) { VLOG(1) << "Failed uncompressing EV certs whitelist."; return; } VLOG(1) << "EV whitelist: Sucessfully loaded initial data."; - SetEVCertsWhitelist(new_whitelist); + packed_ct_ev_whitelist::SetEVCertsWhitelist(new_whitelist); } } // namespace diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi index 9c664b60..4739ab0 100644 --- a/chrome/chrome_browser.gypi +++ b/chrome/chrome_browser.gypi @@ -1704,8 +1704,6 @@ 'browser/net/about_protocol_handler.h', 'browser/net/async_dns_field_trial.cc', 'browser/net/async_dns_field_trial.h', - 'browser/net/bit_stream_reader.cc', - 'browser/net/bit_stream_reader.h', 'browser/net/chrome_cookie_notification_details.h', 'browser/net/chrome_extensions_network_delegate.cc', 'browser/net/chrome_extensions_network_delegate.h', @@ -1745,8 +1743,6 @@ 'browser/net/net_pref_observer.h', 'browser/net/network_stats.cc', 'browser/net/network_stats.h', - 'browser/net/packed_ct_ev_whitelist.cc', - 'browser/net/packed_ct_ev_whitelist.h', 'browser/net/preconnect.cc', 'browser/net/preconnect.h', 'browser/net/prediction_options.cc', @@ -2987,6 +2983,7 @@ '../components/components.gyp:dom_distiller_content', '../components/components.gyp:keyed_service_content', '../components/components.gyp:navigation_interception', + '../components/components.gyp:packed_ct_ev_whitelist', '../components/components.gyp:password_manager_content_browser', '../components/components.gyp:power', '../components/components.gyp:precache_content', diff --git a/chrome/chrome_tests_unit.gypi b/chrome/chrome_tests_unit.gypi index 428ad78..44df8ba 100644 --- a/chrome/chrome_tests_unit.gypi +++ b/chrome/chrome_tests_unit.gypi @@ -533,7 +533,6 @@ 'browser/metrics/variations/variations_request_scheduler_unittest.cc', 'browser/metrics/variations/variations_seed_store_unittest.cc', 'browser/metrics/variations/variations_service_unittest.cc', - 'browser/net/bit_stream_reader_unittest.cc', 'browser/net/chrome_fraudulent_certificate_reporter_unittest.cc', 'browser/net/chrome_network_delegate_unittest.cc', 'browser/net/client_hints_unittest.cc', @@ -545,7 +544,6 @@ 'browser/net/net_error_tab_helper_unittest.cc', 'browser/net/net_log_temp_file_unittest.cc', 'browser/net/network_stats_unittest.cc', - 'browser/net/packed_ct_ev_whitelist_unittest.cc', 'browser/net/predictor_unittest.cc', 'browser/net/pref_proxy_config_tracker_impl_unittest.cc', 'browser/net/probe_message_unittest.cc', diff --git a/components/BUILD.gn b/components/BUILD.gn index dad4b80..ca44c58 100644 --- a/components/BUILD.gn +++ b/components/BUILD.gn @@ -58,6 +58,7 @@ group("all_components") { "//components/omnibox", "//components/onc", "//components/os_crypt", + "//components/packed_ct_ev_whitelist", "//components/pairing", "//components/password_manager/content/browser", "//components/password_manager/core/browser", @@ -242,6 +243,7 @@ test("components_unittests") { "//components/metrics:unit_tests", "//components/omnibox:unit_tests", "//components/ownership:unit_tests", + "//components/packed_ct_ev_whitelist:unit_tests", "//components/proximity_auth:unit_tests", "//components/variations:unit_tests", "//components/web_resource:unit_tests", diff --git a/components/OWNERS b/components/OWNERS index 4b34ccf..71db57e 100644 --- a/components/OWNERS +++ b/components/OWNERS @@ -136,6 +136,9 @@ per-file onc.gypi=gspencer@chromium.org per-file onc.gypi=pneubeck@chromium.org per-file onc.gypi=stevenjb@chromium.org +per-file packed_ct_ev_whitelist.gypi=eranm@chromium.org +per-file packed_ct_ev_whitelist.gypi=rsleevi@chromium.org + per-file pairing.gypi=achuith@chromium.org per-file pairing.gypi=dzhioev@chromium.org per-file pairing.gypi=zork@chromium.org diff --git a/components/components.gyp b/components/components.gyp index f21dc39..6d3fb3e 100644 --- a/components/components.gyp +++ b/components/components.gyp @@ -43,6 +43,7 @@ 'onc.gypi', 'os_crypt.gypi', 'ownership.gypi', + 'packed_ct_ev_whitelist.gypi', 'password_manager.gypi', 'policy.gypi', 'precache.gypi', diff --git a/components/components_tests.gyp b/components/components_tests.gyp index a2f3e66..e7628ab 100644 --- a/components/components_tests.gyp +++ b/components/components_tests.gyp @@ -190,6 +190,8 @@ 'os_crypt/keychain_password_mac_unittest.mm', 'os_crypt/os_crypt_unittest.cc', 'ownership/owner_key_util_impl_unittest.cc', + 'packed_ct_ev_whitelist/bit_stream_reader_unittest.cc', + 'packed_ct_ev_whitelist/packed_ct_ev_whitelist_unittest.cc', 'password_manager/core/browser/affiliation_fetcher_unittest.cc', 'password_manager/core/browser/affiliation_utils_unittest.cc', 'password_manager/core/browser/browser_save_password_progress_logger_unittest.cc', @@ -351,6 +353,9 @@ 'components.gyp:content_settings_core_browser', 'components.gyp:content_settings_core_common', 'components.gyp:content_settings_core_test_support', + + # Dependencies of packed CT EV white list + 'components.gyp:packed_ct_ev_whitelist', # Dependencies of crash 'components.gyp:crash_test_support', diff --git a/components/packed_ct_ev_whitelist.gypi b/components/packed_ct_ev_whitelist.gypi new file mode 100644 index 0000000..e58129c --- /dev/null +++ b/components/packed_ct_ev_whitelist.gypi @@ -0,0 +1,30 @@ +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +{ + 'targets': [ + { + # GN version: //components/packed_ct_ev_whitelist + 'target_name': 'packed_ct_ev_whitelist', + 'type': 'static_library', + 'include_dirs': [ + '..', + ], + 'dependencies': [ + '../base/base.gyp:base', + '../content/content.gyp:content_common', + '../net/net.gyp:net', + ], + 'sources': [ + # Note: sources list duplicated in GN build. + 'packed_ct_ev_whitelist/bit_stream_reader.cc', + 'packed_ct_ev_whitelist/bit_stream_reader.h', + 'packed_ct_ev_whitelist/packed_ct_ev_whitelist.cc', + 'packed_ct_ev_whitelist/packed_ct_ev_whitelist.h', + ], + # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. + 'msvs_disabled_warnings': [4267, ], + }, + ], +} diff --git a/components/packed_ct_ev_whitelist/BUILD.gn b/components/packed_ct_ev_whitelist/BUILD.gn new file mode 100644 index 0000000..ae9561e --- /dev/null +++ b/components/packed_ct_ev_whitelist/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +static_library("packed_ct_ev_whitelist") { + sources = [ + "bit_stream_reader.cc", + "bit_stream_reader.h", + "packed_ct_ev_whitelist.cc", + "packed_ct_ev_whitelist.h", + ] + + deps = [ + "//base", + "//content", + "//net", + ] + + if (is_win) { + # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. + cflags = [ "/wd4267" ] + } +} + +source_set("unit_tests") { + testonly = true + sources = [ + "bit_stream_reader_unittest.cc", + "packed_ct_ev_whitelist_unittest.cc", + ] + + deps = [ + ":packed_ct_ev_whitelist", + "//testing/gtest", + ] +} diff --git a/components/packed_ct_ev_whitelist/DEPS b/components/packed_ct_ev_whitelist/DEPS new file mode 100644 index 0000000..1bea96d --- /dev/null +++ b/components/packed_ct_ev_whitelist/DEPS @@ -0,0 +1,6 @@ +include_rules = [ + "+base", + "+content/public/browser", + "+net/cert", + "+net/ssl", +] diff --git a/components/packed_ct_ev_whitelist/OWNERS b/components/packed_ct_ev_whitelist/OWNERS new file mode 100644 index 0000000..facb789 --- /dev/null +++ b/components/packed_ct_ev_whitelist/OWNERS @@ -0,0 +1,2 @@ +eranm@chromium.org +rsleevi@chromium.org diff --git a/chrome/browser/net/bit_stream_reader.cc b/components/packed_ct_ev_whitelist/bit_stream_reader.cc index 9e9f0aa..e4f6cc7 100644 --- a/chrome/browser/net/bit_stream_reader.cc +++ b/components/packed_ct_ev_whitelist/bit_stream_reader.cc @@ -2,12 +2,13 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/net/bit_stream_reader.h" +#include "components/packed_ct_ev_whitelist/bit_stream_reader.h" #include "base/big_endian.h" #include "base/logging.h" #include "base/numerics/safe_conversions.h" +namespace packed_ct_ev_whitelist { namespace internal { BitStreamReader::BitStreamReader(const base::StringPiece& source) @@ -61,3 +62,4 @@ uint8_t BitStreamReader::ReadBit() { } } // namespace internal +} // namespace packed_ct_ev_whitelist diff --git a/chrome/browser/net/bit_stream_reader.h b/components/packed_ct_ev_whitelist/bit_stream_reader.h index 28efef3..45fa5f5 100644 --- a/chrome/browser/net/bit_stream_reader.h +++ b/components/packed_ct_ev_whitelist/bit_stream_reader.h @@ -2,13 +2,14 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_NET_BIT_STREAM_READER_H_ -#define CHROME_BROWSER_NET_BIT_STREAM_READER_H_ +#ifndef COMPONENTS_PACKED_CT_EV_WHITELIST_BIT_STREAM_READER_H_ +#define COMPONENTS_PACKED_CT_EV_WHITELIST_BIT_STREAM_READER_H_ #include <stdint.h> #include "base/strings/string_piece.h" +namespace packed_ct_ev_whitelist { namespace internal { // A class for reading individual bits from a packed buffer. Bits are read @@ -54,5 +55,6 @@ class BitStreamReader { }; } // namespace internal +} // namespace packed_ct_ev_whitelist -#endif // CHROME_BROWSER_NET_BIT_STREAM_READER_H_ +#endif // COMPONENTS_PACKED_CT_EV_WHITELIST_BIT_STREAM_READER_H_ diff --git a/chrome/browser/net/bit_stream_reader_unittest.cc b/components/packed_ct_ev_whitelist/bit_stream_reader_unittest.cc index 766b2d1..9cf44f2 100644 --- a/chrome/browser/net/bit_stream_reader_unittest.cc +++ b/components/packed_ct_ev_whitelist/bit_stream_reader_unittest.cc @@ -2,13 +2,14 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/net/bit_stream_reader.h" +#include "components/packed_ct_ev_whitelist/bit_stream_reader.h" #include <algorithm> #include <string> #include "testing/gtest/include/gtest/gtest.h" +namespace packed_ct_ev_whitelist { namespace internal { const uint8_t kSomeData[] = {0xd5, 0xe2, 0xaf, 0xe5, 0xbb, 0x10, 0x7c, 0xd1}; @@ -93,3 +94,4 @@ TEST(BitStreamReaderTest, CannotReadFromEmptyStream) { } } // namespace internal +} // namespace packed_ct_ev_whitelist diff --git a/chrome/browser/net/packed_ct_ev_whitelist.cc b/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.cc index 685ccbb..e718f80 100644 --- a/chrome/browser/net/packed_ct_ev_whitelist.cc +++ b/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/net/packed_ct_ev_whitelist.h" +#include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h" #include <string.h> @@ -12,7 +12,7 @@ #include "base/files/file_util.h" #include "base/lazy_instance.h" #include "base/logging.h" -#include "chrome/browser/net/bit_stream_reader.h" +#include "components/packed_ct_ev_whitelist/bit_stream_reader.h" #include "content/public/browser/browser_thread.h" #include "net/ssl/ssl_config_service.h" @@ -38,6 +38,8 @@ int TruncatedHashesComparator(const void* v1, const void* v2) { } } // namespace +namespace packed_ct_ev_whitelist { + void SetEVCertsWhitelist(scoped_refptr<net::ct::EVCertsWhitelist> whitelist) { if (!whitelist->IsValid()) { VLOG(1) << "EV Certs whitelist is not valid, not setting."; @@ -130,3 +132,5 @@ bool PackedEVCertsWhitelist::IsValid() const { base::Version PackedEVCertsWhitelist::Version() const { return version_; } + +} // namespace packed_ct_ev_whitelist diff --git a/chrome/browser/net/packed_ct_ev_whitelist.h b/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h index 6520f3f..f3accc4 100644 --- a/chrome/browser/net/packed_ct_ev_whitelist.h +++ b/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ -#define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ +#ifndef COMPONENTS_PACKED_CT_EV_WHITELIST_PACKED_CT_EV_WHITELIST_H_ +#define COMPONENTS_PACKED_CT_EV_WHITELIST_PACKED_CT_EV_WHITELIST_H_ #include <stdint.h> @@ -18,6 +18,8 @@ namespace base { class FilePath; } +namespace packed_ct_ev_whitelist { + // An implementation of the EVCertsWhitelist that gets its data packed using // Golomb coding to encode the difference between subsequent hash values. // Format of the packed list: @@ -82,4 +84,6 @@ class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { // To set the new whitelist, this function dispatches a task to the IO thread. void SetEVCertsWhitelist(scoped_refptr<net::ct::EVCertsWhitelist> whitelist); -#endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ +} // namespace packed_ct_ev_whitelist + +#endif // COMPONENTS_PACKED_CT_EV_WHITELIST_PACKED_CT_EV_WHITELIST_H_ diff --git a/chrome/browser/net/packed_ct_ev_whitelist_unittest.cc b/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist_unittest.cc index 7877e95..686eee5 100644 --- a/chrome/browser/net/packed_ct_ev_whitelist_unittest.cc +++ b/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/net/packed_ct_ev_whitelist.h" +#include "components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h" #include <algorithm> #include <string> @@ -54,6 +54,8 @@ std::string GetAllWhitelistData() { } // namespace +namespace packed_ct_ev_whitelist { + TEST(PackedEVCertsWhitelistTest, UncompressFailsForTooShortList) { // This list does not contain enough bytes even for the first hash. std::vector<uint64_t> res; @@ -147,3 +149,5 @@ TEST(PackedEVCertsWhitelistTest, CorrectlyIdentifiesWhitelistIsValid) { EXPECT_TRUE(whitelist->IsValid()); } + +} // namespace packed_ct_ev_whitelist |