1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/extensions/extension_creator.h" 6 7 #include <vector> 8 #include <string> 9 10 #include "base/file_util.h" 11 #include "base/memory/scoped_handle.h" 12 #include "base/memory/scoped_temp_dir.h" 13 #include "base/string_util.h" 14 #include "crypto/rsa_private_key.h" 15 #include "crypto/signature_creator.h" 16 #include "chrome/browser/extensions/sandboxed_extension_unpacker.h" 17 #include "chrome/common/extensions/extension.h" 18 #include "chrome/common/extensions/extension_file_util.h" 19 #include "chrome/common/zip.h" 20 #include "grit/generated_resources.h" 21 #include "ui/base/l10n/l10n_util.h" 22 23 namespace { 24 const int kRSAKeySize = 1024; 25 }; 26 27 bool ExtensionCreator::InitializeInput( 28 const FilePath& extension_dir, 29 const FilePath& private_key_path, 30 const FilePath& private_key_output_path) { 31 // Validate input |extension_dir|. 32 if (extension_dir.value().empty() || 33 !file_util::DirectoryExists(extension_dir)) { 34 error_message_ = 35 l10n_util::GetStringUTF8(IDS_EXTENSION_DIRECTORY_NO_EXISTS); 36 return false; 37 } 38 39 FilePath absolute_extension_dir = extension_dir; 40 if (!file_util::AbsolutePath(&absolute_extension_dir)) { 41 error_message_ = 42 l10n_util::GetStringUTF8(IDS_EXTENSION_CANT_GET_ABSOLUTE_PATH); 43 return false; 44 } 45 46 // Validate input |private_key| (if provided). 47 if (!private_key_path.value().empty() && 48 !file_util::PathExists(private_key_path)) { 49 error_message_ = 50 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_INVALID_PATH); 51 return false; 52 } 53 54 // If an |output_private_key| path is given, make sure it doesn't over-write 55 // an existing private key. 56 if (private_key_path.value().empty() && 57 !private_key_output_path.value().empty() && 58 file_util::PathExists(private_key_output_path)) { 59 error_message_ = 60 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_EXISTS); 61 return false; 62 } 63 64 // Load the extension once. We don't really need it, but this does a lot of 65 // useful validation of the structure. 66 scoped_refptr<Extension> extension( 67 extension_file_util::LoadExtension(absolute_extension_dir, 68 Extension::INTERNAL, 69 Extension::STRICT_ERROR_CHECKS, 70 &error_message_)); 71 if (!extension.get()) 72 return false; // LoadExtension already set error_message_. 73 74 return true; 75 } 76 77 crypto::RSAPrivateKey* ExtensionCreator::ReadInputKey(const FilePath& 78 private_key_path) { 79 if (!file_util::PathExists(private_key_path)) { 80 error_message_ = 81 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_NO_EXISTS); 82 return NULL; 83 } 84 85 std::string private_key_contents; 86 if (!file_util::ReadFileToString(private_key_path, 87 &private_key_contents)) { 88 error_message_ = 89 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_FAILED_TO_READ); 90 return NULL; 91 } 92 93 std::string private_key_bytes; 94 if (!Extension::ParsePEMKeyBytes(private_key_contents, 95 &private_key_bytes)) { 96 error_message_ = 97 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_INVALID); 98 return NULL; 99 } 100 101 return crypto::RSAPrivateKey::CreateFromPrivateKeyInfo( 102 std::vector<uint8>(private_key_bytes.begin(), private_key_bytes.end())); 103 } 104 105 crypto::RSAPrivateKey* ExtensionCreator::GenerateKey(const FilePath& 106 output_private_key_path) { 107 scoped_ptr<crypto::RSAPrivateKey> key_pair( 108 crypto::RSAPrivateKey::Create(kRSAKeySize)); 109 if (!key_pair.get()) { 110 error_message_ = 111 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_FAILED_TO_GENERATE); 112 return NULL; 113 } 114 115 std::vector<uint8> private_key_vector; 116 if (!key_pair->ExportPrivateKey(&private_key_vector)) { 117 error_message_ = 118 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_FAILED_TO_EXPORT); 119 return NULL; 120 } 121 std::string private_key_bytes( 122 reinterpret_cast<char*>(&private_key_vector.front()), 123 private_key_vector.size()); 124 125 std::string private_key; 126 if (!Extension::ProducePEM(private_key_bytes, &private_key)) { 127 error_message_ = 128 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_FAILED_TO_OUTPUT); 129 return NULL; 130 } 131 std::string pem_output; 132 if (!Extension::FormatPEMForFileOutput(private_key, &pem_output, 133 false)) { 134 error_message_ = 135 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_FAILED_TO_OUTPUT); 136 return NULL; 137 } 138 139 if (!output_private_key_path.empty()) { 140 if (-1 == file_util::WriteFile(output_private_key_path, 141 pem_output.c_str(), pem_output.size())) { 142 error_message_ = 143 l10n_util::GetStringUTF8(IDS_EXTENSION_PRIVATE_KEY_FAILED_TO_OUTPUT); 144 return NULL; 145 } 146 } 147 148 return key_pair.release(); 149 } 150 151 bool ExtensionCreator::CreateZip(const FilePath& extension_dir, 152 const FilePath& temp_path, 153 FilePath* zip_path) { 154 *zip_path = temp_path.Append(FILE_PATH_LITERAL("extension.zip")); 155 156 if (!Zip(extension_dir, *zip_path, false)) { // no hidden files 157 error_message_ = 158 l10n_util::GetStringUTF8(IDS_EXTENSION_FAILED_DURING_PACKAGING); 159 return false; 160 } 161 162 return true; 163 } 164 165 bool ExtensionCreator::SignZip(const FilePath& zip_path, 166 crypto::RSAPrivateKey* private_key, 167 std::vector<uint8>* signature) { 168 scoped_ptr<crypto::SignatureCreator> signature_creator( 169 crypto::SignatureCreator::Create(private_key)); 170 ScopedStdioHandle zip_handle(file_util::OpenFile(zip_path, "rb")); 171 size_t buffer_size = 1 << 16; 172 scoped_array<uint8> buffer(new uint8[buffer_size]); 173 int bytes_read = -1; 174 while ((bytes_read = fread(buffer.get(), 1, buffer_size, 175 zip_handle.get())) > 0) { 176 if (!signature_creator->Update(buffer.get(), bytes_read)) { 177 error_message_ = 178 l10n_util::GetStringUTF8(IDS_EXTENSION_ERROR_WHILE_SIGNING); 179 return false; 180 } 181 } 182 zip_handle.Close(); 183 184 signature_creator->Final(signature); 185 return true; 186 } 187 188 bool ExtensionCreator::WriteCRX(const FilePath& zip_path, 189 crypto::RSAPrivateKey* private_key, 190 const std::vector<uint8>& signature, 191 const FilePath& crx_path) { 192 if (file_util::PathExists(crx_path)) 193 file_util::Delete(crx_path, false); 194 ScopedStdioHandle crx_handle(file_util::OpenFile(crx_path, "wb")); 195 196 std::vector<uint8> public_key; 197 if (!private_key->ExportPublicKey(&public_key)) { 198 error_message_ = 199 l10n_util::GetStringUTF8(IDS_EXTENSION_PUBLIC_KEY_FAILED_TO_EXPORT); 200 return false; 201 } 202 203 SandboxedExtensionUnpacker::ExtensionHeader header; 204 memcpy(&header.magic, SandboxedExtensionUnpacker::kExtensionHeaderMagic, 205 SandboxedExtensionUnpacker::kExtensionHeaderMagicSize); 206 header.version = SandboxedExtensionUnpacker::kCurrentVersion; 207 header.key_size = public_key.size(); 208 header.signature_size = signature.size(); 209 210 if (fwrite(&header, sizeof(SandboxedExtensionUnpacker::ExtensionHeader), 1, 211 crx_handle.get()) != 1) { 212 PLOG(ERROR) << "fwrite failed to write header"; 213 } 214 if (fwrite(&public_key.front(), sizeof(uint8), public_key.size(), 215 crx_handle.get()) != public_key.size()) { 216 PLOG(ERROR) << "fwrite failed to write public_key.front"; 217 } 218 if (fwrite(&signature.front(), sizeof(uint8), signature.size(), 219 crx_handle.get()) != signature.size()) { 220 PLOG(ERROR) << "fwrite failed to write signature.front"; 221 } 222 223 size_t buffer_size = 1 << 16; 224 scoped_array<uint8> buffer(new uint8[buffer_size]); 225 size_t bytes_read = 0; 226 ScopedStdioHandle zip_handle(file_util::OpenFile(zip_path, "rb")); 227 while ((bytes_read = fread(buffer.get(), 1, buffer_size, 228 zip_handle.get())) > 0) { 229 if (fwrite(buffer.get(), sizeof(char), bytes_read, crx_handle.get()) != 230 bytes_read) { 231 PLOG(ERROR) << "fwrite failed to write buffer"; 232 } 233 } 234 235 return true; 236 } 237 238 bool ExtensionCreator::Run(const FilePath& extension_dir, 239 const FilePath& crx_path, 240 const FilePath& private_key_path, 241 const FilePath& output_private_key_path) { 242 // Check input diretory and read manifest. 243 if (!InitializeInput(extension_dir, private_key_path, 244 output_private_key_path)) { 245 return false; 246 } 247 248 // Initialize Key Pair 249 scoped_ptr<crypto::RSAPrivateKey> key_pair; 250 if (!private_key_path.value().empty()) 251 key_pair.reset(ReadInputKey(private_key_path)); 252 else 253 key_pair.reset(GenerateKey(output_private_key_path)); 254 if (!key_pair.get()) 255 return false; 256 257 ScopedTempDir temp_dir; 258 if (!temp_dir.CreateUniqueTempDir()) 259 return false; 260 261 // Zip up the extension. 262 FilePath zip_path; 263 std::vector<uint8> signature; 264 bool result = false; 265 if (CreateZip(extension_dir, temp_dir.path(), &zip_path) && 266 SignZip(zip_path, key_pair.get(), &signature) && 267 WriteCRX(zip_path, key_pair.get(), signature, crx_path)) { 268 result = true; 269 } 270 271 file_util::Delete(zip_path, false); 272 return result; 273 } 274
