Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRLsets reintroduced #997

Merged
merged 2 commits into from
Dec 11, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions browser/net/brave_static_redirect_network_delegate_helper.cc
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@ int OnBeforeURLRequest_StaticRedirectWork(
GURL::Replacements replacements;
static URLPattern geo_pattern(URLPattern::SCHEME_HTTPS, kGeoLocationsPattern);
static URLPattern safeBrowsing_pattern(URLPattern::SCHEME_HTTPS, kSafeBrowsingPrefix);
static URLPattern crlSet_pattern1(URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS,
kCRLSetPrefix1);
static URLPattern crlSet_pattern2(URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS,
kCRLSetPrefix2);
static URLPattern crxDownload_pattern(URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS,
kCRXDownloadPrefix);

if (geo_pattern.MatchesURL(ctx->request_url)) {
ctx->new_url_spec = GURL(GOOGLEAPIS_ENDPOINT GOOGLEAPIS_API_KEY).spec();
Expand All @@ -27,6 +33,27 @@ int OnBeforeURLRequest_StaticRedirectWork(
return net::OK;
}

if (crxDownload_pattern.MatchesHost(ctx->request_url)) {
replacements.SetSchemeStr("https");
replacements.SetHostStr("crxdownload.brave.com");
ctx->new_url_spec = ctx->request_url.ReplaceComponents(replacements).spec();
return net::OK;
}

if (crlSet_pattern1.MatchesHost(ctx->request_url)) {
replacements.SetSchemeStr("https");
replacements.SetHostStr("crlsets1.brave.com");
ctx->new_url_spec = ctx->request_url.ReplaceComponents(replacements).spec();
return net::OK;
}

if (crlSet_pattern2.MatchesHost(ctx->request_url)) {
replacements.SetSchemeStr("https");
replacements.SetHostStr("crlsets2.brave.com");
ctx->new_url_spec = ctx->request_url.ReplaceComponents(replacements).spec();
return net::OK;
}

#if !defined(NDEBUG)
GURL gurl = ctx->request_url;
static std::vector<URLPattern> allowed_patterns({
Expand Down Expand Up @@ -58,9 +85,16 @@ int OnBeforeURLRequest_StaticRedirectWork(
URLPattern(URLPattern::SCHEME_HTTPS, "https://safebrowsing.brave.com/v4/*"),
URLPattern(URLPattern::SCHEME_HTTPS, "https://ssl.gstatic.com/safebrowsing/*"),

//CRLSets
URLPattern(URLPattern::SCHEME_HTTPS, "https://crlsets1.brave.com/*"),
URLPattern(URLPattern::SCHEME_HTTPS, "https://crlsets2.brave.com/*"),

URLPattern(URLPattern::SCHEME_HTTPS, "https://crxdownload.brave.com/*"),

// Will be removed when https://github.com/brave/brave-browser/issues/663 is fixed
URLPattern(URLPattern::SCHEME_HTTPS, "https://www.gstatic.com/*"),
});

// Check to make sure the URL being requested matches at least one of the allowed patterns
bool is_url_allowed = std::any_of(allowed_patterns.begin(), allowed_patterns.end(),
[&gurl](URLPattern pattern) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,70 @@ TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyGeoURL) {
EXPECT_EQ(ret, net::OK);
}

TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet1) {
net::TestDelegate test_delegate;
GURL url("https://dl.google.com/release2/chrome_component/AJ4r388iQSJq_4819/"
"4819_all_crl-set-5934829738003798040.data.crx3");
std::unique_ptr<net::URLRequest> request =
context()->CreateRequest(url, net::IDLE, &test_delegate,
TRAFFIC_ANNOTATION_FOR_TESTS);
std::shared_ptr<brave::BraveRequestInfo>
before_url_context(new brave::BraveRequestInfo());
brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context);
brave::ResponseCallback callback;
GURL expected_url("https://crlsets1.brave.com/release2/chrome_component/"
"AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3");
int ret =
OnBeforeURLRequest_StaticRedirectWork(callback,
before_url_context);
EXPECT_EQ(before_url_context->new_url_spec, expected_url);
EXPECT_EQ(ret, net::OK);
}

TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet2) {
net::TestDelegate test_delegate;
GURL url("https://r2---sn-8xgp1vo-qxoe.gvt1.com/edgedl/release2/chrome_compone"
"nt/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3");
std::unique_ptr<net::URLRequest> request =
context()->CreateRequest(url, net::IDLE, &test_delegate,
TRAFFIC_ANNOTATION_FOR_TESTS);
std::shared_ptr<brave::BraveRequestInfo>
before_url_context(new brave::BraveRequestInfo());
brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context);
brave::ResponseCallback callback;
GURL expected_url("https://crlsets2.brave.com/edgedl/release2/chrome_compone"
"nt/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3");
int ret =
OnBeforeURLRequest_StaticRedirectWork(callback,
before_url_context);
EXPECT_EQ(before_url_context->new_url_spec, expected_url);
EXPECT_EQ(ret, net::OK);
}

TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRXDownload) {
net::TestDelegate test_delegate;
GURL url("https://clients2.googleusercontent.com/crx/blobs/QgAAAC6zw0qH2DJtn"
"Xe8Z7rUJP1RM6lX7kVcwkQ56ujmG3AWYOAkxoNnIdnEBUz_3z4keVhjzzAF10srsaL7lrntfB"
"IflcYIrTziwX3SUS9i_P-CAMZSmuV5tdQl-Roo6cnVC_GRzKsnZSKm1Q/extension_2_0_67"
"3_0.crx");
std::unique_ptr<net::URLRequest> request =
context()->CreateRequest(url, net::IDLE, &test_delegate,
TRAFFIC_ANNOTATION_FOR_TESTS);
std::shared_ptr<brave::BraveRequestInfo>
before_url_context(new brave::BraveRequestInfo());
brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context);
brave::ResponseCallback callback;
GURL expected_url("https://crxdownload.brave.com/crx/blobs/QgAAAC6"
"zw0qH2DJtnXe8Z7rUJP1RM6lX7kVcwkQ56ujmG3AWYOAkxoNnIdnEBUz_3z4keVhjzzAF10sr"
"saL7lrntfBIflcYIrTziwX3SUS9i_P-CAMZSmuV5tdQl-Roo6cnVC_GRzKsnZSKm1Q/extens"
"ion_2_0_673_0.crx");
int ret =
OnBeforeURLRequest_StaticRedirectWork(callback,
before_url_context);
EXPECT_EQ(before_url_context->new_url_spec, expected_url);
EXPECT_EQ(ret, net::OK);
}

TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifySafeBrowsingURLV4) {
net::TestDelegate test_delegate;
GURL url("https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=ChkKCGNocm9taXVtEg02Ni");
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */

#define RegisterCRLSetComponent RegisterCRLSetComponent_ChromiumImpl
#include "../../../../../chrome/browser/component_updater/crl_set_component_installer.cc"
#undef RegisterCRLSetComponent

#include "brave/browser/extensions/brave_component_extension.h"
#include "brave/common/extensions/extension_constants.h"
#include "chrome/browser/browser_process.h"

namespace component_updater {

void OnCRLSetRegistered() {
ComponentsUI demand_updater;
demand_updater.OnDemandUpdate(g_browser_process->component_updater(),
crl_set_extension_id);
}

void RegisterCRLSetComponent(ComponentUpdateService* cus,
const base::FilePath& user_data_dir) {
auto installer = base::MakeRefCounted<component_updater::ComponentInstaller>(
std::make_unique<CRLSetPolicy>());
installer->Register(g_browser_process->component_updater(),
base::Bind(&OnCRLSetRegistered));
}

} // namespace component_updater
21 changes: 21 additions & 0 deletions chromium_src/components/component_updater/configurator_impl.cc
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "components/component_updater/component_updater_url_constants.h"

namespace component_updater {

const char kBraveUpdaterDefaultUrl[] =
"https://componentupdater.brave.com/service/update2";

const char kBraveUpdaterFallbackUrl[] =
"http://componentupdater.brave.com/service/update2";

} // namespace component_updater

#define kUpdaterDefaultUrl kBraveUpdaterDefaultUrl
#define kUpdaterFallbackUrl kBraveUpdaterFallbackUrl
#include "../../../../components/component_updater/configurator_impl.cc"
#undef kUpdaterDefaultUrl
#undef kUpdaterFallbackUrl
1 change: 1 addition & 0 deletions common/extensions/extension_constants.cc
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ const char brave_rewards_extension_id[] = "jidkidbbcafjabdphckchenhfomhnfma";
const char brave_webtorrent_extension_id[] = "lgjmpdmojkpocjcopdikifhejkkjglho";
const char widevine_extension_id[] = "oimompecagnajdejgnnjijobebaeigek";
const char brave_sync_extension_id[] = "nomlkjnggnifocmealianaaiobmebgil";
const char crl_set_extension_id[] = "hfnkpimlhhgieaddgfemjhofmfblmnib";

const char pdfjs_extension_id[] = "oemmndcbldboiebfnladdacbdfmadadm";
const char pdfjs_extension_name[] = "PDF Viewer (PDF.js)";
Expand Down
1 change: 1 addition & 0 deletions common/extensions/extension_constants.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ extern const char brave_rewards_extension_id[];
extern const char brave_webtorrent_extension_id[];
extern const char widevine_extension_id[];
extern const char brave_sync_extension_id[];
extern const char crl_set_extension_id[];

extern const char pdfjs_extension_id[];
extern const char pdfjs_extension_name[];
Expand Down
3 changes: 3 additions & 0 deletions common/network_constants.cc
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,14 @@ const char kBraveReferralsHeadersPath[] = "/promo/custom-headers";
const char kBraveReferralsInitPath[] = "/promo/initialize/nonua";
const char kBraveReferralsActivityPath[] = "/promo/activity";

const char kCRXDownloadPrefix[] = "https://clients2.googleusercontent.com/crx/blobs/*crx*";
const char kEmptyDataURI[] = "data:text/plain,";
const char kEmptyImageDataURI[] = "";
const char kJSDataURLPrefix[] = "data:application/javascript;base64,";
const char kGeoLocationsPattern[] = "https://www.googleapis.com/geolocation/v1/geolocate?key=*";
const char kSafeBrowsingPrefix[] = "https://safebrowsing.googleapis.com/";
const char kCRLSetPrefix1[] = "https://dl.google.com/release2/chrome_component/*crl-set*";
const char kCRLSetPrefix2[] = "https://*.gvt1.com/edgedl/release2/chrome_component/*crl-set*";
const char kGoogleTagManagerPattern[] = "https://www.googletagmanager.com/gtm.js";
const char kGoogleTagServicesPattern[] = "https://www.googletagservices.com/tag/js/gpt.js";
const char kForbesPattern[] = "https://www.forbes.com/*";
Expand Down
3 changes: 3 additions & 0 deletions common/network_constants.h
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ extern const char kBraveReferralsHeadersPath[];
extern const char kBraveReferralsInitPath[];
extern const char kBraveReferralsActivityPath[];

extern const char kCRXDownloadPrefix[];
extern const char kEmptyDataURI[];
extern const char kEmptyImageDataURI[];
extern const char kJSDataURLPrefix[];
Expand All @@ -17,6 +18,8 @@ extern const char kGoogleTagServicesPattern[];
extern const char kForbesPattern[];
extern const char kForbesExtraCookies[];
extern const char kSafeBrowsingPrefix[];
extern const char kCRLSetPrefix1[];
extern const char kCRLSetPrefix2[];
extern const char kTwitterPattern[];
extern const char kTwitterReferrer[];
extern const char kTwitterRedirectURL[];
Expand Down