Fix extension content verification out-of-band hash fetching

When we changed content verification to strict mode (crbug.com/601512),
it turns out that the code for downloading missing
verified_contents.json files from the webstore had two longstanding bugs
that we never noticed due to insufficient tests:

a) Returning the results of a boolean expression as an integer
b) Use after free of an object

The end result is that when the patch for crbug.com/601512 hit stable,
many users became unable to run the EFF's HTTPS Everywhere and Privacy
Badger extensions because those are uploaded via a special process where
the webstore does not have a copy of their private key and cannot
include the verified_contents.json file in the .crx file; rather we rely
on being able to download it after install but fail due to the above
mentioned bugs.

This patch fixes the bugs and also introduces a change which clears the
corruption "disable reason" on extension autoupdate, so that users who
had the extension disabled because of this bug can get it re-enabled
automatically by an extension autoupdate.

BUG=643814

Review-Url: https://codereview.chromium.org/2336403002
Cr-Commit-Position: refs/heads/master@{#418748}

chrome/browser/extensions/chrome_content_verifier_delegate.cc

@@ -5,6 +5,7 @@
 #include "chrome/browser/extensions/chrome_content_verifier_delegate.h"
 
 #include <algorithm>
+#include <memory>
 #include <set>
 #include <vector>
 
@@ -22,6 +23,7 @@
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/browser/management_policy.h"
+#include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_urls.h"
 #include "extensions/common/extensions_client.h"
@@ -131,8 +133,8 @@ ContentVerifierDelegate::Mode ChromeContentVerifierDelegate::ShouldBeVerified(
 }
 
 ContentVerifierKey ChromeContentVerifierDelegate::GetPublicKey() {
-  return ContentVerifierKey(extension_misc::kWebstoreSignaturesPublicKey,
-                            extension_misc::kWebstoreSignaturesPublicKeySize);
+  return ContentVerifierKey(kWebstoreSignaturesPublicKey,
+                            kWebstoreSignaturesPublicKeySize);
 }
 
 GURL ChromeContentVerifierDelegate::GetSignatureFetchUrl(

chrome/browser/extensions/extension_service.cc

@@ -8,7 +8,9 @@
 
 #include <algorithm>
 #include <iterator>
+#include <memory>
 #include <set>
+#include <utility>
 
 #include "base/command_line.h"
 #include "base/location.h"
@@ -1766,6 +1768,10 @@ void ExtensionService::OnExtensionInstalled(
     }
   }
 
+  // If the old version of the extension was disabled due to corruption, this
+  // new install may correct the problem.
+  disable_reasons &= ~Extension::DISABLE_CORRUPTED;
+
   // Unsupported requirements overrides the management policy.
   if (install_flags & extensions::kInstallFlagHasRequirementErrors) {
     disable_reasons |= Extension::DISABLE_UNSUPPORTED_REQUIREMENT;

chrome/browser/extensions/extension_service_unittest.cc

@@ -6924,3 +6924,25 @@ TEST_F(ExtensionServiceTest, DestroyingProfileClearsExtensions) {
   EXPECT_EQ(0u, registry()->terminated_extensions().size());
   EXPECT_EQ(0u, registry()->blacklisted_extensions().size());
 }
+
+// Test that updating a corrupt extension removes the DISABLE_CORRUPTED disable
+// reason.
+TEST_F(ExtensionServiceTest, CorruptExtensionUpdate) {
+  InitializeEmptyExtensionService();
+
+  base::FilePath v1_path = data_dir().AppendASCII("good.crx");
+  const Extension* v1 = InstallCRX(v1_path, INSTALL_NEW);
+  std::string id = v1->id();
+
+  service()->DisableExtension(id, Extension::DISABLE_CORRUPTED);
+
+  ExtensionPrefs* prefs = ExtensionPrefs::Get(profile());
+  EXPECT_TRUE(registry()->disabled_extensions().Contains(id));
+  EXPECT_TRUE(prefs->HasDisableReason(id, Extension::DISABLE_CORRUPTED));
+
+  base::FilePath v2_path = data_dir().AppendASCII("good2.crx");
+  UpdateExtension(id, v2_path, ENABLED);
+
+  EXPECT_FALSE(registry()->disabled_extensions().Contains(id));
+  EXPECT_FALSE(prefs->HasDisableReason(id, Extension::DISABLE_CORRUPTED));
+}

chrome/common/extensions/extension_constants.cc

@@ -96,36 +96,6 @@ const char kAppStateReadyToRun[] = "ready_to_run";
 
 const char kMediaFileSystemPathPart[] = "_";
 
-const uint8_t kWebstoreSignaturesPublicKey[] = {
-    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
-    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x8f, 0xfb, 0xbf,
-    0x5c, 0x37, 0x63, 0x94, 0x3c, 0xb0, 0xee, 0x01, 0xc4, 0xb5, 0xa6, 0x9a,
-    0xb1, 0x9f, 0x46, 0x74, 0x6f, 0x16, 0x38, 0xa0, 0x32, 0x27, 0x35, 0xdd,
-    0xf0, 0x71, 0x6b, 0x0e, 0xdc, 0xf6, 0x25, 0xcb, 0xb2, 0xed, 0xea, 0xfb,
-    0x32, 0xd5, 0xaf, 0x1e, 0x03, 0x43, 0x03, 0x46, 0xf0, 0xa7, 0x39, 0xdb,
-    0x23, 0x96, 0x1d, 0x65, 0xe5, 0x78, 0x51, 0xf0, 0x84, 0xb0, 0x0e, 0x12,
-    0xac, 0x0e, 0x5b, 0xdc, 0xc9, 0xd6, 0x4c, 0x7c, 0x00, 0xd5, 0xb8, 0x1b,
-    0x88, 0x33, 0x3e, 0x2f, 0xda, 0xeb, 0xaa, 0xf7, 0x1a, 0x75, 0xc2, 0xae,
-    0x3a, 0x54, 0xde, 0x37, 0x8f, 0x10, 0xd2, 0x28, 0xe6, 0x84, 0x79, 0x4d,
-    0x15, 0xb4, 0xf3, 0xbd, 0x3f, 0x56, 0xd3, 0x3c, 0x3f, 0x18, 0xab, 0xfc,
-    0x2e, 0x05, 0xc0, 0x1e, 0x08, 0x31, 0xb6, 0x61, 0xd0, 0xfd, 0x9f, 0x4f,
-    0x3f, 0x64, 0x0d, 0x17, 0x93, 0xbc, 0xad, 0x41, 0xc7, 0x48, 0xbe, 0x00,
-    0x27, 0xa8, 0x4d, 0x70, 0x42, 0x92, 0x05, 0x54, 0xa6, 0x6d, 0xb8, 0xde,
-    0x56, 0x6e, 0x20, 0x49, 0x70, 0xee, 0x10, 0x3e, 0x6b, 0xd2, 0x7c, 0x31,
-    0xbd, 0x1b, 0x6e, 0xa4, 0x3c, 0x46, 0x62, 0x9f, 0x08, 0x66, 0x93, 0xf9,
-    0x2a, 0x51, 0x31, 0xa8, 0xdb, 0xb5, 0x9d, 0xb9, 0x0f, 0x73, 0xe8, 0xa0,
-    0x09, 0x32, 0x01, 0xe9, 0x7b, 0x2a, 0x8a, 0x36, 0xa0, 0xcf, 0x17, 0xb0,
-    0x50, 0x70, 0x9d, 0xa2, 0xf9, 0xa4, 0x6f, 0x62, 0x4d, 0xb6, 0xc9, 0x31,
-    0xfc, 0xf3, 0x08, 0x12, 0xff, 0x93, 0xbd, 0x62, 0x31, 0xd8, 0x1c, 0xea,
-    0x1a, 0x9e, 0xf5, 0x81, 0x28, 0x7f, 0x75, 0x5e, 0xd2, 0x27, 0x7a, 0xc2,
-    0x96, 0xf5, 0x9d, 0xdb, 0x18, 0xfc, 0x76, 0xdc, 0x46, 0xf0, 0x57, 0xc0,
-    0x58, 0x34, 0xc8, 0x22, 0x2d, 0x2a, 0x65, 0x75, 0xa7, 0xd9, 0x08, 0x62,
-    0xcd, 0x02, 0x03, 0x01, 0x00, 0x01};
-
-const int kWebstoreSignaturesPublicKeySize =
-    arraysize(kWebstoreSignaturesPublicKey);
-
 #if defined(OS_CHROMEOS)
 bool IsImeMenuExtensionId(const std::string& extension_id) {
   const char* const kImeMenuExtensionIds[] = {

chrome/common/extensions/extension_constants.h

@@ -246,10 +246,6 @@ extern const char kAppStateReadyToRun[];
 // The path part of the file system url used for media file systems.
 extern const char kMediaFileSystemPathPart[];
 
-// The key used for signing some pieces of data from the webstore.
-extern const uint8_t kWebstoreSignaturesPublicKey[];
-extern const int kWebstoreSignaturesPublicKeySize;
-
 #if defined(OS_CHROMEOS)
 // Returns true if |extension_id| is one of the IME extensions that will create
 // IME menu.

extensions/browser/BUILD.gn

@@ -373,6 +373,7 @@ source_set("unit_tests") {
     "api/web_request/web_request_time_tracker_unittest.cc",
     "app_window/app_window_geometry_cache_unittest.cc",
     "computed_hashes_unittest.cc",
+    "content_hash_fetcher_unittest.cc",
     "content_hash_tree_unittest.cc",
     "error_map_unittest.cc",
     "event_listener_map_unittest.cc",

extensions/browser/content_hash_fetcher.cc

@@ -7,6 +7,8 @@
 #include <stddef.h>
 
 #include <algorithm>
+#include <memory>
+#include <vector>
 
 #include "base/base64.h"
 #include "base/files/file_enumerator.h"
@@ -19,9 +21,7 @@
 #include "base/task_runner_util.h"
 #include "base/timer/elapsed_timer.h"
 #include "base/version.h"
-#include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/storage_partition.h"
 #include "crypto/sha2.h"
 #include "extensions/browser/computed_hashes.h"
 #include "extensions/browser/content_hash_tree.h"
@@ -258,8 +258,9 @@ void ContentHashFetcherJob::DoneCheckingForVerifiedContents(bool found) {
 static int WriteFileHelper(const base::FilePath& path,
                            std::unique_ptr<std::string> content) {
   base::FilePath dir = path.DirName();
-  return (base::CreateDirectoryAndGetError(dir, NULL) &&
-          base::WriteFile(path, content->data(), content->size()));
+  if (!base::CreateDirectoryAndGetError(dir, nullptr))
+    return -1;
+  return base::WriteFile(path, content->data(), content->size());
 }
 
 void ContentHashFetcherJob::OnURLFetchComplete(const net::URLFetcher* source) {
@@ -352,9 +353,10 @@ bool ContentHashFetcherJob::CreateHashes(const base::FilePath& hashes_file) {
     base::FilePath verified_contents_path =
         file_util::GetVerifiedContentsPath(extension_path_);
     verified_contents_.reset(new VerifiedContents(key_.data, key_.size));
-    if (!verified_contents_->InitFrom(verified_contents_path, false))
+    if (!verified_contents_->InitFrom(verified_contents_path, false)) {
+      verified_contents_.reset();
       return false;
-    verified_contents_.reset();
+    }
   }
 
   base::FileEnumerator enumerator(extension_path_,
@@ -423,14 +425,14 @@ void ContentHashFetcherJob::DispatchCallback() {
 
 // ----
 
-ContentHashFetcher::ContentHashFetcher(content::BrowserContext* context,
-                                       ContentVerifierDelegate* delegate,
-                                       const FetchCallback& callback)
-    : context_(context),
+ContentHashFetcher::ContentHashFetcher(
+    net::URLRequestContextGetter* context_getter,
+    ContentVerifierDelegate* delegate,
+    const FetchCallback& callback)
+    : context_getter_(context_getter),
       delegate_(delegate),
       fetch_callback_(callback),
-      weak_ptr_factory_(this) {
-}
+      weak_ptr_factory_(this) {}
 
 ContentHashFetcher::~ContentHashFetcher() {
   for (JobMap::iterator i = jobs_.begin(); i != jobs_.end(); ++i) {
@@ -462,13 +464,11 @@ void ContentHashFetcher::DoFetch(const Extension* extension, bool force) {
   DCHECK(extension->version());
   GURL url =
       delegate_->GetSignatureFetchUrl(extension->id(), *extension->version());
-  ContentHashFetcherJob* job = new ContentHashFetcherJob(
-      content::BrowserContext::GetDefaultStoragePartition(context_)->
-          GetURLRequestContext(),
-      delegate_->GetPublicKey(), extension->id(),
-      extension->path(), url, force,
-      base::Bind(&ContentHashFetcher::JobFinished,
-                 weak_ptr_factory_.GetWeakPtr()));
+  ContentHashFetcherJob* job =
+      new ContentHashFetcherJob(context_getter_, delegate_->GetPublicKey(),
+                                extension->id(), extension->path(), url, force,
+                                base::Bind(&ContentHashFetcher::JobFinished,
+                                           weak_ptr_factory_.GetWeakPtr()));
   jobs_.insert(std::make_pair(key, job));
   job->Start();
 }

extensions/browser/content_hash_fetcher.h

@@ -8,6 +8,7 @@
 #include <map>
 #include <set>
 #include <string>
+#include <utility>
 
 #include "base/callback.h"
 #include "base/files/file_path.h"
@@ -15,8 +16,8 @@
 #include "base/memory/weak_ptr.h"
 #include "extensions/common/extension_id.h"
 
-namespace content {
-class BrowserContext;
+namespace net {
+class URLRequestContextGetter;
 }
 
 namespace extensions {
@@ -45,7 +46,7 @@ class ContentHashFetcher {
 
   // The consumer of this class needs to ensure that context and delegate
   // outlive this object.
-  ContentHashFetcher(content::BrowserContext* context,
+  ContentHashFetcher(net::URLRequestContextGetter* context_getter,
                      ContentVerifierDelegate* delegate,
                      const FetchCallback& callback);
   virtual ~ContentHashFetcher();
@@ -63,7 +64,7 @@ class ContentHashFetcher {
   // Callback for when a job getting content hashes has completed.
   void JobFinished(ContentHashFetcherJob* job);
 
-  content::BrowserContext* context_;
+  net::URLRequestContextGetter* context_getter_;
   ContentVerifierDelegate* delegate_;
   FetchCallback fetch_callback_;
 

extensions/browser/content_hash_fetcher_unittest.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+
+#include "base/callback.h"
+#include "base/callback_helpers.h"
+#include "base/files/file_path.h"
+#include "base/files/file_util.h"
+#include "base/files/scoped_temp_dir.h"
+#include "base/memory/ptr_util.h"
+#include "base/memory/weak_ptr.h"
+#include "base/path_service.h"
+#include "base/run_loop.h"
+#include "base/strings/stringprintf.h"
+#include "base/version.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/test/test_browser_thread_bundle.h"
+#include "extensions/browser/content_hash_fetcher.h"
+#include "extensions/browser/content_verifier_delegate.h"
+#include "extensions/browser/extensions_test.h"
+#include "extensions/common/constants.h"
+#include "extensions/common/extension_paths.h"
+#include "extensions/common/file_util.h"
+#include "net/url_request/test_url_request_interceptor.h"
+#include "net/url_request/url_request_interceptor.h"
+#include "net/url_request/url_request_test_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "third_party/zlib/google/zip.h"
+
+namespace extensions {
+
+// Used to hold the result of a callback from the ContentHashFetcher.
+struct ContentHashFetcherResult {
+  std::string extension_id;
+  bool success;
+  bool force;
+  std::set<base::FilePath> mismatch_paths;
+};
+
+// Allows waiting for the callback from a ContentHashFetcher, returning the
+// data that was passed to that callback.
+class ContentHashFetcherWaiter {
+ public:
+  ContentHashFetcherWaiter() : weak_factory_(this) {}
+
+  ContentHashFetcher::FetchCallback GetCallback() {
+    return base::Bind(&ContentHashFetcherWaiter::Callback,
+                      weak_factory_.GetWeakPtr());
+  }
+
+  std::unique_ptr<ContentHashFetcherResult> WaitForCallback() {
+    if (!result_) {
+      base::RunLoop run_loop;
+      run_loop_quit_ = run_loop.QuitClosure();
+      run_loop.Run();
+    }
+    return std::move(result_);
+  }
+
+ private:
+  // Matches signature of ContentHashFetcher::FetchCallback.
+  void Callback(const std::string& extension_id,
+                bool success,
+                bool force,
+                const std::set<base::FilePath>& mismatch_paths) {
+    result_ = base::MakeUnique<ContentHashFetcherResult>();
+    result_->extension_id = extension_id;
+    result_->success = success;
+    result_->force = force;
+    result_->mismatch_paths = mismatch_paths;
+    if (run_loop_quit_)
+      base::ResetAndReturn(&run_loop_quit_).Run();
+  }
+
+  base::Closure run_loop_quit_;
+  std::unique_ptr<ContentHashFetcherResult> result_;
+  base::WeakPtrFactory<ContentHashFetcherWaiter> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(ContentHashFetcherWaiter);
+};
+
+// Used in setting up the behavior of our ContentHashFetcher.
+class MockDelegate : public ContentVerifierDelegate {
+ public:
+  ContentVerifierDelegate::Mode ShouldBeVerified(
+      const Extension& extension) override {
+    return ContentVerifierDelegate::ENFORCE_STRICT;
+  }
+
+  ContentVerifierKey GetPublicKey() override {
+    return ContentVerifierKey(kWebstoreSignaturesPublicKey,
+                              kWebstoreSignaturesPublicKeySize);
+  }
+
+  GURL GetSignatureFetchUrl(const std::string& extension_id,
+                            const base::Version& version) override {
+    std::string url =
+        base::StringPrintf("http://localhost/getsignature?id=%s&version=%s",
+                           extension_id.c_str(), version.GetString().c_str());
+    return GURL(url);
+  }
+
+  std::set<base::FilePath> GetBrowserImagePaths(
+      const extensions::Extension* extension) override {
+    ADD_FAILURE() << "Unexpected call for this test";
+    return std::set<base::FilePath>();
+  }
+
+  void VerifyFailed(const std::string& extension_id,
+                    ContentVerifyJob::FailureReason reason) override {
+    ADD_FAILURE() << "Unexpected call for this test";
+  }
+};
+
+class ContentHashFetcherTest : public ExtensionsTest {
+ public:
+  ContentHashFetcherTest() {}
+  ~ContentHashFetcherTest() override {}
+
+  void SetUp() override {
+    ExtensionsTest::SetUp();
+    // We need a real IO thread to be able to intercept the network request
+    // for the missing verified_contents.json file.
+    browser_threads_.reset(new content::TestBrowserThreadBundle(
+        content::TestBrowserThreadBundle::REAL_IO_THREAD));
+    request_context_ = new net::TestURLRequestContextGetter(
+        content::BrowserThread::GetTaskRunnerForThread(
+            content::BrowserThread::IO));
+  }
+
+  net::URLRequestContextGetter* request_context() {
+    return request_context_.get();
+  }
+
+  // Helper to get files from our subdirectory in the general extensions test
+  // data dir.
+  base::FilePath GetTestPath(const base::FilePath& relative_path) {
+    base::FilePath base_path;
+    EXPECT_TRUE(PathService::Get(extensions::DIR_TEST_DATA, &base_path));
+    base_path = base_path.AppendASCII("content_hash_fetcher");
+    return base_path.Append(relative_path);
+  }
+
+  // Unzips the extension source from |extension_zip| into a temporary
+  // directory and loads it, returning the resuling Extension object.
+  scoped_refptr<Extension> UnzipToTempDirAndLoad(
+      const base::FilePath& extension_zip) {
+    EXPECT_TRUE(temp_dir_.CreateUniqueTempDir());
+    base::FilePath destination = temp_dir_.path();
+    EXPECT_TRUE(zip::Unzip(extension_zip, destination));
+
+    std::string error;
+    scoped_refptr<Extension> extension = file_util::LoadExtension(
+        destination, Manifest::INTERNAL, 0 /* flags */, &error);
+    EXPECT_NE(nullptr, extension.get()) << " error:'" << error << "'";
+    return extension;
+  }
+
+  // Registers interception of requests for |url| to respond with the contents
+  // of the file at |response_path|.
+  void RegisterInterception(const GURL& url,
+                            const base::FilePath& response_path) {
+    interceptor_ = base::MakeUnique<net::TestURLRequestInterceptor>(
+        url.scheme(), url.host(),
+        content::BrowserThread::GetTaskRunnerForThread(
+            content::BrowserThread::IO),
+        content::BrowserThread::GetBlockingPool());
+    interceptor_->SetResponse(url, response_path);
+  }
+
+ protected:
+  std::unique_ptr<content::TestBrowserThreadBundle> browser_threads_;
+  std::unique_ptr<net::TestURLRequestInterceptor> interceptor_;
+  scoped_refptr<net::TestURLRequestContextGetter> request_context_;
+  base::ScopedTempDir temp_dir_;
+};
+
+// This tests our ability to successfully fetch, parse, and validate a missing
+// verified_contents.json file for an extension.
+TEST_F(ContentHashFetcherTest, MissingVerifiedContents) {
+  // We unzip the extension source to a temp directory to simulate it being
+  // installed there, because the ContentHashFetcher will create the _metadata/
+  // directory within the extension install dir and write the fetched
+  // verified_contents.json file there.
+  base::FilePath test_dir_base = GetTestPath(
+      base::FilePath(FILE_PATH_LITERAL("missing_verified_contents")));
+  scoped_refptr<Extension> extension =
+      UnzipToTempDirAndLoad(test_dir_base.AppendASCII("source.zip"));
+
+  // Make sure there isn't already a verified_contents.json file there.
+  EXPECT_FALSE(
+      base::PathExists(file_util::GetVerifiedContentsPath(extension->path())));
+
+  MockDelegate delegate;
+  ContentHashFetcherWaiter waiter;
+  GURL fetch_url =
+      delegate.GetSignatureFetchUrl(extension->id(), *extension->version());
+
+  RegisterInterception(fetch_url,
+                       test_dir_base.AppendASCII("verified_contents.json"));
+
+  ContentHashFetcher fetcher(request_context(), &delegate,
+                             waiter.GetCallback());
+  fetcher.DoFetch(extension.get(), true /* force */);
+
+  // Make sure the fetch was successful.
+  std::unique_ptr<ContentHashFetcherResult> result = waiter.WaitForCallback();
+  ASSERT_TRUE(result.get());
+  EXPECT_TRUE(result->success);
+  EXPECT_TRUE(result->force);
+  EXPECT_TRUE(result->mismatch_paths.empty());
+
+  // Make sure the verified_contents.json file was written into the extension's
+  // install dir.
+  EXPECT_TRUE(
+      base::PathExists(file_util::GetVerifiedContentsPath(extension->path())));
+}
+
+// Similar to MissingVerifiedContents, but tests the case where the extension
+// actually has corruption.
+TEST_F(ContentHashFetcherTest, MissingVerifiedContentsAndCorrupt) {
+  base::FilePath test_dir_base =
+      GetTestPath(base::FilePath()).AppendASCII("missing_verified_contents");
+  scoped_refptr<Extension> extension =
+      UnzipToTempDirAndLoad(test_dir_base.AppendASCII("source.zip"));
+
+  // Tamper with a file in the extension.
+  base::FilePath script_path = extension->path().AppendASCII("script.js");
+  std::string addition = "//hello world";
+  ASSERT_TRUE(
+      base::AppendToFile(script_path, addition.c_str(), addition.size()));
+  MockDelegate delegate;
+  ContentHashFetcherWaiter waiter;
+  GURL fetch_url =
+      delegate.GetSignatureFetchUrl(extension->id(), *extension->version());
+
+  RegisterInterception(fetch_url,
+                       test_dir_base.AppendASCII("verified_contents.json"));
+
+  ContentHashFetcher fetcher(request_context(), &delegate,
+                             waiter.GetCallback());
+  fetcher.DoFetch(extension.get(), true /* force */);
+
+  // Make sure the fetch was *not* successful.
+  std::unique_ptr<ContentHashFetcherResult> result = waiter.WaitForCallback();
+  ASSERT_NE(nullptr, result.get());
+  EXPECT_TRUE(result->success);
+  EXPECT_TRUE(result->force);
+  EXPECT_TRUE(
+      base::ContainsKey(result->mismatch_paths, script_path.BaseName()));
+
+  // Make sure the verified_contents.json file was written into the extension's
+  // install dir.
+  EXPECT_TRUE(
+      base::PathExists(file_util::GetVerifiedContentsPath(extension->path())));
+}
+
+}  // namespace extensions

extensions/browser/content_verifier.cc

@@ -6,11 +6,14 @@
 
 #include <algorithm>
 #include <utility>
+#include <vector>
 
 #include "base/files/file_path.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
+#include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/storage_partition.h"
 #include "extensions/browser/content_hash_fetcher.h"
 #include "extensions/browser/content_hash_reader.h"
 #include "extensions/browser/content_verifier_delegate.h"
@@ -63,12 +66,12 @@ ContentVerifier::ContentVerifier(content::BrowserContext* context,
       context_(context),
       delegate_(delegate),
       fetcher_(new ContentHashFetcher(
-          context,
+          content::BrowserContext::GetDefaultStoragePartition(context)
+              ->GetURLRequestContext(),
           delegate,
           base::Bind(&ContentVerifier::OnFetchComplete, this))),
       observer_(this),
-      io_data_(new ContentVerifierIOData) {
-}
+      io_data_(new ContentVerifierIOData) {}
 
 ContentVerifier::~ContentVerifier() {
 }

extensions/common/constants.cc

@@ -54,6 +54,36 @@ const char kStateStoreName[] = "Extension State";
 const char kRulesStoreName[] = "Extension Rules";
 const char kWebStoreAppId[] = "ahfgeienlihckogmohjhadlkjgocpleb";
 
+const uint8_t kWebstoreSignaturesPublicKey[] = {
+    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x8f, 0xfb, 0xbf,
+    0x5c, 0x37, 0x63, 0x94, 0x3c, 0xb0, 0xee, 0x01, 0xc4, 0xb5, 0xa6, 0x9a,
+    0xb1, 0x9f, 0x46, 0x74, 0x6f, 0x16, 0x38, 0xa0, 0x32, 0x27, 0x35, 0xdd,
+    0xf0, 0x71, 0x6b, 0x0e, 0xdc, 0xf6, 0x25, 0xcb, 0xb2, 0xed, 0xea, 0xfb,
+    0x32, 0xd5, 0xaf, 0x1e, 0x03, 0x43, 0x03, 0x46, 0xf0, 0xa7, 0x39, 0xdb,
+    0x23, 0x96, 0x1d, 0x65, 0xe5, 0x78, 0x51, 0xf0, 0x84, 0xb0, 0x0e, 0x12,
+    0xac, 0x0e, 0x5b, 0xdc, 0xc9, 0xd6, 0x4c, 0x7c, 0x00, 0xd5, 0xb8, 0x1b,
+    0x88, 0x33, 0x3e, 0x2f, 0xda, 0xeb, 0xaa, 0xf7, 0x1a, 0x75, 0xc2, 0xae,
+    0x3a, 0x54, 0xde, 0x37, 0x8f, 0x10, 0xd2, 0x28, 0xe6, 0x84, 0x79, 0x4d,
+    0x15, 0xb4, 0xf3, 0xbd, 0x3f, 0x56, 0xd3, 0x3c, 0x3f, 0x18, 0xab, 0xfc,
+    0x2e, 0x05, 0xc0, 0x1e, 0x08, 0x31, 0xb6, 0x61, 0xd0, 0xfd, 0x9f, 0x4f,
+    0x3f, 0x64, 0x0d, 0x17, 0x93, 0xbc, 0xad, 0x41, 0xc7, 0x48, 0xbe, 0x00,
+    0x27, 0xa8, 0x4d, 0x70, 0x42, 0x92, 0x05, 0x54, 0xa6, 0x6d, 0xb8, 0xde,
+    0x56, 0x6e, 0x20, 0x49, 0x70, 0xee, 0x10, 0x3e, 0x6b, 0xd2, 0x7c, 0x31,
+    0xbd, 0x1b, 0x6e, 0xa4, 0x3c, 0x46, 0x62, 0x9f, 0x08, 0x66, 0x93, 0xf9,
+    0x2a, 0x51, 0x31, 0xa8, 0xdb, 0xb5, 0x9d, 0xb9, 0x0f, 0x73, 0xe8, 0xa0,
+    0x09, 0x32, 0x01, 0xe9, 0x7b, 0x2a, 0x8a, 0x36, 0xa0, 0xcf, 0x17, 0xb0,
+    0x50, 0x70, 0x9d, 0xa2, 0xf9, 0xa4, 0x6f, 0x62, 0x4d, 0xb6, 0xc9, 0x31,
+    0xfc, 0xf3, 0x08, 0x12, 0xff, 0x93, 0xbd, 0x62, 0x31, 0xd8, 0x1c, 0xea,
+    0x1a, 0x9e, 0xf5, 0x81, 0x28, 0x7f, 0x75, 0x5e, 0xd2, 0x27, 0x7a, 0xc2,
+    0x96, 0xf5, 0x9d, 0xdb, 0x18, 0xfc, 0x76, 0xdc, 0x46, 0xf0, 0x57, 0xc0,
+    0x58, 0x34, 0xc8, 0x22, 0x2d, 0x2a, 0x65, 0x75, 0xa7, 0xd9, 0x08, 0x62,
+    0xcd, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+const int kWebstoreSignaturesPublicKeySize =
+    arraysize(kWebstoreSignaturesPublicKey);
+
 const char kMimeTypeJpeg[] = "image/jpeg";
 const char kMimeTypePng[] = "image/png";
 

extensions/common/constants.h

@@ -107,6 +107,10 @@ extern const char kMimeTypePng[];
 // The extension id of the Web Store component application.
 extern const char kWebStoreAppId[];
 
+// The key used for signing some pieces of data from the webstore.
+extern const uint8_t kWebstoreSignaturesPublicKey[];
+extern const int kWebstoreSignaturesPublicKeySize;
+
 // Enumeration of possible app launch sources.
 // Note the enumeration is used in UMA histogram so entries
 // should not be re-ordered or removed.

extensions/test/data/content_hash_fetcher/missing_verified_contents/README.txt

+The files in this directory came from downloading a test extension from the
+webstore* that had properly signed verified_contents.json file, taking the
+regular extension files (manifest and content script) from the .crx and putting
+them into a source.zip file, and pulling out the
+_metadata/verified_contents.json file to be standalone in this directory.
+
+
+* https://chrome.google.com/webstore/detail/jmllhlobpjcnnomjlipadejplhmheiif

extensions/test/data/content_hash_fetcher/missing_verified_contents/verified_contents.json

+[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7ImNhbm9uaWNhbF9qc29uX3Jvb3RfaGFzaCI6IllyZkpZUl94ZjNTa0RZNW1JZWJRdmU0VHlpSUtOR3drbm84clB4dG5fR0UiLCJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6InppS0Z6dUpsd1dTZ0hwdS0zWGJNb2FrX3ZLdGV6X19VdklFOUx6b1h0N00ifSx7InBhdGgiOiJzY3JpcHQuanMiLCJyb290X2hhc2giOiI1WHFkOHJld3hmU0sweFJRb0pIRmZXZ1owV1JfMW1HY2hkSE04azJpWmJRIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiam1sbGhsb2JwamNubm9tamxpcGFkZWpwbGhtaGVpaWYiLCJpdGVtX3ZlcnNpb24iOiIwLjgiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"wk06r54DG_zobXdASPU6xggGPyekrkvwssRS76_LaHvNBIjthLtUZ3zoTmAsb4aELj-5n5Nk4rT1_wpDvkOKoKCeBHNx_yiP9kTuPW_c7D_9BKrCrj5-gRL-YanX18b4G4uHCbpfKoCyVgUUU0spr21Fa-kkf8IqSSrzYfJHRnYAhFKI5NTX-EhRWvwFOI5V8U2332q1VCKMxfuUjNFbVTrI2eQ9LrvSjvtXTygTCC4MDlKlsFThoPXK_H_eZDLjfV45FGtuXlK8yd8hixXXm_nTLSb5UL_Ul-g95bONg5ywXSWsFMoXC1r80dsecZXdPxxi3ELLyMZlp4EwgGQcgA"},{"header":{"kid":"webstore"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"WUvXcOJ0_evMh-g4wdSlsNJl_TRISiKGbyb2G7yXwKcHo-HXdk4bfnZyu9dI_ao4qBLJH3DAcRJDEj-UvTn_J1Ctpwv6p4yWc2OlVG6hyI5zQtA2DgNTsBPAXcUNG1Z4crE0nNJeyXZjjNb3RpjJViKaaqlkUkkqPpUwAgeGIRgn9d0tFVEpFACLqtprEahO4EgjXkLgT5r2oVqgQrItbvtVv23Kb8eaK7ZX97pVhsicNfKiNGtJL4yk1UdOVUxGr_4zBp0CaGWfCqkC3ZApdI2RQy_CyaOYlviLQ35TxQ8JGO6k9Tb0IxxRVjF_in8qhYt6R0ATjTnzEBUEscDLGg"}]}}]
\ No newline at end of file