Allow WebApk validation to be disabled.
(cherry picked from commit a8182dbf1a1ec23edbd9df0bfe3bf23d8f02eef8)
Bug: 968574
Change-Id: I96875044ddbad07269eae316102c3ed6cb266e70
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1651506
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Commit-Queue: Michael Thiessen <mthiesse@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#667964}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1664874
Reviewed-by: Michael Thiessen <mthiesse@chromium.org>
Cr-Commit-Position: refs/branch-heads/3809@{#417}
Cr-Branched-From: d82dec1a818f378c464ba307ddd9c92133eac355-refs/heads/master@{#665002}
diff --git a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
index 00370144..c74d78d 100644
--- a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
+++ b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
@@ -45,6 +45,7 @@
private static byte[] sExpectedSignature;
private static byte[] sCommentSignedPublicKeyBytes;
private static PublicKey sCommentSignedPublicKey;
+ private static boolean sDisableValidation;
private static boolean sOverrideValidationForTesting;
/**
@@ -188,7 +189,8 @@
* @return true iff the WebAPK is installed and passes security checks
*/
public static boolean isValidWebApk(Context context, String webappPackageName) {
- if (sExpectedSignature == null || sCommentSignedPublicKeyBytes == null) {
+ if ((sExpectedSignature == null || sCommentSignedPublicKeyBytes == null)
+ && !sDisableValidation) {
Log.wtf(TAG,
"WebApk validation failure - expected signature not set."
+ "missing call to WebApkValidator.initWithBrowserHostSignature");
@@ -208,7 +210,7 @@
if (isNotWebApkQuick(packageInfo)) {
return false;
}
- if (sOverrideValidationForTesting) {
+ if (sDisableValidation || sOverrideValidationForTesting) {
if (DEBUG) {
Log.d(TAG, "Ok! Looks like a WebApk (has start url) and validation is disabled.");
}
@@ -354,7 +356,7 @@
}
/**
- * Disables all verification performed by this class. This is meant only for development with
+ * Disables all validation performed by this class. This is meant only for development with
* unsigned WebApks and should never be enabled in a real build.
*/
public static void disableValidationForTesting() {
@@ -362,6 +364,14 @@
}
/**
+ * Disables all validation performed by this class. This should only be called when some other
+ * means of validating WebApks is already present and otherwise should never be called.
+ */
+ public static void disableValidationUnsafe() {
+ sDisableValidation = true;
+ }
+
+ /**
* Lazy evaluate the creation of the Public Key as the KeyFactories may not yet be initialized.
* @return The decoded PublicKey or null
*/