fix: unable to find crx key for translate extension

samuelmaddock · samuelmaddock · commit fbd96d1a05c0 · 2024-12-15T15:15:49.000-05:00
diff --git a/packages/electron-chrome-web-store/src/browser/crx3.ts b/packages/electron-chrome-web-store/src/browser/crx3.ts
@@ -47,7 +47,7 @@ function readAsymmetricKeyProofField(tag: any, obj: any, pbf: Pbf) {
   else if (tag === 2) obj.signature = pbf.readBytes()
 }
 
-export function readSignedData(pbf: Pbf, end: any) {
+export function readSignedData(pbf: Pbf, end?: any): { crx_id?: Buffer } {
   return pbf.readFields(readSignedDataField, { crx_id: undefined }, end)
 }
 function readSignedDataField(tag: any, obj: any, pbf: Pbf) {
diff --git a/packages/electron-chrome-web-store/src/browser/id.ts b/packages/electron-chrome-web-store/src/browser/id.ts
@@ -7,7 +7,7 @@ import { createHash } from 'node:crypto'
  *
  * @param id - The hexadecimal string to convert. This is modified in place.
  */
-function convertHexadecimalToIDAlphabet(id: string) {
+export function convertHexadecimalToIDAlphabet(id: string) {
   let result = ''
   for (const ch of id) {
     const val = parseInt(ch, 16)
diff --git a/packages/electron-chrome-web-store/src/browser/index.ts b/packages/electron-chrome-web-store/src/browser/index.ts
@@ -4,7 +4,7 @@ import * as path from 'path'
 import * as fs from 'fs'
 import { Readable } from 'stream'
 import { pipeline } from 'stream/promises'
-import { readCrxFileHeader } from './crx3'
+import { readCrxFileHeader, readSignedData } from './crx3'
 import Pbf from 'pbf'
 import {
   ExtensionInstallStatus,
@@ -13,6 +13,7 @@ import {
   WebGlStatus,
 } from '../common/constants'
 import { loadAllExtensions } from './loader'
+import { convertHexadecimalToIDAlphabet, generateId } from './id'
 export { loadAllExtensions } from './loader'
 
 const d = require('debug')('electron-chrome-web-store')
@@ -153,13 +154,27 @@ function parseCrx(buffer: Buffer): CrxInfo {
   } else {
     // For CRX3, extract public key from header
     // CRX3 header contains a protocol buffer message
-    const pbf = new Pbf(header)
-    const crxFileHeader = readCrxFileHeader(pbf)
-    publicKey = crxFileHeader.sha256_with_rsa[1]?.public_key
+    const crxFileHeader = readCrxFileHeader(new Pbf(header))
+    const crxSignedData = readSignedData(new Pbf(crxFileHeader.signed_header_data))
+    const declaredCrxId = crxSignedData.crx_id
+      ? convertHexadecimalToIDAlphabet(crxSignedData.crx_id.toString('hex'))
+      : null
+
+    if (!declaredCrxId) {
+      throw new Error('Invalid CRX signed data')
+    }
+
+    // Need to find store key proof which matches the declared ID
+    const keyProof = crxFileHeader.sha256_with_rsa.find((proof) => {
+      const crxId = proof.public_key ? generateId(proof.public_key.toString('base64')) : null
+      return crxId === declaredCrxId
+    })
 
-    if (!publicKey) {
-      throw new Error('Invalid CRX header')
+    if (!keyProof) {
+      throw new Error('Invalid CRX key')
     }
+
+    publicKey = keyProof.public_key
   }
 
   return {

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ function readAsymmetricKeyProofField(tag: any, obj: any, pbf: Pbf) {`
`47`	`47`	`else if (tag === 2) obj.signature = pbf.readBytes()`
`48`	`48`	`}`
`49`	`49`
`50`		`-export function readSignedData(pbf: Pbf, end: any) {`
	`50`	`+export function readSignedData(pbf: Pbf, end?: any): { crx_id?: Buffer } {`
`51`	`51`	`return pbf.readFields(readSignedDataField, { crx_id: undefined }, end)`
`52`	`52`	`}`
`53`	`53`	`function readSignedDataField(tag: any, obj: any, pbf: Pbf) {`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ import { createHash } from 'node:crypto'`
`7`	`7`	`*`
`8`	`8`	`* @param id - The hexadecimal string to convert. This is modified in place.`
`9`	`9`	`*/`
`10`		`-function convertHexadecimalToIDAlphabet(id: string) {`
	`10`	`+export function convertHexadecimalToIDAlphabet(id: string) {`
`11`	`11`	`let result = ''`
`12`	`12`	`for (const ch of id) {`
`13`	`13`	`const val = parseInt(ch, 16)`