[EG] Update the EG updater to allow sideloading

Add h5vcc API options to skip checking if package signature matches our
key and to set a custom URL to check for package updates.

Implement the above features into the updater for non-gold builds only.

b/325626249

Change-Id: I594d04207d242dfbf69c7b6f734174ccb03a43cd

chrome/updater/configurator.cc

@@ -109,6 +109,11 @@ int Configurator::UpdateDelay() const {
 }
 
 std::vector<GURL> Configurator::UpdateUrl() const {
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+  if (allow_self_signed_builds_ && !custom_update_server_.empty()) {
+    return std::vector<GURL>{GURL(custom_update_server_)};
+  }
+#endif // !defined(COBALT_BUILD_TYPE_GOLD)
   if (base::CommandLine::ForCurrentProcess()->HasSwitch(
           browser::switches::kUseQAUpdateServer)) {
     return std::vector<GURL>{GURL(kUpdaterJSONDefaultUrlQA)};
@@ -344,5 +349,24 @@ void Configurator::SetUseCompressedUpdates(bool use_compressed_updates) {
   use_compressed_updates_.store(use_compressed_updates);
 }
 
+bool Configurator::GetAllowSelfSignedBuilds() const {
+  return allow_self_signed_builds_.load();
+}
+
+void Configurator::SetAllowSelfSignedBuilds(bool allow_self_signed_builds) {
+  allow_self_signed_builds_.store(allow_self_signed_builds);
+}
+
+std::string Configurator::GetCustomUpdateServer() const {
+  base::AutoLock auto_lock(const_cast<base::Lock&>(custom_update_server_lock_));
+  return custom_update_server_;
+}
+
+void Configurator::SetCustomUpdateServer(const std::string& custom_update_server) {
+  LOG(INFO) << "Configurator::SetCustomUpdateServer custom_update_server=" << custom_update_server;
+  base::AutoLock auto_lock(custom_update_server_lock_);
+  custom_update_server_ = custom_update_server;
+}
+
 }  // namespace updater
 }  // namespace cobalt

chrome/updater/configurator.h

@@ -95,6 +95,12 @@ class Configurator : public update_client::Configurator {
   static std::string GetAppGuidHelper(const std::string& updater_channel,
                                       const std::string& version);
 
+  bool GetAllowSelfSignedBuilds() const override;
+  void SetAllowSelfSignedBuilds(bool allow_self_signed_builds) override;
+
+  std::string GetCustomUpdateServer() const override;
+  void SetCustomUpdateServer(const std::string& custom_update_server) override;
+
  private:
   friend class base::RefCountedThreadSafe<Configurator>;
   ~Configurator() override;
@@ -115,6 +121,9 @@ class Configurator : public update_client::Configurator {
   uint64_t min_free_space_bytes_ = 48 * 1024 * 1024;
   base::Lock min_free_space_bytes_lock_;
   std::atomic_bool use_compressed_updates_;
+  std::atomic_bool allow_self_signed_builds_;
+  std::string custom_update_server_;
+  base::Lock custom_update_server_lock_;
 
   DISALLOW_COPY_AND_ASSIGN(Configurator);
 };

chrome/updater/updater_module.cc

@@ -266,10 +266,17 @@ void UpdaterModule::Update() {
     return;
   }
 
+#if defined(COBALT_BUILD_TYPE_GOLD)
+  bool skipVerifyPublicKeyHash = false;
+#else  // defined(COBALT_BUILD_TYPE_GOLD)
+  bool skipVerifyPublicKeyHash = GetAllowSelfSignedBuilds();
+#endif // defined(COBALT_BUILD_TYPE_GOLD)
+
   update_client_->Update(
       app_ids,
       base::BindOnce(
           [](base::Version manifest_version,
+             bool skipVerifyPublicKeyHash,
              const std::vector<std::string>& ids)
               -> std::vector<base::Optional<update_client::CrxComponent>> {
             update_client::CrxComponent component;
@@ -278,11 +285,16 @@ void UpdaterModule::Update() {
             component.version = manifest_version;
             component.pk_hash.assign(std::begin(kCobaltPublicKeyHash),
                                      std::end(kCobaltPublicKeyHash));
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+            if (skipVerifyPublicKeyHash) {
+              component.pk_hash.clear();
+            }
+#endif // !defined(COBALT_BUILD_TYPE_GOLD)
             component.requires_network_encryption = true;
             component.crx_format_requirement = crx_file::VerifierFormat::CRX3;
             return {component};
           },
-          manifest_version),
+          manifest_version, skipVerifyPublicKeyHash),
       false,
       base::BindOnce(
           [](base::OnceClosure closure, update_client::Error error) {
@@ -432,6 +444,55 @@ void UpdaterModule::SetUseCompressedUpdates(bool use_compressed_updates) {
   config->SetUseCompressedUpdates(use_compressed_updates);
 }
 
+bool UpdaterModule::GetAllowSelfSignedBuilds() const {
+  LOG(INFO) << "UpdaterModule::GetAllowSelfSignedBuilds";
+  auto config = updater_configurator_;
+  if (!config) {
+    LOG(ERROR) << "UpdaterModule::GetAllowSelfSignedBuilds: missing configurator";
+    return false;
+  }
+
+  bool allow_self_signed_builds = config->GetAllowSelfSignedBuilds();
+  LOG(INFO) << "UpdaterModule::GetAllowSelfSignedBuilds allow_self_signed_builds="
+            << allow_self_signed_builds;
+  return allow_self_signed_builds;
+}
+
+void UpdaterModule::SetAllowSelfSignedBuilds(bool allow_self_signed_builds) {
+  LOG(INFO) << "UpdaterModule::SetAllowSelfSignedBuilds";
+  auto config = updater_configurator_;
+  if (!config) {
+    LOG(ERROR) << "UpdaterModule::SetAllowSelfSignedBuilds: missing configurator";
+    return;
+  }
+
+  config->SetAllowSelfSignedBuilds(allow_self_signed_builds);
+}
+
+std::string UpdaterModule::GetCustomUpdateServer() const {
+  LOG(INFO) << "UpdaterModule::GetCustomUpdateServer";
+  auto config = updater_configurator_;
+  if (!config) {
+    LOG(ERROR) << "UpdaterModule::GetCustomUpdateServer: missing configurator";
+    return "";
+  }
+
+  std::string custom_update_server = config->GetCustomUpdateServer();
+  LOG(INFO) << "UpdaterModule::GetCustomUpdateServer custom_update_server="
+            << custom_update_server;
+  return custom_update_server;
+}
+
+void UpdaterModule::SetCustomUpdateServer(const std::string& custom_update_server) {
+  LOG(INFO) << "UpdaterModule::SetCustomUpdateServer";
+  auto config = updater_configurator_;
+  if(!config) {
+    LOG(ERROR) << "UpdaterModule::SetCustomUpdateServer: missing configurator";
+    return;
+  }
+
+  config->SetCustomUpdateServer(custom_update_server);
+}
 
 }  // namespace updater
 }  // namespace cobalt

chrome/updater/updater_module.h

@@ -156,6 +156,12 @@ class UpdaterModule {
   bool GetUseCompressedUpdates() const;
   void SetUseCompressedUpdates(bool use_compressed_updates);
 
+  bool GetAllowSelfSignedBuilds() const;
+  void SetAllowSelfSignedBuilds(bool allow_self_signed_builds);
+
+  std::string GetCustomUpdateServer() const;
+  void SetCustomUpdateServer(const std::string& custom_update_server);
+
   void MarkSuccessful();
 
  private:

cobalt/h5vcc/h5vcc_updater.cc

@@ -91,6 +91,37 @@ void H5vccUpdater::SetUseCompressedUpdates(bool use_compressed_updates) {
   return updater_module_->SetUseCompressedUpdates(use_compressed_updates);
 }
 
+void H5vccUpdater::SetAllowSelfSignedBuilds(bool allow_self_signed_builds) {
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+  if (updater_module_) {
+    updater_module_->SetAllowSelfSignedBuilds(allow_self_signed_builds);
+  }
+#endif  // !defined(COBALT_BUILD_TYPE_GOLD)
+}
+
+bool H5vccUpdater::GetAllowSelfSignedBuilds() {
+  if (updater_module_) {
+    return updater_module_->GetAllowSelfSignedBuilds();
+  }
+
+  return false;
+}
+
+void H5vccUpdater::SetUpdateServerUrl(const std::string& update_server_url) {
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+  if (updater_module_) {
+    updater_module_->SetCustomUpdateServer(update_server_url);
+  }
+#endif  // !defined(COBALT_BUILD_TYPE_GOLD)
+}
+
+std::string H5vccUpdater::GetUpdateServerUrl() const {
+  if (updater_module_) {
+    return updater_module_->GetCustomUpdateServer();
+  }
+
+  return "";
+}
 #endif  // SB_IS(EVERGREEN)
 }  // namespace h5vcc
 }  // namespace cobalt

cobalt/h5vcc/h5vcc_updater.h

@@ -51,6 +51,12 @@ class H5vccUpdater : public script::Wrappable {
   bool GetUseCompressedUpdates() const;
   void SetUseCompressedUpdates(bool use_compressed_updates);
 
+  void SetAllowSelfSignedBuilds(bool allow_self_signed_builds);
+  bool GetAllowSelfSignedBuilds();
+
+  void SetUpdateServerUrl(const std::string& update_server_url);
+  std::string GetUpdateServerUrl() const;
+
 #else
   H5vccUpdater() {}
 #endif

cobalt/h5vcc/h5vcc_updater.idl

@@ -35,4 +35,13 @@ interface H5vccUpdater {
   // used for testing.
   void setUseCompressedUpdates(boolean use_compressed_updates);
 
+  // Toggles the ability to load self-signed builds in the updater. This should
+  // only be used for testing and should not be available in production.
+  void setAllowSelfSignedBuilds(boolean allow_self_signed_builds);
+  boolean getAllowSelfSignedBuilds();
+
+  // Sets the URL the updater will use for updates. This should only be used for
+  // testing and should not be available in production.
+  void setUpdateServerUrl(DOMString update_server_url);
+  DOMString getUpdateServerUrl();
 };

components/update_client/configurator.h

@@ -185,6 +185,12 @@ class Configurator : public base::RefCountedThreadSafe<Configurator> {
 
   virtual bool GetUseCompressedUpdates() const = 0;
   virtual void SetUseCompressedUpdates(bool use_compressed_updates) = 0;
+
+  virtual bool GetAllowSelfSignedBuilds() const = 0;
+  virtual void SetAllowSelfSignedBuilds(bool allow_self_signed_builds) = 0;
+
+  virtual std::string GetCustomUpdateServer() const = 0;
+  virtual void SetCustomUpdateServer(const std::string& custom_update_server) = 0;
 #endif
 
  protected: