Skip to content

Instantly share code, notes, and snippets.

@ianchesal

ianchesal/gist:3316a7fd5466e01871e6

Created September 16, 2014 17:10
Show Gist options
  • Save ianchesal/3316a7fd5466e01871e6 to your computer and use it in GitHub Desktop.
Save ianchesal/3316a7fd5466e01871e6 to your computer and use it in GitHub Desktop.
Download ZIP
Debugging 1Password extension problem with browser signature verification
Raw
gistfile1.txt
○ → codesign -dvvv /Applications/Google\ Chrome.app
Executable=/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
Identifier=com.google.Chrome
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=186 flags=0x0(none) hashes=3+3 location=embedded
Hash type=sha1 size=20
CDHash=a8d3a44cc2a7957e8d9cd9c6f6eb9124a7e4a9fd
Signature size=8507
Authority=Developer ID Application: Google Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Sep 3, 2014, 6:30:20 PM
Info.plist entries=33
TeamIdentifier=not set
Sealed Resources version=1 rules=9 files=221
Internal requirements count=1 size=132
@roustem
Copy link

roustem commented Sep 16, 2014

The signature looks like great.

I am guessing that something might be preventing 1Password from obtaining the Google Chrome process identifier:

- (void)showFillDisabledAlert {
    log_at;

    NSString *browserName = _extensionProcess.localizedName ? : OPLocalizedString(@"Web Browser", @"Used to create 'Cannot Fill Item in Web Browser' message when browser name cannot be determined");
    NSString *title = [NSString stringWithFormat:OPLocalizedString(@"Cannot Fill Item in %@", @"Message title; %@ represents browser name"), browserName];
    NSString *message = [NSString stringWithFormat:OPLocalizedString(@"%@ is connected but its code signature could not be verified. Filling and other features are disabled until this configuration issue is resolved.", @"Message text; %@ represents browser name"), browserName];

1Password is using lsof to find the process connecting to its port.

Can you see any error messages in the Console?

@roustem
Copy link

roustem commented Sep 16, 2014

Help > Troubleshooting > Troubleshooting Utility might help.

@ianchesal
Copy link
Author

Here's what I see in Console when the verification fails:

9/16/14 10:30:09.841 AM 2BUA8C4S2C.com.agilebits.onepassword4-helper[1081]: 441008 [EXT:0x7feaba409340:<OP4ExtensionClient: 0x7feabf1e6950>] M sendFillItem:generatedPassword:openInTabMode: | Extension client 'chrome-extension://phicbbndgmmpogmijjkbmdhpioaieaha' ((null)) is not verified. Will not fill 922E644631D843F9B7F89A75A34B72EF until client is verified.

I'm going to try the Sophos whitelist change...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment