Chromium Code Reviews Chromium Code Reviews
Issue 1407263010:
[Cronet] Public key pinning for Java API (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cronet/android/cronet_url_request_context_adapter.h" | 5 #include "components/cronet/android/cronet_url_request_context_adapter.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 | 8 |
| 9 #include "base/android/jni_android.h" | 9 #include "base/android/jni_android.h" |
| 10 #include "base/android/jni_array.h" | 10 #include "base/android/jni_array.h" |
| 11 #include "base/android/jni_string.h" | 11 #include "base/android/jni_string.h" |
| 12 #include "base/bind.h" | 12 #include "base/bind.h" |
| 13 #include "base/files/file_path.h" | |
| 13 #include "base/files/file_util.h" | 14 #include "base/files/file_util.h" |
| 14 #include "base/files/scoped_file.h" | 15 #include "base/files/scoped_file.h" |
| 15 #include "base/logging.h" | 16 #include "base/logging.h" |
| 16 #include "base/memory/scoped_vector.h" | 17 #include "base/memory/scoped_vector.h" |
| 17 #include "base/message_loop/message_loop.h" | 18 #include "base/message_loop/message_loop.h" |
| 18 #include "base/metrics/statistics_recorder.h" | 19 #include "base/metrics/statistics_recorder.h" |
| 19 #include "base/prefs/pref_filter.h" | 20 #include "base/prefs/pref_filter.h" |
| 20 #include "base/prefs/pref_registry_simple.h" | 21 #include "base/prefs/pref_registry_simple.h" |
| 21 #include "base/prefs/pref_service.h" | 22 #include "base/prefs/pref_service.h" |
| 22 #include "base/prefs/pref_service_factory.h" | 23 #include "base/prefs/pref_service_factory.h" |
| (...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 308 scoped_ptr<net::HttpServerPropertiesManager> http_server_properties_manager( | 309 scoped_ptr<net::HttpServerPropertiesManager> http_server_properties_manager( |
| 309 new net::HttpServerPropertiesManager(pref_service_.get(), | 310 new net::HttpServerPropertiesManager(pref_service_.get(), |
| 310 kHttpServerProperties, | 311 kHttpServerProperties, |
| 311 GetNetworkTaskRunner())); | 312 GetNetworkTaskRunner())); |
| 312 http_server_properties_manager->InitializeOnNetworkThread(); | 313 http_server_properties_manager->InitializeOnNetworkThread(); |
| 313 http_server_properties_manager_ = http_server_properties_manager.get(); | 314 http_server_properties_manager_ = http_server_properties_manager.get(); |
| 314 context_builder.SetHttpServerProperties( | 315 context_builder.SetHttpServerProperties( |
| 315 http_server_properties_manager.Pass()); | 316 http_server_properties_manager.Pass()); |
| 316 } | 317 } |
| 317 | 318 |
| 319 // Explicitly disable the persister for Cronet to avoid persistence | |
| 320 // of dynamic HPKP. This is a safety measure in case if somebody will | |
| 321 // enable the persistence by specifying transport_security_persister_path | |
| 322 // in the future. | |
| 323 context_builder.set_transport_security_persister_path(base::FilePath()); | |
| 324 | |
| 318 context_ = context_builder.Build().Pass(); | 325 context_ = context_builder.Build().Pass(); |
| 319 | 326 |
| 320 default_load_flags_ = net::LOAD_DO_NOT_SAVE_COOKIES | | 327 default_load_flags_ = net::LOAD_DO_NOT_SAVE_COOKIES | |
| 321 net::LOAD_DO_NOT_SEND_COOKIES; | 328 net::LOAD_DO_NOT_SEND_COOKIES; |
| 322 if (config->load_disable_cache) | 329 if (config->load_disable_cache) |
| 323 default_load_flags_ |= net::LOAD_DISABLE_CACHE; | 330 default_load_flags_ |= net::LOAD_DISABLE_CACHE; |
| 324 | 331 |
| 325 if (config->enable_sdch) { | 332 if (config->enable_sdch) { |
| 326 DCHECK(context_->sdch_manager()); | 333 DCHECK(context_->sdch_manager()); |
| 327 sdch_owner_.reset( | 334 sdch_owner_.reset( |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 368 quic_hint.port); | 375 quic_hint.port); |
| 369 net::AlternativeService alternative_service( | 376 net::AlternativeService alternative_service( |
| 370 net::AlternateProtocol::QUIC, "", | 377 net::AlternateProtocol::QUIC, "", |
| 371 static_cast<uint16>(quic_hint.alternate_port)); | 378 static_cast<uint16>(quic_hint.alternate_port)); |
| 372 context_->http_server_properties()->SetAlternativeService( | 379 context_->http_server_properties()->SetAlternativeService( |
| 373 quic_hint_host_port_pair, alternative_service, 1.0f, | 380 quic_hint_host_port_pair, alternative_service, 1.0f, |
| 374 base::Time::Max()); | 381 base::Time::Max()); |
| 375 } | 382 } |
| 376 } | 383 } |
| 377 | 384 |
| 385 // Iterate through HPKP configuration for every host. | |
| 386 for (auto hpkp_itr = config->hpkp_list.begin(); | |
|
estark
2015/11/10 19:04:16
Can this be `for (const auto& hpkp : hpkp_list)`?
kapishnikov
2015/11/10 22:33:33
Will fix it in the next PS.
| |
| 387 hpkp_itr != config->hpkp_list.end(); ++hpkp_itr) { | |
| 388 const URLRequestContextConfig::Hpkp& hpkp = **hpkp_itr; | |
| 389 | |
| 390 // Convert the vector of hash strings from the config to | |
| 391 // a vector of HashValue objects. | |
| 392 net::HashValueVector hash_value_vector; | |
| 393 for (const auto& hash : hpkp.pin_hashes) { | |
| 394 auto hash_value = net::HashValue(net::HASH_VALUE_SHA256); | |
| 395 bool good_hash = hash_value.FromString(*hash); | |
| 396 if (good_hash) { | |
| 397 hash_value_vector.push_back(hash_value); | |
| 398 } else { | |
| 399 LOG(WARNING) << "Unable to add hash value " << *hash; | |
| 400 } | |
| 401 } | |
| 402 | |
| 403 // Add the host pinning. | |
| 404 context_->transport_security_state()->AddHPKP( | |
| 405 hpkp.host, hpkp.expiration_date, hpkp.include_subdomains, | |
| 406 hash_value_vector, GURL::EmptyGURL()); | |
| 407 } | |
| 408 | |
| 378 JNIEnv* env = base::android::AttachCurrentThread(); | 409 JNIEnv* env = base::android::AttachCurrentThread(); |
| 379 jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj()); | 410 jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj()); |
| 380 Java_CronetUrlRequestContext_initNetworkThread( | 411 Java_CronetUrlRequestContext_initNetworkThread( |
| 381 env, jcronet_url_request_context.obj()); | 412 env, jcronet_url_request_context.obj()); |
| 382 | 413 |
| 383 #if defined(DATA_REDUCTION_PROXY_SUPPORT) | 414 #if defined(DATA_REDUCTION_PROXY_SUPPORT) |
| 384 if (data_reduction_proxy_) | 415 if (data_reduction_proxy_) |
| 385 data_reduction_proxy_->Init(true, GetURLRequestContext()); | 416 data_reduction_proxy_->Init(true, GetURLRequestContext()); |
| 386 #endif | 417 #endif |
| 387 is_context_initialized_ = true; | 418 is_context_initialized_ = true; |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 545 JNIEnv* env, | 576 JNIEnv* env, |
| 546 const JavaParamRef<jclass>& jcaller) { | 577 const JavaParamRef<jclass>& jcaller) { |
| 547 base::StatisticsRecorder::Initialize(); | 578 base::StatisticsRecorder::Initialize(); |
| 548 std::vector<uint8> data; | 579 std::vector<uint8> data; |
| 549 if (!HistogramManager::GetInstance()->GetDeltas(&data)) | 580 if (!HistogramManager::GetInstance()->GetDeltas(&data)) |
| 550 return ScopedJavaLocalRef<jbyteArray>(); | 581 return ScopedJavaLocalRef<jbyteArray>(); |
| 551 return base::android::ToJavaByteArray(env, &data[0], data.size()); | 582 return base::android::ToJavaByteArray(env, &data[0], data.size()); |
| 552 } | 583 } |
| 553 | 584 |
| 554 } // namespace cronet | 585 } // namespace cronet |
| OLD | NEW |
