components/cronet/android/cronet_url_request_context_adapter.cc - Issue 1407263010: [Cronet] Public key pinning for Java API

Side by Side Diff: components/cronet/android/cronet_url_request_context_adapter.cc

Issue 1407263010: [Cronet] Public key pinning for Java API (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed review comments Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« components/cronet/android/api/src/org/chromium/net/CronetEngine.java ('K') | « components/cronet/android/api/src/org/chromium/net/CronetEngine.java ('k') | components/cronet/android/test/javatests/src/org/chromium/net/HpkpTest.java » ('j') | net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/cronet/android/cronet_url_request_context_adapter.h"	5 #include "components/cronet/android/cronet_url_request_context_adapter.h"

6	6

7 #include <map>	7 #include <map>

8	8

9 #include "base/android/jni_android.h"	9 #include "base/android/jni_android.h"

10 #include "base/android/jni_string.h"	10 #include "base/android/jni_string.h"

(...skipping 354 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
365 quic_hint.port);	365 quic_hint.port);

366 net::AlternativeService alternative_service(	366 net::AlternativeService alternative_service(

367 net::AlternateProtocol::QUIC, "",	367 net::AlternateProtocol::QUIC, "",

368 static_cast<uint16>(quic_hint.alternate_port));	368 static_cast<uint16>(quic_hint.alternate_port));

369 context_->http_server_properties()->SetAlternativeService(	369 context_->http_server_properties()->SetAlternativeService(

370 quic_hint_host_port_pair, alternative_service, 1.0f,	370 quic_hint_host_port_pair, alternative_service, 1.0f,

371 base::Time::Max());	371 base::Time::Max());

372 }	372 }

373 }	373 }

374	374

	375 // Iterate through HPKP configuration for every host.

	376 for (auto hpkp_itr = config->hpkp_list.begin();

	377 hpkp_itr != config->hpkp_list.end(); ++hpkp_itr) {

	378 const URLRequestContextConfig::Hpkp& hpkp = **hpkp_itr;

	379

	380 // Convert the vector of hash strings from the config to

	381 // a vector of HashValue objects.

	382 net::HashValueVector hash_value_vector;

	383 for (auto hash_itr = hpkp.pin_hashes.begin();

	384 hash_itr != hpkp.pin_hashes.end(); ++hash_itr) {
	pauljensen 2015/11/03 19:59:30 for (auto hash_itr : hpkp.pin_hashes) for (auto hash_itr : hpkp.pin_hashes) mef 2015/11/03 20:18:00 for (const auto& hash_itr : hpkp.pin_hashes) Show quoted text On 2015/11/03 19:59:30, pauljensen wrote: > for (auto hash_itr : hpkp.pin_hashes) for (const auto& hash_itr : hpkp.pin_hashes) kapishnikov 2015/11/03 23:58:16 Done. Show quoted text On 2015/11/03 20:18:00, mef wrote: > On 2015/11/03 19:59:30, pauljensen wrote: > > for (auto hash_itr : hpkp.pin_hashes) > for (const auto& hash_itr : hpkp.pin_hashes) Done. kapishnikov 2015/11/03 23:58:17 Done. Show quoted text On 2015/11/03 19:59:30, pauljensen wrote: > for (auto hash_itr : hpkp.pin_hashes) Done.
	385 auto hash_value = net::HashValue(net::HASH_VALUE_SHA256);

	386 bool good_hash = hash_value.FromString(**hash_itr);
	pauljensen 2015/11/03 19:59:30 Let's get rid of the base64 encoding here and memc Let's get rid of the base64 encoding here and memcpy into data() pauljensen 2015/11/03 19:59:30 I don't understand the net::HashValue type...I wou I don't understand the net::HashValue type...I would have expected there to be child classes Sha256HashValue and Sha1HashValue...but they're not children...and I don't understand why I see code memcpy or memset the data()... I've filed a bug to refactor net::HashValue to include some type-safety, crbug.com/551067 kapishnikov 2015/11/03 23:58:17 Paul, could you elaborate a little more here? The Show quoted text On 2015/11/03 19:59:30, pauljensen wrote: > Let's get rid of the base64 encoding here and memcpy into data() Paul, could you elaborate a little more here? The base64 encoded hash comes from the config (json object). However, HashValue.data() stores the hash value in the binary form; therefore, we need to convert base64 to bin. That is what happens in HashValue.FromString() method. pauljensen 2015/11/04 12:36:43 You convert the binary value to base64 and then ba Show quoted text On 2015/11/03 23:58:17, kapishnikov wrote: > On 2015/11/03 19:59:30, pauljensen wrote: > > Let's get rid of the base64 encoding here and memcpy into data() > > Paul, could you elaborate a little more here? The base64 encoded hash comes from > the config (json object). However, HashValue.data() stores the hash value in the > binary form; therefore, we need to convert base64 to bin. That is what happens > in HashValue.FromString() method. You convert the binary value to base64 and then back to binary. I'm saying let's not convert it at all and just keep it as binary the whole time.
	387 if (good_hash) {

	388 hash_value_vector.push_back(hash_value);

	389 } else {

	390 LOG(WARNING) << "Unable to add hash value " << **hash_itr;

	391 }

	392 }

	393

	394 // Add the host pinning.

	395 context_->transport_security_state()->AddHPKP(hpkp.host, base::Time::Max(),
	pauljensen 2015/11/03 19:59:30 AddHPKP's comment says "(used for net-internals an AddHPKP's comment says "(used for net-internals and unit tests)" so I don't think we should be using it, or the comment needs to change. kapishnikov 2015/11/03 23:58:17 I have fixed the comment. The method is almost ide Show quoted text On 2015/11/03 19:59:30, pauljensen wrote: > AddHPKP's comment says "(used for net-internals and unit tests)" so I don't > think we should be using it, or the comment needs to change. I have fixed the comment. The method is almost identical to AddHPKPInternal() which is 'internal' according to the suffix.
	396 hpkp.include_subdomains,

	397 hash_value_vector, GURL());

	398 }

	399

375 JNIEnv* env = base::android::AttachCurrentThread();	400 JNIEnv* env = base::android::AttachCurrentThread();

376 jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj());	401 jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj());

377 Java_CronetUrlRequestContext_initNetworkThread(	402 Java_CronetUrlRequestContext_initNetworkThread(

378 env, jcronet_url_request_context.obj());	403 env, jcronet_url_request_context.obj());

379	404

380 #if defined(DATA_REDUCTION_PROXY_SUPPORT)	405 #if defined(DATA_REDUCTION_PROXY_SUPPORT)

381 if (data_reduction_proxy_)	406 if (data_reduction_proxy_)

382 data_reduction_proxy_->Init(true, GetURLRequestContext());	407 data_reduction_proxy_->Init(true, GetURLRequestContext());

383 #endif	408 #endif

384 is_context_initialized_ = true;	409 is_context_initialized_ = true;

(...skipping 147 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
532 static jint SetMinLogLevel(JNIEnv* env,	557 static jint SetMinLogLevel(JNIEnv* env,

533 const JavaParamRef<jclass>& jcaller,	558 const JavaParamRef<jclass>& jcaller,

534 jint jlog_level) {	559 jint jlog_level) {

535 jint old_log_level = static_cast<jint>(logging::GetMinLogLevel());	560 jint old_log_level = static_cast<jint>(logging::GetMinLogLevel());

536 // MinLogLevel is global, shared by all URLRequestContexts.	561 // MinLogLevel is global, shared by all URLRequestContexts.

537 logging::SetMinLogLevel(static_cast<int>(jlog_level));	562 logging::SetMinLogLevel(static_cast<int>(jlog_level));

538 return old_log_level;	563 return old_log_level;

539 }	564 }

540	565

541 } // namespace cronet	566 } // namespace cronet

OLD	NEW