components/cronet/android/cronet_url_request_context_adapter.cc - Issue 1407263010: [Cronet] Public key pinning for Java API

Unified Diff: components/cronet/android/cronet_url_request_context_adapter.cc

Issue 1407263010: [Cronet] Public key pinning for Java API (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Added host name verification + review comments Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« components/cronet/android/api/src/org/chromium/net/CronetUtil.java ('K') | « components/cronet/android/api/src/org/chromium/net/CronetUtil.java ('k') | components/cronet/android/test/javatests/src/org/chromium/net/CronetUtilTest.java » ('j') | components/cronet/android/test/mock_cert_verifier.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/cronet/android/cronet_url_request_context_adapter.cc

diff --git a/components/cronet/android/cronet_url_request_context_adapter.cc b/components/cronet/android/cronet_url_request_context_adapter.cc

index 67dad4ef35028a612edf1ac88c01348962dbf16f..777cc2277cc35614d2e1f7c936c1e49c2ec522fb 100644

--- a/components/cronet/android/cronet_url_request_context_adapter.cc

+++ b/components/cronet/android/cronet_url_request_context_adapter.cc

@@ -10,6 +10,7 @@

#include "base/android/jni_array.h"

#include "base/android/jni_string.h"

#include "base/bind.h"

+#include "base/files/file_path.h"

#include "base/files/file_util.h"

#include "base/files/scoped_file.h"

#include "base/logging.h"

@@ -315,6 +316,12 @@ void CronetURLRequestContextAdapter::InitializeOnNetworkThread(

http_server_properties_manager.Pass());

}

+ // Explicitly disable the persister for Cronet to avoid persistence

+ // of dynamic HPKP. This is a safety measure in case if somebody will

+ // enable the persistence by specifying transport_security_persister_path

+ // in the future.

+ context_builder.set_transport_security_persister_path(base::FilePath());

context_ = context_builder.Build().Pass();

default_load_flags_ = net::LOAD_DO_NOT_SAVE_COOKIES |

@@ -375,6 +382,30 @@ void CronetURLRequestContextAdapter::InitializeOnNetworkThread(

}

+ // Iterate through HPKP configuration for every host.

+ for (auto hpkp_itr = config->hpkp_list.begin();

+ hpkp_itr != config->hpkp_list.end(); ++hpkp_itr) {

+ const URLRequestContextConfig::Hpkp& hpkp = **hpkp_itr;

+ // Convert the vector of hash strings from the config to

+ // a vector of HashValue objects.

+ net::HashValueVector hash_value_vector;

+ for (const auto& hash : hpkp.pin_hashes) {

+ auto hash_value = net::HashValue(net::HASH_VALUE_SHA256);

+ bool good_hash = hash_value.FromString(*hash);

+ if (good_hash) {

+ hash_value_vector.push_back(hash_value);

+ } else {

+ LOG(WARNING) << "Unable to add hash value " << *hash;

+ }

+ // Add the host pinning.

+ context_->transport_security_state()->AddHPKP(

+ hpkp.host, hpkp.expiration_date, hpkp.include_subdomains,

+ hash_value_vector, GURL::EmptyGURL());

+ }

JNIEnv* env = base::android::AttachCurrentThread();

jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj());

Java_CronetUrlRequestContext_initNetworkThread(