Chromium Code Reviews Chromium Code Reviews
Issue 1407263010:
[Cronet] Public key pinning for Java API (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: components/cronet/android/test/mock_cert_verifier.cc |
| diff --git a/components/cronet/android/test/mock_cert_verifier.cc b/components/cronet/android/test/mock_cert_verifier.cc |
| index 40eff7105b247b5c74b8816224047995d89360fa..dbfa19b25e8960dbaa4e510ac24cfffc96438987 100644 |
| --- a/components/cronet/android/test/mock_cert_verifier.cc |
| +++ b/components/cronet/android/test/mock_cert_verifier.cc |
| @@ -9,10 +9,11 @@ |
| #include "base/android/jni_android.h" |
| #include "base/android/jni_array.h" |
| -#include "base/android/scoped_java_ref.h" |
| +#include "crypto/sha2.h" |
| #include "jni/MockCertVerifier_jni.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/test_data_directory.h" |
| +#include "net/cert/asn1_util.h" |
| #include "net/cert/cert_verifier.h" |
| #include "net/cert/cert_verify_result.h" |
| #include "net/cert/mock_cert_verifier.h" |
| @@ -20,6 +21,34 @@ |
| namespace cronet { |
| +namespace { |
| + |
| +// Populates |out_hash_value| with the SHA256 hash of the cert public key. |
| +// Returns true on success. |
| +static bool calculatePublicKeySha256(const net::X509Certificate& cert, |
| + net::HashValue* out_hash_value) { |
| + // Convert the cert to DER encoded bytes. |
| + std::string der_cert_bytes; |
| + net::X509Certificate::OSCertHandle cert_handle = cert.os_cert_handle(); |
| + if (!net::X509Certificate::GetDEREncoded(cert_handle, &der_cert_bytes)) { |
| + LOG(INFO) << "Unable to convert the given cert to DER encoding"; |
| + return false; |
| + } |
| + // Extract the public key from the cert. |
| + base::StringPiece spki_bytes; |
| + if (!net::asn1::ExtractSPKIFromDERCert(der_cert_bytes, &spki_bytes)) { |
| + LOG(INFO) << "Unable to retrieve the public key from the DER cert"; |
| + return false; |
| + } |
| + // Convert the public key bytes to SHA256 hash. |
|
mef
2015/11/09 16:59:28
// Calculate SHA256 hash of public key bytes.
kapishnikov
2015/11/09 19:14:20
Done in the next PS.
|
| + out_hash_value->tag = net::HASH_VALUE_SHA256; |
| + crypto::SHA256HashString(spki_bytes, out_hash_value->data(), |
| + crypto::kSHA256Length); |
| + return true; |
| +} |
| + |
| +} // namespace |
| + |
| static jlong CreateMockCertVerifier(JNIEnv* env, |
| const JavaParamRef<jclass>& jcaller, |
| const JavaParamRef<jobjectArray>& jcerts) { |
| @@ -30,6 +59,17 @@ static jlong CreateMockCertVerifier(JNIEnv* env, |
| net::CertVerifyResult verify_result; |
| verify_result.verified_cert = |
| net::ImportCertFromFile(net::GetTestCertsDirectory(), cert); |
| + |
| + // Let the cert be treated as a known root cert. |
| + // This will enable HPKP verification. |
| + verify_result.is_issued_by_known_root = true; |
| + |
| + // Calculate the public key hash and add it to the verify_result. |
| + net::HashValue hashValue; |
| + CHECK(calculatePublicKeySha256(*verify_result.verified_cert.get(), |
| + &hashValue)); |
| + verify_result.public_key_hashes.push_back(hashValue); |
| + |
| mock_cert_verifier->AddResultForCert(verify_result.verified_cert.get(), |
| verify_result, net::OK); |
| } |
