[Cronet] Public key pinning for Java API

components/cronet/android/cronet_url_request_context_adapter.cc

Index: components/cronet/android/cronet_url_request_context_adapter.cc
diff --git a/components/cronet/android/cronet_url_request_context_adapter.cc b/components/cronet/android/cronet_url_request_context_adapter.cc
index 4fcf468badc8565143569c317cf29040b3698851..b5dbdd5509eea4baf289f09d86d0b3fc9001d310 100644
--- a/components/cronet/android/cronet_url_request_context_adapter.cc
+++ b/components/cronet/android/cronet_url_request_context_adapter.cc
@@ -10,6 +10,7 @@
 #include "base/android/jni_array.h"
 #include "base/android/jni_string.h"
 #include "base/bind.h"
+#include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
@@ -316,6 +317,11 @@ void CronetURLRequestContextAdapter::InitializeOnNetworkThread(
         http_server_properties_manager.Pass());
   }
 
+  // Explicitly disable the persister for Cronet to avoid persistence of dynamic
+  // HPKP. This is a safety measure ensuring that nobody enables the persistence
+  // of HPKP by specifying transport_security_persister_path in the future.
+  context_builder.set_transport_security_persister_path(base::FilePath());
+
   context_ = context_builder.Build().Pass();
 
   default_load_flags_ = net::LOAD_DO_NOT_SAVE_COOKIES |
@@ -376,6 +382,27 @@ void CronetURLRequestContextAdapter::InitializeOnNetworkThread(
     }
   }
 
+  // Iterate through PKP configuration for every host.
+  for (const auto& pkp : config->pkp_list) {
+    // Convert the vector of hash strings from the config to
+    // a vector of HashValue objects.
+    net::HashValueVector hash_value_vector;
+    for (const auto& hash : pkp->pin_hashes) {
+      auto hash_value = net::HashValue(net::HASH_VALUE_SHA256);

[pauljensen, 2015/12/01 20:50:13]

is there any reason to explicitly initialize here?  Perhaps just:
net::HashValue hash_value;

[kapishnikov, 2015/12/02 22:11:36]

Done. I wanted to be explicit here that the hash value is SHA256. The actual
hash type is retrieved from the string prefix.

+      bool good_hash = hash_value.FromString(*hash);

[pauljensen, 2015/12/01 20:50:13]

I think this might allow SHA1 values, can we verify it's SHA256?

[kapishnikov, 2015/12/02 22:11:36]

Yes, the validation already takes place in CronetEngine.Builder. Technically,
the native code allows SHA1 pins but the CronetEngine.Builder will not allow to
create pins with SHA1. It is too late to validate it here. Failing it here means
failing the initialization of the request context. I have added tests to PkpTest
to validate scenario when the client passes SHA1 as the pin value.

+      if (good_hash) {
+        hash_value_vector.push_back(hash_value);
+      } else {
+        LOG(WARNING) << "Unable to add hash value " << *hash;
+      }
+    }
+
+    // Add the host pinning.
+    context_->transport_security_state()->AddHPKP(
+        pkp->host, pkp->expiration_date, pkp->include_subdomains,
+        hash_value_vector, GURL::EmptyGURL());
+  }
+
   JNIEnv* env = base::android::AttachCurrentThread();
   jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj());
   Java_CronetUrlRequestContext_initNetworkThread(