Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(855)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/cronet/android/cronet_url_request_context_adapter.cc

Issue 1407263010: [Cronet] Public key pinning for Java API (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Small changes and rebase Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/cronet/android/api/src/org/chromium/net/CronetEngine.java ('k') | components/cronet/android/test/javatests/src/org/chromium/net/PkpTest.java » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/cronet/android/cronet_url_request_context_adapter.cc
diff --git a/components/cronet/android/cronet_url_request_context_adapter.cc b/components/cronet/android/cronet_url_request_context_adapter.cc
index 4fcf468badc8565143569c317cf29040b3698851..686119748bee65a4ae6c4817f287947cca25f2a9 100644
--- a/components/cronet/android/cronet_url_request_context_adapter.cc
+++ b/components/cronet/android/cronet_url_request_context_adapter.cc
@@ -10,6 +10,7 @@
#include "base/android/jni_array.h"
#include "base/android/jni_string.h"
#include "base/bind.h"
+#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
@@ -316,6 +317,11 @@ void CronetURLRequestContextAdapter::InitializeOnNetworkThread(
http_server_properties_manager.Pass());
}
+ // Explicitly disable the persister for Cronet to avoid persistence of dynamic
+ // HPKP. This is a safety measure ensuring that nobody enables the persistence
+ // of HPKP by specifying transport_security_persister_path in the future.
+ context_builder.set_transport_security_persister_path(base::FilePath());
+
context_ = context_builder.Build().Pass();
default_load_flags_ = net::LOAD_DO_NOT_SAVE_COOKIES |
@@ -376,6 +382,27 @@ void CronetURLRequestContextAdapter::InitializeOnNetworkThread(
}
}
+ // Iterate through PKP configuration for every host.
+ for (const auto& pkp : config->pkp_list) {
+ // Convert the vector of hash strings from the config to
+ // a vector of HashValue objects.
+ net::HashValueVector hash_value_vector;
+ for (const auto& hash : pkp->pin_hashes) {
+ net::HashValue hash_value;
+ bool good_hash = hash_value.FromString(*hash);
+ if (good_hash) {
+ hash_value_vector.push_back(hash_value);
+ } else {
+ LOG(WARNING) << "Unable to add hash value " << *hash;
+ }
+ }
+
+ // Add the host pinning.
+ context_->transport_security_state()->AddHPKP(
+ pkp->host, pkp->expiration_date, pkp->include_subdomains,
+ hash_value_vector, GURL::EmptyGURL());
+ }
+
JNIEnv* env = base::android::AttachCurrentThread();
jcronet_url_request_context_.Reset(env, jcronet_url_request_context.obj());
Java_CronetUrlRequestContext_initNetworkThread(
« no previous file with comments | « components/cronet/android/api/src/org/chromium/net/CronetEngine.java ('k') | components/cronet/android/test/javatests/src/org/chromium/net/PkpTest.java » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698