Chromium Code Reviews Chromium Code Reviews
Issue 1407263010:
[Cronet] Public key pinning for Java API (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java |
| diff --git a/net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java b/net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..dc2770e81076c7fe0107836f5e95f57673235cd5 |
| --- /dev/null |
| +++ b/net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java |
| @@ -0,0 +1,77 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
|
pauljensen
2015/11/03 19:59:30
why is this file in net/ if it's only used by comp
kapishnikov
2015/11/03 23:58:17
Initially I created this class in components/crone
pauljensen
2015/11/04 12:36:43
Untrue, net/android/javatests/src/org/chromium/net
|
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +package org.chromium.net.test.util; |
| + |
| +import android.util.Base64; |
| + |
| +import org.chromium.base.PathUtils; |
| + |
| +import java.io.BufferedReader; |
| +import java.io.FileReader; |
| +import java.io.IOException; |
| +import java.security.MessageDigest; |
| +import java.security.NoSuchAlgorithmException; |
| +import java.security.cert.Certificate; |
| + |
| +/** |
| + * Certificate related utility methods. |
| + */ |
| +public class CertTestUtil { |
|
pauljensen
2015/11/03 19:59:30
The majority of this class looks copied from X509U
kapishnikov
2015/11/03 23:58:17
See the previous comment.
|
| + /** |
| + * The location of the directory that contains certificates for testing. |
| + */ |
| + public static final String CERTS_DIRECTORY = |
| + PathUtils.getExternalStorageDirectory() + "/net/data/ssl/certificates/"; |
| + |
| + private static final String BEGIN_MARKER = "-----BEGIN CERTIFICATE-----"; |
| + private static final String END_MARKER = "-----END CERTIFICATE-----"; |
| + |
| + private CertTestUtil() {} |
| + |
| + /** |
| + * Converts a PEM formatted cert in a given file to the binary DER format. |
| + * |
| + * @param pemPathname the location of the certificate to convert. |
| + * @return array of bytes that represent the certificate in DER format. |
| + * @throws IOException if the file cannot be read. |
| + */ |
| + public static byte[] pemToDer(String pemPathname) throws IOException { |
| + BufferedReader reader = new BufferedReader(new FileReader(pemPathname)); |
| + StringBuilder builder = new StringBuilder(); |
| + |
| + // Skip past leading junk lines, if any. |
| + String line = reader.readLine(); |
| + while (line != null && !line.contains(BEGIN_MARKER)) line = reader.readLine(); |
| + |
| + // Then skip the BEGIN_MARKER itself, if present. |
| + while (line != null && line.contains(BEGIN_MARKER)) line = reader.readLine(); |
| + |
| + // Now gather the data lines into the builder. |
| + while (line != null && !line.contains(END_MARKER)) { |
| + builder.append(line.trim()); |
| + line = reader.readLine(); |
| + } |
| + |
| + reader.close(); |
| + return Base64.decode(builder.toString(), Base64.DEFAULT); |
| + } |
| + |
| + /** |
| + * Returns SHA256 hash of the public key of a given certificate. |
| + * |
| + * @param cert the cert that should be used to retrieve the public key from. |
| + * @return SHA256 hash of the public key. |
| + */ |
| + public static byte[] getPublicKeySha256(Certificate cert) { |
| + try { |
| + byte[] publicKey = cert.getPublicKey().getEncoded(); |
| + MessageDigest digest = MessageDigest.getInstance("SHA-256"); |
| + return digest.digest(publicKey); |
| + } catch (NoSuchAlgorithmException ex) { |
| + // This exception should never happen since SHA-256 is known algorithm |
| + throw new RuntimeException(ex); |
| + } |
| + } |
| +} |
