components/cronet/android/api/src/org/chromium/net/CronetEngine.java - Issue 2052363002: Enable public key pinning of local trust anchors

Side by Side Diff: components/cronet/android/api/src/org/chromium/net/CronetEngine.java

Issue 2052363002: Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 package org.chromium.net;	5 package org.chromium.net;

6	6

7 import android.annotation.SuppressLint;	7 import android.annotation.SuppressLint;

8 import android.content.Context;	8 import android.content.Context;

9 import android.net.http.HttpResponseCache;	9 import android.net.http.HttpResponseCache;

10 import android.support.annotation.IntDef;	10 import android.support.annotation.IntDef;

(...skipping 83 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
94 mExpirationDate = expirationDate;	94 mExpirationDate = expirationDate;

95 }	95 }

96 }	96 }

97	97

98 private static final Pattern INVALID_PKP_HOST_NAME = Pattern.compile("^[ 0-9\\.]*$");	98 private static final Pattern INVALID_PKP_HOST_NAME = Pattern.compile("^[ 0-9\\.]*$");

99	99

100 // Private fields are simply storage of configuration for the resulting CronetEngine.	100 // Private fields are simply storage of configuration for the resulting CronetEngine.

101 // See setters below for verbose descriptions.	101 // See setters below for verbose descriptions.

102 private final Context mContext;	102 private final Context mContext;

103 private final List<QuicHint> mQuicHints = new LinkedList<QuicHint>();	103 private final List<QuicHint> mQuicHints = new LinkedList<QuicHint>();

104 private final List<Pkp> mPkps = new LinkedList<Pkp>();	104 private final List<Pkp> mPkps = new LinkedList<>();

	105 private boolean mPinLocalTrustAnchors = false;
	Ryan Sleevi 2016/06/13 17:03:11 STYLE suggestion: Keep this variable named consist STYLE suggestion: Keep this variable named consistently with the public API kapishnikov 2016/06/15 00:56:20 Done, following the existing pattern. Show quoted text On 2016/06/13 17:03:11, Ryan Sleevi wrote: > STYLE suggestion: Keep this variable named consistently with the public API Done, following the existing pattern.
105 private String mUserAgent;	106 private String mUserAgent;

106 private String mStoragePath;	107 private String mStoragePath;

107 private boolean mLegacyModeEnabled;	108 private boolean mLegacyModeEnabled;

108 private LibraryLoader mLibraryLoader;	109 private LibraryLoader mLibraryLoader;

109 private String mLibraryName;	110 private String mLibraryName;

110 private boolean mQuicEnabled;	111 private boolean mQuicEnabled;

111 private boolean mHttp2Enabled;	112 private boolean mHttp2Enabled;

112 private boolean mSdchEnabled;	113 private boolean mSdchEnabled;

113 private String mDataReductionProxyKey;	114 private String mDataReductionProxyKey;

114 private String mDataReductionProxyPrimaryProxy;	115 private String mDataReductionProxyPrimaryProxy;

(...skipping 419 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
534	535

535 /**	536 /**

536 * Returns list of public key pins.	537 * Returns list of public key pins.

537 * @return list of public key pins.	538 * @return list of public key pins.

538 */	539 */

539 List<Pkp> publicKeyPins() {	540 List<Pkp> publicKeyPins() {

540 return mPkps;	541 return mPkps;

541 }	542 }

542	543

543 /**	544 /**

	545 * Enables or disables pinning of the local (user-level) trust anchors.

	546 *

	547 * @param value {@code true} to enable pinning, {@code false} to disable .

	548 * @return the builder to facilitate chaining.

	549 */

	550 public Builder enableLocalTrustAnchorPinning(boolean value) {

	551 mPinLocalTrustAnchors = value;

	552 return this;

	553 }

	554

	555 boolean localTrustAnchorsPinningEnabled() {
	Ryan Sleevi 2016/06/13 17:03:11 naming: I'm not sufficiently read on Java style, b naming: I'm not sufficiently read on Java style, but is it common to have asymmetric methods like this? Wouldn't it be enableLocalTrustAnchorPinning localTrustAnchorPinningEnabled ? That still feels asymmetric w/r/t how enable/Enabled fit, perhaps setLocalTrustAnchorPinningEnabled localTrustAnchorPinningEnabled Which would match the C++ style. kapishnikov 2016/06/15 00:56:20 Point taken. I have followed the pattern how the o Show quoted text On 2016/06/13 17:03:11, Ryan Sleevi wrote: > naming: I'm not sufficiently read on Java style, but is it common to have > asymmetric methods like this? > > Wouldn't it be > enableLocalTrustAnchorPinning > localTrustAnchorPinningEnabled > > ? > > That still feels asymmetric w/r/t how enable/Enabled fit, perhaps > > setLocalTrustAnchorPinningEnabled > localTrustAnchorPinningEnabled > > Which would match the C++ style. Point taken. I have followed the pattern how the other methods are named, enableHTTP2/http2Enabled, enableQUIC/quicEnabled, etc. The getter methods are not exposed to the client. I would like to keep it consistent.
	556 return mPinLocalTrustAnchors;

	557 }

	558

	559 /**

544 * Checks whether a given string represents a valid host name for PKP an d converts it	560 * Checks whether a given string represents a valid host name for PKP an d converts it

545 * to ASCII Compatible Encoding representation according to RFC 1122, RF C 1123 and	561 * to ASCII Compatible Encoding representation according to RFC 1122, RF C 1123 and

546 * RFC 3490. This method is more restrictive than required by RFC 7469. Thus, a host	562 * RFC 3490. This method is more restrictive than required by RFC 7469. Thus, a host

547 * that contains digits and the dot character only is considered invalid .	563 * that contains digits and the dot character only is considered invalid .

548 *	564 *

549 * Note: Currently Cronet doesn't have native implementation of host nam e validation that	565 * Note: Currently Cronet doesn't have native implementation of host nam e validation that

550 * can be used. There is code that parses a provided URL but doesn 't ensure its	566 * can be used. There is code that parses a provided URL but doesn 't ensure its

551 * correctness. The implementation relies on {@code getaddrinfo} f unction.	567 * correctness. The implementation relies on {@code getaddrinfo} f unction.

552 *	568 *

553 * @param hostName host name to check and convert.	569 * @param hostName host name to check and convert.

(...skipping 556 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1110 * @hide as it's a prototype.	1126 * @hide as it's a prototype.

1111 */	1127 */

1112 public interface RequestFinishedListener { // TODO(klm): Add a convenience a bstract class.	1128 public interface RequestFinishedListener { // TODO(klm): Add a convenience a bstract class.

1113 /**	1129 /**

1114 * Invoked with request info.	1130 * Invoked with request info.

1115 * @param requestInfo {@link UrlRequestInfo} for finished request.	1131 * @param requestInfo {@link UrlRequestInfo} for finished request.

1116 */	1132 */

1117 void onRequestFinished(UrlRequestInfo requestInfo);	1133 void onRequestFinished(UrlRequestInfo requestInfo);

1118 }	1134 }

1119 }	1135 }

OLD	NEW