Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(202)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/cronet/android/api/src/org/chromium/net/CronetEngine.java

Issue 2052363002: Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed CronetPerfTestActivity test Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | components/cronet/android/cronet_url_request_context_adapter.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/cronet/android/api/src/org/chromium/net/CronetEngine.java
diff --git a/components/cronet/android/api/src/org/chromium/net/CronetEngine.java b/components/cronet/android/api/src/org/chromium/net/CronetEngine.java
index bd2f22401d9ab8dbdfe910ae5d20fab1eb00a4ef..f3638a27e98cb234e00dafe8fd074d03cda62f84 100644
--- a/components/cronet/android/api/src/org/chromium/net/CronetEngine.java
+++ b/components/cronet/android/api/src/org/chromium/net/CronetEngine.java
@@ -102,7 +102,8 @@ public abstract class CronetEngine {
// See setters below for verbose descriptions.
private final Context mContext;
private final List<QuicHint> mQuicHints = new LinkedList<QuicHint>();
- private final List<Pkp> mPkps = new LinkedList<Pkp>();
+ private final List<Pkp> mPkps = new LinkedList<>();
+ private boolean mPublicKeyPinningBypassForLocalTrustAnchorsEnabled;
private String mUserAgent;
private String mStoragePath;
private boolean mLegacyModeEnabled;
@@ -135,6 +136,7 @@ public abstract class CronetEngine {
enableSDCH(false);
enableHttpCache(HTTP_CACHE_DISABLED, 0);
enableNetworkQualityEstimator(false);
+ enablePublicKeyPinningBypassForLocalTrustAnchors(true);
}
/**
@@ -544,6 +546,28 @@ public abstract class CronetEngine {
}
/**
+ * Enables or disables public key pinning bypass for local trust anchors. Disabling the
+ * bypass for local trust anchors is highly discouraged since it may prohibit the app
+ * from communicating with the pinned hosts. E.g., a user may want to send all traffic
+ * through an SSL enabled proxy by changing the device proxy settings and adding the
+ * proxy certificate to the list of local trust anchor. Disabling the bypass will most
+ * likly prevent the app from sending any traffic to the pinned hosts. For more
+ * information see 'How does key pinning interact with local proxies and filters?' at
+ * https://www.chromium.org/Home/chromium-security/security-faq
+ *
+ * @param value {@code true} to enable the bypass, {@code false} to disable.
+ * @return the builder to facilitate chaining.
+ */
+ public Builder enablePublicKeyPinningBypassForLocalTrustAnchors(boolean value) {
+ mPublicKeyPinningBypassForLocalTrustAnchorsEnabled = value;
+ return this;
+ }
+
+ boolean publicKeyPinningBypassForLocalTrustAnchorsEnabled() {
+ return mPublicKeyPinningBypassForLocalTrustAnchorsEnabled;
+ }
+
+ /**
* Checks whether a given string represents a valid host name for PKP and converts it
* to ASCII Compatible Encoding representation according to RFC 1122, RFC 1123 and
* RFC 3490. This method is more restrictive than required by RFC 7469. Thus, a host
« no previous file with comments | « no previous file | components/cronet/android/cronet_url_request_context_adapter.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698