components/cronet/ios/Cronet.h - Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests

Side by Side Diff: components/cronet/ios/Cronet.h

Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests (Closed)

Patch Set: Addressed Lily's comments. Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #import <Foundation/Foundation.h>	5 #import <Foundation/Foundation.h>

6	6

7 #include "bidirectional_stream_c.h"	7 #include "bidirectional_stream_c.h"

8	8

9 // TODO(mef): Remove this header after transition to bidirectional_stream_c.h	9 // TODO(mef): Remove this header after transition to bidirectional_stream_c.h

10 // See crbug.com/650462 for details.	10 // See crbug.com/650462 for details.

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
66 // If \|partial\| is set to NO, then \|userAgent\| value is complete value sent to	66 // If \|partial\| is set to NO, then \|userAgent\| value is complete value sent to

67 // the remote. For Example: "Foo/3.0.0.0" is sent as "Foo/3.0.0.0".	67 // the remote. For Example: "Foo/3.0.0.0" is sent as "Foo/3.0.0.0".

68 //	68 //

69 // This method only has any effect before \|start\| is called.	69 // This method only has any effect before \|start\| is called.

70 + (void)setUserAgent:(NSString*)userAgent partial:(BOOL)partial;	70 + (void)setUserAgent:(NSString*)userAgent partial:(BOOL)partial;

71	71

72 // Sets SSLKEYLogFileName to export SSL key for Wireshark decryption of packet	72 // Sets SSLKEYLogFileName to export SSL key for Wireshark decryption of packet

73 // captures. This method only has any effect before \|start\| is called.	73 // captures. This method only has any effect before \|start\| is called.

74 + (void)setSslKeyLogFileName:(NSString*)sslKeyLogFileName;	74 + (void)setSslKeyLogFileName:(NSString*)sslKeyLogFileName;

75	75

	76 /// Pins a set of public keys for a given host. This method only has any effect
	mef 2017/06/12 22:25:22 We should probably make other comments in this hea We should probably make other comments in this header documentable the same way. Different CL though. kapishnikov 2017/06/16 20:11:04 Acknowledged. Filed http://crbug.com/732888 Show quoted text On 2017/06/12 22:25:22, mef wrote: > We should probably make other comments in this header documentable the same way. > Different CL though. Acknowledged. Filed http://crbug.com/732888
	77 /// before \|start\| is called. By pinning a set of public keys,

	78 /// \|pinsSha256\|, communication with \|hostName\| is required to

	79 /// authenticate with a certificate with a public key from the set of pinned

	80 /// ones. An app can pin the public key of the root certificate, any of the

	81 /// intermediate certificates or the end-entry certificate. Authentication will

	82 /// fail and secure communication will not be established if none of the public

	83 /// keys is present in the host's certificate chain, even if the host attempts

	84 /// to authenticate with a certificate allowed by the device's trusted store of

	85 /// certificates.

	86 ///

	87 /// Calling this method multiple times with the same host name overrides the

	88 /// previously set pins for the host.

	89 ///

	90 /// More information about the public key pinning can be found in

	91 /// [RFC 7469](https://tools.ietf.org/html/rfc7469).

	92 ///

	93 /// @param hostName name of the host to which the public keys should be pinned.
	mef 2017/06/12 22:25:22 Need to match actual param names: hostName <-> ho Need to match actual param names: hostName <-> host pinsSha356 <-> pinHashes kapishnikov 2017/06/16 20:11:04 Done. Show quoted text On 2017/06/12 22:25:22, mef wrote: > Need to match actual param names: > > hostName <-> host > pinsSha356 <-> pinHashes Done.
	94 /// A host that consists only of digits and the dot character

	95 /// is treated as invalid.

	96 /// @param pinsSha256 a set of pins. Each pin is the SHA-256 cryptographic

	97 /// hash of the DER-encoded ASN.1 representation of the

	98 /// Subject Public Key Info (SPKI) of the host's X.509

	99 /// certificate. Although, the method does not mandate the

	100 /// presence of the backup pin that can be used if the control

	101 /// of the primary private key has been lost, it is highly

	102 /// recommended to supply one.

	103 /// @param includeSubdomains indicates whether the pinning policy should be

	104 /// applied to subdomains of \|hostName\|.

	105 /// @param expirationDate specifies the expiration date for the pins.

	106 + (void)addPublicKeyPinsForHost:(NSString*)host

	107 pinHashes:(NSSet<NSData>)pinHashes

	108 includeSubdomains:(BOOL)includeSubdomains

	109 expirationDate:(NSDate*)expirationDate;

	110

76 // Sets the block used to determine whether or not Cronet should handle the	111 // Sets the block used to determine whether or not Cronet should handle the

77 // request. If the block is not set, Cronet will handle all requests. Cronet	112 // request. If the block is not set, Cronet will handle all requests. Cronet

78 // retains strong reference to the block, which can be released by calling this	113 // retains strong reference to the block, which can be released by calling this

79 // method with nil block.	114 // method with nil block.

80 + (void)setRequestFilterBlock:(RequestFilterBlock)block;	115 + (void)setRequestFilterBlock:(RequestFilterBlock)block;

81	116

82 // Starts CronetEngine. It is recommended to call this method on the application	117 // Starts CronetEngine. It is recommended to call this method on the application

83 // main thread. If the method is called on any thread other than the main one,	118 // main thread. If the method is called on any thread other than the main one,

84 // the method will internally try to execute synchronously using the main GCD	119 // the method will internally try to execute synchronously using the main GCD

85 // queue. Please make sure that the main thread is not blocked by a job	120 // queue. Please make sure that the main thread is not blocked by a job

(...skipping 51 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
137	172

138 // Sets Host Resolver Rules for testing.	173 // Sets Host Resolver Rules for testing.

139 // This method must be called after \|start\| has been called.	174 // This method must be called after \|start\| has been called.

140 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting;	175 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting;

141	176

142 // Enables TestCertVerifier which accepts all certificates for testing.	177 // Enables TestCertVerifier which accepts all certificates for testing.

143 // This method only has any effect before \|start\| is called.	178 // This method only has any effect before \|start\| is called.

144 + (void)enableTestCertVerifierForTesting;	179 + (void)enableTestCertVerifierForTesting;

145	180

146 @end	181 @end

OLD	NEW

« no previous file with comments | « no previous file | components/cronet/ios/Cronet.mm » ('j') | components/cronet/ios/Cronet.mm » ('J')