components/cronet/ios/Cronet.mm - Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests

Side by Side Diff: components/cronet/ios/Cronet.mm

Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests (Closed)

Patch Set: Addressed Lily's comments. Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #import "components/cronet/ios/Cronet.h"	5 #import "components/cronet/ios/Cronet.h"

6	6

7 #include <memory>	7 #include <memory>

8	8

9 #include "base/lazy_instance.h"	9 #include "base/lazy_instance.h"

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 23 matching lines...) Expand all Loading...
34	34

35 BOOL gHttp2Enabled = YES;	35 BOOL gHttp2Enabled = YES;

36 BOOL gQuicEnabled = NO;	36 BOOL gQuicEnabled = NO;

37 cronet::URLRequestContextConfig::HttpCacheType gHttpCache =	37 cronet::URLRequestContextConfig::HttpCacheType gHttpCache =

38 cronet::URLRequestContextConfig::HttpCacheType::DISK;	38 cronet::URLRequestContextConfig::HttpCacheType::DISK;

39 ScopedVector<cronet::URLRequestContextConfig::QuicHint> gQuicHints;	39 ScopedVector<cronet::URLRequestContextConfig::QuicHint> gQuicHints;

40 NSString* gExperimentalOptions = @"{}";	40 NSString* gExperimentalOptions = @"{}";

41 NSString* gUserAgent = nil;	41 NSString* gUserAgent = nil;

42 BOOL gUserAgentPartial = NO;	42 BOOL gUserAgentPartial = NO;

43 NSString* gSslKeyLogFileName = nil;	43 NSString* gSslKeyLogFileName = nil;

	44 ScopedVector<cronet::URLRequestContextConfig::Pkp> gPkpList = {};

44 RequestFilterBlock gRequestFilterBlock = nil;	45 RequestFilterBlock gRequestFilterBlock = nil;

45 base::LazyInstance<std::unique_ptr<CronetHttpProtocolHandlerDelegate>>::Leaky	46 base::LazyInstance<std::unique_ptr<CronetHttpProtocolHandlerDelegate>>::Leaky

46 gHttpProtocolHandlerDelegate = LAZY_INSTANCE_INITIALIZER;	47 gHttpProtocolHandlerDelegate = LAZY_INSTANCE_INITIALIZER;

47 NSURLCache* gPreservedSharedURLCache = nil;	48 NSURLCache* gPreservedSharedURLCache = nil;

48 BOOL gEnableTestCertVerifierForTesting = FALSE;	49 BOOL gEnableTestCertVerifierForTesting = FALSE;

	50 std::unique_ptr<net::CertVerifier> gMockCertVerifier;

49 NSString* gAcceptLanguages = nil;	51 NSString* gAcceptLanguages = nil;

50	52

51 // CertVerifier, which allows any certificates for testing.	53 // CertVerifier, which allows any certificates for testing.

52 class TestCertVerifier : public net::CertVerifier {	54 class TestCertVerifier : public net::CertVerifier {

53 int Verify(const RequestParams& params,	55 int Verify(const RequestParams& params,

54 net::CRLSet* crl_set,	56 net::CRLSet* crl_set,

55 net::CertVerifyResult* verify_result,	57 net::CertVerifyResult* verify_result,

56 const net::CompletionCallback& callback,	58 const net::CompletionCallback& callback,

57 std::unique_ptr<Request>* out_req,	59 std::unique_ptr<Request>* out_req,

58 const net::NetLogWithSource& net_log) override {	60 const net::NetLogWithSource& net_log) override {

(...skipping 51 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
110	112

111 @implementation Cronet	113 @implementation Cronet

112	114

113 + (void)configureCronetEnvironmentForTesting:	115 + (void)configureCronetEnvironmentForTesting:

114 (cronet::CronetEnvironment*)cronetEnvironment {	116 (cronet::CronetEnvironment*)cronetEnvironment {

115 if (gEnableTestCertVerifierForTesting) {	117 if (gEnableTestCertVerifierForTesting) {

116 std::unique_ptr<TestCertVerifier> test_cert_verifier =	118 std::unique_ptr<TestCertVerifier> test_cert_verifier =

117 base::MakeUnique<TestCertVerifier>();	119 base::MakeUnique<TestCertVerifier>();

118 cronetEnvironment->set_mock_cert_verifier(std::move(test_cert_verifier));	120 cronetEnvironment->set_mock_cert_verifier(std::move(test_cert_verifier));

119 }	121 }

	122 if (gMockCertVerifier) {

	123 gChromeNet.Get()->set_mock_cert_verifier(std::move(gMockCertVerifier));

	124 }

120 }	125 }

121	126

122 + (NSString*)getAcceptLanguagesFromPreferredLanguages:	127 + (NSString*)getAcceptLanguagesFromPreferredLanguages:

123 (NSArray<NSString>)languages {	128 (NSArray<NSString>)languages {

124 NSMutableArray* acceptLanguages = [NSMutableArray new];	129 NSMutableArray* acceptLanguages = [NSMutableArray new];

125 for (NSString* lang_region in languages) {	130 for (NSString* lang_region in languages) {

126 NSString* lang = [lang_region componentsSeparatedByString:@"-"][0];	131 NSString* lang = [lang_region componentsSeparatedByString:@"-"][0];

127 NSString* localeAcceptLangs = acceptLangs[lang_region] ?: acceptLangs[lang];	132 NSString* localeAcceptLangs = acceptLangs[lang_region] ?: acceptLangs[lang];

128 if (localeAcceptLangs)	133 if (localeAcceptLangs)

129 [acceptLanguages	134 [acceptLanguages

(...skipping 73 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
203 }	208 }

204 }	209 }

205	210

206 + (void)setRequestFilterBlock:(RequestFilterBlock)block {	211 + (void)setRequestFilterBlock:(RequestFilterBlock)block {

207 if (gHttpProtocolHandlerDelegate.Get().get())	212 if (gHttpProtocolHandlerDelegate.Get().get())

208 gHttpProtocolHandlerDelegate.Get().get()->SetRequestFilterBlock(block);	213 gHttpProtocolHandlerDelegate.Get().get()->SetRequestFilterBlock(block);

209 else	214 else

210 gRequestFilterBlock = block;	215 gRequestFilterBlock = block;

211 }	216 }

212	217

	218 + (void)addPublicKeyPinsForHost:(NSString*)host

	219 pinHashes:(NSSet<NSData>)pinHashes

	220 includeSubdomains:(BOOL)includeSubdomains

	221 expirationDate:(NSDate*)expirationDate {

	222 [self checkNotStarted];

	223

	224 auto pkp = base::MakeUnique<cronet::URLRequestContextConfig::Pkp>(

	225 base::SysNSStringToUTF8(host), includeSubdomains,

	226 base::Time::FromCFAbsoluteTime(

	227 [expirationDate timeIntervalSinceReferenceDate]));

	228

	229 for (NSData* hash in pinHashes) {

	230 net::SHA256HashValue hashValue;

	231 DCHECK_EQ(sizeof(hashValue.data), hash.length)
	mef 2017/06/12 22:25:23 I'm not sure whether DCHECK is good enough here. W I'm not sure whether DCHECK is good enough here. What if app gets pins from the server and messes up the size? Release version will not have any guards and may read uninitialized memory beyond the end of hashValue.data. kapishnikov 2017/06/16 20:11:04 Good catch. Changed it to CHECK_EQ. Show quoted text On 2017/06/12 22:25:23, mef wrote: > I'm not sure whether DCHECK is good enough here. > What if app gets pins from the server and messes up the size? > Release version will not have any guards and may read uninitialized memory > beyond the end of hashValue.data. Good catch. Changed it to CHECK_EQ.
	232 << "The length of PKP SHA256 hash should be 256 bits";

	233 memcpy((void*)(hashValue.data), [hash bytes], sizeof(hashValue.data));

	234 pkp->pin_hashes.push_back(net::HashValue(hashValue));

	235 }

	236 gPkpList.push_back(std::move(pkp));

	237 }

	238

213 + (void)startInternal {	239 + (void)startInternal {

214 std::string user_agent = base::SysNSStringToUTF8(gUserAgent);	240 std::string user_agent = base::SysNSStringToUTF8(gUserAgent);

215	241

216 gChromeNet.Get().reset(	242 gChromeNet.Get().reset(

217 new cronet::CronetEnvironment(user_agent, gUserAgentPartial));	243 new cronet::CronetEnvironment(user_agent, gUserAgentPartial));

218	244

219 gChromeNet.Get()->set_accept_language(	245 gChromeNet.Get()->set_accept_language(

220 base::SysNSStringToUTF8(gAcceptLanguages ?: [self getAcceptLanguages]));	246 base::SysNSStringToUTF8(gAcceptLanguages ?: [self getAcceptLanguages]));

221	247

222 gChromeNet.Get()->set_http2_enabled(gHttp2Enabled);	248 gChromeNet.Get()->set_http2_enabled(gHttp2Enabled);

223 gChromeNet.Get()->set_quic_enabled(gQuicEnabled);	249 gChromeNet.Get()->set_quic_enabled(gQuicEnabled);

224 gChromeNet.Get()->set_experimental_options(	250 gChromeNet.Get()->set_experimental_options(

225 base::SysNSStringToUTF8(gExperimentalOptions));	251 base::SysNSStringToUTF8(gExperimentalOptions));

226 gChromeNet.Get()->set_http_cache(gHttpCache);	252 gChromeNet.Get()->set_http_cache(gHttpCache);

227 gChromeNet.Get()->set_ssl_key_log_file_name(	253 gChromeNet.Get()->set_ssl_key_log_file_name(

228 base::SysNSStringToUTF8(gSslKeyLogFileName));	254 base::SysNSStringToUTF8(gSslKeyLogFileName));

	255 gChromeNet.Get()->set_pkp_list(std::move(gPkpList));

229 for (const auto* quicHint : gQuicHints) {	256 for (const auto* quicHint : gQuicHints) {

230 gChromeNet.Get()->AddQuicHint(quicHint->host, quicHint->port,	257 gChromeNet.Get()->AddQuicHint(quicHint->host, quicHint->port,

231 quicHint->alternate_port);	258 quicHint->alternate_port);

232 }	259 }

233	260

234 [self configureCronetEnvironmentForTesting:gChromeNet.Get().get()];	261 [self configureCronetEnvironmentForTesting:gChromeNet.Get().get()];

235 gChromeNet.Get()->Start();	262 gChromeNet.Get()->Start();

236 gHttpProtocolHandlerDelegate.Get().reset(	263 gHttpProtocolHandlerDelegate.Get().reset(

237 new CronetHttpProtocolHandlerDelegate(	264 new CronetHttpProtocolHandlerDelegate(

238 gChromeNet.Get()->GetURLRequestContextGetter(), gRequestFilterBlock));	265 gChromeNet.Get()->GetURLRequestContextGetter(), gRequestFilterBlock));

(...skipping 93 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
332 return nil;	359 return nil;

333 }	360 }

334 std::vector<uint8_t> deltas(gChromeNet.Get()->GetHistogramDeltas());	361 std::vector<uint8_t> deltas(gChromeNet.Get()->GetHistogramDeltas());

335 return [NSData dataWithBytes:deltas.data() length:deltas.size()];	362 return [NSData dataWithBytes:deltas.data() length:deltas.size()];

336 }	363 }

337	364

338 + (void)enableTestCertVerifierForTesting {	365 + (void)enableTestCertVerifierForTesting {

339 gEnableTestCertVerifierForTesting = YES;	366 gEnableTestCertVerifierForTesting = YES;

340 }	367 }

341	368

	369 + (void)setMockCertVerifier:(std::unique_ptr<net::CertVerifier>)certVerifier {
	mef 2017/06/12 22:25:23 Should this also have ForTesting: suffix? Passing Should this also have ForTesting: suffix? Passing std::unique_ptr as argument is interesting. I guess its ok because this method is not in header files? kapishnikov 2017/06/16 20:11:04 Added the suffix. I think it should be okay since Show quoted text On 2017/06/12 22:25:23, mef wrote: > Should this also have ForTesting: suffix? > Passing std::unique_ptr as argument is interesting. > I guess its ok because this method is not in header files? Added the suffix. I think it should be okay since it is not a part of the public API and used only for testing.
	370 gMockCertVerifier = std::move(certVerifier);

	371 }

	372

342 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting {	373 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting {

343 DCHECK(gChromeNet.Get().get());	374 DCHECK(gChromeNet.Get().get());

344 gChromeNet.Get()->SetHostResolverRules(	375 gChromeNet.Get()->SetHostResolverRules(

345 base::SysNSStringToUTF8(hostResolverRulesForTesting));	376 base::SysNSStringToUTF8(hostResolverRulesForTesting));

346 }	377 }

347	378

348 // This is a non-public dummy method that prevents the linker from stripping out	379 // This is a non-public dummy method that prevents the linker from stripping out

349 // the otherwise non-referenced methods from 'bidirectional_stream.cc'.	380 // the otherwise non-referenced methods from 'bidirectional_stream.cc'.

350 + (void)preventStrippingCronetBidirectionalStream {	381 + (void)preventStrippingCronetBidirectionalStream {

351 bidirectional_stream_create(NULL, 0, 0);	382 bidirectional_stream_create(NULL, 0, 0);

352 }	383 }

353	384

354 @end	385 @end

OLD	NEW

« components/cronet/ios/Cronet.h ('K') | « components/cronet/ios/Cronet.h ('k') | components/cronet/ios/cronet_environment.h » ('j') | components/cronet/ios/cronet_environment.mm » ('J')