Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1186)

Side by Side Diff: components/cronet/ios/Cronet.h

Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests (Closed)
Patch Set: Addressed Misha's comments Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import <Foundation/Foundation.h> 5 #import <Foundation/Foundation.h>
6 6
7 #include "bidirectional_stream_c.h" 7 #include "bidirectional_stream_c.h"
8 8
9 // Type of HTTP cache; public interface to private implementation defined in 9 // Type of HTTP cache; public interface to private implementation defined in
10 // URLRequestContextConfig class. 10 // URLRequestContextConfig class.
11 typedef NS_ENUM(NSInteger, CRNHttpCacheType) { 11 typedef NS_ENUM(NSInteger, CRNHttpCacheType) {
12 // Disabled HTTP cache. Some data may still be temporarily stored in memory. 12 // Disabled HTTP cache. Some data may still be temporarily stored in memory.
13 CRNHttpCacheTypeDisabled, 13 CRNHttpCacheTypeDisabled,
14 // Enable on-disk HTTP cache, including HTTP data. 14 // Enable on-disk HTTP cache, including HTTP data.
15 CRNHttpCacheTypeDisk, 15 CRNHttpCacheTypeDisk,
16 // Enable in-memory cache, including HTTP data. 16 // Enable in-memory cache, including HTTP data.
17 CRNHttpCacheTypeMemory, 17 CRNHttpCacheTypeMemory,
18 }; 18 };
19 19
20 /// Cronet Domain Name.
mef 2017/06/19 15:02:33 Should it be 'Cronet Error Domain Name'?
kapishnikov 2017/06/19 18:32:48 The convention is not to add the 'Name' suffix. Ch
21 NSString* const CRNCronetDomain = @"Cronet";
22
23 /// Enum of Cronet NSError codes.
24 NS_ENUM(NSInteger){
25 CRNErrorInvalidArgument = 1001,
26 };
27
28 /// The corresponding value is a String object that contains the name of
29 /// an invalid argument inside the NSError userInfo dictionary.
30 NSString* const CRNInvalidArgumentKey = @"CRNInvalidArgumentKey";
31
20 // A block, that takes a request, and returns YES if the request should 32 // A block, that takes a request, and returns YES if the request should
21 // be handled. 33 // be handled.
22 typedef BOOL (^RequestFilterBlock)(NSURLRequest* request); 34 typedef BOOL (^RequestFilterBlock)(NSURLRequest* request);
23 35
24 // Interface for installing Cronet. 36 // Interface for installing Cronet.
25 // TODO(gcasto): Should this macro be separate from the one defined in 37 // TODO(gcasto): Should this macro be separate from the one defined in
26 // bidirectional_stream_c.h? 38 // bidirectional_stream_c.h?
27 GRPC_SUPPORT_EXPORT 39 GRPC_SUPPORT_EXPORT
28 @interface Cronet : NSObject 40 @interface Cronet : NSObject
29 41
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
62 // If |partial| is set to NO, then |userAgent| value is complete value sent to 74 // If |partial| is set to NO, then |userAgent| value is complete value sent to
63 // the remote. For Example: "Foo/3.0.0.0" is sent as "Foo/3.0.0.0". 75 // the remote. For Example: "Foo/3.0.0.0" is sent as "Foo/3.0.0.0".
64 // 76 //
65 // This method only has any effect before |start| is called. 77 // This method only has any effect before |start| is called.
66 + (void)setUserAgent:(NSString*)userAgent partial:(BOOL)partial; 78 + (void)setUserAgent:(NSString*)userAgent partial:(BOOL)partial;
67 79
68 // Sets SSLKEYLogFileName to export SSL key for Wireshark decryption of packet 80 // Sets SSLKEYLogFileName to export SSL key for Wireshark decryption of packet
69 // captures. This method only has any effect before |start| is called. 81 // captures. This method only has any effect before |start| is called.
70 + (void)setSslKeyLogFileName:(NSString*)sslKeyLogFileName; 82 + (void)setSslKeyLogFileName:(NSString*)sslKeyLogFileName;
71 83
84 /// Pins a set of public keys for a given host. This method only has any effect
85 /// before |start| is called. By pinning a set of public keys,
86 /// |pinsSha256|, communication with |hostName| is required to
mef 2017/06/19 15:02:33 host
mef 2017/06/19 15:02:33 pinHashes
kapishnikov 2017/06/19 18:32:48 Done.
kapishnikov 2017/06/19 18:32:48 Done.
87 /// authenticate with a certificate with a public key from the set of pinned
88 /// ones. An app can pin the public key of the root certificate, any of the
89 /// intermediate certificates or the end-entry certificate. Authentication will
90 /// fail and secure communication will not be established if none of the public
91 /// keys is present in the host's certificate chain, even if the host attempts
92 /// to authenticate with a certificate allowed by the device's trusted store of
93 /// certificates.
94 ///
95 /// Calling this method multiple times with the same host name overrides the
96 /// previously set pins for the host.
97 ///
98 /// More information about the public key pinning can be found in
99 /// [RFC 7469](https://tools.ietf.org/html/rfc7469).
100 ///
101 /// @param host name of the host to which the public keys should be pinned.
102 /// A host that consists only of digits and the dot character
103 /// is treated as invalid.
104 /// @param pinHashes a set of pins. Each pin is the SHA-256 cryptographic
105 /// hash of the DER-encoded ASN.1 representation of the
106 /// Subject Public Key Info (SPKI) of the host's X.509
107 /// certificate. Although, the method does not mandate the
108 /// presence of the backup pin that can be used if the control
109 /// of the primary private key has been lost, it is highly
110 /// recommended to supply one.
111 /// @param includeSubdomains indicates whether the pinning policy should be
112 /// applied to subdomains of |hostName|.
113 /// @param expirationDate specifies the expiration date for the pins.
114 /// @param outError on return, if the pin cannot be added, a pointer to an
115 /// error object that encapsulates the reason for the error.
116 /// @return returns |YES| if the pins were added successfully; |NO|, otherwise.
117 + (BOOL)addPublicKeyPinsForHost:(NSString*)host
118 pinHashes:(NSSet<NSData*>*)pinHashes
119 includeSubdomains:(BOOL)includeSubdomains
120 expirationDate:(NSDate*)expirationDate
121 error:(NSError**)outError;
122
72 // Sets the block used to determine whether or not Cronet should handle the 123 // Sets the block used to determine whether or not Cronet should handle the
73 // request. If the block is not set, Cronet will handle all requests. Cronet 124 // request. If the block is not set, Cronet will handle all requests. Cronet
74 // retains strong reference to the block, which can be released by calling this 125 // retains strong reference to the block, which can be released by calling this
75 // method with nil block. 126 // method with nil block.
76 + (void)setRequestFilterBlock:(RequestFilterBlock)block; 127 + (void)setRequestFilterBlock:(RequestFilterBlock)block;
77 128
78 // Starts CronetEngine. It is recommended to call this method on the application 129 // Starts CronetEngine. It is recommended to call this method on the application
79 // main thread. If the method is called on any thread other than the main one, 130 // main thread. If the method is called on any thread other than the main one,
80 // the method will internally try to execute synchronously using the main GCD 131 // the method will internally try to execute synchronously using the main GCD
81 // queue. Please make sure that the main thread is not blocked by a job 132 // queue. Please make sure that the main thread is not blocked by a job
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
133 184
134 // Sets Host Resolver Rules for testing. 185 // Sets Host Resolver Rules for testing.
135 // This method must be called after |start| has been called. 186 // This method must be called after |start| has been called.
136 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting; 187 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting;
137 188
138 // Enables TestCertVerifier which accepts all certificates for testing. 189 // Enables TestCertVerifier which accepts all certificates for testing.
139 // This method only has any effect before |start| is called. 190 // This method only has any effect before |start| is called.
140 + (void)enableTestCertVerifierForTesting; 191 + (void)enableTestCertVerifierForTesting;
141 192
142 @end 193 @end
OLDNEW
« no previous file with comments | « no previous file | components/cronet/ios/Cronet.mm » ('j') | components/cronet/ios/cronet_environment.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698