[Cronet-iOS] Public-Key-Pinning Tests

components/cronet/ios/Cronet.mm

Index: components/cronet/ios/Cronet.mm
diff --git a/components/cronet/ios/Cronet.mm b/components/cronet/ios/Cronet.mm
index 567d4085b0bb5b78e7ca38c57d0715181fbf10ec..caee74151420f79330071e89364690556ceacd8e 100644
--- a/components/cronet/ios/Cronet.mm
+++ b/components/cronet/ios/Cronet.mm
@@ -41,11 +41,13 @@ NSString* gExperimentalOptions = @"{}";
 NSString* gUserAgent = nil;
 BOOL gUserAgentPartial = NO;
 NSString* gSslKeyLogFileName = nil;
+ScopedVector<cronet::URLRequestContextConfig::Pkp> gPkpList = {};
 RequestFilterBlock gRequestFilterBlock = nil;
 base::LazyInstance<std::unique_ptr<CronetHttpProtocolHandlerDelegate>>::Leaky
     gHttpProtocolHandlerDelegate = LAZY_INSTANCE_INITIALIZER;
 NSURLCache* gPreservedSharedURLCache = nil;
 BOOL gEnableTestCertVerifierForTesting = FALSE;
+std::unique_ptr<net::CertVerifier> gMockCertVerifier;
 NSString* gAcceptLanguages = nil;
 
 // CertVerifier, which allows any certificates for testing.
@@ -117,6 +119,9 @@ class CronetHttpProtocolHandlerDelegate
         base::MakeUnique<TestCertVerifier>();
     cronetEnvironment->set_mock_cert_verifier(std::move(test_cert_verifier));
   }
+  if (gMockCertVerifier) {
+    gChromeNet.Get()->set_mock_cert_verifier(std::move(gMockCertVerifier));
+  }
 }
 
 + (NSString*)getAcceptLanguagesFromPreferredLanguages:
@@ -210,6 +215,27 @@ class CronetHttpProtocolHandlerDelegate
     gRequestFilterBlock = block;
 }
 
++ (void)addPublicKeyPinsForHost:(NSString*)host
+                      pinHashes:(NSSet<NSData*>*)pinHashes
+              includeSubdomains:(BOOL)includeSubdomains
+                 expirationDate:(NSDate*)expirationDate {
+  [self checkNotStarted];
+
+  auto pkp = base::MakeUnique<cronet::URLRequestContextConfig::Pkp>(
+      base::SysNSStringToUTF8(host), includeSubdomains,
+      base::Time::FromCFAbsoluteTime(
+          [expirationDate timeIntervalSinceReferenceDate]));
+
+  for (NSData* hash in pinHashes) {
+    net::SHA256HashValue hashValue;
+    DCHECK_EQ(sizeof(hashValue.data), hash.length)
+        << "The length of PKP SHA256 hash should be 256 bits";
+    memcpy((void*)(hashValue.data), [hash bytes], sizeof(hashValue.data));
+    pkp->pin_hashes.push_back(net::HashValue(hashValue));
+  }
+  gPkpList.push_back(std::move(pkp));
+}
+
 + (void)startInternal {
   std::string user_agent = base::SysNSStringToUTF8(gUserAgent);
 
@@ -226,6 +252,7 @@ class CronetHttpProtocolHandlerDelegate
   gChromeNet.Get()->set_http_cache(gHttpCache);
   gChromeNet.Get()->set_ssl_key_log_file_name(
       base::SysNSStringToUTF8(gSslKeyLogFileName));
+  gChromeNet.Get()->set_pkp_list(std::move(gPkpList));
   for (const auto* quicHint : gQuicHints) {
     gChromeNet.Get()->AddQuicHint(quicHint->host, quicHint->port,
                                   quicHint->alternate_port);
@@ -339,6 +366,10 @@ class CronetHttpProtocolHandlerDelegate
   gEnableTestCertVerifierForTesting = YES;
 }
 
++ (void)setMockCertVerifier:(std::unique_ptr<net::CertVerifier>)certVerifier {
+  gMockCertVerifier = std::move(certVerifier);
+}
+
 + (void)setHostResolverRulesForTesting:(NSString*)hostResolverRulesForTesting {
   DCHECK(gChromeNet.Get().get());
   gChromeNet.Get()->SetHostResolverRules(