components/cronet/ios/Cronet.h - Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/cronet/ios/Cronet.h

Issue 2928653002: [Cronet-iOS] Public-Key-Pinning Tests (Closed)

Patch Set: Replace static with anonymous namespace Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/cronet/ios/Cronet.h

diff --git a/components/cronet/ios/Cronet.h b/components/cronet/ios/Cronet.h

index f7f6cbe13fc94214cf0095bde6f6cedd5d330432..cd2980c8d45a1cfd0c369d750a88ee3dcb88a1cb 100644

--- a/components/cronet/ios/Cronet.h

+++ b/components/cronet/ios/Cronet.h

@@ -73,6 +73,47 @@ GRPC_SUPPORT_EXPORT

// captures. This method only has any effect before |start| is called.

+ (void)setSslKeyLogFileName:(NSString*)sslKeyLogFileName;

+//

+// Pins a set of public keys for a given host. This method only has any effect

+// before |start| is called. By pinning a set of public keys,

+// |pinsSha256|, communication with |hostName| is required to

+// authenticate with a certificate with a public key from the set of pinned

+// ones. An app can pin the public key of the root certificate, any of the

+// intermediate certificates or the end-entry certificate. Authentication will

+// fail and secure communication will not be established if none of the public

+// keys is present in the host's certificate chain, even if the host attempts to

+// authenticate with a certificate allowed by the device's trusted store of

+// certificates.

+//

+//

+// Calling this method multiple times with the same host name overrides the

+// previously set pins for the host.

+//

+//

+// More information about the public key pinning can be found in

+// <a href="https://tools.ietf.org/html/rfc7469">RFC 7469</a>.

+//

+//

+// @param hostName name of the host to which the public keys should be pinned. A

+// host that

+// consists only of digits and the dot character is treated as

+// invalid.

+// @param pinsSha256 a set of pins. Each pin is the SHA-256 cryptographic

+// hash of the DER-encoded ASN.1 representation of the Subject

+// Public Key Info (SPKI) of the host's X.509 certificate.

+// Although, the method does not mandate the presence of the

+// backup pin that can be used if the control of the primary

+// private key has been lost, it is highly recommended to

+// supply one.

+// @param includeSubdomains indicates whether the pinning policy should be

+// applied to

+// subdomains of {@code hostName}.

+// @param expirationDate specifies the expiration date for the pins.

++ (void)addPublicKeyPinsForHost:(NSString*)host

+ pinHashes:(NSSet<NSData*>*)pinHashes

+ includeSubdomains:(BOOL)includeSubdomains

+ expirationDate:(NSDate*)expirationDate;

// Sets the block used to determine whether or not Cronet should handle the

// request. If the block is not set, Cronet will handle all requests. Cronet

// retains strong reference to the block, which can be released by calling this

« no previous file with comments | « no previous file | components/cronet/ios/Cronet.mm » ('j') | components/cronet/ios/test/cronet_pkp_test.mm » ('J')