[Cronet] Public key pinning for Java API

Implements new public-key-pinning Java API (see https://tools.ietf.org/html/rfc7469). The API is accessible through CronetEngine.Builder.addPublicKeyPins() method. The method accepts the host, the a collection of pin hashes, the flag that indicates whether the pinning policy should be applied to the host subdomains and the pin expiration date. The pins are not persisted between client restarts.

BUG=522275

Review URL: https://codereview.chromium.org/1407263010

Cr-Commit-Position: refs/heads/master@{#363017}

1 files changed, 77 insertions, 0 deletions

diff --git a/net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java b/net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java
new file mode 100644
index 0000000..dc2770e
--- /dev/null
+++ b/net/test/android/javatests/src/org/chromium/net/test/util/CertTestUtil.java
@@ -0,0 +1,77 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.net.test.util;
+
+import android.util.Base64;
+
+import org.chromium.base.PathUtils;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+
+/**
+ * Certificate related utility methods.
+ */
+public class CertTestUtil {
+    /**
+     * The location of the directory that contains certificates for testing.
+     */
+    public static final String CERTS_DIRECTORY =
+            PathUtils.getExternalStorageDirectory() + "/net/data/ssl/certificates/";
+
+    private static final String BEGIN_MARKER = "-----BEGIN CERTIFICATE-----";
+    private static final String END_MARKER = "-----END CERTIFICATE-----";
+
+    private CertTestUtil() {}
+
+    /**
+     * Converts a PEM formatted cert in a given file to the binary DER format.
+     *
+     * @param pemPathname the location of the certificate to convert.
+     * @return array of bytes that represent the certificate in DER format.
+     * @throws IOException if the file cannot be read.
+     */
+    public static byte[] pemToDer(String pemPathname) throws IOException {
+        BufferedReader reader = new BufferedReader(new FileReader(pemPathname));
+        StringBuilder builder = new StringBuilder();
+
+        // Skip past leading junk lines, if any.
+        String line = reader.readLine();
+        while (line != null && !line.contains(BEGIN_MARKER)) line = reader.readLine();
+
+        // Then skip the BEGIN_MARKER itself, if present.
+        while (line != null && line.contains(BEGIN_MARKER)) line = reader.readLine();
+
+        // Now gather the data lines into the builder.
+        while (line != null && !line.contains(END_MARKER)) {
+            builder.append(line.trim());
+            line = reader.readLine();
+        }
+
+        reader.close();
+        return Base64.decode(builder.toString(), Base64.DEFAULT);
+    }
+
+    /**
+     * Returns SHA256 hash of the public key of a given certificate.
+     *
+     * @param cert the cert that should be used to retrieve the public key from.
+     * @return SHA256 hash of the public key.
+     */
+    public static byte[] getPublicKeySha256(Certificate cert) {
+        try {
+            byte[] publicKey = cert.getPublicKey().getEncoded();
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+            return digest.digest(publicKey);
+        } catch (NoSuchAlgorithmException ex) {
+            // This exception should never happen since SHA-256 is known algorithm
+            throw new RuntimeException(ex);
+        }
+    }
+}