Landing Recent QUIC changes until 2015-11-09 20:32 UTC

net/quic/crypto/quic_crypto_client_config.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_
 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_
 
 #include <map>
 #include <queue>
 #include <string>
@@ skipping 64 matching lines @@
     // has expired.
     ServerConfigState SetServerConfig(base::StringPiece server_config,
                                       QuicWallTime now,
                                       std::string* error_details);
 
     // InvalidateServerConfig clears the cached server config (if any).
     void InvalidateServerConfig();
 
     // SetProof stores a certificate chain and signature.
     void SetProof(const std::vector<std::string>& certs,
+                  base::StringPiece cert_sct,
                   base::StringPiece signature);
 
     // Clears all the data.
     void Clear();
 
     // Clears the certificate chain and signature and invalidates the proof.
     void ClearProof();
 
     // SetProofValid records that the certificate chain and signature have been
     // validated and that it's safe to assume that the server is legitimate.
     // (Note: this does not check the chain or signature.)
     void SetProofValid();
 
     // If the server config or the proof has changed then it needs to be
     // revalidated. Helper function to keep server_config_valid_ and
     // generation_counter_ in sync.
     void SetProofInvalid();
 
     const std::string& server_config() const;
     const std::string& source_address_token() const;
     const std::vector<std::string>& certs() const;
+    const std::string& cert_sct() const;
     const std::string& signature() const;
     bool proof_valid() const;
     uint64 generation_counter() const;
     const ProofVerifyDetails* proof_verify_details() const;
 
     void set_source_address_token(base::StringPiece token);
 
+    void set_cert_sct(base::StringPiece cert_sct);
+
     // Adds the connection ID to the queue of server-designated connection-ids.
     void add_server_designated_connection_id(QuicConnectionId connection_id);
 
     // If true, the crypto config contains at least one connection ID specified
     // by the server, and the client should use one of these IDs when initiating
     // the next connection.
     bool has_server_designated_connection_id() const;
 
     // This function should only be called when
     // has_server_designated_connection_id is true.  Returns the next
@@ skipping 20 matching lines @@
     // |server_config_sig_| from the |other|.  The remaining fields,
     // |generation_counter_|, |proof_verify_details_|, and |scfg_| remain
     // unchanged.
     void InitializeFrom(const CachedState& other);
 
     // Initializes this cached state based on the arguments provided.
     // Returns false if there is a problem parsing the server config.
     bool Initialize(base::StringPiece server_config,
                     base::StringPiece source_address_token,
                     const std::vector<std::string>& certs,
+                    const std::string& cert_sct,
                     base::StringPiece signature,
                     QuicWallTime now);
 
    private:
     std::string server_config_;         // A serialized handshake message.
     std::string source_address_token_;  // An opaque proof of IP ownership.
     std::vector<std::string> certs_;    // A list of certificates in leaf-first
                                         // order.
+    std::string cert_sct_;              // Signed timestamp of the leaf cert.
     std::string server_config_sig_;     // A signature of |server_config_|.
     bool server_config_valid_;          // True if |server_config_| is correctly
                                         // signed and |certs_| has been
                                         // validated.
     // Generation counter associated with the |server_config_|, |certs_| and
     // |server_config_sig_| combination. It is incremented whenever we set
     // server_config_valid_ to false.
     uint64 generation_counter_;
 
     scoped_ptr<ProofVerifyDetails> proof_verify_details_;
@@ skipping 60 matching lines @@
 
   // ProcessRejection processes a REJ message from a server and updates the
   // cached information about that server. After this, |IsComplete| may return
   // true for that server's CachedState. If the rejection message contains state
   // about a future handshake (i.e. an nonce value from the server), then it
   // will be saved in |out_params|. |now| is used to judge whether the server
   // config in the rejection message has expired. |is_https| is used to track
   // reject reason for secure vs insecure QUIC.
   QuicErrorCode ProcessRejection(const CryptoHandshakeMessage& rej,
                                  QuicWallTime now,
+                                 QuicVersion version,
                                  CachedState* cached,
                                  QuicCryptoNegotiatedParameters* out_params,
                                  std::string* error_details);
 
   // ProcessServerHello processes the message in |server_hello|, updates the
   // cached information about that server, writes the negotiated parameters to
   // |out_params| and returns QUIC_NO_ERROR. If |server_hello| is unacceptable
   // then it puts an error message in |error_details| and returns an error
   // code. |version| is the QUIC version for the current connection.
   // |negotiated_versions| contains the list of version, if any, that were
   // present in a version negotiation packet previously recevied from the
   // server. The contents of this list will be compared against the list of
   // versions provided in the VER tag of the server hello.
   QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello,
                                    QuicConnectionId connection_id,
                                    QuicVersion version,
                                    const QuicVersionVector& negotiated_versions,
                                    CachedState* cached,
                                    QuicCryptoNegotiatedParameters* out_params,
                                    std::string* error_details);
 
   // Processes the message in |server_update|, updating the cached source
   // address token, and server config.
   // If |server_update| is invalid then |error_details| will contain an error
   // message, and an error code will be returned. If all has gone well
   // QUIC_NO_ERROR is returned.
   QuicErrorCode ProcessServerConfigUpdate(
       const CryptoHandshakeMessage& server_update,
       QuicWallTime now,
+      const QuicVersion version,
       CachedState* cached,
       QuicCryptoNegotiatedParameters* out_params,
       std::string* error_details);
 
   ProofVerifier* proof_verifier() const;
 
   ChannelIDSource* channel_id_source() const;
 
   // SetChannelIDSource sets a ChannelIDSource that will be called, when the
   // server supports channel IDs, to obtain a channel ID for signing a message
@@ skipping 35 matching lines @@
   // Sets the members to reasonable, default values.
   void SetDefaults();
 
   // CacheNewServerConfig checks for SCFG, STK, PROF, and CRT tags in |message|,
   // verifies them, and stores them in the cached state if they validate.
   // This is used on receipt of a REJ from a server, or when a server sends
   // updated server config during a connection.
   QuicErrorCode CacheNewServerConfig(
       const CryptoHandshakeMessage& message,
       QuicWallTime now,
+      const QuicVersion version,
       const std::vector<std::string>& cached_certs,
       CachedState* cached,
       std::string* error_details);
 
   // If the suffix of the hostname in |server_id| is in |canonical_suffixes_|,
   // then populate |cached| with the canonical cached state from
   // |canonical_server_map_| for that suffix. Returns true if |cached| is
   // initialized with canonical cached state.
   bool PopulateFromCanonicalConfig(const QuicServerId& server_id,
                                    CachedState* cached);
@@ skipping 20 matching lines @@
 
   // The |user_agent_id_| passed in QUIC's CHLO message.
   std::string user_agent_id_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_