Chromium Code Reviews Chromium Code Reviews
Issue 17385010:
OpenSSL/NSS implementation of ProofVerfifier. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/quic/crypto/proof_verifier_chromium.h |
| diff --git a/net/quic/crypto/proof_verifier_chromium.h b/net/quic/crypto/proof_verifier_chromium.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..71176de4def23a998466bcd22c0cc0a976dc33a1 |
| --- /dev/null |
| +++ b/net/quic/crypto/proof_verifier_chromium.h |
| @@ -0,0 +1,86 @@ |
| +// Copyright 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ |
| +#define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ |
| + |
| +#include <string> |
| +#include <vector> |
| + |
| +#include "base/basictypes.h" |
| +#include "base/compiler_specific.h" |
| +#include "base/memory/scoped_ptr.h" |
| +#include "net/base/completion_callback.h" |
| +#include "net/base/net_export.h" |
| +#include "net/base/net_log.h" |
| +#include "net/cert/cert_verify_result.h" |
| +#include "net/cert/x509_certificate.h" |
| +#include "net/quic/crypto/proof_verifier.h" |
| + |
| +namespace net { |
| + |
| +class BoundNetLog; |
| +class CertVerifier; |
| +class CertVerifyResult; |
| +class SingleRequestCertVerifier; |
| +class X509Certificate; |
| + |
| +// ProofVerifierChromium implements the QUIC ProofVerifier interface. |
| +class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier { |
| + public: |
| + explicit ProofVerifierChromium(CertVerifier* cert_verifier); |
| + virtual ~ProofVerifierChromium(); |
| + |
| + // ProofVerifier interface |
| + virtual int VerifyProof(const std::string& hostname, |
| + const std::string& server_config, |
| + const std::vector<std::string>& certs, |
| + const std::string& signature, |
| + const CompletionCallback& callback) OVERRIDE; |
| + virtual std::string error_details() OVERRIDE; |
| + |
| + private: |
| + enum State { |
| + STATE_NONE, |
| + STATE_VERIFY_CERT, |
| + STATE_VERIFY_CERT_COMPLETE, |
| + }; |
| + |
| + int VerifyChain(); |
| + |
| + int DoLoop(int last_io_result); |
| + void OnIOComplete(int result); |
| + int DoVerifyCert(int result); |
| + int DoVerifyCertComplete(int result); |
| + |
| + bool VerifySignature(const std::string& signed_data, |
| + const std::string& signature, |
| + const std::string& cert); |
| + |
| + // |cert_verifier_| and |verifier_| are used for verifying certificates. |
| + CertVerifier* const cert_verifier_; |
| + scoped_ptr<SingleRequestCertVerifier> verifier_; |
| + |
| + // |hostname| specifies the hostname for which |certs| is a valid chain. |
| + std::string hostname_; |
| + |
| + CompletionCallback callback_; |
| + |
| + // The result of certificate verification. |
| + CertVerifyResult cert_verify_result_; |
|
agl
2013/07/01 16:23:18
These members suggest that you're going to have to
ramant (doing other things)
2013/07/02 14:19:50
We thought we would have one ProofVerifier per Ses
|
| + std::string error_details_; |
| + |
| + // X509Certificate from a chain of DER encoded certificates. |
| + scoped_refptr<X509Certificate> cert_; |
| + |
| + State next_state_; |
| + |
| + BoundNetLog net_log_; |
|
wtc
2013/07/02 00:56:38
The net_log_ member probably should be initialized
ramant (doing other things)
2013/07/02 14:19:50
Done.
|
| + |
| + DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium); |
| +}; |
| + |
| +} // namespace net |
| + |
| +#endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ |
