OpenSSL/NSS implementation of ProofVerfifier.

net/quic/crypto/proof_verifier_chromium.h

Index: net/quic/crypto/proof_verifier_chromium.h
diff --git a/net/quic/crypto/proof_verifier_chromium.h b/net/quic/crypto/proof_verifier_chromium.h
new file mode 100644
index 0000000000000000000000000000000000000000..6a73e82dea573e05b83dd2fec8da8669ccfdb527
--- /dev/null
+++ b/net/quic/crypto/proof_verifier_chromium.h
@@ -0,0 +1,97 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
+#define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/compiler_specific.h"
+#include "base/memory/scoped_ptr.h"
+#include "net/base/completion_callback.h"
+#include "net/base/net_export.h"
+#include "net/base/net_log.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/cert/x509_certificate.h"
+#include "net/quic/crypto/proof_verifier.h"
+
+namespace net {
+
+class BoundNetLog;
+class CertVerifier;
+class CertVerifyResult;
+class SingleRequestCertVerifier;
+class X509Certificate;
+
+struct CERTCertificateStr;
+typedef struct CERTCertificateStr CERTCertificate;

[wtc, 2013/06/24 22:36:56]

Delete these two lines. They are NSS-specific.

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+
+// ProofVerifierChromium implements the QUIC ProofVerifier interface.
+class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier {
+ public:
+  explicit ProofVerifierChromium(CertVerifier* cert_verifier);
+  virtual ~ProofVerifierChromium();
+
+  // ProofVerifier interface
+  virtual int VerifyProof(const std::string& hostname,
+                          const std::string& server_config,
+                          const std::vector<std::string>& certs,
+                          const std::string& signature,
+                          const CompletionCallback& callback,
+                          std::string* error_details) OVERRIDE;
+
+  // TODO(rtenneti): Do we need completed_cert_verification??

[wtc, 2013/06/24 22:36:56]

The completed_cert_verification() method doesn't seem necessary.

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  bool completed_cert_verification() const {
+    return completed_cert_verification_;
+  }
+
+ private:
+  enum State {
+    STATE_NONE,
+    STATE_VERIFY_CERT,
+    STATE_VERIFY_CERT_COMPLETE,
+  };
+
+  int VerifyChain(const std::vector<std::string>& certs);
+
+  int DoVerifyCertLoop(int last_io_result);
+  void OnVerifyCertIOComplete(int result);

[wtc, 2013/06/24 22:36:56]

These two functions can be named simply DoLoop(int result)
and OnIOComplete(int result).

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  int DoVerifyCert(int result);
+  int DoVerifyCertComplete(int result);
+
+  static bool VerifySignature(const std::string& signed_data,
+                              const std::string& signature,
+                              const std::string& cert);
+
+

[wtc, 2013/06/24 22:36:56]

Delete one blank line.

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  // |cert_verifier_| and |verifier_| are used for verifying certificates.
+  CertVerifier* const cert_verifier_;
+  scoped_ptr<SingleRequestCertVerifier> verifier_;
+
+  // |hostname| specifies the hostname for which |certs| is a valid chain.
+  std::string hostname_;
+
+  CompletionCallback callback_;
+
+  // True if the cert verification has been completed.
+  bool completed_cert_verification_;
+
+  // The result of certificate verification.
+  CertVerifyResult server_cert_verify_result_;

[wtc, 2013/06/24 22:36:56]

Remove "server_" from the member's name.

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+
+  // X509Certificate from a chain of DER encoded certificates.
+  scoped_refptr<X509Certificate> server_cert_;

[wtc, 2013/06/24 22:36:56]

It may be sufficient to just name this member |cert_|.

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+
+  State next_cert_state_;

[wtc, 2013/06/24 22:36:56]

This member can be named simply next_state_.

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+
+  BoundNetLog net_log_;
+
+  DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium);
+};
+
+}  // namespace net
+
+#endif  // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_