OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | 5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ |
6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | 6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 13 #include "net/quic/quic_protocol.h" |
13 | 14 |
14 namespace net { | 15 namespace net { |
15 | 16 |
16 class IPAddress; | 17 class IPAddress; |
17 | 18 |
18 // ProofSource is an interface by which a QUIC server can obtain certificate | 19 // ProofSource is an interface by which a QUIC server can obtain certificate |
19 // chains and signatures that prove its identity. | 20 // chains and signatures that prove its identity. |
20 class NET_EXPORT_PRIVATE ProofSource { | 21 class NET_EXPORT_PRIVATE ProofSource { |
21 public: | 22 public: |
22 // Chain is a reference-counted wrapper for a std::vector of std::stringified | 23 // Chain is a reference-counted wrapper for a std::vector of std::stringified |
(...skipping 25 matching lines...) Expand all Loading... |
48 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the | 49 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the |
49 // signature must use an RSA key. | 50 // signature must use an RSA key. |
50 // | 51 // |
51 // |out_chain| is reference counted to avoid the (assumed) expense of copying | 52 // |out_chain| is reference counted to avoid the (assumed) expense of copying |
52 // out the certificates. | 53 // out the certificates. |
53 // | 54 // |
54 // The number of certificate chains is expected to be small and fixed thus | 55 // The number of certificate chains is expected to be small and fixed thus |
55 // the ProofSource retains ownership of the contents of |out_certs|. The | 56 // the ProofSource retains ownership of the contents of |out_certs|. The |
56 // expectation is that they will be cached forever. | 57 // expectation is that they will be cached forever. |
57 // | 58 // |
58 // The signature values should be cached because |server_config| will be | 59 // For version before QUIC_VERSION_30, the signature values should be cached |
59 // somewhat static. However, since they aren't bounded, the ProofSource may | 60 // because |server_config| will be somewhat static. However, since they aren't |
60 // wish to evicit entries from that cache, thus the caller takes ownership of | 61 // bounded, the ProofSource may wish to evicit entries from that cache, thus |
61 // |*out_signature|. | 62 // the caller takes ownership of |*out_signature|. |
| 63 // |
| 64 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash| |
| 65 // which means that the signature can not be cached. The caller takes |
| 66 // ownership of |*out_signature|. |
62 // | 67 // |
63 // |hostname| may be empty to signify that a default certificate should be | 68 // |hostname| may be empty to signify that a default certificate should be |
64 // used. | 69 // used. |
65 // | 70 // |
66 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf | 71 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf |
67 // cert. | 72 // cert. |
68 // This function may be called concurrently. | 73 // This function may be called concurrently. |
69 virtual bool GetProof(const IPAddress& server_ip, | 74 virtual bool GetProof(const IPAddress& server_ip, |
70 const std::string& hostname, | 75 const std::string& hostname, |
71 const std::string& server_config, | 76 const std::string& server_config, |
| 77 QuicVersion quic_version, |
| 78 base::StringPiece chlo_hash, |
72 bool ecdsa_ok, | 79 bool ecdsa_ok, |
73 scoped_refptr<Chain>* out_chain, | 80 scoped_refptr<Chain>* out_chain, |
74 std::string* out_signature, | 81 std::string* out_signature, |
75 std::string* out_leaf_cert_sct) = 0; | 82 std::string* out_leaf_cert_sct) = 0; |
76 }; | 83 }; |
77 | 84 |
78 } // namespace net | 85 } // namespace net |
79 | 86 |
80 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | 87 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ |
OLD | NEW |