Use cached compressed certs if available to reduce load of compressing certs. Flag protected by qui…

net/quic/crypto/quic_crypto_server_config.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <map>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/synchronization/lock.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_export.h"
 #include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/crypto_handshake_message.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_secret_boxer.h"
 #include "net/quic/crypto/proof_source.h"
+#include "net/quic/crypto/quic_compressed_certs_cache.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
 #include "net/quic/proto/source_address_token.pb.h"
 #include "net/quic/quic_time.h"
 
 namespace net {
 
 class CryptoHandshakeMessage;
 class EphemeralKeySource;
 class KeyExchange;
 class ProofSource;
@@ skipping 211 matching lines @@
   //     derivation.
   // server_ip: the IP address of the server. The IP address may be used for
   //     certificate selection.
   // client_address: the IP address and port of the client. The IP address is
   //     used to generate and validate source-address tokens.
   // version: version of the QUIC protocol in use for this connection
   // supported_versions: versions of the QUIC protocol that this server
   //     supports.
   // clock: used to validate client nonces and ephemeral keys.
   // rand: an entropy source
+  // compressed_certs_cache: the cache that caches a set of most recently used
+  //     certs. Owned by QuicDispatcher.
   // params: the state of the handshake. This may be updated with a server
   //     nonce when we send a rejection. After a successful handshake, this will
   //     contain the state of the connection.
   // crypto_proof: output structure containing the crypto proof used in reply to
   //     a proof demand.
   // out: the resulting handshake message (either REJ or SHLO)
   // error_details: used to store a string describing any error.
   QuicErrorCode ProcessClientHello(
       const ValidateClientHelloResultCallback::Result& validate_chlo_result,
       QuicConnectionId connection_id,
       const IPAddress& server_ip,
       const IPEndPoint& client_address,
       QuicVersion version,
       const QuicVersionVector& supported_versions,
       bool use_stateless_rejects,
       QuicConnectionId server_designated_connection_id,
       const QuicClock* clock,
       QuicRandom* rand,
+      QuicCompressedCertsCache* compressed_certs_cache,
       QuicCryptoNegotiatedParameters* params,
       QuicCryptoProof* crypto_proof,
       CryptoHandshakeMessage* out,
       std::string* error_details) const;
 
   // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing
   // the current primary config, an up to date source-address token, and cert
   // chain and proof in the case of secure QUIC. Returns true if successfully
   // filled |out|.
   //
   // |cached_network_params| is optional, and can be nullptr.
   bool BuildServerConfigUpdateMessage(
       QuicVersion version,
       const SourceAddressTokens& previous_source_address_tokens,
       const IPAddress& server_ip,
       const IPAddress& client_ip,
       const QuicClock* clock,
       QuicRandom* rand,
+      QuicCompressedCertsCache* compressed_certs_cache,
       const QuicCryptoNegotiatedParameters& params,
       const CachedNetworkParameters* cached_network_params,
       CryptoHandshakeMessage* out) const;
 
   // SetEphemeralKeySource installs an object that can cache ephemeral keys for
   // a short period of time. This object takes ownership of
   // |ephemeral_key_source|. If not set then ephemeral keys will be generated
   // per-connection.
   void SetEphemeralKeySource(EphemeralKeySource* ephemeral_key_source);
 
@@ skipping 161 matching lines @@
 
   // BuildRejection sets |out| to be a REJ message in reply to |client_hello|.
   void BuildRejection(QuicVersion version,
                       const Config& config,
                       const CryptoHandshakeMessage& client_hello,
                       const ClientHelloInfo& info,
                       const CachedNetworkParameters& cached_network_params,
                       bool use_stateless_rejects,
                       QuicConnectionId server_designated_connection_id,
                       QuicRandom* rand,
+                      QuicCompressedCertsCache* compressed_certs_cache,
                       QuicCryptoNegotiatedParameters* params,
                       const QuicCryptoProof& crypto_proof,
                       CryptoHandshakeMessage* out) const;
 
+  // CompressChain compresses the certificates in |chain->certs| and returns a
+  // compressed representation. |common_sets| contains the common certificate
+  // sets known locally and |client_common_set_hashes| contains the hashes of
+  // the common sets known to the peer. |client_cached_cert_hashes| contains
+  // 64-bit, FNV-1a hashes of certificates that the peer already possesses.
+  const std::string CompressChain(
+      QuicCompressedCertsCache* compressed_certs_cache,
+      const scoped_refptr<ProofSource::Chain>& chain,
+      const std::string& client_common_set_hashes,
+      const std::string& client_cached_cert_hashes,
+      const CommonCertSets* common_sets) const;
+
   // ParseConfigProtobuf parses the given config protobuf and returns a
   // scoped_refptr<Config> if successful. The caller adopts the reference to the
   // Config. On error, ParseConfigProtobuf returns nullptr.
   scoped_refptr<Config> ParseConfigProtobuf(QuicServerConfigProtobuf* protobuf);
 
   // NewSourceAddressToken returns a fresh source address token for the given
   // IP address. |cached_network_params| is optional, and can be nullptr.
   std::string NewSourceAddressToken(
       const Config& config,
       const SourceAddressTokens& previous_tokens,
@@ skipping 151 matching lines @@
   std::string cert_sct;
   // The server config that is used for this proof (and the rest of the
   // request).
   scoped_refptr<QuicCryptoServerConfig::Config> config;
   std::string primary_scid;
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_