OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | 5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ |
6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | 6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ |
7 | 7 |
| 8 #include <memory> |
8 #include <string> | 9 #include <string> |
9 #include <vector> | 10 #include <vector> |
10 | 11 |
11 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
12 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
13 #include "net/quic/quic_protocol.h" | 14 #include "net/quic/quic_protocol.h" |
14 | 15 |
15 namespace net { | 16 namespace net { |
16 | 17 |
17 class IPAddress; | 18 class IPAddress; |
(...skipping 10 matching lines...) Expand all Loading... |
28 const std::vector<std::string> certs; | 29 const std::vector<std::string> certs; |
29 | 30 |
30 private: | 31 private: |
31 friend class base::RefCounted<Chain>; | 32 friend class base::RefCounted<Chain>; |
32 | 33 |
33 virtual ~Chain(); | 34 virtual ~Chain(); |
34 | 35 |
35 DISALLOW_COPY_AND_ASSIGN(Chain); | 36 DISALLOW_COPY_AND_ASSIGN(Chain); |
36 }; | 37 }; |
37 | 38 |
| 39 // Callback base class for receiving the results of an async call to GetProof. |
| 40 class Callback { |
| 41 public: |
| 42 Callback() {} |
| 43 virtual ~Callback() {} |
| 44 |
| 45 // Invoked upon completion of GetProof. |
| 46 // |
| 47 // |ok| indicates whether the operation completed successfully. If false, |
| 48 // the values of the remaining three arguments are undefined. |
| 49 // |
| 50 // |chain| is a reference-counted pointer to an object representing the |
| 51 // certificate chain. |
| 52 // |
| 53 // |signature| contains the signature of the server config. |
| 54 // |
| 55 // |leaf_cert_sct| holds the signed timestamp (RFC6962) of the leaf cert. |
| 56 virtual void Run(bool ok, |
| 57 const scoped_refptr<Chain>& chain, |
| 58 const std::string& signature, |
| 59 const std::string& leaf_cert_sct) = 0; |
| 60 |
| 61 private: |
| 62 Callback(const Callback&) = delete; |
| 63 Callback& operator=(const Callback&) = delete; |
| 64 }; |
| 65 |
38 virtual ~ProofSource() {} | 66 virtual ~ProofSource() {} |
39 | 67 |
40 // GetProof finds a certificate chain for |hostname|, sets |out_certs| to | 68 // GetProof finds a certificate chain for |hostname|, sets |out_chain| to |
41 // point to it (in leaf-first order), calculates a signature of | 69 // point to it (in leaf-first order), calculates a signature of |
42 // |server_config| using that chain and puts the result in |out_signature|. | 70 // |server_config| using that chain and puts the result in |out_signature|. |
43 // | 71 // |
44 // The signature uses SHA-256 as the hash function and PSS padding when the | 72 // The signature uses SHA-256 as the hash function and PSS padding when the |
45 // key is RSA. | 73 // key is RSA. |
46 // | 74 // |
47 // The signature uses SHA-256 as the hash function when the key is ECDSA. | 75 // The signature uses SHA-256 as the hash function when the key is ECDSA. |
48 // | 76 // |
49 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the | 77 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the |
50 // signature must use an RSA key. | 78 // signature must use an RSA key. |
51 // | 79 // |
52 // |out_chain| is reference counted to avoid the (assumed) expense of copying | 80 // |out_chain| is reference counted to avoid the (assumed) expense of copying |
53 // out the certificates. | 81 // out the certificates. |
54 // | 82 // |
55 // The number of certificate chains is expected to be small and fixed thus | 83 // The number of certificate chains is expected to be small and fixed, thus |
56 // the ProofSource retains ownership of the contents of |out_certs|. The | 84 // the ProofSource retains ownership of the contents of |out_chain|. The |
57 // expectation is that they will be cached forever. | 85 // expectation is that they will be cached forever. |
58 // | 86 // |
59 // For version before QUIC_VERSION_30, the signature values should be cached | 87 // For version before QUIC_VERSION_30, the signature values should be cached |
60 // because |server_config| will be somewhat static. However, since they aren't | 88 // because |server_config| will be somewhat static. However, since they aren't |
61 // bounded, the ProofSource may wish to evicit entries from that cache, thus | 89 // bounded, the ProofSource may wish to evict entries from that cache, thus |
62 // the caller takes ownership of |*out_signature|. | 90 // the caller takes ownership of |*out_signature|. |
63 // | 91 // |
64 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash| | 92 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash| |
65 // which means that the signature can not be cached. The caller takes | 93 // which means that the signature can not be cached. The caller takes |
66 // ownership of |*out_signature|. | 94 // ownership of |*out_signature|. |
67 // | 95 // |
68 // |hostname| may be empty to signify that a default certificate should be | 96 // |hostname| may be empty to signify that a default certificate should be |
69 // used. | 97 // used. |
70 // | 98 // |
71 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf | 99 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf |
72 // cert. | 100 // cert. |
| 101 // |
73 // This function may be called concurrently. | 102 // This function may be called concurrently. |
74 virtual bool GetProof(const IPAddress& server_ip, | 103 virtual bool GetProof(const IPAddress& server_ip, |
75 const std::string& hostname, | 104 const std::string& hostname, |
76 const std::string& server_config, | 105 const std::string& server_config, |
77 QuicVersion quic_version, | 106 QuicVersion quic_version, |
78 base::StringPiece chlo_hash, | 107 base::StringPiece chlo_hash, |
79 bool ecdsa_ok, | 108 bool ecdsa_ok, |
80 scoped_refptr<Chain>* out_chain, | 109 scoped_refptr<Chain>* out_chain, |
81 std::string* out_signature, | 110 std::string* out_signature, |
82 std::string* out_leaf_cert_sct) = 0; | 111 std::string* out_leaf_cert_sct) = 0; |
| 112 |
| 113 // Async version of GetProof with identical semantics, except that the results |
| 114 // are delivered to |callback|. Callers should expect that |callback| might |
| 115 // be invoked synchronously. The ProofSource takes ownership of |callback| in |
| 116 // any case. |
| 117 virtual void GetProof(const IPAddress& server_ip, |
| 118 const std::string& hostname, |
| 119 const std::string& server_config, |
| 120 QuicVersion quic_version, |
| 121 base::StringPiece chlo_hash, |
| 122 bool ecdsa_ok, |
| 123 std::unique_ptr<Callback> callback) = 0; |
83 }; | 124 }; |
84 | 125 |
85 } // namespace net | 126 } // namespace net |
86 | 127 |
87 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | 128 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ |
OLD | NEW |