Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Side by Side Diff: net/quic/crypto/proof_source.h

Issue 2125063003: Add async variant of ProofSource::GetProof (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@126463885
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ 5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_
6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ 6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_
7 7
8 #include <memory>
8 #include <string> 9 #include <string>
9 #include <vector> 10 #include <vector>
10 11
11 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
12 #include "net/base/net_export.h" 13 #include "net/base/net_export.h"
13 #include "net/quic/quic_protocol.h" 14 #include "net/quic/quic_protocol.h"
14 15
15 namespace net { 16 namespace net {
16 17
17 class IPAddress; 18 class IPAddress;
(...skipping 10 matching lines...) Expand all
28 const std::vector<std::string> certs; 29 const std::vector<std::string> certs;
29 30
30 private: 31 private:
31 friend class base::RefCounted<Chain>; 32 friend class base::RefCounted<Chain>;
32 33
33 virtual ~Chain(); 34 virtual ~Chain();
34 35
35 DISALLOW_COPY_AND_ASSIGN(Chain); 36 DISALLOW_COPY_AND_ASSIGN(Chain);
36 }; 37 };
37 38
39 // Callback base class for receiving the results of an async call to GetProof.
40 class Callback {
41 public:
42 Callback() {}
43 virtual ~Callback() {}
44
45 // Invoked upon completion of GetProof.
46 //
47 // |ok| indicates whether the operation completed successfully. If false,
48 // the values of the remaining three arguments are undefined.
49 //
50 // |chain| is a reference-counted pointer to an object representing the
51 // certificate chain.
52 //
53 // |signature| contains the signature of the server config.
54 //
55 // |leaf_cert_sct| holds the signed timestamp (RFC6962) of the leaf cert.
56 virtual void Run(bool ok,
57 const scoped_refptr<Chain>& chain,
58 const std::string& signature,
59 const std::string& leaf_cert_sct) = 0;
60
61 private:
62 Callback(const Callback&) = delete;
63 Callback& operator=(const Callback&) = delete;
64 };
65
38 virtual ~ProofSource() {} 66 virtual ~ProofSource() {}
39 67
40 // GetProof finds a certificate chain for |hostname|, sets |out_certs| to 68 // GetProof finds a certificate chain for |hostname|, sets |out_chain| to
41 // point to it (in leaf-first order), calculates a signature of 69 // point to it (in leaf-first order), calculates a signature of
42 // |server_config| using that chain and puts the result in |out_signature|. 70 // |server_config| using that chain and puts the result in |out_signature|.
43 // 71 //
44 // The signature uses SHA-256 as the hash function and PSS padding when the 72 // The signature uses SHA-256 as the hash function and PSS padding when the
45 // key is RSA. 73 // key is RSA.
46 // 74 //
47 // The signature uses SHA-256 as the hash function when the key is ECDSA. 75 // The signature uses SHA-256 as the hash function when the key is ECDSA.
48 // 76 //
49 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the 77 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the
50 // signature must use an RSA key. 78 // signature must use an RSA key.
51 // 79 //
52 // |out_chain| is reference counted to avoid the (assumed) expense of copying 80 // |out_chain| is reference counted to avoid the (assumed) expense of copying
53 // out the certificates. 81 // out the certificates.
54 // 82 //
55 // The number of certificate chains is expected to be small and fixed thus 83 // The number of certificate chains is expected to be small and fixed, thus
56 // the ProofSource retains ownership of the contents of |out_certs|. The 84 // the ProofSource retains ownership of the contents of |out_chain|. The
57 // expectation is that they will be cached forever. 85 // expectation is that they will be cached forever.
58 // 86 //
59 // For version before QUIC_VERSION_30, the signature values should be cached 87 // For version before QUIC_VERSION_30, the signature values should be cached
60 // because |server_config| will be somewhat static. However, since they aren't 88 // because |server_config| will be somewhat static. However, since they aren't
61 // bounded, the ProofSource may wish to evicit entries from that cache, thus 89 // bounded, the ProofSource may wish to evict entries from that cache, thus
62 // the caller takes ownership of |*out_signature|. 90 // the caller takes ownership of |*out_signature|.
63 // 91 //
64 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash| 92 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash|
65 // which means that the signature can not be cached. The caller takes 93 // which means that the signature can not be cached. The caller takes
66 // ownership of |*out_signature|. 94 // ownership of |*out_signature|.
67 // 95 //
68 // |hostname| may be empty to signify that a default certificate should be 96 // |hostname| may be empty to signify that a default certificate should be
69 // used. 97 // used.
70 // 98 //
71 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf 99 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf
72 // cert. 100 // cert.
101 //
73 // This function may be called concurrently. 102 // This function may be called concurrently.
74 virtual bool GetProof(const IPAddress& server_ip, 103 virtual bool GetProof(const IPAddress& server_ip,
75 const std::string& hostname, 104 const std::string& hostname,
76 const std::string& server_config, 105 const std::string& server_config,
77 QuicVersion quic_version, 106 QuicVersion quic_version,
78 base::StringPiece chlo_hash, 107 base::StringPiece chlo_hash,
79 bool ecdsa_ok, 108 bool ecdsa_ok,
80 scoped_refptr<Chain>* out_chain, 109 scoped_refptr<Chain>* out_chain,
81 std::string* out_signature, 110 std::string* out_signature,
82 std::string* out_leaf_cert_sct) = 0; 111 std::string* out_leaf_cert_sct) = 0;
112
113 // Async version of GetProof with identical semantics, except that the results
114 // are delivered to |callback|. Callers should expect that |callback| might
115 // be invoked synchronously. The ProofSource takes ownership of |callback| in
116 // any case.
117 virtual void GetProof(const IPAddress& server_ip,
118 const std::string& hostname,
119 const std::string& server_config,
120 QuicVersion quic_version,
121 base::StringPiece chlo_hash,
122 bool ecdsa_ok,
123 std::unique_ptr<Callback> callback) = 0;
83 }; 124 };
84 125
85 } // namespace net 126 } // namespace net
86 127
87 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ 128 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_
OLDNEW
« no previous file with comments | « no previous file | net/quic/crypto/proof_source_chromium.h » ('j') | net/quic/crypto/proof_source_chromium.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698