| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 1145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1156 StringPiece chlo_hash, | 1156 StringPiece chlo_hash, |
| 1157 const SourceAddressTokens& previous_source_address_tokens, | 1157 const SourceAddressTokens& previous_source_address_tokens, |
| 1158 const IPAddress& server_ip, | 1158 const IPAddress& server_ip, |
| 1159 const IPAddress& client_ip, | 1159 const IPAddress& client_ip, |
| 1160 const QuicClock* clock, | 1160 const QuicClock* clock, |
| 1161 QuicRandom* rand, | 1161 QuicRandom* rand, |
| 1162 QuicCompressedCertsCache* compressed_certs_cache, | 1162 QuicCompressedCertsCache* compressed_certs_cache, |
| 1163 const QuicCryptoNegotiatedParameters& params, | 1163 const QuicCryptoNegotiatedParameters& params, |
| 1164 const CachedNetworkParameters* cached_network_params, | 1164 const CachedNetworkParameters* cached_network_params, |
| 1165 CryptoHandshakeMessage* out) const { | 1165 CryptoHandshakeMessage* out) const { |
| 1166 base::AutoLock locked(configs_lock_); | 1166 string serialized; |
| 1167 string source_address_token; |
| 1168 const CommonCertSets* common_cert_sets; |
| 1169 { |
| 1170 base::AutoLock locked(configs_lock_); |
| 1171 serialized = primary_config_->serialized; |
| 1172 common_cert_sets = primary_config_->common_cert_sets; |
| 1173 source_address_token = NewSourceAddressToken( |
| 1174 *primary_config_, previous_source_address_tokens, client_ip, rand, |
| 1175 clock->WallNow(), cached_network_params); |
| 1176 } |
| 1177 |
| 1167 out->set_tag(kSCUP); | 1178 out->set_tag(kSCUP); |
| 1168 out->SetStringPiece(kSCFG, primary_config_->serialized); | 1179 out->SetStringPiece(kSCFG, serialized); |
| 1169 out->SetStringPiece( | 1180 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); |
| 1170 kSourceAddressTokenTag, | |
| 1171 NewSourceAddressToken(*primary_config_.get(), | |
| 1172 previous_source_address_tokens, client_ip, rand, | |
| 1173 clock->WallNow(), cached_network_params)); | |
| 1174 | 1181 |
| 1175 scoped_refptr<ProofSource::Chain> chain; | 1182 scoped_refptr<ProofSource::Chain> chain; |
| 1176 string signature; | 1183 string signature; |
| 1177 string cert_sct; | 1184 string cert_sct; |
| 1178 if (FLAGS_quic_use_hash_in_scup) { | 1185 if (FLAGS_quic_use_hash_in_scup) { |
| 1179 if (!proof_source_->GetProof(server_ip, params.sni, | 1186 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, |
| 1180 primary_config_->serialized, version, | |
| 1181 chlo_hash, params.x509_ecdsa_supported, &chain, | 1187 chlo_hash, params.x509_ecdsa_supported, &chain, |
| 1182 &signature, &cert_sct)) { | 1188 &signature, &cert_sct)) { |
| 1183 DVLOG(1) << "Server: failed to get proof."; | 1189 DVLOG(1) << "Server: failed to get proof."; |
| 1184 return false; | 1190 return false; |
| 1185 } | 1191 } |
| 1186 } else { | 1192 } else { |
| 1187 if (!proof_source_->GetProof( | 1193 if (!proof_source_->GetProof( |
| 1188 server_ip, params.sni, primary_config_->serialized, version, | 1194 server_ip, params.sni, serialized, version, params.client_nonce, |
| 1189 params.client_nonce, params.x509_ecdsa_supported, &chain, | 1195 params.x509_ecdsa_supported, &chain, &signature, &cert_sct)) { |
| 1190 &signature, &cert_sct)) { | |
| 1191 DVLOG(1) << "Server: failed to get proof."; | 1196 DVLOG(1) << "Server: failed to get proof."; |
| 1192 return false; | 1197 return false; |
| 1193 } | 1198 } |
| 1194 } | 1199 } |
| 1195 | 1200 |
| 1196 const string compressed = CompressChain( | 1201 const string compressed = CompressChain( |
| 1197 compressed_certs_cache, chain, params.client_common_set_hashes, | 1202 compressed_certs_cache, chain, params.client_common_set_hashes, |
| 1198 params.client_cached_cert_hashes, primary_config_->common_cert_sets); | 1203 params.client_cached_cert_hashes, common_cert_sets); |
| 1199 | 1204 |
| 1200 out->SetStringPiece(kCertificateTag, compressed); | 1205 out->SetStringPiece(kCertificateTag, compressed); |
| 1201 out->SetStringPiece(kPROF, signature); | 1206 out->SetStringPiece(kPROF, signature); |
| 1202 if (params.sct_supported_by_client && version > QUIC_VERSION_29 && | 1207 if (params.sct_supported_by_client && version > QUIC_VERSION_29 && |
| 1203 enable_serving_sct_) { | 1208 enable_serving_sct_) { |
| 1204 if (cert_sct.empty()) { | 1209 if (cert_sct.empty()) { |
| 1205 DLOG(WARNING) << "SCT is expected but it is empty."; | 1210 DLOG(WARNING) << "SCT is expected but it is empty."; |
| 1206 } else { | 1211 } else { |
| 1207 out->SetStringPiece(kCertificateSCTTag, cert_sct); | 1212 out->SetStringPiece(kCertificateSCTTag, cert_sct); |
| 1208 } | 1213 } |
| (...skipping 617 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1826 priority(0), | 1831 priority(0), |
| 1827 source_address_token_boxer(nullptr) {} | 1832 source_address_token_boxer(nullptr) {} |
| 1828 | 1833 |
| 1829 QuicCryptoServerConfig::Config::~Config() { | 1834 QuicCryptoServerConfig::Config::~Config() { |
| 1830 STLDeleteElements(&key_exchanges); | 1835 STLDeleteElements(&key_exchanges); |
| 1831 } | 1836 } |
| 1832 | 1837 |
| 1833 QuicCryptoProof::QuicCryptoProof() {} | 1838 QuicCryptoProof::QuicCryptoProof() {} |
| 1834 QuicCryptoProof::~QuicCryptoProof() {} | 1839 QuicCryptoProof::~QuicCryptoProof() {} |
| 1835 } // namespace net | 1840 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2125993002:
minor rearrangement of code only. No functional change intended, not flag-protected. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@126102870