| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 586 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 597 if (validate_chlo_result.error_code != QUIC_NO_ERROR) { | 597 if (validate_chlo_result.error_code != QUIC_NO_ERROR) { |
| 598 *error_details = validate_chlo_result.error_details; | 598 *error_details = validate_chlo_result.error_details; |
| 599 return validate_chlo_result.error_code; | 599 return validate_chlo_result.error_code; |
| 600 } | 600 } |
| 601 | 601 |
| 602 out->Clear(); | 602 out->Clear(); |
| 603 | 603 |
| 604 bool x509_supported = false; | 604 bool x509_supported = false; |
| 605 bool x509_ecdsa_supported = false; | 605 bool x509_ecdsa_supported = false; |
| 606 ParseProofDemand(client_hello, &x509_supported, &x509_ecdsa_supported); | 606 ParseProofDemand(client_hello, &x509_supported, &x509_ecdsa_supported); |
| 607 if (!x509_supported && FLAGS_quic_require_x509) { |
| 608 *error_details = "Missing or invalid PDMD"; |
| 609 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 610 } |
| 607 DCHECK(proof_source_.get()); | 611 DCHECK(proof_source_.get()); |
| 608 string chlo_hash; | 612 string chlo_hash; |
| 609 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 613 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 610 if (!crypto_proof->chain && | 614 if (!crypto_proof->chain && |
| 611 !proof_source_->GetProof( | 615 !proof_source_->GetProof( |
| 612 server_ip, info.sni.as_string(), primary_config->serialized, version, | 616 server_ip, info.sni.as_string(), primary_config->serialized, version, |
| 613 chlo_hash, x509_ecdsa_supported, &crypto_proof->chain, | 617 chlo_hash, x509_ecdsa_supported, &crypto_proof->chain, |
| 614 &crypto_proof->signature, &crypto_proof->cert_sct)) { | 618 &crypto_proof->signature, &crypto_proof->cert_sct)) { |
| 615 return QUIC_HANDSHAKE_FAILED; | 619 return QUIC_HANDSHAKE_FAILED; |
| 616 } | 620 } |
| (...skipping 630 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1247 } | 1251 } |
| 1248 | 1252 |
| 1249 // Send client the reject reason for debugging purposes. | 1253 // Send client the reject reason for debugging purposes. |
| 1250 DCHECK_LT(0u, info.reject_reasons.size()); | 1254 DCHECK_LT(0u, info.reject_reasons.size()); |
| 1251 out->SetVector(kRREJ, info.reject_reasons); | 1255 out->SetVector(kRREJ, info.reject_reasons); |
| 1252 | 1256 |
| 1253 // The client may have requested a certificate chain. | 1257 // The client may have requested a certificate chain. |
| 1254 bool x509_supported = false; | 1258 bool x509_supported = false; |
| 1255 ParseProofDemand(client_hello, &x509_supported, | 1259 ParseProofDemand(client_hello, &x509_supported, |
| 1256 ¶ms->x509_ecdsa_supported); | 1260 ¶ms->x509_ecdsa_supported); |
| 1257 if (!x509_supported) { | 1261 if (!x509_supported && FLAGS_quic_require_x509) { |
| 1262 QUIC_BUG << "x509 certificates not supported in proof demand"; |
| 1258 return; | 1263 return; |
| 1259 } | 1264 } |
| 1260 | 1265 |
| 1261 StringPiece client_common_set_hashes; | 1266 StringPiece client_common_set_hashes; |
| 1262 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { | 1267 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { |
| 1263 params->client_common_set_hashes = client_common_set_hashes.as_string(); | 1268 params->client_common_set_hashes = client_common_set_hashes.as_string(); |
| 1264 } | 1269 } |
| 1265 | 1270 |
| 1266 StringPiece client_cached_cert_hashes; | 1271 StringPiece client_cached_cert_hashes; |
| 1267 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { | 1272 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { |
| (...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1831 priority(0), | 1836 priority(0), |
| 1832 source_address_token_boxer(nullptr) {} | 1837 source_address_token_boxer(nullptr) {} |
| 1833 | 1838 |
| 1834 QuicCryptoServerConfig::Config::~Config() { | 1839 QuicCryptoServerConfig::Config::~Config() { |
| 1835 STLDeleteElements(&key_exchanges); | 1840 STLDeleteElements(&key_exchanges); |
| 1836 } | 1841 } |
| 1837 | 1842 |
| 1838 QuicCryptoProof::QuicCryptoProof() {} | 1843 QuicCryptoProof::QuicCryptoProof() {} |
| 1839 QuicCryptoProof::~QuicCryptoProof() {} | 1844 QuicCryptoProof::~QuicCryptoProof() {} |
| 1840 } // namespace net | 1845 } // namespace net |
| OLD | NEW |