| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | |
| 6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | |
| 7 | |
| 8 #include <memory> | |
| 9 #include <string> | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "base/memory/ref_counted.h" | |
| 13 #include "net/base/net_export.h" | |
| 14 #include "net/quic/quic_protocol.h" | |
| 15 | |
| 16 namespace net { | |
| 17 | |
| 18 class IPAddress; | |
| 19 | |
| 20 // ProofSource is an interface by which a QUIC server can obtain certificate | |
| 21 // chains and signatures that prove its identity. | |
| 22 class NET_EXPORT_PRIVATE ProofSource { | |
| 23 public: | |
| 24 // Chain is a reference-counted wrapper for a std::vector of std::stringified | |
| 25 // certificates. | |
| 26 struct NET_EXPORT_PRIVATE Chain : public base::RefCounted<Chain> { | |
| 27 explicit Chain(const std::vector<std::string>& certs); | |
| 28 | |
| 29 const std::vector<std::string> certs; | |
| 30 | |
| 31 private: | |
| 32 friend class base::RefCounted<Chain>; | |
| 33 | |
| 34 virtual ~Chain(); | |
| 35 | |
| 36 DISALLOW_COPY_AND_ASSIGN(Chain); | |
| 37 }; | |
| 38 | |
| 39 // Details is an abstract class which acts as a container for any | |
| 40 // implementation-specific details that a ProofSource wants to return. | |
| 41 class Details { | |
| 42 public: | |
| 43 virtual ~Details() {} | |
| 44 }; | |
| 45 | |
| 46 // Callback base class for receiving the results of an async call to GetProof. | |
| 47 class Callback { | |
| 48 public: | |
| 49 Callback() {} | |
| 50 virtual ~Callback() {} | |
| 51 | |
| 52 // Invoked upon completion of GetProof. | |
| 53 // | |
| 54 // |ok| indicates whether the operation completed successfully. If false, | |
| 55 // the values of the remaining three arguments are undefined. | |
| 56 // | |
| 57 // |chain| is a reference-counted pointer to an object representing the | |
| 58 // certificate chain. | |
| 59 // | |
| 60 // |signature| contains the signature of the server config. | |
| 61 // | |
| 62 // |leaf_cert_sct| holds the signed timestamp (RFC6962) of the leaf cert. | |
| 63 // | |
| 64 // |details| holds a pointer to an object representing the statistics, if | |
| 65 // any, | |
| 66 // gathered during the operation of GetProof. If no stats are available, | |
| 67 // this will be nullptr. | |
| 68 virtual void Run(bool ok, | |
| 69 const scoped_refptr<Chain>& chain, | |
| 70 const std::string& signature, | |
| 71 const std::string& leaf_cert_sct, | |
| 72 std::unique_ptr<Details> details) = 0; | |
| 73 | |
| 74 private: | |
| 75 Callback(const Callback&) = delete; | |
| 76 Callback& operator=(const Callback&) = delete; | |
| 77 }; | |
| 78 | |
| 79 virtual ~ProofSource() {} | |
| 80 | |
| 81 // GetProof finds a certificate chain for |hostname|, sets |out_chain| to | |
| 82 // point to it (in leaf-first order), calculates a signature of | |
| 83 // |server_config| using that chain and puts the result in |out_signature|. | |
| 84 // | |
| 85 // The signature uses SHA-256 as the hash function and PSS padding when the | |
| 86 // key is RSA. | |
| 87 // | |
| 88 // The signature uses SHA-256 as the hash function when the key is ECDSA. | |
| 89 // | |
| 90 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the | |
| 91 // signature must use an RSA key. | |
| 92 // | |
| 93 // |out_chain| is reference counted to avoid the (assumed) expense of copying | |
| 94 // out the certificates. | |
| 95 // | |
| 96 // The number of certificate chains is expected to be small and fixed, thus | |
| 97 // the ProofSource retains ownership of the contents of |out_chain|. The | |
| 98 // expectation is that they will be cached forever. | |
| 99 // | |
| 100 // For version before QUIC_VERSION_30, the signature values should be cached | |
| 101 // because |server_config| will be somewhat static. However, since they aren't | |
| 102 // bounded, the ProofSource may wish to evict entries from that cache, thus | |
| 103 // the caller takes ownership of |*out_signature|. | |
| 104 // | |
| 105 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash| | |
| 106 // which means that the signature can not be cached. The caller takes | |
| 107 // ownership of |*out_signature|. | |
| 108 // | |
| 109 // |hostname| may be empty to signify that a default certificate should be | |
| 110 // used. | |
| 111 // | |
| 112 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf | |
| 113 // cert. | |
| 114 // | |
| 115 // This function may be called concurrently. | |
| 116 virtual bool GetProof(const IPAddress& server_ip, | |
| 117 const std::string& hostname, | |
| 118 const std::string& server_config, | |
| 119 QuicVersion quic_version, | |
| 120 base::StringPiece chlo_hash, | |
| 121 bool ecdsa_ok, | |
| 122 scoped_refptr<Chain>* out_chain, | |
| 123 std::string* out_signature, | |
| 124 std::string* out_leaf_cert_sct) = 0; | |
| 125 | |
| 126 // Async version of GetProof with identical semantics, except that the results | |
| 127 // are delivered to |callback|. Callers should expect that |callback| might | |
| 128 // be invoked synchronously. The ProofSource takes ownership of |callback| in | |
| 129 // any case. | |
| 130 virtual void GetProof(const IPAddress& server_ip, | |
| 131 const std::string& hostname, | |
| 132 const std::string& server_config, | |
| 133 QuicVersion quic_version, | |
| 134 base::StringPiece chlo_hash, | |
| 135 bool ecdsa_ok, | |
| 136 std::unique_ptr<Callback> callback) = 0; | |
| 137 }; | |
| 138 | |
| 139 } // namespace net | |
| 140 | |
| 141 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2193073003:
Move shared files in net/quic/ into net/quic/core/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master