Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/core/crypto/quic_crypto_server_config.cc

Issue 2427783002: Refactors for server-side asynchronous handshakes (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_server_stream.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/core/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc
index f3172bfcd8d598a8e948e0203f035957d6970a51..f3e7aa23aa61965dd7e3d764fef2cbd585ecd85d 100644
--- a/net/quic/core/crypto/quic_crypto_server_config.cc
+++ b/net/quic/core/crypto/quic_crypto_server_config.cc
@@ -585,6 +585,92 @@ class ProcessClientHelloHelper {
std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_;
};
+class QuicCryptoServerConfig::ProcessClientHelloCallback
+ : public ProofSource::Callback {
+ public:
+ ProcessClientHelloCallback(
+ const QuicCryptoServerConfig* config,
+ scoped_refptr<ValidateClientHelloResultCallback::Result>
+ validate_chlo_result,
+ bool reject_only,
+ QuicConnectionId connection_id,
+ const IPEndPoint& client_address,
+ QuicVersion version,
+ const QuicVersionVector& supported_versions,
+ bool use_stateless_rejects,
+ QuicConnectionId server_designated_connection_id,
+ const QuicClock* clock,
+ QuicRandom* rand,
+ QuicCompressedCertsCache* compressed_certs_cache,
+ QuicCryptoNegotiatedParameters* params,
+ QuicCryptoProof* crypto_proof,
+ QuicByteCount total_framing_overhead,
+ QuicByteCount chlo_packet_size,
+ const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config,
+ const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config,
+ std::unique_ptr<ProcessClientHelloResultCallback> done_cb)
+ : config_(config),
+ validate_chlo_result_(std::move(validate_chlo_result)),
+ reject_only_(reject_only),
+ connection_id_(connection_id),
+ client_address_(client_address),
+ version_(version),
+ supported_versions_(supported_versions),
+ use_stateless_rejects_(use_stateless_rejects),
+ server_designated_connection_id_(server_designated_connection_id),
+ clock_(clock),
+ rand_(rand),
+ compressed_certs_cache_(compressed_certs_cache),
+ params_(params),
+ crypto_proof_(crypto_proof),
+ total_framing_overhead_(total_framing_overhead),
+ chlo_packet_size_(chlo_packet_size),
+ requested_config_(requested_config),
+ primary_config_(primary_config),
+ done_cb_(std::move(done_cb)) {}
+
+ void Run(bool ok,
+ const scoped_refptr<ProofSource::Chain>& chain,
+ const string& signature,
+ const string& leaf_cert_sct,
+ std::unique_ptr<ProofSource::Details> details) override {
+ if (ok) {
+ crypto_proof_->chain = chain;
+ crypto_proof_->signature = signature;
+ crypto_proof_->cert_sct = leaf_cert_sct;
+ }
+ config_->ProcessClientHelloAfterGetProof(
+ !ok, *validate_chlo_result_, reject_only_, connection_id_,
+ client_address_, version_, supported_versions_, use_stateless_rejects_,
+ server_designated_connection_id_, clock_, rand_,
+ compressed_certs_cache_, params_, crypto_proof_,
+ total_framing_overhead_, chlo_packet_size_, requested_config_,
+ primary_config_, std::move(done_cb_));
+ }
+
+ private:
+ const QuicCryptoServerConfig* config_;
+ const scoped_refptr<ValidateClientHelloResultCallback::Result>
+ validate_chlo_result_;
+ const bool reject_only_;
+ const QuicConnectionId connection_id_;
+ const IPEndPoint client_address_;
+ const QuicVersion version_;
+ const QuicVersionVector supported_versions_;
+ const bool use_stateless_rejects_;
+ const QuicConnectionId server_designated_connection_id_;
+ const QuicClock* const clock_;
+ QuicRandom* const rand_;
+ QuicCompressedCertsCache* compressed_certs_cache_;
+ QuicCryptoNegotiatedParameters* params_;
+ QuicCryptoProof* crypto_proof_;
+ const QuicByteCount total_framing_overhead_;
+ const QuicByteCount chlo_packet_size_;
+ const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_;
+ const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_;
+ std::unique_ptr<ProcessClientHelloResultCallback> done_cb_;
+};
+
void QuicCryptoServerConfig::ProcessClientHello(
scoped_refptr<ValidateClientHelloResultCallback::Result>
validate_chlo_result,
@@ -666,27 +752,42 @@ void QuicCryptoServerConfig::ProcessClientHello(
CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
// No need to get a new proof if one was already generated.
if (!crypto_proof->chain) {
+ if (FLAGS_enable_async_get_proof) {
+ std::unique_ptr<ProcessClientHelloCallback> cb(
+ new ProcessClientHelloCallback(
+ this, validate_chlo_result, reject_only, connection_id,
+ client_address, version, supported_versions,
+ use_stateless_rejects, server_designated_connection_id, clock,
+ rand, compressed_certs_cache, params, crypto_proof,
+ total_framing_overhead, chlo_packet_size, requested_config,
+ primary_config, std::move(done_cb)));
+ proof_source_->GetProof(server_ip, info.sni.as_string(),
+ primary_config->serialized, version, chlo_hash,
+ std::move(cb));
+ helper.DetachCallback();
+ return;
+ }
+
if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
primary_config->serialized, version, chlo_hash,
&crypto_proof->chain, &crypto_proof->signature,
&crypto_proof->cert_sct)) {
- helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof");
+ helper.Fail(QUIC_HANDSHAKE_FAILED, "");
return;
}
}
- // Note: this split exists to facilitate a future change in which the async
- // version of GetProof will be called.
helper.DetachCallback();
ProcessClientHelloAfterGetProof(
- *validate_chlo_result, reject_only, connection_id, client_address,
- version, supported_versions, use_stateless_rejects,
- server_designated_connection_id, clock, rand, compressed_certs_cache,
- params, crypto_proof, total_framing_overhead, chlo_packet_size,
- requested_config, primary_config, std::move(done_cb));
+ /* found_error = */ false, *validate_chlo_result, reject_only,
+ connection_id, client_address, version, supported_versions,
+ use_stateless_rejects, server_designated_connection_id, clock, rand,
+ compressed_certs_cache, params, crypto_proof, total_framing_overhead,
+ chlo_packet_size, requested_config, primary_config, std::move(done_cb));
}
void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
+ bool found_error,
const ValidateClientHelloResultCallback::Result& validate_chlo_result,
bool reject_only,
QuicConnectionId connection_id,
@@ -707,6 +808,11 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const {
ProcessClientHelloHelper helper(&done_cb);
+ if (found_error) {
+ helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof");
+ return;
+ }
+
const CryptoHandshakeMessage& client_hello =
validate_chlo_result.client_hello;
const ClientHelloInfo& info = validate_chlo_result.info;
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_server_stream.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698