OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_QUIC_CORE_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ | 5 #ifndef NET_QUIC_CORE_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ |
6 #define NET_QUIC_CORE_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ | 6 #define NET_QUIC_CORE_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ |
7 | 7 |
8 #include <cstddef> | 8 #include <cstddef> |
9 #include <cstdint> | 9 #include <cstdint> |
10 #include <map> | 10 #include <map> |
(...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
649 // reason for failure. | 649 // reason for failure. |
650 HandshakeFailureReason ValidateSourceAddressTokenTimestamp( | 650 HandshakeFailureReason ValidateSourceAddressTokenTimestamp( |
651 const SourceAddressToken& token, | 651 const SourceAddressToken& token, |
652 QuicWallTime now) const; | 652 QuicWallTime now) const; |
653 | 653 |
654 // NewServerNonce generates and encrypts a random nonce. | 654 // NewServerNonce generates and encrypts a random nonce. |
655 std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const; | 655 std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const; |
656 | 656 |
657 // ValidateExpectedLeafCertificate checks the |client_hello| to see if it has | 657 // ValidateExpectedLeafCertificate checks the |client_hello| to see if it has |
658 // an XLCT tag, and if so, verifies that its value matches the hash of the | 658 // an XLCT tag, and if so, verifies that its value matches the hash of the |
659 // server's leaf certificate. The certs field of |crypto_proof| is used to | 659 // server's leaf certificate. |certs| is used to compare against the XLCT |
660 // compare against the XLCT value. This method returns true if the XLCT tag | 660 // value. This method returns true if the XLCT tag is not present, or if the |
661 // is not present, or if the XLCT tag is present and valid. It returns false | 661 // XLCT tag is present and valid. It returns false otherwise. |
662 // otherwise. | |
663 bool ValidateExpectedLeafCertificate( | 662 bool ValidateExpectedLeafCertificate( |
664 const CryptoHandshakeMessage& client_hello, | 663 const CryptoHandshakeMessage& client_hello, |
665 const QuicSignedServerConfig& crypto_proof) const; | 664 const std::vector<std::string>& certs) const; |
666 | 665 |
667 // Returns true if the PDMD field from the client hello demands an X509 | 666 // Returns true if the PDMD field from the client hello demands an X509 |
668 // certificate. | 667 // certificate. |
669 bool ClientDemandsX509Proof(const CryptoHandshakeMessage& client_hello) const; | 668 bool ClientDemandsX509Proof(const CryptoHandshakeMessage& client_hello) const; |
670 | 669 |
671 // Callback to receive the results of ProofSource::GetProof. Note: this | 670 // Callback to receive the results of ProofSource::GetProof. Note: this |
672 // callback has no cancellation support, since the lifetime of the ProofSource | 671 // callback has no cancellation support, since the lifetime of the ProofSource |
673 // is controlled by this object via unique ownership. If that ownership | 672 // is controlled by this object via unique ownership. If that ownership |
674 // stricture changes, this decision may need to be revisited. | 673 // stricture changes, this decision may need to be revisited. |
675 class BuildServerConfigUpdateMessageProofSourceCallback | 674 class BuildServerConfigUpdateMessageProofSourceCallback |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
797 QuicReferenceCountedPointer<QuicCryptoServerConfig::Config> config; | 796 QuicReferenceCountedPointer<QuicCryptoServerConfig::Config> config; |
798 std::string primary_scid; | 797 std::string primary_scid; |
799 | 798 |
800 protected: | 799 protected: |
801 ~QuicSignedServerConfig() override; | 800 ~QuicSignedServerConfig() override; |
802 }; | 801 }; |
803 | 802 |
804 } // namespace net | 803 } // namespace net |
805 | 804 |
806 #endif // NET_QUIC_CORE_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ | 805 #endif // NET_QUIC_CORE_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ |
OLD | NEW |