| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include "base/metrics/sparse_histogram.h" | 7 #include "base/metrics/sparse_histogram.h" |
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 10 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
| (...skipping 514 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 525 *error_details = "Symmetric key setup failed"; | 525 *error_details = "Symmetric key setup failed"; |
| 526 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 526 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 527 } | 527 } |
| 528 | 528 |
| 529 return QUIC_NO_ERROR; | 529 return QUIC_NO_ERROR; |
| 530 } | 530 } |
| 531 | 531 |
| 532 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( | 532 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( |
| 533 const CryptoHandshakeMessage& message, | 533 const CryptoHandshakeMessage& message, |
| 534 QuicWallTime now, | 534 QuicWallTime now, |
| 535 const vector<string>& cached_certs, |
| 535 CachedState* cached, | 536 CachedState* cached, |
| 536 QuicCryptoNegotiatedParameters* out_params, | |
| 537 string* error_details) { | 537 string* error_details) { |
| 538 DCHECK(error_details != NULL); | 538 DCHECK(error_details != NULL); |
| 539 | 539 |
| 540 StringPiece scfg; | 540 StringPiece scfg; |
| 541 if (!message.GetStringPiece(kSCFG, &scfg)) { | 541 if (!message.GetStringPiece(kSCFG, &scfg)) { |
| 542 *error_details = "Missing SCFG"; | 542 *error_details = "Missing SCFG"; |
| 543 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; | 543 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; |
| 544 } | 544 } |
| 545 | 545 |
| 546 QuicErrorCode error = cached->SetServerConfig(scfg, now, error_details); | 546 QuicErrorCode error = cached->SetServerConfig(scfg, now, error_details); |
| 547 if (error != QUIC_NO_ERROR) { | 547 if (error != QUIC_NO_ERROR) { |
| 548 return error; | 548 return error; |
| 549 } | 549 } |
| 550 | 550 |
| 551 StringPiece token; | 551 StringPiece token; |
| 552 if (message.GetStringPiece(kSourceAddressTokenTag, &token)) { | 552 if (message.GetStringPiece(kSourceAddressTokenTag, &token)) { |
| 553 cached->set_source_address_token(token); | 553 cached->set_source_address_token(token); |
| 554 } | 554 } |
| 555 | 555 |
| 556 StringPiece proof, cert_bytes; | 556 StringPiece proof, cert_bytes; |
| 557 bool has_proof = message.GetStringPiece(kPROF, &proof); | 557 bool has_proof = message.GetStringPiece(kPROF, &proof); |
| 558 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); | 558 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); |
| 559 if (has_proof && has_cert) { | 559 if (has_proof && has_cert) { |
| 560 vector<string> certs; | 560 vector<string> certs; |
| 561 if (!CertCompressor::DecompressChain(cert_bytes, out_params->cached_certs, | 561 if (!CertCompressor::DecompressChain(cert_bytes, cached_certs, |
| 562 common_cert_sets, &certs)) { | 562 common_cert_sets, &certs)) { |
| 563 *error_details = "Certificate data invalid"; | 563 *error_details = "Certificate data invalid"; |
| 564 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 564 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 565 } | 565 } |
| 566 | 566 |
| 567 cached->SetProof(certs, proof); | 567 cached->SetProof(certs, proof); |
| 568 } else { | 568 } else { |
| 569 cached->ClearProof(); | 569 cached->ClearProof(); |
| 570 if (has_proof && !has_cert) { | 570 if (has_proof && !has_cert) { |
| 571 *error_details = "Certificate missing"; | 571 *error_details = "Certificate missing"; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 587 CachedState* cached, | 587 CachedState* cached, |
| 588 QuicCryptoNegotiatedParameters* out_params, | 588 QuicCryptoNegotiatedParameters* out_params, |
| 589 string* error_details) { | 589 string* error_details) { |
| 590 DCHECK(error_details != NULL); | 590 DCHECK(error_details != NULL); |
| 591 | 591 |
| 592 if (rej.tag() != kREJ) { | 592 if (rej.tag() != kREJ) { |
| 593 *error_details = "Message is not REJ"; | 593 *error_details = "Message is not REJ"; |
| 594 return QUIC_CRYPTO_INTERNAL_ERROR; | 594 return QUIC_CRYPTO_INTERNAL_ERROR; |
| 595 } | 595 } |
| 596 | 596 |
| 597 QuicErrorCode error = | 597 QuicErrorCode error = CacheNewServerConfig(rej, now, out_params->cached_certs, |
| 598 CacheNewServerConfig(rej, now, cached, out_params, error_details); | 598 cached, error_details); |
| 599 if (error != QUIC_NO_ERROR) { | 599 if (error != QUIC_NO_ERROR) { |
| 600 return error; | 600 return error; |
| 601 } | 601 } |
| 602 | 602 |
| 603 StringPiece nonce; | 603 StringPiece nonce; |
| 604 if (rej.GetStringPiece(kServerNonceTag, &nonce)) { | 604 if (rej.GetStringPiece(kServerNonceTag, &nonce)) { |
| 605 out_params->server_nonce = nonce.as_string(); | 605 out_params->server_nonce = nonce.as_string(); |
| 606 } | 606 } |
| 607 | 607 |
| 608 const uint32* reject_reasons; | 608 const uint32* reject_reasons; |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 709 CachedState* cached, | 709 CachedState* cached, |
| 710 QuicCryptoNegotiatedParameters* out_params, | 710 QuicCryptoNegotiatedParameters* out_params, |
| 711 string* error_details) { | 711 string* error_details) { |
| 712 DCHECK(error_details != NULL); | 712 DCHECK(error_details != NULL); |
| 713 | 713 |
| 714 if (server_config_update.tag() != kSCUP) { | 714 if (server_config_update.tag() != kSCUP) { |
| 715 *error_details = "ServerConfigUpdate must have kSCUP tag."; | 715 *error_details = "ServerConfigUpdate must have kSCUP tag."; |
| 716 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE; | 716 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE; |
| 717 } | 717 } |
| 718 | 718 |
| 719 return CacheNewServerConfig(server_config_update, now, cached, out_params, | 719 return CacheNewServerConfig(server_config_update, now, |
| 720 error_details); | 720 out_params->cached_certs, cached, error_details); |
| 721 } | 721 } |
| 722 | 722 |
| 723 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const { | 723 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const { |
| 724 return proof_verifier_.get(); | 724 return proof_verifier_.get(); |
| 725 } | 725 } |
| 726 | 726 |
| 727 void QuicCryptoClientConfig::SetProofVerifier(ProofVerifier* verifier) { | 727 void QuicCryptoClientConfig::SetProofVerifier(ProofVerifier* verifier) { |
| 728 proof_verifier_.reset(verifier); | 728 proof_verifier_.reset(verifier); |
| 729 } | 729 } |
| 730 | 730 |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 799 return; | 799 return; |
| 800 } | 800 } |
| 801 | 801 |
| 802 // Update canonical version to point at the "most recent" entry. | 802 // Update canonical version to point at the "most recent" entry. |
| 803 canonical_server_map_[suffix_server_id] = server_id; | 803 canonical_server_map_[suffix_server_id] = server_id; |
| 804 | 804 |
| 805 server_state->InitializeFrom(*canonical_state); | 805 server_state->InitializeFrom(*canonical_state); |
| 806 } | 806 } |
| 807 | 807 |
| 808 } // namespace net | 808 } // namespace net |
| OLD | NEW |