Land Recent QUIC Changes

net/quic/crypto/crypto_handshake.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 
 #include <map>
 #include <string>
 #include <vector>
 
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/quic/crypto/crypto_protocol.h"
+#include "net/quic/quic_protocol.h"
 #include "net/quic/quic_time.h"
 
 namespace net {
 
 class KeyExchange;
+class ProofVerifier;
 class QuicClock;
 class QuicDecrypter;
 class QuicEncrypter;
 class QuicRandom;
 
 // An intermediate format of a handshake message that's convenient for a
 // CryptoFramer to serialize from or parse into.
 class NET_EXPORT_PRIVATE CryptoHandshakeMessage {
  public:
   CryptoHandshakeMessage();
@@ skipping 102 matching lines @@
   std::string server_config_id;
   std::string server_nonce;
 };
 
 // QuicCryptoConfig contains common configuration between clients and servers.
 class NET_EXPORT_PRIVATE QuicCryptoConfig {
  public:
   enum {
     // CONFIG_VERSION is the one (and, for the moment, only) version number that
     // we implement.
-     CONFIG_VERSION = 0,
+    CONFIG_VERSION = 0,
   };
 
   // kLabel is constant that is used in key derivation to tie the resulting key
   // to this protocol.
   static const char kLabel[];
 
   QuicCryptoConfig();
   ~QuicCryptoConfig();
 
   // Protocol version
@@ skipping 28 matching lines @@
     // GetServerConfig returns the parsed contents of |server_config|, or NULL
     // if |server_config| is empty. The return value is owned by this object
     // and is destroyed when this object is.
     const CryptoHandshakeMessage* GetServerConfig() const;
 
     // SetServerConfig checks that |scfg| parses correctly and stores it in
     // |server_config|. It returns true if the parsing succeeds and false
     // otherwise.
     bool SetServerConfig(base::StringPiece scfg);
 
+    // SetProof stores a certificate chain and signature.
+    void SetProof(const std::vector<base::StringPiece>& certs,
+                  base::StringPiece signature);
+
+    // SetProofValid records that the certificate chain and signature have been
+    // validated and that it's safe to assume that the server is legitimate.
+    // (Note: this does not check the chain or signature.)
+    void SetProofValid();
+
     const std::string& server_config() const;
     const std::string& source_address_token() const;
+    const std::vector<std::string>& certs() const;
+    const std::string& signature() const;
+    bool proof_valid() const;
 
     void set_source_address_token(base::StringPiece token);
 
    private:
     std::string server_config_id_;  // An opaque id from the server.
     std::string server_config_;  // A serialized handshake message.
     std::string source_address_token_;  // An opaque proof of IP ownership.
+    std::vector<std::string> certs_;  // A list of certificates in leaf-first
+                                      // order.
+    std::string server_config_sig_;  // A signature of |server_config_|.
+    bool server_config_valid_;  // true if |server_config_| is correctly signed
+                                // and |certs_| has been validated.
 
     // scfg contains the cached, parsed value of |server_config|.
     mutable scoped_ptr<CryptoHandshakeMessage> scfg_;
   };
 
   QuicCryptoClientConfig();
   ~QuicCryptoClientConfig();
 
   // Sets the members to reasonable, default values.
   void SetDefaults();
 
-  // Lookup returns a CachedState for the given hostname, or NULL if no
-  // information is known.
-  const CachedState* Lookup(const std::string& server_hostname) const;
+  // LookupOrCreate returns a CachedState for the given hostname. If no such
+  // CachedState currently exists, it will be created and cached.
+  CachedState* LookupOrCreate(const std::string& server_hostname);
 
   // FillInchoateClientHello sets |out| to be a CHLO message that elicits a
   // source-address token or SCFG from a server. If |cached| is non-NULL, the
   // source-address token will be taken from it.
   void FillInchoateClientHello(const std::string& server_hostname,
                                const CachedState* cached,
                                CryptoHandshakeMessage* out) const;
 
   // FillClientHello sets |out| to be a CHLO message based on the configuration
   // of this object. This object must have cached enough information about
@@ skipping 10 matching lines @@
                                 QuicRandom* rand,
                                 QuicCryptoNegotiatedParameters* out_params,
                                 CryptoHandshakeMessage* out,
                                 std::string* error_details) const;
 
   // ProcessRejection processes a REJ message from a server and updates the
   // cached information about that server. After this, |is_complete| may return
   // true for that server's CachedState. If the rejection message contains
   // state about a future handshake (i.e. an nonce value from the server), then
   // it will be saved in |out_params|.
-  QuicErrorCode ProcessRejection(const std::string& server_hostname,
+  QuicErrorCode ProcessRejection(CachedState* cached,
                                  const CryptoHandshakeMessage& rej,
                                  QuicCryptoNegotiatedParameters* out_params,
                                  std::string* error_details);
 
   // ProcessServerHello processes the message in |server_hello|, writes the
   // negotiated parameters to |out_params| and returns QUIC_NO_ERROR. If
   // |server_hello| is unacceptable then it puts an error message in
   // |error_details| and returns an error code.
   QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello,
                                    const std::string& nonce,
                                    QuicCryptoNegotiatedParameters* out_params,
                                    std::string* error_details);
 
+  const ProofVerifier* proof_verifier() const;
+
+  // SetProofVerifier takes ownership of a |ProofVerifier| that clients are
+  // free to use in order to verify certificate chains from servers. Setting a
+  // |ProofVerifier| does not alter the behaviour of the
+  // QuicCryptoClientConfig, it's just a place to store it.
+  void SetProofVerifier(ProofVerifier* verifier);
+
  private:
   // cached_states_ maps from the server hostname to the cached information
   // about that server.
   std::map<std::string, CachedState*> cached_states_;
+
+  scoped_ptr<ProofVerifier> proof_verifier_;
+
+  DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_