OpenSSL/NSS implementation of ProofVerfifier.

net/quic/crypto/crypto_handshake.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 
 #include <map>
 #include <string>
 #include <vector>
@@ skipping 255 matching lines @@
     // SetProofValid records that the certificate chain and signature have been
     // validated and that it's safe to assume that the server is legitimate.
     // (Note: this does not check the chain or signature.)
     void SetProofValid();
 
     const std::string& server_config() const;
     const std::string& source_address_token() const;
     const std::vector<std::string>& certs() const;
     const std::string& signature() const;
     bool proof_valid() const;
+    uint64 generation_counter() const;
 
     void set_source_address_token(base::StringPiece token);
 
    private:
     std::string server_config_id_;      // An opaque id from the server.
     std::string server_config_;         // A serialized handshake message.
     std::string source_address_token_;  // An opaque proof of IP ownership.
     std::vector<std::string> certs_;    // A list of certificates in leaf-first
                                         // order.
     std::string server_config_sig_;     // A signature of |server_config_|.
-    bool server_config_valid_;  // true if |server_config_| is correctly signed
-                                // and |certs_| has been validated.
+    bool server_config_valid_;          // True if |server_config_| is correctly
+                                        // signed and |certs_| has been
+                                        // validated.
+    uint64 generation_counter_;         // Generation counter associated with
+                                        // the |server_config_|, |certs_| and
+                                        // |server_config_sig_| combination.
 
     // scfg contains the cached, parsed value of |server_config|.
     mutable scoped_ptr<CryptoHandshakeMessage> scfg_;
   };
 
   QuicCryptoClientConfig();
   ~QuicCryptoClientConfig();
 
   // Sets the members to reasonable, default values.
   void SetDefaults();
@@ skipping 43 matching lines @@
 
   // ProcessServerHello processes the message in |server_hello|, writes the
   // negotiated parameters to |out_params| and returns QUIC_NO_ERROR. If
   // |server_hello| is unacceptable then it puts an error message in
   // |error_details| and returns an error code.
   QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello,
                                    QuicGuid guid,
                                    QuicCryptoNegotiatedParameters* out_params,
                                    std::string* error_details);
 
-  const ProofVerifier* proof_verifier() const;
+  ProofVerifier* proof_verifier() const;
 
   // SetProofVerifier takes ownership of a |ProofVerifier| that clients are
   // free to use in order to verify certificate chains from servers. If a
   // ProofVerifier is set then the client will request a certificate chain from
   // the server.
   void SetProofVerifier(ProofVerifier* verifier);
 
   ChannelIDSigner* channel_id_signer() const;
 
   // SetChannelIDSigner sets a ChannelIDSigner that will be called when the
   // server supports channel IDs to sign a message proving possession of the
   // given ChannelID. This object takes ownership of |signer|.
   void SetChannelIDSigner(ChannelIDSigner* signer);
 
  private:
   // cached_states_ maps from the server hostname to the cached information
   // about that server.
   std::map<std::string, CachedState*> cached_states_;
 
   scoped_ptr<ProofVerifier> proof_verifier_;
   scoped_ptr<ChannelIDSigner> channel_id_signer_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_