Google Git
Sign in
quiche/quiche.git/1e987b7062f07b8bb7e8b24600196596ffdca424^!/.
commit
1e987b7062f07b8bb7e8b24600196596ffdca424
[log]
author
vasilvv <vasilvv@google.com>
Mon Nov 02 14:42:58 2020 -0800
committer
Copybara-Service <copybara-worker@google.com>
Mon Nov 02 14:44:45 2020 -0800
tree
71b1101f6923dd3f0a605605aba187543579c6f1
parent
508a733ce38f90178d70969f58f46aa2c4ebb70f [diff]
Use QUIC-internal subject parser instead of the platform one.

Protected by FLAGS_quic_reloadable_flag_quic_extract_x509_subject_using_certificate_view.

PiperOrigin-RevId: 340319671
Change-Id: Ifac913a54c7fd002ac0e156d33463a92f1fafd9a

diff --git a/quic/core/crypto/quic_crypto_server_config.cc b/quic/core/crypto/quic_crypto_server_config.cc
index 5169f9b..b929dcc 100644
--- a/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quic/core/crypto/quic_crypto_server_config.cc

@@ -13,11 +13,13 @@
 #include "absl/base/attributes.h"
 #include "absl/strings/escaping.h"
 #include "absl/strings/string_view.h"
+#include "absl/types/optional.h"
 #include "third_party/boringssl/src/include/openssl/sha.h"
 #include "third_party/boringssl/src/include/openssl/ssl.h"
 #include "net/third_party/quiche/src/quic/core/crypto/aes_128_gcm_12_decrypter.h"
 #include "net/third_party/quiche/src/quic/core/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/third_party/quiche/src/quic/core/crypto/cert_compressor.h"
+#include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h"
 #include "net/third_party/quiche/src/quic/core/crypto/chacha20_poly1305_encrypter.h"
 #include "net/third_party/quiche/src/quic/core/crypto/channel_id.h"
 #include "net/third_party/quiche/src/quic/core/crypto/crypto_framer.h"
@@ -1509,9 +1511,29 @@
         // This is for debugging b/28342827.
         const std::vector<std::string>& certs =
             context.signed_config()->chain->certs;
-        absl::string_view ca_subject;
+        std::string ca_subject;
         if (!certs.empty()) {
-          QuicCertUtils::ExtractSubjectNameFromDERCert(certs[0], &ca_subject);
+          if (GetQuicReloadableFlag(
+                  quic_extract_x509_subject_using_certificate_view)) {
+            QUIC_RELOADABLE_FLAG_COUNT_N(
+                quic_extract_x509_subject_using_certificate_view, 1, 2);
+            std::unique_ptr<CertificateView> view =
+                CertificateView::ParseSingleCertificate(certs[0]);
+            if (view != nullptr) {
+              absl::optional<std::string> maybe_ca_subject =
+                  view->GetHumanReadableSubject();
+              if (maybe_ca_subject.has_value()) {
+                QUIC_RELOADABLE_FLAG_COUNT_N(
+                    quic_extract_x509_subject_using_certificate_view, 2, 2);
+                ca_subject = *maybe_ca_subject;
+              }
+            }
+          } else {
+            absl::string_view ca_subject_view;
+            QuicCertUtils::ExtractSubjectNameFromDERCert(certs[0],
+                                                         &ca_subject_view);
+            ca_subject = std::string(ca_subject_view);
+          }
         }
         QUIC_LOG_EVERY_N_SEC(WARNING, 60)
             << "SCT is expected but it is empty. sni: '"

diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index ec44d48..4d9c0b5 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h

@@ -45,6 +45,7 @@
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_enable_aead_limits, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_enable_mtu_discovery_at_server, false)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_encrypted_control_frames, false)
+QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_extract_x509_subject_using_certificate_view, false)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_fix_address_validation, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_fix_arm_pto_for_application_data, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_fix_http3_goaway_stream_id, true)