Add port field to ProofVerifier::VerifyCertChain The port field is needed in VerifyCertChain for the chromium ProofVerifier so it can call CheckCTrequirements for crbug.com/1090838. Client-only quic change, not flag protected PiperOrigin-RevId: 315003335 Change-Id: I789540fa20a48ec2f1b0dee47079071ed9e43221
diff --git a/quic/core/crypto/proof_verifier.h b/quic/core/crypto/proof_verifier.h index 12036d6..0380b8a 100644 --- a/quic/core/crypto/proof_verifier.h +++ b/quic/core/crypto/proof_verifier.h
@@ -102,6 +102,7 @@ // In this case, the ProofVerifier will take ownership of |callback|. virtual QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct,
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc index e3d12fa..3ea08a5 100644 --- a/quic/core/quic_crypto_client_handshaker_test.cc +++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -47,6 +47,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc index a6c713e..864040c 100644 --- a/quic/core/tls_client_handshaker.cc +++ b/quic/core/tls_client_handshaker.cc
@@ -565,8 +565,8 @@ new ProofVerifierCallbackImpl(this); QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain( - server_id_.host(), certs, ocsp_response, sct_list, verify_context_.get(), - &cert_verify_error_details_, &verify_details_, + server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list, + verify_context_.get(), &cert_verify_error_details_, &verify_details_, std::unique_ptr<ProofVerifierCallback>(proof_verify_callback)); switch (verify_result) { case QUIC_SUCCESS:
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc index 6ee0b77..8f6745a 100644 --- a/quic/core/tls_client_handshaker_test.cc +++ b/quic/core/tls_client_handshaker_test.cc
@@ -66,6 +66,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -74,12 +75,12 @@ std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { if (!active_) { - return verifier_->VerifyCertChain(hostname, certs, ocsp_response, + return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback)); } pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>( - hostname, certs, ocsp_response, cert_sct, context, error_details, + hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback), verifier_.get())); return QUIC_PENDING; } @@ -114,6 +115,7 @@ class VerifyChainPendingOp { public: VerifyChainPendingOp(const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -123,6 +125,7 @@ std::unique_ptr<ProofVerifierCallback> callback, ProofVerifier* delegate) : hostname_(hostname), + port_(port), certs_(certs), ocsp_response_(ocsp_response), cert_sct_(cert_sct), @@ -138,7 +141,7 @@ // runs the original callback after asserting that the verification ran // synchronously. QuicAsyncStatus status = delegate_->VerifyCertChain( - hostname_, certs_, ocsp_response_, cert_sct_, context_, + hostname_, port_, certs_, ocsp_response_, cert_sct_, context_, error_details_, details_, std::make_unique<FailingProofVerifierCallback>()); ASSERT_NE(status, QUIC_PENDING); @@ -147,6 +150,7 @@ private: std::string hostname_; + const uint16_t port_; std::vector<std::string> certs_; std::string ocsp_response_; std::string cert_sct_;
diff --git a/quic/core/tls_handshaker_test.cc b/quic/core/tls_handshaker_test.cc index 1bd9fae..5a2bd64 100644 --- a/quic/core/tls_handshaker_test.cc +++ b/quic/core/tls_handshaker_test.cc
@@ -54,6 +54,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -62,12 +63,12 @@ std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { if (!active_) { - return verifier_->VerifyCertChain(hostname, certs, ocsp_response, + return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback)); } pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>( - hostname, certs, ocsp_response, cert_sct, context, error_details, + hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback), verifier_.get())); return QUIC_PENDING; } @@ -102,6 +103,7 @@ class VerifyChainPendingOp { public: VerifyChainPendingOp(const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -111,6 +113,7 @@ std::unique_ptr<ProofVerifierCallback> callback, ProofVerifier* delegate) : hostname_(hostname), + port_(port), certs_(certs), ocsp_response_(ocsp_response), cert_sct_(cert_sct), @@ -126,7 +129,7 @@ // runs the original callback after asserting that the verification ran // synchronously. QuicAsyncStatus status = delegate_->VerifyCertChain( - hostname_, certs_, ocsp_response_, cert_sct_, context_, + hostname_, port_, certs_, ocsp_response_, cert_sct_, context_, error_details_, details_, std::make_unique<FailingProofVerifierCallback>()); ASSERT_NE(status, QUIC_PENDING); @@ -135,6 +138,7 @@ private: std::string hostname_; + const uint16_t port_; std::vector<std::string> certs_; std::string ocsp_response_; std::string cert_sct_;
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc index acf1bff..243a5c5 100644 --- a/quic/qbone/qbone_session_test.cc +++ b/quic/qbone/qbone_session_test.cc
@@ -160,6 +160,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -170,9 +171,9 @@ if (!proof_verifier_) { return QUIC_FAILURE; } - return proof_verifier_->VerifyCertChain(hostname, certs, ocsp_response, - cert_sct, context, error_details, - details, std::move(callback)); + return proof_verifier_->VerifyCertChain( + hostname, port, certs, ocsp_response, cert_sct, context, error_details, + details, std::move(callback)); } std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
diff --git a/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc b/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc index 15cd706..81466de 100644 --- a/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc +++ b/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc
@@ -132,6 +132,7 @@ QuicAsyncStatus WebTransportFingerprintProofVerifier::VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& certs, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,
diff --git a/quic/quic_transport/web_transport_fingerprint_proof_verifier.h b/quic/quic_transport/web_transport_fingerprint_proof_verifier.h index b17ee87..7e4358d 100644 --- a/quic/quic_transport/web_transport_fingerprint_proof_verifier.h +++ b/quic/quic_transport/web_transport_fingerprint_proof_verifier.h
@@ -93,6 +93,7 @@ std::unique_ptr<ProofVerifierCallback> callback) override; QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct,
diff --git a/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc b/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc index b79e873..0432a76 100644 --- a/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc +++ b/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc
@@ -41,7 +41,8 @@ VerifyResult result; std::unique_ptr<ProofVerifyDetails> details; result.status = verifier_->VerifyCertChain( - /*hostname=*/"", std::vector<std::string>{std::string(certificate)}, + /*hostname=*/"", /*port=*/0, + std::vector<std::string>{std::string(certificate)}, /*ocsp_response=*/"", /*cert_sct=*/"", /*context=*/nullptr, &result.error, &details,
diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc index 9c1c4f3..ecab4bf 100644 --- a/quic/test_tools/quic_test_client.cc +++ b/quic/test_tools/quic_test_client.cc
@@ -74,6 +74,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& certs, const std::string& /*ocsp_response*/, const std::string& cert_sct,
diff --git a/quic/tools/fake_proof_verifier.h b/quic/tools/fake_proof_verifier.h index a605e07..7f4a38e 100644 --- a/quic/tools/fake_proof_verifier.h +++ b/quic/tools/fake_proof_verifier.h
@@ -31,6 +31,7 @@ } QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,