Expose ProofSource::Details on QuicCryptoServerStream Move ProofSource::Details caching from GfeQuicCryptoServerStream to parent class, not flag protected PiperOrigin-RevId: 325537643 Change-Id: Idc71b12e1b7a2945e170c972e12a45707ec82457
diff --git a/quic/core/quic_crypto_server_stream.cc b/quic/core/quic_crypto_server_stream.cc index 6c84067..2b0b3e8 100644 --- a/quic/core/quic_crypto_server_stream.cc +++ b/quic/core/quic_crypto_server_stream.cc
@@ -157,11 +157,12 @@ const std::string& error_details, std::unique_ptr<CryptoHandshakeMessage> reply, std::unique_ptr<DiversificationNonce> diversification_nonce, - std::unique_ptr<ProofSource::Details> /*proof_source_details*/) { + std::unique_ptr<ProofSource::Details> proof_source_details) { // Clear the callback that got us here. DCHECK(process_client_hello_cb_ != nullptr); DCHECK(validate_client_hello_cb_ == nullptr); process_client_hello_cb_ = nullptr; + proof_source_details_ = std::move(proof_source_details); const CryptoHandshakeMessage& message = result.client_hello; if (error != QUIC_NO_ERROR) { @@ -338,6 +339,10 @@ return signed_config_->proof.send_expect_ct_header; } +const ProofSource::Details* QuicCryptoServerStream::ProofSourceDetails() const { + return proof_source_details_.get(); +} + bool QuicCryptoServerStream::GetBase64SHA256ClientChannelID( std::string* output) const { if (!encryption_established() || @@ -390,8 +395,9 @@ void QuicCryptoServerStream::ProcessClientHello( QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> result, - std::unique_ptr<ProofSource::Details> /*proof_source_details*/, + std::unique_ptr<ProofSource::Details> proof_source_details, std::unique_ptr<ProcessClientHelloResultCallback> done_cb) { + proof_source_details_ = std::move(proof_source_details); const CryptoHandshakeMessage& message = result->client_hello; std::string error_details; if (!helper_->CanAcceptClientHello(
diff --git a/quic/core/quic_crypto_server_stream.h b/quic/core/quic_crypto_server_stream.h index 9ed7764..5a4b9b1 100644 --- a/quic/core/quic_crypto_server_stream.h +++ b/quic/core/quic_crypto_server_stream.h
@@ -29,7 +29,7 @@ ~QuicCryptoServerStream() override; - // From HandshakerInterface + // From QuicCryptoServerStreamBase void CancelOutstandingCallbacks() override; bool GetBase64SHA256ClientChannelID(std::string* output) const override; void SendServerConfigUpdate( @@ -48,6 +48,7 @@ ConnectionCloseSource /*source*/) override {} void OnHandshakeDoneReceived() override; bool ShouldSendExpectCTHeader() const override; + const ProofSource::Details* ProofSourceDetails() const override; // From QuicCryptoStream bool encryption_established() const override; @@ -237,6 +238,9 @@ // field is mutually exclusive with validate_client_hello_cb_. ProcessClientHelloCallback* process_client_hello_cb_; + // The ProofSource::Details from this connection. + std::unique_ptr<ProofSource::Details> proof_source_details_; + bool encryption_established_; bool one_rtt_keys_available_; bool one_rtt_packet_decrypted_;
diff --git a/quic/core/quic_crypto_server_stream_base.h b/quic/core/quic_crypto_server_stream_base.h index 540b7a4..bea998d 100644 --- a/quic/core/quic_crypto_server_stream_base.h +++ b/quic/core/quic_crypto_server_stream_base.h
@@ -84,6 +84,12 @@ // However, it is exposed here because that is the only place where the // configuration for the certificate used in the connection is accessible. virtual bool ShouldSendExpectCTHeader() const = 0; + + // Returns the Details from the latest call to ProofSource::GetProof or + // ProofSource::ComputeTlsSignature. Returns nullptr if no such call has been + // made. The Details are owned by the QuicCryptoServerStreamBase and the + // pointer is only valid while the owning object is still valid. + virtual const ProofSource::Details* ProofSourceDetails() const = 0; }; // Creates an appropriate QuicCryptoServerStream for the provided parameters,
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc index ac3b056..bae9f1a 100644 --- a/quic/core/tls_server_handshaker.cc +++ b/quic/core/tls_server_handshaker.cc
@@ -166,6 +166,10 @@ return false; } +const ProofSource::Details* TlsServerHandshaker::ProofSourceDetails() const { + return proof_source_details_.get(); +} + void TlsServerHandshaker::OnConnectionClosed(QuicErrorCode /*error*/, ConnectionCloseSource /*source*/) { state_ = STATE_CONNECTION_CLOSED;
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h index 13b734e..b0212db 100644 --- a/quic/core/tls_server_handshaker.h +++ b/quic/core/tls_server_handshaker.h
@@ -53,6 +53,7 @@ ConnectionCloseSource source) override; void OnHandshakeDoneReceived() override; bool ShouldSendExpectCTHeader() const override; + const ProofSource::Details* ProofSourceDetails() const override; // From QuicCryptoServerStreamBase and TlsHandshaker bool encryption_established() const override; @@ -77,10 +78,6 @@ return &tls_connection_; } - ProofSource::Details* proof_source_details() const { - return proof_source_details_.get(); - } - virtual void ProcessAdditionalTransportParameters( const TransportParameters& /*params*/) {}