Add port field to ProofVerifier::VerifyCertChain The port field is needed in VerifyCertChain for the chromium ProofVerifier so it can call CheckCTrequirements for crbug.com/1090838. Client-only quic change, not flag protected PiperOrigin-RevId: 315003335 Change-Id: I789540fa20a48ec2f1b0dee47079071ed9e43221
diff --git a/quic/core/crypto/proof_verifier.h b/quic/core/crypto/proof_verifier.h index 12036d6..0380b8a 100644 --- a/quic/core/crypto/proof_verifier.h +++ b/quic/core/crypto/proof_verifier.h
@@ -102,6 +102,7 @@ // In this case, the ProofVerifier will take ownership of |callback|. virtual QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct,
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc index e3d12fa..3ea08a5 100644 --- a/quic/core/quic_crypto_client_handshaker_test.cc +++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -47,6 +47,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc index 30a9ac4..d4e8ed0 100644 --- a/quic/core/tls_client_handshaker.cc +++ b/quic/core/tls_client_handshaker.cc
@@ -532,8 +532,8 @@ new ProofVerifierCallbackImpl(this); QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain( - server_id_.host(), certs, ocsp_response, sct_list, verify_context_.get(), - &cert_verify_error_details_, &verify_details_, + server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list, + verify_context_.get(), &cert_verify_error_details_, &verify_details_, std::unique_ptr<ProofVerifierCallback>(proof_verify_callback)); switch (verify_result) { case QUIC_SUCCESS:
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc index 85492b8..68c413f 100644 --- a/quic/core/tls_client_handshaker_test.cc +++ b/quic/core/tls_client_handshaker_test.cc
@@ -62,6 +62,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -70,12 +71,12 @@ std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { if (!active_) { - return verifier_->VerifyCertChain(hostname, certs, ocsp_response, + return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback)); } pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>( - hostname, certs, ocsp_response, cert_sct, context, error_details, + hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback), verifier_.get())); return QUIC_PENDING; } @@ -110,6 +111,7 @@ class VerifyChainPendingOp { public: VerifyChainPendingOp(const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -119,6 +121,7 @@ std::unique_ptr<ProofVerifierCallback> callback, ProofVerifier* delegate) : hostname_(hostname), + port_(port), certs_(certs), ocsp_response_(ocsp_response), cert_sct_(cert_sct), @@ -134,7 +137,7 @@ // runs the original callback after asserting that the verification ran // synchronously. QuicAsyncStatus status = delegate_->VerifyCertChain( - hostname_, certs_, ocsp_response_, cert_sct_, context_, + hostname_, port_, certs_, ocsp_response_, cert_sct_, context_, error_details_, details_, std::make_unique<FailingProofVerifierCallback>()); ASSERT_NE(status, QUIC_PENDING); @@ -143,6 +146,7 @@ private: std::string hostname_; + const uint16_t port_; std::vector<std::string> certs_; std::string ocsp_response_; std::string cert_sct_;
diff --git a/quic/core/tls_handshaker_test.cc b/quic/core/tls_handshaker_test.cc index 1bd9fae..5a2bd64 100644 --- a/quic/core/tls_handshaker_test.cc +++ b/quic/core/tls_handshaker_test.cc
@@ -54,6 +54,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -62,12 +63,12 @@ std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { if (!active_) { - return verifier_->VerifyCertChain(hostname, certs, ocsp_response, + return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback)); } pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>( - hostname, certs, ocsp_response, cert_sct, context, error_details, + hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback), verifier_.get())); return QUIC_PENDING; } @@ -102,6 +103,7 @@ class VerifyChainPendingOp { public: VerifyChainPendingOp(const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -111,6 +113,7 @@ std::unique_ptr<ProofVerifierCallback> callback, ProofVerifier* delegate) : hostname_(hostname), + port_(port), certs_(certs), ocsp_response_(ocsp_response), cert_sct_(cert_sct), @@ -126,7 +129,7 @@ // runs the original callback after asserting that the verification ran // synchronously. QuicAsyncStatus status = delegate_->VerifyCertChain( - hostname_, certs_, ocsp_response_, cert_sct_, context_, + hostname_, port_, certs_, ocsp_response_, cert_sct_, context_, error_details_, details_, std::make_unique<FailingProofVerifierCallback>()); ASSERT_NE(status, QUIC_PENDING); @@ -135,6 +138,7 @@ private: std::string hostname_; + const uint16_t port_; std::vector<std::string> certs_; std::string ocsp_response_; std::string cert_sct_;
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc index acf1bff..243a5c5 100644 --- a/quic/qbone/qbone_session_test.cc +++ b/quic/qbone/qbone_session_test.cc
@@ -160,6 +160,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -170,9 +171,9 @@ if (!proof_verifier_) { return QUIC_FAILURE; } - return proof_verifier_->VerifyCertChain(hostname, certs, ocsp_response, - cert_sct, context, error_details, - details, std::move(callback)); + return proof_verifier_->VerifyCertChain( + hostname, port, certs, ocsp_response, cert_sct, context, error_details, + details, std::move(callback)); } std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
diff --git a/quic/quartc/quartc_crypto_helpers.cc b/quic/quartc/quartc_crypto_helpers.cc index d2be599..14645f8 100644 --- a/quic/quartc/quartc_crypto_helpers.cc +++ b/quic/quartc/quartc_crypto_helpers.cc
@@ -63,6 +63,7 @@ QuicAsyncStatus InsecureProofVerifier::VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,
diff --git a/quic/quartc/quartc_crypto_helpers.h b/quic/quartc/quartc_crypto_helpers.h index 544b783..806786f 100644 --- a/quic/quartc/quartc_crypto_helpers.h +++ b/quic/quartc/quartc_crypto_helpers.h
@@ -92,6 +92,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct,
diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc index 2207d17..22e65b8 100644 --- a/quic/test_tools/quic_test_client.cc +++ b/quic/test_tools/quic_test_client.cc
@@ -74,6 +74,7 @@ QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& certs, const std::string& /*ocsp_response*/, const std::string& cert_sct,
diff --git a/quic/tools/fake_proof_verifier.h b/quic/tools/fake_proof_verifier.h index a605e07..7f4a38e 100644 --- a/quic/tools/fake_proof_verifier.h +++ b/quic/tools/fake_proof_verifier.h
@@ -31,6 +31,7 @@ } QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,