Add port field to ProofVerifier::VerifyCertChain
The port field is needed in VerifyCertChain for the chromium ProofVerifier
so it can call CheckCTrequirements for crbug.com/1090838.
Client-only quic change, not flag protected
PiperOrigin-RevId: 315003335
Change-Id: I789540fa20a48ec2f1b0dee47079071ed9e43221
diff --git a/quic/core/crypto/proof_verifier.h b/quic/core/crypto/proof_verifier.h
index 12036d6..0380b8a 100644
--- a/quic/core/crypto/proof_verifier.h
+++ b/quic/core/crypto/proof_verifier.h
@@ -102,6 +102,7 @@
// In this case, the ProofVerifier will take ownership of |callback|.
virtual QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc
index e3d12fa..3ea08a5 100644
--- a/quic/core/quic_crypto_client_handshaker_test.cc
+++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -47,6 +47,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& /*certs*/,
const std::string& /*ocsp_response*/,
const std::string& /*cert_sct*/,
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 30a9ac4..d4e8ed0 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -532,8 +532,8 @@
new ProofVerifierCallbackImpl(this);
QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain(
- server_id_.host(), certs, ocsp_response, sct_list, verify_context_.get(),
- &cert_verify_error_details_, &verify_details_,
+ server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list,
+ verify_context_.get(), &cert_verify_error_details_, &verify_details_,
std::unique_ptr<ProofVerifierCallback>(proof_verify_callback));
switch (verify_result) {
case QUIC_SUCCESS:
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index 85492b8..68c413f 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc
@@ -62,6 +62,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -70,12 +71,12 @@
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override {
if (!active_) {
- return verifier_->VerifyCertChain(hostname, certs, ocsp_response,
+ return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response,
cert_sct, context, error_details,
details, std::move(callback));
}
pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>(
- hostname, certs, ocsp_response, cert_sct, context, error_details,
+ hostname, port, certs, ocsp_response, cert_sct, context, error_details,
details, std::move(callback), verifier_.get()));
return QUIC_PENDING;
}
@@ -110,6 +111,7 @@
class VerifyChainPendingOp {
public:
VerifyChainPendingOp(const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -119,6 +121,7 @@
std::unique_ptr<ProofVerifierCallback> callback,
ProofVerifier* delegate)
: hostname_(hostname),
+ port_(port),
certs_(certs),
ocsp_response_(ocsp_response),
cert_sct_(cert_sct),
@@ -134,7 +137,7 @@
// runs the original callback after asserting that the verification ran
// synchronously.
QuicAsyncStatus status = delegate_->VerifyCertChain(
- hostname_, certs_, ocsp_response_, cert_sct_, context_,
+ hostname_, port_, certs_, ocsp_response_, cert_sct_, context_,
error_details_, details_,
std::make_unique<FailingProofVerifierCallback>());
ASSERT_NE(status, QUIC_PENDING);
@@ -143,6 +146,7 @@
private:
std::string hostname_;
+ const uint16_t port_;
std::vector<std::string> certs_;
std::string ocsp_response_;
std::string cert_sct_;
diff --git a/quic/core/tls_handshaker_test.cc b/quic/core/tls_handshaker_test.cc
index 1bd9fae..5a2bd64 100644
--- a/quic/core/tls_handshaker_test.cc
+++ b/quic/core/tls_handshaker_test.cc
@@ -54,6 +54,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -62,12 +63,12 @@
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override {
if (!active_) {
- return verifier_->VerifyCertChain(hostname, certs, ocsp_response,
+ return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response,
cert_sct, context, error_details,
details, std::move(callback));
}
pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>(
- hostname, certs, ocsp_response, cert_sct, context, error_details,
+ hostname, port, certs, ocsp_response, cert_sct, context, error_details,
details, std::move(callback), verifier_.get()));
return QUIC_PENDING;
}
@@ -102,6 +103,7 @@
class VerifyChainPendingOp {
public:
VerifyChainPendingOp(const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -111,6 +113,7 @@
std::unique_ptr<ProofVerifierCallback> callback,
ProofVerifier* delegate)
: hostname_(hostname),
+ port_(port),
certs_(certs),
ocsp_response_(ocsp_response),
cert_sct_(cert_sct),
@@ -126,7 +129,7 @@
// runs the original callback after asserting that the verification ran
// synchronously.
QuicAsyncStatus status = delegate_->VerifyCertChain(
- hostname_, certs_, ocsp_response_, cert_sct_, context_,
+ hostname_, port_, certs_, ocsp_response_, cert_sct_, context_,
error_details_, details_,
std::make_unique<FailingProofVerifierCallback>());
ASSERT_NE(status, QUIC_PENDING);
@@ -135,6 +138,7 @@
private:
std::string hostname_;
+ const uint16_t port_;
std::vector<std::string> certs_;
std::string ocsp_response_;
std::string cert_sct_;
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc
index acf1bff..243a5c5 100644
--- a/quic/qbone/qbone_session_test.cc
+++ b/quic/qbone/qbone_session_test.cc
@@ -160,6 +160,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -170,9 +171,9 @@
if (!proof_verifier_) {
return QUIC_FAILURE;
}
- return proof_verifier_->VerifyCertChain(hostname, certs, ocsp_response,
- cert_sct, context, error_details,
- details, std::move(callback));
+ return proof_verifier_->VerifyCertChain(
+ hostname, port, certs, ocsp_response, cert_sct, context, error_details,
+ details, std::move(callback));
}
std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
diff --git a/quic/quartc/quartc_crypto_helpers.cc b/quic/quartc/quartc_crypto_helpers.cc
index d2be599..14645f8 100644
--- a/quic/quartc/quartc_crypto_helpers.cc
+++ b/quic/quartc/quartc_crypto_helpers.cc
@@ -63,6 +63,7 @@
QuicAsyncStatus InsecureProofVerifier::VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& /*certs*/,
const std::string& /*ocsp_response*/,
const std::string& /*cert_sct*/,
diff --git a/quic/quartc/quartc_crypto_helpers.h b/quic/quartc/quartc_crypto_helpers.h
index 544b783..806786f 100644
--- a/quic/quartc/quartc_crypto_helpers.h
+++ b/quic/quartc/quartc_crypto_helpers.h
@@ -92,6 +92,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc
index 2207d17..22e65b8 100644
--- a/quic/test_tools/quic_test_client.cc
+++ b/quic/test_tools/quic_test_client.cc
@@ -74,6 +74,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& certs,
const std::string& /*ocsp_response*/,
const std::string& cert_sct,
diff --git a/quic/tools/fake_proof_verifier.h b/quic/tools/fake_proof_verifier.h
index a605e07..7f4a38e 100644
--- a/quic/tools/fake_proof_verifier.h
+++ b/quic/tools/fake_proof_verifier.h
@@ -31,6 +31,7 @@
}
QuicAsyncStatus VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& /*certs*/,
const std::string& /*ocsp_response*/,
const std::string& /*cert_sct*/,
