Internal QUICHE change
PiperOrigin-RevId: 303167545
Change-Id: I20aa9d5fe3afc7f18725ea1b2a1fef1b911c1b9a
diff --git a/quic/core/crypto/proof_source.h b/quic/core/crypto/proof_source.h
index da28612..e208b94 100644
--- a/quic/core/crypto/proof_source.h
+++ b/quic/core/crypto/proof_source.h
@@ -85,7 +85,13 @@
//
// |signature| contains the signature of the data provided to
// ComputeTlsSignature. Its value is undefined if |ok| is false.
- virtual void Run(bool ok, std::string signature) = 0;
+ //
+ // |details| holds a pointer to an object representing the statistics, if
+ // any, gathered during the operation of ComputeTlsSignature. If no stats
+ // are available, this will be nullptr.
+ virtual void Run(bool ok,
+ std::string signature,
+ std::unique_ptr<Details> details) = 0;
private:
SignatureCallback(const SignatureCallback&) = delete;
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc
index 30dcbfc..9274b7e 100644
--- a/quic/core/quic_crypto_client_handshaker_test.cc
+++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -99,7 +99,7 @@
uint16_t /*signature_algorit*/,
quiche::QuicheStringPiece /*in*/,
std::unique_ptr<SignatureCallback> callback) override {
- callback->Run(true, "Dummy signature");
+ callback->Run(true, "Dummy signature", /*details=*/nullptr);
}
};
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index e10c067..ced2bd4 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -21,13 +21,16 @@
TlsServerHandshaker* handshaker)
: handshaker_(handshaker) {}
-void TlsServerHandshaker::SignatureCallback::Run(bool ok,
- std::string signature) {
+void TlsServerHandshaker::SignatureCallback::Run(
+ bool ok,
+ std::string signature,
+ std::unique_ptr<ProofSource::Details> details) {
if (handshaker_ == nullptr) {
return;
}
if (ok) {
handshaker_->cert_verify_sig_ = std::move(signature);
+ handshaker_->proof_source_details_ = std::move(details);
}
State last_state = handshaker_->state_;
handshaker_->state_ = STATE_SIGNATURE_COMPLETE;
@@ -414,7 +417,8 @@
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
- QUIC_LOG(INFO) << "Set " << chain->certs.size() << " certs for server";
+ QUIC_LOG(INFO) << "Set " << chain->certs.size() << " certs for server "
+ << "with hostname " << hostname_;
return SSL_TLSEXT_ERR_OK;
}
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 22baf16..22ae45d 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h
@@ -71,6 +71,10 @@
return &tls_connection_;
}
+ ProofSource::Details* proof_source_details() const {
+ return proof_source_details_.get();
+ }
+
virtual void ProcessAdditionalTransportParameters(
const TransportParameters& /*params*/) {}
@@ -109,7 +113,9 @@
: public ProofSource::SignatureCallback {
public:
explicit SignatureCallback(TlsServerHandshaker* handshaker);
- void Run(bool ok, std::string signature) override;
+ void Run(bool ok,
+ std::string signature,
+ std::unique_ptr<ProofSource::Details> details) override;
// If called, Cancel causes the pending callback to be a no-op.
void Cancel();
@@ -142,6 +148,7 @@
std::string hostname_;
std::string cert_verify_sig_;
+ std::unique_ptr<ProofSource::Details> proof_source_details_;
// Used to hold the ENCRYPTION_FORWARD_SECURE read secret until the handshake
// is complete. This is temporary until
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc
index 629d281..7ea1c51 100644
--- a/quic/qbone/qbone_session_test.cc
+++ b/quic/qbone/qbone_session_test.cc
@@ -100,7 +100,7 @@
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
std::unique_ptr<SignatureCallback> callback) override {
- callback->Run(true, "Signature");
+ callback->Run(true, "Signature", /*details=*/nullptr);
}
private:
diff --git a/quic/quartc/quartc_crypto_helpers.cc b/quic/quartc/quartc_crypto_helpers.cc
index e3b96ad..1a02845 100644
--- a/quic/quartc/quartc_crypto_helpers.cc
+++ b/quic/quartc/quartc_crypto_helpers.cc
@@ -39,7 +39,7 @@
uint16_t /*signature_algorithm*/,
quiche::QuicheStringPiece /*in*/,
std::unique_ptr<SignatureCallback> callback) {
- callback->Run(true, "Dummy signature");
+ callback->Run(true, "Dummy signature", /*details=*/nullptr);
}
QuicAsyncStatus InsecureProofVerifier::VerifyProof(
diff --git a/quic/test_tools/failing_proof_source.cc b/quic/test_tools/failing_proof_source.cc
index b71c6fd..1f52476 100644
--- a/quic/test_tools/failing_proof_source.cc
+++ b/quic/test_tools/failing_proof_source.cc
@@ -30,7 +30,7 @@
uint16_t /*signature_algorithm*/,
quiche::QuicheStringPiece /*in*/,
std::unique_ptr<SignatureCallback> callback) {
- callback->Run(false, "");
+ callback->Run(false, "", nullptr);
}
} // namespace test
diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc
index 1f95d22..5ddc879 100644
--- a/quic/test_tools/quic_test_client.cc
+++ b/quic/test_tools/quic_test_client.cc
@@ -57,6 +57,44 @@
std::string* error_details,
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override {
+ QuicAsyncStatus process_certs_result = ProcessCerts(certs, cert_sct);
+ if (process_certs_result != QUIC_SUCCESS) {
+ return process_certs_result;
+ }
+
+ if (!verifier_) {
+ return QUIC_SUCCESS;
+ }
+
+ return verifier_->VerifyProof(hostname, port, server_config,
+ transport_version, chlo_hash, certs, cert_sct,
+ signature, context, error_details, details,
+ std::move(callback));
+ }
+
+ QuicAsyncStatus VerifyCertChain(
+ const std::string& /*hostname*/,
+ const std::vector<std::string>& certs,
+ const std::string& /*ocsp_response*/,
+ const std::string& cert_sct,
+ const ProofVerifyContext* /*context*/,
+ std::string* /*error_details*/,
+ std::unique_ptr<ProofVerifyDetails>* /*details*/,
+ std::unique_ptr<ProofVerifierCallback> /*callback*/) override {
+ return ProcessCerts(certs, cert_sct);
+ }
+
+ std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
+ return verifier_ != nullptr ? verifier_->CreateDefaultContext() : nullptr;
+ }
+
+ const std::string& common_name() const { return common_name_; }
+
+ const std::string& cert_sct() const { return cert_sct_; }
+
+ private:
+ QuicAsyncStatus ProcessCerts(const std::vector<std::string>& certs,
+ const std::string& cert_sct) {
common_name_.clear();
if (certs.empty()) {
return QUIC_FAILURE;
@@ -79,38 +117,9 @@
common_name_ = buf;
cert_sct_ = cert_sct;
-
- if (!verifier_) {
- return QUIC_SUCCESS;
- }
-
- return verifier_->VerifyProof(hostname, port, server_config,
- transport_version, chlo_hash, certs, cert_sct,
- signature, context, error_details, details,
- std::move(callback));
- }
-
- QuicAsyncStatus VerifyCertChain(
- const std::string& /*hostname*/,
- const std::vector<std::string>& /*certs*/,
- const std::string& /*ocsp_response*/,
- const std::string& /*cert_sct*/,
- const ProofVerifyContext* /*context*/,
- std::string* /*error_details*/,
- std::unique_ptr<ProofVerifyDetails>* /*details*/,
- std::unique_ptr<ProofVerifierCallback> /*callback*/) override {
return QUIC_SUCCESS;
}
- std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
- return verifier_ != nullptr ? verifier_->CreateDefaultContext() : nullptr;
- }
-
- const std::string& common_name() const { return common_name_; }
-
- const std::string& cert_sct() const { return cert_sct_; }
-
- private:
std::unique_ptr<ProofVerifier> verifier_;
std::string common_name_;
std::string cert_sct_;