Add port field to ProofVerifier::VerifyCertChain
The port field is needed in VerifyCertChain for the chromium ProofVerifier
so it can call CheckCTrequirements for crbug.com/1090838.
Client-only quic change, not flag protected
PiperOrigin-RevId: 315003335
Change-Id: I789540fa20a48ec2f1b0dee47079071ed9e43221
diff --git a/quic/core/crypto/proof_verifier.h b/quic/core/crypto/proof_verifier.h
index 12036d6..0380b8a 100644
--- a/quic/core/crypto/proof_verifier.h
+++ b/quic/core/crypto/proof_verifier.h
@@ -102,6 +102,7 @@
// In this case, the ProofVerifier will take ownership of |callback|.
virtual QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc
index e3d12fa..3ea08a5 100644
--- a/quic/core/quic_crypto_client_handshaker_test.cc
+++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -47,6 +47,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& /*certs*/,
const std::string& /*ocsp_response*/,
const std::string& /*cert_sct*/,
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index a6c713e..864040c 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -565,8 +565,8 @@
new ProofVerifierCallbackImpl(this);
QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain(
- server_id_.host(), certs, ocsp_response, sct_list, verify_context_.get(),
- &cert_verify_error_details_, &verify_details_,
+ server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list,
+ verify_context_.get(), &cert_verify_error_details_, &verify_details_,
std::unique_ptr<ProofVerifierCallback>(proof_verify_callback));
switch (verify_result) {
case QUIC_SUCCESS:
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index 6ee0b77..8f6745a 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc
@@ -66,6 +66,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -74,12 +75,12 @@
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override {
if (!active_) {
- return verifier_->VerifyCertChain(hostname, certs, ocsp_response,
+ return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response,
cert_sct, context, error_details,
details, std::move(callback));
}
pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>(
- hostname, certs, ocsp_response, cert_sct, context, error_details,
+ hostname, port, certs, ocsp_response, cert_sct, context, error_details,
details, std::move(callback), verifier_.get()));
return QUIC_PENDING;
}
@@ -114,6 +115,7 @@
class VerifyChainPendingOp {
public:
VerifyChainPendingOp(const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -123,6 +125,7 @@
std::unique_ptr<ProofVerifierCallback> callback,
ProofVerifier* delegate)
: hostname_(hostname),
+ port_(port),
certs_(certs),
ocsp_response_(ocsp_response),
cert_sct_(cert_sct),
@@ -138,7 +141,7 @@
// runs the original callback after asserting that the verification ran
// synchronously.
QuicAsyncStatus status = delegate_->VerifyCertChain(
- hostname_, certs_, ocsp_response_, cert_sct_, context_,
+ hostname_, port_, certs_, ocsp_response_, cert_sct_, context_,
error_details_, details_,
std::make_unique<FailingProofVerifierCallback>());
ASSERT_NE(status, QUIC_PENDING);
@@ -147,6 +150,7 @@
private:
std::string hostname_;
+ const uint16_t port_;
std::vector<std::string> certs_;
std::string ocsp_response_;
std::string cert_sct_;
diff --git a/quic/core/tls_handshaker_test.cc b/quic/core/tls_handshaker_test.cc
index 1bd9fae..5a2bd64 100644
--- a/quic/core/tls_handshaker_test.cc
+++ b/quic/core/tls_handshaker_test.cc
@@ -54,6 +54,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -62,12 +63,12 @@
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override {
if (!active_) {
- return verifier_->VerifyCertChain(hostname, certs, ocsp_response,
+ return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response,
cert_sct, context, error_details,
details, std::move(callback));
}
pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>(
- hostname, certs, ocsp_response, cert_sct, context, error_details,
+ hostname, port, certs, ocsp_response, cert_sct, context, error_details,
details, std::move(callback), verifier_.get()));
return QUIC_PENDING;
}
@@ -102,6 +103,7 @@
class VerifyChainPendingOp {
public:
VerifyChainPendingOp(const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -111,6 +113,7 @@
std::unique_ptr<ProofVerifierCallback> callback,
ProofVerifier* delegate)
: hostname_(hostname),
+ port_(port),
certs_(certs),
ocsp_response_(ocsp_response),
cert_sct_(cert_sct),
@@ -126,7 +129,7 @@
// runs the original callback after asserting that the verification ran
// synchronously.
QuicAsyncStatus status = delegate_->VerifyCertChain(
- hostname_, certs_, ocsp_response_, cert_sct_, context_,
+ hostname_, port_, certs_, ocsp_response_, cert_sct_, context_,
error_details_, details_,
std::make_unique<FailingProofVerifierCallback>());
ASSERT_NE(status, QUIC_PENDING);
@@ -135,6 +138,7 @@
private:
std::string hostname_;
+ const uint16_t port_;
std::vector<std::string> certs_;
std::string ocsp_response_;
std::string cert_sct_;
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc
index acf1bff..243a5c5 100644
--- a/quic/qbone/qbone_session_test.cc
+++ b/quic/qbone/qbone_session_test.cc
@@ -160,6 +160,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
@@ -170,9 +171,9 @@
if (!proof_verifier_) {
return QUIC_FAILURE;
}
- return proof_verifier_->VerifyCertChain(hostname, certs, ocsp_response,
- cert_sct, context, error_details,
- details, std::move(callback));
+ return proof_verifier_->VerifyCertChain(
+ hostname, port, certs, ocsp_response, cert_sct, context, error_details,
+ details, std::move(callback));
}
std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
diff --git a/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc b/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc
index 15cd706..81466de 100644
--- a/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc
+++ b/quic/quic_transport/web_transport_fingerprint_proof_verifier.cc
@@ -132,6 +132,7 @@
QuicAsyncStatus WebTransportFingerprintProofVerifier::VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& certs,
const std::string& /*ocsp_response*/,
const std::string& /*cert_sct*/,
diff --git a/quic/quic_transport/web_transport_fingerprint_proof_verifier.h b/quic/quic_transport/web_transport_fingerprint_proof_verifier.h
index b17ee87..7e4358d 100644
--- a/quic/quic_transport/web_transport_fingerprint_proof_verifier.h
+++ b/quic/quic_transport/web_transport_fingerprint_proof_verifier.h
@@ -93,6 +93,7 @@
std::unique_ptr<ProofVerifierCallback> callback) override;
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
+ const uint16_t port,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
diff --git a/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc b/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc
index b79e873..0432a76 100644
--- a/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc
+++ b/quic/quic_transport/web_transport_fingerprint_proof_verifier_test.cc
@@ -41,7 +41,8 @@
VerifyResult result;
std::unique_ptr<ProofVerifyDetails> details;
result.status = verifier_->VerifyCertChain(
- /*hostname=*/"", std::vector<std::string>{std::string(certificate)},
+ /*hostname=*/"", /*port=*/0,
+ std::vector<std::string>{std::string(certificate)},
/*ocsp_response=*/"",
/*cert_sct=*/"",
/*context=*/nullptr, &result.error, &details,
diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc
index 9c1c4f3..ecab4bf 100644
--- a/quic/test_tools/quic_test_client.cc
+++ b/quic/test_tools/quic_test_client.cc
@@ -74,6 +74,7 @@
QuicAsyncStatus VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& certs,
const std::string& /*ocsp_response*/,
const std::string& cert_sct,
diff --git a/quic/tools/fake_proof_verifier.h b/quic/tools/fake_proof_verifier.h
index a605e07..7f4a38e 100644
--- a/quic/tools/fake_proof_verifier.h
+++ b/quic/tools/fake_proof_verifier.h
@@ -31,6 +31,7 @@
}
QuicAsyncStatus VerifyCertChain(
const std::string& /*hostname*/,
+ const uint16_t /*port*/,
const std::vector<std::string>& /*certs*/,
const std::string& /*ocsp_response*/,
const std::string& /*cert_sct*/,