blob: d1ab26c2ef326b8d7da6904cfdbcc2c32993902d [file] [log] [blame]
// Copyright (c) 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_CORE_CRYPTO_CLIENT_PROOF_SOURCE_H_
#define QUICHE_QUIC_CORE_CRYPTO_CLIENT_PROOF_SOURCE_H_
#include <memory>
#include "absl/container/flat_hash_map.h"
#include "quic/core/crypto/certificate_view.h"
#include "quic/core/crypto/proof_source.h"
namespace quic {
// ClientProofSource is the interface for a QUIC client to provide client certs
// and keys based on server hostname. It is only used by TLS handshakes.
class QUIC_EXPORT_PRIVATE ClientProofSource {
public:
using Chain = ProofSource::Chain;
virtual ~ClientProofSource() {}
struct QUIC_EXPORT_PRIVATE CertAndKey {
CertAndKey(QuicReferenceCountedPointer<Chain> chain,
CertificatePrivateKey private_key)
: chain(std::move(chain)), private_key(std::move(private_key)) {}
QuicReferenceCountedPointer<Chain> chain;
CertificatePrivateKey private_key;
};
// Get the client certificate to be sent to the server with |server_hostname|
// and its corresponding private key. It returns nullptr if the cert and key
// can not be found.
//
// |server_hostname| is typically a full domain name(www.foo.com), but it
// could also be a wildcard domain(*.foo.com), or a "*" which will return the
// default cert.
virtual const CertAndKey* GetCertAndKey(
absl::string_view server_hostname) const = 0;
};
// DefaultClientProofSource is an implementation that simply keeps an in memory
// map of server hostnames to certs.
class QUIC_EXPORT_PRIVATE DefaultClientProofSource : public ClientProofSource {
public:
~DefaultClientProofSource() override {}
// Associate all hostnames in |server_hostnames| with {|chain|,|private_key|}.
// Elements of |server_hostnames| can be full domain names(www.foo.com),
// wildcard domains(*.foo.com), or "*" which means the given cert chain is the
// default one.
// If any element of |server_hostnames| is already associated with a cert
// chain, it will be updated to be associated with the new cert chain.
bool AddCertAndKey(std::vector<std::string> server_hostnames,
QuicReferenceCountedPointer<Chain> chain,
CertificatePrivateKey private_key);
// ClientProofSource implementation
const CertAndKey* GetCertAndKey(absl::string_view hostname) const override;
private:
const CertAndKey* LookupExact(absl::string_view map_key) const;
absl::flat_hash_map<std::string, std::shared_ptr<CertAndKey>> cert_and_keys_;
};
} // namespace quic
#endif // QUICHE_QUIC_CORE_CRYPTO_CLIENT_PROOF_SOURCE_H_