Project import generated by Copybara.
PiperOrigin-RevId: 237361882
Change-Id: I109a68f44db867b20f8c6a7732b0ce657133e52a
diff --git a/quic/core/tls_client_handshaker.h b/quic/core/tls_client_handshaker.h
new file mode 100644
index 0000000..3e216f0
--- /dev/null
+++ b/quic/core/tls_client_handshaker.h
@@ -0,0 +1,127 @@
+// Copyright (c) 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
+#define QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
+
+#include "third_party/boringssl/src/include/openssl/ssl.h"
+#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
+#include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h"
+#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
+#include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_string.h"
+
+namespace quic {
+
+// An implementation of QuicCryptoClientStream::HandshakerDelegate which uses
+// TLS 1.3 for the crypto handshake protocol.
+class QUIC_EXPORT_PRIVATE TlsClientHandshaker
+ : public QuicCryptoClientStream::HandshakerDelegate,
+ public TlsHandshaker {
+ public:
+ TlsClientHandshaker(QuicCryptoStream* stream,
+ QuicSession* session,
+ const QuicServerId& server_id,
+ ProofVerifier* proof_verifier,
+ SSL_CTX* ssl_ctx,
+ std::unique_ptr<ProofVerifyContext> verify_context,
+ const QuicString& user_agent_id);
+ TlsClientHandshaker(const TlsClientHandshaker&) = delete;
+ TlsClientHandshaker& operator=(const TlsClientHandshaker&) = delete;
+
+ ~TlsClientHandshaker() override;
+
+ // Creates and configures an SSL_CTX to be used with a TlsClientHandshaker.
+ // The caller is responsible for ownership of the newly created struct.
+ static bssl::UniquePtr<SSL_CTX> CreateSslCtx();
+
+ // From QuicCryptoClientStream::HandshakerDelegate
+ bool CryptoConnect() override;
+ int num_sent_client_hellos() const override;
+ int num_scup_messages_received() const override;
+ bool WasChannelIDSent() const override;
+ bool WasChannelIDSourceCallbackRun() const override;
+ QuicString chlo_hash() const override;
+
+ // From QuicCryptoClientStream::HandshakerDelegate and TlsHandshaker
+ bool encryption_established() const override;
+ bool handshake_confirmed() const override;
+ const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
+ const override;
+ CryptoMessageParser* crypto_message_parser() override;
+
+ private:
+ // ProofVerifierCallbackImpl handles the result of an asynchronous certificate
+ // verification operation.
+ class ProofVerifierCallbackImpl : public ProofVerifierCallback {
+ public:
+ explicit ProofVerifierCallbackImpl(TlsClientHandshaker* parent);
+ ~ProofVerifierCallbackImpl() override;
+
+ // ProofVerifierCallback interface.
+ void Run(bool ok,
+ const QuicString& error_details,
+ std::unique_ptr<ProofVerifyDetails>* details) override;
+
+ // If called, Cancel causes the pending callback to be a no-op.
+ void Cancel();
+
+ private:
+ TlsClientHandshaker* parent_;
+ };
+
+ enum State {
+ STATE_IDLE,
+ STATE_HANDSHAKE_RUNNING,
+ STATE_CERT_VERIFY_PENDING,
+ STATE_HANDSHAKE_COMPLETE,
+ STATE_CONNECTION_CLOSED,
+ } state_ = STATE_IDLE;
+
+ bool SetTransportParameters();
+ bool ProcessTransportParameters(QuicString* error_details);
+ void FinishHandshake();
+
+ void AdvanceHandshake() override;
+ void CloseConnection(QuicErrorCode error,
+ const QuicString& reason_phrase) override;
+
+ // Certificate verification functions:
+
+ enum ssl_verify_result_t VerifyCert(uint8_t* out_alert);
+ // Static method to supply to SSL_set_custom_verify.
+ static enum ssl_verify_result_t VerifyCallback(SSL* ssl, uint8_t* out_alert);
+
+ // Takes an SSL* |ssl| and returns a pointer to the TlsClientHandshaker that
+ // it belongs to. This is a specialization of
+ // TlsHandshaker::HandshakerFromSsl.
+ static TlsClientHandshaker* HandshakerFromSsl(SSL* ssl);
+
+ QuicServerId server_id_;
+
+ // Objects used for verifying the server's certificate chain.
+ // |proof_verifier_| is owned by the caller of TlsClientHandshaker's
+ // constructor.
+ ProofVerifier* proof_verifier_;
+ std::unique_ptr<ProofVerifyContext> verify_context_;
+
+ QuicString user_agent_id_;
+
+ // ProofVerifierCallback used for async certificate verification. This object
+ // is owned by |proof_verifier_|.
+ ProofVerifierCallbackImpl* proof_verify_callback_ = nullptr;
+ std::unique_ptr<ProofVerifyDetails> verify_details_;
+ enum ssl_verify_result_t verify_result_ = ssl_verify_retry;
+ QuicString cert_verify_error_details_;
+
+ bool encryption_established_ = false;
+ bool handshake_confirmed_ = false;
+ QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
+ crypto_negotiated_params_;
+};
+
+} // namespace quic
+
+#endif // QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
