gfe-relnote: add client address into Quic proof source/verifier interface. No behavior change as the client address remains unused in GFE. Not protected.
This is needed for Envoy as client address is need to retrieve certs in Envoy.
PiperOrigin-RevId: 309485174
Change-Id: I3962c648bf33e853205541689f6e14a0fec7fe2b
diff --git a/quic/core/crypto/crypto_server_test.cc b/quic/core/crypto/crypto_server_test.cc
index 4cf618b..ee9dc53 100644
--- a/quic/core/crypto/crypto_server_test.cc
+++ b/quic/core/crypto/crypto_server_test.cc
@@ -223,7 +223,7 @@
bool called = false;
QuicSocketAddress server_address(QuicIpAddress::Any4(), 5);
config_.ValidateClientHello(
- message, client_address_.host(), server_address,
+ message, client_address_, server_address,
supported_versions_.front().transport_version, &clock_, signed_config_,
std::make_unique<ValidateCallback>(this, true, "", &called));
EXPECT_TRUE(called);
@@ -241,7 +241,7 @@
bool* called) {
QuicSocketAddress server_address(QuicIpAddress::Any4(), 5);
config_.ValidateClientHello(
- message, client_address_.host(), server_address,
+ message, client_address_, server_address,
supported_versions_.front().transport_version, &clock_, signed_config_,
std::make_unique<ValidateCallback>(this, false, error_substr, called));
}
diff --git a/quic/core/crypto/proof_source.h b/quic/core/crypto/proof_source.h
index 9757099..c4224f4 100644
--- a/quic/core/crypto/proof_source.h
+++ b/quic/core/crypto/proof_source.h
@@ -119,6 +119,7 @@
//
// Callers should expect that |callback| might be invoked synchronously.
virtual void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -128,6 +129,7 @@
// Returns the certificate chain for |hostname| in leaf-first order.
virtual QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) = 0;
// Computes a signature using the private key of the certificate for
@@ -140,6 +142,7 @@
// Callers should expect that |callback| might be invoked synchronously.
virtual void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
diff --git a/quic/core/crypto/proof_source_x509.cc b/quic/core/crypto/proof_source_x509.cc
index 89c4c43..6afc65f 100644
--- a/quic/core/crypto/proof_source_x509.cc
+++ b/quic/core/crypto/proof_source_x509.cc
@@ -30,6 +30,7 @@
void ProofSourceX509::GetProof(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion /*transport_version*/,
@@ -62,12 +63,14 @@
QuicReferenceCountedPointer<ProofSource::Chain> ProofSourceX509::GetCertChain(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& hostname) {
return GetCertificate(hostname)->chain;
}
void ProofSourceX509::ComputeTlsSignature(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
diff --git a/quic/core/crypto/proof_source_x509.h b/quic/core/crypto/proof_source_x509.h
index f9a6796..8632d4b 100644
--- a/quic/core/crypto/proof_source_x509.h
+++ b/quic/core/crypto/proof_source_x509.h
@@ -28,6 +28,7 @@
// ProofSource implementation.
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -35,9 +36,11 @@
std::unique_ptr<Callback> callback) override;
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
diff --git a/quic/core/crypto/proof_source_x509_test.cc b/quic/core/crypto/proof_source_x509_test.cc
index f4c9146..23311d0 100644
--- a/quic/core/crypto/proof_source_x509_test.cc
+++ b/quic/core/crypto/proof_source_x509_test.cc
@@ -72,26 +72,38 @@
std::move(*wildcard_key_)));
// Default certificate.
- EXPECT_EQ(
- proof_source->GetCertChain(QuicSocketAddress(), "unknown.test")->certs[0],
- kTestCertificate);
+ EXPECT_EQ(proof_source
+ ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(),
+ "unknown.test")
+ ->certs[0],
+ kTestCertificate);
// mail.example.org is explicitly a SubjectAltName in kTestCertificate.
- EXPECT_EQ(proof_source->GetCertChain(QuicSocketAddress(), "mail.example.org")
+ EXPECT_EQ(proof_source
+ ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(),
+ "mail.example.org")
->certs[0],
kTestCertificate);
// www.foo.test is in kWildcardCertificate.
- EXPECT_EQ(
- proof_source->GetCertChain(QuicSocketAddress(), "www.foo.test")->certs[0],
- kWildcardCertificate);
- // *.wildcard.test is in kWildcardCertificate.
- EXPECT_EQ(proof_source->GetCertChain(QuicSocketAddress(), "www.wildcard.test")
+ EXPECT_EQ(proof_source
+ ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(),
+ "www.foo.test")
->certs[0],
kWildcardCertificate);
- EXPECT_EQ(proof_source->GetCertChain(QuicSocketAddress(), "etc.wildcard.test")
+ // *.wildcard.test is in kWildcardCertificate.
+ EXPECT_EQ(proof_source
+ ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(),
+ "www.wildcard.test")
+ ->certs[0],
+ kWildcardCertificate);
+ EXPECT_EQ(proof_source
+ ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(),
+ "etc.wildcard.test")
->certs[0],
kWildcardCertificate);
// wildcard.test itself is not in kWildcardCertificate.
- EXPECT_EQ(proof_source->GetCertChain(QuicSocketAddress(), "wildcard.test")
+ EXPECT_EQ(proof_source
+ ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(),
+ "wildcard.test")
->certs[0],
kTestCertificate);
}
@@ -114,9 +126,9 @@
ProofSourceX509::Create(test_chain_, std::move(*test_key_));
ASSERT_TRUE(proof_source != nullptr);
- proof_source->ComputeTlsSignature(QuicSocketAddress(), "example.com",
- SSL_SIGN_RSA_PSS_RSAE_SHA256, "Test data",
- std::make_unique<Callback>());
+ proof_source->ComputeTlsSignature(QuicSocketAddress(), QuicSocketAddress(),
+ "example.com", SSL_SIGN_RSA_PSS_RSAE_SHA256,
+ "Test data", std::make_unique<Callback>());
}
} // namespace
diff --git a/quic/core/crypto/quic_crypto_server_config.cc b/quic/core/crypto/quic_crypto_server_config.cc
index 36372ac..9cb089b 100644
--- a/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quic/core/crypto/quic_crypto_server_config.cc
@@ -46,6 +46,7 @@
#include "net/third_party/quiche/src/quic/platform/api/quic_hostname_utils.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_reference_counted.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h"
#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h"
#include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h"
@@ -524,7 +525,7 @@
void QuicCryptoServerConfig::ValidateClientHello(
const CryptoHandshakeMessage& client_hello,
- const QuicIpAddress& client_ip,
+ const QuicSocketAddress& client_address,
const QuicSocketAddress& server_address,
QuicTransportVersion version,
const QuicClock* clock,
@@ -533,8 +534,8 @@
const QuicWallTime now(clock->WallNow());
QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> result(
- new ValidateClientHelloResultCallback::Result(client_hello, client_ip,
- now));
+ new ValidateClientHelloResultCallback::Result(
+ client_hello, client_address.host(), now));
quiche::QuicheStringPiece requested_scid;
client_hello.GetStringPiece(kSCID, &requested_scid);
@@ -551,8 +552,8 @@
signed_config->chain = nullptr;
signed_config->proof.signature = "";
signed_config->proof.leaf_cert_scts = "";
- EvaluateClientHello(server_address, version, configs, result,
- std::move(done_cb));
+ EvaluateClientHello(server_address, client_address, version, configs,
+ result, std::move(done_cb));
} else {
done_cb->Run(result, /* details = */ nullptr);
}
@@ -717,8 +718,9 @@
this, std::move(context), configs);
DCHECK(proof_source_.get());
- proof_source_->GetProof(server_address, sni, configs.primary->serialized,
- transport_version, chlo_hash, std::move(cb));
+ proof_source_->GetProof(server_address, client_address, sni,
+ configs.primary->serialized, transport_version,
+ chlo_hash, std::move(cb));
return;
}
@@ -1016,10 +1018,12 @@
const std::string sni(context->info().sni);
const QuicTransportVersion transport_version = context->transport_version();
+ const QuicSocketAddress& client_address = context->client_address();
auto cb = std::make_unique<SendRejectWithFallbackConfigCallback>(
this, std::move(context), fallback_config);
- proof_source_->GetProof(server_address, sni, fallback_config->serialized,
- transport_version, chlo_hash, std::move(cb));
+ proof_source_->GetProof(server_address, client_address, sni,
+ fallback_config->serialized, transport_version,
+ chlo_hash, std::move(cb));
}
void QuicCryptoServerConfig::SendRejectWithFallbackConfigAfterGetProof(
@@ -1196,6 +1200,7 @@
void QuicCryptoServerConfig::EvaluateClientHello(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
QuicTransportVersion /*version*/,
const Configs& configs,
QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result>
@@ -1270,7 +1275,8 @@
}
QuicReferenceCountedPointer<ProofSource::Chain> chain =
- proof_source_->GetCertChain(server_address, std::string(info->sni));
+ proof_source_->GetCertChain(server_address, client_address,
+ std::string(info->sni));
if (!chain) {
info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
} else if (!ValidateExpectedLeafCertificate(client_hello, chain->certs)) {
@@ -1303,7 +1309,7 @@
quiche::QuicheStringPiece chlo_hash,
const SourceAddressTokens& previous_source_address_tokens,
const QuicSocketAddress& server_address,
- const QuicIpAddress& client_ip,
+ const QuicSocketAddress& client_address,
const QuicClock* clock,
QuicRandom* rand,
QuicCompressedCertsCache* compressed_certs_cache,
@@ -1318,8 +1324,8 @@
serialized = primary_config_->serialized;
common_cert_sets = primary_config_->common_cert_sets;
source_address_token = NewSourceAddressToken(
- *primary_config_, previous_source_address_tokens, client_ip, rand,
- clock->WallNow(), cached_network_params);
+ *primary_config_, previous_source_address_tokens, client_address.host(),
+ rand, clock->WallNow(), cached_network_params);
}
CryptoHandshakeMessage message;
@@ -1332,8 +1338,9 @@
this, compressed_certs_cache, common_cert_sets, params,
std::move(message), std::move(cb));
- proof_source_->GetProof(server_address, params.sni, serialized, version,
- chlo_hash, std::move(proof_source_cb));
+ proof_source_->GetProof(server_address, client_address, params.sni,
+ serialized, version, chlo_hash,
+ std::move(proof_source_cb));
}
QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
diff --git a/quic/core/crypto/quic_crypto_server_config.h b/quic/core/crypto/quic_crypto_server_config.h
index 4fab2cd..9f2db60 100644
--- a/quic/core/crypto/quic_crypto_server_config.h
+++ b/quic/core/crypto/quic_crypto_server_config.h
@@ -294,7 +294,7 @@
// completion of an asynchronous operation.
void ValidateClientHello(
const CryptoHandshakeMessage& client_hello,
- const QuicIpAddress& client_ip,
+ const QuicSocketAddress& client_address,
const QuicSocketAddress& server_address,
QuicTransportVersion version,
const QuicClock* clock,
@@ -360,7 +360,7 @@
quiche::QuicheStringPiece chlo_hash,
const SourceAddressTokens& previous_source_address_tokens,
const QuicSocketAddress& server_address,
- const QuicIpAddress& client_ip,
+ const QuicSocketAddress& client_address,
const QuicClock* clock,
QuicRandom* rand,
QuicCompressedCertsCache* compressed_certs_cache,
@@ -553,6 +553,7 @@
// are written to |client_hello_state->info|.
void EvaluateClientHello(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
QuicTransportVersion version,
const Configs& configs,
QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result>
diff --git a/quic/core/crypto/quic_crypto_server_config_test.cc b/quic/core/crypto/quic_crypto_server_config_test.cc
index 8dd1108..6f0c047 100644
--- a/quic/core/crypto/quic_crypto_server_config_test.cc
+++ b/quic/core/crypto/quic_crypto_server_config_test.cc
@@ -481,7 +481,7 @@
test_peer_.SelectNewPrimaryConfig(1000);
test_peer_.CheckConfigs({{"a", true}, {"b", false}});
CryptoHandshakeMessage client_hello;
- QuicIpAddress client_ip;
+ QuicSocketAddress client_address;
QuicSocketAddress server_address;
QuicTransportVersion transport_version = QUIC_VERSION_UNSUPPORTED;
for (const ParsedQuicVersion& version : AllSupportedVersions()) {
@@ -497,7 +497,7 @@
std::unique_ptr<ValidateClientHelloResultCallback> done_cb(
new ValidateCallback);
clock.AdvanceTime(QuicTime::Delta::FromSeconds(1100));
- config_.ValidateClientHello(client_hello, client_ip, server_address,
+ config_.ValidateClientHello(client_hello, client_address, server_address,
transport_version, &clock, signed_config,
std::move(done_cb));
test_peer_.CheckConfigs({{"a", false}, {"b", true}});
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc
index a74d7e7..e3d12fa 100644
--- a/quic/core/quic_crypto_client_handshaker_test.cc
+++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -69,13 +69,14 @@
// ProofSource override.
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& /*server_config*/,
QuicTransportVersion /*transport_version*/,
quiche::QuicheStringPiece /*chlo_hash*/,
std::unique_ptr<Callback> callback) override {
QuicReferenceCountedPointer<ProofSource::Chain> chain =
- GetCertChain(server_address, hostname);
+ GetCertChain(server_address, client_address, hostname);
QuicCryptoProof proof;
proof.signature = "Dummy signature";
proof.leaf_cert_scts = "Dummy timestamp";
@@ -84,6 +85,7 @@
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/) override {
std::vector<std::string> certs;
certs.push_back("Dummy cert");
@@ -93,6 +95,7 @@
void ComputeTlsSignature(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/,
uint16_t /*signature_algorit*/,
quiche::QuicheStringPiece /*in*/,
diff --git a/quic/core/quic_crypto_client_stream_test.cc b/quic/core/quic_crypto_client_stream_test.cc
index d300127..6542382 100644
--- a/quic/core/quic_crypto_client_stream_test.cc
+++ b/quic/core/quic_crypto_client_stream_test.cc
@@ -285,7 +285,7 @@
crypto_config.BuildServerConfigUpdateMessage(
session_->transport_version(), stream()->chlo_hash(), tokens,
QuicSocketAddress(QuicIpAddress::Loopback6(), 1234),
- QuicIpAddress::Loopback6(), connection_->clock(),
+ QuicSocketAddress(QuicIpAddress::Loopback6(), 4321), connection_->clock(),
QuicRandom::GetInstance(), &cache, stream()->crypto_negotiated_params(),
&network_params,
std::unique_ptr<BuildServerConfigUpdateMessageResultCallback>(
diff --git a/quic/core/quic_crypto_server_stream.cc b/quic/core/quic_crypto_server_stream.cc
index c651351..66f8229 100644
--- a/quic/core/quic_crypto_server_stream.cc
+++ b/quic/core/quic_crypto_server_stream.cc
@@ -129,9 +129,9 @@
DCHECK(process_client_hello_cb_ == nullptr);
validate_client_hello_cb_ = cb.get();
crypto_config_->ValidateClientHello(
- message, GetClientAddress().host(),
- session()->connection()->self_address(), transport_version(),
- session()->connection()->clock(), signed_config_, std::move(cb));
+ message, GetClientAddress(), session()->connection()->self_address(),
+ transport_version(), session()->connection()->clock(), signed_config_,
+ std::move(cb));
}
void QuicCryptoServerStream::FinishProcessingHandshakeMessage(
@@ -245,7 +245,7 @@
crypto_config_->BuildServerConfigUpdateMessage(
session()->transport_version(), chlo_hash_,
previous_source_address_tokens_, session()->connection()->self_address(),
- GetClientAddress().host(), session()->connection()->clock(),
+ GetClientAddress(), session()->connection()->clock(),
session()->connection()->random_generator(), compressed_certs_cache_,
*crypto_negotiated_params_, cached_network_params, std::move(cb));
}
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 249973c..baecf70 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -378,7 +378,8 @@
quiche::QuicheStringPiece in) {
signature_callback_ = new SignatureCallback(this);
proof_source_->ComputeTlsSignature(
- session()->connection()->self_address(), hostname_, sig_alg, in,
+ session()->connection()->self_address(),
+ session()->connection()->peer_address(), hostname_, sig_alg, in,
std::unique_ptr<SignatureCallback>(signature_callback_));
if (state_ == STATE_SIGNATURE_COMPLETE) {
return PrivateKeyComplete(out, out_len, max_out);
@@ -480,6 +481,7 @@
QuicReferenceCountedPointer<ProofSource::Chain> chain =
proof_source_->GetCertChain(session()->connection()->self_address(),
+ session()->connection()->peer_address(),
hostname_);
if (chain->certs.empty()) {
QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'";
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc
index ae129bb..acf1bff 100644
--- a/quic/qbone/qbone_session_test.cc
+++ b/quic/qbone/qbone_session_test.cc
@@ -73,6 +73,7 @@
// ProofSource override.
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -80,26 +81,30 @@
std::unique_ptr<Callback> callback) override {
if (!proof_source_) {
QuicReferenceCountedPointer<ProofSource::Chain> chain =
- GetCertChain(server_address, hostname);
+ GetCertChain(server_address, client_address, hostname);
QuicCryptoProof proof;
callback->Run(/*ok=*/false, chain, proof, /*details=*/nullptr);
return;
}
- proof_source_->GetProof(server_address, hostname, server_config,
- transport_version, chlo_hash, std::move(callback));
+ proof_source_->GetProof(server_address, client_address, hostname,
+ server_config, transport_version, chlo_hash,
+ std::move(callback));
}
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override {
if (!proof_source_) {
return QuicReferenceCountedPointer<Chain>();
}
- return proof_source_->GetCertChain(server_address, hostname);
+ return proof_source_->GetCertChain(server_address, client_address,
+ hostname);
}
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
@@ -108,8 +113,9 @@
callback->Run(/*ok=*/true, "Signature", /*details=*/nullptr);
return;
}
- proof_source_->ComputeTlsSignature(
- server_address, hostname, signature_algorithm, in, std::move(callback));
+ proof_source_->ComputeTlsSignature(server_address, client_address, hostname,
+ signature_algorithm, in,
+ std::move(callback));
}
TicketCrypter* GetTicketCrypter() override { return nullptr; }
diff --git a/quic/quartc/quartc_crypto_helpers.cc b/quic/quartc/quartc_crypto_helpers.cc
index 1a02845..d2be599 100644
--- a/quic/quartc/quartc_crypto_helpers.cc
+++ b/quic/quartc/quartc_crypto_helpers.cc
@@ -11,13 +11,14 @@
namespace quic {
void DummyProofSource::GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& /*server_config*/,
QuicTransportVersion /*transport_version*/,
quiche::QuicheStringPiece /*chlo_hash*/,
std::unique_ptr<Callback> callback) {
QuicReferenceCountedPointer<ProofSource::Chain> chain =
- GetCertChain(server_address, hostname);
+ GetCertChain(server_address, client_address, hostname);
QuicCryptoProof proof;
proof.signature = "Dummy signature";
proof.leaf_cert_scts = "Dummy timestamp";
@@ -26,6 +27,7 @@
QuicReferenceCountedPointer<DummyProofSource::Chain>
DummyProofSource::GetCertChain(const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/) {
std::vector<std::string> certs;
certs.push_back(kDummyCertName);
@@ -35,6 +37,7 @@
void DummyProofSource::ComputeTlsSignature(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/,
uint16_t /*signature_algorithm*/,
quiche::QuicheStringPiece /*in*/,
diff --git a/quic/quartc/quartc_crypto_helpers.h b/quic/quartc/quartc_crypto_helpers.h
index 8d4ec87..544b783 100644
--- a/quic/quartc/quartc_crypto_helpers.h
+++ b/quic/quartc/quartc_crypto_helpers.h
@@ -44,6 +44,7 @@
// ProofSource overrides.
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -52,10 +53,12 @@
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
diff --git a/quic/test_tools/crypto_test_utils.cc b/quic/test_tools/crypto_test_utils.cc
index 2c79f92..0694e7d 100644
--- a/quic/test_tools/crypto_test_utils.cc
+++ b/quic/test_tools/crypto_test_utils.cc
@@ -421,6 +421,7 @@
uint64_t LeafCertHashForTesting() {
QuicReferenceCountedPointer<ProofSource::Chain> chain;
QuicSocketAddress server_address(QuicIpAddress::Any4(), 42);
+ QuicSocketAddress client_address(QuicIpAddress::Any4(), 43);
QuicCryptoProof proof;
std::unique_ptr<ProofSource> proof_source(ProofSourceForTesting());
@@ -445,7 +446,8 @@
// Note: relies on the callback being invoked synchronously
bool ok = false;
proof_source->GetProof(
- server_address, "", "", AllSupportedTransportVersions().front(), "",
+ server_address, client_address, "", "",
+ AllSupportedTransportVersions().front(), "",
std::unique_ptr<ProofSource::Callback>(new Callback(&ok, &chain)));
if (!ok || chain->certs.empty()) {
DCHECK(false) << "Proof generation failed";
@@ -851,7 +853,7 @@
ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, transport_version), signed_config,
compressed_certs_cache, out);
crypto_config->ValidateClientHello(
- inchoate_chlo, client_addr.host(), server_addr, transport_version, clock,
+ inchoate_chlo, client_addr, server_addr, transport_version, clock,
signed_config, generator.GetValidateClientHelloCallback());
}
diff --git a/quic/test_tools/crypto_test_utils_test.cc b/quic/test_tools/crypto_test_utils_test.cc
index 6e64cb8..a21b43a 100644
--- a/quic/test_tools/crypto_test_utils_test.cc
+++ b/quic/test_tools/crypto_test_utils_test.cc
@@ -178,7 +178,7 @@
&compressed_certs_cache,
ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, transport_version));
crypto_config.ValidateClientHello(
- full_chlo, client_addr.host(), server_addr, transport_version, &clock,
+ full_chlo, client_addr, server_addr, transport_version, &clock,
signed_config, shlo_verifier.GetValidateClientHelloCallback());
}
diff --git a/quic/test_tools/failing_proof_source.cc b/quic/test_tools/failing_proof_source.cc
index 1f52476..98e18fc 100644
--- a/quic/test_tools/failing_proof_source.cc
+++ b/quic/test_tools/failing_proof_source.cc
@@ -10,6 +10,7 @@
namespace test {
void FailingProofSource::GetProof(const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/,
const std::string& /*server_config*/,
QuicTransportVersion /*transport_version*/,
@@ -20,12 +21,14 @@
QuicReferenceCountedPointer<ProofSource::Chain>
FailingProofSource::GetCertChain(const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/) {
return QuicReferenceCountedPointer<Chain>();
}
void FailingProofSource::ComputeTlsSignature(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/,
uint16_t /*signature_algorithm*/,
quiche::QuicheStringPiece /*in*/,
diff --git a/quic/test_tools/failing_proof_source.h b/quic/test_tools/failing_proof_source.h
index 1ce7f72..6ea303d 100644
--- a/quic/test_tools/failing_proof_source.h
+++ b/quic/test_tools/failing_proof_source.h
@@ -14,6 +14,7 @@
class FailingProofSource : public ProofSource {
public:
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -22,10 +23,12 @@
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
diff --git a/quic/test_tools/fake_proof_source.cc b/quic/test_tools/fake_proof_source.cc
index 35c81d5..9619fad 100644
--- a/quic/test_tools/fake_proof_source.cc
+++ b/quic/test_tools/fake_proof_source.cc
@@ -22,6 +22,7 @@
FakeProofSource::GetProofOp::GetProofOp(
const QuicSocketAddress& server_addr,
+ const QuicSocketAddress& client_address,
std::string hostname,
std::string server_config,
QuicTransportVersion transport_version,
@@ -29,6 +30,7 @@
std::unique_ptr<ProofSource::Callback> callback,
ProofSource* delegate)
: server_address_(server_addr),
+ client_address_(client_address),
hostname_(std::move(hostname)),
server_config_(std::move(server_config)),
transport_version_(transport_version),
@@ -40,18 +42,21 @@
void FakeProofSource::GetProofOp::Run() {
// Note: relies on the callback being invoked synchronously
- delegate_->GetProof(server_address_, hostname_, server_config_,
- transport_version_, chlo_hash_, std::move(callback_));
+ delegate_->GetProof(server_address_, client_address_, hostname_,
+ server_config_, transport_version_, chlo_hash_,
+ std::move(callback_));
}
FakeProofSource::ComputeSignatureOp::ComputeSignatureOp(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
std::string hostname,
uint16_t sig_alg,
quiche::QuicheStringPiece in,
std::unique_ptr<ProofSource::SignatureCallback> callback,
ProofSource* delegate)
: server_address_(server_address),
+ client_address_(client_address),
hostname_(std::move(hostname)),
sig_alg_(sig_alg),
in_(in),
@@ -61,8 +66,8 @@
FakeProofSource::ComputeSignatureOp::~ComputeSignatureOp() = default;
void FakeProofSource::ComputeSignatureOp::Run() {
- delegate_->ComputeTlsSignature(server_address_, hostname_, sig_alg_, in_,
- std::move(callback_));
+ delegate_->ComputeTlsSignature(server_address_, client_address_, hostname_,
+ sig_alg_, in_, std::move(callback_));
}
void FakeProofSource::Activate() {
@@ -71,30 +76,34 @@
void FakeProofSource::GetProof(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
quiche::QuicheStringPiece chlo_hash,
std::unique_ptr<ProofSource::Callback> callback) {
if (!active_) {
- delegate_->GetProof(server_address, hostname, server_config,
+ delegate_->GetProof(server_address, client_address, hostname, server_config,
transport_version, chlo_hash, std::move(callback));
return;
}
pending_ops_.push_back(std::make_unique<GetProofOp>(
- server_address, hostname, server_config, transport_version,
- std::string(chlo_hash), std::move(callback), delegate_.get()));
+ server_address, client_address, hostname, server_config,
+ transport_version, std::string(chlo_hash), std::move(callback),
+ delegate_.get()));
}
QuicReferenceCountedPointer<ProofSource::Chain> FakeProofSource::GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) {
- return delegate_->GetCertChain(server_address, hostname);
+ return delegate_->GetCertChain(server_address, client_address, hostname);
}
void FakeProofSource::ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
@@ -102,15 +111,16 @@
QUIC_LOG(INFO) << "FakeProofSource::ComputeTlsSignature";
if (!active_) {
QUIC_LOG(INFO) << "Not active - directly calling delegate";
- delegate_->ComputeTlsSignature(
- server_address, hostname, signature_algorithm, in, std::move(callback));
+ delegate_->ComputeTlsSignature(server_address, client_address, hostname,
+ signature_algorithm, in,
+ std::move(callback));
return;
}
QUIC_LOG(INFO) << "Adding pending op";
pending_ops_.push_back(std::make_unique<ComputeSignatureOp>(
- server_address, hostname, signature_algorithm, in, std::move(callback),
- delegate_.get()));
+ server_address, client_address, hostname, signature_algorithm, in,
+ std::move(callback), delegate_.get()));
}
ProofSource::TicketCrypter* FakeProofSource::GetTicketCrypter() {
diff --git a/quic/test_tools/fake_proof_source.h b/quic/test_tools/fake_proof_source.h
index 35e5c5e..94dede6 100644
--- a/quic/test_tools/fake_proof_source.h
+++ b/quic/test_tools/fake_proof_source.h
@@ -35,6 +35,7 @@
// ProofSource interface
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -42,9 +43,11 @@
std::unique_ptr<ProofSource::Callback> callback) override;
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
@@ -76,6 +79,7 @@
class GetProofOp : public PendingOp {
public:
GetProofOp(const QuicSocketAddress& server_addr,
+ const QuicSocketAddress& client_address,
std::string hostname,
std::string server_config,
QuicTransportVersion transport_version,
@@ -88,6 +92,7 @@
private:
QuicSocketAddress server_address_;
+ QuicSocketAddress client_address_;
std::string hostname_;
std::string server_config_;
QuicTransportVersion transport_version_;
@@ -99,6 +104,7 @@
class ComputeSignatureOp : public PendingOp {
public:
ComputeSignatureOp(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
std::string hostname,
uint16_t sig_alg,
quiche::QuicheStringPiece in,
@@ -110,6 +116,7 @@
private:
QuicSocketAddress server_address_;
+ QuicSocketAddress client_address_;
std::string hostname_;
uint16_t sig_alg_;
std::string in_;
