gfe-relnote: add client address into Quic proof source/verifier interface. No behavior change as the client address remains unused in GFE. Not protected.
This is needed for Envoy as client address is need to retrieve certs in Envoy.
PiperOrigin-RevId: 309485174
Change-Id: I3962c648bf33e853205541689f6e14a0fec7fe2b
diff --git a/quic/test_tools/crypto_test_utils.cc b/quic/test_tools/crypto_test_utils.cc
index 2c79f92..0694e7d 100644
--- a/quic/test_tools/crypto_test_utils.cc
+++ b/quic/test_tools/crypto_test_utils.cc
@@ -421,6 +421,7 @@
uint64_t LeafCertHashForTesting() {
QuicReferenceCountedPointer<ProofSource::Chain> chain;
QuicSocketAddress server_address(QuicIpAddress::Any4(), 42);
+ QuicSocketAddress client_address(QuicIpAddress::Any4(), 43);
QuicCryptoProof proof;
std::unique_ptr<ProofSource> proof_source(ProofSourceForTesting());
@@ -445,7 +446,8 @@
// Note: relies on the callback being invoked synchronously
bool ok = false;
proof_source->GetProof(
- server_address, "", "", AllSupportedTransportVersions().front(), "",
+ server_address, client_address, "", "",
+ AllSupportedTransportVersions().front(), "",
std::unique_ptr<ProofSource::Callback>(new Callback(&ok, &chain)));
if (!ok || chain->certs.empty()) {
DCHECK(false) << "Proof generation failed";
@@ -851,7 +853,7 @@
ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, transport_version), signed_config,
compressed_certs_cache, out);
crypto_config->ValidateClientHello(
- inchoate_chlo, client_addr.host(), server_addr, transport_version, clock,
+ inchoate_chlo, client_addr, server_addr, transport_version, clock,
signed_config, generator.GetValidateClientHelloCallback());
}
diff --git a/quic/test_tools/crypto_test_utils_test.cc b/quic/test_tools/crypto_test_utils_test.cc
index 6e64cb8..a21b43a 100644
--- a/quic/test_tools/crypto_test_utils_test.cc
+++ b/quic/test_tools/crypto_test_utils_test.cc
@@ -178,7 +178,7 @@
&compressed_certs_cache,
ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, transport_version));
crypto_config.ValidateClientHello(
- full_chlo, client_addr.host(), server_addr, transport_version, &clock,
+ full_chlo, client_addr, server_addr, transport_version, &clock,
signed_config, shlo_verifier.GetValidateClientHelloCallback());
}
diff --git a/quic/test_tools/failing_proof_source.cc b/quic/test_tools/failing_proof_source.cc
index 1f52476..98e18fc 100644
--- a/quic/test_tools/failing_proof_source.cc
+++ b/quic/test_tools/failing_proof_source.cc
@@ -10,6 +10,7 @@
namespace test {
void FailingProofSource::GetProof(const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/,
const std::string& /*server_config*/,
QuicTransportVersion /*transport_version*/,
@@ -20,12 +21,14 @@
QuicReferenceCountedPointer<ProofSource::Chain>
FailingProofSource::GetCertChain(const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/) {
return QuicReferenceCountedPointer<Chain>();
}
void FailingProofSource::ComputeTlsSignature(
const QuicSocketAddress& /*server_address*/,
+ const QuicSocketAddress& /*client_address*/,
const std::string& /*hostname*/,
uint16_t /*signature_algorithm*/,
quiche::QuicheStringPiece /*in*/,
diff --git a/quic/test_tools/failing_proof_source.h b/quic/test_tools/failing_proof_source.h
index 1ce7f72..6ea303d 100644
--- a/quic/test_tools/failing_proof_source.h
+++ b/quic/test_tools/failing_proof_source.h
@@ -14,6 +14,7 @@
class FailingProofSource : public ProofSource {
public:
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -22,10 +23,12 @@
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
diff --git a/quic/test_tools/fake_proof_source.cc b/quic/test_tools/fake_proof_source.cc
index 35c81d5..9619fad 100644
--- a/quic/test_tools/fake_proof_source.cc
+++ b/quic/test_tools/fake_proof_source.cc
@@ -22,6 +22,7 @@
FakeProofSource::GetProofOp::GetProofOp(
const QuicSocketAddress& server_addr,
+ const QuicSocketAddress& client_address,
std::string hostname,
std::string server_config,
QuicTransportVersion transport_version,
@@ -29,6 +30,7 @@
std::unique_ptr<ProofSource::Callback> callback,
ProofSource* delegate)
: server_address_(server_addr),
+ client_address_(client_address),
hostname_(std::move(hostname)),
server_config_(std::move(server_config)),
transport_version_(transport_version),
@@ -40,18 +42,21 @@
void FakeProofSource::GetProofOp::Run() {
// Note: relies on the callback being invoked synchronously
- delegate_->GetProof(server_address_, hostname_, server_config_,
- transport_version_, chlo_hash_, std::move(callback_));
+ delegate_->GetProof(server_address_, client_address_, hostname_,
+ server_config_, transport_version_, chlo_hash_,
+ std::move(callback_));
}
FakeProofSource::ComputeSignatureOp::ComputeSignatureOp(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
std::string hostname,
uint16_t sig_alg,
quiche::QuicheStringPiece in,
std::unique_ptr<ProofSource::SignatureCallback> callback,
ProofSource* delegate)
: server_address_(server_address),
+ client_address_(client_address),
hostname_(std::move(hostname)),
sig_alg_(sig_alg),
in_(in),
@@ -61,8 +66,8 @@
FakeProofSource::ComputeSignatureOp::~ComputeSignatureOp() = default;
void FakeProofSource::ComputeSignatureOp::Run() {
- delegate_->ComputeTlsSignature(server_address_, hostname_, sig_alg_, in_,
- std::move(callback_));
+ delegate_->ComputeTlsSignature(server_address_, client_address_, hostname_,
+ sig_alg_, in_, std::move(callback_));
}
void FakeProofSource::Activate() {
@@ -71,30 +76,34 @@
void FakeProofSource::GetProof(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
quiche::QuicheStringPiece chlo_hash,
std::unique_ptr<ProofSource::Callback> callback) {
if (!active_) {
- delegate_->GetProof(server_address, hostname, server_config,
+ delegate_->GetProof(server_address, client_address, hostname, server_config,
transport_version, chlo_hash, std::move(callback));
return;
}
pending_ops_.push_back(std::make_unique<GetProofOp>(
- server_address, hostname, server_config, transport_version,
- std::string(chlo_hash), std::move(callback), delegate_.get()));
+ server_address, client_address, hostname, server_config,
+ transport_version, std::string(chlo_hash), std::move(callback),
+ delegate_.get()));
}
QuicReferenceCountedPointer<ProofSource::Chain> FakeProofSource::GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) {
- return delegate_->GetCertChain(server_address, hostname);
+ return delegate_->GetCertChain(server_address, client_address, hostname);
}
void FakeProofSource::ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
@@ -102,15 +111,16 @@
QUIC_LOG(INFO) << "FakeProofSource::ComputeTlsSignature";
if (!active_) {
QUIC_LOG(INFO) << "Not active - directly calling delegate";
- delegate_->ComputeTlsSignature(
- server_address, hostname, signature_algorithm, in, std::move(callback));
+ delegate_->ComputeTlsSignature(server_address, client_address, hostname,
+ signature_algorithm, in,
+ std::move(callback));
return;
}
QUIC_LOG(INFO) << "Adding pending op";
pending_ops_.push_back(std::make_unique<ComputeSignatureOp>(
- server_address, hostname, signature_algorithm, in, std::move(callback),
- delegate_.get()));
+ server_address, client_address, hostname, signature_algorithm, in,
+ std::move(callback), delegate_.get()));
}
ProofSource::TicketCrypter* FakeProofSource::GetTicketCrypter() {
diff --git a/quic/test_tools/fake_proof_source.h b/quic/test_tools/fake_proof_source.h
index 35e5c5e..94dede6 100644
--- a/quic/test_tools/fake_proof_source.h
+++ b/quic/test_tools/fake_proof_source.h
@@ -35,6 +35,7 @@
// ProofSource interface
void GetProof(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
@@ -42,9 +43,11 @@
std::unique_ptr<ProofSource::Callback> callback) override;
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
const std::string& hostname,
uint16_t signature_algorithm,
quiche::QuicheStringPiece in,
@@ -76,6 +79,7 @@
class GetProofOp : public PendingOp {
public:
GetProofOp(const QuicSocketAddress& server_addr,
+ const QuicSocketAddress& client_address,
std::string hostname,
std::string server_config,
QuicTransportVersion transport_version,
@@ -88,6 +92,7 @@
private:
QuicSocketAddress server_address_;
+ QuicSocketAddress client_address_;
std::string hostname_;
std::string server_config_;
QuicTransportVersion transport_version_;
@@ -99,6 +104,7 @@
class ComputeSignatureOp : public PendingOp {
public:
ComputeSignatureOp(const QuicSocketAddress& server_address,
+ const QuicSocketAddress& client_address,
std::string hostname,
uint16_t sig_alg,
quiche::QuicheStringPiece in,
@@ -110,6 +116,7 @@
private:
QuicSocketAddress server_address_;
+ QuicSocketAddress client_address_;
std::string hostname_;
uint16_t sig_alg_;
std::string in_;
