1 // Copyright 2020 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef QUICHE_QUIC_CORE_CRYPTO_PROOF_SOURCE_X509_H_ 6 #define QUICHE_QUIC_CORE_CRYPTO_PROOF_SOURCE_X509_H_ 7 8 #include <forward_list> 9 #include <memory> 10 11 #include "absl/base/attributes.h" 12 #include "absl/strings/string_view.h" 13 #include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" 14 #include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" 15 #include "net/third_party/quiche/src/quic/platform/api/quic_containers.h" 16 17 namespace quic { 18 19 // ProofSourceX509 accepts X.509 certificates with private keys and picks a 20 // certificate internally based on its SubjectAltName value. 21 class QUIC_EXPORT_PRIVATE ProofSourceX509 : public ProofSource { 22 public: 23 // Creates a proof source that uses |default_chain| when no SubjectAltName 24 // value matches. Returns nullptr if |default_chain| is invalid. 25 static std::unique_ptr<ProofSourceX509> Create( 26 QuicReferenceCountedPointer<Chain> default_chain, 27 CertificatePrivateKey default_key); 28 29 // ProofSource implementation. 30 void GetProof(const QuicSocketAddress& server_address, 31 const QuicSocketAddress& client_address, 32 const std::string& hostname, 33 const std::string& server_config, 34 QuicTransportVersion transport_version, 35 absl::string_view chlo_hash, 36 std::unique_ptr<Callback> callback) override; 37 QuicReferenceCountedPointer<Chain> GetCertChain( 38 const QuicSocketAddress& server_address, 39 const QuicSocketAddress& client_address, 40 const std::string& hostname) override; 41 void ComputeTlsSignature( 42 const QuicSocketAddress& server_address, 43 const QuicSocketAddress& client_address, 44 const std::string& hostname, 45 uint16_t signature_algorithm, 46 absl::string_view in, 47 std::unique_ptr<SignatureCallback> callback) override; 48 TicketCrypter* GetTicketCrypter() override; 49 50 // Adds a certificate chain to the verifier. Returns false if the chain is 51 // not valid. Newer certificates will override older certificates with the 52 // same SubjectAltName value. 53 ABSL_MUST_USE_RESULT bool AddCertificateChain( 54 QuicReferenceCountedPointer<Chain> chain, 55 CertificatePrivateKey key); 56 57 private: 58 ProofSourceX509() = default; 59 60 struct QUIC_EXPORT_PRIVATE Certificate { 61 QuicReferenceCountedPointer<Chain> chain; 62 CertificatePrivateKey key; 63 }; 64 65 // Looks up certficiate for hostname, returns the default if no certificate is 66 // found. 67 Certificate* GetCertificate(const std::string& hostname) const; 68 69 std::forward_list<Certificate> certificates_; 70 Certificate* default_certificate_; 71 QuicUnorderedMap<std::string, Certificate*> certificate_map_; 72 }; 73 74 } // namespace quic 75 76 #endif // QUICHE_QUIC_CORE_CRYPTO_PROOF_SOURCE_X509_H_ 77