Blame - net/quic/crypto/proof_verifier_chromium.h - chromium/src

blob: f6eae8e294987860413f848e7a1ec41dd850a29b [file] [log] [blame]

[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	1	// Copyright 2013 The Chromium Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
Ryan Hamilton	a3ee93a7	2018-08-01 22:03:08	[diff] [blame]	5	#ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
				6	#define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	7
avi	b363545	2016-10-21 18:33:53	[diff] [blame]	8	#include <map>
danakj	ad1777e	2016-04-16 00:56:42	[diff] [blame]	9	#include <memory>
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	10	#include <string>
				11	#include <vector>
				12
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	13	#include "base/compiler_specific.h"
Avi Drissman	13fc893	2015-12-20 04:40:46	[diff] [blame]	14	#include "base/macros.h"
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	15	#include "net/base/net_export.h"
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	16	#include "net/cert/cert_verify_result.h"
rtenneti	052774e	2015-11-24 21:00:12	[diff] [blame]	17	#include "net/cert/ct_verify_result.h"
[email protected]	c817c67	2014-03-21 22:25:34	[diff] [blame]	18	#include "net/cert/x509_certificate.h"
mikecirone	f22f981	2016-10-04 03:40:19	[diff] [blame]	19	#include "net/log/net_log_with_source.h"
Victor Vasiliev	6bb59d2	2019-03-08 21:34:51	[diff] [blame]	20	#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	21
				22	namespace net {
				23
estark	6f9b3d8	2016-01-12 21:37:05	[diff] [blame]	24	class CTPolicyEnforcer;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	25	class CertVerifier;
rtenneti	052774e	2015-11-24 21:00:12	[diff] [blame]	26	class CTVerifier;
[email protected]	080b7793	2014-08-04 01:22:46	[diff] [blame]	27	class TransportSecurityState;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	28
[email protected]	72e6599	2013-07-30 17:16:14	[diff] [blame]	29	// ProofVerifyDetailsChromium is the implementation-specific information that a
				30	// ProofVerifierChromium returns about a certificate verification.
[email protected]	92bc621d	2014-07-29 21:42:13	[diff] [blame]	31	class NET_EXPORT_PRIVATE ProofVerifyDetailsChromium
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	32	: public quic::ProofVerifyDetails {
[email protected]	72e6599	2013-07-30 17:16:14	[diff] [blame]	33	public:
dadrian	df302c4	2016-06-10 18:48:59	[diff] [blame]	34	ProofVerifyDetailsChromium();
				35	ProofVerifyDetailsChromium(const ProofVerifyDetailsChromium&);
				36	~ProofVerifyDetailsChromium() override;
				37
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	38	// quic::ProofVerifyDetails implementation
				39	quic::ProofVerifyDetails* Clone() const override;
[email protected]	92bc621d	2014-07-29 21:42:13	[diff] [blame]	40
[email protected]	72e6599	2013-07-30 17:16:14	[diff] [blame]	41	CertVerifyResult cert_verify_result;
rtenneti	052774e	2015-11-24 21:00:12	[diff] [blame]	42	ct::CTVerifyResult ct_verify_result;
[email protected]	080b7793	2014-08-04 01:22:46	[diff] [blame]	43
				44	// pinning_failure_log contains a message produced by
martijn	c0d6b62	2015-06-30 19:14:40	[diff] [blame]	45	// TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a
[email protected]	080b7793	2014-08-04 01:22:46	[diff] [blame]	46	// pinning failure. It is a (somewhat) human-readable string.
				47	std::string pinning_failure_log;
dadrian	df302c4	2016-06-10 18:48:59	[diff] [blame]	48
				49	// True if PKP was bypassed due to a local trust anchor.
				50	bool pkp_bypassed;
Carlos IL	8113338	2017-12-06 17:18:45	[diff] [blame]	51
				52	// True if there was a certificate error which should be treated as fatal,
				53	// and false otherwise.
				54	bool is_fatal_cert_error;
[email protected]	72e6599	2013-07-30 17:16:14	[diff] [blame]	55	};
				56
[email protected]	c817c67	2014-03-21 22:25:34	[diff] [blame]	57	// ProofVerifyContextChromium is the implementation-specific information that a
				58	// ProofVerifierChromium needs in order to log correctly.
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	59	struct ProofVerifyContextChromium : public quic::ProofVerifyContext {
[email protected]	c817c67	2014-03-21 22:25:34	[diff] [blame]	60	public:
tfarina	42834111	2016-09-22 13:38:20	[diff] [blame]	61	ProofVerifyContextChromium(int cert_verify_flags,
				62	const NetLogWithSource& net_log)
rtenneti	a75df62	2015-06-21 23:59:50	[diff] [blame]	63	: cert_verify_flags(cert_verify_flags), net_log(net_log) {}
[email protected]	c817c67	2014-03-21 22:25:34	[diff] [blame]	64
rtenneti	a75df62	2015-06-21 23:59:50	[diff] [blame]	65	int cert_verify_flags;
tfarina	42834111	2016-09-22 13:38:20	[diff] [blame]	66	NetLogWithSource net_log;
[email protected]	c817c67	2014-03-21 22:25:34	[diff] [blame]	67	};
				68
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	69	// ProofVerifierChromium implements the QUIC quic::ProofVerifier interface. It
				70	// is capable of handling multiple simultaneous requests.
				71	class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier {
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	72	public:
[email protected]	080b7793	2014-08-04 01:22:46	[diff] [blame]	73	ProofVerifierChromium(CertVerifier* cert_verifier,
estark	6f9b3d8	2016-01-12 21:37:05	[diff] [blame]	74	CTPolicyEnforcer* ct_policy_enforcer,
rtenneti	052774e	2015-11-24 21:00:12	[diff] [blame]	75	TransportSecurityState* transport_security_state,
Nick Harper	3f3ae7b	2019-08-22 20:33:37	[diff] [blame]	76	CTVerifier* cert_transparency_verifier,
				77	std::set<std::string> hostnames_to_allow_unknown_roots);
dcheng	b03027d	2014-10-21 12:00:20	[diff] [blame]	78	~ProofVerifierChromium() override;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	79
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	80	// quic::ProofVerifier interface
				81	quic::QuicAsyncStatus VerifyProof(
danakj	ad1777e	2016-04-16 00:56:42	[diff] [blame]	82	const std::string& hostname,
				83	const uint16_t port,
				84	const std::string& server_config,
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	85	quic::QuicTransportVersion quic_version,
				86	quic::QuicStringPiece chlo_hash,
danakj	ad1777e	2016-04-16 00:56:42	[diff] [blame]	87	const std::vector<std::string>& certs,
				88	const std::string& cert_sct,
				89	const std::string& signature,
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	90	const quic::ProofVerifyContext* verify_context,
danakj	ad1777e	2016-04-16 00:56:42	[diff] [blame]	91	std::string* error_details,
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	92	std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
				93	std::unique_ptr<quic::ProofVerifierCallback> callback) override;
				94	quic::QuicAsyncStatus VerifyCertChain(
rtenneti	d073dd2	2016-08-04 01:58:33	[diff] [blame]	95	const std::string& hostname,
				96	const std::vector<std::string>& certs,
Dan Zhang	1004241	2019-05-09 18:31:01	[diff] [blame]	97	const std::string& ocsp_response,
				98	const std::string& cert_sct,
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	99	const quic::ProofVerifyContext* verify_context,
rtenneti	d073dd2	2016-08-04 01:58:33	[diff] [blame]	100	std::string* error_details,
Ryan Hamilton	8d9ee76e	2018-05-29 23:52:52	[diff] [blame]	101	std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
				102	std::unique_ptr<quic::ProofVerifierCallback> callback) override;
Ryan Hamilton	8bb19a1	2018-07-23 20:29:24	[diff] [blame]	103	std::unique_ptr<quic::ProofVerifyContext> CreateDefaultContext() override;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	104
				105	private:
[email protected]	5c78ce6	2014-03-13 19:48:01	[diff] [blame]	106	class Job;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	107
[email protected]	5c78ce6	2014-03-13 19:48:01	[diff] [blame]	108	void OnJobComplete(Job* job);
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	109
[email protected]	5c78ce6	2014-03-13 19:48:01	[diff] [blame]	110	// Set owning pointers to active jobs.
avi	b363545	2016-10-21 18:33:53	[diff] [blame]	111	std::map<Job*, std::unique_ptr<Job>> active_jobs_;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	112
[email protected]	5c78ce6	2014-03-13 19:48:01	[diff] [blame]	113	// Underlying verifier used to verify certificates.
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	114	CertVerifier* const cert_verifier_;
estark	6f9b3d8	2016-01-12 21:37:05	[diff] [blame]	115	CTPolicyEnforcer* const ct_policy_enforcer_;
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	116
[email protected]	2bfa5cf	2014-08-21 01:24:51	[diff] [blame]	117	TransportSecurityState* const transport_security_state_;
rtenneti	052774e	2015-11-24 21:00:12	[diff] [blame]	118	CTVerifier* const cert_transparency_verifier_;
[email protected]	080b7793	2014-08-04 01:22:46	[diff] [blame]	119
Nick Harper	3f3ae7b	2019-08-22 20:33:37	[diff] [blame]	120	std::set<std::string> hostnames_to_allow_unknown_roots_;
				121
[email protected]	2662ed56	2013-07-03 10:27:46	[diff] [blame]	122	DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium);
				123	};
				124
				125	} // namespace net
				126
Ryan Hamilton	a3ee93a7	2018-08-01 22:03:08	[diff] [blame]	127	#endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_