diff options
| author | rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-18 17:10:13 +0000 |
|---|---|---|
| committer | rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-18 17:10:13 +0000 |
| commit | b694e48c1586921885227ef3ad9ac79692f565c9 (patch) | |
| tree | 454bc2310b5008a2b4f79de50d525d49a22cdc89 | |
| parent | 0229235e3f8734f9cae48748529f68ccbf1d289c (diff) | |
| download | chromium_src-b694e48c1586921885227ef3ad9ac79692f565c9.zip chromium_src-b694e48c1586921885227ef3ad9ac79692f565c9.tar.gz chromium_src-b694e48c1586921885227ef3ad9ac79692f565c9.tar.bz2 | |
Move all Chrome-specific logic out of QuicCryptoClientStream
and into QuicClientSession (which is Chrome-specific).
Review URL: https://codereview.chromium.org/197873011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257667 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | net/quic/crypto/proof_verifier.h | 4 | ||||
| -rw-r--r-- | net/quic/quic_client_session.cc | 80 | ||||
| -rw-r--r-- | net/quic/quic_client_session.h | 16 | ||||
| -rw-r--r-- | net/quic/quic_crypto_client_stream.cc | 209 | ||||
| -rw-r--r-- | net/quic/quic_crypto_client_stream.h | 70 | ||||
| -rw-r--r-- | net/quic/quic_crypto_client_stream_factory.h | 4 | ||||
| -rw-r--r-- | net/quic/quic_crypto_client_stream_test.cc | 7 | ||||
| -rw-r--r-- | net/quic/quic_crypto_server_stream_test.cc | 4 | ||||
| -rw-r--r-- | net/quic/quic_session.cc | 2 | ||||
| -rw-r--r-- | net/quic/quic_session.h | 2 | ||||
| -rw-r--r-- | net/quic/quic_stream_factory.cc | 187 | ||||
| -rw-r--r-- | net/quic/quic_stream_factory.h | 6 | ||||
| -rw-r--r-- | net/quic/quic_stream_factory_test.cc | 14 | ||||
| -rw-r--r-- | net/quic/test_tools/crypto_test_utils.cc | 4 | ||||
| -rw-r--r-- | net/quic/test_tools/mock_crypto_client_stream.cc | 20 | ||||
| -rw-r--r-- | net/quic/test_tools/mock_crypto_client_stream.h | 7 | ||||
| -rw-r--r-- | net/quic/test_tools/mock_crypto_client_stream_factory.cc | 8 | ||||
| -rw-r--r-- | net/quic/test_tools/mock_crypto_client_stream_factory.h | 9 | ||||
| -rw-r--r-- | net/tools/quic/quic_client_session.cc | 2 |
19 files changed, 299 insertions, 356 deletions
diff --git a/net/quic/crypto/proof_verifier.h b/net/quic/crypto/proof_verifier.h index b576ca5..3b47776 100644 --- a/net/quic/crypto/proof_verifier.h +++ b/net/quic/crypto/proof_verifier.h @@ -62,9 +62,7 @@ class NET_EXPORT_PRIVATE ProofVerifier { // // This function may also return PENDING, in which case the ProofVerifier // will call back, on the original thread, via |callback| when complete. - // - // This function takes ownership of |callback|. It will be deleted even if - // the call returns immediately. + // In this case, the ProofVerifier will take ownership of |callback|. // // The signature uses SHA-256 as the hash function and PSS padding in the // case of RSA. diff --git a/net/quic/quic_client_session.cc b/net/quic/quic_client_session.cc index d80e97f..ac0922f 100644 --- a/net/quic/quic_client_session.cc +++ b/net/quic/quic_client_session.cc @@ -13,12 +13,14 @@ #include "base/values.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" +#include "net/quic/crypto/proof_verifier_chromium.h" #include "net/quic/crypto/quic_server_info.h" #include "net/quic/quic_connection_helper.h" #include "net/quic/quic_crypto_client_stream_factory.h" #include "net/quic/quic_default_packet_writer.h" #include "net/quic/quic_session_key.h" #include "net/quic/quic_stream_factory.h" +#include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" #include "net/udp/datagram_client_socket.h" @@ -99,6 +101,7 @@ QuicClientSession::QuicClientSession( socket_(socket.Pass()), writer_(writer.Pass()), read_buffer_(new IOBufferWithSize(kMaxPacketSize)), + server_info_(server_info.Pass()), read_pending_(false), num_total_streams_(0), net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_QUIC_SESSION)), @@ -109,9 +112,7 @@ QuicClientSession::QuicClientSession( crypto_client_stream_factory ? crypto_client_stream_factory->CreateQuicCryptoClientStream( server_key, this, crypto_config) : - new QuicCryptoClientStream(server_key, this, crypto_config)); - - crypto_stream_->SetQuicServerInfo(server_info.Pass()); + new QuicCryptoClientStream(server_key, this, this, crypto_config)); connection->set_debug_visitor(&logger_); // TODO(rch): pass in full host port proxy pair @@ -159,7 +160,7 @@ QuicClientSession::~QuicClientSession() { bool port_selected = stream_factory_->enable_port_selection(); SSLInfo ssl_info; - if (!crypto_stream_->GetSSLInfo(&ssl_info) || !ssl_info.cert) { + if (!GetSSLInfo(&ssl_info) || !ssl_info.cert) { if (port_selected) { UMA_HISTOGRAM_CUSTOM_COUNTS("Net.QuicSession.ConnectSelectPortForHTTP", round_trip_handshakes, 0, 3, 4); @@ -278,9 +279,40 @@ QuicCryptoClientStream* QuicClientSession::GetCryptoStream() { return crypto_stream_.get(); }; -bool QuicClientSession::GetSSLInfo(SSLInfo* ssl_info) { - DCHECK(crypto_stream_.get()); - return crypto_stream_->GetSSLInfo(ssl_info); +// TODO(rtenneti): Add unittests for GetSSLInfo which exercise the various ways +// we learn about SSL info (sync vs async vs cached). +bool QuicClientSession::GetSSLInfo(SSLInfo* ssl_info) const { + ssl_info->Reset(); + if (!cert_verify_result_) { + return false; + } + + ssl_info->cert_status = cert_verify_result_->cert_status; + ssl_info->cert = cert_verify_result_->verified_cert; + + // TODO(rtenneti): Figure out what to set for the following. + // Temporarily hard coded cipher_suite as 0xc031 to represent + // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (from + // net/ssl/ssl_cipher_suite_names.cc) and encryption as 256. + int cipher_suite = 0xc02f; + int ssl_connection_status = 0; + ssl_connection_status |= + (cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) << + SSL_CONNECTION_CIPHERSUITE_SHIFT; + ssl_connection_status |= + (SSL_CONNECTION_VERSION_TLS1_2 & SSL_CONNECTION_VERSION_MASK) << + SSL_CONNECTION_VERSION_SHIFT; + + ssl_info->public_key_hashes = cert_verify_result_->public_key_hashes; + ssl_info->is_issued_by_known_root = + cert_verify_result_->is_issued_by_known_root; + + ssl_info->connection_status = ssl_connection_status; + ssl_info->client_cert_sent = false; + ssl_info->channel_id_sent = false; + ssl_info->security_bits = 256; + ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL; + return true; } int QuicClientSession::CryptoConnect(bool require_confirmation, @@ -313,8 +345,7 @@ bool QuicClientSession::CanPool(const std::string& hostname) const { DCHECK(connection()->connected()); SSLInfo ssl_info; bool unused = false; - DCHECK(crypto_stream_); - if (!crypto_stream_->GetSSLInfo(&ssl_info) || !ssl_info.cert) { + if (!GetSSLInfo(&ssl_info) || !ssl_info.cert) { // We can always pool with insecure QUIC sessions. return true; } @@ -431,6 +462,34 @@ void QuicClientSession::OnSuccessfulVersionNegotiation( QuicSession::OnSuccessfulVersionNegotiation(version); } +void QuicClientSession::OnProofValid( + const QuicCryptoClientConfig::CachedState& cached) { + DCHECK(cached.proof_valid()); + + if (!server_info_ || !server_info_->IsDataReady()) { + return; + } + + QuicServerInfo::State* state = server_info_->mutable_state(); + + state->server_config = cached.server_config(); + state->source_address_token = cached.source_address_token(); + state->server_config_sig = cached.signature(); + state->certs = cached.certs(); + + server_info_->Persist(); +} + +void QuicClientSession::OnProofVerifyDetailsAvailable( + const ProofVerifyDetails& verify_details) { + const CertVerifyResult* cert_verify_result_other = + &(reinterpret_cast<const ProofVerifyDetailsChromium*>( + &verify_details))->cert_verify_result; + CertVerifyResult* result_copy = new CertVerifyResult; + result_copy->CopyFrom(*cert_verify_result_other); + cert_verify_result_.reset(result_copy); +} + void QuicClientSession::StartReading() { if (read_pending_) { return; @@ -509,8 +568,7 @@ base::Value* QuicClientSession::GetInfoAsValue( dict->SetString("connection_id", base::Uint64ToString(connection_id())); dict->SetBoolean("connected", connection()->connected()); SSLInfo ssl_info; - dict->SetBoolean("secure", - crypto_stream_->GetSSLInfo(&ssl_info) && ssl_info.cert); + dict->SetBoolean("secure", GetSSLInfo(&ssl_info) && ssl_info.cert); base::ListValue* alias_list = new base::ListValue(); for (std::set<HostPortPair>::const_iterator it = aliases.begin(); diff --git a/net/quic/quic_client_session.h b/net/quic/quic_client_session.h index 2b2ffd2..b8d4b8a 100644 --- a/net/quic/quic_client_session.h +++ b/net/quic/quic_client_session.h @@ -25,11 +25,13 @@ namespace net { +class CertVerifyResult; class DatagramClientSocket; class QuicConnectionHelper; class QuicCryptoClientStreamFactory; class QuicDefaultPacketWriter; class QuicSessionKey; +class QuicServerInfo; class QuicStreamFactory; class SSLInfo; @@ -37,7 +39,9 @@ namespace test { class QuicClientSessionPeer; } // namespace test -class NET_EXPORT_PRIVATE QuicClientSession : public QuicSession { +class NET_EXPORT_PRIVATE QuicClientSession : + public QuicSession, + public QuicCryptoClientStream::Visitor { public: // An interface for observing events on a session. class NET_EXPORT_PRIVATE Observer { @@ -130,7 +134,13 @@ class NET_EXPORT_PRIVATE QuicClientSession : public QuicSession { const CryptoHandshakeMessage& message) OVERRIDE; virtual void OnCryptoHandshakeMessageReceived( const CryptoHandshakeMessage& message) OVERRIDE; - virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; + virtual bool GetSSLInfo(SSLInfo* ssl_info) const OVERRIDE; + + // QuicCryptoClientStream::Visitor methods: + virtual void OnProofValid( + const QuicCryptoClientConfig::CachedState& cached) OVERRIDE; + virtual void OnProofVerifyDetailsAvailable( + const ProofVerifyDetails& verify_details) OVERRIDE; // QuicConnectionVisitorInterface methods: virtual void OnConnectionClosed(QuicErrorCode error, bool from_peer) OVERRIDE; @@ -211,6 +221,8 @@ class NET_EXPORT_PRIVATE QuicClientSession : public QuicSession { scoped_ptr<DatagramClientSocket> socket_; scoped_ptr<QuicDefaultPacketWriter> writer_; scoped_refptr<IOBufferWithSize> read_buffer_; + scoped_ptr<QuicServerInfo> server_info_; + scoped_ptr<CertVerifyResult> cert_verify_result_; ObserverSet observers_; StreamRequestQueue stream_requests_; bool read_pending_; diff --git a/net/quic/quic_crypto_client_stream.cc b/net/quic/quic_crypto_client_stream.cc index 307a3aa..8c574fe 100644 --- a/net/quic/quic_crypto_client_stream.cc +++ b/net/quic/quic_crypto_client_stream.cc @@ -4,44 +4,21 @@ #include "net/quic/quic_crypto_client_stream.h" -#include "base/metrics/histogram.h" -#include "net/base/completion_callback.h" -#include "net/base/net_errors.h" #include "net/quic/crypto/crypto_protocol.h" #include "net/quic/crypto/crypto_utils.h" #include "net/quic/crypto/null_encrypter.h" #include "net/quic/crypto/proof_verifier.h" -#include "net/quic/crypto/proof_verifier_chromium.h" -#include "net/quic/crypto/quic_server_info.h" #include "net/quic/quic_protocol.h" #include "net/quic/quic_session.h" -#include "net/ssl/ssl_connection_status_flags.h" -#include "net/ssl/ssl_info.h" namespace net { -namespace { - -// Copies CertVerifyResult from |verify_details| to |cert_verify_result|. -void CopyCertVerifyResult( - const ProofVerifyDetails* verify_details, - scoped_ptr<CertVerifyResult>* cert_verify_result) { - const CertVerifyResult* cert_verify_result_other = - &(reinterpret_cast<const ProofVerifyDetailsChromium*>( - verify_details))->cert_verify_result; - CertVerifyResult* result_copy = new CertVerifyResult; - result_copy->CopyFrom(*cert_verify_result_other); - cert_verify_result->reset(result_copy); -} - -} // namespace - QuicCryptoClientStream::ProofVerifierCallbackImpl::ProofVerifierCallbackImpl( QuicCryptoClientStream* stream) : stream_(stream) {} QuicCryptoClientStream::ProofVerifierCallbackImpl:: - ~ProofVerifierCallbackImpl() {} +~ProofVerifierCallbackImpl() {} void QuicCryptoClientStream::ProofVerifierCallbackImpl::Run( bool ok, @@ -68,16 +45,16 @@ void QuicCryptoClientStream::ProofVerifierCallbackImpl::Cancel() { QuicCryptoClientStream::QuicCryptoClientStream( const QuicSessionKey& server_key, QuicSession* session, + Visitor* visitor, QuicCryptoClientConfig* crypto_config) : QuicCryptoStream(session), + visitor_(visitor), next_state_(STATE_IDLE), num_client_hellos_(0), crypto_config_(crypto_config), server_key_(server_key), generation_counter_(0), - proof_verify_callback_(NULL), - disk_cache_load_result_(ERR_UNEXPECTED), - weak_factory_(this) { + proof_verify_callback_(NULL) { } QuicCryptoClientStream::~QuicCryptoClientStream() { @@ -94,7 +71,7 @@ void QuicCryptoClientStream::OnHandshakeMessage( } bool QuicCryptoClientStream::CryptoConnect() { - next_state_ = STATE_LOAD_QUIC_SERVER_INFO; + next_state_ = STATE_INITIALIZE; DoHandshakeLoop(NULL); return true; } @@ -103,42 +80,6 @@ int QuicCryptoClientStream::num_sent_client_hellos() const { return num_client_hellos_; } -// TODO(rtenneti): Add unittests for GetSSLInfo which exercise the various ways -// we learn about SSL info (sync vs async vs cached). -bool QuicCryptoClientStream::GetSSLInfo(SSLInfo* ssl_info) { - ssl_info->Reset(); - if (!cert_verify_result_) { - return false; - } - - ssl_info->cert_status = cert_verify_result_->cert_status; - ssl_info->cert = cert_verify_result_->verified_cert; - - // TODO(rtenneti): Figure out what to set for the following. - // Temporarily hard coded cipher_suite as 0xc031 to represent - // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (from - // net/ssl/ssl_cipher_suite_names.cc) and encryption as 256. - int cipher_suite = 0xc02f; - int ssl_connection_status = 0; - ssl_connection_status |= - (cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) << - SSL_CONNECTION_CIPHERSUITE_SHIFT; - ssl_connection_status |= - (SSL_CONNECTION_VERSION_TLS1_2 & SSL_CONNECTION_VERSION_MASK) << - SSL_CONNECTION_VERSION_SHIFT; - - ssl_info->public_key_hashes = cert_verify_result_->public_key_hashes; - ssl_info->is_issued_by_known_root = - cert_verify_result_->is_issued_by_known_root; - - ssl_info->connection_status = ssl_connection_status; - ssl_info->client_cert_sent = false; - ssl_info->channel_id_sent = false; - ssl_info->security_bits = 256; - ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL; - return true; -} - // kMaxClientHellos is the maximum number of times that we'll send a client // hello. The value 3 accounts for: // * One failure due to an incorrect or missing source-address token. @@ -162,16 +103,16 @@ void QuicCryptoClientStream::DoHandshakeLoop( const State state = next_state_; next_state_ = STATE_IDLE; switch (state) { - case STATE_LOAD_QUIC_SERVER_INFO: { - if (DoLoadQuicServerInfo(cached) == ERR_IO_PENDING) { - return; + case STATE_INITIALIZE: { + if (!cached->IsEmpty() && !cached->signature().empty() && + crypto_config_->proof_verifier()) { + // If the cached state needs to be verified, do it now. + next_state_ = STATE_VERIFY_PROOF; + } else { + next_state_ = STATE_SEND_CHLO; } break; } - case STATE_LOAD_QUIC_SERVER_INFO_COMPLETE: { - DoLoadQuicServerInfoComplete(cached); - break; - } case STATE_SEND_CHLO: { // Send the client hello in plaintext. session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE); @@ -225,11 +166,9 @@ void QuicCryptoClientStream::DoHandshakeLoop( CloseConnectionWithDetails(error, error_details); return; } - if (cached->proof_verify_details()) { - CopyCertVerifyResult(cached->proof_verify_details(), - &cert_verify_result_); - } else { - cert_verify_result_.reset(); + if (visitor_ && cached->proof_verify_details()) { + visitor_->OnProofVerifyDetailsAvailable( + *cached->proof_verify_details()); } next_state_ = STATE_RECV_SHLO; DVLOG(1) << "Client: Sending " << out.DebugString(); @@ -276,8 +215,7 @@ void QuicCryptoClientStream::DoHandshakeLoop( ProofVerifier* verifier = crypto_config_->proof_verifier(); if (!verifier) { // If no verifier is set then we don't check the certificates. - cached->SetProofValid(); - SaveQuicServerInfo(*cached); + SetProofValid(cached); } else if (!cached->signature().empty()) { next_state_ = STATE_VERIFY_PROOF; break; @@ -320,7 +258,10 @@ void QuicCryptoClientStream::DoHandshakeLoop( } case STATE_VERIFY_PROOF_COMPLETE: if (!verify_ok_) { - CopyCertVerifyResult(verify_details_.get(), &cert_verify_result_); + if (visitor_) { + visitor_->OnProofVerifyDetailsAvailable( + *cached->proof_verify_details()); + } CloseConnectionWithDetails( QUIC_PROOF_INVALID, "Proof invalid: " + verify_error_details_); return; @@ -330,9 +271,8 @@ void QuicCryptoClientStream::DoHandshakeLoop( if (generation_counter_ != cached->generation_counter()) { next_state_ = STATE_VERIFY_PROOF; } else { - cached->SetProofValid(); + SetProofValid(cached); cached->SetProofVerifyDetails(verify_details_.release()); - SaveQuicServerInfo(*cached); next_state_ = STATE_SEND_CHLO; } break; @@ -409,111 +349,12 @@ void QuicCryptoClientStream::DoHandshakeLoop( } } -void QuicCryptoClientStream::OnIOComplete(int result) { - DCHECK_EQ(STATE_LOAD_QUIC_SERVER_INFO_COMPLETE, next_state_); - DCHECK_NE(ERR_IO_PENDING, result); - disk_cache_load_result_ = result; - DoHandshakeLoop(NULL); -} - -void QuicCryptoClientStream::SetQuicServerInfo( - scoped_ptr<QuicServerInfo> server_info) { - quic_server_info_.reset(server_info.release()); -} - -int QuicCryptoClientStream::DoLoadQuicServerInfo( - QuicCryptoClientConfig::CachedState* cached) { - next_state_ = STATE_SEND_CHLO; - if (!quic_server_info_) { - return OK; - } - - disk_cache_load_start_time_ = base::TimeTicks::Now(); - generation_counter_ = cached->generation_counter(); - next_state_ = STATE_LOAD_QUIC_SERVER_INFO_COMPLETE; - - // TODO(rtenneti): Use host:port to access QUIC server information from disk - // cache. If multiple tabs load URLs with same hostname but different - // ports, all requests except for the first request send InchoateClientHello. - // Fix the code to handle multiple requests. A possible solution is to wait - // for the first request to finish and use the data from the disk cache for - // all requests. - // We may need to call quic_server_info->Persist later. - // quic_server_info->Persist requires quic_server_info to be ready, so we - // always call WaitForDataReady, even though we might have initialized - // |cached| config from the cached state for a canonical hostname. - int rv = quic_server_info_->WaitForDataReady( - base::Bind(&QuicCryptoClientStream::OnIOComplete, - weak_factory_.GetWeakPtr())); - - if (rv != ERR_IO_PENDING) { - disk_cache_load_result_ = rv; - } - return rv; -} - -void QuicCryptoClientStream::DoLoadQuicServerInfoComplete( +void QuicCryptoClientStream::SetProofValid( QuicCryptoClientConfig::CachedState* cached) { - LoadQuicServerInfo(cached); - QuicServerInfo::State* state = quic_server_info_->mutable_state(); - state->Clear(); -} - -void QuicCryptoClientStream::LoadQuicServerInfo( - QuicCryptoClientConfig::CachedState* cached) { - next_state_ = STATE_SEND_CHLO; - - // If someone else already saved a server config, we don't want to overwrite - // it. Also, if someone else saved a server config and then cleared it (so - // cached->IsEmpty() is true), we still want to load from QuicServerInfo. - if (!cached->IsEmpty()) { - return; - } - - UMA_HISTOGRAM_TIMES("Net.QuicServerInfo.DiskCacheReadTime", - base::TimeTicks::Now() - disk_cache_load_start_time_); - - if (disk_cache_load_result_ != OK || - !cached->Initialize(quic_server_info_->state().server_config, - quic_server_info_->state().source_address_token, - quic_server_info_->state().certs, - quic_server_info_->state().server_config_sig, - session()->connection()->clock()->WallNow())) { - // It is ok to proceed to STATE_SEND_CHLO when we cannot load QuicServerInfo - // from the disk cache. - DCHECK(cached->IsEmpty()); - DVLOG(1) << "Empty server_config"; - return; + cached->SetProofValid(); + if (visitor_) { + visitor_->OnProofValid(*cached); } - - ProofVerifier* verifier = crypto_config_->proof_verifier(); - if (!verifier) { - // If no verifier is set then we don't check the certificates. - cached->SetProofValid(); - SaveQuicServerInfo(*cached); - } else if (!cached->signature().empty()) { - next_state_ = STATE_VERIFY_PROOF; - } -} - -void QuicCryptoClientStream::SaveQuicServerInfo( - const QuicCryptoClientConfig::CachedState& cached) { - DCHECK(cached.proof_valid()); - - // If the QuicServerInfo hasn't managed to load from disk yet then we can't - // save anything. TODO(rtenneti): we should fix this. - if (!quic_server_info_ || !quic_server_info_->IsDataReady()) { - return; - } - - QuicServerInfo::State* state = quic_server_info_->mutable_state(); - - state->server_config = cached.server_config(); - state->source_address_token = cached.source_address_token(); - state->server_config_sig = cached.signature(); - state->certs = cached.certs(); - - quic_server_info_->Persist(); } } // namespace net diff --git a/net/quic/quic_crypto_client_stream.h b/net/quic/quic_crypto_client_stream.h index a988556..8e28360 100644 --- a/net/quic/quic_crypto_client_stream.h +++ b/net/quic/quic_crypto_client_stream.h @@ -7,10 +7,6 @@ #include <string> -#include "base/memory/weak_ptr.h" -#include "base/time/time.h" -#include "net/cert/cert_verify_result.h" -#include "net/cert/x509_certificate.h" #include "net/quic/crypto/proof_verifier.h" #include "net/quic/crypto/quic_crypto_client_config.h" #include "net/quic/quic_config.h" @@ -19,9 +15,7 @@ namespace net { -class QuicServerInfo; class QuicSession; -class SSLInfo; namespace test { class CryptoTestUtils; @@ -29,8 +23,28 @@ class CryptoTestUtils; class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream { public: + class NET_EXPORT_PRIVATE Visitor { + public: + ~Visitor() {} + + // Called when the proof in |cached| is marked valid. If this is a secure + // QUIC session, then this will happen only after the proof verifier + // completes. If this is an insecure QUIC connection, this will happen + // as soon as a valid config is discovered (either from the cache or + // from the server). + virtual void OnProofValid( + const QuicCryptoClientConfig::CachedState& cached) = 0; + + // Called when proof verification details become available, either because + // proof verification is complete, or when cached details are used. This + // will only be called for secure QUIC connections. + virtual void OnProofVerifyDetailsAvailable( + const ProofVerifyDetails& verify_details) = 0; + }; + QuicCryptoClientStream(const QuicSessionKey& server_key, QuicSession* session, + Visitor* visitor, QuicCryptoClientConfig* crypto_config); virtual ~QuicCryptoClientStream(); @@ -48,12 +62,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream { // than the number of round-trips needed for the handshake. int num_sent_client_hellos() const; - // Gets the SSL connection information. - virtual bool GetSSLInfo(SSLInfo* ssl_info); - - void OnIOComplete(int result); - - void SetQuicServerInfo(scoped_ptr<QuicServerInfo> server_info); + Visitor* visitor() { return visitor_; } private: // ProofVerifierCallbackImpl is passed as the callback method to VerifyProof. @@ -82,8 +91,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream { enum State { STATE_IDLE, - STATE_LOAD_QUIC_SERVER_INFO, - STATE_LOAD_QUIC_SERVER_INFO_COMPLETE, + STATE_INITIALIZE, STATE_SEND_CHLO, STATE_RECV_REJ, STATE_VERIFY_PROOF, @@ -92,23 +100,14 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream { }; // DoHandshakeLoop performs a step of the handshake state machine. Note that - // |in| may be NULL if the call did not result from a received message + // |in| may be NULL if the call did not result from a received message. void DoHandshakeLoop(const CryptoHandshakeMessage* in); - // TODO(rtenneti): convert the other states of the state machine into DoXXX - // functions. - - // Call QuicServerInfo's WaitForDataReady to load the server information from - // the disk cache. - int DoLoadQuicServerInfo(QuicCryptoClientConfig::CachedState* cached); - void DoLoadQuicServerInfoComplete( - QuicCryptoClientConfig::CachedState* cached); - // LoadQuicServerInfo is a helper function for DoLoadQuicServerInfoComplete. - void LoadQuicServerInfo(QuicCryptoClientConfig::CachedState* cached); + // Called to set the proof of |cache| valid. Also invokes the visitor's + // OnProofValid() method. + void SetProofValid(QuicCryptoClientConfig::CachedState* cached); - // Should be aclled whenever cached->SetProofValid() is called. - // TODO(rch): move this to some chrome-specific class. - void SaveQuicServerInfo(const QuicCryptoClientConfig::CachedState& cached); + Visitor* visitor_; State next_state_; // num_client_hellos_ contains the number of client hello messages that this @@ -136,21 +135,6 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream { string verify_error_details_; scoped_ptr<ProofVerifyDetails> verify_details_; - // The result of certificate verification. - scoped_ptr<CertVerifyResult> cert_verify_result_; - - scoped_ptr<QuicServerInfo> quic_server_info_; - - // This member is used to store the result of an asynchronous disk cache read. - // It must not be used after STATE_LOAD_QUIC_SERVER_INFO_COMPLETE. - int disk_cache_load_result_; - - // Time when call to WaitForDataReady was made, used for computing time spent - // to load QUIC server information from disk cache. - base::TimeTicks disk_cache_load_start_time_; - - base::WeakPtrFactory<QuicCryptoClientStream> weak_factory_; - DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientStream); }; diff --git a/net/quic/quic_crypto_client_stream_factory.h b/net/quic/quic_crypto_client_stream_factory.h index 6b18bec..5f160b0 100644 --- a/net/quic/quic_crypto_client_stream_factory.h +++ b/net/quic/quic_crypto_client_stream_factory.h @@ -11,8 +11,8 @@ namespace net { +class QuicClientSession; class QuicCryptoClientStream; -class QuicSession; class QuicSessionKey; // An interface used to instantiate QuicCryptoClientStream objects. Used to @@ -23,7 +23,7 @@ class NET_EXPORT QuicCryptoClientStreamFactory { virtual QuicCryptoClientStream* CreateQuicCryptoClientStream( const QuicSessionKey& server_key, - QuicSession* session, + QuicClientSession* session, QuicCryptoClientConfig* crypto_config) = 0; }; diff --git a/net/quic/quic_crypto_client_stream_test.cc b/net/quic/quic_crypto_client_stream_test.cc index eb62a13..2f2a499 100644 --- a/net/quic/quic_crypto_client_stream_test.cc +++ b/net/quic/quic_crypto_client_stream_test.cc @@ -30,8 +30,9 @@ class QuicCryptoClientStreamTest : public ::testing::Test { session_(new TestSession(connection_, DefaultQuicConfig())), server_key_(kServerHostname, kServerPort, false), stream_(new QuicCryptoClientStream( - server_key_, session_.get(), &crypto_config_)) { + server_key_, session_.get(), NULL, &crypto_config_)) { session_->SetCryptoStream(stream_.get()); + session_->config()->SetDefaults(); crypto_config_.SetDefaults(); } @@ -106,7 +107,7 @@ TEST_F(QuicCryptoClientStreamTest, NegotiatedParameters) { TEST_F(QuicCryptoClientStreamTest, InvalidHostname) { QuicSessionKey server_key("invalid", 80, false); - stream_.reset(new QuicCryptoClientStream(server_key, session_.get(), + stream_.reset(new QuicCryptoClientStream(server_key, session_.get(), NULL, &crypto_config_)); session_->SetCryptoStream(stream_.get()); @@ -121,7 +122,7 @@ TEST_F(QuicCryptoClientStreamTest, ExpiredServerConfig) { connection_ = new PacketSavingConnection(true); session_.reset(new TestSession(connection_, DefaultQuicConfig())); - stream_.reset(new QuicCryptoClientStream(server_key_, session_.get(), + stream_.reset(new QuicCryptoClientStream(server_key_, session_.get(), NULL, &crypto_config_)); session_->SetCryptoStream(stream_.get()); diff --git a/net/quic/quic_crypto_server_stream_test.cc b/net/quic/quic_crypto_server_stream_test.cc index 63b1cf5..4135187 100644 --- a/net/quic/quic_crypto_server_stream_test.cc +++ b/net/quic/quic_crypto_server_stream_test.cc @@ -147,7 +147,7 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) { QuicSessionKey server_key(kServerHostname, kServerPort, false); scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream( - server_key, client_session.get(), &client_crypto_config)); + server_key, client_session.get(), NULL, &client_crypto_config)); client_session->SetCryptoStream(client.get()); // Do a first handshake in order to prime the client config with the server's @@ -180,7 +180,7 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) { client_session.reset(new TestSession(client_conn, client_config)); server_session.reset(new TestSession(server_conn, config_)); client.reset(new QuicCryptoClientStream( - server_key, client_session.get(), &client_crypto_config)); + server_key, client_session.get(), NULL, &client_crypto_config)); client_session->SetCryptoStream(client.get()); server.reset(new QuicCryptoServerStream(crypto_config_, diff --git a/net/quic/quic_session.cc b/net/quic/quic_session.cc index 96fd30b..ac39c2f 100644 --- a/net/quic/quic_session.cc +++ b/net/quic/quic_session.cc @@ -544,7 +544,7 @@ bool QuicSession::HasDataToWrite() const { connection_->HasQueuedData(); } -bool QuicSession::GetSSLInfo(SSLInfo* ssl_info) { +bool QuicSession::GetSSLInfo(SSLInfo* ssl_info) const { NOTIMPLEMENTED(); return false; } diff --git a/net/quic/quic_session.h b/net/quic/quic_session.h index ce54948..40086b4 100644 --- a/net/quic/quic_session.h +++ b/net/quic/quic_session.h @@ -190,7 +190,7 @@ class NET_EXPORT_PRIVATE QuicSession : public QuicConnectionVisitorInterface { } // Gets the SSL connection information. - virtual bool GetSSLInfo(SSLInfo* ssl_info); + virtual bool GetSSLInfo(SSLInfo* ssl_info) const; QuicErrorCode error() const { return error_; } diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc index f54af96..30149aa9 100644 --- a/net/quic/quic_stream_factory.cc +++ b/net/quic/quic_stream_factory.cc @@ -86,10 +86,10 @@ class QuicStreamFactory::Job { int Run(const CompletionCallback& callback); int DoLoop(int rv); - int DoLoadServerInfo(); - int DoLoadServerInfoComplete(int rv); int DoResolveHost(); int DoResolveHostComplete(int rv); + int DoLoadServerInfo(); + int DoLoadServerInfoComplete(int rv); int DoConnect(); int DoConnectComplete(int rv); @@ -106,10 +106,10 @@ class QuicStreamFactory::Job { private: enum IoState { STATE_NONE, - STATE_LOAD_SERVER_INFO, - STATE_LOAD_SERVER_INFO_COMPLETE, STATE_RESOLVE_HOST, STATE_RESOLVE_HOST_COMPLETE, + STATE_LOAD_SERVER_INFO, + STATE_LOAD_SERVER_INFO_COMPLETE, STATE_CONNECT, STATE_CONNECT_COMPLETE, }; @@ -126,6 +126,8 @@ class QuicStreamFactory::Job { QuicClientSession* session_; CompletionCallback callback_; AddressList address_list_; + base::TimeTicks disk_cache_load_start_time_; + base::WeakPtrFactory<Job> weak_factory_; DISALLOW_COPY_AND_ASSIGN(Job); }; @@ -145,13 +147,14 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, cert_verifier_(cert_verifier), server_info_(server_info), net_log_(net_log), - session_(NULL) {} + session_(NULL), + weak_factory_(this) {} QuicStreamFactory::Job::~Job() { } int QuicStreamFactory::Job::Run(const CompletionCallback& callback) { - io_state_ = STATE_LOAD_SERVER_INFO; + io_state_ = STATE_RESOLVE_HOST; int rv = DoLoop(OK); if (rv == ERR_IO_PENDING) callback_ = callback; @@ -164,13 +167,6 @@ int QuicStreamFactory::Job::DoLoop(int rv) { IoState state = io_state_; io_state_ = STATE_NONE; switch (state) { - case STATE_LOAD_SERVER_INFO: - CHECK_EQ(OK, rv); - rv = DoLoadServerInfo(); - break; - case STATE_LOAD_SERVER_INFO_COMPLETE: - rv = DoLoadServerInfoComplete(rv); - break; case STATE_RESOLVE_HOST: CHECK_EQ(OK, rv); rv = DoResolveHost(); @@ -178,6 +174,13 @@ int QuicStreamFactory::Job::DoLoop(int rv) { case STATE_RESOLVE_HOST_COMPLETE: rv = DoResolveHostComplete(rv); break; + case STATE_LOAD_SERVER_INFO: + CHECK_EQ(OK, rv); + rv = DoLoadServerInfo(); + break; + case STATE_LOAD_SERVER_INFO_COMPLETE: + rv = DoLoadServerInfoComplete(rv); + break; case STATE_CONNECT: CHECK_EQ(OK, rv); rv = DoConnect(); @@ -201,30 +204,20 @@ void QuicStreamFactory::Job::OnIOComplete(int rv) { } } -int QuicStreamFactory::Job::DoLoadServerInfo() { - io_state_ = STATE_LOAD_SERVER_INFO_COMPLETE; - - if (server_info_) +int QuicStreamFactory::Job::DoResolveHost() { + // Start loading the data now, and wait for it after we resolve the host. + if (server_info_) { + disk_cache_load_start_time_ = base::TimeTicks::Now(); server_info_->Start(); + } - return OK; -} - -int QuicStreamFactory::Job::DoLoadServerInfoComplete(int rv) { - if (rv != OK) - return rv; - - io_state_ = STATE_RESOLVE_HOST; - return OK; -} - -int QuicStreamFactory::Job::DoResolveHost() { io_state_ = STATE_RESOLVE_HOST_COMPLETE; return host_resolver_.Resolve( HostResolver::RequestInfo(session_key_.host_port_pair()), DEFAULT_PRIORITY, &address_list_, - base::Bind(&QuicStreamFactory::Job::OnIOComplete, base::Unretained(this)), + base::Bind(&QuicStreamFactory::Job::OnIOComplete, + weak_factory_.GetWeakPtr()), net_log_); } @@ -240,56 +233,33 @@ int QuicStreamFactory::Job::DoResolveHostComplete(int rv) { return OK; } - io_state_ = STATE_CONNECT; + io_state_ = STATE_LOAD_SERVER_INFO; return OK; } -QuicStreamRequest::QuicStreamRequest(QuicStreamFactory* factory) - : factory_(factory) {} +int QuicStreamFactory::Job::DoLoadServerInfo() { + io_state_ = STATE_LOAD_SERVER_INFO_COMPLETE; -QuicStreamRequest::~QuicStreamRequest() { - if (factory_ && !callback_.is_null()) - factory_->CancelRequest(this); -} + if (!server_info_) + return OK; -int QuicStreamRequest::Request(const HostPortPair& host_port_pair, - bool is_https, - base::StringPiece method, - CertVerifier* cert_verifier, - const BoundNetLog& net_log, - const CompletionCallback& callback) { - DCHECK(!stream_); - DCHECK(callback_.is_null()); - DCHECK(factory_); - int rv = factory_->Create(host_port_pair, is_https, - method, cert_verifier, net_log, this); - if (rv == ERR_IO_PENDING) { - host_port_pair_ = host_port_pair; - is_https_ = is_https; - cert_verifier_ = cert_verifier; - net_log_ = net_log; - callback_ = callback; - } else { - factory_ = NULL; - } - if (rv == OK) - DCHECK(stream_); - return rv; + return server_info_->WaitForDataReady( + base::Bind(&QuicStreamFactory::Job::OnIOComplete, + weak_factory_.GetWeakPtr())); } -void QuicStreamRequest::set_stream(scoped_ptr<QuicHttpStream> stream) { - DCHECK(stream); - stream_ = stream.Pass(); -} +int QuicStreamFactory::Job::DoLoadServerInfoComplete(int rv) { + if (server_info_) { + UMA_HISTOGRAM_TIMES("Net.QuicServerInfo.DiskCacheReadTime", + base::TimeTicks::Now() - disk_cache_load_start_time_); + } -void QuicStreamRequest::OnRequestComplete(int rv) { - factory_ = NULL; - callback_.Run(rv); -} + if (rv != OK) { + server_info_.reset(); + } -scoped_ptr<QuicHttpStream> QuicStreamRequest::ReleaseStream() { - DCHECK(stream_); - return stream_.Pass(); + io_state_ = STATE_CONNECT; + return OK; } int QuicStreamFactory::Job::DoConnect() { @@ -334,6 +304,54 @@ int QuicStreamFactory::Job::DoConnectComplete(int rv) { return OK; } +QuicStreamRequest::QuicStreamRequest(QuicStreamFactory* factory) + : factory_(factory) {} + +QuicStreamRequest::~QuicStreamRequest() { + if (factory_ && !callback_.is_null()) + factory_->CancelRequest(this); +} + +int QuicStreamRequest::Request(const HostPortPair& host_port_pair, + bool is_https, + base::StringPiece method, + CertVerifier* cert_verifier, + const BoundNetLog& net_log, + const CompletionCallback& callback) { + DCHECK(!stream_); + DCHECK(callback_.is_null()); + DCHECK(factory_); + int rv = factory_->Create(host_port_pair, is_https, + method, cert_verifier, net_log, this); + if (rv == ERR_IO_PENDING) { + host_port_pair_ = host_port_pair; + is_https_ = is_https; + cert_verifier_ = cert_verifier; + net_log_ = net_log; + callback_ = callback; + } else { + factory_ = NULL; + } + if (rv == OK) + DCHECK(stream_); + return rv; +} + +void QuicStreamRequest::set_stream(scoped_ptr<QuicHttpStream> stream) { + DCHECK(stream); + stream_ = stream.Pass(); +} + +void QuicStreamRequest::OnRequestComplete(int rv) { + factory_ = NULL; + callback_.Run(rv); +} + +scoped_ptr<QuicHttpStream> QuicStreamRequest::ReleaseStream() { + DCHECK(stream_); + return stream_.Pass(); +} + QuicStreamFactory::QuicStreamFactory( HostResolver* host_resolver, ClientSocketFactory* client_socket_factory, @@ -700,7 +718,7 @@ int QuicStreamFactory::CreateSession( connection->options()->max_packet_length = max_packet_length_; QuicCryptoClientConfig* crypto_config = GetOrCreateCryptoConfig(session_key); - + InitializeCachedState(session_key, crypto_config, server_info); DCHECK(crypto_config); QuicConfig config = config_; @@ -798,6 +816,31 @@ void QuicStreamFactory::PopulateFromCanonicalConfig( canonical_session_key; } +void QuicStreamFactory::InitializeCachedState( + const QuicSessionKey& session_key, + QuicCryptoClientConfig* crypto_config, + const scoped_ptr<QuicServerInfo>& server_info) { + if (!server_info) + return; + + QuicCryptoClientConfig::CachedState* cached = + crypto_config->LookupOrCreate(session_key); + if (!cached->IsEmpty()) + return; + + if (!cached->Initialize(server_info->state().server_config, + server_info->state().source_address_token, + server_info->state().certs, + server_info->state().server_config_sig, + clock_->WallNow())) + return; + + if (!crypto_config->proof_verifier()) { + // If no verifier is set then we don't check the certificates. + cached->SetProofValid(); + } +} + void QuicStreamFactory::ExpireBrokenAlternateProtocolMappings() { base::TimeTicks now = base::TimeTicks::Now(); while (!broken_alternate_protocol_list_.empty()) { diff --git a/net/quic/quic_stream_factory.h b/net/quic/quic_stream_factory.h index f49b63d..61806a7 100644 --- a/net/quic/quic_stream_factory.h +++ b/net/quic/quic_stream_factory.h @@ -223,6 +223,12 @@ class NET_EXPORT_PRIVATE QuicStreamFactory const QuicSessionKey& session_key, QuicCryptoClientConfig* crypto_config); + // Initializes the cached state associated with |session_key| in + // |crypto_config| with the information in |server_info|. + void InitializeCachedState(const QuicSessionKey& session_key, + QuicCryptoClientConfig* crypto_config, + const scoped_ptr<QuicServerInfo>& server_info); + void ExpireBrokenAlternateProtocolMappings(); void ScheduleBrokenAlternateProtocolMappingsExpiration(); diff --git a/net/quic/quic_stream_factory_test.cc b/net/quic/quic_stream_factory_test.cc index 62dc868..f7e271c 100644 --- a/net/quic/quic_stream_factory_test.cc +++ b/net/quic/quic_stream_factory_test.cc @@ -13,6 +13,7 @@ #include "net/http/http_response_info.h" #include "net/http/http_util.h" #include "net/quic/crypto/crypto_handshake.h" +#include "net/quic/crypto/proof_verifier_chromium.h" #include "net/quic/crypto/quic_decrypter.h" #include "net/quic/crypto/quic_encrypter.h" #include "net/quic/quic_http_stream.h" @@ -420,9 +421,9 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) { scoped_refptr<X509Certificate> test_cert( ImportCertFromFile(certs_dir, "spdy_pooling.pem")); ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); - SSLInfo ssl_info; - ssl_info.cert = test_cert.get(); - crypto_client_stream_factory_.set_ssl_info(&ssl_info); + ProofVerifyDetailsChromium verify_details; + verify_details.cert_verify_result.verified_cert = test_cert; + crypto_client_stream_factory_.set_proof_verify_details(&verify_details); host_resolver_.set_synchronous_mode(true); host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); @@ -484,9 +485,10 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithCertMismatch) { scoped_refptr<X509Certificate> test_cert( ImportCertFromFile(certs_dir, "spdy_pooling.pem")); ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); - SSLInfo ssl_info; - ssl_info.cert = test_cert.get(); - crypto_client_stream_factory_.set_ssl_info(&ssl_info); + ProofVerifyDetailsChromium verify_details; + verify_details.cert_verify_result.verified_cert = test_cert; + crypto_client_stream_factory_.set_proof_verify_details(&verify_details); + host_resolver_.set_synchronous_mode(true); host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); diff --git a/net/quic/test_tools/crypto_test_utils.cc b/net/quic/test_tools/crypto_test_utils.cc index 86b22e1..c3ccf72 100644 --- a/net/quic/test_tools/crypto_test_utils.cc +++ b/net/quic/test_tools/crypto_test_utils.cc @@ -180,7 +180,8 @@ int CryptoTestUtils::HandshakeWithFakeClient( crypto_config.SetChannelIDSigner(ChannelIDSignerForTesting()); } QuicSessionKey server_key(kServerHostname, kServerPort, false); - QuicCryptoClientStream client(server_key, &client_session, &crypto_config); + QuicCryptoClientStream client(server_key, &client_session, NULL, + &crypto_config); client_session.SetCryptoStream(&client); CHECK(client.CryptoConnect()); @@ -235,6 +236,7 @@ void CryptoTestUtils::CommunicateHandshakeMessages( } } +// static pair<size_t, size_t> CryptoTestUtils::AdvanceHandshake( PacketSavingConnection* a_conn, QuicCryptoStream* a, diff --git a/net/quic/test_tools/mock_crypto_client_stream.cc b/net/quic/test_tools/mock_crypto_client_stream.cc index 5166bb1..b0112d5 100644 --- a/net/quic/test_tools/mock_crypto_client_stream.cc +++ b/net/quic/test_tools/mock_crypto_client_stream.cc @@ -5,7 +5,6 @@ #include "net/quic/test_tools/mock_crypto_client_stream.h" #include "net/quic/quic_session_key.h" -#include "net/ssl/ssl_info.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -13,12 +12,13 @@ namespace net { MockCryptoClientStream::MockCryptoClientStream( const QuicSessionKey& server_key, QuicSession* session, + QuicCryptoClientStream::Visitor* visitor, QuicCryptoClientConfig* crypto_config, HandshakeMode handshake_mode, - const SSLInfo* ssl_info) - : QuicCryptoClientStream(server_key, session, crypto_config), + const ProofVerifyDetails* proof_verify_details) + : QuicCryptoClientStream(server_key, session, visitor, crypto_config), handshake_mode_(handshake_mode), - ssl_info_(ssl_info) { + proof_verify_details_(proof_verify_details) { } MockCryptoClientStream::~MockCryptoClientStream() { @@ -42,6 +42,9 @@ bool MockCryptoClientStream::CryptoConnect() { case CONFIRM_HANDSHAKE: { encryption_established_ = true; handshake_confirmed_ = true; + if (proof_verify_details_) { + visitor()->OnProofVerifyDetailsAvailable(*proof_verify_details_); + } SetConfigNegotiated(); session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED); break; @@ -56,15 +59,6 @@ bool MockCryptoClientStream::CryptoConnect() { return true; } -bool MockCryptoClientStream::GetSSLInfo(SSLInfo* ssl_info) { - ssl_info->Reset(); - if (!ssl_info_) { - return false; - } - *ssl_info = *ssl_info_; - return true; -} - void MockCryptoClientStream::SendOnCryptoHandshakeEvent( QuicSession::CryptoHandshakeEvent event) { encryption_established_ = true; diff --git a/net/quic/test_tools/mock_crypto_client_stream.h b/net/quic/test_tools/mock_crypto_client_stream.h index ad3a18c..444f88d 100644 --- a/net/quic/test_tools/mock_crypto_client_stream.h +++ b/net/quic/test_tools/mock_crypto_client_stream.h @@ -38,9 +38,10 @@ class MockCryptoClientStream : public QuicCryptoClientStream { MockCryptoClientStream( const QuicSessionKey& server_key, QuicSession* session, + QuicCryptoClientStream::Visitor* visitor, QuicCryptoClientConfig* crypto_config, HandshakeMode handshake_mode, - const SSLInfo* ssl_info); + const ProofVerifyDetails* proof_verify_details_); virtual ~MockCryptoClientStream(); // CryptoFramerVisitorInterface implementation. @@ -50,8 +51,6 @@ class MockCryptoClientStream : public QuicCryptoClientStream { // QuicCryptoClientStream implementation. virtual bool CryptoConnect() OVERRIDE; - virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; - // Invokes the sessions's CryptoHandshakeEvent method with the specified // event. void SendOnCryptoHandshakeEvent(QuicSession::CryptoHandshakeEvent event); @@ -61,7 +60,7 @@ class MockCryptoClientStream : public QuicCryptoClientStream { private: void SetConfigNegotiated(); - const SSLInfo* ssl_info_; + const ProofVerifyDetails* proof_verify_details_; }; } // namespace net diff --git a/net/quic/test_tools/mock_crypto_client_stream_factory.cc b/net/quic/test_tools/mock_crypto_client_stream_factory.cc index d87b508..686fd56 100644 --- a/net/quic/test_tools/mock_crypto_client_stream_factory.cc +++ b/net/quic/test_tools/mock_crypto_client_stream_factory.cc @@ -5,6 +5,7 @@ #include "net/quic/test_tools/mock_crypto_client_stream_factory.h" #include "base/lazy_instance.h" +#include "net/quic/quic_client_session.h" #include "net/quic/quic_crypto_client_stream.h" #include "net/quic/quic_session_key.h" @@ -15,16 +16,17 @@ namespace net { MockCryptoClientStreamFactory::MockCryptoClientStreamFactory() : handshake_mode_(MockCryptoClientStream::CONFIRM_HANDSHAKE), last_stream_(NULL), - ssl_info_(NULL) { + proof_verify_details_(NULL) { } QuicCryptoClientStream* MockCryptoClientStreamFactory::CreateQuicCryptoClientStream( const QuicSessionKey& server_key, - QuicSession* session, + QuicClientSession* session, QuicCryptoClientConfig* crypto_config) { last_stream_ = new MockCryptoClientStream( - server_key, session, crypto_config, handshake_mode_, ssl_info_); + server_key, session, session, crypto_config, handshake_mode_, + proof_verify_details_); return last_stream_; } diff --git a/net/quic/test_tools/mock_crypto_client_stream_factory.h b/net/quic/test_tools/mock_crypto_client_stream_factory.h index 69a0bbe..ac1184f 100644 --- a/net/quic/test_tools/mock_crypto_client_stream_factory.h +++ b/net/quic/test_tools/mock_crypto_client_stream_factory.h @@ -22,7 +22,7 @@ class MockCryptoClientStreamFactory : public QuicCryptoClientStreamFactory { virtual QuicCryptoClientStream* CreateQuicCryptoClientStream( const QuicSessionKey& server_key, - QuicSession* session, + QuicClientSession* session, QuicCryptoClientConfig* crypto_config) OVERRIDE; void set_handshake_mode( @@ -30,8 +30,9 @@ class MockCryptoClientStreamFactory : public QuicCryptoClientStreamFactory { handshake_mode_ = handshake_mode; } - void set_ssl_info(const SSLInfo* ssl_info) { - ssl_info_ = ssl_info; + void set_proof_verify_details( + const ProofVerifyDetails* proof_verify_details) { + proof_verify_details_ = proof_verify_details; } MockCryptoClientStream* last_stream() const { @@ -41,7 +42,7 @@ class MockCryptoClientStreamFactory : public QuicCryptoClientStreamFactory { private: MockCryptoClientStream::HandshakeMode handshake_mode_; MockCryptoClientStream* last_stream_; - const SSLInfo* ssl_info_; + const ProofVerifyDetails* proof_verify_details_; }; } // namespace net diff --git a/net/tools/quic/quic_client_session.cc b/net/tools/quic/quic_client_session.cc index cc4ef37..54f46e3 100644 --- a/net/tools/quic/quic_client_session.cc +++ b/net/tools/quic/quic_client_session.cc @@ -20,7 +20,7 @@ QuicClientSession::QuicClientSession( QuicConnection* connection, QuicCryptoClientConfig* crypto_config) : QuicSession(connection, config), - crypto_stream_(server_key, this, crypto_config) { + crypto_stream_(server_key, this, NULL, crypto_config) { } QuicClientSession::~QuicClientSession() { |