xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/quic/masque/masque_server_backend.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_QUIC_MASQUE_MASQUE_SERVER_BACKEND_H_
6 #define QUICHE_QUIC_MASQUE_MASQUE_SERVER_BACKEND_H_
7 
8 #include <cstdint>
9 #include <list>
10 #include <memory>
11 #include <string>
12 #include <vector>
13 
14 #include "absl/container/flat_hash_map.h"
15 #include "absl/strings/string_view.h"
16 #include "openssl/curve25519.h"
17 #include "quiche/quic/core/quic_connection_id.h"
18 #include "quiche/quic/masque/masque_utils.h"
19 #include "quiche/quic/platform/api/quic_export.h"
20 #include "quiche/quic/platform/api/quic_ip_address.h"
21 #include "quiche/quic/tools/quic_backend_response.h"
22 #include "quiche/quic/tools/quic_memory_cache_backend.h"
23 #include "quiche/quic/tools/quic_simple_server_backend.h"
24 #include "quiche/spdy/core/http2_header_block.h"
25 
26 namespace quic {
27 
28 // QUIC server backend that understands MASQUE requests, but otherwise answers
29 // HTTP queries using an in-memory cache.
30 class QUIC_NO_EXPORT MasqueServerBackend : public QuicMemoryCacheBackend {
31  public:
32   // Interface meant to be implemented by the owner of the MasqueServerBackend
33   // instance.
34   class QUIC_NO_EXPORT BackendClient {
35    public:
36     virtual std::unique_ptr<QuicBackendResponse> HandleMasqueRequest(
37         const spdy::Http2HeaderBlock& request_headers,
38         QuicSimpleServerBackend::RequestHandler* request_handler) = 0;
39     virtual ~BackendClient() = default;
40   };
41 
42   explicit MasqueServerBackend(MasqueMode masque_mode,
43                                const std::string& server_authority,
44                                const std::string& cache_directory);
45 
46   // Disallow copy and assign.
47   MasqueServerBackend(const MasqueServerBackend&) = delete;
48   MasqueServerBackend& operator=(const MasqueServerBackend&) = delete;
49 
50   // From QuicMemoryCacheBackend.
51   void FetchResponseFromBackend(
52       const spdy::Http2HeaderBlock& request_headers,
53       const std::string& request_body,
54       QuicSimpleServerBackend::RequestHandler* request_handler) override;
55   void HandleConnectHeaders(const spdy::Http2HeaderBlock& request_headers,
56                             RequestHandler* request_handler) override;
57 
58   void CloseBackendResponseStream(
59       QuicSimpleServerBackend::RequestHandler* request_handler) override;
60 
61   // Register backend client that can handle MASQUE requests.
62   void RegisterBackendClient(QuicConnectionId connection_id,
63                              BackendClient* backend_client);
64 
65   // Unregister backend client.
66   void RemoveBackendClient(QuicConnectionId connection_id);
67 
68   // Provides a unique client IP address for each CONNECT-IP client.
69   QuicIpAddress GetNextClientIpAddress();
70 
71   // Pass in a list of key identifiers and hex-encoded public keys, separated
72   // with colons and semicolons. For example: "kid1:0123...f;kid2:0123...f".
73   void SetSignatureAuth(absl::string_view signature_auth);
74 
75   // Returns whether any signature auth credentials are configured.
IsSignatureAuthEnabled()76   bool IsSignatureAuthEnabled() const {
77     return !signature_auth_credentials_.empty();
78   }
79 
80   // If the key ID is known, copies the corresponding public key to
81   // out_public_key and returns true. Otherwise returns false.
82   bool GetSignatureAuthKeyForId(
83       absl::string_view key_id,
84       uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN]) const;
85 
86   // Enable signature auth on all requests (e.g., GET) instead of just MASQUE.
SetSignatureAuthOnAllRequests(bool signature_auth_on_all_requests)87   void SetSignatureAuthOnAllRequests(bool signature_auth_on_all_requests) {
88     signature_auth_on_all_requests_ = signature_auth_on_all_requests;
89   }
90 
91   // Whether signature auth is enabled on all requests (e.g., GET).
IsSignatureAuthOnAllRequests()92   bool IsSignatureAuthOnAllRequests() const {
93     return signature_auth_on_all_requests_;
94   }
95 
96  private:
97   // Handle MASQUE request.
98   bool MaybeHandleMasqueRequest(
99       const spdy::Http2HeaderBlock& request_headers,
100       QuicSimpleServerBackend::RequestHandler* request_handler);
101 
102   MasqueMode masque_mode_;
103   std::string server_authority_;
104 
105   struct QUIC_NO_EXPORT BackendClientState {
106     BackendClient* backend_client;
107     std::vector<std::unique_ptr<QuicBackendResponse>> responses;
108   };
109   absl::flat_hash_map<QuicConnectionId, BackendClientState,
110                       QuicConnectionIdHash>
111       backend_client_states_;
112   uint8_t connect_ip_next_client_ip_[4];
113   struct QUIC_NO_EXPORT SignatureAuthCredential {
114     std::string key_id;
115     uint8_t public_key[ED25519_PUBLIC_KEY_LEN];
116   };
117   std::list<SignatureAuthCredential> signature_auth_credentials_;
118   bool signature_auth_on_all_requests_ = false;
119 };
120 
121 }  // namespace quic
122 
123 #endif  // QUICHE_QUIC_MASQUE_MASQUE_SERVER_BACKEND_H_
124