xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/quic/core/crypto/client_proof_source.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright (c) 2021 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_QUIC_CORE_CRYPTO_CLIENT_PROOF_SOURCE_H_
6 #define QUICHE_QUIC_CORE_CRYPTO_CLIENT_PROOF_SOURCE_H_
7 
8 #include <memory>
9 
10 #include "absl/container/flat_hash_map.h"
11 #include "quiche/quic/core/crypto/certificate_view.h"
12 #include "quiche/quic/core/crypto/proof_source.h"
13 
14 namespace quic {
15 
16 // ClientProofSource is the interface for a QUIC client to provide client certs
17 // and keys based on server hostname. It is only used by TLS handshakes.
18 class QUICHE_EXPORT ClientProofSource {
19  public:
20   using Chain = ProofSource::Chain;
21 
~ClientProofSource()22   virtual ~ClientProofSource() {}
23 
24   struct QUICHE_EXPORT CertAndKey {
CertAndKeyCertAndKey25     CertAndKey(quiche::QuicheReferenceCountedPointer<Chain> chain,
26                CertificatePrivateKey private_key)
27         : chain(std::move(chain)), private_key(std::move(private_key)) {}
28 
29     quiche::QuicheReferenceCountedPointer<Chain> chain;
30     CertificatePrivateKey private_key;
31   };
32 
33   // Get the client certificate to be sent to the server with |server_hostname|
34   // and its corresponding private key. It returns nullptr if the cert and key
35   // can not be found.
36   //
37   // |server_hostname| is typically a full domain name(www.foo.com), but it
38   // could also be a wildcard domain(*.foo.com), or a "*" which will return the
39   // default cert.
40   virtual std::shared_ptr<const CertAndKey> GetCertAndKey(
41       absl::string_view server_hostname) const = 0;
42 };
43 
44 // DefaultClientProofSource is an implementation that simply keeps an in memory
45 // map of server hostnames to certs.
46 class QUICHE_EXPORT DefaultClientProofSource : public ClientProofSource {
47  public:
~DefaultClientProofSource()48   ~DefaultClientProofSource() override {}
49 
50   // Associate all hostnames in |server_hostnames| with {|chain|,|private_key|}.
51   // Elements of |server_hostnames| can be full domain names(www.foo.com),
52   // wildcard domains(*.foo.com), or "*" which means the given cert chain is the
53   // default one.
54   // If any element of |server_hostnames| is already associated with a cert
55   // chain, it will be updated to be associated with the new cert chain.
56   bool AddCertAndKey(std::vector<std::string> server_hostnames,
57                      quiche::QuicheReferenceCountedPointer<Chain> chain,
58                      CertificatePrivateKey private_key);
59 
60   // ClientProofSource implementation
61   std::shared_ptr<const CertAndKey> GetCertAndKey(
62       absl::string_view hostname) const override;
63 
64  private:
65   std::shared_ptr<const CertAndKey> LookupExact(
66       absl::string_view map_key) const;
67   absl::flat_hash_map<std::string, std::shared_ptr<CertAndKey>> cert_and_keys_;
68 };
69 
70 }  // namespace quic
71 
72 #endif  // QUICHE_QUIC_CORE_CRYPTO_CLIENT_PROOF_SOURCE_H_
73