1 // Copyright 2022 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "quiche_platform_impl/quiche_default_proof_providers_impl.h"
6 
7 #include <fstream>
8 #include <iostream>
9 #include <string>
10 #include <utility>
11 
12 #include "quiche/quic/core/crypto/certificate_view.h"
13 #include "quiche/quic/core/crypto/proof_source.h"
14 #include "quiche/quic/core/crypto/proof_source_x509.h"
15 #include "quiche/quic/core/crypto/proof_verifier.h"
16 #include "quiche/common/platform/api/quiche_logging.h"
17 #include "quiche_platform_impl/quiche_command_line_flags_impl.h"
18 
19 DEFINE_QUICHE_COMMAND_LINE_FLAG_IMPL(std::string, certificate_file, "",
20                                      "Path to the certificate chain.");
21 
22 DEFINE_QUICHE_COMMAND_LINE_FLAG_IMPL(std::string, key_file, "",
23                                      "Path to the pkcs8 private key.");
24 
25 namespace quiche {
26 
27 // TODO(vasilvv): implement this in order for the CLI tools to work.
CreateDefaultProofVerifierImpl(const std::string &)28 std::unique_ptr<quic::ProofVerifier> CreateDefaultProofVerifierImpl(
29     const std::string& /*host*/) {
30   return nullptr;
31 }
32 
CreateDefaultProofSourceImpl()33 std::unique_ptr<quic::ProofSource> CreateDefaultProofSourceImpl() {
34   std::string certificate_file =
35       quiche::GetQuicheCommandLineFlag(FLAGS_certificate_file);
36   if (certificate_file.empty()) {
37     QUICHE_LOG(FATAL) << "QUIC ProofSource needs a certificate file, but "
38                          "--certificate_file was empty.";
39   }
40 
41   std::string key_file = quiche::GetQuicheCommandLineFlag(FLAGS_key_file);
42   if (key_file.empty()) {
43     QUICHE_LOG(FATAL)
44         << "QUIC ProofSource needs a private key, but --key_file was empty.";
45   }
46 
47   std::ifstream cert_stream(certificate_file, std::ios::binary);
48   std::vector<std::string> certs =
49       quic::CertificateView::LoadPemFromStream(&cert_stream);
50   if (certs.empty()) {
51     QUICHE_LOG(FATAL)
52         << "Failed to load certificate chain from --certificate_file="
53         << certificate_file;
54   }
55 
56   std::ifstream key_stream(key_file, std::ios::binary);
57   std::unique_ptr<quic::CertificatePrivateKey> private_key =
58       quic::CertificatePrivateKey::LoadPemFromStream(&key_stream);
59   if (private_key == nullptr) {
60     QUICHE_LOG(FATAL) << "Failed to load private key from --key_file="
61                       << key_file;
62   }
63 
64   QuicheReferenceCountedPointer<quic::ProofSource::Chain> chain(
65       new quic::ProofSource::Chain({certs}));
66   return quic::ProofSourceX509::Create(chain, std::move(*private_key));
67 }
68 
69 }  // namespace quiche
70