1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "quiche/quic/core/crypto/proof_source.h" 6 7 #include <string> 8 9 #include "quiche/quic/platform/api/quic_bug_tracker.h" 10 11 namespace quic { 12 ~CryptoBuffers()13CryptoBuffers::~CryptoBuffers() { 14 for (size_t i = 0; i < value.size(); i++) { 15 CRYPTO_BUFFER_free(value[i]); 16 } 17 } 18 Chain(const std::vector<std::string> & certs)19ProofSource::Chain::Chain(const std::vector<std::string>& certs) 20 : certs(certs) {} 21 ~Chain()22ProofSource::Chain::~Chain() {} 23 ToCryptoBuffers() const24CryptoBuffers ProofSource::Chain::ToCryptoBuffers() const { 25 CryptoBuffers crypto_buffers; 26 crypto_buffers.value.reserve(certs.size()); 27 for (size_t i = 0; i < certs.size(); i++) { 28 crypto_buffers.value.push_back( 29 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(certs[i].data()), 30 certs[i].length(), nullptr)); 31 } 32 return crypto_buffers; 33 } 34 ValidateCertAndKey(const quiche::QuicheReferenceCountedPointer<ProofSource::Chain> & chain,const CertificatePrivateKey & key)35bool ValidateCertAndKey( 36 const quiche::QuicheReferenceCountedPointer<ProofSource::Chain>& chain, 37 const CertificatePrivateKey& key) { 38 if (chain.get() == nullptr || chain->certs.empty()) { 39 QUIC_BUG(quic_proof_source_empty_chain) << "Certificate chain is empty"; 40 return false; 41 } 42 43 std::unique_ptr<CertificateView> leaf = 44 CertificateView::ParseSingleCertificate(chain->certs[0]); 45 if (leaf == nullptr) { 46 QUIC_BUG(quic_proof_source_unparsable_leaf_cert) 47 << "Unabled to parse leaf certificate"; 48 return false; 49 } 50 51 if (!key.MatchesPublicKey(*leaf)) { 52 QUIC_BUG(quic_proof_source_key_mismatch) 53 << "Private key does not match the leaf certificate"; 54 return false; 55 } 56 return true; 57 } 58 OnNewSslCtx(SSL_CTX *)59void ProofSource::OnNewSslCtx(SSL_CTX*) {} 60 61 } // namespace quic 62