Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_QUIC_CRYPTO_CERT_COMPRESSOR_H_
      6 #define NET_QUIC_CRYPTO_CERT_COMPRESSOR_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/strings/string_piece.h"
     13 #include "net/base/net_export.h"
     14 #include "net/quic/crypto/common_cert_set.h"
     15 #include "net/quic/crypto/crypto_protocol.h"
     16 
     17 namespace net {
     18 
     19 // CertCompressor provides functions for compressing and decompressing
     20 // certificate chains using three techniquies:
     21 //   1) The peer may provide a list of a 64-bit, FNV-1a hashes of certificates
     22 //      that they already have. In the event that one of them is to be
     23 //      compressed, it can be replaced with just the hash.
     24 //   2) The peer may provide a number of hashes that represent sets of
     25 //      pre-shared certificates (CommonCertSets). If one of those certificates
     26 //      is to be compressed, and it's known to the given CommonCertSets, then it
     27 //      can be replaced with a set hash and certificate index.
     28 //   3) Otherwise the certificates are compressed with zlib using a pre-shared
     29 //      dictionary that consists of the certificates handled with the above
     30 //      methods and a small chunk of common substrings.
     31 class NET_EXPORT_PRIVATE CertCompressor {
     32  public:
     33   // CompressChain compresses the certificates in |certs| and returns a
     34   // compressed representation. |common_sets| contains the common certificate
     35   // sets known locally and |client_common_set_hashes| contains the hashes of
     36   // the common sets known to the peer. |client_cached_cert_hashes| contains
     37   // 64-bit, FNV-1a hashes of certificates that the peer already possesses.
     38   static std::string CompressChain(const std::vector<std::string>& certs,
     39                                    base::StringPiece client_common_set_hashes,
     40                                    base::StringPiece client_cached_cert_hashes,
     41                                    const CommonCertSets* common_sets);
     42 
     43   // DecompressChain decompresses the result of |CompressChain|, given in |in|,
     44   // into a series of certificates that are written to |out_certs|.
     45   // |cached_certs| contains certificates that the peer may have omitted and
     46   // |common_sets| contains the common certificate sets known locally.
     47   static bool DecompressChain(base::StringPiece in,
     48                               const std::vector<std::string>& cached_certs,
     49                               const CommonCertSets* common_sets,
     50                               std::vector<std::string>* out_certs);
     51 
     52  private:
     53   DISALLOW_COPY_AND_ASSIGN(CertCompressor);
     54 };
     55 
     56 }  // namespace net
     57 
     58 #endif  // NET_QUIC_CRYPTO_CERT_COMPRESSOR_H_
     59