Factor out default proof verifier into QUIC platform.

Merge internal change: 231909406

R=rch@chromium.org

Change-Id: I412ba9c436f99b6940c458a6b7035421b48c29aa
Reviewed-on: https://chromium-review.googlesource.com/c/1458678Reviewed-by: Ryan Hamilton <rch@chromium.org>
Commit-Queue: Ryan Hamilton <rch@chromium.org>
Cr-Commit-Position: refs/heads/master@{#630620}

net/BUILD.gn

@@ -3058,6 +3058,7 @@ if (is_linux) {
       "third_party/quic/core/quic_epoll_connection_helper.h",
       "third_party/quic/core/quic_packet_reader.cc",
       "third_party/quic/core/quic_packet_reader.h",
+      "third_party/quic/platform/api/quic_default_proof_providers.h",
       "third_party/quic/platform/impl/batch_writer/quic_batch_writer_base.cc",
       "third_party/quic/platform/impl/batch_writer/quic_batch_writer_base.h",
       "third_party/quic/platform/impl/batch_writer/quic_batch_writer_buffer.cc",
@@ -3066,6 +3067,8 @@ if (is_linux) {
       "third_party/quic/platform/impl/batch_writer/quic_gso_batch_writer.h",
       "third_party/quic/platform/impl/batch_writer/quic_sendmmsg_batch_writer.cc",
       "third_party/quic/platform/impl/batch_writer/quic_sendmmsg_batch_writer.h",
+      "third_party/quic/platform/impl/quic_default_proof_providers_impl.cc",
+      "third_party/quic/platform/impl/quic_default_proof_providers_impl.h",
       "third_party/quic/platform/impl/quic_epoll_clock.cc",
       "third_party/quic/platform/impl/quic_epoll_clock.h",
       "third_party/quic/platform/impl/quic_linux_socket_utils.cc",

net/third_party/quic/platform/api/quic_default_proof_providers.h

+// Copyright (c) 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_THIRD_PARTY_QUIC_PLATFORM_API_QUIC_DEFAULT_PROOF_PROVIDERS_H_
+#define NET_THIRD_PARTY_QUIC_PLATFORM_API_QUIC_DEFAULT_PROOF_PROVIDERS_H_
+
+#include <memory>
+
+#include "net/third_party/quic/core/crypto/proof_verifier.h"
+#include "net/third_party/quic/platform/impl/quic_default_proof_providers_impl.h"
+
+namespace quic {
+
+// Provides a default proof verifier.  The verifier has to do a good faith
+// attempt at verifying the certificate against a reasonable root store, and not
+// just always return success.
+std::unique_ptr<ProofVerifier> CreateDefaultProofVerifier() {
+  return CreateDefaultProofVerifierImpl();
+}
+
+}  // namespace quic
+
+#endif  // NET_THIRD_PARTY_QUIC_PLATFORM_API_QUIC_DEFAULT_PROOF_PROVIDERS_H_

net/third_party/quic/platform/impl/quic_default_proof_providers_impl.cc

+// Copyright (c) 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/third_party/quic/platform/impl/quic_default_proof_providers_impl.h"
+
+#include <utility>
+
+#include "net/cert/cert_verifier.h"
+#include "net/cert/ct_log_verifier.h"
+#include "net/cert/ct_policy_enforcer.h"
+#include "net/cert/multi_log_ct_verifier.h"
+#include "net/http/transport_security_state.h"
+#include "net/quic/crypto/proof_verifier_chromium.h"
+#include "net/third_party/quic/platform/api/quic_ptr_util.h"
+
+using net::CertVerifier;
+using net::CTVerifier;
+using net::MultiLogCTVerifier;
+using net::ProofVerifierChromium;
+
+namespace quic {
+
+class ProofVerifierChromiumWithOwnership : public net::ProofVerifierChromium {
+ public:
+  ProofVerifierChromiumWithOwnership(
+      std::unique_ptr<net::CertVerifier> cert_verifier)
+      : net::ProofVerifierChromium(cert_verifier.get(),
+                                   &ct_policy_enforcer_,
+                                   &transport_security_state_,
+                                   &ct_verifier_),
+        cert_verifier_(std::move(cert_verifier)) {}
+
+ private:
+  std::unique_ptr<net::CertVerifier> cert_verifier_;
+  net::DefaultCTPolicyEnforcer ct_policy_enforcer_;
+  net::TransportSecurityState transport_security_state_;
+  net::MultiLogCTVerifier ct_verifier_;
+};
+
+std::unique_ptr<ProofVerifier> CreateDefaultProofVerifierImpl() {
+  std::unique_ptr<net::CertVerifier> cert_verifier =
+      net::CertVerifier::CreateDefault();
+  return QuicMakeUnique<ProofVerifierChromiumWithOwnership>(
+      std::move(cert_verifier));
+}
+
+}  // namespace quic

net/third_party/quic/platform/impl/quic_default_proof_providers_impl.h

+// Copyright (c) 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_THIRD_PARTY_QUIC_PLATFORM_IMPL_QUIC_DEFAULT_PROOF_PROVIDERS_IMPL_H_
+#define NET_THIRD_PARTY_QUIC_PLATFORM_IMPL_QUIC_DEFAULT_PROOF_PROVIDERS_IMPL_H_
+
+#include <memory>
+
+#include "net/third_party/quic/core/crypto/proof_verifier.h"
+
+namespace quic {
+
+std::unique_ptr<ProofVerifier> CreateDefaultProofVerifierImpl();
+
+}
+#endif  // NET_THIRD_PARTY_QUIC_PLATFORM_IMPL_QUIC_DEFAULT_PROOF_PROVIDERS_IMPL_H_

net/third_party/quic/tools/quic_client_bin.cc

@@ -46,14 +46,9 @@
 #include "base/task/task_scheduler/task_scheduler.h"
 #include "net/base/net_errors.h"
 #include "net/base/privacy_mode.h"
-#include "net/cert/cert_verifier.h"
-#include "net/cert/ct_log_verifier.h"
-#include "net/cert/ct_policy_enforcer.h"
-#include "net/cert/multi_log_ct_verifier.h"
-#include "net/http/transport_security_state.h"
-#include "net/quic/crypto/proof_verifier_chromium.h"
 #include "net/third_party/quic/core/quic_packets.h"
 #include "net/third_party/quic/core/quic_server_id.h"
+#include "net/third_party/quic/platform/api/quic_default_proof_providers.h"
 #include "net/third_party/quic/platform/api/quic_flags.h"
 #include "net/third_party/quic/platform/api/quic_ptr_util.h"
 #include "net/third_party/quic/platform/api/quic_socket_address.h"
@@ -66,16 +61,11 @@
 #include "net/tools/epoll_server/epoll_server.h"
 #include "net/tools/quic/synchronous_host_resolver.h"
 
-using net::CertVerifier;
-using net::CTVerifier;
-using net::MultiLogCTVerifier;
-using net::ProofVerifierChromium;
 using quic::ProofVerifier;
 using quic::QuicStringPiece;
 using quic::QuicTextUtils;
 using quic::QuicUrl;
 using spdy::SpdyHeaderBlock;
-using net::TransportSecurityState;
 using std::cout;
 using std::cerr;
 using std::endl;
@@ -270,19 +260,11 @@ int main(int argc, char* argv[]) {
         static_cast<quic::QuicTransportVersion>(FLAGS_quic_version)));
   }
   // For secure QUIC we need to verify the cert chain.
-  std::unique_ptr<CertVerifier> cert_verifier(CertVerifier::CreateDefault());
-  std::unique_ptr<TransportSecurityState> transport_security_state(
-      new TransportSecurityState);
-  std::unique_ptr<MultiLogCTVerifier> ct_verifier(new MultiLogCTVerifier());
-  std::unique_ptr<net::CTPolicyEnforcer> ct_policy_enforcer(
-      new net::DefaultCTPolicyEnforcer());
   std::unique_ptr<ProofVerifier> proof_verifier;
   if (line->HasSwitch("disable-certificate-verification")) {
     proof_verifier = quic::QuicMakeUnique<FakeProofVerifier>();
   } else {
-    proof_verifier = quic::QuicMakeUnique<ProofVerifierChromium>(
-        cert_verifier.get(), ct_policy_enforcer.get(),
-        transport_security_state.get(), ct_verifier.get());
+    proof_verifier = quic::CreateDefaultProofVerifier();
   }
   quic::QuicClient client(quic::QuicSocketAddress(ip_addr, port), server_id,
                           versions, &epoll_server, std::move(proof_verifier));