Chromium Code Reviews Chromium Code Reviews
Issue 7776002:
Add back prefs::kSSL3Enabled and prefs::kTLS1Enabled, but control (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/command_line.h" | |
| 12 #include "chrome/browser/prefs/pref_change_registrar.h" | 11 #include "chrome/browser/prefs/pref_change_registrar.h" |
| 13 #include "chrome/browser/prefs/pref_member.h" | 12 #include "chrome/browser/prefs/pref_member.h" |
| 14 #include "chrome/browser/prefs/pref_service.h" | 13 #include "chrome/browser/prefs/pref_service.h" |
| 15 #include "chrome/common/chrome_notification_types.h" | 14 #include "chrome/common/chrome_notification_types.h" |
| 16 #include "chrome/common/chrome_switches.h" | |
| 17 #include "chrome/common/pref_names.h" | 15 #include "chrome/common/pref_names.h" |
| 18 #include "content/browser/browser_thread.h" | 16 #include "content/browser/browser_thread.h" |
| 19 #include "content/common/notification_details.h" | 17 #include "content/common/notification_details.h" |
| 20 #include "content/common/notification_source.h" | 18 #include "content/common/notification_source.h" |
| 21 #include "net/base/ssl_cipher_suite_names.h" | 19 #include "net/base/ssl_cipher_suite_names.h" |
| 22 #include "net/base/ssl_config_service.h" | 20 #include "net/base/ssl_config_service.h" |
| 23 | 21 |
| 24 namespace { | 22 namespace { |
| 25 | 23 |
| 26 // Converts a ListValue of StringValues into a vector of strings. Any Values | 24 // Converts a ListValue of StringValues into a vector of strings. Any Values |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 121 // Callback for preference changes. This will post the changes to the IO | 119 // Callback for preference changes. This will post the changes to the IO |
| 122 // thread with SetNewSSLConfig. | 120 // thread with SetNewSSLConfig. |
| 123 virtual void Observe(int type, | 121 virtual void Observe(int type, |
| 124 const NotificationSource& source, | 122 const NotificationSource& source, |
| 125 const NotificationDetails& details); | 123 const NotificationDetails& details); |
| 126 | 124 |
| 127 // Store SSL config settings in |config|, directly from the preferences. Must | 125 // Store SSL config settings in |config|, directly from the preferences. Must |
| 128 // only be called from UI thread. | 126 // only be called from UI thread. |
| 129 void GetSSLConfigFromPrefs(net::SSLConfig* config); | 127 void GetSSLConfigFromPrefs(net::SSLConfig* config); |
| 130 | 128 |
| 129 void OnSSL3EnabledChange(PrefService* prefs); | |
| 130 void OnTLS1EnabledChange(PrefService* prefs); | |
| 131 | |
| 131 // Processes changes to the disabled cipher suites preference, updating the | 132 // Processes changes to the disabled cipher suites preference, updating the |
| 132 // cached list of parsed SSL/TLS cipher suites that are disabled. | 133 // cached list of parsed SSL/TLS cipher suites that are disabled. |
| 133 void OnDisabledCipherSuitesChange(PrefService* prefs); | 134 void OnDisabledCipherSuitesChange(PrefService* prefs); |
| 134 | 135 |
| 135 PrefChangeRegistrar pref_change_registrar_; | 136 PrefChangeRegistrar pref_change_registrar_; |
| 136 | 137 |
| 137 // The prefs (should only be accessed from UI thread) | 138 // The prefs (should only be accessed from UI thread) |
| 138 BooleanPrefMember rev_checking_enabled_; | 139 BooleanPrefMember rev_checking_enabled_; |
| 139 | 140 |
| 141 // The cached booleans of enabled SSL/TLS versions. | |
| 142 bool ssl3_enabled_; | |
|
Ryan Sleevi
2011/08/27 14:14:42
nit: You can probably simplify things just using a
wtc
2011/08/27 20:27:06
Thanks a lot for the suggestion of using a Boolean
| |
| 143 bool tls1_enabled_; | |
| 144 | |
| 140 // The cached list of disabled SSL cipher suites. | 145 // The cached list of disabled SSL cipher suites. |
| 141 std::vector<uint16> disabled_cipher_suites_; | 146 std::vector<uint16> disabled_cipher_suites_; |
| 142 | 147 |
| 143 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 148 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
| 144 | 149 |
| 145 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 150 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
| 146 }; | 151 }; |
| 147 | 152 |
| 148 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 153 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
| 149 PrefService* local_state) | 154 PrefService* local_state) |
| 150 : ssl_config_service_(new SSLConfigServicePref()) { | 155 : ssl_config_service_(new SSLConfigServicePref()) { |
| 151 DCHECK(local_state); | 156 DCHECK(local_state); |
| 152 | 157 |
| 153 rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled, | 158 rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled, |
| 154 local_state, this); | 159 local_state, this); |
| 155 pref_change_registrar_.Init(local_state); | 160 pref_change_registrar_.Init(local_state); |
| 161 pref_change_registrar_.Add(prefs::kSSL3Enabled, this); | |
| 162 pref_change_registrar_.Add(prefs::kTLS1Enabled, this); | |
| 156 pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this); | 163 pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this); |
| 157 | 164 |
| 165 OnSSL3EnabledChange(local_state); | |
| 166 OnTLS1EnabledChange(local_state); | |
| 158 OnDisabledCipherSuitesChange(local_state); | 167 OnDisabledCipherSuitesChange(local_state); |
| 159 // Initialize from UI thread. This is okay as there shouldn't be anything on | 168 // Initialize from UI thread. This is okay as there shouldn't be anything on |
| 160 // the IO thread trying to access it yet. | 169 // the IO thread trying to access it yet. |
| 161 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 170 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
| 162 } | 171 } |
| 163 | 172 |
| 164 // static | 173 // static |
| 165 void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) { | 174 void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) { |
| 166 net::SSLConfig default_config; | 175 net::SSLConfig default_config; |
| 167 prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 176 prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
| 168 default_config.rev_checking_enabled); | 177 default_config.rev_checking_enabled); |
| 178 prefs->RegisterBooleanPref(prefs::kSSL3Enabled, | |
| 179 default_config.ssl3_enabled); | |
| 180 prefs->RegisterBooleanPref(prefs::kTLS1Enabled, | |
| 181 default_config.tls1_enabled); | |
| 169 prefs->RegisterListPref(prefs::kCipherSuiteBlacklist); | 182 prefs->RegisterListPref(prefs::kCipherSuiteBlacklist); |
| 170 } | 183 } |
| 171 | 184 |
| 172 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 185 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 173 return ssl_config_service_; | 186 return ssl_config_service_; |
| 174 } | 187 } |
| 175 | 188 |
| 176 void SSLConfigServiceManagerPref::Observe(int type, | 189 void SSLConfigServiceManagerPref::Observe(int type, |
| 177 const NotificationSource& source, | 190 const NotificationSource& source, |
| 178 const NotificationDetails& details) { | 191 const NotificationDetails& details) { |
| 179 if (type == chrome::NOTIFICATION_PREF_CHANGED) { | 192 if (type == chrome::NOTIFICATION_PREF_CHANGED) { |
| 180 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 193 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 181 std::string* pref_name_in = Details<std::string>(details).ptr(); | 194 std::string* pref_name_in = Details<std::string>(details).ptr(); |
| 182 PrefService* prefs = Source<PrefService>(source).ptr(); | 195 PrefService* prefs = Source<PrefService>(source).ptr(); |
| 183 DCHECK(pref_name_in && prefs); | 196 DCHECK(pref_name_in && prefs); |
| 197 if (*pref_name_in == prefs::kSSL3Enabled) | |
| 198 OnSSL3EnabledChange(prefs); | |
| 199 if (*pref_name_in == prefs::kTLS1Enabled) | |
|
Ryan Sleevi
2011/08/27 14:14:42
nit: else if here and line 201?
| |
| 200 OnTLS1EnabledChange(prefs); | |
| 184 if (*pref_name_in == prefs::kCipherSuiteBlacklist) | 201 if (*pref_name_in == prefs::kCipherSuiteBlacklist) |
| 185 OnDisabledCipherSuitesChange(prefs); | 202 OnDisabledCipherSuitesChange(prefs); |
| 186 | 203 |
| 187 net::SSLConfig new_config; | 204 net::SSLConfig new_config; |
| 188 GetSSLConfigFromPrefs(&new_config); | 205 GetSSLConfigFromPrefs(&new_config); |
| 189 | 206 |
| 190 // Post a task to |io_loop| with the new configuration, so it can | 207 // Post a task to |io_loop| with the new configuration, so it can |
| 191 // update |cached_config_|. | 208 // update |cached_config_|. |
| 192 BrowserThread::PostTask( | 209 BrowserThread::PostTask( |
| 193 BrowserThread::IO, | 210 BrowserThread::IO, |
| 194 FROM_HERE, | 211 FROM_HERE, |
| 195 NewRunnableMethod( | 212 NewRunnableMethod( |
| 196 ssl_config_service_.get(), | 213 ssl_config_service_.get(), |
| 197 &SSLConfigServicePref::SetNewSSLConfig, | 214 &SSLConfigServicePref::SetNewSSLConfig, |
| 198 new_config)); | 215 new_config)); |
| 199 } | 216 } |
| 200 } | 217 } |
| 201 | 218 |
| 202 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( | 219 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( |
| 203 net::SSLConfig* config) { | 220 net::SSLConfig* config) { |
| 204 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); | 221 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); |
| 205 | 222 config->ssl3_enabled = ssl3_enabled_; |
| 206 config->ssl3_enabled = | 223 config->tls1_enabled = tls1_enabled_; |
| 207 !CommandLine::ForCurrentProcess()->HasSwitch(switches::kDisableSSL3); | |
| 208 config->tls1_enabled = | |
| 209 !CommandLine::ForCurrentProcess()->HasSwitch(switches::kDisableTLS1); | |
| 210 | |
| 211 config->disabled_cipher_suites = disabled_cipher_suites_; | 224 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 212 SSLConfigServicePref::SetSSLConfigFlags(config); | 225 SSLConfigServicePref::SetSSLConfigFlags(config); |
| 213 } | 226 } |
| 214 | 227 |
| 228 void SSLConfigServiceManagerPref::OnSSL3EnabledChange(PrefService* prefs) { | |
| 229 ssl3_enabled_ = prefs->GetBoolean(prefs::kSSL3Enabled); | |
| 230 } | |
| 231 | |
| 232 void SSLConfigServiceManagerPref::OnTLS1EnabledChange(PrefService* prefs) { | |
| 233 tls1_enabled_ = prefs->GetBoolean(prefs::kTLS1Enabled); | |
| 234 } | |
| 235 | |
| 215 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 236 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
| 216 PrefService* prefs) { | 237 PrefService* prefs) { |
| 217 const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist); | 238 const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist); |
| 218 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 239 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
| 219 } | 240 } |
| 220 | 241 |
| 221 //////////////////////////////////////////////////////////////////////////////// | 242 //////////////////////////////////////////////////////////////////////////////// |
| 222 // SSLConfigServiceManager | 243 // SSLConfigServiceManager |
| 223 | 244 |
| 224 // static | 245 // static |
| 225 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 246 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
| 226 PrefService* local_state) { | 247 PrefService* local_state) { |
| 227 return new SSLConfigServiceManagerPref(local_state); | 248 return new SSLConfigServiceManagerPref(local_state); |
| 228 } | 249 } |
| 229 | 250 |
| 230 // static | 251 // static |
| 231 void SSLConfigServiceManager::RegisterPrefs(PrefService* prefs) { | 252 void SSLConfigServiceManager::RegisterPrefs(PrefService* prefs) { |
| 232 SSLConfigServiceManagerPref::RegisterPrefs(prefs); | 253 SSLConfigServiceManagerPref::RegisterPrefs(prefs); |
| 233 } | 254 } |
| OLD | NEW |
