Chromium Code Reviews Chromium Code Reviews
Issue 8772014:
Add a preference for enabling the TLS origin-bound certificates extension. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 133 // Processes changes to the disabled cipher suites preference, updating the | 133 // Processes changes to the disabled cipher suites preference, updating the |
| 134 // cached list of parsed SSL/TLS cipher suites that are disabled. | 134 // cached list of parsed SSL/TLS cipher suites that are disabled. |
| 135 void OnDisabledCipherSuitesChange(PrefService* prefs); | 135 void OnDisabledCipherSuitesChange(PrefService* prefs); |
| 136 | 136 |
| 137 PrefChangeRegistrar pref_change_registrar_; | 137 PrefChangeRegistrar pref_change_registrar_; |
| 138 | 138 |
| 139 // The prefs (should only be accessed from UI thread) | 139 // The prefs (should only be accessed from UI thread) |
| 140 BooleanPrefMember rev_checking_enabled_; | 140 BooleanPrefMember rev_checking_enabled_; |
| 141 BooleanPrefMember ssl3_enabled_; | 141 BooleanPrefMember ssl3_enabled_; |
| 142 BooleanPrefMember tls1_enabled_; | 142 BooleanPrefMember tls1_enabled_; |
| 143 BooleanPrefMember origin_bound_certs_enabled_; | |
| 143 | 144 |
| 144 // The cached list of disabled SSL cipher suites. | 145 // The cached list of disabled SSL cipher suites. |
| 145 std::vector<uint16> disabled_cipher_suites_; | 146 std::vector<uint16> disabled_cipher_suites_; |
| 146 | 147 |
| 147 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 148 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
| 148 | 149 |
| 149 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 150 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
| 150 }; | 151 }; |
| 151 | 152 |
| 152 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 153 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
| 153 PrefService* local_state) | 154 PrefService* local_state) |
| 154 : ssl_config_service_(new SSLConfigServicePref()) { | 155 : ssl_config_service_(new SSLConfigServicePref()) { |
| 155 DCHECK(local_state); | 156 DCHECK(local_state); |
| 156 | 157 |
| 157 rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled, | 158 rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled, |
| 158 local_state, this); | 159 local_state, this); |
| 159 ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this); | 160 ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this); |
| 160 tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this); | 161 tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this); |
| 162 origin_bound_certs_enabled_.Init(prefs::kEnableOriginBoundCerts, | |
| 163 local_state, this); | |
| 161 pref_change_registrar_.Init(local_state); | 164 pref_change_registrar_.Init(local_state); |
| 162 pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this); | 165 pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this); |
| 163 | 166 |
| 164 OnDisabledCipherSuitesChange(local_state); | 167 OnDisabledCipherSuitesChange(local_state); |
| 165 // Initialize from UI thread. This is okay as there shouldn't be anything on | 168 // Initialize from UI thread. This is okay as there shouldn't be anything on |
| 166 // the IO thread trying to access it yet. | 169 // the IO thread trying to access it yet. |
| 167 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 170 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
| 168 } | 171 } |
| 169 | 172 |
| 170 // static | 173 // static |
| 171 void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) { | 174 void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) { |
| 172 net::SSLConfig default_config; | 175 net::SSLConfig default_config; |
| 173 prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 176 prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
| 174 default_config.rev_checking_enabled); | 177 default_config.rev_checking_enabled); |
| 175 prefs->RegisterBooleanPref(prefs::kSSL3Enabled, | 178 prefs->RegisterBooleanPref(prefs::kSSL3Enabled, |
| 176 default_config.ssl3_enabled); | 179 default_config.ssl3_enabled); |
| 177 prefs->RegisterBooleanPref(prefs::kTLS1Enabled, | 180 prefs->RegisterBooleanPref(prefs::kTLS1Enabled, |
| 178 default_config.tls1_enabled); | 181 default_config.tls1_enabled); |
| 182 prefs->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, | |
| 183 default_config.origin_bound_certs_enabled); | |
| 179 prefs->RegisterListPref(prefs::kCipherSuiteBlacklist); | 184 prefs->RegisterListPref(prefs::kCipherSuiteBlacklist); |
| 180 // The Options menu used to allow changing the ssl.ssl3.enabled and | 185 // The Options menu used to allow changing the ssl.ssl3.enabled and |
| 181 // ssl.tls1.enabled preferences, so some users' Local State may have | 186 // ssl.tls1.enabled preferences, so some users' Local State may have |
| 182 // these preferences. Remove them from Local State. | 187 // these preferences. Remove them from Local State. |
| 183 prefs->ClearPref(prefs::kSSL3Enabled); | 188 prefs->ClearPref(prefs::kSSL3Enabled); |
| 184 prefs->ClearPref(prefs::kTLS1Enabled); | 189 prefs->ClearPref(prefs::kTLS1Enabled); |
| 185 } | 190 } |
| 186 | 191 |
| 187 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 192 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 188 return ssl_config_service_; | 193 return ssl_config_service_; |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 214 new_config)); | 219 new_config)); |
| 215 } | 220 } |
| 216 } | 221 } |
| 217 | 222 |
| 218 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( | 223 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( |
| 219 net::SSLConfig* config) { | 224 net::SSLConfig* config) { |
| 220 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); | 225 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); |
| 221 config->ssl3_enabled = ssl3_enabled_.GetValue(); | 226 config->ssl3_enabled = ssl3_enabled_.GetValue(); |
| 222 config->tls1_enabled = tls1_enabled_.GetValue(); | 227 config->tls1_enabled = tls1_enabled_.GetValue(); |
| 223 config->disabled_cipher_suites = disabled_cipher_suites_; | 228 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 229 config->origin_bound_certs_enabled = origin_bound_certs_enabled_.GetValue(); | |
|
Mattias Nissler (ping if slow)
2011/12/02 12:40:08
This is also invoked on PREF_CHANGED notifications
wtc
2011/12/02 18:31:54
The SetSSLConfigFlags call below does not activate
| |
| 224 SSLConfigServicePref::SetSSLConfigFlags(config); | 230 SSLConfigServicePref::SetSSLConfigFlags(config); |
| 225 } | 231 } |
| 226 | 232 |
| 227 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 233 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
| 228 PrefService* prefs) { | 234 PrefService* prefs) { |
| 229 const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist); | 235 const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist); |
| 230 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 236 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
| 231 } | 237 } |
| 232 | 238 |
| 233 //////////////////////////////////////////////////////////////////////////////// | 239 //////////////////////////////////////////////////////////////////////////////// |
| 234 // SSLConfigServiceManager | 240 // SSLConfigServiceManager |
| 235 | 241 |
| 236 // static | 242 // static |
| 237 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 243 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
| 238 PrefService* local_state) { | 244 PrefService* local_state) { |
| 239 return new SSLConfigServiceManagerPref(local_state); | 245 return new SSLConfigServiceManagerPref(local_state); |
| 240 } | 246 } |
| 241 | 247 |
| 242 // static | 248 // static |
| 243 void SSLConfigServiceManager::RegisterPrefs(PrefService* prefs) { | 249 void SSLConfigServiceManager::RegisterPrefs(PrefService* prefs) { |
| 244 SSLConfigServiceManagerPref::RegisterPrefs(prefs); | 250 SSLConfigServiceManagerPref::RegisterPrefs(prefs); |
| 245 } | 251 } |
| OLD | NEW |
