OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
5 | 5 |
6 #include <algorithm> | 6 #include <algorithm> |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
153 | 153 |
154 PrefChangeRegistrar local_state_change_registrar_; | 154 PrefChangeRegistrar local_state_change_registrar_; |
155 | 155 |
156 // The local_state prefs (should only be accessed from UI thread) | 156 // The local_state prefs (should only be accessed from UI thread) |
157 BooleanPrefMember rev_checking_enabled_; | 157 BooleanPrefMember rev_checking_enabled_; |
158 BooleanPrefMember rev_checking_required_local_anchors_; | 158 BooleanPrefMember rev_checking_required_local_anchors_; |
159 StringPrefMember ssl_version_min_; | 159 StringPrefMember ssl_version_min_; |
160 StringPrefMember ssl_version_max_; | 160 StringPrefMember ssl_version_max_; |
161 StringPrefMember ssl_version_fallback_min_; | 161 StringPrefMember ssl_version_fallback_min_; |
162 BooleanPrefMember ssl_record_splitting_disabled_; | 162 BooleanPrefMember ssl_record_splitting_disabled_; |
163 BooleanPrefMember token_binding_enabled_; | |
163 | 164 |
164 // The cached list of disabled SSL cipher suites. | 165 // The cached list of disabled SSL cipher suites. |
165 std::vector<uint16> disabled_cipher_suites_; | 166 std::vector<uint16> disabled_cipher_suites_; |
166 | 167 |
167 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 168 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
168 | 169 |
169 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 170 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
170 }; | 171 }; |
171 | 172 |
172 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 173 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
(...skipping 13 matching lines...) Expand all Loading... | |
186 local_state, | 187 local_state, |
187 local_state_callback); | 188 local_state_callback); |
188 ssl_version_min_.Init( | 189 ssl_version_min_.Init( |
189 prefs::kSSLVersionMin, local_state, local_state_callback); | 190 prefs::kSSLVersionMin, local_state, local_state_callback); |
190 ssl_version_max_.Init( | 191 ssl_version_max_.Init( |
191 prefs::kSSLVersionMax, local_state, local_state_callback); | 192 prefs::kSSLVersionMax, local_state, local_state_callback); |
192 ssl_version_fallback_min_.Init( | 193 ssl_version_fallback_min_.Init( |
193 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); | 194 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); |
194 ssl_record_splitting_disabled_.Init( | 195 ssl_record_splitting_disabled_.Init( |
195 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); | 196 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); |
197 token_binding_enabled_.Init( | |
198 prefs::kEnableTokenBinding, local_state, local_state_callback); | |
196 | 199 |
197 local_state_change_registrar_.Init(local_state); | 200 local_state_change_registrar_.Init(local_state); |
198 local_state_change_registrar_.Add( | 201 local_state_change_registrar_.Add( |
199 prefs::kCipherSuiteBlacklist, local_state_callback); | 202 prefs::kCipherSuiteBlacklist, local_state_callback); |
200 | 203 |
201 OnDisabledCipherSuitesChange(local_state); | 204 OnDisabledCipherSuitesChange(local_state); |
202 | 205 |
203 // Initialize from UI thread. This is okay as there shouldn't be anything on | 206 // Initialize from UI thread. This is okay as there shouldn't be anything on |
204 // the IO thread trying to access it yet. | 207 // the IO thread trying to access it yet. |
205 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 208 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
206 } | 209 } |
207 | 210 |
208 // static | 211 // static |
209 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 212 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
210 net::SSLConfig default_config; | 213 net::SSLConfig default_config; |
211 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 214 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
212 default_config.rev_checking_enabled); | 215 default_config.rev_checking_enabled); |
213 registry->RegisterBooleanPref( | 216 registry->RegisterBooleanPref( |
214 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 217 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
215 default_config.rev_checking_required_local_anchors); | 218 default_config.rev_checking_required_local_anchors); |
216 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); | 219 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); |
217 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); | 220 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); |
218 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); | 221 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); |
219 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 222 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
220 !default_config.false_start_enabled); | 223 !default_config.false_start_enabled); |
224 registry->RegisterBooleanPref(prefs::kEnableTokenBinding, | |
225 default_config.token_binding_params.size() > 0); | |
davidben
2015/09/25 21:51:50
This is sort of weird. We're pulling information f
nharper
2015/09/28 21:43:38
I changed this to use the size == 1 && params[0] =
| |
221 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 226 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
222 } | 227 } |
223 | 228 |
224 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 229 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
225 return ssl_config_service_.get(); | 230 return ssl_config_service_.get(); |
226 } | 231 } |
227 | 232 |
228 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 233 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
229 PrefService* prefs, | 234 PrefService* prefs, |
230 const std::string& pref_name_in) { | 235 const std::string& pref_name_in) { |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
273 if (version_max) { | 278 if (version_max) { |
274 uint16 supported_version_max = config->version_max; | 279 uint16 supported_version_max = config->version_max; |
275 config->version_max = std::min(supported_version_max, version_max); | 280 config->version_max = std::min(supported_version_max, version_max); |
276 } | 281 } |
277 if (version_fallback_min) { | 282 if (version_fallback_min) { |
278 config->version_fallback_min = version_fallback_min; | 283 config->version_fallback_min = version_fallback_min; |
279 } | 284 } |
280 config->disabled_cipher_suites = disabled_cipher_suites_; | 285 config->disabled_cipher_suites = disabled_cipher_suites_; |
281 // disabling False Start also happens to disable record splitting. | 286 // disabling False Start also happens to disable record splitting. |
282 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); | 287 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
288 if (token_binding_enabled_.GetValue()) { | |
289 config->token_binding_params.clear(); | |
290 config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256); | |
291 } | |
283 } | 292 } |
284 | 293 |
285 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 294 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
286 PrefService* local_state) { | 295 PrefService* local_state) { |
287 const base::ListValue* value = | 296 const base::ListValue* value = |
288 local_state->GetList(prefs::kCipherSuiteBlacklist); | 297 local_state->GetList(prefs::kCipherSuiteBlacklist); |
289 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 298 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
290 } | 299 } |
291 | 300 |
292 //////////////////////////////////////////////////////////////////////////////// | 301 //////////////////////////////////////////////////////////////////////////////// |
293 // SSLConfigServiceManager | 302 // SSLConfigServiceManager |
294 | 303 |
295 // static | 304 // static |
296 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 305 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
297 PrefService* local_state) { | 306 PrefService* local_state) { |
298 return new SSLConfigServiceManagerPref(local_state); | 307 return new SSLConfigServiceManagerPref(local_state); |
299 } | 308 } |
300 | 309 |
301 // static | 310 // static |
302 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 311 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
303 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 312 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
304 } | 313 } |
OLD | NEW |