Chromium Code Reviews Chromium Code Reviews
Issue 1360633002:
Implement Token Binding negotiation TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 153 | 153 |
| 154 PrefChangeRegistrar local_state_change_registrar_; | 154 PrefChangeRegistrar local_state_change_registrar_; |
| 155 | 155 |
| 156 // The local_state prefs (should only be accessed from UI thread) | 156 // The local_state prefs (should only be accessed from UI thread) |
| 157 BooleanPrefMember rev_checking_enabled_; | 157 BooleanPrefMember rev_checking_enabled_; |
| 158 BooleanPrefMember rev_checking_required_local_anchors_; | 158 BooleanPrefMember rev_checking_required_local_anchors_; |
| 159 StringPrefMember ssl_version_min_; | 159 StringPrefMember ssl_version_min_; |
| 160 StringPrefMember ssl_version_max_; | 160 StringPrefMember ssl_version_max_; |
| 161 StringPrefMember ssl_version_fallback_min_; | 161 StringPrefMember ssl_version_fallback_min_; |
| 162 BooleanPrefMember ssl_record_splitting_disabled_; | 162 BooleanPrefMember ssl_record_splitting_disabled_; |
| 163 BooleanPrefMember token_binding_enabled_; | |
| 163 | 164 |
| 164 // The cached list of disabled SSL cipher suites. | 165 // The cached list of disabled SSL cipher suites. |
| 165 std::vector<uint16> disabled_cipher_suites_; | 166 std::vector<uint16> disabled_cipher_suites_; |
| 166 | 167 |
| 167 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 168 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
| 168 | 169 |
| 169 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 170 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
| 170 }; | 171 }; |
| 171 | 172 |
| 172 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 173 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 186 local_state, | 187 local_state, |
| 187 local_state_callback); | 188 local_state_callback); |
| 188 ssl_version_min_.Init( | 189 ssl_version_min_.Init( |
| 189 prefs::kSSLVersionMin, local_state, local_state_callback); | 190 prefs::kSSLVersionMin, local_state, local_state_callback); |
| 190 ssl_version_max_.Init( | 191 ssl_version_max_.Init( |
| 191 prefs::kSSLVersionMax, local_state, local_state_callback); | 192 prefs::kSSLVersionMax, local_state, local_state_callback); |
| 192 ssl_version_fallback_min_.Init( | 193 ssl_version_fallback_min_.Init( |
| 193 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); | 194 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); |
| 194 ssl_record_splitting_disabled_.Init( | 195 ssl_record_splitting_disabled_.Init( |
| 195 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); | 196 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); |
| 197 token_binding_enabled_.Init( | |
| 198 prefs::kEnableTokenBinding, local_state, local_state_callback); | |
| 196 | 199 |
| 197 local_state_change_registrar_.Init(local_state); | 200 local_state_change_registrar_.Init(local_state); |
| 198 local_state_change_registrar_.Add( | 201 local_state_change_registrar_.Add( |
| 199 prefs::kCipherSuiteBlacklist, local_state_callback); | 202 prefs::kCipherSuiteBlacklist, local_state_callback); |
| 200 | 203 |
| 201 OnDisabledCipherSuitesChange(local_state); | 204 OnDisabledCipherSuitesChange(local_state); |
| 202 | 205 |
| 203 // Initialize from UI thread. This is okay as there shouldn't be anything on | 206 // Initialize from UI thread. This is okay as there shouldn't be anything on |
| 204 // the IO thread trying to access it yet. | 207 // the IO thread trying to access it yet. |
| 205 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 208 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
| 206 } | 209 } |
| 207 | 210 |
| 208 // static | 211 // static |
| 209 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 212 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
| 210 net::SSLConfig default_config; | 213 net::SSLConfig default_config; |
| 211 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 214 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
| 212 default_config.rev_checking_enabled); | 215 default_config.rev_checking_enabled); |
| 213 registry->RegisterBooleanPref( | 216 registry->RegisterBooleanPref( |
| 214 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 217 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
| 215 default_config.rev_checking_required_local_anchors); | 218 default_config.rev_checking_required_local_anchors); |
| 216 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); | 219 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); |
| 217 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); | 220 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); |
| 218 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); | 221 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); |
| 219 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 222 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
| 220 !default_config.false_start_enabled); | 223 !default_config.false_start_enabled); |
| 224 registry->RegisterBooleanPref(prefs::kEnableTokenBinding, | |
| 225 default_config.token_binding_params.size() > 0); | |
|
davidben
2015/09/25 21:51:50
This is sort of weird. We're pulling information f
nharper
2015/09/28 21:43:38
I changed this to use the size == 1 && params[0] =
| |
| 221 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 226 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
| 222 } | 227 } |
| 223 | 228 |
| 224 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 229 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 225 return ssl_config_service_.get(); | 230 return ssl_config_service_.get(); |
| 226 } | 231 } |
| 227 | 232 |
| 228 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 233 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
| 229 PrefService* prefs, | 234 PrefService* prefs, |
| 230 const std::string& pref_name_in) { | 235 const std::string& pref_name_in) { |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 273 if (version_max) { | 278 if (version_max) { |
| 274 uint16 supported_version_max = config->version_max; | 279 uint16 supported_version_max = config->version_max; |
| 275 config->version_max = std::min(supported_version_max, version_max); | 280 config->version_max = std::min(supported_version_max, version_max); |
| 276 } | 281 } |
| 277 if (version_fallback_min) { | 282 if (version_fallback_min) { |
| 278 config->version_fallback_min = version_fallback_min; | 283 config->version_fallback_min = version_fallback_min; |
| 279 } | 284 } |
| 280 config->disabled_cipher_suites = disabled_cipher_suites_; | 285 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 281 // disabling False Start also happens to disable record splitting. | 286 // disabling False Start also happens to disable record splitting. |
| 282 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); | 287 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
| 288 if (token_binding_enabled_.GetValue()) { | |
| 289 config->token_binding_params.clear(); | |
| 290 config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256); | |
| 291 } | |
| 283 } | 292 } |
| 284 | 293 |
| 285 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 294 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
| 286 PrefService* local_state) { | 295 PrefService* local_state) { |
| 287 const base::ListValue* value = | 296 const base::ListValue* value = |
| 288 local_state->GetList(prefs::kCipherSuiteBlacklist); | 297 local_state->GetList(prefs::kCipherSuiteBlacklist); |
| 289 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 298 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
| 290 } | 299 } |
| 291 | 300 |
| 292 //////////////////////////////////////////////////////////////////////////////// | 301 //////////////////////////////////////////////////////////////////////////////// |
| 293 // SSLConfigServiceManager | 302 // SSLConfigServiceManager |
| 294 | 303 |
| 295 // static | 304 // static |
| 296 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 305 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
| 297 PrefService* local_state) { | 306 PrefService* local_state) { |
| 298 return new SSLConfigServiceManagerPref(local_state); | 307 return new SSLConfigServiceManagerPref(local_state); |
| 299 } | 308 } |
| 300 | 309 |
| 301 // static | 310 // static |
| 302 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 311 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
| 303 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 312 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
| 304 } | 313 } |
| OLD | NEW |
