OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "components/ssl_config/ssl_config_service_manager.h" | 4 #include "components/ssl_config/ssl_config_service_manager.h" |
5 | 5 |
6 #include <algorithm> | 6 #include <algorithm> |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
13 #include "base/prefs/pref_change_registrar.h" | 13 #include "base/prefs/pref_change_registrar.h" |
14 #include "base/prefs/pref_member.h" | 14 #include "base/prefs/pref_member.h" |
15 #include "base/prefs/pref_registry_simple.h" | 15 #include "base/prefs/pref_registry_simple.h" |
16 #include "base/prefs/pref_service.h" | 16 #include "base/prefs/pref_service.h" |
17 #include "base/single_thread_task_runner.h" | 17 #include "base/single_thread_task_runner.h" |
| 18 #include "base/strings/string_util.h" |
| 19 #include "base/values.h" |
18 #include "components/content_settings/core/browser/content_settings_utils.h" | 20 #include "components/content_settings/core/browser/content_settings_utils.h" |
19 #include "components/content_settings/core/common/content_settings.h" | 21 #include "components/content_settings/core/common/content_settings.h" |
20 #include "components/ssl_config/ssl_config_prefs.h" | 22 #include "components/ssl_config/ssl_config_prefs.h" |
21 #include "components/ssl_config/ssl_config_switches.h" | 23 #include "components/ssl_config/ssl_config_switches.h" |
22 #include "net/ssl/ssl_cipher_suite_names.h" | 24 #include "net/ssl/ssl_cipher_suite_names.h" |
23 #include "net/ssl/ssl_config_service.h" | 25 #include "net/ssl/ssl_config_service.h" |
24 | 26 |
25 namespace base { | 27 namespace base { |
26 class SingleThreadTaskRunner; | 28 class SingleThreadTaskRunner; |
27 } | 29 } |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
71 if (version_str == switches::kSSLVersionTLSv1) { | 73 if (version_str == switches::kSSLVersionTLSv1) { |
72 version = net::SSL_PROTOCOL_VERSION_TLS1; | 74 version = net::SSL_PROTOCOL_VERSION_TLS1; |
73 } else if (version_str == switches::kSSLVersionTLSv11) { | 75 } else if (version_str == switches::kSSLVersionTLSv11) { |
74 version = net::SSL_PROTOCOL_VERSION_TLS1_1; | 76 version = net::SSL_PROTOCOL_VERSION_TLS1_1; |
75 } else if (version_str == switches::kSSLVersionTLSv12) { | 77 } else if (version_str == switches::kSSLVersionTLSv12) { |
76 version = net::SSL_PROTOCOL_VERSION_TLS1_2; | 78 version = net::SSL_PROTOCOL_VERSION_TLS1_2; |
77 } | 79 } |
78 return version; | 80 return version; |
79 } | 81 } |
80 | 82 |
| 83 bool IsRC4EnabledByDefault() { |
| 84 const std::string group_name = |
| 85 base::FieldTrialList::FindFullName("RC4Ciphers"); |
| 86 return base::StartsWith(group_name, "Enabled", base::CompareCase::SENSITIVE); |
| 87 } |
| 88 |
81 } // namespace | 89 } // namespace |
82 | 90 |
83 //////////////////////////////////////////////////////////////////////////////// | 91 //////////////////////////////////////////////////////////////////////////////// |
84 // SSLConfigServicePref | 92 // SSLConfigServicePref |
85 | 93 |
86 // An SSLConfigService which stores a cached version of the current SSLConfig | 94 // An SSLConfigService which stores a cached version of the current SSLConfig |
87 // prefs, which are updated by SSLConfigServiceManagerPref when the prefs | 95 // prefs, which are updated by SSLConfigServiceManagerPref when the prefs |
88 // change. | 96 // change. |
89 class SSLConfigServicePref : public net::SSLConfigService { | 97 class SSLConfigServicePref : public net::SSLConfigService { |
90 public: | 98 public: |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
157 void OnDisabledCipherSuitesChange(PrefService* local_state); | 165 void OnDisabledCipherSuitesChange(PrefService* local_state); |
158 | 166 |
159 PrefChangeRegistrar local_state_change_registrar_; | 167 PrefChangeRegistrar local_state_change_registrar_; |
160 | 168 |
161 // The local_state prefs (should only be accessed from UI thread) | 169 // The local_state prefs (should only be accessed from UI thread) |
162 BooleanPrefMember rev_checking_enabled_; | 170 BooleanPrefMember rev_checking_enabled_; |
163 BooleanPrefMember rev_checking_required_local_anchors_; | 171 BooleanPrefMember rev_checking_required_local_anchors_; |
164 StringPrefMember ssl_version_min_; | 172 StringPrefMember ssl_version_min_; |
165 StringPrefMember ssl_version_max_; | 173 StringPrefMember ssl_version_max_; |
166 StringPrefMember ssl_version_fallback_min_; | 174 StringPrefMember ssl_version_fallback_min_; |
| 175 BooleanPrefMember rc4_enabled_; |
167 | 176 |
168 // The cached list of disabled SSL cipher suites. | 177 // The cached list of disabled SSL cipher suites. |
169 std::vector<uint16> disabled_cipher_suites_; | 178 std::vector<uint16> disabled_cipher_suites_; |
170 | 179 |
171 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 180 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
172 | 181 |
173 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; | 182 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; |
174 | 183 |
175 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 184 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
176 }; | 185 }; |
177 | 186 |
178 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 187 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
179 PrefService* local_state, | 188 PrefService* local_state, |
180 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) | 189 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) |
181 : ssl_config_service_(new SSLConfigServicePref(io_task_runner)), | 190 : ssl_config_service_(new SSLConfigServicePref(io_task_runner)), |
182 io_task_runner_(io_task_runner) { | 191 io_task_runner_(io_task_runner) { |
183 DCHECK(local_state); | 192 DCHECK(local_state); |
184 | 193 |
| 194 local_state->SetDefaultPrefValue( |
| 195 ssl_config::prefs::kRC4Enabled, |
| 196 new base::FundamentalValue(IsRC4EnabledByDefault())); |
| 197 |
185 PrefChangeRegistrar::NamedChangeCallback local_state_callback = | 198 PrefChangeRegistrar::NamedChangeCallback local_state_callback = |
186 base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged, | 199 base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged, |
187 base::Unretained(this), local_state); | 200 base::Unretained(this), local_state); |
188 | 201 |
189 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, | 202 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, |
190 local_state, local_state_callback); | 203 local_state, local_state_callback); |
191 rev_checking_required_local_anchors_.Init( | 204 rev_checking_required_local_anchors_.Init( |
192 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 205 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
193 local_state, local_state_callback); | 206 local_state, local_state_callback); |
194 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, | 207 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, |
195 local_state_callback); | 208 local_state_callback); |
196 ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, | 209 ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, |
197 local_state_callback); | 210 local_state_callback); |
198 ssl_version_fallback_min_.Init(ssl_config::prefs::kSSLVersionFallbackMin, | 211 ssl_version_fallback_min_.Init(ssl_config::prefs::kSSLVersionFallbackMin, |
199 local_state, local_state_callback); | 212 local_state, local_state_callback); |
| 213 rc4_enabled_.Init(ssl_config::prefs::kRC4Enabled, local_state, |
| 214 local_state_callback); |
200 | 215 |
201 local_state_change_registrar_.Init(local_state); | 216 local_state_change_registrar_.Init(local_state); |
202 local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist, | 217 local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist, |
203 local_state_callback); | 218 local_state_callback); |
204 | 219 |
205 OnDisabledCipherSuitesChange(local_state); | 220 OnDisabledCipherSuitesChange(local_state); |
206 | 221 |
207 // Initialize from UI thread. This is okay as there shouldn't be anything on | 222 // Initialize from UI thread. This is okay as there shouldn't be anything on |
208 // the IO thread trying to access it yet. | 223 // the IO thread trying to access it yet. |
209 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 224 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
210 } | 225 } |
211 | 226 |
212 // static | 227 // static |
213 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 228 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
214 net::SSLConfig default_config; | 229 net::SSLConfig default_config; |
215 registry->RegisterBooleanPref( | 230 registry->RegisterBooleanPref( |
216 ssl_config::prefs::kCertRevocationCheckingEnabled, | 231 ssl_config::prefs::kCertRevocationCheckingEnabled, |
217 default_config.rev_checking_enabled); | 232 default_config.rev_checking_enabled); |
218 registry->RegisterBooleanPref( | 233 registry->RegisterBooleanPref( |
219 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 234 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
220 default_config.rev_checking_required_local_anchors); | 235 default_config.rev_checking_required_local_anchors); |
221 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin, | 236 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin, |
222 std::string()); | 237 std::string()); |
223 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, | 238 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, |
224 std::string()); | 239 std::string()); |
225 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionFallbackMin, | 240 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionFallbackMin, |
226 std::string()); | 241 std::string()); |
227 registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); | 242 registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); |
| 243 registry->RegisterBooleanPref(ssl_config::prefs::kRC4Enabled, |
| 244 default_config.rc4_enabled); |
228 } | 245 } |
229 | 246 |
230 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 247 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
231 return ssl_config_service_.get(); | 248 return ssl_config_service_.get(); |
232 } | 249 } |
233 | 250 |
234 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 251 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
235 PrefService* prefs, | 252 PrefService* prefs, |
236 const std::string& pref_name_in) { | 253 const std::string& pref_name_in) { |
237 DCHECK(prefs); | 254 DCHECK(prefs); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
272 config->version_min = version_min; | 289 config->version_min = version_min; |
273 } | 290 } |
274 if (version_max) { | 291 if (version_max) { |
275 uint16 supported_version_max = config->version_max; | 292 uint16 supported_version_max = config->version_max; |
276 config->version_max = std::min(supported_version_max, version_max); | 293 config->version_max = std::min(supported_version_max, version_max); |
277 } | 294 } |
278 if (version_fallback_min) { | 295 if (version_fallback_min) { |
279 config->version_fallback_min = version_fallback_min; | 296 config->version_fallback_min = version_fallback_min; |
280 } | 297 } |
281 config->disabled_cipher_suites = disabled_cipher_suites_; | 298 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 299 config->rc4_enabled = rc4_enabled_.GetValue(); |
282 } | 300 } |
283 | 301 |
284 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 302 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
285 PrefService* local_state) { | 303 PrefService* local_state) { |
286 const base::ListValue* value = | 304 const base::ListValue* value = |
287 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); | 305 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); |
288 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 306 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
289 } | 307 } |
290 | 308 |
291 //////////////////////////////////////////////////////////////////////////////// | 309 //////////////////////////////////////////////////////////////////////////////// |
292 // SSLConfigServiceManager | 310 // SSLConfigServiceManager |
293 | 311 |
294 namespace ssl_config { | 312 namespace ssl_config { |
295 // static | 313 // static |
296 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 314 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
297 PrefService* local_state, | 315 PrefService* local_state, |
298 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { | 316 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { |
299 return new SSLConfigServiceManagerPref(local_state, io_task_runner); | 317 return new SSLConfigServiceManagerPref(local_state, io_task_runner); |
300 } | 318 } |
301 | 319 |
302 // static | 320 // static |
303 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 321 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
304 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 322 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
305 } | 323 } |
306 } // namespace ssl_config | 324 } // namespace ssl_config |
OLD | NEW |