OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "components/ssl_config/ssl_config_service_manager.h" | 4 #include "components/ssl_config/ssl_config_service_manager.h" |
5 | 5 |
6 #include <stdint.h> | 6 #include <stdint.h> |
7 | 7 |
8 #include <algorithm> | 8 #include <algorithm> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 // cached list of parsed SSL/TLS cipher suites that are disabled. | 160 // cached list of parsed SSL/TLS cipher suites that are disabled. |
161 void OnDisabledCipherSuitesChange(PrefService* local_state); | 161 void OnDisabledCipherSuitesChange(PrefService* local_state); |
162 | 162 |
163 PrefChangeRegistrar local_state_change_registrar_; | 163 PrefChangeRegistrar local_state_change_registrar_; |
164 | 164 |
165 // The local_state prefs (should only be accessed from UI thread) | 165 // The local_state prefs (should only be accessed from UI thread) |
166 BooleanPrefMember rev_checking_enabled_; | 166 BooleanPrefMember rev_checking_enabled_; |
167 BooleanPrefMember rev_checking_required_local_anchors_; | 167 BooleanPrefMember rev_checking_required_local_anchors_; |
168 StringPrefMember ssl_version_min_; | 168 StringPrefMember ssl_version_min_; |
169 StringPrefMember ssl_version_max_; | 169 StringPrefMember ssl_version_max_; |
170 StringPrefMember ssl_version_fallback_min_; | |
171 | 170 |
172 // The cached list of disabled SSL cipher suites. | 171 // The cached list of disabled SSL cipher suites. |
173 std::vector<uint16_t> disabled_cipher_suites_; | 172 std::vector<uint16_t> disabled_cipher_suites_; |
174 | 173 |
175 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 174 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
176 | 175 |
177 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; | 176 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; |
178 | 177 |
179 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 178 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
180 }; | 179 }; |
(...skipping 11 matching lines...) Expand all Loading... |
192 | 191 |
193 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, | 192 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, |
194 local_state, local_state_callback); | 193 local_state, local_state_callback); |
195 rev_checking_required_local_anchors_.Init( | 194 rev_checking_required_local_anchors_.Init( |
196 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 195 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
197 local_state, local_state_callback); | 196 local_state, local_state_callback); |
198 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, | 197 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, |
199 local_state_callback); | 198 local_state_callback); |
200 ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, | 199 ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, |
201 local_state_callback); | 200 local_state_callback); |
202 ssl_version_fallback_min_.Init(ssl_config::prefs::kSSLVersionFallbackMin, | |
203 local_state, local_state_callback); | |
204 | 201 |
205 local_state_change_registrar_.Init(local_state); | 202 local_state_change_registrar_.Init(local_state); |
206 local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist, | 203 local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist, |
207 local_state_callback); | 204 local_state_callback); |
208 | 205 |
209 OnDisabledCipherSuitesChange(local_state); | 206 OnDisabledCipherSuitesChange(local_state); |
210 | 207 |
211 // Initialize from UI thread. This is okay as there shouldn't be anything on | 208 // Initialize from UI thread. This is okay as there shouldn't be anything on |
212 // the IO thread trying to access it yet. | 209 // the IO thread trying to access it yet. |
213 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 210 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
214 } | 211 } |
215 | 212 |
216 // static | 213 // static |
217 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 214 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
218 net::SSLConfig default_config; | 215 net::SSLConfig default_config; |
219 registry->RegisterBooleanPref( | 216 registry->RegisterBooleanPref( |
220 ssl_config::prefs::kCertRevocationCheckingEnabled, | 217 ssl_config::prefs::kCertRevocationCheckingEnabled, |
221 default_config.rev_checking_enabled); | 218 default_config.rev_checking_enabled); |
222 registry->RegisterBooleanPref( | 219 registry->RegisterBooleanPref( |
223 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 220 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
224 default_config.rev_checking_required_local_anchors); | 221 default_config.rev_checking_required_local_anchors); |
225 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin, | 222 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin, |
226 std::string()); | 223 std::string()); |
227 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, | 224 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, |
228 std::string()); | 225 std::string()); |
229 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionFallbackMin, | |
230 std::string()); | |
231 registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); | 226 registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); |
232 } | 227 } |
233 | 228 |
234 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 229 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
235 return ssl_config_service_.get(); | 230 return ssl_config_service_.get(); |
236 } | 231 } |
237 | 232 |
238 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 233 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
239 PrefService* prefs, | 234 PrefService* prefs, |
240 const std::string& pref_name_in) { | 235 const std::string& pref_name_in) { |
(...skipping 16 matching lines...) Expand all Loading... |
257 // rev_checking_enabled was formerly a user-settable preference, but now | 252 // rev_checking_enabled was formerly a user-settable preference, but now |
258 // it is managed-only. | 253 // it is managed-only. |
259 if (rev_checking_enabled_.IsManaged()) | 254 if (rev_checking_enabled_.IsManaged()) |
260 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); | 255 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); |
261 else | 256 else |
262 config->rev_checking_enabled = false; | 257 config->rev_checking_enabled = false; |
263 config->rev_checking_required_local_anchors = | 258 config->rev_checking_required_local_anchors = |
264 rev_checking_required_local_anchors_.GetValue(); | 259 rev_checking_required_local_anchors_.GetValue(); |
265 std::string version_min_str = ssl_version_min_.GetValue(); | 260 std::string version_min_str = ssl_version_min_.GetValue(); |
266 std::string version_max_str = ssl_version_max_.GetValue(); | 261 std::string version_max_str = ssl_version_max_.GetValue(); |
267 std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue(); | |
268 config->version_min = net::kDefaultSSLVersionMin; | 262 config->version_min = net::kDefaultSSLVersionMin; |
269 config->version_max = net::kDefaultSSLVersionMax; | 263 config->version_max = net::kDefaultSSLVersionMax; |
270 config->version_fallback_min = net::kDefaultSSLVersionFallbackMin; | |
271 uint16_t version_min = SSLProtocolVersionFromString(version_min_str); | 264 uint16_t version_min = SSLProtocolVersionFromString(version_min_str); |
272 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); | 265 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); |
273 uint16_t version_fallback_min = | |
274 SSLProtocolVersionFromString(version_fallback_min_str); | |
275 if (version_min) { | 266 if (version_min) { |
276 config->version_min = version_min; | 267 config->version_min = version_min; |
277 } | 268 } |
278 if (version_max) { | 269 if (version_max) { |
279 uint16_t supported_version_max = config->version_max; | 270 uint16_t supported_version_max = config->version_max; |
280 config->version_max = std::min(supported_version_max, version_max); | 271 config->version_max = std::min(supported_version_max, version_max); |
281 } | 272 } |
282 // Values below TLS 1.1 are invalid. | |
283 if (version_fallback_min && | |
284 version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) { | |
285 config->version_fallback_min = version_fallback_min; | |
286 } | |
287 config->disabled_cipher_suites = disabled_cipher_suites_; | 273 config->disabled_cipher_suites = disabled_cipher_suites_; |
288 } | 274 } |
289 | 275 |
290 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 276 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
291 PrefService* local_state) { | 277 PrefService* local_state) { |
292 const base::ListValue* value = | 278 const base::ListValue* value = |
293 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); | 279 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); |
294 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 280 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
295 } | 281 } |
296 | 282 |
297 //////////////////////////////////////////////////////////////////////////////// | 283 //////////////////////////////////////////////////////////////////////////////// |
298 // SSLConfigServiceManager | 284 // SSLConfigServiceManager |
299 | 285 |
300 namespace ssl_config { | 286 namespace ssl_config { |
301 // static | 287 // static |
302 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 288 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
303 PrefService* local_state, | 289 PrefService* local_state, |
304 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { | 290 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { |
305 return new SSLConfigServiceManagerPref(local_state, io_task_runner); | 291 return new SSLConfigServiceManagerPref(local_state, io_task_runner); |
306 } | 292 } |
307 | 293 |
308 // static | 294 // static |
309 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 295 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
310 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 296 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
311 } | 297 } |
312 } // namespace ssl_config | 298 } // namespace ssl_config |
OLD | NEW |