| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_config_service.h" | 5 #include "net/ssl/ssl_config_service.h" |
| 6 | 6 |
| 7 #include <tuple> | 7 #include <tuple> |
| 8 | 8 |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "base/synchronization/lock.h" | 10 #include "base/synchronization/lock.h" |
| 11 #include "net/ssl/ssl_config_service_defaults.h" | 11 #include "net/ssl/ssl_config_service_defaults.h" |
| 12 | 12 |
| 13 namespace net { | 13 namespace net { |
| 14 | 14 |
| 15 SSLConfigService::SSLConfigService() | 15 SSLConfigService::SSLConfigService() |
| 16 : observer_list_(base::ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { | 16 : observer_list_(base::ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { |
| 17 } | 17 } |
| 18 | 18 |
| 19 // GlobalSSLObject holds a reference to a global SSL object, such as the | 19 // GlobalSSLObject holds a reference to a global SSL object, such as the |
| 20 // CRLSet or the EVCertsWhitelist. It simply wraps a lock around a | 20 // CRLSet. It simply wraps a lock around a scoped_refptr so that getting a |
| 21 // scoped_refptr so that getting a reference doesn't race with | 21 // reference doesn't race with updating the global object. |
| 22 // updating the global object. | |
| 23 template <class T> | 22 template <class T> |
| 24 class GlobalSSLObject { | 23 class GlobalSSLObject { |
| 25 public: | 24 public: |
| 26 void Set(const scoped_refptr<T>& new_ssl_object) { | 25 void Set(const scoped_refptr<T>& new_ssl_object) { |
| 27 base::AutoLock locked(lock_); | 26 base::AutoLock locked(lock_); |
| 28 ssl_object_ = new_ssl_object; | 27 ssl_object_ = new_ssl_object; |
| 29 } | 28 } |
| 30 | 29 |
| 31 scoped_refptr<T> Get() const { | 30 scoped_refptr<T> Get() const { |
| 32 base::AutoLock locked(lock_); | 31 base::AutoLock locked(lock_); |
| 33 return ssl_object_; | 32 return ssl_object_; |
| 34 } | 33 } |
| 35 | 34 |
| 36 private: | 35 private: |
| 37 scoped_refptr<T> ssl_object_; | 36 scoped_refptr<T> ssl_object_; |
| 38 mutable base::Lock lock_; | 37 mutable base::Lock lock_; |
| 39 }; | 38 }; |
| 40 | 39 |
| 41 typedef GlobalSSLObject<CRLSet> GlobalCRLSet; | 40 typedef GlobalSSLObject<CRLSet> GlobalCRLSet; |
| 42 typedef GlobalSSLObject<ct::EVCertsWhitelist> GlobalEVCertsWhitelist; | |
| 43 | 41 |
| 44 base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER; | 42 base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER; |
| 45 base::LazyInstance<GlobalEVCertsWhitelist>::Leaky g_ev_whitelist = | |
| 46 LAZY_INSTANCE_INITIALIZER; | |
| 47 | 43 |
| 48 // static | 44 // static |
| 49 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) { | 45 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) { |
| 50 // Note: this can be called concurently with GetCRLSet(). | 46 // Note: this can be called concurently with GetCRLSet(). |
| 51 g_crl_set.Get().Set(crl_set); | 47 g_crl_set.Get().Set(crl_set); |
| 52 } | 48 } |
| 53 | 49 |
| 54 // static | 50 // static |
| 55 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() { | 51 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() { |
| 56 return g_crl_set.Get().Get(); | 52 return g_crl_set.Get().Get(); |
| 57 } | 53 } |
| 58 | 54 |
| 59 // static | |
| 60 void SSLConfigService::SetEVCertsWhitelist( | |
| 61 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist) { | |
| 62 g_ev_whitelist.Get().Set(ev_whitelist); | |
| 63 } | |
| 64 | |
| 65 // static | |
| 66 scoped_refptr<ct::EVCertsWhitelist> SSLConfigService::GetEVCertsWhitelist() { | |
| 67 return g_ev_whitelist.Get().Get(); | |
| 68 } | |
| 69 | |
| 70 void SSLConfigService::AddObserver(Observer* observer) { | 55 void SSLConfigService::AddObserver(Observer* observer) { |
| 71 observer_list_.AddObserver(observer); | 56 observer_list_.AddObserver(observer); |
| 72 } | 57 } |
| 73 | 58 |
| 74 void SSLConfigService::RemoveObserver(Observer* observer) { | 59 void SSLConfigService::RemoveObserver(Observer* observer) { |
| 75 observer_list_.RemoveObserver(observer); | 60 observer_list_.RemoveObserver(observer); |
| 76 } | 61 } |
| 77 | 62 |
| 78 void SSLConfigService::NotifySSLConfigChange() { | 63 void SSLConfigService::NotifySSLConfigChange() { |
| 79 for (auto& observer : observer_list_) | 64 for (auto& observer : observer_list_) |
| (...skipping 19 matching lines...) Expand all Loading... |
| 99 new_config.common_name_fallback_local_anchors_enabled, | 84 new_config.common_name_fallback_local_anchors_enabled, |
| 100 new_config.version_min, new_config.version_max, | 85 new_config.version_min, new_config.version_max, |
| 101 new_config.disabled_cipher_suites, new_config.channel_id_enabled, | 86 new_config.disabled_cipher_suites, new_config.channel_id_enabled, |
| 102 new_config.false_start_enabled, new_config.require_ecdhe); | 87 new_config.false_start_enabled, new_config.require_ecdhe); |
| 103 | 88 |
| 104 if (config_changed) | 89 if (config_changed) |
| 105 NotifySSLConfigChange(); | 90 NotifySSLConfigChange(); |
| 106 } | 91 } |
| 107 | 92 |
| 108 } // namespace net | 93 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2937563002:
Remove the EV Certs Whitelist (Closed)
