OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
5 | 5 |
6 #include <algorithm> | 6 #include <algorithm> |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
151 void OnDisabledCipherSuitesChange(PrefService* local_state); | 151 void OnDisabledCipherSuitesChange(PrefService* local_state); |
152 | 152 |
153 PrefChangeRegistrar local_state_change_registrar_; | 153 PrefChangeRegistrar local_state_change_registrar_; |
154 | 154 |
155 // The local_state prefs (should only be accessed from UI thread) | 155 // The local_state prefs (should only be accessed from UI thread) |
156 BooleanPrefMember rev_checking_enabled_; | 156 BooleanPrefMember rev_checking_enabled_; |
157 BooleanPrefMember rev_checking_required_local_anchors_; | 157 BooleanPrefMember rev_checking_required_local_anchors_; |
158 StringPrefMember ssl_version_min_; | 158 StringPrefMember ssl_version_min_; |
159 StringPrefMember ssl_version_max_; | 159 StringPrefMember ssl_version_max_; |
160 StringPrefMember ssl_version_fallback_min_; | 160 StringPrefMember ssl_version_fallback_min_; |
161 BooleanPrefMember token_binding_enabled_; | |
161 | 162 |
162 // The cached list of disabled SSL cipher suites. | 163 // The cached list of disabled SSL cipher suites. |
163 std::vector<uint16> disabled_cipher_suites_; | 164 std::vector<uint16> disabled_cipher_suites_; |
164 | 165 |
165 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 166 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
166 | 167 |
167 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 168 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
168 }; | 169 }; |
169 | 170 |
170 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 171 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
(...skipping 11 matching lines...) Expand all Loading... | |
182 rev_checking_required_local_anchors_.Init( | 183 rev_checking_required_local_anchors_.Init( |
183 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 184 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
184 local_state, | 185 local_state, |
185 local_state_callback); | 186 local_state_callback); |
186 ssl_version_min_.Init( | 187 ssl_version_min_.Init( |
187 prefs::kSSLVersionMin, local_state, local_state_callback); | 188 prefs::kSSLVersionMin, local_state, local_state_callback); |
188 ssl_version_max_.Init( | 189 ssl_version_max_.Init( |
189 prefs::kSSLVersionMax, local_state, local_state_callback); | 190 prefs::kSSLVersionMax, local_state, local_state_callback); |
190 ssl_version_fallback_min_.Init( | 191 ssl_version_fallback_min_.Init( |
191 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); | 192 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); |
193 token_binding_enabled_.Init( | |
194 prefs::kEnableTokenBinding, local_state, local_state_callback); | |
192 | 195 |
193 local_state_change_registrar_.Init(local_state); | 196 local_state_change_registrar_.Init(local_state); |
194 local_state_change_registrar_.Add( | 197 local_state_change_registrar_.Add( |
195 prefs::kCipherSuiteBlacklist, local_state_callback); | 198 prefs::kCipherSuiteBlacklist, local_state_callback); |
196 | 199 |
197 OnDisabledCipherSuitesChange(local_state); | 200 OnDisabledCipherSuitesChange(local_state); |
198 | 201 |
199 // Initialize from UI thread. This is okay as there shouldn't be anything on | 202 // Initialize from UI thread. This is okay as there shouldn't be anything on |
200 // the IO thread trying to access it yet. | 203 // the IO thread trying to access it yet. |
201 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 204 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
202 } | 205 } |
203 | 206 |
204 // static | 207 // static |
205 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 208 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
206 net::SSLConfig default_config; | 209 net::SSLConfig default_config; |
207 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 210 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
208 default_config.rev_checking_enabled); | 211 default_config.rev_checking_enabled); |
209 registry->RegisterBooleanPref( | 212 registry->RegisterBooleanPref( |
210 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 213 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
211 default_config.rev_checking_required_local_anchors); | 214 default_config.rev_checking_required_local_anchors); |
212 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); | 215 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); |
213 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); | 216 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); |
214 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); | 217 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); |
218 registry->RegisterBooleanPref( | |
219 prefs::kEnableTokenBinding, | |
220 default_config.token_binding_params.size() == 1 && | |
221 default_config.token_binding_params[0] == | |
222 net::TB_PARAM_ECDSAP256_SHA256); | |
davidben
2015/10/01 16:15:17
Hrm. Both versions are sort of odd, if the default
nharper
2015/10/01 19:12:23
I agree that this check is odd, and when consideri
davidben
2015/10/15 21:52:08
I think we should at least have the DCHECK then, o
nharper
2015/10/20 22:52:18
It sounds to me like this should be removed from t
| |
215 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 223 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
216 } | 224 } |
217 | 225 |
218 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 226 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
219 return ssl_config_service_.get(); | 227 return ssl_config_service_.get(); |
220 } | 228 } |
221 | 229 |
222 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 230 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
223 PrefService* prefs, | 231 PrefService* prefs, |
224 const std::string& pref_name_in) { | 232 const std::string& pref_name_in) { |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
265 config->version_min = version_min; | 273 config->version_min = version_min; |
266 } | 274 } |
267 if (version_max) { | 275 if (version_max) { |
268 uint16 supported_version_max = config->version_max; | 276 uint16 supported_version_max = config->version_max; |
269 config->version_max = std::min(supported_version_max, version_max); | 277 config->version_max = std::min(supported_version_max, version_max); |
270 } | 278 } |
271 if (version_fallback_min) { | 279 if (version_fallback_min) { |
272 config->version_fallback_min = version_fallback_min; | 280 config->version_fallback_min = version_fallback_min; |
273 } | 281 } |
274 config->disabled_cipher_suites = disabled_cipher_suites_; | 282 config->disabled_cipher_suites = disabled_cipher_suites_; |
283 if (token_binding_enabled_.GetValue()) { | |
284 config->token_binding_params.clear(); | |
285 config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256); | |
286 } | |
275 } | 287 } |
276 | 288 |
277 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 289 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
278 PrefService* local_state) { | 290 PrefService* local_state) { |
279 const base::ListValue* value = | 291 const base::ListValue* value = |
280 local_state->GetList(prefs::kCipherSuiteBlacklist); | 292 local_state->GetList(prefs::kCipherSuiteBlacklist); |
281 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 293 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
282 } | 294 } |
283 | 295 |
284 //////////////////////////////////////////////////////////////////////////////// | 296 //////////////////////////////////////////////////////////////////////////////// |
285 // SSLConfigServiceManager | 297 // SSLConfigServiceManager |
286 | 298 |
287 // static | 299 // static |
288 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 300 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
289 PrefService* local_state) { | 301 PrefService* local_state) { |
290 return new SSLConfigServiceManagerPref(local_state); | 302 return new SSLConfigServiceManagerPref(local_state); |
291 } | 303 } |
292 | 304 |
293 // static | 305 // static |
294 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 306 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
295 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 307 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
296 } | 308 } |
OLD | NEW |