OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
5 | 5 |
6 #include <algorithm> | 6 #include <algorithm> |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
132 // Processes changes to the disabled cipher suites preference, updating the | 132 // Processes changes to the disabled cipher suites preference, updating the |
133 // cached list of parsed SSL/TLS cipher suites that are disabled. | 133 // cached list of parsed SSL/TLS cipher suites that are disabled. |
134 void OnDisabledCipherSuitesChange(PrefService* prefs); | 134 void OnDisabledCipherSuitesChange(PrefService* prefs); |
135 | 135 |
136 PrefChangeRegistrar pref_change_registrar_; | 136 PrefChangeRegistrar pref_change_registrar_; |
137 | 137 |
138 // The prefs (should only be accessed from UI thread) | 138 // The prefs (should only be accessed from UI thread) |
139 BooleanPrefMember rev_checking_enabled_; | 139 BooleanPrefMember rev_checking_enabled_; |
140 BooleanPrefMember ssl3_enabled_; | 140 BooleanPrefMember ssl3_enabled_; |
141 BooleanPrefMember tls1_enabled_; | 141 BooleanPrefMember tls1_enabled_; |
142 BooleanPrefMember origin_bound_certs_enabled_; | 142 BooleanPrefMember domain_bound_certs_enabled_; |
143 BooleanPrefMember ssl_record_splitting_disabled_; | 143 BooleanPrefMember ssl_record_splitting_disabled_; |
144 | 144 |
145 // The cached list of disabled SSL cipher suites. | 145 // The cached list of disabled SSL cipher suites. |
146 std::vector<uint16> disabled_cipher_suites_; | 146 std::vector<uint16> disabled_cipher_suites_; |
147 | 147 |
148 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 148 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
149 | 149 |
150 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 150 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
151 }; | 151 }; |
152 | 152 |
153 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( | 153 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
154 PrefService* local_state) | 154 PrefService* local_state) |
155 : ssl_config_service_(new SSLConfigServicePref()) { | 155 : ssl_config_service_(new SSLConfigServicePref()) { |
156 DCHECK(local_state); | 156 DCHECK(local_state); |
157 | 157 |
158 rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled, | 158 rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled, |
159 local_state, this); | 159 local_state, this); |
160 ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this); | 160 ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this); |
161 tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this); | 161 tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this); |
162 origin_bound_certs_enabled_.Init(prefs::kEnableOriginBoundCerts, | 162 domain_bound_certs_enabled_.Init(prefs::kEnableOriginBoundCerts, |
163 local_state, this); | 163 local_state, this); |
164 ssl_record_splitting_disabled_.Init(prefs::kDisableSSLRecordSplitting, | 164 ssl_record_splitting_disabled_.Init(prefs::kDisableSSLRecordSplitting, |
165 local_state, this); | 165 local_state, this); |
166 pref_change_registrar_.Init(local_state); | 166 pref_change_registrar_.Init(local_state); |
167 pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this); | 167 pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this); |
168 | 168 |
169 OnDisabledCipherSuitesChange(local_state); | 169 OnDisabledCipherSuitesChange(local_state); |
170 // Initialize from UI thread. This is okay as there shouldn't be anything on | 170 // Initialize from UI thread. This is okay as there shouldn't be anything on |
171 // the IO thread trying to access it yet. | 171 // the IO thread trying to access it yet. |
172 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 172 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
173 } | 173 } |
174 | 174 |
175 // static | 175 // static |
176 void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) { | 176 void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) { |
177 net::SSLConfig default_config; | 177 net::SSLConfig default_config; |
178 prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 178 prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
179 default_config.rev_checking_enabled); | 179 default_config.rev_checking_enabled); |
180 prefs->RegisterBooleanPref(prefs::kSSL3Enabled, | 180 prefs->RegisterBooleanPref(prefs::kSSL3Enabled, |
181 default_config.ssl3_enabled); | 181 default_config.ssl3_enabled); |
182 prefs->RegisterBooleanPref(prefs::kTLS1Enabled, | 182 prefs->RegisterBooleanPref(prefs::kTLS1Enabled, |
183 default_config.tls1_enabled); | 183 default_config.tls1_enabled); |
184 prefs->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, | 184 prefs->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, |
185 default_config.origin_bound_certs_enabled); | 185 default_config.domain_bound_certs_enabled); |
186 prefs->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 186 prefs->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
187 !default_config.false_start_enabled); | 187 !default_config.false_start_enabled); |
188 prefs->RegisterListPref(prefs::kCipherSuiteBlacklist); | 188 prefs->RegisterListPref(prefs::kCipherSuiteBlacklist); |
189 // The Options menu used to allow changing the ssl.ssl3.enabled and | 189 // The Options menu used to allow changing the ssl.ssl3.enabled and |
190 // ssl.tls1.enabled preferences, so some users' Local State may have | 190 // ssl.tls1.enabled preferences, so some users' Local State may have |
191 // these preferences. Remove them from Local State. | 191 // these preferences. Remove them from Local State. |
192 prefs->ClearPref(prefs::kSSL3Enabled); | 192 prefs->ClearPref(prefs::kSSL3Enabled); |
193 prefs->ClearPref(prefs::kTLS1Enabled); | 193 prefs->ClearPref(prefs::kTLS1Enabled); |
194 } | 194 } |
195 | 195 |
(...skipping 27 matching lines...) Expand all Loading... |
223 new_config)); | 223 new_config)); |
224 } | 224 } |
225 } | 225 } |
226 | 226 |
227 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( | 227 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( |
228 net::SSLConfig* config) { | 228 net::SSLConfig* config) { |
229 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); | 229 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); |
230 config->ssl3_enabled = ssl3_enabled_.GetValue(); | 230 config->ssl3_enabled = ssl3_enabled_.GetValue(); |
231 config->tls1_enabled = tls1_enabled_.GetValue(); | 231 config->tls1_enabled = tls1_enabled_.GetValue(); |
232 config->disabled_cipher_suites = disabled_cipher_suites_; | 232 config->disabled_cipher_suites = disabled_cipher_suites_; |
233 config->origin_bound_certs_enabled = origin_bound_certs_enabled_.GetValue(); | 233 config->domain_bound_certs_enabled = domain_bound_certs_enabled_.GetValue(); |
234 // disabling False Start also happens to disable record splitting. | 234 // disabling False Start also happens to disable record splitting. |
235 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); | 235 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
236 SSLConfigServicePref::SetSSLConfigFlags(config); | 236 SSLConfigServicePref::SetSSLConfigFlags(config); |
237 } | 237 } |
238 | 238 |
239 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 239 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
240 PrefService* prefs) { | 240 PrefService* prefs) { |
241 const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist); | 241 const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist); |
242 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 242 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
243 } | 243 } |
244 | 244 |
245 //////////////////////////////////////////////////////////////////////////////// | 245 //////////////////////////////////////////////////////////////////////////////// |
246 // SSLConfigServiceManager | 246 // SSLConfigServiceManager |
247 | 247 |
248 // static | 248 // static |
249 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 249 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
250 PrefService* local_state) { | 250 PrefService* local_state) { |
251 return new SSLConfigServiceManagerPref(local_state); | 251 return new SSLConfigServiceManagerPref(local_state); |
252 } | 252 } |
253 | 253 |
254 // static | 254 // static |
255 void SSLConfigServiceManager::RegisterPrefs(PrefService* prefs) { | 255 void SSLConfigServiceManager::RegisterPrefs(PrefService* prefs) { |
256 SSLConfigServiceManagerPref::RegisterPrefs(prefs); | 256 SSLConfigServiceManagerPref::RegisterPrefs(prefs); |
257 } | 257 } |
OLD | NEW |