This source file includes following definitions.
- ListValueToStringVector
- ParseCipherSuites
- SSLProtocolVersionToString
- SSLProtocolVersionFromString
- GetSSLConfig
- SetNewSSLConfig
- RegisterPrefs
- Get
- OnPreferenceChanged
- GetSSLConfigFromPrefs
- OnDisabledCipherSuitesChange
- CreateDefaultManager
- RegisterPrefs
#include "chrome/browser/net/ssl_config_service_manager.h"
#include <algorithm>
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/bind.h"
#include "base/prefs/pref_change_registrar.h"
#include "base/prefs/pref_member.h"
#include "base/prefs/pref_registry_simple.h"
#include "base/prefs/pref_service.h"
#include "chrome/browser/chrome_notification_types.h"
#include "chrome/browser/content_settings/content_settings_utils.h"
#include "chrome/common/content_settings.h"
#include "chrome/common/pref_names.h"
#include "content/public/browser/browser_thread.h"
#include "net/ssl/ssl_cipher_suite_names.h"
#include "net/ssl/ssl_config_service.h"
using content::BrowserThread;
namespace {
std::vector<std::string> ListValueToStringVector(const base::ListValue* value) {
std::vector<std::string> results;
results.reserve(value->GetSize());
std::string s;
for (base::ListValue::const_iterator it = value->begin(); it != value->end();
++it) {
if (!(*it)->GetAsString(&s))
continue;
results.push_back(s);
}
return results;
}
std::vector<uint16> ParseCipherSuites(
const std::vector<std::string>& cipher_strings) {
std::vector<uint16> cipher_suites;
cipher_suites.reserve(cipher_strings.size());
for (std::vector<std::string>::const_iterator it = cipher_strings.begin();
it != cipher_strings.end(); ++it) {
uint16 cipher_suite = 0;
if (!net::ParseSSLCipherString(*it, &cipher_suite)) {
LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: "
<< *it;
continue;
}
cipher_suites.push_back(cipher_suite);
}
std::sort(cipher_suites.begin(), cipher_suites.end());
return cipher_suites;
}
std::string SSLProtocolVersionToString(uint16 version) {
switch (version) {
case net::SSL_PROTOCOL_VERSION_SSL3:
return "ssl3";
case net::SSL_PROTOCOL_VERSION_TLS1:
return "tls1";
case net::SSL_PROTOCOL_VERSION_TLS1_1:
return "tls1.1";
case net::SSL_PROTOCOL_VERSION_TLS1_2:
return "tls1.2";
default:
NOTREACHED();
return std::string();
}
}
uint16 SSLProtocolVersionFromString(const std::string& version_str) {
uint16 version = 0;
if (version_str == "ssl3") {
version = net::SSL_PROTOCOL_VERSION_SSL3;
} else if (version_str == "tls1") {
version = net::SSL_PROTOCOL_VERSION_TLS1;
} else if (version_str == "tls1.1") {
version = net::SSL_PROTOCOL_VERSION_TLS1_1;
} else if (version_str == "tls1.2") {
version = net::SSL_PROTOCOL_VERSION_TLS1_2;
}
return version;
}
}
class SSLConfigServicePref : public net::SSLConfigService {
public:
SSLConfigServicePref() {}
virtual void GetSSLConfig(net::SSLConfig* config) OVERRIDE;
private:
friend class SSLConfigServiceManagerPref;
virtual ~SSLConfigServicePref() {}
void SetNewSSLConfig(const net::SSLConfig& new_config);
net::SSLConfig cached_config_;
DISALLOW_COPY_AND_ASSIGN(SSLConfigServicePref);
};
void SSLConfigServicePref::GetSSLConfig(net::SSLConfig* config) {
*config = cached_config_;
}
void SSLConfigServicePref::SetNewSSLConfig(
const net::SSLConfig& new_config) {
net::SSLConfig orig_config = cached_config_;
cached_config_ = new_config;
ProcessConfigUpdate(orig_config, new_config);
}
class SSLConfigServiceManagerPref
: public SSLConfigServiceManager {
public:
explicit SSLConfigServiceManagerPref(PrefService* local_state);
virtual ~SSLConfigServiceManagerPref() {}
static void RegisterPrefs(PrefRegistrySimple* registry);
virtual net::SSLConfigService* Get() OVERRIDE;
private:
void OnPreferenceChanged(PrefService* prefs,
const std::string& pref_name);
void GetSSLConfigFromPrefs(net::SSLConfig* config);
void OnDisabledCipherSuitesChange(PrefService* local_state);
PrefChangeRegistrar local_state_change_registrar_;
BooleanPrefMember rev_checking_enabled_;
BooleanPrefMember rev_checking_required_local_anchors_;
StringPrefMember ssl_version_min_;
StringPrefMember ssl_version_max_;
BooleanPrefMember channel_id_enabled_;
BooleanPrefMember ssl_record_splitting_disabled_;
std::vector<uint16> disabled_cipher_suites_;
scoped_refptr<SSLConfigServicePref> ssl_config_service_;
DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
};
SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
PrefService* local_state)
: ssl_config_service_(new SSLConfigServicePref()) {
DCHECK(local_state);
PrefChangeRegistrar::NamedChangeCallback local_state_callback = base::Bind(
&SSLConfigServiceManagerPref::OnPreferenceChanged,
base::Unretained(this),
local_state);
rev_checking_enabled_.Init(
prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback);
rev_checking_required_local_anchors_.Init(
prefs::kCertRevocationCheckingRequiredLocalAnchors,
local_state,
local_state_callback);
ssl_version_min_.Init(
prefs::kSSLVersionMin, local_state, local_state_callback);
ssl_version_max_.Init(
prefs::kSSLVersionMax, local_state, local_state_callback);
channel_id_enabled_.Init(
prefs::kEnableOriginBoundCerts, local_state, local_state_callback);
ssl_record_splitting_disabled_.Init(
prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
local_state_change_registrar_.Init(local_state);
local_state_change_registrar_.Add(
prefs::kCipherSuiteBlacklist, local_state_callback);
OnDisabledCipherSuitesChange(local_state);
GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
}
void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
net::SSLConfig default_config;
registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
default_config.rev_checking_enabled);
registry->RegisterBooleanPref(
prefs::kCertRevocationCheckingRequiredLocalAnchors,
default_config.rev_checking_required_local_anchors);
std::string version_min_str =
SSLProtocolVersionToString(default_config.version_min);
std::string version_max_str =
SSLProtocolVersionToString(default_config.version_max);
registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts,
default_config.channel_id_enabled);
registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
!default_config.false_start_enabled);
registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
}
net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
return ssl_config_service_.get();
}
void SSLConfigServiceManagerPref::OnPreferenceChanged(
PrefService* prefs,
const std::string& pref_name_in) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
DCHECK(prefs);
if (pref_name_in == prefs::kCipherSuiteBlacklist)
OnDisabledCipherSuitesChange(prefs);
net::SSLConfig new_config;
GetSSLConfigFromPrefs(&new_config);
BrowserThread::PostTask(
BrowserThread::IO,
FROM_HERE,
base::Bind(
&SSLConfigServicePref::SetNewSSLConfig,
ssl_config_service_.get(),
new_config));
}
void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
net::SSLConfig* config) {
config->rev_checking_enabled = rev_checking_enabled_.GetValue();
config->rev_checking_required_local_anchors =
rev_checking_required_local_anchors_.GetValue();
std::string version_min_str = ssl_version_min_.GetValue();
std::string version_max_str = ssl_version_max_.GetValue();
config->version_min = net::kDefaultSSLVersionMin;
config->version_max = net::kDefaultSSLVersionMax;
uint16 version_min = SSLProtocolVersionFromString(version_min_str);
uint16 version_max = SSLProtocolVersionFromString(version_max_str);
if (version_min) {
uint16 supported_version_min = config->version_min;
config->version_min = std::max(supported_version_min, version_min);
}
if (version_max) {
uint16 supported_version_max = config->version_max;
config->version_max = std::min(supported_version_max, version_max);
}
config->disabled_cipher_suites = disabled_cipher_suites_;
config->channel_id_enabled = channel_id_enabled_.GetValue();
config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
}
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
PrefService* local_state) {
const base::ListValue* value =
local_state->GetList(prefs::kCipherSuiteBlacklist);
disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
}
SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
PrefService* local_state) {
return new SSLConfigServiceManagerPref(local_state);
}
void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
SSLConfigServiceManagerPref::RegisterPrefs(registry);
}