Componentize ssl_config_service_manager_pref.cc
. Removed not needed notifications.
. Created new switches and prefs for ssl_config.
. Using SingleThreadTaskRunner over BrowserThread to remove content dependencies.
BUG=517014
TBR=jochen
Review URL: https://codereview.chromium.org/1320533007
Cr-Commit-Position: refs/heads/master@{#355038}
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
index 5d0b829..ae15717 100644
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -299,6 +299,7 @@
"//components/resources",
"//components/safe_json",
"//components/sessions",
+ "//components/ssl_config",
"//components/storage_monitor",
"//components/syncable_prefs",
"//components/translate/content/browser",
diff --git a/chrome/browser/DEPS b/chrome/browser/DEPS
index d9e2ac62..f416c8b 100644
--- a/chrome/browser/DEPS
+++ b/chrome/browser/DEPS
@@ -90,6 +90,7 @@
"+components/session_manager",
"+components/sessions",
"+components/signin",
+ "+components/ssl_config",
"+components/ssl_errors",
"+components/startup_metric_utils",
"+components/storage_monitor",
diff --git a/chrome/browser/chromeos/mobile/mobile_activator.cc b/chrome/browser/chromeos/mobile/mobile_activator.cc
index 7978921..f16a245 100644
--- a/chrome/browser/chromeos/mobile/mobile_activator.cc
+++ b/chrome/browser/chromeos/mobile/mobile_activator.cc
@@ -34,6 +34,7 @@
#include "chromeos/network/network_handler_callbacks.h"
#include "chromeos/network/network_state.h"
#include "chromeos/network/network_state_handler.h"
+#include "components/ssl_config/ssl_config_prefs.h"
#include "content/public/browser/browser_thread.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
#include "ui/chromeos/network/network_connect.h"
@@ -1096,8 +1097,7 @@
if (!prefs)
return;
if (reenable_cert_check_) {
- prefs->SetBoolean(prefs::kCertRevocationCheckingEnabled,
- true);
+ prefs->SetBoolean(ssl_config::prefs::kCertRevocationCheckingEnabled, true);
reenable_cert_check_ = false;
}
}
@@ -1108,10 +1108,9 @@
// TODO(rkc): We want to do this only if on Cellular.
PrefService* prefs = g_browser_process->local_state();
if (!reenable_cert_check_ &&
- prefs->GetBoolean(
- prefs::kCertRevocationCheckingEnabled)) {
+ prefs->GetBoolean(ssl_config::prefs::kCertRevocationCheckingEnabled)) {
reenable_cert_check_ = true;
- prefs->SetBoolean(prefs::kCertRevocationCheckingEnabled, false);
+ prefs->SetBoolean(ssl_config::prefs::kCertRevocationCheckingEnabled, false);
}
}
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index 572e5348..10e53586 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -478,7 +478,9 @@
NULL,
local_state);
ssl_config_service_manager_.reset(
- SSLConfigServiceManager::CreateDefaultManager(local_state));
+ ssl_config::SSLConfigServiceManager::CreateDefaultManager(
+ local_state,
+ BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)));
base::Value* dns_client_enabled_default = new base::FundamentalValue(
chrome_browser_net::ConfigureAsyncDnsFieldTrial());
diff --git a/chrome/browser/io_thread.h b/chrome/browser/io_thread.h
index 2d798f6..2b43925 100644
--- a/chrome/browser/io_thread.h
+++ b/chrome/browser/io_thread.h
@@ -19,8 +19,8 @@
#include "base/strings/string_piece.h"
#include "base/time/time.h"
#include "chrome/browser/net/chrome_network_delegate.h"
-#include "chrome/browser/net/ssl_config_service_manager.h"
#include "components/data_usage/core/data_use_aggregator.h"
+#include "components/ssl_config/ssl_config_service_manager.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/browser_thread_delegate.h"
#include "net/base/network_change_notifier.h"
@@ -496,7 +496,7 @@
// This is an instance of the default SSLConfigServiceManager for the current
// platform and it gets SSL preferences from local_state object.
- scoped_ptr<SSLConfigServiceManager> ssl_config_service_manager_;
+ scoped_ptr<ssl_config::SSLConfigServiceManager> ssl_config_service_manager_;
// These member variables are initialized by a task posted to the IO thread,
// which gets posted by calling certain member functions of IOThread.
diff --git a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc
deleted file mode 100644
index 3216632..0000000
--- a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc
+++ /dev/null
@@ -1,240 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/net/ssl_config_service_manager.h"
-
-#include "base/command_line.h"
-#include "base/memory/ref_counted.h"
-#include "base/message_loop/message_loop.h"
-#include "base/prefs/pref_registry_simple.h"
-#include "base/prefs/testing_pref_store.h"
-#include "base/values.h"
-#include "chrome/browser/prefs/command_line_pref_store.h"
-#include "chrome/common/chrome_switches.h"
-#include "chrome/common/pref_names.h"
-#include "chrome/test/base/testing_profile.h"
-#include "components/content_settings/core/browser/host_content_settings_map.h"
-#include "components/content_settings/core/common/content_settings.h"
-#include "components/syncable_prefs/pref_service_mock_factory.h"
-#include "components/syncable_prefs/testing_pref_service_syncable.h"
-#include "content/public/test/test_browser_thread.h"
-#include "net/ssl/ssl_config.h"
-#include "net/ssl/ssl_config_service.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-using base::ListValue;
-using base::Value;
-using content::BrowserThread;
-using net::SSLConfig;
-using net::SSLConfigService;
-
-class SSLConfigServiceManagerPrefTest : public testing::Test {
- public:
- SSLConfigServiceManagerPrefTest()
- : ui_thread_(BrowserThread::UI, &message_loop_),
- io_thread_(BrowserThread::IO, &message_loop_) {}
-
- protected:
- base::MessageLoop message_loop_;
- content::TestBrowserThread ui_thread_;
- content::TestBrowserThread io_thread_;
-};
-
-// Test channel id with no user prefs.
-TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- scoped_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(&local_state));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig config;
- config_service->GetSSLConfig(&config);
- EXPECT_TRUE(config.channel_id_enabled);
-}
-
-// Test that cipher suites can be disabled. "Good" refers to the fact that
-// every value is expected to be successfully parsed into a cipher suite.
-TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- scoped_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(&local_state));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig old_config;
- config_service->GetSSLConfig(&old_config);
- EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
-
- base::ListValue* list_value = new base::ListValue();
- list_value->Append(new base::StringValue("0x0004"));
- list_value->Append(new base::StringValue("0x0005"));
- local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
-
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- message_loop_.RunUntilIdle();
-
- SSLConfig config;
- config_service->GetSSLConfig(&config);
-
- EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
- ASSERT_EQ(2u, config.disabled_cipher_suites.size());
- EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
- EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
-}
-
-// Test that cipher suites can be disabled. "Bad" refers to the fact that
-// there are one or more non-cipher suite strings in the preference. They
-// should be ignored.
-TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- scoped_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(&local_state));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig old_config;
- config_service->GetSSLConfig(&old_config);
- EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
-
- base::ListValue* list_value = new base::ListValue();
- list_value->Append(new base::StringValue("0x0004"));
- list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
- list_value->Append(new base::StringValue("0x0005"));
- list_value->Append(new base::StringValue("0xBEEFY"));
- local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
-
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- message_loop_.RunUntilIdle();
-
- SSLConfig config;
- config_service->GetSSLConfig(&config);
-
- EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
- ASSERT_EQ(2u, config.disabled_cipher_suites.size());
- EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
- EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
-}
-
-// Test that without command-line settings for minimum and maximum SSL versions,
-// TLS versions from 1.0 up to 1.1 or 1.2 are enabled.
-TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- syncable_prefs::PrefServiceMockFactory factory;
- factory.set_user_prefs(local_state_store);
- scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
- scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
-
- SSLConfigServiceManager::RegisterPrefs(registry.get());
-
- scoped_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- // In the absence of command-line options, the default TLS version range is
- // enabled.
- EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min);
- EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max);
-
- // The settings should not be added to the local_state.
- EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
- EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
-
- // Explicitly double-check the settings are not in the preference store.
- std::string version_min_str;
- std::string version_max_str;
- EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
- &version_min_str));
- EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
- &version_max_str));
-}
-
-// Test that command-line settings for minimum and maximum SSL versions are
-// respected and that they do not persist to the preferences files.
-TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1");
- command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1");
-
- syncable_prefs::PrefServiceMockFactory factory;
- factory.set_user_prefs(local_state_store);
- factory.set_command_line_prefs(new CommandLinePrefStore(&command_line));
- scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
- scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
-
- SSLConfigServiceManager::RegisterPrefs(registry.get());
-
- scoped_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- // Command-line flags should be respected.
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max);
-
- // Explicitly double-check the settings are not in the preference store.
- const PrefService::Preference* version_min_pref =
- local_state->FindPreference(prefs::kSSLVersionMin);
- EXPECT_FALSE(version_min_pref->IsUserModifiable());
-
- const PrefService::Preference* version_max_pref =
- local_state->FindPreference(prefs::kSSLVersionMax);
- EXPECT_FALSE(version_max_pref->IsUserModifiable());
-
- std::string version_min_str;
- std::string version_max_str;
- EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
- &version_min_str));
- EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
- &version_max_str));
-}
-
-// Tests that "ssl3" is not treated as a valid minimum version.
-TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kSSLVersionMin, "ssl3");
-
- syncable_prefs::PrefServiceMockFactory factory;
- factory.set_user_prefs(local_state_store);
- factory.set_command_line_prefs(new CommandLinePrefStore(&command_line));
- scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
- scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
-
- SSLConfigServiceManager::RegisterPrefs(registry.get());
-
- scoped_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- // The command-line option must not have been honored.
- EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
-}
diff --git a/chrome/browser/policy/configuration_policy_handler_list_factory.cc b/chrome/browser/policy/configuration_policy_handler_list_factory.cc
index 3272deb..14ee789 100644
--- a/chrome/browser/policy/configuration_policy_handler_list_factory.cc
+++ b/chrome/browser/policy/configuration_policy_handler_list_factory.cc
@@ -30,6 +30,7 @@
#include "components/policy/core/common/schema.h"
#include "components/search_engines/default_search_policy_handler.h"
#include "components/signin/core/common/signin_pref_names.h"
+#include "components/ssl_config/ssl_config_prefs.h"
#include "components/translate/core/common/translate_pref_names.h"
#include "components/variations/pref_names.h"
#include "policy/policy_constants.h"
@@ -219,10 +220,10 @@
prefs::kSigninAllowed,
base::Value::TYPE_BOOLEAN },
{ key::kEnableOnlineRevocationChecks,
- prefs::kCertRevocationCheckingEnabled,
+ ssl_config::prefs::kCertRevocationCheckingEnabled,
base::Value::TYPE_BOOLEAN },
{ key::kRequireOnlineRevocationChecksForLocalAnchors,
- prefs::kCertRevocationCheckingRequiredLocalAnchors,
+ ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
base::Value::TYPE_BOOLEAN },
{ key::kAuthSchemes,
prefs::kAuthSchemes,
@@ -370,7 +371,7 @@
prefs::kForceEphemeralProfiles,
base::Value::TYPE_BOOLEAN },
{ key::kSSLVersionFallbackMin,
- prefs::kSSLVersionFallbackMin,
+ ssl_config::prefs::kSSLVersionFallbackMin,
base::Value::TYPE_STRING },
#if !defined(OS_MACOSX) && !defined(OS_IOS)
diff --git a/chrome/browser/policy/policy_browsertest.cc b/chrome/browser/policy/policy_browsertest.cc
index 62e6545..c0757902 100644
--- a/chrome/browser/policy/policy_browsertest.cc
+++ b/chrome/browser/policy/policy_browsertest.cc
@@ -107,6 +107,7 @@
#include "components/search/search.h"
#include "components/search_engines/template_url.h"
#include "components/search_engines/template_url_service.h"
+#include "components/ssl_config/ssl_config_prefs.h"
#include "components/translate/core/browser/language_state.h"
#include "components/translate/core/browser/translate_infobar_delegate.h"
#include "components/variations/service/variations_service.h"
@@ -2726,7 +2727,7 @@
const std::string new_value("tls1.2");
const std::string default_value(
- prefs->GetString(prefs::kSSLVersionFallbackMin));
+ prefs->GetString(ssl_config::prefs::kSSLVersionFallbackMin));
EXPECT_NE(default_value, new_value);
EXPECT_NE(net::SSL_PROTOCOL_VERSION_TLS1_2,
diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index 912825d..fbd17bb 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -35,7 +35,6 @@
#include "chrome/browser/net/net_pref_observer.h"
#include "chrome/browser/net/prediction_options.h"
#include "chrome/browser/net/predictor.h"
-#include "chrome/browser/net/ssl_config_service_manager.h"
#include "chrome/browser/notifications/extension_welcome_notification.h"
#include "chrome/browser/notifications/notifier_state_tracker.h"
#include "chrome/browser/pepper_flash_settings_manager.h"
@@ -82,6 +81,7 @@
#include "components/proxy_config/pref_proxy_config_tracker_impl.h"
#include "components/rappor/rappor_service.h"
#include "components/search_engines/template_url_prepopulate_data.h"
+#include "components/ssl_config/ssl_config_service_manager.h"
#include "components/sync_driver/sync_prefs.h"
#include "components/syncable_prefs/pref_service_syncable.h"
#include "components/translate/core/browser/translate_prefs.h"
@@ -263,7 +263,7 @@
rappor::RapporService::RegisterPrefs(registry);
RegisterScreenshotPrefs(registry);
SigninManagerFactory::RegisterPrefs(registry);
- SSLConfigServiceManager::RegisterPrefs(registry);
+ ssl_config::SSLConfigServiceManager::RegisterPrefs(registry);
web_resource::PromoResourceService::RegisterPrefs(registry);
#if defined(ENABLE_AUTOFILL_DIALOG)
diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc
index c6e9b12..460cf2c 100644
--- a/chrome/browser/prefs/command_line_pref_store.cc
+++ b/chrome/browser/prefs/command_line_pref_store.cc
@@ -19,6 +19,8 @@
#include "components/data_reduction_proxy/core/common/data_reduction_proxy_switches.h"
#include "components/proxy_config/proxy_config_dictionary.h"
#include "components/proxy_config/proxy_config_pref_names.h"
+#include "components/ssl_config/ssl_config_prefs.h"
+#include "components/ssl_config/ssl_config_switches.h"
#include "content/public/common/content_switches.h"
#include "ui/base/ui_base_switches.h"
@@ -32,9 +34,10 @@
{ data_reduction_proxy::switches::kDataReductionProxy,
data_reduction_proxy::prefs::kDataReductionProxy },
{ switches::kAuthServerWhitelist, prefs::kAuthServerWhitelist },
- { switches::kSSLVersionMin, prefs::kSSLVersionMin },
- { switches::kSSLVersionMax, prefs::kSSLVersionMax },
- { switches::kSSLVersionFallbackMin, prefs::kSSLVersionFallbackMin },
+ { switches::kSSLVersionMin, ssl_config::prefs::kSSLVersionMin },
+ { switches::kSSLVersionMax, ssl_config::prefs::kSSLVersionMax },
+ { switches::kSSLVersionFallbackMin,
+ ssl_config::prefs::kSSLVersionFallbackMin },
#if defined(OS_ANDROID)
{ switches::kAuthAndroidNegotiateAccountType,
prefs::kAuthAndroidNegotiateAccountType },
@@ -187,7 +190,7 @@
list_value->AppendStrings(base::SplitString(
command_line_->GetSwitchValueASCII(switches::kCipherSuiteBlacklist),
",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL));
- SetValue(prefs::kCipherSuiteBlacklist, list_value.Pass(),
+ SetValue(ssl_config::prefs::kCipherSuiteBlacklist, list_value.Pass(),
WriteablePrefStore::DEFAULT_PREF_WRITE_FLAGS);
}
}
diff --git a/chrome/browser/prefs/command_line_pref_store_ssl_manager_unittest.cc b/chrome/browser/prefs/command_line_pref_store_ssl_manager_unittest.cc
new file mode 100644
index 0000000..ae81ce5
--- /dev/null
+++ b/chrome/browser/prefs/command_line_pref_store_ssl_manager_unittest.cc
@@ -0,0 +1,79 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/ssl_config/ssl_config_service_manager.h"
+
+#include "base/command_line.h"
+#include "base/message_loop/message_loop.h"
+#include "base/prefs/pref_registry_simple.h"
+#include "base/prefs/pref_service.h"
+#include "base/prefs/testing_pref_store.h"
+#include "base/thread_task_runner_handle.h"
+#include "chrome/browser/prefs/command_line_pref_store.h"
+#include "components/ssl_config/ssl_config_prefs.h"
+#include "components/ssl_config/ssl_config_switches.h"
+#include "components/syncable_prefs/pref_service_mock_factory.h"
+#include "net/ssl/ssl_config.h"
+#include "net/ssl/ssl_config_service.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using net::SSLConfig;
+using net::SSLConfigService;
+using ssl_config::SSLConfigServiceManager;
+
+class CommandLinePrefStoreSSLManagerTest : public testing::Test {
+ public:
+ CommandLinePrefStoreSSLManagerTest() {}
+
+ protected:
+ base::MessageLoop message_loop_;
+};
+
+// Test that command-line settings for minimum and maximum SSL versions are
+// respected and that they do not persist to the preferences files.
+TEST_F(CommandLinePrefStoreSSLManagerTest, CommandLinePrefs) {
+ scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
+
+ base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
+ command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1");
+ command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1");
+
+ syncable_prefs::PrefServiceMockFactory factory;
+ factory.set_user_prefs(local_state_store);
+ factory.set_command_line_prefs(new CommandLinePrefStore(&command_line));
+ scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
+ scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
+
+ SSLConfigServiceManager::RegisterPrefs(registry.get());
+
+ scoped_ptr<SSLConfigServiceManager> config_manager(
+ SSLConfigServiceManager::CreateDefaultManager(
+ local_state.get(), base::ThreadTaskRunnerHandle::Get()));
+ ASSERT_TRUE(config_manager.get());
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+ ASSERT_TRUE(config_service.get());
+
+ SSLConfig ssl_config;
+ config_service->GetSSLConfig(&ssl_config);
+ // Command-line flags should be respected.
+ EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min);
+ EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max);
+
+ // Explicitly double-check the settings are not in the preference store.
+ const PrefService::Preference* version_min_pref =
+ local_state->FindPreference(ssl_config::prefs::kSSLVersionMin);
+ EXPECT_FALSE(version_min_pref->IsUserModifiable());
+
+ const PrefService::Preference* version_max_pref =
+ local_state->FindPreference(ssl_config::prefs::kSSLVersionMax);
+ EXPECT_FALSE(version_max_pref->IsUserModifiable());
+
+ std::string version_min_str;
+ std::string version_max_str;
+ EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMin,
+ &version_min_str));
+ EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMax,
+ &version_max_str));
+}
+
diff --git a/chrome/browser/prefs/command_line_pref_store_unittest.cc b/chrome/browser/prefs/command_line_pref_store_unittest.cc
index 2799e29..d1f5f1645 100644
--- a/chrome/browser/prefs/command_line_pref_store_unittest.cc
+++ b/chrome/browser/prefs/command_line_pref_store_unittest.cc
@@ -13,6 +13,7 @@
#include "chrome/common/pref_names.h"
#include "components/proxy_config/proxy_config_dictionary.h"
#include "components/proxy_config/proxy_config_pref_names.h"
+#include "components/ssl_config/ssl_config_prefs.h"
#include "ui/base/ui_base_switches.h"
namespace {
@@ -45,7 +46,7 @@
void VerifySSLCipherSuites(const char* const* ciphers,
size_t cipher_count) {
const base::Value* value = NULL;
- ASSERT_TRUE(GetValue(prefs::kCipherSuiteBlacklist, &value));
+ ASSERT_TRUE(GetValue(ssl_config::prefs::kCipherSuiteBlacklist, &value));
ASSERT_EQ(base::Value::TYPE_LIST, value->GetType());
const base::ListValue* list_value =
static_cast<const base::ListValue*>(value);
diff --git a/chrome/browser/profiles/profile_impl.cc b/chrome/browser/profiles/profile_impl.cc
index 8250be1..e029bd8 100644
--- a/chrome/browser/profiles/profile_impl.cc
+++ b/chrome/browser/profiles/profile_impl.cc
@@ -44,7 +44,6 @@
#include "chrome/browser/net/net_pref_observer.h"
#include "chrome/browser/net/predictor.h"
#include "chrome/browser/net/proxy_service_factory.h"
-#include "chrome/browser/net/ssl_config_service_manager.h"
#include "chrome/browser/permissions/permission_manager.h"
#include "chrome/browser/permissions/permission_manager_factory.h"
#include "chrome/browser/plugins/chrome_plugin_service_filter.h"
@@ -91,6 +90,7 @@
#include "components/proxy_config/pref_proxy_config_tracker.h"
#include "components/signin/core/browser/signin_manager.h"
#include "components/signin/core/common/signin_pref_names.h"
+#include "components/ssl_config/ssl_config_service_manager.h"
#include "components/syncable_prefs/pref_service_syncable.h"
#include "components/ui/zoom/zoom_event_manager.h"
#include "components/url_formatter/url_fixer.h"
@@ -542,7 +542,9 @@
PrefService* local_state = g_browser_process->local_state();
ssl_config_service_manager_.reset(
- SSLConfigServiceManager::CreateDefaultManager(local_state));
+ ssl_config::SSLConfigServiceManager::CreateDefaultManager(
+ local_state,
+ BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)));
#if defined(ENABLE_BACKGROUND)
// Initialize the BackgroundModeManager - this has to be done here before
diff --git a/chrome/browser/profiles/profile_impl.h b/chrome/browser/profiles/profile_impl.h
index b53f6f6..95477b1 100644
--- a/chrome/browser/profiles/profile_impl.h
+++ b/chrome/browser/profiles/profile_impl.h
@@ -25,7 +25,6 @@
class PrefService;
class ShortcutsBackend;
-class SSLConfigServiceManager;
class TrackedPreferenceValidationDelegate;
#if defined(OS_CHROMEOS)
@@ -55,6 +54,10 @@
class SchemaRegistryService;
}
+namespace ssl_config {
+class SSLConfigServiceManager;
+}
+
namespace syncable_prefs {
class PrefServiceSyncable;
}
@@ -236,7 +239,7 @@
extension_special_storage_policy_;
#endif
scoped_ptr<NetPrefObserver> net_pref_observer_;
- scoped_ptr<SSLConfigServiceManager> ssl_config_service_manager_;
+ scoped_ptr<ssl_config::SSLConfigServiceManager> ssl_config_service_manager_;
scoped_refptr<ShortcutsBackend> shortcuts_backend_;
// Exit type the last time the profile was opened. This is set only once from
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index c6d9acf..3256e03 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -1973,8 +1973,6 @@
'browser/net/spdyproxy/data_reduction_proxy_chrome_settings_factory.h',
'browser/net/spdyproxy/data_reduction_proxy_settings_android.cc',
'browser/net/spdyproxy/data_reduction_proxy_settings_android.h',
- 'browser/net/ssl_config_service_manager.h',
- 'browser/net/ssl_config_service_manager_pref.cc',
'browser/net/timed_cache.cc',
'browser/net/timed_cache.h',
'browser/net/url_info.cc',
@@ -3239,6 +3237,7 @@
'../components/components.gyp:safe_json',
'../components/components.gyp:sessions_content',
'../components/components.gyp:storage_monitor',
+ '../components/components.gyp:ssl_config',
'../components/components.gyp:syncable_prefs',
'../components/components.gyp:translate_content_browser',
'../components/components.gyp:upload_list',
diff --git a/chrome/chrome_browser_chromeos.gypi b/chrome/chrome_browser_chromeos.gypi
index 77da97b0..d2f5bff 100644
--- a/chrome/chrome_browser_chromeos.gypi
+++ b/chrome/chrome_browser_chromeos.gypi
@@ -1115,6 +1115,7 @@
'../components/components.gyp:pairing',
'../components/components.gyp:policy',
'../components/components.gyp:proxy_config',
+ '../components/components.gyp:ssl_config',
'../components/components.gyp:user_manager',
# This depends directly on the variations target, rather than just
# transitively via the common target because the proto sources need to
diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi
index da11f1d..4b610b89 100644
--- a/chrome/chrome_tests.gypi
+++ b/chrome/chrome_tests.gypi
@@ -2113,6 +2113,7 @@
'../components/components.gyp:dom_distiller_content_renderer',
'../components/components.gyp:dom_distiller_test_support',
'../components/components.gyp:guest_view_test_support',
+ '../components/components.gyp:ssl_config',
'../components/components.gyp:translate_core_common',
'../components/components_resources.gyp:components_resources',
'../components/components_strings.gyp:components_strings',
diff --git a/chrome/chrome_tests_unit.gypi b/chrome/chrome_tests_unit.gypi
index 7bb9788..f649297 100644
--- a/chrome/chrome_tests_unit.gypi
+++ b/chrome/chrome_tests_unit.gypi
@@ -152,7 +152,6 @@
'browser/net/safe_search_util_unittest.cc',
'browser/net/spdyproxy/data_reduction_proxy_chrome_settings_unittest.cc',
'browser/net/spdyproxy/data_reduction_proxy_settings_unittest_android.cc',
- 'browser/net/ssl_config_service_manager_pref_unittest.cc',
'browser/net/url_info_unittest.cc',
'browser/password_manager/chrome_password_manager_client_unittest.cc',
'browser/password_manager/password_manager_internals_service_unittest.cc',
@@ -172,6 +171,7 @@
'browser/predictors/resource_prefetcher_unittest.cc',
'browser/prefs/chrome_pref_service_unittest.cc',
'browser/prefs/command_line_pref_store_proxy_unittest.cc',
+ 'browser/prefs/command_line_pref_store_ssl_manager_unittest.cc',
'browser/prefs/command_line_pref_store_unittest.cc',
'browser/prefs/incognito_mode_prefs_unittest.cc',
'browser/prefs/profile_pref_store_manager_unittest.cc',
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 2b40a6f4..89093a0a 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -1064,22 +1064,6 @@
"spelling-service-feedback-interval-seconds";
#endif
-// Specifies the maximum SSL/TLS version ("tls1", "tls1.1", or "tls1.2").
-const char kSSLVersionMax[] = "ssl-version-max";
-
-// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2").
-const char kSSLVersionMin[] = "ssl-version-min";
-
-// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
-// TLS fallback will accept.
-const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
-
-// These values aren't switches, but rather the values that kSSLVersionMax,
-// kSSLVersionMin and kSSLVersionFallbackMin can have.
-const char kSSLVersionTLSv1[] = "tls1";
-const char kSSLVersionTLSv11[] = "tls1.1";
-const char kSSLVersionTLSv12[] = "tls1.2";
-
// Starts the browser maximized, regardless of any previous settings.
const char kStartMaximized[] = "start-maximized";
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 7813093..0c6778c 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -290,12 +290,6 @@
extern const char kSpellingServiceFeedbackUrl[];
extern const char kSpellingServiceFeedbackIntervalSeconds[];
#endif
-extern const char kSSLVersionMax[];
-extern const char kSSLVersionMin[];
-extern const char kSSLVersionFallbackMin[];
-extern const char kSSLVersionTLSv1[];
-extern const char kSSLVersionTLSv11[];
-extern const char kSSLVersionTLSv12[];
extern const char kStartMaximized[];
extern const char kSupervisedUserId[];
extern const char kSupervisedUserSafeSites[];
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index 371889f..b46e8b3 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -1246,15 +1246,6 @@
const char kProfileResetPromptMementosInLocalState[] =
"profile.reset_prompt_mementos";
-// Prefs for SSLConfigServicePref.
-const char kCertRevocationCheckingEnabled[] = "ssl.rev_checking.enabled";
-const char kCertRevocationCheckingRequiredLocalAnchors[] =
- "ssl.rev_checking.required_for_local_anchors";
-const char kSSLVersionMin[] = "ssl.version_min";
-const char kSSLVersionMax[] = "ssl.version_max";
-const char kSSLVersionFallbackMin[] = "ssl.version_fallback_min";
-const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist";
-
// Boolean that specifies whether or not crash reports are sent
// over the network for analysis.
#if defined(OS_ANDROID)
diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
index fdc30b3..a20f6436 100644
--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -410,14 +410,6 @@
extern const char kWebRTCNonProxiedUdpEnabled[];
#endif
-// Local state prefs. Please add Profile prefs above instead.
-extern const char kCertRevocationCheckingEnabled[];
-extern const char kCertRevocationCheckingRequiredLocalAnchors[];
-extern const char kSSLVersionMin[];
-extern const char kSSLVersionMax[];
-extern const char kSSLVersionFallbackMin[];
-extern const char kCipherSuiteBlacklist[];
-
extern const char kGLVendorString[];
extern const char kGLRendererString[];
extern const char kGLVersionString[];
diff --git a/components/BUILD.gn b/components/BUILD.gn
index c3ac7cd..5342da3 100644
--- a/components/BUILD.gn
+++ b/components/BUILD.gn
@@ -122,6 +122,7 @@
"//components/security_interstitials/core",
"//components/sessions",
"//components/signin/core/browser",
+ "//components/ssl_config",
"//components/startup_metric_utils",
"//components/sync_driver",
"//components/sync_sessions",
@@ -386,6 +387,7 @@
"//components/search:unit_tests",
"//components/search_provider_logos:unit_tests",
"//components/signin/core/browser:unit_tests",
+ "//components/ssl_config:unit_tests",
"//components/sync_driver:unit_tests",
"//components/sync_sessions:unit_tests",
"//components/translate/core/browser:unit_tests",
diff --git a/components/components.gyp b/components/components.gyp
index dce35ae8..ccb6578 100644
--- a/components/components.gyp
+++ b/components/components.gyp
@@ -76,6 +76,7 @@
'security_interstitials.gypi',
'sessions.gypi',
'signin.gypi',
+ 'ssl_config.gypi',
'ssl_errors.gypi',
'startup_metric_utils.gypi',
'suggestions.gypi',
diff --git a/components/components_tests.gyp b/components/components_tests.gyp
index f359292..cac8068d 100644
--- a/components/components_tests.gyp
+++ b/components/components_tests.gyp
@@ -632,6 +632,9 @@
'signin/ios/browser/account_consistency_service_unittest.mm',
'signin/ios/browser/profile_oauth2_token_service_ios_delegate_unittest.mm',
],
+ 'ssl_config_unittest_sources': [
+ 'ssl_config/ssl_config_service_manager_pref_unittest.cc',
+ ],
'storage_monitor_unittest_sources': [
'storage_monitor/image_capture_device_manager_unittest.mm',
'storage_monitor/media_storage_util_unittest.cc',
@@ -870,6 +873,7 @@
'<@(search_unittest_sources)',
'<@(sessions_unittest_sources)',
'<@(signin_unittest_sources)',
+ '<@(ssl_config_unittest_sources)',
'<@(suggestions_unittest_sources)',
'<@(sync_driver_unittest_sources)',
'<@(sync_sessions_unittest_sources)',
@@ -994,6 +998,7 @@
'components.gyp:sessions_test_support',
'components.gyp:signin_core_browser',
'components.gyp:signin_core_browser_test_support',
+ 'components.gyp:ssl_config',
'components.gyp:suggestions',
'components.gyp:sync_driver_test_support',
'components.gyp:sync_sessions',
diff --git a/components/ssl_config.gypi b/components/ssl_config.gypi
new file mode 100644
index 0000000..261b26c8
--- /dev/null
+++ b/components/ssl_config.gypi
@@ -0,0 +1,31 @@
+# Copyright 2015 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+{
+ 'targets': [
+ {
+ # GN version: //components/ssl_config
+ 'target_name': 'ssl_config',
+ 'type': 'static_library',
+ 'dependencies': [
+ '../base/base.gyp:base',
+ '../base/base.gyp:base_prefs',
+ '../net/net.gyp:net',
+ 'content_settings_core_browser',
+ 'content_settings_core_common',
+ ],
+ 'include_dirs': [
+ '..',
+ ],
+ 'sources': [
+ 'ssl_config/ssl_config_prefs.cc',
+ 'ssl_config/ssl_config_prefs.h',
+ 'ssl_config/ssl_config_service_manager.h',
+ 'ssl_config/ssl_config_service_manager_pref.cc',
+ 'ssl_config/ssl_config_switches.cc',
+ 'ssl_config/ssl_config_switches.h',
+ ],
+ },
+ ],
+}
diff --git a/components/ssl_config/BUILD.gn b/components/ssl_config/BUILD.gn
new file mode 100644
index 0000000..cc79bea
--- /dev/null
+++ b/components/ssl_config/BUILD.gn
@@ -0,0 +1,34 @@
+# Copyright 2015 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# GYP version: components/ssl_config.gypi:ssl_config
+source_set("ssl_config") {
+ sources = [
+ "ssl_config_prefs.cc",
+ "ssl_config_prefs.h",
+ "ssl_config_service_manager.h",
+ "ssl_config_service_manager_pref.cc",
+ "ssl_config_switches.cc",
+ "ssl_config_switches.h",
+ ]
+
+ deps = [
+ "//base",
+ "//base:prefs",
+ "//components/content_settings/core/browser",
+ "//components/content_settings/core/common",
+ "//net",
+ ]
+}
+
+source_set("unit_tests") {
+ testonly = true
+ sources = [
+ "ssl_config_service_manager_pref_unittest.cc",
+ ]
+ deps = [
+ ":ssl_config",
+ "//testing/gtest",
+ ]
+}
diff --git a/components/ssl_config/DEPS b/components/ssl_config/DEPS
new file mode 100644
index 0000000..198af50
--- /dev/null
+++ b/components/ssl_config/DEPS
@@ -0,0 +1,7 @@
+include_rules = [
+ "+components/content_settings/core/browser",
+ "+components/content_settings/core/common",
+ "+net/socket",
+ "+net/ssl",
+]
+
diff --git a/components/ssl_config/OWNERS b/components/ssl_config/OWNERS
new file mode 100644
index 0000000..42d0d3b
--- /dev/null
+++ b/components/ssl_config/OWNERS
@@ -0,0 +1,3 @@
[email protected]
[email protected]
[email protected]
diff --git a/components/ssl_config/ssl_config_prefs.cc b/components/ssl_config/ssl_config_prefs.cc
new file mode 100644
index 0000000..8f4bc727
--- /dev/null
+++ b/components/ssl_config/ssl_config_prefs.cc
@@ -0,0 +1,21 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/ssl_config/ssl_config_prefs.h"
+
+namespace ssl_config {
+namespace prefs {
+
+// Prefs for SSLConfigServicePref.
+const char kCertRevocationCheckingEnabled[] = "ssl.rev_checking.enabled";
+const char kCertRevocationCheckingRequiredLocalAnchors[] =
+ "ssl.rev_checking.required_for_local_anchors";
+const char kSSLVersionMin[] = "ssl.version_min";
+const char kSSLVersionMax[] = "ssl.version_max";
+const char kSSLVersionFallbackMin[] = "ssl.version_fallback_min";
+const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist";
+const char kDisableSSLRecordSplitting[] = "ssl.ssl_record_splitting.disabled";
+
+} // namespace prefs
+} // namespace ssl_config
diff --git a/components/ssl_config/ssl_config_prefs.h b/components/ssl_config/ssl_config_prefs.h
new file mode 100644
index 0000000..e29bb0f
--- /dev/null
+++ b/components/ssl_config/ssl_config_prefs.h
@@ -0,0 +1,22 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SSL_CONFIG_SSL_CONFIG_PREFS_H_
+#define COMPONENTS_SSL_CONFIG_SSL_CONFIG_PREFS_H_
+
+namespace ssl_config {
+namespace prefs {
+
+extern const char kCertRevocationCheckingEnabled[];
+extern const char kCertRevocationCheckingRequiredLocalAnchors[];
+extern const char kSSLVersionMin[];
+extern const char kSSLVersionMax[];
+extern const char kSSLVersionFallbackMin[];
+extern const char kCipherSuiteBlacklist[];
+extern const char kDisableSSLRecordSplitting[];
+
+} // namespace prefs
+} // namespace ssl_config
+
+#endif // COMPONENTS_SSL_CONFIG_SSL_CONFIG_PREFS_H_
diff --git a/chrome/browser/net/ssl_config_service_manager.h b/components/ssl_config/ssl_config_service_manager.h
similarity index 69%
rename from chrome/browser/net/ssl_config_service_manager.h
rename to components/ssl_config/ssl_config_service_manager.h
index 85185c6..30bc1c0 100644
--- a/chrome/browser/net/ssl_config_service_manager.h
+++ b/components/ssl_config/ssl_config_service_manager.h
@@ -2,8 +2,14 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef CHROME_BROWSER_NET_SSL_CONFIG_SERVICE_MANAGER_H_
-#define CHROME_BROWSER_NET_SSL_CONFIG_SERVICE_MANAGER_H_
+#ifndef COMPONENTS_SSL_CONFIG_SSL_CONFIG_SERVICE_MANAGER_H_
+#define COMPONENTS_SSL_CONFIG_SSL_CONFIG_SERVICE_MANAGER_H_
+
+#include "base/memory/ref_counted.h"
+
+namespace base {
+class SingleThreadTaskRunner;
+}
namespace net {
class SSLConfigService;
@@ -12,6 +18,8 @@
class PrefService;
class PrefRegistrySimple;
+namespace ssl_config {
+
// An interface for creating SSLConfigService objects.
class SSLConfigServiceManager {
public:
@@ -19,7 +27,8 @@
// PrefService objects must be longer than that of the manager. Get SSL
// preferences from local_state object.
static SSLConfigServiceManager* CreateDefaultManager(
- PrefService* local_state);
+ PrefService* local_state,
+ const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner);
static void RegisterPrefs(PrefRegistrySimple* registry);
@@ -32,4 +41,5 @@
virtual net::SSLConfigService* Get() = 0;
};
-#endif // CHROME_BROWSER_NET_SSL_CONFIG_SERVICE_MANAGER_H_
+} // namespace ssl_config
+#endif // COMPONENTS_SSL_CONFIG_SSL_CONFIG_SERVICE_MANAGER_H_
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/components/ssl_config/ssl_config_service_manager_pref.cc
similarity index 70%
rename from chrome/browser/net/ssl_config_service_manager_pref.cc
rename to components/ssl_config/ssl_config_service_manager_pref.cc
index 9a400ec..0f7329f 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/components/ssl_config/ssl_config_service_manager_pref.cc
@@ -1,7 +1,7 @@
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "chrome/browser/net/ssl_config_service_manager.h"
+#include "components/ssl_config/ssl_config_service_manager.h"
#include <algorithm>
#include <string>
@@ -14,16 +14,17 @@
#include "base/prefs/pref_member.h"
#include "base/prefs/pref_registry_simple.h"
#include "base/prefs/pref_service.h"
-#include "chrome/browser/chrome_notification_types.h"
-#include "chrome/common/chrome_switches.h"
-#include "chrome/common/pref_names.h"
+#include "base/single_thread_task_runner.h"
#include "components/content_settings/core/browser/content_settings_utils.h"
#include "components/content_settings/core/common/content_settings.h"
-#include "content/public/browser/browser_thread.h"
+#include "components/ssl_config/ssl_config_prefs.h"
+#include "components/ssl_config/ssl_config_switches.h"
#include "net/ssl/ssl_cipher_suite_names.h"
#include "net/ssl/ssl_config_service.h"
-using content::BrowserThread;
+namespace base {
+class SingleThreadTaskRunner;
+}
namespace {
@@ -54,8 +55,7 @@
it != cipher_strings.end(); ++it) {
uint16 cipher_suite = 0;
if (!net::ParseSSLCipherString(*it, &cipher_suite)) {
- LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: "
- << *it;
+ LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: " << *it;
continue;
}
cipher_suites.push_back(cipher_suite);
@@ -88,7 +88,8 @@
// change.
class SSLConfigServicePref : public net::SSLConfigService {
public:
- SSLConfigServicePref() {}
+ explicit SSLConfigServicePref(
+ const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner);
// Store SSL config settings in |config|. Must only be called from IO thread.
void GetSSLConfig(net::SSLConfig* config) override;
@@ -106,16 +107,21 @@
// Cached value of prefs, should only be accessed from IO thread.
net::SSLConfig cached_config_;
+ scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
+
DISALLOW_COPY_AND_ASSIGN(SSLConfigServicePref);
};
+SSLConfigServicePref::SSLConfigServicePref(
+ const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner)
+ : io_task_runner_(io_task_runner) {}
+
void SSLConfigServicePref::GetSSLConfig(net::SSLConfig* config) {
- DCHECK_CURRENTLY_ON(BrowserThread::IO);
+ DCHECK(io_task_runner_->BelongsToCurrentThread());
*config = cached_config_;
}
-void SSLConfigServicePref::SetNewSSLConfig(
- const net::SSLConfig& new_config) {
+void SSLConfigServicePref::SetNewSSLConfig(const net::SSLConfig& new_config) {
net::SSLConfig orig_config = cached_config_;
cached_config_ = new_config;
ProcessConfigUpdate(orig_config, new_config);
@@ -125,10 +131,11 @@
// SSLConfigServiceManagerPref
// The manager for holding and updating an SSLConfigServicePref instance.
-class SSLConfigServiceManagerPref
- : public SSLConfigServiceManager {
+class SSLConfigServiceManagerPref : public ssl_config::SSLConfigServiceManager {
public:
- explicit SSLConfigServiceManagerPref(PrefService* local_state);
+ SSLConfigServiceManagerPref(
+ PrefService* local_state,
+ const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner);
~SSLConfigServiceManagerPref() override {}
// Register local_state SSL preferences.
@@ -139,8 +146,7 @@
private:
// Callback for preference changes. This will post the changes to the IO
// thread with SetNewSSLConfig.
- void OnPreferenceChanged(PrefService* prefs,
- const std::string& pref_name);
+ void OnPreferenceChanged(PrefService* prefs, const std::string& pref_name);
// Store SSL config settings in |config|, directly from the preferences. Must
// only be called from UI thread.
@@ -164,35 +170,37 @@
scoped_refptr<SSLConfigServicePref> ssl_config_service_;
+ scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
+
DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
};
SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
- PrefService* local_state)
- : ssl_config_service_(new SSLConfigServicePref()) {
+ PrefService* local_state,
+ const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner)
+ : ssl_config_service_(new SSLConfigServicePref(io_task_runner)),
+ io_task_runner_(io_task_runner) {
DCHECK(local_state);
- PrefChangeRegistrar::NamedChangeCallback local_state_callback = base::Bind(
- &SSLConfigServiceManagerPref::OnPreferenceChanged,
- base::Unretained(this),
- local_state);
+ PrefChangeRegistrar::NamedChangeCallback local_state_callback =
+ base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
+ base::Unretained(this), local_state);
- rev_checking_enabled_.Init(
- prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback);
+ rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled,
+ local_state, local_state_callback);
rev_checking_required_local_anchors_.Init(
- prefs::kCertRevocationCheckingRequiredLocalAnchors,
- local_state,
- local_state_callback);
- ssl_version_min_.Init(
- prefs::kSSLVersionMin, local_state, local_state_callback);
- ssl_version_max_.Init(
- prefs::kSSLVersionMax, local_state, local_state_callback);
- ssl_version_fallback_min_.Init(
- prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
+ ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
+ local_state, local_state_callback);
+ ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state,
+ local_state_callback);
+ ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state,
+ local_state_callback);
+ ssl_version_fallback_min_.Init(ssl_config::prefs::kSSLVersionFallbackMin,
+ local_state, local_state_callback);
local_state_change_registrar_.Init(local_state);
- local_state_change_registrar_.Add(
- prefs::kCipherSuiteBlacklist, local_state_callback);
+ local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist,
+ local_state_callback);
OnDisabledCipherSuitesChange(local_state);
@@ -204,15 +212,19 @@
// static
void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
net::SSLConfig default_config;
- registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
- default_config.rev_checking_enabled);
registry->RegisterBooleanPref(
- prefs::kCertRevocationCheckingRequiredLocalAnchors,
+ ssl_config::prefs::kCertRevocationCheckingEnabled,
+ default_config.rev_checking_enabled);
+ registry->RegisterBooleanPref(
+ ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
default_config.rev_checking_required_local_anchors);
- registry->RegisterStringPref(prefs::kSSLVersionMin, std::string());
- registry->RegisterStringPref(prefs::kSSLVersionMax, std::string());
- registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string());
- registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
+ registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin,
+ std::string());
+ registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax,
+ std::string());
+ registry->RegisterStringPref(ssl_config::prefs::kSSLVersionFallbackMin,
+ std::string());
+ registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist);
}
net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
@@ -222,9 +234,8 @@
void SSLConfigServiceManagerPref::OnPreferenceChanged(
PrefService* prefs,
const std::string& pref_name_in) {
- DCHECK_CURRENTLY_ON(BrowserThread::UI);
DCHECK(prefs);
- if (pref_name_in == prefs::kCipherSuiteBlacklist)
+ if (pref_name_in == ssl_config::prefs::kCipherSuiteBlacklist)
OnDisabledCipherSuitesChange(prefs);
net::SSLConfig new_config;
@@ -232,13 +243,9 @@
// Post a task to |io_loop| with the new configuration, so it can
// update |cached_config_|.
- BrowserThread::PostTask(
- BrowserThread::IO,
- FROM_HERE,
- base::Bind(
- &SSLConfigServicePref::SetNewSSLConfig,
- ssl_config_service_.get(),
- new_config));
+ io_task_runner_->PostTask(FROM_HERE,
+ base::Bind(&SSLConfigServicePref::SetNewSSLConfig,
+ ssl_config_service_.get(), new_config));
}
void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
@@ -277,20 +284,23 @@
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
PrefService* local_state) {
const base::ListValue* value =
- local_state->GetList(prefs::kCipherSuiteBlacklist);
+ local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist);
disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
}
////////////////////////////////////////////////////////////////////////////////
// SSLConfigServiceManager
+namespace ssl_config {
// static
SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
- PrefService* local_state) {
- return new SSLConfigServiceManagerPref(local_state);
+ PrefService* local_state,
+ const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) {
+ return new SSLConfigServiceManagerPref(local_state, io_task_runner);
}
// static
void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
SSLConfigServiceManagerPref::RegisterPrefs(registry);
}
+} // namespace ssl_config
diff --git a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
new file mode 100644
index 0000000..85cbc20
--- /dev/null
+++ b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
@@ -0,0 +1,175 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/ssl_config/ssl_config_service_manager.h"
+
+#include "base/memory/ref_counted.h"
+#include "base/message_loop/message_loop.h"
+#include "base/prefs/testing_pref_service.h"
+#include "base/thread_task_runner_handle.h"
+#include "base/values.h"
+#include "components/ssl_config/ssl_config_prefs.h"
+#include "components/ssl_config/ssl_config_switches.h"
+#include "net/ssl/ssl_config.h"
+#include "net/ssl/ssl_config_service.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using base::ListValue;
+using net::SSLConfig;
+using net::SSLConfigService;
+using ssl_config::SSLConfigServiceManager;
+
+class SSLConfigServiceManagerPrefTest : public testing::Test {
+ public:
+ SSLConfigServiceManagerPrefTest() {}
+
+ protected:
+ base::MessageLoop message_loop_;
+};
+
+// Test channel id with no user prefs.
+TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
+ TestingPrefServiceSimple local_state;
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+ scoped_ptr<SSLConfigServiceManager> config_manager(
+ SSLConfigServiceManager::CreateDefaultManager(
+ &local_state, base::ThreadTaskRunnerHandle::Get()));
+ ASSERT_TRUE(config_manager.get());
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+ ASSERT_TRUE(config_service.get());
+
+ SSLConfig config;
+ config_service->GetSSLConfig(&config);
+ EXPECT_TRUE(config.channel_id_enabled);
+}
+
+// Test that cipher suites can be disabled. "Good" refers to the fact that
+// every value is expected to be successfully parsed into a cipher suite.
+TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
+ TestingPrefServiceSimple local_state;
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+ scoped_ptr<SSLConfigServiceManager> config_manager(
+ SSLConfigServiceManager::CreateDefaultManager(
+ &local_state, base::ThreadTaskRunnerHandle::Get()));
+ ASSERT_TRUE(config_manager.get());
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+ ASSERT_TRUE(config_service.get());
+
+ SSLConfig old_config;
+ config_service->GetSSLConfig(&old_config);
+ EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
+
+ base::ListValue* list_value = new base::ListValue();
+ list_value->Append(new base::StringValue("0x0004"));
+ list_value->Append(new base::StringValue("0x0005"));
+ local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value);
+
+ // Pump the message loop to notify the SSLConfigServiceManagerPref that the
+ // preferences changed.
+ message_loop_.RunUntilIdle();
+
+ SSLConfig config;
+ config_service->GetSSLConfig(&config);
+
+ EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
+ ASSERT_EQ(2u, config.disabled_cipher_suites.size());
+ EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
+ EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
+}
+
+// Test that cipher suites can be disabled. "Bad" refers to the fact that
+// there are one or more non-cipher suite strings in the preference. They
+// should be ignored.
+TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
+ TestingPrefServiceSimple local_state;
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+ scoped_ptr<SSLConfigServiceManager> config_manager(
+ SSLConfigServiceManager::CreateDefaultManager(
+ &local_state, base::ThreadTaskRunnerHandle::Get()));
+ ASSERT_TRUE(config_manager.get());
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+ ASSERT_TRUE(config_service.get());
+
+ SSLConfig old_config;
+ config_service->GetSSLConfig(&old_config);
+ EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
+
+ base::ListValue* list_value = new base::ListValue();
+ list_value->Append(new base::StringValue("0x0004"));
+ list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
+ list_value->Append(new base::StringValue("0x0005"));
+ list_value->Append(new base::StringValue("0xBEEFY"));
+ local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value);
+
+ // Pump the message loop to notify the SSLConfigServiceManagerPref that the
+ // preferences changed.
+ message_loop_.RunUntilIdle();
+
+ SSLConfig config;
+ config_service->GetSSLConfig(&config);
+
+ EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
+ ASSERT_EQ(2u, config.disabled_cipher_suites.size());
+ EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
+ EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
+}
+
+// Test that without command-line settings for minimum and maximum SSL versions,
+// TLS versions from 1.0 up to 1.1 or 1.2 are enabled.
+TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
+ scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
+ TestingPrefServiceSimple local_state;
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+ scoped_ptr<SSLConfigServiceManager> config_manager(
+ SSLConfigServiceManager::CreateDefaultManager(
+ &local_state, base::ThreadTaskRunnerHandle::Get()));
+ ASSERT_TRUE(config_manager.get());
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+ ASSERT_TRUE(config_service.get());
+
+ SSLConfig ssl_config;
+ config_service->GetSSLConfig(&ssl_config);
+ // In the absence of command-line options, the default TLS version range is
+ // enabled.
+ EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min);
+ EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max);
+
+ // The settings should not be added to the local_state.
+ EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMin));
+ EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMax));
+
+ // Explicitly double-check the settings are not in the preference store.
+ std::string version_min_str;
+ std::string version_max_str;
+ EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMin,
+ &version_min_str));
+ EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMax,
+ &version_max_str));
+}
+
+// Tests that "ssl3" is not treated as a valid minimum version.
+TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
+ scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
+
+ TestingPrefServiceSimple local_state;
+ local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin,
+ new base::StringValue("ssl3"));
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+ scoped_ptr<SSLConfigServiceManager> config_manager(
+ SSLConfigServiceManager::CreateDefaultManager(
+ &local_state, base::ThreadTaskRunnerHandle::Get()));
+ ASSERT_TRUE(config_manager.get());
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+ ASSERT_TRUE(config_service.get());
+
+ SSLConfig ssl_config;
+ config_service->GetSSLConfig(&ssl_config);
+ // The command-line option must not have been honored.
+ EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
+}
diff --git a/components/ssl_config/ssl_config_switches.cc b/components/ssl_config/ssl_config_switches.cc
new file mode 100644
index 0000000..139593e5
--- /dev/null
+++ b/components/ssl_config/ssl_config_switches.cc
@@ -0,0 +1,25 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/ssl_config/ssl_config_switches.h"
+
+namespace switches {
+
+// Specifies the maximum SSL/TLS version ("tls1", "tls1.1", or "tls1.2").
+const char kSSLVersionMax[] = "ssl-version-max";
+
+// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2").
+const char kSSLVersionMin[] = "ssl-version-min";
+
+// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
+// TLS fallback will accept.
+const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
+
+// These values aren't switches, but rather the values that kSSLVersionMax,
+// kSSLVersionMin and kSSLVersionFallbackMin can have.
+const char kSSLVersionTLSv1[] = "tls1";
+const char kSSLVersionTLSv11[] = "tls1.1";
+const char kSSLVersionTLSv12[] = "tls1.2";
+
+} // namespace switches
diff --git a/components/ssl_config/ssl_config_switches.h b/components/ssl_config/ssl_config_switches.h
new file mode 100644
index 0000000..fc8d437f
--- /dev/null
+++ b/components/ssl_config/ssl_config_switches.h
@@ -0,0 +1,19 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SSL_CONFIG_SSL_CONFIG_SWITCHES_H_
+#define COMPONENTS_SSL_CONFIG_SSL_CONFIG_SWITCHES_H_
+
+namespace switches {
+
+extern const char kSSLVersionMax[];
+extern const char kSSLVersionMin[];
+extern const char kSSLVersionFallbackMin[];
+extern const char kSSLVersionTLSv1[];
+extern const char kSSLVersionTLSv11[];
+extern const char kSSLVersionTLSv12[];
+
+} // namespace switches
+
+#endif // COMPONENTS_SSL_CONFIG_SSL_CONFIG_SWITCHES_H_
