net/ssl/ssl_config_service.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/ssl/ssl_config_service.h"
   6
   7 #include "base/lazy_instance.h"
   8 #include "base/synchronization/lock.h"
   9 #include "net/ssl/ssl_config_service_defaults.h"
  10
  11 namespace net {
  12
  13 SSLConfigService::SSLConfigService()
  14     : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) {
  15 }
  16
  17 // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock
  18 // around a scoped_refptr so that getting a reference doesn't race with
  19 // updating the CRLSet.
  20 class GlobalCRLSet {
  21  public:
  22   void Set(const scoped_refptr<CRLSet>& new_crl_set) {
  23     base::AutoLock locked(lock_);
  24     crl_set_ = new_crl_set;
  25   }
  26
  27   scoped_refptr<CRLSet> Get() const {
  28     base::AutoLock locked(lock_);
  29     return crl_set_;
  30   }
  31
  32  private:
  33   scoped_refptr<CRLSet> crl_set_;
  34   mutable base::Lock lock_;
  35 };
  36
  37 base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER;
  38
  39 // static
  40 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) {
  41   // Note: this can be called concurently with GetCRLSet().
  42   g_crl_set.Get().Set(crl_set);
  43 }
  44
  45 // static
  46 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() {
  47   return g_crl_set.Get().Get();
  48 }
  49
  50 void SSLConfigService::AddObserver(Observer* observer) {
  51   observer_list_.AddObserver(observer);
  52 }
  53
  54 void SSLConfigService::RemoveObserver(Observer* observer) {
  55   observer_list_.RemoveObserver(observer);
  56 }
  57
  58 void SSLConfigService::NotifySSLConfigChange() {
  59   FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged());
  60 }
  61
  62 SSLConfigService::~SSLConfigService() {
  63 }
  64
  65 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
  66                                            const SSLConfig& new_config) {
  67   bool config_changed =
  68       (orig_config.rev_checking_enabled != new_config.rev_checking_enabled) ||
  69       (orig_config.rev_checking_required_local_anchors !=
  70        new_config.rev_checking_required_local_anchors) ||
  71       (orig_config.version_min != new_config.version_min) ||
  72       (orig_config.version_max != new_config.version_max) ||
  73       (orig_config.disabled_cipher_suites !=
  74        new_config.disabled_cipher_suites) ||
  75       (orig_config.channel_id_enabled != new_config.channel_id_enabled) ||
  76       (orig_config.false_start_enabled != new_config.false_start_enabled) ||
  77       (orig_config.require_forward_secrecy !=
  78        new_config.require_forward_secrecy);
  79
  80   if (config_changed)
  81     NotifySSLConfigChange();
  82 }
  83
  84 // static
  85 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) {
  86   if (!service)
  87     return false;
  88
  89   SSLConfig ssl_config;
  90   service->GetSSLConfig(&ssl_config);
  91   return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1;
  92 }
  93
  94 }  // namespace net