1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4#include "chrome/browser/net/ssl_config_service_manager.h"
5
6#include <algorithm>
7#include <string>
8#include <vector>
9
10#include "base/basictypes.h"
11#include "base/bind.h"
12#include "base/prefs/pref_change_registrar.h"
13#include "base/prefs/pref_member.h"
14#include "base/prefs/pref_registry_simple.h"
15#include "base/prefs/pref_service.h"
16#include "chrome/browser/chrome_notification_types.h"
17#include "chrome/browser/content_settings/content_settings_utils.h"
18#include "chrome/common/pref_names.h"
19#include "components/content_settings/core/common/content_settings.h"
20#include "content/public/browser/browser_thread.h"
21#include "net/ssl/ssl_cipher_suite_names.h"
22#include "net/ssl/ssl_config_service.h"
23
24using content::BrowserThread;
25
26namespace {
27
28// Converts a ListValue of StringValues into a vector of strings. Any Values
29// which cannot be converted will be skipped.
30std::vector<std::string> ListValueToStringVector(const base::ListValue* value) {
31  std::vector<std::string> results;
32  results.reserve(value->GetSize());
33  std::string s;
34  for (base::ListValue::const_iterator it = value->begin(); it != value->end();
35       ++it) {
36    if (!(*it)->GetAsString(&s))
37      continue;
38    results.push_back(s);
39  }
40  return results;
41}
42
43// Parses a vector of cipher suite strings, returning a sorted vector
44// containing the underlying SSL/TLS cipher suites. Unrecognized/invalid
45// cipher suites will be ignored.
46std::vector<uint16> ParseCipherSuites(
47    const std::vector<std::string>& cipher_strings) {
48  std::vector<uint16> cipher_suites;
49  cipher_suites.reserve(cipher_strings.size());
50
51  for (std::vector<std::string>::const_iterator it = cipher_strings.begin();
52       it != cipher_strings.end(); ++it) {
53    uint16 cipher_suite = 0;
54    if (!net::ParseSSLCipherString(*it, &cipher_suite)) {
55      LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: "
56                 << *it;
57      continue;
58    }
59    cipher_suites.push_back(cipher_suite);
60  }
61  std::sort(cipher_suites.begin(), cipher_suites.end());
62  return cipher_suites;
63}
64
65// Returns the string representation of an SSL protocol version. Returns an
66// empty string on error.
67std::string SSLProtocolVersionToString(uint16 version) {
68  switch (version) {
69    case net::SSL_PROTOCOL_VERSION_SSL3:
70      return "ssl3";
71    case net::SSL_PROTOCOL_VERSION_TLS1:
72      return "tls1";
73    case net::SSL_PROTOCOL_VERSION_TLS1_1:
74      return "tls1.1";
75    case net::SSL_PROTOCOL_VERSION_TLS1_2:
76      return "tls1.2";
77    default:
78      NOTREACHED();
79      return std::string();
80  }
81}
82
83// Returns the SSL protocol version (as a uint16) represented by a string.
84// Returns 0 if the string is invalid.
85uint16 SSLProtocolVersionFromString(const std::string& version_str) {
86  uint16 version = 0;  // Invalid.
87  if (version_str == "ssl3") {
88    version = net::SSL_PROTOCOL_VERSION_SSL3;
89  } else if (version_str == "tls1") {
90    version = net::SSL_PROTOCOL_VERSION_TLS1;
91  } else if (version_str == "tls1.1") {
92    version = net::SSL_PROTOCOL_VERSION_TLS1_1;
93  } else if (version_str == "tls1.2") {
94    version = net::SSL_PROTOCOL_VERSION_TLS1_2;
95  }
96  return version;
97}
98
99}  // namespace
100
101////////////////////////////////////////////////////////////////////////////////
102//  SSLConfigServicePref
103
104// An SSLConfigService which stores a cached version of the current SSLConfig
105// prefs, which are updated by SSLConfigServiceManagerPref when the prefs
106// change.
107class SSLConfigServicePref : public net::SSLConfigService {
108 public:
109  SSLConfigServicePref() {}
110
111  // Store SSL config settings in |config|. Must only be called from IO thread.
112  virtual void GetSSLConfig(net::SSLConfig* config) OVERRIDE;
113
114 private:
115  // Allow the pref watcher to update our internal state.
116  friend class SSLConfigServiceManagerPref;
117
118  virtual ~SSLConfigServicePref() {}
119
120  // This method is posted to the IO thread from the browser thread to carry the
121  // new config information.
122  void SetNewSSLConfig(const net::SSLConfig& new_config);
123
124  // Cached value of prefs, should only be accessed from IO thread.
125  net::SSLConfig cached_config_;
126
127  DISALLOW_COPY_AND_ASSIGN(SSLConfigServicePref);
128};
129
130void SSLConfigServicePref::GetSSLConfig(net::SSLConfig* config) {
131  *config = cached_config_;
132}
133
134void SSLConfigServicePref::SetNewSSLConfig(
135    const net::SSLConfig& new_config) {
136  net::SSLConfig orig_config = cached_config_;
137  cached_config_ = new_config;
138  ProcessConfigUpdate(orig_config, new_config);
139}
140
141////////////////////////////////////////////////////////////////////////////////
142//  SSLConfigServiceManagerPref
143
144// The manager for holding and updating an SSLConfigServicePref instance.
145class SSLConfigServiceManagerPref
146    : public SSLConfigServiceManager {
147 public:
148  explicit SSLConfigServiceManagerPref(PrefService* local_state);
149  virtual ~SSLConfigServiceManagerPref() {}
150
151  // Register local_state SSL preferences.
152  static void RegisterPrefs(PrefRegistrySimple* registry);
153
154  virtual net::SSLConfigService* Get() OVERRIDE;
155
156 private:
157  // Callback for preference changes.  This will post the changes to the IO
158  // thread with SetNewSSLConfig.
159  void OnPreferenceChanged(PrefService* prefs,
160                           const std::string& pref_name);
161
162  // Store SSL config settings in |config|, directly from the preferences. Must
163  // only be called from UI thread.
164  void GetSSLConfigFromPrefs(net::SSLConfig* config);
165
166  // Processes changes to the disabled cipher suites preference, updating the
167  // cached list of parsed SSL/TLS cipher suites that are disabled.
168  void OnDisabledCipherSuitesChange(PrefService* local_state);
169
170  PrefChangeRegistrar local_state_change_registrar_;
171
172  // The local_state prefs (should only be accessed from UI thread)
173  BooleanPrefMember rev_checking_enabled_;
174  BooleanPrefMember rev_checking_required_local_anchors_;
175  StringPrefMember ssl_version_min_;
176  StringPrefMember ssl_version_max_;
177  StringPrefMember ssl_version_fallback_min_;
178  BooleanPrefMember ssl_record_splitting_disabled_;
179
180  // The cached list of disabled SSL cipher suites.
181  std::vector<uint16> disabled_cipher_suites_;
182
183  scoped_refptr<SSLConfigServicePref> ssl_config_service_;
184
185  DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
186};
187
188SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
189    PrefService* local_state)
190    : ssl_config_service_(new SSLConfigServicePref()) {
191  DCHECK(local_state);
192
193  PrefChangeRegistrar::NamedChangeCallback local_state_callback = base::Bind(
194      &SSLConfigServiceManagerPref::OnPreferenceChanged,
195      base::Unretained(this),
196      local_state);
197
198  rev_checking_enabled_.Init(
199      prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback);
200  rev_checking_required_local_anchors_.Init(
201      prefs::kCertRevocationCheckingRequiredLocalAnchors,
202      local_state,
203      local_state_callback);
204  ssl_version_min_.Init(
205      prefs::kSSLVersionMin, local_state, local_state_callback);
206  ssl_version_max_.Init(
207      prefs::kSSLVersionMax, local_state, local_state_callback);
208  ssl_version_fallback_min_.Init(
209      prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
210  ssl_record_splitting_disabled_.Init(
211      prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
212
213  local_state_change_registrar_.Init(local_state);
214  local_state_change_registrar_.Add(
215      prefs::kCipherSuiteBlacklist, local_state_callback);
216
217  OnDisabledCipherSuitesChange(local_state);
218
219  // Initialize from UI thread.  This is okay as there shouldn't be anything on
220  // the IO thread trying to access it yet.
221  GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
222}
223
224// static
225void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
226  net::SSLConfig default_config;
227  registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
228                                default_config.rev_checking_enabled);
229  registry->RegisterBooleanPref(
230      prefs::kCertRevocationCheckingRequiredLocalAnchors,
231      default_config.rev_checking_required_local_anchors);
232  std::string version_min_str =
233      SSLProtocolVersionToString(default_config.version_min);
234  std::string version_max_str =
235      SSLProtocolVersionToString(default_config.version_max);
236  std::string version_fallback_min_str =
237      SSLProtocolVersionToString(default_config.version_fallback_min);
238  registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
239  registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
240  registry->RegisterStringPref(prefs::kSSLVersionFallbackMin,
241                               version_fallback_min_str);
242  registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
243                                !default_config.false_start_enabled);
244  registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
245}
246
247net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
248  return ssl_config_service_.get();
249}
250
251void SSLConfigServiceManagerPref::OnPreferenceChanged(
252    PrefService* prefs,
253    const std::string& pref_name_in) {
254  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
255  DCHECK(prefs);
256  if (pref_name_in == prefs::kCipherSuiteBlacklist)
257    OnDisabledCipherSuitesChange(prefs);
258
259  net::SSLConfig new_config;
260  GetSSLConfigFromPrefs(&new_config);
261
262  // Post a task to |io_loop| with the new configuration, so it can
263  // update |cached_config_|.
264  BrowserThread::PostTask(
265      BrowserThread::IO,
266      FROM_HERE,
267      base::Bind(
268          &SSLConfigServicePref::SetNewSSLConfig,
269          ssl_config_service_.get(),
270          new_config));
271}
272
273void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
274    net::SSLConfig* config) {
275  // rev_checking_enabled was formerly a user-settable preference, but now
276  // it is managed-only.
277  if (rev_checking_enabled_.IsManaged())
278    config->rev_checking_enabled = rev_checking_enabled_.GetValue();
279  else
280    config->rev_checking_enabled = false;
281  config->rev_checking_required_local_anchors =
282      rev_checking_required_local_anchors_.GetValue();
283  std::string version_min_str = ssl_version_min_.GetValue();
284  std::string version_max_str = ssl_version_max_.GetValue();
285  std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue();
286  config->version_min = net::kDefaultSSLVersionMin;
287  config->version_max = net::kDefaultSSLVersionMax;
288  config->version_fallback_min = net::kDefaultSSLVersionFallbackMin;
289  uint16 version_min = SSLProtocolVersionFromString(version_min_str);
290  uint16 version_max = SSLProtocolVersionFromString(version_max_str);
291  uint16 version_fallback_min =
292      SSLProtocolVersionFromString(version_fallback_min_str);
293  if (version_min) {
294    // TODO(wtc): get the minimum SSL protocol version supported by the
295    // SSLClientSocket class. Right now it happens to be the same as the
296    // default minimum SSL protocol version because we enable all supported
297    // versions by default.
298    uint16 supported_version_min = config->version_min;
299    config->version_min = std::max(supported_version_min, version_min);
300  }
301  if (version_max) {
302    // TODO(wtc): get the maximum SSL protocol version supported by the
303    // SSLClientSocket class.
304    uint16 supported_version_max = config->version_max;
305    config->version_max = std::min(supported_version_max, version_max);
306  }
307  if (version_fallback_min) {
308    config->version_fallback_min = version_fallback_min;
309  }
310  config->disabled_cipher_suites = disabled_cipher_suites_;
311  // disabling False Start also happens to disable record splitting.
312  config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
313}
314
315void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
316    PrefService* local_state) {
317  const base::ListValue* value =
318      local_state->GetList(prefs::kCipherSuiteBlacklist);
319  disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
320}
321
322////////////////////////////////////////////////////////////////////////////////
323//  SSLConfigServiceManager
324
325// static
326SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
327    PrefService* local_state) {
328  return new SSLConfigServiceManagerPref(local_state);
329}
330
331// static
332void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
333  SSLConfigServiceManagerPref::RegisterPrefs(registry);
334}
335