1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SSL_SSL_CONFIG_SERVICE_H_
6#define NET_SSL_SSL_CONFIG_SERVICE_H_
7
8#include <vector>
9
10#include "base/memory/ref_counted.h"
11#include "base/observer_list.h"
12#include "net/base/net_export.h"
13#include "net/cert/crl_set.h"
14#include "net/ssl/ssl_config.h"
15
16namespace net {
17
18// The interface for retrieving the SSL configuration.  This interface
19// does not cover setting the SSL configuration, as on some systems, the
20// SSLConfigService objects may not have direct access to the configuration, or
21// live longer than the configuration preferences.
22class NET_EXPORT SSLConfigService
23    : public base::RefCountedThreadSafe<SSLConfigService> {
24 public:
25  // Observer is notified when SSL config settings have changed.
26  class NET_EXPORT Observer {
27   public:
28    // Notify observers if SSL settings have changed.  We don't check all of the
29    // data in SSLConfig, just those that qualify as a user config change.
30    // The following settings are considered user changes:
31    //     rev_checking_enabled
32    //     version_min
33    //     version_max
34    //     disabled_cipher_suites
35    //     channel_id_enabled
36    //     false_start_enabled
37    //     require_forward_secrecy
38    virtual void OnSSLConfigChanged() = 0;
39
40   protected:
41    virtual ~Observer() {}
42  };
43
44  SSLConfigService();
45
46  // May not be thread-safe, should only be called on the IO thread.
47  virtual void GetSSLConfig(SSLConfig* config) = 0;
48
49  // Sets and gets the current, global CRL set.
50  static void SetCRLSet(scoped_refptr<CRLSet> crl_set);
51  static scoped_refptr<CRLSet> GetCRLSet();
52
53  // Add an observer of this service.
54  void AddObserver(Observer* observer);
55
56  // Remove an observer of this service.
57  void RemoveObserver(Observer* observer);
58
59  // Calls the OnSSLConfigChanged method of registered observers. Should only be
60  // called on the IO thread.
61  void NotifySSLConfigChange();
62
63 protected:
64  friend class base::RefCountedThreadSafe<SSLConfigService>;
65
66  virtual ~SSLConfigService();
67
68  // Process before/after config update.
69  void ProcessConfigUpdate(const SSLConfig& orig_config,
70                           const SSLConfig& new_config);
71
72 private:
73  ObserverList<Observer> observer_list_;
74};
75
76}  // namespace net
77
78#endif  // NET_SSL_SSL_CONFIG_SERVICE_H_
79