summaryrefslogtreecommitdiff
path: root/chromium/components/ssl_config
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/components/ssl_config')
-rw-r--r--chromium/components/ssl_config/BUILD.gn38
-rw-r--r--chromium/components/ssl_config/DEPS9
-rw-r--r--chromium/components/ssl_config/OWNERS5
-rw-r--r--chromium/components/ssl_config/ssl_config_prefs.cc23
-rw-r--r--chromium/components/ssl_config/ssl_config_prefs.h23
-rw-r--r--chromium/components/ssl_config/ssl_config_service_manager.h45
-rw-r--r--chromium/components/ssl_config/ssl_config_service_manager_pref.cc351
-rw-r--r--chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc474
-rw-r--r--chromium/components/ssl_config/ssl_config_switches.cc30
-rw-r--r--chromium/components/ssl_config/ssl_config_switches.h22
10 files changed, 0 insertions, 1020 deletions
diff --git a/chromium/components/ssl_config/BUILD.gn b/chromium/components/ssl_config/BUILD.gn
deleted file mode 100644
index 4f3bca7933f..00000000000
--- a/chromium/components/ssl_config/BUILD.gn
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-static_library("ssl_config") {
- sources = [
- "ssl_config_prefs.cc",
- "ssl_config_prefs.h",
- "ssl_config_service_manager.h",
- "ssl_config_service_manager_pref.cc",
- "ssl_config_switches.cc",
- "ssl_config_switches.h",
- ]
-
- deps = [
- "//base",
- "//components/content_settings/core/browser",
- "//components/content_settings/core/common",
- "//components/prefs",
- "//net",
- ]
-}
-
-source_set("unit_tests") {
- testonly = true
- sources = [
- "ssl_config_service_manager_pref_unittest.cc",
- ]
- deps = [
- ":ssl_config",
- "//base",
- "//base/test:test_support",
- "//components/prefs:test_support",
- "//components/variations:test_support",
- "//net",
- "//testing/gtest",
- ]
-}
diff --git a/chromium/components/ssl_config/DEPS b/chromium/components/ssl_config/DEPS
deleted file mode 100644
index 35579bbf62b..00000000000
--- a/chromium/components/ssl_config/DEPS
+++ /dev/null
@@ -1,9 +0,0 @@
-include_rules = [
- "+components/content_settings/core/browser",
- "+components/content_settings/core/common",
- "+components/prefs",
- "+components/variations",
- "+net/socket",
- "+net/ssl",
-]
-
diff --git a/chromium/components/ssl_config/OWNERS b/chromium/components/ssl_config/OWNERS
deleted file mode 100644
index 019db92cacc..00000000000
--- a/chromium/components/ssl_config/OWNERS
+++ /dev/null
@@ -1,5 +0,0 @@
-agl@chromium.org
-davidben@chromium.org
-rsleevi@chromium.org
-
-# COMPONENT: Internals>Network>SSL
diff --git a/chromium/components/ssl_config/ssl_config_prefs.cc b/chromium/components/ssl_config/ssl_config_prefs.cc
deleted file mode 100644
index 790159d7228..00000000000
--- a/chromium/components/ssl_config/ssl_config_prefs.cc
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/ssl_config/ssl_config_prefs.h"
-
-namespace ssl_config {
-namespace prefs {
-
-// Prefs for SSLConfigServicePref.
-const char kCertRevocationCheckingEnabled[] = "ssl.rev_checking.enabled";
-const char kCertRevocationCheckingRequiredLocalAnchors[] =
- "ssl.rev_checking.required_for_local_anchors";
-const char kCertEnableSha1LocalAnchors[] = "ssl.sha1_enabled_for_local_anchors";
-const char kCertEnableSymantecLegacyInfrastructure[] =
- "ssl.enable_symantec_legacy_infrastructure";
-const char kSSLVersionMin[] = "ssl.version_min";
-const char kSSLVersionMax[] = "ssl.version_max";
-const char kTLS13Variant[] = "ssl.tls13_variant";
-const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist";
-
-} // namespace prefs
-} // namespace ssl_config
diff --git a/chromium/components/ssl_config/ssl_config_prefs.h b/chromium/components/ssl_config/ssl_config_prefs.h
deleted file mode 100644
index 3f3b8b83960..00000000000
--- a/chromium/components/ssl_config/ssl_config_prefs.h
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_SSL_CONFIG_SSL_CONFIG_PREFS_H_
-#define COMPONENTS_SSL_CONFIG_SSL_CONFIG_PREFS_H_
-
-namespace ssl_config {
-namespace prefs {
-
-extern const char kCertRevocationCheckingEnabled[];
-extern const char kCertRevocationCheckingRequiredLocalAnchors[];
-extern const char kCertEnableSha1LocalAnchors[];
-extern const char kCertEnableSymantecLegacyInfrastructure[];
-extern const char kSSLVersionMin[];
-extern const char kSSLVersionMax[];
-extern const char kTLS13Variant[];
-extern const char kCipherSuiteBlacklist[];
-
-} // namespace prefs
-} // namespace ssl_config
-
-#endif // COMPONENTS_SSL_CONFIG_SSL_CONFIG_PREFS_H_
diff --git a/chromium/components/ssl_config/ssl_config_service_manager.h b/chromium/components/ssl_config/ssl_config_service_manager.h
deleted file mode 100644
index 30bc1c08959..00000000000
--- a/chromium/components/ssl_config/ssl_config_service_manager.h
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_SSL_CONFIG_SSL_CONFIG_SERVICE_MANAGER_H_
-#define COMPONENTS_SSL_CONFIG_SSL_CONFIG_SERVICE_MANAGER_H_
-
-#include "base/memory/ref_counted.h"
-
-namespace base {
-class SingleThreadTaskRunner;
-}
-
-namespace net {
-class SSLConfigService;
-} // namespace net
-
-class PrefService;
-class PrefRegistrySimple;
-
-namespace ssl_config {
-
-// An interface for creating SSLConfigService objects.
-class SSLConfigServiceManager {
- public:
- // Create an instance of the SSLConfigServiceManager. The lifetime of the
- // PrefService objects must be longer than that of the manager. Get SSL
- // preferences from local_state object.
- static SSLConfigServiceManager* CreateDefaultManager(
- PrefService* local_state,
- const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner);
-
- static void RegisterPrefs(PrefRegistrySimple* registry);
-
- virtual ~SSLConfigServiceManager() {}
-
- // Get an SSLConfigService instance. It may be a new instance or the manager
- // may return the same instance multiple times.
- // The caller should hold a reference as long as it needs the instance (eg,
- // using scoped_refptr.)
- virtual net::SSLConfigService* Get() = 0;
-};
-
-} // namespace ssl_config
-#endif // COMPONENTS_SSL_CONFIG_SSL_CONFIG_SERVICE_MANAGER_H_
diff --git a/chromium/components/ssl_config/ssl_config_service_manager_pref.cc b/chromium/components/ssl_config/ssl_config_service_manager_pref.cc
deleted file mode 100644
index bd0ba311df2..00000000000
--- a/chromium/components/ssl_config/ssl_config_service_manager_pref.cc
+++ /dev/null
@@ -1,351 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#include "components/ssl_config/ssl_config_service_manager.h"
-
-#include <stdint.h>
-
-#include <algorithm>
-#include <string>
-#include <vector>
-
-#include "base/bind.h"
-#include "base/location.h"
-#include "base/macros.h"
-#include "base/metrics/field_trial_params.h"
-#include "base/single_thread_task_runner.h"
-#include "base/strings/string_util.h"
-#include "base/values.h"
-#include "components/content_settings/core/browser/content_settings_utils.h"
-#include "components/content_settings/core/common/content_settings.h"
-#include "components/prefs/pref_change_registrar.h"
-#include "components/prefs/pref_member.h"
-#include "components/prefs/pref_registry_simple.h"
-#include "components/prefs/pref_service.h"
-#include "components/ssl_config/ssl_config_prefs.h"
-#include "components/ssl_config/ssl_config_switches.h"
-#include "net/ssl/ssl_cipher_suite_names.h"
-#include "net/ssl/ssl_config_service.h"
-
-namespace base {
-class SingleThreadTaskRunner;
-}
-
-namespace {
-
-// Converts a ListValue of StringValues into a vector of strings. Any Values
-// which cannot be converted will be skipped.
-std::vector<std::string> ListValueToStringVector(const base::ListValue* value) {
- std::vector<std::string> results;
- results.reserve(value->GetSize());
- std::string s;
- for (base::ListValue::const_iterator it = value->begin(); it != value->end();
- ++it) {
- if (!it->GetAsString(&s))
- continue;
- results.push_back(s);
- }
- return results;
-}
-
-// Parses a vector of cipher suite strings, returning a sorted vector
-// containing the underlying SSL/TLS cipher suites. Unrecognized/invalid
-// cipher suites will be ignored.
-std::vector<uint16_t> ParseCipherSuites(
- const std::vector<std::string>& cipher_strings) {
- std::vector<uint16_t> cipher_suites;
- cipher_suites.reserve(cipher_strings.size());
-
- for (std::vector<std::string>::const_iterator it = cipher_strings.begin();
- it != cipher_strings.end(); ++it) {
- uint16_t cipher_suite = 0;
- if (!net::ParseSSLCipherString(*it, &cipher_suite)) {
- LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: " << *it;
- continue;
- }
- cipher_suites.push_back(cipher_suite);
- }
- std::sort(cipher_suites.begin(), cipher_suites.end());
- return cipher_suites;
-}
-
-// Returns the SSL protocol version (as a uint16_t) represented by a string.
-// Returns 0 if the string is invalid.
-uint16_t SSLProtocolVersionFromString(const std::string& version_str) {
- uint16_t version = 0; // Invalid.
- if (version_str == switches::kSSLVersionTLSv1) {
- version = net::SSL_PROTOCOL_VERSION_TLS1;
- } else if (version_str == switches::kSSLVersionTLSv11) {
- version = net::SSL_PROTOCOL_VERSION_TLS1_1;
- } else if (version_str == switches::kSSLVersionTLSv12) {
- version = net::SSL_PROTOCOL_VERSION_TLS1_2;
- } else if (version_str == switches::kSSLVersionTLSv13) {
- version = net::SSL_PROTOCOL_VERSION_TLS1_3;
- }
- return version;
-}
-
-const char kTLS13VariantExperimentName[] = "TLS13Variant";
-
-} // namespace
-
-////////////////////////////////////////////////////////////////////////////////
-// SSLConfigServicePref
-
-// An SSLConfigService which stores a cached version of the current SSLConfig
-// prefs, which are updated by SSLConfigServiceManagerPref when the prefs
-// change.
-class SSLConfigServicePref : public net::SSLConfigService {
- public:
- explicit SSLConfigServicePref(
- const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner);
-
- // Store SSL config settings in |config|. Must only be called from IO thread.
- void GetSSLConfig(net::SSLConfig* config) override;
-
- private:
- // Allow the pref watcher to update our internal state.
- friend class SSLConfigServiceManagerPref;
-
- ~SSLConfigServicePref() override {}
-
- // This method is posted to the IO thread from the browser thread to carry the
- // new config information.
- void SetNewSSLConfig(const net::SSLConfig& new_config);
-
- // Cached value of prefs, should only be accessed from IO thread.
- net::SSLConfig cached_config_;
-
- scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
-
- DISALLOW_COPY_AND_ASSIGN(SSLConfigServicePref);
-};
-
-SSLConfigServicePref::SSLConfigServicePref(
- const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner)
- : io_task_runner_(io_task_runner) {}
-
-void SSLConfigServicePref::GetSSLConfig(net::SSLConfig* config) {
- DCHECK(io_task_runner_->BelongsToCurrentThread());
- *config = cached_config_;
-}
-
-void SSLConfigServicePref::SetNewSSLConfig(const net::SSLConfig& new_config) {
- net::SSLConfig orig_config = cached_config_;
- cached_config_ = new_config;
- ProcessConfigUpdate(orig_config, new_config);
-}
-
-////////////////////////////////////////////////////////////////////////////////
-// SSLConfigServiceManagerPref
-
-// The manager for holding and updating an SSLConfigServicePref instance.
-class SSLConfigServiceManagerPref : public ssl_config::SSLConfigServiceManager {
- public:
- SSLConfigServiceManagerPref(
- PrefService* local_state,
- const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner);
- ~SSLConfigServiceManagerPref() override {}
-
- // Register local_state SSL preferences.
- static void RegisterPrefs(PrefRegistrySimple* registry);
-
- net::SSLConfigService* Get() override;
-
- private:
- // Callback for preference changes. This will post the changes to the IO
- // thread with SetNewSSLConfig.
- void OnPreferenceChanged(PrefService* prefs, const std::string& pref_name);
-
- // Store SSL config settings in |config|, directly from the preferences. Must
- // only be called from UI thread.
- void GetSSLConfigFromPrefs(net::SSLConfig* config);
-
- // Processes changes to the disabled cipher suites preference, updating the
- // cached list of parsed SSL/TLS cipher suites that are disabled.
- void OnDisabledCipherSuitesChange(PrefService* local_state);
-
- PrefChangeRegistrar local_state_change_registrar_;
-
- // The local_state prefs (should only be accessed from UI thread)
- BooleanPrefMember rev_checking_enabled_;
- BooleanPrefMember rev_checking_required_local_anchors_;
- BooleanPrefMember sha1_local_anchors_enabled_;
- BooleanPrefMember symantec_legacy_infrastructure_enabled_;
- StringPrefMember ssl_version_min_;
- StringPrefMember ssl_version_max_;
- StringPrefMember tls13_variant_;
-
- // The cached list of disabled SSL cipher suites.
- std::vector<uint16_t> disabled_cipher_suites_;
-
- scoped_refptr<SSLConfigServicePref> ssl_config_service_;
-
- scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
-
- DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
-};
-
-SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
- PrefService* local_state,
- const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner)
- : ssl_config_service_(new SSLConfigServicePref(io_task_runner)),
- io_task_runner_(io_task_runner) {
- DCHECK(local_state);
-
- const std::string tls13_variant =
- base::GetFieldTrialParamValue(kTLS13VariantExperimentName, "variant");
- const char* tls13_value = nullptr;
- const char* version_value = nullptr;
- if (tls13_variant == "disabled") {
- tls13_value = switches::kTLS13VariantDisabled;
- } else if (tls13_variant == "draft23") {
- tls13_value = switches::kTLS13VariantDraft23;
- version_value = switches::kSSLVersionTLSv13;
- }
-
- if (tls13_value) {
- local_state->SetDefaultPrefValue(ssl_config::prefs::kTLS13Variant,
- base::Value(tls13_value));
- }
- if (version_value) {
- local_state->SetDefaultPrefValue(ssl_config::prefs::kSSLVersionMax,
- base::Value(version_value));
- }
-
- PrefChangeRegistrar::NamedChangeCallback local_state_callback =
- base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
- base::Unretained(this), local_state);
-
- rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled,
- local_state, local_state_callback);
- rev_checking_required_local_anchors_.Init(
- ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
- local_state, local_state_callback);
- sha1_local_anchors_enabled_.Init(
- ssl_config::prefs::kCertEnableSha1LocalAnchors, local_state,
- local_state_callback);
- symantec_legacy_infrastructure_enabled_.Init(
- ssl_config::prefs::kCertEnableSymantecLegacyInfrastructure, local_state,
- local_state_callback);
- ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state,
- local_state_callback);
- ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state,
- local_state_callback);
- tls13_variant_.Init(ssl_config::prefs::kTLS13Variant, local_state,
- local_state_callback);
-
- local_state_change_registrar_.Init(local_state);
- local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist,
- local_state_callback);
-
- OnDisabledCipherSuitesChange(local_state);
-
- // Initialize from UI thread. This is okay as there shouldn't be anything on
- // the IO thread trying to access it yet.
- GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
-}
-
-// static
-void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
- net::SSLConfig default_config;
- registry->RegisterBooleanPref(
- ssl_config::prefs::kCertRevocationCheckingEnabled,
- default_config.rev_checking_enabled);
- registry->RegisterBooleanPref(
- ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
- default_config.rev_checking_required_local_anchors);
- registry->RegisterBooleanPref(ssl_config::prefs::kCertEnableSha1LocalAnchors,
- false);
- registry->RegisterBooleanPref(
- ssl_config::prefs::kCertEnableSymantecLegacyInfrastructure,
- default_config.symantec_enforcement_disabled);
- registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin,
- std::string());
- registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax,
- std::string());
- registry->RegisterStringPref(ssl_config::prefs::kTLS13Variant, std::string());
- registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist);
-}
-
-net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
- return ssl_config_service_.get();
-}
-
-void SSLConfigServiceManagerPref::OnPreferenceChanged(
- PrefService* prefs,
- const std::string& pref_name_in) {
- DCHECK(prefs);
- if (pref_name_in == ssl_config::prefs::kCipherSuiteBlacklist)
- OnDisabledCipherSuitesChange(prefs);
-
- net::SSLConfig new_config;
- GetSSLConfigFromPrefs(&new_config);
-
- // Post a task to |io_loop| with the new configuration, so it can
- // update |cached_config_|.
- io_task_runner_->PostTask(FROM_HERE,
- base::Bind(&SSLConfigServicePref::SetNewSSLConfig,
- ssl_config_service_, new_config));
-}
-
-void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
- net::SSLConfig* config) {
- // rev_checking_enabled was formerly a user-settable preference, but now
- // it is managed-only.
- if (rev_checking_enabled_.IsManaged())
- config->rev_checking_enabled = rev_checking_enabled_.GetValue();
- else
- config->rev_checking_enabled = false;
- config->rev_checking_required_local_anchors =
- rev_checking_required_local_anchors_.GetValue();
- config->sha1_local_anchors_enabled = sha1_local_anchors_enabled_.GetValue();
- config->symantec_enforcement_disabled =
- symantec_legacy_infrastructure_enabled_.GetValue();
- std::string version_min_str = ssl_version_min_.GetValue();
- std::string version_max_str = ssl_version_max_.GetValue();
- std::string tls13_variant_str = tls13_variant_.GetValue();
- config->version_min = net::kDefaultSSLVersionMin;
- config->version_max = net::kDefaultSSLVersionMax;
- uint16_t version_min = SSLProtocolVersionFromString(version_min_str);
- uint16_t version_max = SSLProtocolVersionFromString(version_max_str);
- if (version_min) {
- config->version_min = version_min;
- }
- if (version_max && version_max >= net::SSL_PROTOCOL_VERSION_TLS1_2) {
- config->version_max = version_max;
- }
-
- if (tls13_variant_str == switches::kTLS13VariantDisabled) {
- if (config->version_max > net::SSL_PROTOCOL_VERSION_TLS1_2)
- config->version_max = net::SSL_PROTOCOL_VERSION_TLS1_2;
- } else if (tls13_variant_str == switches::kTLS13VariantDraft23) {
- config->tls13_variant = net::kTLS13VariantDraft23;
- }
-
- config->disabled_cipher_suites = disabled_cipher_suites_;
-}
-
-void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
- PrefService* local_state) {
- const base::ListValue* value =
- local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist);
- disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
-}
-
-////////////////////////////////////////////////////////////////////////////////
-// SSLConfigServiceManager
-
-namespace ssl_config {
-// static
-SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
- PrefService* local_state,
- const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) {
- return new SSLConfigServiceManagerPref(local_state, io_task_runner);
-}
-
-// static
-void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
- SSLConfigServiceManagerPref::RegisterPrefs(registry);
-}
-} // namespace ssl_config
diff --git a/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc b/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
deleted file mode 100644
index fb1a4ad6d31..00000000000
--- a/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
+++ /dev/null
@@ -1,474 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <memory>
-#include <utility>
-
-#include "base/command_line.h"
-#include "base/memory/ref_counted.h"
-#include "base/message_loop/message_loop.h"
-#include "base/run_loop.h"
-#include "base/threading/thread_task_runner_handle.h"
-#include "base/values.h"
-#include "components/prefs/testing_pref_service.h"
-#include "components/ssl_config/ssl_config_prefs.h"
-#include "components/ssl_config/ssl_config_service_manager.h"
-#include "components/ssl_config/ssl_config_switches.h"
-#include "components/variations/variations_params_manager.h"
-#include "net/ssl/ssl_config.h"
-#include "net/ssl/ssl_config_service.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-using base::ListValue;
-using net::SSLConfig;
-using net::SSLConfigService;
-using ssl_config::SSLConfigServiceManager;
-
-class SSLConfigServiceManagerPrefTest : public testing::Test {
- public:
- SSLConfigServiceManagerPrefTest() {}
-
- protected:
- base::MessageLoop message_loop_;
-};
-
-// Test channel id with no user prefs.
-TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig config;
- config_service->GetSSLConfig(&config);
- EXPECT_TRUE(config.channel_id_enabled);
-}
-
-// Test that cipher suites can be disabled. "Good" refers to the fact that
-// every value is expected to be successfully parsed into a cipher suite.
-TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig old_config;
- config_service->GetSSLConfig(&old_config);
- EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
-
- auto list_value = std::make_unique<base::ListValue>();
- list_value->AppendString("0x0004");
- list_value->AppendString("0x0005");
- local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist,
- std::move(list_value));
-
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- base::RunLoop().RunUntilIdle();
-
- SSLConfig config;
- config_service->GetSSLConfig(&config);
-
- EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
- ASSERT_EQ(2u, config.disabled_cipher_suites.size());
- EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
- EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
-}
-
-// Test that cipher suites can be disabled. "Bad" refers to the fact that
-// there are one or more non-cipher suite strings in the preference. They
-// should be ignored.
-TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig old_config;
- config_service->GetSSLConfig(&old_config);
- EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
-
- auto list_value = std::make_unique<base::ListValue>();
- list_value->AppendString("0x0004");
- list_value->AppendString("TLS_NOT_WITH_A_CIPHER_SUITE");
- list_value->AppendString("0x0005");
- list_value->AppendString("0xBEEFY");
- local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist,
- std::move(list_value));
-
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- base::RunLoop().RunUntilIdle();
-
- SSLConfig config;
- config_service->GetSSLConfig(&config);
-
- EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
- ASSERT_EQ(2u, config.disabled_cipher_suites.size());
- EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
- EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
-}
-
-// Test that without command-line settings for minimum and maximum SSL versions,
-// TLS versions from 1.0 up to 1.1 or 1.2 are enabled.
-TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- // In the absence of command-line options, the default TLS version range is
- // enabled.
- EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min);
- EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max);
- EXPECT_EQ(net::kDefaultTLS13Variant, ssl_config.tls13_variant);
-
- // The settings should not be added to the local_state.
- EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMin));
- EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMax));
- EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kTLS13Variant));
-
- // Explicitly double-check the settings are not in the preference store.
- std::string version_min_str;
- std::string version_max_str;
- std::string tls13_variant_str;
- EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMin,
- &version_min_str));
- EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMax,
- &version_max_str));
- EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kTLS13Variant,
- &tls13_variant_str));
-}
-
-// Tests that "ssl3" is not treated as a valid minimum version.
-TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin,
- std::make_unique<base::Value>("ssl3"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- // The command-line option must not have been honored.
- EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
-}
-
-// Tests that SSLVersionMin correctly sets the minimum version.
-TEST_F(SSLConfigServiceManagerPrefTest, SSLVersionMin) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin,
- std::make_unique<base::Value>("tls1.1"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min);
-}
-
-// Tests that SSL max version correctly sets the maximum version.
-TEST_F(SSLConfigServiceManagerPrefTest, SSLVersionMax) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kSSLVersionMax,
- std::make_unique<base::Value>("tls1.3"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_3, ssl_config.version_max);
-}
-
-// Tests that SSL max version can not be set below TLS 1.2.
-TEST_F(SSLConfigServiceManagerPrefTest, NoTLS11Max) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kSSLVersionMax,
- std::make_unique<base::Value>("tls1.1"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- // The command-line option must not have been honored.
- EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_max);
-}
-
-// Tests that TLS 1.3 can be disabled via field trials.
-TEST_F(SSLConfigServiceManagerPrefTest, TLS13VariantFeatureDisabled) {
- // Toggle the field trial.
- variations::testing::VariationParamsManager variation_params(
- "TLS13Variant", {{"variant", "disabled"}});
-
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_max);
-}
-
-// Tests that Draft23 TLS 1.3 can be enabled via field trials.
-TEST_F(SSLConfigServiceManagerPrefTest, TLS13VariantFeatureDraft23) {
- // Toggle the field trial.
- variations::testing::VariationParamsManager variation_params(
- "TLS13Variant", {{"variant", "draft23"}});
-
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_3, ssl_config.version_max);
- EXPECT_EQ(net::kTLS13VariantDraft23, ssl_config.tls13_variant);
-}
-
-// Tests that the SSLVersionMax preference overwites the TLS 1.3 variant
-// field trial.
-TEST_F(SSLConfigServiceManagerPrefTest, TLS13SSLVersionMax) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- // Toggle the field trial.
- variations::testing::VariationParamsManager variation_params(
- "TLS13Variant", {{"variant", "draft23"}});
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kSSLVersionMax,
- std::make_unique<base::Value>("tls1.2"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_max);
-}
-
-// Tests that disabling TLS 1.3 by preference overwrites the TLS 1.3 field
-// trial.
-TEST_F(SSLConfigServiceManagerPrefTest, TLS13VariantOverrideDisable) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- // Toggle the field trial.
- variations::testing::VariationParamsManager variation_params(
- "TLS13Variant", {{"variant", "draft23"}});
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kTLS13Variant,
- std::make_unique<base::Value>("disabled"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_max);
-}
-
-// Tests that enabling TLS 1.3 by preference overwrites the TLS 1.3 field trial.
-TEST_F(SSLConfigServiceManagerPrefTest, TLS13VariantOverrideEnable) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- // Toggle the field trial.
- variations::testing::VariationParamsManager variation_params(
- "TLS13Variant", {{"variant", "disabled"}});
-
- TestingPrefServiceSimple local_state;
- local_state.SetUserPref(ssl_config::prefs::kSSLVersionMax,
- std::make_unique<base::Value>("tls1.3"));
- local_state.SetUserPref(ssl_config::prefs::kTLS13Variant,
- std::make_unique<base::Value>("draft23"));
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager.get());
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service.get());
-
- SSLConfig ssl_config;
- config_service->GetSSLConfig(&ssl_config);
- EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_3, ssl_config.version_max);
- EXPECT_EQ(net::kTLS13VariantDraft23, ssl_config.tls13_variant);
-}
-
-// Tests that SHA-1 signatures for local trust anchors can be enabled.
-TEST_F(SSLConfigServiceManagerPrefTest, SHA1ForLocalAnchors) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager);
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service);
-
- // By default, SHA-1 local trust anchors should not be enabled when not
- // not using any pref service.
- SSLConfig config1;
- EXPECT_FALSE(config1.sha1_local_anchors_enabled);
-
- // Using a pref service without any preference set should result in
- // SHA-1 local trust anchors being disabled.
- SSLConfig config2;
- config_service->GetSSLConfig(&config2);
- EXPECT_FALSE(config2.sha1_local_anchors_enabled);
-
- // Enabling the local preference should result in SHA-1 local trust anchors
- // being enabled.
- local_state.SetUserPref(ssl_config::prefs::kCertEnableSha1LocalAnchors,
- std::make_unique<base::Value>(true));
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- base::RunLoop().RunUntilIdle();
-
- SSLConfig config3;
- config_service->GetSSLConfig(&config3);
- EXPECT_TRUE(config3.sha1_local_anchors_enabled);
-
- // Disabling the local preference should result in SHA-1 local trust
- // anchors being disabled.
- local_state.SetUserPref(ssl_config::prefs::kCertEnableSha1LocalAnchors,
- std::make_unique<base::Value>(false));
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- base::RunLoop().RunUntilIdle();
-
- SSLConfig config4;
- config_service->GetSSLConfig(&config4);
- EXPECT_FALSE(config4.sha1_local_anchors_enabled);
-}
-
-// Tests that Symantec's legacy infrastructure can be enabled.
-TEST_F(SSLConfigServiceManagerPrefTest, SymantecLegacyInfrastructure) {
- scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
-
- TestingPrefServiceSimple local_state;
- SSLConfigServiceManager::RegisterPrefs(local_state.registry());
-
- std::unique_ptr<SSLConfigServiceManager> config_manager(
- SSLConfigServiceManager::CreateDefaultManager(
- &local_state, base::ThreadTaskRunnerHandle::Get()));
- ASSERT_TRUE(config_manager);
- scoped_refptr<SSLConfigService> config_service(config_manager->Get());
- ASSERT_TRUE(config_service);
-
- // By default, Symantec's legacy infrastructure should be disabled when
- // not using any pref service.
- SSLConfig config1;
- EXPECT_FALSE(config1.symantec_enforcement_disabled);
-
- // Using a pref service without any preference set should result in
- // Symantec's legacy infrastructure being disabled.
- SSLConfig config2;
- config_service->GetSSLConfig(&config2);
- EXPECT_FALSE(config2.symantec_enforcement_disabled);
-
- // Enabling the local preference should result in Symantec's legacy
- // infrastructure being enabled.
- local_state.SetUserPref(
- ssl_config::prefs::kCertEnableSymantecLegacyInfrastructure,
- std::make_unique<base::Value>(true));
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- base::RunLoop().RunUntilIdle();
-
- SSLConfig config3;
- config_service->GetSSLConfig(&config3);
- EXPECT_TRUE(config3.symantec_enforcement_disabled);
-
- // Disabling the local preference should result in Symantec's legacy
- // infrastructure being disabled.
- local_state.SetUserPref(
- ssl_config::prefs::kCertEnableSymantecLegacyInfrastructure,
- std::make_unique<base::Value>(false));
- // Pump the message loop to notify the SSLConfigServiceManagerPref that the
- // preferences changed.
- base::RunLoop().RunUntilIdle();
-
- SSLConfig config4;
- config_service->GetSSLConfig(&config4);
- EXPECT_FALSE(config4.symantec_enforcement_disabled);
-}
diff --git a/chromium/components/ssl_config/ssl_config_switches.cc b/chromium/components/ssl_config/ssl_config_switches.cc
deleted file mode 100644
index e1b350bf1f9..00000000000
--- a/chromium/components/ssl_config/ssl_config_switches.cc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/ssl_config/ssl_config_switches.h"
-
-namespace switches {
-
-// Specifies the maximum SSL/TLS version ("tls1", "tls1.1", "tls1.2", or
-// "tls1.3").
-const char kSSLVersionMax[] = "ssl-version-max";
-
-// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", "tls1.2", or
-// "tls1.3").
-const char kSSLVersionMin[] = "ssl-version-min";
-
-// Specifies the enabled TLS 1.3 variant ("disabled", "draft", "experiment").
-const char kTLS13Variant[] = "tls13-variant";
-
-// These values aren't switches, but rather the values that kSSLVersionMax and
-// kSSLVersionMin can have.
-const char kSSLVersionTLSv1[] = "tls1";
-const char kSSLVersionTLSv11[] = "tls1.1";
-const char kSSLVersionTLSv12[] = "tls1.2";
-const char kSSLVersionTLSv13[] = "tls1.3";
-
-const char kTLS13VariantDisabled[] = "disabled";
-const char kTLS13VariantDraft23[] = "draft23";
-
-} // namespace switches
diff --git a/chromium/components/ssl_config/ssl_config_switches.h b/chromium/components/ssl_config/ssl_config_switches.h
deleted file mode 100644
index 9916b6fdeaf..00000000000
--- a/chromium/components/ssl_config/ssl_config_switches.h
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_SSL_CONFIG_SSL_CONFIG_SWITCHES_H_
-#define COMPONENTS_SSL_CONFIG_SSL_CONFIG_SWITCHES_H_
-
-namespace switches {
-
-extern const char kSSLVersionMax[];
-extern const char kSSLVersionMin[];
-extern const char kTLS13Variant[];
-extern const char kSSLVersionTLSv1[];
-extern const char kSSLVersionTLSv11[];
-extern const char kSSLVersionTLSv12[];
-extern const char kSSLVersionTLSv13[];
-extern const char kTLS13VariantDisabled[];
-extern const char kTLS13VariantDraft23[];
-
-} // namespace switches
-
-#endif // COMPONENTS_SSL_CONFIG_SSL_CONFIG_SWITCHES_H_
View Lorry Controller Status