net/base/ssl_config_service.h - chromium/src.git - Git at Google

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
 #define NET_BASE_SSL_CONFIG_SERVICE_H_
 #pragma once

 #include <vector>

 #include "base/observer_list.h"
 #include "base/ref_counted.h"
 #include "net/base/ssl_non_sensitive_host_info.h"
 #include "net/base/x509_certificate.h"

 namespace net {

 // A collection of SSL-related configuration settings.
 struct SSLConfig {
   // Default to revocation checking.
   // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
   SSLConfig();
   ~SSLConfig();

   bool rev_checking_enabled;  // True if server certificate revocation
                               // checking is enabled.
   bool ssl2_enabled;  // True if SSL 2.0 is enabled.
   bool ssl3_enabled;  // True if SSL 3.0 is enabled.
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
   bool dnssec_enabled;  // True if we'll accept DNSSEC chains in certificates.
   bool snap_start_enabled;  // True if we'll try Snap Start handshakes.

   // True if we allow this connection to be MITM attacked. This sounds a little
   // worse than it is: large networks sometimes MITM attack all SSL connections
   // on egress. We want to know this because we might not have the end-to-end
   // connection that we believe that we have based on the hostname. Therefore,
   // certain certificate checks can't be performed and we can't use outside
   // knowledge about whether the server has the renegotiation extension.
   bool mitm_proxies_allowed;

   bool false_start_enabled;  // True if we'll use TLS False Start.

   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.

   struct CertAndStatus {
     CertAndStatus();
     ~CertAndStatus();

     scoped_refptr<X509Certificate> cert;
     int cert_status;
   };

   // Returns true if |cert| is one of the certs in |allowed_bad_certs|.
   bool IsAllowedBadCert(X509Certificate* cert) const;

   // Add any known-bad SSL certificate (with its cert status) to
   // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when
   // calling SSLClientSocket::Connect.  This would normally be done in
   // response to the user explicitly accepting the bad certificate.
   std::vector<CertAndStatus> allowed_bad_certs;

   // True if we should send client_cert to the server.
   bool send_client_cert;

   bool verify_ev_cert;  // True if we should verify the certificate for EV.

   bool ssl3_fallback;  // True if we are falling back to SSL 3.0 (one still
                        // needs to clear tls1_enabled).

   // The list of application level protocols supported. If set, this will
   // enable Next Protocol Negotiation (if supported). This is a list of 8-bit
   // length prefixed strings. The order of the protocols doesn't matter expect
   // for one case: if the server supports Next Protocol Negotiation, but there
   // is no overlap between the server's and client's protocol sets, then the
   // first protocol in this list will be requested by the client.
   std::string next_protos;

   scoped_refptr<X509Certificate> client_cert;

   // ssl_host_info contains an optional context that is needed for Snap Start.
   // If provided, the SSL socket will assume that the application protocol is
   // client-speaks-first. Also needs SSLConfigService::EnableSnapStart to
   // have been called.
   scoped_refptr<SSLNonSensitiveHostInfo> ssl_host_info;
 };

 // The interface for retrieving the SSL configuration.  This interface
 // does not cover setting the SSL configuration, as on some systems, the
 // SSLConfigService objects may not have direct access to the configuration, or
 // live longer than the configuration preferences.
 class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
  public:
   // Observer is notified when SSL config settings have changed.
   class Observer {
    public:
     // Notify observers if SSL settings have changed.  We don't check all of the
     // data in SSLConfig, just those that qualify as a user config change.
     // The following settings are considered user changes:
     //     rev_checking_enabled
     //     ssl2_enabled
     //     ssl3_enabled
     //     tls1_enabled
     virtual void OnSSLConfigChanged() = 0;

    protected:
     virtual ~Observer() {}
   };

   SSLConfigService();

   // Create an instance of SSLConfigService which retrieves the configuration
   // from the system SSL configuration, or an instance of
   // SSLConfigServiceDefaults if the current system does not have a system SSL
   // configuration.  Note: this does not handle SSLConfigService implementations
   // that are not native to their platform, such as preference-backed ones.
   static SSLConfigService* CreateSystemSSLConfigService();

   // May not be thread-safe, should only be called on the IO thread.
   virtual void GetSSLConfig(SSLConfig* config) = 0;

   // Returns true if the given hostname is known to be 'strict'. This means
   // that we will require the renegotiation extension and will always use TLS
   // (no SSLv3 fallback).
   //
   // If you wish to add an element to this list, file a bug at
   // http://crbug.com and email the link to agl AT chromium DOT org.
   static bool IsKnownStrictTLSServer(const std::string& hostname);

   // Returns true if the given hostname is known to be incompatible with TLS
   // False Start.
   static bool IsKnownFalseStartIncompatibleServer(const std::string& hostname);

   // Enables the acceptance of self-signed certificates which contain an
   // embedded DNSSEC chain proving their validity.
   static void EnableDNSSEC();
   static bool dnssec_enabled();

   // Enables Snap Start, an experiemental SSL/TLS extension for zero round
   // trip handshakes.
   static void EnableSnapStart();
   static bool snap_start_enabled();

   // Sets a global flag which allows SSL connections to be MITM attacked. See
   // the comment about this flag in |SSLConfig|.
   static void AllowMITMProxies();
   static bool mitm_proxies_allowed();

   // Disables False Start in SSL connections.
   static void DisableFalseStart();
   // True if we use False Start for SSL and TLS.
   static bool false_start_enabled();

   // Add an observer of this service.
   void AddObserver(Observer* observer);

   // Remove an observer of this service.
   void RemoveObserver(Observer* observer);

  protected:
   friend class base::RefCountedThreadSafe<SSLConfigService>;

   virtual ~SSLConfigService();

   // SetFlags sets the values of several flags based on global configuration.
   static void SetSSLConfigFlags(SSLConfig*);

   // Process before/after config update.
   void ProcessConfigUpdate(const SSLConfig& orig_config,
                            const SSLConfig& new_config);

  private:
   ObserverList<Observer> observer_list_;
 };

 }  // namespace net

 #endif  // NET_BASE_SSL_CONFIG_SERVICE_H_
	// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
	#define NET_BASE_SSL_CONFIG_SERVICE_H_
	#pragma once

	#include <vector>

	#include "base/observer_list.h"
	#include "base/ref_counted.h"
	#include "net/base/ssl_non_sensitive_host_info.h"
	#include "net/base/x509_certificate.h"

	namespace net {

	// A collection of SSL-related configuration settings.
	struct SSLConfig {
	// Default to revocation checking.
	// Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
	SSLConfig();
	~SSLConfig();

	bool rev_checking_enabled; // True if server certificate revocation
	// checking is enabled.
	bool ssl2_enabled; // True if SSL 2.0 is enabled.
	bool ssl3_enabled; // True if SSL 3.0 is enabled.
	bool tls1_enabled; // True if TLS 1.0 is enabled.
	bool dnssec_enabled; // True if we'll accept DNSSEC chains in certificates.
	bool snap_start_enabled; // True if we'll try Snap Start handshakes.

	// True if we allow this connection to be MITM attacked. This sounds a little
	// worse than it is: large networks sometimes MITM attack all SSL connections
	// on egress. We want to know this because we might not have the end-to-end
	// connection that we believe that we have based on the hostname. Therefore,
	// certain certificate checks can't be performed and we can't use outside
	// knowledge about whether the server has the renegotiation extension.
	bool mitm_proxies_allowed;

	bool false_start_enabled; // True if we'll use TLS False Start.

	// TODO(wtc): move the following members to a new SSLParams structure. They
	// are not SSL configuration settings.

	struct CertAndStatus {
	CertAndStatus();
	~CertAndStatus();

	scoped_refptr<X509Certificate> cert;
	int cert_status;
	};

	// Returns true if \|cert\| is one of the certs in \|allowed_bad_certs\|.
	bool IsAllowedBadCert(X509Certificate* cert) const;

	// Add any known-bad SSL certificate (with its cert status) to
	// \|allowed_bad_certs\| that should not trigger an ERR_CERT_* error when
	// calling SSLClientSocket::Connect. This would normally be done in
	// response to the user explicitly accepting the bad certificate.
	std::vector<CertAndStatus> allowed_bad_certs;

	// True if we should send client_cert to the server.
	bool send_client_cert;

	bool verify_ev_cert; // True if we should verify the certificate for EV.

	bool ssl3_fallback; // True if we are falling back to SSL 3.0 (one still
	// needs to clear tls1_enabled).

	// The list of application level protocols supported. If set, this will
	// enable Next Protocol Negotiation (if supported). This is a list of 8-bit
	// length prefixed strings. The order of the protocols doesn't matter expect
	// for one case: if the server supports Next Protocol Negotiation, but there
	// is no overlap between the server's and client's protocol sets, then the
	// first protocol in this list will be requested by the client.
	std::string next_protos;

	scoped_refptr<X509Certificate> client_cert;

	// ssl_host_info contains an optional context that is needed for Snap Start.
	// If provided, the SSL socket will assume that the application protocol is
	// client-speaks-first. Also needs SSLConfigService::EnableSnapStart to
	// have been called.
	scoped_refptr<SSLNonSensitiveHostInfo> ssl_host_info;
	};

	// The interface for retrieving the SSL configuration. This interface
	// does not cover setting the SSL configuration, as on some systems, the
	// SSLConfigService objects may not have direct access to the configuration, or
	// live longer than the configuration preferences.
	class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
	public:
	// Observer is notified when SSL config settings have changed.
	class Observer {
	public:
	// Notify observers if SSL settings have changed. We don't check all of the
	// data in SSLConfig, just those that qualify as a user config change.
	// The following settings are considered user changes:
	// rev_checking_enabled
	// ssl2_enabled
	// ssl3_enabled
	// tls1_enabled
	virtual void OnSSLConfigChanged() = 0;

	protected:
	virtual ~Observer() {}
	};

	SSLConfigService();

	// Create an instance of SSLConfigService which retrieves the configuration
	// from the system SSL configuration, or an instance of
	// SSLConfigServiceDefaults if the current system does not have a system SSL
	// configuration. Note: this does not handle SSLConfigService implementations
	// that are not native to their platform, such as preference-backed ones.
	static SSLConfigService* CreateSystemSSLConfigService();

	// May not be thread-safe, should only be called on the IO thread.
	virtual void GetSSLConfig(SSLConfig* config) = 0;

	// Returns true if the given hostname is known to be 'strict'. This means
	// that we will require the renegotiation extension and will always use TLS
	// (no SSLv3 fallback).
	//
	// If you wish to add an element to this list, file a bug at
	// http://crbug.com and email the link to agl AT chromium DOT org.
	static bool IsKnownStrictTLSServer(const std::string& hostname);

	// Returns true if the given hostname is known to be incompatible with TLS
	// False Start.
	static bool IsKnownFalseStartIncompatibleServer(const std::string& hostname);

	// Enables the acceptance of self-signed certificates which contain an
	// embedded DNSSEC chain proving their validity.
	static void EnableDNSSEC();
	static bool dnssec_enabled();

	// Enables Snap Start, an experiemental SSL/TLS extension for zero round
	// trip handshakes.
	static void EnableSnapStart();
	static bool snap_start_enabled();

	// Sets a global flag which allows SSL connections to be MITM attacked. See
	// the comment about this flag in \|SSLConfig\|.
	static void AllowMITMProxies();
	static bool mitm_proxies_allowed();

	// Disables False Start in SSL connections.
	static void DisableFalseStart();
	// True if we use False Start for SSL and TLS.
	static bool false_start_enabled();

	// Add an observer of this service.
	void AddObserver(Observer* observer);

	// Remove an observer of this service.
	void RemoveObserver(Observer* observer);

	protected:
	friend class base::RefCountedThreadSafe<SSLConfigService>;

	virtual ~SSLConfigService();

	// SetFlags sets the values of several flags based on global configuration.
	static void SetSSLConfigFlags(SSLConfig*);

	// Process before/after config update.
	void ProcessConfigUpdate(const SSLConfig& orig_config,
	const SSLConfig& new_config);

	private:
	ObserverList<Observer> observer_list_;
	};

	} // namespace net

	#endif // NET_BASE_SSL_CONFIG_SERVICE_H_