net/ssl/ssl_config_service.cc - chromium/src - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/ssl/ssl_config_service.h"

 #include <tuple>

 #include "base/lazy_instance.h"
 #include "base/synchronization/lock.h"
 #include "net/ssl/ssl_config_service_defaults.h"

 namespace net {

 SSLConfigService::SSLConfigService()
     : observer_list_(base::ObserverListPolicy::EXISTING_ONLY) {}

 // GlobalSSLObject holds a reference to a global SSL object, such as the
 // CRLSet. It simply wraps a lock  around a scoped_refptr so that getting a
 // reference doesn't race with updating the global object.
 template <class T>
 class GlobalSSLObject {
  public:
   scoped_refptr<T> Get() const {
     base::AutoLock locked(lock_);
     return ssl_object_;
   }

   bool CompareAndSet(const scoped_refptr<T>& new_ssl_object,
                      const scoped_refptr<T>& old_ssl_object) {
     base::AutoLock locked(lock_);
     if (ssl_object_ != old_ssl_object)
       return false;
     ssl_object_ = new_ssl_object;
     return true;
   }

  private:
   scoped_refptr<T> ssl_object_;
   mutable base::Lock lock_;
 };

 typedef GlobalSSLObject<CRLSet> GlobalCRLSet;

 base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER;

 // static
 void SSLConfigService::SetCRLSetIfNewer(scoped_refptr<CRLSet> crl_set) {
   SetCRLSet(std::move(crl_set), /*if_newer=*/true);
 }

 // static
 void SSLConfigService::SetCRLSetForTesting(scoped_refptr<CRLSet> crl_set) {
   SetCRLSet(std::move(crl_set), /*if_newer=*/false);
 }

 // static
 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() {
   return g_crl_set.Get().Get();
 }

 void SSLConfigService::AddObserver(Observer* observer) {
   observer_list_.AddObserver(observer);
 }

 void SSLConfigService::RemoveObserver(Observer* observer) {
   observer_list_.RemoveObserver(observer);
 }

 void SSLConfigService::NotifySSLConfigChange() {
   for (auto& observer : observer_list_)
     observer.OnSSLConfigChanged();
 }

 SSLConfigService::~SSLConfigService() = default;

 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& old_config,
                                            const SSLConfig& new_config) {
   bool config_changed =
       std::tie(old_config.rev_checking_enabled,
                old_config.rev_checking_required_local_anchors,
                old_config.sha1_local_anchors_enabled,
                old_config.common_name_fallback_local_anchors_enabled,
                old_config.version_min, old_config.version_max,
                old_config.tls13_variant, old_config.disabled_cipher_suites,
                old_config.channel_id_enabled, old_config.false_start_enabled,
                old_config.require_ecdhe) !=
       std::tie(new_config.rev_checking_enabled,
                new_config.rev_checking_required_local_anchors,
                new_config.sha1_local_anchors_enabled,
                new_config.common_name_fallback_local_anchors_enabled,
                new_config.version_min, new_config.version_max,
                new_config.tls13_variant, new_config.disabled_cipher_suites,
                new_config.channel_id_enabled, new_config.false_start_enabled,
                new_config.require_ecdhe);

   if (config_changed)
     NotifySSLConfigChange();
 }

 // static
 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set, bool if_newer) {
   // Note: this can be called concurently with GetCRLSet().
   while (true) {
     scoped_refptr<CRLSet> old_crl_set(GetCRLSet());
     if (if_newer && old_crl_set && crl_set &&
         old_crl_set->sequence() >= crl_set->sequence()) {
       LOG(WARNING) << "Refusing to downgrade CRL set from #"
                    << old_crl_set->sequence() << " to #" << crl_set->sequence();
       break;
     }
     if (g_crl_set.Get().CompareAndSet(crl_set, old_crl_set))
       break;
   }
 }

 }  // namespace net
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/ssl/ssl_config_service.h"

	#include <tuple>

	#include "base/lazy_instance.h"
	#include "base/synchronization/lock.h"
	#include "net/ssl/ssl_config_service_defaults.h"

	namespace net {

	SSLConfigService::SSLConfigService()
	: observer_list_(base::ObserverListPolicy::EXISTING_ONLY) {}

	// GlobalSSLObject holds a reference to a global SSL object, such as the
	// CRLSet. It simply wraps a lock around a scoped_refptr so that getting a
	// reference doesn't race with updating the global object.
	template <class T>
	class GlobalSSLObject {
	public:
	scoped_refptr<T> Get() const {
	base::AutoLock locked(lock_);
	return ssl_object_;
	}

	bool CompareAndSet(const scoped_refptr<T>& new_ssl_object,
	const scoped_refptr<T>& old_ssl_object) {
	base::AutoLock locked(lock_);
	if (ssl_object_ != old_ssl_object)
	return false;
	ssl_object_ = new_ssl_object;
	return true;
	}

	private:
	scoped_refptr<T> ssl_object_;
	mutable base::Lock lock_;
	};

	typedef GlobalSSLObject<CRLSet> GlobalCRLSet;

	base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER;

	// static
	void SSLConfigService::SetCRLSetIfNewer(scoped_refptr<CRLSet> crl_set) {
	SetCRLSet(std::move(crl_set), /if_newer=/true);
	}

	// static
	void SSLConfigService::SetCRLSetForTesting(scoped_refptr<CRLSet> crl_set) {
	SetCRLSet(std::move(crl_set), /if_newer=/false);
	}

	// static
	scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() {
	return g_crl_set.Get().Get();
	}

	void SSLConfigService::AddObserver(Observer* observer) {
	observer_list_.AddObserver(observer);
	}

	void SSLConfigService::RemoveObserver(Observer* observer) {
	observer_list_.RemoveObserver(observer);
	}

	void SSLConfigService::NotifySSLConfigChange() {
	for (auto& observer : observer_list_)
	observer.OnSSLConfigChanged();
	}

	SSLConfigService::~SSLConfigService() = default;

	void SSLConfigService::ProcessConfigUpdate(const SSLConfig& old_config,
	const SSLConfig& new_config) {
	bool config_changed =
	std::tie(old_config.rev_checking_enabled,
	old_config.rev_checking_required_local_anchors,
	old_config.sha1_local_anchors_enabled,
	old_config.common_name_fallback_local_anchors_enabled,
	old_config.version_min, old_config.version_max,
	old_config.tls13_variant, old_config.disabled_cipher_suites,
	old_config.channel_id_enabled, old_config.false_start_enabled,
	old_config.require_ecdhe) !=
	std::tie(new_config.rev_checking_enabled,
	new_config.rev_checking_required_local_anchors,
	new_config.sha1_local_anchors_enabled,
	new_config.common_name_fallback_local_anchors_enabled,
	new_config.version_min, new_config.version_max,
	new_config.tls13_variant, new_config.disabled_cipher_suites,
	new_config.channel_id_enabled, new_config.false_start_enabled,
	new_config.require_ecdhe);

	if (config_changed)
	NotifySSLConfigChange();
	}

	// static
	void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set, bool if_newer) {
	// Note: this can be called concurently with GetCRLSet().
	while (true) {
	scoped_refptr<CRLSet> old_crl_set(GetCRLSet());
	if (if_newer && old_crl_set && crl_set &&
	old_crl_set->sequence() >= crl_set->sequence()) {
	LOG(WARNING) << "Refusing to downgrade CRL set from #"
	<< old_crl_set->sequence() << " to #" << crl_set->sequence();
	break;
	}
	if (g_crl_set.Get().CompareAndSet(crl_set, old_crl_set))
	break;
	}
	}

	} // namespace net