Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_
      6 #define NET_SSL_SSL_CONFIG_SERVICE_H_
      7 
      8 #include <vector>
      9 
     10 #include "base/memory/ref_counted.h"
     11 #include "base/observer_list.h"
     12 #include "net/base/net_export.h"
     13 #include "net/cert/crl_set.h"
     14 #include "net/ssl/ssl_config.h"
     15 
     16 namespace net {
     17 
     18 // The interface for retrieving the SSL configuration.  This interface
     19 // does not cover setting the SSL configuration, as on some systems, the
     20 // SSLConfigService objects may not have direct access to the configuration, or
     21 // live longer than the configuration preferences.
     22 class NET_EXPORT SSLConfigService
     23     : public base::RefCountedThreadSafe<SSLConfigService> {
     24  public:
     25   // Observer is notified when SSL config settings have changed.
     26   class NET_EXPORT Observer {
     27    public:
     28     // Notify observers if SSL settings have changed.  We don't check all of the
     29     // data in SSLConfig, just those that qualify as a user config change.
     30     // The following settings are considered user changes:
     31     //     rev_checking_enabled
     32     //     version_min
     33     //     version_max
     34     //     disabled_cipher_suites
     35     //     channel_id_enabled
     36     //     false_start_enabled
     37     //     require_forward_secrecy
     38     virtual void OnSSLConfigChanged() = 0;
     39 
     40    protected:
     41     virtual ~Observer() {}
     42   };
     43 
     44   SSLConfigService();
     45 
     46   // May not be thread-safe, should only be called on the IO thread.
     47   virtual void GetSSLConfig(SSLConfig* config) = 0;
     48 
     49   // Sets and gets the current, global CRL set.
     50   static void SetCRLSet(scoped_refptr<CRLSet> crl_set);
     51   static scoped_refptr<CRLSet> GetCRLSet();
     52 
     53   // Is SNI available in this configuration?
     54   static bool IsSNIAvailable(SSLConfigService* service);
     55 
     56   // Add an observer of this service.
     57   void AddObserver(Observer* observer);
     58 
     59   // Remove an observer of this service.
     60   void RemoveObserver(Observer* observer);
     61 
     62   // Calls the OnSSLConfigChanged method of registered observers. Should only be
     63   // called on the IO thread.
     64   void NotifySSLConfigChange();
     65 
     66  protected:
     67   friend class base::RefCountedThreadSafe<SSLConfigService>;
     68 
     69   virtual ~SSLConfigService();
     70 
     71   // Process before/after config update.
     72   void ProcessConfigUpdate(const SSLConfig& orig_config,
     73                            const SSLConfig& new_config);
     74 
     75  private:
     76   ObserverList<Observer> observer_list_;
     77 };
     78 
     79 }  // namespace net
     80 
     81 #endif  // NET_SSL_SSL_CONFIG_SERVICE_H_
     82