1 // Copyright 2018 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef SERVICES_NETWORK_SSL_CONFIG_SERVICE_MOJO_H_
6 #define SERVICES_NETWORK_SSL_CONFIG_SERVICE_MOJO_H_
7
8 #include "base/component_export.h"
9 #include "mojo/public/cpp/bindings/pending_receiver.h"
10 #include "mojo/public/cpp/bindings/receiver.h"
11 #include "net/cert/cert_verifier.h"
12 #include "net/ssl/ssl_config_service.h"
13 #include "services/network/crl_set_distributor.h"
14 #include "services/network/legacy_tls_config_distributor.h"
15 #include "services/network/public/mojom/ssl_config.mojom.h"
16 #include "services/network/public/proto/tls_deprecation_config.pb.h"
17
18 namespace network {
19
20 // An SSLConfigClient that serves as a net::SSLConfigService, listening to
21 // SSLConfig changes on a Mojo pipe, and providing access to the updated config.
COMPONENT_EXPORT(NETWORK_SERVICE)22 class COMPONENT_EXPORT(NETWORK_SERVICE) SSLConfigServiceMojo
23 : public mojom::SSLConfigClient,
24 public net::SSLConfigService,
25 public CRLSetDistributor::Observer,
26 public LegacyTLSConfigDistributor::Observer {
27 public:
28 // If |ssl_config_client_receiver| is not provided, just sticks with the
29 // initial configuration.
30 // Note: |crl_set_distributor| must outlive this object.
31 SSLConfigServiceMojo(
32 mojom::SSLConfigPtr initial_config,
33 mojo::PendingReceiver<mojom::SSLConfigClient> ssl_config_client_receiver,
34 CRLSetDistributor* crl_set_distributor,
35 LegacyTLSConfigDistributor* legacy_tls_config_distributor);
36 ~SSLConfigServiceMojo() override;
37
38 // Sets |cert_verifier| to be configured by certificate-related settings
39 // provided by the mojom::SSLConfigClient via OnSSLConfigUpdated. Once set,
40 // |cert_verifier| must outlive the SSLConfigServiceMojo or be cleared by
41 // passing nullptr as |cert_verifier| prior to destruction.
42 void SetCertVerifierForConfiguring(net::CertVerifier* cert_verifier);
43
44 // mojom::SSLConfigClient implementation:
45 void OnSSLConfigUpdated(const mojom::SSLConfigPtr ssl_config) override;
46
47 // net::SSLConfigService implementation:
48 net::SSLContextConfig GetSSLContextConfig() override;
49 bool CanShareConnectionWithClientCerts(
50 const std::string& hostname) const override;
51 bool ShouldSuppressLegacyTLSWarning(
52 const std::string& hostname) const override;
53
54 // CRLSetDistributor::Observer implementation:
55 void OnNewCRLSet(scoped_refptr<net::CRLSet> crl_set) override;
56
57 // LegacyTLSConfigDistributor::Observer implementation:
58 void OnNewLegacyTLSConfig(
59 scoped_refptr<LegacyTLSExperimentConfig> config) override;
60
61 private:
62 mojo::Receiver<mojom::SSLConfigClient> receiver_{this};
63
64 net::SSLContextConfig ssl_context_config_;
65 net::CertVerifier::Config cert_verifier_config_;
66
67 net::CertVerifier* cert_verifier_;
68 CRLSetDistributor* crl_set_distributor_;
69
70 // Provides an optional LegacyTLSExperimentConfig structure that can be used
71 // check if legacy TLS warnings should apply based on the URL.
72 scoped_refptr<LegacyTLSExperimentConfig> legacy_tls_config_;
73 LegacyTLSConfigDistributor* legacy_tls_config_distributor_;
74
75 // The list of domains and subdomains from enterprise policy where connection
76 // coalescing is allowed when client certs are in use if the hosts being
77 // coalesced match this list.
78 std::vector<std::string> client_cert_pooling_policy_;
79
80 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceMojo);
81 };
82
83 } // namespace network
84
85 #endif // SERVICES_NETWORK_SSL_CONFIG_SERVICE_MOJO_H_
86